Your message dated Mon, 23 May 2011 19:54:00 +0000
with message-id <[email protected]>
and subject line Bug#543450: fixed in icon 9.4.3-3
has caused the Debian Bug report #543450,
regarding needlessly executable stack
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
543450: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543450
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: icon
Version: 9.4.3-2
Severity: normal
Tags: patch
User: [email protected]
Usertags: origin-ubuntu karmic ubuntu-patch
Hello!
It seems that icon is built (in some situation) against assembly code that
lack stack markings[1]. This results in the entire program being built
with an executable stack.
The attached patch solve this by adding a default ASFLAGS option to turn
off executable stacks when assembling.
Thanks!
-Kees
[1] https://wiki.ubuntu.com/SecurityTeam/Roadmap/ExecutableStacks
--
Kees Cook @debian.org
diff -u icon-9.4.3/debian/rules icon-9.4.3/debian/rules
--- icon-9.4.3/debian/rules
+++ icon-9.4.3/debian/rules
@@ -49,6 +49,7 @@
$(checkdir)
$(MAKE) X-Configure name=$(system)
sed "s/CFLAGS = .*/CFLAGS = $(CFLAGS)/" Makedefs > Makedefs.tmp
+ echo "ASFLAGS = -Wa,--noexecstack" >> Makedefs.tmp
mv Makedefs.tmp Makedefs
touch configure
only in patch2:
unchanged:
--- icon-9.4.3.orig/src/common/Makefile
+++ icon-9.4.3/src/common/Makefile
@@ -46,7 +46,7 @@
# for rswitch, $(CFLAGS) is deliberately omitted (-O may cause problems)
rswitch.o: ../h/define.h ../h/arch.h $(RSW)
- $(CC) -c $(RSW)
+ $(CC) $(ASFLAGS) -c $(RSW)
# The following section is needed if changes are made to the Icon grammar,
--- End Message ---
--- Begin Message ---
Source: icon
Source-Version: 9.4.3-3
We believe that the bug you reported is fixed in the latest version of
icon, which is due to be installed in the Debian FTP archive:
icon-ipl_9.4.3-3_all.deb
to main/i/icon/icon-ipl_9.4.3-3_all.deb
icon_9.4.3-3.diff.gz
to main/i/icon/icon_9.4.3-3.diff.gz
icon_9.4.3-3.dsc
to main/i/icon/icon_9.4.3-3.dsc
iconc_9.4.3-3_i386.deb
to main/i/icon/iconc_9.4.3-3_i386.deb
icont_9.4.3-3_i386.deb
to main/i/icon/icont_9.4.3-3_i386.deb
iconx_9.4.3-3_i386.deb
to main/i/icon/iconx_9.4.3-3_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christian Hudon <[email protected]> (supplier of updated icon package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 23 May 2011 15:28:11 -0400
Source: icon
Binary: icont iconx iconc icon-ipl
Architecture: source all i386
Version: 9.4.3-3
Distribution: unstable
Urgency: low
Maintainer: Christian Hudon <[email protected]>
Changed-By: Christian Hudon <[email protected]>
Description:
icon-ipl - Libraries for Icon, a high-level programming language
iconc - Compiler for Icon, a high-level programming language
icont - Interpreter for Icon, a high-level programming language
iconx - Executor for Icon, a high-level programming language
Closes: 543450
Changes:
icon (9.4.3-3) unstable; urgency=low
.
* Apply patch from Kees Cook so Icon is not built needlessly with an
executable stack. (Closes: #543450)
Checksums-Sha1:
103580b1617df45f24bad6a90e79e4b65d17a122 956 icon_9.4.3-3.dsc
95621cc2fdc370c70a15a1780d9e1ddc16771f0a 13293 icon_9.4.3-3.diff.gz
4d348bf7c094e088981d2c16668bf9647877b047 1407542 icon-ipl_9.4.3-3_all.deb
7aeb2283d65168fbabac8dfb8f42438f37e648e5 45976 icont_9.4.3-3_i386.deb
c49667f7df4b911e5fab4610845cdfa6a7853da5 157198 iconx_9.4.3-3_i386.deb
885f58a6d75a55023a3df2968a72ee42ee4c97ed 1364576 iconc_9.4.3-3_i386.deb
Checksums-Sha256:
2e9fd9ce150d0e30918e47c488de39a22102db81ba33b9798004c314242e678d 956
icon_9.4.3-3.dsc
bed8e4cb7bd85c446c0d3b102a7811baa40cd76272819db84e29ef5d4fe214d7 13293
icon_9.4.3-3.diff.gz
b9d17d8ca6bd81887ac651af7e4b4aa2ca3a5cded449afed534d2767f77b2adc 1407542
icon-ipl_9.4.3-3_all.deb
9f6c70317f90fc3008bbb897ca8ede4e1b3609cb574a4d26acd8db3d0af83b8c 45976
icont_9.4.3-3_i386.deb
44a40e785d87270484ce0915968dbf4d9d5cf3f9e309273398c44e189efcbc43 157198
iconx_9.4.3-3_i386.deb
b948c33c09bc15e25be153759e1b50a4a081c05ad740b97c496d67d12b34c2e2 1364576
iconc_9.4.3-3_i386.deb
Files:
35c849a59ef9b6b675d247755579b3f6 956 devel optional icon_9.4.3-3.dsc
242516a1d8350349ff3d6260df047a8e 13293 devel optional icon_9.4.3-3.diff.gz
cedbb68c1076cd38d6994405c753f0d9 1407542 devel optional
icon-ipl_9.4.3-3_all.deb
e576660dbc9f2aa1f8a56ae88b1e1e25 45976 devel optional icont_9.4.3-3_i386.deb
0cbc261b9449b2a4ab115b353708f614 157198 devel optional iconx_9.4.3-3_i386.deb
4c19bc3bf09811ce58da4c4fe14c3cd1 1364576 devel optional iconc_9.4.3-3_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk3athMACgkQmo2+8mg5b9JU4ACcCQnr/dZo8cJKokNAjmSARQpQ
xKUAn1SjVArE5iJ27Ew50V3OVwypGHY8
=tbhQ
-----END PGP SIGNATURE-----
--- End Message ---
