Summary: | dev-libs/ffcall - QA Notice: The following files contain writable and executable sections | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Arvid Norlander <anmaster> |
Component: | [OLD] Unspecified | Assignee: | No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it <maintainer-needed> |
Status: | RESOLVED FIXED | ||
Severity: | QA | CC: | chris, dao.long, gentoo, hardened, slyfox |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | AMD64 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 459890 | ||
Attachments: | patch to explicitly mark stacks |
Description
Arvid Norlander
2009-01-06 11:02:43 UTC
ffcall-1.10-r2 as well, and I have some additional output (note last two lines) * QA Notice: The following files contain executable stacks * Files with executable stacks will not work properly (or at all!) * on some architectures/operating systems. A bug should be filed * at http://bugs.gentoo.org/ to make sure the file is fixed. * For more information, see http://hardened.gentoo.org/gnu-stack.xml * Please include the following list of files in your report: * Note: Bugs should be filed for the respective maintainers * of the package in question and not hardened@ * !WX --- --- usr/lib64/libavcall.a:avcall-x86_64.o * !WX --- --- usr/lib64/libvacall.a:vacall.o * !WX --- --- usr/lib64/libcallback.a:vacall-x86_64.o * RWX --- --- usr/lib64/libavcall.so.0.0.0 * RWX --- --- usr/lib64/libcallback.so.0.0.0 There are execstacks on x86 too. I think this makes the tests fail on hardened, I get the following error: /var/tmp/portage/dev-libs/ffcall-1.10-r3/work/clisp-2.41/ffcall/avcall/.libs/lt-minitests: error while loading shared libraries: libavcall.so.0: cannot enable executable stack as shared object requires: Permission denied This possibly means that the entire package is broken on hardened (as mentioned in the qa warning). *** Bug 459710 has been marked as a duplicate of this bug. *** Created attachment 358550 [details, diff]
patch to explicitly mark stacks
Hi, I followed the hardened guide on stack markings and applied the attached patch, which successfully removed the executable stacks. Yeah!
I've went ahead with slightly less invasive patch: > *ffcall-1.10-r5 (14 Dec 2014) > > 14 Dec 2014; Sergei Trofimovich <slyfox@gentoo.org> +ffcall-1.10-r5.ebuild: > Respect CFLAGS/LDFLAGS (bug #334581), mark noexecstack (bug #253963). Thanks > to w0rm for the report. Thanks guys! |