NetBSD Problem Report #53387
From www@NetBSD.org Wed Jun 20 16:35:26 2018
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id D33E97A14E
for <gnats-bugs@gnats.NetBSD.org>; Wed, 20 Jun 2018 16:35:25 +0000 (UTC)
Message-Id: <20180620163524.ABB967A279@mollari.NetBSD.org>
Date: Wed, 20 Jun 2018 16:35:24 +0000 (UTC)
From: mayuresh@acm.org
Reply-To: mayuresh@acm.org
To: gnats-bugs@NetBSD.org
Subject: security/p11-kit getauxval related issues on arm
X-Send-Pr-Version: www-1.0
>Number: 53387
>Category: pkg
>Synopsis: security/p11-kit getauxval related issues on arm
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: pkg-manager
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Jun 20 16:40:00 +0000 2018
>Closed-Date: Tue Nov 20 07:50:45 +0000 2018
>Last-Modified: Tue Nov 20 07:50:45 +0000 2018
>Originator: Mayuresh
>Release: pkgsrc current
>Organization:
>Environment:
NetBSD pi 8.0_RC1 NetBSD 8.0_RC1 (RPI2) #0: Sun Jun 17 16:30:05 IST 2018 root@pi:/usr/src/sys/arch/evbarm/compile/RPI2 evbarm
>Description:
The issue came to light with graphics/sane-backends program scanimage causing core dump on evbarm
assertion "type == AT_SECURE" failed: file "common/compat.c", line 801,
function "getauxval"
[1] Abort trap (core dumped) scanimage
Reported in this thread
http://mail-index.netbsd.org/netbsd-users/2018/06/17/msg020956.html
Further analysis led to a potential bug in p11-kit
http://mail-index.netbsd.org/netbsd-users/2018/06/20/msg020981.html
>How-To-Repeat:
Build and run scanimage (graphics/sane-backends) on evbarm
>Fix:
Not known, but there are views on cited threads above.
>Release-Note:
>Audit-Trail:
From: "Tobias Nygren" <tnn@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/53387 CVS commit: pkgsrc/security/p11-kit
Date: Sun, 2 Sep 2018 07:49:51 +0000
Module Name: pkgsrc
Committed By: tnn
Date: Sun Sep 2 07:49:51 UTC 2018
Modified Files:
pkgsrc/security/p11-kit: Makefile distinfo
pkgsrc/security/p11-kit/patches: patch-common_compat.c
Log Message:
p11-kit: Hide getauxval(). PR pkg/53387 (related to port-arm/53386)
To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 pkgsrc/security/p11-kit/Makefile
cvs rdiff -u -r1.7 -r1.8 pkgsrc/security/p11-kit/distinfo
cvs rdiff -u -r1.1 -r1.2 \
pkgsrc/security/p11-kit/patches/patch-common_compat.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->closed
State-Changed-By: tnn@NetBSD.org
State-Changed-When: Sun, 02 Sep 2018 07:52:24 +0000
State-Changed-Why:
fixed
From: Patrick Welche <prlw1@cam.ac.uk>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: pkg/53387 (security/p11-kit getauxval related issues on arm)
Date: Fri, 7 Sep 2018 10:15:34 +0100
In https://github.com/p11-glue/p11-kit/issues/192#issuecomment-419363073
Daiki Ueno comments:
We have the following snippet in p11-kit/Makefile.am:
```
libp11_kit_la_LDFLAGS = \
-no-undefined \
-version-info $(P11KIT_LT_RELEASE) \
-export-symbols-regex '^C_GetFunctionList|^p11_kit_'
```
which reads that only functions matching the regex should be exported.
Are you sure that `getauxval()` is exported from libp11-kit.so (try `nm -g
<path-to>/libp11-kit.so)?
Possibly a pkgsrc libtool problem instead?
State-Changed-From-To: closed->feedback
State-Changed-By: prlw1@NetBSD.org
State-Changed-When: Fri, 07 Sep 2018 09:23:21 +0000
State-Changed-Why:
Question arose when trying to get patch applied upstream.
From: "Maya Rashish" <maya@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/53387 CVS commit: src/crypto/external/bsd/openssl/dist/crypto
Date: Tue, 20 Nov 2018 07:30:18 +0000
Module Name: src
Committed By: maya
Date: Tue Nov 20 07:30:18 UTC 2018
Modified Files:
src/crypto/external/bsd/openssl/dist/crypto: armcap.c ppccap.c
Log Message:
Don't expose a getauxval symbol.
The code already knows how to handle it, but it assumes anyone who uses
GCC or clang might resolve the getauxval function to something eventually.
The only time we will expose getauxval is if a package tries to substitute
getauxval too, and then code will start having mysterious failures.
getauxval is purely a linux function (as far as I can see), so limit it to
that.
PR pkg/53387, PR port-arm/53386
To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 src/crypto/external/bsd/openssl/dist/crypto/armcap.c
cvs rdiff -u -r1.8 -r1.9 src/crypto/external/bsd/openssl/dist/crypto/ppccap.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: feedback->closed
State-Changed-By: maya@NetBSD.org
State-Changed-When: Tue, 20 Nov 2018 07:50:45 +0000
State-Changed-Why:
Asking the wrong person for feedback about a pkgsrc+libtool problem.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.43 2018/01/16 07:36:43 maya Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2017
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.