diff --git a/backport-CVE-2023-22745.patch b/backport-CVE-2023-22745.patch deleted file mode 100644 index 60363ba..0000000 --- a/backport-CVE-2023-22745.patch +++ /dev/null @@ -1,139 +0,0 @@ -From 306490c8d848c367faa2d9df81f5e69dab46ffb5 Mon Sep 17 00:00:00 2001 -From: William Roberts -Date: Thu, 19 Jan 2023 11:53:06 -0600 -Subject: [PATCH] tss2_rc: ensure layer number is in bounds - -The layer handler array was defined as 255, the max number of uint8, -which is the size of the layer field, however valid values are 0-255 -allowing for 256 possibilities and thus the array was off by one and -needed to be sized to 256 entries. Update the size and add tests. - -Note: previous implementations incorrectly dropped bits on unknown error -output, ie TSS2_RC of 0xFFFFFF should yeild a string of 255:0xFFFFFF, -but earlier implementations returned 255:0xFFFF, dropping the middle -bits, this patch fixes that. - -Fixes: CVE-2023-22745 - -Signed-off-by: William Roberts ---- - src/tss2-rc/tss2_rc.c | 31 +++++++++++++++++++++---------- - test/unit/test_tss2_rc.c | 21 ++++++++++++++++++++- - 2 files changed, 41 insertions(+), 11 deletions(-) - -diff --git a/src/tss2-rc/tss2_rc.c b/src/tss2-rc/tss2_rc.c -index 15ced56..4e14659 100644 ---- a/src/tss2-rc/tss2_rc.c -+++ b/src/tss2-rc/tss2_rc.c -@@ -1,5 +1,8 @@ - /* SPDX-License-Identifier: BSD-2-Clause */ -- -+#ifdef HAVE_CONFIG_H -+#include "config.h" -+#endif -+#include - #include - #include - #include -@@ -834,7 +837,7 @@ tss_err_handler (TSS2_RC rc) - static struct { - char name[TSS2_ERR_LAYER_NAME_MAX]; - TSS2_RC_HANDLER handler; --} layer_handler[TPM2_ERROR_TSS2_RC_LAYER_COUNT] = { -+} layer_handler[TPM2_ERROR_TSS2_RC_LAYER_COUNT + 1] = { - ADD_HANDLER("tpm" , tpm2_ehandler), - ADD_NULL_HANDLER, /* layer 1 is unused */ - ADD_NULL_HANDLER, /* layer 2 is unused */ -@@ -869,7 +872,7 @@ unknown_layer_handler(TSS2_RC rc) - static __thread char buf[32]; - - clearbuf(buf); -- catbuf(buf, "0x%X", tpm2_error_get(rc)); -+ catbuf(buf, "0x%X", rc); - - return buf; - } -@@ -966,19 +969,27 @@ Tss2_RC_Decode(TSS2_RC rc) - catbuf(buf, "%u:", layer); - } - -- handler = !handler ? unknown_layer_handler : handler; -- - /* - * Handlers only need the error bits. This way they don't - * need to concern themselves with masking off the layer - * bits or anything else. - */ -- UINT16 err_bits = tpm2_error_get(rc); -- const char *e = err_bits ? handler(err_bits) : "success"; -- if (e) { -- catbuf(buf, "%s", e); -+ if (handler) { -+ UINT16 err_bits = tpm2_error_get(rc); -+ const char *e = err_bits ? handler(err_bits) : "success"; -+ if (e) { -+ catbuf(buf, "%s", e); -+ } else { -+ catbuf(buf, "0x%X", err_bits); -+ } - } else { -- catbuf(buf, "0x%X", err_bits); -+ /* -+ * we don't want to drop any bits if we don't know what to do with it -+ * so drop the layer byte since we we already have that. -+ */ -+ const char *e = unknown_layer_handler(rc >> 8); -+ assert(e); -+ catbuf(buf, "%s", e); - } - - return buf; -diff --git a/test/unit/test_tss2_rc.c b/test/unit/test_tss2_rc.c -index f4249b7..6d8428b 100644 ---- a/test/unit/test_tss2_rc.c -+++ b/test/unit/test_tss2_rc.c -@@ -199,7 +199,7 @@ test_custom_handler(void **state) - * Test an unknown layer - */ - e = Tss2_RC_Decode(rc); -- assert_string_equal(e, "1:0x2A"); -+ assert_string_equal(e, "1:0x100"); - } - - static void -@@ -282,6 +282,23 @@ test_tcti(void **state) - assert_string_equal(e, "tcti:Fails to connect to next lower layer"); - } - -+static void -+test_all_FFs(void **state) -+{ -+ (void) state; -+ -+ const char *e = Tss2_RC_Decode(0xFFFFFFFF); -+ assert_string_equal(e, "255:0xFFFFFF"); -+} -+ -+static void -+test_all_FFs_set_handler(void **state) -+{ -+ (void) state; -+ Tss2_RC_SetHandler(0xFF, "garbage", custom_err_handler); -+ Tss2_RC_SetHandler(0xFF, NULL, NULL); -+} -+ - /* link required symbol, but tpm2_tool.c declares it AND main, which - * we have a main below for cmocka tests. - */ -@@ -313,6 +330,8 @@ main(int argc, char* argv[]) - cmocka_unit_test(test_esys), - cmocka_unit_test(test_mu), - cmocka_unit_test(test_tcti), -+ cmocka_unit_test(test_all_FFs), -+ cmocka_unit_test(test_all_FFs_set_handler) - }; - - return cmocka_run_group_tests(tests, NULL, NULL); --- -2.27.0 - diff --git a/tpm2-tss-3.2.1.tar.gz b/tpm2-tss-3.2.1.tar.gz deleted file mode 100644 index 8922371..0000000 Binary files a/tpm2-tss-3.2.1.tar.gz and /dev/null differ diff --git a/tpm2-tss-3.2.2.tar.gz b/tpm2-tss-3.2.2.tar.gz new file mode 100644 index 0000000..9f9f2d3 Binary files /dev/null and b/tpm2-tss-3.2.2.tar.gz differ diff --git a/tpm2-tss.spec b/tpm2-tss.spec index bcc007a..ec71505 100644 --- a/tpm2-tss.spec +++ b/tpm2-tss.spec @@ -1,15 +1,13 @@ Name: tpm2-tss -Version: 3.2.1 -Release: 2 +Version: 3.2.2 +Release: 1 Summary: TPM2.0 Software Stack License: BSD URL: https://github.com/tpm2-software/tpm2-tss Source0: https://github.com/tpm2-software/tpm2-tss/releases/download/%{version}/%{name}-%{version}.tar.gz -Patch1: backport-CVE-2023-22745.patch - BuildRequires: gcc-c++ autoconf-archive libtool pkgconfig systemd libgcrypt-devel openssl-devel doxygen json-c-devel libcurl-devel -BuildRequires: curl >= 7.80.0 +BuildRequires: curl >= 7.80.0 libcmocka-devel iproute uthash-devel swtpm %description tpm2-tss is a software stack supporting Trusted Platform Module(TPM) 2.0 system @@ -31,7 +29,8 @@ Obsoletes: %{name}-static %build %configure --disable-static --disable-silent-rules --with-udevrulesdir=%{_udevrulesdir} --with-udevrulesprefix=80- \ - --with-runstatedir=%{_rundir} --with-tmpfilesdir=%{_tmpfilesdir} --with-sysusersdir=%{_sysusersdir} + --with-runstatedir=%{_rundir} --with-tmpfilesdir=%{_tmpfilesdir} --with-sysusersdir=%{_sysusersdir} \ + --enable-unit --enable-integration %make_build @@ -72,6 +71,18 @@ make check %{_mandir}/man*/* %changelog +* Tue Jul 18 2023 jinlun - 3.2.2-1 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:update version to 3.2.2 + +* Tue Mar 21 2023 jinlun - 3.2.1-3 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:add check code in tpm2-tss + * Tue Jan 31 2023 huangzq6 - 3.2.1-2 - Type:CVE - ID:NA