rpms/libgcrypt
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Restore the CET protection

Browse Source 
Resolves: rhbz#1954422
This commit is contained in:
Jakub Jelen 2021-04-28 19:30:53 +02:00
parent 5127f18692
commit b117db4efa
2 changed files with 41 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
libgcrypt-1.8.5-intel-cet.patch Normal file
View File

@ -0,0 +1,34 @@
From b04c0a86b19856071c29d2a6285f3240c606ee7a Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Tue, 27 Apr 2021 09:08:41 -0700
Subject: [PATCH] Always include <config.h> in cipher assembly codes
* cipher/poly1305-s390x.S: Always include <config.h>.
When Intel CET is enabled, we need to include <cet.h> in assembly codes
to mark Intel CET support even if it is empty. We should always include
<config.h> in cipher assembly codes so that they will be marked for
Intel CET support when compiling for x86-64 and i686.
Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
---
cipher/poly1305-s390x.S | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/cipher/poly1305-s390x.S b/cipher/poly1305-s390x.S
index 844245f6..28bed560 100644
--- a/cipher/poly1305-s390x.S
+++ b/cipher/poly1305-s390x.S
@@ -18,8 +18,8 @@
* License along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
-#if defined (__s390x__) && __GNUC__ >= 4 && __ARCH__ >= 9
#include <config.h>
+#if defined (__s390x__) && __GNUC__ >= 4 && __ARCH__ >= 9
#if defined(HAVE_GCC_INLINE_ASM_S390X)
#include "asm-poly1305-s390x.h"
--
GitLab

8
libgcrypt.spec
View File

@ -1,6 +1,6 @@
Name: libgcrypt Name: libgcrypt
Version: 1.9.3 Version: 1.9.3
Release: 1%{?dist} Release: 2%{?dist}
URL: https://www.gnupg.org/ URL: https://www.gnupg.org/
Source0: libgcrypt-%{version}-hobbled.tar.xz Source0: libgcrypt-%{version}-hobbled.tar.xz
# The original libgcrypt sources now contain potentially patented ECC # The original libgcrypt sources now contain potentially patented ECC
@ -44,6 +44,8 @@ Patch24: libgcrypt-1.8.5-getrandom.patch
Patch26: libgcrypt-1.8.3-fips-enttest.patch Patch26: libgcrypt-1.8.3-fips-enttest.patch
# Disable non-approved FIPS hashes in the enforced FIPS mode # Disable non-approved FIPS hashes in the enforced FIPS mode
Patch27: libgcrypt-1.8.3-md-fips-enforce.patch Patch27: libgcrypt-1.8.3-md-fips-enforce.patch
# Missing Intel CET support in the library (#1954049)
Patch28: libgcrypt-1.8.5-intel-cet.patch
# FIPS module is redefined a little bit (implicit by kernel FIPS mode) # FIPS module is redefined a little bit (implicit by kernel FIPS mode)
Patch30: libgcrypt-1.8.5-fips-module.patch Patch30: libgcrypt-1.8.5-fips-module.patch
@ -93,6 +95,7 @@ applications using libgcrypt.
%patch24 -p1 -b .getrandom %patch24 -p1 -b .getrandom
%patch26 -p1 -b .fips-enttest %patch26 -p1 -b .fips-enttest
%patch27 -p1 -b .fips-enforce %patch27 -p1 -b .fips-enforce
%patch28 -p1 -b .intel-cet
%patch30 -p1 -b .fips-module %patch30 -p1 -b .fips-module
cp %{SOURCE4} cipher/ cp %{SOURCE4} cipher/
@ -203,6 +206,9 @@ install -m644 %{SOURCE7} $RPM_BUILD_ROOT/etc/gcrypt/random.conf
%license COPYING %license COPYING
%changelog %changelog
* Wed Apr 28 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.3-2
- Restore the CET protection (#1954049)
* Tue Apr 20 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.3-1 * Tue Apr 20 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.3-1
- New upstream release (#1951325) - New upstream release (#1951325)