Hello! A bunch of shared libraries (libcln, libgmp, libqthreads, and others) from Debian archive get marked as PT_GNU_STACK RWE, because they have assembly source files without proper .note.GNU-stack markers. However, these libraries do not need an executable stack.
Here is a fix for libgmp (note: it is necessary to re-generate the
`configure' script after applying this patch):
diff -Nru gmp-4.1.4/acinclude.m4 gmp-4.1.4-hacked/acinclude.m4
--- gmp-4.1.4/acinclude.m4 2004-09-21 17:03:09.000000000 +0400
+++ gmp-4.1.4-hacked/acinclude.m4 2005-08-18 13:15:11.000000000 +0400
@@ -817,16 +817,16 @@
dnl FIXME: The generated config.m4 doesn't get recreated by config.status.
dnl Maybe the relevant "echo"s should go through AC_CONFIG_COMMANDS.
-AC_DEFUN(GMP_INIT,
+AC_DEFUN([GMP_INIT],
[ifelse([$1], , gmp_configm4=config.m4, gmp_configm4="[$1]")
gmp_tmpconfigm4=cnfm4.tmp
gmp_tmpconfigm4i=cnfm4i.tmp
gmp_tmpconfigm4p=cnfm4p.tmp
rm -f $gmp_tmpconfigm4 $gmp_tmpconfigm4i $gmp_tmpconfigm4p
-# CONFIG_TOP_SRCDIR is a path from the mpn builddir to the top srcdir.
+# [CONFIG_TOP_SRCDIR] is a path from the mpn builddir to the top srcdir.
# The pattern here tests for an absolute path the same way as
-# _AC_OUTPUT_FILES in autoconf acgeneral.m4.
+# [_AC_OUTPUT_FILES] in autoconf acgeneral.m4.
case $srcdir in
[[\\/]]* | ?:[[\\/]]* ) tmp="$srcdir" ;;
*) tmp="../$srcdir" ;;
@@ -834,7 +834,7 @@
echo ["define(<CONFIG_TOP_SRCDIR>,<\`$tmp'>)"] >>$gmp_tmpconfigm4
# All CPUs use asm-defs.m4
-echo ["include(CONFIG_TOP_SRCDIR\`/mpn/asm-defs.m4')"] >>$gmp_tmpconfigm4i
+echo "[include][(CONFIG_TOP_SRCDIR\`/mpn/asm-defs.m4')]" >>$gmp_tmpconfigm4i
])
@@ -2570,3 +2570,30 @@
;;
esac
])
+
+dnl Checks whether the stack can be marked nonexecutable by passing an option
+dnl to the C-compiler when acting on .s files. Appends that option to ASFLAGS.
+dnl This macro is adapted from one found in GLIBC-2.3.5.
+AC_DEFUN([CL_AS_NOEXECSTACK],[
+dnl AC_REQUIRE([AC_PROG_CC]) GMP uses something else
+AC_CACHE_CHECK([whether assembler supports --noexecstack option],
+cl_cv_as_noexecstack, [dnl
+ cat > conftest.c <<EOF
+void foo() {}
+EOF
+ if AC_TRY_COMMAND([${CC} $CCFLAGS $CPPFLAGS
+ -S -o conftest.s conftest.c >/dev/null]) \
+ && grep -q .note.GNU-stack conftest.s \
+ && AC_TRY_COMMAND([${CC} $CCFLAGS $CPPFLAGS -Wa,--noexecstack
+ -c -o conftest.o conftest.s >/dev/null])
+ then
+ cl_cv_as_noexecstack=yes
+ else
+ cl_cv_as_noexecstack=no
+ fi
+ rm -f conftest*])
+ if test "$cl_cv_as_noexecstack" = yes; then
+ ASMFLAGS="$ASMFLAGS -Wa,--noexecstack"
+ fi
+ AC_SUBST(ASMFLAGS)
+])
diff -Nru gmp-4.1.4/configure.in gmp-4.1.4-hacked/configure.in
--- gmp-4.1.4/configure.in 2004-09-21 17:02:43.000000000 +0400
+++ gmp-4.1.4-hacked/configure.in 2005-08-18 13:20:26.000000000 +0400
@@ -1394,13 +1394,14 @@
AC_PROG_CC_STDC
AC_PROG_CPP
GMP_H_ANSI
+AC_PROG_CXX
# The C++ compiler, if desired.
want_cxx=no
if test $enable_cxx != no; then
test_CXXFLAGS=${CXXFLAGS+set}
- AC_PROG_CXX
+ # AC_PROG_CXX
echo "CXXFLAGS chosen by autoconf: $CXXFLAGS" >&AC_FD_CC
cxxflags_ac_prog_cxx=$CXXFLAGS
@@ -1669,6 +1670,7 @@
esac
+CL_AS_NOEXECSTACK
# The library and header checks are mostly for the benefit of supplementary
# programs. libgmp doesn't use anything too weird.
diff -Nru gmp-4.1.4/mpn/Makeasm.am gmp-4.1.4-hacked/mpn/Makeasm.am
--- gmp-4.1.4/mpn/Makeasm.am 2001-10-05 05:40:52.000000000 +0400
+++ gmp-4.1.4-hacked/mpn/Makeasm.am 2005-08-18 11:45:40.000000000 +0400
@@ -23,7 +23,7 @@
# COMPILE minus CC.
#
COMPILE_FLAGS = $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
- $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) $(ASMFLAGS)
# Flags used for preprocessing (in ansi2knr rules).
#
--
All science is either physics or stamp collecting.
signature.asc
Description: Digital signature
