/hg/icedtea: 2 new changesets
andrew at icedtea.classpath.org
andrew at icedtea.classpath.org
Thu Mar 31 23:54:12 UTC 2016
changeset e67ce0e50658 in /hg/icedtea
details: http://icedtea.classpath.org/hg/icedtea?cmd=changeset;node=e67ce0e50658
author: Andrew John Hughes <gnu_andrew at member.fsf.org>
date: Thu Mar 31 22:14:43 2016 +0100
PR2392: Make elliptic curve removal optional
2015-07-13 Andrew John Hughes <gnu_andrew at member.fsf.org>
PR2392: Make elliptic curve removal
optional
* INSTALL:
Document --enable-non-nss-curves.
* Makefile.am:
(ICEDTEA_PATCHES): Only apply
the RH1022017 patch when non-NSS
curves are not enabled.
* NEWS: Updated.
* acinclude.m4:
(IT_ENABLE_NON_NSS_CURVES): New
macro to allow non-NSS curves to
be turned on.
* configure.ac:
Invoke IT_ENABLE_NON_NSS_CURVES.
* fsg.sh.in:
Don't alter the curve list when
non-NSS curves are enabled.
changeset b1d858e368bb in /hg/icedtea
details: http://icedtea.classpath.org/hg/icedtea?cmd=changeset;node=b1d858e368bb
author: Andrew John Hughes <gnu_andrew at member.fsf.org>
date: Fri Apr 01 00:54:40 2016 +0100
PR2523: Add executable stack markings to callNative.S on JamVM
2015-07-13 Andrew John Hughes <gnu_andrew at member.fsf.org>
PR2523: Add executable stack markings
to callNative.S on JamVM
* Makefile.am:
(ICEDTEA_PATCHES): Add patch.
* NEWS: Updated.
* patches/jamvm/noexecstack.patch:
Add notes to assembly files in order to
turn off executable stack.
diffstat:
ChangeLog | 32 +++++++++++++++++++++++++++
INSTALL | 1 +
Makefile.am | 10 +++++--
NEWS | 2 +
acinclude.m4 | 16 +++++++++++++
configure.ac | 1 +
fsg.sh.in | 6 +++-
patches/jamvm/noexecstack.patch | 48 +++++++++++++++++++++++++++++++++++++++++
8 files changed, 111 insertions(+), 5 deletions(-)
diffs (202 lines):
diff -r b2c3cacbd0fd -r b1d858e368bb ChangeLog
--- a/ChangeLog Wed Mar 30 04:45:59 2016 +0100
+++ b/ChangeLog Fri Apr 01 00:54:40 2016 +0100
@@ -1,3 +1,35 @@
+2015-07-13 Andrew John Hughes <gnu_andrew at member.fsf.org>
+
+ PR2523: Add executable stack markings
+ to callNative.S on JamVM
+ * Makefile.am:
+ (ICEDTEA_PATCHES): Add patch.
+ * NEWS: Updated.
+ * patches/jamvm/noexecstack.patch:
+ Add notes to assembly files in order to
+ turn off executable stack.
+
+2015-07-13 Andrew John Hughes <gnu_andrew at member.fsf.org>
+
+ PR2392: Make elliptic curve removal
+ optional
+ * INSTALL:
+ Document --enable-non-nss-curves.
+ * Makefile.am:
+ (ICEDTEA_PATCHES): Only apply
+ the RH1022017 patch when non-NSS
+ curves are not enabled.
+ * NEWS: Updated.
+ * acinclude.m4:
+ (IT_ENABLE_NON_NSS_CURVES): New
+ macro to allow non-NSS curves to
+ be turned on.
+ * configure.ac:
+ Invoke IT_ENABLE_NON_NSS_CURVES.
+ * fsg.sh.in:
+ Don't alter the curve list when
+ non-NSS curves are enabled.
+
2016-03-29 Andrew John Hughes <gnu_andrew at member.fsf.org>
Bump to icedtea-3.0.0pre10.
diff -r b2c3cacbd0fd -r b1d858e368bb INSTALL
--- a/INSTALL Wed Mar 30 04:45:59 2016 +0100
+++ b/INSTALL Fri Apr 01 00:54:40 2016 +0100
@@ -189,6 +189,7 @@
* --with-additional-vms=vm-list: Additional VMs to build using the system described
below.
* --enable-sunec: Build the SunEC crypto provider against system NSS.
+* --enable-non-nss-curves: Define curves beyond the three specified by NSS (NIST P-{256,384,521})
Testing
=======
diff -r b2c3cacbd0fd -r b1d858e368bb Makefile.am
--- a/Makefile.am Wed Mar 30 04:45:59 2016 +0100
+++ b/Makefile.am Fri Apr 01 00:54:40 2016 +0100
@@ -286,8 +286,7 @@
ICEDTEA_PATCHES = \
patches/memory-limits.patch \
- patches/override-redirect-metacity.patch \
- patches/rh1022017.patch
+ patches/override-redirect-metacity.patch
# Conditional patches
@@ -310,7 +309,8 @@
if BUILD_JAMVM
ICEDTEA_PATCHES += \
patches/jamvm/find_class_from_caller.patch \
- patches/jamvm/pr2034-tempdir.patch
+ patches/jamvm/pr2034-tempdir.patch \
+ patches/jamvm/noexecstack.patch
endif
if !ENABLE_SUNEC
@@ -318,6 +318,10 @@
patches/disable-intree-ec.patch
endif
+if !USE_NON_NSS_CURVES
+ICEDTEA_PATCHES += patches/rh1022017.patch
+endif
+
if ENABLE_NSS
if ENABLE_SUNEC
ICEDTEA_PATCHES += patches/nss-config-with-sunec.patch
diff -r b2c3cacbd0fd -r b1d858e368bb NEWS
--- a/NEWS Wed Mar 30 04:45:59 2016 +0100
+++ b/NEWS Fri Apr 01 00:54:40 2016 +0100
@@ -104,6 +104,7 @@
- PR2369: SunEC provider is partially installed
- PR2377: PaX mark the installed JDK so it runs on hardened systems
- PR2383: Location of docs directory in install-data-local is incorrect
+ - PR2392: Make elliptic curve removal optional
- PR2400, RH1206656: Zero JVM crashes on startup when built with GCC 5
- PR2407: Fix automatic enabling of the Zero build on non-JIT architectures which don't use CACAO or JamVM
- PR2408: Enable Zero when Shark is enabled
@@ -186,6 +187,7 @@
- GC: Minor performance improvement
- PR2034: --enable-jamvm builds broken, missing JVM_GetTemporaryDirectory impl
- PR2336: JamVM lacks JVM_FindClassFromCaller
+ - PR2523: Add executable stack markings to callNative.S on JamVM
* CACAO
- PR1277: Synchronise CACAO rules between IcedTea6/7/8 where possible
- PR1279: Synchronise CACAO versions between IcedTea6/7/8 where possible
diff -r b2c3cacbd0fd -r b1d858e368bb acinclude.m4
--- a/acinclude.m4 Wed Mar 30 04:45:59 2016 +0100
+++ b/acinclude.m4 Fri Apr 01 00:54:40 2016 +0100
@@ -2289,3 +2289,19 @@
AM_CONDITIONAL(DISABLE_NASHORN_CHECKSUM, test x"${ENABLE_NASHORN_CHECKSUM}" = "xno")
AC_SUBST(ENABLE_NASHORN_CHECKSUM)
])
+
+AC_DEFUN_ONCE([IT_ENABLE_NON_NSS_CURVES],
+[
+ AC_MSG_CHECKING([whether to enable elliptic curves beyond those supported by NSS])
+ AC_ARG_ENABLE([non-nss-curves],
+ [AS_HELP_STRING(--enable-non-nss-curves,register curves beyond the 3 NSS defines [[default=no]])],
+ [
+ ENABLE_NON_NSS_CURVES="${enableval}"
+ ],
+ [
+ ENABLE_NON_NSS_CURVES="no"
+ ])
+ AC_MSG_RESULT(${ENABLE_NON_NSS_CURVES})
+ AM_CONDITIONAL(USE_NON_NSS_CURVES, test x"${ENABLE_NON_NSS_CURVES}" = "xyes")
+ AC_SUBST(ENABLE_NON_NSS_CURVES)
+])
diff -r b2c3cacbd0fd -r b1d858e368bb configure.ac
--- a/configure.ac Wed Mar 30 04:45:59 2016 +0100
+++ b/configure.ac Fri Apr 01 00:54:40 2016 +0100
@@ -125,6 +125,7 @@
IT_ENABLE_JAR_COMPRESSION
IT_ENABLE_ZERO_BUILD
IT_CHECK_ADDITIONAL_VMS
+IT_ENABLE_NON_NSS_CURVES
IT_WITH_VERSION_SUFFIX
IT_ENABLE_HG
diff -r b2c3cacbd0fd -r b1d858e368bb fsg.sh.in
--- a/fsg.sh.in Wed Mar 30 04:45:59 2016 +0100
+++ b/fsg.sh.in Fri Apr 01 00:54:40 2016 +0100
@@ -13,5 +13,7 @@
echo "Removing EC source code we don't build"
rm -rvf openjdk/jdk/src/share/native/sun/security/ec/impl
-echo "Syncing EC list with NSS"
-patch -Np0 < @abs_top_srcdir@/patches/pr2126.patch
+if test "x at ENABLE_NON_NSS_CURVES@" = "xno"; then
+ echo "Syncing EC list with NSS"
+ patch -Np0 < @abs_top_srcdir@/patches/pr2126.patch
+fi
diff -r b2c3cacbd0fd -r b1d858e368bb patches/jamvm/noexecstack.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/jamvm/noexecstack.patch Fri Apr 01 00:54:40 2016 +0100
@@ -0,0 +1,48 @@
+diff --git a/src/os/linux/arm/callNative.S jamvm/jamvm/src/os/linux/arm/callNative.S
+index 245afd1..1583023 100644
+--- jamvm.orig/jamvm/src/os/linux/arm/callNative.S
++++ jamvm/jamvm/src/os/linux/arm/callNative.S
+@@ -36,3 +36,7 @@
+ #include "callNativeOABI.S"
+ #endif
+ #endif
++
++#if defined(__linux__) && defined(__ELF__)
++.section .note.GNU-stack,"",%progbits
++#endif
+diff --git jamvm.orig/jamvm/src/os/linux/mips/callNative.S jamvm/jamvm/src/os/linux/mips/callNative.S
+index cede343..90d9163 100644
+--- jamvm.orig/jamvm/src/os/linux/mips/callNative.S
++++ jamvm/jamvm/src/os/linux/mips/callNative.S
+@@ -184,3 +184,7 @@ return:
+ j $31
+ .end callJNIMethod
+ #endif
++
++#if defined(__linux__) && defined(__ELF__)
++.section .note.GNU-stack,"",%progbits
++#endif
+diff --git jamvm.orig/jamvm/src/os/linux/powerpc/callNative.S jamvm/jamvm/src/os/linux/powerpc/callNative.S
+index aa47f6a..763dc0a 100644
+--- jamvm.orig/jamvm/src/os/linux/powerpc/callNative.S
++++ jamvm/jamvm/src/os/linux/powerpc/callNative.S
+@@ -281,3 +281,7 @@ return:
+ mr 1,11
+ blr
+ #endif
++
++#if defined(__linux__) && defined(__ELF__)
++.section .note.GNU-stack,"",%progbits
++#endif
+diff --git jamvm.orig/jamvm/src/os/linux/x86_64/callNative.S jamvm/jamvm/src/os/linux/x86_64/callNative.S
+index 26404e6..9fb5cdf 100644
+--- jamvm.orig/jamvm/src/os/linux/x86_64/callNative.S
++++ jamvm/jamvm/src/os/linux/x86_64/callNative.S
+@@ -267,3 +267,7 @@ float_ret:
+ addq $8, %rcx
+ jmp return
+ #endif
++
++#if defined(__linux__) && defined(__ELF__)
++.section .note.GNU-stack,"",%progbits
++#endif
More information about the distro-pkg-dev
mailing list