All of lore.kernel.org
 help / color / mirror / Atom feed
From: Patrick Ohly <patrick.ohly@intel.com>
To: yocto@yoctoproject.org
Subject: [meta-security][PATCH 1/1] swtpm/libtpm: update to latest master
Date: Wed,  6 Dec 2017 09:34:51 +0100	[thread overview]
Message-ID: <20171206083452.8412-1-patrick.ohly@intel.com> (raw)

This allows dropping some patches for issues that were addressed
upstream. It also brings in support for connecting swtpm to qemu
without relying on CUSE.

Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
---
 meta-tpm/recipes-tpm/libtpm/libtpm_1.0.bb          |  4 +-
 meta-tpm/recipes-tpm/swtpm/files/fix_fcntl_h.patch | 24 +++++++----
 .../swtpm/files/fix_lib_search_path.patch          | 20 +++++----
 .../recipes-tpm/swtpm/files/fix_signed_issue.patch | 48 ----------------------
 meta-tpm/recipes-tpm/swtpm/swtpm_1.0.bb            | 14 +++----
 5 files changed, 35 insertions(+), 75 deletions(-)
 delete mode 100644 meta-tpm/recipes-tpm/swtpm/files/fix_signed_issue.patch

diff --git a/meta-tpm/recipes-tpm/libtpm/libtpm_1.0.bb b/meta-tpm/recipes-tpm/libtpm/libtpm_1.0.bb
index f9624f6..b29ec6b 100644
--- a/meta-tpm/recipes-tpm/libtpm/libtpm_1.0.bb
+++ b/meta-tpm/recipes-tpm/libtpm/libtpm_1.0.bb
@@ -2,11 +2,9 @@ SUMMARY = "LIBPM - Software TPM Library"
 LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=97e5eea8d700d76b3ddfd35c4c96485f"
 
-SRCREV = "ad44846dda5a96e269ad2f78a532e01e9a2f02a1"
+SRCREV = "3388d45082bdc588c6fc0672f44d6d7d0aaa86ff"
 SRC_URI = " \
 	git://github.com/stefanberger/libtpms.git \
-	file://Convert-another-vdprintf-to-dprintf.patch \
-	file://Use-format-s-for-call-to-dprintf.patch \
 	"
 
 S = "${WORKDIR}/git"
diff --git a/meta-tpm/recipes-tpm/swtpm/files/fix_fcntl_h.patch b/meta-tpm/recipes-tpm/swtpm/files/fix_fcntl_h.patch
index e844045..3d16431 100644
--- a/meta-tpm/recipes-tpm/swtpm/files/fix_fcntl_h.patch
+++ b/meta-tpm/recipes-tpm/swtpm/files/fix_fcntl_h.patch
@@ -1,4 +1,7 @@
-logging: Fix musl build issue with fcntl
+From 8750a6c3f0b4d9e7e45b4079150d29eb44774e9c Mon Sep 17 00:00:00 2001
+From: Armin Kuster <akuster@mvista.com>
+Date: Tue, 14 Mar 2017 22:59:36 -0700
+Subject: [PATCH 2/4] logging: Fix musl build issue with fcntl
 
  error: #warning redirecting incorrect #include <sys/fcntl.h> to <fcntl.h> [-Werror=cpp]
  #warning redirecting incorrect #include <sys/fcntl.h> to <fcntl.
@@ -6,16 +9,23 @@ logging: Fix musl build issue with fcntl
 Upstream-Status: Pending
 Signed-off-by: Armin Kuster <akuster@mvista.com>
 
-Index: git/src/swtpm/logging.c
-===================================================================
---- git.orig/src/swtpm/logging.c
-+++ git/src/swtpm/logging.c
-@@ -43,7 +43,7 @@
+---
+ src/swtpm/logging.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/swtpm/logging.c b/src/swtpm/logging.c
+index f16cab6..7da8606 100644
+--- a/src/swtpm/logging.c
++++ b/src/swtpm/logging.c
+@@ -45,7 +45,7 @@
  #include <errno.h>
  #include <string.h>
  #include <sys/types.h>
 -#include <sys/fcntl.h>
 +#include <fcntl.h>
+ #include <sys/stat.h>
  #include <stdio.h>
  #include <stdlib.h>
- #include <stdarg.h>
+-- 
+2.11.0
+
diff --git a/meta-tpm/recipes-tpm/swtpm/files/fix_lib_search_path.patch b/meta-tpm/recipes-tpm/swtpm/files/fix_lib_search_path.patch
index 28aca4a..60958f7 100644
--- a/meta-tpm/recipes-tpm/swtpm/files/fix_lib_search_path.patch
+++ b/meta-tpm/recipes-tpm/swtpm/files/fix_lib_search_path.patch
@@ -1,7 +1,7 @@
-From 85706ceb6877ade3b589d3c390abf5b3492bb718 Mon Sep 17 00:00:00 2001
+From 672bb4ee625da3141ba6cecb0601c7563de4c483 Mon Sep 17 00:00:00 2001
 From: Armin Kuster <akuster808@gmail.com>
 Date: Thu, 13 Oct 2016 02:03:56 -0700
-Subject: [PATCH] swtpm: add new package
+Subject: [PATCH 1/4] swtpm: add new package
 
 Upstream-Status: Inappropriate [OE config]
 
@@ -12,20 +12,21 @@ Rebased to current tip.
 Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
 
 ---
- configure.ac | 32 ++++++++++----------------------
- 1 file changed, 10 insertions(+), 22 deletions(-)
+ configure.ac | 34 ++++++++++------------------------
+ 1 file changed, 10 insertions(+), 24 deletions(-)
 
 diff --git a/configure.ac b/configure.ac
-index c4a9c6d..6267f64 100644
+index abf5be1..85ed6ac 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -395,29 +395,17 @@ CFLAGS="$CFLAGS -Wformat -Wformat-security"
+@@ -395,31 +395,17 @@ CFLAGS="$CFLAGS -Wformat -Wformat-security"
  dnl We have to make sure libtpms is using the same crypto library
  dnl to avoid problems
  AC_MSG_CHECKING([the crypto library libtpms is using])
 -dirs=$($CC $CFLAGS -Xlinker --verbose 2>/dev/null | \
 -       sed -n '/SEARCH_DIR/p' | \
--       sed 's/SEARCH_DIR("=\?\(@<:@^"@:>@\+\)"); */\1\n/g')
+-       sed 's/SEARCH_DIR("\(@<:@^"@:>@*\)"); */\1 /g' | \
+-       sed 's|=/|/|g')
 -for dir in $dirs $LIBRARY_PATH; do
 -  if test -r $dir/libtpms.so; then
 -    if test -n "`ldd $dir/libtpms.so | grep libcrypto.so`"; then
@@ -43,12 +44,13 @@ index c4a9c6d..6267f64 100644
 +    break
    fi
 -  case $host_os in
--  cygwin)
+-  cygwin|openbsd*)
 -    if test -r $dir/libtpms.a; then
 -      if test -n "$(nm $dir/libtpms.a | grep "U AES_encrypt")"; then
 -        libtpms_cryptolib="openssl"
 -      fi
 -    fi
+-    ;;
 -  esac
 -done
 +  if test -n "`ldd $dir/libtpms.so | grep libnss3.so`"; then
@@ -60,5 +62,5 @@ index c4a9c6d..6267f64 100644
  if test -z "$libtpms_cryptolib"; then
    AC_MSG_ERROR([Could not determine libtpms crypto library.])
 -- 
-2.1.4
+2.11.0
 
diff --git a/meta-tpm/recipes-tpm/swtpm/files/fix_signed_issue.patch b/meta-tpm/recipes-tpm/swtpm/files/fix_signed_issue.patch
deleted file mode 100644
index 140585b..0000000
--- a/meta-tpm/recipes-tpm/swtpm/files/fix_signed_issue.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-Upstream-Status: Pending
-Signed-off-by Armin Kuster <akuster808@gmail>
-
-Index: git/src/swtpm/ctrlchannel.c
-===================================================================
---- git.orig/src/swtpm/ctrlchannel.c
-+++ git/src/swtpm/ctrlchannel.c
-@@ -152,7 +152,8 @@ static int ctrlchannel_receive_state(ptm
-     uint32_t tpm_number = 0;
-     unsigned char *blob = NULL;
-     uint32_t blob_length = be32toh(pss->u.req.length);
--    uint32_t remain = blob_length, offset = 0;
-+    ssize_t remain = (ssize_t) blob_length;
-+    uint32_t offset = 0;
-     TPM_RESULT res;
-     uint32_t flags = be32toh(pss->u.req.state_flags);
-     TPM_BOOL is_encrypted = (flags & PTM_STATE_FLAG_ENCRYPTED) != 0;
-Index: git/src/swtpm_ioctl/tpm_ioctl.c
-===================================================================
---- git.orig/src/swtpm_ioctl/tpm_ioctl.c
-+++ git/src/swtpm_ioctl/tpm_ioctl.c
-@@ -303,7 +303,7 @@ static int do_save_state_blob(int fd, bo
-         numbytes = write(file_fd, pgs.u.resp.data,
-                          devtoh32(is_chardev, pgs.u.resp.length));
- 
--        if (numbytes != devtoh32(is_chardev, pgs.u.resp.length)) {
-+        if (numbytes != (ssize_t) devtoh32(is_chardev, pgs.u.resp.length)) {
-             fprintf(stderr,
-                     "Could not write to file '%s': %s\n",
-                     filename, strerror(errno));
-@@ -420,7 +420,7 @@ static int do_load_state_blob(int fd, bo
-                had_error = true;
-                break;
-             }
--            pss.u.req.length = htodev32(is_chardev, numbytes);
-+            pss.u.req.length = htodev32(is_chardev, (uint32_t) numbytes);
- 
-             /* the returnsize is zero on all intermediate packets */
-             returnsize = ((size_t)numbytes < sizeof(pss.u.req.data))
-@@ -863,7 +863,7 @@ int main(int argc, char *argv[])
-             return EXIT_FAILURE;
-         }
-         /* no tpm_result here */
--        printf("ptm capability is 0x%lx\n", (uint64_t)devtoh64(is_chardev, cap));
-+        printf("ptm capability is 0x%llx\n", (long long unsigned)devtoh64(is_chardev, cap));
- 
-     } else if (!strcmp(command, "-i")) {
-         init.u.req.init_flags = htodev32(is_chardev, PTM_INIT_FLAG_DELETE_VOLATILE);
diff --git a/meta-tpm/recipes-tpm/swtpm/swtpm_1.0.bb b/meta-tpm/recipes-tpm/swtpm/swtpm_1.0.bb
index 952de1a..7476020 100644
--- a/meta-tpm/recipes-tpm/swtpm/swtpm_1.0.bb
+++ b/meta-tpm/recipes-tpm/swtpm/swtpm_1.0.bb
@@ -10,14 +10,12 @@ DEPENDS = "libtasn1 expect socat glib-2.0 libtpm libtpm-native"
 DEPENDS += "tpm-tools-native expect-native socat-native"
 RDEPENDS_${PN} += "tpm-tools"
 
-SRCREV = "073e71f99eaa7a0ff9499339176af1af62c090b2"
-SRC_URI = " \
-	git://github.com/stefanberger/swtpm.git \
-	file://fix_signed_issue.patch \
-	file://fix_lib_search_path.patch \
-        file://fix_fcntl_h.patch \
-        file://ioctl_h.patch \
-	"
+SRCREV = "4f4f2f0a7e3195f6df8d235d58630a08e69403d8"
+SRC_URI = "git://github.com/stefanberger/swtpm.git \
+           file://fix_lib_search_path.patch \
+           file://fix_fcntl_h.patch \
+           file://ioctl_h.patch \
+           "
 
 S = "${WORKDIR}/git"
 
-- 
2.11.0



                 reply	other threads:[~2017-12-06  8:35 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20171206083452.8412-1-patrick.ohly@intel.com \
    --to=patrick.ohly@intel.com \
    --cc=yocto@yoctoproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.