Re: git: 14b9955e57cc - main - libcrypto: compile all PIC objects with -DOPENSSL_PIC

In reply to: Jessica Clarke : "Re: git: 14b9955e57cc - main - libcrypto: compile all PIC objects with -DOPENSSL_PIC"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Shawn Webb <shawn.webb_at_hardenedbsd.org>
Date: Fri, 20 Mar 2026 19:22:33 UTC
On Fri, Mar 20, 2026 at 07:21:11PM +0000, Jessica Clarke wrote:
> On 20 Mar 2026, at 19:17, Shawn Webb <shawn.webb@hardenedbsd.org> wrote:
> 
> > On Fri, Mar 20, 2026 at 08:14:14PM +0100, A FreeBSD User wrote:
> >> Am Tage des Herren Fri, 20 Mar 2026 10:27:47 +0800
> >> Philip Paeps <philip@freebsd.org> schrieb:
> >> 
> >>> On 2026-03-20 08:52:03 (+0800), Enji Cooper wrote:
> >>> 
> >>>> The branch main has been updated by ngie:
> >>>> 
> >>>> URL: 
> >>>> https://cgit.FreeBSD.org/src/commit/?id=14b9955e57cc28b61e785165b9effcbe620edb46
> >>>> 
> >>>> commit 14b9955e57cc28b61e785165b9effcbe620edb46
> >>>> Author:     Enji Cooper <ngie@FreeBSD.org>
> >>>> AuthorDate: 2026-03-19 23:56:41 +0000
> >>>> Commit:     Enji Cooper <ngie@FreeBSD.org>
> >>>> CommitDate: 2026-03-20 00:51:51 +0000
> >>>> 
> >>>>    libcrypto: compile all PIC objects with -DOPENSSL_PIC
> >>>> 
> >>>>    This change modifies the libcrypto PIC objects to always compile 
> >>>> with
> >>>>    `-DOPENSSL_PIC` to restore parity with the upstream build process. 
> >>>> This
> >>>>    ensures that `-DOPENSSL_PIC` is used whenever building the 
> >>>> auxiliary
> >>>>    shared objects. In this case, just the legacy provider (we no 
> >>>> longer
> >>>>    distribute the fips provider).
> >>>> 
> >>>>    MFC after:              2 weeks
> >>>>    Differential Revision:  https://reviews.freebsd.org/D44896  
> >>> 
> >>> This one seems to break the build for me:
> >>> 
> >>> main philip@flatulus:~/freebsd/src % time make -j 16 buildworld |grep 
> >>> error:
> >>> ld: error: relocation R_X86_64_PC32 cannot be used against symbol 
> >>> '__stack_chk_guard'; recompile with -fPIC
> >>> ld: error: relocation R_X86_64_32 cannot be used against local symbol; 
> >>> recompile with -fPIC
> >>> ld: error: relocation R_X86_64_32 cannot be used against local symbol; 
> >>> recompile with -fPIC
> >>> ld: error: relocation R_X86_64_32 cannot be used against local symbol; 
> >>> recompile with -fPIC
> >>> ld: error: relocation R_X86_64_PC32 cannot be used against symbol 
> >>> '__stack_chk_guard'; recompile with -fPIC
> >>> ld: error: relocation R_X86_64_32 cannot be used against local symbol; 
> >>> recompile with -fPIC
> >>> ld: error: relocation R_X86_64_32 cannot be used against local symbol; 
> >>> recompile with -fPIC
> >>> ld: error: relocation R_X86_64_PC32 cannot be used against symbol 
> >>> '__stack_chk_guard'; recompile with -fPIC
> >>> ld: error: relocation R_X86_64_32 cannot be used against local symbol; 
> >>> recompile with -fPIC
> >>> ld: error: relocation R_X86_64_32 cannot be used against local symbol; 
> >>> recompile with -fPIC
> >>> ld: error: relocation R_X86_64_PC32 cannot be used against symbol 
> >>> '__stack_chk_guard'; recompile with -fPIC
> >>> ld: error: relocation R_X86_64_PC32 cannot be used against symbol 
> >>> '__stack_chk_guard'; recompile with -fPIC
> >>> ld: error: relocation R_X86_64_32 cannot be used against local symbol; 
> >>> recompile with -fPIC
> >>> ld: error: relocation R_X86_64_32 cannot be used against local symbol; 
> >>> recompile with -fPIC
> >>> ld: error: relocation R_X86_64_32 cannot be used against local symbol; 
> >>> recompile with -fPIC
> >>> ld: error: relocation R_X86_64_32S cannot be used against local symbol; 
> >>> recompile with -fPIC
> >>> ld: error: relocation R_X86_64_32 cannot be used against local symbol; 
> >>> recompile with -fPIC
> >>> ld: error: relocation R_X86_64_32 cannot be used against local symbol; 
> >>> recompile with -fPIC
> >>> ld: error: relocation R_X86_64_32S cannot be used against local symbol; 
> >>> recompile with -fPIC
> >>> ld: error: relocation R_X86_64_32 cannot be used against local symbol; 
> >>> recompile with -fPIC
> >>> ld: error: too many errors emitted, stopping now (use --error-limit=0 to 
> >>> see all errors)
> >>> cc: error: linker command failed with exit code 1 (use -v to see 
> >>> invocation)
> >>> make -j 16 buildworld  63.51s user 16.69s system 593% cpu 13.524 total
> >>> grep error:  0.01s user 0.01s system 0% cpu 13.524 total
> >>> 
> >>> Hm... as I type this I wonder if it's just META_MODE weirdness...
> >>> 
> >>> Philip
> >>> 
> >> 
> >> Same here
> > 
> > Appending to CFLAGS rather than PICFLAG resolves the issue. Commit in
> > HardenedBSD coming soon.
> 
> Yeah that’ll stop the PICFLAG?=-fpic from doing anything.
> 
> CFLAGS is wrong though, you want SHARED_CFLAGS, I imagine.

Good catch on the SHARED_CFLAGS. I'll give that a try.

-- 
Shawn Webb
Cofounder / Security Engineer
HardenedBSD

Signal Username:  shawn_webb.74
Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc