Bug 1548549

Summary: ksh: Partial Fedora build flags injection
Product: [Fedora] Fedora Reporter: Florian Weimer <fweimer>
Component: kshAssignee: Siteshwar Vashisht <svashisht>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: kdudka, mhlavink, svashisht
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ksh-20120801-246.fc28 ksh-20120801-247.fc28 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1585847 (view as bug list) Environment:
Last Closed: 2018-06-14 19:13:27 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1539083, 1585847    

Description Florian Weimer 2018-02-23 20:11:24 UTC 
/usr/bin/ksh and ksh-20120801-245.fc28.x86_64 are not linked with the standard Fedora linker flags (LDFLAGS) from redhat-rpm-config.  Specifically, they are not PIE/do not use ASLR.

It seems there isn't any LDFLAGS injection at all:

+ cc -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -mcet -fcf-protection -fno-strict-aliasing -Wno-unknown-pragmas -Wno-missing-braces -Wno-unused-result -Wno-return-type -Wno-int-to-pointer-cast -Wno-parentheses -Wno-unused -Wno-unused-but-set-variable -Wno-cpp -P -L. -L/builddir/build/BUILD/ksh-20120801/arch/linux.i386-64/lib -o ksh pmain.o libshell.a /builddir/build/BUILD/ksh-20120801/arch/linux.i386-64/lib/libdll.a -ldl /builddir/build/BUILD/ksh-20120801/arch/linux.i386-64/lib/libast.a -ldl /builddir/build/BUILD/ksh-20120801/arch/linux.i386-64/lib/libast.a /builddir/build/BUILD/ksh-20120801/arch/linux.i386-64/lib/libcoshell.a /builddir/build/BUILD/ksh-20120801/arch/linux.i386-64/lib/libast.a /builddir/build/BUILD/ksh-20120801/arch/linux.i386-64/lib/libast.a /builddir/build/BUILD/ksh-20120801/arch/linux.i386-64/lib/libcmd.a -lutil /builddir/build/BUILD/ksh-20120801/arch/linux.i386-64/lib/libast.a -lutil /builddir/build/BUILD/ksh-20120801/arch/linux.i386-64/lib/libast.a /builddir/build/BUILD/ksh-20120801/arch/linux.i386-64/lib/libast.a -lm /builddir/build/BUILD/ksh-20120801/arch/linux.i386-64/lib/libast.a

See https://src.fedoraproject.org/rpms/redhat-rpm-config/blob/master/f/buildflags.md for information on RPM macros and environment variables provided by the build environment.
Comment 1 Fedora Update System 2018-03-13 16:21:59 UTC 
ksh-20120801-246.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-c8b6c836c7
Comment 2 Fedora Update System 2018-03-14 18:05:08 UTC 
ksh-20120801-246.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-c8b6c836c7
Comment 3 Fedora Update System 2018-06-04 23:10:40 UTC 
ksh-20120801-247.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-0afe775633
Comment 4 Fedora Update System 2018-06-05 14:50:09 UTC 
ksh-20120801-247.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-0afe775633
Comment 5 Fedora Update System 2018-06-14 19:13:27 UTC 
ksh-20120801-247.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.