diff --git a/0001-ekutils-fix-null-check-in-convertPemToX509.patch b/0001-ekutils-fix-null-check-in-convertPemToX509.patch new file mode 100644 index 0000000..6e0439e --- /dev/null +++ b/0001-ekutils-fix-null-check-in-convertPemToX509.patch @@ -0,0 +1,28 @@ +From a73fda67a980fd8129ba3cc6158cd4f5d9be7562 Mon Sep 17 00:00:00 2001 +From: Jerry Snitselaar +Date: Wed, 20 Jun 2018 11:01:21 -0700 +Subject: [PATCH 1/3] ekutils: fix null check in convertPemToX509 + +assignment is to *x509, but check is against x509. Change check to *x509. + +Signed-off-by: Jerry Snitselaar +--- + utils/ekutils.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/utils/ekutils.c b/utils/ekutils.c +index 5f27bd6..8887bd5 100644 +--- a/utils/ekutils.c ++++ b/utils/ekutils.c +@@ -1144,7 +1144,7 @@ uint32_t convertPemToX509(X509 **x509, /* freed by caller */ + /* convert the platform certificate from PEM to DER */ + if (rc == 0) { + *x509 = PEM_read_X509(pemCertificateFile , NULL, NULL, NULL); /* freed @1 */ +- if (x509 == NULL) { ++ if (*x509 == NULL) { + printf("convertPemToX509: Cannot parse PEM certificate file %s\n", + pemCertificateFilename); + rc = TSS_RC_FILE_READ; +-- +2.17.0 + diff --git a/0002-ektuils-check-return-of-X509_gmtime_adj-for-notAfter.patch b/0002-ektuils-check-return-of-X509_gmtime_adj-for-notAfter.patch new file mode 100644 index 0000000..982ad3c --- /dev/null +++ b/0002-ektuils-check-return-of-X509_gmtime_adj-for-notAfter.patch @@ -0,0 +1,30 @@ +From 29f30ccc4032949e54be1996c24a7752793c3603 Mon Sep 17 00:00:00 2001 +From: Jerry Snitselaar +Date: Wed, 20 Jun 2018 11:03:06 -0700 +Subject: [PATCH 2/3] ektuils: check return of X509_gmtime_adj for notAfter + adjustment + +The is a check for arc == NULL, but arc doesn't get assigned the +return value from x509_gmtime_adj. + +Signed-off-by: Jerry Snitselaar +--- + utils/ekutils.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/utils/ekutils.c b/utils/ekutils.c +index 8887bd5..36f8ece 100644 +--- a/utils/ekutils.c ++++ b/utils/ekutils.c +@@ -1590,7 +1590,7 @@ TPM_RC startCertificate(X509 *x509Certificate, /* X509 certificate to be generat + if (rc == 0) { + /* can't fail, just returns a structure member */ + ASN1_TIME *notAfter = X509_get_notAfter(x509Certificate); +- X509_gmtime_adj(notAfter, CERT_DURATION); /* set to duration */ ++ arc = X509_gmtime_adj(notAfter, CERT_DURATION); /* set to duration */ + if (arc == NULL) { + printf("startCertificate: Error setting notAfter time\n"); + rc = TSS_RC_X509_ERROR; +-- +2.17.0 + diff --git a/0003-imalib-call-memcmp-with-correct-size.patch b/0003-imalib-call-memcmp-with-correct-size.patch new file mode 100644 index 0000000..2fd5a87 --- /dev/null +++ b/0003-imalib-call-memcmp-with-correct-size.patch @@ -0,0 +1,28 @@ +From 108d9ba48ab922521b1124970156f2d2f59eea0b Mon Sep 17 00:00:00 2001 +From: Jerry Snitselaar +Date: Thu, 21 Jun 2018 09:13:54 -0700 +Subject: [PATCH 3/3] imalib: call memcmp with correct size + +imaEvent digest is size of SHA1_DIGEST_SIZE, so call memcmp with that value. + +Signed-off-by: Jerry Snitselaar +--- + utils/imalib.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/utils/imalib.c b/utils/imalib.c +index a7f42fc..42e2aa5 100644 +--- a/utils/imalib.c ++++ b/utils/imalib.c +@@ -826,7 +826,7 @@ uint32_t IMA_Extend(TPMT_HA *imapcr, + } + } + if (rc == 0) { +- notAllZero = memcmp(imaEvent->digest, zeroDigest, digestSize); ++ notAllZero = memcmp(imaEvent->digest, zeroDigest, SHA1_DIGEST_SIZE); + imapcr->hashAlg = hashAlg; + if (notAllZero) { + #if 0 +-- +2.17.0 + diff --git a/0004-certifycreation-Check-that-creation-hash-file-name-r.patch b/0004-certifycreation-Check-that-creation-hash-file-name-r.patch new file mode 100644 index 0000000..91b1063 --- /dev/null +++ b/0004-certifycreation-Check-that-creation-hash-file-name-r.patch @@ -0,0 +1,28 @@ +From e5ffbe2736f4ad4370fb44c216ecd6092a01003c Mon Sep 17 00:00:00 2001 +From: Jerry Snitselaar +Date: Thu, 21 Jun 2018 13:00:51 -0700 +Subject: [PATCH] certifycreation: Check that creation hash file name received + +Signed-off-by: Jerry Snitselaar +--- + utils/certifycreation.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/utils/certifycreation.c b/utils/certifycreation.c +index 50e3718..4a6cd0a 100644 +--- a/utils/certifycreation.c ++++ b/utils/certifycreation.c +@@ -298,6 +298,10 @@ int main(int argc, char *argv[]) + printf("Missing ticket parameter -tk\n"); + printUsage(); + } ++ if (creationHashFilename == NULL) { ++ printf("Missing creation hash file parameter -ch\n"); ++ printUsage(); ++ } + if (rc == 0) { + /* Handle of key that will perform certifying */ + in.objectHandle = objectHandle; +-- +2.17.0 + diff --git a/flags-fixup.patch b/flags-fixup.patch new file mode 100644 index 0000000..a92a541 --- /dev/null +++ b/flags-fixup.patch @@ -0,0 +1,33 @@ +diff -ur tss2-1234/utils/makefile-common tss2-1234-new/utils/makefile-common +--- tss2-1234/utils/makefile-common 2018-05-29 12:00:46.000000000 -0700 ++++ tss2-1234-new/utils/makefile-common 2018-10-02 15:10:20.783078580 -0700 +@@ -44,7 +44,7 @@ + CCFLAGS += \ + -Wall -W -Wmissing-declarations -Wmissing-prototypes -Wnested-externs \ + -Wformat=2 -Wold-style-definition -Wno-self-assign \ +- -ggdb -O0 -c ++ -ggdb -c + + # to compile with optimizations on (warning will result) + # -O3 -c +diff -ur tss2-1234/utils/makefile.fedora tss2-1234-new/utils/makefile.fedora +--- tss2-1234/utils/makefile.fedora 2018-05-15 10:07:20.000000000 -0700 ++++ tss2-1234-new/utils/makefile.fedora 2018-10-02 15:11:33.909083615 -0700 +@@ -71,7 +71,7 @@ + + # compile - common flags for TSS library and applications + +-CCFLAGS += -DTPM_POSIX ++CCFLAGS += -DTPM_POSIX -DTPM_INTERFACE_TYPE_DEFAULT="\"dev\"" -DTPM_DEVICE_DEFAULT="\"/dev/tpmrm0\"" + + # example of pointing to a locally built openssl 1.1 + # CCFLAGS += -I/home/kgold/openssl-1.1.0c/include +@@ -119,7 +119,7 @@ + LNLFLAGS += -shared -Wl,-z,now + + # This is an alternative to using the bfd linker on Ubuntu +-# LNLLIBS += -lcrypto ++LNLLIBS += -lcrypto + + # link - for applications, TSS path, TSS and OpenSSl libraries + diff --git a/hash_generate.patch b/hash_generate.patch new file mode 100644 index 0000000..f6a5387 --- /dev/null +++ b/hash_generate.patch @@ -0,0 +1,18 @@ +diff -ur tss2-1234/utils/policymaker.c tss2-1234-new/utils/policymaker.c +--- tss2-1234/utils/policymaker.c 2018-10-18 12:16:59.742439220 -0700 ++++ tss2-1234-new/utils/policymaker.c 2018-10-18 12:34:34.991755536 -0700 +@@ -208,10 +208,10 @@ + } + /* hash extend */ + if ((rc == 0) && (prc != NULL)) { +- TSS_Hash_Generate(&digest, +- startSizeInBytes, (uint8_t *)&digest.digest, /* extend */ +- lineLength /2, lineBinary, +- 0, NULL); ++ rc = TSS_Hash_Generate(&digest, ++ startSizeInBytes, (uint8_t *)&digest.digest, /* extend */ ++ lineLength /2, lineBinary, ++ 0, NULL); + } + if ((rc == 0) && (prc != NULL)) { + if (verbose) TSS_PrintAll("intermediate policy digest", diff --git a/tss2.spec b/tss2.spec index 15dd3c9..4716637 100644 --- a/tss2.spec +++ b/tss2.spec @@ -5,13 +5,20 @@ Name: tss2 Version: 1234 -Release: 3%{?dist} +Release: 4%{?dist} Summary: IBM's TCG Software Stack (TSS) for TPM 2.0 and related utilities License: BSD URL: http://sourceforge.net/projects/ibmtpm20tss/ Source0: https://sourceforge.net/projects/ibmtpm20tss/files/ibmtss%{version}.tar.gz +Patch1: 0001-ekutils-fix-null-check-in-convertPemToX509.patch +Patch2: 0002-ektuils-check-return-of-X509_gmtime_adj-for-notAfter.patch +Patch3: 0003-imalib-call-memcmp-with-correct-size.patch +Patch4: 0004-certifycreation-Check-that-creation-hash-file-name-r.patch +Patch5: flags-fixup.patch +Patch6: hash_generate.patch +BuildRequires: gcc BuildRequires: help2man BuildRequires: openssl-devel Requires: openssl @@ -34,7 +41,7 @@ Development libraries and headers for IBM's TSS 2.0. You will need this in order to build TSS 2.0 applications. %prep -%setup -q -c %{name}-%{version} +%autosetup -p1 -c %{name}-%{version} %build # nonstandard variable names are used in place of CFLAGS and LDFLAGS @@ -102,6 +109,10 @@ popd %doc ibmtss.doc %changelog +* Tue May 28 2019 Jerry Snitselaar - 1234-4 +- Fix covscan issues +- Fix compile and linker flag issues + * Sun Feb 03 2019 Fedora Release Engineering - 1234-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild