From 37f1ff68a103eac23f73ab18819d67ea9fd589f4 Mon Sep 17 00:00:00 2001 From: Peter Lemenkov Date: Feb 10 2016 12:07:19 +0000 Subject: Fix segfault on ix86 (rhbz#1240487) Signed-off-by: Peter Lemenkov --- diff --git a/erlang.spec b/erlang.spec index 07d9996..3cd2c54 100644 --- a/erlang.spec +++ b/erlang.spec @@ -16,7 +16,7 @@ Name: erlang Version: 17.4 -Release: 5%{?dist} +Release: 6%{?dist} Summary: General-purpose programming language and runtime environment Group: Development/Languages @@ -74,10 +74,13 @@ Patch8: otp-0008-Introduce-os-getenv-2.patch # Fedora specific patch # Patch removes support for SSLv3 protocol because it is proved Patch9: otp-0009-Patch-removes-support-for-SSLv3-protocol-because-it-.patch -# end of autogenerated patch tag list - -# https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-2774 +# Fedora specific patch +# ssl: Reenable padding check for TLS-1.0 and provide backwards Patch10: otp-0010-ssl-Reenable-padding-check-for-TLS-1.0-and-provide-b.patch +# Fedora specific patch +# Quickfix for cmpxchg8b inline asm when pic and gcc >= 5.0 is +Patch11: otp-0011-Quickfix-for-cmpxchg8b-inline-asm-when-pic-and-gcc-5.patch +# end of autogenerated patch tag list BuildRequires: lksctp-tools-devel BuildRequires: ncurses-devel @@ -905,10 +908,10 @@ Erlang mode for XEmacs (source lisp files). %patch7 -p1 -b .Split_off_webtool_dependency_from_tools %patch8 -p1 -b .Introduce_os_getenv_2 %patch9 -p1 -b .Patch_removes_support_for_SSLv3_protocol_because_it_ +%patch10 -p1 -b .ssl_Reenable_padding_check_for_TLS_1_0_and_provide_b +%patch11 -p1 -b .Quickfix_for_cmpxchg8b_inline_asm_when_pic_and_gcc_5 # end of autogenerated prep patch list -%patch10 -p1 - # FIXME we should come up with a better solution # remove shipped zlib sources #rm -f erts/emulator/zlib/*.[ch] @@ -2227,6 +2230,9 @@ useradd -r -g epmd -d /tmp -s /sbin/nologin \ %changelog +* Wed Feb 10 2016 Peter Lemenkov - 17.4-6 +- Fix segfault on ix86 (rhbz#1240487) + * Tue Aug 18 2015 John Eckersberg - 17.4-5 - Disable docs by default on ARM until I figure out why fop hangs diff --git a/otp-0010-ssl-Reenable-padding-check-for-TLS-1.0-and-provide-b.patch b/otp-0010-ssl-Reenable-padding-check-for-TLS-1.0-and-provide-b.patch index 04dd246..12b0224 100644 --- a/otp-0010-ssl-Reenable-padding-check-for-TLS-1.0-and-provide-b.patch +++ b/otp-0010-ssl-Reenable-padding-check-for-TLS-1.0-and-provide-b.patch @@ -1,6 +1,13 @@ -diff -Naur otp-OTP-17.4.orig/lib/ssl/doc/src/ssl.xml otp-OTP-17.4/lib/ssl/doc/src/ssl.xml ---- otp-OTP-17.4.orig/lib/ssl/doc/src/ssl.xml 2015-08-05 16:52:39.988500514 -0400 -+++ otp-OTP-17.4/lib/ssl/doc/src/ssl.xml 2015-08-05 16:52:50.478441422 -0400 +From: Ingela Anderton Andin +Date: Tue, 13 Jan 2015 15:16:20 +0100 +Subject: [PATCH] ssl: Reenable padding check for TLS-1.0 and provide backwards + compatible disable option + + +diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml +index b245621..c798364 100644 +--- a/lib/ssl/doc/src/ssl.xml ++++ b/lib/ssl/doc/src/ssl.xml @@ -4,7 +4,7 @@
@@ -10,7 +17,7 @@ diff -Naur otp-OTP-17.4.orig/lib/ssl/doc/src/ssl.xml otp-OTP-17.4/lib/ssl/doc/sr Ericsson AB. All Rights Reserved. -@@ -348,11 +348,23 @@ +@@ -348,11 +348,23 @@ fun(srp, Username :: string(), UserState :: term()) ->

@@ -37,9 +44,10 @@ diff -Naur otp-OTP-17.4.orig/lib/ssl/doc/src/ssl.xml otp-OTP-17.4/lib/ssl/doc/sr SSL OPTION DESCRIPTIONS - CLIENT SIDE

Options described here are client specific or has a slightly different -diff -Naur otp-OTP-17.4.orig/lib/ssl/src/dtls_record.erl otp-OTP-17.4/lib/ssl/src/dtls_record.erl ---- otp-OTP-17.4.orig/lib/ssl/src/dtls_record.erl 2015-08-05 16:52:39.989500508 -0400 -+++ otp-OTP-17.4/lib/ssl/src/dtls_record.erl 2015-08-05 16:52:50.478441422 -0400 +diff --git a/lib/ssl/src/dtls_record.erl b/lib/ssl/src/dtls_record.erl +index a7bbb6b..ae35dd7 100644 +--- a/lib/ssl/src/dtls_record.erl ++++ b/lib/ssl/src/dtls_record.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% @@ -49,7 +57,7 @@ diff -Naur otp-OTP-17.4.orig/lib/ssl/src/dtls_record.erl otp-OTP-17.4/lib/ssl/sr %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in -@@ -146,7 +146,7 @@ +@@ -146,7 +146,7 @@ decode_cipher_text(#ssl_tls{type = Type, version = Version, = ConnnectionStates0) -> CompressAlg = SecParams#security_parameters.compression_algorithm, {PlainFragment, Mac, ReadState1} = ssl_record:decipher(dtls_v1:corresponding_tls_version(Version), @@ -58,9 +66,51 @@ diff -Naur otp-OTP-17.4.orig/lib/ssl/src/dtls_record.erl otp-OTP-17.4/lib/ssl/sr MacHash = calc_mac_hash(ReadState1, Type, Version, Epoch, Seq, PlainFragment), case ssl_record:is_correct_mac(Mac, MacHash) of true -> -diff -Naur otp-OTP-17.4.orig/lib/ssl/src/ssl_cipher.erl otp-OTP-17.4/lib/ssl/src/ssl_cipher.erl ---- otp-OTP-17.4.orig/lib/ssl/src/ssl_cipher.erl 2015-08-05 16:52:39.989500508 -0400 -+++ otp-OTP-17.4/lib/ssl/src/ssl_cipher.erl 2015-08-05 16:52:50.479441417 -0400 +diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl +index b4bea25..4b7f495 100644 +--- a/lib/ssl/src/ssl.erl ++++ b/lib/ssl/src/ssl.erl +@@ -1,7 +1,7 @@ + %% + %% %CopyrightBegin% + %% +-%% Copyright Ericsson AB 1999-2014. All Rights Reserved. ++%% Copyright Ericsson AB 1999-2015. All Rights Reserved. + %% + %% The contents of this file are subject to the Erlang Public License, + %% Version 1.1, (the "License"); you may not use this file except in +@@ -656,7 +656,8 @@ handle_options(Opts0) -> + log_alert = handle_option(log_alert, Opts, true), + server_name_indication = handle_option(server_name_indication, Opts, undefined), + honor_cipher_order = handle_option(honor_cipher_order, Opts, false), +- protocol = proplists:get_value(protocol, Opts, tls) ++ protocol = proplists:get_value(protocol, Opts, tls), ++ padding_check = proplists:get_value(padding_check, Opts, true) + }, + + CbInfo = proplists:get_value(cb_info, Opts, {gen_tcp, tcp, tcp_closed, tcp_error}), +@@ -669,7 +670,7 @@ handle_options(Opts0) -> + cb_info, renegotiate_at, secure_renegotiate, hibernate_after, + erl_dist, next_protocols_advertised, + client_preferred_next_protocols, log_alert, +- server_name_indication, honor_cipher_order], ++ server_name_indication, honor_cipher_order, padding_check], + + SockOpts = lists:foldl(fun(Key, PropList) -> + proplists:delete(Key, PropList) +@@ -847,6 +848,8 @@ validate_option(server_name_indication, undefined) -> + undefined; + validate_option(honor_cipher_order, Value) when is_boolean(Value) -> + Value; ++validate_option(padding_check, Value) when is_boolean(Value) -> ++ Value; + validate_option(Opt, Value) -> + throw({error, {options, {Opt, Value}}}). + +diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl +index 72467ea..ff9c618 100644 +--- a/lib/ssl/src/ssl_cipher.erl ++++ b/lib/ssl/src/ssl_cipher.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% @@ -80,7 +130,7 @@ diff -Naur otp-OTP-17.4.orig/lib/ssl/src/ssl_cipher.erl otp-OTP-17.4/lib/ssl/src ec_keyed_suites/0, anonymous_suites/0, psk_suites/1, srp_suites/0, openssl_suite/1, openssl_suite_name/1, filter/2, filter_suites/1, hash_algorithm/1, sign_algorithm/1, is_acceptable_hash/2]). -@@ -143,17 +142,18 @@ +@@ -143,17 +142,18 @@ block_cipher(Fun, BlockSz, #cipher_state{key=Key, iv=IV} = CS0, {T, CS0#cipher_state{iv=NextIV}}. %%-------------------------------------------------------------------- @@ -103,7 +153,7 @@ diff -Naur otp-OTP-17.4.orig/lib/ssl/src/ssl_cipher.erl otp-OTP-17.4/lib/ssl/src S -> S end, try crypto:stream_decrypt(State0, Fragment) of -@@ -171,23 +171,23 @@ +@@ -171,23 +171,23 @@ decipher(?RC4, HashSz, CipherState, Fragment, _) -> ?ALERT_REC(?FATAL, ?BAD_RECORD_MAC) end; @@ -134,7 +184,7 @@ diff -Naur otp-OTP-17.4.orig/lib/ssl/src/ssl_cipher.erl otp-OTP-17.4/lib/ssl/src try Text = Fun(Key, IV, Fragment), NextIV = next_iv(Fragment, IV), -@@ -195,7 +195,7 @@ +@@ -195,7 +195,7 @@ block_decipher(Fun, #cipher_state{key=Key, iv=IV} = CipherState0, Content = GBC#generic_block_cipher.content, Mac = GBC#generic_block_cipher.mac, CipherState1 = CipherState0#cipher_state{iv=GBC#generic_block_cipher.next_iv}, @@ -143,7 +193,7 @@ diff -Naur otp-OTP-17.4.orig/lib/ssl/src/ssl_cipher.erl otp-OTP-17.4/lib/ssl/src true -> {Content, Mac, CipherState1}; false -> -@@ -1288,16 +1288,18 @@ +@@ -1288,16 +1288,18 @@ generic_stream_cipher_from_bin(T, HashSz) -> #generic_stream_cipher{content=Content, mac=Mac}. @@ -170,49 +220,10 @@ diff -Naur otp-OTP-17.4.orig/lib/ssl/src/ssl_cipher.erl otp-OTP-17.4/lib/ssl/src Len == byte_size(Padding) andalso list_to_binary(lists:duplicate(Len, Len)) == Padding. -diff -Naur otp-OTP-17.4.orig/lib/ssl/src/ssl.erl otp-OTP-17.4/lib/ssl/src/ssl.erl ---- otp-OTP-17.4.orig/lib/ssl/src/ssl.erl 2015-08-05 16:52:39.989500508 -0400 -+++ otp-OTP-17.4/lib/ssl/src/ssl.erl 2015-08-05 16:52:50.479441417 -0400 -@@ -1,7 +1,7 @@ - %% - %% %CopyrightBegin% - %% --%% Copyright Ericsson AB 1999-2014. All Rights Reserved. -+%% Copyright Ericsson AB 1999-2015. All Rights Reserved. - %% - %% The contents of this file are subject to the Erlang Public License, - %% Version 1.1, (the "License"); you may not use this file except in -@@ -656,7 +656,8 @@ - log_alert = handle_option(log_alert, Opts, true), - server_name_indication = handle_option(server_name_indication, Opts, undefined), - honor_cipher_order = handle_option(honor_cipher_order, Opts, false), -- protocol = proplists:get_value(protocol, Opts, tls) -+ protocol = proplists:get_value(protocol, Opts, tls), -+ padding_check = proplists:get_value(padding_check, Opts, true) - }, - - CbInfo = proplists:get_value(cb_info, Opts, {gen_tcp, tcp, tcp_closed, tcp_error}), -@@ -669,7 +670,7 @@ - cb_info, renegotiate_at, secure_renegotiate, hibernate_after, - erl_dist, next_protocols_advertised, - client_preferred_next_protocols, log_alert, -- server_name_indication, honor_cipher_order], -+ server_name_indication, honor_cipher_order, padding_check], - - SockOpts = lists:foldl(fun(Key, PropList) -> - proplists:delete(Key, PropList) -@@ -847,6 +848,8 @@ - undefined; - validate_option(honor_cipher_order, Value) when is_boolean(Value) -> - Value; -+validate_option(padding_check, Value) when is_boolean(Value) -> -+ Value; - validate_option(Opt, Value) -> - throw({error, {options, {Opt, Value}}}). - -diff -Naur otp-OTP-17.4.orig/lib/ssl/src/ssl_internal.hrl otp-OTP-17.4/lib/ssl/src/ssl_internal.hrl ---- otp-OTP-17.4.orig/lib/ssl/src/ssl_internal.hrl 2015-08-05 16:52:39.990500503 -0400 -+++ otp-OTP-17.4/lib/ssl/src/ssl_internal.hrl 2015-08-05 16:52:50.479441417 -0400 +diff --git a/lib/ssl/src/ssl_internal.hrl b/lib/ssl/src/ssl_internal.hrl +index 155fa81..1250b50 100644 +--- a/lib/ssl/src/ssl_internal.hrl ++++ b/lib/ssl/src/ssl_internal.hrl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% @@ -232,9 +243,10 @@ diff -Naur otp-OTP-17.4.orig/lib/ssl/src/ssl_internal.hrl otp-OTP-17.4/lib/ssl/s }). -record(socket_options, -diff -Naur otp-OTP-17.4.orig/lib/ssl/src/ssl_record.erl otp-OTP-17.4/lib/ssl/src/ssl_record.erl ---- otp-OTP-17.4.orig/lib/ssl/src/ssl_record.erl 2015-08-05 16:52:39.989500508 -0400 -+++ otp-OTP-17.4/lib/ssl/src/ssl_record.erl 2015-08-05 16:52:50.479441417 -0400 +diff --git a/lib/ssl/src/ssl_record.erl b/lib/ssl/src/ssl_record.erl +index 7337225..025a46b 100644 +--- a/lib/ssl/src/ssl_record.erl ++++ b/lib/ssl/src/ssl_record.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% @@ -253,7 +265,7 @@ diff -Naur otp-OTP-17.4.orig/lib/ssl/src/ssl_record.erl otp-OTP-17.4/lib/ssl/src -export_type([ssl_version/0, ssl_atom_version/0]). -@@ -376,8 +376,9 @@ +@@ -376,8 +376,9 @@ cipher(Version, Fragment, {CipherFragment, CipherS1} = ssl_cipher:cipher(BulkCipherAlgo, CipherS0, MacHash, Fragment, Version), {CipherFragment, WriteState0#connection_state{cipher_state = CipherS1}}. @@ -264,7 +276,7 @@ diff -Naur otp-OTP-17.4.orig/lib/ssl/src/ssl_record.erl otp-OTP-17.4/lib/ssl/src %% %% Description: Payload decryption %%-------------------------------------------------------------------- -@@ -387,8 +388,8 @@ +@@ -387,8 +388,8 @@ decipher(Version, CipherFragment, BulkCipherAlgo, hash_size = HashSz}, cipher_state = CipherS0 @@ -275,9 +287,10 @@ diff -Naur otp-OTP-17.4.orig/lib/ssl/src/ssl_record.erl otp-OTP-17.4/lib/ssl/src {PlainFragment, Mac, CipherS1} -> CS1 = ReadState#connection_state{cipher_state = CipherS1}, {PlainFragment, Mac, CS1}; -diff -Naur otp-OTP-17.4.orig/lib/ssl/src/tls_connection.erl otp-OTP-17.4/lib/ssl/src/tls_connection.erl ---- otp-OTP-17.4.orig/lib/ssl/src/tls_connection.erl 2015-08-05 16:52:39.990500503 -0400 -+++ otp-OTP-17.4/lib/ssl/src/tls_connection.erl 2015-08-05 16:52:50.479441417 -0400 +diff --git a/lib/ssl/src/tls_connection.erl b/lib/ssl/src/tls_connection.erl +index 7df73fb..77d3aa7 100644 +--- a/lib/ssl/src/tls_connection.erl ++++ b/lib/ssl/src/tls_connection.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% @@ -287,7 +300,7 @@ diff -Naur otp-OTP-17.4.orig/lib/ssl/src/tls_connection.erl otp-OTP-17.4/lib/ssl %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in -@@ -482,8 +482,9 @@ +@@ -482,8 +482,9 @@ next_record(#state{protocol_buffers = #protocol_buffers{tls_packets = [], tls_ci next_record(#state{protocol_buffers = #protocol_buffers{tls_packets = [], tls_cipher_texts = [CT | Rest]} = Buffers, @@ -299,9 +312,10 @@ diff -Naur otp-OTP-17.4.orig/lib/ssl/src/tls_connection.erl otp-OTP-17.4/lib/ssl {Plain, ConnStates} -> {Plain, State#state{protocol_buffers = Buffers#protocol_buffers{tls_cipher_texts = Rest}, -diff -Naur otp-OTP-17.4.orig/lib/ssl/src/tls_record.erl otp-OTP-17.4/lib/ssl/src/tls_record.erl ---- otp-OTP-17.4.orig/lib/ssl/src/tls_record.erl 2015-08-05 16:52:39.990500503 -0400 -+++ otp-OTP-17.4/lib/ssl/src/tls_record.erl 2015-08-05 16:52:50.480441411 -0400 +diff --git a/lib/ssl/src/tls_record.erl b/lib/ssl/src/tls_record.erl +index aa4fc8d..bb7a701 100644 +--- a/lib/ssl/src/tls_record.erl ++++ b/lib/ssl/src/tls_record.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% @@ -320,7 +334,7 @@ diff -Naur otp-OTP-17.4.orig/lib/ssl/src/tls_record.erl otp-OTP-17.4/lib/ssl/src %% Encoding -export([encode_plain_text/4]). -@@ -142,19 +142,21 @@ +@@ -142,19 +142,21 @@ encode_plain_text(Type, Version, Data, {CipherText, ConnectionStates#connection_states{current_write = WriteState#connection_state{sequence_number = Seq +1}}}. %%-------------------------------------------------------------------- @@ -350,9 +364,10 @@ diff -Naur otp-OTP-17.4.orig/lib/ssl/src/tls_record.erl otp-OTP-17.4/lib/ssl/src {PlainFragment, Mac, ReadState1} -> MacHash = calc_mac_hash(Type, Version, PlainFragment, ReadState1), case ssl_record:is_correct_mac(Mac, MacHash) of -diff -Naur otp-OTP-17.4.orig/lib/ssl/test/ssl_cipher_SUITE.erl otp-OTP-17.4/lib/ssl/test/ssl_cipher_SUITE.erl ---- otp-OTP-17.4.orig/lib/ssl/test/ssl_cipher_SUITE.erl 2015-08-05 16:52:39.990500503 -0400 -+++ otp-OTP-17.4/lib/ssl/test/ssl_cipher_SUITE.erl 2015-08-05 16:52:50.480441411 -0400 +diff --git a/lib/ssl/test/ssl_cipher_SUITE.erl b/lib/ssl/test/ssl_cipher_SUITE.erl +index 45e9178..0e48b67 100644 +--- a/lib/ssl/test/ssl_cipher_SUITE.erl ++++ b/lib/ssl/test/ssl_cipher_SUITE.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% @@ -371,7 +386,7 @@ diff -Naur otp-OTP-17.4.orig/lib/ssl/test/ssl_cipher_SUITE.erl otp-OTP-17.4/lib/ groups() -> []. -@@ -73,93 +73,123 @@ +@@ -73,93 +73,123 @@ end_per_testcase(_TestCase, Config) -> %% Test Cases -------------------------------------------------------- %%-------------------------------------------------------------------- aes_decipher_good() -> @@ -470,15 +485,13 @@ diff -Naur otp-OTP-17.4.orig/lib/ssl/test/ssl_cipher_SUITE.erl otp-OTP-17.4/lib/ - #alert{level = ?FATAL, description = ?BAD_RECORD_MAC} = - ssl_cipher:decipher(?AES, HashSz, CipherState, Fragment, Version1), - ok. -- --%%-------------------------------------------------------------------- + CipherState = incorrect_cipher_state(), + decipher_check_fail(HashSz, CipherState, {3,0}), + decipher_check_fail(HashSz, CipherState, {3,1}), + decipher_check_fail(HashSz, CipherState, {3,2}), + decipher_check_fail(HashSz, CipherState, {3,3}). -+ -+%%-------------------------------------------------------------------- + + %%-------------------------------------------------------------------- +padding_test(Config) when is_list(Config) -> + HashSz = 16, + CipherState = correct_cipher_state(), diff --git a/otp-0011-Quickfix-for-cmpxchg8b-inline-asm-when-pic-and-gcc-5.patch b/otp-0011-Quickfix-for-cmpxchg8b-inline-asm-when-pic-and-gcc-5.patch new file mode 100644 index 0000000..35d248e --- /dev/null +++ b/otp-0011-Quickfix-for-cmpxchg8b-inline-asm-when-pic-and-gcc-5.patch @@ -0,0 +1,27 @@ +From: Rickard Green +Date: Tue, 9 Feb 2016 18:23:26 +0100 +Subject: [PATCH] Quickfix for cmpxchg8b inline asm when pic and gcc >= 5.0 is + used + + +diff --git a/erts/include/internal/i386/ethr_dw_atomic.h b/erts/include/internal/i386/ethr_dw_atomic.h +index 9fb89bb..89f32f7 100644 +--- a/erts/include/internal/i386/ethr_dw_atomic.h ++++ b/erts/include/internal/i386/ethr_dw_atomic.h +@@ -114,6 +114,8 @@ ethr_native_dw_atomic_addr(ethr_native_dw_atomic_t *var) + return (ethr_sint_t *) ETHR_DW_NATMC_MEM__(var); + } + ++#if !ETHR_AT_LEAST_GCC_VSN__(5, 0, 0) ++ + #if ETHR_SIZEOF_PTR == 4 && defined(__PIC__) && __PIC__ + /* + * When position independent code is used in 32-bit mode, the EBX register +@@ -137,6 +139,7 @@ ethr_native_dw_atomic_addr(ethr_native_dw_atomic_t *var) + # endif + #endif + ++#endif /* < gcc-5.0 */ + + #define ETHR_HAVE_ETHR_NATIVE_DW_ATOMIC_CMPXCHG_MB +