Perl CFLAGS and LDFLAGS change

Petr Pisar ppisar at redhat.com
Wed Jul 15 15:02:42 UTC 2015


On Wed, Jul 08, 2015 at 02:25:11PM +0200, Petr Pisar wrote:
> You could read
> <http://permalink.gmane.org/gmane.linux.redhat.fedora.devel/208954> about poor
> implementation of Fedora 23 hardening feature.
> 
> It turned out that perl is broken too. Fortunately, only /usr/bin/perl is
> broken. Not the libperl.so or any other XS modules. This issue is known as
> <https://bugzilla.redhat.com/show_bug.cgi?id=1238804>.
> 
> Playing with perl's Configure arguments shows different options are used at
> different places and the best configuration looks like this (from perl.spec):
> 
> -/bin/sh Configure -des -Doptimize="$RPM_OPT_FLAGS" \
> -        -Dccdlflags="-Wl,--enable-new-dtags" \
> -        -Dlddlflags="-shared $RPM_OPT_FLAGS $RPM_LD_FLAGS" \
> +# ldflags is not used when linking XS modules.
> +# Only ldflags is used when linking miniperl.
> +# Only ccflags and ldflags are used for Configure's compiler checks.
> +# Set optimize=none to prevent from injecting upstream's value.
> +/bin/sh Configure -des \
> +        -Doptimize="none" \
> +        -Dccflags="$RPM_OPT_FLAGS" \
> +        -Dldflags="$RPM_LD_FLAGS" \
> +        -Dccdlflags="-Wl,--enable-new-dtags $RPM_LD_FLAGS" \
> +        -Dlddlflags="-shared $RPM_LD_FLAGS" \
> 
The change is in repositories and although almost everything works, we started
to get strange failures:

perl-Algorithm-CurveFit (bug #1242769), a pure Perl code, fails a test on
x86_64 only.

perl-smartmatch-engine-core (bug #1242802), an XS code which I retired,
segfaults.

perl-B-Utils seems failing on i686 only
<https://apps.fedoraproject.org/koschei/package/perl-B-Utils/671292> (not
verified if this is caused by the hardened build).

I verified on perl-Algorithm-CurveFit and perl-smartmatch-engine-core that
relinking /usr/bin/perl executable without `-pie' helps. Also running under
valgrind helps. See <https://bugzilla.redhat.com/show_bug.cgi?id=1242769> for
more details.

It looks like a memory corruption somewhere in the perl that manifests when
the memory layout is specific to PIE. Any help is welcomed.

-- Petr
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 213 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/perl-devel/attachments/20150715/45c55c16/attachment.sig>


More information about the perl-devel mailing list