Build flags: Disable -z defs again (#1535422)

2018-01-29 15:18:04 +01:00 · 2018-01-29 15:18:04 +01:00 · 8d6c6d0761
commit 8d6c6d0761
parent 1b296f01fc
3 changed files with 17 additions and 10 deletions
--- a/buildflags.md
+++ b/buildflags.md
@ -76,7 +76,7 @@ the `CFLAGS` variable contents).
 ### Strict symbol checks in the link editor (ld)
-By default, the link editor will refuse to link shared objects which
+Optionally, the link editor will refuse to link shared objects which
 contain undefined symbols.  Such symbols lack symbol versioning
 information and can be bound to the wrong (compatibility) symbol
 version at run time, and not the actual (default) symbol version which
@ -86,10 +86,14 @@ not have complete dependency information (in the form of DT_NEEDED
 entries), which can lead to errors (crashes) if IFUNC resolvers are
 executed before the shared object containing them is fully relocated.
-With the default flags, link failures will occur if the linker command
+To switch on these checks, define this macro in the RPM spec file:
-line does not list all shared objects which are needed.  In this case,
+
-you need to add the missing DSOs (with linker arguments such as
+    %define _strict_symbol_defs_build 1
-`-lm`).  As a result, the link editor will also generated the
+
 If this RPM spec option is active, link failures will occur if the
 linker command line does not list all shared objects which are needed.
 In this case, you need to add the missing DSOs (with linker arguments
 such as `-lm`).  As a result, the link editor will also generated the
 necessary DT_NEEDED entries.
 In some cases (such as when a DSO is loaded as a plugin and is
@ -262,7 +266,7 @@ to the compiler driver `gcc`, and not directly to the link editor
  dynamic linking.  Full protection of relocation data requires the
  `-z now` flag (see below).
 * `-z defs`: Refuse to link shared objects (DSOs) with undefined symbols
-  (see above).
+  (optional, see above).
 For hardened builds, the
 `-specs=/usr/lib/rpm/redhat/redhat-hardened-ld` flag is added to the
--- a/6
+++ b/6
@ -167,9 +167,9 @@
 %_annotated_cflags	%{?_annotated_build:%{_annobin_cflags}}
 # Fail linking if there are undefined symbols.  Required for proper
-# ELF symbol versioning support.
+# ELF symbol versioning support.  Disabled by default.
-# Use %undefine _strict_symbol_defs_build" to disable.
+# Use "%define _strict_symbol_defs_build 1" to enable.
-%_strict_symbol_defs_build	1
+#%_strict_symbol_defs_build	1
 %_ld_symbols_flags		%{?_strict_symbol_defs_build:-Wl,-z,defs}
 %__global_compiler_flags	-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches %{_hardened_cflags} %{_annotated_cflags}
--- a/redhat-rpm-config.spec
+++ b/redhat-rpm-config.spec
@ -6,7 +6,7 @@
 Summary: Red Hat specific rpm configuration files
 Name: redhat-rpm-config
-Version: 86
+Version: 87
 Release: 1%{?dist}
 # No version specified.
 License: GPL+
@ -160,6 +160,9 @@ install -p -m 755 -t %{buildroot}%{_rpmconfigdir} kmod.prov
 %{_rpmconfigdir}/macros.d/macros.kmp
 %changelog
 * Mon Jan 29 2018 Florian Weimer <fweimer@redhat.com> - 87-1
 - Build flags: Disable -z defs again (#1535422)
 * Mon Jan 29 2018 Florian Weimer <fweimer@redhat.com> - 86-1
 - Build flags: Enable CET on i686, x86_64 (#1538725)