media-libs/xvid-1.2.1: contains a TEXTREL and executable stacks I'm currently ACCEPTing the ~x86 KEYWORD. Reproducible: Always Steps to Reproduce: As near as I can tell: ACCEPT_KEYWORDS="~x86" emerge media-libs/xvid Actual Results: Package successfully built and installed. Portage then asked me to report this info. Expected Results: Portage doesn't ask me to do anything special. * Messages for package media-libs/xvid-1.2.1: * QA Notice: The following files contain runtime text relocations * Text relocations force the dynamic linker to perform extra * work at startup, waste system resources, and may pose a security * risk. On some architectures, the code may not even function * properly, if at all. * For more information, see http://hardened.gentoo.org/pic-fix-guide.xml * Please include the following list of files in your report: * TEXTREL usr/lib/libxvidcore.so.4.2 * QA Notice: The following files contain executable stacks * Files with executable stacks will not work properly (or at all!) * on some architectures/operating systems. A bug should be filed * at http://bugs.gentoo.org/ to make sure the file is fixed. * For more information, see http://hardened.gentoo.org/gnu-stack.xml * Please include the following list of files in your report: * !WX --- --- usr/lib/libxvidcore.a:cbp_mmx.o * !WX --- --- usr/lib/libxvidcore.a:cbp_sse2.o * !WX --- --- usr/lib/libxvidcore.a:fdct_mmx_ffmpeg.o * !WX --- --- usr/lib/libxvidcore.a:fdct_mmx_skal.o * !WX --- --- usr/lib/libxvidcore.a:fdct_sse2_skal.o * !WX --- --- usr/lib/libxvidcore.a:idct_3dne.o * !WX --- --- usr/lib/libxvidcore.a:idct_mmx.o * !WX --- --- usr/lib/libxvidcore.a:idct_sse2_dmitry.o * !WX --- --- usr/lib/libxvidcore.a:colorspace_rgb_mmx.o * !WX --- --- usr/lib/libxvidcore.a:colorspace_yuv_mmx.o * !WX --- --- usr/lib/libxvidcore.a:colorspace_yuyv_mmx.o * !WX --- --- usr/lib/libxvidcore.a:interpolate8x8_3dn.o * !WX --- --- usr/lib/libxvidcore.a:interpolate8x8_3dne.o * !WX --- --- usr/lib/libxvidcore.a:interpolate8x8_mmx.o * !WX --- --- usr/lib/libxvidcore.a:interpolate8x8_xmm.o * !WX --- --- usr/lib/libxvidcore.a:postprocessing_mmx.o * !WX --- --- usr/lib/libxvidcore.a:postprocessing_sse2.o * !WX --- --- usr/lib/libxvidcore.a:reduced_mmx.o * !WX --- --- usr/lib/libxvidcore.a:qpel_mmx.o * !WX --- --- usr/lib/libxvidcore.a:gmc_mmx.o * !WX --- --- usr/lib/libxvidcore.a:deintl_sse.o * !WX --- --- usr/lib/libxvidcore.a:sad_xmm.o * !WX --- --- usr/lib/libxvidcore.a:sad_sse2.o * !WX --- --- usr/lib/libxvidcore.a:sad_mmx.o * !WX --- --- usr/lib/libxvidcore.a:sad_3dne.o * !WX --- --- usr/lib/libxvidcore.a:sad_3dn.o * !WX --- --- usr/lib/libxvidcore.a:quantize_h263_mmx.o * !WX --- --- usr/lib/libxvidcore.a:quantize_h263_3dne.o * !WX --- --- usr/lib/libxvidcore.a:quantize_mpeg_xmm.o * !WX --- --- usr/lib/libxvidcore.a:quantize_mpeg_mmx.o * !WX --- --- usr/lib/libxvidcore.a:mem_transfer_mmx.o * !WX --- --- usr/lib/libxvidcore.a:mem_transfer_3dne.o * !WX --- --- usr/lib/libxvidcore.a:interlacing_mmx.o * !WX --- --- usr/lib/libxvidcore.a:cpuid.o * !WX --- --- usr/lib/libxvidcore.a:plugin_ssim-a.o * RWX --- --- usr/lib/libxvidcore.so.4.2 $ emerge --info Portage 2.1.6.7 (default/linux/x86/2008.0, gcc-4.3.3, glibc-2.9_p20081201-r1, 2.6.28-tuxonice-r1 i686) ================================================================= System uname: Linux-2.6.28-tuxonice-r1-i686-Intel-R-_Core-TM-_Duo_CPU_L2400_@_1.66GHz-with-glibc2.0 Timestamp of tree: Thu, 12 Feb 2009 07:30:01 +0000 app-shells/bash: 3.2_p48-r1 dev-java/java-config: 1.3.7-r1, 2.1.7 dev-lang/python: 2.4.4-r14, 2.5.4-r2 dev-python/pycrypto: 2.0.1-r6 dev-util/cmake: 2.6.2-r1 sys-apps/baselayout: 2.0.0 sys-apps/openrc: 0.4.2 sys-apps/sandbox: 1.3.2 sys-devel/autoconf: 2.13, 2.63 sys-devel/automake: 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.2 sys-devel/binutils: 2.19.1 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.6a virtual/os-headers: 2.6.28-r1 ACCEPT_KEYWORDS="x86 ~x86" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=prescott -pipe -ggdb" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config /var/bind /var/lib/hsqldb" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c /etc/udev/rules.d" CXXFLAGS="-O2 -march=prescott -pipe -ggdb" DISTDIR="/usr/portage/distfiles" FEATURES="distlocks fixpackages parallel-fetch protect-owned sandbox sfperms splitdebug strict unmerge-orphans userfetch userpriv usersandbox" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" LANG="en_US.UTF-8" LC_ALL="en_US.UTF-8" LDFLAGS="-Wl,-O1" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X acl acpi alsa avahi bash-completion berkdb bzip2 caps cdr cli cracklib crypt cups dbus dri dvd ffmpeg flac fortran gdbm gnutls gpm gtk hal iconv ieee1394 inotify ipv6 isdnlog java jpeg kde kerberos lame ldap mad matroska midi mmx mp3 mudflap mysql ncurses nls nptl nptlonly offensive ogg opengl openmp pam pcmcia pcre perl png postgres pppd pulseaudio python qt qt3 qt4 readline reflection samba sdl session sndfile speex spell spl sse sse2 sse3 ssl svg sysfs tcpd theora tiff truetype unicode usb v4l2 vim-syntax vorbis wifi win32codecs wireless x86 xinerama xorg xv xvid zeroconf zlib" ALSA_CARDS="hda-intel usb-audio" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev wacom synaptics spaceorb" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="intel i810" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LINGUAS, MAKEOPTS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Part of the problem appears to be in all of the x86 assembly files, there is the line: section ".note.GNU-stack" noalloc noexec nowrite progbits This needs to be: section .note.GNU-stack noalloc noexec nowrite progbits to make the stack non-executable. I've also looked into the TEXTREL problem, but have not been able to figure out what is going on with that.
I catch the same bug :) $ emerge --info Portage 2.1.6.7 (default/linux/amd64/2008.0, gcc-4.1.2, glibc-2.8_p20080602-r1, 2.6.27-gentoo-r8 x86_64) ================================================================= System uname: Linux-2.6.27-gentoo-r8-x86_64-AMD_Athlon-tm-_64_X2_Dual_Core_Processor_5000+-with-glibc2.2.5 Timestamp of tree: Thu, 26 Mar 2009 14:00:01 +0000 app-shells/bash: 3.2_p39 dev-java/java-config: 1.3.7-r1, 2.1.7 dev-lang/python: 2.4.4-r13, 2.5.2-r7 dev-python/pycrypto: 2.0.1-r6 dev-util/cmake: 2.4.8 sys-apps/baselayout: 1.12.11.1 sys-apps/sandbox: 1.2.18.1-r2 sys-devel/autoconf: 2.13, 2.63 sys-devel/automake: 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.2 sys-devel/binutils: 2.18-r3 sys-devel/gcc-config: 1.4.0-r4 sys-devel/libtool: 1.5.26 virtual/os-headers: 2.6.27-r2 ACCEPT_KEYWORDS="amd64" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=athlon64 -O2 -pipe -msse2 -msse3 -msse" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d" CXXFLAGS="-march=athlon64 -O2 -pipe -msse2 -msse3 -msse" DISTDIR="/usr/portage/distfiles" FEATURES="distlocks fixpackages parallel-fetch protect-owned sandbox sfperms strict unmerge-orphans userfetch" GENTOO_MIRRORS="ftp://gentoo.kiev.ua http://distfiles.gentoo.org http://www.ibiblio.org/pub/Linux/distributions/gentoo" LANG="ru_RU.UTF-8" LC_ALL="" LDFLAGS="-Wl,-O1" LINGUAS="ru en" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="3dnow 3dnowext acl alsa amd64 berkdb bzip2 cli cracklib crypt cups dri dvd encode flac fortran gdbm gpm gtk iconv isdnlog jpeg jpeg2k kde mad midi mmx mmxext mp3 mpeg mudflap multilib ncurses nls nptl nptlonly ogg openal opengl openmp pam pcre perl png pppd python qt readline reflection session spl sse sse2 ssl sysfs tcpd tiff unicode utf8 xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="ru en" USERLAND="GNU" VIDEO_CARDS="nvidia" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
TEXTREL is now behind USE="pic" for hardened, and applied the EXECSTACK patch from this bug. Please try 1.2.2-r1
Apparently the patch I committed isn't fine, commented it out.
PaX Team, check files/xvid-1.2.2-no_execstacks.patch. Clearly, there is something wrong with it. You might see where the problem is, I sure can't. Also, TEXTRELS are back. Fortunately we can control these with USE="pic" for hardened now.
Created attachment 192993 [details, diff] Unfinished patch for EXECSTACKS Anyone who can, please fix.
*bump* Might want to make a tracker just for the problem? 'execstacks' or ...
Created attachment 220339 [details, diff] xvid-1.2.1-noexecstac.patch This is rpmfusion patch used for fixing this
(In reply to comment #8) > Created an attachment (id=220339) [details] > xvid-1.2.1-noexecstac.patch > > This is rpmfusion patch used for fixing this > The patch looks good to me. I've applied it in xvid-1.2.2-r2. There's still the textrels, right? (I can't see them on my x86_64 so...)
(In reply to comment #9) > There's still the textrels, right? (I can't see them on my x86_64 so...) Yeah, they are... shrug. * QA Notice: The following files contain runtime text relocations * Text relocations force the dynamic linker to perform extra * work at startup, waste system resources, and may pose a security * risk. On some architectures, the code may not even function * properly, if at all. * For more information, see http://hardened.gentoo.org/pic-fix-guide.xml * Please include the following list of files in your report: * TEXTREL usr/lib/libxvidcore.so.4.2
(In reply to comment #10) > (In reply to comment #9) > > There's still the textrels, right? (I can't see them on my x86_64 so...) > > Yeah, they are... shrug. > Not in my system, I get no textrel at all :-/ [ebuild R ] media-libs/xvid-1.2.2-r2 USE="-examples -pic" 0 kB Portage 2.1.7.17 (default/linux/amd64/10.0/desktop, gcc-4.3.4, glibc-2.10.1-r1, 2.6.32-gentoo-r5 x86_64) ================================================================= System uname: Linux-2.6.32-gentoo-r5-x86_64-AMD_Athlon-tm-_64_Processor_3200+-with-gentoo-1.12.13 Timestamp of tree: Sun, 21 Feb 2010 16:30:01 +0000 ccache version 2.4 [enabled] app-shells/bash: 4.0_p35 dev-java/java-config: 2.1.10 dev-lang/python: 2.6.4 dev-util/ccache: 2.4-r7 dev-util/cmake: 2.6.4-r3 sys-apps/baselayout: 1.12.13 sys-apps/sandbox: 1.6-r2 sys-devel/autoconf: 2.13, 2.63-r1 sys-devel/automake: 1.9.6-r2, 1.10.2 sys-devel/binutils: 2.18-r3 sys-devel/gcc: 4.3.4 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.6b virtual/os-headers: 2.6.27-r2 ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="*" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=native -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/X11/xkb /usr/share/config /var/lib/hsqldb" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c /etc/udev/rules.d" CXXFLAGS="-march=native -O2 -pipe" DISTDIR="/usr/distfiles" FEATURES="assume-digests autoaddcvs ccache cvs distlocks fixpackages multilib-strict news parallel-fetch protect-owned sandbox sfperms sign split-log strict test test-fail-continue unmerge-logs unmerge-orphans userfetch" GENTOO_MIRRORS="ftp://ftp.free.fr/mirrors/ftp.gentoo.org" LANG="es_ES.UTF-8" LC_ALL="es_ES.UTF-8" LDFLAGS="-Wl,-O1" LINGUAS="es es_ES en_US" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/portage/local/layman/sunrise /usr/portage/local/layman/suka /usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="3dnow 3dnowext X a52 aac acl acpi alsa amd64 applet avahi bash-completion berkdb branding bzip2 cairo cddb cdinstall cdr cleartype cli consolekit cracklib crypt css cups cxx daap dbus djvu dri dts dvd dvdr dvi eds emboss encode evo exif fam fat ffmpeg firefox flac fortran fuse gdbm gif glitz gnome gnome-keyring gpm gstreamer gtk hal iconv imagemagick java jpeg kdehiddenvisibility kpathsea latex libnotify lyx lzma mad mikmod mmx mmxext mng modules mono mp3 mp4 mpeg mudflap multilib musicbrainz nautilus ncurses network network-cron nls nptl nptlonly ntfs nvidia ogg opengl openmp pam pango pch pcre pdf perl png policykit ppds pppd python qt3support qt4 quicktime readline reflection reiserfs scanner sdl session spell spl sse sse2 ssl ssse3 startup-notification svg sysfs t1lib tcpd threads thunar tiff truetype unicode usb v4l2 vcd vorbis webkit x264 xattr xcb xinetd xml xmp xorg xpm xulrunner xv xvid zeroconf zlib" ALSA_CARDS="via82xx" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="es es_ES en_US" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="nvidia nv vesa" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
(In reply to comment #11) > (In reply to comment #10) > > (In reply to comment #9) > > > There's still the textrels, right? (I can't see them on my x86_64 so...) > > > > Yeah, they are... shrug. > > > > Not in my system, I get no textrel at all :-/ > Portage 2.1.7.17 (default/linux/amd64/10.0/desktop, gcc-4.3.4, glibc-2.10.1-r1, They are limited to x86 (32bit) systems.
OK, thanks for the info
*** Bug 324137 has been marked as a duplicate of this bug. ***
On newer xvid that support multilib we disable asm on amd4 arch to with the pic use flag and that is not needed.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6772974ec4b3250f18dfaf2c142c8d439335e4a3 commit 6772974ec4b3250f18dfaf2c142c8d439335e4a3 Author: Sam James <sam@gentoo.org> AuthorDate: 2024-08-19 01:16:21 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-08-19 01:17:19 +0000 media-libs/xvid: disable assembly There's a handful of very old asm impls in here for mmx+sse2 but they're non-PIC and unlikely to be worth it these days. Bug: https://bugs.gentoo.org/421841 Bug: https://bugs.gentoo.org/831044 Bug: https://bugs.gentoo.org/858431 Closes: https://bugs.gentoo.org/258804 Closes: https://bugs.gentoo.org/926543 Closes: https://bugs.gentoo.org/937019 Signed-off-by: Sam James <sam@gentoo.org> media-libs/xvid/xvid-1.3.7-r2.ebuild | 69 ++++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+)
