diff options
| author |   Mart Raudsepp <leio@gentoo.org> | 2016-03-02 12:31:20 +0200 |
|---|---|---|
| committer | Mart Raudsepp <leio@gentoo.org> | 2016-03-02 12:33:12 +0200 |
| commit | fecd358d04d5766a08adedae95afcbd0eadde707 (patch) | |
| tree | 435a698e4fb00cf5461ad45694ef29d84c488982 | |
| parent | dev-python/raet: Bump (diff) | |
| download | gentoo-fecd358d04d5766a08adedae95afcbd0eadde707.tar.gz gentoo-fecd358d04d5766a08adedae95afcbd0eadde707.tar.bz2 gentoo-fecd358d04d5766a08adedae95afcbd0eadde707.zip | |
dev-libs/wayland: Fix wayland-scanner executable stack in v1.10.0
| -rw-r--r-- | dev-libs/wayland/files/1.10.0-scanner-avoid-executable-stack.patch | 45 | ||||
| -rw-r--r-- | dev-libs/wayland/wayland-1.10.0-r1.ebuild (renamed from dev-libs/wayland/wayland-1.10.0.ebuild) | 6 |
2 files changed, 49 insertions, 2 deletions
diff --git a/dev-libs/wayland/files/1.10.0-scanner-avoid-executable-stack.patch b/dev-libs/wayland/files/1.10.0-scanner-avoid-executable-stack.patch new file mode 100644 index 000000000000..ff4899a23b44 --- /dev/null +++ b/dev-libs/wayland/files/1.10.0-scanner-avoid-executable-stack.patch @@ -0,0 +1,45 @@ +From f8f3e54aa7bc15871ca4296cbc16ae065b07de4e Mon Sep 17 00:00:00 2001 +From: Pekka Paalanen <pekka.paalanen@collabora.co.uk> +Date: Wed, 2 Mar 2016 11:00:35 +0200 +Subject: [PATCH] scanner: avoid executable stack + +Before this patch: +$ scanelf -lpqe ./wayland-scanner +RWX --- --- ./wayland-scanner + +That indicates the stack is executable, which is a bad thing for +security. Wayland-scanner does not actually need an executable stack, it +is just an oversight from using an .S file in the sources. + +Add a special incantation in dtddata.S to make it not cause the stack to +become executable. + +Reported-by: Mart Raudsepp <leio@gentoo.org> +Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk> +Tested-by: Mart Raudsepp <leio@gentoo.org> +--- + src/dtddata.S | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/src/dtddata.S b/src/dtddata.S +index 68e3435..ce51133 100644 +--- a/src/dtddata.S ++++ b/src/dtddata.S +@@ -20,6 +20,14 @@ + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + ++/* ++ * Avoid executable stack. ++ * from: https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart ++ */ ++#if defined(__linux__) && defined(__ELF__) ++.section .note.GNU-stack,"",%progbits ++#endif ++ + /* from: http://www.linuxjournal.com/content/embedding-file-executable-aka-hello-world-version-5967#comment-348129 */ + + .macro binfile name file +-- +2.6.4 + diff --git a/dev-libs/wayland/wayland-1.10.0.ebuild b/dev-libs/wayland/wayland-1.10.0-r1.ebuild index b3d1bfc838a6..4cff5fe49062 100644 --- a/dev-libs/wayland/wayland-1.10.0.ebuild +++ b/dev-libs/wayland/wayland-1.10.0-r1.ebuild @@ -40,8 +40,10 @@ DEPEND="${RDEPEND} ) virtual/pkgconfig" -# dtd validation configure patch is upstream and will be part of 1.11 -PATCHES=( "${FILESDIR}/${PV}-build-fix-configure-disable-dtd-validation.patch" ) +PATCHES=( + "${FILESDIR}/${PV}-build-fix-configure-disable-dtd-validation.patch" + "${FILESDIR}/${PV}-scanner-avoid-executable-stack.patch" +) multilib_src_configure() { local myeconfargs=( |