diff options
author | maya <maya@pkgsrc.org> | 2019-09-30 09:51:16 +0000 |
---|---|---|
committer | maya <maya@pkgsrc.org> | 2019-09-30 09:51:16 +0000 |
commit | a4054bd216df0e59cc228e94867a87048065fc71 (patch) | |
tree | c0912605ca81258e57d3d3a2522cdd777d6856e6 /security | |
parent | ded60c9536ec5b441445088a7c3623fe25eea4ff (diff) | |
download | pkgsrc-a4054bd216df0e59cc228e94867a87048065fc71.tar.gz |
gnutls: backport upstream commit to avoid text relocations on i386.
Regenerate asm files with -fPIC
PR pkg/54555: security/gnutls 3.6.9 runs afoul of PAX MPROTECT and
text relocations on netbsd-9/i386
Bump PKGREVISION.
Diffstat (limited to 'security')
-rw-r--r-- | security/gnutls/Makefile | 4 | ||||
-rw-r--r-- | security/gnutls/distinfo | 4 | ||||
-rw-r--r-- | security/gnutls/patches/patch-cfg.mk | 90 | ||||
-rw-r--r-- | security/gnutls/patches/patch-lib_accelerated_x86_elf_aesni-x86.s | 27 |
4 files changed, 122 insertions, 3 deletions
diff --git a/security/gnutls/Makefile b/security/gnutls/Makefile index 70be935e14a..1b0cf06020e 100644 --- a/security/gnutls/Makefile +++ b/security/gnutls/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.200 2019/09/18 15:27:05 ng0 Exp $ +# $NetBSD: Makefile,v 1.201 2019/09/30 09:51:16 maya Exp $ DISTNAME= gnutls-3.6.9 -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= security devel MASTER_SITES= https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/ EXTRACT_SUFX= .tar.xz diff --git a/security/gnutls/distinfo b/security/gnutls/distinfo index acb9f8ea687..ce37d67e14f 100644 --- a/security/gnutls/distinfo +++ b/security/gnutls/distinfo @@ -1,12 +1,14 @@ -$NetBSD: distinfo,v 1.138 2019/09/16 17:01:46 nros Exp $ +$NetBSD: distinfo,v 1.139 2019/09/30 09:51:16 maya Exp $ SHA1 (gnutls-3.6.9.tar.xz) = 4a12757b129562ae92a01ca890ed282050595296 RMD160 (gnutls-3.6.9.tar.xz) = 2771adabb5342b24fbebcb69b324924ee2b56513 SHA512 (gnutls-3.6.9.tar.xz) = a9fd0f4edae4c081d5c539ba2e5574a4d7294bc00c5c73ea25ce26cb7fd126299c2842a282d45ef5cf0544108f27066e587df28776bc7915143d190d7d5b9d07 Size (gnutls-3.6.9.tar.xz) = 5773928 bytes +SHA1 (patch-cfg.mk) = c91374a0f9c3031ea90d7f8c455d9e7e42de464b SHA1 (patch-config.h.in) = 9f403bd91ddb90d970ba56f91a56e0339848c026 SHA1 (patch-configure) = 0fcfa9255f15a43aced7262bc2c5084945910aec SHA1 (patch-lib_Makefile.in) = c9a6bbe6238ccd9de41c708012e36b202d2a86e7 +SHA1 (patch-lib_accelerated_x86_elf_aesni-x86.s) = 834fe259954c1806185d95a5029ba0379bd31cce SHA1 (patch-lib_accelerated_x86_x86-common.c) = ccbf4e01f5bcb01b998e80294ecae2f0413680b8 SHA1 (patch-lib_system_certs.c) = fba74b2834a36d66bddcd7d3405d0c91c1b14efc SHA1 (patch-src_libopts_autoopts_options.h) = 9202c55314fe8764ac82c95bbfabfa1b031e9ba4 diff --git a/security/gnutls/patches/patch-cfg.mk b/security/gnutls/patches/patch-cfg.mk new file mode 100644 index 00000000000..056aef34e68 --- /dev/null +++ b/security/gnutls/patches/patch-cfg.mk @@ -0,0 +1,90 @@ +$NetBSD: patch-cfg.mk,v 1.1 2019/09/30 09:51:16 maya Exp $ + +Avoid text relocations. + +commit 56b333df895475b202780add2e873c7cf5ade0d3 +Author: Andreas Metzler <ametzler@debian.org> +Date: Sat Sep 28 14:28:12 2019 +0200 + + Regenerate asm files with -fPIC + + CRYPTOGAMS' perl-scripts can produce different output if -fPIC is passed + as option. Set -fPIC for the same files as openssl does. + + Closes #818 + +--- cfg.mk.orig 2019-06-28 19:06:07.000000000 +0000 ++++ cfg.mk +@@ -143,6 +143,12 @@ ASM_SOURCES_XXX := \ + lib/accelerated/x86/XXX/aes-ssse3-x86.s \ + lib/accelerated/x86/XXX/aes-ssse3-x86_64.s + ++# CRYPTOGAMS' perl-scripts can produce different output if -fPIC ++# is passed as option. List the files that seem to need it: ++PL_NEEDS_FPIC := aesni-x86.pl aes-ssse3-x86.pl e_padlock-x86.pl \ ++ ghash-x86.pl sha1-ssse3-x86.pl sha256-ssse3-x86.pl \ ++ sha512-ssse3-x86.pl ++ + ASM_SOURCES_ELF := $(subst XXX,elf,$(ASM_SOURCES_XXX)) + ASM_SOURCES_COFF := $(subst XXX,coff,$(ASM_SOURCES_XXX)) + ASM_SOURCES_MACOSX := $(subst XXX,macosx,$(ASM_SOURCES_XXX)) +@@ -193,33 +199,43 @@ lib/accelerated/x86/files.mk: $(ASM_SOUR + + # Appro's code + lib/accelerated/x86/elf/%.s: devel/perlasm/%.pl .submodule.stamp +- CC=gcc perl $< elf $@.tmp ++ CC=gcc perl $< elf \ ++ $(if $(findstring $(<F),$(PL_NEEDS_FPIC)),-fPIC) \ ++ $@.tmp + cat $<.license $@.tmp > $@ && rm -f $@.tmp + echo "" >> $@ + echo ".section .note.GNU-stack,\"\",%progbits" >> $@ + sed -i 's/OPENSSL_ia32cap_P/_gnutls_x86_cpuid_s/g' $@ + + lib/accelerated/x86/coff/%-x86.s: devel/perlasm/%-x86.pl .submodule.stamp +- CC=gcc perl $< coff $@.tmp ++ CC=gcc perl $< coff \ ++ $(if $(findstring $(<F),$(PL_NEEDS_FPIC)),-fPIC) \ ++ $@.tmp + cat $<.license $@.tmp > $@ && rm -f $@.tmp + echo "" >> $@ + sed -i 's/OPENSSL_ia32cap_P/_gnutls_x86_cpuid_s/g' $@ + + lib/accelerated/x86/coff/%-x86_64.s: devel/perlasm/%-x86_64.pl .submodule.stamp +- CC=gcc perl $< mingw64 $@.tmp ++ CC=gcc perl $< mingw64 \ ++ $(if $(findstring $(<F),$(PL_NEEDS_FPIC)),-fPIC) \ ++ $@.tmp + cat $<.license $@.tmp > $@ && rm -f $@.tmp + echo "" >> $@ + sed -i 's/OPENSSL_ia32cap_P/_gnutls_x86_cpuid_s/g' $@ + + lib/accelerated/x86/macosx/%.s: devel/perlasm/%.pl .submodule.stamp +- CC=gcc perl $< macosx $@.tmp ++ CC=gcc perl $< macosx \ ++ $(if $(findstring $(<F),$(PL_NEEDS_FPIC)),-fPIC) \ ++ $@.tmp + cat $<.license $@.tmp > $@ && rm -f $@.tmp + echo "" >> $@ + sed -i 's/OPENSSL_ia32cap_P/_gnutls_x86_cpuid_s/g' $@ + + lib/accelerated/aarch64/elf/%.s: devel/perlasm/%.pl .submodule.stamp + rm -f $@tmp +- CC=aarch64-linux-gnu-gcc perl $< linux64 $@.tmp ++ CC=aarch64-linux-gnu-gcc perl $< linux64 \ ++ $(if $(findstring $(<F),$(PL_NEEDS_FPIC)),-fPIC) \ ++ $@.tmp + cat $@.tmp | /usr/bin/perl -ne '/^#(line)?\s*[0-9]+/ or print' > $@.tmp.S + echo "" >> $@.tmp.S + sed -i 's/OPENSSL_armcap_P/_gnutls_arm_cpuid_s/g' $@.tmp.S +@@ -231,7 +247,9 @@ lib/accelerated/aarch64/elf/%.s: devel/p + + lib/accelerated/aarch64/macosx/%.s: devel/perlasm/%.pl .submodule.stamp + rm -f $@tmp +- CC=aarch64-linux-gnu-gcc perl $< ios64 $@.tmp ++ CC=aarch64-linux-gnu-gcc perl $< ios64 \ ++ $(if $(findstring $(<F),$(PL_NEEDS_FPIC)),-fPIC) \ ++ $@.tmp + cat $@.tmp | /usr/bin/perl -ne '/^#(line)?\s*[0-9]+/ or print' > $@.tmp.S + echo "" >> $@.tmp.S + sed -i 's/OPENSSL_armcap_P/_gnutls_arm_cpuid_s/g' $@.tmp.S diff --git a/security/gnutls/patches/patch-lib_accelerated_x86_elf_aesni-x86.s b/security/gnutls/patches/patch-lib_accelerated_x86_elf_aesni-x86.s new file mode 100644 index 00000000000..ccd25b7b2f7 --- /dev/null +++ b/security/gnutls/patches/patch-lib_accelerated_x86_elf_aesni-x86.s @@ -0,0 +1,27 @@ +$NetBSD: patch-lib_accelerated_x86_elf_aesni-x86.s,v 1.1 2019/09/30 09:51:16 maya Exp $ + + +Avoid text relocations. + +commit 56b333df895475b202780add2e873c7cf5ade0d3 +Author: Andreas Metzler <ametzler@debian.org> +Date: Sat Sep 28 14:28:12 2019 +0200 + + Regenerate asm files with -fPIC + + CRYPTOGAMS' perl-scripts can produce different output if -fPIC is passed + as option. Set -fPIC for the same files as openssl does. + + Closes #818 + +--- lib/accelerated/x86/elf/aesni-x86.s.orig 2019-06-28 19:06:07.000000000 +0000 ++++ lib/accelerated/x86/elf/aesni-x86.s +@@ -2892,7 +2892,7 @@ _aesni_set_encrypt_key: + .L112pic: + popl %ebx + leal .Lkey_const-.L112pic(%ebx),%ebx +- leal _gnutls_x86_cpuid_s,%ebp ++ leal _gnutls_x86_cpuid_s-.Lkey_const(%ebx),%ebp + movups (%eax),%xmm0 + xorps %xmm4,%xmm4 + movl 4(%ebp),%ebp |