Compare commits

..

No commits in common. 'c9' and 'i10cs' have entirely different histories.
c9 ... i10cs

2
.gitignore vendored

@ -1 +1 @@
SOURCES/zstd-1.5.1.tar.gz SOURCES/zstd-1.5.5.tar.gz

@ -1 +1 @@
e6a51ef3f7d5be5b74ac74d88bf3850057e00adb SOURCES/zstd-1.5.1.tar.gz 4479ecc74300d23391d99fbebf2fddd47aed9b28 SOURCES/zstd-1.5.5.tar.gz

@ -0,0 +1,67 @@
From a88781954a875c4f00883eba6a8c5d172c4f5c17 Mon Sep 17 00:00:00 2001
From: Nick Terrell <terrelln@fb.com>
Date: Wed, 13 Mar 2024 09:58:34 -0700
Subject: [PATCH] [asm][aarch64] Mark that BTI and PAC are supported
Mark that `huf_decompress_amd64.S` supports BTI and PAC, which it trivially does because it is empty for aarch64.
The issue only requested BTI markings, but it also makes sense to mark PAC, which is the only other feature.
Also run add a test for this mode to the ARM64 QEMU test. Before this PR it warns on `huf_decompress_amd64.S`, after it doesn't.
Fixes Issue #3841.
---
.github/workflows/dev-short-tests.yml | 1 +
lib/decompress/huf_decompress_amd64.S | 23 ++++++++++++++++++++++-
2 files changed, 23 insertions(+), 1 deletion(-)
diff --git a/.github/workflows/dev-short-tests.yml b/.github/workflows/dev-short-tests.yml
index b2aaff89cf7..5324b38d9ac 100644
--- a/.github/workflows/dev-short-tests.yml
+++ b/.github/workflows/dev-short-tests.yml
@@ -409,6 +409,7 @@ jobs:
- name: ARM64
if: ${{ matrix.name == 'ARM64' }}
run: |
+ LDFLAGS="-static -z force-bti" MOREFLAGS="-mbranch-protection=standard" CC=$XCC QEMU_SYS=$XEMU make clean check
LDFLAGS="-static" CC=$XCC QEMU_SYS=$XEMU make clean check
- name: PPC
if: ${{ matrix.name == 'PPC' }}
diff --git a/lib/decompress/huf_decompress_amd64.S b/lib/decompress/huf_decompress_amd64.S
index 3b96b44612f..78da291ee3c 100644
--- a/lib/decompress/huf_decompress_amd64.S
+++ b/lib/decompress/huf_decompress_amd64.S
@@ -10,11 +10,32 @@
#include "../common/portability_macros.h"
+#if defined(__ELF__) && defined(__GNUC__)
/* Stack marking
* ref: https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart
*/
-#if defined(__ELF__) && defined(__GNUC__)
.section .note.GNU-stack,"",%progbits
+
+#if defined(__aarch64__)
+/* Mark that this assembly supports BTI & PAC, because it is empty for aarch64.
+ * See: https://github.com/facebook/zstd/issues/3841
+ * See: https://gcc.godbolt.org/z/sqr5T4ffK
+ * See: https://lore.kernel.org/linux-arm-kernel/20200429211641.9279-8-broonie@kernel.org/
+ * See: https://reviews.llvm.org/D62609
+ */
+.pushsection .note.gnu.property, "a"
+.p2align 3
+.long 4 /* size of the name - "GNU\0" */
+.long 0x10 /* size of descriptor */
+.long 0x5 /* NT_GNU_PROPERTY_TYPE_0 */
+.asciz "GNU"
+.long 0xc0000000 /* pr_type - GNU_PROPERTY_AARCH64_FEATURE_1_AND */
+.long 4 /* pr_datasz - 4 bytes */
+.long 3 /* pr_data - GNU_PROPERTY_AARCH64_FEATURE_1_BTI | GNU_PROPERTY_AARCH64_FEATURE_1_PAC */
+.p2align 3 /* pr_padding - bring everything to 8 byte alignment */
+.popsection
+#endif
+
#endif
#if ZSTD_ENABLE_ASM_X86_64_BMI2

@ -1,38 +0,0 @@
From cd7620a730413a48843e175d34dc408c152f8125 Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Tue, 11 Jan 2022 07:28:25 -0800
Subject: [PATCH] x86-64: Enable Intel CET
Intel Control-flow Enforcement Technology (CET):
https://en.wikipedia.org/wiki/Control-flow_integrity#Intel_Control-flow_Enforcement_Technology
requires that on Linux, all linker input files are marked as CET enabled
in .note.gnu.property section. For high-level language source codes,
.note.gnu.property section is added by compiler with the -fcf-protection
option. For assembly sources, include <cet.h> to add .note.gnu.property
section.
---
lib/common/portability_macros.h | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/lib/common/portability_macros.h b/lib/common/portability_macros.h
index 627ef9eed4..6ac4b05510 100644
--- a/lib/common/portability_macros.h
+++ b/lib/common/portability_macros.h
@@ -128,4 +128,15 @@
# define ZSTD_ENABLE_ASM_X86_64_BMI2 0
#endif
+/*
+ * For x86 ELF targets, add .note.gnu.property section for Intel CET in
+ * assembly sources when CET is enabled.
+ */
+#if defined(__ELF__) && (defined(__x86_64__) || defined(__i386__)) \
+ && defined(__has_include)
+# if __has_include(<cet.h>)
+# include <cet.h>
+# endif
+#endif
+
#endif /* ZSTD_PORTABILITY_MACROS_H */

@ -1,8 +1,8 @@
diff -Naur zstd-1.5.1.orig/programs/zstd.1 zstd-1.5.1/programs/zstd.1 diff -Naur zstd-1.5.4/programs/zstd.1 zstd-1.5.4.new/programs/zstd.1
--- zstd-1.5.1.orig/programs/zstd.1 2021-12-20 22:49:18.000000000 +0000 --- zstd-1.5.4/programs/zstd.1 2023-02-10 00:41:50.000000000 +0000
+++ zstd-1.5.1/programs/zstd.1 2021-12-22 16:49:17.160850340 +0000 +++ zstd-1.5.4.new/programs/zstd.1 2023-02-13 12:44:01.575160149 +0000
@@ -146,6 +146,14 @@ @@ -162,6 +162,13 @@
\fB\-\-show\-default\-cparams\fR: Shows the default compression parameters that will be used for a particular src file\. If the provided src file is not a regular file (eg\. named pipe), the cli will just output the default parameters\. That is, the parameters that are used when the src size is unknown\. \fB\-\-show\-default\-cparams\fR: shows the default compression parameters that will be used for a particular input file, based on the provided compression level and the input size\. If the provided file is not a regular file (e\.g\. a pipe), this flag will output the parameters used for inputs of unknown size\.
.IP "\[ci]" 4 .IP "\[ci]" 4
\fB\-\-\fR: All arguments after \fB\-\-\fR are treated as files \fB\-\-\fR: All arguments after \fB\-\-\fR are treated as files
+ +
@ -11,8 +11,7 @@ diff -Naur zstd-1.5.1.orig/programs/zstd.1 zstd-1.5.1/programs/zstd.1
+.TP +.TP
+.BR \-p ", " --processes +.BR \-p ", " --processes
+ number of threads to use for (de)compression (default:4) + number of threads to use for (de)compression (default:4)
+
+ +
.IP "" 0 .IP "" 0
.SS "Restricted usage of Environment Variables" .SS "gzip Operation Modifiers"
Using environment variables to set parameters has security implications\. Therefore, this avenue is intentionally restricted\. Only \fBZSTD_CLEVEL\fR and \fBZSTD_NBTHREADS\fR are currently supported\. They set the compression level and number of threads to use during compression, respectively\. When invoked via a \fBgzip\fR symlink, \fBzstd\fR will support further options that intend to mimic the \fBgzip\fR behavior:

@ -1,3 +1,6 @@
# enable asm implementations by default
%bcond_without asm
# enable .lz4 support by default # enable .lz4 support by default
%bcond_without lz4 %bcond_without lz4
@ -7,48 +10,26 @@
# enable .gz support by default # enable .gz support by default
%bcond_without zlib %bcond_without zlib
%if 0%{?rhel} && 0%{?rhel} <= 6 # enable pzstd support by default
# gcc-4.4 is currently too old to compile pzstd
%bcond_with pzstd
%else
%ifarch %{ix86} x86_64
%bcond_without pzstd %bcond_without pzstd
%else
# aarch64 and armv7hl at least currently segfault
# in ThreadPool test for the pzstd util
%bcond_with pzstd
%endif
%endif
%ifarch x86_64
%bcond_without asm
%else
# Disable asm to ensure non excutable stack
# used on archs where asm not actually used
# https://github.com/facebook/zstd/issues/2963
%bcond_with asm
%endif
# Disable gtest # Disable gtest on RHEL
%bcond_with gtest %bcond gtest %[ !0%{?rhel} ]
Name: zstd Name: zstd
Version: 1.5.1 Version: 1.5.5
Release: 2%{?dist} Release: 9%{?dist}
Summary: Zstd compression library Summary: Zstd compression library
License: BSD and GPLv2 License: BSD-3-Clause AND GPL-2.0-only
URL: https://github.com/facebook/zstd URL: https://github.com/facebook/zstd
Source0: https://github.com/facebook/zstd/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz Source0: https://github.com/facebook/zstd/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
Patch1: pzstd.1.patch Patch1: pzstd.1.patch
Patch2: enable-CET.patch Patch2: bti.patch
BuildRequires: make BuildRequires: make
BuildRequires: gcc BuildRequires: gcc %{?with_gtest:gtest-devel}
%if %{with gtest}
BuildRequires: gtest-devel
%endif
%if %{with lz4} %if %{with lz4}
BuildRequires: lz4-devel BuildRequires: lz4-devel
%endif %endif
@ -93,6 +74,7 @@ find -name .gitignore -delete
%if %{with pzstd} %if %{with pzstd}
%patch1 -p1 %patch1 -p1
%endif %endif
%patch2 -p1 %patch2 -p1
%build %build
@ -113,12 +95,10 @@ execstack lib/libzstd.so.1
export CFLAGS="$RPM_OPT_FLAGS" export CFLAGS="$RPM_OPT_FLAGS"
export LDFLAGS="$RPM_LD_FLAGS" export LDFLAGS="$RPM_LD_FLAGS"
make -C tests test-zstd make -C tests test-zstd
%if %{with pzstd} %if %{with pzstd} && %{with gtest}
%if %{with gtest}
export CXXFLAGS="$RPM_OPT_FLAGS" export CXXFLAGS="$RPM_OPT_FLAGS"
make -C contrib/pzstd test make -C contrib/pzstd test
%endif %endif
%endif
%install %install
%make_install PREFIX=%{_prefix} LIBDIR=%{_libdir} %make_install PREFIX=%{_prefix} LIBDIR=%{_libdir}
@ -163,32 +143,81 @@ install -D -m644 programs/%{name}.1 %{buildroot}%{_mandir}/man1/p%{name}.1
%ldconfig_scriptlets -n lib%{name} %ldconfig_scriptlets -n lib%{name}
%changelog %changelog
* Mon Feb 07 2022 Jakub Martisko <jamartis@redhat.com> - 1.5.1-2 * Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 1.5.5-9
- Add some basic gating tests - Bump release for October 2024 mass rebuild:
Resolves: rhbz#2050272 Resolves: RHEL-64018
* Wed Jan 12 2022 Michel Alexandre Salim <salimma@centosproject.org> - 1.5.1-1 * Fri Oct 25 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 1.5.5-8
- Rebase to the latest upstream version - Rebuilt for MSVSphere 10
- Enable optional gz, xz/lzma, and lz4 support in the zstd tool
- Disable amd64 assembly on non-x86_64 architectures (rhbz#2035802) * Tue Jul 23 2024 Jakub Martisko <jamartis@redhat.com> - 1.5.5-8
this should avoid the issue where an executable stack is created - Backport the patch that enables BTI on aarch64
- Re-enable CET protections (rhbz#2039353) Related: RHEL-50092
Resolves: rhbz#2039488
* Mon Jul 22 2024 Jakub Martisko <jamartis@redhat.com> - 1.5.5-7
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1.5.0-2 - Add the gating test from rhel-9
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: RHEL-50092
Related: rhbz#1991688
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1.5.5-6
* Mon Jul 12 2021 Jakub Martisko <jamartis@redhat.com> - 1.5.0-1 - Bump release for June 2024 mass rebuild
* Rebase to the latest upstream version
Resolves: rhbz#1928094 * Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.5-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Jul 01 2021 Jakub Martisko <jamartis@redhat.com> - 1.4.9-3
- Drop gtest-devel dependency * Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.5-4
Resolves: rhbz#1977606 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.4.9-2 * Thu Jun 22 2023 Jiří Kučera <jkucera@redhat.com> - 1.5.5-3
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 - Drop gtest on RHEL (c9s backport)
* Thu Apr 13 2023 Lukáš Zaoral <lzaoral@redhat.com> - 1.5.5-2
- migrate to SPDX license format
* Wed Apr 05 2023 Pádraig Brady <P@draigBrady.com> - 1.5.5-1
- Latest upstream
* Mon Feb 13 2023 Pádraig Brady <P@draigBrady.com> - 1.5.4-1
- Latest upstream
* Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu May 19 2022 Peter Robinson <pbrobinson@fedoraproject.org> - 1.5.2-2
- ThreadPool segfault fixed so build pzst everywhere
* Sat Jan 22 2022 Pádraig Brady <P@draigBrady.com> - 1.5.2-1
- Latest upstream
* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.1-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Tue Jan 11 2022 Pádraig Brady <P@draigBrady.com> - 1.5.1-6
- Re-enable CET protections (#2039353)
* Fri Jan 07 2022 Michel Alexandre Salim <salimma@fedoraproject.org> - 1.5.1-5
- Enable gz, .xz/.lzma and .lz4 support
* Mon Jan 03 2022 Pádraig Brady <P@draigBrady.com> - 1.5.1-4
- Use correct prefix for pkgconfig.
* Wed Dec 29 2021 Pádraig Brady <P@draigBrady.com> - 1.5.1-3
- Avoid executable stack on i686 also.
* Tue Dec 28 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 1.5.1-2
- Disable amd64 assembly on non-intel architectures (#2035802):
this should avoid the issue where an executable stack is created.
* Wed Dec 22 2021 Pádraig Brady <P@draigBrady.com> - 1.5.1-1
- Latest upstream
* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Sun May 16 2021 Pádraig Brady <P@draigBrady.com> - 1.5.0-2
- Latest upstream
* Fri Mar 05 2021 Pádraig Brady <P@draigBrady.com> - 1.4.9-1 * Fri Mar 05 2021 Pádraig Brady <P@draigBrady.com> - 1.4.9-1
- Latest upstream - Latest upstream

Loading…
Cancel
Save