From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 07E9C1388C1 for ; Wed, 2 Mar 2016 10:34:06 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 886A121C00B; Wed, 2 Mar 2016 10:34:02 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 238E021C00B for ; Wed, 2 Mar 2016 10:34:02 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id DDACC340A35 for ; Wed, 2 Mar 2016 10:34:00 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 29E2E18A6 for ; Wed, 2 Mar 2016 10:33:59 +0000 (UTC) From: "Mart Raudsepp" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Mart Raudsepp" Message-ID: <1456914792.fecd358d04d5766a08adedae95afcbd0eadde707.leio@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: dev-libs/wayland/files/, dev-libs/wayland/ X-VCS-Repository: repo/gentoo X-VCS-Files: dev-libs/wayland/files/1.10.0-scanner-avoid-executable-stack.patch dev-libs/wayland/wayland-1.10.0-r1.ebuild dev-libs/wayland/wayland-1.10.0.ebuild X-VCS-Directories: dev-libs/wayland/files/ dev-libs/wayland/ X-VCS-Committer: leio X-VCS-Committer-Name: Mart Raudsepp X-VCS-Revision: fecd358d04d5766a08adedae95afcbd0eadde707 X-VCS-Branch: master Date: Wed, 2 Mar 2016 10:33:59 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 6b7c32f5-d855-4b89-a276-f6c25404a04e X-Archives-Hash: a00ab2e94dc7b3fa6af67ed4bda62822 commit: fecd358d04d5766a08adedae95afcbd0eadde707 Author: Mart Raudsepp gentoo org> AuthorDate: Wed Mar 2 10:31:20 2016 +0000 Commit: Mart Raudsepp gentoo org> CommitDate: Wed Mar 2 10:33:12 2016 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fecd358d dev-libs/wayland: Fix wayland-scanner executable stack in v1.10.0 .../1.10.0-scanner-avoid-executable-stack.patch | 45 ++++++++++++++++++++++ ...land-1.10.0.ebuild => wayland-1.10.0-r1.ebuild} | 6 ++- 2 files changed, 49 insertions(+), 2 deletions(-) diff --git a/dev-libs/wayland/files/1.10.0-scanner-avoid-executable-stack.patch b/dev-libs/wayland/files/1.10.0-scanner-avoid-executable-stack.patch new file mode 100644 index 0000000..ff4899a --- /dev/null +++ b/dev-libs/wayland/files/1.10.0-scanner-avoid-executable-stack.patch @@ -0,0 +1,45 @@ +From f8f3e54aa7bc15871ca4296cbc16ae065b07de4e Mon Sep 17 00:00:00 2001 +From: Pekka Paalanen +Date: Wed, 2 Mar 2016 11:00:35 +0200 +Subject: [PATCH] scanner: avoid executable stack + +Before this patch: +$ scanelf -lpqe ./wayland-scanner +RWX --- --- ./wayland-scanner + +That indicates the stack is executable, which is a bad thing for +security. Wayland-scanner does not actually need an executable stack, it +is just an oversight from using an .S file in the sources. + +Add a special incantation in dtddata.S to make it not cause the stack to +become executable. + +Reported-by: Mart Raudsepp +Signed-off-by: Pekka Paalanen +Tested-by: Mart Raudsepp +--- + src/dtddata.S | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/src/dtddata.S b/src/dtddata.S +index 68e3435..ce51133 100644 +--- a/src/dtddata.S ++++ b/src/dtddata.S +@@ -20,6 +20,14 @@ + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + ++/* ++ * Avoid executable stack. ++ * from: https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart ++ */ ++#if defined(__linux__) && defined(__ELF__) ++.section .note.GNU-stack,"",%progbits ++#endif ++ + /* from: http://www.linuxjournal.com/content/embedding-file-executable-aka-hello-world-version-5967#comment-348129 */ + + .macro binfile name file +-- +2.6.4 + diff --git a/dev-libs/wayland/wayland-1.10.0.ebuild b/dev-libs/wayland/wayland-1.10.0-r1.ebuild similarity index 90% rename from dev-libs/wayland/wayland-1.10.0.ebuild rename to dev-libs/wayland/wayland-1.10.0-r1.ebuild index b3d1bfc..4cff5fe 100644 --- a/dev-libs/wayland/wayland-1.10.0.ebuild +++ b/dev-libs/wayland/wayland-1.10.0-r1.ebuild @@ -40,8 +40,10 @@ DEPEND="${RDEPEND} ) virtual/pkgconfig" -# dtd validation configure patch is upstream and will be part of 1.11 -PATCHES=( "${FILESDIR}/${PV}-build-fix-configure-disable-dtd-validation.patch" ) +PATCHES=( + "${FILESDIR}/${PV}-build-fix-configure-disable-dtd-validation.patch" + "${FILESDIR}/${PV}-scanner-avoid-executable-stack.patch" +) multilib_src_configure() { local myeconfargs=(