Package: gnupg Version: 1.4.9-4 Severity: normal Tags: patch, security User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu karmic ubuntu-patch
Hello! gnupg is built with an executable stack, which is not needed and can lead to security problems if a flaw is found that allows an attacker to fill stack memory with executable code on ia32. Attached patch adds the configure option to enable this protection. This is also being tracked in Ubuntu as: https://bugs.edge.launchpad.net/bugs/49323 Thanks, -Kees -- Kees Cook @debian.org
diff -uNrp gnupg-1.4.9~/debian/rules gnupg-1.4.9/debian/rules --- gnupg-1.4.9~/debian/rules 2009-05-08 08:28:10.000000000 -0700 +++ gnupg-1.4.9/debian/rules 2009-05-08 08:34:42.000000000 -0700 @@ -19,7 +19,7 @@ DEB_BUILD_GNU_TYPE = $(shell dpkg-archit DEB_HOST_GNU_TYPE = $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) DEB_BUILD_ARCH := $(shell dpkg-architecture -qDEB_BUILD_ARCH) -CONFARGS = --prefix=/usr --libexecdir=/usr/lib/ --enable-mailto --with-mailprog=/usr/sbin/sendmail +CONFARGS = --prefix=/usr --libexecdir=/usr/lib/ --enable-mailto --with-mailprog=/usr/sbin/sendmail --enable-noexecstack ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE)) CONFARGS += --host=$(DEB_HOST_GNU_TYPE)
