3
0
Fork 0
forked from mirrors/nixpkgs
Nix Packages collection
Go to file
Ruud van Asseldonk 8b6a9202e7 libressl: build libcrypto with noexecstack
For some reasons, libcrypto would be built with the executable stack
flag set. I found out about this when Nginx failed to load the shared
library, because I was running it with MemoryDenyWriteExecute=true,
which does not permit executable stacks.

I am not sure why the stack ends up executable; the other shared
libraries which are part of LibreSSL do not have this flag set. You can
verify this with 'execstack -q'. Non-executable stacks should be the
default, and from checking some other files, that does appear to be the
case. The LibreSSL sources do not contain the string "execstack", so
I am not sure what causes the default to be overridden.

Adding '-z noexecstack' to the linker flags makes the linker unset the
flag. Now my Nginx can load the library, and so far I have not run into
other issues.
2019-08-10 22:21:57 +02:00
.github
doc doc/qt: add note about wrapQtAppsHook ignoring scripts 2019-08-09 10:11:48 -04:00
lib
maintainers elpi: 1.4.1 -> 1.6.0, and coq-elpi 2019-08-09 08:47:52 +00:00
nixos Merge pull request #66236 from worldofpeace/test-reorganize 2019-08-10 11:23:57 -04:00
pkgs libressl: build libcrypto with noexecstack 2019-08-10 22:21:57 +02:00
.editorconfig
.gitattributes
.gitignore
.version
COPYING
default.nix
README.md

logo

Code Triagers Badge Open Collective supporters

Nixpkgs is a collection of packages for the Nix package manager. It is periodically built and tested by the Hydra build daemon as so-called channels. To get channel information via git, add nixpkgs-channels as a remote:

% git remote add channels https://github.com/NixOS/nixpkgs-channels.git

For stability and maximum binary package support, it is recommended to maintain custom changes on top of one of the channels, e.g. nixos-19.03 for the latest release and nixos-unstable for the latest successful build of master:

% git remote update channels
% git rebase channels/nixos-19.03

For pull requests, please rebase onto nixpkgs master.

NixOS Linux distribution source code is located inside nixos/ folder.

Communication:

Note: MIT license does not apply to the packages built by Nixpkgs, merely to the package descriptions (Nix expressions, build scripts, and so on). It also might not apply to patches included in Nixpkgs, which may be derivative works of the packages to which they apply. The aforementioned artifacts are all covered by the licenses of the respective packages.