Compare commits
No commits in common. "c8" and "c8-beta" have entirely different histories.
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
|||||||
SOURCES/ibmtss1.6.0.tar.gz
|
SOURCES/ibmtss1331.tar.gz
|
||||||
|
@ -1 +1 @@
|
|||||||
fcd86e864f69443f72ecbf18f26e39844aefee44 SOURCES/ibmtss1.6.0.tar.gz
|
39a13864ad42cafae27683fa52bc1d5d21dad39c SOURCES/ibmtss1331.tar.gz
|
||||||
|
@ -0,0 +1,31 @@
|
|||||||
|
From 8f232900d3b8f8af65a029f49c17ee53d3cca122 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jerry Snitselaar <jsnitsel@redhat.com>
|
||||||
|
Date: Thu, 6 Jun 2019 14:53:18 -0700
|
||||||
|
Subject: [PATCH] tss2: fix bounds check in IMA_Event_PcrExtend
|
||||||
|
|
||||||
|
pcrs is declared with IMPLEMENTATION_PCR elements,
|
||||||
|
so the index bounds check should be >= IMPLEMENTATION_PCR
|
||||||
|
since indexing at value IMPLEMENTATION_PCR would be off the
|
||||||
|
end of the array. This was flagged by coverity.
|
||||||
|
|
||||||
|
Signed-off-by: Jerry Snitselaar <jsnitsel@redhat.com>
|
||||||
|
---
|
||||||
|
utils/imalib.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/utils/imalib.c b/utils/imalib.c
|
||||||
|
index 4957c1b..a841cd6 100644
|
||||||
|
--- a/utils/imalib.c
|
||||||
|
+++ b/utils/imalib.c
|
||||||
|
@@ -1306,7 +1306,7 @@ uint32_t IMA_Event_PcrExtend(TPMT_HA pcrs[IMA_PCR_BANKS][IMPLEMENTATION_PCR],
|
||||||
|
|
||||||
|
/* validate PCR number */
|
||||||
|
if (rc == 0) {
|
||||||
|
- if (imaEvent->pcrIndex > IMPLEMENTATION_PCR) {
|
||||||
|
+ if (imaEvent->pcrIndex >= IMPLEMENTATION_PCR) {
|
||||||
|
printf("ERROR: IMA_Event_PcrExtend: PCR number %u out of range\n", imaEvent->pcrIndex);
|
||||||
|
rc = TSS_RC_BAD_PROPERTY;
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.21.0
|
||||||
|
|
33
SOURCES/flags-fixup.patch
Normal file
33
SOURCES/flags-fixup.patch
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
diff -ur tss2-1234/utils/makefile-common tss2-1234-new/utils/makefile-common
|
||||||
|
--- tss2-1234/utils/makefile-common 2018-05-29 12:00:46.000000000 -0700
|
||||||
|
+++ tss2-1234-new/utils/makefile-common 2018-10-02 15:10:20.783078580 -0700
|
||||||
|
@@ -44,7 +44,7 @@
|
||||||
|
CCFLAGS += \
|
||||||
|
-Wall -W -Wmissing-declarations -Wmissing-prototypes -Wnested-externs \
|
||||||
|
-Wformat=2 -Wold-style-definition -Wno-self-assign \
|
||||||
|
- -ggdb -O0 -c
|
||||||
|
+ -ggdb -c
|
||||||
|
|
||||||
|
# to compile with optimizations on (warning will result)
|
||||||
|
# -O3 -c
|
||||||
|
diff -ur tss2-1234/utils/makefile.fedora tss2-1234-new/utils/makefile.fedora
|
||||||
|
--- tss2-1234/utils/makefile.fedora 2018-05-15 10:07:20.000000000 -0700
|
||||||
|
+++ tss2-1234-new/utils/makefile.fedora 2018-10-02 15:11:33.909083615 -0700
|
||||||
|
@@ -71,7 +71,7 @@
|
||||||
|
|
||||||
|
# compile - common flags for TSS library and applications
|
||||||
|
|
||||||
|
-CCFLAGS += -DTPM_POSIX
|
||||||
|
+CCFLAGS += -DTPM_POSIX -DTPM_INTERFACE_TYPE_DEFAULT="\"dev\"" -DTPM_DEVICE_DEFAULT="\"/dev/tpmrm0\""
|
||||||
|
|
||||||
|
# example of pointing to a locally built openssl 1.1
|
||||||
|
# CCFLAGS += -I/home/kgold/openssl-1.1.0c/include
|
||||||
|
@@ -119,7 +119,7 @@
|
||||||
|
LNLFLAGS += -shared -Wl,-z,now
|
||||||
|
|
||||||
|
# This is an alternative to using the bfd linker on Ubuntu
|
||||||
|
-# LNLLIBS += -lcrypto
|
||||||
|
+LNLLIBS += -lcrypto
|
||||||
|
|
||||||
|
# link - for applications, TSS path, TSS and OpenSSl libraries
|
||||||
|
|
18
SOURCES/hash_generate.patch
Normal file
18
SOURCES/hash_generate.patch
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
diff -ur tss2-1234/utils/policymaker.c tss2-1234-new/utils/policymaker.c
|
||||||
|
--- tss2-1234/utils/policymaker.c 2018-10-18 12:16:59.742439220 -0700
|
||||||
|
+++ tss2-1234-new/utils/policymaker.c 2018-10-18 12:34:34.991755536 -0700
|
||||||
|
@@ -208,10 +208,10 @@
|
||||||
|
}
|
||||||
|
/* hash extend */
|
||||||
|
if ((rc == 0) && (prc != NULL)) {
|
||||||
|
- TSS_Hash_Generate(&digest,
|
||||||
|
- startSizeInBytes, (uint8_t *)&digest.digest, /* extend */
|
||||||
|
- lineLength /2, lineBinary,
|
||||||
|
- 0, NULL);
|
||||||
|
+ rc = TSS_Hash_Generate(&digest,
|
||||||
|
+ startSizeInBytes, (uint8_t *)&digest.digest, /* extend */
|
||||||
|
+ lineLength /2, lineBinary,
|
||||||
|
+ 0, NULL);
|
||||||
|
}
|
||||||
|
if ((rc == 0) && (prc != NULL)) {
|
||||||
|
if (verbose) TSS_PrintAll("intermediate policy digest",
|
File diff suppressed because it is too large
Load Diff
@ -3,24 +3,25 @@
|
|||||||
#
|
#
|
||||||
%{!?__global_ldflags: %global __global_ldflags -Wl,-z,relro}
|
%{!?__global_ldflags: %global __global_ldflags -Wl,-z,relro}
|
||||||
|
|
||||||
%global incname ibmtss
|
|
||||||
|
|
||||||
Name: tss2
|
Name: tss2
|
||||||
Version: 1.6.0
|
Version: 1331
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
Epoch: 1
|
|
||||||
Summary: IBM's TCG Software Stack (TSS) for TPM 2.0 and related utilities
|
Summary: IBM's TCG Software Stack (TSS) for TPM 2.0 and related utilities
|
||||||
|
|
||||||
|
Group: Applications/System
|
||||||
License: BSD
|
License: BSD
|
||||||
URL: http://sourceforge.net/projects/ibmtpm20tss/
|
URL: http://sourceforge.net/projects/ibmtpm20tss/
|
||||||
Source0: https://sourceforge.net/projects/ibmtpm20tss/files/ibmtss%{version}.tar.gz
|
Source0: https://sourceforge.net/projects/ibmtpm20tss/files/ibmtss%{version}.tar.gz
|
||||||
Patch0: tss2-1.6.0-manpage-cleanup.patch
|
|
||||||
|
|
||||||
BuildRequires: automake
|
Patch4: flags-fixup.patch
|
||||||
BuildRequires: autoconf
|
# reported upstream https://sourceforge.net/p/ibmtpm20tss/mailman/message/36444738/
|
||||||
BuildRequires: libtool
|
# and reported fixed, but not yet pushed to sourceforge.
|
||||||
BuildRequires: gcc
|
Patch5: hash_generate.patch
|
||||||
|
# Submitted upstream
|
||||||
|
Patch6: 0001-tss2-fix-bounds-check-in-IMA_Event_PcrExtend.patch
|
||||||
|
|
||||||
BuildRequires: openssl-devel
|
BuildRequires: openssl-devel
|
||||||
|
BuildRequires: gcc
|
||||||
Requires: openssl
|
Requires: openssl
|
||||||
|
|
||||||
%description
|
%description
|
||||||
@ -34,47 +35,70 @@ education and debugging.
|
|||||||
|
|
||||||
%package devel
|
%package devel
|
||||||
Summary: Development libraries and headers for IBM's TSS 2.0
|
Summary: Development libraries and headers for IBM's TSS 2.0
|
||||||
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
|
Group: Development/Libraries
|
||||||
|
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||||
|
|
||||||
%description devel
|
%description devel
|
||||||
Development libraries and headers for IBM's TSS 2.0. You will need this in
|
Development libraries and headers for IBM's TSS 2.0. You will need this in
|
||||||
order to build TSS 2.0 applications.
|
order to build TSS 2.0 applications.
|
||||||
|
|
||||||
|
%define incname ibmtss
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%autosetup -p1 -c %{name}-%{version}
|
%autosetup -p1 -c %{name}-%{version}
|
||||||
|
|
||||||
%build
|
%build
|
||||||
autoreconf -vi
|
# nonstandard variable names are used in place of CFLAGS and LDFLAGS
|
||||||
%configure --disable-static --disable-tpm-1.2 --program-prefix=tss
|
pushd utils
|
||||||
CCFLAGS="%{optflags}" \
|
CCFLAGS="%{optflags}" \
|
||||||
LNFLAGS="%{__global_ldflags}" \
|
LNFLAGS="%{__global_ldflags}" \
|
||||||
%{make_build}
|
make -f makefile.fedora %{?_smp_mflags}
|
||||||
|
popd
|
||||||
|
|
||||||
%install
|
%install
|
||||||
%make_install
|
# Prefix for namespacing
|
||||||
find %{buildroot} -type f -name "*.la" -delete -print
|
BIN_PREFIX=tss
|
||||||
|
mkdir -p %{buildroot}/%{_bindir}
|
||||||
|
mkdir -p %{buildroot}/%{_libdir}
|
||||||
|
mkdir -p %{buildroot}/%{_includedir}/%{incname}/
|
||||||
|
mkdir -p %{buildroot}/%{_mandir}/man1
|
||||||
|
pushd utils
|
||||||
|
# Pick out executables and copy with namespacing
|
||||||
|
for f in *; do
|
||||||
|
if [[ -x $f && -f $f && ! $f =~ .*\..* ]]; then
|
||||||
|
cp -p $f %{buildroot}/%{_bindir}/${BIN_PREFIX}$f
|
||||||
|
fi;
|
||||||
|
done
|
||||||
|
cp -p *.so.1.1 %{buildroot}/%{_libdir}
|
||||||
|
cp -p %{incname}/*.h %{buildroot}/%{_includedir}/%{incname}/
|
||||||
|
cp -p man/man1/tss*.1 %{buildroot}/%{_mandir}/man1/
|
||||||
|
popd
|
||||||
|
|
||||||
%ldconfig_scriptlets
|
|
||||||
|
# Make symbolic links to the shared lib
|
||||||
|
pushd %{buildroot}/%{_libdir}
|
||||||
|
rm -f libibmtss.so.1
|
||||||
|
ln -sf libibmtss.so.1.1 libibmtss.so.1
|
||||||
|
rm -f libibmtss.so
|
||||||
|
ln -sf libibmtss.so.1 libibmtss.so
|
||||||
|
popd
|
||||||
|
|
||||||
|
%post -p /sbin/ldconfig
|
||||||
|
%postun -p /sbin/ldconfig
|
||||||
|
|
||||||
%files
|
%files
|
||||||
%license LICENSE
|
%license LICENSE
|
||||||
%{_bindir}/tss*
|
%{_bindir}/tss*
|
||||||
%{_libdir}/libibmtss.so.*
|
%{_libdir}/libibmtss.so.1
|
||||||
%{_libdir}/libibmtssutils.so.*
|
%{_libdir}/libibmtss.so.1.*
|
||||||
%attr(0644, root, root) %{_mandir}/man1/tss*.1*
|
%attr(0644, root, root) %{_mandir}/man1/tss*.1*
|
||||||
|
|
||||||
%files devel
|
%files devel
|
||||||
%{_includedir}/%{incname}
|
%{_includedir}/%{incname}
|
||||||
%{_libdir}/libibmtss.so
|
%{_libdir}/libibmtss.so
|
||||||
%{_libdir}/libibmtssutils.so
|
|
||||||
%doc ibmtss.doc
|
%doc ibmtss.doc
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Tue May 18 2021 Jerry Snitselaar <jsnitsel@redhat.com> - 1.6.0-1
|
|
||||||
- Rebase to v1.6.0 release.
|
|
||||||
- Manpage cleanup.
|
|
||||||
resolves: rhbz#1822073
|
|
||||||
|
|
||||||
* Thu Jun 06 2019 Jerry Snitselaar <jsnitsel@redhat.com> - 1331-2
|
* Thu Jun 06 2019 Jerry Snitselaar <jsnitsel@redhat.com> - 1331-2
|
||||||
- Fix bounds check in IMA_Event_PcrExtend
|
- Fix bounds check in IMA_Event_PcrExtend
|
||||||
resolves: rhbz#1669239
|
resolves: rhbz#1669239
|
||||||
|
Loading…
Reference in New Issue
Block a user