From f1630a9c5384e6dcc5fdd812291ce3e0008f2017 Mon Sep 17 00:00:00 2001 From: Anderson Toshiyuki Sasaki Date: Tue, 18 Apr 2023 12:02:48 +0200 Subject: [PATCH] Avoid LTO + FORTIFY_SOURCE=3 issue When compiled with LTO and FORTIFY_SOURCE=3 enabled together, tpm2_makecredential outputs corrupted data which cannot be used with tpm2_activatecredential. This can be avoided by disabling compiler optimization for part of the code using pragma. This patch was obtained upstream from: https://github.com/tpm2-software/tpm2-tools/pull/3219 This fixes the upstream issue: https://github.com/tpm2-software/tpm2-tools/issues/3210 Resolves: rhbz#2171376 Signed-off-by: Anderson Toshiyuki Sasaki --- tpm2-tools-fix-fortify.patch | 57 ++++++++++++++++++++++++++++++++++++ tpm2-tools.spec | 11 ++++++- 2 files changed, 67 insertions(+), 1 deletion(-) create mode 100644 tpm2-tools-fix-fortify.patch diff --git a/tpm2-tools-fix-fortify.patch b/tpm2-tools-fix-fortify.patch new file mode 100644 index 0000000..db12408 --- /dev/null +++ b/tpm2-tools-fix-fortify.patch @@ -0,0 +1,57 @@ +From 43b24bb6d1bbc65e80bd1de1d679922ba70ce5c0 Mon Sep 17 00:00:00 2001 +From: Juergen Repp +Date: Mon, 6 Mar 2023 12:16:05 +0100 +Subject: [PATCH] kdfa.c Fix problem with FORTIFY_SOURCE on Fedora + +The original kdfa implementation did produce an error caused by the flags +-flto -_FORTIFY_SOURCE=2 on Fedora rawhide. +This error can be avoided by switching off the optimization with pragma. +Fixes: #3210. + +Signed-off-by: Juergen Repp +--- + lib/tpm2_kdfa.c | 20 +++++++++++++++++++- + 1 file changed, 19 insertions(+), 1 deletion(-) + +diff --git a/lib/tpm2_kdfa.c b/lib/tpm2_kdfa.c +index 5eb8d558c..9db0467e4 100644 +--- a/lib/tpm2_kdfa.c ++++ b/lib/tpm2_kdfa.c +@@ -1,7 +1,6 @@ + /* SPDX-License-Identifier: BSD-3-Clause */ + + #include +- + #include + #if OPENSSL_VERSION_NUMBER < 0x30000000L + #include +@@ -13,6 +12,15 @@ + #include "tpm2_kdfa.h" + #include "tpm2_openssl.h" + ++/* ++ * Disable optimazation because of an error in FORTIFY_SOURCE ++ */ ++ ++#ifdef _FORTIFY_SOURCE ++#pragma GCC push_options ++#pragma GCC optimize ("O0") ++#endif ++ + TSS2_RC tpm2_kdfa(TPMI_ALG_HASH hash_alg, TPM2B *key, char *label, + TPM2B *context_u, TPM2B *context_v, UINT16 bits, + TPM2B_MAX_BUFFER *result_key) { +@@ -139,3 +147,13 @@ TSS2_RC tpm2_kdfa(TPMI_ALG_HASH hash_alg, TPM2B *key, char *label, + + return rval; + } ++#ifdef _FORTIFY_SOURCE ++ ++#endif ++ ++#ifdef _FORTIFY_SOURCE ++#pragma GCC pop_options ++#endif ++ ++ ++ diff --git a/tpm2-tools.spec b/tpm2-tools.spec index 990d257..fd1271f 100644 --- a/tpm2-tools.spec +++ b/tpm2-tools.spec @@ -2,13 +2,18 @@ Name: tpm2-tools Version: 5.5 -Release: 2%{?candidate:.%{candidate}}%{?dist} +Release: 3%{?candidate:.%{candidate}}%{?dist} Summary: A bunch of TPM testing toolS build upon tpm2-tss License: BSD URL: https://github.com/tpm2-software/tpm2-tools Source0: https://github.com/tpm2-software/tpm2-tools/releases/download/%{version}%{?candidate:-%{candidate}}/%{name}-%{version}%{?candidate:-%{candidate}}.tar.gz +# Disable optimization to avoid LTO + FORTIFY_SOURCE=3 issue: +# https://bugzilla.redhat.com/show_bug.cgi?id=2171376 +# https://github.com/tpm2-software/tpm2-tools/issues/3210 +Patch0: tpm2-tools-fix-fortify.patch + BuildRequires: make BuildRequires: gcc-c++ BuildRequires: libtool @@ -55,6 +60,10 @@ tpm2-tools is a batch of tools for tpm2.0. It is based on tpm2-tss. %{_mandir}/man1/tss2_*.1.gz %changelog +* Mon Apr 17 2023 Anderson Toshiyuki Sasaki - 5.5-3 +- Disable compiler optimization to fix LTO + FORTIFY_SOURCE=3 issue + Resolves rhbz#2171376 + * Tue Feb 21 2023 Yaakov Selkowitz - 5.5-2 - Disable manpage regeneration in RHEL/ELN builds