Restore the CET protection
Resolves: rhbz#1954422
This commit is contained in:
parent
5127f18692
commit
b117db4efa
34
libgcrypt-1.8.5-intel-cet.patch
Normal file
34
libgcrypt-1.8.5-intel-cet.patch
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
From b04c0a86b19856071c29d2a6285f3240c606ee7a Mon Sep 17 00:00:00 2001
|
||||||
|
From: "H.J. Lu" <hjl.tools@gmail.com>
|
||||||
|
Date: Tue, 27 Apr 2021 09:08:41 -0700
|
||||||
|
Subject: [PATCH] Always include <config.h> in cipher assembly codes
|
||||||
|
|
||||||
|
* cipher/poly1305-s390x.S: Always include <config.h>.
|
||||||
|
|
||||||
|
When Intel CET is enabled, we need to include <cet.h> in assembly codes
|
||||||
|
to mark Intel CET support even if it is empty. We should always include
|
||||||
|
<config.h> in cipher assembly codes so that they will be marked for
|
||||||
|
Intel CET support when compiling for x86-64 and i686.
|
||||||
|
|
||||||
|
Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
|
||||||
|
---
|
||||||
|
cipher/poly1305-s390x.S | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/cipher/poly1305-s390x.S b/cipher/poly1305-s390x.S
|
||||||
|
index 844245f6..28bed560 100644
|
||||||
|
--- a/cipher/poly1305-s390x.S
|
||||||
|
+++ b/cipher/poly1305-s390x.S
|
||||||
|
@@ -18,8 +18,8 @@
|
||||||
|
* License along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
|
||||||
|
-#if defined (__s390x__) && __GNUC__ >= 4 && __ARCH__ >= 9
|
||||||
|
#include <config.h>
|
||||||
|
+#if defined (__s390x__) && __GNUC__ >= 4 && __ARCH__ >= 9
|
||||||
|
#if defined(HAVE_GCC_INLINE_ASM_S390X)
|
||||||
|
|
||||||
|
#include "asm-poly1305-s390x.h"
|
||||||
|
--
|
||||||
|
GitLab
|
||||||
|
|
@ -1,6 +1,6 @@
|
|||||||
Name: libgcrypt
|
Name: libgcrypt
|
||||||
Version: 1.9.3
|
Version: 1.9.3
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
URL: https://www.gnupg.org/
|
URL: https://www.gnupg.org/
|
||||||
Source0: libgcrypt-%{version}-hobbled.tar.xz
|
Source0: libgcrypt-%{version}-hobbled.tar.xz
|
||||||
# The original libgcrypt sources now contain potentially patented ECC
|
# The original libgcrypt sources now contain potentially patented ECC
|
||||||
@ -44,6 +44,8 @@ Patch24: libgcrypt-1.8.5-getrandom.patch
|
|||||||
Patch26: libgcrypt-1.8.3-fips-enttest.patch
|
Patch26: libgcrypt-1.8.3-fips-enttest.patch
|
||||||
# Disable non-approved FIPS hashes in the enforced FIPS mode
|
# Disable non-approved FIPS hashes in the enforced FIPS mode
|
||||||
Patch27: libgcrypt-1.8.3-md-fips-enforce.patch
|
Patch27: libgcrypt-1.8.3-md-fips-enforce.patch
|
||||||
|
# Missing Intel CET support in the library (#1954049)
|
||||||
|
Patch28: libgcrypt-1.8.5-intel-cet.patch
|
||||||
# FIPS module is redefined a little bit (implicit by kernel FIPS mode)
|
# FIPS module is redefined a little bit (implicit by kernel FIPS mode)
|
||||||
Patch30: libgcrypt-1.8.5-fips-module.patch
|
Patch30: libgcrypt-1.8.5-fips-module.patch
|
||||||
|
|
||||||
@ -93,6 +95,7 @@ applications using libgcrypt.
|
|||||||
%patch24 -p1 -b .getrandom
|
%patch24 -p1 -b .getrandom
|
||||||
%patch26 -p1 -b .fips-enttest
|
%patch26 -p1 -b .fips-enttest
|
||||||
%patch27 -p1 -b .fips-enforce
|
%patch27 -p1 -b .fips-enforce
|
||||||
|
%patch28 -p1 -b .intel-cet
|
||||||
%patch30 -p1 -b .fips-module
|
%patch30 -p1 -b .fips-module
|
||||||
|
|
||||||
cp %{SOURCE4} cipher/
|
cp %{SOURCE4} cipher/
|
||||||
@ -203,6 +206,9 @@ install -m644 %{SOURCE7} $RPM_BUILD_ROOT/etc/gcrypt/random.conf
|
|||||||
%license COPYING
|
%license COPYING
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Apr 28 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.3-2
|
||||||
|
- Restore the CET protection (#1954049)
|
||||||
|
|
||||||
* Tue Apr 20 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.3-1
|
* Tue Apr 20 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.3-1
|
||||||
- New upstream release (#1951325)
|
- New upstream release (#1951325)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user