From 95cf7b34ad971d8e11ee9f002efe3165f4483040 Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Sat, 10 May 2014 09:07:15 +0100 Subject: [PATCH] Mark stack as non-executable on ARM (32 bit) and Aarch64. --- ...gnore-file-to-ignore-generated-files.patch | 4 +- ...pilerlibs-directory-is-created-by-gi.patch | 4 +- ...amlplugininfo-Useful-utilities-from-.patch | 4 +- 0004-Don-t-add-rpaths-to-libraries.patch | 4 +- ...-Allow-user-defined-C-compiler-flags.patch | 4 +- 0006-Add-support-for-ppc64.patch | 4 +- 0007-yacc-Use-mkstemp-instead-of-mktemp.patch | 4 +- ...64-bits-AArch64-architecture-experim.patch | 4 +- ...pdated-with-latest-versions-from-FSF.patch | 4 +- ...arm64-Align-code-and-data-to-8-bytes.patch | 4 +- ...-no_arg-and-get_arg-helper-functions.patch | 4 +- ...such-as-flag-arg-as-well-as-flag-arg.patch | 4 +- 0013-Add-support-for-ppc64le.patch | 4 +- ...m-arm64-Mark-stack-as-non-executable.patch | 39 +++++++++++++++++++ ocaml.spec | 8 +++- 15 files changed, 72 insertions(+), 27 deletions(-) create mode 100644 0014-arm-arm64-Mark-stack-as-non-executable.patch diff --git a/0001-Add-.gitignore-file-to-ignore-generated-files.patch b/0001-Add-.gitignore-file-to-ignore-generated-files.patch index 859b2f1..527beae 100644 --- a/0001-Add-.gitignore-file-to-ignore-generated-files.patch +++ b/0001-Add-.gitignore-file-to-ignore-generated-files.patch @@ -1,7 +1,7 @@ From 07839dfc746ccee318601b9668aa094d4465bc6e Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Thu, 7 Jun 2012 16:00:28 +0100 -Subject: [PATCH 01/13] Add .gitignore file to ignore generated files. +Subject: [PATCH 01/14] Add .gitignore file to ignore generated files. --- .gitignore | 347 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ @@ -362,5 +362,5 @@ index 0000000..7191b83 +/yacc/ocamlyacc +/yacc/version.h -- -1.8.5.3 +1.9.0 diff --git a/0002-Ensure-empty-compilerlibs-directory-is-created-by-gi.patch b/0002-Ensure-empty-compilerlibs-directory-is-created-by-gi.patch index 27afc5e..6208ace 100644 --- a/0002-Ensure-empty-compilerlibs-directory-is-created-by-gi.patch +++ b/0002-Ensure-empty-compilerlibs-directory-is-created-by-gi.patch @@ -1,7 +1,7 @@ From 7756582741dc56070c03629a3b4640147723beda Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Thu, 7 Jun 2012 15:36:16 +0100 -Subject: [PATCH 02/13] Ensure empty compilerlibs/ directory is created by git. +Subject: [PATCH 02/14] Ensure empty compilerlibs/ directory is created by git. This directory exists in the OCaml tarball, but is empty. As a result, git ignores it unless we put a dummy file in it. @@ -14,5 +14,5 @@ diff --git a/compilerlibs/.exists b/compilerlibs/.exists new file mode 100644 index 0000000..e69de29 -- -1.8.5.3 +1.9.0 diff --git a/0003-ocamlbyteinfo-ocamlplugininfo-Useful-utilities-from-.patch b/0003-ocamlbyteinfo-ocamlplugininfo-Useful-utilities-from-.patch index a4fd7ae..9bc9b44 100644 --- a/0003-ocamlbyteinfo-ocamlplugininfo-Useful-utilities-from-.patch +++ b/0003-ocamlbyteinfo-ocamlplugininfo-Useful-utilities-from-.patch @@ -1,7 +1,7 @@ From a6d87cd4bc62d3987835c1ac844f35cc06804294 Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Tue, 29 May 2012 20:40:36 +0100 -Subject: [PATCH 03/13] ocamlbyteinfo, ocamlplugininfo: Useful utilities from +Subject: [PATCH 03/14] ocamlbyteinfo, ocamlplugininfo: Useful utilities from Debian, sent upstream. See: @@ -236,5 +236,5 @@ index 0000000..e28800f + header.units + end -- -1.8.5.3 +1.9.0 diff --git a/0004-Don-t-add-rpaths-to-libraries.patch b/0004-Don-t-add-rpaths-to-libraries.patch index 221b2d9..efe4095 100644 --- a/0004-Don-t-add-rpaths-to-libraries.patch +++ b/0004-Don-t-add-rpaths-to-libraries.patch @@ -1,7 +1,7 @@ From c3a733c10827896a6e3c217b383e874df303d50b Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Tue, 29 May 2012 20:43:34 +0100 -Subject: [PATCH 04/13] Don't add rpaths to libraries. +Subject: [PATCH 04/14] Don't add rpaths to libraries. --- tools/Makefile.shared | 3 --- @@ -22,5 +22,5 @@ index 117f576..cad227d 100644 ocamlmklib.mlp >> ocamlmklib.ml -- -1.8.5.3 +1.9.0 diff --git a/0005-configure-Allow-user-defined-C-compiler-flags.patch b/0005-configure-Allow-user-defined-C-compiler-flags.patch index b521782..5864c92 100644 --- a/0005-configure-Allow-user-defined-C-compiler-flags.patch +++ b/0005-configure-Allow-user-defined-C-compiler-flags.patch @@ -1,7 +1,7 @@ From 459e9550f174e11176a2ece013fc4dd2b08a06bb Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Tue, 29 May 2012 20:44:18 +0100 -Subject: [PATCH 05/13] configure: Allow user defined C compiler flags. +Subject: [PATCH 05/14] configure: Allow user defined C compiler flags. --- configure | 4 ++++ @@ -23,5 +23,5 @@ index 07b1c35..39b38dc 100755 cclibs="$cclibs $mathlib" -- -1.8.5.3 +1.9.0 diff --git a/0006-Add-support-for-ppc64.patch b/0006-Add-support-for-ppc64.patch index a69e8c4..35e3b74 100644 --- a/0006-Add-support-for-ppc64.patch +++ b/0006-Add-support-for-ppc64.patch @@ -1,7 +1,7 @@ From a85437a0d2ffdf7a340d379789500eb583ae4708 Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Tue, 29 May 2012 20:47:07 +0100 -Subject: [PATCH 06/13] Add support for ppc64. +Subject: [PATCH 06/14] Add support for ppc64. Note (1): This patch was rejected upstream because they don't have appropriate hardware for testing. @@ -2126,5 +2126,5 @@ index 39b38dc..9b02664 100755 aspp="$bytecc -c";; sparc,*,solaris) as='as' -- -1.8.5.3 +1.9.0 diff --git a/0007-yacc-Use-mkstemp-instead-of-mktemp.patch b/0007-yacc-Use-mkstemp-instead-of-mktemp.patch index 7fdcbe2..0a2c140 100644 --- a/0007-yacc-Use-mkstemp-instead-of-mktemp.patch +++ b/0007-yacc-Use-mkstemp-instead-of-mktemp.patch @@ -1,7 +1,7 @@ From 761242718c3a7513d3b93ca96d24d1f61a4126f0 Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Fri, 13 Sep 2013 21:29:58 +0100 -Subject: [PATCH 07/13] yacc: Use mkstemp instead of mktemp. +Subject: [PATCH 07/14] yacc: Use mkstemp instead of mktemp. --- yacc/main.c | 2 +- @@ -21,5 +21,5 @@ index f6cac60..3067000 100644 #endif -- -1.8.5.3 +1.9.0 diff --git a/0008-Port-to-the-ARM-64-bits-AArch64-architecture-experim.patch b/0008-Port-to-the-ARM-64-bits-AArch64-architecture-experim.patch index 34929f4..da6b5e3 100644 --- a/0008-Port-to-the-ARM-64-bits-AArch64-architecture-experim.patch +++ b/0008-Port-to-the-ARM-64-bits-AArch64-architecture-experim.patch @@ -1,7 +1,7 @@ From a1297100a7898223fd9cdf3d37c4136376ee8f88 Mon Sep 17 00:00:00 2001 From: Xavier Leroy Date: Thu, 18 Jul 2013 16:09:20 +0000 -Subject: [PATCH 08/13] Port to the ARM 64-bits (AArch64) architecture +Subject: [PATCH 08/14] Port to the ARM 64-bits (AArch64) architecture (experimental). Merge of branch branches/arm64. git-svn-id: http://caml.inria.fr/svn/ocaml/trunk@13909 f963ae5c-01c2-4b8c-9fe0-0dff7051ff02 @@ -2276,5 +2276,5 @@ index d67a643..82b699e 100644 Emit.begin_assembly(); let ic = open_in filename in -- -1.8.5.3 +1.9.0 diff --git a/0009-Updated-with-latest-versions-from-FSF.patch b/0009-Updated-with-latest-versions-from-FSF.patch index 38cd9c8..3f5a427 100644 --- a/0009-Updated-with-latest-versions-from-FSF.patch +++ b/0009-Updated-with-latest-versions-from-FSF.patch @@ -1,7 +1,7 @@ From 26114ba365c1ef63d9605efc719f6c220ad624eb Mon Sep 17 00:00:00 2001 From: Xavier Leroy Date: Thu, 18 Jul 2013 16:07:25 +0000 -Subject: [PATCH 09/13] Updated with latest versions from FSF. +Subject: [PATCH 09/14] Updated with latest versions from FSF. git-svn-id: http://caml.inria.fr/svn/ocaml/trunk@13907 f963ae5c-01c2-4b8c-9fe0-0dff7051ff02 (cherry picked from commit 24bb4caeb35e49126aa3a4c0101a412db1091213) @@ -712,5 +712,5 @@ index e76eaf4..8b612ab 100755 os=-coff ;; -- -1.8.5.3 +1.9.0 diff --git a/0010-arm64-Align-code-and-data-to-8-bytes.patch b/0010-arm64-Align-code-and-data-to-8-bytes.patch index e1a946b..ac0d177 100644 --- a/0010-arm64-Align-code-and-data-to-8-bytes.patch +++ b/0010-arm64-Align-code-and-data-to-8-bytes.patch @@ -1,7 +1,7 @@ From 848ca220af9224a5cc7abb64f32b89ed54c21121 Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Mon, 24 Mar 2014 05:50:28 -0500 -Subject: [PATCH 10/13] arm64: Align code and data to 8 bytes. +Subject: [PATCH 10/14] arm64: Align code and data to 8 bytes. Insufficient alignment seems to be the cause of relocation errors when linking large native code OCaml programs: @@ -37,5 +37,5 @@ index fc9649c..4e7c4b0 100644 (* Beginning / end of an assembly file *) -- -1.8.5.3 +1.9.0 diff --git a/0011-arg-Add-no_arg-and-get_arg-helper-functions.patch b/0011-arg-Add-no_arg-and-get_arg-helper-functions.patch index 5368a9f..4173775 100644 --- a/0011-arg-Add-no_arg-and-get_arg-helper-functions.patch +++ b/0011-arg-Add-no_arg-and-get_arg-helper-functions.patch @@ -1,7 +1,7 @@ From 251d3447bb10550320f43512d8886561c1298f74 Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Tue, 1 Apr 2014 11:17:07 +0100 -Subject: [PATCH 11/13] arg: Add no_arg and get_arg helper functions. +Subject: [PATCH 11/14] arg: Add no_arg and get_arg helper functions. The no_arg function in this patch is a no-op. It will do something useful in the followups. @@ -114,5 +114,5 @@ index 8b64236..c8b3d44 100644 treat_action action with Bad m -> stop (Message m); -- -1.8.5.3 +1.9.0 diff --git a/0012-arg-Allow-flags-such-as-flag-arg-as-well-as-flag-arg.patch b/0012-arg-Allow-flags-such-as-flag-arg-as-well-as-flag-arg.patch index 9768344..4a1ba25 100644 --- a/0012-arg-Allow-flags-such-as-flag-arg-as-well-as-flag-arg.patch +++ b/0012-arg-Allow-flags-such-as-flag-arg-as-well-as-flag-arg.patch @@ -1,7 +1,7 @@ From 57955b8a4d4cf7732cb87964f5e124ab713e084b Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Tue, 1 Apr 2014 11:21:40 +0100 -Subject: [PATCH 12/13] arg: Allow flags such as --flag=arg as well as --flag +Subject: [PATCH 12/14] arg: Allow flags such as --flag=arg as well as --flag arg. Allow flags to be followed directly by their argument, separated by an '=' @@ -78,5 +78,5 @@ index 869d030..b8c6f11 100644 Examples ([cmd] is assumed to be the command name): -- -1.8.5.3 +1.9.0 diff --git a/0013-Add-support-for-ppc64le.patch b/0013-Add-support-for-ppc64le.patch index 0607fa3..d3b4e3b 100644 --- a/0013-Add-support-for-ppc64le.patch +++ b/0013-Add-support-for-ppc64le.patch @@ -1,7 +1,7 @@ From d9ec3ac29493999687b0f7daa23f4888bc57c7be Mon Sep 17 00:00:00 2001 From: Michel Normand Date: Tue, 18 Mar 2014 09:15:47 -0400 -Subject: [PATCH 13/13] Add support for ppc64le. +Subject: [PATCH 13/14] Add support for ppc64le. Signed-off-by: Michel Normand --- @@ -1913,5 +1913,5 @@ index 36edfab..8a22078 100755 aspp="$bytecc -c";; sparc,*,solaris) as='as' -- -1.8.5.3 +1.9.0 diff --git a/0014-arm-arm64-Mark-stack-as-non-executable.patch b/0014-arm-arm64-Mark-stack-as-non-executable.patch new file mode 100644 index 0000000..7767b40 --- /dev/null +++ b/0014-arm-arm64-Mark-stack-as-non-executable.patch @@ -0,0 +1,39 @@ +From 64da031fc17ca93efd5beabcf0b7ea49bcd645a0 Mon Sep 17 00:00:00 2001 +From: "Richard W.M. Jones" +Date: Sat, 10 May 2014 03:20:35 -0400 +Subject: [PATCH 14/14] arm, arm64: Mark stack as non-executable. + +The same fix as this one, which was only fully applied to +i686 & x86-64: + +http://caml.inria.fr/mantis/view.php?id=4564 +--- + asmrun/arm.S | 3 +++ + asmrun/arm64.S | 3 +++ + 2 files changed, 6 insertions(+) + +diff --git a/asmrun/arm.S b/asmrun/arm.S +index 2ce244a..90f5b6e 100644 +--- a/asmrun/arm.S ++++ b/asmrun/arm.S +@@ -489,3 +489,6 @@ caml_system__frametable: + .align 2 + .type caml_system__frametable, %object + .size caml_system__frametable, .-caml_system__frametable ++ ++ /* Mark stack as non-executable, PR#4564 */ ++ .section .note.GNU-stack,"",%progbits +diff --git a/asmrun/arm64.S b/asmrun/arm64.S +index de670e6..84e18ba 100644 +--- a/asmrun/arm64.S ++++ b/asmrun/arm64.S +@@ -533,3 +533,6 @@ caml_system__frametable: + .align 3 + .type caml_system__frametable, %object + .size caml_system__frametable, .-caml_system__frametable ++ ++ /* Mark stack as non-executable, PR#4564 */ ++ .section .note.GNU-stack,"",%progbits +-- +1.9.0 + diff --git a/ocaml.spec b/ocaml.spec index dcef59f..84727a7 100644 --- a/ocaml.spec +++ b/ocaml.spec @@ -17,7 +17,7 @@ Name: ocaml Version: 4.01.0 -Release: 16%{?dist} +Release: 17%{?dist} Summary: OCaml compiler and programming environment @@ -63,6 +63,9 @@ Patch0012: 0012-arg-Allow-flags-such-as-flag-arg-as-well-as-flag-arg.patch # ppc64le support (Michel Normand). Patch0013: 0013-Add-support-for-ppc64le.patch +# ARM & Aarch64 non-executable stack. +Patch0014: 0014-arm-arm64-Mark-stack-as-non-executable.patch + # Temporary, we can drop this explicit BR in June 2014: BuildRequires: ocaml-srpm-macros @@ -546,6 +549,9 @@ fi %changelog +* Sat May 10 2014 Richard W.M. Jones - 4.01.0-17 +- Mark stack as non-executable on ARM (32 bit) and Aarch64. + * Tue Apr 22 2014 Richard W.M. Jones - 4.01.0-16 - Remove ocaml-srpm-macros subpackage. This is now a separate package, see RHBZ#1087893.