Upgrade to 1.10.2 and remove trousers dependency
Also added second patch to remove call to EVP_PKEY_set_alias_type for SSL3 compliance. Resolves: rhbz#1922002 Resolves: rhbz#1870520 Resolves: rhbz#1927374 Signed-off-by: Tony Camuso <tcamuso@redhat.com>
This commit is contained in:
parent
dce2b25ea1
commit
57f0c72c75
5
.gitignore
vendored
5
.gitignore
vendored
@ -1 +1,4 @@
|
|||||||
/tboot-1.9.*.tar.gz
|
*.swp
|
||||||
|
.*
|
||||||
|
tboot*/
|
||||||
|
/tboot-*.tar.gz
|
||||||
|
@ -0,0 +1,30 @@
|
|||||||
|
From fb1b10586f293a39523cec835a8d2f102375bd0d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Tony Camuso <tcamuso@redhat.com>
|
||||||
|
Date: Wed, 2 Jun 2021 06:57:41 -0400
|
||||||
|
Subject: [PATCH] Add -Wno-error=deprecated-declarations to Config.mk
|
||||||
|
|
||||||
|
For SSL3 build compatability. In the future, the code needs to be
|
||||||
|
made SSL3 compatable.
|
||||||
|
|
||||||
|
Signed-off-by: Tony Camuso <tcamuso@redhat.com>
|
||||||
|
---
|
||||||
|
Config.mk | 3 ++-
|
||||||
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/Config.mk b/Config.mk
|
||||||
|
index ba997b0..764e725 100644
|
||||||
|
--- a/Config.mk
|
||||||
|
+++ b/Config.mk
|
||||||
|
@@ -43,7 +43,8 @@ CFLAGS_WARN = -Wall -Wformat-security -Werror -Wstrict-prototypes \
|
||||||
|
-Wextra -Winit-self -Wswitch-default -Wunused-parameter \
|
||||||
|
-Wwrite-strings \
|
||||||
|
$(call cc-option,$(CC),-Wlogical-op,) \
|
||||||
|
- -Wno-missing-field-initializers -Wno-address-of-packed-member
|
||||||
|
+ -Wno-missing-field-initializers -Wno-address-of-packed-member \
|
||||||
|
+ -Wno-deprecated-declarations
|
||||||
|
|
||||||
|
AS ?= as
|
||||||
|
LD ?= ld
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
63
0002-lcputils.c-remove-call-to-EVP_PKEY_set_alias_type.patch
Normal file
63
0002-lcputils.c-remove-call-to-EVP_PKEY_set_alias_type.patch
Normal file
@ -0,0 +1,63 @@
|
|||||||
|
From 8486ee675c00c2662d261fbbf26cf013ccd118fd Mon Sep 17 00:00:00 2001
|
||||||
|
From: Tony Camuso <tcamuso@redhat.com>
|
||||||
|
Date: Wed, 23 Jun 2021 08:01:54 -0400
|
||||||
|
Subject: [PATCH] lcputils.c: remove call to EVP_PKEY_set_alias_type
|
||||||
|
|
||||||
|
This function was previously needed as a workaround for SM2. With
|
||||||
|
OpenSSL 3.0, this key type is internally recognized so the workaround
|
||||||
|
is no longer needed.
|
||||||
|
|
||||||
|
Signed-off-by: Tony Camuso <tcamuso@redhat.com>
|
||||||
|
---
|
||||||
|
lcptools-v2/lcputils.c | 14 +++++++++++++-
|
||||||
|
1 file changed, 13 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/lcptools-v2/lcputils.c b/lcptools-v2/lcputils.c
|
||||||
|
index 9d4b976..4dbb2fc 100644
|
||||||
|
--- a/lcptools-v2/lcputils.c
|
||||||
|
+++ b/lcptools-v2/lcputils.c
|
||||||
|
@@ -775,6 +775,11 @@ bool verify_ec_signature(sized_buffer *data, sized_buffer *pubkey_x,
|
||||||
|
result = 0;
|
||||||
|
goto EXIT;
|
||||||
|
}
|
||||||
|
+// SSL3 removed function EVP_PKEY_set_alias_type
|
||||||
|
+// This function was previously needed as a workaround for SM2.
|
||||||
|
+// With OpenSSL 3.0, this key type is internally recognized so
|
||||||
|
+// the workaround is no longer needed.
|
||||||
|
+#if 0
|
||||||
|
if (sigalg == TPM_ALG_SM2) {
|
||||||
|
result = EVP_PKEY_set_alias_type(evp_key, EVP_PKEY_SM2);
|
||||||
|
if (result <= 0) {
|
||||||
|
@@ -782,6 +787,7 @@ bool verify_ec_signature(sized_buffer *data, sized_buffer *pubkey_x,
|
||||||
|
goto OPENSSL_ERROR;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
+#endif
|
||||||
|
pctx = EVP_PKEY_CTX_new(evp_key, NULL);
|
||||||
|
if (pctx == NULL) {
|
||||||
|
ERROR("Error: failed to generate key context.\n");
|
||||||
|
@@ -915,6 +921,11 @@ bool ec_sign_data(sized_buffer *data, sized_buffer *r, sized_buffer *s, uint16_t
|
||||||
|
goto OPENSSL_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
|
+// SSL3 removed function EVP_PKEY_set_alias_type
|
||||||
|
+// This function was previously needed as a workaround for SM2.
|
||||||
|
+// With OpenSSL 3.0, this key type is internally recognized so
|
||||||
|
+// the workaround is no longer needed.
|
||||||
|
+#if 0
|
||||||
|
if (sigalg == TPM_ALG_SM2) {
|
||||||
|
result = EVP_PKEY_set_alias_type(evp_key, EVP_PKEY_SM2);
|
||||||
|
if (result <= 0) {
|
||||||
|
@@ -922,7 +933,8 @@ bool ec_sign_data(sized_buffer *data, sized_buffer *r, sized_buffer *s, uint16_t
|
||||||
|
goto OPENSSL_ERROR;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
-
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
pctx = EVP_PKEY_CTX_new(evp_key, NULL);
|
||||||
|
if (pctx == NULL) {
|
||||||
|
ERROR("Error: failed to allocate pkey context.\n");
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
@ -1,25 +0,0 @@
|
|||||||
From 1cf1c3e6af1f43555de7ec89cd1e8bc3ea0aaefe Mon Sep 17 00:00:00 2001
|
|
||||||
From: Yunying Sun <yunying.sun@intel.com>
|
|
||||||
Date: Mon, 13 May 2019 17:26:13 +0800
|
|
||||||
Subject: [PATCH] disable address of packed member warning
|
|
||||||
|
|
||||||
---
|
|
||||||
Config.mk | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/Config.mk b/Config.mk
|
|
||||||
index 6a64d1a..27bce1b 100644
|
|
||||||
--- a/Config.mk
|
|
||||||
+++ b/Config.mk
|
|
||||||
@@ -43,7 +43,7 @@ CFLAGS_WARN = -Wall -Wformat-security -Werror -Wstrict-prototypes \
|
|
||||||
-Wextra -Winit-self -Wswitch-default -Wunused-parameter \
|
|
||||||
-Wwrite-strings \
|
|
||||||
$(call cc-option,$(CC),-Wlogical-op,) \
|
|
||||||
- -Wno-missing-field-initializers
|
|
||||||
+ -Wno-missing-field-initializers -Wno-address-of-packed-member -Wno-error=deprecated-declarations
|
|
||||||
|
|
||||||
AS = as
|
|
||||||
LD = ld
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
2
sources
2
sources
@ -1 +1 @@
|
|||||||
SHA512 (tboot-1.9.11.tar.gz) = 5c2466438ad3ab95ca66fe4d460f4e6b31ccd3c6ac79221b129883df4180fce4878dd07a5f180bb79fae13b59fa90c05aeda7339159d1d950011a59645024b8a
|
SHA512 (tboot-1.10.2.tar.gz) = a906617b733411f0e672bfea28edb65cf7b586e100c3b6af45a8a0a0088fdc103b8c27518f1d6421537653c6b4ed48d78993a2df44188ddeaa5dc536cc272060
|
||||||
|
47
tboot.spec
47
tboot.spec
@ -1,19 +1,19 @@
|
|||||||
Summary: Performs a verified launch using Intel TXT
|
Summary: Performs a verified launch using Intel TXT
|
||||||
Name: tboot
|
Name: tboot
|
||||||
Version: 1.9.11
|
Version: 1.10.2
|
||||||
Release: 9%{?dist}
|
Release: 1%{?dist}
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
|
|
||||||
License: BSD
|
License: BSD
|
||||||
URL: http://sourceforge.net/projects/tboot/
|
URL: http://sourceforge.net/projects/tboot/
|
||||||
Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
|
Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
|
||||||
|
|
||||||
Patch0: disable-address-of-packed-member-warning.patch
|
Patch0: 0001-Add-Wno-error-deprecated-declarations-to-Config.mk.patch
|
||||||
Patch1: tboot-gcc11.patch
|
Patch1: 0002-lcputils.c-remove-call-to-EVP_PKEY_set_alias_type.patch
|
||||||
|
|
||||||
BuildRequires: make
|
BuildRequires: make
|
||||||
BuildRequires: gcc
|
BuildRequires: gcc
|
||||||
BuildRequires: trousers-devel
|
BuildRequires: perl
|
||||||
BuildRequires: openssl-devel
|
BuildRequires: openssl-devel
|
||||||
BuildRequires: zlib-devel
|
BuildRequires: zlib-devel
|
||||||
ExclusiveArch: %{ix86} x86_64
|
ExclusiveArch: %{ix86} x86_64
|
||||||
@ -33,40 +33,37 @@ make debug=y %{?_smp_mflags}
|
|||||||
%install
|
%install
|
||||||
make debug=y DISTDIR=$RPM_BUILD_ROOT install
|
make debug=y DISTDIR=$RPM_BUILD_ROOT install
|
||||||
|
|
||||||
|
|
||||||
%files
|
%files
|
||||||
%doc README COPYING docs/* lcptools/Linux_LCP_Tools_User_Manual.pdf
|
%doc README.md COPYING docs/* lcptools-v2/lcptools.txt
|
||||||
%config %{_sysconfdir}/grub.d/20_linux_tboot
|
%config %{_sysconfdir}/grub.d/20_linux_tboot
|
||||||
%config %{_sysconfdir}/grub.d/20_linux_xen_tboot
|
%config %{_sysconfdir}/grub.d/20_linux_xen_tboot
|
||||||
%{_sbindir}/acminfo
|
%{_sbindir}/txt-acminfo
|
||||||
%{_sbindir}/lcp_readpol
|
|
||||||
%{_sbindir}/lcp_writepol
|
|
||||||
%{_sbindir}/lcp2_crtpol
|
%{_sbindir}/lcp2_crtpol
|
||||||
%{_sbindir}/lcp2_crtpolelt
|
%{_sbindir}/lcp2_crtpolelt
|
||||||
%{_sbindir}/lcp2_crtpollist
|
%{_sbindir}/lcp2_crtpollist
|
||||||
%{_sbindir}/lcp2_mlehash
|
%{_sbindir}/lcp2_mlehash
|
||||||
%{_sbindir}/parse_err
|
%{_sbindir}/txt-parse_err
|
||||||
%{_sbindir}/tb_polgen
|
%{_sbindir}/tb_polgen
|
||||||
%{_sbindir}/tpmnv_defindex
|
|
||||||
%{_sbindir}/tpmnv_getcap
|
|
||||||
%{_sbindir}/tpmnv_lock
|
|
||||||
%{_sbindir}/tpmnv_relindex
|
|
||||||
%{_sbindir}/txt-stat
|
%{_sbindir}/txt-stat
|
||||||
%{_mandir}/man8/acminfo.8.gz
|
%{_mandir}/man8/txt-acminfo.8.gz
|
||||||
%{_mandir}/man8/lcp_crtpconf.8.gz
|
|
||||||
%{_mandir}/man8/lcp_crtpol.8.gz
|
|
||||||
%{_mandir}/man8/lcp_crtpol2.8.gz
|
|
||||||
%{_mandir}/man8/lcp_crtpolelt.8.gz
|
|
||||||
%{_mandir}/man8/lcp_crtpollist.8.gz
|
|
||||||
%{_mandir}/man8/lcp_mlehash.8.gz
|
|
||||||
%{_mandir}/man8/lcp_readpol.8.gz
|
|
||||||
%{_mandir}/man8/lcp_writepol.8.gz
|
|
||||||
%{_mandir}/man8/tb_polgen.8.gz
|
%{_mandir}/man8/tb_polgen.8.gz
|
||||||
%{_mandir}/man8/txt-stat.8.gz
|
%{_mandir}/man8/txt-stat.8.gz
|
||||||
|
%{_mandir}/man8/lcp2_crtpol.8.gz
|
||||||
|
%{_mandir}/man8/lcp2_crtpolelt.8.gz
|
||||||
|
%{_mandir}/man8/lcp2_crtpollist.8.gz
|
||||||
|
%{_mandir}/man8/lcp2_mlehash.8.gz
|
||||||
|
%{_mandir}/man8/txt-parse_err.8.gz
|
||||||
/boot/tboot.gz
|
/boot/tboot.gz
|
||||||
/boot/tboot-syms
|
/boot/tboot-syms
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Jun 21 2021 Tony Camuso <tcamuso@redhat.com> - 1:1.10.2-1
|
||||||
|
Upgrade to latest upstream.
|
||||||
|
Remove trousers dependency.
|
||||||
|
Resolves: rhbz#1922002
|
||||||
|
Resolves: rhbz#1870520
|
||||||
|
Resolves: rhbz#1927374
|
||||||
|
|
||||||
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:1.9.11-9
|
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:1.9.11-9
|
||||||
- Rebuilt for RHEL 9 BETA for openssl 3.0
|
- Rebuilt for RHEL 9 BETA for openssl 3.0
|
||||||
Related: rhbz#1971065
|
Related: rhbz#1971065
|
||||||
|
Loading…
Reference in New Issue
Block a user