Summary: | dev-lang/R-2.13.1-r1 reports stack smashing attacks during build | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Howard B. Golden <howard_b_golden> |
Component: | Current packages | Assignee: | Gentoo Science Mathematics related packages <sci-mathematics> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | atoth, hardened |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: |
Build log
emerge --info and emerge -qpv |
Created attachment 287747 [details]
emerge --info and emerge -qpv
Add emerge --info and emerge -qpv as attachment.
I'd like to confirm this bug as well. " i686-pc-linux-gnu-gcc -std=gnu99 -I/var/tmp/portage/dev-lang/R-2.13.1-r1/work/R-2.13.1/include -I/usr/local/include -fpic -O2 -march=i686 -mtune=athlon-mp -pipe -c survregc1.c -o survregc1.o i686-pc-linux-gnu-gcc -std=gnu99 -I/var/tmp/portage/dev-lang/R-2.13.1-r1/work/R-2.13.1/include -I/usr/local/include -fpic -O2 -march=i686 -mtune=athlon-mp -pipe -c survregc2.c -o survregc2.o i686-pc-linux-gnu-gcc -std=gnu99 -shared -Wl,-O1 -Wl,--as-needed -o survival.so agexact.o agfit3.o agfit5.o agmart.o agmart2.o agscore.o agsurv3.o agsurv4.o agsurv5.o chinv2.o chinv3.o cholesky2.o cholesky3.o chsolve2.o chsolve3.o concordance1.o cox_Rcallback.o coxcount1.o coxdetail.o coxfit2.o coxfit5.o coxmart.o coxph_wtest.o coxsafe.o coxscho.o coxscore.o dmatrix.o doloop.o pyears1.o pyears2.o pyears3.o pystep.o survConcordance.o survdiff2.o survfit4.o survpenal.o survreg6.o survreg7.o survregc1.o survregc2.o -L/var/tmp/portage/dev-lang/R-2.13.1-r1/work/R-2.13.1/lib -lR make[3]: Leaving directory `/var/tmp/portage/dev-lang/R-2.13.1-r1/temp/Rtmpp66xYV/R.INSTALL4546b921/survival/src' installing to /var/tmp/portage/dev-lang/R-2.13.1-r1/work/R-2.13.1/library/survival/libs ** R ** data ** moving datasets to lazyload DB ** inst ** preparing package for lazy loading ** help *** stack smashing detected ***: R - terminated R: stack smashing attack in function <unknown> - terminated Report to http://bugs.gentoo.org/ /var/tmp/portage/dev-lang/R-2.13.1-r1/work/R-2.13.1/bin/INSTALL: line 34: 1448 Done echo 'tools:::.install_packages()' 1449 Killed | R_DEFAULT_PACKAGES= LC_COLLATE=C "${R_HOME}/bin/R" $myArgs --slave --args ${args} make[2]: *** [survival.ts] Error 1 make[2]: Leaving directory `/var/tmp/portage/dev-lang/R-2.13.1-r1/work/R-2.13.1/src/library/Recommended' make[1]: *** [recommended-packages] Error 2 make[1]: Leaving directory `/var/tmp/portage/dev-lang/R-2.13.1-r1/work/R-2.13.1/src/library/Recommended' make: *** [stamp-recommended] Error 2 " OMZG Please see the R Bugzilla: http://bugs.r-project.org/bugzilla3/show_bug.cgi?id=14627 This describes stack smashing (due to a bug). It's possibly related to this bug, but I'm not sure. Upstream reports that this is fixed in R-2.14 (in development). R-2.14.1 in cvs fixes it. Affected versions gone. |
Created attachment 287745 [details] Build log See the attached build log which shows several stack smashing attacks when built with a hardened toolchain.