forked from pool/liboqs
Marcus Meissner
1b13ac9e9a
- Add upstream changes: * 0001-Add-support-for-powerpc64.-1160.patch * 0002-Mark-stack-non-executable-when-compiling-with-clang-.patch - Spec cleanup OBS-URL: https://build.opensuse.org/request/show/986335 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/liboqs?expand=0&rev=5
84 lines
2.7 KiB
Diff
84 lines
2.7 KiB
Diff
From 9f72562d661a0fd1b5773966fb199a8faea144c1 Mon Sep 17 00:00:00 2001
|
|
From: Douglas Stebila <dstebila@users.noreply.github.com>
|
|
Date: Sun, 9 Jan 2022 11:30:10 -0500
|
|
Subject: [PATCH 2/2] Mark stack non-executable when compiling with clang or
|
|
gcc (#1161)
|
|
|
|
* Mark stack non-executable when compiling with clang or gcc
|
|
|
|
Fixes #1159
|
|
|
|
* Change noexecstack option on gcc
|
|
|
|
* Use gcc noexecstack only on non-Darwin
|
|
|
|
* Check for non-executable stack in shared object builds on Linux
|
|
---
|
|
.CMake/compiler_opts.cmake | 4 ++++
|
|
tests/{test_namespace.py => test_binary.py} | 16 ++++++++++++++++
|
|
2 files changed, 20 insertions(+)
|
|
rename tests/{test_namespace.py => test_binary.py} (74%)
|
|
|
|
diff --git a/.CMake/compiler_opts.cmake b/.CMake/compiler_opts.cmake
|
|
index 9dd5b32..72c741a 100644
|
|
--- a/.CMake/compiler_opts.cmake
|
|
+++ b/.CMake/compiler_opts.cmake
|
|
@@ -67,6 +67,7 @@ if(CMAKE_C_COMPILER_ID MATCHES "Clang")
|
|
add_compile_options(-Wextra)
|
|
add_compile_options(-Wpedantic)
|
|
add_compile_options(-Wno-unused-command-line-argument)
|
|
+ set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -Wa,--noexecstack")
|
|
|
|
if(NOT ${OQS_BUILD_ONLY_LIB})
|
|
set(THREADS_PREFER_PTHREAD_FLAG ON)
|
|
@@ -117,6 +118,9 @@ elseif(CMAKE_C_COMPILER_ID STREQUAL "GNU")
|
|
add_compile_options(-Wformat=2)
|
|
add_compile_options(-Wfloat-equal)
|
|
add_compile_options(-Wwrite-strings)
|
|
+ if (NOT CMAKE_SYSTEM_NAME STREQUAL "Darwin")
|
|
+ set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -Wa,--noexecstack")
|
|
+ endif()
|
|
|
|
if(NOT ${OQS_BUILD_ONLY_LIB})
|
|
set(THREADS_PREFER_PTHREAD_FLAG ON)
|
|
diff --git a/tests/test_namespace.py b/tests/test_binary.py
|
|
similarity index 74%
|
|
rename from tests/test_namespace.py
|
|
rename to tests/test_binary.py
|
|
index 9a3fb9e..d212f41 100644
|
|
--- a/tests/test_namespace.py
|
|
+++ b/tests/test_binary.py
|
|
@@ -1,6 +1,7 @@
|
|
# SPDX-License-Identifier: MIT
|
|
|
|
import helpers
|
|
+import os
|
|
import pytest
|
|
import sys
|
|
import glob
|
|
@@ -51,6 +52,21 @@ def test_namespace():
|
|
|
|
assert(len(non_namespaced) == 0)
|
|
|
|
+@helpers.filtered_test
|
|
+@pytest.mark.skipif(not(sys.platform.startswith("linux")), reason="Only supported on Linux")
|
|
+@pytest.mark.skipif(not(os.path.exists(helpers.get_current_build_dir_name()+'/lib/liboqs.so')), reason="Only supported on builds with a shared library")
|
|
+def test_non_executable_stack():
|
|
+ liboqs = helpers.get_current_build_dir_name()+'/lib/liboqs.so'
|
|
+ out = helpers.run_subprocess(
|
|
+ ['readelf', '--wide', '--segments', liboqs]
|
|
+ )
|
|
+ lines = out.strip().split("\n")
|
|
+ for line in lines:
|
|
+ if "GNU_STACK" in line:
|
|
+ chunks = line.strip().split()
|
|
+ flags = chunks[6]
|
|
+ assert(flags == 'RW')
|
|
+
|
|
if __name__ == "__main__":
|
|
import sys
|
|
pytest.main(sys.argv)
|
|
--
|
|
2.36.1
|
|
|