[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#887875: marked as done (libqt5webenginecore5: libQt5WebEngineCore.so.5.9.2 claims to need an executable stack)



Your message dated Wed, 08 Jan 2020 21:47:12 +0000
with message-id <E1ipJAW-000G92-Nl@fasolo.debian.org>
and subject line Bug#887875: fixed in qtwebengine-opensource-src 5.11.3+dfsg-2+deb10u1
has caused the Debian Bug report #887875,
regarding libqt5webenginecore5: libQt5WebEngineCore.so.5.9.2 claims to need an executable stack
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
887875: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887875
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: libqt5webenginecore5
Version: 5.9.2+dfsg-2
Severity: normal

$ execstack -q /usr/lib/x86_64-linux-gnu/libQt5WebEngineCore.so.5.9.2
X /usr/lib/x86_64-linux-gnu/libQt5WebEngineCore.so.5.9.2

The shared object is listed as requiring an executable stack.  This weakens
the security of every application that uses it.

# execstack -c /usr/lib/x86_64-linux-gnu/libQt5WebEngineCore.so.5.9.2

After running the above command kmail (which uses that shared object) works
correctly.  I have SE Linux set to not permit executable stack so it wouldn't
run with the flag set in the header.  The fact that it runs now means that
at least the basic operations of this shared object don't need an executable
stack.

-- System Information:
Debian Release: buster/sid
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.14.0-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE=en_AU:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Enforcing - Policy name: default

Versions of packages libqt5webenginecore5 depends on:
ii  libasound2                       1.1.3-5
ii  libavcodec57                     7:3.4.1-1+b1
ii  libavformat57                    7:3.4.1-1+b1
ii  libavutil55                      7:3.4.1-1+b1
ii  libc6                            2.26-4
ii  libdbus-1-3                      1.12.2-1
ii  libevent-2.1-6                   2.1.8-stable-4
ii  libexpat1                        2.2.5-3
ii  libfontconfig1                   2.12.6-0.1
ii  libfreetype6                     2.8.1-1
ii  libgcc1                          1:7.2.0-19
ii  libglib2.0-0                     2.54.3-1
ii  libharfbuzz0b                    1.7.2-1
ii  libicu57                         57.1-8
ii  libjpeg62-turbo                  1:1.5.2-2+b1
ii  liblcms2-2                       2.9-1
ii  libminizip1                      1.1-8+b1
ii  libnspr4                         2:4.16-1+b1
ii  libnss3                          2:3.34.1-1
ii  libopus0                         1.2.1-1
ii  libpng16-16                      1.6.34-1
ii  libqt5core5a [qtbase-abi-5-9-2]  5.9.2+dfsg-6
ii  libqt5gui5                       5.9.2+dfsg-6
ii  libqt5network5                   5.9.2+dfsg-6
ii  libqt5positioning5               5.9.2+dfsg-3
ii  libqt5quick5                     5.9.2-3
ii  libqt5webchannel5                5.9.2-3
ii  libqt5webengine-data             5.9.2+dfsg-2
ii  libre2-3                         20170101+dfsg-1
ii  libsnappy1v5                     1.1.7-1
ii  libstdc++6                       7.2.0-19
ii  libwebp6                         0.6.0-4
ii  libwebpdemux2                    0.6.0-4
ii  libx11-6                         2:1.6.4-3
ii  libx11-xcb1                      2:1.6.4-3
ii  libxcb1                          1.12-1
ii  libxcomposite1                   1:0.4.4-2
ii  libxcursor1                      1:1.1.15-1
ii  libxdamage1                      1:1.1.4-3
ii  libxext6                         2:1.3.3-1+b2
ii  libxfixes3                       1:5.0.3-1
ii  libxi6                           2:1.7.9-1
ii  libxml2                          2.9.4+dfsg1-6.1
ii  libxrender1                      1:0.9.10-1
ii  libxslt1.1                       1.1.29-5
ii  libxss1                          1:1.2.2-1+b2
ii  libxtst6                         2:1.2.3-1
ii  zlib1g                           1:1.2.8.dfsg-5

libqt5webenginecore5 recommends no packages.

libqt5webenginecore5 suggests no packages.

-- no debconf information

-- debsums errors found:
debsums: changed file /usr/lib/x86_64-linux-gnu/libQt5WebEngineCore.so.5.9.2 (from libqt5webenginecore5:amd64 package)

--- End Message ---
--- Begin Message ---
Source: qtwebengine-opensource-src
Source-Version: 5.11.3+dfsg-2+deb10u1

We believe that the bug you reported is fixed in the latest version of
qtwebengine-opensource-src, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 887875@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Dmitry Shachnev <mitya57@debian.org> (supplier of updated qtwebengine-opensource-src package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 31 Dec 2019 00:06:07 +0300
Source: qtwebengine-opensource-src
Binary: qtwebengine5-dev qtwebengine5-private-dev libqt5webengine5 libqt5webenginecore5 libqt5webenginewidgets5 libqt5webengine-data qml-module-qtwebengine qtwebengine5-dev-tools qtwebengine5-examples qtwebengine5-doc qtwebengine5-doc-html
Architecture: source
Version: 5.11.3+dfsg-2+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Dmitry Shachnev <mitya57@debian.org>
Description:
 libqt5webengine-data - Web content engine library for Qt - Data
 libqt5webengine5 - Web content engine library for Qt
 libqt5webenginecore5 - Web content engine library for Qt - Core
 libqt5webenginewidgets5 - Web content engine library for Qt - Widget
 qml-module-qtwebengine - Qt WebEngine QML module
 qtwebengine5-dev - Web content engine library for Qt - development files
 qtwebengine5-dev-tools - Qt WebEngine tools
 qtwebengine5-doc - Qt 5 webengine documentation
 qtwebengine5-doc-html - Qt 5 webengine HTML documentation
 qtwebengine5-examples - Qt WebEngine - Examples
 qtwebengine5-private-dev - Web content engine library for Qt - private development files
Closes: 882805 887875 919504
Changes:
 qtwebengine-opensource-src (5.11.3+dfsg-2+deb10u1) buster; urgency=medium
 .
   * Fix PDF parsing by adding the missing non-const overrides for
     CPDF_Dictionary::GetDict() and CPDF_Reference::GetDict(). This also
     fixes QWebEnginePage::print() method (closes: #919504).
   * Use ui/webui/resources/js/jstemplate_compiled.js provided by upstream
     instead of an empty file (closes: #882805).
   * Backport upstream patch to disable executable stack (closes: #887875).
Checksums-Sha1:
 002ade7c180eb441257ca0aa4a3fa84f1bbb318e 4734 qtwebengine-opensource-src_5.11.3+dfsg-2+deb10u1.dsc
 c4055922ab9c8c51c4b7ed14807d68d4f05ec390 465536 qtwebengine-opensource-src_5.11.3+dfsg-2+deb10u1.debian.tar.xz
 7be9236854c2fcb1675ec80f2c33d11abff6bcac 13076 qtwebengine-opensource-src_5.11.3+dfsg-2+deb10u1_source.buildinfo
Checksums-Sha256:
 515fc3e8b6aa5759f7c91280a472a0ca6a63995e1a532e918ff562050297ac38 4734 qtwebengine-opensource-src_5.11.3+dfsg-2+deb10u1.dsc
 473032d598dfdfa6cf97ccfc665c9a670a217760bac6e2d34757d0e09b684d30 465536 qtwebengine-opensource-src_5.11.3+dfsg-2+deb10u1.debian.tar.xz
 b939e6f1f302cd0b65266efa596f15f3db9edc59578c565b76b582a0ae9c2b79 13076 qtwebengine-opensource-src_5.11.3+dfsg-2+deb10u1_source.buildinfo
Files:
 be1500b4f46f38901e1239d49e04bbeb 4734 libs optional qtwebengine-opensource-src_5.11.3+dfsg-2+deb10u1.dsc
 079a8c977693b2605964dfd446c60f27 465536 libs optional qtwebengine-opensource-src_5.11.3+dfsg-2+deb10u1.debian.tar.xz
 1209a594145e837986203ce43c33dedb 13076 libs optional qtwebengine-opensource-src_5.11.3+dfsg-2+deb10u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCgAxFiEE5688gqe4PSusUZcLZkYmW1hrg8sFAl4KaOUTHG1pdHlhNTdA
ZGViaWFuLm9yZwAKCRBmRiZbWGuDy5aqD/43W2MsjmoRv7tytZmTdRc1XgN4lB0z
z1dE1ZHw8AVkMNTApzCo9szf/Hx9BLf7OHrKejy28YnvHzw671sYJXlXyt7kO4dw
To8Ipo3Z/7SMCQzCgrv8vK4eXdUYq7c8UxyNSzT9PE7/czOx+RVC2eF+mMX0HKPI
PYBv/kYTakaXEf5/MLfFLaYrYhhoX35OiZHcEJ4KPGHvBw8SXT5MSSIH44hUfp7p
U+gUbJzXOAOTLC2ajQRs/uzDVk9DGukV1kRAg0OBEuNCKsXBvA3kcBXPfY1vIva3
HXhaHWo5c/76qp4Zdlyk+GCp971FX+jhkqSN3vU45Bt18LLaNN5oRYiSOV9awQsa
TpeGlfRKgWMkljBJ7TahT7m08HOD7yfmkgkKI69J4ApCxRsUuQKnXzYMKN8K2yFP
VCCv/qayhKdPrb04RQvteVrT/w/DUUzCHJpqsQNhdCxThzPu+Xm8YHc5Lz5v/t4n
XJGyri62yfg4zvMk0iNX6Mk+SduNl482sEe/Eo0Z/xszBVfl5CUXTByd8uTyL8lX
Ha/5LfB8SLD0zTnFe7ntg33Gd1Gil3pDkvNO5LjGWeBUMANbjtjqbLUFaodemaJK
N71eTXvf3Ua05IFLqF8XfhAdAFgwArnCE/mRmYc3JYxjcXNhpPZ8Dsa8qxeka2hp
Y1KqJvOV9c7uCg==
=jy3g
-----END PGP SIGNATURE-----

--- End Message ---

Reply to: