83 lines
2.5 KiB
RPMSpec
83 lines
2.5 KiB
RPMSpec
%define openssl_version 1.1.1l
|
|
Name: intel-sgx-ssl
|
|
Version: 2.15.1
|
|
Release: 2
|
|
Summary: Intel® Software Guard Extensions SSL
|
|
ExclusiveArch: x86_64
|
|
License: OpenSSL and BSD-3-Clause
|
|
URL: https://github.com/intel/intel-sgx-ssl
|
|
Source0: https://github.com/intel/intel-sgx-ssl/archive/intel-sgx-ssl-lin_%{version}_%{openssl_version}.zip
|
|
Source1: https://www.openssl.org/source/old/1.1.1/openssl-%{openssl_version}.tar.gz
|
|
|
|
Patch0: 0001-Solution_to_issue_ssl_library_is_not_supported.patch
|
|
Patch1: adapt-openssl-CVE.patch
|
|
Patch2: backport-CVE-2022-2097-Fix-AES-OCB-encrypt-decrypt-for-x86-AES-NI.patch
|
|
Patch3: backport-CVE-2022-1292.patch
|
|
Patch4: backport-CVE-2022-2068-Fix-file-operations-in-c_rehash.patch
|
|
Patch5: backport-CVE-2022-0778.patch
|
|
Patch6: backport-CVE-2022-0778_test.patch
|
|
|
|
BuildRequires: gcc gcc-c++
|
|
BuildRequires: libsgx-launch libsgx-urts sgxsdk perl
|
|
|
|
Requires: glibc sgxsdk >= %{version}-%{release}
|
|
|
|
%description
|
|
The Intel® Software Guard Extensions SSL (Intel® SGX SSL) cryptographic
|
|
library is intended to provide cryptographic services for
|
|
Intel® Software Guard Extensions (SGX) enclave applications.
|
|
The Intel® SGX SSL cryptographic library is based on the underlying
|
|
OpenSSL* Open Source project, providing a full-strength general purpose
|
|
cryptography library. Supported OpenSSL version is 1.1.1l.
|
|
|
|
|
|
%package devel
|
|
Summary: Development files for intel sgx ssl
|
|
Requires: %{name} = %{version}-%{release}
|
|
|
|
%description devel
|
|
%{summary}.
|
|
|
|
|
|
%package_help
|
|
%define debug_package %{nil}
|
|
|
|
%prep
|
|
|
|
%setup -q -n intel-sgx-ssl-lin_%{version}_%{openssl_version}
|
|
%setup -q -D -T -a 1 -n intel-sgx-ssl-lin_%{version}_%{openssl_version}/openssl_source
|
|
%setup -q -D -T -n intel-sgx-ssl-lin_%{version}_%{openssl_version}
|
|
%patch0 -p1
|
|
%patch1 -p1
|
|
%patch2 -p1
|
|
%patch3 -p1
|
|
%patch4 -p1
|
|
%patch5 -p1
|
|
%patch6 -p1
|
|
|
|
%build
|
|
cp %{SOURCE1} openssl_source/
|
|
cd Linux
|
|
make sgxssl_no_mitigation
|
|
|
|
%install
|
|
cd Linux
|
|
make install DESTDIR=$RPM_BUILD_ROOT/opt/intel/sgxssl
|
|
cp -r package/docs $RPM_BUILD_ROOT/opt/intel/sgxssl/
|
|
cp ../README.md $RPM_BUILD_ROOT/opt/intel/sgxssl/docs/
|
|
cp License.txt $RPM_BUILD_ROOT/opt/intel/sgxssl/docs/
|
|
|
|
%files
|
|
/opt/intel/sgxssl/lib64/*
|
|
/opt/intel/sgxssl/docs/*
|
|
|
|
%files devel
|
|
/opt/intel/sgxssl/include/*
|
|
|
|
%changelog
|
|
* Sat Sep 03 2022 wangyu <wangyu283@huawei.com> - 2.15.1-2
|
|
- Fix CVE-2022-2068 CVE-2022-0778 CVE-2022-1292 CVE-2022-2097
|
|
|
|
* Mon Jun 27 2022 wangyu<wangyu283@huawei.com> - 2.15.1-1
|
|
- init
|