Description of problem: The i386 gpg binaries has text relocations. This is in fact a security problem now that the SELinux policy needs to be relaxed if this isn't fixed. The problem is the stupid way asm files are compiled. This might be necessary for other compilers, but not for gcc. We need the compiler, at preprocess time, see the symbol PIC defined (the asm code already handles this). So the proposed change consists of two parts: 1. add -DPIC to the compier command line. This should happen along with adding -fPIE in the .spec file 2. a patch to mpi/Makefile.{am,in} to use a simple rule to compile .S files Version-Release number of selected component (if applicable): gnupg-1.2.6-2 How reproducible: always Steps to Reproduce: 1. eu-readelf -d /usr/bin/gpg|grep TEXTREL 2. 3. Actual results: TEXTREL Expected results: No output Additional info: In the spec file change this @@ -31,7 +33,7 @@ %ifarch ppc64 configure_flags=--disable-asm %endif -CFLAGS="$RPM_OPT_FLAGS -fPIE" ; export CFLAGS +CFLAGS="$RPM_OPT_FLAGS -fPIE -DPIC" ; export CFLAGS LDFLAGS="$RPM_OPT_FLAGS -pie" ; export LDFLAGS %configure --disable-rpath --libexecdir=%{_libdir} --with-zlib $configure_flags and add the attached patch.
Created attachment 110084 [details] patch to get PID passed to compiler
Adding to 1.4.0-1, thanks!