[arch-commits] Commit in gnutls/repos (4 files)
Andreas Radke
andyrtr at gemini.archlinux.org
Mon Aug 15 18:06:32 UTC 2022
Date: Monday, August 15, 2022 @ 18:06:32
Author: andyrtr
Revision: 452982
archrelease: copy trunk to testing-x86_64
Added:
gnutls/repos/testing-x86_64/
gnutls/repos/testing-x86_64/0001-fix-avx-detection.patch
(from rev 452981, gnutls/trunk/0001-fix-avx-detection.patch)
gnutls/repos/testing-x86_64/PKGBUILD
(from rev 452981, gnutls/trunk/PKGBUILD)
gnutls/repos/testing-x86_64/keys/
------------------------------+
0001-fix-avx-detection.patch | 93 +++++++++++++++++++++++++++++++++++++++++
PKGBUILD | 65 ++++++++++++++++++++++++++++
2 files changed, 158 insertions(+)
Copied: gnutls/repos/testing-x86_64/0001-fix-avx-detection.patch (from rev 452981, gnutls/trunk/0001-fix-avx-detection.patch)
===================================================================
--- testing-x86_64/0001-fix-avx-detection.patch (rev 0)
+++ testing-x86_64/0001-fix-avx-detection.patch 2022-08-15 18:06:32 UTC (rev 452982)
@@ -0,0 +1,93 @@
+From b87d46ea52b87daeca2d6e75d79a3e33456b5787 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno at gnu.org>
+Date: Mon, 15 Aug 2022 09:39:18 +0900
+Subject: [PATCH] accelerated: clear AVX bits if it cannot be queried through
+ XSAVE
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The algorithm to detect AVX is described in 14.3 of "Intel® 64 and IA-32
+Architectures Software Developer’s Manual".
+
+GnuTLS previously only followed that algorithm when registering the
+crypto backend, while the CRYPTOGAMS derived SHA code assembly expects
+that the extension bits are propagated to _gnutls_x86_cpuid_s.
+
+Signed-off-by: Daiki Ueno <ueno at gnu.org>
+---
+ lib/accelerated/x86/x86-common.c | 37 +++++++++++++++++++++++++++-----
+ 1 file changed, 32 insertions(+), 5 deletions(-)
+
+diff --git a/lib/accelerated/x86/x86-common.c b/lib/accelerated/x86/x86-common.c
+index 7ddaa594e6..b002dba721 100644
+--- a/lib/accelerated/x86/x86-common.c
++++ b/lib/accelerated/x86/x86-common.c
+@@ -81,6 +81,26 @@ unsigned int _gnutls_x86_cpuid_s[4];
+ # define bit_AVX 0x10000000
+ #endif
+
++#ifndef bit_AVX2
++# define bit_AVX2 0x00000020
++#endif
++
++#ifndef bit_AVX512F
++# define bit_AVX512F 0x00010000
++#endif
++
++#ifndef bit_AVX512IFMA
++# define bit_AVX512IFMA 0x00200000
++#endif
++
++#ifndef bit_AVX512BW
++# define bit_AVX512BW 0x40000000
++#endif
++
++#ifndef bit_AVX512VL
++# define bit_AVX512VL 0x80000000
++#endif
++
+ #ifndef bit_OSXSAVE
+ # define bit_OSXSAVE 0x8000000
+ #endif
+@@ -148,7 +168,7 @@ static unsigned check_4th_gen_intel_features(unsigned ecx)
+ {
+ uint32_t xcr0;
+
+- if ((ecx & OSXSAVE_MASK) != OSXSAVE_MASK)
++ if ((ecx & bit_OSXSAVE) != bit_OSXSAVE)
+ return 0;
+
+ #if defined(_MSC_VER) && !defined(__clang__)
+@@ -236,10 +256,7 @@ static unsigned check_sha(void)
+ #ifdef ASM_X86_64
+ static unsigned check_avx_movbe(void)
+ {
+- if (check_4th_gen_intel_features(_gnutls_x86_cpuid_s[1]) == 0)
+- return 0;
+-
+- return ((_gnutls_x86_cpuid_s[1] & bit_AVX));
++ return (_gnutls_x86_cpuid_s[1] & bit_AVX);
+ }
+
+ static unsigned check_pclmul(void)
+@@ -895,6 +912,16 @@ void register_x86_intel_crypto(unsigned capabilities)
+ _gnutls_x86_cpuid_s[0] &= ~(1 << 30);
+ }
+
++ if (!check_4th_gen_intel_features(_gnutls_x86_cpuid_s[1])) {
++ _gnutls_x86_cpuid_s[1] &= ~bit_AVX;
++
++ /* Clear AVX2 bits as well, according to what OpenSSL does.
++ * Should we clear bit_AVX512DQ, bit_AVX512PF, bit_AVX512ER, and
++ * bit_AVX512CD? */
++ _gnutls_x86_cpuid_s[2] &= ~(bit_AVX2|bit_AVX512F|bit_AVX512IFMA|
++ bit_AVX512BW|bit_AVX512BW);
++ }
++
+ if (check_ssse3()) {
+ _gnutls_debug_log("Intel SSSE3 was detected\n");
+
+--
+GitLab
+
Copied: gnutls/repos/testing-x86_64/PKGBUILD (from rev 452981, gnutls/trunk/PKGBUILD)
===================================================================
--- testing-x86_64/PKGBUILD (rev 0)
+++ testing-x86_64/PKGBUILD 2022-08-15 18:06:32 UTC (rev 452982)
@@ -0,0 +1,65 @@
+# Maintainer: Andreas Radke <andyrtr at archlinux.org>
+# Contributor: Jan de Groot <jgc at archlinux.org>
+
+pkgname=gnutls
+pkgver=3.7.7
+pkgrel=2
+pkgdesc="A library which provides a secure layer over a reliable transport layer"
+arch=('x86_64')
+license=('GPL3' 'LGPL2.1')
+url="https://www.gnutls.org/"
+options=('!zipman' 'debug')
+depends=('gcc-libs' 'libtasn1' 'readline' 'zlib' 'nettle' 'p11-kit' 'libidn2'
+ 'libidn2.so' 'libunistring' 'brotli')
+makedepends=('tpm2-tss')
+checkdepends=('net-tools' 'tpm2-tools')
+optdepends=('guile: for use with Guile bindings'
+ 'tpm2-tss: support for TPM2 wrapped keys'
+ 'zstd: for compression support')
+source=(https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/${pkgname}-${pkgver}.tar.xz{,.sig}
+ 0001-fix-avx-detection.patch)
+sha256sums=('be9143d0d58eab64dba9b77114aaafac529b6c0d7e81de6bdf1c9b59027d2106'
+ 'SKIP'
+ '250c13305115001cfc52e0a65e5bfb62e53b6697cfb1ee30a8a24da9181c63da')
+#validpgpkeys=('462225C3B46F34879FC8496CD605848ED7E69871') # "Daiki Ueno <ueno at unixuser.org>"
+validpgpkeys=('5D46CB0F763405A7053556F47A75A648B3F9220C') # "Zoltan Fridrich <zfridric at redhat.com>"
+
+
+prepare() {
+ cd ${pkgname}-${pkgver}
+ # FS#75613 / https://gitlab.com/gnutls/gnutls/-/merge_requests/1631
+ patch -Np1 -i ../0001-fix-avx-detection.patch
+}
+
+build() {
+ cd ${pkgname}-${pkgver}
+ ./configure --prefix=/usr \
+ --disable-static \
+ --with-idn \
+ --with-brotli \
+ --with-zstd \
+ --with-tpm2 \
+ --enable-openssl-compatibility \
+ --enable-guile --with-guile-site-dir=no \
+ --with-default-trust-store-pkcs11="pkcs11:"
+# --enable-ktls \ # breaks testsuite
+ sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool
+ make
+}
+
+check() {
+ cd ${pkgname}-${pkgver}
+ # disable parallel tests:
+ # FAIL: serv-udp.sh
+ make -j1 check
+}
+
+package() {
+ cd ${pkgname}-${pkgver}
+ make DESTDIR="${pkgdir}" install
+
+ # lots of .png files are put into infodir and are gzipped by makepkg! this needs to be fixed by using !zipman
+ # gzip -9 all files in infodir and manpages manually
+ find "$pkgdir/usr/share/info" -name '*.info*' -exec gzip -n -9 {} \;
+ find "$pkgdir/usr/share/man" -exec gzip -n -9 {} \;
+}
More information about the arch-commits
mailing list