#870383 libdpkg-perl: PIE specs files override previous entries

#870383#5
Date:
2017-08-01 15:09:21 UTC
From:
To:
Hi,

gpgme1.0 FTBFS on hurd-i386:
https://buildd.debian.org/status/fetch.php?pkg=gpgme1.0&arch=hurd-i386&ver=1.8.0-3&stamp=1486062988&raw=0

configure:19582: checking whether a simple qt program can be built
configure:19593: g++ -o conftest -g -O2 -fdebug-prefix-map=/<<PKGBUILDDIR>>=. -specs=/usr/share/dpkg/pie-compile.specs -fstack-protector-strong -Wformat -Werror=format-security -I/usr/include/i386-gnu/qt5/QtCore -I/usr/include/i386-gnu/qt5 -fpic -specs=/usr/share/dpkg/pie-link.specs -Wl,-z,relro -Wl,-z,now conftest.cpp -lQt5Core >&5
In file included from /usr/include/i386-gnu/qt5/QtCore/qcoreapplication.h:43:0,
                 from /usr/include/i386-gnu/qt5/QtCore/QCoreApplication:1,
                 from conftest.cpp:32:
/usr/include/i386-gnu/qt5/QtCore/qglobal.h:1113:4: error: #error "You must build your code with position independent code if Qt was built with -reduce-relocations. " "Compile your code with -fPIC (-fPIE is not enough)."
 #  error "You must build your code with position independent code if Qt was built with -reduce-relocations. "\


Andreas

#870383#18
Date:
2020-06-26 08:59:55 UTC
From:
To:
control: tags -1 patch
Hello,

the patch from Ubuntu seems enough to do the trick, can you please forward upstream?
I'm still waiting for my account to get accepted on dev.gnupg.org (I just registered)
diff -pruN 1.13.1-7/debian/patches/0006-PIC-and-shared.patch 1.13.1-7ubuntu2/debian/patches/0006-PIC-and-shared.patch
--- 1.13.1-7/debian/patches/0006-PIC-and-shared.patch	1970-01-01 00:00:00.000000000 +0000
+++ 1.13.1-7ubuntu2/debian/patches/0006-PIC-and-shared.patch	2017-05-12 07:22:23.000000000 +0000
@@ -0,0 +1,19 @@
+Description: Use -fPIC instead of -fpic.
+Author: Adam Conrad <adconrad@ubuntu.com>
+Last-Update: 2017-05-12
+
+Index: gpgme1.0-1.8.0/m4/qt.m4
+===================================================================
+--- gpgme1.0-1.8.0.orig/m4/qt.m4
++++ gpgme1.0-1.8.0/m4/qt.m4
+@@ -24,8 +24,9 @@ AC_DEFUN([FIND_QT],
+                     [have_qt5test_libs="no"])
+
+   if ! test "$have_w32_system" = yes; then
++    GPGME_QT_CFLAGS="$GPGME_QT_CFLAGS -shared"
+     if "$PKG_CONFIG" --variable qt_config Qt5Core | grep -q "reduce_relocations"; then
+-      GPGME_QT_CFLAGS="$GPGME_QT_CFLAGS -fpic"
++      GPGME_QT_CFLAGS="$GPGME_QT_CFLAGS -fPIC"
+     fi
+   fi
+   if test "$have_qt5_libs" = "yes"; then
diff -pruN 1.13.1-7/debian/patches/series 1.13.1-7ubuntu2/debian/patches/series
--- 1.13.1-7/debian/patches/series	2020-01-30 16:37:46.000000000 +0000
+++ 1.13.1-7ubuntu2/debian/patches/series	2020-02-14 00:43:13.000000000 +0000
@@ -5,3 +5,4 @@
 0005-tests-json-Bravo-key-does-not-have-secret-key-materi.patch
 0006-gpg-Send-with-keygrip-when-listing-keys.patch
 0007-use-FULL_PATH_NAMES-NO-for-reproducible-doxygen-docu.patch
+0006-PIC-and-shared.patch

thanks

Gianfranco

#870383#25
Date:
2020-06-29 18:42:21 UTC
From:
To:
control: forwarded -1 https://dev.gnupg.org/T4982

thanks

G.

#870383#34
Date:
2020-07-07 05:06:34 UTC
From:
To:
Hi!

I've split (to reuse both instead of cloning a new one) and reassigned
the bugs where it seems they belong. See below for context.

Yes this is what I had locally, thanks for testing! I'm including a
fix in the next upload.

I'm leaving this for the src:qtbase-opensource-src maintainers to
decide whether to pick up or not.

Thanks,
Guillem

#870383#47
Date:
2020-07-07 06:18:24 UTC
From:
To:
Hi!

Bug #870383 in package dpkg reported by you has been fixed in
the dpkg/dpkg.git Git repository. You can see the changelog below, and
you can check the diff of the fix at:

https://git.dpkg.org/cgit/dpkg/dpkg.git/diff/?id=73ff957bb
    data: Prefix the specs file spec string self_spec with + instead of *

    Using * as a prefix for the spec entry makes it override any previous
    setting. This is problematic when we pass two or more -specs options
    to the compiler (f.ex. to link and compile on the same run), as then
    only the last one will take effect, breaking the builds.

    Closes: #870383
    Ref: https://dev.gnupg.org/T4982
    Prompted-by: NIIBE Yutaka <gniibe@fsij.org>
    Tested-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

diff --git a/debian/changelog b/debian/changelog
index 57f14010f..b3c90561c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,11 @@
 dpkg (1.20.4) UNRELEASED; urgency=medium

   [ Guillem Jover ]
+  * Improve PIE flags support:
+    - Prefix the specs file spec string self_spec with + instead of *.
+      This way we do not override any previous setting, otherwise when
+      passing the -specs options twice (f.ex. to compile and link), only the
+      last one will take effect, which can break the build. Closes: #870383
   * Perl modules:
     - Dpkg::Source::Package: Explicitly initialize constructor options to
       their implicit values, otherwise other code end up assuming different

#870383#54
Date:
2020-07-07 06:33:49 UTC
From:
To:
We believe that the bug you reported is fixed in the latest version of
dpkg, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 870383@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Guillem Jover <guillem@debian.org> (supplier of updated dpkg package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Tue, 07 Jul 2020 07:57:48 +0200
Source: dpkg
Architecture: source
Version: 1.20.4
Distribution: unstable
Urgency: medium
Maintainer: Dpkg Developers <debian-dpkg@lists.debian.org>
Changed-By: Guillem Jover <guillem@debian.org>
Closes: 870383 964017 964111 964234
Changes:
 dpkg (1.20.4) unstable; urgency=medium
 .
   [ Guillem Jover ]
   * Improve PIE flags support:
     - Prefix the specs file spec string self_spec with + instead of *.
       This way we do not override any previous setting, otherwise when
       passing the -specs options twice (f.ex. to compile and link), only the
       last one will take effect, which can break the build. Closes: #870383
   * Perl modules:
     - Dpkg::Source::Package: Explicitly initialize constructor options to
       their implicit values, otherwise other code end up assuming different
       defaults. Closes: #964017
     - Dpkg::OpenPGP: Use a temporary directory for the GnuPG homedir in
       verify_signature(), to make sure we do not write to the user home
       directory, except for the trustkeys.db file if present.
     - Dpkg::Path: Refactor new check_directory_traversal() function out of
       Dpkg::Source::Package->extract().
     - Dpkg::Path: Do not do partial matches for directory traversal checks,
       expect a trailing slash after the base directory name.
     - Dpkg::Path: Catch uncanonicanizable pathnames with a proper error.
       Closes: #964111
     - Dpkg::Path: Do not consider missing symlink targets a directory
       traversal attempt. Closes: #964234
     - Dpkg::Path: Allow /dev/null for directory traversals.
       Reported by Holger Levsen <holger@layer-acht.org>.
   * Build system:
     - Add Module::Signature as configure recommends for CPAN.
   * Test suite:
     - Use File::Path::make_path() instead of chained mkdir() in Dpkg_Path.t.
     - Add unit tests for Dpkg::Path::check_directory_traversal().
 .
   [ Updated programs translations ]
   * German (Sven Joachim).
Checksums-Sha1:
 12983dabc712157582b2bcff0c1b0e6f1de9e65c 2109 dpkg_1.20.4.dsc
 41a445efe3c51e07b38948defd51e601683a5448 4715020 dpkg_1.20.4.tar.xz
 413c302f34195f09a53ef23943c9ebda3f811802 7501 dpkg_1.20.4_amd64.buildinfo
Checksums-Sha256:
 2762a810d5c151316d170bc0ab6e610283e6454c5df5c34edd2fd33d0c79a64a 2109 dpkg_1.20.4.dsc
 3430d76d75b66eeccad8382dad7148e6f46fedce90587964608f0c5c733abe52 4715020 dpkg_1.20.4.tar.xz
 e78395058970d3c8dc03b462de8459104fbe12edc71f88af9c0617264da2bc2b 7501 dpkg_1.20.4_amd64.buildinfo
Files:
 19ca3ea2f56ee6cf181a4e5dc14e16e6 2109 admin required dpkg_1.20.4.dsc
 58f92b5d3d464629119148a1fa3eb331 4715020 admin required dpkg_1.20.4.tar.xz
 6b8be7267af03c5acb91430f3d8e2325 7501 admin required dpkg_1.20.4_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEETz509DYFDBD1aWV0uXK/PqSuV6MFAl8EET0ACgkQuXK/PqSu
V6Ms6g//Y1YBiJHcObBffo1yrWIVQxmDJx1V52NMjMQcZiJEoRDsCkHJzoBoeyHq
VzI807ztMGXpr4P9+2kdgN1N0JcG6vKEB/VtnIbNdoEmIx13RoBM5WVnG04oRevL
Sh6lCsFkET/in71O/CO6hpMV5KsNaoXuiLsJwZ3ggTeuKBinRhlCRfphU28gM8hE
8HvM+oBnitmuCLItoOT9MUps4B0LU1cCLf+mpsbKcJiTIZinbH8EyDx5BvNxf4fe
avX2++4WTJirlesXkkOh3A/PjwRER6QGJqV24unDDjStQSab2TVKKk5pmna+V0kT
ifI8qqOvLDbflT7MAyOklHTxnVK6TDUNSSNC+CyzO/g+vDuFweIpNQF7fcbtMT8w
HF37am4F6UjiQiVpKEAhlVPK1dunG37IYZAQWAY069ywQ48WJPc9KdsbuEPSqH8J
oAdrdx4OFLwz4KD9c31mMnzPzmJjWNtNMf/rxh0/fHypSbftF1ylVHcmVdy0mk7t
9JdHTS3PV37aQnOS4O450IujaUrbBkSU56By+jfsKaDW9W/nsk0+M2MHHAHfvV4f
qNjopmgDbi8CwIZcf8z4aWbXNSWstMa1fXrDQvMPsCDd20qeH9N6Cb//800l5/jF
E00ilFm/yykwBgBJxR/ujv7R0sWB3oxnXAN9cMT9cAB8qR2A1ZA=
=ra/4
-----END PGP SIGNATURE-----

#870383#59
Date:
2020-07-07 14:02:35 UTC
From:
To:
Control: reopen -1
Control: tag -1 - patch

Ok, so Thorsten Glaser very helpfully pointed out that this is actually
bogus, as the + is supposed to go with the text not the spec name (which
was already there!). In this case I assume it gets interpreted as a
«[SUFFIX]:» entry, and then this get completely ignored (w/o an error
diagnostic), disabling all the specs files (confirmed by Thorsten on
x32), that's why the specific problem with gpgme+Qt stopped failing in
Daniel's tests.

I'll revert this in a quick .5 upload later today, and then try to
track down what's going on, and add some unit tests for the specs files,
so that this gets tested on architectures where it truly affects them.

Thanks,
Guillem

#870383#70
Date:
2022-01-27 10:05:23 UTC
From:
To:
Hello,

After two years, gpgme1.0 now builds fine, so maybe its time to close this bug?

G.

#870383#75
Date:
2022-06-06 10:55:13 UTC
From:
To:

Closing then

G.