Patches for the next release

Steve M. Robbins steve at sumost.ca
Sat Jul 26 18:26:16 CEST 2008 

Hi Torbjörn,

On Wed, Jul 23, 2008 at 05:18:11PM +0200, Torbjorn Granlund wrote:

> I am preparing GMP 4.2.3, and if you have some safe C++ portability
> changes for that release, please sedn them to the list.

If you're making a new release, please consider the following patch.
GMP builds several objects from assembly code that end up with an
executable stack.  The executable stack turns out to be a problem 
on systems with a security hardened kernel such as "grsec".  See
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323944 for more
details.

After applying this patch, you need to run autoreconf.

Thanks,
-Steve

Index: acinclude.m4
===================================================================
RCS file: /cvsroot/pkg-gmp/gmp/acinclude.m4,v
retrieving revision 1.3
diff -u -b -B -r1.3 acinclude.m4
--- acinclude.m4	14 Apr 2006 22:48:55 -0000	1.3
+++ acinclude.m4	15 Apr 2006 06:11:48 -0000
@@ -1613,6 +1613,34 @@
 ])
 
 
+dnl Checks whether the stack can be marked nonexecutable by passing an option
+dnl to the C-compiler when acting on .s files. Appends that option to ASFLAGS.
+dnl This macro is adapted from one found in GLIBC-2.3.5.
+AC_DEFUN([CL_AS_NOEXECSTACK],[
+dnl AC_REQUIRE([AC_PROG_CC]) GMP uses something else
+AC_CACHE_CHECK([whether assembler supports --noexecstack option],
+cl_cv_as_noexecstack, [dnl
+  cat > conftest.c <<EOF
+void foo() {}
+EOF
+  if AC_TRY_COMMAND([${CC} $CFLAGS $CPPFLAGS
+                     -S -o conftest.s conftest.c >/dev/null]) \
+     && grep -q .note.GNU-stack conftest.s \
+     && AC_TRY_COMMAND([${CC} $CFLAGS $CPPFLAGS -Wa,--noexecstack
+                       -c -o conftest.o conftest.s >/dev/null])
+  then
+    cl_cv_as_noexecstack=yes
+  else
+    cl_cv_as_noexecstack=no
+  fi
+  rm -f conftest*])
+  if test "$cl_cv_as_noexecstack" = yes; then
+    ASMFLAGS="$ASMFLAGS -Wa,--noexecstack"
+  fi
+  AC_SUBST(ASMFLAGS)
+])
+
+
 dnl  GMP_ASM_LABEL_SUFFIX
 dnl  --------------------
 dnl  : - is usual.
Index: configure.in
===================================================================
RCS file: /cvsroot/pkg-gmp/gmp/configure.in,v
retrieving revision 1.3
diff -u -b -B -r1.3 configure.in
--- configure.in	14 Apr 2006 22:48:55 -0000	1.3
+++ configure.in	15 Apr 2006 06:11:49 -0000
@@ -2024,6 +2024,8 @@
 # Automake ansi2knr support.
 AM_C_PROTOTYPES
 
+CL_AS_NOEXECSTACK
+
 GMP_PROG_AR
 GMP_PROG_NM
 
Index: mpn/Makeasm.am
===================================================================
RCS file: /cvsroot/pkg-gmp/gmp/mpn/Makeasm.am,v
retrieving revision 1.5
diff -u -b -B -r1.5 Makeasm.am
--- mpn/Makeasm.am	14 Apr 2006 22:48:59 -0000	1.5
+++ mpn/Makeasm.am	15 Apr 2006 06:11:49 -0000
@@ -24,7 +24,7 @@
 # COMPILE minus CC.
 #
 COMPILE_FLAGS = $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) $(ASMFLAGS)
 
 # Flags used for preprocessing (in ansi2knr rules).
 #
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://gmplib.org/list-archives/gmp-bugs/attachments/20080726/5d76af37/attachment.bin

More information about the gmp-bugs mailing list