Summary: | dev-lang/orc: liborc-*.so* should be pax marked, pkg_postinst should suggest running revdep-pax | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Nikoli <nikoli> |
Component: | Hardened | Assignee: | GStreamer package maintainers <gstreamer> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | gstreamer, hardened |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Nikoli
2013-05-21 07:10:24 UTC
Also profiles/hardened/linux/make.defaults should have -schroedinger in USE. (In reply to Nikoli from comment #0) > dev-lang/orc is JIT, all bins that use it work only after 'paxctl-ng -m > bin'. Best solution is too 'pax-mark m /usr/bin/orc-bugreport /usr/bin/orcc > /usr/lib64/liborc*.so*' in ebuild and suggest running revdep-pax in > pkg_postinst. See also bug #421579 > You can use ati-drivers-13.4.ebuild as example. > Its easy enough to add the pax markings. Just add src_install something like the following: src_install() { default pax-mark m usr/bin/orc-bugreport pax-mark m usr/bin/orcc pax-mark m usr/$(get_libdir)/liborc*.so* } Then in pkg_postinst just do an if hardened to suggest running revdep-pax from the elfix package. dev-lang/orc belongs to gstreamer so we'll see what they have to say. +*orc-0.4.24 (05 Jul 2015) + + 05 Jul 2015; Pacho Ramos <pacho@gentoo.org> +orc-0.4.24.ebuild, + -orc-0.4.19.ebuild, metadata.xml: + Version bump, pax marking is needed (#470842 by Nikoli and Anthony Basile), + drop old + |