Bug#934193: gnutls28: wrong text relocations on i386 due to non-PIC assembly
Steve Langasek
steve.langasek at canonical.com
Thu Aug 8 02:23:07 BST 2019
Package: gnutls28
Version: 3.6.9-3
Severity: important
Tags: patch
User: ubuntu-devel at lists.ubuntu.com
Usertags: origin-ubuntu eoan ubuntu-patch
Dear maintainers,
In Ubuntu we discovered that the new version of libgnutls was causing
systemd-resolved to fail to start on i386, due to forbidden text relocations:
Aug 07 23:21:43 vorlon-i386-test systemd-resolved[8810]: /lib/systemd/systemd-resolved: error while loading shared libraries: /lib/i386-linux-gnu/libgnutls.so.30: cannot make segment writable for relocation: Operation not permitted
This is a fatal error for systemd-resolved because the systemd unit sets
MemoryDenyWriteExecute=yes, but the problem can be more generally seen by
examining the library with readelf:
$ readelf -d ./debian/tmp/usr/lib/i386-linux-gnu/libgnutls.so.30.25.0 |grep TEXTREL
0x00000016 (TEXTREL) 0x0
0x0000001e (FLAGS) TEXTREL BIND_NOW
$
These text relocations should not be there.
This is a one-line fix (see attached), but I don't understand how the bug
occurred in the first place, as this looks like a case of a version of an
"automatically generated" file being checked into upstream git that was in
fact hand-edited (wrongly) since it does not match what is generated by the
upstream openssl assembly-generating perl scripts.
Please consider applying the attached patch in Debian and forwarding it
upstream.
Thanks,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer https://www.debian.org/
slangasek at ubuntu.com vorlon at debian.org
-------------- next part --------------
diff -Nru gnutls28-3.6.9/debian/patches/i386-fix-wrong-reloc.patch gnutls28-3.6.9/debian/patches/i386-fix-wrong-reloc.patch
--- gnutls28-3.6.9/debian/patches/i386-fix-wrong-reloc.patch 1969-12-31 16:00:00.000000000 -0800
+++ gnutls28-3.6.9/debian/patches/i386-fix-wrong-reloc.patch 2019-08-07 18:04:43.000000000 -0700
@@ -0,0 +1,32 @@
+Description: fix relocation problem on i386
+ On i386, the assembly generates a text relocation that it should not:
+ $ readelf -d ./debian/tmp/usr/lib/i386-linux-gnu/libgnutls.so.30.25.0 |grep TEXTREL
+ 0x00000016 (TEXTREL) 0x0
+ 0x0000001e (FLAGS) TEXTREL BIND_NOW
+ $
+ This becomes a problem in practice when trying to run systemd-resolved
+ linked against this version of libgnutls on i386:
+ .
+ Aug 07 23:21:43 vorlon-i386-test systemd-resolved[8810]: /lib/systemd/systemd-resolved: error while loading shared libraries: /lib/i386-linux-gnu/libgnutls.so.30: cannot make segment writable for relocation: Operation not permitted
+ .
+ It is unclear how this bug came to exist, given that this is code generated
+ via a script from openssl upstream, and this single line is the only
+ significant difference from the version of this file shipped in
+ openssl 1.1.1c.
+Author: Steve Langasek <steve.langasek at ubuntu.com>
+Last-Modified: 2019-08-07
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1839354
+
+Index: gnutls28-3.6.9/lib/accelerated/x86/elf/aesni-x86.s
+===================================================================
+--- gnutls28-3.6.9.orig/lib/accelerated/x86/elf/aesni-x86.s
++++ gnutls28-3.6.9/lib/accelerated/x86/elf/aesni-x86.s
+@@ -2892,7 +2892,7 @@
+ .L112pic:
+ popl %ebx
+ leal .Lkey_const-.L112pic(%ebx),%ebx
+- leal _gnutls_x86_cpuid_s,%ebp
++ leal _gnutls_x86_cpuid_s-.Lkey_const(%ebx),%ebp
+ movups (%eax),%xmm0
+ xorps %xmm4,%xmm4
+ movl 4(%ebp),%ebp
diff -Nru gnutls28-3.6.9/debian/patches/series gnutls28-3.6.9/debian/patches/series
--- gnutls28-3.6.9/debian/patches/series 2019-07-06 05:35:19.000000000 -0700
+++ gnutls28-3.6.9/debian/patches/series 2019-08-07 18:04:04.000000000 -0700
@@ -1,2 +1,3 @@
14_version_gettextcat.diff
30_guile-snarf.diff
+i386-fix-wrong-reloc.patch
More information about the Pkg-gnutls-maint
mailing list