pkg/54555: security/gnutls 3.6.9 runs afoul of PAX MPROTECT and text relocations on netbsd-9/i386

To: pkg-manager%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,pkgsrc-bugs%netbsd.org@localhost
Subject: pkg/54555: security/gnutls 3.6.9 runs afoul of PAX MPROTECT and text relocations on netbsd-9/i386
From: jdbaker%consolidated.net@localhost
Date: Tue, 17 Sep 2019 16:45:00 +0000 (UTC)

>Number:         54555
>Category:       pkg
>Synopsis:       security/gnutls 3.6.9 runs afoul of PAX MPROTECT and text relocations on netbsd-9/i386
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Sep 17 16:45:00 +0000 2019
>Originator:     John D. Baker
>Release:        NetBSD/i386-9.0_BETA, pkgsrc-HEAD (20190917, pending pkgsrc-2019Q3)
>Organization:
>Environment:
NetBSD slate.technoskunk.fur 9.0_BETA NetBSD 9.0_BETA (SLATE) #13: Sat Sep 14 02:41:22 CDT 2019  sysop%plex760.technoskunk.fur@localhost:/r0/build/netbsd-9/obj/i386/sys/arch/i386/compile/SLATE i386
>Description:
Following the update of "security/gnutls" to v3.6.9, the package itself
builds and installs, but when used later during other package builds,
it fails.  E.g., while building "print/cups-base":

[...]
Generating localization strings...
/d0/build/pkgsrc/print/cups-base/work/.buildlink/lib/libgnutls.so.30: text relocations
/d0/build/pkgsrc/print/cups-base/work/.buildlink/lib/libgnutls.so.30: Cannot write-enable text segment: Permission denied
gmake[1]: *** [Makefile:191: genstrings] Error 1
gmake: *** [Makefile:38: all] Error 1
*** Error code 2

Stop.
make[1]: stopped in /d0/nbsd/pkgsrc/print/cups-base
*** Error code 1

Stop.
make: stopped in /d0/nbsd/pkgsrc/print/cups-base


The previous version did not exhibit this problem on i386.
>How-To-Repeat:
Update to gnutls-3.6.9 on NetBSD/i386-9.0_BETA (also HEAD and probably
8.x as well).

Attempt to run anything that uses "libgnutls.so.30", such as building
"print/cups-base".
>Fix:
Workaround: for the case of "print/cups-base", run 'make configure'
then edit ${WRKSRC}/ppdc/Makefile "genstrings" target to include:

  paxctl +m .libs/genstrings

after the link command (before the message "Generating localization
strings"

Probably need something similar for any package that builds a local tool
linked against libgnutl.so*.

Prev by Date: pkg/54550: Scapy 2.4.3 available
Next by Date: pkg/54556: Please update security/ccid to version 1.4.27
Previous by Thread: pkg/54550: Scapy 2.4.3 available
Next by Thread: Re: pkg/54555: security/gnutls 3.6.9 runs afoul of PAX MPROTECT and text relocations on netbsd-9/i386
Indexes:

Home | Main Index | Thread Index | Old Index