When the gold linker is used, it sometimes generates duplicated symbols.
It's not something new, and can be seen for example in
qtbase-opensource-src 5.7.1+dfsg-2:

  1081: 00000000004caf88     0 NOTYPE  GLOBAL DEFAULT ABS __bss_start@Qt_5
  1082: 00000000004caf88     0 NOTYPE  GLOBAL DEFAULT ABS __bss_start@Qt_5

Note that bfd doesn't generate duplicated with the same command line
beside the -fuse-ld=gold. This used to not be a problem with both gold
and bfd. However the upstream commit eb3908448b , which first appeared
in binutils 2.27.51.20161231-1, causes this symbols to become
relocatable. This can be seen in qtbase-opensource-src 5.7.1+dfsg-3:

  1081: 00000000004caf88     0 NOTYPE  GLOBAL DEFAULT 19 __bss_start@Qt_5
  1082: 00000000004caf88     0 NOTYPE  GLOBAL DEFAULT 19 __bss_start@Qt_5

This in turn causes bfd to fail to link binaries against libQt5Core.so
or libQt5Gui.so, for example when building libqapt (see [1] for a full
build log):

  /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5.7.1:(*IND*+0x0): multiple definition of `__bss_start'
  /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5.7.1:(*IND*+0x0): multiple definition of `_edata'
  /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5.7.1:(*IND*+0x0): multiple definition of `_end'
  /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.7.1:(*IND*+0x0): multiple definition of `__bss_start'
  /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.7.1:(*IND*+0x0): multiple definition of `__bss_start'
  /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.7.1:(*IND*+0x0): multiple definition of `_edata'
  /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.7.1:(*IND*+0x0): multiple definition of `_edata'
  /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.7.1:(*IND*+0x0): multiple definition of `_end'
  /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.7.1:(*IND*+0x0): multiple definition of `_end'

Note however that having duplicated symbols doesn't cause a problem to
gold, only to bfd.

I don't really know how this should be fixed, either bfd should accept
duplicated symbols, or gold should stop generating them.


[1] https://buildd.debian.org/status/fetch.php?pkg=libqapt&arch=mipsel&ver=3.0.2-1%2Bb2&stamp=1484821949&raw=0

Control: severity -1 important

This is work-arounded in binutils/2.27.90.20170124-2. Let's keep this open until
we have a proper fix and not a workaround, but no longer at RC severity.

Cheers,
Emilio

Control: severity -1 serious

The workaround was dropped in binutils/2.28.51.20170620-1 (which reached
unstable on July 25th), so we have this bug again with Qt 5.9, and it is
blocking its transition. Bumping the severity back.

A couple of examples, thanks to Adrian Bunk:

https://tests.reproducible-builds.org/debian/rbuild/unstable/amd64/kphotoalbum_5.2-2.rbuild.log
https://tests.reproducible-builds.org/debian/rbuild/unstable/amd64/italc_3.0.3+dfsg1-1.rbuild.log

It also makes qtwebkit FTBFS on armel and armhf.

Either the workaround needs to be reintroduced, or we will have to rebuild
Qt with bfd instead of gold.

Dear all,

First of all hats of to the present and any past maintainers who have
been maintaining this small yet crucial bit of software for years.

I saw the bug in question -

While I don't have the technical skills to understand what the issue
is, I do grasp that something is missing.

I also saw the upstream bug where Matthias has shared his comment as
https://sourceware.org/bugzilla/show_bug.cgi?id=21074#c11 but nothing
seems to be happening (or maybe something is happening behind the
scenes then don't know it.)

I did run however -

apt-cache rdepends binutils

as well as apt-rdepends -r binutils | less

to see for myself as well as share the extent to which this crucial
bit of software affects in the distribution.

I wouldn't have dared comment on this bug if it was not for -

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface:  NO  (kernel confirms
your system is vulnerable)
* Kernel has array_index_mask_nospec:  UNKNOWN  (couldn't check
(missing 'readelf' tool, please install it, usually it's in the
'binutils' package))
* Kernel has the Red Hat/Ubuntu patch:  UNKNOWN  (missing 'strings'
tool, please install it, usually it's in the binutils package)
* Checking count of LFENCE instructions following a jump in kernel...
UNKNOWN  (couldn't check (missing 'readelf' tool, please install it,
usually it's in the 'binutils' package))

This is from running -

$ sudo spectre-meltdown-checker

There still seems to be some microcde updates missing for the
mitigation but that's another story altogether.

Hoping to see binutils fixed or alternatively if possible have a
version of the package in experimental which we can use in the
meanwhile it's being fixed as currently there's just no solution then
installing a buggy version which I won't know how it would affect my
system.

$ apt-cache policy binutils
binutils:
  Installed: (none)
  Candidate: 2.30-8
  Version table:
     2.30-8 900
        900 http://cdn-fastly.deb.debian.org/debian buster/main amd64 Packages
        100 http://cdn-fastly.deb.debian.org/debian unstable/main amd64 Packages

Looking forward to some sort of interim fix.

Hi doko, Dmitry,

On Fri, 18 Aug 2017 14:04:26 +0300 Dmitry Shachnev <mitya57@debian.org> wrote:

This bug is a bit over my head, but what is the current status of this?
The upstream bug stopped well before the workaround was dropped, so that
doesn't help much in understanding. Is Qt now building with bfd instead
of gold to avoid this issue?

Paul

Hi Paul!

Yes, since qtbase-opensource-src 5.9.1+dfsg-9 (20 Aug 2017).

Hi,

So I think we can downgrade this bug again.

Ivo