gnupg (8 files)

cvs user wk cvs at cvs.gnupg.org
Fri Mar 11 11:49:19 CET 2005 

    Date: Friday, March 11, 2005 @ 12:02:12
  Author: wk
    Path: /cvs/gnupg/gnupg

Modified: ChangeLog NEWS README configure.ac doc/ChangeLog doc/gpg.sgml
          mpi/ChangeLog mpi/Makefile.am

* configure.ac: New option --enable-noexecstack. 

* Makefile.am (ASFLAGS): Renamed to AM_CCASFLAGS and added the
variable for non exectubale stack options.  Adapted users.


-----------------+
 ChangeLog       |    4 ++++
 NEWS            |    2 ++
 README          |    4 ++++
 configure.ac    |   27 ++++++++++++++++++++++++++-
 doc/ChangeLog   |    2 ++
 doc/gpg.sgml    |    4 ++++
 mpi/ChangeLog   |    5 +++++
 mpi/Makefile.am |    6 +++---
 8 files changed, 50 insertions(+), 4 deletions(-)


Index: gnupg/ChangeLog
diff -u gnupg/ChangeLog:1.242 gnupg/ChangeLog:1.243
--- gnupg/ChangeLog:1.242	Wed Feb 16 21:08:14 2005
+++ gnupg/ChangeLog	Fri Mar 11 12:02:12 2005
@@ -1,3 +1,7 @@
+2005-03-11  Werner Koch  <wk at g10code.com>
+
+	* configure.ac: New option --enable-noexecstack. 
+
 2005-02-16  Werner Koch  <wk at g10code.com>
 
 	Released 1.4.1rc2.
Index: gnupg/NEWS
diff -u gnupg/NEWS:1.235 gnupg/NEWS:1.236
--- gnupg/NEWS:1.235	Wed Feb 16 21:08:14 2005
+++ gnupg/NEWS	Fri Mar 11 12:02:12 2005
@@ -53,6 +53,8 @@
     * The "fetch" command of --card-edit now retrieves the key using
       the default keyserver if no URL has been stored on the card.
 
+    * New configure option --enable-noexecstack.
+
 
 Noteworthy changes in version 1.4.0 (2004-12-16)
 ------------------------------------------------
Index: gnupg/README
diff -u gnupg/README:1.93 gnupg/README:1.94
--- gnupg/README:1.93	Sun Jan 23 02:19:32 2005
+++ gnupg/README	Fri Mar 11 12:02:12 2005
@@ -607,6 +607,10 @@
                     This prevents access to certain files and won't
                     allow import or export of secret keys. 
 
+     --enable-noexecstack
+                    Pass option --noexecstack to as.  Works only when
+                    using gcc.
+
      --disable-gnupg-iconv
                     If iconv is available it is used to convert
                     between utf-8 and the system character set.  This
Index: gnupg/configure.ac
diff -u gnupg/configure.ac:1.133 gnupg/configure.ac:1.134
--- gnupg/configure.ac:1.133	Wed Feb 16 21:08:14 2005
+++ gnupg/configure.ac	Fri Mar 11 12:02:12 2005
@@ -19,7 +19,7 @@
 dnl Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
 dnl
 dnl (Process this file with autoconf to produce a configure script.)
-dnlAC_REVISION($Revision: 1.133 $)dnl
+dnlAC_REVISION($Revision: 1.134 $)dnl
 
 AC_PREREQ(2.59)
 min_automake_version="1.9.3"
@@ -102,6 +102,18 @@
     AC_DEFINE(M_GUARD,1,[Define to use the (obsolete) malloc guarding feature])
 fi
 
+# We don't have a test to check whetyer as(1) knows about the
+# non executable stackioption.  Thus we provide an option to enable
+# it.
+AC_MSG_CHECKING([whether non excutable stack support is requested])
+AC_ARG_ENABLE(noexecstack,
+              AC_HELP_STRING([--enable-noexecstack],
+                             [enable non executable stack support (gcc only)]),
+              noexecstack_support=$enableval, noexecstack_support=no)
+AC_MSG_RESULT($noexecstack_support)
+
+# SELinux support includes tracking of sensitive files to avoid
+# leaking their contents through processing these files by gpg itself
 AC_MSG_CHECKING([whether SELinux support is requested])
 AC_ARG_ENABLE(selinux-support,
               AC_HELP_STRING([--enable-selinux-support],
@@ -109,6 +121,7 @@
               selinux_support=$enableval, selinux_support=no)
 AC_MSG_RESULT($selinux_support)
 
+
 AC_MSG_CHECKING([whether OpenPGP card support is requested])
 AC_ARG_ENABLE(card-support,
               AC_HELP_STRING([--disable-card-support],
@@ -1234,14 +1247,26 @@
 AC_SUBST(NETLIBS)
 AC_SUBST(W32LIBS)
 
+# Special options used fith gcc.
 if test "$GCC" = yes; then
+    # Note that it is okay to use CFLAGS here because this are just
+    # warning options and the user should have a chance of overriding
+    #them.
     if test "$USE_MAINTAINER_MODE" = "yes"; then
         CFLAGS="$CFLAGS -Wall -Wcast-align -Wshadow -Wstrict-prototypes"
         CFLAGS="$CFLAGS -Wformat-nonliteral"
     else
         CFLAGS="$CFLAGS -Wall"
     fi
+
+    # Non exec stack hack.  Fixme: Write a test to check whether as
+    # can cope with it and use the enable-noexecstack option only to
+    # disable it in case it is required on sime platforms.
+    if test "$noexecstack_support" = yes; then
+        NOEXECSTACK_FLAGS="-Wa,--noexecstack"
+    fi
 fi
+AC_SUBST(NOEXECSTACK_FLAGS)
 
 
 if test "$print_egd_warning" = yes; then
Index: gnupg/doc/ChangeLog
diff -u gnupg/doc/ChangeLog:1.97 gnupg/doc/ChangeLog:1.98
--- gnupg/doc/ChangeLog:1.97	Mon Mar  7 14:59:59 2005
+++ gnupg/doc/ChangeLog	Fri Mar 11 12:02:12 2005
@@ -1,5 +1,7 @@
 2005-03-07  Werner Koch  <wk at g10code.com>
 
+	* gpg.sgml (comment): Add note to keep the comment short.
+
 	* DETAILS: Document new status codes.
 
 2005-02-15  Werner Koch  <wk at g10code.com>
Index: gnupg/doc/gpg.sgml
diff -u gnupg/doc/gpg.sgml:1.80 gnupg/doc/gpg.sgml:1.81
--- gnupg/doc/gpg.sgml:1.80	Tue Feb 15 12:02:31 2005
+++ gnupg/doc/gpg.sgml	Fri Mar 11 12:02:12 2005
@@ -1769,6 +1769,10 @@
 ASCII armored messages or keys (see --armor).  The default behavior is
 not to use a comment string.  --comment may be repeated multiple times
 to get multiple comment strings.  --no-comments removes all comments.
+It is a good idea to keep the length of a single comment below 60
+characters to avoid problems with mail programs wrapping such lines.
+Note, that those comment lines, like all other header lines, are not
+protected by the signature.
 </para></listitem></varlistentry>
 
 
Index: gnupg/mpi/ChangeLog
diff -u gnupg/mpi/ChangeLog:1.80 gnupg/mpi/ChangeLog:1.81
--- gnupg/mpi/ChangeLog:1.80	Mon Dec 20 11:05:20 2004
+++ gnupg/mpi/ChangeLog	Fri Mar 11 12:02:12 2005
@@ -1,3 +1,8 @@
+2005-03-11  Werner Koch  <wk at g10code.com>
+
+	* Makefile.am (ASFLAGS): Renamed to AM_CCASFLAGS and added the
+	variable for non exectubale stack options.  Adapted users.
+
 2004-12-20  Werner Koch  <wk at g10code.com>
 
 	* mpicoder.c (mpi_read_from_buffer): Don't abort in case of an
Index: gnupg/mpi/Makefile.am
diff -u gnupg/mpi/Makefile.am:1.30 gnupg/mpi/Makefile.am:1.31
--- gnupg/mpi/Makefile.am:1.30	Wed Oct 13 09:11:10 2004
+++ gnupg/mpi/Makefile.am	Fri Mar 11 12:02:12 2005
@@ -20,8 +20,8 @@
 
 
 INCLUDES = -I.. -I$(top_srcdir)/include
-AM_CFLAGS = @MPI_OPT_FLAGS@
-ASFLAGS = @MPI_SFLAGS@
+AM_CFLAGS = $(MPI_OPT_FLAGS)
+AM_CCASFLAGS = $(NOEXECSTACK_FLAGS) $(MPI_SFLAGS)
 
 EXTRA_DIST = config.links
 DISTCLEANFILES = mpi-asm-defs.h \
@@ -73,7 +73,7 @@
 # work and add one to cpp .S files
 .S.o:
 	 $(CPP) $(INCLUDES) $(DEFS) $< | grep -v '^#' > _$*.s
-	 $(COMPILE) $(ASFLAGS) -c _$*.s
+	 $(COMPILE) $(AM_CCASFLAGS) -c _$*.s
 	 mv -f _$*.o $*.o
 
 .S.lo:

More information about the Gnupg-commits mailing list