commit: 40ed7d92f481b5af9aa54843bb350d25f28c7110 Author: Alessandro Barbieri <lssndrbarbieri <AT> gmail <DOT> com> AuthorDate: Fri Sep 3 22:26:09 2021 +0000 Commit: Alessandro Barbieri <lssndrbarbieri <AT> gmail <DOT> com> CommitDate: Fri Sep 3 23:05:07 2021 +0000 URL: https://gitweb.gentoo.org/repo/proj/guru.git/commit/?id=40ed7d92
sys-cluster/dyninst: no W+X sections Closes: https://bugs.gentoo.org/806268 Package-Manager: Portage-3.0.22, Repoman-3.0.3 Signed-off-by: Alessandro Barbieri <lssndrbarbieri <AT> gmail.com> ...yninst-11.0.1.ebuild => dyninst-11.0.1-r1.ebuild} | 2 ++ ...e-executable-flag-from-dyninst_heap-section.patch | 20 ++++++++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/sys-cluster/dyninst/dyninst-11.0.1.ebuild b/sys-cluster/dyninst/dyninst-11.0.1-r1.ebuild similarity index 93% rename from sys-cluster/dyninst/dyninst-11.0.1.ebuild rename to sys-cluster/dyninst/dyninst-11.0.1-r1.ebuild index 73a7501d4..eb0f0a6d7 100644 --- a/sys-cluster/dyninst/dyninst-11.0.1.ebuild +++ b/sys-cluster/dyninst/dyninst-11.0.1-r1.ebuild @@ -29,6 +29,8 @@ RDEPEND=" DEPEND="${RDEPEND}" BDEPEND="doc? ( dev-texlive/texlive-latex )" +PATCHES=( "${FILESDIR}/${P}-remove-executable-flag-from-dyninst_heap-section.patch" ) + src_configure() { local mycmakeargs=( -DENABLE_STATIC_LIBS=NO diff --git a/sys-cluster/dyninst/files/dyninst-11.0.1-remove-executable-flag-from-dyninst_heap-section.patch b/sys-cluster/dyninst/files/dyninst-11.0.1-remove-executable-flag-from-dyninst_heap-section.patch new file mode 100644 index 000000000..09bab8993 --- /dev/null +++ b/sys-cluster/dyninst/files/dyninst-11.0.1-remove-executable-flag-from-dyninst_heap-section.patch @@ -0,0 +1,20 @@ +From f27f96cee0b73f770cf69cb98a5744f769014ee5 Mon Sep 17 00:00:00 2001 +From: "James A. Kupsch" <kup...@cs.wisc.edu> +Date: Mon, 30 Aug 2021 10:18:17 -0500 +Subject: [PATCH] remove executable flag from .dyninst_heap section + +This prevents the library/object with this code from having a segment violates +the W^X security property for segments as the current setting resulted in +segment with both the WRITE and EXECUTE flags set. The function +mark_heaps_exec() restores execute protection to just the heap arrays. +--- a/dyninstAPI_RT/src/RTspace.S ++++ b/dyninstAPI_RT/src/RTspace.S +@@ -8,7 +8,7 @@ + .type DYNINSTstaticHeap_16M_anyHeap_1, @object + .size DYNINSTstaticHeap_16M_anyHeap_1, 16777216 + +-.section .dyninst_heap,"awx",@nobits ++.section .dyninst_heap,"aw",@nobits + .align 16 + DYNINSTstaticHeap_512K_lowmemHeap_1: + .skip 524288