firefox-esr 52 patches for wheezy

Emilio Pozuelo Monfort pochu at debian.org
Tue May 23 21:03:54 UTC 2017


Hi Mike,

On 10/05/17 11:03, Mike Hommey wrote:
> On Wed, May 10, 2017 at 10:54:04AM +0200, Emilio Pozuelo Monfort wrote:
>>> -fPIC is passed by the Firefox build system itself. If it's missing, then
>>> something fishy is going on, and you're only papering over that. Also,
>>> the last version I built packages for wheezy for, 47, didn't have
>>> missing -fPIC problems, and nothing of note has changed between 47 and
>>> 49 wrt that.
>>
>> Where does Firefox inject -fPIC? I see mentions of -fPIC in old-configure, but
>> that sounds unused. Is the -fPIC injection unconditional or conditional? One
>> change is the switch from gcc-4.7 to gcc-mozilla (4.8) which is built especially
>> so that the libraries are not shared. Dunno if that would have any effect on
>> Firefox's detection. I could try to build the old firefox 45 with it and see
>> what happens.
> 
> It's unconditional. It's set in old-configure through the DSO_PIC_CFLAGS variable,
> which is added to COMPILE_C*FLAGS in config/config.mk, and that in turn
> is used in compile commands config/rules.mk.

I've had some time to look at this. I found out that -fPIC is only needed for a
configure time check. Once that passes, firefox builds normally, and we get
-fPIC twice (which is harmless), once because of CFLAGS and once because of
old-configure, e.g.:

/<<PKGBUILDDIR>>/build-browser/_virtualenv/bin/python
/<<PKGBUILDDIR>>/config/expandlibs_exec.py --uselist --
/usr/lib/gcc-mozilla/bin/g++ -std=gnu++11 -D_FORTIFY_SOURCE=2 -Wall
-Wc++11-compat -Wempty-body -Wignored-qualifiers -Woverloaded-virtual
-Wpointer-arith -Wsign-compare -Wtype-limits -Wunreachable-code -Wwrite-strings
-Wno-invalid-offsetof -Wno-error=maybe-uninitialized
-Wno-error=deprecated-declarations -Wno-error=array-bounds -fPIC -fno-exceptions
-fno-strict-aliasing -fno-rtti -ffunction-sections -fdata-sections
-fno-exceptions -fno-math-errno -pthread -pipe  -g -freorder-blocks -Os
-fomit-frame-pointer  -fPIC -shared -Wl,-z,defs -Wl,--gc-sections
-Wl,-h,libmozgtk.so -o libmozgtk.so  mozgtk.o   -lpthread -Wl,--as-needed
-Wl,--reduce-memory-overheads -Wl,--no-keep-memory -Wl,--stats
-Wl,-z,noexecstack -Wl,-z,text -Wl,--build-id
-Wl,-rpath-link,/<<PKGBUILDDIR>>/build-browser/dist/bin -Wl,-rpath-link,/usr/lib
        -ldl  -Wl,--no-as-needed -lgtk-3 -lgdk-3 -Wl,--as-needed



Now, why does configure fail without -fPIC? Without it, we get this:



checking whether removing dead symbols breaks debugging... no
checking for PIE support... no
configure: error: --enable-pie requires PIE support from the linker.
------ config.log ------
/usr/bin/ld: total time in link: 0.064000
/usr/bin/ld: data size 37361176
configure:10593: checking whether the linker supports Identical Code Folding
configure:10602: /usr/lib/gcc-mozilla/bin/gcc -o conftest  -Wl,--as-needed
-Wl,--reduce-memory-overheads -Wl,--no-keep-memory -Wl,--stats
-Wl,-z,noexecstack -Wl,-z,text -Wl,--build-id -Wl,--icf=safe -ffunction-sections
conftest.c  1>&2
/usr/bin/ld: unrecognized option '--icf=safe'
/usr/bin/ld: use the --help option for usage information
collect2: error: ld returned 1 exit status
configure:10643: checking whether removing dead symbols breaks debugging
configure:10650: /usr/lib/gcc-mozilla/bin/gcc -o conftest.o -fstack-protector
--param=ssp-buffer-size=4 -Wformat -Werror=format-security -std=gnu99
-fgnu89-inline -fno-strict-aliasing -ffunction-sections -fdata-sections
-fno-math-errno -g -c conftest.c 1>&2
configure:10651: /usr/lib/gcc-mozilla/bin/gcc -o conftest  -Wl,--as-needed
-Wl,--reduce-memory-overheads -Wl,--no-keep-memory -Wl,--stats
-Wl,-z,noexecstack -Wl,-z,text -Wl,--build-id -g -Wl,--gc-sections conftest.o  1>&2
/usr/bin/ld: total time in link: 0.016000
/usr/bin/ld: data size 25773592
configure:10702: checking for PIE support
configure:10713: /usr/lib/gcc-mozilla/bin/gcc -o conftest -fstack-protector
--param=ssp-buffer-size=4 -Wformat -Werror=format-security -std=gnu99
-fgnu89-inline -fno-strict-aliasing -ffunction-sections -fdata-sections
-fno-math-errno -D_FORTIFY_SOURCE=2  -Wl,--as-needed
-Wl,--reduce-memory-overheads -Wl,--no-keep-memory -Wl,--stats
-Wl,-z,noexecstack -Wl,-z,text -Wl,--build-id -pie conftest.c  1>&5
/usr/bin/ld: /tmp/cc1JnNAS.o: relocation R_X86_64_32 against `.text.main' can
not be used when making a shared object; recompile with -fPIC
/tmp/cc1JnNAS.o: could not read symbols: Bad value
collect2: error: ld returned 1 exit status
configure: failed program was:
#line 10706 "configure"
#include "confdefs.h"

int main() {

; return 0; }
configure: error: --enable-pie requires PIE support from the linker.


Indeed, a simple "int main() { ; return 0; }" triggers the error with a reduced
gcc call:

root at tatooine:/tmp/buildd/firefox-esr-45.9.0esr# /usr/lib/gcc-mozilla/bin/gcc -o
conftest -pie conftest.c
/usr/bin/ld: /tmp/ccmF99R3.o: relocation R_X86_64_32 against `.text' can not be
used when making a shared object; recompile with -fPIC
/tmp/ccmF99R3.o: could not read symbols: Bad value
collect2: error: ld returned 1 exit status


After some investigation and comparing this with gcc (4.7), I found that the
relocation added by gcc-4.8 without -fPIC is different than all the others, and
ld chokes on it:


root at tatooine:/tmp/buildd/firefox-esr-45.9.0esr# gcc -c conftest.c -fPIC;
objdump -r conftest.o; ld conftest.o -pie

conftest.o:     file format elf64-x86-64

RELOCATION RECORDS FOR [.eh_frame]:
OFFSET           TYPE              VALUE
0000000000000020 R_X86_64_PC32     .text


ld: warning: cannot find entry symbol _start; defaulting to 000000000000025c
root at tatooine:/tmp/buildd/firefox-esr-45.9.0esr# gcc -c conftest.c ; objdump -r
conftest.o; ld conftest.o -pie

conftest.o:     file format elf64-x86-64

RELOCATION RECORDS FOR [.eh_frame]:
OFFSET           TYPE              VALUE
0000000000000020 R_X86_64_PC32     .text


ld: warning: cannot find entry symbol _start; defaulting to 000000000000025c
root at tatooine:/tmp/buildd/firefox-esr-45.9.0esr# /usr/lib/gcc-mozilla/bin/gcc -c
conftest.c -fPIC; objdump -r conftest.o; ld conftest.o -pie

conftest.o:     file format elf64-x86-64

RELOCATION RECORDS FOR [.eh_frame]:
OFFSET           TYPE              VALUE
0000000000000020 R_X86_64_PC32     .text


ld: warning: cannot find entry symbol _start; defaulting to 000000000000025c
root at tatooine:/tmp/buildd/firefox-esr-45.9.0esr# /usr/lib/gcc-mozilla/bin/gcc -c
conftest.c ; objdump -r conftest.o; ld conftest.o -pie

conftest.o:     file format elf64-x86-64

RELOCATION RECORDS FOR [.eh_frame]:
OFFSET           TYPE              VALUE
0000000000000020 R_X86_64_32       .text


ld: conftest.o: relocation R_X86_64_32 against `.text' can not be used when
making a shared object; recompile with -fPIC
conftest.o: could not read symbols: Bad value

See how the last call has a different relocation, and fails.

I don't know whether this is a bug in this version of GCC, a bug in binutils
(maybe binutils should have been updated together with GCC, though I would be
surprised if a lockstep update was required) or maybe it's all fine, and you
really need -fPIC for -pie... and while we pass -fPIC when building firefox, we
don't when running configure, which is what my change solves.

Cheers,
Emilio



More information about the pkg-mozilla-maintainers mailing list