rpms/pcre2
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Enable shadow stack built-in functions if -fcf-protection compiler flag is used by patching a build script

Browse Source
This commit is contained in:
Petr Písař 2020-05-27 10:14:12 +02:00
parent ada450ea80
commit 2208fa9576
3 changed files with 146 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
pcre2-10.35-Apply-H.J.-Lu-s-patch-to-pass-mshstk-to-the-compiler.patch Normal file
View File

@ -0,0 +1,95 @@
From 4f0b3ea9771e49fb0d5e5c323e7966ceff2c7ec2 Mon Sep 17 00:00:00 2001
From: ph10 <ph10@6239d852-aaf2-0410-a92c-79f79f948069>
Date: Mon, 25 May 2020 16:03:24 +0000
Subject: [PATCH 1/2] Apply H.J. Lu's patch to pass -mshstk to the compiler
when Intel CET is enabled. CMake version invented by PH, but only tested on
non-CET system.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
git-svn-id: svn://vcs.exim.org/pcre2/code/trunk@1256 6239d852-aaf2-0410-a92c-79f79f948069
Petr Písař: Ported to 10.35.
---
CMakeLists.txt | 19 +++++++++++++++++++
Makefile.am | 1 +
configure.ac | 15 +++++++++++++++
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 86b8896..5e8a763 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -92,6 +92,7 @@
# library versioning.
# 2020-04-25 Carlo added function check for mkostemp used in ProtExecAllocator
# 2020-04-28 PH added function check for memfd_create based on Carlo's patch
+# 2020-05-25 PH added a check for Intel CET
PROJECT(PCRE2 C)
@@ -146,6 +147,24 @@ CHECK_C_SOURCE_COMPILES(
)
set(CMAKE_REQUIRED_FLAGS ${ORIG_CMAKE_REQUIRED_FLAGS})
+# Check whether Intel CET is enabled, and if so, adjust compiler flags. This
+# code was written by PH, trying to imitate the logic from the autotools
+# configuration.
+
+CHECK_C_SOURCE_COMPILES(
+ "#ifndef __CET__
+ #error CET is not enabled
+ #endif
+ int main() { return 0; }"
+ INTEL_CET_ENABLED
+)
+
+IF (INTEL_CET_ENABLED)
+ SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -mshstk")
+ENDIF(INTEL_CET_ENABLED)
+
+
+
# User-configurable options
#
# Note: CMakeSetup displays these in alphabetical order, regardless of
diff --git a/Makefile.am b/Makefile.am
index bb888f2..af6b92b 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -391,6 +391,7 @@ nodist_libpcre2_8_la_SOURCES = \
libpcre2_8_la_CFLAGS = \
-DPCRE2_CODE_UNIT_WIDTH=8 \
$(VISIBILITY_CFLAGS) \
+ $(CET_CFLAGS) \
$(AM_CFLAGS)
libpcre2_8_la_LIBADD =
endif # WITH_PCRE2_8
diff --git a/configure.ac b/configure.ac
index 180d3dc..61b93ba 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1006,6 +1006,21 @@ fi # enable_coverage
AM_CONDITIONAL([WITH_GCOV],[test "x$enable_coverage" = "xyes"])
+AC_MSG_CHECKING([whether Intel CET is enabled])
+AC_LANG_PUSH([C])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM(,
+ [[#ifndef __CET__
+# error CET is not enabled
+#endif]])],
+ [pcre2_cc_cv_intel_cet_enabled=yes],
+ [pcre2_cc_cv_intel_cet_enabled=no])
+AC_MSG_RESULT([$pcre2_cc_cv_intel_cet_enabled])
+if test "$pcre2_cc_cv_intel_cet_enabled" = yes; then
+ CET_CFLAGS="-mshstk"
+ AC_SUBST([CET_CFLAGS])
+fi
+AC_LANG_POP([C])
+
# Produce these files, in addition to config.h.
AC_CONFIG_FILES(
Makefile
--
2.25.4

38
pcre2-10.35-Fix-previous-commit-include-CET_CFLAGS-in-16-bit-and.patch Normal file
View File

@ -0,0 +1,38 @@
From 842cc30948723f3fe3e7e71ebcb18191ae5324ed Mon Sep 17 00:00:00 2001
From: ph10 <ph10@6239d852-aaf2-0410-a92c-79f79f948069>
Date: Tue, 26 May 2020 15:18:35 +0000
Subject: [PATCH 2/2] Fix previous commit: include CET_CFLAGS in 16-bit and
32-bit builds under AutoTools.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
git-svn-id: svn://vcs.exim.org/pcre2/code/trunk@1257 6239d852-aaf2-0410-a92c-79f79f948069
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
Makefile.am | 2 ++
1 file changed, 2 insertions(+)
diff --git a/Makefile.am b/Makefile.am
index af6b92b..6a771a5 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -405,6 +405,7 @@ nodist_libpcre2_16_la_SOURCES = \
libpcre2_16_la_CFLAGS = \
-DPCRE2_CODE_UNIT_WIDTH=16 \
$(VISIBILITY_CFLAGS) \
+ $(CET_CFLAGS) \
$(AM_CFLAGS)
libpcre2_16_la_LIBADD =
endif # WITH_PCRE2_16
@@ -418,6 +419,7 @@ nodist_libpcre2_32_la_SOURCES = \
libpcre2_32_la_CFLAGS = \
-DPCRE2_CODE_UNIT_WIDTH=32 \
$(VISIBILITY_CFLAGS) \
+ $(CET_CFLAGS) \
$(AM_CFLAGS)
libpcre2_32_la_LIBADD =
endif # WITH_PCRE2_32
--
2.25.4

18
pcre2.spec
View File

@ -9,7 +9,7 @@
#%%global rcversion RC1 #%%global rcversion RC1
Name: pcre2 Name: pcre2
Version: 10.35 Version: 10.35
Release: %{?rcversion:0.}1%{?rcversion:.%rcversion}%{?dist} Release: %{?rcversion:0.}2%{?rcversion:.%rcversion}%{?dist}
%global myversion %{version}%{?rcversion:-%rcversion} %global myversion %{version}%{?rcversion:-%rcversion}
Summary: Perl-compatible regular expression library Summary: Perl-compatible regular expression library
# the library: BSD with exceptions # the library: BSD with exceptions
@ -51,6 +51,12 @@ Source1: https://ftp.pcre.org/pub/pcre/%{?rcversion:Testing/}%{name}-%{myvers
Source2: https://ftp.pcre.org/pub/pcre/Public-Key Source2: https://ftp.pcre.org/pub/pcre/Public-Key
# Do no set RPATH if libdir is not /usr/lib # Do no set RPATH if libdir is not /usr/lib
Patch0: pcre2-10.10-Fix-multilib.patch Patch0: pcre2-10.10-Fix-multilib.patch
# 1/2 Enable shadow stack built-in functions if -fcf-protection compiler flag is
# used, upstream bug #2578, in upstream after 10.35
Patch1: pcre2-10.35-Apply-H.J.-Lu-s-patch-to-pass-mshstk-to-the-compiler.patch
# 2/2 Enable shadow stack built-in functions if -fcf-protection compiler flag is
# used, upstream bug #2578, in upstream after 10.35
Patch2: pcre2-10.35-Fix-previous-commit-include-CET_CFLAGS-in-16-bit-and.patch
BuildRequires: autoconf BuildRequires: autoconf
BuildRequires: automake BuildRequires: automake
BuildRequires: coreutils BuildRequires: coreutils
@ -142,15 +148,13 @@ Utilities demonstrating PCRE2 capabilities like pcre2grep or pcre2test.
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}' %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
%setup -q -n %{name}-%{myversion} %setup -q -n %{name}-%{myversion}
%patch0 -p1 %patch0 -p1
%patch1 -p1
%patch2 -p1
# Because of multilib patch # Because of multilib patch
libtoolize --copy --force libtoolize --copy --force
autoreconf -vif autoreconf -vif
%build %build
# Shadow stack built-in functions are required for -fcf-protection.
# Checked in src/sljit/sljitConfigInternal.h, _get_ssp() is used.
%global optflags %(printf -- '%s' '%{optflags}' | \
sed -E 's/(^|\\s)(-fcf-protection)($|\\s)/\\1\\2\\3 -mshstk /')
# There is a strict-aliasing problem on PPC64, bug #881232 # There is a strict-aliasing problem on PPC64, bug #881232
%ifarch ppc64 %ifarch ppc64
%global optflags %{optflags} -fno-strict-aliasing %global optflags %{optflags} -fno-strict-aliasing
@ -259,6 +263,10 @@ make %{?_smp_mflags} check VERBOSE=yes
%{_mandir}/man1/pcre2test.* %{_mandir}/man1/pcre2test.*
%changelog %changelog
* Wed May 27 2020 Petr Pisar <ppisar@redhat.com> - 10.35-2
- Enable shadow stack built-in functions if -fcf-protection compiler flag is
used by patching a build script (upstream bug #2578)
* Mon May 11 2020 Petr Pisar <ppisar@redhat.com> - 10.35-1 * Mon May 11 2020 Petr Pisar <ppisar@redhat.com> - 10.35-1
- 10.35 bump - 10.35 bump