[Fedora-packaging] RFC mass bug reporting: checksec failures

Orion Poplawski orion at cora.nwra.com
Wed Sep 16 17:08:32 UTC 2015 

On 09/16/2015 10:24 AM, Alexander Todorov wrote:
> Including fedora-devel on this topic.
> 
> На 12.09.2015 в 08:48, Dominik 'Rathann' Mierzejewski написа:
>>>>
>>>> Question is how to deal with these because they appear to be in the
>>>> hundreds ?
>>>
>>> How many, exactly? We have around 20000 SRPMs in the distribution.
>>
> 
> From today's Rawhide snapshot my script counted around 4500 offending
> packages. You can find links to the script and execution log here:
> http://atodorov.org/blog/2015/09/16/4000-bugs-in-fedora-checksec-failures/
> 
> 
> Please let me know which packages need to genuinely be excluded and what
> should we do with these packages ? Some will probably be fixed once they are
> rebuilt but that may take a while.
> 
> Any package maintainers out there - please fix your packages in Rawhide so we
> don't have to file bugs for all of them.

I think we may have an issue with libtool throwing away the
'-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1' option:

/bin/sh ../libtool  --tag=CC   --mode=link gcc -ansi -pedantic -Wall -W
-Wundef -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align
-Wwrite-strings -Wconversion -Waggregate-return -Wstrict-prototypes
-Wmissing-prototypes -Wmissing-declarations -Wredundant-decls -Wnested-externs
-Winline -O -fomit-frame-pointer -finline-functions -O2 -g -pipe -Wall
-Werror=format-s
ecurity -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong
--param=ssp-buffer-size=4 -grecord-gcc-switches
-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic
-version-info 10:1 :0  -Wl,-z,relro
-specs=/usr/lib/rpm/redhat/redhat-hardened-ld -o libhdf5.la -rpath /usr/lib64
H5.lo.... H5Ztrans.lo  -lz -ldl -lm

libtool: link: gcc -shared  -fPIC -DPIC  .libs/H5.o ... .libs/H5Ztrans.o   -lz
-ldl -lm  -O -O2 -g -fstack-protector-strong -grecord-gcc-switches -m64
-mtune=generic -Wl,-z -Wl,relro   -Wl,-soname -Wl,libhdf5.so.10 -o
.libs/libhdf5.so.10.0.1

-- 
Orion Poplawski
Technical Manager                     303-415-9701 x222
NWRA, Boulder/CoRA Office             FAX: 303-415-9702
3380 Mitchell Lane                       orion at nwra.com
Boulder, CO 80301                   http://www.nwra.com

More information about the packaging mailing list