From 4da0ca68f2902b5be1a2fcc56dd343b9f0414eee Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 5 Nov 2019 16:28:58 -0500 Subject: [PATCH] import trousers-0.3.14-4.el8 --- SOURCES/trousers-0.3.14-double-free.patch | 27 ++++++++++++++++++ ...rousers-0.3.14-fix-indent-obj_policy.patch | 12 ++++++++ .../trousers-0.3.14-fix-indent-tspi_key.patch | 18 ++++++++++++ SOURCES/trousers-0.3.14-memset.patch | 28 +++++++++++++++++++ SPECS/trousers.spec | 20 ++++++++++++- 5 files changed, 104 insertions(+), 1 deletion(-) create mode 100644 SOURCES/trousers-0.3.14-double-free.patch create mode 100644 SOURCES/trousers-0.3.14-fix-indent-obj_policy.patch create mode 100644 SOURCES/trousers-0.3.14-fix-indent-tspi_key.patch create mode 100644 SOURCES/trousers-0.3.14-memset.patch diff --git a/SOURCES/trousers-0.3.14-double-free.patch b/SOURCES/trousers-0.3.14-double-free.patch new file mode 100644 index 0000000..ef7a36a --- /dev/null +++ b/SOURCES/trousers-0.3.14-double-free.patch @@ -0,0 +1,27 @@ +diff -ur trousers-0.3.14/src/tspi/tsp_auth.c trousers-0.3.14-new/src/tspi/tsp_auth.c +--- trousers-0.3.14/src/tspi/tsp_auth.c 2014-07-23 12:42:45.000000000 -0700 ++++ trousers-0.3.14-new/src/tspi/tsp_auth.c 2019-05-27 13:41:57.316000945 -0700 +@@ -1221,7 +1221,7 @@ + } + + *handles = handle; +- handles_track = handles; ++ handles_track = handles; + + // Since the call tree of this function can possibly alloc memory + // (check RPC_ExecuteTransport_TP function), its better to keep track of +@@ -1229,9 +1229,11 @@ + result = obj_context_transport_execute(tspContext, TPM_ORD_Terminate_Handle, 0, NULL, + NULL, &handlesLen, &handles, NULL, NULL, NULL, NULL); + +- free(handles); +- handles = NULL; +- free(handles_track); ++ if (handles != handles_track) { ++ free(handles); ++ } ++ ++ free(handles_track); + + return result; + } diff --git a/SOURCES/trousers-0.3.14-fix-indent-obj_policy.patch b/SOURCES/trousers-0.3.14-fix-indent-obj_policy.patch new file mode 100644 index 0000000..af53ee4 --- /dev/null +++ b/SOURCES/trousers-0.3.14-fix-indent-obj_policy.patch @@ -0,0 +1,12 @@ +diff -ur trousers-0.3.14/src/tspi/obj_policy.c trousers-0.3.14-new/src/tspi/obj_policy.c +--- trousers-0.3.14/src/tspi/obj_policy.c 2014-07-23 12:42:44.000000000 -0700 ++++ trousers-0.3.14-new/src/tspi/obj_policy.c 2019-05-27 13:29:56.720899059 -0700 +@@ -984,7 +984,7 @@ + policy->popupString, + policy->Secret))) + goto done; +- policy->SecretSet = TRUE; ++ policy->SecretSet = TRUE; + } + memcpy(secret, policy->Secret, TPM_SHA1_160_HASH_LEN); + *mode = policy->SecretMode; diff --git a/SOURCES/trousers-0.3.14-fix-indent-tspi_key.patch b/SOURCES/trousers-0.3.14-fix-indent-tspi_key.patch new file mode 100644 index 0000000..9278fc8 --- /dev/null +++ b/SOURCES/trousers-0.3.14-fix-indent-tspi_key.patch @@ -0,0 +1,18 @@ +diff -ur trousers-0.3.14/src/tspi/tspi_key.c trousers-0.3.14-new/src/tspi/tspi_key.c +--- trousers-0.3.14/src/tspi/tspi_key.c 2014-07-23 12:42:45.000000000 -0700 ++++ trousers-0.3.14-new/src/tspi/tspi_key.c 2019-05-27 13:44:42.366735438 -0700 +@@ -370,10 +370,10 @@ + /* get the key to be wrapped's private key */ + if ((result = obj_rsakey_get_priv_blob(hKey, &keyPrivBlobLen, &keyPrivBlob))) + goto done; +- /* verify if its under the maximum size, according to the +- * TPM_STORE_ASYMKEY specification */ +- if (keyPrivBlobLen > TPM_STORE_PRIVKEY_LEN) +- return TSPERR(TSS_E_ENC_INVALID_LENGTH); ++ /* verify if its under the maximum size, according to the ++ * TPM_STORE_ASYMKEY specification */ ++ if (keyPrivBlobLen > TPM_STORE_PRIVKEY_LEN) ++ return TSPERR(TSS_E_ENC_INVALID_LENGTH); + + /* get the key to be wrapped's blob */ + if ((result = obj_rsakey_get_blob(hKey, &keyBlobLen, &keyBlob))) diff --git a/SOURCES/trousers-0.3.14-memset.patch b/SOURCES/trousers-0.3.14-memset.patch new file mode 100644 index 0000000..f8a2804 --- /dev/null +++ b/SOURCES/trousers-0.3.14-memset.patch @@ -0,0 +1,28 @@ +diff -ur trousers-0.3.14/src/include/spi_utils.h trousers-0.3.14-new/src/include/spi_utils.h +--- trousers-0.3.14/src/include/spi_utils.h 2014-07-23 12:42:44.000000000 -0700 ++++ trousers-0.3.14-new/src/include/spi_utils.h 2019-06-05 11:25:12.278782622 -0700 +@@ -53,7 +53,7 @@ + void *calloc_tspi(TSS_HCONTEXT, UINT32); + TSS_RESULT free_tspi(TSS_HCONTEXT, void *); + TSS_RESULT __tspi_add_mem_entry(TSS_HCONTEXT, void *); +-void * __no_optimize __tspi_memset(void *, int, size_t); ++void * __tspi_memset(void *, int, size_t); + + /* secrets.c */ + +diff -ur trousers-0.3.14/src/tspi/tsp_context_mem.c trousers-0.3.14-new/src/tspi/tsp_context_mem.c +--- trousers-0.3.14/src/tspi/tsp_context_mem.c 2014-07-23 12:42:45.000000000 -0700 ++++ trousers-0.3.14-new/src/tspi/tsp_context_mem.c 2019-06-05 11:27:23.585033966 -0700 +@@ -258,8 +258,10 @@ + } + + /* definition for a memset that cannot be optimized away */ +-void * __no_optimize ++void * + __tspi_memset(void *s, int c, size_t n) + { +- return memset(s, c, n); ++ memset(s, c, n); ++ asm volatile("" ::: "memory"); ++ return s; + } diff --git a/SPECS/trousers.spec b/SPECS/trousers.spec index 6ef2270..9ced8b5 100644 --- a/SPECS/trousers.spec +++ b/SPECS/trousers.spec @@ -1,7 +1,7 @@ Name: trousers Summary: TCG's Software Stack v1.2 Version: 0.3.14 -Release: 2%{?dist} +Release: 4%{?dist} License: BSD Group: System Environment/Libraries Url: http://trousers.sourceforge.net @@ -11,6 +11,11 @@ Source1: tcsd.service Patch1: trousers-0.3.14-noinline.patch # submitted upstream https://sourceforge.net/p/trousers/mailman/message/35766729/ Patch2: trousers-0.3.14-unlock-in-err-path.patch +Patch3: trousers-0.3.14-fix-indent-obj_policy.patch +Patch4: trousers-0.3.14-double-free.patch +Patch5: trousers-0.3.14-fix-indent-tspi_key.patch +# submitted upstream +Patch6: trousers-0.3.14-memset.patch BuildRequires: libtool, openssl-devel BuildRequires: systemd @@ -60,6 +65,10 @@ applications. %setup -cq %patch1 -p1 -b .noinline %patch2 -p1 -b .unlock +%patch3 -p1 -b .indent_obj_policy +%patch4 -p1 -b .double_free +%patch5 -p1 -b .indent_tspi_key +%patch6 -p1 -b .memset # fix man page paths sed -i -e 's|/var/tpm|/var/lib/tpm|g' -e 's|/usr/local/var|/var|g' man/man5/tcsd.conf.5.in man/man8/tcsd.8.in @@ -121,6 +130,15 @@ exit 0 %{_libdir}/libtddl.a %changelog +* Wed Jun 05 2019 Jerry Snitselaar - 0.3.14-4 +- Fix annocheck warnings +resolves: rhbz#1624181 + +* Mon May 27 2019 Jerry Snitselaar - 0.3.14-3 +- Add initial CI gating support +- Fix covscan reported issues +resolves: rhbz#1602719 + * Fri Aug 10 2018 Jerry Snitselaar - 0.3.14-2 - release mutex in error path for obj_context_set_machine_name resolves: rhbz#1614915