Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.security > #6082
| From | Elmar Stellnberger <estellnb@elstel.org> |
|---|---|
| Newsgroups | linux.debian.security |
| Subject | Re: [SECURITY] [DSA 5113-1] firefox-esr security update |
| Date | 2022-04-17 18:10 +0200 |
| Message-ID | <EdfDj-9ncw-1@gated-at.bofh.it> (permalink) |
| References | (4 earlier) <EbRMJ-8xs7-5@gated-at.bofh.it> <Ecx9f-8Wxt-3@gated-at.bofh.it> <EcRhD-98Qm-5@gated-at.bofh.it> <EcSx3-99tF-1@gated-at.bofh.it> <EdfjY-9mR0-7@gated-at.bofh.it> |
| Organization | linux.* mail to news gateway |
Likely it is possible to comment out the tournament checks after compilation (which did not succeed to find this error any way) in debian/rules; I would do it like this: check: check22: $(check_stamp) $(check_stamp): $(build_stamp) $(MAKE) -f debian/rules2 $@ (here I have renamed check into check22 and created a new empty check goal) That should save 80% of the compilation time. Elmar On 17.04.22 17:46, Elmar Stellnberger wrote: > I have now downloaded the source package and examined the backtrace > of building Firefox and examined all the differences between gcc 8.3.0-1 > (known bad from Debian10) and gcc 9.2.0 with gcc 9.2.1 being known to be > good for moc/Qt5 from Ubuntu 19.10. There was only one difference I > found along the backtrace for gcc and I have documented this in the > following gcc/g++ bug report. You can also download the patch from here: > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105293 > > I have rebuilt with the posted patch and the output has shown me that > all package files must have been created successfully: > > Build Dependencies: > Desired=Unknown/Install/Remove/Purge/Hold > | > Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend > > |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) > ||/ Name Version Architecture > Description > +++-=========================-======================-============-=============================================================================== > > ii binutils 2.31.1-16 i386 GNU > assembler, linker and binary utilities > ii binutils-common:i386 2.31.1-16 i386 Common > files for the GNU assembler, linker and binary utilities > ii binutils-hppa64-linux-gnu 2.31.1-16 i386 GNU > assembler, linker and binary utilities targeted for hppa64-linux > ii binutils-i686-linux-gnu 2.31.1-16 i386 GNU > binary utilities, for i686-linux-gnu target > ii g++-8 8.3.0-6 i386 GNU > C++ compiler > ii g++-8-dbgsym 8.3.0-6 i386 debug > symbols for g++-8 > ii g++-8-multilib 8.3.0-6 i386 GNU > C++ compiler (multilib support) > ii g++-multilib 4:8.3.0-1 i386 GNU > C++ compiler (multilib files) > ii libc6:i386 2.28-10+deb10u1 i386 GNU C > Library: Shared libraries > ii libgmp-dev:i386 2:6.1.2+dfsg-4+deb10u1 i386 Multiprecision > arithmetic library developers tools > ii libisl-dev:i386 0.20-2 i386 manipulating > sets and relations of integer points bounded by linear constraints > ii libmpc-dev:i386 1.1.0-1 i386 multiple > precision complex floating-point library development package > ii libmpfr-dev:i386 4.0.2-1 i386 multiple > precision floating-point computation developers tools > > > (from gcc-bug:, this is terror by Western secret services, as also > referenced by elstel.org/DualSat) "I have looked into the same directory > as before but unfortunately I found not a single .deb there and nowhere > else under /usr/src. The files can only have been deleted like the ssh > user from /etc/passwd at my nslu2 machine. Another time I found out > about a chmod -x /etc/init.d/sshd as I suddenly could not connect to my > nslu2 via ssh any more. This looks very similar as what I have > experienced with arm-linux-gnueabihf-ld when the program did neither > produce an error message, an !=0 return value and no output file as > given with -o txtfmt." > If you know programs like gcc or the linker ld, then you know they > will always produce an error message if something fails. Even if there > was a bug in ld to display no error it would have returned a non-zero > exit status. Anyone who has worked with tools like gcc or ld/collect2 > knows that. I have really searched for a txtfmt/a.out everywhere possible. > > I am quite sure that the posted patch would resolve the issue. I > would appreciate it very much if someone was ready to compile that with > a Debian10/i386 chroot: > > as root: > > debootstrap --arch i386 buster /dst/dbuster-i386 > > xchroot /dst/dbuster-i386 > > ... install build-essential apt-src locales-all etc. > > cd /usr/src > > apt-src update > > apt-src install gcc-8 > > Compiling may need more than a day; however you may hibernate in > between. Make sure you have copied the patch into > gcc-8-8.3.0/debian/patches/ and check that file has been patched some > good minutes after compilation has started: > > grep "chkp_reset_rtl_bounds ();" gcc-8-8.3.0/src/gcc/cfgexpand.c || echo ok > > before it should not echo ok but the line with chkp_reset_rtl_bounds > > invoke the build inside the gcc-8-8.3.0 directory: > dpkg-buildpackage -b -uc -us [-nc] 2>&1 | tee compile-gcc.msg > // -b ... build binary > // -uc -us ... do not sign (I use -kestellnb@elstel.org, see gpg > --list-keys) > > You can stop as soon as it has created the .deb packages. Grep for a > line like "ii.*libgmp-dev:i386" in compile-gcc.msg to find that out. Do > not forget to shield the + characters of g++ i.e. grep > "g[+][+]-8-multilib " > > It will be of great help if anyone decides to do so! > Remember it should resolve several dependent bugs in Buster/i586 and > also distributions of similar time. > > Regards, > Elmar > > > > > On 16.04.22 17:20, Odo Poppinger wrote: >> Why not? >> >> On 16.04.22 16:05, Elmar Stellnberger wrote: >> > Given that this should not be possible for some reason, please >> > share your knowledge about these bugs, so that people like me >> > can try to find a fix. >> > >> > Elmar >> >> >> On 11.04.22 23:57, Moritz Muehlenhoff wrote: >>> It is possible; if someone tracks down the respective GCC change and >>> backports >>> it to GCC 8 in Buster or alternatively lands a patch in the ESR91 branch >>> which changes the code to no longer trigger the ICE, that would fix it. >>> >>> But realistically the number of people who actively care about i386 >>> support is >>> really, really small so I wouldn't count on it... >>> >>> Cheers, >>> Moritz >>
Back to linux.debian.security | Previous | Next — Previous in thread | Next in thread | Find similar
Re: [SECURITY] [DSA 5113-1] firefox-esr security update Friedhelm Waitzmann <fach220408.fwnsp@xoxy.net> - 2022-04-08 14:20 +0200
Re: [SECURITY] [DSA 5113-1] firefox-esr security update Moritz Mühlenhoff <jmm@inutil.org> - 2022-04-09 23:40 +0200
Re: [SECURITY] [DSA 5113-1] firefox-esr security update Odo Poppinger <odopopp@gmail.com> - 2022-04-11 13:50 +0200
Re: [SECURITY] [DSA 5113-1] firefox-esr security update Moritz Muehlenhoff <jmm@inutil.org> - 2022-04-12 00:10 +0200
amd64 running on Intel Celeron and Pentium? (was: [SECURITY] [DSA 5113-1] firefox-esr security update) Friedhelm Waitzmann <fach220408.fwnsp@xoxy.net> - 2022-04-12 06:20 +0200
Re: amd64 running on Intel Celeron and Pentium? (was: [SECURITY] [DSA 5113-1] firefox-esr security update) piorunz <piorunz@gmx.com> - 2022-04-13 16:50 +0200
Re: amd64 running on Intel Celeron and Pentium? (was: [SECURITY] [DSA 5113-1] firefox-esr security update) Michael Stone <mstone@debian.org> - 2022-04-13 17:10 +0200
Re: amd64 running on Intel Celeron and Pentium? (was: [SECURITY] [DSA 5113-1] firefox-esr security update) piorunz <piorunz@gmx.com> - 2022-04-13 17:20 +0200
Re: amd64 running on Intel Celeron and Pentium? (was: [SECURITY] [DSA 5113-1] firefox-esr security update) Odo Poppinger <odopopp@gmail.com> - 2022-04-13 17:40 +0200
Re: amd64 running on Intel Celeron and Pentium? (was: [SECURITY] [DSA 5113-1] firefox-esr security update) Michael Stone <mstone@debian.org> - 2022-04-13 18:00 +0200
Re: amd64 running on Intel Celeron and Pentium? (was: [SECURITY] [DSA 5113-1] firefox-esr security update) Elmar Stellnberger <estellnb@elstel.org> - 2022-04-14 10:50 +0200
Re: amd64 running on Intel Celeron and Pentium? (was: [SECURITY] [DSA 5113-1] firefox-esr security update) Levis Yarema <levisyarema91@gmail.com> - 2022-04-14 15:50 +0200
Re: amd64 running on Intel Celeron and Pentium? (was: [SECURITY] [DSA 5113-1] firefox-esr security update) Elmar Stellnberger <estellnb@elstel.org> - 2022-04-15 09:10 +0200
Re: [SECURITY] [DSA 5113-1] firefox-esr security update Elmar Stellnberger <estellnb@elstel.org> - 2022-04-13 22:10 +0200
Re: [SECURITY] [DSA 5113-1] firefox-esr security update Elmar Stellnberger <estellnb@elstel.org> - 2022-04-13 22:30 +0200
Re: [SECURITY] [DSA 5113-1] firefox-esr security update Elmar Stellnberger <estellnb@elstel.org> - 2022-04-15 18:40 +0200
Re: [SECURITY] [DSA 5113-1] firefox-esr security update Elmar Stellnberger <estellnb@elstel.org> - 2022-04-16 16:10 +0200
Re: [SECURITY] [DSA 5113-1] firefox-esr security update Odo Poppinger <odopopp@gmail.com> - 2022-04-16 17:30 +0200
Re: [SECURITY] [DSA 5113-1] firefox-esr security update Elmar Stellnberger <estellnb@elstel.org> - 2022-04-17 17:50 +0200
Re: [SECURITY] [DSA 5113-1] firefox-esr security update Elmar Stellnberger <estellnb@elstel.org> - 2022-04-17 18:10 +0200
Re: [SECURITY] [DSA 5113-1] firefox-esr security update Elmar Stellnberger <estellnb@elstel.org> - 2022-04-17 18:20 +0200
Re: [SECURITY] [DSA 5113-1] firefox-esr security update Elmar Stellnberger <estellnb@elstel.org> - 2022-04-18 19:50 +0200
Re: [SECURITY] [DSA 5113-1] firefox-esr security update Elmar Stellnberger <estellnb@elstel.org> - 2022-04-19 12:20 +0200
Re: [SECURITY] [DSA 5113-1] firefox-esr security update Elmar Stellnberger <estellnb@elstel.org> - 2022-05-07 15:50 +0200
Re: [SECURITY] [DSA 5113-1] firefox-esr security update Elmar Stellnberger <estellnb@elstel.org> - 2022-04-14 15:00 +0200
Re: [SECURITY] [DSA 5113-1] firefox-esr security update Elmar Stellnberger <estellnb@elstel.org> - 2022-04-14 19:00 +0200
Re: [SECURITY] [DSA 5113-1] firefox-esr security update Friedhelm Waitzmann <fach220408.fwnsp@xoxy.net> - 2022-04-15 05:10 +0200
Re: [SECURITY] [DSA 5113-1] firefox-esr security update Elmar Stellnberger <estellnb@elstel.org> - 2022-04-14 15:00 +0200
Re: [SECURITY] [DSA 5113-1] firefox-esr security update Elmar Stellnberger <estellnb@gmail.com> - 2022-11-18 16:50 +0100
csiph-web