Im running gentoo 2.4.30 hardened. Since version 1.2.5 of sandbox some ebuilds were broken. GLIBC started complaining about invalid free's and other malloc problems. I reverted back to libsandbox 1.2.4 wich seemed to resolve to problem. In the log files i found grsec complaining about a resource overstep by requesting 4096 (dunno how many) in comparison to 0. The error seems to happen in ebuild.sh somewere or in libsandbox.so this is the errors the ebuild reports: >>> Unpacking openssl-0.9.7g.tar.gz to /var/tmp/portage/openssl-0.9.7g/work * Applying openssl-0.9.7e-gentoo.patch ... [ ok ] * Applying openssl-0.9.7-hppa-fix-detection.patch ... [ ok ] * Applying openssl-0.9.7-alpha-default-gcc.patch ... [ ok ] * Applying openssl-0.9.7g-no-fips.patch ... [ ok ] * Applying openssl-0.9.7g-ptr-casting.patch ... [ ok ] * Applying openssl-0.9.7g-mem-clr-ptr-cast.patch ... [ ok ] * Applying openssl-0.9.7g-ABI-compat.patch ... [ ok ] >>> Source unpacked. *** glibc detected *** free(): invalid next size (fast): 0x5d091290 *** /usr/portage/dev-libs/openssl/openssl-0.9.7g.ebuild: line 83: 1504 Aborted ./${config} ${sslout} ${confopts} --prefix=/usr --openssldir=/etc/ss l shared threads !!! ERROR: dev-libs/openssl-0.9.7g failed. !!! Function src_compile, Line 101, Exitcode 134 !!! Configure failed !!! If you need support, post the topmost build error, NOT this status message. I did quite a lot of tweaking so here i paste my /etc/make.conf: CFLAGS="-O2 -pipe -mtune=i686 -march=i686 -fomit-frame-pointer -fstack-protector -all -fPIC" CHOST="i686-pc-linux-gnu" CXXFLAGS="${CFLAGS}" MAKEOPTS="-j2" USE="libcaca gnutls pam_chroot posix -iconv -userlocales -locales threads -unicode -mmx -sse caps socks5 skey pam_console pam_timestamp pwdb bashcompletion mailwrapper md5sum pic ecc -gdbm pie hardened -opengl -snmp acl attr szip bzip2 idea crypt erandom -ipv6 -gtk2 -jpeg -png mbox mhash ncurses offensive perl posix sockets szip -svga tcltk -usb -wifi x86 -bmp -truetype -X pthreads sftplogging -xmms -gtk -gnome -gpm tcltk bzlib mhash -nls berkdb zlib readline tcpd ssl pam -qt -kde chroot -java" ACCEPT_KEYWORDS="~x86" This is the grsec error: Tue 19:01:43 UTC [localhost/kern/alert] grsec: From 192.168.1.1: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /usr/lib/portage/bin/ebuild.sh[ebuild.sh:24932] uid/euid:0/0 gid/egid:0/0,parent /usr/lib/portage/bin/ebuild.sh[ebuild.sh:2720] uid/euid:0/0 gid/egid:0/0 output of gcc-config: gcc-config -l [1] i686-pc-linux-gnu-3.3.4 [2] i686-pc-linux-gnu-3.4.3-20050110 * [3] i686-pc-linux-gnu-3.4.3-20050110-hardenednopie [4] i686-pc-linux-gnu-3.4.3-20050110-hardenednossp [5] i686-pc-linux-gnu-3.4.3-20050110-vanilla Glibc version: # emerge -pv glibc These are the packages that I would merge, in order: Calculating dependencies ...done! [ebuild R ] sys-libs/glibc-2.3.5 -build -debug +erandom +hardened (-multili b) -nls -nomalloccheck -nptl -nptlonly +pic -userlocales 0 kB Total size of downloads: 0 kB Reproducible: Always Steps to Reproduce: 1. Emerge opsnssl 2. 3. Actual Results: old version of openssl 0.9.7e remains Expected Results: install and compile openssl 0.9.7g Zuul 05.17 # emerge info Portage 2.0.51.22 (default-linux/x86/2005.0/2.4, gcc-3.4.3-20050110, glibc-2.3.5 -r0, 2.4.30-bk2 i686) ================================================================= System uname: 2.4.30-bk2 i686 Celeron (Coppermine) Gentoo Base System version 1.6.11 dev-lang/python: 2.3.5 sys-apps/sandbox: 1.2.8 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.5 sys-devel/binutils: 2.15.92.0.2-r8 sys-devel/libtool: 1.5.16 virtual/os-headers: 2.4.22-r1 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -pipe -mtune=i686 -march=i686 -fomit-frame-pointer -fstack-protector -all -fPIC" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/ config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -pipe -mtune=i686 -march=i686 -fomit-frame-pointer -fstack-protect or-all -fPIC" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks sandbox sfperms strict" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/Linux/ distributions/gentoo" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="acl adns alsa apm arts attr avi bash-completion berkdb bitmap-fonts bzip2 b zlib caps chroot crypt cups curl ecc emboss encode erandom foomaticdb fortran gi f gnutls hardened idea imlib libcaca libg++ libwww mad mailwrapper mbox md5sum m hash mikmod motif mp3 mpeg ncurses offensive oggvorbis oss pam pam_chroot pam_co nsole pam_timestamp pdflib perl pic pie posix pthreads pwdb python quicktime rea dline sdl sftplogging skey slang sockets socks5 spell ssl szip tcltk tcpd thread s truetype-fonts type1-fonts x86 xml2 xv zlib userland_GNU kernel_linux elibc_gl ibc" Unset: ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTDIR_OVERLAY
Re-assign.
works for me
