Marcus Meissner
0686c8dbaf
- update to 0.9.0: - fixes: boo#1226398 - swtpm: - Use umask() to create/truncated state file rather than fchmod() - Use fchmod to set mode bits provided by user - Replace mkstemp with g_mkstemp_full (Coverity) - fix typo in help message - cuse: Fix Coverity complaints regarding locks - Fix double free in error path - Close fd after main loop - Restore logging to stderr on log open failure - swtpm_setup: - Fail --pcr-banks without --tpm2 - Fail --decryption or --allow-signing without --tpm2 - Initialized argv in get_swtpm_capabilities() - Flush spk after persisting to create room for another key - Refactor duplicate code into swtpm_tpm2_write_cert_nvram - Move persisting of certificate into tpm2_persist_certificate - Pass key_type to function creating filename for key - Add scheme parameter before curveid to createprimary_ecc - Rename is_ek to preserve for future extension - Mask-out EK and plaform certificate flags and set cert_flags - Move common code into new function read_certificate_file() - Exit with '0' upon --version rather than '1' - Close file descriptors passed to swtpm process on parent side - Make stdout unbuffered - Use medium duration on TSC_PhysicalPresence to avoid timeouts - Add poll() after write() and before read() to detect errors - swtpm_localca: - Add support for up to 20 bytes serial numbers OBS-URL: https://build.opensuse.org/request/show/1190897 OBS-URL: https://build.opensuse.org/package/show/security/swtpm?expand=0&rev=44
20 lines
923 B
Diff
20 lines
923 B
Diff
Index: swtpm-0.8.0/configure.ac
|
|
===================================================================
|
|
--- swtpm-0.8.0.orig/configure.ac
|
|
+++ swtpm-0.8.0/configure.ac
|
|
@@ -418,11 +418,11 @@ if test "x$enable_hardening" != "xno"; t
|
|
# Some versions of gcc fail with -Wstack-protector,
|
|
# some with -Wstack-protector-strong enabled
|
|
if ! $CC -fstack-protector-strong -Wstack-protector $srcdir/include/swtpm/tpm_ioctl.h 2>/dev/null; then
|
|
- if $CC -fstack-protector -Wstack-protector $srcdir/include/swtpm/tpm_ioctl.h 2>/dev/null; then
|
|
- HARDENING_CFLAGS="-fstack-protector -Wstack-protector"
|
|
+ if $CC -fstack-protector $srcdir/include/swtpm/tpm_ioctl.h 2>/dev/null; then
|
|
+ HARDENING_CFLAGS="-fstack-protector"
|
|
fi
|
|
else
|
|
- HARDENING_CFLAGS="-fstack-protector-strong -Wstack-protector"
|
|
+ HARDENING_CFLAGS="-fstack-protector-strong"
|
|
fi
|
|
|
|
dnl Only support -D_FORTIFY_SOURCE=2 and have higher levels passed in by user
|