1548674 – rstp: Does not use Fedora linker flags

Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1548674 - rstp: Does not use Fedora linker flags

Summary: rstp: Does not use Fedora linker flags

Keywords:
Status:	CLOSED EOL
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	rstp
Sub Component:
Version:	28
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Neil Horman
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	Fedora28BuildFlags
TreeView+	depends on / blocked

Reported:	2018-02-24 10:47 UTC by Florian Weimer
Modified:	2019-05-28 20:14 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-05-28 20:14:12 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Florian Weimer 2018-02-24 10:47:19 UTC

/sbin/rstpctl and /sbin/rstpd in rstp-04012009git-21.fc28.x86_64 have not been linked with the standard Fedora linker flags (LDFLAGS) from redhat-rpm-config.

Looking at the build log, there is no linker flags injection at all:

gcc -o rstpctl ctl_main.o ctl_cli_wrap.o ctl_socket_client.o

See https://src.fedoraproject.org/rpms/redhat-rpm-config/blob/master/f/buildflags.md for information on RPM macros and environment variables provided by the build environment.

Comment 1 Florian Weimer 2018-03-05 15:56:20 UTC

Sorry, the changes did not have the intended effect:

# checksec --file /sbin/rstpd 
RELRO           STACK CANARY      NX            PIE             RPATH      RUNPATH      FORTIFY Fortified Fortifiable  FILE
Partial RELRO   Canary found      NX enabled    No PIE          No RPATH   No RUNPATH   Yes     6               12      /sbin/rstpd

# checksec --file /sbin/rstpctl 
RELRO           STACK CANARY      NX            PIE             RPATH      RUNPATH      FORTIFY Fortified Fortifiable  FILE
Partial RELRO   Canary found      NX enabled    No PIE          No RPATH   No RUNPATH   Yes     6               7       /sbin/rstpctl

# rpm -qf /sbin/rstpd
rstp-04012009git-22.fc29.x86_64

Comment 2 Neil Horman 2018-03-05 23:21:52 UTC

Thats odd, i added __global_ldflags to the cflags line in the spec file and it was exported:
export 'CFLAGS=-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic -Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld'

And the inclusion of redhat-hardend-ld should have picked up the pie bits.

Comment 3 Florian Weimer 2018-03-08 18:49:20 UTC

Looks like a makefile bug.  From the build log:

gcc -o rstpd brstate.o libnetlink.o epoll_loop.o bridge_track.o packet.o ctl_socket.o netif_utils.o main.o brmon.o -L ./rstplib -lrstp

So the makefile doesn't seem to use $(LDFLAGS) at all, or maybe it's not passed down from the outer make.

Comment 4 Neil Horman 2018-03-08 18:53:05 UTC

oh, you're right, the cflags are picked up, but nothing during the link.  I can fix that.

Comment 5 Florian Weimer 2018-03-19 17:10:03 UTC

Would you please put the fix into Fedora 28, too?  Thanks.

Comment 6 Fedora Update System 2018-03-19 20:38:13 UTC

rstp-04012009git-23.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-0feb6e4a1a

Comment 7 Fedora Update System 2018-03-20 14:52:37 UTC

rstp-04012009git-23.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-0feb6e4a1a

Comment 8 Florian Weimer 2018-04-09 09:54:42 UTC

Not sure why I didn't see this earlier.  Maybe due to the Beta freeze, which prevented Fedora 28 updates.

There is still no LDFLAGS injection in rstp-04012009git-23.fc28:

gcc -o rstpctl ctl_main.o ctl_cli_wrap.o ctl_socket_client.o

Comment 9 Neil Horman 2018-04-09 16:53:44 UTC

changed CFLAGS export to pickup build_cflags rather than __globlal_ldflags, which was in error, but the LDFLAGS were correct, they appear to be picking up the build_ldflags just fine in this scratch build:
https://koji.fedoraproject.org/koji/taskinfo?taskID=26271668

I've updated the package for the CFLAGS issue

Comment 10 Fedora Update System 2018-04-09 17:10:54 UTC

rstp-04012009git-24.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-d64b2e1b72

Comment 11 Fedora Update System 2018-04-10 22:51:11 UTC

rstp-04012009git-24.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-d64b2e1b72

Comment 12 Florian Weimer 2018-04-11 10:02:01 UTC

(In reply to Neil Horman from comment #9)
> changed CFLAGS export to pickup build_cflags rather than __globlal_ldflags,
> which was in error, but the LDFLAGS were correct, they appear to be picking
> up the build_ldflags just fine in this scratch build:
> https://koji.fedoraproject.org/koji/taskinfo?taskID=26271668
> 
> I've updated the package for the CFLAGS issue

There's still no LDFLAGS inheritance for the linker invocations in the scratch build:

gcc -o rstpctl ctl_main.o ctl_cli_wrap.o ctl_socket_client.o

Seems to affect rstp-04012009git-24.fc28 as well.

Sorry. 8-(

Comment 13 Neil Horman 2018-04-12 17:39:29 UTC

I honestly don't see what you're talking about florian.  In my scratch build above from comment 9, I see this line:
gcc -o rstpd brstate.o libnetlink.o epoll_loop.o bridge_track.o packet.o ctl_socket.o netif_utils.o main.o brmon.o -Wl,-z,relro  -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -L ./rstplib -lrstp

That looks to me like its picking up the relro, now and specs flags.  What more are you looking for?

Comment 14 Florian Weimer 2018-05-14 11:15:23 UTC

(In reply to Neil Horman from comment #13)
> I honestly don't see what you're talking about florian.  In my scratch build
> above from comment 9, I see this line:
> gcc -o rstpd brstate.o libnetlink.o epoll_loop.o bridge_track.o packet.o
> ctl_socket.o netif_utils.o main.o brmon.o -Wl,-z,relro  -Wl,-z,now
> -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -L ./rstplib -lrstp
> 
> That looks to me like its picking up the relro, now and specs flags.  What
> more are you looking for?

The line I quoted was about rstpctl, not rstpd.  Apparently, only one of them was fixed.

Comment 15 Ben Cotton 2019-05-02 21:47:12 UTC

This message is a reminder that Fedora 28 is nearing its end of life.
On 2019-May-28 Fedora will stop maintaining and issuing updates for
Fedora 28. It is Fedora's policy to close all bug reports from releases
that are no longer maintained. At that time this bug will be closed as
EOL if it remains open with a Fedora 'version' of '28'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 28 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

Comment 16 Ben Cotton 2019-05-28 20:14:12 UTC

Fedora 28 changed to end-of-life (EOL) status on 2019-05-28. Fedora 28 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.