Source: postgresql-pllua Version: 1:2.0.12-3 Severity: import Tags: ftbfs patch upstream X-Debbugs-Cc: debian-glibc@lists.debian.org User: debian-glibc@lists.debian.org Usertags: glibc2.41 dlopen-executable-stack
Dear maintainer, Starting with glibc 2.41, the dlopen and dlmopen functions no longer make the stack executable if a shared library requires it and instead just fail. This change aims to improve security, as the previous behaviour was used as a vector for RCE (CVE-2023-38408). Unfortunately the postgresql-17-pllua package provides an extension for postgresql-17 which requires an executable stack. With this change, it can't be loaded anymore, causing the testsuite to fail during build or autopkgtest: | make: *** [/usr/lib/postgresql/17/lib/pgxs/src/makefiles/pgxs.mk:436: installcheck] Error 1 | 2025-02-13 07:40:07.976 UTC [4366] LOG: starting PostgreSQL 17.2 (Debian 17.2-1+b2) on x86_64-pc-linux-gnu, compiled by gcc (Debian 14.2.0-14) 14.2.0, 64-bit | 2025-02-13 07:40:07.977 UTC [4366] LOG: listening on IPv6 address "::1", port 5433 | 2025-02-13 07:40:07.977 UTC [4366] LOG: listening on IPv4 address "127.0.0.1", port 5433 | 2025-02-13 07:40:07.977 UTC [4366] LOG: listening on Unix socket "/tmp/.s.PGSQL.5433" | 2025-02-13 07:40:07.981 UTC [4369] LOG: database system was shut down at 2025-02-13 07:40:07 UTC | 2025-02-13 07:40:07.986 UTC [4366] LOG: database system is ready to accept connections | 2025-02-13 07:40:10.324 UTC [4407] debci@contrib_regression ERROR: could not load library "/usr/lib/postgresql/17/lib/pllua.so": /usr/lib/postgresql/17/lib/pllua.so: cannot enable executable stack as shared object requires: Invalid argument | 2025-02-13 07:40:10.324 UTC [4407] debci@contrib_regression STATEMENT: create extension pllua; | 2025-02-13 07:40:10.325 UTC [4407] debci@contrib_regression ERROR: required extension "pllua" is not installed | 2025-02-13 07:40:10.325 UTC [4407] debci@contrib_regression HINT: Use CREATE EXTENSION ... CASCADE to install required extensions too. | 2025-02-13 07:40:10.325 UTC [4407] debci@contrib_regression STATEMENT: create extension hstore_pllua; | 2025-02-13 07:40:10.352 UTC [4413] debci@contrib_regression ERROR: language "pllua" does not exist | 2025-02-13 07:40:10.352 UTC [4413] debci@contrib_regression HINT: Use CREATE EXTENSION to load the language into the database. | 2025-02-13 07:40:10.352 UTC [4413] debci@contrib_regression STATEMENT: do language pllua $$ For a full log, see: https://ci.debian.net/data/autopkgtest/unstable/amd64/p/postgresql-pllua/57637374/log.gz While the toolchain default to non-executable stack, postgresql-pllua uses a custom ld command to embed lua code into the binary, which marks the resulting binary as requiring stack. This can be fixed with the following patch: --- postgresql-pllua-2.0.12.orig/Makefile +++ postgresql-pllua-2.0.12/Makefile @@ -42,7 +42,7 @@ OBJCOPY ?= objcopy # GNU LD and compatible linkers (including recent clang lld) should be # fine with -r -b binary, but this does break on some ports. -BIN_LD ?= $(LD) -r -b binary +BIN_LD ?= $(LD) -r -b binary -znoexecstack # If BIN_ARCH and BIN_FMT are defined, we assume LD_BINARY is broken # and do this instead. This is apparently needed for linux-mips64el, Regards Aurelien
