Mon Sep 30 09:51:16 2019 UTC ()
gnutls: backport upstream commit to avoid text relocations on i386.
Regenerate asm files with -fPIC
PR pkg/54555: security/gnutls 3.6.9 runs afoul of PAX MPROTECT and
text relocations on netbsd-9/i386
Bump PKGREVISION.
(maya)
diff -r1.200 -r1.201 pkgsrc/security/gnutls/Makefile
diff -r1.138 -r1.139 pkgsrc/security/gnutls/distinfo
diff -r0 -r1.1 pkgsrc/security/gnutls/patches/patch-cfg.mk
diff -r0 -r1.1 pkgsrc/security/gnutls/patches/patch-lib_accelerated_x86_elf_aesni-x86.s
--- pkgsrc/security/gnutls/Makefile 2019/09/18 15:27:05 1.200
+++ pkgsrc/security/gnutls/Makefile 2019/09/30 09:51:16 1.201
| @@ -1,17 +1,17 @@ | | | @@ -1,17 +1,17 @@ |
| 1 | # $NetBSD: Makefile,v 1.200 2019/09/18 15:27:05 ng0 Exp $ | | 1 | # $NetBSD: Makefile,v 1.201 2019/09/30 09:51:16 maya Exp $ |
| 2 | | | 2 | |
| 3 | DISTNAME= gnutls-3.6.9 | | 3 | DISTNAME= gnutls-3.6.9 |
| 4 | PKGREVISION= 1 | | 4 | PKGREVISION= 2 |
| 5 | CATEGORIES= security devel | | 5 | CATEGORIES= security devel |
| 6 | MASTER_SITES= https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/ | | 6 | MASTER_SITES= https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/ |
| 7 | EXTRACT_SUFX= .tar.xz | | 7 | EXTRACT_SUFX= .tar.xz |
| 8 | | | 8 | |
| 9 | MAINTAINER= pkgsrc-users@NetBSD.org | | 9 | MAINTAINER= pkgsrc-users@NetBSD.org |
| 10 | HOMEPAGE= https://www.gnutls.org/ | | 10 | HOMEPAGE= https://www.gnutls.org/ |
| 11 | COMMENT= GNU Transport Layer Security library | | 11 | COMMENT= GNU Transport Layer Security library |
| 12 | LICENSE= gnu-gpl-v3 AND gnu-lgpl-v2.1 | | 12 | LICENSE= gnu-gpl-v3 AND gnu-lgpl-v2.1 |
| 13 | | | 13 | |
| 14 | DEPENDS+= mozilla-rootcerts-[0-9]*:../../security/mozilla-rootcerts | | 14 | DEPENDS+= mozilla-rootcerts-[0-9]*:../../security/mozilla-rootcerts |
| 15 | | | 15 | |
| 16 | USE_LANGUAGES= c c++ | | 16 | USE_LANGUAGES= c c++ |
| 17 | USE_LIBTOOL= yes | | 17 | USE_LIBTOOL= yes |
--- pkgsrc/security/gnutls/distinfo 2019/09/16 17:01:46 1.138
+++ pkgsrc/security/gnutls/distinfo 2019/09/30 09:51:16 1.139
| @@ -1,16 +1,18 @@ | | | @@ -1,16 +1,18 @@ |
| 1 | $NetBSD: distinfo,v 1.138 2019/09/16 17:01:46 nros Exp $ | | 1 | $NetBSD: distinfo,v 1.139 2019/09/30 09:51:16 maya Exp $ |
| 2 | | | 2 | |
| 3 | SHA1 (gnutls-3.6.9.tar.xz) = 4a12757b129562ae92a01ca890ed282050595296 | | 3 | SHA1 (gnutls-3.6.9.tar.xz) = 4a12757b129562ae92a01ca890ed282050595296 |
| 4 | RMD160 (gnutls-3.6.9.tar.xz) = 2771adabb5342b24fbebcb69b324924ee2b56513 | | 4 | RMD160 (gnutls-3.6.9.tar.xz) = 2771adabb5342b24fbebcb69b324924ee2b56513 |
| 5 | SHA512 (gnutls-3.6.9.tar.xz) = a9fd0f4edae4c081d5c539ba2e5574a4d7294bc00c5c73ea25ce26cb7fd126299c2842a282d45ef5cf0544108f27066e587df28776bc7915143d190d7d5b9d07 | | 5 | SHA512 (gnutls-3.6.9.tar.xz) = a9fd0f4edae4c081d5c539ba2e5574a4d7294bc00c5c73ea25ce26cb7fd126299c2842a282d45ef5cf0544108f27066e587df28776bc7915143d190d7d5b9d07 |
| 6 | Size (gnutls-3.6.9.tar.xz) = 5773928 bytes | | 6 | Size (gnutls-3.6.9.tar.xz) = 5773928 bytes |
| | | 7 | SHA1 (patch-cfg.mk) = c91374a0f9c3031ea90d7f8c455d9e7e42de464b |
| 7 | SHA1 (patch-config.h.in) = 9f403bd91ddb90d970ba56f91a56e0339848c026 | | 8 | SHA1 (patch-config.h.in) = 9f403bd91ddb90d970ba56f91a56e0339848c026 |
| 8 | SHA1 (patch-configure) = 0fcfa9255f15a43aced7262bc2c5084945910aec | | 9 | SHA1 (patch-configure) = 0fcfa9255f15a43aced7262bc2c5084945910aec |
| 9 | SHA1 (patch-lib_Makefile.in) = c9a6bbe6238ccd9de41c708012e36b202d2a86e7 | | 10 | SHA1 (patch-lib_Makefile.in) = c9a6bbe6238ccd9de41c708012e36b202d2a86e7 |
| | | 11 | SHA1 (patch-lib_accelerated_x86_elf_aesni-x86.s) = 834fe259954c1806185d95a5029ba0379bd31cce |
| 10 | SHA1 (patch-lib_accelerated_x86_x86-common.c) = ccbf4e01f5bcb01b998e80294ecae2f0413680b8 | | 12 | SHA1 (patch-lib_accelerated_x86_x86-common.c) = ccbf4e01f5bcb01b998e80294ecae2f0413680b8 |
| 11 | SHA1 (patch-lib_system_certs.c) = fba74b2834a36d66bddcd7d3405d0c91c1b14efc | | 13 | SHA1 (patch-lib_system_certs.c) = fba74b2834a36d66bddcd7d3405d0c91c1b14efc |
| 12 | SHA1 (patch-src_libopts_autoopts_options.h) = 9202c55314fe8764ac82c95bbfabfa1b031e9ba4 | | 14 | SHA1 (patch-src_libopts_autoopts_options.h) = 9202c55314fe8764ac82c95bbfabfa1b031e9ba4 |
| 13 | SHA1 (patch-src_libopts_compat_compat.h) = 240fbfc0ba20af35e0634ba873fe9e34bfbcc921 | | 15 | SHA1 (patch-src_libopts_compat_compat.h) = 240fbfc0ba20af35e0634ba873fe9e34bfbcc921 |
| 14 | SHA1 (patch-src_libopts_libopts.c) = ce5e7681def882e95ed5ab770564d1f999b97039 | | 16 | SHA1 (patch-src_libopts_libopts.c) = ce5e7681def882e95ed5ab770564d1f999b97039 |
| 15 | SHA1 (patch-src_libopts_makeshell.c) = e5b7d66caaec45e12ae5490d515fc9fc75de3d92 | | 17 | SHA1 (patch-src_libopts_makeshell.c) = e5b7d66caaec45e12ae5490d515fc9fc75de3d92 |
| 16 | SHA1 (patch-src_libopts_proto.h) = 78f845bdcbac8de74953a3cee0b77fa9c5b05386 | | 18 | SHA1 (patch-src_libopts_proto.h) = 78f845bdcbac8de74953a3cee0b77fa9c5b05386 |
$NetBSD: patch-cfg.mk,v 1.1 2019/09/30 09:51:16 maya Exp $
Avoid text relocations.
commit 56b333df895475b202780add2e873c7cf5ade0d3
Author: Andreas Metzler <ametzler@debian.org>
Date: Sat Sep 28 14:28:12 2019 +0200
Regenerate asm files with -fPIC
CRYPTOGAMS' perl-scripts can produce different output if -fPIC is passed
as option. Set -fPIC for the same files as openssl does.
Closes #818
--- cfg.mk.orig 2019-06-28 19:06:07.000000000 +0000
+++ cfg.mk
@@ -143,6 +143,12 @@ ASM_SOURCES_XXX := \
lib/accelerated/x86/XXX/aes-ssse3-x86.s \
lib/accelerated/x86/XXX/aes-ssse3-x86_64.s
+# CRYPTOGAMS' perl-scripts can produce different output if -fPIC
+# is passed as option. List the files that seem to need it:
+PL_NEEDS_FPIC := aesni-x86.pl aes-ssse3-x86.pl e_padlock-x86.pl \
+ ghash-x86.pl sha1-ssse3-x86.pl sha256-ssse3-x86.pl \
+ sha512-ssse3-x86.pl
+
ASM_SOURCES_ELF := $(subst XXX,elf,$(ASM_SOURCES_XXX))
ASM_SOURCES_COFF := $(subst XXX,coff,$(ASM_SOURCES_XXX))
ASM_SOURCES_MACOSX := $(subst XXX,macosx,$(ASM_SOURCES_XXX))
@@ -193,33 +199,43 @@ lib/accelerated/x86/files.mk: $(ASM_SOUR
# Appro's code
lib/accelerated/x86/elf/%.s: devel/perlasm/%.pl .submodule.stamp
- CC=gcc perl $< elf $@.tmp
+ CC=gcc perl $< elf \
+ $(if $(findstring $(<F),$(PL_NEEDS_FPIC)),-fPIC) \
+ $@.tmp
cat $<.license $@.tmp > $@ && rm -f $@.tmp
echo "" >> $@
echo ".section .note.GNU-stack,\"\",%progbits" >> $@
sed -i 's/OPENSSL_ia32cap_P/_gnutls_x86_cpuid_s/g' $@
lib/accelerated/x86/coff/%-x86.s: devel/perlasm/%-x86.pl .submodule.stamp
- CC=gcc perl $< coff $@.tmp
+ CC=gcc perl $< coff \
+ $(if $(findstring $(<F),$(PL_NEEDS_FPIC)),-fPIC) \
+ $@.tmp
cat $<.license $@.tmp > $@ && rm -f $@.tmp
echo "" >> $@
sed -i 's/OPENSSL_ia32cap_P/_gnutls_x86_cpuid_s/g' $@
lib/accelerated/x86/coff/%-x86_64.s: devel/perlasm/%-x86_64.pl .submodule.stamp
- CC=gcc perl $< mingw64 $@.tmp
+ CC=gcc perl $< mingw64 \
+ $(if $(findstring $(<F),$(PL_NEEDS_FPIC)),-fPIC) \
+ $@.tmp
cat $<.license $@.tmp > $@ && rm -f $@.tmp
echo "" >> $@
sed -i 's/OPENSSL_ia32cap_P/_gnutls_x86_cpuid_s/g' $@
lib/accelerated/x86/macosx/%.s: devel/perlasm/%.pl .submodule.stamp
- CC=gcc perl $< macosx $@.tmp
+ CC=gcc perl $< macosx \
+ $(if $(findstring $(<F),$(PL_NEEDS_FPIC)),-fPIC) \
+ $@.tmp
cat $<.license $@.tmp > $@ && rm -f $@.tmp
echo "" >> $@
sed -i 's/OPENSSL_ia32cap_P/_gnutls_x86_cpuid_s/g' $@
lib/accelerated/aarch64/elf/%.s: devel/perlasm/%.pl .submodule.stamp
rm -f $@tmp
- CC=aarch64-linux-gnu-gcc perl $< linux64 $@.tmp
+ CC=aarch64-linux-gnu-gcc perl $< linux64 \
+ $(if $(findstring $(<F),$(PL_NEEDS_FPIC)),-fPIC) \
+ $@.tmp
cat $@.tmp | /usr/bin/perl -ne '/^#(line)?\s*[0-9]+/ or print' > $@.tmp.S
echo "" >> $@.tmp.S
sed -i 's/OPENSSL_armcap_P/_gnutls_arm_cpuid_s/g' $@.tmp.S
@@ -231,7 +247,9 @@ lib/accelerated/aarch64/elf/%.s: devel/p
lib/accelerated/aarch64/macosx/%.s: devel/perlasm/%.pl .submodule.stamp
rm -f $@tmp
- CC=aarch64-linux-gnu-gcc perl $< ios64 $@.tmp
+ CC=aarch64-linux-gnu-gcc perl $< ios64 \
+ $(if $(findstring $(<F),$(PL_NEEDS_FPIC)),-fPIC) \
+ $@.tmp
cat $@.tmp | /usr/bin/perl -ne '/^#(line)?\s*[0-9]+/ or print' > $@.tmp.S
echo "" >> $@.tmp.S
sed -i 's/OPENSSL_armcap_P/_gnutls_arm_cpuid_s/g' $@.tmp.S
$NetBSD: patch-lib_accelerated_x86_elf_aesni-x86.s,v 1.1 2019/09/30 09:51:16 maya Exp $
Avoid text relocations.
commit 56b333df895475b202780add2e873c7cf5ade0d3
Author: Andreas Metzler <ametzler@debian.org>
Date: Sat Sep 28 14:28:12 2019 +0200
Regenerate asm files with -fPIC
CRYPTOGAMS' perl-scripts can produce different output if -fPIC is passed
as option. Set -fPIC for the same files as openssl does.
Closes #818
--- lib/accelerated/x86/elf/aesni-x86.s.orig 2019-06-28 19:06:07.000000000 +0000
+++ lib/accelerated/x86/elf/aesni-x86.s
@@ -2892,7 +2892,7 @@ _aesni_set_encrypt_key:
.L112pic:
popl %ebx
leal .Lkey_const-.L112pic(%ebx),%ebx
- leal _gnutls_x86_cpuid_s,%ebp
+ leal _gnutls_x86_cpuid_s-.Lkey_const(%ebx),%ebp
movups (%eax),%xmm0
xorps %xmm4,%xmm4
movl 4(%ebp),%ebp