Closed Bug 1688795 Opened 9 months ago Closed 9 months ago

Update libgcrypt to 1.9.0

Categories

(Chat Core :: Security: OTR, task)

Tracking

(thunderbird_esr78 wontfix, thunderbird86 wontfix)

RESOLVED FIXED
87 Branch
Tracking Status
thunderbird_esr78 --- wontfix
thunderbird86 --- wontfix

People

(Reporter: rjl, Assigned: rjl)

References

Details

Attachments

(1 file)

libgcrypt 1.8.7 turns is broken for aarch64 on Linux (at least for our case). Libgcrypt 1.9.0 fixes the compile error with camellia-arm assembly and also looks like it includes several fixes intended for aarch64 on macOS. As we are moving towards supporting Apple Silicon I'd like to pick this up.

The error I got with 1.8.7 suggested compiling with -fPIC, but that was already the case.

/bin/bash ../libtool  --tag=CC   --mode=link aarch64-linux-gnu-clang  -g -O2 -D_FORTIFY_SOURCE=2 -Qunused-arguments -fstack-protector-all -Wstack-protector -fwrapv -fno-strict-overflow -Wall -Wextra -Wno-unused-parameter -Wformat-security --param ssp-buffer-size=1 -fPIE -version-info 6:1:1  -L/builds/worker/workspace/build/build_prefix/lib -lgcrypt -lgpg-error -pie -z relro -z now -o libotr.la -rpath /builds/worker/workspace/build/build_prefix/lib privkey.lo context.lo proto.lo b64.lo dh.lo mem.lo message.lo userstate.lo tlv.lo auth.lo sm.lo context_priv.lo instag.lo  
libtool: link: aarch64-linux-gnu-clang -shared  -fPIC -DPIC  .libs/privkey.o .libs/context.o .libs/proto.o .libs/b64.o .libs/dh.o .libs/mem.o .libs/message.o .libs/userstate.o .libs/tlv.o .libs/auth.o .libs/sm.o .libs/context_priv.o .libs/instag.o   -L/builds/worker/workspace/build/build_prefix/lib /builds/worker/workspace/build/build_prefix/lib/libgcrypt.a /builds/worker/workspace/build/build_prefix/lib/libgpg-error.a  -O2   -Wl,-soname -Wl,libotr.so.5 -o .libs/libotr.so.5.1.1
/builds/worker/fetches/binutils/bin/ld: /builds/worker/workspace/build/build_prefix/lib/libgcrypt.a(camellia-aarch64.o): relocation R_AARCH64_ADR_PREL_LO21 against symbol `_gcry_camellia_arm_tables' which may bind externally can not be used when making a shared object; recompile with -fPIC
/builds/worker/fetches/binutils/bin/ld: /builds/worker/workspace/build/build_prefix/lib/libgcrypt.a(camellia-aarch64.o): in function `_gcry_camellia_arm_encrypt_block':
/builds/worker/workspace/build/libgcrypt/cipher/camellia-aarch64.S:211:(.text+0x0): dangerous relocation: unsupported relocation
/builds/worker/fetches/binutils/bin/ld: /builds/worker/workspace/build/build_prefix/lib/libgcrypt.a(camellia-aarch64.o): relocation R_AARCH64_ADR_PREL_LO21 against symbol `_gcry_camellia_arm_tables' which may bind externally can not be used when making a shared object; recompile with -fPIC
/builds/worker/fetches/binutils/bin/ld: /builds/worker/workspace/build/build_prefix/lib/libgcrypt.a(camellia-aarch64.o): in function `_gcry_camellia_arm_decrypt_block':
/builds/worker/workspace/build/libgcrypt/cipher/camellia-aarch64.S:254:(.text+0xc84): dangerous relocation: unsupported relocation

The other option that seemed to have worked was to disable camellia when building for aarch64, but that seems like the wrong approach.

Blocks: 1674843

This version fixes a compile error when building for linux-aarch64.

Assignee: nobody → rob
Status: NEW → ASSIGNED
Status: ASSIGNED → RESOLVED
Closed: 9 months ago
Resolution: --- → FIXED
Target Milestone: --- → 87 Branch

Kai is making a patch for the update.

Flags: needinfo?(rob)
Blocks: 1689613

(In reply to Magnus Melin [:mkmelin] from comment #3)

https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000455.html
I guess we should just back this out of nightly.

That would mean having to back out all of the aarch64 platform work that has landed since as there were problems with older versions of libgcrypt and building for various aarch64 platforms. We can get the update landed today which should be sufficient. We never released a beta or release version with this bad libgcrypt.

You need to log in before you can comment on or make changes to this bug.