On grsecurity/PaX systems, unexec will fail due to a gap between
the bss section and the heap.  This can be prevented by disabling
memory randomization in temacs with "paxctl -r".
https://bugs.gentoo.org/411439
https://bugs.gentoo.org/426394
http://debbugs.gnu.org/cgi/bugreport.cgi?bug=11398

--- emacs-23.4-orig/configure.in
+++ emacs-23.4/configure.in
@@ -801,6 +801,16 @@
 dnl Don't use GZIP, which is used by gzip for additional parameters.
 AC_PATH_PROG(GZIP_PROG, gzip)
 
+if test $opsys = gnu-linux; then
+  AC_PATH_PROG(PAXCTL, paxctl,,
+    [$PATH$PATH_SEPARATOR/sbin$PATH_SEPARATOR/usr/sbin])
+  if test "X$PAXCTL" != X; then
+    AC_MSG_CHECKING([whether binaries have a PT_PAX_FLAGS header])
+    AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])],
+      [if $PAXCTL -v conftest$EXEEXT >/dev/null 2>&1; then AC_MSG_RESULT(yes)
+      else AC_MSG_RESULT(no); PAXCTL=""; fi])
+  fi
+fi
 
 ## Need makeinfo >= 4.6 (?) to build the manuals.
 AC_PATH_PROG(MAKEINFO, makeinfo, no)
--- emacs-23.4-orig/src/Makefile.in
+++ emacs-23.4/src/Makefile.in
@@ -508,6 +508,12 @@
    some cpps.  */
 TEMACS_LDFLAGS = LD_SWITCH_SYSTEM LD_SWITCH_SYSTEM_TEMACS LD_SWITCH_MACHINE LD_SWITCH_MACHINE_TEMACS
 
+/* If available, the full path to the paxctl program.
+   On grsecurity/PaX systems, unexec will fail due to a gap between
+   the bss section and the heap.  This can be prevented by disabling
+   memory randomization in temacs with "paxctl -r".  See bug#11398.  */
+PAXCTL = @PAXCTL@
+
 /* A macro which other sections of Makefile can redefine to munge the
    flags before they are passed to LD.  This is helpful if you have
    redefined LD to something odd, like "gcc".
@@ -933,6 +939,7 @@
 	-EMACSLOADPATH=${lispsource} ./emacs -q -batch -f list-load-path-shadows
 #else
 	LC_ALL=C $(RUN_TEMACS) -batch -l loadup dump
+	test "X$(PAXCTL)" = X || $(PAXCTL) -zex emacs$(EXEEXT)
 	@: This new Emacs is as functional and more efficient then
 	@: bootstrap-emacs, so let us replace it.
 	-ln -f emacs${EXEEXT} bootstrap-emacs${EXEEXT}
@@ -974,6 +981,9 @@
     -o temacs ${STARTFILES} ${obj} ${otherobj}  \
     ${LIBES}
 #endif
+#ifndef CANNOT_DUMP
+	test "X$(PAXCTL)" = X || $(PAXCTL) -r temacs$(EXEEXT)
+#endif
 
 /* We do not use ALL_LDFLAGS because LD_SWITCH_SYSTEM and LD_SWITCH_MACHINE
    often contain options that have to do with using Emacs''s crt0,
@@ -1419,6 +1429,7 @@
 	ln -f temacs${EXEEXT} bootstrap-emacs${EXEEXT}
 #else
 	$(RUN_TEMACS) --batch --load loadup bootstrap
+	test "X$(PAXCTL)" = X || $(PAXCTL) -zex emacs$(EXEEXT)
 	mv -f emacs${EXEEXT} bootstrap-emacs${EXEEXT}
 #endif /* ! defined (CANNOT_DUMP) */
 	@: Compile some files earlier to speed up further compilation.