Drop obsolete patches
This commit is contained in:
Nalin Dahyabhai
parent
8ae5258eb3
commit
4dec248a05
@ -1,57 +0,0 @@
|
|||||||
commit c64e39c69a9a7ee32c00b0cf7918f6274a565544
|
|
||||||
Author: Greg Hudson <ghudson@mit.edu>
|
|
||||||
Date: Fri Jan 3 13:50:48 2014 -0500
|
|
||||||
|
|
||||||
Mark AESNI files as not needing executable stacks
|
|
||||||
|
|
||||||
Some Linux systems now come with facilities to mark the stack as
|
|
||||||
non-executable, making it more difficult to exploit buffer overrun
|
|
||||||
bugs. For this to work, object files built from assembly need a
|
|
||||||
section added to note whether they require an executable stack.
|
|
||||||
|
|
||||||
Patch from Dhiru Kholia with comments added. More information at:
|
|
||||||
https://bugzilla.redhat.com/show_bug.cgi?id=1045699
|
|
||||||
https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart
|
|
||||||
|
|
||||||
ticket: 7813
|
|
||||||
target_version: 1.12.1
|
|
||||||
tags: pullup
|
|
||||||
|
|
||||||
diff --git a/src/lib/crypto/builtin/aes/iaesx64.s b/src/lib/crypto/builtin/aes/iaesx64.s
|
|
||||||
index 1c091c1..d03c859 100644
|
|
||||||
--- a/src/lib/crypto/builtin/aes/iaesx64.s
|
|
||||||
+++ b/src/lib/crypto/builtin/aes/iaesx64.s
|
|
||||||
@@ -834,3 +834,14 @@ lp256encsingle_CBC:
|
|
||||||
movdqu [r9],xmm1
|
|
||||||
add rsp,16*16+8
|
|
||||||
ret
|
|
||||||
+
|
|
||||||
+; Mark this file as not needing an executable stack.
|
|
||||||
+%ifidn __OUTPUT_FORMAT__,elf
|
|
||||||
+section .note.GNU-stack noalloc noexec nowrite progbits
|
|
||||||
+%endif
|
|
||||||
+%ifidn __OUTPUT_FORMAT__,elf32
|
|
||||||
+section .note.GNU-stack noalloc noexec nowrite progbits
|
|
||||||
+%endif
|
|
||||||
+%ifidn __OUTPUT_FORMAT__,elf64
|
|
||||||
+section .note.GNU-stack noalloc noexec nowrite progbits
|
|
||||||
+%endif
|
|
||||||
diff --git a/src/lib/crypto/builtin/aes/iaesx86.s b/src/lib/crypto/builtin/aes/iaesx86.s
|
|
||||||
index b667acd..1aa12e6 100644
|
|
||||||
--- a/src/lib/crypto/builtin/aes/iaesx86.s
|
|
||||||
+++ b/src/lib/crypto/builtin/aes/iaesx86.s
|
|
||||||
@@ -871,3 +871,14 @@ lp256encsingle_CBC:
|
|
||||||
movdqu [ecx],xmm1 ; store last iv for chaining
|
|
||||||
|
|
||||||
ret
|
|
||||||
+
|
|
||||||
+; Mark this file as not needing an executable stack.
|
|
||||||
+%ifidn __OUTPUT_FORMAT__,elf
|
|
||||||
+section .note.GNU-stack noalloc noexec nowrite progbits
|
|
||||||
+%endif
|
|
||||||
+%ifidn __OUTPUT_FORMAT__,elf32
|
|
||||||
+section .note.GNU-stack noalloc noexec nowrite progbits
|
|
||||||
+%endif
|
|
||||||
+%ifidn __OUTPUT_FORMAT__,elf64
|
|
||||||
+section .note.GNU-stack noalloc noexec nowrite progbits
|
|
||||||
+%endif
|
|
||||||
@ -1,42 +0,0 @@
|
|||||||
commit 3847aa109e8ff3f2781d53315f81e8d29ee35892
|
|
||||||
Author: Tom Yu <tlyu@mit.edu>
|
|
||||||
Date: Fri Jan 10 15:04:32 2014 -0500
|
|
||||||
|
|
||||||
Avoid text relocations in iaesx86.s
|
|
||||||
|
|
||||||
Use PC-relative addressing to avoid runtime text relocations on i386.
|
|
||||||
|
|
||||||
Adapted patch from Nalin Dahyabhai.
|
|
||||||
|
|
||||||
ticket: 7815
|
|
||||||
target_version: 1.12.1
|
|
||||||
tags: pullup
|
|
||||||
|
|
||||||
diff --git a/src/lib/crypto/builtin/aes/iaesx86.s b/src/lib/crypto/builtin/aes/iaesx86.s
|
|
||||||
index 1aa12e6..33470dd 100644
|
|
||||||
--- a/src/lib/crypto/builtin/aes/iaesx86.s
|
|
||||||
+++ b/src/lib/crypto/builtin/aes/iaesx86.s
|
|
||||||
@@ -323,7 +323,10 @@ _iEncExpandKey128:
|
|
||||||
|
|
||||||
movdqu [edx], xmm1
|
|
||||||
|
|
||||||
- movdqa xmm5, [shuffle_mask]
|
|
||||||
+ call .next
|
|
||||||
+.next:
|
|
||||||
+ pop ecx
|
|
||||||
+ movdqa xmm5, [ecx-.next+shuffle_mask]
|
|
||||||
|
|
||||||
add edx,16
|
|
||||||
|
|
||||||
@@ -421,7 +424,10 @@ _iEncExpandKey256:
|
|
||||||
|
|
||||||
add edx,32
|
|
||||||
|
|
||||||
- movdqa xmm5, [shuffle_mask] ; this mask is used by key_expansion
|
|
||||||
+ call .next
|
|
||||||
+.next:
|
|
||||||
+ pop ecx
|
|
||||||
+ movdqa xmm5, [ecx-.next+shuffle_mask] ; this mask is used by key_expansion
|
|
||||||
|
|
||||||
aeskeygenassist xmm2, xmm3, 0x1 ;
|
|
||||||
call key_expansion256
|
|
||||||
@ -90,8 +90,6 @@ Patch86: krb5-1.9-debuginfo.patch
|
|||||||
Patch105: krb5-kvno-230379.patch
|
Patch105: krb5-kvno-230379.patch
|
||||||
Patch129: krb5-1.11-run_user_0.patch
|
Patch129: krb5-1.11-run_user_0.patch
|
||||||
Patch134: krb5-1.11-kpasswdtest.patch
|
Patch134: krb5-1.11-kpasswdtest.patch
|
||||||
Patch141: krb5-1.12-enable-NX.patch
|
|
||||||
Patch142: krb5-1.12-pic-aes-ni.patch
|
|
||||||
|
|
||||||
License: MIT
|
License: MIT
|
||||||
URL: http://web.mit.edu/kerberos/www/
|
URL: http://web.mit.edu/kerberos/www/
|
||||||
@ -310,8 +308,6 @@ ln -s NOTICE LICENSE
|
|||||||
%patch71 -p1 -b .dirsrv-accountlock %{?_rawbuild}
|
%patch71 -p1 -b .dirsrv-accountlock %{?_rawbuild}
|
||||||
%patch86 -p0 -b .debuginfo
|
%patch86 -p0 -b .debuginfo
|
||||||
%patch105 -p1 -b .kvno
|
%patch105 -p1 -b .kvno
|
||||||
%patch141 -p1 -b .enable-NX
|
|
||||||
%patch142 -p1 -b .pic-aes-ni
|
|
||||||
|
|
||||||
# Apply when the hard-wired or configured default location is
|
# Apply when the hard-wired or configured default location is
|
||||||
# DIR:/run/user/%%{uid}/krb5cc.
|
# DIR:/run/user/%%{uid}/krb5cc.
|
||||||
@ -974,6 +970,7 @@ exit 0
|
|||||||
- drop patch for RT#7805, included now
|
- drop patch for RT#7805, included now
|
||||||
- drop patch for RT#7807, included now
|
- drop patch for RT#7807, included now
|
||||||
- drop patch for RT#7045, included now
|
- drop patch for RT#7045, included now
|
||||||
|
- drop patches for RT#7813 and RT#7815, included now
|
||||||
|
|
||||||
* Mon Jan 13 2014 Nalin Dahyabhai <nalin@redhat.com> - 1.12-11
|
* Mon Jan 13 2014 Nalin Dahyabhai <nalin@redhat.com> - 1.12-11
|
||||||
- update the PIC patch for iaesx86.s to not use ELF relocations to the version
|
- update the PIC patch for iaesx86.s to not use ELF relocations to the version
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user