-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It would be useful for exec-shield users to have libcrypto correctly marked. Otherwise exec-shield is disabled for several important network servers where it is most useful to have it working, including the following: sshd, named, slurpd, cyrmaster, mysqld, sendmail, ntpd.
Some of these also depend on libgcrypt, so that library would also have to be looked at. FWIW, it appears that Fedora Core 4 compiles OpenSSL with - -Wa,--noexecstack as can be seen from the following lines from openssl.spec (from the openssl source RPM for FC4). This seems to indicate that OpenSSL indeed does not require an executable stack. - ------from openssl.spec:---------------------------------------------- # Add -Wa,--noexecstack here so that libcrypto's assembler modules will be # marked as not requiring an executable stack. RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack" make depend make all build-shared - ----------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDHvsmXjXn6TzcAQkRAlXXAJoDOJXom+7lm+wVIQ/53Q3K3A8WGwCfVdvU ChczMNLkYb91dpGvrZXpCNY= =knID -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

