Package: icon Version: 9.4.3-2 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu karmic ubuntu-patch
Hello! It seems that icon is built (in some situation) against assembly code that lack stack markings[1]. This results in the entire program being built with an executable stack. The attached patch solve this by adding a default ASFLAGS option to turn off executable stacks when assembling. Thanks! -Kees [1] https://wiki.ubuntu.com/SecurityTeam/Roadmap/ExecutableStacks -- Kees Cook @debian.org
diff -u icon-9.4.3/debian/rules icon-9.4.3/debian/rules --- icon-9.4.3/debian/rules +++ icon-9.4.3/debian/rules @@ -49,6 +49,7 @@ $(checkdir) $(MAKE) X-Configure name=$(system) sed "s/CFLAGS = .*/CFLAGS = $(CFLAGS)/" Makedefs > Makedefs.tmp + echo "ASFLAGS = -Wa,--noexecstack" >> Makedefs.tmp mv Makedefs.tmp Makedefs touch configure only in patch2: unchanged: --- icon-9.4.3.orig/src/common/Makefile +++ icon-9.4.3/src/common/Makefile @@ -46,7 +46,7 @@ # for rswitch, $(CFLAGS) is deliberately omitted (-O may cause problems) rswitch.o: ../h/define.h ../h/arch.h $(RSW) - $(CC) -c $(RSW) + $(CC) $(ASFLAGS) -c $(RSW) # The following section is needed if changes are made to the Icon grammar,
