[krb5] Switch to as-committed version
Nalin Dahyabhai
nalin at fedoraproject.org
Mon Jan 6 23:53:41 UTC 2014
commit 05c4140d32a4ab98a1551bcbee7c59c0df868575
Author: Nalin Dahyabhai <nalin at dahyabhai.net>
Date: Mon Jan 6 15:58:20 2014 -0500
Switch to as-committed version
- grab a more-commented version of the most recent patch from upstream
master
krb5-1.12-enable-NX.patch | 29 +++++++++++++++++++++++++----
krb5.spec | 4 ++++
2 files changed, 29 insertions(+), 4 deletions(-)
---
diff --git a/krb5-1.12-enable-NX.patch b/krb5-1.12-enable-NX.patch
index bd6f2f7..2b8a508 100644
--- a/krb5-1.12-enable-NX.patch
+++ b/krb5-1.12-enable-NX.patch
@@ -1,12 +1,32 @@
+commit c64e39c69a9a7ee32c00b0cf7918f6274a565544
+Author: Greg Hudson <ghudson at mit.edu>
+Date: Fri Jan 3 13:50:48 2014 -0500
+
+ Mark AESNI files as not needing executable stacks
+
+ Some Linux systems now come with facilities to mark the stack as
+ non-executable, making it more difficult to exploit buffer overrun
+ bugs. For this to work, object files built from assembly need a
+ section added to note whether they require an executable stack.
+
+ Patch from Dhiru Kholia with comments added. More information at:
+ https://bugzilla.redhat.com/show_bug.cgi?id=1045699
+ https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart
+
+ ticket: 7813
+ target_version: 1.12.1
+ tags: pullup
+
diff --git a/src/lib/crypto/builtin/aes/iaesx64.s b/src/lib/crypto/builtin/aes/iaesx64.s
-index 1c091c1..3a3d6fc 100644
+index 1c091c1..d03c859 100644
--- a/src/lib/crypto/builtin/aes/iaesx64.s
+++ b/src/lib/crypto/builtin/aes/iaesx64.s
-@@ -834,3 +834,13 @@ lp256encsingle_CBC:
+@@ -834,3 +834,14 @@ lp256encsingle_CBC:
movdqu [r9],xmm1
add rsp,16*16+8
ret
+
++; Mark this file as not needing an executable stack.
+%ifidn __OUTPUT_FORMAT__,elf
+section .note.GNU-stack noalloc noexec nowrite progbits
+%endif
@@ -17,14 +37,15 @@ index 1c091c1..3a3d6fc 100644
+section .note.GNU-stack noalloc noexec nowrite progbits
+%endif
diff --git a/src/lib/crypto/builtin/aes/iaesx86.s b/src/lib/crypto/builtin/aes/iaesx86.s
-index b667acd..03a8670 100644
+index b667acd..1aa12e6 100644
--- a/src/lib/crypto/builtin/aes/iaesx86.s
+++ b/src/lib/crypto/builtin/aes/iaesx86.s
-@@ -871,3 +871,13 @@ lp256encsingle_CBC:
+@@ -871,3 +871,14 @@ lp256encsingle_CBC:
movdqu [ecx],xmm1 ; store last iv for chaining
ret
+
++; Mark this file as not needing an executable stack.
+%ifidn __OUTPUT_FORMAT__,elf
+section .note.GNU-stack noalloc noexec nowrite progbits
+%endif
diff --git a/krb5.spec b/krb5.spec
index 36ed60a..ae0924a 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -976,6 +976,10 @@ exit 0
%{_sbindir}/uuserver
%changelog
+* Mon Jan 6 2014 Nalin Dahyabhai <nalin at redhat.com>
+- grab a more-commented version of the most recent patch from upstream
+ master
+
* Thu Jan 2 2014 Nalin Dahyabhai <nalin at redhat.com> - 1.12-8
- add patch from Dhiru Kholia for the AES-NI implementations to allow
libk5crypto to be properly marked as not needing an executable stack
More information about the scm-commits
mailing list