[krb5] Switch to as-committed version

Nalin Dahyabhai nalin at fedoraproject.org
Mon Jan 6 23:53:41 UTC 2014 

commit 05c4140d32a4ab98a1551bcbee7c59c0df868575
Author: Nalin Dahyabhai <nalin at dahyabhai.net>
Date:   Mon Jan 6 15:58:20 2014 -0500

    Switch to as-committed version
    
    - grab a more-commented version of the most recent patch from upstream
      master

 krb5-1.12-enable-NX.patch |   29 +++++++++++++++++++++++++----
 krb5.spec                 |    4 ++++
 2 files changed, 29 insertions(+), 4 deletions(-)
---
diff --git a/krb5-1.12-enable-NX.patch b/krb5-1.12-enable-NX.patch
index bd6f2f7..2b8a508 100644
--- a/krb5-1.12-enable-NX.patch
+++ b/krb5-1.12-enable-NX.patch
@@ -1,12 +1,32 @@
+commit c64e39c69a9a7ee32c00b0cf7918f6274a565544
+Author: Greg Hudson <ghudson at mit.edu>
+Date:   Fri Jan 3 13:50:48 2014 -0500
+
+    Mark AESNI files as not needing executable stacks
+    
+    Some Linux systems now come with facilities to mark the stack as
+    non-executable, making it more difficult to exploit buffer overrun
+    bugs.  For this to work, object files built from assembly need a
+    section added to note whether they require an executable stack.
+    
+    Patch from Dhiru Kholia with comments added.  More information at:
+    https://bugzilla.redhat.com/show_bug.cgi?id=1045699
+    https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart
+    
+    ticket: 7813
+    target_version: 1.12.1
+    tags: pullup
+
 diff --git a/src/lib/crypto/builtin/aes/iaesx64.s b/src/lib/crypto/builtin/aes/iaesx64.s
-index 1c091c1..3a3d6fc 100644
+index 1c091c1..d03c859 100644
 --- a/src/lib/crypto/builtin/aes/iaesx64.s
 +++ b/src/lib/crypto/builtin/aes/iaesx64.s
-@@ -834,3 +834,13 @@ lp256encsingle_CBC:
+@@ -834,3 +834,14 @@ lp256encsingle_CBC:
  	movdqu [r9],xmm1
  	add rsp,16*16+8
  	ret
 +
++; Mark this file as not needing an executable stack.
 +%ifidn __OUTPUT_FORMAT__,elf
 +section .note.GNU-stack noalloc noexec nowrite progbits
 +%endif
@@ -17,14 +37,15 @@ index 1c091c1..3a3d6fc 100644
 +section .note.GNU-stack noalloc noexec nowrite progbits
 +%endif
 diff --git a/src/lib/crypto/builtin/aes/iaesx86.s b/src/lib/crypto/builtin/aes/iaesx86.s
-index b667acd..03a8670 100644
+index b667acd..1aa12e6 100644
 --- a/src/lib/crypto/builtin/aes/iaesx86.s
 +++ b/src/lib/crypto/builtin/aes/iaesx86.s
-@@ -871,3 +871,13 @@ lp256encsingle_CBC:
+@@ -871,3 +871,14 @@ lp256encsingle_CBC:
  	movdqu	[ecx],xmm1 ; store last iv for chaining
  
  	ret
 +
++; Mark this file as not needing an executable stack.
 +%ifidn __OUTPUT_FORMAT__,elf
 +section .note.GNU-stack noalloc noexec nowrite progbits
 +%endif
diff --git a/krb5.spec b/krb5.spec
index 36ed60a..ae0924a 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -976,6 +976,10 @@ exit 0
 %{_sbindir}/uuserver
 
 %changelog
+* Mon Jan  6 2014 Nalin Dahyabhai <nalin at redhat.com>
+- grab a more-commented version of the most recent patch from upstream
+  master
+
 * Thu Jan  2 2014 Nalin Dahyabhai <nalin at redhat.com> - 1.12-8
 - add patch from Dhiru Kholia for the AES-NI implementations to allow
   libk5crypto to be properly marked as not needing an executable stack

More information about the scm-commits mailing list