libffi: Add support for grsecurity

Patch taken from Hardened Gentoo
10 years ago · 1074a3143e
parent 72b711bb1f
commit 1074a3143e
2 changed files with 42 additions and 1 deletions
--- a/pkgs/development/libraries/libffi/default.nix
+++ b/pkgs/development/libraries/libffi/default.nix
@ -8,9 +8,13 @@ stdenv.mkDerivation rec {
    sha256 = "077ibkf84bvcd6rw1m6jb107br63i2pp301rkmsbgg6300adxp8x";
  };

+  patches = stdenv.lib.optional (stdenv.needsPax) ./libffi-3.0.13-emutramp_pax_proc.patch;
+
  buildInputs = stdenv.lib.optional doCheck dejagnu;

-  configureFlags = [ "--with-gcc-arch=generic" ]; # no detection of -march= or -mtune=
+  configureFlags = [
+    "--with-gcc-arch=generic" # no detection of -march= or -mtune=
+  ] ++ stdenv.lib.optional (stdenv.needsPax) "--enable-pax_emutramp";

  doCheck = stdenv.isLinux; # until we solve dejagnu problems on darwin and expect on BSD

--- a/pkgs/development/libraries/libffi/libffi-3.0.13-emutramp_pax_proc.patch
+++ b/pkgs/development/libraries/libffi/libffi-3.0.13-emutramp_pax_proc.patch
@ -0,0 +1,37 @@
+2013-05-22  Magnus Granberg  <zorry@gentoo.org>
+
+	#457194
+	* src/closuer.c (emutramp_enabled_check): Check with /proc.
+
+--- a/src/closures.c	2013-03-17 23:27:11.000000000 +0100
+++ b/src/closures.c	2013-04-29 23:26:02.279022022 +0200
+@@ -181,10 +181,26 @@ static int emutramp_enabled = -1;
+ static int
+ emutramp_enabled_check (void)
+ {
+-  if (getenv ("FFI_DISABLE_EMUTRAMP") == NULL)
+-    return 1;
+-  else
+  char *buf = NULL;
+  size_t len = 0;
+  FILE *f;
+  int ret;
+  f = fopen ("/proc/self/status", "r");
+  if (f == NULL)
+     return 0;
+  ret = 0;
+
+  while (getline (&buf, &len, f) != -1)
+    if (!strncmp (buf, "PaX:", 4))
+      {
+        char emutramp;
+        if (sscanf (buf, "%*s %*c%c", &emutramp) == 1)
+          ret = (emutramp == 'E');
+        break;
+      }
+  free (buf);
+  fclose (f);
+  return ret;
+ }
+ 
+ #define is_emutramp_enabled() (emutramp_enabled >= 0 ? emutramp_enabled \