Upgrade to 1.10.2 and remove trousers dependency
Also added second patch to remove call to EVP_PKEY_set_alias_type for SSL3 compliance. Resolves: rhbz#1922002 Resolves: rhbz#1870520 Resolves: rhbz#1927374 Signed-off-by: Tony Camuso <tcamuso@redhat.com>
This commit is contained in:
parent
dce2b25ea1
commit
57f0c72c75
5
.gitignore
vendored
5
.gitignore
vendored
@ -1 +1,4 @@
|
||||
/tboot-1.9.*.tar.gz
|
||||
*.swp
|
||||
.*
|
||||
tboot*/
|
||||
/tboot-*.tar.gz
|
||||
|
@ -0,0 +1,30 @@
|
||||
From fb1b10586f293a39523cec835a8d2f102375bd0d Mon Sep 17 00:00:00 2001
|
||||
From: Tony Camuso <tcamuso@redhat.com>
|
||||
Date: Wed, 2 Jun 2021 06:57:41 -0400
|
||||
Subject: [PATCH] Add -Wno-error=deprecated-declarations to Config.mk
|
||||
|
||||
For SSL3 build compatability. In the future, the code needs to be
|
||||
made SSL3 compatable.
|
||||
|
||||
Signed-off-by: Tony Camuso <tcamuso@redhat.com>
|
||||
---
|
||||
Config.mk | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/Config.mk b/Config.mk
|
||||
index ba997b0..764e725 100644
|
||||
--- a/Config.mk
|
||||
+++ b/Config.mk
|
||||
@@ -43,7 +43,8 @@ CFLAGS_WARN = -Wall -Wformat-security -Werror -Wstrict-prototypes \
|
||||
-Wextra -Winit-self -Wswitch-default -Wunused-parameter \
|
||||
-Wwrite-strings \
|
||||
$(call cc-option,$(CC),-Wlogical-op,) \
|
||||
- -Wno-missing-field-initializers -Wno-address-of-packed-member
|
||||
+ -Wno-missing-field-initializers -Wno-address-of-packed-member \
|
||||
+ -Wno-deprecated-declarations
|
||||
|
||||
AS ?= as
|
||||
LD ?= ld
|
||||
--
|
||||
2.31.1
|
||||
|
63
0002-lcputils.c-remove-call-to-EVP_PKEY_set_alias_type.patch
Normal file
63
0002-lcputils.c-remove-call-to-EVP_PKEY_set_alias_type.patch
Normal file
@ -0,0 +1,63 @@
|
||||
From 8486ee675c00c2662d261fbbf26cf013ccd118fd Mon Sep 17 00:00:00 2001
|
||||
From: Tony Camuso <tcamuso@redhat.com>
|
||||
Date: Wed, 23 Jun 2021 08:01:54 -0400
|
||||
Subject: [PATCH] lcputils.c: remove call to EVP_PKEY_set_alias_type
|
||||
|
||||
This function was previously needed as a workaround for SM2. With
|
||||
OpenSSL 3.0, this key type is internally recognized so the workaround
|
||||
is no longer needed.
|
||||
|
||||
Signed-off-by: Tony Camuso <tcamuso@redhat.com>
|
||||
---
|
||||
lcptools-v2/lcputils.c | 14 +++++++++++++-
|
||||
1 file changed, 13 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lcptools-v2/lcputils.c b/lcptools-v2/lcputils.c
|
||||
index 9d4b976..4dbb2fc 100644
|
||||
--- a/lcptools-v2/lcputils.c
|
||||
+++ b/lcptools-v2/lcputils.c
|
||||
@@ -775,6 +775,11 @@ bool verify_ec_signature(sized_buffer *data, sized_buffer *pubkey_x,
|
||||
result = 0;
|
||||
goto EXIT;
|
||||
}
|
||||
+// SSL3 removed function EVP_PKEY_set_alias_type
|
||||
+// This function was previously needed as a workaround for SM2.
|
||||
+// With OpenSSL 3.0, this key type is internally recognized so
|
||||
+// the workaround is no longer needed.
|
||||
+#if 0
|
||||
if (sigalg == TPM_ALG_SM2) {
|
||||
result = EVP_PKEY_set_alias_type(evp_key, EVP_PKEY_SM2);
|
||||
if (result <= 0) {
|
||||
@@ -782,6 +787,7 @@ bool verify_ec_signature(sized_buffer *data, sized_buffer *pubkey_x,
|
||||
goto OPENSSL_ERROR;
|
||||
}
|
||||
}
|
||||
+#endif
|
||||
pctx = EVP_PKEY_CTX_new(evp_key, NULL);
|
||||
if (pctx == NULL) {
|
||||
ERROR("Error: failed to generate key context.\n");
|
||||
@@ -915,6 +921,11 @@ bool ec_sign_data(sized_buffer *data, sized_buffer *r, sized_buffer *s, uint16_t
|
||||
goto OPENSSL_ERROR;
|
||||
}
|
||||
|
||||
+// SSL3 removed function EVP_PKEY_set_alias_type
|
||||
+// This function was previously needed as a workaround for SM2.
|
||||
+// With OpenSSL 3.0, this key type is internally recognized so
|
||||
+// the workaround is no longer needed.
|
||||
+#if 0
|
||||
if (sigalg == TPM_ALG_SM2) {
|
||||
result = EVP_PKEY_set_alias_type(evp_key, EVP_PKEY_SM2);
|
||||
if (result <= 0) {
|
||||
@@ -922,7 +933,8 @@ bool ec_sign_data(sized_buffer *data, sized_buffer *r, sized_buffer *s, uint16_t
|
||||
goto OPENSSL_ERROR;
|
||||
}
|
||||
}
|
||||
-
|
||||
+#endif
|
||||
+
|
||||
pctx = EVP_PKEY_CTX_new(evp_key, NULL);
|
||||
if (pctx == NULL) {
|
||||
ERROR("Error: failed to allocate pkey context.\n");
|
||||
--
|
||||
2.31.1
|
||||
|
@ -1,25 +0,0 @@
|
||||
From 1cf1c3e6af1f43555de7ec89cd1e8bc3ea0aaefe Mon Sep 17 00:00:00 2001
|
||||
From: Yunying Sun <yunying.sun@intel.com>
|
||||
Date: Mon, 13 May 2019 17:26:13 +0800
|
||||
Subject: [PATCH] disable address of packed member warning
|
||||
|
||||
---
|
||||
Config.mk | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/Config.mk b/Config.mk
|
||||
index 6a64d1a..27bce1b 100644
|
||||
--- a/Config.mk
|
||||
+++ b/Config.mk
|
||||
@@ -43,7 +43,7 @@ CFLAGS_WARN = -Wall -Wformat-security -Werror -Wstrict-prototypes \
|
||||
-Wextra -Winit-self -Wswitch-default -Wunused-parameter \
|
||||
-Wwrite-strings \
|
||||
$(call cc-option,$(CC),-Wlogical-op,) \
|
||||
- -Wno-missing-field-initializers
|
||||
+ -Wno-missing-field-initializers -Wno-address-of-packed-member -Wno-error=deprecated-declarations
|
||||
|
||||
AS = as
|
||||
LD = ld
|
||||
--
|
||||
2.21.0
|
||||
|
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (tboot-1.9.11.tar.gz) = 5c2466438ad3ab95ca66fe4d460f4e6b31ccd3c6ac79221b129883df4180fce4878dd07a5f180bb79fae13b59fa90c05aeda7339159d1d950011a59645024b8a
|
||||
SHA512 (tboot-1.10.2.tar.gz) = a906617b733411f0e672bfea28edb65cf7b586e100c3b6af45a8a0a0088fdc103b8c27518f1d6421537653c6b4ed48d78993a2df44188ddeaa5dc536cc272060
|
||||
|
45
tboot.spec
45
tboot.spec
@ -1,19 +1,19 @@
|
||||
Summary: Performs a verified launch using Intel TXT
|
||||
Name: tboot
|
||||
Version: 1.9.11
|
||||
Release: 9%{?dist}
|
||||
Version: 1.10.2
|
||||
Release: 1%{?dist}
|
||||
Epoch: 1
|
||||
|
||||
License: BSD
|
||||
URL: http://sourceforge.net/projects/tboot/
|
||||
Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
|
||||
|
||||
Patch0: disable-address-of-packed-member-warning.patch
|
||||
Patch1: tboot-gcc11.patch
|
||||
Patch0: 0001-Add-Wno-error-deprecated-declarations-to-Config.mk.patch
|
||||
Patch1: 0002-lcputils.c-remove-call-to-EVP_PKEY_set_alias_type.patch
|
||||
|
||||
BuildRequires: make
|
||||
BuildRequires: gcc
|
||||
BuildRequires: trousers-devel
|
||||
BuildRequires: perl
|
||||
BuildRequires: openssl-devel
|
||||
BuildRequires: zlib-devel
|
||||
ExclusiveArch: %{ix86} x86_64
|
||||
@ -33,40 +33,37 @@ make debug=y %{?_smp_mflags}
|
||||
%install
|
||||
make debug=y DISTDIR=$RPM_BUILD_ROOT install
|
||||
|
||||
|
||||
%files
|
||||
%doc README COPYING docs/* lcptools/Linux_LCP_Tools_User_Manual.pdf
|
||||
%doc README.md COPYING docs/* lcptools-v2/lcptools.txt
|
||||
%config %{_sysconfdir}/grub.d/20_linux_tboot
|
||||
%config %{_sysconfdir}/grub.d/20_linux_xen_tboot
|
||||
%{_sbindir}/acminfo
|
||||
%{_sbindir}/lcp_readpol
|
||||
%{_sbindir}/lcp_writepol
|
||||
%{_sbindir}/txt-acminfo
|
||||
%{_sbindir}/lcp2_crtpol
|
||||
%{_sbindir}/lcp2_crtpolelt
|
||||
%{_sbindir}/lcp2_crtpollist
|
||||
%{_sbindir}/lcp2_mlehash
|
||||
%{_sbindir}/parse_err
|
||||
%{_sbindir}/txt-parse_err
|
||||
%{_sbindir}/tb_polgen
|
||||
%{_sbindir}/tpmnv_defindex
|
||||
%{_sbindir}/tpmnv_getcap
|
||||
%{_sbindir}/tpmnv_lock
|
||||
%{_sbindir}/tpmnv_relindex
|
||||
%{_sbindir}/txt-stat
|
||||
%{_mandir}/man8/acminfo.8.gz
|
||||
%{_mandir}/man8/lcp_crtpconf.8.gz
|
||||
%{_mandir}/man8/lcp_crtpol.8.gz
|
||||
%{_mandir}/man8/lcp_crtpol2.8.gz
|
||||
%{_mandir}/man8/lcp_crtpolelt.8.gz
|
||||
%{_mandir}/man8/lcp_crtpollist.8.gz
|
||||
%{_mandir}/man8/lcp_mlehash.8.gz
|
||||
%{_mandir}/man8/lcp_readpol.8.gz
|
||||
%{_mandir}/man8/lcp_writepol.8.gz
|
||||
%{_mandir}/man8/txt-acminfo.8.gz
|
||||
%{_mandir}/man8/tb_polgen.8.gz
|
||||
%{_mandir}/man8/txt-stat.8.gz
|
||||
%{_mandir}/man8/lcp2_crtpol.8.gz
|
||||
%{_mandir}/man8/lcp2_crtpolelt.8.gz
|
||||
%{_mandir}/man8/lcp2_crtpollist.8.gz
|
||||
%{_mandir}/man8/lcp2_mlehash.8.gz
|
||||
%{_mandir}/man8/txt-parse_err.8.gz
|
||||
/boot/tboot.gz
|
||||
/boot/tboot-syms
|
||||
|
||||
%changelog
|
||||
* Mon Jun 21 2021 Tony Camuso <tcamuso@redhat.com> - 1:1.10.2-1
|
||||
Upgrade to latest upstream.
|
||||
Remove trousers dependency.
|
||||
Resolves: rhbz#1922002
|
||||
Resolves: rhbz#1870520
|
||||
Resolves: rhbz#1927374
|
||||
|
||||
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:1.9.11-9
|
||||
- Rebuilt for RHEL 9 BETA for openssl 3.0
|
||||
Related: rhbz#1971065
|
||||
|
Loading…
Reference in New Issue
Block a user