QA Notice: the following files contain executable stacks Files with executable stacks will not work properly (or at all!) on some architectures/operating systems. A bug should be filed at http://bugs.gentoo.org/ to make sure the file is fixed. For more information, see http://hardened.gentoo.org/gnu-stack.xml Please include this file in your report: /var/tmp/portage/nss-3.11-r1/temp/scanelf-execstack.log "RWX --- --- usr/lib64/nss/libfreebl3.so.11" !!! ERROR: dev-libs/nss-3.11-r1 failed. Call stack: misc-functions.sh, line 409: Called install_qa_check misc-functions.sh, line 166: Called die !!! Aborting due to QA concerns: execstacks scanelf-execstack.log: RWX --- --- image/usr/lib64/nss/libfreebl3.so.11 RWX --- --- work/nss-3.11/mozilla/security/dist/Linux2.6_x86_64_glibc_PTH_64_OPT .OBJ/lib/libfreebl3.so RWX --- --- work/nss-3.11/mozilla/security/dist/Linux2.6_x86_64_glibc_PTH_64_OPT .OBJ/lib/libfreebl3.so.11 !WX --- --- work/nss-3.11/mozilla/security/nss/lib/freebl/Linux2.6_x86_64_glibc_ PTH_64_OPT.OBJ/Linux_SINGLE_SHLIB/arcfour-amd64-gas.o RWX --- --- work/nss-3.11/mozilla/security/nss/lib/freebl/Linux2.6_x86_64_glibc_ PTH_64_OPT.OBJ/Linux_SINGLE_SHLIB/libfreebl3.so.11 !WX --- --- work/nss-3.11/mozilla/security/nss/lib/freebl/Linux2.6_x86_64_glibc_ PTH_64_OPT.OBJ/Linux_SINGLE_SHLIB/mpi_amd64_gas.o
Not that I know what is stricter... It is not documented in make.conf.example. But I don't get these messages. Maybe it is 64bit related. I regret I have no place to test it.
These type of things will generally vary from platform to platform. To see this in action, take a look at dev-java/ibm-jdk-bin, where it varies from x86, to amd64, to ppc, to ppc64. So yes, it could be possible this is only affected on amd64. The documentation listed in the notice explains how this can be really fixed. There is a workaround that can be done until that is done though: you specify QA_EXECSTACK_amd64 to be the list of files effected.
Created attachment 100286 [details, diff] nss-3.11.3-stack.patch Hello Josh, Can you please test nss-3.11.3, this issue seems to be handled by upstream. The only place I see missing is this attachment... But first try without. Thanks!
Hello amd64, Can you please find the time to test this issue with nss-3.11.3? I cannot test this. Upstream should have solved the problem since 3.11. attachment#100286 [details, diff] is the only issue I could find that may cause it to fail also in 3.11.3. Thanks!
Sorry for not reporting back earlier. I've since updated to 3.11.3-r1, and it seems to merge without any of the QA notices. So, it seems this bug can probably be resolved fixed.
Thanks!