Package: john Version: 1.7.2-3 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu karmic ubuntu-patch
Hello! It seems that john is built (in some situation) against assembly code that lack stack markings[1]. This results in the entire program being built with an executable stack. The attached patch solve this by adding a default ASFLAGS option to turn off executable stacks when assembling. Thanks! -Kees [1] https://wiki.ubuntu.com/SecurityTeam/Roadmap/ExecutableStacks -- Kees Cook @debian.org
diff -u john-1.7.2/debian/patches/series john-1.7.2/debian/patches/series --- john-1.7.2/debian/patches/series +++ john-1.7.2/debian/patches/series @@ -8,0 +9 @@ +10-nonexec_stack.patch only in patch2: unchanged: --- john-1.7.2.orig/debian/patches/10-nonexec_stack.patch +++ john-1.7.2/debian/patches/10-nonexec_stack.patch @@ -0,0 +1,16 @@ +Description: disable executable stack assumption when compiling. +Ubuntu: https://launchpad.net/bugs/418393 + +Index: john-1.7.2/src/Makefile +=================================================================== +--- john-1.7.2.orig/src/Makefile 2009-08-24 18:53:57.000000000 -0700 ++++ john-1.7.2/src/Makefile 2009-08-24 18:54:07.000000000 -0700 +@@ -16,7 +16,7 @@ + NULL = /dev/null + CPPFLAGS = -E + CFLAGS = -c -Wall -O2 -fomit-frame-pointer +-ASFLAGS = -c ++ASFLAGS = -c -Wa,--noexecstack + LDFLAGS = -s + LIBS = -lcrypto + OPT_NORMAL = -funroll-loops
