Kern Sibbald wrote:
> Hello Scott,
>
> Someone else has gotten burned by rpm insisting on adding unwanted compiler
> options and the glibc fortify source code problem. He is suggesting the
> following patch -- see his email below.
>
> Would you comment on it?
>
> Perhaps something like the following for all systems:
>
> export CFLAGS="${CFLAGS} -D FORTIFY_SOURCE=0"
>
> (or whatever it should actually be) would solve these problems for good.
>
I tried this some time ago on fc8 with no success. The %configure RPM
macro apparently overwrites CFLAGS based on macros in /usr/lib/rpm,
/usr/lib/rpm/redhat, etc. I think to set CFLAGS in the spec file before
the configure is invoked, the spec file would have to use ./configure,
rather than the %configure macro. That would be very cumbersome, as then
the spec file would have to set CFLAGS for all platforms, not just the
ones with stack protection turned on by default. I ended up editing
%__global_cflags in /usr/lib/rpm/redhat/macros to get the correct CFLAGS
set. Of course, the problem with that is it also affects compilation of
everything else on that machine, not just Bacula.
The %configure macro also sets CXXFLAGS and FFLAGS in addition to
CFLAGS, btw.
There is no way, as far as I know, for a spec file to specify what the
CFLAGS are when using the %configure macro. It has to be done by messing
with the macro defines before running rpmbuild. There seems to be a
difference of opinion in who should have ultimate say in what the
compiler flags ought to be. The RPM philosophy seems to be that each
system should specify the flags to be used, and the spec file writer
should not be allowed to determine the compiler flags arbitrarily. I
suppose there is some merit to that, and it certainly simplifies the
spec file.
The glibc authors are not to blame. They provided flags for turning the
stack protection stuff on or off. It is the distros who are choosing to
turn it on by default. I would like to see the RPM guys compromise by
adding a parameter to %configure to turn just the stack protection off,
leaving %configure to set the other CFLAGS flags pertaining to
architecture, etc.
Bottom line is that, IMHO, there is nothing wrong with the Bacula spec
file in regards to CFLAGS (or CXXFLAGS, etc.). To compile for fc8+, edit
the global CFLAGS in /usr/lib/rpm/redhat/macros. There is a similar
macros file for SUSE, and any other RPM distro that by default turns on
the stack protection stuff. Perhaps a mention of this in the RPM
Packaging FAQ
(http://www.bacula.org/en/rel-manual/Bacula_RPM_Packaging_FAQ.html) is
all that is needed.
> Regards,
>
> Kern
>
> On Wednesday 21 January 2009 21:37:26 Yuri Timofeev wrote:
>
>> Hi
>>
>> See http://bugs.bacula.org/view.php?id=1218 "0001218: buffer overflow
>> detected"
>>
>> Maybe do a patch?
>>
>>
>> $ diff -u bacula.spec bacula.spec.new
>> --- bacula.spec 2009-01-10 17:13:41.000000000 +0200
>> +++ bacula.spec.new 2009-01-21 22:34:12.000000000 +0200
>> @@ -1417,6 +1417,10 @@
>>
>> %build
>>
>> +%if %{fc8}
>> +export 'CFLAGS=-D_FORTIFY_SOURCE=0'
>> +%endif
>> +
>> %if %{su9} || %{su10} || %{su102} || %{su103} || %{su110} || %{su111}
>> export LDFLAGS="${LDFLAGS} -L/usr/lib/termcap"
>> %endif
>>
>
>
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by:
> SourcForge Community
> SourceForge wants to tell your story.
> http://p.sf.net/sfu/sf-spreadtheword
> _______________________________________________
> Bacula-devel mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/bacula-devel
>
------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
Bacula-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bacula-devel
