diff --git a/.gitignore b/.gitignore index 6552fcf..b6b4b7e 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/zstd-1.5.0.tar.gz +SOURCES/zstd-1.5.1.tar.gz diff --git a/.zstd.metadata b/.zstd.metadata index 7013fff..5cbafc0 100644 --- a/.zstd.metadata +++ b/.zstd.metadata @@ -1 +1 @@ -c53019729e3a595f0104facab6533d78296a2945 SOURCES/zstd-1.5.0.tar.gz +e6a51ef3f7d5be5b74ac74d88bf3850057e00adb SOURCES/zstd-1.5.1.tar.gz diff --git a/SOURCES/enable-CET.patch b/SOURCES/enable-CET.patch new file mode 100644 index 0000000..335e95d --- /dev/null +++ b/SOURCES/enable-CET.patch @@ -0,0 +1,38 @@ +From cd7620a730413a48843e175d34dc408c152f8125 Mon Sep 17 00:00:00 2001 +From: "H.J. Lu" +Date: Tue, 11 Jan 2022 07:28:25 -0800 +Subject: [PATCH] x86-64: Enable Intel CET + +Intel Control-flow Enforcement Technology (CET): + +https://en.wikipedia.org/wiki/Control-flow_integrity#Intel_Control-flow_Enforcement_Technology + +requires that on Linux, all linker input files are marked as CET enabled +in .note.gnu.property section. For high-level language source codes, +.note.gnu.property section is added by compiler with the -fcf-protection +option. For assembly sources, include to add .note.gnu.property +section. +--- + lib/common/portability_macros.h | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/lib/common/portability_macros.h b/lib/common/portability_macros.h +index 627ef9eed4..6ac4b05510 100644 +--- a/lib/common/portability_macros.h ++++ b/lib/common/portability_macros.h +@@ -128,4 +128,15 @@ + # define ZSTD_ENABLE_ASM_X86_64_BMI2 0 + #endif + ++/* ++ * For x86 ELF targets, add .note.gnu.property section for Intel CET in ++ * assembly sources when CET is enabled. ++ */ ++#if defined(__ELF__) && (defined(__x86_64__) || defined(__i386__)) \ ++ && defined(__has_include) ++# if __has_include() ++# include ++# endif ++#endif ++ + #endif /* ZSTD_PORTABILITY_MACROS_H */ diff --git a/SOURCES/pzstd.1.patch b/SOURCES/pzstd.1.patch index f86e8d8..d4e3a1f 100644 --- a/SOURCES/pzstd.1.patch +++ b/SOURCES/pzstd.1.patch @@ -1,9 +1,9 @@ -diff -Naur zstd-1.4.7.orig/programs/zstd.1 zstd-1.4.7/programs/zstd.1 ---- zstd-1.4.7.orig/programs/zstd.1 2020-12-16 23:00:18.000000000 +0000 -+++ zstd-1.4.7/programs/zstd.1 2020-12-17 15:15:22.586152398 +0000 -@@ -208,6 +208,14 @@ - . - .IP "\(bu" 4 +diff -Naur zstd-1.5.1.orig/programs/zstd.1 zstd-1.5.1/programs/zstd.1 +--- zstd-1.5.1.orig/programs/zstd.1 2021-12-20 22:49:18.000000000 +0000 ++++ zstd-1.5.1/programs/zstd.1 2021-12-22 16:49:17.160850340 +0000 +@@ -146,6 +146,14 @@ + \fB\-\-show\-default\-cparams\fR: Shows the default compression parameters that will be used for a particular src file\. If the provided src file is not a regular file (eg\. named pipe), the cli will just output the default parameters\. That is, the parameters that are used when the src size is unknown\. + .IP "\[ci]" 4 \fB\-\-\fR: All arguments after \fB\-\-\fR are treated as files + +.SH Parallel Zstd OPTIONS @@ -13,6 +13,6 @@ diff -Naur zstd-1.4.7.orig/programs/zstd.1 zstd-1.4.7/programs/zstd.1 + number of threads to use for (de)compression (default:4) + + - . .IP "" 0 - . + .SS "Restricted usage of Environment Variables" + Using environment variables to set parameters has security implications\. Therefore, this avenue is intentionally restricted\. Only \fBZSTD_CLEVEL\fR and \fBZSTD_NBTHREADS\fR are currently supported\. They set the compression level and number of threads to use during compression, respectively\. diff --git a/SPECS/zstd.spec b/SPECS/zstd.spec index f43ecfc..23ec4fc 100644 --- a/SPECS/zstd.spec +++ b/SPECS/zstd.spec @@ -1,3 +1,12 @@ +# enable .lz4 support by default +%bcond_without lz4 + +# enable .xz/.lzma support by default +%bcond_without lzma + +# enable .gz support by default +%bcond_without zlib + %if 0%{?rhel} && 0%{?rhel} <= 6 # gcc-4.4 is currently too old to compile pzstd %bcond_with pzstd @@ -11,11 +20,20 @@ %endif %endif +%ifarch x86_64 +%bcond_without asm +%else +# Disable asm to ensure non excutable stack +# used on archs where asm not actually used +# https://github.com/facebook/zstd/issues/2963 +%bcond_with asm +%endif + # Disable gtest %bcond_with gtest Name: zstd -Version: 1.5.0 +Version: 1.5.1 Release: 2%{?dist} Summary: Zstd compression library @@ -24,15 +42,26 @@ URL: https://github.com/facebook/zstd Source0: https://github.com/facebook/zstd/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz Patch1: pzstd.1.patch +Patch2: enable-CET.patch -BuildRequires: make +BuildRequires: make BuildRequires: gcc %if %{with gtest} -BuildRequires: gtest-devel +BuildRequires: gtest-devel +%endif +%if %{with lz4} +BuildRequires: lz4-devel +%endif +%if %{with lzma} +BuildRequires: xz-devel %endif %if %{with pzstd} BuildRequires: gcc-c++ %endif +%if %{with zlib} +BuildRequires: zlib-devel +%endif +BuildRequires: execstack %description Zstd, short for Zstandard, is a fast lossless compression algorithm, @@ -64,18 +93,23 @@ find -name .gitignore -delete %if %{with pzstd} %patch1 -p1 %endif +%patch2 -p1 %build export CFLAGS="$RPM_OPT_FLAGS" export LDFLAGS="$RPM_LD_FLAGS" -%make_build -C lib lib-mt -%make_build -C programs +export PREFIX="%{_prefix}" +export LIBDIR="%{_libdir}" +%make_build -C lib lib-mt %{!?with_asm:ZSTD_NO_ASM=1} +%make_build -C programs %{!?with_asm:ZSTD_NO_ASM=1} %if %{with pzstd} export CXXFLAGS="$RPM_OPT_FLAGS" -%make_build -C contrib/pzstd +%make_build -C contrib/pzstd %{!?with_asm:ZSTD_NO_ASM=1} %endif %check +execstack lib/libzstd.so.1 + export CFLAGS="$RPM_OPT_FLAGS" export LDFLAGS="$RPM_LD_FLAGS" make -C tests test-zstd @@ -129,12 +163,24 @@ install -D -m644 programs/%{name}.1 %{buildroot}%{_mandir}/man1/p%{name}.1 %ldconfig_scriptlets -n lib%{name} %changelog +* Mon Feb 07 2022 Jakub Martisko - 1.5.1-2 +- Add some basic gating tests + Resolves: rhbz#2050272 + +* Wed Jan 12 2022 Michel Alexandre Salim - 1.5.1-1 +- Rebase to the latest upstream version +- Enable optional gz, xz/lzma, and lz4 support in the zstd tool +- Disable amd64 assembly on non-x86_64 architectures (rhbz#2035802) + this should avoid the issue where an executable stack is created +- Re-enable CET protections (rhbz#2039353) + Resolves: rhbz#2039488 + * Tue Aug 10 2021 Mohan Boddu - 1.5.0-2 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Mon Jul 12 2021 Jakub Martisko - 1.5.0-1 -* Rebase to the latest usptream version +* Rebase to the latest upstream version Resolves: rhbz#1928094 * Thu Jul 01 2021 Jakub Martisko - 1.4.9-3