lintian: r486 - in trunk: checks debian
Author: he
Date: 2005-09-10 02:09:14 +0200 (Sat, 10 Sep 2005)
New Revision: 486
Modified:
trunk/checks/shared-libs
trunk/checks/shared-libs.desc
trunk/debian/changelog
Log:
* checks/shared-libs:
+ [HE] Apply patch from Bastian Blank to check for executable stacks in
binaries. New checks are called shlib-without-PT_GNU_STACK-section,
shlib-with-executable-stack, thanks waldi. (Closes: #321750)
[All left me and I'm alone in the hacklab, so i'm hacking on lintian. Bah]
Modified: trunk/checks/shared-libs
===================================================================
--- trunk/checks/shared-libs 2005-09-09 06:13:11 UTC (rev 485)
+++ trunk/checks/shared-libs 2005-09-10 00:09:14 UTC (rev 486)
@@ -46,6 +46,7 @@
my $shlibs_control_file = "control/shlibs";
my %SONAME;
my %INTERP;
+my %STACK;
my %objsomething;
my %sharedobject;
my %index_info;
@@ -75,8 +76,16 @@
tag "shlib-with-non-pic-code", "$file";
} elsif (m/^\s*INTERP\s/) {
$INTERP{$file} = 1;
+ } elsif (m/^\s*STACK\s/) {
+ $STACK{$file} = 0;
} else {
- $objsomething{$file} = 1;
+ if (defined $STACK{$file} and $STACK{$file} eq 0) {
+ m/\sflags\s+(\S+)/o;
+ $STACK{$file} = $1;
+ }
+ else {
+ $objsomething{$file} = 1;
+ }
}
}
close(IN);
@@ -150,6 +159,15 @@
# yes! so postinst must call ldconfig
$must_call_ldconfig = $real_file;
}
+
+ # executable stack
+ if (exists $objsomething{$cur_file}) {
+ if (not defined $STACK{$cur_file}) {
+ tag "shlib-without-PT_GNU_STACK-section", $cur_file;
+ } elsif ($STACK{$cur_file} ne "rw-") {
+ tag "shlib-with-executable-stack", $cur_file;
+ }
+ }
} elsif (exists $objsomething{$cur_file} &&
exists $ldso_dir{dirname($cur_file)} &&
exists $sharedobject{$cur_file}) {
Modified: trunk/checks/shared-libs.desc
===================================================================
--- trunk/checks/shared-libs.desc 2005-09-09 06:13:11 UTC (rev 485)
+++ trunk/checks/shared-libs.desc 2005-09-10 00:09:14 UTC (rev 486)
@@ -167,3 +167,22 @@
SONAMEs are set with something like <tt>gcc -Wl,-soname,libfoo.so.0</tt>,
where 0 is the major version of the library. If your package uses libtool,
then libtool invoked with the right options should be doing this.
+
+Tag: shlib-without-PT_GNU_STACK-section
+Type: error
+Info: The listed shared libraries lacks a PT_GNU_STACK section. This forces
+ the dynamic linker to make the stack executable.
+ .
+ The shared lib is linked either with a non-GNU linker or a linker which is
+ older than two years. This problem can be fixed with a rebuild.
+
+Tag: shlib-with-executable-stack
+Type: warning
+Info: The listed shared libraries declares the stack as executable.
+ .
+ Executable stack is usualy an error as it is only needed if the code
+ contains GCC trampolines or similar constructs which uses code on the
+ stack. One possible source for false positives are object files built
+ from assembler files which don't define a proper .note.GNU-stack
+ section.
+
Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog 2005-09-09 06:13:11 UTC (rev 485)
+++ trunk/debian/changelog 2005-09-10 00:09:14 UTC (rev 486)
@@ -4,6 +4,11 @@
+ [FL] Add some formats to the exception list for extra-license-file
(jpe?g, gif and svg) (Closes: #324944)
+ * checks/shared-libs:
+ + [HE] Apply patch from Bastian Blank to check for executable stacks in
+ binaries. New checks are called shlib-without-PT_GNU_STACK-section,
+ shlib-with-executable-stack, thanks waldi. (Closes: #321750)
+
-- Frank Lichtenheld <frank@lichtenheld.de> Fri, 9 Sep 2005 07:15:00 +0200
lintian (1.23.12) unstable; urgency=low
Reply to: