[Pkg-utopia-maintainers] Bug#1065484: marked as done (libatasmart4: Please rebuild to avoid overly huge ELF segment alignment)

[Debian Bug Tracking System]

Your message dated Fri, 15 Aug 2025 13:06:03 +0000
with message-id <e1umu8b-000uu2...@fasolo.debian.org>
and subject line Bug#1065484: fixed in libatasmart 0.19-6
has caused the Debian Bug report #1065484,
regarding libatasmart4: Please rebuild to avoid overly huge ELF segment 
alignment
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1065484: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065484
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: libatasmart4
Version: 0.19-5
Severity: normal
X-Debbugs-Cc: mini...@grsecurity.net

Dear Maintainer,

After investigating ELF binaries and libraries on Debian systems, I
noticed that libatasmart4 uses an overly huge alignemnt for its
segments. This will lead to an unnecessary ASLR degradation for users of
this library like udisks2.

Below is the relevant output:

minipli@x1:~/src/paxtest (master)$ ./contrib/check_align.sh 
/usr/lib/x86_64-linux-gnu/libatasmart.so.4.0.5
/usr/lib/x86_64-linux-gnu/libatasmart.so.4.0.5 (max align=0x200000)
minipli@x1:~/src/paxtest (master)$ readelf -Wl 
/usr/lib/x86_64-linux-gnu/libatasmart.so.4.0.5 | grep -B2 LOAD 
Program Headers:
  Type           Offset   VirtAddr           PhysAddr           FileSiz  MemSiz 
  Flg Align
  LOAD           0x000000 0x0000000000000000 0x0000000000000000 0x009f58 
0x009f58 R E 0x200000
  LOAD           0x00a390 0x000000000020a390 0x000000000020a390 0x001e40 
0x001e48 RW  0x200000

The cause for the excessive segment alignment of 2MB instead of the
usual 4kB is binutils' ld which did, from versions v2.11 up to v2.30 (in
Debian, at least), use a huge default, even if no segment required such
a huge alignment. That was fixed in Debian with the release of buster,
which makes use of binutils v2.31+.

The full technical background behind overly huge alignment was reported
here: https://grsecurity.net/toolchain_necromancy_past_mistakes_haunting_aslr

Rebuilding the package will implicitly make use of a recent version of
ld and thereby fix the issue which is what I'm herby requesting.

Thanks,
Mathias

-- System Information:
Debian Release: 12.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'stable-debug'), (500, 'proposed-updates-debug'), (500, 'proposed-updates'), 
(500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-18-amd64 (SMP w/20 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libatasmart4 depends on:
ii  libc6     2.36-9+deb12u4
ii  libudev1  252.22-1~deb12u1

libatasmart4 recommends no packages.

libatasmart4 suggests no packages.

-- no debconf information

--- End Message ---

--- Begin Message ---

Source: libatasmart
Source-Version: 0.19-6
Done: Michael Biebl <bi...@debian.org>

We believe that the bug you reported is fixed in the latest version of
libatasmart, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1065...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Biebl <bi...@debian.org> (supplier of updated libatasmart package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 15 Aug 2025 14:34:46 +0200
Source: libatasmart
Architecture: source
Version: 0.19-6
Distribution: unstable
Urgency: medium
Maintainer: Utopia Maintenance Team 
<pkg-utopia-maintain...@lists.alioth.debian.org>
Changed-By: Michael Biebl <bi...@debian.org>
Closes: 1065484 1093595
Changes:
 libatasmart (0.19-6) unstable; urgency=medium
 .
   * Correctly pass host flags to the build compiler (Closes: #1093595)
   * Bump Standards-Version to 4.7.2
   * Replace pkg-config Build-Depends with pkgconf
   * Switch to debhelper-compat 13
   * Do not fail on dh_missing
   * Rebuild to avoid overly huge ELF segment alignment (Closes: #1065484)
Checksums-Sha1:
 c3207db9b855db5e6b515df6146ec87b345bbfd4 2139 libatasmart_0.19-6.dsc
 c72b3f9717ecd2dc2796c0414bb24314727462db 7028 libatasmart_0.19-6.debian.tar.xz
 28d32eb1bd3bacc80f92e0a306cac1c25c719c19 5707 
libatasmart_0.19-6_source.buildinfo
Checksums-Sha256:
 8d9c59f310fc390bf724f98f1cd9f636648b4e3f33a9d1e546db559034949013 2139 
libatasmart_0.19-6.dsc
 55f06b19a709843196fa3bb35aae2799142f0451b235acd4a86cd0cd11cb8e18 7028 
libatasmart_0.19-6.debian.tar.xz
 6dcf028134857a2385ac66dcfd1a01b46cdde100af67dbd5bb9dc29f493195d1 5707 
libatasmart_0.19-6_source.buildinfo
Files:
 c90a534a211e9e390f5b54ece63e4a8b 2139 libs optional libatasmart_0.19-6.dsc
 07c8e41dc7572eca2b59c1c652cf0e24 7028 libs optional 
libatasmart_0.19-6.debian.tar.xz
 89a9d9802a22943d52edc912a74129bf 5707 libs optional 
libatasmart_0.19-6_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEECbOsLssWnJBDRcxUauHfDWCPItwFAmifK0MACgkQauHfDWCP
ItxGHA//f1em8YQOvw01HEKy4jy+laGjXl5r+TSI1Cl7FEj+wvJsJFpdK5qT/FSP
WfAMg2DvrWoa5vo2dRLja71qm7jMy6lMNOYJLHH8LPgfzq296MRdJajF5ODeyKHm
tf5558BakiTAkiiutF13j8bQegrd2IBDKkpWpTFpn0Ara5oq7HKW9Ddzx9bergzz
bDGBQgiwDbKrXemVrrgtjnbxNxeVxv8VEvmSosnV9P9tczQfhvBXYFtM0+PKSYKr
cg4a+N4dbJQ2IfhE2ijii0oPBBtxA5s+X8NkxpQRjDnpzyaIgsnVI4YITwi8dKAg
8MP9A2GDThbNkK2OkbOeM6xBkEGihRPfSZj1uzCt5Z24xOfyTXUZDVOVFv/op9JK
NzxeL3QsXsERvdrONkfs7PpRL0J8k8I1mnUTUekwDQKi+YnmrM8mk39/SgSY4BH/
g62MSPpAzRX/uXzyzImK76h61cbc+IY4rGNEA8WhzmsNkSGTxa8lyKXmB9Ywirf0
v4cu7MXNJMdhL5jivhooCjIeV5LbpwiyUkKuu+XvxpY1C6b1RdlmGE90JXZIoA3A
4REV2sfi1zLy5lESbcLqzrkTi1Ks72fNXVdd33MqGCfs76dZ+BZOp6l15r1mOoJx
zqyeQq+FYLWTHckcAMRUAx240CESE2x0WvOlfWesAWHVURQa0lo=
=eJNI
-----END PGP SIGNATURE-----

pgp7YhYet5u4I.pgp
Description: PGP signature

--- End Message ---

_______________________________________________
Pkg-utopia-maintainers mailing list
Pkg-utopia-maintainers@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-utopia-maintainers