diff options
3 files changed, 115 insertions, 0 deletions
diff --git a/patches/zstd-1.5.1/0001-Mark-Huffman-Decoder-Assembly-noexecstack-on-All-Arc.patch b/patches/zstd-1.5.1/0001-Mark-Huffman-Decoder-Assembly-noexecstack-on-All-Arc.patch new file mode 100644 index 000000000..d28baf8d3 --- /dev/null +++ b/patches/zstd-1.5.1/0001-Mark-Huffman-Decoder-Assembly-noexecstack-on-All-Arc.patch @@ -0,0 +1,39 @@ +From: "W. Felix Handte" <w@felixhandte.com> +Date: Wed, 29 Dec 2021 17:47:12 -0800 +Subject: [PATCH] Mark Huffman Decoder Assembly `noexecstack` on All + Architectures + +Apparently, even when the assembly file is empty (because +`ZSTD_ENABLE_ASM_X86_64_BMI2` is false), it still is marked as possibly +needing an executable stack and so the whole library is marked as such. This +commit applies a simple patch for this problem by moving the noexecstack +indication outside the macro guard. + +This commit builds on #2857. + +This commit addresses #2963. +--- + lib/decompress/huf_decompress_amd64.S | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/lib/decompress/huf_decompress_amd64.S b/lib/decompress/huf_decompress_amd64.S +index 98173cce863d..706786bb0db0 100644 +--- a/lib/decompress/huf_decompress_amd64.S ++++ b/lib/decompress/huf_decompress_amd64.S +@@ -1,7 +1,5 @@ + #include "../common/portability_macros.h" + +-#if ZSTD_ENABLE_ASM_X86_64_BMI2 +- + /* Stack marking + * ref: https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart + */ +@@ -9,6 +7,8 @@ + .section .note.GNU-stack,"",%progbits + #endif + ++#if ZSTD_ENABLE_ASM_X86_64_BMI2 ++ + /* Calling convention: + * + * %rdi contains the first argument: HUF_DecompressAsmArgs*. diff --git a/patches/zstd-1.5.1/0002-Makefiles-Add-noexecstack-Options-to-Compilation-and.patch b/patches/zstd-1.5.1/0002-Makefiles-Add-noexecstack-Options-to-Compilation-and.patch new file mode 100644 index 000000000..81afe8442 --- /dev/null +++ b/patches/zstd-1.5.1/0002-Makefiles-Add-noexecstack-Options-to-Compilation-and.patch @@ -0,0 +1,71 @@ +From: "W. Felix Handte" <w@felixhandte.com> +Date: Wed, 5 Jan 2022 14:53:22 -0500 +Subject: [PATCH] Makefiles: Add `noexecstack` Options to Compilation and + Linking + +Hopefully this marks the binary artifacts `noexecstack` even on platforms +where binaries default to true. +--- + lib/libzstd.mk | 28 ++++++++++++++++++++++++++++ + programs/Makefile | 2 -- + 2 files changed, 28 insertions(+), 2 deletions(-) + +diff --git a/lib/libzstd.mk b/lib/libzstd.mk +index af12daffe128..5432198ed481 100644 +--- a/lib/libzstd.mk ++++ b/lib/libzstd.mk +@@ -34,6 +34,8 @@ ZSTD_NO_ASM ?= 0 + # libzstd helpers + ################################################################## + ++VOID ?= /dev/null ++ + # Make 4.3 doesn't support '\#' anymore (https://lwn.net/Articles/810071/) + NUM_SYMBOL := \# + +@@ -96,6 +98,32 @@ CFLAGS += $(DEBUGFLAGS) $(MOREFLAGS) + LDFLAGS += $(MOREFLAGS) + FLAGS = $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) + ++ifndef ALREADY_APPENDED_NOEXECSTACK ++export ALREADY_APPENDED_NOEXECSTACK := 1 ++ifeq ($(shell echo "int main(int argc, char* argv[]) { (void)argc; (void)argv; return 0; }" | $(CC) $(FLAGS) -z noexecstack -x c -Werror - -o $(VOID) 2>$(VOID) && echo 1 || echo 0),1) ++$(info Supports noexecstack linker flag!) ++$(info $(LDFLAGS)) ++LDFLAGS += -z noexecstack ++$(info $(LDFLAGS)) ++else ++$(info Doesn't support noexecstack linker flag!) ++endif ++ifeq ($(shell echo | $(CC) $(FLAGS) -Wa,--noexecstack -x assembler -Werror -c - -o $(VOID) 2>$(VOID) && echo 1 || echo 0),1) ++$(info Supports noexecstack assembler flag!) ++$(info $(CFLAGS)) ++CFLAGS += -Wa,--noexecstack ++$(info $(CFLAGS)) ++else ifeq ($(shell echo | $(CC) $(FLAGS) -Qunused-arguments -Wa,--noexecstack -x assembler -Werror -c - -o $(VOID) 2>$(VOID) && echo 1 || echo 0),1) ++# See e.g.: https://github.com/android/ndk/issues/171 ++$(info Supports noexecstack assembler flag with unused arg suppression!) ++$(info $(CFLAGS)) ++CFLAGS += -Qunused-arguments -Wa,--noexecstack ++$(info $(CFLAGS)) ++else ++$(info Doesn't support noexecstack assembler flag!) ++endif ++endif ++ + HAVE_COLORNEVER = $(shell echo a | grep --color=never a > /dev/null 2> /dev/null && echo 1 || echo 0) + GREP_OPTIONS ?= + ifeq ($HAVE_COLORNEVER, 1) +diff --git a/programs/Makefile b/programs/Makefile +index a54900cc1e9d..da848eb66bc0 100644 +--- a/programs/Makefile ++++ b/programs/Makefile +@@ -62,8 +62,6 @@ else + EXT = + endif + +-VOID = /dev/null +- + # thread detection + NO_THREAD_MSG := ==> no threads, building without multithreading support + HAVE_PTHREAD := $(shell printf '$(NUM_SYMBOL)include <pthread.h>\nint main(void) { return 0; }' > have_pthread.c && $(CC) $(FLAGS) -o have_pthread$(EXT) have_pthread.c -pthread 2> $(VOID) && rm have_pthread$(EXT) && echo 1 || echo 0; rm have_pthread.c) diff --git a/patches/zstd-1.5.1/series b/patches/zstd-1.5.1/series new file mode 100644 index 000000000..29b488d4b --- /dev/null +++ b/patches/zstd-1.5.1/series @@ -0,0 +1,5 @@ +# generated by git-ptx-patches +#tag:base --start-number 1 +0001-Mark-Huffman-Decoder-Assembly-noexecstack-on-All-Arc.patch +0002-Makefiles-Add-noexecstack-Options-to-Compilation-and.patch +# f2f3753627f3109aedeb7a6d245daf7a - git-ptx-patches magic |