Compare commits

...

No commits in common. "c8" and "c8-beta" have entirely different histories.
c8 ... c8-beta

7 changed files with 133 additions and 1561 deletions

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/ibmtss1.6.0.tar.gz SOURCES/ibmtss1331.tar.gz

View File

@ -1 +1 @@
fcd86e864f69443f72ecbf18f26e39844aefee44 SOURCES/ibmtss1.6.0.tar.gz 39a13864ad42cafae27683fa52bc1d5d21dad39c SOURCES/ibmtss1331.tar.gz

View File

@ -0,0 +1,31 @@
From 8f232900d3b8f8af65a029f49c17ee53d3cca122 Mon Sep 17 00:00:00 2001
From: Jerry Snitselaar <jsnitsel@redhat.com>
Date: Thu, 6 Jun 2019 14:53:18 -0700
Subject: [PATCH] tss2: fix bounds check in IMA_Event_PcrExtend
pcrs is declared with IMPLEMENTATION_PCR elements,
so the index bounds check should be >= IMPLEMENTATION_PCR
since indexing at value IMPLEMENTATION_PCR would be off the
end of the array. This was flagged by coverity.
Signed-off-by: Jerry Snitselaar <jsnitsel@redhat.com>
---
utils/imalib.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/utils/imalib.c b/utils/imalib.c
index 4957c1b..a841cd6 100644
--- a/utils/imalib.c
+++ b/utils/imalib.c
@@ -1306,7 +1306,7 @@ uint32_t IMA_Event_PcrExtend(TPMT_HA pcrs[IMA_PCR_BANKS][IMPLEMENTATION_PCR],
/* validate PCR number */
if (rc == 0) {
- if (imaEvent->pcrIndex > IMPLEMENTATION_PCR) {
+ if (imaEvent->pcrIndex >= IMPLEMENTATION_PCR) {
printf("ERROR: IMA_Event_PcrExtend: PCR number %u out of range\n", imaEvent->pcrIndex);
rc = TSS_RC_BAD_PROPERTY;
}
--
2.21.0

33
SOURCES/flags-fixup.patch Normal file
View File

@ -0,0 +1,33 @@
diff -ur tss2-1234/utils/makefile-common tss2-1234-new/utils/makefile-common
--- tss2-1234/utils/makefile-common 2018-05-29 12:00:46.000000000 -0700
+++ tss2-1234-new/utils/makefile-common 2018-10-02 15:10:20.783078580 -0700
@@ -44,7 +44,7 @@
CCFLAGS += \
-Wall -W -Wmissing-declarations -Wmissing-prototypes -Wnested-externs \
-Wformat=2 -Wold-style-definition -Wno-self-assign \
- -ggdb -O0 -c
+ -ggdb -c
# to compile with optimizations on (warning will result)
# -O3 -c
diff -ur tss2-1234/utils/makefile.fedora tss2-1234-new/utils/makefile.fedora
--- tss2-1234/utils/makefile.fedora 2018-05-15 10:07:20.000000000 -0700
+++ tss2-1234-new/utils/makefile.fedora 2018-10-02 15:11:33.909083615 -0700
@@ -71,7 +71,7 @@
# compile - common flags for TSS library and applications
-CCFLAGS += -DTPM_POSIX
+CCFLAGS += -DTPM_POSIX -DTPM_INTERFACE_TYPE_DEFAULT="\"dev\"" -DTPM_DEVICE_DEFAULT="\"/dev/tpmrm0\""
# example of pointing to a locally built openssl 1.1
# CCFLAGS += -I/home/kgold/openssl-1.1.0c/include
@@ -119,7 +119,7 @@
LNLFLAGS += -shared -Wl,-z,now
# This is an alternative to using the bfd linker on Ubuntu
-# LNLLIBS += -lcrypto
+LNLLIBS += -lcrypto
# link - for applications, TSS path, TSS and OpenSSl libraries

View File

@ -0,0 +1,18 @@
diff -ur tss2-1234/utils/policymaker.c tss2-1234-new/utils/policymaker.c
--- tss2-1234/utils/policymaker.c 2018-10-18 12:16:59.742439220 -0700
+++ tss2-1234-new/utils/policymaker.c 2018-10-18 12:34:34.991755536 -0700
@@ -208,10 +208,10 @@
}
/* hash extend */
if ((rc == 0) && (prc != NULL)) {
- TSS_Hash_Generate(&digest,
- startSizeInBytes, (uint8_t *)&digest.digest, /* extend */
- lineLength /2, lineBinary,
- 0, NULL);
+ rc = TSS_Hash_Generate(&digest,
+ startSizeInBytes, (uint8_t *)&digest.digest, /* extend */
+ lineLength /2, lineBinary,
+ 0, NULL);
}
if ((rc == 0) && (prc != NULL)) {
if (verbose) TSS_PrintAll("intermediate policy digest",

File diff suppressed because it is too large Load Diff

View File

@ -3,24 +3,25 @@
# #
%{!?__global_ldflags: %global __global_ldflags -Wl,-z,relro} %{!?__global_ldflags: %global __global_ldflags -Wl,-z,relro}
%global incname ibmtss
Name: tss2 Name: tss2
Version: 1.6.0 Version: 1331
Release: 1%{?dist} Release: 2%{?dist}
Epoch: 1
Summary: IBM's TCG Software Stack (TSS) for TPM 2.0 and related utilities Summary: IBM's TCG Software Stack (TSS) for TPM 2.0 and related utilities
Group: Applications/System
License: BSD License: BSD
URL: http://sourceforge.net/projects/ibmtpm20tss/ URL: http://sourceforge.net/projects/ibmtpm20tss/
Source0: https://sourceforge.net/projects/ibmtpm20tss/files/ibmtss%{version}.tar.gz Source0: https://sourceforge.net/projects/ibmtpm20tss/files/ibmtss%{version}.tar.gz
Patch0: tss2-1.6.0-manpage-cleanup.patch
BuildRequires: automake Patch4: flags-fixup.patch
BuildRequires: autoconf # reported upstream https://sourceforge.net/p/ibmtpm20tss/mailman/message/36444738/
BuildRequires: libtool # and reported fixed, but not yet pushed to sourceforge.
BuildRequires: gcc Patch5: hash_generate.patch
# Submitted upstream
Patch6: 0001-tss2-fix-bounds-check-in-IMA_Event_PcrExtend.patch
BuildRequires: openssl-devel BuildRequires: openssl-devel
BuildRequires: gcc
Requires: openssl Requires: openssl
%description %description
@ -34,47 +35,70 @@ education and debugging.
%package devel %package devel
Summary: Development libraries and headers for IBM's TSS 2.0 Summary: Development libraries and headers for IBM's TSS 2.0
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release} Group: Development/Libraries
Requires: %{name}%{?_isa} = %{version}-%{release}
%description devel %description devel
Development libraries and headers for IBM's TSS 2.0. You will need this in Development libraries and headers for IBM's TSS 2.0. You will need this in
order to build TSS 2.0 applications. order to build TSS 2.0 applications.
%define incname ibmtss
%prep %prep
%autosetup -p1 -c %{name}-%{version} %autosetup -p1 -c %{name}-%{version}
%build %build
autoreconf -vi # nonstandard variable names are used in place of CFLAGS and LDFLAGS
%configure --disable-static --disable-tpm-1.2 --program-prefix=tss pushd utils
CCFLAGS="%{optflags}" \ CCFLAGS="%{optflags}" \
LNFLAGS="%{__global_ldflags}" \ LNFLAGS="%{__global_ldflags}" \
%{make_build} make -f makefile.fedora %{?_smp_mflags}
popd
%install %install
%make_install # Prefix for namespacing
find %{buildroot} -type f -name "*.la" -delete -print BIN_PREFIX=tss
mkdir -p %{buildroot}/%{_bindir}
mkdir -p %{buildroot}/%{_libdir}
mkdir -p %{buildroot}/%{_includedir}/%{incname}/
mkdir -p %{buildroot}/%{_mandir}/man1
pushd utils
# Pick out executables and copy with namespacing
for f in *; do
if [[ -x $f && -f $f && ! $f =~ .*\..* ]]; then
cp -p $f %{buildroot}/%{_bindir}/${BIN_PREFIX}$f
fi;
done
cp -p *.so.1.1 %{buildroot}/%{_libdir}
cp -p %{incname}/*.h %{buildroot}/%{_includedir}/%{incname}/
cp -p man/man1/tss*.1 %{buildroot}/%{_mandir}/man1/
popd
%ldconfig_scriptlets
# Make symbolic links to the shared lib
pushd %{buildroot}/%{_libdir}
rm -f libibmtss.so.1
ln -sf libibmtss.so.1.1 libibmtss.so.1
rm -f libibmtss.so
ln -sf libibmtss.so.1 libibmtss.so
popd
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
%files %files
%license LICENSE %license LICENSE
%{_bindir}/tss* %{_bindir}/tss*
%{_libdir}/libibmtss.so.* %{_libdir}/libibmtss.so.1
%{_libdir}/libibmtssutils.so.* %{_libdir}/libibmtss.so.1.*
%attr(0644, root, root) %{_mandir}/man1/tss*.1* %attr(0644, root, root) %{_mandir}/man1/tss*.1*
%files devel %files devel
%{_includedir}/%{incname} %{_includedir}/%{incname}
%{_libdir}/libibmtss.so %{_libdir}/libibmtss.so
%{_libdir}/libibmtssutils.so
%doc ibmtss.doc %doc ibmtss.doc
%changelog %changelog
* Tue May 18 2021 Jerry Snitselaar <jsnitsel@redhat.com> - 1.6.0-1
- Rebase to v1.6.0 release.
- Manpage cleanup.
resolves: rhbz#1822073
* Thu Jun 06 2019 Jerry Snitselaar <jsnitsel@redhat.com> - 1331-2 * Thu Jun 06 2019 Jerry Snitselaar <jsnitsel@redhat.com> - 1331-2
- Fix bounds check in IMA_Event_PcrExtend - Fix bounds check in IMA_Event_PcrExtend
resolves: rhbz#1669239 resolves: rhbz#1669239