Last Comment Bug 358565 - R_386_PC32 relocations in libpipnss.so when building on FC6
: R_386_PC32 relocations in libpipnss.so when building on FC6
Status: RESOLVED FIXED
: fixed1.8.1.1
Product: Core
Classification: Components
Component: Security: PSM (show other bugs)
: Trunk
: x86 Linux
: -- normal (vote)
: ---
Assigned To: David Baron :dbaron: ⌚️UTC-7 (busy September 14-25)
:
:
Mentors:
Depends on:
Blocks: 359275
  Show dependency treegraph
 
Reported: 2006-10-28 18:43 PDT by David Baron :dbaron: ⌚️UTC-7 (busy September 14-25)
Modified: 2006-11-09 12:57 PST (History)
5 users (show)
dbaron: blocking1.9?
dveditz: blocking1.8.1.1-
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
patch (695 bytes, patch)
2006-10-28 19:08 PDT, David Baron :dbaron: ⌚️UTC-7 (busy September 14-25)
benjamin: review+
dveditz: approval1.8.1.1+
Details | Diff | Splinter Review

Description David Baron :dbaron: ⌚️UTC-7 (busy September 14-25) 2006-10-28 18:43:28 PDT
When building on Fedora Core 6 (where our system wrappers stuff works, and
where the big gcc visibility bug is fixed), SELinux prevents libpipnss.so from loading due to these relocations:

0006f868 R_386_PC32        PK11_GetBestSlot
0006f8a1 R_386_PC32        PK11_ImportSymKey
0006f8b0 R_386_PC32        PK11_FreeSlot
0006feaf R_386_PC32        PK11_DeleteTokenPrivateKey
0006fec7 R_386_PC32        PK11_DeleteTokenPublicKey
0006fedf R_386_PC32        PK11_FreeSymKey

(See also similar bug 358558 and bug 358559.  The patch will probably end up being similar.)

This doesn't prevent the browser from starting, like those bugs do, but it prevents https, etc., from working.
Comment 1 David Baron :dbaron: ⌚️UTC-7 (busy September 14-25) 2006-10-28 18:45:17 PDT
The bad relocations are in the functions:

nsKeyObjectFactory::KeyFromString
nsKeyObject::CleanUp
Comment 2 David Baron :dbaron: ⌚️UTC-7 (busy September 14-25) 2006-10-28 19:04:51 PDT
Ah, we have a system wrapper for pk11func.h but not for pk11pub.h (which is included by nsKeyModule.h).
Comment 3 David Baron :dbaron: ⌚️UTC-7 (busy September 14-25) 2006-10-28 19:08:09 PDT
Created attachment 243942 [details] [diff] [review]
patch
Comment 4 David Baron :dbaron: ⌚️UTC-7 (busy September 14-25) 2006-10-28 19:12:34 PDT
Note that pk11func.h is now just a stub header that includes pk11pub.h and pk11priv.h, with the comment that it was an old header with a mix of public and private functions -- now separated.  So pk11pub.h is presumably considered a better header to include than pk11func.h.
Comment 5 David Baron :dbaron: ⌚️UTC-7 (busy September 14-25) 2006-10-29 08:14:38 PST
Checked in to trunk.
Comment 6 David Baron :dbaron: ⌚️UTC-7 (busy September 14-25) 2006-10-29 08:21:48 PST
Comment on attachment 243942 [details] [diff] [review]
patch

This is a very low risk patch that will, along with the patches to bug 358558 and bug 358559:
 * allow Linux distros to take advantage of performance  optimizations (prelinking) and security improvements (SELinux)
 * make it easier for developers to build on new distributions like Fedora Core 6
Comment 7 Kai Engert (:kaie) 2006-11-02 13:32:45 PST
David, thanks for fixing building on Fedora.

cc'ing Bob and Wan-Teh FYI
Comment 8 David Baron :dbaron: ⌚️UTC-7 (busy September 14-25) 2006-11-02 13:45:56 PST
Note that this is not the only such bug -- I should in fact probably file a meta-bug to track these issues since I'm starting to lose track.  (It'll get added to the "blocks" list above once I do.)
Comment 9 Daniel Veditz [:dveditz] 2006-11-09 11:15:21 PST
Comment on attachment 243942 [details] [diff] [review]
patch

approved for 1.8 branch, a=dveditz for drivers

Why are you only requesting 1.8.1 approval when the other two also requested 1.8.0 branch approval?
Comment 10 David Baron :dbaron: ⌚️UTC-7 (busy September 14-25) 2006-11-09 11:23:19 PST
Because the change causing it was not on the 1.8.0 branch -- it was in the PSM changes made for the anti-phishing stuff.
Comment 11 David Baron :dbaron: ⌚️UTC-7 (busy September 14-25) 2006-11-09 12:57:25 PST
Checked in to MOZILLA_1_8_BRANCH.

Note You need to log in before you can comment on or make changes to this bug.