[gnutls-devel] GnuTLS | wrong text relocations on i386 due to non-PIC assembly (#818)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Thu Aug 8 19:48:16 CEST 2019

Andreas Metzler created an issue:


this is https://bugs.debian.org/934193 reported by Steve Langasek against 3.6.9:

In Ubuntu we discovered that the new version of libgnutls was causing
systemd-resolved to fail to start on i386, due to forbidden text relocations:

  Aug 07 23:21:43 vorlon-i386-test systemd-resolved[8810]: /lib/systemd/systemd-resolved: error while loading shared libraries: /lib/i386-linux-gnu/libgnutls.so.30: cannot make segment writable for relocation: Operation not permitted

This is a fatal error for systemd-resolved because the systemd unit sets
MemoryDenyWriteExecute=yes, but the problem can be more generally seen by
examining the library with readelf:

  $ readelf -d ./debian/tmp/usr/lib/i386-linux-gnu/libgnutls.so.30.25.0 |grep TEXTREL
   0x00000016 (TEXTREL)                    0x0
   0x0000001e (FLAGS)                      TEXTREL BIND_NOW

These text relocations should not be there.

This is a one-line fix (see attached), but I don't understand how the bug
occurred in the first place, as this looks like a case of a version of an
"automatically generated" file being checked into upstream git that was in
fact hand-edited (wrongly) since it does not match what is generated by the
upstream openssl assembly-generating perl scripts.


Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/818
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190808/d7b7b35f/attachment.html>

More information about the Gnutls-devel mailing list