diff options
| author |   Mike Frysinger <vapier@gentoo.org> | 2005-10-13 05:28:42 +0000 |
|---|---|---|
| committer | Mike Frysinger <vapier@gentoo.org> | 2005-10-13 05:28:42 +0000 |
| commit | 925fe12cd0dbfd58a2966dbb7a33c9625f90f6f2 (patch) | |
| tree | fed72574d354b359555200fa6168d2490e52a58f /dev-libs/nettle | |
| parent | put back CREDITS into docs dir (diff) | |
| download | gentoo-2-925fe12cd0dbfd58a2966dbb7a33c9625f90f6f2.tar.gz gentoo-2-925fe12cd0dbfd58a2966dbb7a33c9625f90f6f2.tar.bz2 gentoo-2-925fe12cd0dbfd58a2966dbb7a33c9625f90f6f2.zip | |
Fixes from PaX team to address executable stacks and PIC bugs.
(Portage version: 2.0.53_rc5)
Diffstat (limited to 'dev-libs/nettle')
| -rw-r--r-- | dev-libs/nettle/ChangeLog | 9 | ||||
| -rw-r--r-- | dev-libs/nettle/files/digest-nettle-1.13-r1 | 1 | ||||
| -rw-r--r-- | dev-libs/nettle/files/nettle-1.13-PIC.patch | 277 | ||||
| -rw-r--r-- | dev-libs/nettle/files/nettle-1.13-no-exec-stack.patch | 64 | ||||
| -rw-r--r-- | dev-libs/nettle/files/nettle-1.13-preprocess-asm.patch | 26 | ||||
| -rw-r--r-- | dev-libs/nettle/nettle-1.13-r1.ebuild | 39 |
6 files changed, 415 insertions, 1 deletions
diff --git a/dev-libs/nettle/ChangeLog b/dev-libs/nettle/ChangeLog index d746b48e1f27..7540fe72affa 100644 --- a/dev-libs/nettle/ChangeLog +++ b/dev-libs/nettle/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for dev-libs/nettle # Copyright 1999-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/dev-libs/nettle/ChangeLog,v 1.9 2005/10/11 02:01:57 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-libs/nettle/ChangeLog,v 1.10 2005/10/13 05:28:41 vapier Exp $ + +*nettle-1.13-r1 (13 Oct 2005) + + 13 Oct 2005; Mike Frysinger <vapier@gentoo.org> + +files/nettle-1.13-PIC.patch, +files/nettle-1.13-no-exec-stack.patch, + +files/nettle-1.13-preprocess-asm.patch, +nettle-1.13-r1.ebuild: + Fixes from PaX team to address executable stacks and PIC bugs. *nettle-1.13 (11 Oct 2005) diff --git a/dev-libs/nettle/files/digest-nettle-1.13-r1 b/dev-libs/nettle/files/digest-nettle-1.13-r1 new file mode 100644 index 000000000000..18aa45235f69 --- /dev/null +++ b/dev-libs/nettle/files/digest-nettle-1.13-r1 @@ -0,0 +1 @@ +MD5 2e22612a0d7ac01064bf948a7d57f19a nettle-1.13.tar.gz 775548 diff --git a/dev-libs/nettle/files/nettle-1.13-PIC.patch b/dev-libs/nettle/files/nettle-1.13-PIC.patch new file mode 100644 index 000000000000..0ec47b28607b --- /dev/null +++ b/dev-libs/nettle/files/nettle-1.13-PIC.patch @@ -0,0 +1,277 @@ +PIC patch to fix TEXTREL's in the library. + +Patch by PaX team + +--- nettle/x86/aes-encrypt.asm ++++ nettle/x86/aes-encrypt.asm +@@ -42,20 +42,29 @@ + pushl %esi C 8(%esp) + pushl %edi C 4(%esp) + +- C ctx = 20(%esp) +- C length = 24(%esp) +- C dst = 28(%esp) +- C src = 32(%esp) ++#ifdef __PIC__ ++#undef __i686 ++ call ___i686.get_pc_thunk.bx ++ addl $_GLOBAL_OFFSET_TABLE_, %ebx ++ pushl C_NAME(_nettle_aes_encrypt_table)@GOT(%ebx) ++#else ++ pushl C_NAME(_nettle_aes_encrypt_table) ++#endif ++ ++ C ctx = 24(%esp) ++ C length = 28(%esp) ++ C dst = 32(%esp) ++ C src = 36(%esp) + +- movl 24(%esp), %ebp ++ movl 28(%esp), %ebp + testl %ebp,%ebp + jz .Lend + + .Lblock_loop: +- movl 20(%esp),%esi C address of context struct ctx +- movl 32(%esp),%ebp C address of plaintext ++ movl 24(%esp),%esi C address of context struct ctx ++ movl 36(%esp),%ebp C address of plaintext + AES_LOAD(%esi, %ebp) +- addl $16, 32(%esp) C Increment src pointer ++ addl $16, 36(%esp) C Increment src pointer + + C get number of rounds to do from ctx struct + movl AES_NROUNDS (%esi),%ebp +@@ -65,16 +74,16 @@ + .Lround_loop: + pushl %esi C save this first: we'll clobber it later + +- AES_ROUND(C_NAME(_nettle_aes_encrypt_table),a,b,c,d) ++ AES_ROUND(4(%esp),a,b,c,d) + pushl %edi C save first on stack + +- AES_ROUND(C_NAME(_nettle_aes_encrypt_table),b,c,d,a) ++ AES_ROUND(8(%esp),b,c,d,a) + pushl %edi C save first on stack + +- AES_ROUND(C_NAME(_nettle_aes_encrypt_table),c,d,a,b) ++ AES_ROUND(12(%esp),c,d,a,b) + pushl %edi C save first on stack + +- AES_ROUND(C_NAME(_nettle_aes_encrypt_table),d,a,b,c) ++ AES_ROUND(16(%esp),d,a,b,c) + + movl %edi,%edx + popl %ecx +@@ -112,23 +121,24 @@ + C S-box substitution + mov $4,%edi + .Lsubst: +- AES_SUBST_BYTE(C_NAME(_nettle_aes_encrypt_table)) ++ AES_SUBST_BYTE((%esp)) + + decl %edi + jnz .Lsubst + + C Add last subkey, and store encrypted data +- movl 28(%esp),%edi ++ movl 32(%esp),%edi + AES_STORE(%esi, %edi) + +- addl $16, 28(%esp) C Increment destination pointer +- subl $16, 24(%esp) C Length ++ addl $16, 32(%esp) C Increment destination pointer ++ subl $16, 28(%esp) C Length + + C NOTE: Will loop forever if input data is not an + C integer number of blocks. + jnz .Lblock_loop + + .Lend: ++ addl $4, %esp + popl %edi + popl %esi + popl %ebp +@@ -136,6 +146,16 @@ + ret + EPILOGUE(nettle_aes_encrypt) + ++#ifdef __PIC__ ++ .section .gnu.linkonce.t.___i686.get_pc_thunk.bx,"ax",@progbits ++.globl ___i686.get_pc_thunk.bx ++ .hidden ___i686.get_pc_thunk.bx ++ .type ___i686.get_pc_thunk.bx, @function ++___i686.get_pc_thunk.bx: ++ movl (%esp), %ebx ++ ret ++#endif ++ + #ifdef __ELF__ + .section .note.GNU-stack,"",@progbits + #endif +--- nettle/x86/aes-decrypt.asm ++++ nettle/x86/aes-decrypt.asm +@@ -31,20 +31,29 @@ + pushl %esi C 8(%esp) + pushl %edi C 4(%esp) + +- C ctx = 20(%esp) +- C length = 24(%esp) +- C dst = 28(%esp) +- C src = 32(%esp) ++#ifdef __PIC__ ++#undef __i686 ++ call ___i686.get_pc_thunk.bx ++ addl $_GLOBAL_OFFSET_TABLE_, %ebx ++ pushl C_NAME(_nettle_aes_decrypt_table)@GOT(%ebx) ++#else ++ pushl C_NAME(_nettle_aes_decrypt_table) ++#endif ++ ++ C ctx = 24(%esp) ++ C length = 28(%esp) ++ C dst = 32(%esp) ++ C src = 36(%esp) + +- movl 24(%esp), %ebp ++ movl 28(%esp), %ebp + testl %ebp,%ebp + jz .Lend + + .Lblock_loop: +- movl 20(%esp),%esi C address of context struct ctx +- movl 32(%esp),%ebp C address of plaintext ++ movl 24(%esp),%esi C address of context struct ctx ++ movl 36(%esp),%ebp C address of plaintext + AES_LOAD(%esi, %ebp) +- addl $16, 32(%esp) C Increment src pointer ++ addl $16, 36(%esp) C Increment src pointer + + C get number of rounds to do from struct + movl AES_NROUNDS (%esi),%ebp +@@ -57,16 +66,16 @@ + C In these patterns, note that each row, like + C "a,d,c,b" corresponds to one *column* of the + C array _aes_decrypt_table.idx. +- AES_ROUND(C_NAME(_nettle_aes_decrypt_table),a,d,c,b) ++ AES_ROUND(4(%esp),a,d,c,b) + pushl %edi C save first on stack + +- AES_ROUND(C_NAME(_nettle_aes_decrypt_table),b,a,d,c) ++ AES_ROUND(8(%esp),b,a,d,c) + pushl %edi + +- AES_ROUND(C_NAME(_nettle_aes_decrypt_table),c,b,a,d) ++ AES_ROUND(12(%esp),c,b,a,d) + pushl %edi C save first on stack + +- AES_ROUND(C_NAME(_nettle_aes_decrypt_table),d,c,b,a) ++ AES_ROUND(16(%esp),d,c,b,a) + + movl %edi,%edx + popl %ecx +@@ -104,23 +113,24 @@ + C inverse S-box substitution + mov $4,%edi + .Lsubst: +- AES_SUBST_BYTE(C_NAME(_nettle_aes_decrypt_table)) ++ AES_SUBST_BYTE((%esp)) + + decl %edi + jnz .Lsubst + + C Add last subkey, and store encrypted data +- movl 28(%esp),%edi ++ movl 32(%esp),%edi + AES_STORE(%esi, %edi) + +- addl $16, 28(%esp) C Increment destination pointer +- subl $16, 24(%esp) C Length ++ addl $16, 32(%esp) C Increment destination pointer ++ subl $16, 28(%esp) C Length + + C NOTE: Will loop forever if input data is not an + C integer number of blocks. + jnz .Lblock_loop + + .Lend: ++ addl $4, %esp + popl %edi + popl %esi + popl %ebp +@@ -128,6 +138,16 @@ + ret + EPILOGUE(nettle_aes_decrypt) + ++#ifdef __PIC__ ++ .section .gnu.linkonce.t.___i686.get_pc_thunk.bx,"ax",@progbits ++.globl ___i686.get_pc_thunk.bx ++ .hidden ___i686.get_pc_thunk.bx ++ .type ___i686.get_pc_thunk.bx, @function ++___i686.get_pc_thunk.bx: ++ movl (%esp), %ebx ++ ret ++#endif ++ + #ifdef __ELF__ + .section .note.GNU-stack,"",@progbits + #endif +--- nettle/x86/machine.m4 ++++ nettle/x86/machine.m4 +@@ -36,19 +36,23 @@ define(<AES_ROUND>, < + movl %e<>$2<>x, %esi + andl <$>0xff, %esi + shll <$>2,%esi C index in table +- movl AES_TABLE0 + $1 (%esi),%edi ++ addl $1, %esi ++ movl AES_TABLE0 (%esi),%edi + movl %e<>$3<>x, %esi + shrl <$>6,%esi + andl <$>0x000003fc,%esi C clear all but offset bytes +- xorl AES_TABLE1 + $1 (%esi),%edi ++ addl $1, %esi ++ xorl AES_TABLE1 (%esi),%edi + movl %e<>$4<>x,%esi C third one + shrl <$>14,%esi + andl <$>0x000003fc,%esi +- xorl AES_TABLE2 + $1 (%esi),%edi ++ addl $1, %esi ++ xorl AES_TABLE2 (%esi),%edi + movl %e<>$5<>x,%esi C fourth one + shrl <$>22,%esi + andl <$>0x000003fc,%esi +- xorl AES_TABLE3 + $1 (%esi),%edi>)dnl ++ addl $1, %esi ++ xorl AES_TABLE3 (%esi),%edi>)dnl + + dnl AES_FINAL_ROUND(a, b, c, d) + dnl Computes one word of the final round. Leaves result in %edi. +@@ -75,20 +79,24 @@ dnl the words one byte to the left. + define(<AES_SUBST_BYTE>, < + movl %eax,%ebp + andl <$>0x000000ff,%ebp +- movb AES_SBOX + $1 (%ebp),%al ++ addl $1, %ebp ++ movb AES_SBOX (%ebp),%al + roll <$>8,%eax + + movl %ebx,%ebp + andl <$>0x000000ff,%ebp +- movb AES_SBOX + $1 (%ebp),%bl ++ addl $1, %ebp ++ movb AES_SBOX (%ebp),%bl + roll <$>8,%ebx + + movl %ecx,%ebp + andl <$>0x000000ff,%ebp +- movb AES_SBOX + $1 (%ebp),%cl ++ addl $1, %ebp ++ movb AES_SBOX (%ebp),%cl + roll <$>8,%ecx + + movl %edx,%ebp + andl <$>0x000000ff,%ebp +- movb AES_SBOX + $1 (%ebp),%dl ++ addl $1, %ebp ++ movb AES_SBOX (%ebp),%dl + roll <$>8,%edx>)dnl diff --git a/dev-libs/nettle/files/nettle-1.13-no-exec-stack.patch b/dev-libs/nettle/files/nettle-1.13-no-exec-stack.patch new file mode 100644 index 000000000000..618cb110a38a --- /dev/null +++ b/dev-libs/nettle/files/nettle-1.13-no-exec-stack.patch @@ -0,0 +1,64 @@ +Make sure library is generated without an executable stack + +Patch by PaX team + +--- nettle/sparc/aes.asm ++++ nettle/sparc/aes.asm +@@ -363,3 +363,7 @@ + ! aes256 (ECB decrypt): 11.13s, 0.898MB/s + ! aes256 (CBC encrypt): 15.30s, 0.654MB/s + ! aes256 (CBC decrypt): 12.93s, 0.773MB/s ++ ++#ifdef __ELF__ ++.section .note.GNU-stack,"",@progbits ++#endif +--- nettle/x86/arcfour-crypt.asm ++++ nettle/x86/arcfour-crypt.asm +@@ -89,3 +89,7 @@ + popl %ebx + ret + EPILOGUE(nettle_arcfour_crypt) ++ ++#ifdef __ELF__ ++.section .note.GNU-stack,"",@progbits ++#endif +--- nettle/x86/aes.asm ++++ nettle/x86/aes.asm +@@ -4,3 +4,7 @@ + C isn't needed. + + .file "aes.asm" ++ ++#ifdef __ELF__ ++.section .note.GNU-stack,"",@progbits ++#endif +--- nettle/x86/sha1-compress.asm ++++ nettle/x86/sha1-compress.asm +@@ -322,3 +322,7 @@ + C of two instructions, one of which is a store, per two rounds. For the + C twenty rounds involving f3, that's 20 instructions, 10 of which are + C stores, or about 1.5 %. ++ ++#ifdef __ELF__ ++.section .note.GNU-stack,"",@progbits ++#endif +--- nettle/x86/aes-encrypt.asm ++++ nettle/x86/aes-encrypt.asm +@@ -135,3 +135,7 @@ + popl %ebx + ret + EPILOGUE(nettle_aes_encrypt) ++ ++#ifdef __ELF__ ++.section .note.GNU-stack,"",@progbits ++#endif +--- nettle/x86/aes-decrypt.asm ++++ nettle/x86/aes-decrypt.asm +@@ -127,3 +127,7 @@ + popl %ebx + ret + EPILOGUE(nettle_aes_decrypt) ++ ++#ifdef __ELF__ ++.section .note.GNU-stack,"",@progbits ++#endif diff --git a/dev-libs/nettle/files/nettle-1.13-preprocess-asm.patch b/dev-libs/nettle/files/nettle-1.13-preprocess-asm.patch new file mode 100644 index 000000000000..af6cd1409c54 --- /dev/null +++ b/dev-libs/nettle/files/nettle-1.13-preprocess-asm.patch @@ -0,0 +1,26 @@ +Since we now use preprocessor macro's in the asm files, we +need to make sure gcc preprocesses it. + +Patch by PaX team + +--- nettle/Makefile.in ++++ nettle/Makefile.in +@@ -152,14 +152,14 @@ + + .asm.$(OBJEXT): + $(M4) $(srcdir)/asm.m4 machine.m4 config.m4 \ +- $< >$*.s +- $(COMPILE) $(CCPIC_MAYBE) -c $*.s ++ $< >$*.S ++ $(COMPILE) $(CCPIC_MAYBE) -c $*.S + echo "$@ : $< $(srcdir)/asm.m4 machine.m4 config.m4" >$@.d + + .asm.p$(OBJEXT): + $(M4) $(srcdir)/asm.m4 machine.m4 config.m4 \ +- $< >$*.s +- $(COMPILE) $(SHLIBCFLAGS) -c $*.s -o $@ ++ $< >$*.S ++ $(COMPILE) $(SHLIBCFLAGS) -c $*.S -o $@ + echo "$@ : $< $(srcdir)/asm.m4 machine.m4 config.m4" >$@.d + + # Texinfo rules diff --git a/dev-libs/nettle/nettle-1.13-r1.ebuild b/dev-libs/nettle/nettle-1.13-r1.ebuild new file mode 100644 index 000000000000..f21660fa682e --- /dev/null +++ b/dev-libs/nettle/nettle-1.13-r1.ebuild @@ -0,0 +1,39 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/dev-libs/nettle/nettle-1.13-r1.ebuild,v 1.1 2005/10/13 05:28:41 vapier Exp $ + +inherit eutils + +DESCRIPTION="cryptographic library that is designed to fit easily in any context" +HOMEPAGE="http://www.lysator.liu.se/~nisse/nettle/" +SRC_URI="http://www.lysator.liu.se/~nisse/archive/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~sparc ~x86" +IUSE="" + +DEPEND="dev-libs/gmp + !<dev-libs/lsh-1.4.3-r1" + +src_unpack() { + unpack ${A} + cd "${S}" + epatch "${FILESDIR}"/${P}-preprocess-asm.patch + epatch "${FILESDIR}"/${P}-no-exec-stack.patch + epatch "${FILESDIR}"/${P}-PIC.patch + sed -i \ + -e '/CFLAGS/s:-ggdb3::' \ + configure || die +} + +src_compile() { + econf --enable-shared || die + emake || die +} + + +src_install() { + make DESTDIR="${D}" install || die + dodoc AUTHORS ChangeLog NEWS README +} |