[yocto] [meta-security][PATCH 1/1] swtpm/libtpm: update to latest master
Patrick Ohly
patrick.ohly at intel.com
Wed Dec 6 00:34:51 PST 2017
This allows dropping some patches for issues that were addressed
upstream. It also brings in support for connecting swtpm to qemu
without relying on CUSE.
Signed-off-by: Patrick Ohly <patrick.ohly at intel.com>
---
meta-tpm/recipes-tpm/libtpm/libtpm_1.0.bb | 4 +-
meta-tpm/recipes-tpm/swtpm/files/fix_fcntl_h.patch | 24 +++++++----
.../swtpm/files/fix_lib_search_path.patch | 20 +++++----
.../recipes-tpm/swtpm/files/fix_signed_issue.patch | 48 ----------------------
meta-tpm/recipes-tpm/swtpm/swtpm_1.0.bb | 14 +++----
5 files changed, 35 insertions(+), 75 deletions(-)
delete mode 100644 meta-tpm/recipes-tpm/swtpm/files/fix_signed_issue.patch
diff --git a/meta-tpm/recipes-tpm/libtpm/libtpm_1.0.bb b/meta-tpm/recipes-tpm/libtpm/libtpm_1.0.bb
index f9624f6..b29ec6b 100644
--- a/meta-tpm/recipes-tpm/libtpm/libtpm_1.0.bb
+++ b/meta-tpm/recipes-tpm/libtpm/libtpm_1.0.bb
@@ -2,11 +2,9 @@ SUMMARY = "LIBPM - Software TPM Library"
LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=97e5eea8d700d76b3ddfd35c4c96485f"
-SRCREV = "ad44846dda5a96e269ad2f78a532e01e9a2f02a1"
+SRCREV = "3388d45082bdc588c6fc0672f44d6d7d0aaa86ff"
SRC_URI = " \
git://github.com/stefanberger/libtpms.git \
- file://Convert-another-vdprintf-to-dprintf.patch \
- file://Use-format-s-for-call-to-dprintf.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta-tpm/recipes-tpm/swtpm/files/fix_fcntl_h.patch b/meta-tpm/recipes-tpm/swtpm/files/fix_fcntl_h.patch
index e844045..3d16431 100644
--- a/meta-tpm/recipes-tpm/swtpm/files/fix_fcntl_h.patch
+++ b/meta-tpm/recipes-tpm/swtpm/files/fix_fcntl_h.patch
@@ -1,4 +1,7 @@
-logging: Fix musl build issue with fcntl
+From 8750a6c3f0b4d9e7e45b4079150d29eb44774e9c Mon Sep 17 00:00:00 2001
+From: Armin Kuster <akuster at mvista.com>
+Date: Tue, 14 Mar 2017 22:59:36 -0700
+Subject: [PATCH 2/4] logging: Fix musl build issue with fcntl
error: #warning redirecting incorrect #include <sys/fcntl.h> to <fcntl.h> [-Werror=cpp]
#warning redirecting incorrect #include <sys/fcntl.h> to <fcntl.
@@ -6,16 +9,23 @@ logging: Fix musl build issue with fcntl
Upstream-Status: Pending
Signed-off-by: Armin Kuster <akuster at mvista.com>
-Index: git/src/swtpm/logging.c
-===================================================================
---- git.orig/src/swtpm/logging.c
-+++ git/src/swtpm/logging.c
-@@ -43,7 +43,7 @@
+---
+ src/swtpm/logging.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/swtpm/logging.c b/src/swtpm/logging.c
+index f16cab6..7da8606 100644
+--- a/src/swtpm/logging.c
++++ b/src/swtpm/logging.c
+@@ -45,7 +45,7 @@
#include <errno.h>
#include <string.h>
#include <sys/types.h>
-#include <sys/fcntl.h>
+#include <fcntl.h>
+ #include <sys/stat.h>
#include <stdio.h>
#include <stdlib.h>
- #include <stdarg.h>
+--
+2.11.0
+
diff --git a/meta-tpm/recipes-tpm/swtpm/files/fix_lib_search_path.patch b/meta-tpm/recipes-tpm/swtpm/files/fix_lib_search_path.patch
index 28aca4a..60958f7 100644
--- a/meta-tpm/recipes-tpm/swtpm/files/fix_lib_search_path.patch
+++ b/meta-tpm/recipes-tpm/swtpm/files/fix_lib_search_path.patch
@@ -1,7 +1,7 @@
-From 85706ceb6877ade3b589d3c390abf5b3492bb718 Mon Sep 17 00:00:00 2001
+From 672bb4ee625da3141ba6cecb0601c7563de4c483 Mon Sep 17 00:00:00 2001
From: Armin Kuster <akuster808 at gmail.com>
Date: Thu, 13 Oct 2016 02:03:56 -0700
-Subject: [PATCH] swtpm: add new package
+Subject: [PATCH 1/4] swtpm: add new package
Upstream-Status: Inappropriate [OE config]
@@ -12,20 +12,21 @@ Rebased to current tip.
Signed-off-by: Patrick Ohly <patrick.ohly at intel.com>
---
- configure.ac | 32 ++++++++++----------------------
- 1 file changed, 10 insertions(+), 22 deletions(-)
+ configure.ac | 34 ++++++++++------------------------
+ 1 file changed, 10 insertions(+), 24 deletions(-)
diff --git a/configure.ac b/configure.ac
-index c4a9c6d..6267f64 100644
+index abf5be1..85ed6ac 100644
--- a/configure.ac
+++ b/configure.ac
-@@ -395,29 +395,17 @@ CFLAGS="$CFLAGS -Wformat -Wformat-security"
+@@ -395,31 +395,17 @@ CFLAGS="$CFLAGS -Wformat -Wformat-security"
dnl We have to make sure libtpms is using the same crypto library
dnl to avoid problems
AC_MSG_CHECKING([the crypto library libtpms is using])
-dirs=$($CC $CFLAGS -Xlinker --verbose 2>/dev/null | \
- sed -n '/SEARCH_DIR/p' | \
-- sed 's/SEARCH_DIR("=\?\(@<:@^"@:>@\+\)"); */\1\n/g')
+- sed 's/SEARCH_DIR("\(@<:@^"@:>@*\)"); */\1 /g' | \
+- sed 's|=/|/|g')
-for dir in $dirs $LIBRARY_PATH; do
- if test -r $dir/libtpms.so; then
- if test -n "`ldd $dir/libtpms.so | grep libcrypto.so`"; then
@@ -43,12 +44,13 @@ index c4a9c6d..6267f64 100644
+ break
fi
- case $host_os in
-- cygwin)
+- cygwin|openbsd*)
- if test -r $dir/libtpms.a; then
- if test -n "$(nm $dir/libtpms.a | grep "U AES_encrypt")"; then
- libtpms_cryptolib="openssl"
- fi
- fi
+- ;;
- esac
-done
+ if test -n "`ldd $dir/libtpms.so | grep libnss3.so`"; then
@@ -60,5 +62,5 @@ index c4a9c6d..6267f64 100644
if test -z "$libtpms_cryptolib"; then
AC_MSG_ERROR([Could not determine libtpms crypto library.])
--
-2.1.4
+2.11.0
diff --git a/meta-tpm/recipes-tpm/swtpm/files/fix_signed_issue.patch b/meta-tpm/recipes-tpm/swtpm/files/fix_signed_issue.patch
deleted file mode 100644
index 140585b..0000000
--- a/meta-tpm/recipes-tpm/swtpm/files/fix_signed_issue.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-Upstream-Status: Pending
-Signed-off-by Armin Kuster <akuster808 at gmail>
-
-Index: git/src/swtpm/ctrlchannel.c
-===================================================================
---- git.orig/src/swtpm/ctrlchannel.c
-+++ git/src/swtpm/ctrlchannel.c
-@@ -152,7 +152,8 @@ static int ctrlchannel_receive_state(ptm
- uint32_t tpm_number = 0;
- unsigned char *blob = NULL;
- uint32_t blob_length = be32toh(pss->u.req.length);
-- uint32_t remain = blob_length, offset = 0;
-+ ssize_t remain = (ssize_t) blob_length;
-+ uint32_t offset = 0;
- TPM_RESULT res;
- uint32_t flags = be32toh(pss->u.req.state_flags);
- TPM_BOOL is_encrypted = (flags & PTM_STATE_FLAG_ENCRYPTED) != 0;
-Index: git/src/swtpm_ioctl/tpm_ioctl.c
-===================================================================
---- git.orig/src/swtpm_ioctl/tpm_ioctl.c
-+++ git/src/swtpm_ioctl/tpm_ioctl.c
-@@ -303,7 +303,7 @@ static int do_save_state_blob(int fd, bo
- numbytes = write(file_fd, pgs.u.resp.data,
- devtoh32(is_chardev, pgs.u.resp.length));
-
-- if (numbytes != devtoh32(is_chardev, pgs.u.resp.length)) {
-+ if (numbytes != (ssize_t) devtoh32(is_chardev, pgs.u.resp.length)) {
- fprintf(stderr,
- "Could not write to file '%s': %s\n",
- filename, strerror(errno));
-@@ -420,7 +420,7 @@ static int do_load_state_blob(int fd, bo
- had_error = true;
- break;
- }
-- pss.u.req.length = htodev32(is_chardev, numbytes);
-+ pss.u.req.length = htodev32(is_chardev, (uint32_t) numbytes);
-
- /* the returnsize is zero on all intermediate packets */
- returnsize = ((size_t)numbytes < sizeof(pss.u.req.data))
-@@ -863,7 +863,7 @@ int main(int argc, char *argv[])
- return EXIT_FAILURE;
- }
- /* no tpm_result here */
-- printf("ptm capability is 0x%lx\n", (uint64_t)devtoh64(is_chardev, cap));
-+ printf("ptm capability is 0x%llx\n", (long long unsigned)devtoh64(is_chardev, cap));
-
- } else if (!strcmp(command, "-i")) {
- init.u.req.init_flags = htodev32(is_chardev, PTM_INIT_FLAG_DELETE_VOLATILE);
diff --git a/meta-tpm/recipes-tpm/swtpm/swtpm_1.0.bb b/meta-tpm/recipes-tpm/swtpm/swtpm_1.0.bb
index 952de1a..7476020 100644
--- a/meta-tpm/recipes-tpm/swtpm/swtpm_1.0.bb
+++ b/meta-tpm/recipes-tpm/swtpm/swtpm_1.0.bb
@@ -10,14 +10,12 @@ DEPENDS = "libtasn1 expect socat glib-2.0 libtpm libtpm-native"
DEPENDS += "tpm-tools-native expect-native socat-native"
RDEPENDS_${PN} += "tpm-tools"
-SRCREV = "073e71f99eaa7a0ff9499339176af1af62c090b2"
-SRC_URI = " \
- git://github.com/stefanberger/swtpm.git \
- file://fix_signed_issue.patch \
- file://fix_lib_search_path.patch \
- file://fix_fcntl_h.patch \
- file://ioctl_h.patch \
- "
+SRCREV = "4f4f2f0a7e3195f6df8d235d58630a08e69403d8"
+SRC_URI = "git://github.com/stefanberger/swtpm.git \
+ file://fix_lib_search_path.patch \
+ file://fix_fcntl_h.patch \
+ file://ioctl_h.patch \
+ "
S = "${WORKDIR}/git"
--
2.11.0
More information about the yocto
mailing list