After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 755814 - Web extension is broken when hardened with full RELRO (-Wl,-z,now)
Web extension is broken when hardened with full RELRO (-Wl,-z,now)
Status: RESOLVED FIXED
Product: epiphany
Classification: Core
Component: General
3.18.x (obsolete)
Other Linux
: Normal normal
: ---
Assigned To: Michael Catanzaro
Epiphany Maintainers
Depends on:
Blocks:
 
 
Reported: 2015-09-29 21:52 UTC by Michael Catanzaro
Modified: 2015-10-07 13:26 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
Fix build with -Wl,-z,now (847 bytes, patch)
2015-10-02 15:19 UTC, Michael Catanzaro 		none Details | Review
Fix failure to load web extension with -Wl,-z,now (871 bytes, patch)
2015-10-02 15:23 UTC, Michael Catanzaro 		committed Details | Review

Description Michael Catanzaro 2015-09-29 21:52:13 UTC 
In Fedora 23 the web extension is broken. I cannot reproduce this is my jhbuild environment, and haven't figured out why yet. But the error is:

"Error loading module '/usr/lib64/epiphany/3.18/web-extensions/libephywebextension.so': /usr/lib64/epiphany/3.18/web-extensions/libephywebextension.so: undefined symbol: gnome_desktop_thumbnail_factory_save_thumbnail"

I expect it's almost surely a regression from bug #747521 (which was a build fix due to a linker error that only occurred in Fedora 23; I suspect something changed in the toolchain recently).
Comment 1 Michael Catanzaro 2015-09-29 22:17:45 UTC 
We should probably make this fatal to the UI process.
Comment 2 Michael Catanzaro 2015-09-30 03:32:05 UTC 
I set up an F23 VM and can't reproduce in jhbuild on F23, but can with the system package... strange....
Comment 3 Michael Catanzaro 2015-09-30 13:59:42 UTC 
It's the new hardening flags that other distros aren't using yet. They broke a lot of packages that use dlopen, not just Epiphany.
Comment 4 Michael Catanzaro 2015-09-30 15:51:29 UTC 
To reproduce, add to your jhbuildrc:

os.environ['LDFLAGS'] = '-Wl,-z,now'
Comment 5 Michael Catanzaro 2015-09-30 16:02:01 UTC 
Two fixes I found:

1) Sabotage the hardening in the downstream spec file:

%build
# -z,now (full relro) breaks the web extension
CFLAGS="$RPM_OPT_FLAGS -Wl,-z,lazy"
export CFLAGS
%configure --with-distributor-name=Fedora
make %{?_smp_mflags}

2) Explicitly link the web extension to everything:

libephywebextension_la_CFLAGS = \
	-DSHARE_DIR=\"$(pkgdatadir)\" \
	-DTOP_SRC_DATADIR=\"$(top_srcdir)/data\" \
	$(AM_CFLAGS) \
+	$(DEPENDENCIES_CFLAGS) \
	$(WEB_EXTENSION_CFLAGS)

libephywebextension_la_LIBADD = \
	$(top_builddir)/lib/libephymisc.la \
+	$(DEPENDENCIES_LIBS) \
	$(WEB_EXTENSION_LIBS)

Shouldn't be necessary since the needed linker flags should have been pulled in by libephymisc.la...?
Comment 6 Michael Catanzaro 2015-10-02 15:19:23 UTC 
Created attachment 312571 [details] [review]
Fix build with -Wl,-z,now

libephymisc.la wasn't linked to its dependencies. This breaks the web
extension in distros that use full RELRO

http://tk-blog.blogspot.co.at/2009/02/relro-not-so-well-known-memory.html
Comment 7 Michael Catanzaro 2015-10-02 15:23:07 UTC 
Created attachment 312572 [details] [review]
Fix failure to load web extension with -Wl,-z,now

libephymisc.la wasn't linked to its dependencies. This breaks the web
extension in distros that use full RELRO

http://tk-blog.blogspot.co.at/2009/02/relro-not-so-well-known-memory.html
Comment 8 Michael Catanzaro 2015-10-07 13:26:19 UTC 
It doesn't make sense to have the patch in bug #747521 without this, so pushing... we can decide later whether we want to revert both of these and try something else, or else clean up what is now PKG_CHECK_MODULES duplication in configure.ac.

Attachment 312572 [details] pushed as 88dbc32 - Fix failure to load web extension with -Wl,-z,now