2002-07-18 06:13:59 +02:00
|
|
|
#-------------------------------------------------------------------------
|
|
|
|
|
#
|
2004-10-04 15:43:59 +02:00
|
|
|
# Makefile
|
2002-07-18 06:13:59 +02:00
|
|
|
# Makefile for the port-specific subsystem of the backend
|
|
|
|
|
#
|
|
|
|
|
# These files are used in other directories for portability on systems
|
2004-10-04 15:43:59 +02:00
|
|
|
# with broken/missing library files, and for common code sharing.
|
|
|
|
|
#
|
|
|
|
|
# This makefile generates two outputs:
|
|
|
|
|
#
|
|
|
|
|
# libpgport.a - contains object files with FRONTEND defined,
|
|
|
|
|
# for use by client application and libraries
|
|
|
|
|
#
|
|
|
|
|
# libpgport_srv.a - contains object files without FRONTEND defined,
|
|
|
|
|
# for use only by the backend binaries
|
|
|
|
|
#
|
2010-12-11 01:42:44 +01:00
|
|
|
# LIBOBJS is set by configure (via Makefile.global) to be the list of object
|
|
|
|
|
# files that are conditionally needed as determined by configure's probing.
|
2007-09-29 00:25:49 +02:00
|
|
|
# OBJS adds additional object files that are always compiled.
|
|
|
|
|
#
|
2002-07-18 06:13:59 +02:00
|
|
|
# IDENTIFICATION
|
2010-09-20 22:08:53 +02:00
|
|
|
# src/port/Makefile
|
2002-07-18 06:13:59 +02:00
|
|
|
#
|
|
|
|
|
#-------------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
subdir = src/port
|
|
|
|
|
top_builddir = ../..
|
|
|
|
|
include $(top_builddir)/src/Makefile.global
|
|
|
|
|
|
2004-10-04 15:43:59 +02:00
|
|
|
override CPPFLAGS := -I$(top_builddir)/src/port -DFRONTEND $(CPPFLAGS)
|
2004-05-30 16:07:47 +02:00
|
|
|
LIBS += $(PTHREAD_LIBS)
|
2004-05-22 04:15:08 +02:00
|
|
|
|
Use Intel SSE 4.2 CRC instructions where available.
Modern x86 and x86-64 processors with SSE 4.2 support have special
instructions, crc32b and crc32q, for calculating CRC-32C. They greatly
speed up CRC calculation.
Whether the instructions can be used or not depends on the compiler and the
target architecture. If generation of SSE 4.2 instructions is allowed for
the target (-msse4.2 flag on gcc and clang), use them. If they are not
allowed by default, but the compiler supports the -msse4.2 flag to enable
them, compile just the CRC-32C function with -msse4.2 flag, and check at
runtime whether the processor we're running on supports it. If it doesn't,
fall back to the slicing-by-8 algorithm. (With the common defaults on
current operating systems, the runtime-check variant is what you get in
practice.)
Abhijit Menon-Sen, heavily modified by me, reviewed by Andres Freund.
2015-04-14 16:05:03 +02:00
|
|
|
OBJS = $(LIBOBJS) $(PG_CRC32C_OBJS) chklocale.o erand48.o inet_net_ntop.o \
|
2015-02-09 10:17:56 +01:00
|
|
|
noblock.o path.o pgcheckdir.o pgmkdirp.o pgsleep.o \
|
2016-10-18 15:28:23 +02:00
|
|
|
pgstrcasecmp.o pqsignal.o \
|
Revert error-throwing wrappers for the printf family of functions.
This reverts commit 16304a013432931e61e623c8d85e9fe24709d9ba, except
for its changes in src/port/snprintf.c; as well as commit
cac18a76bb6b08f1ecc2a85e46c9d2ab82dd9d23 which is no longer needed.
Fujii Masao reported that the previous commit caused failures in psql on
OS X, since if one exits the pager program early while viewing a query
result, psql sees an EPIPE error from fprintf --- and the wrapper function
thought that was reason to panic. (It's a bit surprising that the same
does not happen on Linux.) Further discussion among the security list
concluded that the risk of other such failures was far too great, and
that the one-size-fits-all approach to error handling embodied in the
previous patch is unlikely to be workable.
This leaves us again exposed to the possibility of the type of failure
envisioned in CVE-2015-3166. However, that failure mode is strictly
hypothetical at this point: there is no concrete reason to believe that
an attacker could trigger information disclosure through the supposed
mechanism. In the first place, the attack surface is fairly limited,
since so much of what the backend does with format strings goes through
stringinfo.c or psprintf(), and those already had adequate defenses.
In the second place, even granting that an unprivileged attacker could
control the occurrence of ENOMEM with some precision, it's a stretch to
believe that he could induce it just where the target buffer contains some
valuable information. So we concluded that the risk of non-hypothetical
problems induced by the patch greatly outweighs the security risks.
We will therefore revert, and instead undertake closer analysis to
identify specific calls that may need hardening, rather than attempt a
universal solution.
We have kept the portion of the previous patch that improved snprintf.c's
handling of errors when it calls the platform's sprintf(). That seems to
be an unalloyed improvement.
Security: CVE-2015-3166
2015-05-20 00:14:52 +02:00
|
|
|
qsort.o qsort_arg.o quotes.o sprompt.o tar.o thread.o
|
2010-12-11 01:42:44 +01:00
|
|
|
|
Replace PostmasterRandom() with a stronger source, second attempt.
This adds a new routine, pg_strong_random() for generating random bytes,
for use in both frontend and backend. At the moment, it's only used in
the backend, but the upcoming SCRAM authentication patches need strong
random numbers in libpq as well.
pg_strong_random() is based on, and replaces, the existing implementation
in pgcrypto. It can acquire strong random numbers from a number of sources,
depending on what's available:
- OpenSSL RAND_bytes(), if built with OpenSSL
- On Windows, the native cryptographic functions are used
- /dev/urandom
Unlike the current pgcrypto function, the source is chosen by configure.
That makes it easier to test different implementations, and ensures that
we don't accidentally fall back to a less secure implementation, if the
primary source fails. All of those methods are quite reliable, it would be
pretty surprising for them to fail, so we'd rather find out by failing
hard.
If no strong random source is available, we fall back to using erand48(),
seeded from current timestamp, like PostmasterRandom() was. That isn't
cryptographically secure, but allows us to still work on platforms that
don't have any of the above stronger sources. Because it's not very secure,
the built-in implementation is only used if explicitly requested with
--disable-strong-random.
This replaces the more complicated Fortuna algorithm we used to have in
pgcrypto, which is unfortunate, but all modern platforms have /dev/urandom,
so it doesn't seem worth the maintenance effort to keep that. pgcrypto
functions that require strong random numbers will be disabled with
--disable-strong-random.
Original patch by Magnus Hagander, tons of further work by Michael Paquier
and me.
Discussion: https://www.postgresql.org/message-id/CAB7nPqRy3krN8quR9XujMVVHYtXJ0_60nqgVc6oUk8ygyVkZsA@mail.gmail.com
Discussion: https://www.postgresql.org/message-id/CAB7nPqRWkNYRRPJA7-cF+LfroYV10pvjdz6GNvxk-Eee9FypKA@mail.gmail.com
2016-12-05 12:42:59 +01:00
|
|
|
ifeq ($(enable_strong_random), yes)
|
|
|
|
|
OBJS += pg_strong_random.o
|
|
|
|
|
endif
|
|
|
|
|
|
2007-09-29 00:25:49 +02:00
|
|
|
# foo_srv.o and foo.o are both built from foo.c, but only foo.o has -DFRONTEND
|
|
|
|
|
OBJS_SRV = $(OBJS:%.o=%_srv.o)
|
2004-10-04 15:43:59 +02:00
|
|
|
|
|
|
|
|
all: libpgport.a libpgport_srv.a
|
2002-07-18 06:13:59 +02:00
|
|
|
|
2004-08-20 22:13:10 +02:00
|
|
|
# libpgport is needed by some contrib
|
2005-12-09 22:19:36 +01:00
|
|
|
install: all installdirs
|
|
|
|
|
$(INSTALL_STLIB) libpgport.a '$(DESTDIR)$(libdir)/libpgport.a'
|
|
|
|
|
|
|
|
|
|
installdirs:
|
2009-08-27 00:24:44 +02:00
|
|
|
$(MKDIR_P) '$(DESTDIR)$(libdir)'
|
2004-08-20 22:13:10 +02:00
|
|
|
|
|
|
|
|
uninstall:
|
2005-12-09 22:19:36 +01:00
|
|
|
rm -f '$(DESTDIR)$(libdir)/libpgport.a'
|
2004-08-20 22:13:10 +02:00
|
|
|
|
2007-09-29 00:25:49 +02:00
|
|
|
libpgport.a: $(OBJS)
|
2015-03-01 19:05:23 +01:00
|
|
|
rm -f $@
|
2003-10-24 22:31:43 +02:00
|
|
|
$(AR) $(AROPT) $@ $^
|
2002-07-27 22:10:05 +02:00
|
|
|
|
2007-09-29 00:25:49 +02:00
|
|
|
# thread.o needs PTHREAD_CFLAGS (but thread_srv.o does not)
|
2012-04-29 19:59:12 +02:00
|
|
|
thread.o: CFLAGS+=$(PTHREAD_CFLAGS)
|
2003-06-14 16:35:42 +02:00
|
|
|
|
Use Intel SSE 4.2 CRC instructions where available.
Modern x86 and x86-64 processors with SSE 4.2 support have special
instructions, crc32b and crc32q, for calculating CRC-32C. They greatly
speed up CRC calculation.
Whether the instructions can be used or not depends on the compiler and the
target architecture. If generation of SSE 4.2 instructions is allowed for
the target (-msse4.2 flag on gcc and clang), use them. If they are not
allowed by default, but the compiler supports the -msse4.2 flag to enable
them, compile just the CRC-32C function with -msse4.2 flag, and check at
runtime whether the processor we're running on supports it. If it doesn't,
fall back to the slicing-by-8 algorithm. (With the common defaults on
current operating systems, the runtime-check variant is what you get in
practice.)
Abhijit Menon-Sen, heavily modified by me, reviewed by Andres Freund.
2015-04-14 16:05:03 +02:00
|
|
|
# pg_crc32c_sse42.o and its _srv.o version need CFLAGS_SSE42
|
|
|
|
|
pg_crc32c_sse42.o: CFLAGS+=$(CFLAGS_SSE42)
|
|
|
|
|
pg_crc32c_sse42_srv.o: CFLAGS+=$(CFLAGS_SSE42)
|
|
|
|
|
|
2004-10-04 15:43:59 +02:00
|
|
|
#
|
|
|
|
|
# Server versions of object files
|
|
|
|
|
#
|
|
|
|
|
|
2007-09-29 00:25:49 +02:00
|
|
|
libpgport_srv.a: $(OBJS_SRV)
|
2015-03-01 19:05:23 +01:00
|
|
|
rm -f $@
|
2004-10-04 15:43:59 +02:00
|
|
|
$(AR) $(AROPT) $@ $^
|
|
|
|
|
|
2012-05-08 19:08:53 +02:00
|
|
|
# Because this uses its own compilation rule, it doesn't use the
|
|
|
|
|
# dependency tracking logic from Makefile.global. To make sure that
|
|
|
|
|
# dependency tracking works anyway for the *_srv.o files, depend on
|
|
|
|
|
# their *.o siblings as well, which do have proper dependencies. It's
|
|
|
|
|
# a hack that might fail someday if there is a *_srv.o without a
|
|
|
|
|
# corresponding *.o, but it works for now (and those would probably go
|
|
|
|
|
# into src/backend/port/ anyway).
|
|
|
|
|
%_srv.o: %.c %.o
|
2004-10-04 15:43:59 +02:00
|
|
|
$(CC) $(CFLAGS) $(subst -DFRONTEND,, $(CPPFLAGS)) -c $< -o $@
|
|
|
|
|
|
2011-02-04 15:28:06 +01:00
|
|
|
$(OBJS_SRV): | submake-errcodes
|
|
|
|
|
|
|
|
|
|
.PHONY: submake-errcodes
|
|
|
|
|
|
|
|
|
|
submake-errcodes:
|
2011-02-04 15:48:32 +01:00
|
|
|
$(MAKE) -C ../backend submake-errcodes
|
2011-02-04 15:28:06 +01:00
|
|
|
|
2004-05-21 22:56:50 +02:00
|
|
|
# Dependency is to ensure that path changes propagate
|
2007-09-29 00:25:49 +02:00
|
|
|
|
|
|
|
|
path.o: path.c pg_config_paths.h
|
|
|
|
|
|
|
|
|
|
path_srv.o: path.c pg_config_paths.h
|
|
|
|
|
|
2006-06-26 20:40:50 +02:00
|
|
|
# We create a separate file rather than put these in pg_config.h
|
|
|
|
|
# because many of these values come from makefiles and are not
|
|
|
|
|
# available to configure.
|
2004-05-21 22:56:50 +02:00
|
|
|
pg_config_paths.h: $(top_builddir)/src/Makefile.global
|
|
|
|
|
echo "#define PGBINDIR \"$(bindir)\"" >$@
|
|
|
|
|
echo "#define PGSHAREDIR \"$(datadir)\"" >>$@
|
|
|
|
|
echo "#define SYSCONFDIR \"$(sysconfdir)\"" >>$@
|
|
|
|
|
echo "#define INCLUDEDIR \"$(includedir)\"" >>$@
|
|
|
|
|
echo "#define PKGINCLUDEDIR \"$(pkgincludedir)\"" >>$@
|
2004-08-01 08:56:39 +02:00
|
|
|
echo "#define INCLUDEDIRSERVER \"$(includedir_server)\"" >>$@
|
|
|
|
|
echo "#define LIBDIR \"$(libdir)\"" >>$@
|
2004-05-21 22:56:50 +02:00
|
|
|
echo "#define PKGLIBDIR \"$(pkglibdir)\"" >>$@
|
2004-05-25 03:00:30 +02:00
|
|
|
echo "#define LOCALEDIR \"$(localedir)\"" >>$@
|
2005-09-27 19:39:35 +02:00
|
|
|
echo "#define DOCDIR \"$(docdir)\"" >>$@
|
2008-02-18 15:51:48 +01:00
|
|
|
echo "#define HTMLDIR \"$(htmldir)\"" >>$@
|
2005-09-27 19:39:35 +02:00
|
|
|
echo "#define MANDIR \"$(mandir)\"" >>$@
|
2004-05-21 22:56:50 +02:00
|
|
|
|
2002-07-27 22:10:05 +02:00
|
|
|
clean distclean maintainer-clean:
|
2007-09-29 00:25:49 +02:00
|
|
|
rm -f libpgport.a libpgport_srv.a $(OBJS) $(OBJS_SRV) pg_config_paths.h
|
