From 4d498fa65b6b8fab6c9f777a10d6725ae32ebecc Mon Sep 17 00:00:00 2001
From: Oskari Rauta <oskari.rauta@gmail.com>
Date: Sun, 12 Mar 2023 18:30:35 +0200
Subject: [PATCH] zerotier: do not allow executable stack

zerotier as default has executable stack.
[   11.343143] process '/usr/bin/zerotier-one' started with executable stack

executable stacks are not recommend, possibly provide a threat and there
seems to be no advantage of executable stack with zerotier-one - so let's
build it without instead.

Stack is executable on x86_64, but not on all archs, such as ramips.

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit 56f30520f2413f9f1434def5b533a265912aea1c)
---
 net/zerotier/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/zerotier/Makefile b/net/zerotier/Makefile
index 47e3f7a630..01ad05248f 100644
--- a/net/zerotier/Makefile
+++ b/net/zerotier/Makefile
@@ -58,8 +58,8 @@ endif
 endef
 
 # Make binary smaller
-TARGET_CFLAGS += -ffunction-sections -fdata-sections
-TARGET_LDFLAGS += -Wl,--gc-sections,--as-needed
+TARGET_CFLAGS += -ffunction-sections -fdata-sections -Wl,-z,noexecstack
+TARGET_LDFLAGS += -Wl,--gc-sections,--as-needed -Wl,-z,noexecstack
 
 define Package/zerotier/conffiles
 /etc/config/zerotier