!55 [sync] PR-54: DCAP disabling the rpatch option
From: @openeuler-sync-bot Reviewed-by: @houmingyong Signed-off-by: @houmingyong
This commit is contained in:
openeuler-ci-bot
Gitee
commit
618f7a6791
87
DCAP-disabling-the-rpatch-option.patch
Normal file
87
DCAP-disabling-the-rpatch-option.patch
Normal file
@ -0,0 +1,87 @@
|
||||
From a5e35c922b40a634b3d7b01d92724b86df20758f Mon Sep 17 00:00:00 2001
|
||||
From: wangyu <wangyu283@huawei.com>
|
||||
Date: Fri, 9 Sep 2022 10:09:37 +0800
|
||||
Subject: [PATCH] DCAP disabling the rpatch option
|
||||
|
||||
---
|
||||
.../QuoteGeneration/buildenv.mk | 7 +------
|
||||
.../QuoteGeneration/quote_wrapper/ql/linux/Makefile | 2 +-
|
||||
.../tools/PCKCertSelection/PCKSelectionSample/Makefile | 2 +-
|
||||
.../tools/PCKRetrievalTool/Makefile | 2 +-
|
||||
.../tools/PCKRetrievalTool/Qpl/linux/Makefile | 2 +-
|
||||
5 files changed, 5 insertions(+), 10 deletions(-)
|
||||
|
||||
diff --git a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.12.1/QuoteGeneration/buildenv.mk b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.12.1/QuoteGeneration/buildenv.mk
|
||||
index 8c87626e..f05ccdaf 100644
|
||||
--- a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.12.1/QuoteGeneration/buildenv.mk
|
||||
+++ b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.12.1/QuoteGeneration/buildenv.mk
|
||||
@@ -97,12 +97,7 @@ INCLUDE :=
|
||||
CUR_DIR := $(realpath $(call parent-dir,$(lastword $(wordlist 2,$(words $(MAKEFILE_LIST)),x $(MAKEFILE_LIST)))))
|
||||
|
||||
# turn on stack protector for SDK
|
||||
-CC_BELOW_4_9 := $(shell expr "`$(CC) -dumpversion`" \< "4.9")
|
||||
-ifeq ($(CC_BELOW_4_9), 1)
|
||||
- COMMON_FLAGS += -fstack-protector
|
||||
-else
|
||||
- COMMON_FLAGS += -fstack-protector-strong
|
||||
-endif
|
||||
+COMMON_FLAGS += -fstack-protector-strong
|
||||
|
||||
ifdef DEBUG
|
||||
COMMON_FLAGS += -O0 -ggdb -DDEBUG -UNDEBUG
|
||||
diff --git a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.12.1/QuoteGeneration/quote_wrapper/ql/linux/Makefile b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.12.1/QuoteGeneration/quote_wrapper/ql/linux/Makefile
|
||||
index 3dde7a10..30009c2d 100644
|
||||
--- a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.12.1/QuoteGeneration/quote_wrapper/ql/linux/Makefile
|
||||
+++ b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.12.1/QuoteGeneration/quote_wrapper/ql/linux/Makefile
|
||||
@@ -51,7 +51,7 @@ QL_Lib_Include_Paths += -I../../quote/inc -I../../../pce_wrapper/inc -I../inc
|
||||
QL_Lib_C_Flags := $(COMMON_FLAGS) -g -fPIC -Wno-attributes $(QL_Lib_Include_Paths)
|
||||
|
||||
LDUFLAGS:= -pthread $(COMMON_LDFLAGS)
|
||||
-LDUFLAGS += -Wl,--version-script=dcap_ql_wrapper.lds -Wl,--gc-sections -Wl,-rpath=.
|
||||
+LDUFLAGS += -Wl,--version-script=dcap_ql_wrapper.lds -Wl,--gc-sections
|
||||
|
||||
QL_Lib_Cpp_Flags := $(QL_Lib_C_Flags) -std=c++11
|
||||
QL_Lib_Link_Flags := $(SGX_COMMON_FLAGS) -g -L$(Quote_Library_Dir) -lsgx_qe3_logic -L$(PCE_Library_Dir) -lsgx_pce_logic -L$(TOP_DIR)/build/linux -L$(SGX_SDK)/lib64 -lpthread -ldl
|
||||
diff --git a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.12.1/tools/PCKCertSelection/PCKSelectionSample/Makefile b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.12.1/tools/PCKCertSelection/PCKSelectionSample/Makefile
|
||||
index 2068554b..da3d3bea 100644
|
||||
--- a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.12.1/tools/PCKCertSelection/PCKSelectionSample/Makefile
|
||||
+++ b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.12.1/tools/PCKCertSelection/PCKSelectionSample/Makefile
|
||||
@@ -79,7 +79,7 @@ C_FLAGS:= -DLINUX -fPIC -Werror $(APP_INCLUDE_PATHS)
|
||||
|
||||
# link flags, link CPUSVNCompare library
|
||||
LINK_FLAGS := -Wl,-rpath,${ORIGIN} -L$(BIN_DIR) -l$(LIB_NAME)
|
||||
-LINK_FLAGS := -Wl,-rpath=. -L$(BIN_DIR) -l$(LIB_NAME)
|
||||
+LINK_FLAGS := -L$(BIN_DIR) -l$(LIB_NAME)
|
||||
|
||||
# debug/release switch
|
||||
ifeq ($(DEBUG), 1)
|
||||
diff --git a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.12.1/tools/PCKRetrievalTool/Makefile b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.12.1/tools/PCKRetrievalTool/Makefile
|
||||
index 4596ee9c..116db7d2 100644
|
||||
--- a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.12.1/tools/PCKRetrievalTool/Makefile
|
||||
+++ b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.12.1/tools/PCKRetrievalTool/Makefile
|
||||
@@ -104,7 +104,7 @@ App_C_Flags := $(COMMON_FLAGS) -fPIC -Wno-attributes $(App_Include_Paths)
|
||||
|
||||
App_Cpp_Flags := $(App_C_Flags) -std=c++11
|
||||
App_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,-z,relro,-z,now,-z,noexecstack
|
||||
-App_Link_Flags += -lcurl -ldl -lpthread -Wl,-rpath=.
|
||||
+App_Link_Flags += -lcurl -ldl -lpthread
|
||||
|
||||
|
||||
App_Cpp_Objects := $(App_Cpp_Files:.cpp=.o)
|
||||
diff --git a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.12.1/tools/PCKRetrievalTool/Qpl/linux/Makefile b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.12.1/tools/PCKRetrievalTool/Qpl/linux/Makefile
|
||||
index b046d726..551a133f 100644
|
||||
--- a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.12.1/tools/PCKRetrievalTool/Qpl/linux/Makefile
|
||||
+++ b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.12.1/tools/PCKRetrievalTool/Qpl/linux/Makefile
|
||||
@@ -91,7 +91,7 @@ LDUFLAGS += -Wl,--gc-sections
|
||||
|
||||
QPL_Lib_Cpp_Flags := $(QPL_Lib_C_Flags) -std=c++11
|
||||
|
||||
-QPL_Lib_Link_Flags := $(SGX_COMMON_FLAGS) -L$(SGX_SDK)/lib64 -lpthread -ldl -Wl,-rpath=.
|
||||
+QPL_Lib_Link_Flags := $(SGX_COMMON_FLAGS) -L$(SGX_SDK)/lib64 -lpthread -ldl
|
||||
|
||||
|
||||
QPL_Lib_Cpp_Objects := $(QPL_Lib_Cpp_Files:.cpp=.o)
|
||||
--
|
||||
2.33.0
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
Name: linux-sgx
|
||||
Version: 2.15.1
|
||||
Release: 5
|
||||
Release: 6
|
||||
Summary: Intel(R) Software Guard Extensions for Linux* OS
|
||||
ExclusiveArch: x86_64
|
||||
License: BSD-3-Clause
|
||||
@ -28,6 +28,7 @@ Patch6: backport-CVE-2022-1292.patch
|
||||
Patch7: adapt-openssl-CVE.patch
|
||||
Patch8: backport-CVE-2022-2068-Fix-file-operations-in-c_rehash.patch
|
||||
Patch9: backport-CVE-2022-2097-Fix-AES-OCB-encrypt-decrypt-for-x86-AES-NI.patch
|
||||
Patch10: DCAP-disabling-the-rpatch-option.patch
|
||||
|
||||
BuildRequires: gcc-c++ protobuf-devel libtool ocaml-ocamlbuild openssl openssl-devel cmake python curl-devel createrepo_c git nasm
|
||||
|
||||
@ -271,16 +272,7 @@ Intel(R) Software Guard Extensions Basic Headers
|
||||
%%setup -q -D -a 10 -n linux-sgx-sgx_%{version}/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.12.1/QuoteVerification/intel-sgx-ssl-lin_2.15.1_1.1.1l/openssl_source
|
||||
%%setup -q -D -a 9 -n linux-sgx-sgx_%{version}
|
||||
|
||||
%%patch0 -p1
|
||||
%%patch1 -p1
|
||||
%%patch2 -p1
|
||||
%%patch3 -p1
|
||||
%%patch4 -p1
|
||||
%%patch5 -p1
|
||||
%%patch6 -p1
|
||||
%%patch7 -p1
|
||||
%%patch8 -p1
|
||||
%%patch9 -p1
|
||||
%autopatch -p1
|
||||
|
||||
%build
|
||||
|
||||
@ -1037,6 +1029,9 @@ fi
|
||||
%files -n libsgx-headers -f %{LINUX_INSTALLER_RPM_DIR}/libsgx-headers/build/list-libsgx-headers
|
||||
|
||||
%changelog
|
||||
* Fri Sep 09 2022 wangyu <wangyu283@huawei.com> - 2.15.1-6
|
||||
- DCAP disabling the rpatch option
|
||||
|
||||
* Sat Aug 27 2022 houmingyong<houmingyong@huawei.com> - 2.15.1-5
|
||||
- backport openssl CVE-2022-2068 and CVE-2022-2097
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user