Patches for the next release
Steve M. Robbins
steve at sumost.ca
Sat Jul 26 18:26:16 CEST 2008
Hi Torbjörn,
On Wed, Jul 23, 2008 at 05:18:11PM +0200, Torbjorn Granlund wrote:
> I am preparing GMP 4.2.3, and if you have some safe C++ portability
> changes for that release, please sedn them to the list.
If you're making a new release, please consider the following patch.
GMP builds several objects from assembly code that end up with an
executable stack. The executable stack turns out to be a problem
on systems with a security hardened kernel such as "grsec". See
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323944 for more
details.
After applying this patch, you need to run autoreconf.
Thanks,
-Steve
Index: acinclude.m4
===================================================================
RCS file: /cvsroot/pkg-gmp/gmp/acinclude.m4,v
retrieving revision 1.3
diff -u -b -B -r1.3 acinclude.m4
--- acinclude.m4 14 Apr 2006 22:48:55 -0000 1.3
+++ acinclude.m4 15 Apr 2006 06:11:48 -0000
@@ -1613,6 +1613,34 @@
])
+dnl Checks whether the stack can be marked nonexecutable by passing an option
+dnl to the C-compiler when acting on .s files. Appends that option to ASFLAGS.
+dnl This macro is adapted from one found in GLIBC-2.3.5.
+AC_DEFUN([CL_AS_NOEXECSTACK],[
+dnl AC_REQUIRE([AC_PROG_CC]) GMP uses something else
+AC_CACHE_CHECK([whether assembler supports --noexecstack option],
+cl_cv_as_noexecstack, [dnl
+ cat > conftest.c <<EOF
+void foo() {}
+EOF
+ if AC_TRY_COMMAND([${CC} $CFLAGS $CPPFLAGS
+ -S -o conftest.s conftest.c >/dev/null]) \
+ && grep -q .note.GNU-stack conftest.s \
+ && AC_TRY_COMMAND([${CC} $CFLAGS $CPPFLAGS -Wa,--noexecstack
+ -c -o conftest.o conftest.s >/dev/null])
+ then
+ cl_cv_as_noexecstack=yes
+ else
+ cl_cv_as_noexecstack=no
+ fi
+ rm -f conftest*])
+ if test "$cl_cv_as_noexecstack" = yes; then
+ ASMFLAGS="$ASMFLAGS -Wa,--noexecstack"
+ fi
+ AC_SUBST(ASMFLAGS)
+])
+
+
dnl GMP_ASM_LABEL_SUFFIX
dnl --------------------
dnl : - is usual.
Index: configure.in
===================================================================
RCS file: /cvsroot/pkg-gmp/gmp/configure.in,v
retrieving revision 1.3
diff -u -b -B -r1.3 configure.in
--- configure.in 14 Apr 2006 22:48:55 -0000 1.3
+++ configure.in 15 Apr 2006 06:11:49 -0000
@@ -2024,6 +2024,8 @@
# Automake ansi2knr support.
AM_C_PROTOTYPES
+CL_AS_NOEXECSTACK
+
GMP_PROG_AR
GMP_PROG_NM
Index: mpn/Makeasm.am
===================================================================
RCS file: /cvsroot/pkg-gmp/gmp/mpn/Makeasm.am,v
retrieving revision 1.5
diff -u -b -B -r1.5 Makeasm.am
--- mpn/Makeasm.am 14 Apr 2006 22:48:59 -0000 1.5
+++ mpn/Makeasm.am 15 Apr 2006 06:11:49 -0000
@@ -24,7 +24,7 @@
# COMPILE minus CC.
#
COMPILE_FLAGS = $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
- $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) $(ASMFLAGS)
# Flags used for preprocessing (in ansi2knr rules).
#
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://gmplib.org/list-archives/gmp-bugs/attachments/20080726/5d76af37/attachment.bin
More information about the gmp-bugs
mailing list