* configure.ac: New option --enable-noexecstack.

* Makefile.am (ASFLAGS): Renamed to AM_CCASFLAGS and added the variable for non exectubale stack options. Adapted users.
2025-01-30 16:17:02 +01:00 · 2005-03-11 11:02:12 +00:00 · 2005-03-11 11:02:12 +00:00 · f0e9a1ff4f
commit f0e9a1ff4f
parent 9bf9389179
8 changed files with 49 additions and 3 deletions
--- a/4
+++ b/4
@ -1,3 +1,7 @@
+2005-03-11  Werner Koch  <wk@g10code.com>
+
+	* configure.ac: New option --enable-noexecstack. 
+
 2005-02-16  Werner Koch  <wk@g10code.com>

 	Released 1.4.1rc2.
--- a/2
+++ b/2
@ -53,6 +53,8 @@ Noteworthy changes in version 1.4.1
    * The "fetch" command of --card-edit now retrieves the key using
      the default keyserver if no URL has been stored on the card.

+    * New configure option --enable-noexecstack.
+

 Noteworthy changes in version 1.4.0 (2004-12-16)
 ------------------------------------------------
--- a/4
+++ b/4
@ -607,6 +607,10 @@
                    This prevents access to certain files and won't
                    allow import or export of secret keys. 

+     --enable-noexecstack
+                    Pass option --noexecstack to as.  Works only when
+                    using gcc.
+
     --disable-gnupg-iconv
                    If iconv is available it is used to convert
                    between utf-8 and the system character set.  This
--- a/configure.ac
+++ b/configure.ac
@ -102,6 +102,18 @@ if test "$use_m_guard" = yes ; then
    AC_DEFINE(M_GUARD,1,[Define to use the (obsolete) malloc guarding feature])
 fi

+# We don't have a test to check whetyer as(1) knows about the
+# non executable stackioption.  Thus we provide an option to enable
+# it.
+AC_MSG_CHECKING([whether non excutable stack support is requested])
+AC_ARG_ENABLE(noexecstack,
+              AC_HELP_STRING([--enable-noexecstack],
+                             [enable non executable stack support (gcc only)]),
+              noexecstack_support=$enableval, noexecstack_support=no)
+AC_MSG_RESULT($noexecstack_support)
+
+# SELinux support includes tracking of sensitive files to avoid
+# leaking their contents through processing these files by gpg itself
 AC_MSG_CHECKING([whether SELinux support is requested])
 AC_ARG_ENABLE(selinux-support,
              AC_HELP_STRING([--enable-selinux-support],
@ -109,6 +121,7 @@ AC_ARG_ENABLE(selinux-support,
              selinux_support=$enableval, selinux_support=no)
 AC_MSG_RESULT($selinux_support)

+
 AC_MSG_CHECKING([whether OpenPGP card support is requested])
 AC_ARG_ENABLE(card-support,
              AC_HELP_STRING([--disable-card-support],
@ -1234,14 +1247,26 @@ esac
 AC_SUBST(NETLIBS)
 AC_SUBST(W32LIBS)

+# Special options used fith gcc.
 if test "$GCC" = yes; then
+    # Note that it is okay to use CFLAGS here because this are just
+    # warning options and the user should have a chance of overriding
+    #them.
    if test "$USE_MAINTAINER_MODE" = "yes"; then
        CFLAGS="$CFLAGS -Wall -Wcast-align -Wshadow -Wstrict-prototypes"
        CFLAGS="$CFLAGS -Wformat-nonliteral"
    else
        CFLAGS="$CFLAGS -Wall"
    fi
+
+    # Non exec stack hack.  Fixme: Write a test to check whether as
+    # can cope with it and use the enable-noexecstack option only to
+    # disable it in case it is required on sime platforms.
+    if test "$noexecstack_support" = yes; then
+        NOEXECSTACK_FLAGS="-Wa,--noexecstack"
+    fi
 fi
+AC_SUBST(NOEXECSTACK_FLAGS)


 if test "$print_egd_warning" = yes; then
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@ -1,5 +1,7 @@
 2005-03-07  Werner Koch  <wk@g10code.com>

+	* gpg.sgml (comment): Add note to keep the comment short.
+
 	* DETAILS: Document new status codes.

 2005-02-15  Werner Koch  <wk@g10code.com>
--- a/doc/gpg.sgml
+++ b/doc/gpg.sgml
@ -1769,6 +1769,10 @@ Use &ParmString; as a comment string in clear text signatures and
 ASCII armored messages or keys (see --armor).  The default behavior is
 not to use a comment string.  --comment may be repeated multiple times
 to get multiple comment strings.  --no-comments removes all comments.
+It is a good idea to keep the length of a single comment below 60
+characters to avoid problems with mail programs wrapping such lines.
+Note, that those comment lines, like all other header lines, are not
+protected by the signature.
 </para></listitem></varlistentry>


--- a/mpi/ChangeLog
+++ b/mpi/ChangeLog
@ -1,3 +1,8 @@
+2005-03-11  Werner Koch  <wk@g10code.com>
+
+	* Makefile.am (ASFLAGS): Renamed to AM_CCASFLAGS and added the
+	variable for non exectubale stack options.  Adapted users.
+
 2004-12-20  Werner Koch  <wk@g10code.com>

 	* mpicoder.c (mpi_read_from_buffer): Don't abort in case of an
--- a/mpi/Makefile.am
+++ b/mpi/Makefile.am
@ -20,8 +20,8 @@


 INCLUDES = -I.. -I$(top_srcdir)/include
-AM_CFLAGS = @MPI_OPT_FLAGS@
-ASFLAGS = @MPI_SFLAGS@
+AM_CFLAGS = $(MPI_OPT_FLAGS)
+AM_CCASFLAGS = $(NOEXECSTACK_FLAGS) $(MPI_SFLAGS)

 EXTRA_DIST = config.links
 DISTCLEANFILES = mpi-asm-defs.h \
@ -73,7 +73,7 @@ libmpi_a_LIBADD = $(common_asm_objects) @MPI_EXTRA_ASM_OBJS@
 # work and add one to cpp .S files
 .S.o:
 	 $(CPP) $(INCLUDES) $(DEFS) $< | grep -v '^#' > _$*.s
-	 $(COMPILE) $(ASFLAGS) -c _$*.s
+	 $(COMPILE) $(AM_CCASFLAGS) -c _$*.s
 	 mv -f _$*.o $*.o

 .S.lo: