1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
| | From 82b166320262b105136eef99da7552474d5a046f Mon Sep 17 00:00:00 2001
From: Guido Trentalancia <guido@trentalancia.net>
Date: Sat, 18 Nov 2017 19:26:57 +0100
Subject: [PATCH 85/90] crypt: Use NSPR header files in addition to NSS header
files [BZ #17956]
When configuring and building GNU libc using the Mozilla NSS library
for cryptography (--enable-nss-crypt option), also include the
NSPR header files along with the Mozilla NSS library header files.
Finally, when running the check-local-headers test, ignore the
Mozilla NSPR library header files (used by the Mozilla NSS library).
(cherry picked from commit 57b4af1955e28c1623c98397b8597847d16bdd8c)
diff --git a/ChangeLog b/ChangeLog
index d67ad031bc..0693e834dd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2017-10-04 Guido Trentalancia <guido@trentalancia.net>
+
+ [BZ #17956]
+ * configure.ac (--enable-nss-crypt): Use NSPR include directory.
+ * configure: Regenerate.
+ * crypt/Makefile (nss-cpp-flags): New variable.
+ (CPPFLAGS-sha256-crypt.c, CPPFLAGS-sha512-crypt.c)
+ (CPPFLAGS-md5-crypt.c): Use it.
+ * scripts/check-local-headers.sh: Ignore nspr header file
+ directory.
+
2017-10-18 Wilco Dijkstra <wdijkstr@arm.com>
* malloc/malloc.c (malloc_state): Use int for have_fastchunks since
diff --git a/NEWS b/NEWS
index ea1c1f1c04..e7b62a8d46 100644
--- a/NEWS
+++ b/NEWS
@@ -23,6 +23,7 @@ Security related changes:
The following bugs are resolved with this release:
[16750] ldd: Never run file directly.
+ [17956] crypt: Use NSPR header files in addition to NSS header files
[21242] assert: Suppress pedantic warning caused by statement expression
[21265] x86-64: Use fxsave/xsave/xsavec in _dl_runtime_resolve
[21780] posix: Set p{read,write}v2 to return ENOTSUP
diff --git a/configure b/configure
index d8e1c50e11..47d8c75248 100755
--- a/configure
+++ b/configure
@@ -3547,8 +3547,12 @@ if test x$nss_crypt = xyes; then
if test $? -ne 0; then
as_fn_error $? "cannot find include directory with nss-config" "$LINENO" 5
fi
+ nspr_includes=-I$(nspr-config --includedir 2>/dev/null)
+ if test $? -ne 0; then
+ as_fn_error $? "cannot find include directory with nspr-config" "$LINENO" 5
+ fi
old_CFLAGS="$CFLAGS"
- CFLAGS="$CFLAGS $nss_includes"
+ CFLAGS="$CFLAGS $nss_includes $nspr_includes"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
diff --git a/configure.ac b/configure.ac
index 77456aa8d9..e8a1ab3562 100644
--- a/configure.ac
+++ b/configure.ac
@@ -330,8 +330,12 @@ if test x$nss_crypt = xyes; then
if test $? -ne 0; then
AC_MSG_ERROR([cannot find include directory with nss-config])
fi
+ nspr_includes=-I$(nspr-config --includedir 2>/dev/null)
+ if test $? -ne 0; then
+ AC_MSG_ERROR([cannot find include directory with nspr-config])
+ fi
old_CFLAGS="$CFLAGS"
- CFLAGS="$CFLAGS $nss_includes"
+ CFLAGS="$CFLAGS $nss_includes $nspr_includes"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([typedef int PRBool;
#include <hasht.h>
#include <nsslowhash.h>
diff --git a/crypt/Makefile b/crypt/Makefile
index 0280fba8a7..8bbbf2a121 100644
--- a/crypt/Makefile
+++ b/crypt/Makefile
@@ -37,9 +37,11 @@ routines += $(libcrypt-routines)
endif
ifeq ($(nss-crypt),yes)
-CPPFLAGS-sha256-crypt.c = -DUSE_NSS -I$(shell nss-config --includedir)
-CPPFLAGS-sha512-crypt.c = -DUSE_NSS -I$(shell nss-config --includedir)
-CPPFLAGS-md5-crypt.c = -DUSE_NSS -I$(shell nss-config --includedir)
+nss-cpp-flags := -DUSE_NSS \
+ -I$(shell nss-config --includedir) -I$(shell nspr-config --includedir)
+CPPFLAGS-sha256-crypt.c = $(nss-cpp-flags)
+CPPFLAGS-sha512-crypt.c = $(nss-cpp-flags)
+CPPFLAGS-md5-crypt.c = $(nss-cpp-flags)
LDLIBS-crypt.so = -lfreebl3
else
libcrypt-routines += md5 sha256 sha512
diff --git a/scripts/check-local-headers.sh b/scripts/check-local-headers.sh
index 7859f613b2..4692361686 100755
--- a/scripts/check-local-headers.sh
+++ b/scripts/check-local-headers.sh
@@ -33,7 +33,7 @@ exec ${AWK} -v includedir="$includedir" '
BEGIN {
status = 0
exclude = "^" includedir \
- "/(.*-.*-.*/|.*-.*/|)(asm[-/]|arch|linux/|selinux/|mach/|mach_debug/|device/|hurd/(((hurd|ioctl)_types|paths)\\.h|ioctls\\.defs|ihash\\.h)|cthreads\\.h|gd|nss3/|c\\+\\+/|sys/(capability|sdt(|-config))\\.h|libaudit\\.h)"
+ "/(.*-.*-.*/|.*-.*/|)(asm[-/]|arch|linux/|selinux/|mach/|mach_debug/|device/|hurd/(((hurd|ioctl)_types|paths)\\.h|ioctls\\.defs|ihash\\.h)|cthreads\\.h|gd|nss3/|nspr/|c\\+\\+/|sys/(capability|sdt(|-config))\\.h|libaudit\\.h)"
}
/^[^ ]/ && $1 ~ /.*:/ { obj = $1 }
{
|