Summary: | nvidia-glx/nvidia-drivers use TEXTREL and contain excecutable stacks | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Togge <togge.gentoo> |
Component: | Current packages | Assignee: | X11 External Driver Maintainers <x11-drivers> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | abraham, caster, nichoj, sanchan, sandro.bonazzola, vapier, wilsondr |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | x86 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: |
Executable stacks log file, as requested.
ebuild updated fixing this issue for _amd64. patch for x86 and symlink |
Description
Togge
2005-12-08 10:37:03 UTC
I confirm this bug also on media-video/nvidia-glx-1.0.8178 for amd64. QA Notice: the following files contain runtime text relocations Text relocations force the dynamic linker to perform extra work at startup, waste system resources, and may pose a security risk. On some architectures, the code may not even function properly, if at all. TEXTREL usr/lib32/opengl/nvidia/tls/libnvidia-tls.so.1.0.8178 TEXTREL usr/lib32/opengl/nvidia/no-tls/libnvidia-tls.so.1.0.8178 TEXTREL usr/lib32/opengl/nvidia/lib/libGLcore.so.1.0.8178 TEXTREL usr/lib32/opengl/nvidia/lib/libGL.so.1.0.8178 QA Notice: the following files contain executable stacks Files with executable stacks will not work properly (or at all!) on some architectures/operating systems. A bug should be filed at http://bugs.gentoo.org/ to make sure the file is fixed. RWX --- --- usr/lib64/xorg/libXvMCNVIDIA.so.1.0.8178 --- --- RWX usr/lib64/opengl/nvidia/extensions/libglx.so --- --- RWX usr/lib64/opengl/nvidia/lib/libGLcore.so.1.0.8178 RWX --- RWX usr/lib64/opengl/nvidia/lib/libGL.so.1.0.8178 --- --- RWX usr/lib32/opengl/nvidia/lib/libGLcore.so.1.0.8178 --- --- RWX usr/lib32/opengl/nvidia/lib/libGL.so.1.0.8178 I'm not sure if this is related (seems to me that it would be), but on AMD64, the libGLcore is no longer properly symlinked. No OpenGL programs open with this version (1.0.8178) emerged. Since we can't fix the binary files that NVIDIA provides, I'm going to mark this as CANTFIX. I don't know why these errors are there now, seems like this could be a problem for many binary packages. *** Bug 148789 has been marked as a duplicate of this bug. *** Would it be possible to add RESTRICT="stricter" so the ebuild won't fail for those who enabled that feature? I did it in my portage overlay and seems to work perfectly... Well, adding RESTRICT="stricter" isn't the answer in this case. Instead, I added the QA variables to nvidia-drivers and nvidia-legacy drivers. OK, didn't know about those QA variables, maybe that's the reason I'm not a gentoo dev :-P. This bug has been marked as resolved but the problem seems to be yet around. I recently tried to update nvidia-drivers to 1.0.8776 and found the following errors: QA Notice: the following files contain runtime text relocations Text relocations force the dynamic linker to perform extra work at startup, waste system resources, and may pose a security risk. On some architectures, the code may not even function properly, if at all. For more information, see http://hardened.gentoo.org/pic-fix-guide.xml Please include this file in your report: /var/tmp/portage/nvidia-drivers-1.0.8776/temp/scanelf-textrel.log TEXTREL usr/lib/xorg/modules/drivers/nvidia_drv.so TEXTREL usr/lib/libXvMCNVIDIA.so.1.0.8776 QA Notice: the following files contain executable stacks Files with executable stacks will not work properly (or at all!) on some architectures/operating systems. A bug should be filed at http://bugs.gentoo.org/ to make sure the file is fixed. For more information, see http://hardened.gentoo.org/gnu-stack.xml Please include this file in your report: /var/tmp/portage/nvidia-drivers-1.0.8776/temp/scanelf-execstack.log --- --- RWX usr/lib/opengl/nvidia/lib/libGL.so.1.0.8776 --- --- RWX usr/lib/opengl/nvidia/lib/libGLcore.so.1.0.8776 --- --- RWX usr/lib/opengl/nvidia/extensions/libglx.so Although some QA variables have been included inside the ebuild, the files with text relocations aren't covered by them. The funny point is that the ones with executable stacks are indeed covered by QA variables and yet there they are... ####################### emerge --info Portage 2.1.1-r1 (default-linux/x86/2006.0, gcc-3.4.6, glibc-2.3.5-r2, 2.6.17-gentoo-r4 i686) ================================================================= System uname: 2.6.17-gentoo-r4 i686 AMD Athlon(tm) XP 1700+ Gentoo Base System version 1.12.6 Last Sync: Wed, 08 Nov 2006 09:50:01 +0000 distcc 2.16 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] ccache version 2.3 [enabled] app-admin/eselect-compiler: [Not Present] dev-java/java-config: [Not Present] dev-lang/python: 2.3.5-r2, 2.4.3-r4 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: 2.3 dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.60 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.13-r4 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.8.1-r1, 2.6.17-r1 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -pipe -march=athlon-xp" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/share/X11/xkb /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/splash /etc/terminfo" CXXFLAGS="-O2 -pipe -march=athlon-xp" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig ccache distlocks metadata-transfer sandbox sfperms strict stricter test" GENTOO_MIRRORS="http://ftp.caliu.info/pub/gentoo/ http://mirror.ovh.net/gentoo-distfiles/" LANG="es_ES.UTF-8@euro" LC_ALL="es_ES.UTF-8@euro" LINGUAS="es en" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="3dnow X a52 acpi alsa apache2 asf audiofile avi bash-completion bidi bitmap-fonts bzip2 bzlib canna cdr cjk cli cracklib crypt cups dbus dga directfb divx4linux dlloader doc dri dvb dvd dvdr dvdread eds elibc_glibc emboss encode esd evo exif fbcon fftw firefox flac foomaticdb freewnn ftp gb gcj gd gdbm gif glut gmp gnome gpm gstreamer gtk gtk2 gtkhtml hal iconv imlib input_devices_evdev input_devices_keyboard input_devices_mouse iodbc isdnlog java jikes jpeg kde kernel_linux libg++ libwww linguas_en linguas_es mad memlimit mikmod mime mmx motif mozilla mp3 mpeg msn nas nls nptl nptlonly nsplugin nvidia odbc offensive ogg oggvorbis openal opengl pam pcre pdflib perl png pnp posix ppds pppd qt3 qt4 quicktime readline reflection sdl session sharedmem simplexml spell spl ssl svg svga sysvipc szip tcltk tcpd tetex theora threads tiff truetype truetype-fonts type1-fonts udev unicode usb userland_GNU video_cards_nvidia videos vorbis win32codecs wmf x86 xine xml xorg xprint xv xvid zlib" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, PORTAGE_RSYNC_EXTRA_OPTS Created attachment 101468 [details]
Executable stacks log file, as requested.
I couldn't attach text relocations log file due to it being too large (about 8MB). If it is necessary I'll make it available somehow. --- --- RWX usr/lib/opengl/nvidia/lib/libGL.so.1.0.9629 --- --- RWX usr/lib/opengl/nvidia/lib/libGLcore.so.1.0.9629 --- --- RWX usr/lib/opengl/nvidia/extensions/libglx.so !!! ERROR: x11-drivers/nvidia-drivers-1.0.9629 failed. Call stack: misc-functions.sh, line 439: Called install_qa_check misc-functions.sh, line 165: Called die Still an issue with 1.0.9742 on amd64: QA Notice: the following files contain executable stacks Files with executable stacks will not work properly (or at all!) on some architectures/operating systems. A bug should be filed at http://bugs.gentoo.org/ to make sure the file is fixed. For more information, see http://hardened.gentoo.org/gnu-stack.xml Please include this file in your report: /var/tmp/portage/x11-drivers/nvidia-drivers-1.0.9742/temp/scanelf-execstack.log --- --- RWX usr/lib32/opengl/nvidia/lib/libGL.so.1.0.9742 --- --- RWX usr/lib32/opengl/nvidia/lib/libGLcore.so.1.0.9742 --- --- RWX usr/lib64/opengl/nvidia/lib/libGL.so.1.0.9742 --- --- RWX usr/lib64/opengl/nvidia/lib/libGLcore.so.1.0.9742 --- --- RWX usr/lib64/opengl/nvidia/extensions/libglx.so RWX --- --- usr/lib64/xorg/modules/drivers/nvidia_drv.so RWX --- --- usr/lib64/libXvMCNVIDIA.so.1.0.9742 This should be fixed now. What is really strange is that I *have* the QA_EXECSTACK_* stuff defined, but I still get notices. I'm not really sure what's going on here, but I'm leaving this open for now. It's really weird indeed. I know of other package (dev-java/ibm-jdk-bin-1.5.0.3-r1) which also defines these variables, and also some files have both execstacks and texrels, like here, but there's no problem, unlike here. Portage people, seems that here we have an ebuild with QA_EXECSTACK_* ignored by portage (tested with sys-apps/portage-2.1.2 and previous) This could be a portage bug, so maybe it's better let you know about this. make sure you're using the latest ~arch pax-utils and see if it is still a problem Ahh, I see the problem. Files reported like "RWX --- ---" are fixed with QA_EXECSTACK, but the files "--- --- RWX" need QA_WX_LOAD. meh Created attachment 107388 [details] ebuild updated fixing this issue for _amd64. As reported by caster on comment #18, RWX need QA_WX_LOAD. In QA_EXECSTACK there were some library not listed. Fixed those issues for _amd64. I still see a QA message using this ebuild: * QA Notice: Found an absolute symlink in a library directory: * usr/lib64/libXvMCNVIDIA.so -> /usr/lib64/libXvMCNVIDIA.so.1.0.9746 * It should be a relative symlink if in the same directory * or a linker script if it crosses the /usr boundary. Created attachment 107402 [details, diff]
patch for x86 and symlink
QA_EXECSTACK_x86 changed to QA_WX_LOAD_x86
that absolute symlink made relative
Thanks Vlastimil! |