Bug#934193: marked as done (gnutls28: wrong text relocations on i386 due to non-PIC assembly)

Thu, 08 Aug 2019 11:24:20 -0700 

Your message dated Thu, 08 Aug 2019 18:20:24 +0000
with message-id <e1hvn1u-000huj...@fasolo.debian.org>
and subject line Bug#934193: fixed in gnutls28 3.6.9-4
has caused the Debian Bug report #934193,
regarding gnutls28: wrong text relocations on i386 due to non-PIC assembly
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
934193: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934193
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: gnutls28
Version: 3.6.9-3
Severity: important
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu eoan ubuntu-patch

Dear maintainers,

In Ubuntu we discovered that the new version of libgnutls was causing
systemd-resolved to fail to start on i386, due to forbidden text relocations:

  Aug 07 23:21:43 vorlon-i386-test systemd-resolved[8810]: 
/lib/systemd/systemd-resolved: error while loading shared libraries: 
/lib/i386-linux-gnu/libgnutls.so.30: cannot make segment writable for 
relocation: Operation not permitted

This is a fatal error for systemd-resolved because the systemd unit sets
MemoryDenyWriteExecute=yes, but the problem can be more generally seen by
examining the library with readelf:

  $ readelf -d ./debian/tmp/usr/lib/i386-linux-gnu/libgnutls.so.30.25.0 |grep 
TEXTREL
   0x00000016 (TEXTREL)                    0x0
   0x0000001e (FLAGS)                      TEXTREL BIND_NOW
  $

These text relocations should not be there.

This is a one-line fix (see attached), but I don't understand how the bug
occurred in the first place, as this looks like a case of a version of an
"automatically generated" file being checked into upstream git that was in
fact hand-edited (wrongly) since it does not match what is generated by the
upstream openssl assembly-generating perl scripts.

Please consider applying the attached patch in Debian and forwarding it
upstream.

Thanks,
-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                   https://www.debian.org/
slanga...@ubuntu.com                                     vor...@debian.org

diff -Nru gnutls28-3.6.9/debian/patches/i386-fix-wrong-reloc.patch 
gnutls28-3.6.9/debian/patches/i386-fix-wrong-reloc.patch
--- gnutls28-3.6.9/debian/patches/i386-fix-wrong-reloc.patch    1969-12-31 
16:00:00.000000000 -0800
+++ gnutls28-3.6.9/debian/patches/i386-fix-wrong-reloc.patch    2019-08-07 
18:04:43.000000000 -0700
@@ -0,0 +1,32 @@
+Description: fix relocation problem on i386
+ On i386, the assembly generates a text relocation that it should not:
+  $ readelf -d ./debian/tmp/usr/lib/i386-linux-gnu/libgnutls.so.30.25.0 |grep 
TEXTREL
+   0x00000016 (TEXTREL)                    0x0
+   0x0000001e (FLAGS)                      TEXTREL BIND_NOW
+  $
+ This becomes a problem in practice when trying to run systemd-resolved
+ linked against this version of libgnutls on i386:
+ .
+  Aug 07 23:21:43 vorlon-i386-test systemd-resolved[8810]: 
/lib/systemd/systemd-resolved: error while loading shared libraries: 
/lib/i386-linux-gnu/libgnutls.so.30: cannot make segment writable for 
relocation: Operation not permitted
+ .
+ It is unclear how this bug came to exist, given that this is code generated
+ via a script from openssl upstream, and this single line is the only
+ significant difference from the version of this file shipped in
+ openssl 1.1.1c.
+Author: Steve Langasek <steve.langa...@ubuntu.com>
+Last-Modified: 2019-08-07
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1839354
+
+Index: gnutls28-3.6.9/lib/accelerated/x86/elf/aesni-x86.s
+===================================================================
+--- gnutls28-3.6.9.orig/lib/accelerated/x86/elf/aesni-x86.s
++++ gnutls28-3.6.9/lib/accelerated/x86/elf/aesni-x86.s
+@@ -2892,7 +2892,7 @@
+ .L112pic:
+       popl    %ebx
+       leal    .Lkey_const-.L112pic(%ebx),%ebx
+-      leal    _gnutls_x86_cpuid_s,%ebp
++      leal    _gnutls_x86_cpuid_s-.Lkey_const(%ebx),%ebp
+       movups  (%eax),%xmm0
+       xorps   %xmm4,%xmm4
+       movl    4(%ebp),%ebp
diff -Nru gnutls28-3.6.9/debian/patches/series 
gnutls28-3.6.9/debian/patches/series
--- gnutls28-3.6.9/debian/patches/series        2019-07-06 05:35:19.000000000 
-0700
+++ gnutls28-3.6.9/debian/patches/series        2019-08-07 18:04:04.000000000 
-0700
@@ -1,2 +1,3 @@
 14_version_gettextcat.diff
 30_guile-snarf.diff
+i386-fix-wrong-reloc.patch

--- End Message ---
--- Begin Message --- 
Source: gnutls28
Source-Version: 3.6.9-4

We believe that the bug you reported is fixed in the latest version of
gnutls28, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 934...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Metzler <ametz...@debian.org> (supplier of updated gnutls28 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 08 Aug 2019 19:40:21 +0200
Source: gnutls28
Architecture: source
Version: 3.6.9-4
Distribution: unstable
Urgency: medium
Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-ma...@lists.alioth.debian.org>
Changed-By: Andreas Metzler <ametz...@debian.org>
Closes: 934193
Changes:
 gnutls28 (3.6.9-4) unstable; urgency=medium
 .
   * i386-fix-wrong-reloc.patch: Fix bad relocations on i386 due to broken
     assembly code. (Thanks, Steve Langasek for report and patch!)
     Closes: #934193
Checksums-Sha1: 
 7d7b4617a86ce2caffcd4dc60ad387bfaef4b0b8 3377 gnutls28_3.6.9-4.dsc
 74f45fa21b565f56e43f628b3905c01ba48edc5f 68988 gnutls28_3.6.9-4.debian.tar.xz
Checksums-Sha256: 
 376e2f4ec363ee7cee2c8f22d7f286e7a3c63db7f3645f7e0108e3c8443335b9 3377 
gnutls28_3.6.9-4.dsc
 5956ef42814a6f56b63b2ff6a5dff6a45e2e0da29e4c4fb7a6d287b0ee618cb1 68988 
gnutls28_3.6.9-4.debian.tar.xz
Files: 
 9712ecb27dd8241e3721f6ef9f75657e 3377 libs optional gnutls28_3.6.9-4.dsc
 7ade2e89fbba33300d33cfd8784a4f91 68988 libs optional 
gnutls28_3.6.9-4.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAl1MY+4ACgkQpU8BhUOC
FIQOTg/9G2rAJKNeAZPJdVmJQA4cKYzWqzmxK7dCtapCfMy+pY0i1Cikvawv9aeC
nXk193TL6FxDbdjykeMjoS1Sv8fjq+Ym4PReCfBbBMK3f53KYGccd8TCG+cjVfmI
Z5nK9AT3iwQ2srzQEL9QlQU8+ZaGX6nMY86suhk8kZiqSyUENGVj4CxdnyHDWGtf
kW9oOkyiEzCNoPTgLgPEI5cELqoZ+GEVCLiPdaaHDBGnkRHreRUfkFo023RGM+P5
t7Lypp6UWTH/gLiT8z17nS43R5FyaMcc0c8VgldRsNJhVHJHgTU+fBWE5mWULg58
/lIU2w/XDSmUqz9/n7TJkelU/fkIkFDgXDYRFejO/8lAx8h6X+86/wGMGW11rDh5
7hVF6jA3MUNLJDRX9WHll84rNVlpwwxqYfgqa2GDH/igDqXXEs5uKISoZ6mmhA8m
nYkj8B67RBG4QkSnK1HoVERaT5cecTbSKHIvtQ8mfMhuERvRfwKzNYNwV+6RroRK
heGSTm/G6mKpz1bVWphyIJx/1ZmqckNrvLPC1e2ru8Fee+B7fwkKErhNt3ArdcCQ
3qUX0NtQ00jt+VtdWZpbfo624J0M01GVAJcDGgTf1O//PQSOQX6cIOPgi9xEXYNE
a3txIaZassiR1Z8uUvl8tNwkpKzc9Fz6ubdUtcaHaGfALGL+Pmc=
=VNvD
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to