Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 588016 - dev-libs/libgcrypt-1.7.1 installs with TEXTREL on arm
Summary: dev-libs/libgcrypt-1.7.1 installs with TEXTREL on arm
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: ARM Linux
: Normal normal (vote)
Assignee: Crypto team [DISABLED]
URL:
Whiteboard:
Keywords:
Depends on: CVE-2016-6313
Blocks:
  Show dependency tree
 
Reported: 2016-07-04 19:17 UTC by Jaak Ristioja
Modified: 2016-09-01 12:20 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
libgcrypt.so.20.1.1 (libgcrypt.so.20.1.1,778.22 KB, application/x-sharedlib)
2016-07-04 19:32 UTC, Jaak Ristioja
Details
build.log (build.log,168.19 KB, text/plain)
2016-07-27 21:51 UTC, Jaak Ristioja
Details
build-.arm.log (build-.arm.log,164.66 KB, text/plain)
2016-07-27 21:51 UTC, Jaak Ristioja
Details
config.log (config.log,104.86 KB, text/plain)
2016-07-27 21:52 UTC, Jaak Ristioja
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Jaak Ristioja 2016-07-04 19:17:54 UTC
Causing runtime failures for apps with "error while loading shared libraries: cannot make segment writable for relocation: Permission denied."

TEXTREL  /usr/lib/libgcrypt.so.20.1.1

dev-libs/libgcrypt-1.7.1:0/20::gentoo USE="-doc -static-libs"

Portage 2.2.28 (python 3.4.3-final-0, hardened/linux/arm/armv7a, gcc-5.4.0, glibc-2.22-r4, 4.5.7-hardened armv7l)
=================================================================
System uname: Linux-4.5.7-hardened-r3-v7-armv7l-with-gentoo-2.2
KiB Mem:      997136 total,    114824 free
KiB Swap:          0 total,         0 free
Timestamp of repository gentoo: Thu, 30 Jun 2016 00:45:01 +0000
sh bash 4.3_p42-r1
ld GNU ld (Gentoo 2.25.1 p1.1) 2.25.1
app-shells/bash:          4.3_p42-r1::gentoo
dev-lang/perl:            5.22.2::gentoo
dev-lang/python:          2.7.10-r1::gentoo, 3.4.3-r1::gentoo
dev-util/cmake:           3.3.1-r1::gentoo
dev-util/pkgconfig:       0.28-r2::gentoo
sys-apps/baselayout:      2.2::gentoo
sys-apps/openrc:          0.19.1::gentoo
sys-apps/sandbox:         2.10-r1::gentoo
sys-devel/autoconf:       2.69::gentoo
sys-devel/automake:       1.14.1::gentoo, 1.15::gentoo
sys-devel/binutils:       2.25.1-r1::gentoo
sys-devel/gcc:            4.9.3::gentoo, 5.3.0::gentoo, 5.4.0::gentoo
sys-devel/gcc-config:     1.7.3::gentoo
sys-devel/libtool:        2.4.6::gentoo
sys-devel/make:           4.2-r2::gentoo
sys-kernel/linux-headers: 4.3::gentoo (virtual/os-headers)
sys-libs/glibc:           2.22-r4::gentoo
Repositories:

gentoo
    location: /var/portage
    sync-type: webrsync
    priority: -1000

ACCEPT_KEYWORDS="arm"
ACCEPT_LICENSE="* -@EULA"
CBUILD="armv7a-hardfloat-linux-gnueabi"
CFLAGS="-O2 -pipe -march=armv7-a -mfpu=neon-vfpv4 -mfloat-abi=hard"
CHOST="armv7a-hardfloat-linux-gnueabi"
CXXFLAGS="-O2 -pipe -march=armv7-a -mfpu=neon-vfpv4 -mfloat-abi=hard"
FCFLAGS="-O2 -pipe -march=armv7-a"
FEATURES="assume-digests binpkg-logs collision-protect config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news nodoc noinfo noman parallel-fetch parallel-install preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync webrsync-gpg xattr"
FFLAGS="-O2 -pipe -march=armv7-a"
LANG="C"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
MAKEOPTS="-j5"
USE="acl arm armv5te armv6 armv6t2 berkdb bindist bzip2 caps cli cracklib crypt cxx dri gdbm hardened iconv modules ncurses nptl pam pax_kernel pcre pic pie readline seccomp session ssl ssp tcpd unicode urandom xattr xtpax zlib" ELIBC="glibc" KERNEL="linux" USERLAND="GNU"
Unset:  CC, CPPFLAGS, CTARGET, CXX, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, USE_PYTHON
Comment 1 Jaak Ristioja 2016-07-04 19:32:26 UTC
Created attachment 439720 [details]
libgcrypt.so.20.1.1

# scanelf -qT /usr/lib/libgcrypt.so.20.1.1 
  libgcrypt.so.20.1.1: (memory/data?) [0x5631C] in (optimized out: previous gcry_is_secure) [0xAC64]
  /usr/lib/libgcrypt.so.20.1.1
Comment 2 Kristian Fiskerstrand gentoo-dev Security 2016-07-13 17:57:03 UTC
Can you provide configure and build logs?
Comment 3 Jaak Ristioja 2016-07-27 21:51:15 UTC
Created attachment 441760 [details]
build.log

/var/tmp/portage/dev-libs/libgcrypt-1.7.1/temp/build.log
Comment 4 Jaak Ristioja 2016-07-27 21:51:49 UTC
Created attachment 441762 [details]
build-.arm.log

/var/tmp/portage/dev-libs/libgcrypt-1.7.1/temp/build-.arm.log
Comment 5 Jaak Ristioja 2016-07-27 21:52:18 UTC
Created attachment 441764 [details]
config.log

/var/tmp/portage/dev-libs/libgcrypt-1.7.1/work/libgcrypt-1.7.1-.arm/config.log
Comment 6 Sergei Trofimovich gentoo-dev 2016-08-06 19:58:14 UTC
To find where relocation sits you can lookup R_ARM reloc in objdump -R -r:

$ armv7a-unknown-linux-gnueabi-objdump -d -r -R -S libgcrypt.so.20.1.1 | grep -C4 R_ARM
   56310:       e8bd4ff0        pop     {r4, r5, r6, r7, r8, r9, sl, fp, lr}
   56314:       e3a00044        mov     r0, #68 ; 0x44
   56318:       e12fff1e        bx      lr
   5631c:       0005612c        andeq   r6, r5, ip, lsr #2
                        5631c: R_ARM_RELATIVE   *ABS*
   56320:       f3870e5f        vmov.i8 q0, #255        ; 0xff
   56324:       f2804011        vmov.i32        d4, #1  ; 0x00000001
   56328:       f3a00304        vsubw.u32       q0, q0, d4
   5632c:       ed2d8b10        vpush   {d8-d15}

$ armv7a-unknown-linux-gnueabi-objdump -d -r -R -S libgcrypt.so.20.1.1 | egrep 'R_ARM|>:'

0000ac64 <gcry_is_secure@@GCRYPT_1.6>:
                        5631c: R_ARM_RELATIVE   *ABS*

Building with -ggdb with FEATURES="nostrip" you should be able to find
equivalent C (or asm) lines that generate ABS relocs.
Comment 7 Kristian Fiskerstrand gentoo-dev Security 2016-08-06 19:58:58 UTC
Does the issue still persist in 1.7.2? Hopefully this was fixed upstream in 
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=a09126242a51c4ea4564b0f70b808e4f27fe5a91 :
 Fix non-PIC reference in PIC for poly1305/ARMv7-NEON

* cipher/poly1305-armv7-neon.S (GET_DATA_POINTER): New.
(_gcry_poly1305_armv7_neon_init_ext): Use GET_DATA_POINTER.
Comment 8 Jaak Ristioja 2016-08-10 17:27:27 UTC
(In reply to Kristian Fiskerstrand from comment #7)
> Does the issue still persist in 1.7.2?

No. The issue does not persist in 1.7.2.
Comment 9 Kristian Fiskerstrand gentoo-dev Security 2016-08-11 07:06:14 UTC
(In reply to Jaak Ristioja from comment #8)
> (In reply to Kristian Fiskerstrand from comment #7)
> > Does the issue still persist in 1.7.2?
> 
> No. The issue does not persist in 1.7.2.

ok, setting InVCS keyword until stabilizing 1.7.2 for ARM
Comment 10 Kristian Fiskerstrand gentoo-dev Security 2016-08-18 16:47:23 UTC
stabilization happening in 591534
Comment 11 Kristian Fiskerstrand gentoo-dev Security 2016-09-01 12:20:53 UTC
1.7.3 in stable