From 49555800f07bbcb72ccbbd091d6660a1812a2ca0 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Thu, 4 Nov 2021 00:53:28 -0400 Subject: [PATCH] import tboot-1.10.2-5.el9 --- .gitignore | 1 + .tboot.metadata | 1 + ...deprecated-declarations-to-Config.mk.patch | 30 +++ ...move-call-to-EVP_PKEY_set_alias_type.patch | 63 ++++++ SPECS/tboot.spec | 214 ++++++++++++++++++ 5 files changed, 309 insertions(+) create mode 100644 .gitignore create mode 100644 .tboot.metadata create mode 100644 SOURCES/0001-Add-Wno-error-deprecated-declarations-to-Config.mk.patch create mode 100644 SOURCES/0002-lcputils.c-remove-call-to-EVP_PKEY_set_alias_type.patch create mode 100644 SPECS/tboot.spec diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..988c5ab --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/tboot-1.10.2.tar.gz diff --git a/.tboot.metadata b/.tboot.metadata new file mode 100644 index 0000000..4c6680b --- /dev/null +++ b/.tboot.metadata @@ -0,0 +1 @@ +f11ed63c38588fe17ac6674efc115122dd2fc737 SOURCES/tboot-1.10.2.tar.gz diff --git a/SOURCES/0001-Add-Wno-error-deprecated-declarations-to-Config.mk.patch b/SOURCES/0001-Add-Wno-error-deprecated-declarations-to-Config.mk.patch new file mode 100644 index 0000000..14bd490 --- /dev/null +++ b/SOURCES/0001-Add-Wno-error-deprecated-declarations-to-Config.mk.patch @@ -0,0 +1,30 @@ +From fb1b10586f293a39523cec835a8d2f102375bd0d Mon Sep 17 00:00:00 2001 +From: Tony Camuso +Date: Wed, 2 Jun 2021 06:57:41 -0400 +Subject: [PATCH] Add -Wno-error=deprecated-declarations to Config.mk + +For SSL3 build compatability. In the future, the code needs to be +made SSL3 compatable. + +Signed-off-by: Tony Camuso +--- + Config.mk | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/Config.mk b/Config.mk +index ba997b0..764e725 100644 +--- a/Config.mk ++++ b/Config.mk +@@ -43,7 +43,8 @@ CFLAGS_WARN = -Wall -Wformat-security -Werror -Wstrict-prototypes \ + -Wextra -Winit-self -Wswitch-default -Wunused-parameter \ + -Wwrite-strings \ + $(call cc-option,$(CC),-Wlogical-op,) \ +- -Wno-missing-field-initializers -Wno-address-of-packed-member ++ -Wno-missing-field-initializers -Wno-address-of-packed-member \ ++ -Wno-deprecated-declarations + + AS ?= as + LD ?= ld +-- +2.31.1 + diff --git a/SOURCES/0002-lcputils.c-remove-call-to-EVP_PKEY_set_alias_type.patch b/SOURCES/0002-lcputils.c-remove-call-to-EVP_PKEY_set_alias_type.patch new file mode 100644 index 0000000..1290a34 --- /dev/null +++ b/SOURCES/0002-lcputils.c-remove-call-to-EVP_PKEY_set_alias_type.patch @@ -0,0 +1,63 @@ +From 8486ee675c00c2662d261fbbf26cf013ccd118fd Mon Sep 17 00:00:00 2001 +From: Tony Camuso +Date: Wed, 23 Jun 2021 08:01:54 -0400 +Subject: [PATCH] lcputils.c: remove call to EVP_PKEY_set_alias_type + +This function was previously needed as a workaround for SM2. With +OpenSSL 3.0, this key type is internally recognized so the workaround +is no longer needed. + +Signed-off-by: Tony Camuso +--- + lcptools-v2/lcputils.c | 14 +++++++++++++- + 1 file changed, 13 insertions(+), 1 deletion(-) + +diff --git a/lcptools-v2/lcputils.c b/lcptools-v2/lcputils.c +index 9d4b976..4dbb2fc 100644 +--- a/lcptools-v2/lcputils.c ++++ b/lcptools-v2/lcputils.c +@@ -775,6 +775,11 @@ bool verify_ec_signature(sized_buffer *data, sized_buffer *pubkey_x, + result = 0; + goto EXIT; + } ++// SSL3 removed function EVP_PKEY_set_alias_type ++// This function was previously needed as a workaround for SM2. ++// With OpenSSL 3.0, this key type is internally recognized so ++// the workaround is no longer needed. ++#if 0 + if (sigalg == TPM_ALG_SM2) { + result = EVP_PKEY_set_alias_type(evp_key, EVP_PKEY_SM2); + if (result <= 0) { +@@ -782,6 +787,7 @@ bool verify_ec_signature(sized_buffer *data, sized_buffer *pubkey_x, + goto OPENSSL_ERROR; + } + } ++#endif + pctx = EVP_PKEY_CTX_new(evp_key, NULL); + if (pctx == NULL) { + ERROR("Error: failed to generate key context.\n"); +@@ -915,6 +921,11 @@ bool ec_sign_data(sized_buffer *data, sized_buffer *r, sized_buffer *s, uint16_t + goto OPENSSL_ERROR; + } + ++// SSL3 removed function EVP_PKEY_set_alias_type ++// This function was previously needed as a workaround for SM2. ++// With OpenSSL 3.0, this key type is internally recognized so ++// the workaround is no longer needed. ++#if 0 + if (sigalg == TPM_ALG_SM2) { + result = EVP_PKEY_set_alias_type(evp_key, EVP_PKEY_SM2); + if (result <= 0) { +@@ -922,7 +933,8 @@ bool ec_sign_data(sized_buffer *data, sized_buffer *r, sized_buffer *s, uint16_t + goto OPENSSL_ERROR; + } + } +- ++#endif ++ + pctx = EVP_PKEY_CTX_new(evp_key, NULL); + if (pctx == NULL) { + ERROR("Error: failed to allocate pkey context.\n"); +-- +2.31.1 + diff --git a/SPECS/tboot.spec b/SPECS/tboot.spec new file mode 100644 index 0000000..aa67255 --- /dev/null +++ b/SPECS/tboot.spec @@ -0,0 +1,214 @@ +Summary: Performs a verified launch using Intel TXT +Name: tboot +Version: 1.10.2 +Release: 5%{?dist} +Epoch: 1 + +License: BSD +URL: http://sourceforge.net/projects/tboot/ +Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz + +Patch0: 0001-Add-Wno-error-deprecated-declarations-to-Config.mk.patch +Patch1: 0002-lcputils.c-remove-call-to-EVP_PKEY_set_alias_type.patch + +BuildRequires: make +BuildRequires: gcc +BuildRequires: perl +BuildRequires: openssl-devel +BuildRequires: zlib-devel +ExclusiveArch: %{ix86} x86_64 + +%description +Trusted Boot (tboot) is an open source, pre-kernel/VMM module that uses +Intel Trusted Execution Technology (Intel TXT) to perform a measured +and verified launch of an OS kernel/VMM. + +%prep +%autosetup -p1 -n %{name}-%{version} + +%build +CFLAGS="%{optflags}"; export CFLAGS +LDFLAGS="%{build_ldflags}"; export LDFLAGS +make debug=y %{?_smp_mflags} + +%install +make debug=y DISTDIR=$RPM_BUILD_ROOT install + +%files +%doc README.md COPYING docs/* lcptools-v2/lcptools.txt +%config %{_sysconfdir}/grub.d/20_linux_tboot +%config %{_sysconfdir}/grub.d/20_linux_xen_tboot +%{_sbindir}/txt-acminfo +%{_sbindir}/lcp2_crtpol +%{_sbindir}/lcp2_crtpolelt +%{_sbindir}/lcp2_crtpollist +%{_sbindir}/lcp2_mlehash +%{_sbindir}/txt-parse_err +%{_sbindir}/tb_polgen +%{_sbindir}/txt-stat +%{_mandir}/man8/txt-acminfo.8.gz +%{_mandir}/man8/tb_polgen.8.gz +%{_mandir}/man8/txt-stat.8.gz +%{_mandir}/man8/lcp2_crtpol.8.gz +%{_mandir}/man8/lcp2_crtpolelt.8.gz +%{_mandir}/man8/lcp2_crtpollist.8.gz +%{_mandir}/man8/lcp2_mlehash.8.gz +%{_mandir}/man8/txt-parse_err.8.gz +/boot/tboot.gz +/boot/tboot-syms + +%changelog +* Tue Aug 10 2021 Mohan Boddu - 1:1.10.2-5 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Wed Jul 28 2021 Tony Camuso - 1:1.10.2-4 +- From Miroslave Vadkerti: + Onboarding tests to RHEL9 in BaseOS CI requires action, adding + test configuration in our "dispatcher" configuration for RHEL9: + https://gitlab.cee.redhat.com/baseos-qe/citool-config/blob/production/brew-dispatcher-rhel9.yaml + Test config was added for tboot in the following MR. + https://gitlab.cee.redhat.com/baseos-qe/citool-config/-/merge_requests/2686 + Resolves: rhbz#1922002 + +* Tue Jul 27 2021 Tony Camuso - 1:1.10.2-3 +- Add the %{optflags} and %{build_ldflags} macros to assure the + build meets RHEL security requirements. + Resolves: rhbz#1922002 + +* Thu Jul 22 2021 Tony Camuso - 1:1.10.2-2 +- Bump the NVR as a result of including the gating.yaml file in + the git repo. + Resolves: rhbz#1922002 + +* Mon Jun 21 2021 Tony Camuso - 1:1.10.2-1 +- The patches are for SSL3 compatibility. These can probably be + removed when upstream tboot fully implements SSL3. +- Upgrade to latest upstream. +- Remove trousers dependency. + Resolves: rhbz#1922002 + Resolves: rhbz#1870520 + Resolves: rhbz#1927374 + +* Wed Jun 16 2021 Mohan Boddu - 1:1.9.11-9 +- Rebuilt for RHEL 9 BETA for openssl 3.0 + Related: rhbz#1971065 + +* Thu May 27 2021 Tony Camuso - 1:1.9.11-8 +- Add -Wno-error=deprecated-declarations to the Config.mk patch + Resolves: rhbz#1958031 + +* Fri Apr 16 2021 Mohan Boddu - 1:1.9.11-7 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Wed Jan 27 2021 Fedora Release Engineering - 1:1.9.11-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Fri Oct 30 2020 Jeff Law - 1:1.9.11-5 +- Re-enable -Wstringop-overflow and instead make the problematical + pointer volatile to avoid the false positive diagnostic + +* Thu Oct 29 2020 Jeff Law - 1:1.9.11-4 +- Fix buglet exposed by gcc-11 -Warray-parameter +- Temporarily disable -Wstringop-overflow due to false positive in gcc-11 + +* Wed Jul 29 2020 Jeff Law - 1:1.9.11-3 +- Explicitly allow uninitialized variables in a few places that do it +- on purpose + +* Wed Jul 29 2020 Fedora Release Engineering - 1:1.9.11-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Sun Apr 19 2020 Filipe Rosset - 1:1.9.11-1 +- Update to 1.9.11 + +* Fri Jan 31 2020 Fedora Release Engineering - 1:1.9.10-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Sat Jul 27 2019 Fedora Release Engineering - 1:1.9.10-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Tue May 14 2019 Yunying Sun - 1:1.9.10-1 +- Add patch to fix package build error +- Add build dependency to zlib-devel +- Update to latest release 1.9.10 + +* Sun Feb 03 2019 Fedora Release Engineering - 1:1.9.8-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Wed Oct 31 2018 Yunying Sun - 1:1.9.8-1 +- Updated to upstream 1.9.8 release + +* Tue Sep 4 2018 Yunying Sun - 1:1.9.7-1 +- Updated to upstream 1.9.7 release +- Removed the patch for openssl 1.1 as it is included in 1.9.7 already + +* Sat Jul 14 2018 Fedora Release Engineering - 1:1.9.6-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Tue Feb 06 2018 Tomáš Mráz - 1:1.9.6-2 +- Patch to build with OpenSSL-1.1.x + +* Sun Feb 04 2018 Filipe Rosset - 1:1.9.6-1 +- Upgrade to latest upstream version + +* Thu Aug 03 2017 Fedora Release Engineering - 1:1.8.2-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 1:1.8.2-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Sat Feb 11 2017 Fedora Release Engineering - 1:1.8.2-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Fri Feb 05 2016 Fedora Release Engineering - 1:1.8.2-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Fri Jun 19 2015 Fedora Release Engineering - 1:1.8.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Mon Aug 18 2014 Fedora Release Engineering - 1:1.8.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Wed Jul 30 2014 Gang Wei - 1:1.8.2-1 +- Upgrade to latest upstream version which provided security fix for: + tboot:argument measurement vulnerablity for GRUB2+ELF kernels + +* Wed Jun 18 2014 Gang Wei - 1:1.8.1-1 +- Upgrade to latest upstream version + +* Sun Jun 08 2014 Fedora Release Engineering - 1:1.7.3-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Sun Aug 04 2013 Fedora Release Engineering - 1:1.7.3-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Tue Apr 02 2013 Gang Wei - 1:1.7.3-3 +- Fix for breaking grub2-mkconfig operation in 32bit case(#929384) + +* Wed Feb 20 2013 Gang Wei - 1:1.7.3-2 +- Fix version string in log + +* Wed Jan 30 2013 David Cantrell - 1:1.7.3-1 +- Upgrade to latest upstream version (#902653) + +* Wed Aug 22 2012 Gang Wei - 1:1.7.0-2 +- Fix build error with zlib 1.2.7 + +* Sat Jul 21 2012 Fedora Release Engineering - 1:1.7.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Sun Jan 15 2012 Gang Wei - 1:1.7.0 +- 1.7.0 release + +* Sat Jan 14 2012 Fedora Release Engineering - 20110429-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Fri Apr 29 2011 Gang Wei - 20110429-1 +- Pull upstream changeset 255, rebuilt in F15 + +* Wed Feb 09 2011 Fedora Release Engineering - 20101005-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Wed Dec 1 2010 Joseph Cihula - 20101005-1.fc13 +- Initial import