Debian Bug report logs - #493678
libtheora0: Code not built with -fpic or -fPIC

version graph

Package: libtheora0; Maintainer for libtheora0 is Debian Xiph.org Maintainers <pkg-xiph-maint@lists.alioth.debian.org>; Source for libtheora0 is src:libtheora.

Reported by: Russell Coker <russell@coker.com.au>

Date: Mon, 4 Aug 2008 05:45:01 UTC

Severity: important

Found in version libtheora/1.0~beta3-1

Fixed in version libtheora/1.1.0-1

Done: John Francesco Ferlito <johnf@inodes.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, pkg-xiph-maint@lists.alioth.debian.org (Debian Xiph.org Maintainers):
Bug#493678; Package libtheora0. Full text and rfc822 format available.

Acknowledgement sent to Russell Coker <russell@coker.com.au>:
New Bug report received and forwarded. Copy sent to pkg-xiph-maint@lists.alioth.debian.org (Debian Xiph.org Maintainers). Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Russell Coker <russell@coker.com.au>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libtheora0: Code not built with -fpic or -fPIC
Date: Mon, 04 Aug 2008 15:41:57 +1000
Package: libtheora0
Version: 1.0~beta3-1
Severity: important

http://etbe.coker.com.au/2007/02/10/execmod/

The above URL has background information on the execmod denial from SE
Linux.

The following command shows that some parts of the library have not been
comiled with -fpic or -fPIC, I believe that this will prevent it from
working on some architectures (it's also a minor security problem - and
it prevents using the library on SE Linux systems).

# eu-findtextrel /usr/lib/libtheora.so.0.3.3 |uniq
either the file containing the function 'theora_decode_init' or the file
containing the function 'theora_encode_header' is not compiled with
-fpic/-fPIC

Below I have a cc command taken from the library build process, a simple
cc command to create a shared object, and a run of eu-findtextrel to
demonstrate that the problem is in the source file in question (it seems
that running against the entire shared object doesn't identify the right
function as the source of the problem):

cc -DHAVE_CONFIG_H -I. -I.. -I../include -I../lib -I../lib/dec \
-I../lib/enc -Wall -Wno-parentheses -O3 -fforce-addr \
-fomit-frame-pointer -finline-functions -funroll-loops -g -O2 -g -Wall \
-O2 -c enc/x86_32/dct_decode_mmx.c  -fPIC -fpic -DPIC -o \
.libs/dct_decode_mmx.o
cc -shared .libs/dct_decode_mmx.o -o t.so
eu-findtextrel t.so
enc/x86_32/dct_decode_mmx.c not compiled with -fpic/-fPIC

So it seems that assembly code in enc/x86_32/dct_decode_mmx.c is
responsible.  It would be ideal if this code could be fixed in time for
Lenny.




Information forwarded to debian-bugs-dist@lists.debian.org, pkg-xiph-maint@lists.alioth.debian.org (Debian Xiph.org Maintainers):
Bug#493678; Package libtheora0. Full text and rfc822 format available.

Acknowledgement sent to russell@coker.com.au:
Extra info received and forwarded to list. Copy sent to pkg-xiph-maint@lists.alioth.debian.org (Debian Xiph.org Maintainers). Full text and rfc822 format available.

Message #10 received at 493678@bugs.debian.org (full text, mbox):

From: Russell Coker <russell@coker.com.au>
To: 493678@bugs.debian.org
Subject: patch from Fedora
Date: Mon, 4 Aug 2008 16:25:23 +1000
The following patch (from Fedora rawhide) fixes this issue.



diff -ru libtheora-1.0~beta3.bak/lib/enc/x86_32/dct_decode_mmx.c 
libtheora-1.0~beta3/lib/enc/x86_32/dct_decode_mmx.c
--- libtheora-1.0~beta3.bak/lib/enc/x86_32/dct_decode_mmx.c	2008-08-04 
15:30:57.000000000 +1000
+++ libtheora-1.0~beta3/lib/enc/x86_32/dct_decode_mmx.c	2008-08-04 
16:06:00.000000000 +1000
@@ -21,6 +21,9 @@
 
 #if defined(USE_ASM)
 
+/* Disabled as this asm results in text relocations, which is BAD */
+#if 0
+
 static const __attribute__((aligned(8),used)) ogg_int64_t V3= 
0x0003000300030003LL;
 static const __attribute__((aligned(8),used)) ogg_int64_t V804= 
0x0804080408040804LL;
 
@@ -172,12 +175,17 @@
     );
 }
 
+#endif
+
 /* install our implementation in the function table */
 void dsp_mmx_dct_decode_init(DspFunctions *funcs)
 {
+/* Disabled as this asm results in text relocations, which is BAD */
+#if 0
   TH_DEBUG("enabling accelerated x86_32 mmx dct decode functions.\n");
   funcs->FilterVert = FilterVert__mmx;
   funcs->FilterHoriz = FilterHoriz__mmx;
+#endif
 }
 
 #endif /* USE_ASM */




Information forwarded to debian-bugs-dist@lists.debian.org, pkg-xiph-maint@lists.alioth.debian.org (Debian Xiph.org Maintainers):
Bug#493678; Package libtheora0. Full text and rfc822 format available.

Acknowledgement sent to "Ivo Emanuel Gonçalves" <justivo@gmail.com>:
Extra info received and forwarded to list. Copy sent to pkg-xiph-maint@lists.alioth.debian.org (Debian Xiph.org Maintainers). Full text and rfc822 format available.

Message #15 received at 493678@bugs.debian.org (full text, mbox):

From: "Ivo Emanuel Gonçalves" <justivo@gmail.com>
To: russell@coker.com.au, 493678@bugs.debian.org
Subject: Re: Bug#493678: patch from Fedora
Date: Mon, 4 Aug 2008 11:52:36 +0100
Russell,

We are aware of SELinux problems in the assembly code and we have made
some recent changes to address it.  As such your patch may not be
needed in fact.  Please confirm this by getting the latest version
from SVN and testing.  It would be much appreciated.

-Ivo




Information forwarded to debian-bugs-dist@lists.debian.org, pkg-xiph-maint@lists.alioth.debian.org (Debian Xiph.org Maintainers):
Bug#493678; Package libtheora0. Full text and rfc822 format available.

Acknowledgement sent to russell@coker.com.au:
Extra info received and forwarded to list. Copy sent to pkg-xiph-maint@lists.alioth.debian.org (Debian Xiph.org Maintainers). Full text and rfc822 format available.

Message #20 received at 493678@bugs.debian.org (full text, mbox):

From: Russell Coker <russell@coker.com.au>
To: "Ivo Emanuel Gonçalves" <justivo@gmail.com>
Cc: 493678@bugs.debian.org
Subject: Re: Bug#493678: patch from Fedora
Date: Mon, 4 Aug 2008 21:49:39 +1000
On Monday 04 August 2008 20:52, "Ivo Emanuel Gonçalves" <justivo@gmail.com> 
wrote:
> We are aware of SELinux problems in the assembly code and we have made
> some recent changes to address it.  As such your patch may not be
> needed in fact.  Please confirm this by getting the latest version
> from SVN and testing.  It would be much appreciated.

I have checked testing (Lenny) and unstable and not found any more recent 
versions.

Please email me the .deb and I'll test it out.




Information forwarded to debian-bugs-dist@lists.debian.org, pkg-xiph-maint@lists.alioth.debian.org (Debian Xiph.org Maintainers):
Bug#493678; Package libtheora0. Full text and rfc822 format available.

Acknowledgement sent to "Ivo Emanuel Gonçalves" <justivo@gmail.com>:
Extra info received and forwarded to list. Copy sent to pkg-xiph-maint@lists.alioth.debian.org (Debian Xiph.org Maintainers). Full text and rfc822 format available.

Message #25 received at 493678@bugs.debian.org (full text, mbox):

From: "Ivo Emanuel Gonçalves" <justivo@gmail.com>
To: russell@coker.com.au
Cc: 493678@bugs.debian.org
Subject: Re: Bug#493678: patch from Fedora
Date: Mon, 4 Aug 2008 13:51:41 +0100
On 8/4/08, Russell Coker <russell@coker.com.au> wrote:
> I have checked testing (Lenny) and unstable and not found any more recent
> versions.

I reckon you misunderstood what I tried to say.  When I said "latest
version from SVN" I meant the Theora's makers (Xiph) repository.
Non-Debian specific patches always go upstream.

Here, I created a source package based on the latest SVN revision:
http://spreadopenmedia.org/tmp/libtheora-1.0beta4svn.tar.bz2

-Ivo




Reply sent to John Francesco Ferlito <johnf@inodes.org>:
You have taken responsibility. (Sun, 27 Sep 2009 07:48:10 GMT) Full text and rfc822 format available.

Notification sent to Russell Coker <russell@coker.com.au>:
Bug acknowledged by developer. (Sun, 27 Sep 2009 07:48:10 GMT) Full text and rfc822 format available.

Message #30 received at 493678-close@bugs.debian.org (full text, mbox):

From: John Francesco Ferlito <johnf@inodes.org>
To: 493678-close@bugs.debian.org
Subject: Bug#493678: fixed in libtheora 1.1.0-1
Date: Sun, 27 Sep 2009 07:21:11 +0000
Source: libtheora
Source-Version: 1.1.0-1

We believe that the bug you reported is fixed in the latest version of
libtheora, which is due to be installed in the Debian FTP archive:

libtheora-bin_1.1.0-1_i386.deb
  to pool/main/libt/libtheora/libtheora-bin_1.1.0-1_i386.deb
libtheora-dev_1.1.0-1_i386.deb
  to pool/main/libt/libtheora/libtheora-dev_1.1.0-1_i386.deb
libtheora-doc_1.1.0-1_all.deb
  to pool/main/libt/libtheora/libtheora-doc_1.1.0-1_all.deb
libtheora0_1.1.0-1_i386.deb
  to pool/main/libt/libtheora/libtheora0_1.1.0-1_i386.deb
libtheora_1.1.0-1.diff.gz
  to pool/main/libt/libtheora/libtheora_1.1.0-1.diff.gz
libtheora_1.1.0-1.dsc
  to pool/main/libt/libtheora/libtheora_1.1.0-1.dsc
libtheora_1.1.0.orig.tar.gz
  to pool/main/libt/libtheora/libtheora_1.1.0.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 493678@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
John Francesco Ferlito <johnf@inodes.org> (supplier of updated libtheora package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 26 Sep 2009 12:13:07 +1000
Source: libtheora
Binary: libtheora0 libtheora-dev libtheora-doc libtheora-bin
Architecture: source all i386
Version: 1.1.0-1
Distribution: unstable
Urgency: low
Maintainer: Debian Xiph.org Maintainers <pkg-xiph-maint@lists.alioth.debian.org>
Changed-By: John Francesco Ferlito <johnf@inodes.org>
Description: 
 libtheora-bin - The Theora Video Compression Codec (example encoder, decoder)
 libtheora-dev - The Theora Video Compression Codec (development files)
 libtheora-doc - The Theora Video Compression Codec (documentation)
 libtheora0 - The Theora Video Compression Codec
Closes: 263442 493678
Changes: 
 libtheora (1.1.0-1) unstable; urgency=low
 .
   [ John Francesco Ferlito ]
   * New upstream release.
   * debian/control:
     + Update Maintainer to Debian Xiph.org Maintainers.
     + Add John Francesco Ferlito to Uploaders.
     + Add transfig and texlive-latex-base as a Build-Dep so the .pdf builds.
   * debian/libtheora-doc.examples
     + Add examples to doc package (Closes: #263442).
   * debian/rules:
     + Remove unneeded rm of doxygen-build.stamp
   * debian/libtheora0.symbols*
     + Clean-up the duplication in the symbols files.
   * Upstream no longer contains relocatable code (Closes: #493678).
 .
   [ Rogério Brito ]
   * debian/libtheora0.install:
     + simplify the rules to be more generic.
   * debian/control:
     + include versioned dependency on debhelper >= 5.
     + include ${misc:Depends} due to debhelper.
     + remove duplicate Section: fields.
     + include Homepage: field.
     + remove versioned dependency on cdbs (even oldstable and dapper have it).
     + remove versioned dependency on libogg-dev (idem).
   * debian/compat:
     + update to 5, as discussed above.
   * debian/patches:
     + include comment in the patch.
     + refreshed the patch.
   * debian/README.Source:
     + rename to README.source.
     + include comments regarding the use of quilt, as per policy >= 3.8.0.
   * debian/libtheora-doc*:
     + split the documentation in a documentation package, as it is "big".
   * debian/libtheora-doc.doc-base:
     + register with the system to keep things tidy.
   * debian/rules:
       + remove some extra files so that the package can be built twice in a row.
Checksums-Sha1: 
 4a38763bee734aff2e080882ac89bf6780b3c609 1444 libtheora_1.1.0-1.dsc
 f0cdffe9243996494828797d02f2a8bcacba99af 1961284 libtheora_1.1.0.orig.tar.gz
 206ee672d38f0d6d5b9d50c439f1aed9c2751c35 7563 libtheora_1.1.0-1.diff.gz
 11eaa153f5ddab85df7045a7837a0626155b874e 818442 libtheora-doc_1.1.0-1_all.deb
 1ba44423e332105dcedf9446e5ec3665f950074a 376670 libtheora0_1.1.0-1_i386.deb
 f941c6d39d49158a016e01ea8b25b9e7c62459f2 423342 libtheora-dev_1.1.0-1_i386.deb
 43eb3c8ab42e43a2136906704a99f216ecf3c29b 53892 libtheora-bin_1.1.0-1_i386.deb
Checksums-Sha256: 
 63fec3d5a7c60077009ef5ddef7e024ccb2924f9b7fdc5b2dd903b693b99a8f0 1444 libtheora_1.1.0-1.dsc
 5a68d5dee31a495ee6d25dca77315e6de515850036c079ac532e2b10d6e67b5e 1961284 libtheora_1.1.0.orig.tar.gz
 d09c8040746bc6205db440828d87d898e1f0caada6762f8e892d426dd71e2e63 7563 libtheora_1.1.0-1.diff.gz
 3a91f09b1141dbd84dccad2bbe97292ba6fc9282ee44962b971ca0e0f14d0f47 818442 libtheora-doc_1.1.0-1_all.deb
 ebc0bbb745eb987de557ab1d7cb1db8ad1215a87765131c5066edf0c24621645 376670 libtheora0_1.1.0-1_i386.deb
 61a4b7d1cd2c591de3bbed393f8688d3bc8775c1e4e0e5d14d00ea12a5850b83 423342 libtheora-dev_1.1.0-1_i386.deb
 6a2e1c642b4e697d9c7caf0d4bbe96c511ca7b0f0d43469131ecfd35b4b5246e 53892 libtheora-bin_1.1.0-1_i386.deb
Files: 
 877629eb9f172599d52230d5a2bf97ee 1444 libs optional libtheora_1.1.0-1.dsc
 303c782de0f943bfceac1f0bdea7a22e 1961284 libs optional libtheora_1.1.0.orig.tar.gz
 9ca7334a8aeefd9f4520e9e1dc38f1e3 7563 libs optional libtheora_1.1.0-1.diff.gz
 2172a4a7cb988fffa849bd2b7a2fa0f1 818442 doc optional libtheora-doc_1.1.0-1_all.deb
 f12d40203d1c8241e9a42bab233fbef4 376670 libs optional libtheora0_1.1.0-1_i386.deb
 21225a3bea1dae032e8df66646f90ab7 423342 libdevel optional libtheora-dev_1.1.0-1_i386.deb
 4c0384d352d717df583cf5b11308fddf 53892 utils optional libtheora-bin_1.1.0-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkq+1ewACgkQYcdJscd4KNTJSgCgsCisoFMaTetBrLvo1rZ1AOjp
59UAoIuRntunjsHshpdUBpKgRyHC/F1i
=JlC0
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 03 Jan 2010 07:32:17 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 10:28:12 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.