Package: gnutls28 Version: 3.6.9-3 Severity: important Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu eoan ubuntu-patch
Dear maintainers, In Ubuntu we discovered that the new version of libgnutls was causing systemd-resolved to fail to start on i386, due to forbidden text relocations: Aug 07 23:21:43 vorlon-i386-test systemd-resolved[8810]: /lib/systemd/systemd-resolved: error while loading shared libraries: /lib/i386-linux-gnu/libgnutls.so.30: cannot make segment writable for relocation: Operation not permitted This is a fatal error for systemd-resolved because the systemd unit sets MemoryDenyWriteExecute=yes, but the problem can be more generally seen by examining the library with readelf: $ readelf -d ./debian/tmp/usr/lib/i386-linux-gnu/libgnutls.so.30.25.0 |grep TEXTREL 0x00000016 (TEXTREL) 0x0 0x0000001e (FLAGS) TEXTREL BIND_NOW $ These text relocations should not be there. This is a one-line fix (see attached), but I don't understand how the bug occurred in the first place, as this looks like a case of a version of an "automatically generated" file being checked into upstream git that was in fact hand-edited (wrongly) since it does not match what is generated by the upstream openssl assembly-generating perl scripts. Please consider applying the attached patch in Debian and forwarding it upstream. Thanks, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slanga...@ubuntu.com vor...@debian.org
diff -Nru gnutls28-3.6.9/debian/patches/i386-fix-wrong-reloc.patch gnutls28-3.6.9/debian/patches/i386-fix-wrong-reloc.patch --- gnutls28-3.6.9/debian/patches/i386-fix-wrong-reloc.patch 1969-12-31 16:00:00.000000000 -0800 +++ gnutls28-3.6.9/debian/patches/i386-fix-wrong-reloc.patch 2019-08-07 18:04:43.000000000 -0700 @@ -0,0 +1,32 @@ +Description: fix relocation problem on i386 + On i386, the assembly generates a text relocation that it should not: + $ readelf -d ./debian/tmp/usr/lib/i386-linux-gnu/libgnutls.so.30.25.0 |grep TEXTREL + 0x00000016 (TEXTREL) 0x0 + 0x0000001e (FLAGS) TEXTREL BIND_NOW + $ + This becomes a problem in practice when trying to run systemd-resolved + linked against this version of libgnutls on i386: + . + Aug 07 23:21:43 vorlon-i386-test systemd-resolved[8810]: /lib/systemd/systemd-resolved: error while loading shared libraries: /lib/i386-linux-gnu/libgnutls.so.30: cannot make segment writable for relocation: Operation not permitted + . + It is unclear how this bug came to exist, given that this is code generated + via a script from openssl upstream, and this single line is the only + significant difference from the version of this file shipped in + openssl 1.1.1c. +Author: Steve Langasek <steve.langa...@ubuntu.com> +Last-Modified: 2019-08-07 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1839354 + +Index: gnutls28-3.6.9/lib/accelerated/x86/elf/aesni-x86.s +=================================================================== +--- gnutls28-3.6.9.orig/lib/accelerated/x86/elf/aesni-x86.s ++++ gnutls28-3.6.9/lib/accelerated/x86/elf/aesni-x86.s +@@ -2892,7 +2892,7 @@ + .L112pic: + popl %ebx + leal .Lkey_const-.L112pic(%ebx),%ebx +- leal _gnutls_x86_cpuid_s,%ebp ++ leal _gnutls_x86_cpuid_s-.Lkey_const(%ebx),%ebp + movups (%eax),%xmm0 + xorps %xmm4,%xmm4 + movl 4(%ebp),%ebp diff -Nru gnutls28-3.6.9/debian/patches/series gnutls28-3.6.9/debian/patches/series --- gnutls28-3.6.9/debian/patches/series 2019-07-06 05:35:19.000000000 -0700 +++ gnutls28-3.6.9/debian/patches/series 2019-08-07 18:04:04.000000000 -0700 @@ -1,2 +1,3 @@ 14_version_gettextcat.diff 30_guile-snarf.diff +i386-fix-wrong-reloc.patch
