Bug 1548665
| Summary: | wireshark: Partial Fedora build flags injection | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Florian Weimer <fweimer> |
| Component: | wireshark | Assignee: | Michal Ruprich <mruprich> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 28 | CC: | denis, huzaifas, lemenkov, mruprich, msehnout, phatina, rvokal |
| Target Milestone: | --- | Keywords: | Reopened |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | wireshark-2.4.5-3.fc27 wireshark-2.4.5-3.fc28 wireshark-2.6.1-1.fc28 wireshark-2.6.1-1.fc27 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-05-30 14:10:00 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1539083 | ||
|
Description
Florian Weimer
2018-02-24 10:11:59 UTC
wireshark-2.4.5-1.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-ed785c3f1c wireshark-2.4.5-1.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-688817e677 wireshark-2.4.5-2.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-8f19212808 wireshark-2.4.5-2.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-89ed29a14b wireshark-2.4.5-2.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-8f19212808 wireshark-2.4.5-2.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-89ed29a14b wireshark-2.4.5-3.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-bfdad62cd6 wireshark-2.4.5-3.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-cdf3f8e8b0 wireshark-2.4.5-3.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-bfdad62cd6 wireshark-2.4.5-3.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-cdf3f8e8b0 wireshark-2.4.5-3.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report. wireshark-qt-2.4.5-3.fc28.x86_64 still lacks full RELRO:
$ checksec --file /usr/bin/wireshark-qt
RELRO STACK CANARY NX PIE RPATH RUNPATH FORTIFY Fortified Fortifiable FILE
Partial RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH Yes 6 13 /usr/bin/wireshark-qt
The RPM spec file is just bogus:
# FC5+ automatic -fstack-protector-all switch
export RPM_OPT_FLAGS=${RPM_OPT_FLAGS//-fstack-protector-strong/-fstack-protector-all}
export CFLAGS="$RPM_OPT_FLAGS $CPPFLAGS $PIECFLAGS -D_LARGEFILE64_SOURCE"
export CXXFLAGS="$RPM_OPT_FLAGS $CPPFLAGS $PIECFLAGS -D_LARGEFILE64_SOURCE"
export LDFLAGS="$RPM_OPT_FLAGS $LDFLAGS -pie -fPIC"
You should *really* use the standard build flags from redhat-rpm-config.
wireshark-2.4.5-3.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report. The latest wireshark in rawhide has full RELRO. Closing this bug. Florian, feel free to reopen it again should you think something else is missing. Thanks. /usr/bin/dumpcap and other programs in wireshark-cli-1:2.6.0-1.fc28.x86_64 still have this issue. These binaries have not been linked with BIND_NOW. Due to missing command lines from the build log, it is difficult to tell what is going on, but I think it's the faulty %build section mentioned in comment 12: %build %ifarch s390 s390x sparcv9 sparc64 export PIECFLAGS="-fPIE -fPIC" %else export PIECFLAGS="-fpie -fPIC" %endif # FC5+ automatic -fstack-protector-all switch export RPM_OPT_FLAGS=${RPM_OPT_FLAGS//-fstack-protector-strong/-fstack-protector-all} export CFLAGS="$RPM_OPT_FLAGS $CPPFLAGS $PIECFLAGS -D_LARGEFILE64_SOURCE" export CXXFLAGS="$RPM_OPT_FLAGS $CPPFLAGS $PIECFLAGS -D_LARGEFILE64_SOURCE" export LDFLAGS="$RPM_OPT_FLAGS $LDFLAGS -pie -fPIC" Let me repeat that this is broken, you should use the flags described here and not try to meddle with PIE/PIC flags explicitly: https://src.fedoraproject.org/rpms/redhat-rpm-config/blob/master/f/buildflags.md wireshark-2.6.0-2.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-7e307f3e5a wireshark-2.6.0-3.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-279a8f520b wireshark-2.6.0-3.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-279a8f520b wireshark-2.6.0-2.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-7e307f3e5a wireshark-2.6.1-1.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-d1cfa444d2 wireshark-2.6.1-1.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-3dfee621af wireshark-2.6.1-1.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-d1cfa444d2 wireshark-2.6.1-1.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-3dfee621af wireshark-2.6.1-1.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report. wireshark-2.6.1-1.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report. |