03254981cb
- update to version 1.12
* Add GSSAPI extensions for constructing MIC tokens using IOV lists
* Add a FAST OTP preauthentication module for the KDC which uses
RADIUS to validate OTP token values.
* The AES-based encryption types will use AES-NI instructions
when possible for improved performance.
- revert dependency on libcom_err-mini-devel since it's not yet
available
- update and rebase patches
OBS-URL: https://build.opensuse.org/request/show/213903
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=114
58 lines
2.0 KiB
Diff
58 lines
2.0 KiB
Diff
commit c64e39c69a9a7ee32c00b0cf7918f6274a565544
|
|
Author: Greg Hudson <ghudson@mit.edu>
|
|
Date: Fri Jan 3 13:50:48 2014 -0500
|
|
|
|
Mark AESNI files as not needing executable stacks
|
|
|
|
Some Linux systems now come with facilities to mark the stack as
|
|
non-executable, making it more difficult to exploit buffer overrun
|
|
bugs. For this to work, object files built from assembly need a
|
|
section added to note whether they require an executable stack.
|
|
|
|
Patch from Dhiru Kholia with comments added. More information at:
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=1045699
|
|
https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart
|
|
|
|
ticket: 7813
|
|
target_version: 1.12.1
|
|
tags: pullup
|
|
|
|
diff --git a/src/lib/crypto/builtin/aes/iaesx64.s b/src/lib/crypto/builtin/aes/iaesx64.s
|
|
index 1c091c1..d03c859 100644
|
|
--- a/src/lib/crypto/builtin/aes/iaesx64.s
|
|
+++ b/src/lib/crypto/builtin/aes/iaesx64.s
|
|
@@ -834,3 +834,14 @@ lp256encsingle_CBC:
|
|
movdqu [r9],xmm1
|
|
add rsp,16*16+8
|
|
ret
|
|
+
|
|
+; Mark this file as not needing an executable stack.
|
|
+%ifidn __OUTPUT_FORMAT__,elf
|
|
+section .note.GNU-stack noalloc noexec nowrite progbits
|
|
+%endif
|
|
+%ifidn __OUTPUT_FORMAT__,elf32
|
|
+section .note.GNU-stack noalloc noexec nowrite progbits
|
|
+%endif
|
|
+%ifidn __OUTPUT_FORMAT__,elf64
|
|
+section .note.GNU-stack noalloc noexec nowrite progbits
|
|
+%endif
|
|
diff --git a/src/lib/crypto/builtin/aes/iaesx86.s b/src/lib/crypto/builtin/aes/iaesx86.s
|
|
index b667acd..1aa12e6 100644
|
|
--- a/src/lib/crypto/builtin/aes/iaesx86.s
|
|
+++ b/src/lib/crypto/builtin/aes/iaesx86.s
|
|
@@ -871,3 +871,14 @@ lp256encsingle_CBC:
|
|
movdqu [ecx],xmm1 ; store last iv for chaining
|
|
|
|
ret
|
|
+
|
|
+; Mark this file as not needing an executable stack.
|
|
+%ifidn __OUTPUT_FORMAT__,elf
|
|
+section .note.GNU-stack noalloc noexec nowrite progbits
|
|
+%endif
|
|
+%ifidn __OUTPUT_FORMAT__,elf32
|
|
+section .note.GNU-stack noalloc noexec nowrite progbits
|
|
+%endif
|
|
+%ifidn __OUTPUT_FORMAT__,elf64
|
|
+section .note.GNU-stack noalloc noexec nowrite progbits
|
|
+%endif
|