hardenedbsd-ports issueshttps://git.hardenedbsd.org/hardenedbsd/hardenedbsd-ports/-/issues2021-04-03T19:35:46Zhttps://git.hardenedbsd.org/hardenedbsd/hardenedbsd-ports/-/issues/22Fix scrot's CFI violation2021-04-03T19:35:46ZShawn WebbFix scrot's CFI violationScrot version 1.5 violates CFI, causing it to crash. The first step will be to disable CFI for it in the ports tree. The second step will be to determine where the crash happened and provide a patch to upstream. Once the patch is accepte...Scrot version 1.5 violates CFI, causing it to crash. The first step will be to disable CFI for it in the ports tree. The second step will be to determine where the crash happened and provide a patch to upstream. Once the patch is accepted upstream, we can bring the accepted patch into our ports tree, using it until the Scrot releases a new, fixed version.Shawn WebbShawn Webbhttps://git.hardenedbsd.org/hardenedbsd/hardenedbsd-ports/-/issues/1Thunderbird doesn't compile because of mismathching compile options2021-03-18T22:54:22ZShawn WebbThunderbird doesn't compile because of mismathching compile options*Created by: TommiP*
Thunderbird doesn't compile because of incompatible compile options. Some options force PIE off and others force PIE on.
This seems to be the reason for both 12-Stable and 13-Current compile errors:
http://ci-04.m...*Created by: TommiP*
Thunderbird doesn't compile because of incompatible compile options. Some options force PIE off and others force PIE on.
This seems to be the reason for both 12-Stable and 13-Current compile errors:
http://ci-04.md.hardenedbsd.org/data/hardenedbsd-12_amd64-local/2020-01-22_21h35m41s/logs/errors/thunderbird-68.4.1.log
http://ci-03.md.hardenedbsd.org/data/hardenedbsd-13_amd64-local/2020-01-19_23h52m31s/logs/errors/thunderbird-68.4.1.log
I would suggest that we first turn off PIE support. As it has been configured in the makefile: USE_HARDENING= pie:off
The part that seems to conflict with this is this: MOZ_OPTIONS+=â–¸ --enable-pie
If this is a suitable solution i can create a pull request for this.
Note:
Thunderbird has had PIE always turned on for Linux since end of 2018:
https://bugzilla.mozilla.org/show_bug.cgi?id=1079662
It would be good to investigate if HBSD PIE support would be possible. We'll see if someone has time for this.
https://git.hardenedbsd.org/hardenedbsd/hardenedbsd-ports/-/issues/3lang/gcc9 configure error2020-12-22T23:30:32ZShawn Webblang/gcc9 configure error*Created by: TommiP*
lang/gcc9 configure error:
No proposed fix for this yet.
details of the error below:
checking for exported symbols... objdump: Unknown command line argument '-T'. Try: 'objdump --help'
objdump: Did you me...*Created by: TommiP*
lang/gcc9 configure error:
No proposed fix for this yet.
details of the error below:
checking for exported symbols... objdump: Unknown command line argument '-T'. Try: 'objdump --help'
objdump: Did you mean ' -C'?
yes
checking for -rdynamic... objdump: Unknown command line argument '-T'. Try: 'objdump --help'
objdump: Did you mean ' -C'?
no
checking for library containing dlopen... (cached) none required
checking for -fPIC -shared... yes
configure: error:
Building GCC with plugin support requires a host that supports
-fPIC, -shared, -ldl and -rdynamic.
gmake[3]: *** [Makefile:4362: configure-stage1-gcc] Error 1
gmake[3]: Leaving directory '/wrkdirs/usr/ports/lang/gcc9/work/.build'
gmake[2]: *** [Makefile:22474: stage1-bubble] Error 2
gmake[2]: Leaving directory '/wrkdirs/usr/ports/lang/gcc9/work/.build'
gmake[1]: *** [Makefile:22806: bootstrap-lean] Error 2
gmake[1]: Leaving directory '/wrkdirs/usr/ports/lang/gcc9/work/.build'
*** Error code 1
Stop.
make: stopped in /usr/ports/lang/gcc9
=>> Cleaning up wrkdir
===> Cleaning for gcc9-9.2.0_1
build of lang/gcc9 | gcc9-9.2.0_1 ended at Mon Mar 23 09:02:36 EDT 2020
build time: 00:01:56
!!! build failure encountered !!!
This error is replicated with gcc9 version 9.2.0 and 9.3.0 for both 12-Stable and 13-Current. This happens on the official builders and in a 12-stable local poudriere build.
http://ci-04.md.hardenedbsd.org/data/hardenedbsd-12_amd64-local/2020-03-23_08h14m15s/logs/errors/gcc9-9.2.0_1.log
http://ci-03.md.hardenedbsd.org/data/hardenedbsd-13_amd64-local/2020-03-23_08h51m14s/logs/errors/gcc9-9.2.0_1.log
https://git.hardenedbsd.org/hardenedbsd/hardenedbsd-ports/-/issues/712-STABLE fails to build devel/gobject-introspection2020-12-22T23:30:32ZShawn Webb12-STABLE fails to build devel/gobject-introspection*Created by: TommiP*
Blocks 5696 ports including www/firefox and www/chromium
end of the error log:
ldd: /wrkdirs/usr/ports/devel/gobject-introspection/work/gobject-introspection-1.56.1/tmp-introspectqcb5hf0_/GLib-2.0: Cannot load PIE ...*Created by: TommiP*
Blocks 5696 ports including www/firefox and www/chromium
end of the error log:
ldd: /wrkdirs/usr/ports/devel/gobject-introspection/work/gobject-introspection-1.56.1/tmp-introspectqcb5hf0_/GLib-2.0: Cannot load PIE binary /wrkdirs/usr/ports/devel/gobject-introspection/work/gobject-introspection-1.56.1/tmp-introspectqcb5hf0_/GLib-2.0 as DSO
/wrkdirs/usr/ports/devel/gobject-introspection/work/gobject-introspection-1.56.1/tmp-introspectqcb5hf0_/GLib-2.0: exit status 1
ERROR: can't resolve libraries to shared libraries: glib-2.0, gobject-2.0
gmake[3]: *** [Makefile:3777: GLib-2.0.gir] Error 1
gmake[3]: Leaving directory '/wrkdirs/usr/ports/devel/gobject-introspection/work/gobject-introspection-1.56.1'
gmake[2]: *** [Makefile:3053: all-recursive] Error 1
gmake[2]: Leaving directory '/wrkdirs/usr/ports/devel/gobject-introspection/work/gobject-introspection-1.56.1'
gmake[1]: *** [Makefile:1598: all] Error 2
gmake[1]: Leaving directory '/wrkdirs/usr/ports/devel/gobject-introspection/work/gobject-introspection-1.56.1'
*** Error code 1
full details at: http://ci-04.md.hardenedbsd.org/data/hardenedbsd-12_amd64-local/2020-06-20_11h34m40s/logs/errors/gobject-introspection-1.56.1,1.log
With the lastest 13-CURRENT build it build with the same devel/gobject-introspection version:
http://ci-04.md.hardenedbsd.org/data/hardenedbsd-12_amd64-local/2020-06-20_11h34m40s/logs/errors/gobject-introspection-1.56.1,1.log
Only differences that i see are:
1. HBSD 12 vs 13
2. llvm versions ( llvmorg-10.0.1-rc1-0-gf79cd71e145 in 13 and llvmorg-10.0.0-0-gd32170dbd5b in 12)
https://git.hardenedbsd.org/hardenedbsd/hardenedbsd-ports/-/issues/8Disable PaX NOEXEC for the openjdk ports2020-12-22T23:30:32ZShawn WebbDisable PaX NOEXEC for the openjdk portsIn similar fashion to 0b452d06d96800bf2318af4d696d42d0db20e653 , disable PaX NOEXEC for all the java applications in the openjdk ports.In similar fashion to 0b452d06d96800bf2318af4d696d42d0db20e653 , disable PaX NOEXEC for all the java applications in the openjdk ports.https://git.hardenedbsd.org/hardenedbsd/hardenedbsd-ports/-/issues/13Disable PaX NOEXEC for editors/vscode2020-10-31T14:20:14ZShawn WebbDisable PaX NOEXEC for editors/vscodevscode is an electron app. It needs PaX NOEXEC disabled.vscode is an electron app. It needs PaX NOEXEC disabled.Shawn WebbShawn Webbhttps://git.hardenedbsd.org/hardenedbsd/hardenedbsd-ports/-/issues/16Latest upgrade of archivers/liblz4 breaks with earlier PIE/RELRO patches2020-11-30T13:45:07ZShawn WebbLatest upgrade of archivers/liblz4 breaks with earlier PIE/RELRO patches*Created by: utrenkner*
Poudriere exits the build of archivers/liblz4 when trying to apply HardenedBSD patches to the latest FreeBSD port:
```
=======================<phase: patch >============================
===> Patchi...*Created by: utrenkner*
Poudriere exits the build of archivers/liblz4 when trying to apply HardenedBSD patches to the latest FreeBSD port:
```
=======================<phase: patch >============================
===> Patching for liblz4-1.9.3,1
===> Applying FreeBSD patches for liblz4-1.9.3,1 from /usr/ports/archivers/liblz4/files
No file to patch. Skipping...
1 out of 1 hunks ignored--saving rejects to examples/Makefile.rej
Can't create examples/Makefile.rej, output is in /tmp/patchrmEaWhhKNja: No such file or directory
===> FAILED Applying FreeBSD patch-examples_Makefile
===> FAILED to apply cleanly FreeBSD patch(es) patch-examples_Makefile
```
In my poudriere instance 34 other ports are skipped because of the failure to build liblz4.Shawn WebbShawn Webbhttps://git.hardenedbsd.org/hardenedbsd/hardenedbsd-ports/-/issues/18Bash package upgrade bugs due to Lua scripts2021-02-08T13:25:31ZShawn WebbBash package upgrade bugs due to Lua scripts*Created by: hd_scania*
```
[1/146] Extracting bash-5.1.4: 100%
pkg: Failed to execute lua script: [string "shell_path = pkg.prefixed_path("bin/bash")..."]:7: attempt to index a nil value (global 'shell')
pkg: lua script failed
```*Created by: hd_scania*
```
[1/146] Extracting bash-5.1.4: 100%
pkg: Failed to execute lua script: [string "shell_path = pkg.prefixed_path("bin/bash")..."]:7: attempt to index a nil value (global 'shell')
pkg: lua script failed
```https://git.hardenedbsd.org/hardenedbsd/hardenedbsd-ports/-/issues/19[13-ALPHA3] Library bugs so that X is dead2021-02-15T14:17:04ZShawn Webb[13-ALPHA3] Library bugs so that X is dead*Created by: hd_scania*
The X.org is being crashed by having upgraded the ports, with the `eventfd` library bugs found in my screenshots, so that SDDM and `startx` are neither working by having done that ports upgrade
https://git-01.md....*Created by: hd_scania*
The X.org is being crashed by having upgraded the ports, with the `eventfd` library bugs found in my screenshots, so that SDDM and `startx` are neither working by having done that ports upgrade
https://git-01.md.hardenedbsd.org/HardenedBSD/hardenedbsd-ports/issues/18
```
Sony VPCCB17FG
i7-2620M
7.45GiB RAM’s
32GiB swaps
37.5GiB root
```