On Sun, Aug 07, 2005 at 02:44:52PM +0200, Frank Lichtenheld wrote: > Hmm, it might be good to add a little explanation to the > description of the tag what the maintainer is supposed to > do about this? If I would encounter this I would have no > idea what I've done wrong... Better? Bastian -- No more blah, blah, blah! -- Kirk, "Miri", stardate 2713.6
diff -ur lintian-1.23.11.orig/checks/shared-libs lintian-1.23.11/checks/shared-libs
--- lintian-1.23.11.orig/checks/shared-libs 2005-07-09 09:09:40.000000000 +0200
+++ lintian-1.23.11/checks/shared-libs 2005-08-07 15:03:59.000000000 +0200
@@ -46,6 +46,7 @@
my $shlibs_control_file = "control/shlibs";
my %SONAME;
my %INTERP;
+my %STACK;
my %objsomething;
my %sharedobject;
my %index_info;
@@ -75,8 +76,16 @@
tag "shlib-with-non-pic-code", "$file";
} elsif (m/^\s*INTERP\s/) {
$INTERP{$file} = 1;
+ } elsif (m/^\s*STACK\s/) {
+ $STACK{$file} = 0;
} else {
- $objsomething{$file} = 1;
+ if (defined $STACK{$file} and $STACK{$file} eq 0) {
+ m/\sflags\s+(\S+)/o;
+ $STACK{$file} = $1;
+ }
+ else {
+ $objsomething{$file} = 1;
+ }
}
}
close(IN);
@@ -150,6 +159,15 @@
# yes! so postinst must call ldconfig
$must_call_ldconfig = $real_file;
}
+
+ # executable stack
+ if (exists $objsomething{$cur_file}) {
+ if (not defined $STACK{$cur_file}) {
+ tag "shlib-without-PT_GNU_STACK-section", $cur_file;
+ } elsif ($STACK{$cur_file} ne "rw-") {
+ tag "shlib-with-executable-stack", $cur_file;
+ }
+ }
} elsif (exists $objsomething{$cur_file} &&
exists $ldso_dir{dirname($cur_file)} &&
exists $sharedobject{$cur_file}) {
diff -ur lintian-1.23.11.orig/checks/shared-libs.desc lintian-1.23.11/checks/shared-libs.desc
--- lintian-1.23.11.orig/checks/shared-libs.desc 2005-01-14 22:11:13.000000000 +0100
+++ lintian-1.23.11/checks/shared-libs.desc 2005-08-07 17:26:57.000000000 +0200
@@ -167,3 +167,22 @@
SONAMEs are set with something like <tt>gcc -Wl,-soname,libfoo.so.0</tt>,
where 0 is the major version of the library. If your package uses libtool,
then libtool invoked with the right options should be doing this.
+
+Tag: shlib-without-PT_GNU_STACK-section
+Type: error
+Info: The listed shared libraries lacks a PT_GNU_STACK section. This forces
+ the dynamic linker to make the stack executable.
+ .
+ The shared lib is linked either with a non-GNU linker or a linker which is
+ older than two years. This problem can be fixed with a rebuild.
+
+Tag: shlib-with-executable-stack
+Type: warning
+Info: The listed shared libraries declares the stack as executable.
+ .
+ Executable stack is usualy an error as it is only needed if the code
+ contains GCC trampolines or similar constructs which uses code on the
+ stack. One possible source for false positives are object files built
+ from assembler files which don't define a proper .note.GNU-stack
+ section.
+
diff -ur lintian-1.23.11.orig/debian/changelog lintian-1.23.11/debian/changelog
--- lintian-1.23.11.orig/debian/changelog 2005-08-03 15:05:57.000000000 +0200
+++ lintian-1.23.11/debian/changelog 2005-08-07 15:03:59.000000000 +0200
@@ -1,3 +1,10 @@
+lintian (1.23.11.0local.1) local; urgency=low
+
+ * check/shared-libs*:
+ - Add checks for executable stack.
+
+ -- Bastian Blank <waldi@debian.org> Sun, 07 Aug 2005 12:26:01 +0200
+
lintian (1.23.11) unstable; urgency=low
* frontend/lintian:
Attachment:
signature.asc
Description: Digital signature