tags 765070 + patch thanks I've found the reason for this!
In kfreebsd 9.2 or 10.x, kern.elf64.nxstack=1 by default, which means executable stacks are not allowed. The segfault happens at: | 1270: twalk(btree, idid_btree_builddescarray); where function idid_btree_builddescarray() is defined on the stack, nested inside of rc_deptree_solve_loop(). It is desirable to enforce nxstack, because in many other applications, a buffer overflow could allow to modify a function on the stack, which is later executed. So I'd like to work around this in openrc so it does not need executable stacks at all. (This bug would also affect regular FreeBSD, and perhaps GNU/Linux if SElinux was enforcing nxstack). Patch/debdiff attached! (Also dropped unnecessary libkvm dependency) Thanks, Regards, -- Steven Chamberlain ste...@pyro.eu.org
diff -Nru openrc-0.13.1/debian/changelog openrc-0.13.1/debian/changelog
--- openrc-0.13.1/debian/changelog 2014-10-17 11:23:41.000000000 +0100
+++ openrc-0.13.1/debian/changelog 2014-10-18 20:56:05.000000000 +0100
@@ -1,3 +1,13 @@
+openrc (0.13.1-2) UNRELEASED; urgency=medium
+
+ * Add 0210-GNU-kFreeBSD_workaround-nxstack.patch:
+ - loopsolver: don't use executable stacks
+ - fixes a crash on newer versions of kfreebsd that enforce
+ non-executable stacks (Closes #765070)
+ * Drop unnecessary dependency on libkvm-dev [kfreebsd-any]
+
+ -- Steven Chamberlain <ste...@pyro.eu.org> Sat, 18 Oct 2014 17:28:16 +0100
+
openrc (0.13.1-1) unstable; urgency=medium
* New upstream release
diff -Nru openrc-0.13.1/debian/control openrc-0.13.1/debian/control
--- openrc-0.13.1/debian/control 2014-10-17 11:28:46.000000000 +0100
+++ openrc-0.13.1/debian/control 2014-10-18 17:15:43.000000000 +0100
@@ -5,7 +5,7 @@
Uploaders: Roger Leigh <rle...@debian.org>,
Thomas Goirand <z...@debian.org>,
Benda Xu <hero...@gentoo.org>, Ritesh Raj Sarraf <r...@debian.org>
-Build-Depends: debhelper (>= 9), libkvm-dev [kfreebsd-any]
+Build-Depends: debhelper (>= 9)
Standards-Version: 3.9.5
Homepage: http://www.gentoo.org/proj/en/base/openrc/
Vcs-Git: git://anonscm.debian.org/openrc/openrc.git
diff -Nru
openrc-0.13.1/debian/patches/0200-GNU-kFreeBSD_add-missing-files.patch
openrc-0.13.1/debian/patches/0200-GNU-kFreeBSD_add-missing-files.patch
--- openrc-0.13.1/debian/patches/0200-GNU-kFreeBSD_add-missing-files.patch
2014-10-17 11:26:39.000000000 +0100
+++ openrc-0.13.1/debian/patches/0200-GNU-kFreeBSD_add-missing-files.patch
2014-10-18 20:56:45.000000000 +0100
@@ -45,7 +45,7 @@
===================================================================
--- openrc.orig/mk/os-GNU-kFreeBSD.mk 2014-10-17 15:56:36.422098290 +0530
+++ openrc/mk/os-GNU-kFreeBSD.mk 2014-10-17 15:56:36.418098290 +0530
-@@ -3,7 +3,9 @@
+@@ -2,7 +2,9 @@
# Generic definitions
@@ -54,9 +54,8 @@
+
CPPFLAGS+= -D_BSD_SOURCE -D_XOPEN_SOURCE=700
LIBDL= -Wl,-Bdynamic -ldl
--LIBKVM?=
+ LIBKVM?=
-include ${MK}/os-BSD.mk
-+LIBKVM?= -lkvm
Index: openrc/conf.d/network.GNU-kFreeBSD.in
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
diff -Nru
openrc-0.13.1/debian/patches/0210-GNU-kFreeBSD_workaround-nxstack.patch
openrc-0.13.1/debian/patches/0210-GNU-kFreeBSD_workaround-nxstack.patch
--- openrc-0.13.1/debian/patches/0210-GNU-kFreeBSD_workaround-nxstack.patch
1970-01-01 01:00:00.000000000 +0100
+++ openrc-0.13.1/debian/patches/0210-GNU-kFreeBSD_workaround-nxstack.patch
2014-10-18 20:50:30.000000000 +0100
@@ -0,0 +1,64 @@
+From: Steven Chamberlain <ste...@pyro.eu.org>
+Subject: loopsolver: don't use executable stacks
+Date: Sat, 18 Oct 2014 20:48:40 +0100
+
+Avoid use of executable stacks, since FreeBSD 9.2, 10.0 and newer
+enforce kern.elf64.nxstack / kern.elf32.nxstack by default.
+
+--- a/src/librc/librc-depend.c
++++ b/src/librc/librc-depend.c
+@@ -886,6 +886,27 @@
+ return '?';
+ }
+
++static int idid_count2;
++static idid_entry_t *idid_counters;
++
++static void
++idid_btree_builddescarray(const void *nodep, const VISIT which, const int
depth) {
++ (void)depth;
++ switch (which) {
++ case preorder:
++ case leaf: {
++ const idid_entry_t *idid_entry_p = *(idid_entry_t *
const*)nodep;
++
++ memcpy(&idid_counters[idid_count2], idid_entry_p,
sizeof(idid_counters[idid_count2]));
++ idid_count2++;
++ break;
++ }
++ default:
++ break;
++ }
++ return;
++}
++
+ /*! Solves dependecies loops
+ * @param unap_matrix matrixes to scan ways to solve the loop
+ * @param service_id looped service id
+@@ -1243,26 +1264,6 @@
+ /* building array of dependencies sorted by descending presence
counter */
+
+ {
+- int idid_count2;
+- idid_entry_t *idid_counters;
+-
+- void idid_btree_builddescarray(const void *nodep, const
VISIT which, const int depth) {
+- (void)depth;
+- switch (which) {
+- case preorder:
+- case leaf: {
+- const idid_entry_t
*idid_entry_p = *(idid_entry_t * const*)nodep;
+-
+-
memcpy(&idid_counters[idid_count2], idid_entry_p,
sizeof(idid_counters[idid_count2]));
+- idid_count2++;
+- break;
+- }
+- default:
+- break;
+- }
+- return;
+- }
+-
+ idid_counters = xmalloc(idid_count *
sizeof(*idid_counters));
+
+ idid_count2 = 0;
diff -Nru openrc-0.13.1/debian/patches/series
openrc-0.13.1/debian/patches/series
--- openrc-0.13.1/debian/patches/series 2014-10-17 12:14:03.000000000 +0100
+++ openrc-0.13.1/debian/patches/series 2014-10-18 20:45:36.000000000 +0100
@@ -5,4 +5,5 @@
0100-GNU-Hurd_PATH_MAX_and_defined.patch
0110-GNU-Hurd_add-missing-files.patch
0200-GNU-kFreeBSD_add-missing-files.patch
+0210-GNU-kFreeBSD_workaround-nxstack.patch
upstream-files-modified.patch
signature.asc
Description: OpenPGP digital signature
