import tss2-1331-2.el8

2019-08-02 17:22:00 -04:00 · 2019-08-02 17:22:00 -04:00 · f6990346ac
commit f6990346ac
parent 1122ae0bbd
7 changed files with 133 additions and 1561 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/ibmtss1.6.0.tar.gz
+SOURCES/ibmtss1331.tar.gz
--- a/.tss2.metadata
+++ b/.tss2.metadata
@ -1 +1 @@
-fcd86e864f69443f72ecbf18f26e39844aefee44 SOURCES/ibmtss1.6.0.tar.gz
+39a13864ad42cafae27683fa52bc1d5d21dad39c SOURCES/ibmtss1331.tar.gz
--- a/SOURCES/0001-tss2-fix-bounds-check-in-IMA_Event_PcrExtend.patch
+++ b/SOURCES/0001-tss2-fix-bounds-check-in-IMA_Event_PcrExtend.patch
@ -0,0 +1,31 @@
+From 8f232900d3b8f8af65a029f49c17ee53d3cca122 Mon Sep 17 00:00:00 2001
+From: Jerry Snitselaar <jsnitsel@redhat.com>
+Date: Thu, 6 Jun 2019 14:53:18 -0700
+Subject: [PATCH] tss2: fix bounds check in IMA_Event_PcrExtend
+
+pcrs is declared with IMPLEMENTATION_PCR elements,
+so the index bounds check should be >= IMPLEMENTATION_PCR
+since indexing at value IMPLEMENTATION_PCR would be off the
+end of the array. This was flagged by coverity.
+
+Signed-off-by: Jerry Snitselaar <jsnitsel@redhat.com>
+---
+ utils/imalib.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/utils/imalib.c b/utils/imalib.c
+index 4957c1b..a841cd6 100644
+--- a/utils/imalib.c
+++ b/utils/imalib.c
+@@ -1306,7 +1306,7 @@ uint32_t IMA_Event_PcrExtend(TPMT_HA pcrs[IMA_PCR_BANKS][IMPLEMENTATION_PCR],
+     
+     /* validate PCR number */
+     if (rc == 0) {
+-	if (imaEvent->pcrIndex > IMPLEMENTATION_PCR) {
+	if (imaEvent->pcrIndex >= IMPLEMENTATION_PCR) {
+ 	    printf("ERROR: IMA_Event_PcrExtend: PCR number %u out of range\n", imaEvent->pcrIndex);
+ 	    rc = TSS_RC_BAD_PROPERTY;
+ 	}
+-- 
+2.21.0
+
--- a/SOURCES/flags-fixup.patch
+++ b/SOURCES/flags-fixup.patch
@ -0,0 +1,33 @@
+diff -ur tss2-1234/utils/makefile-common tss2-1234-new/utils/makefile-common
+--- tss2-1234/utils/makefile-common	2018-05-29 12:00:46.000000000 -0700
+++ tss2-1234-new/utils/makefile-common	2018-10-02 15:10:20.783078580 -0700
+@@ -44,7 +44,7 @@
+ CCFLAGS += 				\
+ 	-Wall -W -Wmissing-declarations -Wmissing-prototypes -Wnested-externs \
+ 	-Wformat=2 -Wold-style-definition -Wno-self-assign \
+-	-ggdb -O0 -c
+	-ggdb -c
+ 
+ # to compile with optimizations on (warning will result)
+ #	-O3 -c
+diff -ur tss2-1234/utils/makefile.fedora tss2-1234-new/utils/makefile.fedora
+--- tss2-1234/utils/makefile.fedora	2018-05-15 10:07:20.000000000 -0700
+++ tss2-1234-new/utils/makefile.fedora	2018-10-02 15:11:33.909083615 -0700
+@@ -71,7 +71,7 @@
+ 
+ # compile - common flags for TSS library and applications
+ 
+-CCFLAGS += 	-DTPM_POSIX
+CCFLAGS += 	-DTPM_POSIX -DTPM_INTERFACE_TYPE_DEFAULT="\"dev\"" -DTPM_DEVICE_DEFAULT="\"/dev/tpmrm0\""
+ 
+ # example of pointing to a locally built openssl 1.1
+ # CCFLAGS += 	-I/home/kgold/openssl-1.1.0c/include
+@@ -119,7 +119,7 @@
+ LNLFLAGS += -shared -Wl,-z,now
+ 
+ # This is an alternative to using the bfd linker on Ubuntu
+-# LNLLIBS += -lcrypto
+LNLLIBS += -lcrypto
+ 
+ # link - for applications, TSS path, TSS and OpenSSl libraries
+ 
--- a/SOURCES/hash_generate.patch
+++ b/SOURCES/hash_generate.patch
@ -0,0 +1,18 @@
+diff -ur tss2-1234/utils/policymaker.c tss2-1234-new/utils/policymaker.c
+--- tss2-1234/utils/policymaker.c	2018-10-18 12:16:59.742439220 -0700
+++ tss2-1234-new/utils/policymaker.c	2018-10-18 12:34:34.991755536 -0700
+@@ -208,10 +208,10 @@
+ 	}
+ 	/* hash extend */
+ 	if ((rc == 0) && (prc != NULL)) {
+-	    TSS_Hash_Generate(&digest,
+-			      startSizeInBytes, (uint8_t *)&digest.digest,	/* extend */
+-			      lineLength /2, lineBinary,
+-			      0, NULL);
+	    rc = TSS_Hash_Generate(&digest,
+				   startSizeInBytes, (uint8_t *)&digest.digest,	/* extend */
+				   lineLength /2, lineBinary,
+				   0, NULL);
+ 	}
+ 	if ((rc == 0) && (prc != NULL)) {
+ 	    if (verbose) TSS_PrintAll("intermediate policy digest",
--- a/SOURCES/tss2-1.6.0-manpage-cleanup.patch
+++ b/SOURCES/tss2-1.6.0-manpage-cleanup.patch
--- a/SPECS/tss2.spec
+++ b/SPECS/tss2.spec
@ -3,24 +3,25 @@
 #
 %{!?__global_ldflags: %global __global_ldflags -Wl,-z,relro}

-%global incname ibmtss
-
 Name:		tss2
-Version:	1.6.0
-Release:	1%{?dist}
-Epoch:	        1
+Version:	1331
+Release:	2%{?dist}
 Summary:	IBM's TCG Software Stack (TSS) for TPM 2.0 and related utilities

+Group:		Applications/System	
 License:	BSD
 URL:		http://sourceforge.net/projects/ibmtpm20tss/
 Source0:	https://sourceforge.net/projects/ibmtpm20tss/files/ibmtss%{version}.tar.gz
-Patch0:         tss2-1.6.0-manpage-cleanup.patch

-BuildRequires: automake
-BuildRequires: autoconf
-BuildRequires: libtool
-BuildRequires:  gcc
+Patch4: flags-fixup.patch
+# reported upstream https://sourceforge.net/p/ibmtpm20tss/mailman/message/36444738/
+# and reported fixed, but not yet pushed to sourceforge.
+Patch5: hash_generate.patch
+# Submitted upstream
+Patch6: 0001-tss2-fix-bounds-check-in-IMA_Event_PcrExtend.patch
+
 BuildRequires:	openssl-devel
+BuildRequires:  gcc
 Requires:	openssl

 %description
@ -34,47 +35,70 @@ education and debugging.

 %package devel
 Summary:	Development libraries and headers for IBM's TSS 2.0
-Requires:	%{name}%{?_isa} = %{epoch}:%{version}-%{release}
+Group:		Development/Libraries
+Requires:	%{name}%{?_isa} = %{version}-%{release}

 %description devel
 Development libraries and headers for IBM's TSS 2.0. You will need this in
 order to build TSS 2.0 applications.

+%define incname ibmtss
+
 %prep
 %autosetup -p1 -c %{name}-%{version}

 %build
-autoreconf -vi
-%configure --disable-static --disable-tpm-1.2 --program-prefix=tss
+# nonstandard variable names are used in place of CFLAGS and LDFLAGS
+pushd utils
 CCFLAGS="%{optflags}" \
 LNFLAGS="%{__global_ldflags}" \
-%{make_build}
+make -f makefile.fedora %{?_smp_mflags} 
+popd

 %install
-%make_install
-find %{buildroot} -type f -name "*.la" -delete -print
+# Prefix for namespacing
+BIN_PREFIX=tss
+mkdir -p %{buildroot}/%{_bindir}
+mkdir -p %{buildroot}/%{_libdir}
+mkdir -p %{buildroot}/%{_includedir}/%{incname}/
+mkdir -p %{buildroot}/%{_mandir}/man1
+pushd utils
+# Pick out executables and copy with namespacing
+for f in *; do
+	if [[ -x $f && -f $f && ! $f =~ .*\..* ]]; then
+		cp -p $f %{buildroot}/%{_bindir}/${BIN_PREFIX}$f
+	fi;
+done
+cp -p *.so.1.1 %{buildroot}/%{_libdir}
+cp -p %{incname}/*.h %{buildroot}/%{_includedir}/%{incname}/
+cp -p man/man1/tss*.1 %{buildroot}/%{_mandir}/man1/
+popd

-%ldconfig_scriptlets
+
+# Make symbolic links to the shared lib
+pushd %{buildroot}/%{_libdir}
+rm -f libibmtss.so.1
+ln -sf libibmtss.so.1.1 libibmtss.so.1
+rm -f libibmtss.so
+ln -sf libibmtss.so.1 libibmtss.so
+popd
+
+%post -p /sbin/ldconfig 
+%postun -p /sbin/ldconfig

 %files
 %license LICENSE
 %{_bindir}/tss*
-%{_libdir}/libibmtss.so.*
-%{_libdir}/libibmtssutils.so.*
+%{_libdir}/libibmtss.so.1
+%{_libdir}/libibmtss.so.1.*
 %attr(0644, root, root) %{_mandir}/man1/tss*.1*

 %files devel
 %{_includedir}/%{incname}
 %{_libdir}/libibmtss.so
-%{_libdir}/libibmtssutils.so
 %doc ibmtss.doc

 %changelog
-* Tue May 18 2021 Jerry Snitselaar <jsnitsel@redhat.com> - 1.6.0-1
- Rebase to v1.6.0 release.
- Manpage cleanup.
-resolves: rhbz#1822073
-
 * Thu Jun 06 2019 Jerry Snitselaar <jsnitsel@redhat.com> - 1331-2
 - Fix bounds check in IMA_Event_PcrExtend
 resolves: rhbz#1669239