[CodeWeavers-Announce]Serious problem with Fedora Core and CrossOver - Work Arounds

[Jeremy White]

Folks,

We have worked out two critical issues with Fedora Core and I wanted
to alert our customers that are using Fedora Core.

First, we have a bug in our code that affects all Fedora
users (fc1 and fc2).  Second, Red Hat made a change between
Fedora Core 2, test3 (which was what was available when
we shipped 3.0) and Fedora Core 2, release version, that
can cause instability on a production version of Fedora Core 2.

In this email I fully describe our bug, and also provide
a means to fix that bug.  I also describe the issue with
Fedora Core 2 and a work around you can use until we
ship version 3.0.1 next week.


Our bug:
--------
The bug is in the work around we use
to address issues with exec-shield in Fedora.

Exec-shield is a facility that Red Hat has added to Fedora
to try to prevent malicious exploits from doing buffer overflows
and compromising a system.  It does this by loading system
libraries at low addresses in memory.  Unfortunately,
many Windows programs require that they be loaded at a low
location in memory, hence exec-shield breaks Windows
compatibility.

In version 3.0 of CrossOver, we put in place a work around
that would disable exec-shield for our Fedora users.

Unfortunately, that work around has a bug with subtle and
frustrating side effects.

Specifically, we do successfully disable exec-shield
during installation.  We also try to modify the system
settings so that exec-shield will remain disabled.
This is necessary, because Fedora will rerun the
prelink process, which turns on exec-shield, every 14 days.

Our mistake was that the change made to this configuration
file is incorrect.  Thus, some random number of days,
between 1 and 14, after you install CrossOver, suddenly
CrossOver will become unstable.  Further, running CrossOver
Setup will give you a complaint about a security stack
and direct you to an obsolete FAQ entry on our web page.

The good news is that if you get this email and run the
fix prior to that random number of days, you won't
run into the problem at all.  We are also trying to
get 3.0.1 out as quickly as we can so that this will
not happen to new customers.

To fix this issue, you will need to gain root privileges
and edit the following file:
   /etc/sysconfig/prelink
Within that file, there is a line that reads:
   PRELINK_OPTS=-mR --no-exec-shield
you simply need to change that line to read:
   PRELINK_OPTS="-mR --no-exec-shield"
(just add the quotes) and life should be good,
presuming that exec-shield has not been turned back on.

If you wish to be completely sure you're okay, you
can rerun the prelink process which will turn exec-shield
off for sure.  You can do this by issuing the following
commands in a terminal window:
   touch /var/lib/misc/prelink.force
   /etc/cron.daily/prelink
This will take a fairly long time (~ 30 min), but should
square you up.


Fedora Core 2 Problem:
----------------------
Between Fedora Core 2 test3 and Fedora Core 2 production,
Red Hat turned on a facility to allow user processes to
allocate 4 Gig of memory (instead of the traditional 3G limit).
Unfortunately, this meant that some Windows programs would
get shunted into addresses over the 3G limit, which had never
happened before, and which many Windows programs choke and die on.
This can then cause instability in CrossOver applications on
Fedora Core 2.

We have made a work around for this that should be in version 3.0.1.
In the meantime, you can get around this by running all
of your CrossOver commands from the command line and typing
the following command to start any CrossOver command:

   setarch -3 i386 (command)

Note that in your cxoffice/bin directory you will likely
have a command you can use to start your favorite programs
(such as 'winword' or 'excel').  So a typical use might be:

   setarch -3 i386 ~/cxoffice/bin/winword

You can also start a terminal and then run all CrossOver
commands from that terminal:
   setarch -3 i386 bash


I'm very sorry for the hassle, and I'm particularly sorry
for those people whose 14 day window expired and were
subsequently nailed by this.

By the way, let me officially recognize that I need to eat
a little crow on the bug.  I still remain unhappy at the
hoops Red Hat is forcing us through, but I do acknowledge that
at least part of the issues this time are our fault.

As always, I appreciate your support, and your patience.

Cheers,

Jeremy