import swtpm-0.8.0-1.el9
This commit is contained in:
parent
d7260dbfb7
commit
253f4d950a
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
|||||||
SOURCES/swtpm-b79fd91.tar.gz
|
SOURCES/swtpm-0.8.0.tar.gz
|
||||||
|
@ -1 +1 @@
|
|||||||
b79a2d005663868139f0678cddeecf70278ec219 SOURCES/swtpm-b79fd91.tar.gz
|
742e598ae731d3aa7283b104153cfabdc3b73643 SOURCES/swtpm-0.8.0.tar.gz
|
||||||
|
@ -1,54 +0,0 @@
|
|||||||
From 9f740868fc36761de27df3935513bdebf8852d19 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Stefan Berger <stefanb@linux.ibm.com>
|
|
||||||
Date: Wed, 16 Feb 2022 11:17:47 -0500
|
|
||||||
Subject: [PATCH] swtpm: Check header size indicator against expected size (CID
|
|
||||||
375869)
|
|
||||||
|
|
||||||
This fix addresses Coverity issue CID 375869.
|
|
||||||
|
|
||||||
Check the header size indicated in the header of the state against the
|
|
||||||
expected size and return an error code in case the header size indicator
|
|
||||||
is different. There was only one header size so far since blobheader was
|
|
||||||
introduced, so we don't need to deal with different sizes.
|
|
||||||
|
|
||||||
Without this fix a specially craft header could have cause out-of-bounds
|
|
||||||
accesses on the byte array containing the swtpm's state.
|
|
||||||
|
|
||||||
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
|
|
||||||
---
|
|
||||||
src/swtpm/swtpm_nvstore.c | 11 ++++++++++-
|
|
||||||
1 file changed, 10 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/src/swtpm/swtpm_nvstore.c b/src/swtpm/swtpm_nvstore.c
|
|
||||||
index 437088370e11..144d8975ec54 100644
|
|
||||||
--- a/src/swtpm/swtpm_nvstore.c
|
|
||||||
+++ b/src/swtpm/swtpm_nvstore.c
|
|
||||||
@@ -1075,6 +1075,7 @@ SWTPM_NVRAM_CheckHeader(unsigned char *data, uint32_t length,
|
|
||||||
uint8_t *hdrversion, bool quiet)
|
|
||||||
{
|
|
||||||
blobheader *bh = (blobheader *)data;
|
|
||||||
+ uint16_t hdrsize;
|
|
||||||
|
|
||||||
if (length < sizeof(bh)) {
|
|
||||||
if (!quiet)
|
|
||||||
@@ -1100,8 +1101,16 @@ SWTPM_NVRAM_CheckHeader(unsigned char *data, uint32_t length,
|
|
||||||
return TPM_BAD_VERSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ hdrsize = ntohs(bh->hdrsize);
|
|
||||||
+ if (hdrsize != sizeof(blobheader)) {
|
|
||||||
+ logprintf(STDERR_FILENO,
|
|
||||||
+ "bad header size: %u != %zu\n",
|
|
||||||
+ hdrsize, sizeof(blobheader));
|
|
||||||
+ return TPM_BAD_DATASIZE;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
*hdrversion = bh->version;
|
|
||||||
- *dataoffset = ntohs(bh->hdrsize);
|
|
||||||
+ *dataoffset = hdrsize;
|
|
||||||
*hdrflags = ntohs(bh->flags);
|
|
||||||
|
|
||||||
return TPM_SUCCESS;
|
|
||||||
--
|
|
||||||
2.34.1.428.gdcc0cd074f0c
|
|
||||||
|
|
@ -0,0 +1,37 @@
|
|||||||
|
From 95cd8db3dc822d8f741b90d560e50f44841f9d29 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
|
||||||
|
Date: Tue, 22 Nov 2022 11:24:57 +0400
|
||||||
|
Subject: [PATCH] swtpm_setup: fix -Werror=maybe-uninitialized
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
/usr/include/glib-2.0/glib/glib-autocleanups.h:30:3: error: ‘argv’ may be used uninitialized [-Werror=maybe-uninitialized]
|
||||||
|
30 | g_free (*pp);
|
||||||
|
| ^~~~~~~~~~~~
|
||||||
|
swtpm_setup.c: In function ‘get_swtpm_capabilities.constprop.0’:
|
||||||
|
swtpm_setup.c:940:24: note: ‘argv’ was declared here
|
||||||
|
940 | g_autofree gchar **argv;
|
||||||
|
| ^~~~
|
||||||
|
|
||||||
|
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||||
|
---
|
||||||
|
src/swtpm_setup/swtpm_setup.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/swtpm_setup/swtpm_setup.c b/src/swtpm_setup/swtpm_setup.c
|
||||||
|
index 1b528c8..3570235 100644
|
||||||
|
--- a/src/swtpm_setup/swtpm_setup.c
|
||||||
|
+++ b/src/swtpm_setup/swtpm_setup.c
|
||||||
|
@@ -937,7 +937,7 @@ static int get_swtpm_capabilities(gchar **swtpm_prg_l, gboolean is_tpm2,
|
||||||
|
gchar *my_argv[] = { "--print-capabilities", is_tpm2 ? "--tpm2" : NULL, NULL };
|
||||||
|
g_autofree gchar *logop = NULL;
|
||||||
|
g_autoptr(GError) error = NULL;
|
||||||
|
- g_autofree gchar **argv;
|
||||||
|
+ g_autofree gchar **argv = NULL;
|
||||||
|
int exit_status = 0;
|
||||||
|
gboolean success;
|
||||||
|
int ret = 1;
|
||||||
|
--
|
||||||
|
2.38.1
|
||||||
|
|
@ -1,9 +1,5 @@
|
|||||||
%bcond_without gnutls
|
%bcond_without gnutls
|
||||||
|
|
||||||
%global gitdate 20211109
|
|
||||||
%global gitcommit b79fd91c4b4a74c9c5027b517c5036952c5525db
|
|
||||||
%global gitshortcommit %(c=%{gitcommit}; echo ${c:0:7})
|
|
||||||
|
|
||||||
# Macros needed by SELinux
|
# Macros needed by SELinux
|
||||||
%global selinuxtype targeted
|
%global selinuxtype targeted
|
||||||
%global moduletype contrib
|
%global moduletype contrib
|
||||||
@ -11,12 +7,12 @@
|
|||||||
|
|
||||||
Summary: TPM Emulator
|
Summary: TPM Emulator
|
||||||
Name: swtpm
|
Name: swtpm
|
||||||
Version: 0.7.0
|
Version: 0.8.0
|
||||||
Release: 2.%{gitdate}git%{gitshortcommit}%{?dist}
|
Release: 1%{?dist}
|
||||||
License: BSD
|
License: BSD
|
||||||
Url: http://github.com/stefanberger/swtpm
|
Url: https://github.com/stefanberger/swtpm
|
||||||
Source0: %{url}/archive/%{gitcommit}/%{name}-%{gitshortcommit}.tar.gz
|
Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
|
||||||
Patch0001: 0001-swtpm-Check-header-size-indicator-against-expected-s.patch
|
Patch0001: 0001-swtpm_setup-fix-Werror-maybe-uninitialized.patch
|
||||||
|
|
||||||
BuildRequires: make
|
BuildRequires: make
|
||||||
BuildRequires: git-core
|
BuildRequires: git-core
|
||||||
@ -24,12 +20,13 @@ BuildRequires: automake
|
|||||||
BuildRequires: autoconf
|
BuildRequires: autoconf
|
||||||
BuildRequires: libtool
|
BuildRequires: libtool
|
||||||
BuildRequires: libtpms-devel >= 0.6.0
|
BuildRequires: libtpms-devel >= 0.6.0
|
||||||
|
BuildRequires: glib2-devel
|
||||||
|
BuildRequires: json-glib-devel
|
||||||
BuildRequires: expect
|
BuildRequires: expect
|
||||||
BuildRequires: net-tools
|
BuildRequires: net-tools
|
||||||
BuildRequires: openssl-devel
|
BuildRequires: openssl-devel
|
||||||
BuildRequires: socat
|
BuildRequires: socat
|
||||||
BuildRequires: softhsm
|
BuildRequires: softhsm
|
||||||
BuildRequires: json-glib-devel
|
|
||||||
%if %{with gnutls}
|
%if %{with gnutls}
|
||||||
BuildRequires: gnutls >= 3.4.0
|
BuildRequires: gnutls >= 3.4.0
|
||||||
BuildRequires: gnutls-devel
|
BuildRequires: gnutls-devel
|
||||||
@ -41,7 +38,6 @@ BuildRequires: selinux-policy-devel
|
|||||||
BuildRequires: gcc
|
BuildRequires: gcc
|
||||||
BuildRequires: libseccomp-devel
|
BuildRequires: libseccomp-devel
|
||||||
BuildRequires: tpm2-pkcs11 tpm2-pkcs11-tools tpm2-tools tpm2-abrmd
|
BuildRequires: tpm2-pkcs11 tpm2-pkcs11-tools tpm2-tools tpm2-abrmd
|
||||||
BuildRequires: python3-devel
|
|
||||||
|
|
||||||
Requires: %{name}-libs = %{version}-%{release}
|
Requires: %{name}-libs = %{version}-%{release}
|
||||||
Requires: libtpms >= 0.6.0
|
Requires: libtpms >= 0.6.0
|
||||||
@ -75,7 +71,7 @@ Requires: bash gnutls-utils
|
|||||||
Tools for the TPM emulator from the swtpm package
|
Tools for the TPM emulator from the swtpm package
|
||||||
|
|
||||||
%package tools-pkcs11
|
%package tools-pkcs11
|
||||||
Summary: Tools for creating a local CA based on a TPM pkcs11 device
|
Summary: Tools for creating a local CA based on a pkcs11 device
|
||||||
License: BSD
|
License: BSD
|
||||||
Requires: swtpm-tools = %{version}-%{release}
|
Requires: swtpm-tools = %{version}-%{release}
|
||||||
Requires: tpm2-pkcs11 tpm2-pkcs11-tools tpm2-tools tpm2-abrmd
|
Requires: tpm2-pkcs11 tpm2-pkcs11-tools tpm2-tools tpm2-abrmd
|
||||||
@ -85,7 +81,7 @@ Requires: expect gnutls-utils
|
|||||||
Tools for creating a local CA based on a pkcs11 device
|
Tools for creating a local CA based on a pkcs11 device
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%autosetup -S git -n %{name}-%{gitcommit} -p1
|
%autosetup -S git -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
|
|
||||||
@ -94,8 +90,7 @@ NOCONFIGURE=1 ./autogen.sh
|
|||||||
%if %{with gnutls}
|
%if %{with gnutls}
|
||||||
--with-gnutls \
|
--with-gnutls \
|
||||||
%endif
|
%endif
|
||||||
--without-cuse \
|
--without-cuse
|
||||||
--without-tpm1
|
|
||||||
|
|
||||||
%make_build
|
%make_build
|
||||||
|
|
||||||
@ -106,6 +101,7 @@ make %{?_smp_mflags} check VERBOSE=1
|
|||||||
|
|
||||||
%make_install
|
%make_install
|
||||||
rm -f $RPM_BUILD_ROOT%{_libdir}/%{name}/*.{a,la,so}
|
rm -f $RPM_BUILD_ROOT%{_libdir}/%{name}/*.{a,la,so}
|
||||||
|
rm $RPM_BUILD_ROOT%{_mandir}/man8/swtpm_cuse.8*
|
||||||
|
|
||||||
%post
|
%post
|
||||||
for pp in /usr/share/selinux/packages/swtpm.pp \
|
for pp in /usr/share/selinux/packages/swtpm.pp \
|
||||||
@ -160,12 +156,12 @@ fi
|
|||||||
%{_mandir}/man8/swtpm_bios.8*
|
%{_mandir}/man8/swtpm_bios.8*
|
||||||
%{_mandir}/man8/swtpm_cert.8*
|
%{_mandir}/man8/swtpm_cert.8*
|
||||||
%{_mandir}/man8/swtpm_ioctl.8*
|
%{_mandir}/man8/swtpm_ioctl.8*
|
||||||
%{_mandir}/man8/swtpm-localca.conf.8*
|
%{_mandir}/man5/swtpm-localca.conf.5*
|
||||||
%{_mandir}/man8/swtpm-localca.options.8*
|
%{_mandir}/man5/swtpm-localca.options.5*
|
||||||
%{_mandir}/man8/swtpm-localca.8*
|
%{_mandir}/man8/swtpm-localca.8*
|
||||||
%{_mandir}/man8/swtpm_localca.8*
|
%{_mandir}/man8/swtpm_localca.8*
|
||||||
%{_mandir}/man8/swtpm_setup.8*
|
%{_mandir}/man8/swtpm_setup.8*
|
||||||
%{_mandir}/man8/swtpm_setup.conf.8*
|
%{_mandir}/man5/swtpm_setup.conf.5*
|
||||||
%config(noreplace) %{_sysconfdir}/swtpm_setup.conf
|
%config(noreplace) %{_sysconfdir}/swtpm_setup.conf
|
||||||
%config(noreplace) %{_sysconfdir}/swtpm-localca.options
|
%config(noreplace) %{_sysconfdir}/swtpm-localca.options
|
||||||
%config(noreplace) %{_sysconfdir}/swtpm-localca.conf
|
%config(noreplace) %{_sysconfdir}/swtpm-localca.conf
|
||||||
@ -179,6 +175,14 @@ fi
|
|||||||
%{_datadir}/swtpm/swtpm-create-tpmca
|
%{_datadir}/swtpm/swtpm-create-tpmca
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Nov 22 2022 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.8.0-1
|
||||||
|
- Update to v0.8.0 release
|
||||||
|
Resolves: rhbz#2092944
|
||||||
|
|
||||||
|
* Fri Jun 17 2022 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.0-3.20211109gitb79fd91
|
||||||
|
- Disable OpenSSL FIPS mode to avoid libtpms failures
|
||||||
|
Resolves: rhbz#2090219
|
||||||
|
|
||||||
* Mon Feb 21 2022 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.0-2.20211109gitb79fd91
|
* Mon Feb 21 2022 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.0-2.20211109gitb79fd91
|
||||||
- Add fix for CVE-2022-23645.
|
- Add fix for CVE-2022-23645.
|
||||||
Resolves: rhbz#2056518
|
Resolves: rhbz#2056518
|
||||||
|
Loading…
Reference in New Issue
Block a user