I just compiled libgcrypt with --noexecstack, which adds the correct markings. This means that users of exec-shield enabled kernels can now get stack protection for applications linked with this library.
So far it does not appear to have broken anything, and the discussion of bug #321721 indicates that it shouldn't. Can this change be made to the official package? I just added the appropriate option to debian/rules, see the patch below. It would of course be nicer to mark the assembly files manually with .note.GNU-stack. --- libgcrypt11-1.2.1/debian/rules +++ libgcrypt11-1.2.1/debian/rules 2005-09-12 16:35:52.000000000 +0200 @@ -10,6 +10,7 @@ include /usr/share/cdbs/1/rules/tarball.mk endif +CFLAGS += -Wa,--noexecstack #DEB_CONFIGURE_EXTRA_FLAGS := --enable-maintainer-mode DEB_DH_STRIP_ARGS = --dbg-package=libgcrypt11 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
