I have tried to update to kde-base/kdelibs-4.12.5. I updated @system (my system was getting pretty crusty). My system then suggested a emerge @preserved-rebuild and I have attempted revdep-rebuild and 'emerge --update --newuse --deep @world'. I have been able to work out all issues up to kdelibs and I am now stuck. I get this failure in both 4.12.4 and 4.13.1-r1, in the same place. I have attempted with -j1 and turned off all optimizations (ran with empty cflags).I tried with gcc 4.7.3 and 4.6.6, before removing all old versions of gcc from my machine. /usr/bin/cmake -E cmake_progress_report /var/tmp/portage/kde-base/kdelibs-4.12.5/work/kdelibs-4.12.5_build/CMakeFiles [ 26%] Built target icemaker make -f kjs/CMakeFiles/kjs.dir/build.make kjs/CMakeFiles/kjs.dir/depend make[2]: Entering directory `/var/tmp/portage/kde-base/kdelibs-4.12.5/work/kdelibs-4.12.5_build' /usr/bin/cmake -E cmake_progress_report /var/tmp/portage/kde-base/kdelibs-4.12.5/work/kdelibs-4.12.5_build/CMakeFiles [ 26%] Generating opcodes.h, opcodes.cpp, machine.cpp cd /var/tmp/portage/kde-base/kdelibs-4.12.5/work/kdelibs-4.12.5_build/kjs && ../bin/icemaker.shell /var/tmp/portage/kde-base/kdelibs-4.12.5/work/kdelibs-4.12.5/kjs/bytecode ../bin/icemaker.shell: line 4: 6466 Segmentation fault LD_LIBRARY_PATH=/var/tmp/portage/kde-base/kdelibs-4.12.5/work/kdelibs-4.12.5_build/lib/./:/usr/lib64:/var/tmp/portage/kde-base/kdelibs-4.12.5/work/kdelibs-4.12.5_build/lib/.:/usr/lib64/qt4${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH} "/var/tmp/portage/kde-base/kdelibs-4.12.5/work/kdelibs-4.12.5_build/bin/icemaker" "$@" make[2]: *** [kjs/opcodes.h] Error 139 make[2]: Leaving directory `/var/tmp/portage/kde-base/kdelibs-4.12.5/work/kdelibs-4.12.5_build' make[1]: *** [kjs/CMakeFiles/kjs.dir/all] Error 2 make[1]: Leaving directory `/var/tmp/portage/kde-base/kdelibs-4.12.5/work/kdelibs-4.12.5_build' make: *** [all] Error 2 * ERROR: kde-base/kdelibs-4.12.5::gentoo failed (compile phase): * emake failed * * If you need support, post the output of `emerge --info '=kde-base/kdelibs-4.12.5::gentoo'`, * the complete build log and the output of `emerge -pqv '=kde-base/kdelibs-4.12.5::gentoo'`. * The complete build log is located at '/var/log/portage/kde-base:kdelibs-4.12.5:20140613-155816.log'. * For convenience, a symlink to the build log is located at '/var/tmp/portage/kde-base/kdelibs-4.12.5/temp/build.log'. * The ebuild environment file is located at '/var/tmp/portage/kde-base/kdelibs-4.12.5/temp/environment'. * Working directory: '/var/tmp/portage/kde-base/kdelibs-4.12.5/work/kdelibs-4.12.5_build' * S: '/var/tmp/portage/kde-base/kdelibs-4.12.5/work/kdelibs-4.12.5'
Can you please paste the output of dmesg | tail immediately after the segfault?
Created attachment 379126 [details] Build Log Sorry if this is a duplicate.
Created attachment 379128 [details] emerge --info This is my info for the attached build.log. I did also try it with empty CFLAGS and got the same error, but that build.log is not attached.
Output in dmesg: [8882317.165672] icemaker[6466]: segfault at 7f4d0ffb3718 ip 00007f4d0ffb3718 sp 00007fff8bf17678 error 15
What sort of hardened stuff are you using, grsec, pax...?
I may need some instruction to get you the information that you request. My kernel is sys-kernel/hardened-sources-3.11.2. In my use flags I have pax_kernel turned on. I believe in my Gentoo Profile selection I have have selected a server profile. I cannot determine where I set my profile selection at, for lack of an ability to recall that step. I can believe that would be the issue here, as I wanted to run hardened kernel sources and use hardened gcc, and I believe the desktop profiles would not allow that. As for which features I am using, I cannot say that I ever specifically enabled anything. I feel I want the hardened features more than a new shiney KDE, but updating the rest of the system for security reasons, seems blocked by KDE. If the hardened is the issue, maybe I can mask the KDE updates. It may all be unnecessary, but I have ran hardened for most of the time I have run Gentoo, or least back to 2006. Some day, in my freetime, I plan to implement virtualized instances for every web connected service and maybe a desktop browsing instance. I would like to update KDE, but more I want to upgrade a whole bunch of other things, that KDE relies on, and my versions of KDE are not available in Portage, anymore, I believe. Sorry if none of this helps, I am likely too ignorant to answer your questions more completely without more instructions. Thank you.
If you're not sure what hardened kernel features you have turned on, you can check your kernel configuration. Alternatively, you could attach attach your kernel config to this bug (it normally lives in /usr/src/linux/.config). CCing hardened@ too in case they have any ideas.
Created attachment 380052 [details] Kernel .config file
I have attached the .config file. I do not see that grsec is enabled. I believe I chose the defaults in this area, but it is possible that the defaults are from time ago. If someone has some thoughts on what I could turn on/off in the kernel, I am happy to test them. I do have a Gentoo Sources 3.10.7 that I can boot into and attempt a compilation if that would be beneficial in narrowing things down. Thank you.
kdelibs-4.13.2-r1 merge fine for me on hardened Can check your pax or the grsec log file? Portage 2.2.10 (hardened/linux/amd64, gcc-4.8.3, glibc-2.19-r1, 3.13.9-hardened x86_64) ================================================================= System uname: Linux-3.13.9-hardened-x86_64-Intel-R-_Core-TM-_i7_CPU_Q_720_@_1.60GHz-with-gentoo-2.2 KiB Mem: 8114608 total, 2279000 free KiB Swap: 0 total, 0 free Timestamp of tree: Tue, 01 Jul 2014 22:15:01 +0000 ld GNU ld (Gentoo 2.24 p1.4) 2.24 app-shells/bash: 4.2_p47 dev-java/java-config: 2.2.0 dev-lang/python: 2.7.7, 3.2.5-r4, 3.3.5, 3.4.1 dev-util/cmake: 2.8.12.2-r1 dev-util/pkgconfig: 0.28-r1 sys-apps/baselayout: 2.2 sys-apps/openrc: 0.12.4 sys-apps/sandbox: 2.6-r1 sys-devel/autoconf: 2.69 sys-devel/automake: 1.8.5-r4, 1.9.6-r3, 1.11.6, 1.12.6, 1.13.4, 1.14.1 sys-devel/binutils: 2.24-r3 sys-devel/gcc: 4.4.4-r2, 4.5.3-r2, 4.6.4, 4.7.3, 4.8.3, 4.9.0 sys-devel/gcc-config: 1.8 sys-devel/libtool: 2.4.2-r1 sys-devel/make: 4.0-r1 sys-kernel/linux-headers: 3.15 (virtual/os-headers) sys-libs/glibc: 2.19-r1
Magnus, you seem to have a lot more updated packages then I have. I am not running ~arch on any core/system packages. Should I try updating some of those to ~arch levels? I attempted to locate a pax or grsec log file and can find nothing. Sorry to be difficult, but I googled around and could not find any obvious mentions to these log files. It has become clear to me that I likely need to do more than just run the hardened profile and kernel to make use of the hardened features. I have been pretty lazy there, with seemingly great "luck". That is a different issue though. This is probably not useful, but I ran paxtest to get an idea of what my system would do; PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org> Released under the GNU Public Licence version 2 or later Writing output to paxtest.log It may take a while for the tests to complete Test results: PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org> Released under the GNU Public Licence version 2 or later Mode: blackhat Linux hexose 3.11.2-hardened #1 SMP Sun Dec 15 14:12:34 CST 2013 x86_64 AMD Phenom(tm) II X6 1100T Processor AuthenticAMD GNU/Linux Executable anonymous mapping : Killed Executable bss : Killed Executable data : Killed Executable heap : Killed Executable stack : Killed Executable shared library bss : Killed Executable shared library data : Killed Executable anonymous mapping (mprotect) : Vulnerable Executable bss (mprotect) : Vulnerable Executable data (mprotect) : Vulnerable Executable heap (mprotect) : Vulnerable Executable stack (mprotect) : Vulnerable Executable shared library bss (mprotect) : Vulnerable Executable shared library data (mprotect): Vulnerable Writable text segments : Vulnerable Anonymous mapping randomisation test : 28 bits (guessed) Heap randomisation test (ET_EXEC) : No randomisation Heap randomisation test (PIE) : 28 bits (guessed) Main executable randomisation (ET_EXEC) : No randomisation Main executable randomisation (PIE) : 28 bits (guessed) Shared library randomisation test : 28 bits (guessed) Stack randomisation test (SEGMEXEC) : 20 bits (guessed) Stack randomisation test (PAGEEXEC) : 20 bits (guessed) Return to function (strcpy) : paxtest: return address contains a NULL byte. Return to function (memcpy) : Killed Return to function (strcpy, PIE) : paxtest: return address contains a NULL byte. Return to function (memcpy, PIE) : Killed
I replaced my machine with the latest Stage 3 tarball, though I still have my make.conf. I am able to build everything up to kdelibs. cd /var/tmp/portage/kde-base/kdelibs-4.14.3-r1/work/kdelibs-4.14.3_build/kjs && ../bin/icemaker.shell /var/tmp/portage/kde-base/kdelibs-4.14.3-r1/work/kdelibs-4.14.3/kjs/bytecode ../bin/icemaker.shell: line 4: 20372 Segmentation fault LD_LIBRARY_PATH=/var/tmp/portage/kde-base/kdelibs-4.14.3-r1/work/kdelibs-4.14.3_build/lib/./:/usr/lib64:/var/tmp/portage/kde-base/kdelibs-4.14.3-r1/work/kdelibs-4.14.3_build/lib/.:/usr/lib64/qt4${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH} "/var/tmp/portage/kde-base/kdelibs-4.14.3-r1/work/kdelibs-4.14.3_build/bin/icemaker" "$@" kjs/CMakeFiles/kjs.dir/build.make:100: recipe for target 'kjs/opcodes.h' failed make[2]: *** [kjs/opcodes.h] Error 139 make[2]: Leaving directory '/var/tmp/portage/kde-base/kdelibs-4.14.3-r1/work/kdelibs-4.14.3_build' CMakeFiles/Makefile2:16572: recipe for target 'kjs/CMakeFiles/kjs.dir/all' failed make[1]: *** [kjs/CMakeFiles/kjs.dir/all] Error 2 make[1]: *** Waiting for unfinished jobs.... If I paste: cd /var/tmp/portage/kde-base/kdelibs-4.14.3-r1/work/kdelibs-4.14.3_build/kjs && ../bin/icemaker.shell /var/tmp/portage/kde-base/kdelibs-4.14.3-r1/work/kdelibs-4.14.3/kjs/bytecode onto a command line, it seems to complete or at least does not segfault. I had an issue with Mesa and llvm-config segfaulting, though I could run it by hand fine, too. I am going to try and build the kdelibs on another PC and package it as a binary, to see if I can get past this.
Here is my current emerge --info Portage 2.2.14 (python 2.7.9-final-0, hardened/linux/amd64, gcc-4.8.3, glibc-2.19-r1, 3.15.5-hardened-r2 x86_64) ================================================================= System uname: Linux-3.15.5-hardened-r2-x86_64-AMD_Phenom-tm-_II_X6_1100T_Processor-with-gentoo-2.2 KiB Mem: 32568532 total, 1918048 free KiB Swap: 0 total, 0 free Timestamp of tree: Mon, 19 Jan 2015 22:00:01 +0000 ld GNU ld (Gentoo 2.24 p1.4) 2.24 app-shells/bash: 4.2_p53 dev-lang/perl: 5.18.2-r2 dev-lang/python: 2.7.9-r1, 3.3.5-r1 dev-util/cmake: 2.8.12.2-r1 dev-util/pkgconfig: 0.28-r1 sys-apps/baselayout: 2.2 sys-apps/openrc: 0.13.8 sys-apps/sandbox: 2.6-r1 sys-devel/autoconf: 2.69 sys-devel/automake: 1.13.4 sys-devel/binutils: 2.24-r3 sys-devel/gcc: 4.8.3 sys-devel/gcc-config: 1.7.3 sys-devel/libtool: 2.4.2-r1 sys-devel/make: 4.0-r1 sys-kernel/linux-headers: 3.16 (virtual/os-headers) sys-libs/glibc: 2.19-r1
(In reply to Jeremy Gruen from comment #12) > I replaced my machine with the latest Stage 3 tarball, though I still have > my make.conf. I am able to build everything up to kdelibs. > > cd /var/tmp/portage/kde-base/kdelibs-4.14.3-r1/work/kdelibs-4.14.3_build/kjs > && ../bin/icemaker.shell > /var/tmp/portage/kde-base/kdelibs-4.14.3-r1/work/kdelibs-4.14.3/kjs/bytecode > ../bin/icemaker.shell: line 4: 20372 Segmentation fault > LD_LIBRARY_PATH=/var/tmp/portage/kde-base/kdelibs-4.14.3-r1/work/kdelibs-4. > 14.3_build/lib/./:/usr/lib64:/var/tmp/portage/kde-base/kdelibs-4.14.3-r1/ > work/kdelibs-4.14.3_build/lib/.:/usr/lib64/qt4${LD_LIBRARY_PATH:+: > $LD_LIBRARY_PATH} > "/var/tmp/portage/kde-base/kdelibs-4.14.3-r1/work/kdelibs-4.14.3_build/bin/ > icemaker" "$@" > kjs/CMakeFiles/kjs.dir/build.make:100: recipe for target 'kjs/opcodes.h' > failed > make[2]: *** [kjs/opcodes.h] Error 139 > make[2]: Leaving directory > '/var/tmp/portage/kde-base/kdelibs-4.14.3-r1/work/kdelibs-4.14.3_build' > CMakeFiles/Makefile2:16572: recipe for target 'kjs/CMakeFiles/kjs.dir/all' > failed > make[1]: *** [kjs/CMakeFiles/kjs.dir/all] Error 2 > make[1]: *** Waiting for unfinished jobs.... > > > If I paste: > cd /var/tmp/portage/kde-base/kdelibs-4.14.3-r1/work/kdelibs-4.14.3_build/kjs > && ../bin/icemaker.shell > /var/tmp/portage/kde-base/kdelibs-4.14.3-r1/work/kdelibs-4.14.3/kjs/bytecode > > onto a command line, it seems to complete or at least does not segfault. > > I had an issue with Mesa and llvm-config segfaulting, though I could run it > by hand fine, too. > > I am going to try and build the kdelibs on another PC and package it as a > binary, to see if I can get past this. Do you have same config for the kernel and still have Grsec/Pax off? Most kills/segfaulting is done by Mprotect but you have it off in the kernel as i look at the paxtest and you should have a antry in the dmesg from grsec/pax. It compile fine on my hardened system with Grsec/Pax on Have try to make a corefile or trace it?