144802 – app-emulation/emul-linux-x86-gtklibs-2.8.8 fails due to execstacks

Bug 144802 - app-emulation/emul-linux-x86-gtklibs-2.8.8 fails due to execstacks

Summary: app-emulation/emul-linux-x86-gtklibs-2.8.8 fails due to execstacks

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	New packages (show other bugs)
Hardware:	AMD64 Linux

Importance:	High normal
Assignee:	Herbie Hopkins (RETIRED)

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2006-08-22 18:18 UTC by Josh Nichols (RETIRED)
Modified:	2006-11-14 10:45 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Josh Nichols (RETIRED) gentoo-dev

2006-08-22 18:18:08 UTC

With FEATURES="stricter", emul-linux-x86-gtklibs fails with:

QA Notice: the following files contain executable stacks
 Files with executable stacks will not work properly (or at all!)
 on some architectures/operating systems.  A bug should be filed
 at http://bugs.gentoo.org/ to make sure the file is fixed.
 For more information, see http://hardened.gentoo.org/gnu-stack.xml
 Please include this file in your report:
 /var/tmp/portage/emul-linux-x86-gtklibs-2.8.8/temp/scanelf-execstack.log
RWX --- --- emul/linux/x86/usr/lib/libgdk_pixbuf.so.2.0.0
RWX --- --- emul/linux/x86/usr/lib/libgdk_pixbuf_xlib.so.2.0.0


!!! ERROR: app-emulation/emul-linux-x86-gtklibs-2.8.8 failed.
Call stack:
  misc-functions.sh, line 407:   Called install_qa_check
  misc-functions.sh, line 164:   Called die

!!! Aborting due to QA concerns:  execstacks

Comment 1 Josh Nichols (RETIRED) gentoo-dev

2006-08-22 18:20:22 UTC

Whoops, meant execstacks... Here's the workaround:

QA_EXECSTACK_amd64="emul/linux/x86/usr/lib/libgdk_pixbuf.so.2.0.0
    emul/linux/x86/usr/lib/libgdk_pixbuf_xlib.so.2.0.0"

Comment 2 Sandro Bonazzola (RETIRED) gentoo-dev

2006-11-11 10:52:24 UTC

Maybe the package can be rebuilt solving the issue instead of masking the exec stack.

Comment 3 Olivier Crete (RETIRED) gentoo-dev

2006-11-11 12:57:46 UTC

solution is ignore.. gtk+ 1.2 is too painful to rebuild... if you care about security, you don't use binary stuff anyways.

Comment 4 Sandro Bonazzola (RETIRED) gentoo-dev

2006-11-13 13:46:58 UTC

I don't think this is a good solution where we have free access to the sources. Some packages like wine depends on emul-linux packages, well, maybe not on emul-linux-x86-gtklibs, but since we compile against emul-linux libraries, it's not a good idea leave exec stack around if we can remove them.
If it's only a matter of time required for rebuilding or lazyness please reopen the bug and let someone with time and skill solve the issue.

Comment 5 Olivier Crete (RETIRED) gentoo-dev

2006-11-13 14:01:16 UTC

Re-building the gtk 1 libraries is painful. Recent stuff like wine I hope uses GTK2. Only very crappy old software usees GTK+ 1.. Which is why I'm not going to spend any effort fixing them.

Comment 6 Josh Nichols (RETIRED) gentoo-dev

2006-11-14 08:25:29 UTC

Could we at the very least get QA_EXECSTACK_amd64="emul/linux/x86/usr/lib/libgdk_pixbuf.so.2.0.0
    emul/linux/x86/usr/lib/libgdk_pixbuf_xlib.so.2.0.0"

added to the ebuild, so it doesn't fail with FEATURES="stricter".

Comment 7 Olivier Crete (RETIRED) gentoo-dev

2006-11-14 10:45:17 UTC

its been added