SECURITY: disable build of filter_neon.S on arm

This fixes the bug #505
"libpng does not support PAC/BTI on aarch64 targets" which arises
because the build mechanisms (both cmake and configure) assemble
arm/filter_neon.S even though it ends up completely empty.  The empty
file effectively poisons the so that the PAC/BTI support gets disabled.

The fix is minimal; it simply removes arm/filter_neon.S from the list of
sources included in the build.  Note that this was already done in cmake
for MSVC - it's not clear whether this change was a partial fix for the
same issue.

The fix will cause attempts to use the assembler implementation to fail
at build time.  As described in PR506:

#506

This should only cause problems with certain older GCC compilers and
only then if someone tries to build with the assembler optimization
enabled in which case the build probably had a security problem.

QUESTION: does the PAC/BTI security issue affect 32-bit ARM?  If not
this change may might be an issue for someone given that filter_neon.S
would apparently be safe on 32-bit.  Nevertheless this PR is safe
because it fails in a noisy way and is easy to undo.

TESTING: pull the changes then type "autoreconf" if using configure (not
required for cmake).

Signed-off-by: John Bowler <jbowler@acm.org>

CMakeLists.txt

@@ -153,9 +153,6 @@ if(TARGET_ARCH MATCHES "^(ARM|arm|aarch)")
         arm/arm_init.c
         arm/filter_neon_intrinsics.c
         arm/palette_neon_intrinsics.c)
-    if(NOT MSVC)
-      list(APPEND libpng_arm_sources arm/filter_neon.S)
-    endif()
     if(PNG_ARM_NEON STREQUAL "on")
       add_definitions(-DPNG_ARM_NEON_OPT=2)
     elseif(PNG_ARM_NEON STREQUAL "check")

Makefile.am

@@ -108,7 +108,7 @@ libpng@PNGLIB_MAJOR@@PNGLIB_MINOR@_la_SOURCES = png.c pngerror.c\
 
 if PNG_ARM_NEON
 libpng@PNGLIB_MAJOR@@PNGLIB_MINOR@_la_SOURCES += arm/arm_init.c\
-	arm/filter_neon.S arm/filter_neon_intrinsics.c \
+	arm/filter_neon_intrinsics.c \
 	arm/palette_neon_intrinsics.c
 endif