File 0002-Mark-stack-non-executable-when-compiling-with-clang-.patch of Package liboqs

From 9f72562d661a0fd1b5773966fb199a8faea144c1 Mon Sep 17 00:00:00 2001
From: Douglas Stebila <dstebila@users.noreply.github.com>
Date: Sun, 9 Jan 2022 11:30:10 -0500
Subject: [PATCH 2/2] Mark stack non-executable when compiling with clang or
 gcc (#1161)

* Mark stack non-executable when compiling with clang or gcc

Fixes #1159

* Change noexecstack option on gcc

* Use gcc noexecstack only on non-Darwin

* Check for non-executable stack in shared object builds on Linux
---
 .CMake/compiler_opts.cmake                  |  4 ++++
 tests/{test_namespace.py => test_binary.py} | 16 ++++++++++++++++
 2 files changed, 20 insertions(+)
 rename tests/{test_namespace.py => test_binary.py} (74%)

diff --git a/.CMake/compiler_opts.cmake b/.CMake/compiler_opts.cmake
index 9dd5b32..72c741a 100644
--- a/.CMake/compiler_opts.cmake
+++ b/.CMake/compiler_opts.cmake
@@ -67,6 +67,7 @@ if(CMAKE_C_COMPILER_ID MATCHES "Clang")
     add_compile_options(-Wextra)
     add_compile_options(-Wpedantic)
     add_compile_options(-Wno-unused-command-line-argument)
+    set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -Wa,--noexecstack")
 
     if(NOT ${OQS_BUILD_ONLY_LIB})
         set(THREADS_PREFER_PTHREAD_FLAG ON)
@@ -117,6 +118,9 @@ elseif(CMAKE_C_COMPILER_ID STREQUAL "GNU")
     add_compile_options(-Wformat=2)
     add_compile_options(-Wfloat-equal)
     add_compile_options(-Wwrite-strings)
+    if (NOT CMAKE_SYSTEM_NAME STREQUAL "Darwin")
+        set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -Wa,--noexecstack")
+    endif()
 
     if(NOT ${OQS_BUILD_ONLY_LIB})
         set(THREADS_PREFER_PTHREAD_FLAG ON)
diff --git a/tests/test_namespace.py b/tests/test_binary.py
similarity index 74%
rename from tests/test_namespace.py
rename to tests/test_binary.py
index 9a3fb9e..d212f41 100644
--- a/tests/test_namespace.py
+++ b/tests/test_binary.py
@@ -1,6 +1,7 @@
 # SPDX-License-Identifier: MIT
 
 import helpers
+import os
 import pytest
 import sys
 import glob
@@ -51,6 +52,21 @@ def test_namespace():
 
     assert(len(non_namespaced) == 0)
 
+@helpers.filtered_test
+@pytest.mark.skipif(not(sys.platform.startswith("linux")), reason="Only supported on Linux")
+@pytest.mark.skipif(not(os.path.exists(helpers.get_current_build_dir_name()+'/lib/liboqs.so')), reason="Only supported on builds with a shared library")
+def test_non_executable_stack():
+    liboqs = helpers.get_current_build_dir_name()+'/lib/liboqs.so'
+    out = helpers.run_subprocess(
+        ['readelf', '--wide', '--segments', liboqs]
+    )
+    lines = out.strip().split("\n")
+    for line in lines:
+        if "GNU_STACK" in line:
+            chunks = line.strip().split()
+            flags = chunks[6]
+            assert(flags == 'RW')
+
 if __name__ == "__main__":
     import sys
     pytest.main(sys.argv)
-- 
2.36.1