search for: noexecstack

...s.o r - kexecdhs.o r - kexc25519s.o ranlib libssh.a /usr/bin/gcc -o ssh ssh.o readconf.o clientloop.o sshtty.o sshconnect.o sshconnect1.o sshconnect2.o mux.o roaming_common.o roaming_client.o -L. -Lopenbsd-compat/ -L/usr/contrib//lib -L /usr/lib -L /usr/contrib/lib -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -lssh -lopenbsd-compat -lcrypto -ldl -lutil -lz /usr/bin/gcc -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o audit.o audit-bsm.o audit-linux.o platform.o sshpty.o sshlogin.o servconf.o serverloop.o auth.o auth1.o auth2.o auth-options.o session.o auth-chall.o auth2-chall.o g...

...f TT, MCContext &Context, MCAsmBackend &MAB, raw_ostream &OS, MCCodeEmitter *Emitter, const MCSubtargetInfo &STI, bool RelaxAll, bool NoExecStack) { MCStreamer *S = createELFStreamer(Context, MAB, OS, Emitter, RelaxAll, NoExecStack); new SparcTargetELFStreamer(*S); 1 Memory is allocated ? return S; 2 ? Potential memory leak } Have not got why is this SparcTargetELFStreamer created dynamic...

...p; pwd`/regress/Makefile `pwd`/regress/Makefile (cd openbsd-compat && make) /usr/bin/gcc -o ssh ssh.o readconf.o clientloop.o sshtty.o sshconnect.o sshconnect1.o sshconnect2.o mux.o roaming_common.o roaming_client.o -L. -Lopenbsd-compat/ -L/usr/contrib//lib -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -lssh -lopenbsd-compat -lcrypto -ldl -lutil -lz /usr/bin/gcc -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o audit.o audit-bsm.o audit-linux.o platform.o sshpty.o sshlogin.o servconf.o serverloop.o auth.o auth1.o auth2.o auth-options.o session.o auth-chall.o auth2-chall.o...

Hi, Just wondering if klibc are planning on supporting the .note.GNU-stack section and all it entails ? On sort of a related topic - we have QA tests that checks if something have executable stack. Klibc of course fails due to the many .S, and not passing --noexecstack to gas. Adding this to EXTRA_KLIBC{C,A,LD}FLAGS fixes the issue for all the syscalls, crt0.o, interp.o and the .so, as well as all the static linked binaries are also fine. All shared binaries though have executable stack, even with noexecstack passed to both gas and ld. Anybody know if the way...

On Wed, 17 Feb 2016, Tom G. Christensen wrote: > On 12/02/16 04:56, Damien Miller wrote: > > Portable OpenSSH is available via Git at > > https://anongit.mindrot.org/openssh.git/ or via a mirror on Github at > > https://github.com/openssh/openssh-portable > > > > I'm seeing a hang in the testsuite on Solaris: > run test transfer.sh ... > transfer data:

...size blocks: 80058 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 16384 size blocks: 40180 aes-128-cbc's in 3.00s OpenSSL 1.1.1d 10 Sep 2019 built on: Sat Oct 12 19:56:43 2019 UTC options:bn(64,64) rc4(8x,int) des(int) aes(partial) blowfish(ptr) compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-YwazYa/openssl-1.1.1d=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_...

...; || test "$GCC" = OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) + OSSH_CHECK_CFLAG_COMPILE([-fPIC]) + OSSH_CHECK_LDFLAG_LINK([-pie]) + OSSH_CHECK_LDFLAG_LINK([-Wa,--noexecstack]) + OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) + OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) AC_MSG_CHECKING([gcc version]) GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` case $GCC_VER in -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9...

...hardened/gnu-stack.xml and I've attempted to take the ones that make sense for openssh. >From my reading, -fPIE should be sufficient since we're not building a shared library, however having -fPIC to does not seem to hurt. Things in those pages that I don't think are needed: -Wa,--noexecstack (don't have any assembler sources) . --param=ssp-buffer-size=4 (superceded by -fstack-protector-all) Tests/comments/corrections welcome. Index: Makefile.in =================================================================== RCS file: /home/dtucker/openssh/cvs/openssh/Makefile.in,v retrieving...

...ngRef TT, MCContext &Ctx, MCAsmBackend &MAB, raw_ostream &_OS, MCCodeEmitter *_Emitter, bool RelaxAll, bool NoExecStack) { Triple TheTriple(TT); if (TheTriple.isOSDarwin() || TheTriple.getEnvironment() == Triple::MachO) return createMachOStreamer(Ctx, MAB, _OS, _Emitter, RelaxAll); if (TheTriple.isOSWindows()) return createWinCOFFStreamer(Ctx, MAB, *_Emitter, _OS, RelaxAll); return createELFStream...

Am 31.05.2017 um 15:24 schrieb Timo Sirainen: > https://dovecot.org/releases/2.2/dovecot-2.2.30.1.tar.gz > https://dovecot.org/releases/2.2/dovecot-2.2.30.1.tar.gz.sig > > Due to some release process changes I didn't notice that one important bugfix wasn't included in the v2.2.30 release branch before I made the release. So fixing it here with v2.2.30.1. Also included another

...28-cbc's in 3.00s > Doing aes-128-cbc for 3s on 16384 size blocks: 40180 aes-128-cbc's in 3.00s > OpenSSL 1.1.1d  10 Sep 2019 > built on: Sat Oct 12 19:56:43 2019 UTC > options:bn(64,64) rc4(8x,int) des(int) aes(partial) blowfish(ptr) > compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall > -Wa,--noexecstack -g -O2 > -fdebug-prefix-map=/build/openssl-YwazYa/openssl-1.1.1d=. > -fstack-protector-strong -Wformat -Werror=format-security > -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ > -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN...

...& environments did you use? unchanged as for all othe rversions including 2.2.29.1 and the only change is the new tarball %prep %setup -q -n %{name}-%{version} %build export CFLAGS="%{optflags} -fPIC -flto -ffat-lto-objects -fuse-ld=gold -fuse-linker-plugin -Wno-stack-protector -Wa,--noexecstack" export CXXFLAGS="$CFLAGS" export FFLAGS="$CFLAGS" export CPPFLAGS="$CFLAGS" export CC="gcc $CFLAGS" export SH_LDFLAGS="-Wl,--as-needed -Wl,-z,now -Wl,-z,relro -Wl,-z,noexecstack %{optflags} -flto -ffat-lto-objects -fuse-ld=gold -fuse-linker-plugi...

Hello, We're currently working on MC-JIT, focusing on runtime generation and loading of ELF object files, even on non-ELF platforms (i.e. Windows). However, we run into a problem with MC insisting to generate COFF objects on Windows, MachO on Macs and ELF only otherwise, based on the triple. Is there an existing method to generate ELF objects with MC on Windows, without modifying MC? Thanks

On 8 June 2018 at 12:09, PGNet Dev <pgnet.dev at gmail.com> wrote: [...] > /usr/bin/ld -o ssh ssh.o readconf.o clientloop.o sshtty.o sshconnect.o sshconnect2.o mux.o -L. -Lopenbsd-compat/ -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie -lssh -lopenbsd-compat -lutil -lz -lcrypt -lresolv > /usr/bin/ld: unrecognized option '-Wl,-z,relro' That's a slightly different problem: -Wl is a gcc flag that means "pass the following flag through to the linker". Since AC_LINK_I...

...ngRef TT, MCContext &Ctx, MCAsmBackend &MAB, raw_ostream &_OS, MCCodeEmitter *_Emitter, bool RelaxAll, bool NoExecStack) { Triple TheTriple(TT); if (TheTriple.isOSDarwin() || TheTriple.getEnvironment() == Triple::MachO) return createMachOStreamer(Ctx, MAB, _OS, _Emitter, RelaxAll); if (TheTriple.isOSWindows()) return createWinCOFFStreamer(Ctx, MAB, *_Emitter, _OS, RelaxAll); return createELFStream...

...-D__KLIBC__=$(KLIBCMAJOR) \ KLIBCCPPFLAGS += $(KLIBCDEFS) KLIBCCFLAGS += $(KLIBCCPPFLAGS) $(KLIBCREQFLAGS) $(KLIBCARCHREQFLAGS) \ $(KLIBCOPTFLAGS) $(KLIBCWARNFLAGS) -KLIBCAFLAGS += -D__ASSEMBLY__ $(KLIBCCFLAGS) +KLIBCAFLAGS += -D__ASSEMBLY__ -Wa,--noexecstack $(KLIBCCFLAGS) KLIBCSTRIPFLAGS += --strip-all -R .comment -R .note KLIBCLIBGCC_DEF := $(shell $(KLIBCCC) $(KLIBCCFLAGS) --print-libgcc) diff --git a/usr/klibc/Kbuild b/usr/klibc/Kbuild index b462fbec..19ccfbec 100644 --- a/usr/klibc/Kbuild +++ b/usr/klibc/Kbuild @@ -180,6 +180,7 @@ quiet_cmd_...

...build.klibc @@ -125,7 +125,7 @@ KLIBCDEFS += -D__KLIBC__=$(KLIBCMAJOR) \ KLIBCCPPFLAGS += $(KLIBCDEFS) KLIBCCFLAGS += $(KLIBCCPPFLAGS) $(KLIBCREQFLAGS) $(KLIBCARCHREQFLAGS) \ $(KLIBCOPTFLAGS) $(KLIBCWARNFLAGS) -KLIBCAFLAGS += -D__ASSEMBLY__ -Wa,--noexecstack $(KLIBCCFLAGS) +KLIBCAFLAGS += -D__ASSEMBLY__ $(KLIBCCFLAGS) KLIBCSTRIPFLAGS += --strip-all -R .comment -R .note KLIBCLIBGCC_DEF := $(shell $(KLIBCCC) $(KLIBCCFLAGS) --print-libgcc) diff --git a/usr/klibc/Kbuild b/usr/klibc/Kbuild index 24bad07d..bec9cdb4 100644 --- a/usr/klibc/Kbuild ++...

...S == "initfirst" || S == "keep-text-section-prefix" || S == "lazy" || S == "muldefs" || S == "nocombreloc" || S == "nocopyreloc" || S == "nodelete" || S == "nodlopen" || S == "noexecstack" || @@ -834,6 +835,7 @@ void LinkerDriver::readConfigs(opt::InputArgList &Args) { Config->ZCopyreloc = getZFlag(Args, "copyreloc", "nocopyreloc", true); Config->ZExecstack = getZFlag(Args, "execstack", "noexecstack", false); Config-&gt...

Also what exact distro and version are you having the problem on and what version of ld does it have? Mine is $ ld --version GNU ld version 2.29.1-23.fc28 -- Darren Tucker (dtucker at dtucker.net) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.

> Portable OpenSSH is also available via [...] Github: https://github.com/openssh/openssh-portable > > Running the regression tests supplied with Portable OpenSSH does not require installation and is a simply: > > $ ./configure && make tests I was going to try this on Kali Linux (latest version), but ran into trouble right away. No "configure" script exists