[Reproducible-commits] [dpkg] 10/74: man: Document interaction between PIE and libraries
Mattia Rizzolo
mattia at debian.org
Sun Jul 3 22:22:52 UTC 2016
This is an automated email from the git hooks/post-receive script.
mattia pushed a commit to annotated tag 1.18.8
in repository dpkg.
commit d1735cc1a0a87d4abeb91733f3f8a2957a4c1163
Author: Guillem Jover <guillem at debian.org>
Date: Sun May 22 19:20:04 2016 +0200
man: Document interaction between PIE and libraries
Based-on-text-by: Christian Seiler <christian at iwakd.de> on debian-devel
---
debian/changelog | 2 ++
man/dpkg-buildflags.1 | 28 ++++++++++++++++++++++++++++
2 files changed, 30 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 5ff6a53..61108cb 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -6,6 +6,8 @@ dpkg (1.18.8) UNRELEASED; urgency=medium
- Clarify the format of the db:Status-Abbrev virtual field in
dpkg-query(1). Closes: #824515
- Document the tar entry size limitation for deb(5) format.
+ - Document interaction between PIE and libraries in dpkg-buildflags(1).
+ Based on text by Christian Seiler <christian at iwakd.de>.
[ Updated programs translations ]
* German (Sven Joachim).
diff --git a/man/dpkg-buildflags.1 b/man/dpkg-buildflags.1
index ac2489e..f490a48 100644
--- a/man/dpkg-buildflags.1
+++ b/man/dpkg-buildflags.1
@@ -362,6 +362,34 @@ locations to bounce off of during a memory corruption attack.
This is not compatible with \fB\-fPIC\fP so care must be taken when
building shared objects.
+Static libraries can be used by programs or other shared libraries.
+Depending on the flags used to compile all the objects within a static
+library, these libraries will be usable by different sets of objects:
+
+.RS
+.TP
+none
+Cannot be linked into a PIE program, nor a shared library.
+.TP
+.B \-fPIE
+Can be linked into any program, but not a shared library.
+.TP
+.B \-fPIC
+Can be linked into any program and shared library.
+.RE
+
+.IP
+Unconditionally passing \fB\-fPIE\fP, \fB\-fpie\fP or \fB\-pie\fP to a
+build-system using libtool is safe as these flags will get stripped when
+building shared libraries.
+Otherwise on projects that build both programs and shared libraries you
+might need to make sure that when building the shared libraries \fB\-fPIC\fP
+is always passed last (so that it overrides any previous \fB\-PIE\fP) to
+compilation flags such as \fBCFLAGS\fP, and \fB\-shared\fP is passed last
+(so that it overrides any previous \fB\-pie\fP) to linking flags such as
+\fBLDFLAGS\fP.
+
+.IP
Additionally, since PIE is implemented via a general register, some
register starved architectures (but not including i386 anymore since
optimizations implemented in gcc >= 5) can see performance losses of up to
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/dpkg.git
More information about the Reproducible-commits
mailing list