diff --git a/SOURCES/tboot-gcc14.patch b/SOURCES/tboot-gcc14.patch
deleted file mode 100644
index 9b6ff83..0000000
--- a/SOURCES/tboot-gcc14.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-Suppress GCC 14 allocation size warning in lcptools-v2/pconf_legacy.c
-
-Submitted upstream:
-
-diff --git a/lcptools-v2/pconf_legacy.c b/lcptools-v2/pconf_legacy.c
-index 443b5cd5525b9fe1..5ebc6c451f7008b1 100644
---- a/lcptools-v2/pconf_legacy.c
-+++ b/lcptools-v2/pconf_legacy.c
-@@ -324,7 +324,7 @@ static lcp_policy_element_t *create(void)
- ERROR("Error: no pcrs were selected.\n");
- return NULL;
- }
-- digest = malloc(SHA1_DIGEST_SIZE);
-+ digest = malloc(sizeof(*digest));
- if (digest == NULL) {
- ERROR("Error: failed to allocate memory for digest buffer.\n");
- return NULL;
diff --git a/SOURCES/tboot-no-engine.patch b/SOURCES/tboot-no-engine.patch
deleted file mode 100644
index 747657d..0000000
--- a/SOURCES/tboot-no-engine.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-diff -up tboot-1.11.3/lcptools-v2/crtpol.c.no-engine tboot-1.11.3/lcptools-v2/crtpol.c
---- tboot-1.11.3/lcptools-v2/crtpol.c.no-engine 2024-08-13 18:03:43.003697657 +0200
-+++ tboot-1.11.3/lcptools-v2/crtpol.c 2024-08-13 18:04:49.315001612 +0200
-@@ -43,7 +43,10 @@
- #include
- #include
- #include
-+#include
-+#ifndef OPENSSL_NO_ENGINE
- #include
-+#endif
- #include
- #include
- #include
-diff -up tboot-1.11.3/lcptools-v2/crtpollist.c.no-engine tboot-1.11.3/lcptools-v2/crtpollist.c
---- tboot-1.11.3/lcptools-v2/crtpollist.c.no-engine 2024-08-13 18:03:43.005697697 +0200
-+++ tboot-1.11.3/lcptools-v2/crtpollist.c 2024-08-13 18:04:58.324178771 +0200
-@@ -44,7 +44,10 @@
- #include
- #include
- #include
-+#include
-+#ifndef OPENSSL_NO_ENGINE
- #include
-+#endif
- #include
- #include
- #include
-diff -up tboot-1.11.3/lcptools-v2/lcputils.c.no-engine tboot-1.11.3/lcptools-v2/lcputils.c
---- tboot-1.11.3/lcptools-v2/lcputils.c.no-engine 2024-08-13 18:03:43.004697677 +0200
-+++ tboot-1.11.3/lcptools-v2/lcputils.c 2024-08-13 18:04:53.293079838 +0200
-@@ -43,7 +43,10 @@
- #include
- #include
- #include
-+#include
-+#ifndef OPENSSL_NO_ENGINE
- #include
-+#endif
- #include
- #include
- #include
-diff -up tboot-1.11.3/lcptools-v2/pollist2.c.no-engine tboot-1.11.3/lcptools-v2/pollist2.c
---- tboot-1.11.3/lcptools-v2/pollist2.c.no-engine 2024-08-13 18:03:43.002697637 +0200
-+++ tboot-1.11.3/lcptools-v2/pollist2.c 2024-08-13 18:04:45.813932767 +0200
-@@ -41,7 +41,10 @@
- #include
- #include
- #include
-+#include
-+#ifndef OPENSSL_NO_ENGINE
- #include
-+#endif
- #include
- #include
- #include
-
diff --git a/SPECS/tboot.spec b/SPECS/tboot.spec
index a258b70..87f7983 100644
--- a/SPECS/tboot.spec
+++ b/SPECS/tboot.spec
@@ -1,22 +1,20 @@
-Summary: Performs a verified launch using Intel TXT
-Name: tboot
-Version: 1.11.3
-Release: 3%{?dist}
-Epoch: 1
-
-License: BSD-3-Clause
-URL: http://sourceforge.net/projects/tboot/
-Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
-Patch0: tboot-gcc14.patch
-Patch1: tboot-no-engine.patch
-
-BuildRequires: make
-BuildRequires: gcc
-BuildRequires: perl
-BuildRequires: openssl-devel
-BuildRequires: zlib-devel
-Requires: grub2-efi-x64-modules
-ExclusiveArch: %{ix86} x86_64
+Summary: Performs a verified launch using Intel TXT
+Name: tboot
+Version: 1.11.3
+Release: 1%{?dist}
+Epoch: 1
+
+License: BSD
+URL: http://sourceforge.net/projects/tboot/
+Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
+
+BuildRequires: make
+BuildRequires: gcc
+BuildRequires: perl
+BuildRequires: openssl-devel
+BuildRequires: zlib-devel
+ExclusiveArch: %{ix86} x86_64
+Requires: grub2-efi-x64-modules
%description
Trusted Boot (tboot) is an open source, pre-kernel/VMM module that uses
@@ -27,16 +25,11 @@ and verified launch of an OS kernel/VMM.
%autosetup -p1 -n %{name}-%{version}
%build
-%make_build debug=y
-
-%install
-%make_install debug=y
+CFLAGS="%{optflags}"; export CFLAGS
+LDFLAGS="%{build_ldflags}"; export LDFLAGS
+make debug=y %{?_smp_mflags}
%post
-# create the tboot grub entry
-grub2-mkconfig -o /boot/grub2/grub.cfg
-
-# For EFI based machines ...
# Rmove the grub efi modules if they had been placed in the wrong directory by
# a previous install.
[ -d /boot/efi/EFI/redhat/x86_64-efi ] && rm -rf /boot/efi/EFI/redhat/x86_64-efi
@@ -72,109 +65,119 @@ fi
[ -d /boot/efi/EFI/redhat/x86_64-efi ] && rm -rf /boot/efi/EFI/redhat/x86_64-efi
grub2-mkconfig -o /etc/grub2.cfg
+%install
+make debug=y DISTDIR=$RPM_BUILD_ROOT install
+
%files
-%license COPYING
-%doc docs/*
+%doc README.md COPYING docs/* lcptools-v2/lcptools.txt
%config %{_sysconfdir}/grub.d/20_linux_tboot
%config %{_sysconfdir}/grub.d/20_linux_xen_tboot
+%{_sbindir}/txt-acminfo
%{_sbindir}/lcp2_crtpol
%{_sbindir}/lcp2_crtpolelt
%{_sbindir}/lcp2_crtpollist
%{_sbindir}/lcp2_mlehash
-%{_sbindir}/tb_polgen
-%{_sbindir}/txt-acminfo
%{_sbindir}/txt-parse_err
+%{_sbindir}/tb_polgen
%{_sbindir}/txt-stat
+%{_mandir}/man8/txt-acminfo.8.gz
+%{_mandir}/man8/tb_polgen.8.gz
+%{_mandir}/man8/txt-stat.8.gz
%{_mandir}/man8/lcp2_crtpol.8.gz
%{_mandir}/man8/lcp2_crtpolelt.8.gz
%{_mandir}/man8/lcp2_crtpollist.8.gz
%{_mandir}/man8/lcp2_mlehash.8.gz
-%{_mandir}/man8/tb_polgen.8.gz
-%{_mandir}/man8/txt-acminfo.8.gz
%{_mandir}/man8/txt-parse_err.8.gz
-%{_mandir}/man8/txt-stat.8.gz
/boot/tboot.gz
/boot/tboot-syms
%changelog
-* Sat Oct 12 2024 Arkady L. Shane - 1:1.11.3-3
+* Wed Oct 16 2024 Arkady L. Shane - 1.11.3-1
- Rebuilt for MSVSphere 9.5
-* Thu Aug 15 2024 Tony Camuso - 1:1.11.3-3
-- Add gating.yaml
- Resolves: RHEL-54412
-
-* Tue Aug 13 2024 Tony Camuso - 1:1.11.3-2
-- Stop using OpenSSL ENGINE API in tboot
- Resolves: RHEL-54172
-
-* Tue Jun 25 2024 Tony Camuso - 1:1.11.3-1
-- Latest version of tboot.
- Resolves: RHEL-34500
-
-* Mon Jun 24 2024 Troy Dawson - 1:1.11.1-7
-- Bump release for June 2024 mass rebuild
-
-* Mon Jan 29 2024 Florian Weimer - 1:1.11.1-6
-- Suppress GCC 14 allocation size warning
-
-* Sat Jan 27 2024 Fedora Release Engineering - 1:1.11.1-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
-
-* Wed Nov 01 2023 Yaakov Selkowitz - 1:1.11.1-4
-- Add grub2-efi-x64-modules dependency and scriplet
-
-* Fri Sep 22 2023 David Cantrell - 1:1.11.1-3
-- Use %%license for the COPYING file in the %%files section
-- Convert the License tag to an SPDX expression
-
-* Sat Jul 22 2023 Fedora Release Engineering - 1:1.11.1-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
-
-* Sun May 07 2023 Jun Miao - 1:1.11.1-1
-- Update to v1.11.1 release
-
-* Sun Apr 23 2023 Jun Miao - 1:1.11.0-2
-- Update code sources with the v1.11.0
-
-* Mon Feb 27 2023 Jun Miao - 1:1.11.0-1
-- Update to v1.11.0 release
-
-* Sat Jan 21 2023 Fedora Release Engineering - 1:1.10.5-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
-
-* Sat Jul 23 2022 Fedora Release Engineering - 1:1.10.5-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
-
-* Wed Apr 20 2022 Jun Miao - 1:1.10.5-1
-- Update to v1.10.5 release
-
-* Fri Feb 25 2022 Jun Miao jun.miao@intel.com - 1:1.10.4-2
-- Update the tboot-1.10.4.tar.gz source
-
-* Fri Feb 25 2022 Jun Miao - 1:1.10.4-1
-- Updated to upstream 1.10.4 release
-- Fix the GCC12 build error
-
-* Thu Dec 23 2021 Yunying Sun - 1:1.10.3-1
-- Updated to 1.10.3 which added OpenSSL 3.0.0 support
-- Bugzilla 2021901 is fixed with this updated release
-- Removed obsolete patch files
-
-* Fri Dec 3 2021 Yunying Sun - 1:1.10.2-4
-- Rebuilt again with OpenSSL 3.0.0 fix patch
-
-* Tue Sep 14 2021 Sahana Prasad - 1:1.10.2-3
-- Rebuilt with OpenSSL 3.0.0
-
-* Fri Jul 23 2021 Fedora Release Engineering - 1:1.10.2-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
-
-* Tue Jun 15 2021 Yunying Sun - 1:1.10.2-1
-- Updated to upstream 1.10.2 release
-- Removed standalone patches as both are fixed in 1.10.2
-- Adjusted dependencies, removed trousers and added perl
-- Updated packaged file list
+* Thu Apr 25 2024 Tony Camuso - 1:1.11.3-1
+ Rebase to upstream 1.11.3 and bump the NVR.
+ Resolves: RHEL-34941
+
+* Wed Nov 08 2023 Tony Camuso - 1:1.11.1-2
+- Rebase to upstream 1.11.2 and bump the NVR.
+ Resolves: RHEL-16022
+
+* Wed Apr 12 2023 Tony Camuso - 1:1.11.1-1
+- Backport upstream fixes and updates.
+ Resolves: rhbz#2186308
+
+* Thu Aug 18 2022 Tony Camuso - 1:1.10.5-2
+- The install scriptlet in %post was choosing the first grub.cfg
+ file it encountered, which was /boot/efi/EFI/redhat/grub.cfg.
+ This is a stub that defines grub boot disk UUID necessary for
+ proper grubenv setup, and it must not be overwritten or changed.
+ Modify the scriptlet to target /boot/grub2/grub.cfg
+ Additionally, remove any wrongly created /boot/grub2/x86_64-efi
+ directory and recreate the correct /boot/efi/EFI/redhat/grub.cfg
+ stub file.
+ Added a %postun section to cleanup when removing tboot with
+ dnf erase.
+ Thanks to Lenny Szubowicz for the bash code to recreate the
+ /boot/efi/EFI/redhat/grub.cfg stub file.
+ Resolves: rhbz#2112236
+
+* Wed May 04 2022 Tony Camuso - 1:1.10.5-1
+- Upgrade to tboot-1.10.5-1 for fixes and updates.
+- Added a Requires line to install grub2-efi-x64-modules
+- Added a scriptlet to the tboot.spec file to automatically install
+ grub2-efi-x64-modules and move them to the correct directory.
+- Removed three patches that are no longer needed.
+- Added two patches from upstream, one for a fix, the other cosemetic.
+- Resolves: rhbz#2041766
+ Resolves: rhbz#2040083
+
+* Thu Sep 30 2021 Tony Camuso - 1:1.10.2-6
+- Use sha256 as default hashing algorithm
+ Resolves: rhbz#1935448
+
+* Tue Aug 10 2021 Mohan Boddu - 1:1.10.2-5
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+ Related: rhbz#1991688
+
+* Wed Jul 28 2021 Tony Camuso - 1:1.10.2-4
+- From Miroslave Vadkerti:
+ Onboarding tests to RHEL9 in BaseOS CI requires action, adding
+ test configuration in our "dispatcher" configuration for RHEL9:
+ https://gitlab.cee.redhat.com/baseos-qe/citool-config/blob/production/brew-dispatcher-rhel9.yaml
+ Test config was added for tboot in the following MR.
+ https://gitlab.cee.redhat.com/baseos-qe/citool-config/-/merge_requests/2686
+ Resolves: rhbz#1922002
+
+* Tue Jul 27 2021 Tony Camuso - 1:1.10.2-3
+- Add the %{optflags} and %{build_ldflags} macros to assure the
+ build meets RHEL security requirements.
+ Resolves: rhbz#1922002
+
+* Thu Jul 22 2021 Tony Camuso - 1:1.10.2-2
+- Bump the NVR as a result of including the gating.yaml file in
+ the git repo.
+ Resolves: rhbz#1922002
+
+* Mon Jun 21 2021 Tony Camuso - 1:1.10.2-1
+- The patches are for SSL3 compatibility. These can probably be
+ removed when upstream tboot fully implements SSL3.
+- Upgrade to latest upstream.
+- Remove trousers dependency.
+ Resolves: rhbz#1922002
+ Resolves: rhbz#1870520
+ Resolves: rhbz#1927374
+
+* Wed Jun 16 2021 Mohan Boddu - 1:1.9.11-9
+- Rebuilt for RHEL 9 BETA for openssl 3.0
+ Related: rhbz#1971065
+
+* Thu May 27 2021 Tony Camuso - 1:1.9.11-8
+- Add -Wno-error=deprecated-declarations to the Config.mk patch
+ Resolves: rhbz#1958031
+
+* Fri Apr 16 2021 Mohan Boddu - 1:1.9.11-7
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Wed Jan 27 2021 Fedora Release Engineering - 1:1.9.11-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild