I just added some code to ekopath-4.0.10_pre20110728.ebuild so ekopath works with a pax enabled kernel. The fixes are applied unconditionally since they are safe on pax or vanilla systems. I did not rev bump because there's no need to force those who already have ekopath to re-emerge. I did not address ekopath-4.0.10_pre20110717-r1.ebuild, but the same issues might be there. Two fixes: a) Remove mprotect form the installer. Since the installer doesn't persist on the system, this really doesn't represent any serious degradation of security. b) I removed X bit from GNU STACK phdr leaving it only RW on libstl.so. This addresses one QA issue, but the other remaining one is with the static lib, libstd.a, which still has an RWX GNU STACK due to atomic-cxx.S. This needs to be fixed upstream since we don't have the source. Its a QA problem on any gentoo system. The fix to the assembly is probably as simple as Section 6 in http://www.gentoo.org/proj/en/hardened/gnu-stack.xml, but not having the asm in front of us, its not clear. Reproducible: Always
current version 5.0.1_pre20131115 does not seem to be affected. re-open if so. thanks.
