1541033 – openssl: Incomplete RPM build flags injection

Bug 1541033 - openssl: Incomplete RPM build flags injection

Summary: openssl: Incomplete RPM build flags injection

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	openssl
Sub Component:
Version:	rawhide
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Tomas Mraz
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	Fedora28BuildFlags
TreeView+	depends on / blocked

Reported:	2018-02-01 14:54 UTC by Florian Weimer
Modified:	2018-02-23 16:42 UTC (History)
CC List:	2 users (show)
Fixed In Version:	openssl-1.1.0g-6.fc28
Clone Of:
Environment:
Last Closed:	2018-02-23 16:42:59 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Florian Weimer 2018-02-01 14:54:57 UTC

In openssl-1.1.0g-3.fc28, /usr/bin/openssl has e_type ET_EXEC, so it is not a PIE executable.  This means that the RPM build flags injection was incomplete, and the preferred LDFLAGS setting is not used.  (Currently, linker flags are available via $RPM_LD_FLAGS.)

Comment 1 Florian Weimer 2018-02-23 14:01:29 UTC

The issue is still present in openssl-libs-1:1.1.0g-5.fc28.x86_64:

# checksec --file /usr/lib64/libcrypto.so.1.1.0g
RELRO           STACK CANARY      NX            PIE             RPATH      RUNPATH      FORTIFY Fortified Fortifiable  FILE
Partial RELRO   Canary found      NX enabled    DSO             No RPATH   No RUNPATH   Yes     8               21      /usr/lib64/libcrypto.so.1.1.0g

Note You need to log in before you can comment on or make changes to this bug.