Bug#321750: marked as done (lintian - check for executable stack)
Your message dated Thu, 13 Oct 2005 06:47:12 -0700
with message-id <E1EQ3QO-0003WL-00@spohr.debian.org>
and subject line Bug#321750: fixed in lintian 1.23.13
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 7 Aug 2005 11:00:17 +0000
>From waldi@debian.org Sun Aug 07 04:00:17 2005
Return-path: <waldi@debian.org>
Received: from wavehammer.waldi.eu.org [82.139.196.55] (postfix)
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1E1it6-0006hm-00; Sun, 07 Aug 2005 04:00:17 -0700
Received: by wavehammer.waldi.eu.org (Postfix, from userid 1000)
id 01F523C022; Sun, 7 Aug 2005 13:00:12 +0200 (CEST)
Date: Sun, 7 Aug 2005 13:00:12 +0200
From: Bastian Blank <waldi@debian.org>
To: submit@bugs.debian.org
Subject: lintian - check for executable stack
Message-ID: <20050807110012.GA14599@wavehammer.waldi.eu.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="3uo+9/B/ebqu+fSQ"
Content-Disposition: inline
User-Agent: Mutt/1.5.9i
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no
version=2.60-bugs.debian.org_2005_01_02
--3uo+9/B/ebqu+fSQ
Content-Type: multipart/mixed; boundary="BOKacYhQ+x31HxR3"
Content-Disposition: inline
--BOKacYhQ+x31HxR3
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Package: lintian
Severity: wishlist
Version: 1.23.11
The attached patch adds checks for executable stack.
Bastian
--=20
Lots of people drink from the wrong bottle sometimes.
-- Edith Keeler, "The City on the Edge of Forever",
stardate unknown
--BOKacYhQ+x31HxR3
Content-Type: text/plain; charset=utf-8
Content-Disposition: attachment; filename=diff
Content-Transfer-Encoding: quoted-printable
diff -urN lintian-1.23.11/checks/shared-libs lintian-1.23.11.execstack/chec=
ks/shared-libs
--- lintian-1.23.11/checks/shared-libs 2005-07-09 09:09:40.000000000 +0200
+++ lintian-1.23.11.execstack/checks/shared-libs 2005-08-07 12:53:52.000000=
000 +0200
@@ -46,6 +46,7 @@
my $shlibs_control_file =3D "control/shlibs";
my %SONAME;
my %INTERP;
+my %STACK;
my %objsomething;
my %sharedobject;
my %index_info;
@@ -75,8 +76,16 @@
tag "shlib-with-non-pic-code", "$file";
} elsif (m/^\s*INTERP\s/) {
$INTERP{$file} =3D 1;
+ } elsif (m/^\s*STACK\s/) {
+ $STACK{$file} =3D 0;
} else {
- $objsomething{$file} =3D 1;
+ if (defined $STACK{$file} and $STACK{$file} eq 0) {
+ m/\sflags\s+(\S+)/o;
+ $STACK{$file} =3D $1;
+ }
+ else {
+ $objsomething{$file} =3D 1;
+ }
}
}
close(IN);
@@ -150,6 +159,15 @@
# yes! so postinst must call ldconfig
$must_call_ldconfig =3D $real_file;
}
+
+ # executable stack
+ if (exists $objsomething{$cur_file}) {
+ if (not defined $STACK{$cur_file}) {
+ tag "shlib-without-PT_GNU_STACK-section", $cur_file;
+ } elsif ($STACK{$cur_file} ne "rw-") {
+ tag "shlib-with-executable-stack", $cur_file;
+ }
+ }
} elsif (exists $objsomething{$cur_file} &&
exists $ldso_dir{dirname($cur_file)} &&
exists $sharedobject{$cur_file}) {
diff -urN lintian-1.23.11/checks/shared-libs.desc lintian-1.23.11.execstack=
/checks/shared-libs.desc
--- lintian-1.23.11/checks/shared-libs.desc 2005-01-14 22:11:13.000000000 +=
0100
+++ lintian-1.23.11.execstack/checks/shared-libs.desc 2005-08-07 12:25:25.0=
00000000 +0200
@@ -167,3 +167,13 @@
SONAMEs are set with something like <tt>gcc -Wl,-soname,libfoo.so.0</tt>,
where 0 is the major version of the library. If your package uses libtool,
then libtool invoked with the right options should be doing this.
+
+Tag: shlib-without-PT_GNU_STACK-section
+Type: error
+Info: The listed shared libraries lacks a PT_GNU_STACK section. This makes
+ the dynamic linker to make the stack executable.
+
+Tag: shlib-with-executable-stack
+Type: warning
+Info: The listed shared libraries declares the stack as executable.
+
diff -urN lintian-1.23.11/debian/changelog lintian-1.23.11.execstack/debian=
/changelog
--- lintian-1.23.11/debian/changelog 2005-08-03 15:05:57.000000000 +0200
+++ lintian-1.23.11.execstack/debian/changelog 2005-08-07 12:26:24.00000000=
0 +0200
@@ -1,3 +1,10 @@
+lintian (1.23.11.0local.1) local; urgency=3Dlow
+
+ * check/shared-libs*:
+ - Add checks for executable stack.
+
+ -- Bastian Blank <waldi@debian.org> Sun, 07 Aug 2005 12:26:01 +0200
+
lintian (1.23.11) unstable; urgency=3Dlow
=20
* frontend/lintian:
--BOKacYhQ+x31HxR3--
--3uo+9/B/ebqu+fSQ
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iEYEARECAAYFAkL16bwACgkQnw66O/MvCNEm1QCgnO3DzfPfugTyAnikDH7OXNMV
YbsAoK2Zb560z1U0qaNxAB91KVDlgkXk
=JxSv
-----END PGP SIGNATURE-----
--3uo+9/B/ebqu+fSQ--
---------------------------------------
Received: (at 321750-close) by bugs.debian.org; 13 Oct 2005 13:49:28 +0000
>From katie@spohr.debian.org Thu Oct 13 06:49:28 2005
Return-path: <katie@spohr.debian.org>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
id 1EQ3QO-0003WL-00; Thu, 13 Oct 2005 06:47:12 -0700
From: Frank Lichtenheld <djpig@debian.org>
To: 321750-close@bugs.debian.org
X-Katie: $Revision: 1.56 $
Subject: Bug#321750: fixed in lintian 1.23.13
Message-Id: <E1EQ3QO-0003WL-00@spohr.debian.org>
Sender: Archive Administrator <katie@spohr.debian.org>
Date: Thu, 13 Oct 2005 06:47:12 -0700
Delivered-To: 321750-close@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 2
Source: lintian
Source-Version: 1.23.13
We believe that the bug you reported is fixed in the latest version of
lintian, which is due to be installed in the Debian FTP archive:
lintian_1.23.13.dsc
to pool/main/l/lintian/lintian_1.23.13.dsc
lintian_1.23.13.tar.gz
to pool/main/l/lintian/lintian_1.23.13.tar.gz
lintian_1.23.13_all.deb
to pool/main/l/lintian/lintian_1.23.13_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 321750@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Frank Lichtenheld <djpig@debian.org> (supplier of updated lintian package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 13 Oct 2005 15:19:05 +0200
Source: lintian
Binary: lintian
Architecture: source all
Version: 1.23.13
Distribution: unstable
Urgency: low
Maintainer: Debian Lintian Maintainers <lintian-maint@debian.org>
Changed-By: Frank Lichtenheld <djpig@debian.org>
Description:
lintian - Debian package checker
Closes: 316523 321750 323053 324944 326643 327859 328612 329170 330548 331672
Changes:
lintian (1.23.13) unstable; urgency=low
.
* The "doesn't contain all the fixes I would like but that's no
reason to let the others wait forever" release
.
* debian/control:
+ [FL] Fix typo in description. Noted by Bill Allombert
(Closes: #327859)
.
* checks/copyright-file:
+ [JvW] Demote FSF address check to warning
* checks/description:
+ [HE] Change description-synopsis-is-duplicated to only be emitted if
the synopsis is copied without being extended. (Closes: #316523)
* checks/files:
+ [FL] Add some formats to the exception list for extra-license-file
(jpe?g, gif and svg) (Closes: #324944)
+ [FL] Don't complain about lib(32|64) as unusual directories. Noted
by Matthias Klose (partly fixes #328612, see checks/shared-libs for
the rest)
* checks/infofiles:
+ [FL] Don't issue install-info-not-called-with-section-option if
the call in postinst is really a removal. Experienced by Ben Pfaff
in autoconf (Closes: #329170)
* checks/po-debconf:
+ [FL] Previously we only run the checks if we found a templates file
and a debconf dependency. Since the latter is mostly generated by
${misc:Depends} nowadays, we now also run the checks if we find
a templates and a config file. (Closes: #331672)
* checks/scripts:
+ [FL] PythonX.Y dependency can also be satisfied with pythonX.Y-minimal.
Noted by Matthias Klose (Closes: #326643)
+ [FL] Only match 'local' at the beginning of a line. The check is too
ambigious otherwise. Reported by Marc Haber (Closes: #330548)
+ [FL] Better reflect the current discussions wether some of the
XSI:sms should be allowed in shell scripts by moving some of
them to a separate check possible-non-posix-code-in-maintainer-script.
Not doing that for kill -NAME as reuqested since -s NAME is available
and should be perfectly portable. (Closes: #323053)
* checks/shared-libs:
+ [HE] Apply patch from Bastian Blank to check for executable stacks in
binaries. New checks are called shlib-without-PT_GNU_STACK-section,
shlib-with-executable-stack, thanks waldi. (Closes: #321750)
+ [FL] Add lib(32|64) to ldso directories. Pointed out by
Matthias Klose (Closes: #328612)
Files:
ac1b51c98739a8574a1647a112f99eab 772 devel optional lintian_1.23.13.dsc
88b7f347ca44957187a39fe2cc5119f0 269025 devel optional lintian_1.23.13.tar.gz
cd9d193987fef507d2e3f46a9b03fab9 234426 devel optional lintian_1.23.13_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDTmHqQbn06FtxPfARAmIkAKD2BTPWxKamIxRQoHtt3bNHK53O3gCfWoR9
r/pdsmQZ6qXeFFqmkX31Fus=
=Ikfg
-----END PGP SIGNATURE-----
Reply to: