Restore the CET protection
Resolves: rhbz#1954422
This commit is contained in:
parent
5127f18692
commit
b117db4efa
34
libgcrypt-1.8.5-intel-cet.patch
Normal file
34
libgcrypt-1.8.5-intel-cet.patch
Normal file
@ -0,0 +1,34 @@
|
||||
From b04c0a86b19856071c29d2a6285f3240c606ee7a Mon Sep 17 00:00:00 2001
|
||||
From: "H.J. Lu" <hjl.tools@gmail.com>
|
||||
Date: Tue, 27 Apr 2021 09:08:41 -0700
|
||||
Subject: [PATCH] Always include <config.h> in cipher assembly codes
|
||||
|
||||
* cipher/poly1305-s390x.S: Always include <config.h>.
|
||||
|
||||
When Intel CET is enabled, we need to include <cet.h> in assembly codes
|
||||
to mark Intel CET support even if it is empty. We should always include
|
||||
<config.h> in cipher assembly codes so that they will be marked for
|
||||
Intel CET support when compiling for x86-64 and i686.
|
||||
|
||||
Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
|
||||
---
|
||||
cipher/poly1305-s390x.S | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/cipher/poly1305-s390x.S b/cipher/poly1305-s390x.S
|
||||
index 844245f6..28bed560 100644
|
||||
--- a/cipher/poly1305-s390x.S
|
||||
+++ b/cipher/poly1305-s390x.S
|
||||
@@ -18,8 +18,8 @@
|
||||
* License along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
-#if defined (__s390x__) && __GNUC__ >= 4 && __ARCH__ >= 9
|
||||
#include <config.h>
|
||||
+#if defined (__s390x__) && __GNUC__ >= 4 && __ARCH__ >= 9
|
||||
#if defined(HAVE_GCC_INLINE_ASM_S390X)
|
||||
|
||||
#include "asm-poly1305-s390x.h"
|
||||
--
|
||||
GitLab
|
||||
|
@ -1,6 +1,6 @@
|
||||
Name: libgcrypt
|
||||
Version: 1.9.3
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
URL: https://www.gnupg.org/
|
||||
Source0: libgcrypt-%{version}-hobbled.tar.xz
|
||||
# The original libgcrypt sources now contain potentially patented ECC
|
||||
@ -44,6 +44,8 @@ Patch24: libgcrypt-1.8.5-getrandom.patch
|
||||
Patch26: libgcrypt-1.8.3-fips-enttest.patch
|
||||
# Disable non-approved FIPS hashes in the enforced FIPS mode
|
||||
Patch27: libgcrypt-1.8.3-md-fips-enforce.patch
|
||||
# Missing Intel CET support in the library (#1954049)
|
||||
Patch28: libgcrypt-1.8.5-intel-cet.patch
|
||||
# FIPS module is redefined a little bit (implicit by kernel FIPS mode)
|
||||
Patch30: libgcrypt-1.8.5-fips-module.patch
|
||||
|
||||
@ -93,6 +95,7 @@ applications using libgcrypt.
|
||||
%patch24 -p1 -b .getrandom
|
||||
%patch26 -p1 -b .fips-enttest
|
||||
%patch27 -p1 -b .fips-enforce
|
||||
%patch28 -p1 -b .intel-cet
|
||||
%patch30 -p1 -b .fips-module
|
||||
|
||||
cp %{SOURCE4} cipher/
|
||||
@ -203,6 +206,9 @@ install -m644 %{SOURCE7} $RPM_BUILD_ROOT/etc/gcrypt/random.conf
|
||||
%license COPYING
|
||||
|
||||
%changelog
|
||||
* Wed Apr 28 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.3-2
|
||||
- Restore the CET protection (#1954049)
|
||||
|
||||
* Tue Apr 20 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.3-1
|
||||
- New upstream release (#1951325)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user