swtpm/swtpm-fix-build.patch

Index: swtpm-0.8.0/configure.ac
===================================================================
--- swtpm-0.8.0.orig/configure.ac
+++ swtpm-0.8.0/configure.ac
@@ -418,11 +418,11 @@ if test "x$enable_hardening" != "xno"; t
 	# Some versions of gcc fail with -Wstack-protector,
 	# some with -Wstack-protector-strong enabled
 	if ! $CC -fstack-protector-strong -Wstack-protector $srcdir/include/swtpm/tpm_ioctl.h 2>/dev/null; then
-		if $CC -fstack-protector -Wstack-protector $srcdir/include/swtpm/tpm_ioctl.h 2>/dev/null; then
-			HARDENING_CFLAGS="-fstack-protector -Wstack-protector"
+		if $CC -fstack-protector $srcdir/include/swtpm/tpm_ioctl.h 2>/dev/null; then
+			HARDENING_CFLAGS="-fstack-protector"
 		fi
 	else
-		HARDENING_CFLAGS="-fstack-protector-strong -Wstack-protector"
+		HARDENING_CFLAGS="-fstack-protector-strong"
 	fi
 
 	dnl Only support -D_FORTIFY_SOURCE=2 and have higher levels passed in by user
Accepting request 1190897 from home:rrahl0 - update to 0.9.0: - fixes: boo#1226398 - swtpm: - Use umask() to create/truncated state file rather than fchmod() - Use fchmod to set mode bits provided by user - Replace mkstemp with g_mkstemp_full (Coverity) - fix typo in help message - cuse: Fix Coverity complaints regarding locks - Fix double free in error path - Close fd after main loop - Restore logging to stderr on log open failure - swtpm_setup: - Fail --pcr-banks without --tpm2 - Fail --decryption or --allow-signing without --tpm2 - Initialized argv in get_swtpm_capabilities() - Flush spk after persisting to create room for another key - Refactor duplicate code into swtpm_tpm2_write_cert_nvram - Move persisting of certificate into tpm2_persist_certificate - Pass key_type to function creating filename for key - Add scheme parameter before curveid to createprimary_ecc - Rename is_ek to preserve for future extension - Mask-out EK and plaform certificate flags and set cert_flags - Move common code into new function read_certificate_file() - Exit with '0' upon --version rather than '1' - Close file descriptors passed to swtpm process on parent side - Make stdout unbuffered - Use medium duration on TSC_PhysicalPresence to avoid timeouts - Add poll() after write() and before read() to detect errors - swtpm_localca: - Add support for up to 20 bytes serial numbers OBS-URL: https://build.opensuse.org/request/show/1190897 OBS-URL: https://build.opensuse.org/package/show/security/swtpm?expand=0&rev=44 2024-08-01 20:11:21 +02:00			`Index: swtpm-0.8.0/configure.ac`
			`===================================================================`
			`--- swtpm-0.8.0.orig/configure.ac`
			`+++ swtpm-0.8.0/configure.ac`
			`@@ -418,11 +418,11 @@ if test "x$enable_hardening" != "xno"; t`
			`# Some versions of gcc fail with -Wstack-protector,`
			`# some with -Wstack-protector-strong enabled`
			`if ! $CC -fstack-protector-strong -Wstack-protector $srcdir/include/swtpm/tpm_ioctl.h 2>/dev/null; then`
			`- if $CC -fstack-protector -Wstack-protector $srcdir/include/swtpm/tpm_ioctl.h 2>/dev/null; then`
			`- HARDENING_CFLAGS="-fstack-protector -Wstack-protector"`
			`+ if $CC -fstack-protector $srcdir/include/swtpm/tpm_ioctl.h 2>/dev/null; then`
			`+ HARDENING_CFLAGS="-fstack-protector"`
			`fi`
			`else`
			`- HARDENING_CFLAGS="-fstack-protector-strong -Wstack-protector"`
			`+ HARDENING_CFLAGS="-fstack-protector-strong"`
			`fi`

			`dnl Only support -D_FORTIFY_SOURCE=2 and have higher levels passed in by user`