pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/security/gnutls gnutls: backport upstream commit to av...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/0ce9e91b839d
branches:  trunk
changeset: 340249:0ce9e91b839d
user:      maya <maya%pkgsrc.org@localhost>
date:      Mon Sep 30 09:51:16 2019 +0000

description:
gnutls: backport upstream commit to avoid text relocations on i386.

Regenerate asm files with -fPIC

PR pkg/54555: security/gnutls 3.6.9 runs afoul of PAX MPROTECT and
text relocations on netbsd-9/i386

Bump PKGREVISION.

diffstat:

 security/gnutls/Makefile                                          |   4 +-
 security/gnutls/distinfo                                          |   4 +-
 security/gnutls/patches/patch-cfg.mk                              |  90 ++++++++++
 security/gnutls/patches/patch-lib_accelerated_x86_elf_aesni-x86.s |  27 +++
 4 files changed, 122 insertions(+), 3 deletions(-)

diffs (157 lines):

diff -r fb8e5901d369 -r 0ce9e91b839d security/gnutls/Makefile
--- a/security/gnutls/Makefile  Mon Sep 30 09:49:44 2019 +0000
+++ b/security/gnutls/Makefile  Mon Sep 30 09:51:16 2019 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.200 2019/09/18 15:27:05 ng0 Exp $
+# $NetBSD: Makefile,v 1.201 2019/09/30 09:51:16 maya Exp $
 
 DISTNAME=      gnutls-3.6.9
-PKGREVISION=   1
+PKGREVISION=   2
 CATEGORIES=    security devel
 MASTER_SITES=  https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/
 EXTRACT_SUFX=  .tar.xz
diff -r fb8e5901d369 -r 0ce9e91b839d security/gnutls/distinfo
--- a/security/gnutls/distinfo  Mon Sep 30 09:49:44 2019 +0000
+++ b/security/gnutls/distinfo  Mon Sep 30 09:51:16 2019 +0000
@@ -1,12 +1,14 @@
-$NetBSD: distinfo,v 1.138 2019/09/16 17:01:46 nros Exp $
+$NetBSD: distinfo,v 1.139 2019/09/30 09:51:16 maya Exp $
 
 SHA1 (gnutls-3.6.9.tar.xz) = 4a12757b129562ae92a01ca890ed282050595296
 RMD160 (gnutls-3.6.9.tar.xz) = 2771adabb5342b24fbebcb69b324924ee2b56513
 SHA512 (gnutls-3.6.9.tar.xz) = a9fd0f4edae4c081d5c539ba2e5574a4d7294bc00c5c73ea25ce26cb7fd126299c2842a282d45ef5cf0544108f27066e587df28776bc7915143d190d7d5b9d07
 Size (gnutls-3.6.9.tar.xz) = 5773928 bytes
+SHA1 (patch-cfg.mk) = c91374a0f9c3031ea90d7f8c455d9e7e42de464b
 SHA1 (patch-config.h.in) = 9f403bd91ddb90d970ba56f91a56e0339848c026
 SHA1 (patch-configure) = 0fcfa9255f15a43aced7262bc2c5084945910aec
 SHA1 (patch-lib_Makefile.in) = c9a6bbe6238ccd9de41c708012e36b202d2a86e7
+SHA1 (patch-lib_accelerated_x86_elf_aesni-x86.s) = 834fe259954c1806185d95a5029ba0379bd31cce
 SHA1 (patch-lib_accelerated_x86_x86-common.c) = ccbf4e01f5bcb01b998e80294ecae2f0413680b8
 SHA1 (patch-lib_system_certs.c) = fba74b2834a36d66bddcd7d3405d0c91c1b14efc
 SHA1 (patch-src_libopts_autoopts_options.h) = 9202c55314fe8764ac82c95bbfabfa1b031e9ba4
diff -r fb8e5901d369 -r 0ce9e91b839d security/gnutls/patches/patch-cfg.mk
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/gnutls/patches/patch-cfg.mk      Mon Sep 30 09:51:16 2019 +0000
@@ -0,0 +1,90 @@
+$NetBSD: patch-cfg.mk,v 1.1 2019/09/30 09:51:16 maya Exp $
+
+Avoid text relocations.
+
+commit 56b333df895475b202780add2e873c7cf5ade0d3
+Author: Andreas Metzler <ametzler%debian.org@localhost>
+Date:   Sat Sep 28 14:28:12 2019 +0200
+
+    Regenerate asm files with -fPIC
+    
+    CRYPTOGAMS' perl-scripts can produce different output if -fPIC is passed
+    as option. Set -fPIC for the same files as openssl does.
+    
+    Closes #818
+
+--- cfg.mk.orig        2019-06-28 19:06:07.000000000 +0000
++++ cfg.mk
+@@ -143,6 +143,12 @@ ASM_SOURCES_XXX := \
+       lib/accelerated/x86/XXX/aes-ssse3-x86.s \
+       lib/accelerated/x86/XXX/aes-ssse3-x86_64.s
+ 
++# CRYPTOGAMS' perl-scripts can produce different output if -fPIC
++# is passed as option. List the files that seem to need it:
++PL_NEEDS_FPIC := aesni-x86.pl aes-ssse3-x86.pl e_padlock-x86.pl \
++      ghash-x86.pl sha1-ssse3-x86.pl sha256-ssse3-x86.pl \
++      sha512-ssse3-x86.pl
++
+ ASM_SOURCES_ELF := $(subst XXX,elf,$(ASM_SOURCES_XXX))
+ ASM_SOURCES_COFF := $(subst XXX,coff,$(ASM_SOURCES_XXX))
+ ASM_SOURCES_MACOSX := $(subst XXX,macosx,$(ASM_SOURCES_XXX))
+@@ -193,33 +199,43 @@ lib/accelerated/x86/files.mk: $(ASM_SOUR
+ 
+ # Appro's code
+ lib/accelerated/x86/elf/%.s: devel/perlasm/%.pl .submodule.stamp 
+-      CC=gcc perl $< elf $@.tmp
++      CC=gcc perl $< elf \
++              $(if $(findstring $(<F),$(PL_NEEDS_FPIC)),-fPIC) \
++              $@.tmp
+       cat $<.license $@.tmp > $@ && rm -f $@.tmp
+       echo "" >> $@
+       echo ".section .note.GNU-stack,\"\",%progbits" >> $@
+       sed -i 's/OPENSSL_ia32cap_P/_gnutls_x86_cpuid_s/g' $@
+ 
+ lib/accelerated/x86/coff/%-x86.s: devel/perlasm/%-x86.pl .submodule.stamp 
+-      CC=gcc perl $< coff $@.tmp
++      CC=gcc perl $< coff \
++              $(if $(findstring $(<F),$(PL_NEEDS_FPIC)),-fPIC) \
++              $@.tmp
+       cat $<.license $@.tmp > $@ && rm -f $@.tmp
+       echo "" >> $@
+       sed -i 's/OPENSSL_ia32cap_P/_gnutls_x86_cpuid_s/g' $@
+ 
+ lib/accelerated/x86/coff/%-x86_64.s: devel/perlasm/%-x86_64.pl .submodule.stamp 
+-      CC=gcc perl $< mingw64 $@.tmp
++      CC=gcc perl $< mingw64 \
++              $(if $(findstring $(<F),$(PL_NEEDS_FPIC)),-fPIC) \
++              $@.tmp
+       cat $<.license $@.tmp > $@ && rm -f $@.tmp
+       echo "" >> $@
+       sed -i 's/OPENSSL_ia32cap_P/_gnutls_x86_cpuid_s/g' $@
+ 
+ lib/accelerated/x86/macosx/%.s: devel/perlasm/%.pl .submodule.stamp 
+-      CC=gcc perl $< macosx $@.tmp
++      CC=gcc perl $< macosx \
++              $(if $(findstring $(<F),$(PL_NEEDS_FPIC)),-fPIC) \
++              $@.tmp
+       cat $<.license $@.tmp > $@ && rm -f $@.tmp
+       echo "" >> $@
+       sed -i 's/OPENSSL_ia32cap_P/_gnutls_x86_cpuid_s/g' $@
+ 
+ lib/accelerated/aarch64/elf/%.s: devel/perlasm/%.pl .submodule.stamp 
+       rm -f $@tmp
+-      CC=aarch64-linux-gnu-gcc perl $< linux64 $@.tmp
++      CC=aarch64-linux-gnu-gcc perl $< linux64 \
++              $(if $(findstring $(<F),$(PL_NEEDS_FPIC)),-fPIC) \
++              $@.tmp
+       cat $@.tmp | /usr/bin/perl -ne '/^#(line)?\s*[0-9]+/ or print' > $@.tmp.S
+       echo "" >> $@.tmp.S
+       sed -i 's/OPENSSL_armcap_P/_gnutls_arm_cpuid_s/g' $@.tmp.S
+@@ -231,7 +247,9 @@ lib/accelerated/aarch64/elf/%.s: devel/p
+ 
+ lib/accelerated/aarch64/macosx/%.s: devel/perlasm/%.pl .submodule.stamp
+       rm -f $@tmp
+-      CC=aarch64-linux-gnu-gcc perl $< ios64 $@.tmp
++      CC=aarch64-linux-gnu-gcc perl $< ios64 \
++              $(if $(findstring $(<F),$(PL_NEEDS_FPIC)),-fPIC) \
++              $@.tmp
+       cat $@.tmp | /usr/bin/perl -ne '/^#(line)?\s*[0-9]+/ or print' > $@.tmp.S
+       echo "" >> $@.tmp.S
+       sed -i 's/OPENSSL_armcap_P/_gnutls_arm_cpuid_s/g' $@.tmp.S
diff -r fb8e5901d369 -r 0ce9e91b839d security/gnutls/patches/patch-lib_accelerated_x86_elf_aesni-x86.s
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/gnutls/patches/patch-lib_accelerated_x86_elf_aesni-x86.s Mon Sep 30 09:51:16 2019 +0000
@@ -0,0 +1,27 @@
+$NetBSD: patch-lib_accelerated_x86_elf_aesni-x86.s,v 1.1 2019/09/30 09:51:16 maya Exp $
+
+
+Avoid text relocations.
+
+commit 56b333df895475b202780add2e873c7cf5ade0d3
+Author: Andreas Metzler <ametzler%debian.org@localhost>
+Date:   Sat Sep 28 14:28:12 2019 +0200
+
+    Regenerate asm files with -fPIC
+    
+    CRYPTOGAMS' perl-scripts can produce different output if -fPIC is passed
+    as option. Set -fPIC for the same files as openssl does.
+    
+    Closes #818
+
+--- lib/accelerated/x86/elf/aesni-x86.s.orig   2019-06-28 19:06:07.000000000 +0000
++++ lib/accelerated/x86/elf/aesni-x86.s
+@@ -2892,7 +2892,7 @@ _aesni_set_encrypt_key:
+ .L112pic:
+       popl    %ebx
+       leal    .Lkey_const-.L112pic(%ebx),%ebx
+-      leal    _gnutls_x86_cpuid_s,%ebp
++      leal    _gnutls_x86_cpuid_s-.Lkey_const(%ebx),%ebp
+       movups  (%eax),%xmm0
+       xorps   %xmm4,%xmm4
+       movl    4(%ebp),%ebp



Home | Main Index | Thread Index | Old Index