Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 154369
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: The Gentoo Linux Hardened Team <hardened@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Patrick McLean <chutzpah@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:

Filename Description Type Creator Created Size Actions
scanelf-execstack.log scanelf-execstack.log text/plain Patrick McLean 2006-11-07 07:47 0000 1.12 KB Details
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 154369 depends on: Show dependency tree
Bug 154369 blocks:
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2006-11-07 07:47 0000 
media-libs/xvid-1.1.0-r3 seems to have execstacks on amd64:

QA Notice: the following files contain executable stacks
 Files with executable stacks will not work properly (or at all!)
 on some architectures/operating systems.  A bug should be filed
 at http://bugs.gentoo.org/ to make sure the file is fixed.
 For more information, see http://hardened.gentoo.org/gnu-stack.xml
 Please include this file in your report:
 /var/tmp/portage/xvid-1.1.0-r3/temp/scanelf-execstack.log
RWX --- --- usr/lib64/libxvidcore.so.4.1

will attach the scanelf log

------- Comment #1 From Patrick McLean 2006-11-07 07:47:36 0000 ------- 
Created an attachment (id=101396) [details]
scanelf-execstack.log

------- Comment #2 From Simon Stelling (RETIRED) 2007-02-03 12:59:15 0000 ------- 
oops, sorry for the bugspam

------- Comment #3 From Alexander Gabert (RETIRED) 2007-02-03 13:39:21 0000 ------- 
i will try to reproduce this bug on miranda hardened chroot

in the meantime please give emerge --info

i need your gcc, glibc, binutils, kernel and whatever version that depends on
xvid and xvid is depending on- just give me info to reproduce it like it was
when you hit this error

thanks,

Alex

------- Comment #4 From Simon Stelling (RETIRED) 2007-02-03 13:45:43 0000 ------- 
Here you go:

# emerge -pv yasm xvid

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild   R   ] dev-lang/yasm-0.4.0  USE="nls" 0 kB 
[ebuild   R   ] media-libs/xvid-1.1.2  USE="(-altivec) -doc" 0 kB 

Total: 2 packages (2 reinstalls), Size of downloads: 0 kB

Portage 2.1.2-r5 (default-linux/amd64/2006.1/desktop, gcc-4.1.1, glibc-2.4-r3,
2.6.17-gentoo-r5 x86_64)
=================================================================
System uname: 2.6.17-gentoo-r5 x86_64 AMD Opteron(tm) Processor 242
Gentoo Base System version 1.12.5
Timestamp of tree: Unknown
dev-java/java-config: 1.3.7, 2.0.30
dev-lang/python:     2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.61
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r3
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="amd64"
AUTOCLEAN="yes"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-ggdb -march=k8 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /opt/resin/conf /usr/share/X11/xkb"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf
/etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-ggdb -march=k8 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig collision-protect distlocks installsources
metadata-transfer multilib-strict sandbox sfperms splitdebug test"
GENTOO_MIRRORS="http://distfiles.gentoo.org
http://distro.ibiblio.org/pub/linux/distributions/gentoo"
LC_ALL="en_US.UTF-8"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="X alsa amd64 berkdb bitmap-fonts cairo cdr cli cracklib crypt cups dbus
dlloader dri dvd dvdr eds emboss encode esd fam firefox fortran gdbm gif gnome
gpm gstreamer gtk gtk2 hal iconv ipv6 isdnlog jpeg ldap libg++ mad midi mikmod
mp3 mpeg ncurses nls nptl nptlonly nsplugin ogg opengl oss pam pcre perl png
ppds pppd python quicktime readline reflection sdl session spell spl ssl tcpd
test truetype truetype-fonts type1-fonts udev unicode vorbis xml xorg xv zlib"
ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x
ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3
trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw
asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa
lfloat linear meter mulaw multi null plug rate route share shm softvol"
ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux"
LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses
text" USERLAND="GNU" VIDEO_CARDS="none"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LDFLAGS, LINGUAS,
MAKEOPTS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY

------- Comment #5 From Alexis Ballier 2007-02-03 13:46:21 0000 ------- 
wasn't this supposed to be fixed after bug #159498 ?

if it is not, I suppose the yasm version used might be useful : 
no execstack here with yasm 0.5.0

------- Comment #6 From Simon Stelling (RETIRED) 2007-02-03 13:53:57 0000 ------- 
Indeed, problem disappears with yasm-0.5.0. I bumped the dependency, so this is
fixed now. Thanks everybody!

------- Comment #7 From Alexis Ballier 2007-02-03 13:56:24 0000 ------- 
But... is this really fixed, yasm 0.5.0 keywords are : 
KEYWORDS="-* ~x86 ~amd64"

what about stable ?

------- Comment #8 From Simon Stelling (RETIRED) 2007-02-03 14:04:04 0000 ------- 
get the newer versions marked stable then, I'd say
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug