Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 572682 - mail-filter/rspamd - add jit useflag to fix PaX issues
Summary: mail-filter/rspamd - add jit useflag to fix PaX issues
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Dirkjan Ochtman (RETIRED)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-01-23 14:45 UTC by Daniel Kenzelmann
Modified: 2016-01-27 14:21 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
rspamd-1.1.1-r1.ebuild (rspamd-1.1.1-r1.ebuild,1.20 KB, text/plain)
2016-01-23 17:03 UTC, Daniel Kenzelmann 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Kenzelmann 2016-01-23 14:45:28 UTC 
rspamd is using LuaJIT by default which causes crashes when used with hardened-sources (PaX)

This patch adds a "jit" useflag to either compile with lua or luajit

--------------------------------------------

--- rspamd-1.1.1.ebuild	2016-01-22 11:01:02.000000000 +0100
+++ rspamd-1.1.1.ebuild	2016-01-23 15:34:28.324240674 +0100
@@ -13,11 +13,12 @@
 LICENSE="BSD-2"
 SLOT="0"
 KEYWORDS="~amd64 ~x86"
-IUSE=""
+IUSE="jit"
 
 DEPEND="dev-libs/openssl:0
 		dev-libs/libpcre
-		dev-lang/luajit:2
+		!jit? ( >=dev-lang/lua-5.1:0 )
+		jit? ( dev-lang/luajit:2 )
 		dev-libs/libevent
 		dev-db/sqlite:3
 		dev-libs/glib:2
@@ -32,11 +33,16 @@
 }
 
 src_configure() {
+	luajit="OFF"
+	if use jit; then
+		luajit="ON"
+	fi
 	local mycmakeargs=(
 		-DCONFDIR=/etc/rspamd
 		-DRUNDIR=/var/run/rspamd
 		-DDBDIR=/var/lib/rspamd
 		-DLOGDIR=/var/log/rspamd
+		-DENABLE_LUAJIT=${luajit}
 	)
 	cmake-utils_src_configure
 }


Reproducible: Always
Comment 1 Daniel Kenzelmann 2016-01-23 16:51:51 UTC 
Conditionally also set jit useflag on libpcre
------------------------------------------------
--- rspamd-1.1.1.ebuild	2016-01-22 11:01:02.000000000 +0100
+++ rspamd-1.1.1.ebuild	2016-01-23 17:44:55.822161472 +0100
@@ -13,11 +13,17 @@
 LICENSE="BSD-2"
 SLOT="0"
 KEYWORDS="~amd64 ~x86"
-IUSE=""
+IUSE="jit"
 
 DEPEND="dev-libs/openssl:0
-		dev-libs/libpcre
-		dev-lang/luajit:2
+		!jit? (
+			>=dev-lang/lua-5.1:0
+			dev-libs/libpcre[-jit]
+		)
+		jit? (
+			dev-lang/luajit:2
+			dev-libs/libpcre[jit]
+		)
 		dev-libs/libevent
 		dev-db/sqlite:3
 		dev-libs/glib:2
@@ -32,11 +38,16 @@
 }
 
 src_configure() {
+	luajit="OFF"
+	if use jit; then
+		luajit="ON"
+	fi
 	local mycmakeargs=(
 		-DCONFDIR=/etc/rspamd
 		-DRUNDIR=/var/run/rspamd
 		-DDBDIR=/var/lib/rspamd
 		-DLOGDIR=/var/log/rspamd
+		-DENABLE_LUAJIT=${luajit}
 	)
 	cmake-utils_src_configure
 }
-------------------------------------------
Comment 2 Daniel Kenzelmann 2016-01-23 17:03:38 UTC 
Created attachment 423692 [details]
rspamd-1.1.1-r1.ebuild
Comment 3 Marcin Mirosław 2016-01-24 13:44:22 UTC 
Thanks, now rpsmad works on my box with hardened sources. I'm thinking about jit flag, shouldn't it be disabled on pax kernel?
Comment 4 Michael Palimaka (kensington) gentoo-dev 2016-01-26 14:34:00 UTC 
(In reply to Daniel Kenzelmann from comment #0)
> +	luajit="OFF"
> +	if use jit; then
> +		luajit="ON"
> +	fi
>  	local mycmakeargs=(
>  		-DCONFDIR=/etc/rspamd
>  		-DRUNDIR=/var/run/rspamd
>  		-DDBDIR=/var/lib/rspamd
>  		-DLOGDIR=/var/log/rspamd
> +		-DENABLE_LUAJIT=${luajit}
>  	)

A quick shortcut is -DENABLE_LUAJIT=$(usex jit).
Comment 5 Dirkjan Ochtman (RETIRED) gentoo-dev 2016-01-26 16:37:04 UTC 
Hmm, I think the default here should be +jit, so that users get something by default that resembles the upstream preference. Any objections?
Comment 6 Marcin Mirosław 2016-01-26 20:40:26 UTC 
What about forcing "-jit" on hardened profile?
Comment 7 Dirkjan Ochtman (RETIRED) gentoo-dev 2016-01-26 20:51:31 UTC 
Yeah, that seems sane.
Comment 8 Dirkjan Ochtman (RETIRED) gentoo-dev 2016-01-27 14:21:09 UTC 
Added the jit USE flag as discussed here, in 1.1.1-r1.