Merge pull request #66454 from ruuda/libcrypto-noexecstack

libressl: build libcrypto with noexecstack
author: Matthew Bauer <mjbauer95@gmail.com> 2019-08-21 14:11:08 -0400
committer: GitHub <noreply@github.com> 2019-08-21 14:11:08 -0400
commit: 856d10a9b8338f76d4a76e7f026d5327b5cb665d (patch)
tree: a03521955e6860687d7fac462302216cf523be56 /pkgs/development/libraries/libressl
parent: 27d0689e60f681cd161a90806120317461d5ddfb (diff)
parent: fdd78a53878be5421aeb76295d6f98b7994d4b04 (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/pkgs/development/libraries/libressl/default.nix b/pkgs/development/libraries/libressl/default.nix
index 932cc2e329d8..7fbe25addc03 100644
--- a/pkgs/development/libraries/libressl/default.nix
+++ b/pkgs/development/libraries/libressl/default.nix
@@ -13,7 +13,15 @@ let
 
     nativeBuildInputs = [ cmake ];
 
-    cmakeFlags = [ "-DENABLE_NC=ON" "-DBUILD_SHARED_LIBS=ON" ];
+    cmakeFlags = [
+      "-DENABLE_NC=ON"
+      "-DBUILD_SHARED_LIBS=ON"
+      # Ensure that the output libraries do not require an executable stack.
+      # Without this define, assembly files in libcrypto do not include a
+      # .note.GNU-stack section, and if that section is missing from any object,
+      # the linker will make the stack executable.
+      "-DCMAKE_C_FLAGS=-DHAVE_GNU_STACK"
+    ];
 
     # The autoconf build is broken as of 2.9.1, resulting in the following error:
     # libressl-2.9.1/tls/.libs/libtls.a', needed by 'handshake_table'.
author	Matthew Bauer <mjbauer95@gmail.com>	2019-08-21 14:11:08 -0400
committer	GitHub <noreply@github.com>	2019-08-21 14:11:08 -0400
commit	856d10a9b8338f76d4a76e7f026d5327b5cb665d (patch)
tree	a03521955e6860687d7fac462302216cf523be56 /pkgs/development/libraries/libressl
parent	27d0689e60f681cd161a90806120317461d5ddfb (diff)
parent	fdd78a53878be5421aeb76295d6f98b7994d4b04 (diff)