libressl: fix build w/glibc-2.34 · pyrox.dev/nixpkgs@3aa6c49

pyrox.dev / nixpkgs

fork atom

lol

fork atom

libressl: fix build w/glibc-2.34

Failing Hydra build: https://hydra.nixos.org/build/151984996

Maximilian Bosch 4 years ago 3aa6c49a 2357e828

+96

2 changed files

expand all

unified split

pkgs

development

libraries

libressl

default.nix

fix-build-with-glibc.patch

pkgs/development/libraries/libressl/default.nix

··· 89 89 libressl_3_2 = generic { 90 90 version = "3.2.7"; 91 91 sha256 = "112bjfrwwqlk0lak7fmfhcls18ydf62cp7gxghf4gklpfl1zyckw"; 92 + patches = [ 93 + # See https://github.com/libressl-portable/portable/issues/653 for context. 94 + ./fix-build-with-glibc.patch 95 + ]; 92 96 }; 93 97 libressl_3_4 = generic { 94 98 version = "3.4.2";

+92

pkgs/development/libraries/libressl/fix-build-with-glibc.patch

··· 1 + diff --git a/tests/explicit_bzero.c b/tests/explicit_bzero.c 2 + index 34c60baa8a..9c0e917829 100644 3 + --- a/tests/explicit_bzero.c 4 + +++ b/tests/explicit_bzero.c 5 + @@ -1,4 +1,4 @@ 6 + -/* $OpenBSD: explicit_bzero.c,v 1.6 2014/07/11 01:10:35 matthew Exp $ */ 7 + +/* $OpenBSD: explicit_bzero.c,v 1.7 2021/03/27 11:17:58 bcook Exp $ */ 8 + /* 9 + * Copyright (c) 2014 Google Inc. 10 + * 11 + @@ -18,6 +18,7 @@ 12 + #include <assert.h> 13 + #include <errno.h> 14 + #include <signal.h> 15 + +#include <stdlib.h> 16 + #include <string.h> 17 + #include <unistd.h> 18 + 19 + @@ -36,19 +37,33 @@ enum { 20 + SECRETBYTES = SECRETCOUNT * sizeof(secret) 21 + }; 22 + 23 + -static char altstack[SIGSTKSZ + SECRETBYTES]; 24 + +/* 25 + + * As of glibc 2.34, when _GNU_SOURCE is defined, SIGSTKSZ is no longer 26 + + * constant on Linux. SIGSTKSZ is redefined to sysconf (_SC_SIGSTKSZ). 27 + + */ 28 + +static char *altstack; 29 + +#define ALTSTACK_SIZE (SIGSTKSZ + SECRETBYTES) 30 + 31 + static void 32 + setup_stack(void) 33 + { 34 + + altstack = calloc(1, ALTSTACK_SIZE); 35 + + ASSERT_NE(NULL, altstack); 36 + + 37 + const stack_t sigstk = { 38 + .ss_sp = altstack, 39 + - .ss_size = sizeof(altstack), 40 + + .ss_size = ALTSTACK_SIZE 41 + }; 42 + 43 + ASSERT_EQ(0, sigaltstack(&sigstk, NULL)); 44 + } 45 + 46 + +static void 47 + +cleanup_stack(void) 48 + +{ 49 + + free(altstack); 50 + +} 51 + + 52 + static void 53 + assert_on_stack(void) 54 + { 55 + @@ -129,7 +144,7 @@ test_without_bzero() 56 + char buf[SECRETBYTES]; 57 + assert_on_stack(); 58 + populate_secret(buf, sizeof(buf)); 59 + - char *res = memmem(altstack, sizeof(altstack), buf, sizeof(buf)); 60 + + char *res = memmem(altstack, ALTSTACK_SIZE, buf, sizeof(buf)); 61 + ASSERT_NE(NULL, res); 62 + return (res); 63 + } 64 + @@ -140,7 +155,7 @@ test_with_bzero() 65 + char buf[SECRETBYTES]; 66 + assert_on_stack(); 67 + populate_secret(buf, sizeof(buf)); 68 + - char *res = memmem(altstack, sizeof(altstack), buf, sizeof(buf)); 69 + + char *res = memmem(altstack, ALTSTACK_SIZE, buf, sizeof(buf)); 70 + ASSERT_NE(NULL, res); 71 + explicit_bzero(buf, sizeof(buf)); 72 + return (res); 73 + @@ -183,15 +198,17 @@ main() 74 + * on the stack. This sanity checks that call_on_stack() and 75 + * populate_secret() work as intended. 76 + */ 77 + - memset(altstack, 0, sizeof(altstack)); 78 + + memset(altstack, 0, ALTSTACK_SIZE); 79 + call_on_stack(do_test_without_bzero); 80 + 81 + /* 82 + * Now test with a call to explicit_bzero() and check that we 83 + * *don't* find any instances of the secret data. 84 + */ 85 + - memset(altstack, 0, sizeof(altstack)); 86 + + memset(altstack, 0, ALTSTACK_SIZE); 87 + call_on_stack(do_test_with_bzero); 88 + 89 + + cleanup_stack(); 90 + + 91 + return (0); 92 + }