From ca816d8a1f92621d9c8ea8ed823a230d41bc8634 Mon Sep 17 00:00:00 2001 From: zhengxiaoxiaoGitee Date: Mon, 4 Aug 2025 11:12:24 +0800 Subject: [PATCH] adapt ocaml 5.x Signed-off-by: zhengxiaoxiao (cherry picked from commit 6fd74903fff00c8d05c4693c39f49c4b1ab0dc44) --- ...-Linux-2_22-Open-Source-Gold-Release.patch | 85 +++++++++++++++++++ linux-sgx.spec | 6 +- 2 files changed, 90 insertions(+), 1 deletion(-) create mode 100644 backport-Linux-2_22-Open-Source-Gold-Release.patch diff --git a/backport-Linux-2_22-Open-Source-Gold-Release.patch b/backport-Linux-2_22-Open-Source-Gold-Release.patch new file mode 100644 index 0000000..c098ba3 --- /dev/null +++ b/backport-Linux-2_22-Open-Source-Gold-Release.patch @@ -0,0 +1,85 @@ +From 8a223177093da64a5d071b36127d12b04c0d3397 Mon Sep 17 00:00:00 2001 +From: "Li, Xun" +Date: Tue, 24 Oct 2023 11:05:23 +0800 +Subject: [PATCH] Linux 2.22 Open Source Gold Release +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Upgraded to OpenSSL 3.0.10. +Added interoperable RA-TLS support which follows CCC design. +Enhanced Protect File System performance and added additional dependency + `libsgx_pthread.a`. +Added the Constant Time instruction Decoder (CTD) into the default AEX-Notify + mitigation handler in order to prevent the introduction of any additional + subtle sidechannel leakages within the default handler. +Added Mistletoe 3 mitigations to the IPP Cryptography Library to the AES-ECB, + AESGCM, and AES-CMAC algorithms. These have been incorporated transparently + into the `sgx_tcrypto` library. +Resigned all IntelĀ® SGX Architecture Enclaves. +Upgraded Intel SGX Quote Verification Enclave to integrate OpenSSL/SgxSSL 3.0.10. +Added Attestation Library support for Intel(R) TDX Migration TD. +Added Rust wrapper for low-level Quote Generation APIs. +Enabled `SE_TRACE` log in release binary. +Updated Rust QVL wrapper to use native Rust structure for quote verification + collateral. +Added a limitation in the DCAP QVL to only allow the user to set the QvE load + policy once. +Fixed bugs. + +Signed-off-by: Li, Xun + +Reference: https://github.com/intel/linux-sgx/commit/8a223177093da64a5d071b36127d12b04c0d3397 +Conflict: Remove unrelated modifications except for sdk/edger8r/linux/*.ml +--- + sdk/edger8r/linux/CodeGen.ml | 6 +++--- + sdk/edger8r/linux/Util.ml | 2 +- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/sdk/edger8r/linux/CodeGen.ml b/sdk/edger8r/linux/CodeGen.ml +index 3da0795..609368a 100644 +--- a/sdk/edger8r/linux/CodeGen.ml ++++ b/sdk/edger8r/linux/CodeGen.ml +@@ -675,7 +675,7 @@ let gen_ufunc_proto (uf: Ast.untrusted_func) = + let cconv_str = "SGX_" ^ Ast.get_call_conv_str uf.Ast.uf_fattr.Ast.fa_convention in + let func_name = uf.Ast.uf_fdecl.Ast.fname in + let plist_str = get_plist_str uf.Ast.uf_fdecl in +- let func_guard = sprintf "%s_DEFINED__" (String.uppercase func_name) in ++ let func_guard = sprintf "%s_DEFINED__" (String.uppercase_ascii func_name) in + sprintf "#ifndef %s\n#define %s\n%s%s SGX_UBRIDGE(%s, %s, (%s));\n#endif" + func_guard func_guard dllimport ret_tystr cconv_str func_name plist_str + +@@ -704,7 +704,7 @@ let ms_writer out_chan ec = + (* Generate untrusted header for enclave *) + let gen_untrusted_header (ec: enclave_content) = + let header_fname = get_uheader_name ec.file_shortnm in +- let guard_macro = sprintf "%s_U_H__" (String.uppercase ec.enclave_name) in ++ let guard_macro = sprintf "%s_U_H__" (String.uppercase_ascii ec.enclave_name) in + let preemble_code = + let include_list = gen_include_list (ec.include_list @ !untrusted_headers) in + gen_uheader_preemble guard_macro include_list +@@ -737,7 +737,7 @@ let gen_theader_preemble (guard: string) (inclist: string) = + (* Generate trusted header for enclave *) + let gen_trusted_header (ec: enclave_content) = + let header_fname = get_theader_name ec.file_shortnm in +- let guard_macro = sprintf "%s_T_H__" (String.uppercase ec.enclave_name) in ++ let guard_macro = sprintf "%s_T_H__" (String.uppercase_ascii ec.enclave_name) in + let guard_code = + let include_list = gen_include_list (ec.include_list @ !trusted_headers) in + gen_theader_preemble guard_macro include_list in +diff --git a/sdk/edger8r/linux/Util.ml b/sdk/edger8r/linux/Util.ml +index 43a37e0..e0d3d7b 100644 +--- a/sdk/edger8r/linux/Util.ml ++++ b/sdk/edger8r/linux/Util.ml +@@ -114,7 +114,7 @@ let rec parse_cmdline (progname: string) (cmdargs: string list) = + match args with + [] -> () + | op :: ops -> +- match String.lowercase op with ++ match String.lowercase_ascii op with + "--use-prefix" -> use_pref := true; local_parser ops + | "--header-only"-> hd_only := true; local_parser ops + | "--untrusted" -> untrusted := true; local_parser ops +-- +2.43.0 + diff --git a/linux-sgx.spec b/linux-sgx.spec index 0030220..17732a5 100644 --- a/linux-sgx.spec +++ b/linux-sgx.spec @@ -1,6 +1,6 @@ Name: linux-sgx Version: 2.19 -Release: 6 +Release: 7 Summary: Intel(R) Software Guard Extensions for Linux* OS ExclusiveArch: x86_64 License: BSD-3-Clause @@ -40,6 +40,7 @@ Patch11: backport-CVE-2023-3446-Fix-DH_check-excessive-time-with-over-siz Patch12: backport-CVE-2023-3817-DH_check-Do-not-try-checking-q-properties-if-it-is-o.patch Patch13: backport-CVE-2023-5678-Make-DH_check_pub_key-and-DH_generate_key-safer-yet.patch Patch14: backport-CVE-2024-5535-Fix-SSL_select_next_proto-and-add-ALPN.patch +Patch15: backport-Linux-2_22-Open-Source-Gold-Release.patch BuildRequires: gcc-c++ protobuf-devel libtool ocaml ocaml-ocamlbuild compat-openssl11-devel cmake python curl-devel createrepo_c git nasm BuildRequires: protobuf-lite-devel protobuf-c-devel boost-devel @@ -879,6 +880,9 @@ if [ -x /opt/intel/sgx-dcap-pccs/startup.sh ]; then /opt/intel/sgx-dcap-pccs/sta %files -n libsgx-headers -f %{LINUX_INSTALLER_RPM_DIR}/libsgx-headers/build/list-libsgx-headers %changelog +* Mon Aug 4 2025 zhengxiaoxiao - 2.19-7 +- adapt ocaml 5.0 + * Thu Jul 18 2024 wangqingsan - 2.19-6 - fix CVE-2024-5535 -- Gitee