154369 – execstacks in media-libs/xvid-1.1.0-r3 on amd64

Bug 154369 - execstacks in media-libs/xvid-1.1.0-r3 on amd64

Summary: execstacks in media-libs/xvid-1.1.0-r3 on amd64

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Hardened (show other bugs)
Hardware:	AMD64 Linux

Importance:	High normal
Assignee:	The Gentoo Linux Hardened Team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2006-11-07 07:47 UTC by Patrick McLean
Modified:	2007-02-03 14:04 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
scanelf-execstack.log (scanelf-execstack.log,1.12 KB, text/plain) 2006-11-07 07:47 UTC, Patrick McLean	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Patrick McLean gentoo-dev

2006-11-07 07:47:09 UTC

media-libs/xvid-1.1.0-r3 seems to have execstacks on amd64:

QA Notice: the following files contain executable stacks
 Files with executable stacks will not work properly (or at all!)
 on some architectures/operating systems.  A bug should be filed
 at http://bugs.gentoo.org/ to make sure the file is fixed.
 For more information, see http://hardened.gentoo.org/gnu-stack.xml
 Please include this file in your report:
 /var/tmp/portage/xvid-1.1.0-r3/temp/scanelf-execstack.log
RWX --- --- usr/lib64/libxvidcore.so.4.1

will attach the scanelf log

Comment 1 Patrick McLean gentoo-dev

2006-11-07 07:47:36 UTC

Created attachment 101396 [details]
scanelf-execstack.log

Comment 2 Simon Stelling (RETIRED) gentoo-dev

2007-02-03 12:59:15 UTC

oops, sorry for the bugspam

Comment 3 Alexander Gabert (RETIRED) gentoo-dev

2007-02-03 13:39:21 UTC

i will try to reproduce this bug on miranda hardened chroot

in the meantime please give emerge --info

i need your gcc, glibc, binutils, kernel and whatever version that depends on xvid and xvid is depending on- just give me info to reproduce it like it was when you hit this error

thanks,

Alex

Comment 4 Simon Stelling (RETIRED) gentoo-dev

2007-02-03 13:45:43 UTC

Here you go:

# emerge -pv yasm xvid

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild   R   ] dev-lang/yasm-0.4.0  USE="nls" 0 kB 
[ebuild   R   ] media-libs/xvid-1.1.2  USE="(-altivec) -doc" 0 kB 

Total: 2 packages (2 reinstalls), Size of downloads: 0 kB

Portage 2.1.2-r5 (default-linux/amd64/2006.1/desktop, gcc-4.1.1, glibc-2.4-r3, 2.6.17-gentoo-r5 x86_64)
=================================================================
System uname: 2.6.17-gentoo-r5 x86_64 AMD Opteron(tm) Processor 242
Gentoo Base System version 1.12.5
Timestamp of tree: Unknown
dev-java/java-config: 1.3.7, 2.0.30
dev-lang/python:     2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.61
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r3
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="amd64"
AUTOCLEAN="yes"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-ggdb -march=k8 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /opt/resin/conf /usr/share/X11/xkb"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-ggdb -march=k8 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig collision-protect distlocks installsources metadata-transfer multilib-strict sandbox sfperms splitdebug test"
GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo"
LC_ALL="en_US.UTF-8"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="X alsa amd64 berkdb bitmap-fonts cairo cdr cli cracklib crypt cups dbus dlloader dri dvd dvdr eds emboss encode esd fam firefox fortran gdbm gif gnome gpm gstreamer gtk gtk2 hal iconv ipv6 isdnlog jpeg ldap libg++ mad midi mikmod mp3 mpeg ncurses nls nptl nptlonly nsplugin ogg opengl oss pam pcre perl png ppds pppd python quicktime readline reflection sdl session spell spl ssl tcpd test truetype truetype-fonts type1-fonts udev unicode vorbis xml xorg xv zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="none"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LDFLAGS, LINGUAS, MAKEOPTS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY

Comment 5 Alexis Ballier gentoo-dev

2007-02-03 13:46:21 UTC

wasn't this supposed to be fixed after bug #159498 ?

if it is not, I suppose the yasm version used might be useful : 
no execstack here with yasm 0.5.0

Comment 6 Simon Stelling (RETIRED) gentoo-dev

2007-02-03 13:53:57 UTC

Indeed, problem disappears with yasm-0.5.0. I bumped the dependency, so this is fixed now. Thanks everybody!

Comment 7 Alexis Ballier gentoo-dev

2007-02-03 13:56:24 UTC

But... is this really fixed, yasm 0.5.0 keywords are : 
KEYWORDS="-* ~x86 ~amd64"

what about stable ?

Comment 8 Simon Stelling (RETIRED) gentoo-dev

2007-02-03 14:04:04 UTC

get the newer versions marked stable then, I'd say