Your message dated Thu, 20 Aug 2015 18:31:09 -0300 with message-id <5131448.Slj8xefpkO@luna> and subject line Re: Bug#796166: qtbase-opensource-src: -reduce-relocations breaks build when all hardening build flags are enabled has caused the Debian Bug report #796166, regarding qtbase-opensource-src: -reduce-relocations breaks build when all hardening build flags are enabled to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 796166: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796166 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: qtbase-opensource-src: -reduce-relocations breaks build when all hardening build flags are enabled
- From: Markus Koschany <apo@gambaru.de>
- Date: Wed, 19 Aug 2015 23:31:12 +0200
- Message-id: <[🔎] 20150819213112.21845.28541.reportbug@conan>
Package: src:qtbase-opensource-src Version: 5.4.2+dfsg-8 Severity: normal Hi, I discovered that freeciv, particularly the freeciv-qt client, fails to build from source when I enable all hardening build flags including -fPIE,-pie (position independent executable). This has never been an issue before and it seems this regression surfaced with the introduction of GCC-5. I think Qt's -reduce-relocation option reduces our ability to harden our binaries. To workaround this bug I had to change from export DEB_BUILD_MAINT_OPTIONS = hardening=+all to export DEB_BUILD_MAINT_OPTIONS = hardening=+all,-pie This appears to be not the best solution and Freeciv is not the only affected package: https://bugs.debian.org/792592 There are similar bug reports for other distributions: https://bugs.archlinux.org/task/45283 and there is also a related GCC-5 bug report https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65886 According to the changelog this regression might have been introduced on 24 July 2015 by Rohan Garg. I'm not sure about the severity but I would really like to see the old behaviour again. Regards, Markus -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.1.0-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: unable to detect
--- End Message ---
--- Begin Message ---
- To: 796166-done@bugs.debian.org, 796166-submitter@bugs.debian.org
- Subject: Re: Bug#796166: qtbase-opensource-src: -reduce-relocations breaks build when all hardening build flags are enabled
- From: Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com>
- Date: Thu, 20 Aug 2015 18:31:09 -0300
- Message-id: <5131448.Slj8xefpkO@luna>
- In-reply-to: <[🔎] 55D63F16.4060701@gambaru.de>
- References: <[🔎] 20150819213112.21845.28541.reportbug@conan> <[🔎] 2410433.SiX7t62n9v@tonks> <[🔎] 55D63F16.4060701@gambaru.de>
I'm very happy to say that this is not a bug after all. I have just asked [upstream] and both Kevin and Thiago where clear: Kevin: "-fPIC actually allows the same hardening as -fPIE. PIE is basically the subset of PIC required for hardening." And: Thiago: "-fPIE is -fPIC but with some extra optimisations that assume that the code being generated is the first one to ever be loaded into memory. That means it knows none of its symbols may be interposed (including ones it copy-relocated) and that thread-specific variables may use the initial-exec and local-exec TLS models. . The problem isn't "preventing hardening". The problem is the hardening adding -fPIE to code that otherwise was already using -fPIC. Just leave it at -fPIC." [upstream] <http://lists.qt-project.org/pipermail/development/2015-August/022934.html> Non the less read below: On Thursday 20 August 2015 22:56:54 Markus Koschany wrote: [snip] > > Thanks for reopening the bug report. I managed it wrongly, the least I could do. Although know I'm closing it again ;) > > On the other hand we the maintainers do not currently consider this a Qt > > bug, so feel free to clone it and reassign it to gcc. > > I fear we would end up with reassign-ping-pong because both upstreams > believe the other one is to blame for the bug. Well it's just a matter of fixing the flags now. [snip] > > Not that much. Most of the dependencies will get the correct flags from > > qt's .pro/.pri or cmake files automatically. Those who don't have just > > discovered a bug. And if Qt is not passing the right flags (which I doubt > > looking at the lastests KDE builds) please do file a bug against > > src:qtbase-opensource-src specifying the problem. > > Freeciv and Poppler use autotools for building their packages. If I read > the Qt upstream bug correctly > (https://bugreports.qt.io/browse/QTBUG-45755) they consider > autoconf-based Qt builds to be a side issue which is a pity. Right. > Apparently > Freeciv uses -fPIC for the Qt build but it gets overridden when -pie and > all other hardening build flags are appended to the command-line and > this breaks the whole build. I'm not aware of a simple way to build > certain components of Freeciv (SDL- or GTK client) with -pie and the Qt > client without -pie. > > My Freeciv bug report can be found here: > > http://gna.org/bugs/?23797 I have just skipped torugh it and you can know be sure to tell them they need to get the proper flags from Qt if they want to use Qt. And again, if anything that Qt provides is failing to provide the flags when it should be doing it, please file a bug. > Thanks for your other explanations. I'm sure you guys do a great job > with maintaining Qt and KDE as a whole for Debian. I'm glad that at least we now know things are not that bad after all. But yes, downstreams will need to fix some stuff :-/ -- Lisandro Damián Nicanor Pérez Meyer http://perezmeyer.com.ar/ http://perezmeyer.blogspot.com/Attachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---