3
0
Fork 0
forked from mirrors/nixpkgs

libffi: Add support for grsecurity

Patch taken from Hardened Gentoo
This commit is contained in:
Ricardo M. Correia 2014-03-17 18:52:16 +01:00
parent 72b711bb1f
commit 1074a3143e
2 changed files with 42 additions and 1 deletions

View file

@ -8,9 +8,13 @@ stdenv.mkDerivation rec {
sha256 = "077ibkf84bvcd6rw1m6jb107br63i2pp301rkmsbgg6300adxp8x";
};
patches = stdenv.lib.optional (stdenv.needsPax) ./libffi-3.0.13-emutramp_pax_proc.patch;
buildInputs = stdenv.lib.optional doCheck dejagnu;
configureFlags = [ "--with-gcc-arch=generic" ]; # no detection of -march= or -mtune=
configureFlags = [
"--with-gcc-arch=generic" # no detection of -march= or -mtune=
] ++ stdenv.lib.optional (stdenv.needsPax) "--enable-pax_emutramp";
doCheck = stdenv.isLinux; # until we solve dejagnu problems on darwin and expect on BSD

View file

@ -0,0 +1,37 @@
2013-05-22 Magnus Granberg <zorry@gentoo.org>
#457194
* src/closuer.c (emutramp_enabled_check): Check with /proc.
--- a/src/closures.c 2013-03-17 23:27:11.000000000 +0100
+++ b/src/closures.c 2013-04-29 23:26:02.279022022 +0200
@@ -181,10 +181,26 @@ static int emutramp_enabled = -1;
static int
emutramp_enabled_check (void)
{
- if (getenv ("FFI_DISABLE_EMUTRAMP") == NULL)
- return 1;
- else
+ char *buf = NULL;
+ size_t len = 0;
+ FILE *f;
+ int ret;
+ f = fopen ("/proc/self/status", "r");
+ if (f == NULL)
return 0;
+ ret = 0;
+
+ while (getline (&buf, &len, f) != -1)
+ if (!strncmp (buf, "PaX:", 4))
+ {
+ char emutramp;
+ if (sscanf (buf, "%*s %*c%c", &emutramp) == 1)
+ ret = (emutramp == 'E');
+ break;
+ }
+ free (buf);
+ fclose (f);
+ return ret;
}
#define is_emutramp_enabled() (emutramp_enabled >= 0 ? emutramp_enabled \