diff -u klibc-1.5.7/debian/changelog klibc-1.5.7/debian/changelog
--- klibc-1.5.7/debian/changelog
+++ klibc-1.5.7/debian/changelog
@@ -1,3 +1,11 @@
+klibc (1.5.7-4ubuntu2) hardy; urgency=low
+
+  * Add 30-drop-executable-stack.patch: do not generate executable
+    stack for ia32, so the READ_IMPLIES_EXEC does not get set for
+    children (LP: #202161).
+
+ -- Kees Cook <kees@ubuntu.com>  Thu, 03 Apr 2008 11:37:28 -0700
+
 klibc (1.5.7-4ubuntu1) hardy; urgency=low
 
   * Resynchronise with Debian. Remaining changes:
only in patch2:
unchanged:
--- klibc-1.5.7.orig/debian/patches/30-drop-executable-stack.patch
+++ klibc-1.5.7/debian/patches/30-drop-executable-stack.patch
@@ -0,0 +1,182 @@
+diff -Nur -x '*.orig' -x '*~' klibc-1.5.7/usr/klibc/arch/i386/crt0.S klibc-1.5.7.new/usr/klibc/arch/i386/crt0.S
+--- klibc-1.5.7/usr/klibc/arch/i386/crt0.S	2008-04-03 12:09:55.000000000 -0700
++++ klibc-1.5.7.new/usr/klibc/arch/i386/crt0.S	2008-04-03 12:10:59.000000000 -0700
+@@ -29,3 +29,7 @@
+ 	hlt
+ 
+ 	.size _start, .-_start
++
++#if defined(__linux__) && defined(__ELF__)
++.section .note.GNU-stack,"",%progbits
++#endif
+diff -Nur -x '*.orig' -x '*~' klibc-1.5.7/usr/klibc/arch/i386/libgcc/__ashldi3.S klibc-1.5.7.new/usr/klibc/arch/i386/libgcc/__ashldi3.S
+--- klibc-1.5.7/usr/klibc/arch/i386/libgcc/__ashldi3.S	2008-04-03 12:09:55.000000000 -0700
++++ klibc-1.5.7.new/usr/klibc/arch/i386/libgcc/__ashldi3.S	2008-04-03 12:10:59.000000000 -0700
+@@ -27,3 +27,7 @@
+ 	ret
+ 
+ 	.size __ashldi3,.-__ashldi3
++
++#if defined(__linux__) && defined(__ELF__)
++.section .note.GNU-stack,"",%progbits
++#endif
+diff -Nur -x '*.orig' -x '*~' klibc-1.5.7/usr/klibc/arch/i386/libgcc/__ashrdi3.S klibc-1.5.7.new/usr/klibc/arch/i386/libgcc/__ashrdi3.S
+--- klibc-1.5.7/usr/klibc/arch/i386/libgcc/__ashrdi3.S	2008-04-03 12:09:55.000000000 -0700
++++ klibc-1.5.7.new/usr/klibc/arch/i386/libgcc/__ashrdi3.S	2008-04-03 12:10:59.000000000 -0700
+@@ -27,3 +27,7 @@
+ 	ret
+ 
+ 	.size __ashrdi3,.-__ashrdi3
++
++#if defined(__linux__) && defined(__ELF__)
++.section .note.GNU-stack,"",%progbits
++#endif
+diff -Nur -x '*.orig' -x '*~' klibc-1.5.7/usr/klibc/arch/i386/libgcc/__lshrdi3.S klibc-1.5.7.new/usr/klibc/arch/i386/libgcc/__lshrdi3.S
+--- klibc-1.5.7/usr/klibc/arch/i386/libgcc/__lshrdi3.S	2008-04-03 12:09:55.000000000 -0700
++++ klibc-1.5.7.new/usr/klibc/arch/i386/libgcc/__lshrdi3.S	2008-04-03 12:10:59.000000000 -0700
+@@ -27,3 +27,7 @@
+ 	ret
+ 
+ 	.size __lshrdi3,.-__lshrdi3
++
++#if defined(__linux__) && defined(__ELF__)
++.section .note.GNU-stack,"",%progbits
++#endif
+diff -Nur -x '*.orig' -x '*~' klibc-1.5.7/usr/klibc/arch/i386/libgcc/__muldi3.S klibc-1.5.7.new/usr/klibc/arch/i386/libgcc/__muldi3.S
+--- klibc-1.5.7/usr/klibc/arch/i386/libgcc/__muldi3.S	2008-04-03 12:09:55.000000000 -0700
++++ klibc-1.5.7.new/usr/klibc/arch/i386/libgcc/__muldi3.S	2008-04-03 12:10:59.000000000 -0700
+@@ -32,3 +32,7 @@
+ 	pop   %esi
+ 	ret
+ 	.size __muldi3,.-__muldi3
++
++#if defined(__linux__) && defined(__ELF__)
++.section .note.GNU-stack,"",%progbits
++#endif
+diff -Nur -x '*.orig' -x '*~' klibc-1.5.7/usr/klibc/arch/i386/libgcc/__negdi2.S klibc-1.5.7.new/usr/klibc/arch/i386/libgcc/__negdi2.S
+--- klibc-1.5.7/usr/klibc/arch/i386/libgcc/__negdi2.S	2008-04-03 12:09:55.000000000 -0700
++++ klibc-1.5.7.new/usr/klibc/arch/i386/libgcc/__negdi2.S	2008-04-03 12:10:59.000000000 -0700
+@@ -19,3 +19,7 @@
+ 	ret
+ 
+ 	.size __negdi2,.-__negdi2
++
++#if defined(__linux__) && defined(__ELF__)
++.section .note.GNU-stack,"",%progbits
++#endif
+diff -Nur -x '*.orig' -x '*~' klibc-1.5.7/usr/klibc/arch/i386/open.S klibc-1.5.7.new/usr/klibc/arch/i386/open.S
+--- klibc-1.5.7/usr/klibc/arch/i386/open.S	2008-04-03 12:09:55.000000000 -0700
++++ klibc-1.5.7.new/usr/klibc/arch/i386/open.S	2008-04-03 12:10:59.000000000 -0700
+@@ -27,3 +27,7 @@
+ 	jmp	__syscall_common
+ 
+ 	.size	open,.-open
++
++#if defined(__linux__) && defined(__ELF__)
++.section .note.GNU-stack,"",%progbits
++#endif
+diff -Nur -x '*.orig' -x '*~' klibc-1.5.7/usr/klibc/arch/i386/openat.S klibc-1.5.7.new/usr/klibc/arch/i386/openat.S
+--- klibc-1.5.7/usr/klibc/arch/i386/openat.S	2008-04-03 12:09:55.000000000 -0700
++++ klibc-1.5.7.new/usr/klibc/arch/i386/openat.S	2008-04-03 12:10:59.000000000 -0700
+@@ -24,3 +24,7 @@
+ 	.size	openat,.-openat
+ 
+ #endif
++
++#if defined(__linux__) && defined(__ELF__)
++.section .note.GNU-stack,"",%progbits
++#endif
+diff -Nur -x '*.orig' -x '*~' klibc-1.5.7/usr/klibc/arch/i386/setjmp.S klibc-1.5.7.new/usr/klibc/arch/i386/setjmp.S
+--- klibc-1.5.7/usr/klibc/arch/i386/setjmp.S	2008-04-03 12:09:55.000000000 -0700
++++ klibc-1.5.7.new/usr/klibc/arch/i386/setjmp.S	2008-04-03 12:10:59.000000000 -0700
+@@ -56,3 +56,7 @@
+ 	jmp *20(%edx)
+ 
+ 	.size longjmp,.-longjmp
++
++#if defined(__linux__) && defined(__ELF__)
++.section .note.GNU-stack,"",%progbits
++#endif
+diff -Nur -x '*.orig' -x '*~' klibc-1.5.7/usr/klibc/arch/i386/socketcall.S klibc-1.5.7.new/usr/klibc/arch/i386/socketcall.S
+--- klibc-1.5.7/usr/klibc/arch/i386/socketcall.S	2008-04-03 12:09:55.000000000 -0700
++++ klibc-1.5.7.new/usr/klibc/arch/i386/socketcall.S	2008-04-03 12:10:59.000000000 -0700
+@@ -53,3 +53,7 @@
+ 	.size __socketcall_common,.-__socketcall_common
+ 
+ #endif
++
++#if defined(__linux__) && defined(__ELF__)
++.section .note.GNU-stack,"",%progbits
++#endif
+diff -Nur -x '*.orig' -x '*~' klibc-1.5.7/usr/klibc/arch/i386/syscall.S klibc-1.5.7.new/usr/klibc/arch/i386/syscall.S
+--- klibc-1.5.7/usr/klibc/arch/i386/syscall.S	2008-04-03 12:09:55.000000000 -0700
++++ klibc-1.5.7.new/usr/klibc/arch/i386/syscall.S	2008-04-03 12:10:59.000000000 -0700
+@@ -67,3 +67,7 @@
+ __syscall_varadic = __syscall_common
+ 
+ #endif
++
++#if defined(__linux__) && defined(__ELF__)
++.section .note.GNU-stack,"",%progbits
++#endif
+diff -Nur -x '*.orig' -x '*~' klibc-1.5.7/usr/klibc/arch/i386/sysstub.ph klibc-1.5.7.new/usr/klibc/arch/i386/sysstub.ph
+--- klibc-1.5.7/usr/klibc/arch/i386/sysstub.ph	2008-04-03 12:09:55.000000000 -0700
++++ klibc-1.5.7.new/usr/klibc/arch/i386/sysstub.ph	2008-04-03 12:11:30.000000000 -0700
+@@ -20,6 +20,10 @@
+     print OUT "\tpushl \$__NR_${sname}\n";
+     print OUT "\tjmp __syscall_$stype\n";
+     print OUT "\t.size ${fname},.-${fname}\n";
++    print OUT "\n";
++    print OUT "#if defined(__linux__) && defined(__ELF__)\n";
++    print OUT ".section .note.GNU-stack,\"\",%progbits\n";
++    print OUT "#endif\n";
+     close(OUT);
+ }
+ 
+diff -Nur -x '*.orig' -x '*~' klibc-1.5.7/usr/klibc/arch/i386/varsyscall.S klibc-1.5.7.new/usr/klibc/arch/i386/varsyscall.S
+--- klibc-1.5.7/usr/klibc/arch/i386/varsyscall.S	2008-04-03 12:09:55.000000000 -0700
++++ klibc-1.5.7.new/usr/klibc/arch/i386/varsyscall.S	2008-04-03 12:10:59.000000000 -0700
+@@ -34,3 +34,7 @@
+ 	.size	__syscall_varadic,.-__syscall_varadic
+ 
+ #endif
++
++#if defined(__linux__) && defined(__ELF__)
++.section .note.GNU-stack,"",%progbits
++#endif
+diff -Nur -x '*.orig' -x '*~' klibc-1.5.7/usr/klibc/arch/i386/vfork.S klibc-1.5.7.new/usr/klibc/arch/i386/vfork.S
+--- klibc-1.5.7/usr/klibc/arch/i386/vfork.S	2008-04-03 12:09:55.000000000 -0700
++++ klibc-1.5.7.new/usr/klibc/arch/i386/vfork.S	2008-04-03 12:10:59.000000000 -0700
+@@ -24,3 +24,7 @@
+ 	movl	%eax, errno
+ 	orl	$-1, %eax
+ 	ret
++
++#if defined(__linux__) && defined(__ELF__)
++.section .note.GNU-stack,"",%progbits
++#endif
+diff -Nur -x '*.orig' -x '*~' klibc-1.5.7/usr/klibc/interp.S klibc-1.5.7.new/usr/klibc/interp.S
+--- klibc-1.5.7/usr/klibc/interp.S	2008-04-03 12:09:55.000000000 -0700
++++ klibc-1.5.7.new/usr/klibc/interp.S	2008-04-03 12:10:59.000000000 -0700
+@@ -11,3 +11,7 @@
+         .ascii SOHASH
+         .ascii ".so"
+         .byte 0
++
++#if defined(__linux__) && defined(__ELF__)
++.section .note.GNU-stack,"",%progbits
++#endif
+diff -Nur -x '*.orig' -x '*~' klibc-1.5.7/usr/klibc/socketcalls.pl klibc-1.5.7.new/usr/klibc/socketcalls.pl
+--- klibc-1.5.7/usr/klibc/socketcalls.pl	2007-09-04 01:17:12.000000000 -0700
++++ klibc-1.5.7.new/usr/klibc/socketcalls.pl	2008-04-03 12:11:47.000000000 -0700
+@@ -56,6 +56,10 @@
+ 	    print OUT "\tpushl	\$SYS_\U${name}\n";
+ 	    print OUT "\tjmp	__socketcall_common\n";
+ 	    print OUT "\t.size ${name},.-${name}\n";
++	    print OUT "\n";
++	    print OUT "#if defined(__linux__) && defined(__ELF__)\n";
++	    print OUT ".section .note.GNU-stack,\"\",%progbits\n";
++	    print OUT "#endif\n";
+ 	    close(OUT);
+ 	} else {
+ 	    open(OUT, "> ${outputdir}/${name}.c")