Received: by mail.netbsd.org (Postfix, from userid 605)
	id 0FC4684DA4; Fri, 28 Jul 2017 23:41:53 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.netbsd.org (Postfix) with ESMTP id 9810084D4A
	for <pkgsrc-changes@NetBSD.org>; Fri, 28 Jul 2017 23:41:52 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([127.0.0.1])
	by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025)
	with ESMTP id Gr2oLEe7FSeR for <pkgsrc-changes@netbsd.org>;
	Fri, 28 Jul 2017 23:41:52 +0000 (UTC)
Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197])
	by mail.netbsd.org (Postfix) with ESMTP id D79A784CE0
	for <pkgsrc-changes@NetBSD.org>; Fri, 28 Jul 2017 23:41:51 +0000 (UTC)
Received: by cvs.NetBSD.org (Postfix, from userid 500)
	id D5EE1FACD; Fri, 28 Jul 2017 23:41:51 +0000 (UTC)
Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_1501285311290780"
MIME-Version: 1.0
Date: Fri, 28 Jul 2017 23:41:51 +0000
From: "Maya Rashish" <maya@netbsd.org>
Subject: CVS commit: pkgsrc/lang/gcc49
To: pkgsrc-changes@NetBSD.org
Reply-To: maya@netbsd.org
X-Mailer: log_accum
Message-Id: <20170728234151.D5EE1FACD@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
List-Id: pkgsrc-changes.NetBSD.org
Precedence: bulk
List-Unsubscribe: <mailto:majordomo@NetBSD.org?subject=Unsubscribe%20pkgsrc-changes&body=unsubscribe%20pkgsrc-changes>

This is a multi-part message in MIME format.

--_----------=_1501285311290780
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	maya
Date:		Fri Jul 28 23:41:51 UTC 2017

Modified Files:
	pkgsrc/lang/gcc49: Makefile distinfo
Added Files:
	pkgsrc/lang/gcc49/patches: patch-gcc_config_i386_i386.c

Log Message:
gcc49: backport upstream security fix

Incorrect codegen from rdseed intrinsic use (CVE-2017-11671)

We should not expand call arguments in between flags reg setting and
flags reg using instructions, as it may expand with flags reg
clobbering insn (ADD in this case).

Attached patch moves expansion out of the link. Also, change
zero-extension to non-flags reg clobbering sequence in case we perform
zero-extension with and.

2017-03-25  Uros Bizjak


To generate a diff of this commit:
cvs rdiff -u -r1.20 -r1.21 pkgsrc/lang/gcc49/Makefile
cvs rdiff -u -r1.13 -r1.14 pkgsrc/lang/gcc49/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/lang/gcc49/patches/patch-gcc_config_i386_i386.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_1501285311290780
Content-Disposition: inline
Content-Length: 4602
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/lang/gcc49/Makefile
diff -u pkgsrc/lang/gcc49/Makefile:1.20 pkgsrc/lang/gcc49/Makefile:1.21
--- pkgsrc/lang/gcc49/Makefile:1.20	Mon Jul 10 15:55:40 2017
+++ pkgsrc/lang/gcc49/Makefile	Fri Jul 28 23:41:51 2017
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.20 2017/07/10 15:55:40 maya Exp $
+# $NetBSD: Makefile,v 1.21 2017/07/28 23:41:51 maya Exp $
 
 GCC_PKGNAME=	gcc49
 .include	"version.mk"
@@ -9,7 +9,7 @@ PKGNAME=	${GCC_PKGNAME}-${GCC49_DIST_VER
 ## When bumping the PKGREVISION of this package the PKGREVISION of
 ## lang/gcc49-libs needs to be bump to be at least 1 more than the
 ## PKGREVISION of this package!
-PKGREVISION=	3
+PKGREVISION=	4
 CATEGORIES=	lang
 MASTER_SITES=	${MASTER_SITE_GNU:=gcc/gcc-${GCC49_DIST_VERSION}/}
 EXTRACT_SUFX=	.tar.bz2

Index: pkgsrc/lang/gcc49/distinfo
diff -u pkgsrc/lang/gcc49/distinfo:1.13 pkgsrc/lang/gcc49/distinfo:1.14
--- pkgsrc/lang/gcc49/distinfo:1.13	Mon Jul 10 15:55:40 2017
+++ pkgsrc/lang/gcc49/distinfo	Fri Jul 28 23:41:51 2017
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.13 2017/07/10 15:55:40 maya Exp $
+$NetBSD: distinfo,v 1.14 2017/07/28 23:41:51 maya Exp $
 
 SHA1 (ecj-4.5.jar) = 58c1d79c64c8cd718550f32a932ccfde8d1e6449
 RMD160 (ecj-4.5.jar) = d3f4da657f086b6423f74e93f001132f4855368a
@@ -17,6 +17,7 @@ SHA1 (patch-gcc_config_dragonfly.h) = 5d
 SHA1 (patch-gcc_config_dragonfly.opt) = b01bee26978f7feb62fc2ec21186449ccaea0db7
 SHA1 (patch-gcc_config_host-netbsd.c) = 765295f07edb8a68f1910e3a9b4dd2a7dcd491a5
 SHA1 (patch-gcc_config_i386_dragonfly.h) = 5756b62791273f77866f06be1df0c267dc90a2ee
+SHA1 (patch-gcc_config_i386_i386.c) = 61df9f4677f599f1ba3845849f334bbd568a479f
 SHA1 (patch-gcc_config_netbsd-stdint.h) = fc430c80adda9d3f58eea47816338f697a659889
 SHA1 (patch-gcc_config_netbsd.h) = 1d21dbe5082dd149d59dbc471d4148d0651df7d4
 SHA1 (patch-gcc_config_x-netbsd) = 6dc3d78e26df62054ea29f98ca51592858e671e3

Added files:

Index: pkgsrc/lang/gcc49/patches/patch-gcc_config_i386_i386.c
diff -u /dev/null pkgsrc/lang/gcc49/patches/patch-gcc_config_i386_i386.c:1.1
--- /dev/null	Fri Jul 28 23:41:51 2017
+++ pkgsrc/lang/gcc49/patches/patch-gcc_config_i386_i386.c	Fri Jul 28 23:41:51 2017
@@ -0,0 +1,81 @@
+$NetBSD: patch-gcc_config_i386_i386.c,v 1.1 2017/07/28 23:41:51 maya Exp $
+
+Incorrect codegen from rdseed intrinsic use (CVE-2017-11671)
+
+We should not expand call arguments in between flags reg setting and
+flags reg using instructions, as it may expand with flags reg
+clobbering insn (ADD in this case).
+
+Attached patch moves expansion out of the link. Also, change
+zero-extension to non-flags reg clobbering sequence in case we perform
+zero-extension with and.
+
+2017-03-25  Uros Bizjak
+
+--- gcc/config/i386/i386.c.orig	2016-08-01 16:03:41.000000000 +0000
++++ gcc/config/i386/i386.c
+@@ -35540,9 +35540,6 @@ ix86_expand_builtin (tree exp, rtx targe
+       mode0 = DImode;
+ 
+ rdrand_step:
+-      op0 = gen_reg_rtx (mode0);
+-      emit_insn (GEN_FCN (icode) (op0));
+-
+       arg0 = CALL_EXPR_ARG (exp, 0);
+       op1 = expand_normal (arg0);
+       if (!address_operand (op1, VOIDmode))
+@@ -35550,6 +35547,10 @@ rdrand_step:
+ 	  op1 = convert_memory_address (Pmode, op1);
+ 	  op1 = copy_addr_to_reg (op1);
+ 	}
++
++      op0 = gen_reg_rtx (mode0);
++      emit_insn (GEN_FCN (icode) (op0));
++
+       emit_move_insn (gen_rtx_MEM (mode0, op1), op0);
+ 
+       op1 = gen_reg_rtx (SImode);
+@@ -35558,8 +35559,20 @@ rdrand_step:
+       /* Emit SImode conditional move.  */
+       if (mode0 == HImode)
+ 	{
+-	  op2 = gen_reg_rtx (SImode);
+-	  emit_insn (gen_zero_extendhisi2 (op2, op0));
++	  if (TARGET_ZERO_EXTEND_WITH_AND
++	      && optimize_function_for_speed_p (cfun))
++	    {
++	      op2 = force_reg (SImode, const0_rtx);
++
++	      emit_insn (gen_movstricthi
++			 (gen_lowpart (HImode, op2), op0));
++	    }
++	  else
++	    {
++	      op2 = gen_reg_rtx (SImode);
++
++	      emit_insn (gen_zero_extendhisi2 (op2, op0));
++	    }
+ 	}
+       else if (mode0 == SImode)
+ 	op2 = op0;
+@@ -35591,9 +35604,6 @@ rdrand_step:
+       mode0 = DImode;
+ 
+ rdseed_step:
+-      op0 = gen_reg_rtx (mode0);
+-      emit_insn (GEN_FCN (icode) (op0));
+-
+       arg0 = CALL_EXPR_ARG (exp, 0);
+       op1 = expand_normal (arg0);
+       if (!address_operand (op1, VOIDmode))
+@@ -35601,6 +35611,10 @@ rdseed_step:
+ 	  op1 = convert_memory_address (Pmode, op1);
+ 	  op1 = copy_addr_to_reg (op1);
+ 	}
++
++      op0 = gen_reg_rtx (mode0);
++      emit_insn (GEN_FCN (icode) (op0));
++
+       emit_move_insn (gen_rtx_MEM (mode0, op1), op0);
+ 
+       op2 = gen_reg_rtx (QImode);


--_----------=_1501285311290780--