[ocaml] Mark stack as non-executable on ARM (32 bit) and Aarch64.
Richard W.M. Jones
rjones at fedoraproject.org
Sat May 10 08:06:56 UTC 2014
commit 95cf7b34ad971d8e11ee9f002efe3165f4483040
Author: Richard W.M. Jones <rjones at redhat.com>
Date: Sat May 10 09:07:15 2014 +0100
Mark stack as non-executable on ARM (32 bit) and Aarch64.
....gitignore-file-to-ignore-generated-files.patch | 4 +-
...y-compilerlibs-directory-is-created-by-gi.patch | 4 +-
...fo-ocamlplugininfo-Useful-utilities-from-.patch | 4 +-
0004-Don-t-add-rpaths-to-libraries.patch | 4 +-
...igure-Allow-user-defined-C-compiler-flags.patch | 4 +-
0006-Add-support-for-ppc64.patch | 4 +-
0007-yacc-Use-mkstemp-instead-of-mktemp.patch | 4 +-
...-ARM-64-bits-AArch64-architecture-experim.patch | 4 +-
0009-Updated-with-latest-versions-from-FSF.patch | 4 +-
0010-arm64-Align-code-and-data-to-8-bytes.patch | 4 +-
...g-Add-no_arg-and-get_arg-helper-functions.patch | 4 +-
...lags-such-as-flag-arg-as-well-as-flag-arg.patch | 4 +-
0013-Add-support-for-ppc64le.patch | 4 +-
0014-arm-arm64-Mark-stack-as-non-executable.patch | 39 ++++++++++++++++++++
ocaml.spec | 8 ++++-
15 files changed, 72 insertions(+), 27 deletions(-)
---
diff --git a/0001-Add-.gitignore-file-to-ignore-generated-files.patch b/0001-Add-.gitignore-file-to-ignore-generated-files.patch
index 859b2f1..527beae 100644
--- a/0001-Add-.gitignore-file-to-ignore-generated-files.patch
+++ b/0001-Add-.gitignore-file-to-ignore-generated-files.patch
@@ -1,7 +1,7 @@
From 07839dfc746ccee318601b9668aa094d4465bc6e Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones at redhat.com>
Date: Thu, 7 Jun 2012 16:00:28 +0100
-Subject: [PATCH 01/13] Add .gitignore file to ignore generated files.
+Subject: [PATCH 01/14] Add .gitignore file to ignore generated files.
---
.gitignore | 347 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
@@ -362,5 +362,5 @@ index 0000000..7191b83
+/yacc/ocamlyacc
+/yacc/version.h
--
-1.8.5.3
+1.9.0
diff --git a/0002-Ensure-empty-compilerlibs-directory-is-created-by-gi.patch b/0002-Ensure-empty-compilerlibs-directory-is-created-by-gi.patch
index 27afc5e..6208ace 100644
--- a/0002-Ensure-empty-compilerlibs-directory-is-created-by-gi.patch
+++ b/0002-Ensure-empty-compilerlibs-directory-is-created-by-gi.patch
@@ -1,7 +1,7 @@
From 7756582741dc56070c03629a3b4640147723beda Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones at redhat.com>
Date: Thu, 7 Jun 2012 15:36:16 +0100
-Subject: [PATCH 02/13] Ensure empty compilerlibs/ directory is created by git.
+Subject: [PATCH 02/14] Ensure empty compilerlibs/ directory is created by git.
This directory exists in the OCaml tarball, but is empty. As a
result, git ignores it unless we put a dummy file in it.
@@ -14,5 +14,5 @@ diff --git a/compilerlibs/.exists b/compilerlibs/.exists
new file mode 100644
index 0000000..e69de29
--
-1.8.5.3
+1.9.0
diff --git a/0003-ocamlbyteinfo-ocamlplugininfo-Useful-utilities-from-.patch b/0003-ocamlbyteinfo-ocamlplugininfo-Useful-utilities-from-.patch
index a4fd7ae..9bc9b44 100644
--- a/0003-ocamlbyteinfo-ocamlplugininfo-Useful-utilities-from-.patch
+++ b/0003-ocamlbyteinfo-ocamlplugininfo-Useful-utilities-from-.patch
@@ -1,7 +1,7 @@
From a6d87cd4bc62d3987835c1ac844f35cc06804294 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones at redhat.com>
Date: Tue, 29 May 2012 20:40:36 +0100
-Subject: [PATCH 03/13] ocamlbyteinfo, ocamlplugininfo: Useful utilities from
+Subject: [PATCH 03/14] ocamlbyteinfo, ocamlplugininfo: Useful utilities from
Debian, sent upstream.
See:
@@ -236,5 +236,5 @@ index 0000000..e28800f
+ header.units
+ end
--
-1.8.5.3
+1.9.0
diff --git a/0004-Don-t-add-rpaths-to-libraries.patch b/0004-Don-t-add-rpaths-to-libraries.patch
index 221b2d9..efe4095 100644
--- a/0004-Don-t-add-rpaths-to-libraries.patch
+++ b/0004-Don-t-add-rpaths-to-libraries.patch
@@ -1,7 +1,7 @@
From c3a733c10827896a6e3c217b383e874df303d50b Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones at redhat.com>
Date: Tue, 29 May 2012 20:43:34 +0100
-Subject: [PATCH 04/13] Don't add rpaths to libraries.
+Subject: [PATCH 04/14] Don't add rpaths to libraries.
---
tools/Makefile.shared | 3 ---
@@ -22,5 +22,5 @@ index 117f576..cad227d 100644
ocamlmklib.mlp >> ocamlmklib.ml
--
-1.8.5.3
+1.9.0
diff --git a/0005-configure-Allow-user-defined-C-compiler-flags.patch b/0005-configure-Allow-user-defined-C-compiler-flags.patch
index b521782..5864c92 100644
--- a/0005-configure-Allow-user-defined-C-compiler-flags.patch
+++ b/0005-configure-Allow-user-defined-C-compiler-flags.patch
@@ -1,7 +1,7 @@
From 459e9550f174e11176a2ece013fc4dd2b08a06bb Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones at redhat.com>
Date: Tue, 29 May 2012 20:44:18 +0100
-Subject: [PATCH 05/13] configure: Allow user defined C compiler flags.
+Subject: [PATCH 05/14] configure: Allow user defined C compiler flags.
---
configure | 4 ++++
@@ -23,5 +23,5 @@ index 07b1c35..39b38dc 100755
cclibs="$cclibs $mathlib"
--
-1.8.5.3
+1.9.0
diff --git a/0006-Add-support-for-ppc64.patch b/0006-Add-support-for-ppc64.patch
index a69e8c4..35e3b74 100644
--- a/0006-Add-support-for-ppc64.patch
+++ b/0006-Add-support-for-ppc64.patch
@@ -1,7 +1,7 @@
From a85437a0d2ffdf7a340d379789500eb583ae4708 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones at redhat.com>
Date: Tue, 29 May 2012 20:47:07 +0100
-Subject: [PATCH 06/13] Add support for ppc64.
+Subject: [PATCH 06/14] Add support for ppc64.
Note (1): This patch was rejected upstream because they don't have
appropriate hardware for testing.
@@ -2126,5 +2126,5 @@ index 39b38dc..9b02664 100755
aspp="$bytecc -c";;
sparc,*,solaris) as='as'
--
-1.8.5.3
+1.9.0
diff --git a/0007-yacc-Use-mkstemp-instead-of-mktemp.patch b/0007-yacc-Use-mkstemp-instead-of-mktemp.patch
index 7fdcbe2..0a2c140 100644
--- a/0007-yacc-Use-mkstemp-instead-of-mktemp.patch
+++ b/0007-yacc-Use-mkstemp-instead-of-mktemp.patch
@@ -1,7 +1,7 @@
From 761242718c3a7513d3b93ca96d24d1f61a4126f0 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones at redhat.com>
Date: Fri, 13 Sep 2013 21:29:58 +0100
-Subject: [PATCH 07/13] yacc: Use mkstemp instead of mktemp.
+Subject: [PATCH 07/14] yacc: Use mkstemp instead of mktemp.
---
yacc/main.c | 2 +-
@@ -21,5 +21,5 @@ index f6cac60..3067000 100644
#endif
--
-1.8.5.3
+1.9.0
diff --git a/0008-Port-to-the-ARM-64-bits-AArch64-architecture-experim.patch b/0008-Port-to-the-ARM-64-bits-AArch64-architecture-experim.patch
index 34929f4..da6b5e3 100644
--- a/0008-Port-to-the-ARM-64-bits-AArch64-architecture-experim.patch
+++ b/0008-Port-to-the-ARM-64-bits-AArch64-architecture-experim.patch
@@ -1,7 +1,7 @@
From a1297100a7898223fd9cdf3d37c4136376ee8f88 Mon Sep 17 00:00:00 2001
From: Xavier Leroy <xavier.leroy at inria.fr>
Date: Thu, 18 Jul 2013 16:09:20 +0000
-Subject: [PATCH 08/13] Port to the ARM 64-bits (AArch64) architecture
+Subject: [PATCH 08/14] Port to the ARM 64-bits (AArch64) architecture
(experimental). Merge of branch branches/arm64.
git-svn-id: http://caml.inria.fr/svn/ocaml/trunk@13909 f963ae5c-01c2-4b8c-9fe0-0dff7051ff02
@@ -2276,5 +2276,5 @@ index d67a643..82b699e 100644
Emit.begin_assembly();
let ic = open_in filename in
--
-1.8.5.3
+1.9.0
diff --git a/0009-Updated-with-latest-versions-from-FSF.patch b/0009-Updated-with-latest-versions-from-FSF.patch
index 38cd9c8..3f5a427 100644
--- a/0009-Updated-with-latest-versions-from-FSF.patch
+++ b/0009-Updated-with-latest-versions-from-FSF.patch
@@ -1,7 +1,7 @@
From 26114ba365c1ef63d9605efc719f6c220ad624eb Mon Sep 17 00:00:00 2001
From: Xavier Leroy <xavier.leroy at inria.fr>
Date: Thu, 18 Jul 2013 16:07:25 +0000
-Subject: [PATCH 09/13] Updated with latest versions from FSF.
+Subject: [PATCH 09/14] Updated with latest versions from FSF.
git-svn-id: http://caml.inria.fr/svn/ocaml/trunk@13907 f963ae5c-01c2-4b8c-9fe0-0dff7051ff02
(cherry picked from commit 24bb4caeb35e49126aa3a4c0101a412db1091213)
@@ -712,5 +712,5 @@ index e76eaf4..8b612ab 100755
os=-coff
;;
--
-1.8.5.3
+1.9.0
diff --git a/0010-arm64-Align-code-and-data-to-8-bytes.patch b/0010-arm64-Align-code-and-data-to-8-bytes.patch
index e1a946b..ac0d177 100644
--- a/0010-arm64-Align-code-and-data-to-8-bytes.patch
+++ b/0010-arm64-Align-code-and-data-to-8-bytes.patch
@@ -1,7 +1,7 @@
From 848ca220af9224a5cc7abb64f32b89ed54c21121 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones at redhat.com>
Date: Mon, 24 Mar 2014 05:50:28 -0500
-Subject: [PATCH 10/13] arm64: Align code and data to 8 bytes.
+Subject: [PATCH 10/14] arm64: Align code and data to 8 bytes.
Insufficient alignment seems to be the cause of relocation errors when
linking large native code OCaml programs:
@@ -37,5 +37,5 @@ index fc9649c..4e7c4b0 100644
(* Beginning / end of an assembly file *)
--
-1.8.5.3
+1.9.0
diff --git a/0011-arg-Add-no_arg-and-get_arg-helper-functions.patch b/0011-arg-Add-no_arg-and-get_arg-helper-functions.patch
index 5368a9f..4173775 100644
--- a/0011-arg-Add-no_arg-and-get_arg-helper-functions.patch
+++ b/0011-arg-Add-no_arg-and-get_arg-helper-functions.patch
@@ -1,7 +1,7 @@
From 251d3447bb10550320f43512d8886561c1298f74 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones at redhat.com>
Date: Tue, 1 Apr 2014 11:17:07 +0100
-Subject: [PATCH 11/13] arg: Add no_arg and get_arg helper functions.
+Subject: [PATCH 11/14] arg: Add no_arg and get_arg helper functions.
The no_arg function in this patch is a no-op. It will do something
useful in the followups.
@@ -114,5 +114,5 @@ index 8b64236..c8b3d44 100644
treat_action action
with Bad m -> stop (Message m);
--
-1.8.5.3
+1.9.0
diff --git a/0012-arg-Allow-flags-such-as-flag-arg-as-well-as-flag-arg.patch b/0012-arg-Allow-flags-such-as-flag-arg-as-well-as-flag-arg.patch
index 9768344..4a1ba25 100644
--- a/0012-arg-Allow-flags-such-as-flag-arg-as-well-as-flag-arg.patch
+++ b/0012-arg-Allow-flags-such-as-flag-arg-as-well-as-flag-arg.patch
@@ -1,7 +1,7 @@
From 57955b8a4d4cf7732cb87964f5e124ab713e084b Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones at redhat.com>
Date: Tue, 1 Apr 2014 11:21:40 +0100
-Subject: [PATCH 12/13] arg: Allow flags such as --flag=arg as well as --flag
+Subject: [PATCH 12/14] arg: Allow flags such as --flag=arg as well as --flag
arg.
Allow flags to be followed directly by their argument, separated by an '='
@@ -78,5 +78,5 @@ index 869d030..b8c6f11 100644
Examples ([cmd] is assumed to be the command name):
--
-1.8.5.3
+1.9.0
diff --git a/0013-Add-support-for-ppc64le.patch b/0013-Add-support-for-ppc64le.patch
index 0607fa3..d3b4e3b 100644
--- a/0013-Add-support-for-ppc64le.patch
+++ b/0013-Add-support-for-ppc64le.patch
@@ -1,7 +1,7 @@
From d9ec3ac29493999687b0f7daa23f4888bc57c7be Mon Sep 17 00:00:00 2001
From: Michel Normand <normand at linux.vnet.ibm.com>
Date: Tue, 18 Mar 2014 09:15:47 -0400
-Subject: [PATCH 13/13] Add support for ppc64le.
+Subject: [PATCH 13/14] Add support for ppc64le.
Signed-off-by: Michel Normand <normand at linux.vnet.ibm.com>
---
@@ -1913,5 +1913,5 @@ index 36edfab..8a22078 100755
aspp="$bytecc -c";;
sparc,*,solaris) as='as'
--
-1.8.5.3
+1.9.0
diff --git a/0014-arm-arm64-Mark-stack-as-non-executable.patch b/0014-arm-arm64-Mark-stack-as-non-executable.patch
new file mode 100644
index 0000000..7767b40
--- /dev/null
+++ b/0014-arm-arm64-Mark-stack-as-non-executable.patch
@@ -0,0 +1,39 @@
+From 64da031fc17ca93efd5beabcf0b7ea49bcd645a0 Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones at redhat.com>
+Date: Sat, 10 May 2014 03:20:35 -0400
+Subject: [PATCH 14/14] arm, arm64: Mark stack as non-executable.
+
+The same fix as this one, which was only fully applied to
+i686 & x86-64:
+
+http://caml.inria.fr/mantis/view.php?id=4564
+---
+ asmrun/arm.S | 3 +++
+ asmrun/arm64.S | 3 +++
+ 2 files changed, 6 insertions(+)
+
+diff --git a/asmrun/arm.S b/asmrun/arm.S
+index 2ce244a..90f5b6e 100644
+--- a/asmrun/arm.S
++++ b/asmrun/arm.S
+@@ -489,3 +489,6 @@ caml_system__frametable:
+ .align 2
+ .type caml_system__frametable, %object
+ .size caml_system__frametable, .-caml_system__frametable
++
++ /* Mark stack as non-executable, PR#4564 */
++ .section .note.GNU-stack,"",%progbits
+diff --git a/asmrun/arm64.S b/asmrun/arm64.S
+index de670e6..84e18ba 100644
+--- a/asmrun/arm64.S
++++ b/asmrun/arm64.S
+@@ -533,3 +533,6 @@ caml_system__frametable:
+ .align 3
+ .type caml_system__frametable, %object
+ .size caml_system__frametable, .-caml_system__frametable
++
++ /* Mark stack as non-executable, PR#4564 */
++ .section .note.GNU-stack,"",%progbits
+--
+1.9.0
+
diff --git a/ocaml.spec b/ocaml.spec
index dcef59f..84727a7 100644
--- a/ocaml.spec
+++ b/ocaml.spec
@@ -17,7 +17,7 @@
Name: ocaml
Version: 4.01.0
-Release: 16%{?dist}
+Release: 17%{?dist}
Summary: OCaml compiler and programming environment
@@ -63,6 +63,9 @@ Patch0012: 0012-arg-Allow-flags-such-as-flag-arg-as-well-as-flag-arg.patch
# ppc64le support (Michel Normand).
Patch0013: 0013-Add-support-for-ppc64le.patch
+# ARM & Aarch64 non-executable stack.
+Patch0014: 0014-arm-arm64-Mark-stack-as-non-executable.patch
+
# Temporary, we can drop this explicit BR in June 2014:
BuildRequires: ocaml-srpm-macros
@@ -546,6 +549,9 @@ fi
%changelog
+* Sat May 10 2014 Richard W.M. Jones <rjones at redhat.com> - 4.01.0-17
+- Mark stack as non-executable on ARM (32 bit) and Aarch64.
+
* Tue Apr 22 2014 Richard W.M. Jones <rjones at redhat.com> - 4.01.0-16
- Remove ocaml-srpm-macros subpackage.
This is now a separate package, see RHBZ#1087893.
More information about the scm-commits
mailing list