[Pkg-alsa-devel] Bug#301164: marked as done (libasound2-dev: nested functions cause all loaders of libasound.so to have executable stacks)

Debian Bug Tracking System owner@bugs.debian.org
Sun, 05 Jun 2005 19:48:24 -0700


Your message dated Sun, 05 Jun 2005 22:32:07 -0400
with message-id <E1Df7PL-0007x2-00@newraff.debian.org>
and subject line Bug#301164: fixed in alsa-lib 1.0.9-1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 24 Mar 2005 05:27:52 +0000
>From spender@grsecurity.net Wed Mar 23 21:27:52 2005
Return-path: <spender@grsecurity.net>
Received: from marge.bucknell.edu [134.82.9.1] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1DEKsq-0004GP-00; Wed, 23 Mar 2005 21:27:52 -0800
Received: from mayinga.bucknell.edu (mayinga.bucknell.edu [134.82.9.74])
	by marge.bucknell.edu (8.12.11/8.12.11) with ESMTP id j2O5Rp3n016128;
	Thu, 24 Mar 2005 00:27:51 -0500 (EST)
Received: from gw.bucknell.edu (bspengle.resnet.bucknell.edu [134.82.97.24])
	by mayinga.bucknell.edu (8.13.1/8.13.1) with ESMTP id j2O5RoT0007266;
	Thu, 24 Mar 2005 00:27:50 -0500 (EST)
Message-Id: <200503240527.j2O5RoT0007266@mayinga.bucknell.edu>
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Brad Spengler <spender@grsecurity.net>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libasound2-dev: nested functions cause all loaders of libasound.so to have
 executable stacks
X-Mailer: reportbug 3.9
Date: Thu, 24 Mar 2005 00:27:45 -0500
X-Proofpoint-Spam-Details: rule=opt-in_notspam policy=opt-in score=0 mlx=0 adultscore=0 adjust=0 engine=2.5.0-05032200 definitions=2.5.0-05032300
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-5.6 required=4.0 tests=BAYES_00,HAS_PACKAGE,
	OPT_HEADER autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: libasound2-dev
Version: 1.0.8-3
Severity: important


objdump -x /usr/libasound.so reports:
   STACK off    0x00000000 vaddr 0x00000000 paddr 0x00000000 align 2**2
         filesz 0x00000000 memsz 0x00000000 flags rwx
	    
This is due to nested functions in the alsa library.  These have been
fixed in other distributions (Fedora, Gentoo).  Not fixing this problem
breaks applications that use this library on PaX systems and silently
disables additional security on exec-shield systems.

-Brad

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.11.5-grsec
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages libasound2-dev depends on:
ii  libasound2                    1.0.8-3    ALSA library
ii  libc6-dev [libc-dev]          2.3.4-1    GNU C Library: Development Librari

-- no debconf information

---------------------------------------
Received: (at 301164-close) by bugs.debian.org; 6 Jun 2005 02:40:02 +0000
>From katie@ftp-master.debian.org Sun Jun 05 19:40:02 2005
Return-path: <katie@ftp-master.debian.org>
Received: from newraff.debian.org [208.185.25.31] (mail)
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1Df7X0-0007H3-00; Sun, 05 Jun 2005 19:40:02 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
	id 1Df7PL-0007x2-00; Sun, 05 Jun 2005 22:32:07 -0400
From: Jordi Mallach <jordi@debian.org>
To: 301164-close@bugs.debian.org
X-Katie: $Revision: 1.56 $
Subject: Bug#301164: fixed in alsa-lib 1.0.9-1
Message-Id: <E1Df7PL-0007x2-00@newraff.debian.org>
Sender: Archive Administrator <katie@ftp-master.debian.org>
Date: Sun, 05 Jun 2005 22:32:07 -0400
Delivered-To: 301164-close@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 
X-CrossAssassin-Score: 3

Source: alsa-lib
Source-Version: 1.0.9-1

We believe that the bug you reported is fixed in the latest version of
alsa-lib, which is due to be installed in the Debian FTP archive:

alsa-lib_1.0.9-1.diff.gz
  to pool/main/a/alsa-lib/alsa-lib_1.0.9-1.diff.gz
alsa-lib_1.0.9-1.dsc
  to pool/main/a/alsa-lib/alsa-lib_1.0.9-1.dsc
alsa-lib_1.0.9.orig.tar.gz
  to pool/main/a/alsa-lib/alsa-lib_1.0.9.orig.tar.gz
libasound2-dev_1.0.9-1_i386.deb
  to pool/main/a/alsa-lib/libasound2-dev_1.0.9-1_i386.deb
libasound2-doc_1.0.9-1_all.deb
  to pool/main/a/alsa-lib/libasound2-doc_1.0.9-1_all.deb
libasound2_1.0.9-1_i386.deb
  to pool/main/a/alsa-lib/libasound2_1.0.9-1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 301164@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jordi Mallach <jordi@debian.org> (supplier of updated alsa-lib package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun,  5 Jun 2005 23:00:51 +0200
Source: alsa-lib
Binary: libasound2-dev libasound2-doc libasound2
Architecture: source all i386
Version: 1.0.9-1
Distribution: unstable
Urgency: low
Maintainer: Debian ALSA Maintainers <pkg-alsa-devel@lists.alioth.debian.org>
Changed-By: Jordi Mallach <jordi@debian.org>
Description: 
 libasound2 - ALSA library
 libasound2-dev - ALSA library development files
 libasound2-doc - ALSA library developer documentation
Closes: 291533 293928 299423 300792 301164 310189
Changes: 
 alsa-lib (1.0.9-1) unstable; urgency=low
 .
   * New upstream release
     - Fix bug that disabled stack protection (CAN-2005-0087)
       (RedHat bug #144518)  (Closes: #301164)
     - Fixes related to mplayer (Closes: #310189)
   * Jordi Mallach
     - debian/rules: bump shlibs to 1.0.9.
 .
 alsa-lib (1.0.8+1.0.9rc3-1) experimental; urgency=low
 .
   * New upstream release
     - Closes: #291533 "ttable in .asoundrc do not accept fractions"
     - Closes: #293928 "wrong routings of channels for 5.1 ICH5"
     - Closes: #299423 "Please include asound_fm.h"
     - Closes: #300792 "FTBFS (ppc64/gcc-4.0): static declaration ..."
     - libasound2-plugins is no longer built from this source package
   * Thomas Hood
     - Remove the control entry, commands in rules, build dependencies
       related to libasound2-plugins
     - Add some mutual Suggestions among the ALSA library packages
     - Drop dpatch applied upstream: 10_conf-space-fix
     - debian/NOTES:
       + Add note about what to do if we ever have libasound3
       + Remove note about building libasound2-plugins
     - Tweak descriptions
Files: 
 83ac6775a0450bb3d2b596fd99089c60 822 libs optional alsa-lib_1.0.9-1.dsc
 beef8e8de83869615c19c42d5d4636b8 958469 libs optional alsa-lib_1.0.9.orig.tar.gz
 703db1455da75d029b3ac1008ab46f37 12657 libs optional alsa-lib_1.0.9-1.diff.gz
 2e67cefbccdfe3f049b6dfc1b22ca6a8 323472 libs optional libasound2_1.0.9-1_i386.deb
 149f80f17607054a063668cdc390dd4c 463622 libdevel optional libasound2-dev_1.0.9-1_i386.deb
 4cf6714f35ab6010e0f1124f61f3e15f 484320 libdevel optional libasound2-doc_1.0.9-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFCo4V5JYSUupF6Il4RAu2yAKDyqJcRPUxVv8P6c15NHcvMxB871ACfaIca
2u2KTMci9KwnQYwbthMkjcc=
=aHTD
-----END PGP SIGNATURE-----