architectures tested: x86 (athlon-mp, pentium-m) CFLAGS: -O2 -march=i686 -mtune={athlon-mp|pentium-m} -pipe environment: Gentoo Base System version 1.12.6 make.profile: hardened/x86/2.6 grsecurity RBAC and PaX are enabled and activated all core components (toolchain, essential libraries) are stable (non-~x86) The problem is triggered while bootsrapping during the compilation. The output of emerge: >>> -- Check for working C compiler: /usr/lib/ccache/bin/i686-pc-linux-gnu-gcc cmake: stack smashing attack in function void cmGlobalUnixMakefileGenerator3::WriteConvenienceRules2(std::ostream&, cmLocalUnixMakefileGenerator3*, bool)() ./bootstrap: line 1274: 25998 Aborted "${cmake_bootstrap_dir}/cmake" "${cmake_source_dir}" "-C${cmake_bootstrap_dir}/InitialCacheFlags.cmake" "-G${cmake_bootstrap_generator}" --------------------------------------------- Error when bootstrapping CMake: Problem while running initial CMake --------------------------------------------- !!! ERROR: dev-util/cmake-2.4.3 failed. Call stack: ebuild.sh, line 1546: Called dyn_compile ebuild.sh, line 937: Called src_compile cmake-2.4.3.ebuild, line 23: Called die <<< While grsec.log says: >>> Dec 1 15:00:41 hostname grsec: (admin:S:/) signal 6 sent to /var/tmp/portage/cmake-2.4.3/work/cmake-2.4.3/Bootstrap.cmk/cmake[cmake:25998] uid/euid:0/0 gid/egid:0/0, parent /var/tmp/portage/cmake-2.4.3/work/cmake-2.4.3/bootstrap[bootstrap:18623] uid/euid:0/0 gid/egid:0/0 Dec 1 15:00:41 hostname grsec: (admin:S:/) denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /var/tmp/portage/cmake-2.4.3/work/cmake-2.4.3/Bootstrap.cmk/cmake[cmake:25998] uid/euid:0/0 gid/egid:0/0, parent /var/tmp/portage/cmake-2.4.3/work/cmake-2.4.3/bootstrap[bootstrap:18623] uid/euid:0/0 gid/egid:0/0 <<< The previous verion of cmake compiled flawlessly. Regards, Dw.
emerge --info please.
Portage 2.1.1-r2 (hardened/x86/2.6, gcc-3.4.6, glibc-2.3.6-r5, 2.6.18-hardened-r1 i686) ================================================================= System uname: 2.6.18-hardened-r1 i686 Intel(R) Celeron(R) M processor 1.40GHz Gentoo Base System version 1.12.6 Last Sync: Fri, 01 Dec 2006 09:30:01 +0000 ccache version 2.3 [enabled] app-admin/eselect-compiler: [Not Present] dev-java/java-config: 1.3.7, 2.0.30 dev-lang/python: 2.3.5, 2.4.3-r4 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: 2.3 dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.60 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.13-r4 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.17-r1 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=i686 -mtune=pentium-m -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/X11/xkb" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c" CXXFLAGS="-O2 -march=i686 -mtune=pentium-m -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs autoconfig ccache distlocks metadata-transfer sandbox sfperms strict" GENTOO_MIRRORS="http://gentoo.inf.elte.hu/ http://gentoo.inode.at/" LANG="hu_HU" LC_ALL="hu_HU" LINGUAS="hu" MAKEOPTS="-j2" PKGDIR="/usr/portage//packages/x86/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="7zip X X509 a52 aac aalib acl acpi aiglx alsa amr aotuv apache2 asf audiofile bash-completion bcmath bdf berkdb binfilter bitmap-fonts blas bluetooth branding browserplugin bzip2 cairo cdda cddb cdparanoia cdr cdrom chardet checkpath cli crypt css cups curl dba dbm dbus dga dhcp discard-path divx divx4linux djbfft djvu dlloader dmi dri dts dv dvd dvdr dvdread dvi eds elibc_glibc encode evo exif expat extensions fame ffmpeg fftw firefox flac flash flatfile fontconfig foomaticdb force-cgi-redirect fortran ftp gd gif gimp gimpprint gmedia gmp gnet gnome gphoto2 gpm graphviz gs gstreamer gtk gtk2 gtkhtml hal hardened hub i8x0 iconv idea idn imagemagick imap imlib input_devices_keyboard input_devices_mouse irda jabber java javascript jingle jpeg jpeg2k kernel_linux lapack latin1 lcms libcaca libplot linguas_hu lirc lm_sensors logitech-mouse lzo lzw mad matroska mbox mcal memlimit mikmod mjpeg mmap mmx mng mode-owner motif mozcalendar mp3 mp4 mpeg mysql mysqli nautilus ncurses network nls nopop3d nsplugin ntfs ogg oggvorbis openexr opengl pam pam_chroot pam_console pam_timestamp pccts pcmcia pda pdf pear perl php pic plotutils png posix ppds python quicktime rc5 readline real realmedia reiserfs rle rtc sasl scanner screen sdl sensord session sftplogging sharedext sharedmem sid skins slang smp sms sndfile soap sockets speex spell spf sse sse2 ssl svg syslog sysvipc t1lib tcl tcltk tcpd tetex tga theora tiff tk tlen tokenizer toolbar tools transcode truetype truetype-fonts type1-fonts udev underscores unicode urandom usb userland_GNU userlocales v4l v4l2 vcd video_cards_i810 video_cards_i830 video_cards_v4l vidix virus-scan visualization vlm vorbis win32codecs wma wmf wmp wxwindows x264 x86 xine xml xml2 xmlrpc xorg xpm xsl xv xvid zip zlib zvbi" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Portage 2.1.1-r2 (hardened/x86/2.6, gcc-3.4.6, glibc-2.3.6-r5, 2.6.18-hardened-r1 i686) ================================================================= System uname: 2.6.18-hardened-r1 i686 AMD Athlon(TM) MP 1600+ Gentoo Base System version 1.12.6 Last Sync: Fri, 01 Dec 2006 09:30:01 +0000 ccache version 2.3 [enabled] app-admin/eselect-compiler: [Not Present] dev-java/java-config: 1.3.7, 2.0.30 dev-lang/python: 2.3.5-r2, 2.4.3-r4 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: 2.3 dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.60 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.13-r4 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.17-r1 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=i686 -mtune=athlon-mp -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/lib/mozilla/defaults/pref /usr/share/X11/xkb /var/bind" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c" CXXFLAGS="-O2 -march=i686 -mtune=athlon-mp -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs autoconfig ccache distlocks metadata-transfer sandbox sfperms strict" GENTOO_MIRRORS="http://gentoo.inf.elte.hu/ http://gentoo.inode.at/" LANG="hu_HU" LC_ALL="hu_HU" LINGUAS="hu" MAKEOPTS="-j3" PKGDIR="/usr/portage//packages/x86/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="3dnow 3dnowext 7zip X X509 a52 aac aalib acl acpi aiglx alsa amr aotuv apache2 asf audiofile bash-completion bcmath bdf berkdb binfilter bitmap-fonts blas bluetooth branding browserplugin bzip2 cairo cdda cddb cdparanoia cdr cdrom chardet checkpath cli contentcache crypt css cups curl dba dbm dbus dga dhcp disassembler discard-path divx divx4linux djbfft djvu dlloader dmi dri dts dv dvd dvdr dvdread dvi eds elibc_glibc encode evo exif expat extensions fam fame ffmpeg fftw firefox flac flash flatfile follow-xff fontconfig foomaticdb force-cgi-redirect fortran ftp gd gif gimp gimpprint gmedia gmp gnet gnome gphoto2 gpm graphviz gs gstreamer gtk gtk2 gtkhtml hal hardened hub iconv idea idn iksemel imagemagick imap imlib inode input_devices_keyboard input_devices_mouse irda jabber java java-internal javascript jingle jpeg jpeg2k kernel_linux lapack latin1 lcms libcaca libplot linguas_hu lirc lm_sensors logitech-mouse lzo lzw mad matroska mbox mcal memlimit mhash mikmod milter ming mjpeg mmap mmx mmxext mng mode-owner motif mozcalendar mp3 mp4 mpeg mysql mysqli nautilus ncurses network nls nopop3d nsplugin ntfs odbc ogg oggvorbis openexr opengl overload pam pam_chroot pam_console pam_timestamp pccts pcmcia pcntl pcre pda pdf pear perl php pic plotutils png posix ppds python quicktime rc5 readline real realmedia reiserfs rle rtc sasl scanner screen sdl sensord session sftplogging sharedext sharedmem sid skins slang smp sms sndfile soap sockets speex spell spf sse ssl svg syslog sysvipc t1lib tcl tcltk tcpd tetex tga theora tiff tk tlen tokenizer toolbar tools transcode truetype truetype-fonts type1-fonts udev underscores unicode urandom usb userland_GNU userlocales v4l v4l2 vcd video_cards_radeon video_cards_v4l vidix virus-scan visualization vlm vorbis win32codecs wma wmf wmp wxwindows x264 x86 xine xml xml2 xmlrpc xorg xpm xsl xv xvid zip zlib zvbi" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, PORTAGE_RSYNC_EXTRA_OPTS
This seems related to the failure that I am seeing, although it manifests itself in a slightly different way. In my case, the compiler sees a stack smashing attack and the compile is aborted: strap.cmk -DKWSYS_NAMESPACE=cmsys -c /var/tmp/portage/cmake-2.4.3/work/cmake-2.4.3/Source/kwsys/ProcessUNIX.c -o ProcessUNIX.o i686-pc-linux-gnu-g++ -O2 -march=pentium4 -pipe -I/var/tmp/portage/cmake-2.4.3/work/cmake-2.4.3/Source -I/var/tmp/portage/cmake-2.4.3/work/cmake-2.4.3/Bootstrap.cmk cmake.o cmakemain.o cmakewizard.o cmCommandArgumentLexer.o cmCommandArgumentParser.o cmCommandArgumentParserHelper.o cmDepends.o cmDependsC.o cmMakeDepend.o cmMakefile.o cmGeneratedFileStream.o cmGlobalGenerator.o cmLocalGenerator.o cmInstallGenerator.o cmInstallFilesGenerator.o cmInstallScriptGenerator.o cmInstallTargetGenerator.o cmSourceFile.o cmSystemTools.o cmFileTimeComparison.o cmGlobalUnixMakefileGenerator3.o cmLocalUnixMakefileGenerator3.o cmMakefileExecutableTargetGenerator.o cmMakefileLibraryTargetGenerator.o cmMakefileTargetGenerator.o cmMakefileUtilityTargetGenerator.o cmBootstrapCommands.o cmCommands.o cmTarget.o cmTest.o cmCustomCommand.o cmCacheManager.o cmListFileCache.o cmOrderLinkDirectories.o cmListFileLexer.o Directory.o Glob.o RegularExpression.o SystemTools.o ProcessUNIX.o -o cmake loading initial cache file /var/tmp/portage/cmake-2.4.3/work/cmake-2.4.3/Bootstrap.cmk/InitialCacheFlags.cmake -- Check for working C compiler: /usr/lib/ccache/bin/i686-pc-linux-gnu-gcc cmake: stack smashing attack in function void cmGlobalUnixMakefileGenerator3::WriteConvenienceRules2(std::ostream&, cmLocalUnixMakefileGenerator3*, bool)() ./bootstrap: line 1274: 31214 Aborted "${cmake_bootstrap_dir}/cmake" "${cmake_source_dir}" "-C${cmake_bootstrap_dir}/InitialCacheFlags.cmake" "-G${cmake_bootstrap_generator}" --------------------------------------------- Error when bootstrapping CMake: Problem while running initial CMake --------------------------------------------- !!! ERROR: dev-util/cmake-2.4.3 failed. Call stack: ebuild.sh, line 1546: Called dyn_compile ebuild.sh, line 937: Called src_compile cmake-2.4.3.ebuild, line 23: Called die !!! ./bootstrap failed !!! If you need support, post the topmost build error, and the call stack if relevant. Portage 2.1.1-r2 (hardened/x86/2.6, gcc-3.4.6, glibc-2.3.6-r5, 2.6.17-hardened-r1xtrafs i686) ================================================================= System uname: 2.6.17-hardened-r1xtrafs i686 Intel(R) Xeon(TM) CPU 3.20GHz Gentoo Base System version 1.12.6 Last Sync: Sun, 17 Dec 2006 00:20:02 +0000 ccache version 2.3 [enabled] app-admin/eselect-compiler: [Not Present] dev-java/java-config: [Not Present] dev-lang/python: 2.3.5-r2, 2.4.3-r4 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: 2.3 dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.60 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.14 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.17-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=pentium4 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/init.d /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-O2 -march=pentium4 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig buildpkg ccache distlocks metadata-transfer sandbox sfperms strict" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" MAKEOPTS="-j4" PKGDIR="/usr/portage//packages/x86/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage/" PORTDIR_OVERLAY="/srv/gentoo/overlay" USE="x86 apache2 bash-completion cracklib crypt elf elibc_glibc hardened input_devices_keyboard input_devices_mouse ipv6 kernel_linux mmx ncurses nolvmstatic pam perl readline serial sse sse2 ssl userland_GNU zlib" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS
Apologies for the oversight. I have exactly the same failure, not just something similar. I just noticed the same messages in dmesg as Attila reported.
Hello, happy new year, lately, with a workaround: Using -Os instead of -O2 results in a clean build.
(In reply to comment #6) > Using -Os instead of -O2 results in a clean build. Doesn't work here. -- Check for working C compiler: /usr/bin/cc cmake: stack smashing attack in function void cmGlobalGenerator::CreateDefaultGlobalTargets(cmTargets*)() ./bootstrap: line 1301: 12282 Aborted "${cmake_bootstrap_dir}/cmake" "${cmake_source_dir}" "-C${cmake_bootstrap_dir}/InitialCacheFlags.cmake" "-G${cmake_bootstrap_generator}" ${cmake_bootstrap_system_libs} --------------------------------------------- Error when bootstrapping CMake: Problem while running initial CMake --------------------------------------------- Reported upstream.
ssp and c++ are very hit and miss. This may not be an upstream problem at all. personally I'd just relax ssp on this package (well all of KDE/QT stuff really).
It compiles for me when I switch to gcc profile hardenednopiessp
And it works fine for me with the new toolchain.
(In reply to comment #10) > And it works fine for me with the new toolchain. "the new toolchain"?
(In reply to comment #10) > And it works fine for me with the new toolchain. > The new toolchain is in fact not hardened-ready at this time. If you are using a real (means pie & ssp) hardened profile, you can't have the new toolchain (cos it's hard masked) - except for if you are a toolchain developer or want to play around with it. A regular user - including me - won't risk the system with development staged toolchains. I know, that an SELinux enabled boxen can be installed using the new toolchain, but whoever decide to go that way, will miss a serious point of security, IMHO. So those who stick to the stable hardened toolchain won't be cured by the new one and still affected by this bug. As is it was reported on the hardened mailing list, the new toolchain will be available only with some forthcoming glibc version in the future. The reason for this, that it has been completely rewritten in the mean time. I hope for better C++ hardening related to the proposed changes. It's good to know, that the new toolchain doesn't suffer this problem, but it's not really hardened, so it's possible, that the problem will reappear with the introduction of hardened features in the new toolchain.
Created attachment 116565 [details, diff] Changes O2 to Os to make it compile on hardened Based on comment #6 I've mades some changes to the current stable ebuild to make it compile on hardened
(In reply to comment #6) > Hello, > happy new year, lately, with a workaround: > > Using -Os instead of -O2 results in a clean build. > Thanks Chris, it works for me. I've created the attachment for those, who have similar problems on Hardened Gentoo. Regards, Dw.
hardened toolchain problem
Our favourite issue - gcc-3/C++/SSP :/
Just to note; this works fine for me with hardened gcc-4.1.2 (currently only in my overlay - hopefully should hit the tree soon).
(In reply to comment #17) > Just to note; this works fine for me with hardened gcc-4.1.2 (currently only in > my overlay - hopefully should hit the tree soon). > Hi Kevin, It's always good to hear, that some real experts achieve great progression. Thank you (and your colleagues) very much. So we could expect some time consuming upgrades in the near future - which is a good news in this case, isn't it? Regards, Dw.
(In reply to comment #17) > Just to note; this works fine for me with hardened gcc-4.1.2 (currently only in > my overlay - hopefully should hit the tree soon). Does this mean this is fixed now? (I have no idea about hardened stuff.)
(In reply to comment #19) > (In reply to comment #17) > > Just to note; this works fine for me with hardened gcc-4.1.2 (currently only in > > my overlay - hopefully should hit the tree soon). > > Does this mean this is fixed now? (I have no idea about hardened stuff.) No, as I said to you last week in IRC, the hardened gcc-4.1.2 is not yet available in the tree ...
What's the current status of hardened-gcc-4?
(In reply to comment #21) > What's the current status of hardened-gcc-4? It's waiting for vapier to complete the testing/integration (see http://thread.gmane.org/gmane.linux.gentoo.devel/50094/focus=50167).
Hy people, I had read the posting above and patched my ebuild file with the replage-flags line. But I get always again this error. Report to http://bugs.gentoo.org/ ./bootstrap: line 1301: 12024 Killed "${cmake_bootstrap_dir}/cmake" "${cmake_source_dir}" "-C${cmake_bootstrap_dir}/InitialCacheFlags.cmake" "-G${cmake_bootstrap_generator}" ${cmake_bootstrap_system_libs} --------------------------------------------- Error when bootstrapping CMake: Problem while running initial CMake --------------------------------------------- !!! ERROR: dev-util/cmake-2.4.6-r1 failed. Call stack: ebuild.sh, line 1621: Called dyn_compile ebuild.sh, line 973: Called qa_call 'src_compile' ebuild.sh, line 44: Called src_compile cmake-2.4.6-r1.ebuild, line 36: Called die !!! ./bootstrap failed !!! If you need support, post the topmost build error, and the call stack if relevant. !!! A complete build log is located at '/var/tmp/portage/dev-util/cmake-2.4.6-r1/temp/build.log'. pandora ~ # emerge --info Portage 2.1.2.9 (hardened/x86/2.6, gcc-3.4.6, glibc-2.5-r4, 2.6.20-hardened-r5 i686) ================================================================= System uname: 2.6.20-hardened-r5 i686 Pentium III (Katmai) Gentoo Base System release 1.12.9 Timestamp of tree: Thu, 12 Jul 2007 16:50:01 +0000 ccache version 2.4 [disabled] dev-java/java-config: 1.3.7, 2.0.33-r1 dev-lang/python: 2.3.5-r3, 2.4.4-r4 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: 2.4-r7 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.61 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.17 sys-devel/gcc-config: 1.3.16 sys-devel/libtool: 1.5.23b virtual/os-headers: 2.6.17-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=pentium3 -mtune=i686 -O2 -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/lib/fax /var/bind /var/spool/fax/etc" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-march=pentium3 -mtune=i686 -O2 -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="distlocks metadata-transfer sandbox sfperms strict" GENTOO_MIRRORS="http://gentoo.intergenia.de/ ftp://pandemonium.tiscali.de/pub/gentoo/ ftp://ftp.join.uni-muenster.de/pub/linux/distributions/gentoo" LINGUAS="de en_GB" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://194.97.4.250/gentoo-portage" USE="alsa apache2 apm bash_completion berkdb crypt cups fat fax foomaticdb hardened java lm_sensors midi mmx mysql nls nptl nptlonly oss pam php pic ppds readline reiserfs sasl server sse ssl symlink tcpd threads unicode urandom usb vhosts x86 xorg zlib" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="mouse keyboard" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="de en_GB" USERLAND="GNU" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY What do you mean with "update the toolchain" ? Is it enough to upgrade the gcc to version 4.1.2 ? I need cmake to compile gammu and setting up a sms gateway. regards J0ointy.sL
(In reply to comment #20) ... > No, as I said to you last week in IRC, the hardened gcc-4.1.2 is not yet > available in the tree ... > Any news on this?
i still get the same problem, and therefore can't update my system :( the patch does not work for me. i get checksum errors for the ebuild-file afterwards and would be more happy with a real solution (meaning one that is solvable with a sync and a re-emerge) (just to clarify things: i have a hardened system too and therefore of course can't use a newer version or gcc 4.x)
(In reply to comment #25) > the patch does not work for me. i get checksum errors for the ebuild-file `ebuild /path/to/the/file/you/touched manifest` to fix it > (just to clarify things: i have a hardened system too and therefore of course > can't use a newer version or gcc 4.x) You can always temporarily switch to the non-hardened compiler for this package.
Once you guys sync up, it should be fixed for 2.4.6-r1, and all the 2.4.7* ebuilds.
(In reply to comment #27) > Once you guys sync up, it should be fixed for 2.4.6-r1, and all the 2.4.7* > ebuilds. > Maybe I got it wrong and this message wasn't addressed to me, but for me 2.4.6-r2 still fails the same way (stack smashing attack) while bootstrapping during the ebuild. Is this intended to be applied for the stable hardened-toolchain users also? Or I synced to early? Regards, Dw.
(In reply to comment #28) > (In reply to comment #27) > > Once you guys sync up, it should be fixed for 2.4.6-r1, and all the 2.4.7* > > ebuilds. > > > > Maybe I got it wrong and this message wasn't addressed to me, but for me > 2.4.6-r2 still fails the same way (stack smashing attack) while bootstrapping > during the ebuild. > Is this intended to be applied for the stable hardened-toolchain users also? > Or I synced to early? 2.4.6-r2 isn't a tree version, as you can see from http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-util/cmake/?hideattic=0. The above comment was targeted at stable using people, yes.