diff --git a/0000-disable-test_tpm2_swtpm_localca_pkcs11.test.patch b/0000-disable-test_tpm2_swtpm_localca_pkcs11.test.patch new file mode 100644 index 0000000..4fa3e4a --- /dev/null +++ b/0000-disable-test_tpm2_swtpm_localca_pkcs11.test.patch @@ -0,0 +1,25 @@ +From 5f54b90c87da3954ae400b5219bcd9d2064ba4c8 Mon Sep 17 00:00:00 2001 +From: yezengruan +Date: Mon, 6 Feb 2023 10:56:44 +0800 +Subject: [PATCH] disable test_tpm2_swtpm_localca_pkcs11.test + +Signed-off-by: yezengruan +--- + tests/Makefile.am | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/tests/Makefile.am b/tests/Makefile.am +index 4c601b8..2e523b5 100644 +--- a/tests/Makefile.am ++++ b/tests/Makefile.am +@@ -94,7 +94,6 @@ TESTS += \ + test_tpm2_swtpm_cert \ + test_tpm2_swtpm_cert_ecc \ + test_tpm2_swtpm_localca \ +- test_tpm2_swtpm_localca_pkcs11.test \ + test_tpm2_swtpm_setup_create_cert + + if HAVE_TCSD +-- +2.27.0 + diff --git a/0000-rename-deprecated-libtasn1-types-to-fix-build-error.patch b/0000-rename-deprecated-libtasn1-types-to-fix-build-error.patch deleted file mode 100644 index c60c460..0000000 --- a/0000-rename-deprecated-libtasn1-types-to-fix-build-error.patch +++ /dev/null @@ -1,114 +0,0 @@ -From 0b0041bda9df8bf704d7aff8c32da0d18cd9eb28 Mon Sep 17 00:00:00 2001 -From: Jonas Witschel -Date: Wed, 19 May 2021 10:30:41 +0200 -Subject: [PATCH] swtpm_cert: rename deprecated libtasn1 types - -These types have been renamed in libtasn1 version 3.0 (released 2012-10-28). -The most recent libtasn1 version 4.17.0 (released 2021-05-13) now prints -deprecation warnings that are made fatal by -Werror: - -ek-cert.c:76:13: error: 'ASN1_ARRAY_TYPE' macro is deprecated, use 'asn1_static_node' instead. [-Werror] - 76 | extern const ASN1_ARRAY_TYPE tpm_asn1_tab[]; -|^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -[...] - -The new types were introduced almost ten years ago, so they should be pretty -universally available by now. - -Signed-off-by: Jonas Witschel ---- -src/swtpm_cert/ek-cert.c | 24 ++++++++++++------------ -1 file changed, 12 insertions(+), 12 deletions(-) - -diff --git a/src/swtpm_cert/ek-cert.c b/src/swtpm_cert/ek-cert.c -index 651d60f..cc1ec43 100644 ---- a/src/swtpm_cert/ek-cert.c -+++ b/src/swtpm_cert/ek-cert.c -@@ -72,9 +72,9 @@ enum cert_type_t { - #define ALLOW_SIGNING_F 2 /* EK can be used for signing */ - #define DECRYPTION_F 4 /* EK can be used for decryption; default */ - --extern const ASN1_ARRAY_TYPE tpm_asn1_tab[]; -+extern const asn1_static_node tpm_asn1_tab[]; - --ASN1_TYPE _tpm_asn; -+asn1_node _tpm_asn; - - typedef struct tdTCG_PCCLIENT_STORED_CERT { - uint16_t tag; -@@ -318,7 +318,7 @@ asn_free(void) - } - - static int --encode_asn1(gnutls_datum_t *asn1, ASN1_TYPE at) -+encode_asn1(gnutls_datum_t *asn1, asn1_node at) - { - int err; - -@@ -346,7 +346,7 @@ encode_asn1(gnutls_datum_t *asn1, ASN1_TYPE at) - } - - static int --build_tpm_manufacturer_info(ASN1_TYPE *at, -+build_tpm_manufacturer_info(asn1_node *at, - const char *manufacturer, - const char *tpm_model, - const char *tpm_version) -@@ -428,7 +428,7 @@ create_tpm_manufacturer_info(const char *manufacturer, - const char *tpm_version, - gnutls_datum_t *asn1) - { -- ASN1_TYPE at = ASN1_TYPE_EMPTY; -+ asn1_node at = NULL; - int err; - - err = asn_init(); -@@ -460,7 +460,7 @@ create_tpm_manufacturer_info(const char *manufacturer, - } - - static int --build_platf_manufacturer_info(ASN1_TYPE *at, -+build_platf_manufacturer_info(asn1_node *at, - const char *manufacturer, - const char *platf_model, - const char *platf_version, -@@ -554,7 +554,7 @@ create_platf_manufacturer_info(const char *manufacturer, - gnutls_datum_t *asn1, - bool forTPM2) - { -- ASN1_TYPE at = ASN1_TYPE_EMPTY; -+ asn1_node at = NULL; - int err; - - err = asn_init(); -@@ -597,9 +597,9 @@ create_tpm_and_platform_manuf_info( - gnutls_datum_t *asn1, - bool forTPM2) - { -- ASN1_TYPE at = ASN1_TYPE_EMPTY; -- ASN1_TYPE tpm_at = ASN1_TYPE_EMPTY; -- ASN1_TYPE platf_at = ASN1_TYPE_EMPTY; -+ asn1_node at = NULL; -+ asn1_node tpm_at = NULL; -+ asn1_node platf_at = NULL; - int err; - gnutls_datum_t datum = { - .data = NULL, -@@ -710,7 +710,7 @@ create_tpm_specification_info(const char *spec_family, - unsigned int spec_revision, - gnutls_datum_t *asn1) - { -- ASN1_TYPE at = ASN1_TYPE_EMPTY; -+ asn1_node at = NULL; - int err; - unsigned int bigendian; - unsigned char twoscomp[1 + sizeof(bigendian)] = { 0, }; -@@ -782,7 +782,7 @@ create_tpm_specification_info(const char *spec_family, - static int - create_cert_extended_key_usage(const char *oid, gnutls_datum_t *asn1) - { -- ASN1_TYPE at = ASN1_TYPE_EMPTY; -+ asn1_node at = NULL; - int err; - - err = asn_init(); diff --git a/0001-swtpm-Check-header-size-indicator-against-expected-s.patch b/0001-swtpm-Check-header-size-indicator-against-expected-s.patch deleted file mode 100644 index 7d6b4d7..0000000 --- a/0001-swtpm-Check-header-size-indicator-against-expected-s.patch +++ /dev/null @@ -1,51 +0,0 @@ -From c518445f9fddc786f191f4f5926bf483fa2bd1ff Mon Sep 17 00:00:00 2001 -From: Stefan Berger -Date: Wed, 16 Feb 2022 11:17:47 -0500 -Subject: [PATCH] swtpm: Check header size indicator against expected size (CID - 375869) - -This fix addresses Coverity issue CID 375869 (CVE-2022-23645). - -Check the header size indicated in the header of the state against the -expected size and return an error code in case the header size indicator -is different. There was only one header size so far since blobheader was -introduced, so we don't need to deal with different sizes. - -Without this fix a specially crafted header could cause out-of-bounds -accesses on the byte array containing the swtpm's state. - -Signed-off-by: Stefan Berger ---- - src/swtpm/swtpm_nvfile.c | 11 ++++++++++- - 1 file changed, 10 insertions(+), 1 deletion(-) - -diff --git a/src/swtpm/swtpm_nvfile.c b/src/swtpm/swtpm_nvfile.c -index dc7cfbf1..0efb9da8 100644 ---- a/src/swtpm/swtpm_nvfile.c -+++ b/src/swtpm/swtpm_nvfile.c -@@ -1260,6 +1260,7 @@ SWTPM_NVRAM_CheckHeader(unsigned char *data, uint32_t length, - uint8_t *hdrversion, bool quiet) - { - blobheader *bh = (blobheader *)data; -+ uint16_t hdrsize; - - if (length < sizeof(bh)) { - if (!quiet) -@@ -1285,8 +1286,16 @@ SWTPM_NVRAM_CheckHeader(unsigned char *data, uint32_t length, - return TPM_BAD_VERSION; - } - -+ hdrsize = ntohs(bh->hdrsize); -+ if (hdrsize != sizeof(blobheader)) { -+ logprintf(STDERR_FILENO, -+ "bad header size: %u != %zu\n", -+ hdrsize, sizeof(blobheader)); -+ return TPM_BAD_DATASIZE; -+ } -+ - *hdrversion = bh->version; -- *dataoffset = ntohs(bh->hdrsize); -+ *dataoffset = hdrsize; - *hdrflags = ntohs(bh->flags); - - return TPM_SUCCESS; diff --git a/0002-swtpm-Write-state-files-atomically-using-file-renami.patch b/0002-swtpm-Write-state-files-atomically-using-file-renami.patch deleted file mode 100644 index be3cbbf..0000000 --- a/0002-swtpm-Write-state-files-atomically-using-file-renami.patch +++ /dev/null @@ -1,164 +0,0 @@ -From b3a5dde7f5a8874084f978ea698a749d858e769a Mon Sep 17 00:00:00 2001 -From: Stefan Berger -Date: Fri, 2 Oct 2020 16:29:18 -0400 -Subject: [PATCH 1/5] swtpm: Write state files atomically using file renaming - -To support writing state files atomically we first write into -a temporary file and then rename it. - -Signed-off-by: Stefan Berger ---- - src/swtpm/swtpm_nvfile.c | 59 ++++++++++++++++++++++++++++++---------- - 1 file changed, 45 insertions(+), 14 deletions(-) - -diff --git a/src/swtpm/swtpm_nvfile.c b/src/swtpm/swtpm_nvfile.c -index 6f3f937..3b928d0 100644 ---- a/src/swtpm/swtpm_nvfile.c -+++ b/src/swtpm/swtpm_nvfile.c -@@ -132,7 +132,8 @@ static unsigned char *g_ivec; - static TPM_RESULT SWTPM_NVRAM_GetFilenameForName(char *filename, - size_t bufsize, - uint32_t tpm_number, -- const char *name); -+ const char *name, -+ bool is_tempfile); - - static TPM_RESULT SWTPM_NVRAM_EncryptData(const encryptionkey *key, - tlv_data *td, -@@ -312,7 +313,7 @@ SWTPM_NVRAM_LoadData(unsigned char **data, /* freed by caller */ - if (rc == 0) { - /* map name to the rooted filename */ - rc = SWTPM_NVRAM_GetFilenameForName(filename, sizeof(filename), -- tpm_number, name); -+ tpm_number, name, false); - } - - if (rc == 0) { -@@ -473,6 +474,7 @@ SWTPM_NVRAM_StoreData_Intern(const unsigned char *data, - uint32_t lrc; - int irc; - FILE *file = NULL; -+ char tmpfile[FILENAME_MAX]; /* rooted temporary file */ - char filename[FILENAME_MAX]; /* rooted file name from name */ - unsigned char *filedata = NULL; - uint32_t filedata_length = 0; -@@ -484,16 +486,24 @@ SWTPM_NVRAM_StoreData_Intern(const unsigned char *data, - if (rc == 0) { - /* map name to the rooted filename */ - rc = SWTPM_NVRAM_GetFilenameForName(filename, sizeof(filename), -- tpm_number, name); -+ tpm_number, name, false); - } -+ -+ if (rc == 0) { -+ /* map name to the rooted temporary file */ -+ rc = SWTPM_NVRAM_GetFilenameForName(tmpfile, sizeof(tmpfile), -+ tpm_number, name, true); -+ } -+ -+ - if (rc == 0) { - /* open the file */ -- TPM_DEBUG(" SWTPM_NVRAM_StoreData: Opening file %s\n", filename); -- file = fopen(filename, "wb"); /* closed @1 */ -+ TPM_DEBUG(" SWTPM_NVRAM_StoreData: Opening file %s\n", tmpfile); -+ file = fopen(tmpfile, "wb"); /* closed @1 */ - if (file == NULL) { - logprintf(STDERR_FILENO, - "SWTPM_NVRAM_StoreData: Error (fatal) opening %s for " -- "write failed, %s\n", filename, strerror(errno)); -+ "write failed, %s\n", tmpfile, strerror(errno)); - rc = TPM_FAIL; - } - } -@@ -502,7 +512,7 @@ SWTPM_NVRAM_StoreData_Intern(const unsigned char *data, - if (fchmod(fileno(file), tpmstate_get_mode()) < 0) { - logprintf(STDERR_FILENO, - "SWTPM_NVRAM_StoreData: Could not fchmod %s : %s\n", -- filename, strerror(errno)); -+ tmpfile, strerror(errno)); - rc = TPM_FAIL; - } - } -@@ -548,7 +558,7 @@ SWTPM_NVRAM_StoreData_Intern(const unsigned char *data, - } - } - if (file != NULL) { -- TPM_DEBUG(" SWTPM_NVRAM_StoreData: Closing file %s\n", filename); -+ TPM_DEBUG(" SWTPM_NVRAM_StoreData: Closing file %s\n", tmpfile); - irc = fclose(file); /* @1 */ - if (irc != 0) { - logprintf(STDERR_FILENO, -@@ -556,12 +566,24 @@ SWTPM_NVRAM_StoreData_Intern(const unsigned char *data, - rc = TPM_FAIL; - } - else { -- TPM_DEBUG(" SWTPM_NVRAM_StoreData: Closed file %s\n", filename); -+ TPM_DEBUG(" SWTPM_NVRAM_StoreData: Closed file %s\n", tmpfile); -+ } -+ } -+ -+ if (rc == 0 && file != NULL) { -+ irc = rename(tmpfile, filename); -+ if (irc != 0) { -+ logprintf(STDERR_FILENO, -+ "SWTPM_NVRAM_StoreData: Error (fatal) renaming file: %s\n", -+ strerror(errno)); -+ rc = TPM_FAIL; -+ } else { -+ TPM_DEBUG(" SWTPM_NVRAM_StoreData: Renamed file to %s\n", filename); - } - } - - if (rc != 0 && file != NULL) { -- unlink(filename); -+ unlink(tmpfile); - } - - tlv_data_free(td, td_len); -@@ -585,12 +607,16 @@ TPM_RESULT SWTPM_NVRAM_StoreData(const unsigned char *data, - The filename is of the form: - - state_directory/tpm_number.name -+ -+ A temporary filename used to write to may be created. It shold be rename()'d to -+ the non-temporary filename. - */ - - static TPM_RESULT SWTPM_NVRAM_GetFilenameForName(char *filename, /* output: rooted filename */ - size_t bufsize, - uint32_t tpm_number, -- const char *name) /* input: abstract name */ -+ const char *name, /* input: abstract name */ -+ bool is_tempfile) /* input: is temporary file? */ - { - TPM_RESULT res = TPM_SUCCESS; - int n; -@@ -606,8 +632,13 @@ static TPM_RESULT SWTPM_NVRAM_GetFilenameForName(char *filename, /* outpu - break; - } - -- n = snprintf(filename, bufsize, "%s/tpm%s-%02lx.%s", -- state_directory, suffix, (unsigned long)tpm_number, name); -+ if (is_tempfile) { -+ n = snprintf(filename, bufsize, "%s/TMP%s-%02lx.%s", -+ state_directory, suffix, (unsigned long)tpm_number, name); -+ } else { -+ n = snprintf(filename, bufsize, "%s/tpm%s-%02lx.%s", -+ state_directory, suffix, (unsigned long)tpm_number, name); -+ } - if ((size_t)n > bufsize) { - res = TPM_FAIL; - } -@@ -638,7 +669,7 @@ TPM_RESULT SWTPM_NVRAM_DeleteName(uint32_t tpm_number, - TPM_DEBUG(" SWTPM_NVRAM_DeleteName: Name %s\n", name); - /* map name to the rooted filename */ - rc = SWTPM_NVRAM_GetFilenameForName(filename, sizeof(filename), -- tpm_number, name); -+ tpm_number, name, false); - if (rc == 0) { - irc = remove(filename); - if ((irc != 0) && /* if the remove failed */ --- -2.27.0 - diff --git a/0003-swtpm_cert-Switch-to-open-from-fopen-for-writing-cer.patch b/0003-swtpm_cert-Switch-to-open-from-fopen-for-writing-cer.patch deleted file mode 100644 index b7894bb..0000000 --- a/0003-swtpm_cert-Switch-to-open-from-fopen-for-writing-cer.patch +++ /dev/null @@ -1,77 +0,0 @@ -From ba12415fca1a3891a1386698eab09735a025d7ea Mon Sep 17 00:00:00 2001 -From: Stefan Berger -Date: Sun, 8 Nov 2020 21:40:35 -0500 -Subject: [PATCH 2/5] swtpm_cert: Switch to open() from fopen() for writing - certificate - -Switch to open from fopen() and make sure we do not follow symlinks. - -Signed-off-by: Stefan Berger ---- - src/swtpm_cert/ek-cert.c | 18 ++++++++++-------- - 1 file changed, 10 insertions(+), 8 deletions(-) - -diff --git a/src/swtpm_cert/ek-cert.c b/src/swtpm_cert/ek-cert.c -index 651d60f..0e0b4b1 100644 ---- a/src/swtpm_cert/ek-cert.c -+++ b/src/swtpm_cert/ek-cert.c -@@ -51,6 +51,7 @@ - #include - #include - #include -+#include - - #include - -@@ -995,7 +996,7 @@ main(int argc, char *argv[]) - unsigned long long serial = 1; - time_t now; - int err; -- FILE *cert_file; -+ int cert_file_fd; - const char *subject = NULL; - const char *error = NULL; - int days = 365; -@@ -1675,8 +1676,9 @@ if (_err != GNUTLS_E_SUCCESS) { \ - ? GNUTLS_X509_FMT_PEM - : GNUTLS_X509_FMT_DER, &out); - if (cert_filename) { -- cert_file = fopen(cert_filename, "wb"); -- if (cert_file == NULL) { -+ cert_file_fd = open(cert_filename, O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW, -+ S_IRUSR|S_IWUSR); -+ if (cert_file_fd < 0) { - fprintf(stderr, "Could not open %s for writing the certificate: %s\n", - cert_filename, - strerror(errno)); -@@ -1691,22 +1693,22 @@ if (_err != GNUTLS_E_SUCCESS) { \ - }, - .tag = htobe16(TCG_TAG_PCCLIENT_FULL_CERT), - }; -- if (sizeof(hdr) != fwrite(&hdr, 1, sizeof(hdr), cert_file)) { -+ if (sizeof(hdr) != write(cert_file_fd, &hdr, sizeof(hdr))) { - fprintf(stderr, "Could not write certificate header: %s\n", - strerror(errno)); -- fclose(cert_file); -+ close(cert_file_fd); - unlink(cert_filename); - goto cleanup; - } - } -- if (out.size != fwrite(out.data, 1, out.size, cert_file)) { -+ if ((ssize_t)out.size != write(cert_file_fd, out.data, out.size)) { - fprintf(stderr, "Could not write certificate into file: %s\n", - strerror(errno)); -- fclose(cert_file); -+ close(cert_file_fd); - unlink(cert_filename); - goto cleanup; - } -- fclose(cert_file); -+ close(cert_file_fd); - } else { - fprintf(stdout, "%s\n", out.data); - } --- -2.27.0 - diff --git a/0004-swtpm-Do-not-follow-symlinks-when-opening-lockfile-C.patch b/0004-swtpm-Do-not-follow-symlinks-when-opening-lockfile-C.patch deleted file mode 100644 index 98510ed..0000000 --- a/0004-swtpm-Do-not-follow-symlinks-when-opening-lockfile-C.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 15a0b58ca43ccbae26d1a1e7718d7d8bd2c2add2 Mon Sep 17 00:00:00 2001 -From: Stefan Berger -Date: Sun, 8 Nov 2020 21:45:40 -0500 -Subject: [PATCH 3/5] swtpm: Do not follow symlinks when opening lockfile - (CVE-2020-28407) - -This patch addresses CVE-2020-28407. - -Prevent us from following symliks when we open the lockfile -for writing. - -Signed-off-by: Stefan Berger ---- - src/swtpm/swtpm_nvfile.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/swtpm/swtpm_nvfile.c b/src/swtpm/swtpm_nvfile.c -index 3b928d0..8a6621b 100644 ---- a/src/swtpm/swtpm_nvfile.c -+++ b/src/swtpm/swtpm_nvfile.c -@@ -210,7 +210,7 @@ static TPM_RESULT SWTPM_NVRAM_Lock_Lockfile(const char *directory, - return TPM_FAIL; - } - -- *fd = open(lockfile, O_WRONLY|O_CREAT|O_TRUNC, 0660); -+ *fd = open(lockfile, O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW, 0660); - if (*fd < 0) { - logprintf(STDERR_FILENO, - "SWTPM_NVRAM_Lock_Lockfile: Could not open lockfile: %s\n", --- -2.27.0 - diff --git a/0005-swtpm-Switch-to-open-from-fopen-for-the-pidfile-CVE-.patch b/0005-swtpm-Switch-to-open-from-fopen-for-the-pidfile-CVE-.patch deleted file mode 100644 index fedcc02..0000000 --- a/0005-swtpm-Switch-to-open-from-fopen-for-the-pidfile-CVE-.patch +++ /dev/null @@ -1,103 +0,0 @@ -From 934603eb6adb2d646364132bbac7bdb30ccb97bf Mon Sep 17 00:00:00 2001 -From: Stefan Berger -Date: Sun, 8 Nov 2020 22:21:23 -0500 -Subject: [PATCH 4/5] swtpm: Switch to open() from fopen() for the pidfile - (CVE-2020-28407) - -This patch addresses CVE-2020-28407. - -Use the open() call rather than the fopen() call when creating a pidfile. -Also prevent us from following symbolic links when opening the pidfile for -writing. - -Signed-off-by: Stefan Berger ---- - src/swtpm/pidfile.c | 41 ++++++++++++++++++++++++++--------------- - 1 file changed, 26 insertions(+), 15 deletions(-) - -diff --git a/src/swtpm/pidfile.c b/src/swtpm/pidfile.c -index f9d18ad..afca5b0 100644 ---- a/src/swtpm/pidfile.c -+++ b/src/swtpm/pidfile.c -@@ -37,11 +37,13 @@ - - #include "config.h" - -+#include -+#include -+#include - #include - #include - #include - #include --#include - - #include "pidfile.h" - #include "logging.h" -@@ -77,40 +79,49 @@ int pidfile_set_fd(int newpidfilefd) - */ - int pidfile_write(pid_t pid) - { -- FILE *f; -+ int fd; -+ char buffer[32]; -+ ssize_t nwritten; - - if (g_pidfile) { -- f = fopen(g_pidfile, "w+"); -+ fd = open(g_pidfile, O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW, -+ S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH); - } else if (pidfilefd >= 0) { -- f = fdopen(pidfilefd, "w"); -- if (f) { -- g_pidfile = fd_to_filename(pidfilefd); -- if (!g_pidfile) -- goto error; -- } -+ fd = pidfilefd; -+ g_pidfile = fd_to_filename(pidfilefd); -+ if (!g_pidfile) -+ goto error; - } else { - return 0; - } - -- if (!f) { -+ if (fd < 0) { - logprintf(STDERR_FILENO, "Could not open pidfile %s : %s\n", - g_pidfile, strerror(errno)); - goto error; - } - -- if (fprintf(f, "%d", pid) < 0) { -+ if (snprintf(buffer, sizeof(buffer), "%d", pid) >= (int)sizeof(buffer)) { -+ logprintf(STDERR_FILENO, "Could not write pid to buffer\n"); -+ goto error_close; -+ } -+ -+ nwritten = write_full(fd, buffer, strlen(buffer)); -+ if (nwritten < 0 || nwritten != (ssize_t)strlen(buffer)) { - logprintf(STDERR_FILENO, "Could not write to pidfile : %s\n", - strerror(errno)); -- goto error; -+ goto error_close; - } - -- fclose(f); -+ close(fd); - - return 0; - -+error_close: -+ if (fd != pidfilefd) -+ close(fd); -+ - error: -- if (f) -- fclose(f); - return -1; - } - --- -2.27.0 - diff --git a/0006-swtpm-Use-open-not-fopen-when-accessing-statefile-CV.patch b/0006-swtpm-Use-open-not-fopen-when-accessing-statefile-CV.patch deleted file mode 100644 index fb7c3d7..0000000 --- a/0006-swtpm-Use-open-not-fopen-when-accessing-statefile-CV.patch +++ /dev/null @@ -1,211 +0,0 @@ -From 44eacbca5bdb4baba226551a60a4e2e474b491cc Mon Sep 17 00:00:00 2001 -From: Stefan Berger -Date: Sun, 8 Nov 2020 21:41:54 -0500 -Subject: [PATCH 5/5] swtpm: Use open() (not fopen()) when accessing statefile - (CVE-2020-28407) - -This patch addresses CVE-2020-28407. - -Use the open() call rather than the fopen() call when accessing -the statefile and make sure we do not follow symlinks using O_NOFOLLOW. - -The modification does not allow an attacker to create a symbolic link -with the name of the temporary file (TMP2-00.permall for TPM 2) and -have this point to a valueable file and swtpm ends up overwriting the -file. The success of the attack depends on the attacker having access -to the TPM's state directory (--tpmstate dir=...). - -Signed-off-by: Stefan Berger ---- - src/swtpm/swtpm_nvfile.c | 67 +++++++++++++--------------------------- - 1 file changed, 21 insertions(+), 46 deletions(-) - -diff --git a/src/swtpm/swtpm_nvfile.c b/src/swtpm/swtpm_nvfile.c -index 8a6621b..12f10b9 100644 ---- a/src/swtpm/swtpm_nvfile.c -+++ b/src/swtpm/swtpm_nvfile.c -@@ -88,6 +88,7 @@ - #include "tpmstate.h" - #include "tpmlib.h" - #include "tlv.h" -+#include "utils.h" - - /* local structures */ - typedef struct { -@@ -295,16 +296,16 @@ SWTPM_NVRAM_LoadData(unsigned char **data, /* freed by caller */ - const char *name) - { - TPM_RESULT rc = 0; -- long lrc; - size_t src; - int irc; -- FILE *file = NULL; -+ int fd = -1; - char filename[FILENAME_MAX]; /* rooted file name from name */ - unsigned char *decrypt_data = NULL; - uint32_t decrypt_length; - uint32_t dataoffset = 0; - uint8_t hdrversion = 0; - uint16_t hdrflags; -+ struct stat statbuf; - - TPM_DEBUG(" SWTPM_NVRAM_LoadData: From file %s\n", name); - *data = NULL; -@@ -318,8 +319,8 @@ SWTPM_NVRAM_LoadData(unsigned char **data, /* freed by caller */ - - if (rc == 0) { - TPM_DEBUG(" SWTPM_NVRAM_LoadData: Opening file %s\n", filename); -- file = fopen(filename, "rb"); /* closed @1 */ -- if (file == NULL) { /* if failure, determine cause */ -+ fd = open(filename, O_RDONLY); /* closed @1 */ -+ if (fd < 0) { /* if failure, determine cause */ - if (errno == ENOENT) { - TPM_DEBUG("SWTPM_NVRAM_LoadData: No such file %s\n", - filename); -@@ -335,7 +336,7 @@ SWTPM_NVRAM_LoadData(unsigned char **data, /* freed by caller */ - } - - if (rc == 0) { -- if (fchmod(fileno(file), tpmstate_get_mode()) < 0) { -+ if (fchmod(fd, tpmstate_get_mode()) < 0) { - logprintf(STDERR_FILENO, - "SWTPM_NVRAM_LoadData: Could not fchmod %s : %s\n", - filename, strerror(errno)); -@@ -345,34 +346,16 @@ SWTPM_NVRAM_LoadData(unsigned char **data, /* freed by caller */ - - /* determine the file length */ - if (rc == 0) { -- irc = fseek(file, 0L, SEEK_END); /* seek to end of file */ -+ irc = fstat(fd, &statbuf); - if (irc == -1L) { - logprintf(STDERR_FILENO, -- "SWTPM_NVRAM_LoadData: Error (fatal) fseek'ing %s, %s\n", -+ "SWTPM_NVRAM_LoadData: Error (fatal) fstat'ing %s, %s\n", - filename, strerror(errno)); - rc = TPM_FAIL; - } - } - if (rc == 0) { -- lrc = ftell(file); /* get position in the stream */ -- if (lrc == -1L) { -- logprintf(STDERR_FILENO, -- "SWTPM_NVRAM_LoadData: Error (fatal) ftell'ing %s, %s\n", -- filename, strerror(errno)); -- rc = TPM_FAIL; -- } -- else { -- *length = (uint32_t)lrc; /* save the length */ -- } -- } -- if (rc == 0) { -- irc = fseek(file, 0L, SEEK_SET); /* seek back to the beginning of the file */ -- if (irc == -1L) { -- logprintf(STDERR_FILENO, -- "SWTPM_NVRAM_LoadData: Error (fatal) fseek'ing %s, %s\n", -- filename, strerror(errno)); -- rc = TPM_FAIL; -- } -+ *length = statbuf.st_size; /* save the length */ - } - /* allocate a buffer for the actual data */ - if ((rc == 0) && *length != 0) { -@@ -387,7 +370,7 @@ SWTPM_NVRAM_LoadData(unsigned char **data, /* freed by caller */ - } - /* read the contents of the file into the data buffer */ - if ((rc == 0) && *length != 0) { -- src = fread(*data, 1, *length, file); -+ src = read(fd, *data, *length); - if (src != *length) { - logprintf(STDERR_FILENO, - "SWTPM_NVRAM_LoadData: Error (fatal), data read of %u " -@@ -396,9 +379,9 @@ SWTPM_NVRAM_LoadData(unsigned char **data, /* freed by caller */ - } - } - /* close the file */ -- if (file != NULL) { -+ if (fd >= 0) { - TPM_DEBUG(" SWTPM_NVRAM_LoadData: Closing file %s\n", filename); -- irc = fclose(file); /* @1 */ -+ irc = close(fd); /* @1 */ - if (irc != 0) { - logprintf(STDERR_FILENO, - "SWTPM_NVRAM_LoadData: Error (fatal) closing file %s\n", -@@ -473,7 +456,7 @@ SWTPM_NVRAM_StoreData_Intern(const unsigned char *data, - TPM_RESULT rc = 0; - uint32_t lrc; - int irc; -- FILE *file = NULL; -+ int fd = -1; - char tmpfile[FILENAME_MAX]; /* rooted temporary file */ - char filename[FILENAME_MAX]; /* rooted file name from name */ - unsigned char *filedata = NULL; -@@ -499,8 +482,9 @@ SWTPM_NVRAM_StoreData_Intern(const unsigned char *data, - if (rc == 0) { - /* open the file */ - TPM_DEBUG(" SWTPM_NVRAM_StoreData: Opening file %s\n", tmpfile); -- file = fopen(tmpfile, "wb"); /* closed @1 */ -- if (file == NULL) { -+ fd = open(tmpfile, O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW, -+ tpmstate_get_mode()); /* closed @1 */ -+ if (fd < 0) { - logprintf(STDERR_FILENO, - "SWTPM_NVRAM_StoreData: Error (fatal) opening %s for " - "write failed, %s\n", tmpfile, strerror(errno)); -@@ -508,15 +492,6 @@ SWTPM_NVRAM_StoreData_Intern(const unsigned char *data, - } - } - -- if (rc == 0) { -- if (fchmod(fileno(file), tpmstate_get_mode()) < 0) { -- logprintf(STDERR_FILENO, -- "SWTPM_NVRAM_StoreData: Could not fchmod %s : %s\n", -- tmpfile, strerror(errno)); -- rc = TPM_FAIL; -- } -- } -- - if (rc == 0) { - if (encrypt && SWTPM_NVRAM_Has_FileKey()) { - td_len = 3; -@@ -549,7 +524,7 @@ SWTPM_NVRAM_StoreData_Intern(const unsigned char *data, - /* write the data to the file */ - if (rc == 0) { - TPM_DEBUG(" SWTPM_NVRAM_StoreData: Writing %u bytes of data\n", length); -- lrc = fwrite(filedata, 1, filedata_length, file); -+ lrc = write_full(fd, filedata, filedata_length); - if (lrc != filedata_length) { - logprintf(STDERR_FILENO, - "TPM_NVRAM_StoreData: Error (fatal), data write " -@@ -557,9 +532,9 @@ SWTPM_NVRAM_StoreData_Intern(const unsigned char *data, - rc = TPM_FAIL; - } - } -- if (file != NULL) { -+ if (fd >= 0) { - TPM_DEBUG(" SWTPM_NVRAM_StoreData: Closing file %s\n", tmpfile); -- irc = fclose(file); /* @1 */ -+ irc = close(fd); /* @1 */ - if (irc != 0) { - logprintf(STDERR_FILENO, - "SWTPM_NVRAM_StoreData: Error (fatal) closing file\n"); -@@ -570,7 +545,7 @@ SWTPM_NVRAM_StoreData_Intern(const unsigned char *data, - } - } - -- if (rc == 0 && file != NULL) { -+ if (rc == 0 && fd >= 0) { - irc = rename(tmpfile, filename); - if (irc != 0) { - logprintf(STDERR_FILENO, -@@ -582,7 +557,7 @@ SWTPM_NVRAM_StoreData_Intern(const unsigned char *data, - } - } - -- if (rc != 0 && file != NULL) { -+ if (rc != 0 && fd >= 0) { - unlink(tmpfile); - } - --- -2.27.0 - diff --git a/0007-disable-test_tpm2_samples_swtpm_localca_pkcs11.patch b/0007-disable-test_tpm2_samples_swtpm_localca_pkcs11.patch deleted file mode 100644 index e511ee3..0000000 --- a/0007-disable-test_tpm2_samples_swtpm_localca_pkcs11.patch +++ /dev/null @@ -1,25 +0,0 @@ -From f14eaaf8d88f148ac9a848609023f9f36825d3f0 Mon Sep 17 00:00:00 2001 -From: chenhuiying -Date: Wed, 23 Nov 2022 19:19:37 +0800 -Subject: [PATCH] disable test_tpm2_samples_swtpm_localca_pkcs11 - -Signed-off-by: yezengruan ---- - tests/Makefile.am | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/tests/Makefile.am b/tests/Makefile.am -index 8a4a9c2..c88acb4 100644 ---- a/tests/Makefile.am -+++ b/tests/Makefile.am -@@ -79,7 +79,6 @@ TESTS += \ - test_swtpm_cert \ - test_tpm2_parameters \ - test_tpm2_samples_swtpm_localca \ -- test_tpm2_samples_swtpm_localca_pkcs11 \ - test_tpm2_swtpm_cert \ - test_tpm2_swtpm_cert_ecc \ - test_tpm2_swtpm_setup_create_cert --- -2.27.0 - diff --git a/swtpm-0.8.0.tar.gz b/swtpm-0.8.0.tar.gz new file mode 100644 index 0000000..ee5865e Binary files /dev/null and b/swtpm-0.8.0.tar.gz differ diff --git a/swtpm-091be80.tar.gz b/swtpm-091be80.tar.gz deleted file mode 100644 index bbb2bfa..0000000 Binary files a/swtpm-091be80.tar.gz and /dev/null differ diff --git a/swtpm.spec b/swtpm.spec index 4bd4caf..1758173 100644 --- a/swtpm.spec +++ b/swtpm.spec @@ -1,9 +1,5 @@ %bcond_without gnutls -%global gitdate 20200710 -%global gitcommit 091be8054b5863ff86c5efcb072dcdd45e3696d1 -%global gitshortcommit %(c=%{gitcommit}; echo ${c:0:7}) - # Macros needed by SELinux %global selinuxtype targeted %global moduletype contrib @@ -11,34 +7,25 @@ Summary: TPM Emulator Name: swtpm -Version: 0.3.3 -Release: 7 +Version: 0.8.0 +Release: 1 License: BSD -Url: http://github.com/stefanberger/swtpm -Source0: %{url}/archive/%{gitcommit}/%{name}-%{gitshortcommit}.tar.gz -Patch00: 0000-rename-deprecated-libtasn1-types-to-fix-build-error.patch -Patch01: 0001-swtpm-Check-header-size-indicator-against-expected-s.patch -Patch02: 0002-swtpm-Write-state-files-atomically-using-file-renami.patch -Patch03: 0003-swtpm_cert-Switch-to-open-from-fopen-for-writing-cer.patch -Patch04: 0004-swtpm-Do-not-follow-symlinks-when-opening-lockfile-C.patch -Patch05: 0005-swtpm-Switch-to-open-from-fopen-for-the-pidfile-CVE-.patch -Patch06: 0006-swtpm-Use-open-not-fopen-when-accessing-statefile-CV.patch -Patch07: 0007-disable-test_tpm2_samples_swtpm_localca_pkcs11.patch +Url: https://github.com/stefanberger/swtpm +Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz +Patch00: 0000-disable-test_tpm2_swtpm_localca_pkcs11.test.patch BuildRequires: automake BuildRequires: autoconf BuildRequires: libtool BuildRequires: libtpms-devel >= 0.6.0 BuildRequires: glib2-devel -BuildRequires: gmp-devel +BuildRequires: json-glib-devel BuildRequires: expect BuildRequires: net-tools BuildRequires: openssl-devel BuildRequires: socat -BuildRequires: python3 BuildRequires: softhsm BuildRequires: trousers >= 0.3.9 -BuildRequires: tpm-tools >= 1.3.8-6 %if %{with gnutls} BuildRequires: gnutls >= 3.1.0 BuildRequires: gnutls-devel @@ -49,6 +36,7 @@ BuildRequires: libtasn1 BuildRequires: selinux-policy-devel BuildRequires: gcc BuildRequires: libseccomp-devel +BuildRequires: tpm2-tools Requires: %{name}-libs = %{version}-%{release} Requires: libtpms >= 0.6.0 @@ -76,13 +64,13 @@ Include files for the TPM emulator's CUSE interface. Summary: Tools for the TPM emulator License: BSD Requires: swtpm = %{version}-%{release} -Requires: trousers >= 0.3.9 tpm-tools >= 1.3.8-6 expect bash net-tools gnutls-utils +Requires: trousers >= 0.3.9 bash gnutls-utils %description tools Tools for the TPM emulator from the swtpm package %prep -%autosetup -n %{name}-%{gitcommit} -p1 +%autosetup -n %{name}-%{version} -p1 %selinux_relabel_pre -s %{selinuxtype} %build @@ -153,25 +141,30 @@ fi %{_bindir}/swtpm_cert %endif %{_bindir}/swtpm_setup -%{_bindir}/swtpm_setup.sh %{_bindir}/swtpm_ioctl +%{_bindir}/swtpm_localca %{_mandir}/man8/swtpm_bios.8* %{_mandir}/man8/swtpm_cert.8* +%{_mandir}/man8/swtpm_cuse.8* %{_mandir}/man8/swtpm_ioctl.8* -%{_mandir}/man8/swtpm-localca.conf.8* -%{_mandir}/man8/swtpm-localca.options.8* +%{_mandir}/man5/swtpm-localca.conf.5* +%{_mandir}/man5/swtpm-localca.options.5* %{_mandir}/man8/swtpm-localca.8* +%{_mandir}/man8/swtpm_localca.8* %{_mandir}/man8/swtpm_setup.8* -%{_mandir}/man8/swtpm_setup.conf.8* -%{_mandir}/man8/swtpm_setup.sh.8* +%{_mandir}/man5/swtpm_setup.conf.5* %config(noreplace) %{_sysconfdir}/swtpm_setup.conf %config(noreplace) %{_sysconfdir}/swtpm-localca.options %config(noreplace) %{_sysconfdir}/swtpm-localca.conf %dir %{_datadir}/swtpm %{_datadir}/swtpm/swtpm-localca -%attr( 755, tss, tss) %{_localstatedir}/lib/swtpm-localca +%{_datadir}/swtpm/swtpm-create-user-config-files +%attr( 750, tss, root) %{_localstatedir}/lib/swtpm-localca %changelog +* Fri Feb 03 2023 yezengruan - 0.8.0-1 +- update to version 0.8.0 + * Wed Nov 23 2022 yezengruan - 0.3.3-7 - Update the source package to be consistent with the download link