Bug#837658: libfl-dev: Please build libfl_pic.a with -fPIC

2016-10-19 Thread Graham Inggs
binNMU against gcc-6 6.2.0-7 requested in #841203.



Bug#837658: libfl-dev: Please build libfl_pic.a with -fPIC

2016-09-13 Thread Balint Reczey
Source: libfl-dev
Version: 2.6.1-1
Severity: important
User: bal...@balintreczey.hu
Usertags: pie-bindnow-20160906
Justification: makes filters FTBFS with extra hardening
Affects: filters motif

Dear Maintainers,

During a rebuild of all packages in sid, filters
failed to build on amd64 with patched GCC and dpkg. The root
cause seems to be that libfl_pic.a is shipped as a non-PIC library.

The rebuild tested if packages are ready for a transition
enabling PIE and bindnow for amd64 (and selected architectures).

For more information about the changes to sid's dpkg and GCC please
visit:
 https://wiki.debian.org/Hardening/PIEByDefaultTransition

Relevant part of filters's build log:
...
flex -t jethro.l > jethro.c
cc -o jethro jethro.c -g -O2 -fdebug-prefix-map=/<>=.
-fstack-protector-strong -Wformat -Werror=format-security -Wdate-time
-D_FORTIFY_SOURCE=2 -lfl -Wl,-z,relro -Wl,-z,now
/usr/bin/ld: /usr/lib/x86_64-linux-gnu/libfl_pic.a(libmain.o):
relocation R_X86_64_PC32 against symbol `exit@@GLIBC_2.2.5' can not be
used when making a shared object; recompile with -fPIC
/usr/bin/ld: final link failed: Bad value
collect2: error: ld returned 1 exit status
Makefile:35: recipe for target 'jethro' failed
...

The full build log is available from:
 
https://people.debian.org/~rbalint/build-logs/pie-bindnow-20160906/filters_2.55-1_amd64.build.gz

Thanks,
Balint