Ubuntu
prelink package

MIR for prelink

Bug #418456 reported by Kees Cook
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libelf (Ubuntu)
Fix Released
Undecided
Unassigned
prelink (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: prelink

I would like to use the "execstack" utility from prelink to mangle the GNU_STACK ELF header on some of the pre-built binaries in restricted (fglrx-installer, nvidia-*). As such, it must be used during build, and so here we are with an MIR for prelink, with the intent of only the execstack binary package being promoted to main as the rest of the prelink stack is rather fragile.

Revision history for this message
Kees Cook (kees) wrote :

https://wiki.ubuntu.com/MIRprelink
https://wiki.ubuntu.com/MIRlibelf

Revision history for this message
Kees Cook (kees) wrote :

I should add, this is to solve the Executable Stack problems seen with fglrx-installer and nvidia-* as detailed here:
https://wiki.ubuntu.com/SecurityTeam/Roadmap/ExecutableStacks

Revision history for this message
Loïc Minier (lool) wrote :

Security team should sub to bugmail of prelink and libelf (nobody subscribed to libelf's).

I wonder whether we should add lpia support to these packages. I mostly care about number of packages FTBFSing on lpia rather than getting the new feature on lpia though.

== libelf ==

libelf has a couple build time warnings:
update.c: In function '_elf_output':
update.c:915: warning: ignoring return value of 'ftruncate', declared with attribute warn_unused_result

The lintian output on libelf seems to imply it's not maintained actively in Debian:
W: libelf source: debian-rules-ignores-make-clean-error line 34
W: libelf source: debian-rules-ignores-make-clean-error line 36
W: libelf source: substvar-source-version-is-deprecated libelfg0-dev
W: libelf source: package-uses-deprecated-debhelper-compat-version 4
W: libelf source: ancient-standards-version 3.6.2.2 (current is 3.8.3)
W: libelf source: outdated-autotools-helper-file config.sub 2004-03-12
W: libelf source: outdated-autotools-helper-file config.guess 2004-06-11

The autotools warnings make porting harder but given that this works on the required arches already it's a non-issue for Ubuntu main I guess.

No watch file, passes --host + --build unconditionally, misc other small things. Since we're in sync with Debian and the package works I wont bother with these.

== prelink ==

Packaging in similar state as libelf's; same comments.

W: prelink source: package-lacks-versioned-build-depends-on-debhelper 5
W: prelink source: patch-system-but-no-source-readme
E: prelink source: ancient-autotools-helper-file config.sub 2002-09-05
W: prelink source: ancient-libtool ltmain.sh 1.4.2
E: prelink source: ancient-autotools-helper-file config.guess 2002-09-03
W: prelink source: ancient-libtool ltconfig

Also has some warnings worth checking:
../../src/main.c: In function 'checkinit':
../../src/main.c:247: warning: ignoring return value of 'system', declared with attribute warn_unused_result

Revision history for this message
Loïc Minier (lool) wrote :

So I would approve libelf and prelink if you'd:
- sub to bugmail
- review the source code for the build time warnings I mentionned
- check whether we need to build a .pot for libelf (it bdeps on gettext and there's a po/ dir, but I'm not sure whether we need to bother)

Changed in libelf (Ubuntu):
assignee: nobody → Loïc Minier (lool)
status: New → Incomplete
Changed in prelink (Ubuntu):
assignee: nobody → Loïc Minier (lool)
status: New → Incomplete
Revision history for this message
Kees Cook (kees) wrote :

- bug mail now subscribed
- the build-time warnings are negligible: the result of ftruncate is checked later (via lseek, etc), and the system() use is to call a static string (init U).
- there is already a generated .pot file in the po/ directory

Changed in prelink (Ubuntu):
status: Incomplete → Confirmed
Changed in libelf (Ubuntu):
status: Incomplete → Confirmed
Revision history for this message
Loïc Minier (lool) wrote :

Approved

Changed in prelink (Ubuntu):
status: Confirmed → Fix Committed
Revision history for this message
Loïc Minier (lool) wrote :

On the .pot: the issue is that we usually update the .pot /during build/ to make sure it contains the latest strings (might be out of date in the upstream release or new strings might be added in Ubuntu patches). So I was asking whether it's useful or not to bother to update the .pot during build.

Changed in libelf (Ubuntu):
status: Confirmed → Fix Committed
Loïc Minier (lool)
Changed in prelink (Ubuntu):
assignee: Loïc Minier (lool) → nobody
Changed in libelf (Ubuntu):
assignee: Loïc Minier (lool) → nobody
Revision history for this message
Martin Pitt (pitti) wrote :

Please note that this will not be promoted unless something in main or the seeds require it. Please make this a (build)-dependency of something, otherwise we will just "time out" and close this MIR.

Thank you!

Revision history for this message
Matthias Klose (doko) wrote :

please don't promote libelf before it's not updated to 0.8.12. (see bug #438620 for a FFe, or tell me it's a bug fix release to upload without FFe ;)

Revision history for this message
Kees Cook (kees) wrote :

Post-beta, it will likely be used in the fglrx and nvidia packages. The libelf 0.8.12 upload is waiting for post-beta as well.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

$ change-override.py -c main -s karmic -S libelf
2009-10-08 22:08:44 INFO creating lockfile
2009-10-08 22:08:49 INFO Override Component to: 'main'
2009-10-08 22:08:49 INFO 'libelf - 0.8.12-0ubuntu1/universe/libs' source overridden
2009-10-08 22:08:49 INFO 'libelfg0-0.8.12-0ubuntu1/universe/libs/OPTIONAL' binary overridden in karmic/amd64
2009-10-08 22:08:49 INFO 'libelfg0-0.8.12-0ubuntu1/universe/libs/OPTIONAL' binary overridden in karmic/armel
2009-10-08 22:08:49 INFO 'libelfg0-0.8.12-0ubuntu1/universe/libs/OPTIONAL' binary overridden in karmic/i386
2009-10-08 22:08:49 INFO 'libelfg0-0.8.12-0ubuntu1/universe/libs/OPTIONAL' binary overridden in karmic/ia64
2009-10-08 22:08:49 INFO 'libelfg0-0.8.12-0ubuntu1/universe/libs/OPTIONAL' binary overridden in karmic/lpia
2009-10-08 22:08:49 INFO 'libelfg0-0.8.12-0ubuntu1/universe/libs/OPTIONAL' binary overridden in karmic/powerpc
2009-10-08 22:08:49 INFO 'libelfg0-0.8.12-0ubuntu1/universe/libs/OPTIONAL' binary overridden in karmic/sparc
2009-10-08 22:08:49 INFO 'libelfg0-dev-0.8.12-0ubuntu1/universe/libdevel/OPTIONAL' binary overridden in karmic/amd64
2009-10-08 22:08:49 INFO 'libelfg0-dev-0.8.12-0ubuntu1/universe/libdevel/OPTIONAL' binary overridden in karmic/armel
2009-10-08 22:08:49 INFO 'libelfg0-dev-0.8.12-0ubuntu1/universe/libdevel/OPTIONAL' binary overridden in karmic/i386
2009-10-08 22:08:49 INFO 'libelfg0-dev-0.8.12-0ubuntu1/universe/libdevel/OPTIONAL' binary overridden in karmic/ia64
2009-10-08 22:08:49 INFO 'libelfg0-dev-0.8.12-0ubuntu1/universe/libdevel/OPTIONAL' binary overridden in karmic/lpia
2009-10-08 22:08:49 INFO 'libelfg0-dev-0.8.12-0ubuntu1/universe/libdevel/OPTIONAL' binary overridden in karmic/powerpc
2009-10-08 22:08:49 INFO 'libelfg0-dev-0.8.12-0ubuntu1/universe/libdevel/OPTIONAL' binary overridden in karmic/sparc

Changed in libelf (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

$ change-override.py -c main -s karmic -t prelink
2009-10-08 22:09:21 INFO creating lockfile
2009-10-08 22:09:26 INFO Override Component to: 'main'
2009-10-08 22:09:26 INFO 'prelink - 0.0.20090311-1ubuntu3/universe/admin' source overridden
Confirm this transaction? [yes, no] yes
2009-10-08 22:09:32 INFO Transaction committed.
2009-10-08 22:09:32 INFO Done.

$ change-override.py -c main -s karmic execstack
2009-10-08 22:09:52 INFO creating lockfile
2009-10-08 22:09:57 INFO Override Component to: 'main'
2009-10-08 22:09:57 INFO 'execstack-0.0.20090311-1ubuntu3/universe/admin/OPTIONAL' binary overridden in karmic/amd64
2009-10-08 22:09:57 INFO 'execstack-0.0.20090311-1ubuntu3/universe/admin/OPTIONAL' binary overridden in karmic/i386
2009-10-08 22:09:57 INFO 'execstack-0.0.20090311-1ubuntu3/universe/admin/OPTIONAL' binary overridden in karmic/lpia
2009-10-08 22:09:57 INFO 'execstack-0.0.20090311-1ubuntu3/universe/admin/OPTIONAL' binary overridden in karmic/powerpc
Confirm this transaction? [yes, no] yes
2009-10-08 22:10:05 INFO Transaction committed.
2009-10-08 22:10:05 INFO Done.

Changed in prelink (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.