Yes, thanks for pointing this out, I realized this problem with the silly
RPM "defaults" about 5 minutes after I sent my email. In any case, I am
leaving this to Scott to handle the way he feels the best.
Regards,
Kern
On Thursday 22 January 2009 16:42:14 Josh Fisher wrote:
> Kern Sibbald wrote:
> > Hello Scott,
> >
> > Someone else has gotten burned by rpm insisting on adding unwanted
> > compiler options and the glibc fortify source code problem. He is
> > suggesting the following patch -- see his email below.
> >
> > Would you comment on it?
> >
> > Perhaps something like the following for all systems:
> >
> > export CFLAGS="${CFLAGS} -D FORTIFY_SOURCE=0"
> >
> > (or whatever it should actually be) would solve these problems for good.
>
> I tried this some time ago on fc8 with no success. The %configure RPM
> macro apparently overwrites CFLAGS based on macros in /usr/lib/rpm,
> /usr/lib/rpm/redhat, etc. I think to set CFLAGS in the spec file before
> the configure is invoked, the spec file would have to use ./configure,
> rather than the %configure macro. That would be very cumbersome, as then
> the spec file would have to set CFLAGS for all platforms, not just the
> ones with stack protection turned on by default. I ended up editing
> %__global_cflags in /usr/lib/rpm/redhat/macros to get the correct CFLAGS
> set. Of course, the problem with that is it also affects compilation of
> everything else on that machine, not just Bacula.
>
> The %configure macro also sets CXXFLAGS and FFLAGS in addition to
> CFLAGS, btw.
>
> There is no way, as far as I know, for a spec file to specify what the
> CFLAGS are when using the %configure macro. It has to be done by messing
> with the macro defines before running rpmbuild. There seems to be a
> difference of opinion in who should have ultimate say in what the
> compiler flags ought to be. The RPM philosophy seems to be that each
> system should specify the flags to be used, and the spec file writer
> should not be allowed to determine the compiler flags arbitrarily. I
> suppose there is some merit to that, and it certainly simplifies the
> spec file.
>
> The glibc authors are not to blame. They provided flags for turning the
> stack protection stuff on or off. It is the distros who are choosing to
> turn it on by default. I would like to see the RPM guys compromise by
> adding a parameter to %configure to turn just the stack protection off,
> leaving %configure to set the other CFLAGS flags pertaining to
> architecture, etc.
>
> Bottom line is that, IMHO, there is nothing wrong with the Bacula spec
> file in regards to CFLAGS (or CXXFLAGS, etc.). To compile for fc8+, edit
> the global CFLAGS in /usr/lib/rpm/redhat/macros. There is a similar
> macros file for SUSE, and any other RPM distro that by default turns on
> the stack protection stuff. Perhaps a mention of this in the RPM
> Packaging FAQ
> (http://www.bacula.org/en/rel-manual/Bacula_RPM_Packaging_FAQ.html) is
> all that is needed.
>
> > Regards,
> >
> > Kern
> >
> > On Wednesday 21 January 2009 21:37:26 Yuri Timofeev wrote:
> >> Hi
> >>
> >> See http://bugs.bacula.org/view.php?id=1218 "0001218: buffer overflow
> >> detected"
> >>
> >> Maybe do a patch?
> >>
> >>
> >> $ diff -u bacula.spec bacula.spec.new
> >> --- bacula.spec 2009-01-10 17:13:41.000000000 +0200
> >> +++ bacula.spec.new 2009-01-21 22:34:12.000000000 +0200
> >> @@ -1417,6 +1417,10 @@
> >>
> >> %build
> >>
> >> +%if %{fc8}
> >> +export 'CFLAGS=-D_FORTIFY_SOURCE=0'
> >> +%endif
> >> +
> >> %if %{su9} || %{su10} || %{su102} || %{su103} || %{su110} || %{su111}
> >> export LDFLAGS="${LDFLAGS} -L/usr/lib/termcap"
> >> %endif
> >
> > -------------------------------------------------------------------------
> >----- This SF.net email is sponsored by:
> > SourcForge Community
> > SourceForge wants to tell your story.
> > http://p.sf.net/sfu/sf-spreadtheword
> > _______________________________________________
> > Bacula-devel mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/bacula-devel
------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
Bacula-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bacula-devel
