Re: (ITS#8959) duplicate symbols - openldap-bugs

28 Jan 2019


      --On Monday, January 28, 2019 12:10 PM +0000 Rupert Gallagher 
ruga@protonmail.com wrote:
...
I can replicate your log when using the default tool-chain by Apple.
The following causes my system to fail *with openldap*, replicating my
original bug. The same settings succeed with *many* other open source
projects: openldap is the only one that fails.
Then it sounds like OpenLDAP is tripping a bug in LLVM or related tools. 
Again, there are no duplicate symbols in the liblber library.
--Quanah
...

install the official clang/llvm tool-chain from llvm.org;
set up the shell as follows:

export                 CC="/opt/llvm/bin/clang";   # gcc
export   CMAKE_C_COMPILER="/opt/llvm/bin/clang";
export                CPP="/opt/llvm/bin/clang -E"; # cpp
export                CXX="/opt/llvm/bin/clang++"; # g++
export CMAKE_CXX_COMPILER="/opt/llvm/bin/clang++"; # g++
export                 AR="/opt/llvm/bin/llvm-ar"; # ar
export           CMAKE_AR="/opt/llvm/bin/llvm-ar"; # ar
export       CMAKE_LINKER="/usr/bin/ld"; # Apple's own
export                 NM="/opt/llvm/bin/llvm-nm"; # nm
export           CMAKE_NM="/opt/llvm/bin/llvm-nm"; # nm
export      CMAKE_OBJDUMP="/opt/llvm/bin/llvm-objdump";
export             RANLIB="/opt/llvm/bin/llvm-ranlib";
export       CMAKE_RANLIB="/opt/llvm/bin/llvm-ranlib";
sdk_p="$( /usr/bin/xcode-select -print-path )";
sdk_v="$( /usr/bin/xcrun --show-sdk-version )";
# runtime compatibility with former versions:
sdk_c="${sdk_v}";
case $sdk_v in
     10.14) sdk_c="10.13";;
     10.13) sdk_c="10.13";;
esac
CFLAGS="";
CCFLAGS="";
CPPFLAGS="";
LDFLAGS="";
export MACOSX_DEPLOYMENT_TARGET="${sdk_c}";
CFLAGS="$CFLAGS -g -mmacosx-version-min=${sdk_c} -isysroot
${sdk_p}/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk";
CFLAGS="$CFLAGS -arch x86_64";
# exploit mitigation: RELRO + BIND_NOW
LDFLAGS="$LDFLAGS -Wl,-z,relro,-z,now";
# exploit mitigation: stack canary
CFLAGS="$CFLAGS  -fstack-protector-all";
# nicer stack traces in error messages
CFLAGS="$CFLAGS -fno-omit-frame-pointer";
# exploit mitigations:
CFLAGS="$CFLAGS -fPIC -fPIE";
LDFLAGS="$LDFLAGS -pie";
# exploit mitigation: protect memory and string functions
CFLAGS="$CFLAGS -O2";
CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCE=2";
# exploit mitigation: format string warnings as errors
CFLAGS="$CFLAGS -Wformat -Wformat-security -Werror=format-security";
export CFLAGS;
export CCFLAGS="$CFLAGS";
export CPPFLAGS;
export CXXFLAGS="$CPPFLAGS";
export LDFLAGS;
export DSOFLAGS="$LDFLAGS";
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
http://www.symas.com