Bugzilla – Bug 984637
MozillaFirefox, MozillaThunderbird rebuild failure with binutils
Last modified: 2021-11-16 11:41:01 UTC
Looks like the updated binutils in SP2 causes firefox and thunderbird fail to build: [ 2513s] /usr/lib64/gcc/x86_64-suse-linux/4.8/../../../../x86_64-suse-linux/bin/ld: ../../xpcom/components/nsComponentManager.o: relocation R_X86_64_PC32 against protected symbol `end_kPStaticModules_NSModule' can not be used when making a shared object [ 2513s] /usr/lib64/gcc/x86_64-suse-linux/4.8/../../../../x86_64-suse-linux/bin/ld: final link failed: Bad value https://build.opensuse.org/package/live_build_log/openSUSE:Leap:42.2:Staging:A:DVD/MozillaFirefox/standard/x86_64 https://build.opensuse.org/package/live_build_log/openSUSE:Leap:42.2:Staging:A:DVD/MozillaThunderbird/standard/x86_64 Is this a bug in binutils or firefox/tb?
Isn't this an old problem? Certainly https://bugzilla.mozilla.org/show_bug.cgi?id=1141729 says so. Protected symbols are fiddly, if that symbols in question (end_kPStaticModules_NSModule) address is taken, and depending on if it's a function or data symbol (I'd think the latter), and depending on how the compiler implemented accesses to that address, indeed the linker message is correct. binutils got more and more strict over time (but always in situations that could have lead to runtime errors before). Sometimes GCC was changed to emit non-offending code, you'd know if that same firefox builds with binutils 2.26 but newer gcc (at least 5). NetBSD had a similar problem in February and updating firefox there also seemed to have helped: http://gnats.netbsd.org/50767 For other firefoxes they also had a patch/hack: http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/www/firefox45/patches/patch-xpcom_components_Module.h?rev=1.1&content-type=text/x-cvsweb-markup FWIW, as we won't update the system compiler (you could use the toolchain module one, of course) there's not much choice than adding the patch (or alternatively update firefox's sources if upstream changed this already). For reference, here's the binutils PR https://sourceware.org/bugzilla/show_bug.cgi?id=17709 that introduced the stricter checking. After https://sourceware.org/bugzilla/show_bug.cgi?id=19612 (a dup of the above) there's was much much discussion about behaviour of protected symbols and as of yet there's no definite conclusion.
Can we first verify with the latest Firefox (47.0)? (Not that I have much indication it might be gone but nevertheless.)
mozilla:Factory now has a MozillaFirefox package with the mentioned patch. How can I verify with and without the patch against 42.2? Or is someone else able to check? If the patch helps/is required I will push it to the other packages.
ah, I thought we have the ESR version also in Leap you can build against openSUSE:Leap:42.2:Staging:A to verify
hmm, I'm too stupid: osc build --alternative-project openSUSE:Leap:42.2:Staging:A x86_64 [...] Building MozillaFirefox.spec for standard/x86_64 Getting buildinfo from server and store to /home/local/build/mozillafactory/MozillaFirefox/.osc/_buildinfo-standard-x86_64.xml Getting buildconfig from server and store to /home/local/build/mozillafactory/MozillaFirefox/.osc/_buildconfig-standard-x86_64 buildinfo is broken... it says: unresolvable: nothing provides libnotify-devel nothing provides mozilla-nss-devel >= 3.23 nothing provides nss-shared-helper-devel nothing provides startup-notification-devel I understand the NSS issue because it's likely not in 42.2 yet but why are the others missing?
Ah, my fault, sorry! Firefox is in ring2 so you need to build against openSUSE:Leap:42.2:Staging:A:DVD
(In reply to Wolfgang Rosenauer from comment #2) > Can we first verify with the latest Firefox (47.0)? Yeah, first we should see if a newer firefox solves the problem without patches. > (Not that I have much indication it might be gone but nevertheless.)
I've linked the 42.1 online upte (47.0) in there, same issue https://build.opensuse.org/package/show/openSUSE:Leap:42.2:Staging:A:DVD/MozillaFirefox
confirmed locally as well. Also confirmed that the patch seems to fix it. I'm not exactly sure if I should apply the patch unconditionally or solely for 42.2. Any feedback?
New package submitted to openSUSE:Factory and openSUSE:Leap:42.2. Thunderbird will be covered with the next update which should happen within the next few days.
This is an autogenerated message for OBS integration: This bug (984637) was mentioned in https://build.opensuse.org/request/show/402737 42.2 / MozillaFirefox
which version of MozillaThunderbird to take for 42.2?
There is a new version being released within the next few days which will be an update for Factory and all other distributions (45.2) including 42.1 where I will merge the fix and it's supposed to end up in 42.2.
Any ETA? This blocks a staging project atm...
This is an autogenerated message for OBS integration: This bug (984637) was mentioned in https://build.opensuse.org/request/show/404534 42.2 / MozillaThunderbird
fixed as per above checkin
This is an autogenerated message for OBS integration: This bug (984637) was mentioned in https://build.opensuse.org/request/show/404805 Factory / MozillaThunderbird
openSUSE-SU-2016:1767-1: An update that fixes 28 vulnerabilities is now available. Category: security (important) Bug References: 969894,977333,977375,977376,983549,984126,984637,986162 CVE References: CVE-2016-1952,CVE-2016-1953,CVE-2016-1954,CVE-2016-1955,CVE-2016-1956,CVE-2016-1957,CVE-2016-1960,CVE-2016-1961,CVE-2016-1964,CVE-2016-1974,CVE-2016-1977,CVE-2016-2790,CVE-2016-2791,CVE-2016-2792,CVE-2016-2793,CVE-2016-2794,CVE-2016-2795,CVE-2016-2796,CVE-2016-2797,CVE-2016-2798,CVE-2016-2799,CVE-2016-2800,CVE-2016-2801,CVE-2016-2802,CVE-2016-2806,CVE-2016-2807,CVE-2016-2815,CVE-2016-2818 Sources used: openSUSE 13.1 (src): MozillaThunderbird-45.2-70.83.1
openSUSE-SU-2016:1769-1: An update that fixes 28 vulnerabilities is now available. Category: security (important) Bug References: 969894,977333,977375,977376,983549,984126,984637,986162 CVE References: CVE-2016-1952,CVE-2016-1953,CVE-2016-1954,CVE-2016-1955,CVE-2016-1956,CVE-2016-1957,CVE-2016-1960,CVE-2016-1961,CVE-2016-1964,CVE-2016-1974,CVE-2016-1977,CVE-2016-2790,CVE-2016-2791,CVE-2016-2792,CVE-2016-2793,CVE-2016-2794,CVE-2016-2795,CVE-2016-2796,CVE-2016-2797,CVE-2016-2798,CVE-2016-2799,CVE-2016-2800,CVE-2016-2801,CVE-2016-2802,CVE-2016-2806,CVE-2016-2807,CVE-2016-2815,CVE-2016-2818 Sources used: SUSE Package Hub for SUSE Linux Enterprise 12 (src): MozillaThunderbird-45.2-6.1
openSUSE-SU-2016:1778-1: An update that fixes 28 vulnerabilities is now available. Category: security (important) Bug References: 969894,977333,977375,977376,983549,984126,984637,986162 CVE References: CVE-2016-1952,CVE-2016-1953,CVE-2016-1954,CVE-2016-1955,CVE-2016-1956,CVE-2016-1957,CVE-2016-1960,CVE-2016-1961,CVE-2016-1964,CVE-2016-1974,CVE-2016-1977,CVE-2016-2790,CVE-2016-2791,CVE-2016-2792,CVE-2016-2793,CVE-2016-2794,CVE-2016-2795,CVE-2016-2796,CVE-2016-2797,CVE-2016-2798,CVE-2016-2799,CVE-2016-2800,CVE-2016-2801,CVE-2016-2802,CVE-2016-2806,CVE-2016-2807,CVE-2016-2815,CVE-2016-2818 Sources used: openSUSE Leap 42.1 (src): MozillaThunderbird-45.2-16.1 openSUSE 13.2 (src): MozillaThunderbird-45.2-43.1
openSUSE-SU-2016:1964-1: An update that fixes 22 vulnerabilities is now available. Category: security (important) Bug References: 984126,984403,984637,986541,991809 CVE References: CVE-2016-0718,CVE-2016-2830,CVE-2016-2835,CVE-2016-2836,CVE-2016-2837,CVE-2016-2838,CVE-2016-2839,CVE-2016-5250,CVE-2016-5251,CVE-2016-5252,CVE-2016-5254,CVE-2016-5255,CVE-2016-5258,CVE-2016-5259,CVE-2016-5260,CVE-2016-5261,CVE-2016-5262,CVE-2016-5263,CVE-2016-5264,CVE-2016-5265,CVE-2016-5266,CVE-2016-5268 Sources used: openSUSE Leap 42.1 (src): MozillaFirefox-48.0-27.1, mozilla-nss-3.24-21.1 openSUSE 13.2 (src): MozillaFirefox-48.0-74.1, mozilla-nss-3.24-37.1
openSUSE-SU-2016:2026-1: An update that fixes 22 vulnerabilities is now available. Category: security (important) Bug References: 984126,984403,984637,986541,991809 CVE References: CVE-2016-0718,CVE-2016-2830,CVE-2016-2835,CVE-2016-2836,CVE-2016-2837,CVE-2016-2838,CVE-2016-2839,CVE-2016-5250,CVE-2016-5251,CVE-2016-5252,CVE-2016-5254,CVE-2016-5255,CVE-2016-5258,CVE-2016-5259,CVE-2016-5260,CVE-2016-5261,CVE-2016-5262,CVE-2016-5263,CVE-2016-5264,CVE-2016-5265,CVE-2016-5266,CVE-2016-5268 Sources used: openSUSE 13.1 (src): MozillaFirefox-48.0-119.1, mozilla-nss-3.24-83.1
This is an autogenerated message for OBS integration: This bug (984637) was mentioned in https://build.opensuse.org/request/show/435717 Factory / seamonkey
This is an autogenerated message for OBS integration: This bug (984637) was mentioned in https://build.opensuse.org/request/show/452887 42.1 / seamonkey
openSUSE-SU-2017:0356-1: An update that solves one vulnerability and has three fixes is now available. Category: security (important) Bug References: 1017174,1021636,984637,990856 CVE References: CVE-2016-6354 Sources used: openSUSE Leap 42.2 (src): seamonkey-2.46-9.2 openSUSE Leap 42.1 (src): seamonkey-2.46-9.2
This is an autogenerated message for OBS integration: This bug (984637) was mentioned in https://build.opensuse.org/request/show/904702 15.3 / seamonkey
This is an autogenerated message for OBS integration: This bug (984637) was mentioned in https://build.opensuse.org/request/show/907731 15.3 / seamonkey
This is an autogenerated message for OBS integration: This bug (984637) was mentioned in https://build.opensuse.org/request/show/914429 15.3 / seamonkey
This is an autogenerated message for OBS integration: This bug (984637) was mentioned in https://build.opensuse.org/request/show/922046 15.3 / seamonkey
This is an autogenerated message for OBS integration: This bug (984637) was mentioned in https://build.opensuse.org/request/show/931737 15.3 / seamonkey