GNU libffcall 1.13 is released. You find the download link at the homepage https://www.gnu.org/software/libffcall/ New in 1.13: * The license has been changed from GPLv2 to GPLv2+. * Added support for the following platforms: (Previously, a build on these platforms failed.) - x86_64: Mac OS X 64-bit. - x86_64: Solaris 64-bit. - x86_64: Linux with x32 ABI: CC="gcc -mx32". - arm: Linux 32-bit, without hardware floats. - arm64: Linux 64-bit. - s390x: Linux 64-bit. - powerpc: AIX 64-bit. - mips: IRIX 6.5 with CC="cc -32". - sparc: Solaris 64-bit. * Fixed support for the following platforms: (Previously, a build on these platforms appeared to succeed but was buggy.) - x86_64: Linux. - arm: Linux 32-bit, with hardware floats. - powerpc: Linux 64-bit. - mips: Linux with CC="gcc -mabi=32". - mips: Linux with CC="gcc -mabi=n32". - mips: Linux with CC="gcc -mabi=64". - mips: IRIX 6.5 with CC="gcc -mabi=n32". - s390: Linux. - sparc: Linux 64-bit. - ia64: Linux. - hppa: HP-UX 32-bit. * Verified support for the following platforms: (A build on these platforms worked and still works.) - i386: Linux, Solaris, Mac OS X. - powerpc: Linux 32-bit. - powerpc: AIX 32-bit. - powerpc: MacOS X. - mips: IRIX 6.5 with CC="cc -n32". - sparc: Solaris 32-bit. - sparc: Linux 32-bit: CC="gcc -m32". - alpha: Linux. * Support for a security feature: On Linux and FreeBSD platforms, linking with the libffcall libraries no longer causes the stack to become executable. The libffcall currently packaged in Mageia https://madb.mageia.org/package/show/application/0/name/libffcall0 is very old. I invite you to upgrade to version 1.13. NOTE! Libffcall is usually packaged as a non-shared library. If so, you need to rebuild the packages that depend on it (in particular, GNU clisp).
The executable stack bit sounds like it might be related to Stack Clash and the recent related fix in libffi. Thanks for the report.
QA Contact: (none) => securityCC: (none) => geiger.david68210, pterjanComponent: RPM Packages => Security
Assigning to all packagers collectively, since there is no registered maintainer for this package.
CC: (none) => marja11Assignee: bugsquad => pkg-bugsWhiteboard: (none) => MGA5TOOSource RPM: https://madb.mageia.org/rpm/show/application/0/name/libffcall0-1.10-12.mga5.i586.rpm/source/0/release/5/arch/i586/t_media/3 => ffcall-1.12-3.mga6, ffcall-1.10-12.mga5
QA Contact: security => (none)CC: (none) => mageiaComponent: Security => New RPM package request
Nicolas, this isn't a new package request. We already have this package. It's a request for us to update it.
Component: New RPM package request => SecurityQA Contact: (none) => security
Summary: Please package GNU libffcall 1.13 => GNU libffcall update to 1.13CC: (none) => davidwhodgins
I'll see what I can do for this update.
CC: (none) => pkg-bugsAssignee: pkg-bugs => rverschelde
Fixed with ffcall-1.13-1.mga6, and upcoming rebuild of clisp. I've noticed that it can now build as a shared library, but since its only consumer is clisp and I have no clue about that package (which didn't build due to a hasty but broken sync with Fedora, but I've managed to fix that), I prefer not too mess with it too much at this stage.
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
Forgot that Mageia 5 still needs a fix :o)
Whiteboard: MGA5TOO => (none)Version: Cauldron => 5
Status: RESOLVED => REOPENEDResolution: FIXED => (none)
Advisory: ========= Updated ffcall and clisp packages fix security vulnerability In libffcall before version 1.13, linking with the libffcall libraries could cause the stack to become executable. This is now fixed. clisp is rebuilt to pick the fixed libffcall static library. References: - https://lists.gnu.org/archive/html/libffcall/2017-06/msg00002.html RPMs in core/updates_testing: ============================= lib(64)ffcall-devel-1.13-1.mga5 clisp-2.49-11.1.mga5 clisp-devel-2.49-11.1.mga5 SRPMs in core/updates_testing: ============================== ffcall-1.13-1.mga5 clisp-2.49-11.1.mga5
Assignee: rverschelde => qa-bugs
(In reply to Rémi Verschelde from comment #5) > I've noticed that it can now build as a shared library, but since its only > consumer is clisp and I have no clue about that package ..., I > prefer not too mess with it too much at this stage. I agree. Building libffcall 1.13 as a shared library still has two problems: 1) It does not work on sparc and sparc64 platforms. 2) There is no proper library versioning (.so major/minor management) in place. These issues are on the TODO list for a future release.
MGA5-32 on Asus A6000VM Xfce Installation: package libffcall0 also to be included in list of Comment 7 I presume. I can start clisp, call help, make addition (+ 2 2), and quit.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA5-32-OK
Tested on Mageia 5 x86_64, running clisp. Validating the update.
Keywords: (none) => validated_updateWhiteboard: MGA5-32-OK => MGA5-32-OK advisory MGA-64-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0202.html
Status: REOPENED => RESOLVEDResolution: (none) => FIXED