Bug#837359: ocaml: Please build libasmrun.a with -fPIC

To: submit@bugs.debian.org
Subject: Bug#837359: ocaml: Please build libasmrun.a with -fPIC
From: Balint Reczey <balint@balintreczey.hu>
Date: Sat, 10 Sep 2016 23:27:05 +0200
Message-id: <[🔎] 17e60547-3e18-2689-825f-00dc95ee2b67@balintreczey.hu>
Reply-to: Balint Reczey <balint@balintreczey.hu>, 837359@bugs.debian.org

Source: ocaml
Version: 4.02.3-7
Severity: important
User: balint@balintreczey.hu
Usertags: pie-bindnow-20160906
Justification: makes other ocaml packages FTBFS with extra hardening
Tags: patch
Affects: advi alt-ergo approx ara atdgen ben biniou bin-prot caml2html caml-crush camlimages camlmix camlp5 camomile cduce coccinelle coinst comparelib confluence coq cppo cryptokit cudf custom-printf dochelp dose3 eliom enumerate extlib fieldslib freetennis geneweb gmetadom haxe herelib janest-core janest-core-extended janest-core-kernel js-build-tools js-of-ocaml jsonm kalzium laby lambda-term libguestfs liquidsoap marionnet matita menhir mingw-ocaml misery mlpost monotone-viz mtasc oasis obus ocaml-atd ocaml-base64 ocaml-batteries ocaml-benchmark ocamlbricks ocamlcreal ocaml-csv ocaml-data-notation ocaml-deriving-ocsigen ocamldsort ocaml-estring ocaml-expect ocaml-extunix ocaml-fileutils ocaml-gettext ocamlgraph ocamlgsl ocaml-ipaddr ocaml-libvirt ocaml-melt ocamlmod ocaml-re ocaml-re2 ocaml-reins ocaml-res ocamlrss ocaml-sqlexpr ocaml-sqlite3 ocaml-textutils ocaml-usb ocamlviz ocaml-zarith ocp-indent ocsigenserver opam optcomp orpie ounit pa-bench pagodacf pa-ounit pa-structural-sexp pa-test pcre-ocaml pdfsandwich perl4caml pgocaml pipebang postgresql-ocaml ppx-core ppx-deriving ppx-driver ppx-optcomp ppx-sexp-conv ppx-type-conv prooftree scilab sexplib310 spamoracle supermin type-conv typerep tyxml unison utop uuidm variantslib virt-top why3 wyrd xml-light xmlm yojson zed

Dear Maintainers,

During a rebuild of all packages in sid, many ocaml packages
failed to build on amd64 with patched GCC and dpkg. The root cause
seems to be that libasmrun.a is shipped as a non-PIC library.

The rebuild tested if packages are ready for a transition
enabling PIE and bindnow for amd64.

For more information about the changes to sid's dpkg and GCC please
visit:
https://wiki.debian.org/Hardening/PIEByDefaultTransitio

Relevant part of advi's build log:
...
/usr/bin/ocamlopt -o advi \
         -I /usr/lib/ocaml/camlimages  \
        events.o grwm.o grY11.o /usr/lib/ocaml/camlimages/camlimages_core.cmxa /usr/lib/ocaml/graphics
.cmxa /usr/lib/ocaml/camlimages/camlimages_graphics.cmxa /usr/lib/ocaml/camlimages/camlimages_ps.cmxa 
/usr/lib/ocaml/camlimages/camlimages_freetype.cmxa unix.cmxa str.cmxa config.cmx misc.cmx timeout.cmx 
ageometry.cmx options.cmx rc.cmx userfile.cmx graphicsY11.cmx global_options.cmx busy.cmx gradient.cmx gterm.cmx launch.cmx dvicolor.cmx shot.cmx laser_pointer.cmx symbol.cmx input.cmx table.cmx pkfont.cmx ttfont.cmx jfm.cmx search.cmx font.cmx glyph.cmx devfont.cmx adviUnits.cmx dimension.cmx dvi.cmx drawimage.cmx gs.cmx transimpl.cmx embed.cmx grdev.cmx addons.cmx scratch.cmx cdvi.cmx driver.cmx thumbnails.cmx dviview.cmx main.cmx \
        -cclib -lXinerama -cclib -lcamlimages_freetype
/usr/bin/ld: /usr/lib/ocaml/libasmrun.a(startup.o): relocation R_X86_64_32 against `.rodata.str1.1' can not be used when making a shared object; recompile with -fPIC
/usr/bin/ld: /usr/lib/ocaml/libasmrun.a(fail.o): relocation R_X86_64_32 against symbol `caml_exn_Failure' can not be used when making a shared object; recompile with -fPIC
...

The full build log is available from:
https://people.debian.org/~rbalint/build-logs/pie-bindnow-20160906/advi_1.10.2-2_amd64.build.gz

The attached patch fixed the problem.

Thanks,
Balint

diff -Nru ocaml-4.02.3/debian/patches/0012-Use-pic.patch ocaml-4.02.3/debian/patches/0012-Use-pic.patch
--- ocaml-4.02.3/debian/patches/0012-Use-pic.patch	1970-01-01 01:00:00.000000000 +0100
+++ ocaml-4.02.3/debian/patches/0012-Use-pic.patch	2016-09-10 13:38:10.000000000 +0200
@@ -0,0 +1,17 @@
+Description: Generate Position Independent Code
+ This is needed for building Position Independent Executables
+Author: Balint Reczey <balint@balintreczey.hu>
+
+--- ocaml-4.02.3.orig/configure
++++ ocaml-4.02.3/configure
+@@ -1015,6 +1015,10 @@ fi
+ bytecccompopts="$bytecccompopts -D_FILE_OFFSET_BITS=64"
+ nativecccompopts="$nativecccompopts -D_FILE_OFFSET_BITS=64"
+ 
++# Use PIC
++
++nativecccompopts="$nativecccompopts -fPIC"
++
+ # Check the semantics of signal handlers
+ 
+ if sh ./hasgot sigaction sigprocmask; then
diff -Nru ocaml-4.02.3/debian/patches/series ocaml-4.02.3/debian/patches/series
--- ocaml-4.02.3/debian/patches/series	2016-07-15 22:20:10.000000000 +0200
+++ ocaml-4.02.3/debian/patches/series	2016-09-10 13:36:09.000000000 +0200
@@ -9,3 +9,4 @@
 0010-Enable-ocamldoc-to-build-reproducible-manpages.patch
 0010-Add-a-.file-directive-to-generated-.s-files.patch
 0011-Compatibility-with-x32-architecture.patch
+0012-Use-pic.patch

Reply to:

Follow-Ups:
- Bug#837359: ocaml: Please build libasmrun.a with -fPIC
  - From: Balint Reczey <balint@balintreczey.hu>
- Processed: Re: ocaml: Please build libasmrun.a with -fPIC
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Bug#837359: ocaml: Please build libasmrun.a with -fPIC
  - From: Stéphane Glondu <glondu@crans.org>

Prev by Date: camlzip_1.06-1_source.changes ACCEPTED into unstable
Next by Date: Processed: your mail
Previous by thread: camlzip_1.06-1_source.changes ACCEPTED into unstable
Next by thread: Bug#837359: ocaml: Please build libasmrun.a with -fPIC
Index(es):
- Date
- Thread