Re: git: 14b9955e57cc - main - libcrypto: compile all PIC objects with -DOPENSSL_PIC

Reply: Shawn Webb : "Re: git: 14b9955e57cc - main - libcrypto: compile all PIC objects with -DOPENSSL_PIC"
In reply to: Shawn Webb : "Re: git: 14b9955e57cc - main - libcrypto: compile all PIC objects with -DOPENSSL_PIC"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Jessica Clarke <jrtc27_at_freebsd.org>
Date: Fri, 20 Mar 2026 19:21:11 UTC

On 20 Mar 2026, at 19:17, Shawn Webb <shawn.webb@hardenedbsd.org> wrote:

> On Fri, Mar 20, 2026 at 08:14:14PM +0100, A FreeBSD User wrote:
>> Am Tage des Herren Fri, 20 Mar 2026 10:27:47 +0800
>> Philip Paeps <philip@freebsd.org> schrieb:
>> 
>>> On 2026-03-20 08:52:03 (+0800), Enji Cooper wrote:
>>> 
>>>> The branch main has been updated by ngie:
>>>> 
>>>> URL: 
>>>> https://cgit.FreeBSD.org/src/commit/?id=14b9955e57cc28b61e785165b9effcbe620edb46
>>>> 
>>>> commit 14b9955e57cc28b61e785165b9effcbe620edb46
>>>> Author:     Enji Cooper <ngie@FreeBSD.org>
>>>> AuthorDate: 2026-03-19 23:56:41 +0000
>>>> Commit:     Enji Cooper <ngie@FreeBSD.org>
>>>> CommitDate: 2026-03-20 00:51:51 +0000
>>>> 
>>>>    libcrypto: compile all PIC objects with -DOPENSSL_PIC
>>>> 
>>>>    This change modifies the libcrypto PIC objects to always compile 
>>>> with
>>>>    `-DOPENSSL_PIC` to restore parity with the upstream build process. 
>>>> This
>>>>    ensures that `-DOPENSSL_PIC` is used whenever building the 
>>>> auxiliary
>>>>    shared objects. In this case, just the legacy provider (we no 
>>>> longer
>>>>    distribute the fips provider).
>>>> 
>>>>    MFC after:              2 weeks
>>>>    Differential Revision:  https://reviews.freebsd.org/D44896  
>>> 
>>> This one seems to break the build for me:
>>> 
>>> main philip@flatulus:~/freebsd/src % time make -j 16 buildworld |grep 
>>> error:
>>> ld: error: relocation R_X86_64_PC32 cannot be used against symbol 
>>> '__stack_chk_guard'; recompile with -fPIC
>>> ld: error: relocation R_X86_64_32 cannot be used against local symbol; 
>>> recompile with -fPIC
>>> ld: error: relocation R_X86_64_32 cannot be used against local symbol; 
>>> recompile with -fPIC
>>> ld: error: relocation R_X86_64_32 cannot be used against local symbol; 
>>> recompile with -fPIC
>>> ld: error: relocation R_X86_64_PC32 cannot be used against symbol 
>>> '__stack_chk_guard'; recompile with -fPIC
>>> ld: error: relocation R_X86_64_32 cannot be used against local symbol; 
>>> recompile with -fPIC
>>> ld: error: relocation R_X86_64_32 cannot be used against local symbol; 
>>> recompile with -fPIC
>>> ld: error: relocation R_X86_64_PC32 cannot be used against symbol 
>>> '__stack_chk_guard'; recompile with -fPIC
>>> ld: error: relocation R_X86_64_32 cannot be used against local symbol; 
>>> recompile with -fPIC
>>> ld: error: relocation R_X86_64_32 cannot be used against local symbol; 
>>> recompile with -fPIC
>>> ld: error: relocation R_X86_64_PC32 cannot be used against symbol 
>>> '__stack_chk_guard'; recompile with -fPIC
>>> ld: error: relocation R_X86_64_PC32 cannot be used against symbol 
>>> '__stack_chk_guard'; recompile with -fPIC
>>> ld: error: relocation R_X86_64_32 cannot be used against local symbol; 
>>> recompile with -fPIC
>>> ld: error: relocation R_X86_64_32 cannot be used against local symbol; 
>>> recompile with -fPIC
>>> ld: error: relocation R_X86_64_32 cannot be used against local symbol; 
>>> recompile with -fPIC
>>> ld: error: relocation R_X86_64_32S cannot be used against local symbol; 
>>> recompile with -fPIC
>>> ld: error: relocation R_X86_64_32 cannot be used against local symbol; 
>>> recompile with -fPIC
>>> ld: error: relocation R_X86_64_32 cannot be used against local symbol; 
>>> recompile with -fPIC
>>> ld: error: relocation R_X86_64_32S cannot be used against local symbol; 
>>> recompile with -fPIC
>>> ld: error: relocation R_X86_64_32 cannot be used against local symbol; 
>>> recompile with -fPIC
>>> ld: error: too many errors emitted, stopping now (use --error-limit=0 to 
>>> see all errors)
>>> cc: error: linker command failed with exit code 1 (use -v to see 
>>> invocation)
>>> make -j 16 buildworld  63.51s user 16.69s system 593% cpu 13.524 total
>>> grep error:  0.01s user 0.01s system 0% cpu 13.524 total
>>> 
>>> Hm... as I type this I wonder if it's just META_MODE weirdness...
>>> 
>>> Philip
>>> 
>> 
>> Same here
> 
> Appending to CFLAGS rather than PICFLAG resolves the issue. Commit in
> HardenedBSD coming soon.

Yeah that’ll stop the PICFLAG?=-fpic from doing anything.

CFLAGS is wrong though, you want SHARED_CFLAGS, I imagine.

Jessica