Marcus Meissner
7468cdf8a6
- Add patch: 1229131-fix-swtpm-selinux-policy-mismatch.patch
- this can be removed once swtpm upstream sorts out their custom selinux module.
see: https://github.com/stefanberger/swtpm/issues/885
there were a couple changes in the selinux-policy libvirt handling
which causes the logfile in /var/log/swtpm/libvirt/qemu/*.log to be labeled
virt_log_t instead of var_log_t. this patch allows swtpm_t to open the virt_log_t
OBS-URL: https://build.opensuse.org/package/show/security/swtpm?expand=0&rev=46
20 lines
923 B
Diff
20 lines
923 B
Diff
Index: swtpm-0.8.0/configure.ac
|
|
===================================================================
|
|
--- swtpm-0.8.0.orig/configure.ac
|
|
+++ swtpm-0.8.0/configure.ac
|
|
@@ -418,11 +418,11 @@ if test "x$enable_hardening" != "xno"; t
|
|
# Some versions of gcc fail with -Wstack-protector,
|
|
# some with -Wstack-protector-strong enabled
|
|
if ! $CC -fstack-protector-strong -Wstack-protector $srcdir/include/swtpm/tpm_ioctl.h 2>/dev/null; then
|
|
- if $CC -fstack-protector -Wstack-protector $srcdir/include/swtpm/tpm_ioctl.h 2>/dev/null; then
|
|
- HARDENING_CFLAGS="-fstack-protector -Wstack-protector"
|
|
+ if $CC -fstack-protector $srcdir/include/swtpm/tpm_ioctl.h 2>/dev/null; then
|
|
+ HARDENING_CFLAGS="-fstack-protector"
|
|
fi
|
|
else
|
|
- HARDENING_CFLAGS="-fstack-protector-strong -Wstack-protector"
|
|
+ HARDENING_CFLAGS="-fstack-protector-strong"
|
|
fi
|
|
|
|
dnl Only support -D_FORTIFY_SOURCE=2 and have higher levels passed in by user
|