On 09/17/2015 12:53 PM, Alexander Todorov wrote:
> Is it realistic to request a RFE with this information stored in the
> compiled object and then be read by readelf ? If so I can file bugs in
> bugzilla.redhat.com or upstream .
elfutils would be a more likely choice to implement that tool.
Note
На 18.09.2015 в 03:15, Steve Grubb написа:
I think Florian answered this. Indeed, the --debug-dump option does
find these strings, but they are mixed in with other data. I think that
if there is no canary and flags were passed, its not a problem. If the
flags are absent, the build scripts are su
On Thu, 17 Sep 2015 13:53:38 +0300
Alexander Todorov wrote:
> На 17.09.2015 в 13:34, Steve Grubb написа:
> > On Thu, 17 Sep 2015 11:07:37 +0300
> > Alexander Todorov wrote:
> >
> >> Can somebody comment on the -fstack-protector-all vs
> >> -fstack-protector-strong issue ? Do we want to change th
On Thu, Sep 17, 2015 at 16:45:46 +0300, Alexander Todorov wrote:
> I meant turning it on globally as in "everything built with CMake in Fedora",
> like updating the default flags in a RPM macro or updating the default CMake
> config in Fedora. Which will change all the packages using CMake once t
На 17.09.2015 в 16:24, Ben Boeckel написа:
Ben,
is there any way this CMake property be turned on globally ?
When a target is made, the POSITION_INDEPENDENT_CODE property is set to
the value of CMAKE_POSITION_INDEPENDENT_CODE and may then be overridden
manually. Anything that turns it or the p
On Thu, 2015-09-17 at 12:00 +0100, Steve Grubb wrote:
> Also, the full RELRO thing is a bit oversold. You need it if the
> executable is PIE, and that's not needed in the general case. There are
> far worse problems that are easy to fix that are not getting attention.
> With the RELRO thing, you a
On Thu, Sep 17, 2015 at 10:57:28 +0300, Alexander Todorov wrote:
> FYI:
> https://bugzilla.redhat.com/show_bug.cgi?id=1263957
Thanks.
> > [1]http://www.cmake.org/cmake/help/v3.3/prop_tgt/POSITION_INDEPENDENT_CODE.html
>
> Ben,
> is there any way this CMake property be turned on globally ?
When
On 09/17/2015 01:03 PM, Alexander Todorov wrote:
> На 17.09.2015 в 12:26, Richard W.M. Jones написа:
>>> As far as I can see most of them report "Partial RELRO" which may
>>> well be fixed as you propose below. If not I can easily exclude
>>> them.
>>
>> They're intermediate files used by developer
On Thu, Sep 17, 2015 at 02:03:51PM +0300, Alexander Todorov wrote:
> На 17.09.2015 в 12:26, Richard W.M. Jones написа:
> >>As far as I can see most of them report "Partial RELRO" which may
> >>well be fixed as you propose below. If not I can easily exclude
> >>them.
> >
> >They're intermediate file
На 17.09.2015 в 12:26, Richard W.M. Jones написа:
As far as I can see most of them report "Partial RELRO" which may
well be fixed as you propose below. If not I can easily exclude
them.
They're intermediate files used by developers. They aren't runnable
binaries. I think everything in %{libdi
On Wed, 16 Sep 2015 19:24:02 +0300
Alexander Todorov wrote:
> Including fedora-devel on this topic.
>
> На 12.09.2015 в 08:48, Dominik 'Rathann' Mierzejewski написа:
> >>>
> >>> Question is how to deal with these because they appear to be in
> >>> the hundreds ?
> >>
> >> How many, exactly? We h
На 17.09.2015 в 13:34, Steve Grubb написа:
On Thu, 17 Sep 2015 11:07:37 +0300
Alexander Todorov wrote:
Can somebody comment on the -fstack-protector-all vs
-fstack-protector-strong issue ? Do we want to change the default for
%__global_cflags in /usr/lib/rpm/redhat/macros ?
-all is not neede
On Thu, 17 Sep 2015 11:07:37 +0300
Alexander Todorov wrote:
> Can somebody comment on the -fstack-protector-all vs
> -fstack-protector-strong issue ? Do we want to change the default for
> %__global_cflags in /usr/lib/rpm/redhat/macros ?
-all is not needed, -strong is the right balance between s
On Thu, Sep 17, 2015 at 11:27:36AM +0300, Alexander Todorov wrote:
> На 16.09.2015 в 22:59, Richard W.M. Jones написа:
> >The majority of the packages of mine on this list fall into
> >three groups:
> >
> > - erlang packages
> >
> > - mingw packages
> >
> > - ocaml packages
> >
> >I'm pretty sur
На 17.09.2015 в 06:28, Jerry James написа:
I am baffled as to why some of my packages show up on this list, as
they use %configure or invoke gcc with both $RPM_OPT_FLAGS and
$RPM_LD_FLAGS. For example, memtailor, which I just built yesterday,
shows as lacking a canary, but it uses the %configure
На 17.09.2015 в 06:28, Jerry James написа:
On Wed, Sep 16, 2015 at 10:24 AM, Alexander Todorov wrote:
Please let me know which packages need to genuinely be excluded and what
should we do with these packages ? Some will probably be fixed once they are
rebuilt but that may take a while.
Some l
На 16.09.2015 в 22:59, Richard W.M. Jones написа:
The majority of the packages of mine on this list fall into
three groups:
- erlang packages
- mingw packages
- ocaml packages
I'm pretty sure mingw packages should all be excluded. Who knows what
Windows uses (and who cares).
Hi Rich
На 16.09.2015 в 23:05, Kaleb S. KEITHLEY написа:
On 09/16/2015 01:19 PM, Jason L Tibbitts III wrote:
"AT" == Alexander Todorov writes:
AT> offending packages. You can find links to the script and execution
AT> log here:
AT> http://atodorov.org/blog/2015/09/16/4000-bugs-in-fedora-checksec-fail
На 16.09.2015 в 21:56, Adam Jackson написа:
On Wed, 2015-09-16 at 18:26 +0100, Peter Robinson wrote:
What is the proper fix to these issues? Having fixed some myself and
ajax having looked at a bunch of them I don't think it's as simple as
just mass rebuilding the packages.
A lot of it is lib
На 17.09.2015 в 08:33, Ben Boeckel написа:
On Wed, 16 Sep, 2015 at 16:24:02 GMT, Alexander Todorov wrote:
Please let me know which packages need to genuinely be excluded and what should
we do with these packages ? Some will probably be fixed once they are rebuilt
but that may take a while.
Any
On Wed, 16 Sep, 2015 at 16:24:02 GMT, Alexander Todorov wrote:
> Please let me know which packages need to genuinely be excluded and what
> should
> we do with these packages ? Some will probably be fixed once they are rebuilt
> but that may take a while.
>
> Any package maintainers out there -
On Wed, Sep 16, 2015 at 10:24 AM, Alexander Todorov wrote:
> Please let me know which packages need to genuinely be excluded and what
> should we do with these packages ? Some will probably be fixed once they are
> rebuilt but that may take a while.
Some language environments provide their own me
On 09/16/2015 01:19 PM, Jason L Tibbitts III wrote:
>> "AT" == Alexander Todorov writes:
>
> AT> offending packages. You can find links to the script and execution
> AT> log here:
> AT> http://atodorov.org/blog/2015/09/16/4000-bugs-in-fedora-checksec-failures/
>
> BTW to see if any packages
On Wed, Sep 16, 2015 at 07:24:02PM +0300, Alexander Todorov wrote:
> Including fedora-devel on this topic.
>
> На 12.09.2015 в 08:48, Dominik 'Rathann' Mierzejewski написа:
> >>>
> >>>Question is how to deal with these because they appear to be in the
> >>>hundreds ?
> >>
> >>How many, exactly? W
On Wed, 2015-09-16 at 18:26 +0100, Peter Robinson wrote:
> What is the proper fix to these issues? Having fixed some myself and
> ajax having looked at a bunch of them I don't think it's as simple as
> just mass rebuilding the packages.
A lot of it is libtool being shit, which is nothing new I su
On 09/16/2015 11:08 AM, Orion Poplawski wrote:
> On 09/16/2015 10:24 AM, Alexander Todorov wrote:
>> From today's Rawhide snapshot my script counted around 4500 offending
>> packages. You can find links to the script and execution log here:
>> http://atodorov.org/blog/2015/09/16/4000-bugs-in-fedora
On 16/09/15 18:19, Jason L Tibbitts III wrote:
Of course, several packages I comaintain are on the list (mainly due to
Partial RELRO) and I have zero idea how to fix them. I read about what
RELRO means from the blog post but that doesn't tell me what I actually
need to do to make the errors go
> На 12.09.2015 в 08:48, Dominik 'Rathann' Mierzejewski написа:
Question is how to deal with these because they appear to be in the
hundreds ?
>>>
>>>
>>> How many, exactly? We have around 2 SRPMs in the distribution.
>>
>>
>
> From today's Rawhide snapshot my script counted
> "AT" == Alexander Todorov writes:
AT> offending packages. You can find links to the script and execution
AT> log here:
AT> http://atodorov.org/blog/2015/09/16/4000-bugs-in-fedora-checksec-failures/
BTW to see if any packages you own are on the list, you can do:
wget
https://raw.githubuse
Including fedora-devel on this topic.
На 12.09.2015 в 08:48, Dominik 'Rathann' Mierzejewski написа:
Question is how to deal with these because they appear to be in the hundreds ?
How many, exactly? We have around 2 SRPMs in the distribution.
From today's Rawhide snapshot my script cou
30 matches
Mail list logo