[Bug 973512] New: programs in ghc-compiler package have an executable stack

[Bug 1251741] [abrt]...

[Bug 1205105] New: ghc-rpm-macros...

Red Hat Bugzilla

Wednesday, 12 June 2013 Wed, 12 Jun '13

12:38 a.m.

https://bugzilla.redhat.com/show_bug.cgi?id=973512 Bug ID: 973512 Summary: programs in ghc-compiler package have an executable stack Product: Fedora Version: 19 Component: ghc Severity: unspecified Priority: unspecified Assignee: petersen(a)redhat.com Reporter: dkholia(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: bos(a)serpentine.com, haskell-devel(a)lists.fedoraproject.org, petersen(a)redhat.com Description of problem: Many programs in the ghc-compiler package have an executable stack. "This makes it susceptible to stack based exploits should another weakness be found in the affected programs" (Steve Grubb). Version-Release number of selected component (if applicable): ghc-compiler-7.4.2-11.fc19 How reproducible: You can use following programs to check if a package is hardened: http://people.redhat.com/sgrubb/files/rpm-chksec OR https://github.com/kholia/checksec Steps to Reproduce: Get scanner.py from https://github.com/kholia/checksec $ ./scanner.py ghc-compiler-7.4.2-11.fc19.x86_64.rpm ... ghc-compiler,ghc-compiler-7.4.2-11.fc19.x86_64.rpm,/usr/lib64/ghc-7.4.2/ghc,mode=0100755,NX=Disabled,CANARY=Disabled,RELRO=Partial,PIE=Disabled,RPATH=Disabled,RUNPATH=Disabled,FORTIFY=Disabled,CATEGORY=None Notice "NX=Disabled" field. Upstream fixed this "bug" 4 years back. See http://hackage.haskell.org/trac/ghc/ticket/703 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=7UEkleMjDV&a=cc_unsubscribe

Show replies by date

Red Hat Bugzilla

Wednesday, 12 June Wed, 12 Jun

12:51 a.m.

New subject: [Bug 973512] programs in ghc-compiler package have an executable stack

https://bugzilla.redhat.com/show_bug.cgi?id=973512 --- Comment #1 from Dhiru Kholia <dkholia(a)redhat.com> --- Re-opened upstream bug, http://hackage.haskell.org/trac/ghc/ticket/703 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=Xrw246vmOS&a=cc_unsubscribe

Red Hat Bugzilla

Tuesday, 9 July Tue, 9 Jul

9:09 p.m.

New subject: [Bug 973512] programs in ghc-compiler package have an executable stack

https://bugzilla.redhat.com/show_bug.cgi?id=973512 Jens Petersen <petersen(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED --- Comment #2 from Jens Petersen <petersen(a)redhat.com> --- Thank you very much for reporting this. Should be fixed upstream, see https://github.com/ghc/ghc/commit/08a38628f29df63ac842f4d083efb414f42d7bff which I backported to rawhide in ghc-7.6.3-15.fc20. Note this affects ghc 7.4 and 7.4 (but not 7.0). I will backport later to F19 and F18. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=UCHDERYhsQ&a=cc_unsubscribe

Red Hat Bugzilla

9:11 p.m.

New subject: [Bug 973512] ghc links executables with executable stack flag set

https://bugzilla.redhat.com/show_bug.cgi?id=973512 Jens Petersen <petersen(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|programs in ghc-compiler |ghc links executables with |package have an executable |executable stack flag set |stack | --- Comment #3 from Jens Petersen <petersen(a)redhat.com> --- Also just to clarify the report it affects not just the ghc executables themselves but all executables linked by ghc-7.4 and ghc-7.6. :) -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=areRcbLMQ6&a=cc_unsubscribe

Red Hat Bugzilla

11:06 p.m.

New subject: [Bug 973512] ghc links executables with executable stack flag set

https://bugzilla.redhat.com/show_bug.cgi?id=973512 --- Comment #4 from Dhiru Kholia <dkholia(a)redhat.com> --- Hi Jens, Thanks for tracking this. Hoping to see the fixed packages land soon!

...

> Also just to clarify the report it affects not just the ghc executables themselves but all executables linked by ghc-7.4 and ghc-7.6. :)

Yes. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=PixXyySCVt&a=cc_unsubscribe

Red Hat Bugzilla

Thursday, 11 July Thu, 11 Jul

1:49 a.m.

New subject: [Bug 973512] ghc links executables with executable stack flag set

https://bugzilla.redhat.com/show_bug.cgi?id=973512 --- Comment #5 from Jens Petersen <petersen(a)redhat.com> --- (In reply to Jens Petersen from comment #3)

...

affects [...] all executables linked by ghc-7.4 and ghc-7.6.

Actually I am surprised but from my testing it seems ghc-7.4.1 (F18) is not affected, so currently this only affects F19 and Rawhide I believe. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=IVD9BhWgOz&a=cc_unsubscribe

Red Hat Bugzilla

1:53 a.m.

New subject: [Bug 973512] ghc links executables with executable stack flag set

https://bugzilla.redhat.com/show_bug.cgi?id=973512 --- Comment #6 from Jens Petersen <petersen(a)redhat.com> --- (In reply to Jens Petersen from comment #2)

...

https://github.com/ghc/ghc/commit/08a38628f29df63ac842f4d083efb414f42d7bff which I backported to rawhide in ghc-7.6.3-15.fc20.

Unfortunately even with ghc-7.6.3-15.fc20 executables still seems to get executable stack... It also changed the ABI hash of the ghc library. :-( For now I added a workaround to ghc-rpm-macros to clear the execstack flag when building Fedora Haskell packages, but leaving this open until the actual problem in ghc is fixed. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=L6peVx4Yln&a=cc_unsubscribe

Red Hat Bugzilla

1:57 a.m.

New subject: [Bug 973512] ghc-7.4.2 and 7.6.3 links executables with executable stack flag set

https://bugzilla.redhat.com/show_bug.cgi?id=973512 Jens Petersen <petersen(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|ghc links executables with |ghc-7.4.2 and 7.6.3 links |executable stack flag set |executables with executable | |stack flag set -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=wNBUjIQ1dR&a=cc_unsubscribe

Red Hat Bugzilla

3:45 a.m.

New subject: [Bug 973512] ghc-7.4.2 and 7.6.3 links executables with executable stack flag set

https://bugzilla.redhat.com/show_bug.cgi?id=973512 Fedora Update System <updates(a)fedoraproject.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |MODIFIED -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=V2j4XVZdTB&a=cc_unsubscribe

Red Hat Bugzilla

3:45 a.m.

New subject: [Bug 973512] ghc-7.4.2 and 7.6.3 links executables with executable stack flag set

https://bugzilla.redhat.com/show_bug.cgi?id=973512 --- Comment #7 from Fedora Update System <updates(a)fedoraproject.org> --- ghc-rpm-macros-0.98.3-1.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/ghc-rpm-macros-0.98.3-1.fc19 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=r7VbGju8Lu&a=cc_unsubscribe

Red Hat Bugzilla

Sunday, 21 July Sun, 21 Jul

7:36 p.m.

New subject: [Bug 973512] ghc-7.4.2 and 7.6.3 links executables with executable stack flag set

https://bugzilla.redhat.com/show_bug.cgi?id=973512 --- Comment #8 from Fedora Update System <updates(a)fedoraproject.org> --- ghc-rpm-macros-0.98.3-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=7rYYn5cXFJ&a=cc_unsubscribe

Red Hat Bugzilla

Monday, 26 August Mon, 26 Aug

5:47 a.m.

New subject: [Bug 973512] ghc-7.4.2 and 7.6.3 links executables with executable stack flag set

https://bugzilla.redhat.com/show_bug.cgi?id=973512 Florian Weimer <fweimer(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fweimer(a)redhat.com -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=gg99LoQe3C&a=cc_unsubscribe

Red Hat Bugzilla

7:15 a.m.

New subject: [Bug 973512] ghc-7.4.2 and 7.6.3 links executables with executable stack flag set

https://bugzilla.redhat.com/show_bug.cgi?id=973512 Florian Weimer <fweimer(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|MODIFIED |ASSIGNED --- Comment #9 from Florian Weimer <fweimer(a)redhat.com> --- ghc still produces binaries with an executable stack. Clearing up after %install in RPM macros is a nice kludge, but doesn't help users who build their own software. Do we know why the version in F19 doesn't play nice with NX stacks? -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=HXiybbXkDQ&a=cc_unsubscribe

Red Hat Bugzilla

Wednesday, 29 January Wed, 29 Jan

9:19 p.m.

New subject: [Bug 973512] ghc-7.4.2 and 7.6.3 links executables with executable stack flag set

https://bugzilla.redhat.com/show_bug.cgi?id=973512 --- Comment #10 from Jens Petersen <petersen(a)redhat.com> --- I am not sure what went wrong in my earlier testing, I did a new test build and it *does* seem to fix the problem. :) So likely my earlier testing was incorrect. :-/ http://koji.fedoraproject.org/koji/taskinfo?taskID=6467138 This f21 scratch build should also work fine on F20. (You can use lftp etc to pull down the rpms from kojipkgs.) -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=lAReQGcMSw&a=cc_unsubscribe

Red Hat Bugzilla

9:26 p.m.

New subject: [Bug 973512] ghc-7.4.2 and 7.6.3 links executables with executable stack flag set

https://bugzilla.redhat.com/show_bug.cgi?id=973512 --- Comment #11 from Jens Petersen <petersen(a)redhat.com> ---

...

http://koji.fedoraproject.org/koji/taskinfo?taskID=6467138 This f21 scratch build should also work fine on F20.

I forgot I only built it so far for i686. Anyway I will build soon for rawhide and then it should be easier to test. As noted earlier, the ghc lib's ABI hash changes so unfortunately this also requires some rebuilds to push cleanly. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=jaD91dUDDY&a=cc_unsubscribe

Red Hat Bugzilla

11:29 p.m.

New subject: [Bug 973512] ghc-7.4.2 and 7.6.3 links executables with executable stack flag set

https://bugzilla.redhat.com/show_bug.cgi?id=973512 --- Comment #12 from Dhiru Kholia <dkholia(a)redhat.com> --- Thanks Jens! This should help in reducing the size of the following list, http://people.fedoraproject.org/~halfie/scans/rawhide-execstack-list.txt -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=Fj8PlOy8Tt&a=cc_unsubscribe

Red Hat Bugzilla

Thursday, 30 January Thu, 30 Jan

1:54 a.m.

New subject: [Bug 973512] ghc-7.4.2 and 7.6.3 links executables with executable stack flag set

https://bugzilla.redhat.com/show_bug.cgi?id=973512 --- Comment #13 from Jens Petersen <petersen(a)redhat.com> --- Here's a scratch build for x86_64 too: http://koji.fedoraproject.org/koji/taskinfo?taskID=6467138 which should become identical to the final rawhide build once I have tested it. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=PAha1Z4S71&a=cc_unsubscribe

Red Hat Bugzilla

2:02 a.m.

New subject: [Bug 973512] ghc-7.4.2 and 7.6.3 links executables with executable stack flag set

https://bugzilla.redhat.com/show_bug.cgi?id=973512 --- Comment #14 from Jens Petersen <petersen(a)redhat.com> --- (In reply to Jens Petersen from comment #13)

...

Here's a scratch build for x86_64 too:

Ugh, I mean http://koji.fedoraproject.org/koji/taskinfo?taskID=6470812 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=kejICTNRPB&a=cc_unsubscribe

Red Hat Bugzilla

2:47 a.m.

New subject: [Bug 973512] ghc-7.4.2 and 7.6.3 links executables with executable stack flag set

https://bugzilla.redhat.com/show_bug.cgi?id=973512 --- Comment #15 from Jens Petersen <petersen(a)redhat.com> --- The saga gets better: the 64bit build above does not fix execstack! unlike the 32bit one above... boggle, which is consistent with comment 6. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=uIEN10arwR&a=cc_unsubscribe

Red Hat Bugzilla

Friday, 21 February Fri, 21 Feb

2:21 a.m.

New subject: [Bug 973512] ghc-7.4.2 and 7.6.3 links executables with executable stack flag set

https://bugzilla.redhat.com/show_bug.cgi?id=973512 Dhiru Kholia <dkholia(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dhiru(a)openwall.com -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=Pj0XYvCA9r&a=cc_unsubscribe

Red Hat Bugzilla

Wednesday, 7 January Wed, 7 Jan

1:01 a.m.

New subject: [Bug 973512] ghc-7.4.2 and 7.6.3 links executables with executable stack flag set

Red Hat Bugzilla

Friday, 15 May Fri, 15 May

2:28 a.m.

New subject: [Bug 973512] [F21] ghc-7.4.2 and 7.6.3 links executables with executable stack flag set

https://bugzilla.redhat.com/show_bug.cgi?id=973512 Jens Petersen <petersen(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|ghc-7.4.2 and 7.6.3 links |[F21] ghc-7.4.2 and 7.6.3 |executables with executable |links executables with |stack flag set |executable stack flag set -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=TZtjPp5RtD&a=cc_unsubscribe

Red Hat Bugzilla

Wednesday, 4 November Wed, 4 Nov

9:33 a.m.

New subject: [Bug 973512] [F21] ghc-7.4.2 and 7.6.3 links executables with executable stack flag set

https://bugzilla.redhat.com/show_bug.cgi?id=973512 --- Comment #18 from Fedora End Of Life <endoflife(a)fedoraproject.org> --- This message is a reminder that Fedora 21 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 21. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '21'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 21 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=bMxkhKzilH&a=cc_unsubscribe

Red Hat Bugzilla

Tuesday, 1 December Tue, 1 Dec

8:48 p.m.

New subject: [Bug 973512] [F21] ghc-7.4.2 and 7.6.3 links executables with executable stack flag set

https://bugzilla.redhat.com/show_bug.cgi?id=973512 Fedora End Of Life <honza.kurik(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution|--- |WONTFIX Last Closed| |2015-12-01 21:48:17 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=fE7vwU4OAs&a=cc_unsubscribe

Red Hat Bugzilla

8:48 p.m.

New subject: [Bug 973512] [F21] ghc-7.4.2 and 7.6.3 links executables with executable stack flag set

https://bugzilla.redhat.com/show_bug.cgi?id=973512 --- Comment #19 from Fedora End Of Life <honza.kurik(a)gmail.com> --- Fedora 21 changed to end-of-life (EOL) status on 2015-12-01. Fedora 21 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=yTtfv3i4B1&a=cc_unsubscribe

Red Hat Bugzilla

Wednesday, 2 December Wed, 2 Dec

7:44 a.m.

New subject: [Bug 973512] [F21] ghc-7.4.2 and 7.6.3 links executables with executable stack flag set

https://bugzilla.redhat.com/show_bug.cgi?id=973512 Florian Weimer <fweimer(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|WONTFIX |CURRENTRELEASE -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=2GBpA2lgXy&a=cc_unsubscribe

3075

days inactive

3978

days old

haskell-devel@lists.fedoraproject.org

Manage subscription

25 comments

1 participants

tags (0)

participants (1)

Red Hat Bugzilla

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

[Bug 973512] New: programs in ghc-compiler package have an executable stack