[krb5] Add Dhiru Kholia's patch to restore noexecstack
Nalin Dahyabhai
nalin at fedoraproject.org
Fri Jan 3 04:49:45 UTC 2014
commit 480b9efaa384fc82dc110969bd100b1f8416ccf7
Author: Nalin Dahyabhai <nalin at dahyabhai.net>
Date: Thu Jan 2 23:43:55 2014 -0500
Add Dhiru Kholia's patch to restore noexecstack
- add patch from Dhiru Kholia for the AES-NI implementations to allow
libk5crypto to be properly marked as not needing an executable stack
on arches where they're used (#1045699, and so many others)
krb5-1.12-enable-NX.patch | 36 ++++++++++++++++++++++++++++++++++++
krb5.spec | 12 +++++++++---
2 files changed, 45 insertions(+), 3 deletions(-)
---
diff --git a/krb5-1.12-enable-NX.patch b/krb5-1.12-enable-NX.patch
new file mode 100644
index 0000000..bd6f2f7
--- /dev/null
+++ b/krb5-1.12-enable-NX.patch
@@ -0,0 +1,36 @@
+diff --git a/src/lib/crypto/builtin/aes/iaesx64.s b/src/lib/crypto/builtin/aes/iaesx64.s
+index 1c091c1..3a3d6fc 100644
+--- a/src/lib/crypto/builtin/aes/iaesx64.s
++++ b/src/lib/crypto/builtin/aes/iaesx64.s
+@@ -834,3 +834,13 @@ lp256encsingle_CBC:
+ movdqu [r9],xmm1
+ add rsp,16*16+8
+ ret
++
++%ifidn __OUTPUT_FORMAT__,elf
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
++%ifidn __OUTPUT_FORMAT__,elf32
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
++%ifidn __OUTPUT_FORMAT__,elf64
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
+diff --git a/src/lib/crypto/builtin/aes/iaesx86.s b/src/lib/crypto/builtin/aes/iaesx86.s
+index b667acd..03a8670 100644
+--- a/src/lib/crypto/builtin/aes/iaesx86.s
++++ b/src/lib/crypto/builtin/aes/iaesx86.s
+@@ -871,3 +871,13 @@ lp256encsingle_CBC:
+ movdqu [ecx],xmm1 ; store last iv for chaining
+
+ ret
++
++%ifidn __OUTPUT_FORMAT__,elf
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
++%ifidn __OUTPUT_FORMAT__,elf32
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
++%ifidn __OUTPUT_FORMAT__,elf64
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
diff --git a/krb5.spec b/krb5.spec
index 5d29779..36ed60a 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -41,7 +41,7 @@
Summary: The Kerberos network authentication system
Name: krb5
Version: 1.12
-Release: 7%{?dist}
+Release: 8%{?dist}
# Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.12/krb5-1.12-signed.tar
Source0: krb5-%{version}.tar.gz
@@ -96,6 +96,7 @@ Patch137: krb5-master-gss_oid_leak.patch
Patch138: krb5-master-keytab_close.patch
Patch139: krb5-1.12-copy_context.patch
Patch140: krb5-master-spnego_error_messages.patch
+Patch141: krb5-1.12-enable-NX.patch
License: MIT
URL: http://web.mit.edu/kerberos/www/
@@ -148,10 +149,9 @@ BuildRequires: iproute
%if 0%{?fedora} >= 9
BuildRequires: python-pyrad
%endif
-
%if 0%{?fedora} >= 8
%ifarch %{ix86} x86_64
-#BuildRequires: yasm
+BuildRequires: yasm
%endif
%endif
@@ -321,6 +321,7 @@ ln -s NOTICE LICENSE
%patch138 -p1 -b .keytab_close
%patch139 -p1 -b .copy_context
%patch140 -p1 -b .spnego_error_messages
+%patch141 -p1 -b .enable-NX
# Apply when the hard-wired or configured default location is
# DIR:/run/user/%%{uid}/krb5cc.
@@ -975,6 +976,11 @@ exit 0
%{_sbindir}/uuserver
%changelog
+* Thu Jan 2 2014 Nalin Dahyabhai <nalin at redhat.com> - 1.12-8
+- add patch from Dhiru Kholia for the AES-NI implementations to allow
+ libk5crypto to be properly marked as not needing an executable stack
+ on arches where they're used (#1045699, and so many others)
+
* Thu Jan 2 2014 Nalin Dahyabhai <nalin at redhat.com> - 1.12-7
- revert that last change for a bit while sorting out execstack when we
use AES-NI (#1045699)
More information about the scm-commits
mailing list