From 13bdcc518d65f0799943d0b028c3c22395fde7ff Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Tue, 22 Nov 2016 11:25:40 -0800
Subject: [PATCH 1/3] Pulled in patches from Debian package.

---
 ChangeLog               |  1 +
 Makefile.am             | 37 +++++++++++++++++++++----------------
 configure.ac            | 18 ++++++++++++------
 wolfcrypt/src/aes_asm.s |  6 +++++-
 4 files changed, 39 insertions(+), 23 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index e69de29bb..87ed82401 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -0,0 +1 @@
+Please see the file 'README' in this directory.
diff --git a/Makefile.am b/Makefile.am
index 09e1e7219..7870f527c 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -88,23 +88,28 @@ include testsuite/include.am
 include tests/include.am
 include sslSniffer/sslSnifferTest/include.am
 include rpm/include.am
-include mqx/util_lib/Sources/include.am
-include mqx/wolfcrypt_benchmark/Sources/include.am
-include mqx/wolfcrypt_test/Sources/include.am
-include mqx/wolfssl/include.am
-include mqx/wolfssl_client/Sources/include.am
-include mplabx/include.am
-include mplabx/wolfcrypt_benchmark.X/nbproject/include.am
-include mplabx/wolfcrypt_test.X/nbproject/include.am
-include mplabx/wolfssl.X/nbproject/include.am
-include mcapi/include.am
-include mcapi/wolfcrypt_mcapi.X/nbproject/include.am
-include mcapi/wolfcrypt_test.X/nbproject/include.am
-include mcapi/wolfssl.X/nbproject/include.am
-include mcapi/zlib.X/nbproject/include.am
-include tirtos/include.am
+
+if BUILD_DISTRO
+    # Exclude references to non-DFSG sources from build files
+else
+    include mqx/util_lib/Sources/include.am
+    include mqx/wolfcrypt_benchmark/Sources/include.am
+    include mqx/wolfcrypt_test/Sources/include.am
+    include mqx/wolfssl/include.am
+    include mqx/wolfssl_client/Sources/include.am
+    include mplabx/include.am
+    include mplabx/wolfcrypt_benchmark.X/nbproject/include.am
+    include mplabx/wolfcrypt_test.X/nbproject/include.am
+    include mplabx/wolfssl.X/nbproject/include.am
+    include mcapi/include.am
+    include mcapi/wolfcrypt_mcapi.X/nbproject/include.am
+    include mcapi/wolfcrypt_test.X/nbproject/include.am
+    include mcapi/wolfssl.X/nbproject/include.am
+    include mcapi/zlib.X/nbproject/include.am
+    include tirtos/include.am
+    include IDE/include.am
+endif
 include scripts/include.am
-include IDE/include.am
 
 if USE_VALGRIND
 TESTS_ENVIRONMENT=./valgrind-error.sh
diff --git a/configure.ac b/configure.ac
index ee8d9822c..ac4dda2df 100644
--- a/configure.ac
+++ b/configure.ac
@@ -188,6 +188,7 @@ then
     enable_stunnel=yes
     enable_pwdbased=yes
 fi
+AM_CONDITIONAL([BUILD_DISTRO], [test "x$ENABLED_DISTRO" = "xyes"])
 
 
 # SINGLE THREADED
@@ -2165,7 +2166,7 @@ then
         ENABLED_ECC="yes"
         AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
         AM_CONDITIONAL([BUILD_ECC], [test "x$ENABLED_ECC" = "xyes"])
-        
+
         if test "$ENABLED_ECC_SHAMIR" = "yes"
         then
             AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"
@@ -2238,7 +2239,7 @@ then
         ENABLED_ECC="yes"
         AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
         AM_CONDITIONAL([BUILD_ECC], [test "x$ENABLED_ECC" = "xyes"])
-        
+
         if test "$ENABLED_ECC_SHAMIR" = "yes"
         then
             AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"
@@ -2342,7 +2343,7 @@ then
         ENABLED_ECC="yes"
         AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
         AM_CONDITIONAL([BUILD_ECC], [test "x$ENABLED_ECC" = "xyes"])
-        
+
         if test "$ENABLED_ECC_SHAMIR" = "yes"
         then
             AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"
@@ -2839,7 +2840,7 @@ AC_ARG_ENABLE([asynccrypt],
 if test "$ENABLED_ASYNCCRYPT" = "yes"
 then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASYNC_CRYPT -DHAVE_WOLF_EVENT"
-    
+
     # if Cavium not enabled the use async simulator for testing
     if test "x$ENABLED_CAVIUM" = "xno"
     then
@@ -3023,7 +3024,8 @@ AS_IF([test "x$ENABLED_DTLS" = "xno" && \
 ################################################################################
 
 # OPTIMIZE FLAGS
-if test "$GCC" = "yes"
+# For distro disable custom build options that interfere with symbol generation
+if test "$GCC" = "yes" && test "$ENABLED_DISTRO" = "no"
 then
     AM_CFLAGS="$AM_CFLAGS -Wall -Wno-unused"
     if test "$ax_enable_debug" = "no"
@@ -3072,7 +3074,11 @@ case $host_os in
 esac
 
 # add user C_EXTRA_FLAGS back
-CFLAGS="$CFLAGS $USER_C_EXTRA_FLAGS"
+# For distro disable custom build options that interfere with symbol generation
+if test "$ENABLED_DISTRO" = "no"
+then
+    CFLAGS="$CFLAGS $USER_C_EXTRA_FLAGS"
+fi
 OPTION_FLAGS="$USER_CFLAGS $USER_C_EXTRA_FLAGS $AM_CFLAGS"
 
 CREATE_HEX_VERSION
diff --git a/wolfcrypt/src/aes_asm.s b/wolfcrypt/src/aes_asm.s
index ac67a09ee..e47b3469e 100644
--- a/wolfcrypt/src/aes_asm.s
+++ b/wolfcrypt/src/aes_asm.s
@@ -1205,7 +1205,7 @@ pslldq $4, %xmm4
 pxor   %xmm4, %xmm3
 pxor   %xmm2, %xmm3
 ret
- 
+
 
 /*
 void AES_256_Key_Expansion (const unsigned char *userkey,
@@ -1372,3 +1372,7 @@ gfmul:
         ret
 
 #endif /* HAVE_AESGCM */
+
+#if defined(__linux__) && defined(__ELF__)
+    .section .note.GNU-stack,"",%progbits
+#endif

From a2dc01413c20307091ad3586d6f99bc5c304955a Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Tue, 29 Nov 2016 13:29:19 -0800
Subject: [PATCH 2/3] For distro build don't install options.h (conflicts with
 multi-arch). Fix for BUILD_DISTRO excludes with indent.

---
 Makefile.am        | 37 ++++++++++++++++++-------------------
 cyassl/include.am  |  8 +++++++-
 wolfssl/include.am |  8 +++++++-
 3 files changed, 32 insertions(+), 21 deletions(-)

diff --git a/Makefile.am b/Makefile.am
index 7870f527c..e9aadbec0 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -89,25 +89,24 @@ include tests/include.am
 include sslSniffer/sslSnifferTest/include.am
 include rpm/include.am
 
-if BUILD_DISTRO
-    # Exclude references to non-DFSG sources from build files
-else
-    include mqx/util_lib/Sources/include.am
-    include mqx/wolfcrypt_benchmark/Sources/include.am
-    include mqx/wolfcrypt_test/Sources/include.am
-    include mqx/wolfssl/include.am
-    include mqx/wolfssl_client/Sources/include.am
-    include mplabx/include.am
-    include mplabx/wolfcrypt_benchmark.X/nbproject/include.am
-    include mplabx/wolfcrypt_test.X/nbproject/include.am
-    include mplabx/wolfssl.X/nbproject/include.am
-    include mcapi/include.am
-    include mcapi/wolfcrypt_mcapi.X/nbproject/include.am
-    include mcapi/wolfcrypt_test.X/nbproject/include.am
-    include mcapi/wolfssl.X/nbproject/include.am
-    include mcapi/zlib.X/nbproject/include.am
-    include tirtos/include.am
-    include IDE/include.am
+# Exclude references to non-DFSG sources from build files
+if !BUILD_DISTRO
+include mqx/util_lib/Sources/include.am
+include mqx/wolfcrypt_benchmark/Sources/include.am
+include mqx/wolfcrypt_test/Sources/include.am
+include mqx/wolfssl/include.am
+include mqx/wolfssl_client/Sources/include.am
+include mplabx/include.am
+include mplabx/wolfcrypt_benchmark.X/nbproject/include.am
+include mplabx/wolfcrypt_test.X/nbproject/include.am
+include mplabx/wolfssl.X/nbproject/include.am
+include mcapi/include.am
+include mcapi/wolfcrypt_mcapi.X/nbproject/include.am
+include mcapi/wolfcrypt_test.X/nbproject/include.am
+include mcapi/wolfssl.X/nbproject/include.am
+include mcapi/zlib.X/nbproject/include.am
+include tirtos/include.am
+include IDE/include.am
 endif
 include scripts/include.am
 
diff --git a/cyassl/include.am b/cyassl/include.am
index db1f089ee..b4c7e0436 100644
--- a/cyassl/include.am
+++ b/cyassl/include.am
@@ -16,10 +16,16 @@ nobase_include_HEADERS+= \
                          cyassl/certs_test.h \
                          cyassl/test.h \
                          cyassl/version.h \
-                         cyassl/options.h \
                          cyassl/ocsp.h \
                          cyassl/crl.h
 
 noinst_HEADERS+= \
                          cyassl/internal.h
 
+# For distro build don't install options.h.
+# It depends on the architecture and conflicts with Multi-Arch.
+if BUILD_DISTRO
+noinst_HEADERS+=         cyassl/options.h
+else
+nobase_include_HEADERS+= cyassl/options.h
+endif
diff --git a/wolfssl/include.am b/wolfssl/include.am
index a02488fc8..03883b086 100644
--- a/wolfssl/include.am
+++ b/wolfssl/include.am
@@ -16,10 +16,16 @@ nobase_include_HEADERS+= \
                          wolfssl/certs_test.h \
                          wolfssl/test.h \
                          wolfssl/version.h \
-                         wolfssl/options.h \
                          wolfssl/ocsp.h \
                          wolfssl/crl.h
 
 noinst_HEADERS+= \
                          wolfssl/internal.h
 
+# For distro build don't install options.h.
+# It depends on the architecture and conflicts with Multi-Arch.
+if BUILD_DISTRO
+noinst_HEADERS+=         wolfssl/options.h
+else
+nobase_include_HEADERS+= wolfssl/options.h
+endif

From 9399cc05cb346791a3d1ad809a9fa1816f9df2a6 Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Wed, 7 Dec 2016 07:07:27 -0800
Subject: [PATCH 3/3] Fixes for building with CRL monitor when not linux, OS X
 or FreeBSD and --enable-distro set. Cleanup of the crl.c HAVE_CRL_MONITOR
 checks for OS and make sure if StopMonitor preprocessor is defined the
 function will also be defined.

---
 configure.ac |  9 +++++++--
 src/crl.c    | 13 ++++++-------
 2 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/configure.ac b/configure.ac
index ac4dda2df..ad4471a67 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1764,7 +1764,12 @@ then
     *linux* | *darwin* | *freebsd*)
         AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_MONITOR" ;;
     *)
-        AC_MSG_ERROR([crl monitor only allowed on linux, OS X, or freebsd]) ;;
+        if test "x$ENABLED_DISTRO" = "xyes" ; then
+            ENABLED_CRL_MONITOR="no"
+        else
+            AC_MSG_ERROR( [crl monitor only allowed on linux, OS X, or freebsd])
+        fi
+        break;;
     esac
 fi
 
@@ -2214,7 +2219,7 @@ then
         AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"
         AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"])
     fi
-    if test "x$ENABLED_CRL_MONITOR" = "xno"
+    if test "x$ENABLED_CRL_MONITOR" = "xno" && test "x$ENABLED_DISTRO" = "xno"
     then
         ENABLED_CRL_MONITOR="yes"
         AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_MONITOR"
diff --git a/src/crl.c b/src/crl.c
index fcc925af7..2fbcde08c 100644
--- a/src/crl.c
+++ b/src/crl.c
@@ -42,8 +42,12 @@
 #include <string.h>
 
 #ifdef HAVE_CRL_MONITOR
-    static int StopMonitor(int mfd);
-#endif
+    #if (defined(__MACH__) || defined(__FreeBSD__) || defined(__linux__))
+        static int StopMonitor(int mfd);
+    #else
+        #error "CRL monitor only currently supported on linux or mach"
+    #endif
+#endif /* HAVE_CRL_MONITOR */
 
 
 /* Initialize CRL members */
@@ -718,11 +722,6 @@ static void* DoMonitor(void* arg)
     return NULL;
 }
 
-
-#else
-
-#error "CRL monitor only currently supported on linux or mach"
-
 #endif /* MACH or linux */