| Summary: | app-emulation/virtualbox-4.3.28: hardened QA concerns: textrels and execstacks | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | tharvik |
| Component: | Current packages | Assignee: | No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it <maintainer-needed> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | hardened, itumaykin+gentoo, patrick, salikov.alexey |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| See Also: | https://bugs.gentoo.org/show_bug.cgi?id=728238 | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Attachments: |
emerge --info
build.log emerge -pqv |
||
|
Description
tharvik
2015-07-19 18:38:07 UTC
Created attachment 407172 [details]
emerge --info
Created attachment 407174 [details]
build.log
Created attachment 407176 [details]
emerge -pqv
[ebuild R ~] app-emulation/virtualbox-5.0.20::gentoo USE="alsa opengl pam pulseaudio qt4 sdk udev -debug -doc -headless -java -libressl -lvm -python -vboxwebsrv -vnc" PYTHON_TARGETS="python2_7" 0 KiB * QA Notice: The following files contain runtime text relocations * Text relocations force the dynamic linker to perform extra * work at startup, waste system resources, and may pose a security * risk. On some architectures, the code may not even function * properly, if at all. * For more information, see: * * https://wiki.gentoo.org/wiki/Hardened/HOWTO_locate_and_fix_textrels * * Please include the following list of files in your report: * TEXTREL usr/lib64/virtualbox/VBoxRT.so * QA Notice: The following files contain writable and executable sections * Files with such sections will not work properly (or at all!) on some * architectures/operating systems. A bug should be filed at * http://bugs.gentoo.org/ to make sure the issue is fixed. * For more information, see: * * https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart * * Please include the following list of files in your report: * Note: Bugs should be filed for the respective maintainers * of the package in question and not hardened@g.o. * --X --- --- usr/lib64/virtualbox/VMMR0.r0 * --X --- --- usr/lib64/virtualbox/VMMRC.rc but not hardened profile and installation finish with this (In reply to cronolio from comment #4) > [ebuild R ~] app-emulation/virtualbox-5.0.20::gentoo app-emulation/virtualbox-5.1.0 << still Still affecting app-emulation/virtualbox-5.2.16: * QA Notice: The following files contain runtime text relocations * Text relocations force the dynamic linker to perform extra * work at startup, waste system resources, and may pose a security * risk. On some architectures, the code may not even function * properly, if at all. * For more information, see: * * https://wiki.gentoo.org/wiki/Hardened/HOWTO_locate_and_fix_textrels * * Please include the following list of files in your report: * TEXTREL usr/lib64/virtualbox/VBoxRT.so * QA Notice: The following files contain writable and executable sections * Files with such sections will not work properly (or at all!) on some * architectures/operating systems. A bug should be filed at * https://bugs.gentoo.org/ to make sure the issue is fixed. * For more information, see: * * https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart * * Please include the following list of files in your report: * Note: Bugs should be filed for the respective maintainers * of the package in question and not hardened@g.o. * --X --- --- usr/lib64/virtualbox/VMMR0.r0 * QA Notice: Pre-stripped files found: * /usr/lib64/virtualbox/VBoxDD2R0.r0 strip: x86_64-pc-linux-gnu-strip --strip-unneeded -R .comment -R .GCC.command.line -R .note.gnu.gold-version usr/lib64/virtualbox/components/VBoxSVCM.so usr/lib64/virtualbox/components/VBoxXPCOMIPCC.so usr/lib64/virtualbox/VBoxExtPackHelperApp usr/lib64/virtualbox/components/VBoxC.so usr/lib64/virtualbox/VBoxManage usr/lib64/virtualbox/VBoxSVC usr/lib64/virtualbox/VBoxTunctl usr/lib64/virtualbox/VBoxXPCOMIPCD usr/lib64/virtualbox/DbgPlugInDiggers.so usr/lib64/virtualbox/VBoxAuth.so usr/lib64/virtualbox/VBoxAuthSimple.so usr/lib64/virtualbox/VBoxDD.so usr/lib64/virtualbox/VBoxDD2.so usr/lib64/virtualbox/VBoxDDU.so usr/lib64/virtualbox/VBoxDbg.so usr/lib64/virtualbox/VBoxDragAndDropSvc.so usr/lib64/virtualbox/VBoxGuestControlSvc.so usr/lib64/virtualbox/VBoxGuestPropSvc.so usr/lib64/virtualbox/VBoxHeadless.so usr/lib64/virtualbox/VBoxHostChannel.so usr/lib64/virtualbox/VBoxKeyboard.so usr/lib64/virtualbox/VBoxNetDHCP.so usr/lib64/virtualbox/VBoxNetNAT.so usr/lib64/virtualbox/VBoxOGLhostcrutil.so usr/lib64/virtualbox/VBoxOGLhosterrorspu.so usr/lib64/virtualbox/VBoxOGLrenderspu.so usr/lib64/virtualbox/VBoxREM.so usr/lib64/virtualbox/VBoxRT.so usr/lib64/virtualbox/VBoxSDL.so usr/lib64/virtualbox/VBoxSharedClipboard.so usr/lib64/virtualbox/VBoxSharedCrOpenGL.so usr/lib64/virtualbox/VBoxSharedFolders.so usr/lib64/virtualbox/VBoxVMMPreload.so usr/lib64/virtualbox/VBoxVMM.so usr/lib64/virtualbox/VBoxXPCOM.so usr/lib64/virtualbox/VBoxXPCOMC.so usr/lib64/virtualbox/VirtualBox.so usr/lib64/virtualbox/VBoxDDR0.r0 usr/lib64/virtualbox/VMMR0.r0 usr/lib64/virtualbox/VBoxHeadless usr/lib64/virtualbox/VBoxNetAdpCtl usr/lib64/virtualbox/VBoxNetDHCP usr/lib64/virtualbox/VBoxNetNAT usr/lib64/virtualbox/VBoxSDL usr/lib64/virtualbox/VirtualBox usr/lib64/virtualbox/VBoxTestOGL @hardened team: can you please help with this bug? The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d899255c8ce8e38197c086e7048b9f145d3f7e96 commit d899255c8ce8e38197c086e7048b9f145d3f7e96 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-07-06 08:08:53 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-07-06 08:08:53 +0000 app-emulation/virtualbox: set QA_FLAGS_IGNORED for .r0 Closes: https://bugs.gentoo.org/728238 Closes: https://bugs.gentoo.org/555378 Signed-off-by: Sam James <sam@gentoo.org> app-emulation/virtualbox/virtualbox-6.1.34-r4.ebuild | 5 +++++ 1 file changed, 5 insertions(+) |
