diff options
| author | Nalin Dahyabhai <nalin@dahyabhai.net> | 2014-01-06 15:58:20 -0500 |
|---|---|---|
| committer | Nalin Dahyabhai <nalin@dahyabhai.net> | 2014-01-06 15:58:20 -0500 |
| commit | 05c4140d32a4ab98a1551bcbee7c59c0df868575 (patch) | |
| tree | c1193d02883fa6bec06e333f474a15af7f387fc9 | |
| parent | 480b9efaa384fc82dc110969bd100b1f8416ccf7 (diff) | |
| download | krb5-05c4140d32a4ab98a1551bcbee7c59c0df868575.tar.gz krb5-05c4140d32a4ab98a1551bcbee7c59c0df868575.tar.xz krb5-05c4140d32a4ab98a1551bcbee7c59c0df868575.zip | |
Switch to as-committed version
- grab a more-commented version of the most recent patch from upstream
master
| -rw-r--r-- | krb5-1.12-enable-NX.patch | 29 | ||||
| -rw-r--r-- | krb5.spec | 4 |
2 files changed, 29 insertions, 4 deletions
diff --git a/krb5-1.12-enable-NX.patch b/krb5-1.12-enable-NX.patch index bd6f2f7..2b8a508 100644 --- a/krb5-1.12-enable-NX.patch +++ b/krb5-1.12-enable-NX.patch @@ -1,12 +1,32 @@ +commit c64e39c69a9a7ee32c00b0cf7918f6274a565544 +Author: Greg Hudson <ghudson@mit.edu> +Date: Fri Jan 3 13:50:48 2014 -0500 + + Mark AESNI files as not needing executable stacks + + Some Linux systems now come with facilities to mark the stack as + non-executable, making it more difficult to exploit buffer overrun + bugs. For this to work, object files built from assembly need a + section added to note whether they require an executable stack. + + Patch from Dhiru Kholia with comments added. More information at: + https://bugzilla.redhat.com/show_bug.cgi?id=1045699 + https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart + + ticket: 7813 + target_version: 1.12.1 + tags: pullup + diff --git a/src/lib/crypto/builtin/aes/iaesx64.s b/src/lib/crypto/builtin/aes/iaesx64.s -index 1c091c1..3a3d6fc 100644 +index 1c091c1..d03c859 100644 --- a/src/lib/crypto/builtin/aes/iaesx64.s +++ b/src/lib/crypto/builtin/aes/iaesx64.s -@@ -834,3 +834,13 @@ lp256encsingle_CBC: +@@ -834,3 +834,14 @@ lp256encsingle_CBC: movdqu [r9],xmm1 add rsp,16*16+8 ret + ++; Mark this file as not needing an executable stack. +%ifidn __OUTPUT_FORMAT__,elf +section .note.GNU-stack noalloc noexec nowrite progbits +%endif @@ -17,14 +37,15 @@ index 1c091c1..3a3d6fc 100644 +section .note.GNU-stack noalloc noexec nowrite progbits +%endif diff --git a/src/lib/crypto/builtin/aes/iaesx86.s b/src/lib/crypto/builtin/aes/iaesx86.s -index b667acd..03a8670 100644 +index b667acd..1aa12e6 100644 --- a/src/lib/crypto/builtin/aes/iaesx86.s +++ b/src/lib/crypto/builtin/aes/iaesx86.s -@@ -871,3 +871,13 @@ lp256encsingle_CBC: +@@ -871,3 +871,14 @@ lp256encsingle_CBC: movdqu [ecx],xmm1 ; store last iv for chaining ret + ++; Mark this file as not needing an executable stack. +%ifidn __OUTPUT_FORMAT__,elf +section .note.GNU-stack noalloc noexec nowrite progbits +%endif @@ -976,6 +976,10 @@ exit 0 %{_sbindir}/uuserver %changelog +* Mon Jan 6 2014 Nalin Dahyabhai <nalin@redhat.com> +- grab a more-commented version of the most recent patch from upstream + master + * Thu Jan 2 2014 Nalin Dahyabhai <nalin@redhat.com> - 1.12-8 - add patch from Dhiru Kholia for the AES-NI implementations to allow libk5crypto to be properly marked as not needing an executable stack |