Re: git: 14b9955e57cc - main - libcrypto: compile all PIC objects with -DOPENSSL_PIC

Reply: Jessica Clarke : "Re: git: 14b9955e57cc - main - libcrypto: compile all PIC objects with -DOPENSSL_PIC"
In reply to: A FreeBSD User : "Re: git: 14b9955e57cc - main - libcrypto: compile all PIC objects with -DOPENSSL_PIC"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Shawn Webb <shawn.webb_at_hardenedbsd.org>
Date: Fri, 20 Mar 2026 19:17:54 UTC

On Fri, Mar 20, 2026 at 08:14:14PM +0100, A FreeBSD User wrote:
> Am Tage des Herren Fri, 20 Mar 2026 10:27:47 +0800
> Philip Paeps <philip@freebsd.org> schrieb:
> 
> > On 2026-03-20 08:52:03 (+0800), Enji Cooper wrote:
> > 
> > > The branch main has been updated by ngie:
> > >
> > > URL: 
> > > https://cgit.FreeBSD.org/src/commit/?id=14b9955e57cc28b61e785165b9effcbe620edb46
> > >
> > > commit 14b9955e57cc28b61e785165b9effcbe620edb46
> > > Author:     Enji Cooper <ngie@FreeBSD.org>
> > > AuthorDate: 2026-03-19 23:56:41 +0000
> > > Commit:     Enji Cooper <ngie@FreeBSD.org>
> > > CommitDate: 2026-03-20 00:51:51 +0000
> > >
> > >     libcrypto: compile all PIC objects with -DOPENSSL_PIC
> > >
> > >     This change modifies the libcrypto PIC objects to always compile 
> > > with
> > >     `-DOPENSSL_PIC` to restore parity with the upstream build process. 
> > > This
> > >     ensures that `-DOPENSSL_PIC` is used whenever building the 
> > > auxiliary
> > >     shared objects. In this case, just the legacy provider (we no 
> > > longer
> > >     distribute the fips provider).
> > >
> > >     MFC after:              2 weeks
> > >     Differential Revision:  https://reviews.freebsd.org/D44896  
> > 
> > This one seems to break the build for me:
> > 
> > main philip@flatulus:~/freebsd/src % time make -j 16 buildworld |grep 
> > error:
> > ld: error: relocation R_X86_64_PC32 cannot be used against symbol 
> > '__stack_chk_guard'; recompile with -fPIC
> > ld: error: relocation R_X86_64_32 cannot be used against local symbol; 
> > recompile with -fPIC
> > ld: error: relocation R_X86_64_32 cannot be used against local symbol; 
> > recompile with -fPIC
> > ld: error: relocation R_X86_64_32 cannot be used against local symbol; 
> > recompile with -fPIC
> > ld: error: relocation R_X86_64_PC32 cannot be used against symbol 
> > '__stack_chk_guard'; recompile with -fPIC
> > ld: error: relocation R_X86_64_32 cannot be used against local symbol; 
> > recompile with -fPIC
> > ld: error: relocation R_X86_64_32 cannot be used against local symbol; 
> > recompile with -fPIC
> > ld: error: relocation R_X86_64_PC32 cannot be used against symbol 
> > '__stack_chk_guard'; recompile with -fPIC
> > ld: error: relocation R_X86_64_32 cannot be used against local symbol; 
> > recompile with -fPIC
> > ld: error: relocation R_X86_64_32 cannot be used against local symbol; 
> > recompile with -fPIC
> > ld: error: relocation R_X86_64_PC32 cannot be used against symbol 
> > '__stack_chk_guard'; recompile with -fPIC
> > ld: error: relocation R_X86_64_PC32 cannot be used against symbol 
> > '__stack_chk_guard'; recompile with -fPIC
> > ld: error: relocation R_X86_64_32 cannot be used against local symbol; 
> > recompile with -fPIC
> > ld: error: relocation R_X86_64_32 cannot be used against local symbol; 
> > recompile with -fPIC
> > ld: error: relocation R_X86_64_32 cannot be used against local symbol; 
> > recompile with -fPIC
> > ld: error: relocation R_X86_64_32S cannot be used against local symbol; 
> > recompile with -fPIC
> > ld: error: relocation R_X86_64_32 cannot be used against local symbol; 
> > recompile with -fPIC
> > ld: error: relocation R_X86_64_32 cannot be used against local symbol; 
> > recompile with -fPIC
> > ld: error: relocation R_X86_64_32S cannot be used against local symbol; 
> > recompile with -fPIC
> > ld: error: relocation R_X86_64_32 cannot be used against local symbol; 
> > recompile with -fPIC
> > ld: error: too many errors emitted, stopping now (use --error-limit=0 to 
> > see all errors)
> > cc: error: linker command failed with exit code 1 (use -v to see 
> > invocation)
> > make -j 16 buildworld  63.51s user 16.69s system 593% cpu 13.524 total
> > grep error:  0.01s user 0.01s system 0% cpu 13.524 total
> > 
> > Hm... as I type this I wonder if it's just META_MODE weirdness...
> > 
> > Philip
> > 
> 
> Same here

Appending to CFLAGS rather than PICFLAG resolves the issue. Commit in
HardenedBSD coming soon.

-- 
Shawn Webb
Cofounder / Security Engineer
HardenedBSD

Signal Username:  shawn_webb.74
Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc