Bug#1012791: marked as done (x264: armhf build of libx264.so has executable stack enabled)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Sat, 1 Mar 2025 18:32:50 +0100
with message-id <Z8NEwqxnBwh9q-OB@ramacher.at>
and subject line Re: Bug#1012791: x264 executable stack
has caused the Debian Bug report #1012791,
regarding x264: armhf build of libx264.so has executable stack enabled
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1012791: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012791
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: x264: armhf build of libx264.so has executable stack enabled
• From: Ard Biesheuvel <ardb@kernel.org>
• Date: Tue, 14 Jun 2022 08:25:57 +0200
• Message-id: <165518795764.27219.10326323099658621859.reportbug@sudo>

Package: x264
Severity: important
X-Debbugs-Cc: ardb@kernel.org

Dear Maintainer,

When building x264 for the armhf architecture, the resulting package contains a build of libx264.so that has a PT_GNU_STACK ELF program header that identifies the shared object as requiring an executable stack. This is a bad idea from security pov, and only seems to affect the armhf build (the arm64 build is fine).
-- System Information:
Debian Release: 11.3
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable-debug'), (500, 'proposed-updates-debug'), (500, 'stable')
Architecture: arm64 (aarch64)
Foreign Architectures: armhf

Kernel: Linux 5.18.3-wxn+ (SMP w/24 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages x264 depends on:
ii  libavcodec58   7:4.3.4-0+deb11u1
ii  libavformat58  7:4.3.4-0+deb11u1
ii  libavutil56    7:4.3.4-0+deb11u1
ii  libc6          2.31-13+deb11u3
pn  libffms2-4     <none>
pn  libgpac10      <none>
ii  libswscale5    7:4.3.4-0+deb11u1
ii  libx264-160    2:0.160.3011+gitcde9a93-2.1

x264 recommends no packages.

x264 suggests no packages.

--- End Message ---

--- Begin Message ---

• To: Simon Chopin <schopin@ubuntu.com>, 1012791-done@bugs.debian.org
• Subject: Re: Bug#1012791: x264 executable stack
• From: Sebastian Ramacher <sramacher@debian.org>
• Date: Sat, 1 Mar 2025 18:32:50 +0100
• Message-id: <Z8NEwqxnBwh9q-OB@ramacher.at>
• In-reply-to: <174059237838.29717.11130820936277308502@dresden>
• References: <165518795764.27219.10326323099658621859.reportbug@sudo> <174059237838.29717.11130820936277308502@dresden>

On 2025-02-26 18:52:58 +0100, Simon Chopin wrote:
> Since binutils 2.44-1 now defaults to non-executable stacks[0] I believe
> a simple binNMU on armhf should be sufficient to fix this.

Scheduled.

Cheers
-- 
Sebastian Ramacher

--- End Message ---