Hello! On Wed, 14 Sep 2005 20:31:20 +0200, Werner Koch wrote:
> I have just added a configure time option --enable-noexecstack to the
> upstream source. It is the same thing as we did with GnuPG a while
> ago. I hope that eventually someone will find the time to write a
> short autoconf tests, so that we don't need this option anymore.
Here it is:
diff -Nru libgcrypt11-1.2.1/acinclude.m4 libgcrypt11-1.2.1-hacked/acinclude.m4
--- libgcrypt11-1.2.1/acinclude.m4 2005-07-04 14:26:55.000000000 +0400
+++ libgcrypt11-1.2.1-hacked/acinclude.m4 2005-10-22 17:00:11.000000000
+0400
@@ -727,3 +727,30 @@
fi
])
+dnl Checks whether the stack can be marked nonexecutable by passing an option
+dnl to the C-compiler when acting on .s files. Appends that option to
CCASFLAGS.
+dnl This macro is adapted from one found in GLIBC-2.3.5.
+AC_DEFUN([CL_AS_NOEXECSTACK],[
+AC_REQUIRE([AC_PROG_CC])
+AC_REQUIRE([AM_PROG_AS])
+AC_CACHE_CHECK([whether assembler supports --noexecstack option],
+cl_cv_as_noexecstack, [dnl
+ cat > conftest.c <<EOF
+void foo() {}
+EOF
+ if AC_TRY_COMMAND([${CC} $CFLAGS $CPPFLAGS
+ -S -o conftest.s conftest.c >/dev/null]) \
+ && grep -q .note.GNU-stack conftest.s \
+ && AC_TRY_COMMAND([${CCAS} $CCASFLAGS $CPPFLAGS -Wa,--noexecstack
+ -c -o conftest.o conftest.s >/dev/null])
+ then
+ cl_cv_as_noexecstack=yes
+ else
+ cl_cv_as_noexecstack=no
+ fi
+ rm -f conftest*])
+ if test "$cl_cv_as_noexecstack" = yes; then
+ CCASFLAGS="$CCASFLAGS -Wa,--noexecstack"
+ fi
+])
+
diff -Nru libgcrypt11-1.2.1/configure.ac libgcrypt11-1.2.1-hacked/configure.ac
--- libgcrypt11-1.2.1/configure.ac 2005-10-21 14:51:47.000000000 +0400
+++ libgcrypt11-1.2.1-hacked/configure.ac 2005-10-22 16:58:33.000000000
+0400
@@ -380,6 +380,7 @@
AC_PROG_CC
AC_PROG_CPP
AM_PROG_AS
+CL_AS_NOEXECSTACK
AC_ISC_POSIX
AC_PROG_INSTALL
AC_PROG_AWK
--
All science is either physics or stamp collecting.
signature.asc
Description: Digital signature
