[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#796166: marked as done (qtbase-opensource-src: -reduce-relocations breaks build when all hardening build flags are enabled)

Your message dated Thu, 20 Aug 2015 18:31:09 -0300
with message-id <5131448.Slj8xefpkO@luna>
and subject line Re: Bug#796166: qtbase-opensource-src: -reduce-relocations breaks build when all hardening build flags are enabled
has caused the Debian Bug report #796166,
regarding qtbase-opensource-src: -reduce-relocations breaks build when all hardening build flags are enabled
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
796166: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796166
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: src:qtbase-opensource-src
Version: 5.4.2+dfsg-8
Severity: normal

Hi,

I discovered that freeciv, particularly the freeciv-qt client, fails to build
from source when I enable all hardening build flags including
-fPIE,-pie (position independent executable). This has never been an
issue before and it seems this regression surfaced with the
introduction of GCC-5.

I think Qt's -reduce-relocation option reduces our ability to harden
our binaries. To workaround this bug I had to change from

 export DEB_BUILD_MAINT_OPTIONS = hardening=+all

to

 export DEB_BUILD_MAINT_OPTIONS = hardening=+all,-pie

This appears to be not the best solution and Freeciv is not the only affected package:

https://bugs.debian.org/792592

There are similar bug reports for other distributions:

https://bugs.archlinux.org/task/45283

and there is also a related GCC-5 bug report

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65886

According to the changelog this regression might have been introduced
on 24 July 2015 by Rohan Garg. I'm not sure about the severity but I
would really like to see the old behaviour again.

Regards,

Markus



-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.1.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: unable to detect

--- End Message ---
--- Begin Message --- 
I'm very happy to say that this is not a bug after all.

I have just asked [upstream] and both Kevin and Thiago where clear:

Kevin:
  "-fPIC actually allows the same hardening as -fPIE. PIE is basically the
   subset of PIC required for hardening."

And:

Thiago:
  "-fPIE is -fPIC but with some extra optimisations that assume that the code
   being generated is the first one to ever be loaded into memory. That means
   it knows none of its symbols may be interposed (including ones it
   copy-relocated) and that thread-specific variables may use the initial-exec
   and local-exec TLS models.
   .
   The problem isn't "preventing hardening". The problem is the hardening
   adding -fPIE to code that otherwise was already using -fPIC. Just leave it
   at -fPIC."

[upstream] <http://lists.qt-project.org/pipermail/development/2015-August/022934.html>

Non the less read below:

On Thursday 20 August 2015 22:56:54 Markus Koschany wrote:
[snip]
> 
> Thanks for reopening the bug report.

I managed it wrongly, the least I could do. Although know I'm closing it again 
;)
 
> > On the other hand we the maintainers do not currently consider this a Qt
> > bug, so feel free to clone it and reassign it to gcc.
> 
> I fear we would end up with reassign-ping-pong because both upstreams
> believe the other one is to blame for the bug.

Well it's just a matter of fixing the flags now.

[snip]
> > Not that much. Most of the dependencies will get the correct flags from
> > qt's .pro/.pri or cmake files automatically. Those who don't have just
> > discovered a bug. And if Qt is not passing the right flags (which I doubt
> > looking at the lastests KDE builds) please do file a bug against
> > src:qtbase-opensource-src specifying the problem.
> 
> Freeciv and Poppler use autotools for building their packages. If I read
> the Qt upstream bug correctly
> (https://bugreports.qt.io/browse/QTBUG-45755) they consider
> autoconf-based Qt builds to be a side issue which is a pity.

Right.

> Apparently
> Freeciv uses -fPIC for the Qt build but it gets overridden when -pie and
> all other hardening build flags are appended to the command-line and
> this breaks the whole build. I'm not aware of a simple way to build
> certain components of Freeciv (SDL- or GTK client) with -pie and the Qt
> client without -pie.
> 
> My Freeciv bug report can be found here:
> 
> http://gna.org/bugs/?23797

I have just skipped torugh it and you can know be sure to tell them they need 
to get the proper flags from Qt if they want to use Qt. And again, if anything 
that Qt provides is failing to provide the flags when it should be doing it, 
please file a bug.

> Thanks for your other explanations. I'm sure you guys do a great job
> with maintaining Qt and KDE as a whole for Debian.

I'm glad that at least we now know things are not that bad after all. But yes, 
downstreams will need to fix some stuff :-/

-- 

Lisandro Damián Nicanor Pérez Meyer
http://perezmeyer.com.ar/
http://perezmeyer.blogspot.com/

Attachment: signature.asc
Description: This is a digitally signed message part.


--- End Message ---
Reply to: