From 1ecac53a38fa771cac7822b8e6b932917c546711 Mon Sep 17 00:00:00 2001
From: historic_bruno <ben@wildfiregames.com>
Date: Thu, 11 Jul 2019 21:48:50 +0000
Subject: [PATCH] Fixes GnuTLS build on macOS.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixes macOS linker warning "PIE disabled absolute - addressing not
allowed".

Updates nettle to 3.5.1, GnuTLS to 3.6.8, gloox to 1.0.22.
Disables TCP fast open feature of GnuTLS (requires 10.11, no SDK build
support).
Fixes GnuTLS detection of GMP by adding it to LIBS flag.
Disables getaddrinfo on gloox 1.0.22. Lobby connections failed during
server hostname resolution.
Adds --with-pic to GMP build to force consistent PIC usage.
Adds -N flag to patch commands to avoid reapplying them.
Removes unneeded build flags.
Documents --enable-fat configure flag: GMP and nettle detect
CPU-specific features, fat binaries let us build and run them on
different CPUs (see D1772).

Fixes #5453, 5489. Refs #5481.
Tested by: kali0ad, trompetin17
Reviewed by: elexis, trompetin17
Differential Revision: ​https://code.wildfiregames.com/D2057
This was SVN commit r22455.
---
 libraries/osx/build-osx-libs.sh               | 26 ++++++++++++-------
 .../patches/gnutls-disable-tcpfastopen.diff   | 11 ++++++++
 2 files changed, 28 insertions(+), 9 deletions(-)
 create mode 100644 libraries/osx/patches/gnutls-disable-tcpfastopen.diff

diff --git a/libraries/osx/build-osx-libs.sh b/libraries/osx/build-osx-libs.sh
index db6f30019a..9375c8d56a 100755
--- a/libraries/osx/build-osx-libs.sh
+++ b/libraries/osx/build-osx-libs.sh
@@ -35,9 +35,10 @@ OGG_VERSION="libogg-1.3.3"
 VORBIS_VERSION="libvorbis-1.3.6"
 # gloox requires GnuTLS, GnuTLS requires Nettle and GMP
 GMP_VERSION="gmp-6.1.2"
-NETTLE_VERSION="nettle-3.4"
-GNUTLS_VERSION="gnutls-3.5.19"
-GLOOX_VERSION="gloox-1.0.20"
+NETTLE_VERSION="nettle-3.5.1"
+# NOTE: remember to also update LIB_URL below when changing version
+GNUTLS_VERSION="gnutls-3.6.8"
+GLOOX_VERSION="gloox-1.0.22"
 # NSPR is necessary for threadsafe Spidermonkey
 NSPR_VERSION="4.15"
 # OS X only includes part of ICU, and only the dylib
@@ -169,7 +170,7 @@ then
   pushd $LIB_DIRECTORY
 
   # patch zlib's configure script to use our CFLAGS and LDFLAGS
-  (patch -p0 -i ../../patches/zlib_flags.diff && CFLAGS="$CFLAGS" LDFLAGS="$LDFLAGS" ./configure --prefix="$ZLIB_DIR" --static && make ${JOBS} && make install) || die "zlib build failed"
+  (patch -Np0 -i ../../patches/zlib_flags.diff && CFLAGS="$CFLAGS" LDFLAGS="$LDFLAGS" ./configure --prefix="$ZLIB_DIR" --static && make ${JOBS} && make install) || die "zlib build failed"
   popd
   touch .already-built
 else
@@ -489,7 +490,9 @@ then
   tar -xf $LIB_ARCHIVE
   pushd $LIB_DIRECTORY
 
-  (./configure CFLAGS="$CFLAGS" CXXFLAGS="$CXXFLAGS" LDFLAGS="$LDFLAGS" --prefix="$INSTALL_DIR" --enable-fat --disable-shared && make ${JOBS} && make install) || die "GMP build failed"
+  # NOTE: enable-fat in this case allows building and running on different CPUS.
+  # Otherwise CPU-specific instructions will be used with no fallback for older CPUs.
+  (./configure CFLAGS="$CFLAGS" CXXFLAGS="$CXXFLAGS" LDFLAGS="$LDFLAGS" --prefix="$INSTALL_DIR" --enable-fat --disable-shared --with-pic && make ${JOBS} && make install) || die "GMP build failed"
   popd
   touch .already-built
 else
@@ -521,7 +524,9 @@ then
   tar -xf $LIB_ARCHIVE
   pushd $LIB_DIRECTORY
 
-(./configure CFLAGS="$CFLAGS -m64" CXXFLAGS="$CXXFLAGS -m64" LDFLAGS="$LDFLAGS -m64" --with-include-path="${GMP_DIR}/include" --with-lib-path="${GMP_DIR}/lib" --prefix="$INSTALL_DIR" --disable-shared --disable-documentation --disable-openssl --disable-assembler && make ${JOBS} && make install) || die "Nettle build failed"
+  # NOTE: enable-fat in this case allows building and running on different CPUS.
+  # Otherwise CPU-specific instructions will be used with no fallback for older CPUs.
+  (./configure CFLAGS="$CFLAGS" CXXFLAGS="$CXXFLAGS" LDFLAGS="$LDFLAGS" --with-include-path="${GMP_DIR}/include" --with-lib-path="${GMP_DIR}/lib" --prefix="$INSTALL_DIR" --enable-fat --disable-shared --disable-documentation --disable-openssl --disable-assembler && make ${JOBS} && make install) || die "Nettle build failed"
   popd
   touch .already-built
 else
@@ -535,7 +540,7 @@ echo -e "Building GnuTLS..."
 LIB_VERSION="${GNUTLS_VERSION}"
 LIB_ARCHIVE="$LIB_VERSION.tar.xz"
 LIB_DIRECTORY="$LIB_VERSION"
-LIB_URL="https://www.gnupg.org/ftp/gcrypt/gnutls/v3.5/"
+LIB_URL="https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/"
 
 mkdir -p gnutls
 pushd gnutls > /dev/null
@@ -553,7 +558,10 @@ then
   tar -xf $LIB_ARCHIVE
   pushd $LIB_DIRECTORY
 
-(./configure CFLAGS="$CFLAGS -m64" CXXFLAGS="$CXXFLAGS -m64" LDFLAGS="$LDFLAGS -m64" NETTLE_CFLAGS="-I${NETTLE_DIR}/include" NETTLE_LIBS="-L${NETTLE_DIR}/lib -lnettle" HOGWEED_CFLAGS="-I${NETTLE_DIR}/include" HOGWEED_LIBS="-L${NETTLE_DIR}/lib -lhogweed" GMP_CFLAGS="-I${GMP_DIR}/include" GMP_LIBS="-L${GMP_DIR}/lib -lgmp" --prefix="$INSTALL_DIR" --enable-shared=no --without-idn --with-included-unistring --with-included-libtasn1 --without-p11-kit --disable-tests && make ${JOBS} && make install) || die "GnuTLS build failed"
+  # GnuTLS 3.6.8 added the TCP Fast Open feature, which requires connectx
+  # but that's only available on OS X 10.11+ (GnuTLS doesn't support SDK based builds yet)
+  # So we disable that functionality
+  (patch -Np0 -i ../../patches/gnutls-disable-tcpfastopen.diff && ./configure CFLAGS="$CFLAGS" CXXFLAGS="$CXXFLAGS" LDFLAGS="$LDFLAGS" LIBS="-L${GMP_DIR}/lib -lgmp" NETTLE_CFLAGS="-I${NETTLE_DIR}/include" NETTLE_LIBS="-L${NETTLE_DIR}/lib -lnettle" HOGWEED_CFLAGS="-I${NETTLE_DIR}/include" HOGWEED_LIBS="-L${NETTLE_DIR}/lib -lhogweed" GMP_CFLAGS="-I${GMP_DIR}/include" GMP_LIBS="-L${GMP_DIR}/lib -lgmp" --prefix="$INSTALL_DIR" --enable-shared=no --without-idn --with-included-unistring --with-included-libtasn1 --without-p11-kit --disable-tests && make ${JOBS} && make install) || die "GnuTLS build failed"
   popd
   touch .already-built
 else
@@ -584,7 +592,7 @@ then
   pushd $LIB_DIRECTORY
 
   # TODO: pulls in libresolv dependency from /usr/lib
-  (./configure CFLAGS="$CFLAGS" CXXFLAGS="$CXXFLAGS" LDFLAGS="$LDFLAGS" --prefix="$INSTALL_DIR" GNUTLS_CFLAGS="-I${GNUTLS_DIR}/include" GNUTLS_LIBS="-L${GNUTLS_DIR}/lib -lgnutls" --enable-shared=no --with-zlib="${ZLIB_DIR}" --without-libidn --with-gnutls="yes" --without-openssl --without-tests --without-examples && make ${JOBS} && make install) || die "gloox build failed"
+  (./configure CFLAGS="$CFLAGS" CXXFLAGS="$CXXFLAGS" LDFLAGS="$LDFLAGS" --prefix="$INSTALL_DIR" GNUTLS_CFLAGS="-I${GNUTLS_DIR}/include" GNUTLS_LIBS="-L${GNUTLS_DIR}/lib -lgnutls" --enable-shared=no --with-zlib="${ZLIB_DIR}" --without-libidn --with-gnutls="yes" --without-openssl --without-tests --without-examples --disable-getaddrinfo && make ${JOBS} && make install) || die "gloox build failed"
   popd
   touch .already-built
 else
diff --git a/libraries/osx/patches/gnutls-disable-tcpfastopen.diff b/libraries/osx/patches/gnutls-disable-tcpfastopen.diff
new file mode 100644
index 0000000000..6d834b0735
--- /dev/null
+++ b/libraries/osx/patches/gnutls-disable-tcpfastopen.diff
@@ -0,0 +1,11 @@
+--- lib/system/fastopen.c	2019-03-15 05:10:27.000000000 -0400
++++ lib/system/fastopen.c	2019-07-10 07:53:30.000000000 -0400
+@@ -38,7 +38,7 @@
+ 
+ /* TCP Fast Open on OSX behaves differently from Linux, so define these helpers */
+ #if defined __APPLE__ && defined __MACH__ && defined CONNECT_DATA_IDEMPOTENT && defined CONNECT_RESUME_ON_READ_WRITE
+-# define TCP_FASTOPEN_OSX
++//# define TCP_FASTOPEN_OSX
+ #elif defined TCP_FASTOPEN && defined MSG_FASTOPEN
+ # define TCP_FASTOPEN_LINUX
+ #endif