From 205b4c4027fdc3cda5482b607b9d082b5ef259b0b184866e3312794f1672ab27 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Sat, 4 May 2024 01:27:00 +0200 Subject: [PATCH] Sync from SUSE:SLFO:Main tpm-tools revision 1601c6c0dc020e9bcad73c4f78e2172b --- .gitattributes | 23 +++ ...d-outputting-NULL-bytes-from-tpmVend.patch | 51 ++++++ ...d-outputting-undefined-data-on-stder.patch | 35 +++++ tpm-tools-1.3.9.2.tar.gz | 3 + tpm-tools.changes | 148 ++++++++++++++++++ tpm-tools.spec | 142 +++++++++++++++++ 6 files changed, 402 insertions(+) create mode 100644 .gitattributes create mode 100644 0001-tpm_version-avoid-outputting-NULL-bytes-from-tpmVend.patch create mode 100644 0001-tpm_version-avoid-outputting-undefined-data-on-stder.patch create mode 100644 tpm-tools-1.3.9.2.tar.gz create mode 100644 tpm-tools.changes create mode 100644 tpm-tools.spec diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/0001-tpm_version-avoid-outputting-NULL-bytes-from-tpmVend.patch b/0001-tpm_version-avoid-outputting-NULL-bytes-from-tpmVend.patch new file mode 100644 index 0000000..5bc9d05 --- /dev/null +++ b/0001-tpm_version-avoid-outputting-NULL-bytes-from-tpmVend.patch @@ -0,0 +1,51 @@ +From c927f67f36a4719bd15b8a535efb6980f1e87a6b Mon Sep 17 00:00:00 2001 +From: Matthias Gerstner +Date: Fri, 30 Nov 2018 12:48:37 +0100 +Subject: [PATCH] tpm_version: avoid outputting NULL bytes from tpmVendorID + +When the vendor ID contains null bytes then '^@' characters appear in +the tpm_version output. This can confuse users and it also causes e.g. +'grep' to treat the input as binary. Example: + + TPM Vendor ID: WEC\000 + +This change copies the vendor ID bytes over into a local string object. +This makes the code more independent of the vendor ID dimension and also +avoids NULL bytes being printed. +--- + src/tpm_mgmt/tpm_version.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +Index: tpm-tools-1.3.9.1/src/tpm_mgmt/tpm_version.c +=================================================================== +--- tpm-tools-1.3.9.1.orig/src/tpm_mgmt/tpm_version.c ++++ tpm-tools-1.3.9.1/src/tpm_mgmt/tpm_version.c +@@ -133,6 +133,7 @@ int cmdVersion(const char *a_szCmd) + UINT64 offset; + TSS_RESULT uiResult; + TPM_CAP_VERSION_INFO versionInfo; ++ char vendor_id[sizeof(versionInfo.tpmVendorID)+1]; + char *errbuf = NULL; // Buffer containing what was sent to stderr during getCapability. + + /* Disable logging to of "Bad Mode" during this call. +@@ -169,15 +170,17 @@ int cmdVersion(const char *a_szCmd) + goto out_close; + } + ++ // copy over the individual characters into a regular string. ++ // This avoids that null bytes are written to stdout. ++ snprintf ( vendor_id, sizeof(vendor_id), "%s", (const char*)versionInfo.tpmVendorID ); ++ + logMsg(_(" TPM 1.2 Version Info:\n")); + logMsg(_(" Chip Version: %hhu.%hhu.%hhu.%hhu\n"), + versionInfo.version.major, versionInfo.version.minor, + versionInfo.version.revMajor, versionInfo.version.revMinor); + logMsg(_(" Spec Level: %hu\n"), versionInfo.specLevel); + logMsg(_(" Errata Revision: %hhu\n"), versionInfo.errataRev); +- logMsg(_(" TPM Vendor ID: %c%c%c%c\n"), +- versionInfo.tpmVendorID[0], versionInfo.tpmVendorID[1], +- versionInfo.tpmVendorID[2], versionInfo.tpmVendorID[3]); ++ logMsg(_(" TPM Vendor ID: %s\n"), vendor_id); + + if (versionInfo.vendorSpecificSize) { + logMsg(_(" Vendor Specific data: ")); diff --git a/0001-tpm_version-avoid-outputting-undefined-data-on-stder.patch b/0001-tpm_version-avoid-outputting-undefined-data-on-stder.patch new file mode 100644 index 0000000..96de900 --- /dev/null +++ b/0001-tpm_version-avoid-outputting-undefined-data-on-stder.patch @@ -0,0 +1,35 @@ +From f0f30ff3e3b08751ebb8524303d80b6e94882134 Mon Sep 17 00:00:00 2001 +From: Matthias Gerstner +Date: Fri, 30 Nov 2018 13:17:01 +0100 +Subject: [PATCH] tpm_version: avoid outputting undefined data on stderr + +If there was no data written to the temporary file then memsize == 1, no +data will be read from the file into the buffer and the buffer will not +be null terminated. This can cause random data to be output later on to +the original stderr like: + +'#precedence ::ffff:0:0/' + +or + +'xl?8?' + +Fix this by making sure the buffer is always zero terminated. +--- + src/tpm_mgmt/tpm_version.c | 3 +++ + 1 file changed, 3 insertions(+) + +Index: tpm-tools-1.3.9.1/src/tpm_mgmt/tpm_version.c +=================================================================== +--- tpm-tools-1.3.9.1.orig/src/tpm_mgmt/tpm_version.c ++++ tpm-tools-1.3.9.1/src/tpm_mgmt/tpm_version.c +@@ -99,6 +99,9 @@ char* end_capture_stderr(int olderr) + perror("read()"); + } + ++ // make sure the buffer is null terminated. ++ buf[st.st_size] = '\0'; ++ + // Restore stderr. + errout: + if (0 > dup2(olderr, STDERR_FILENO)) { diff --git a/tpm-tools-1.3.9.2.tar.gz b/tpm-tools-1.3.9.2.tar.gz new file mode 100644 index 0000000..8a5f753 --- /dev/null +++ b/tpm-tools-1.3.9.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8af837949a2ec30b195389ac8a2b31bc49fe315050751b7d4d0d432bf7812a97 +size 431930 diff --git a/tpm-tools.changes b/tpm-tools.changes new file mode 100644 index 0000000..9ed3131 --- /dev/null +++ b/tpm-tools.changes @@ -0,0 +1,148 @@ +------------------------------------------------------------------- +Tue Apr 12 14:08:44 UTC 2022 - Marcus Meissner + +- changed source url to https + +------------------------------------------------------------------- +Tue Oct 5 12:10:20 UTC 2021 - Matthias Gerstner + +- fix undefined and binary data being output in the tpm_version command + (bsc#1114793) + - add 0001-tpm_version-avoid-outputting-NULL-bytes-from-tpmVend.patch + - add 0001-tpm_version-avoid-outputting-undefined-data-on-stder.patch + +------------------------------------------------------------------- +Wed Mar 3 11:29:22 UTC 2021 - Matthias Gerstner + +- upgrade to minor version 1.3.9.2: + - upstream now provide openssl 1.1 compatibility on their own +- dropped 0001-Fix-build-against-OpenSSL-1.1.0.patch since the tarbal is now + compatible. + +------------------------------------------------------------------- +Thu Nov 9 17:14:32 UTC 2017 - matthias.gerstner@suse.com + +- 0001-Fix-build-against-OpenSSL-1.1.0.patch: fix openssl 1.1.0 build in the + P11 code. Upstream has not reacted to a pull request to fix this for some + months now. This is my own patch (that doesn't violate C89 declaration rules + and is backward compatible to openssl. 1.0.x)). + + For comparison see: https://sourceforge.net/p/trousers/tpm-tools/merge-requests/2/ + +------------------------------------------------------------------- +Wed Mar 1 10:56:33 UTC 2017 - meissner@suse.com + +- updated to 1.3.9.1 (FATE#321450) + - bugfixes after openssl 1.1 porting + +------------------------------------------------------------------- +Sun Jan 1 05:21:10 UTC 2017 - mailaender@opensuse.org + +- Update to version 1.3.9 + +------------------------------------------------------------------- +Fri Jun 19 16:03:22 UTC 2015 - crrodriguez@opensuse.org + +- Do not use -Werror. + +------------------------------------------------------------------- +Thu Apr 2 12:31:34 UTC 2015 - mpluskal@suse.com + +- Cleanup spec file with spec-cleaner +- Remove tpm-tools-rpmlintrc +- Use automake and autoconf as recomended by upstream +- Split library, devel adn pkcs11 package + +------------------------------------------------------------------- +Thu Oct 2 21:52:42 UTC 2014 - crrodriguez@opensuse.org + +- Remove a number of unused build requires, probably copy/paste + error, never used. + +------------------------------------------------------------------- +Tue Jun 12 14:29:53 UTC 2012 - meissner@suse.com + +- Updated to 1.3.8 + - bugfixes + - pcr/nvram sealing options + +------------------------------------------------------------------- +Wed Mar 14 13:34:35 UTC 2012 - meissner@suse.com + +- Updated to 1.3.7.1 + - smaller bugfixes from last release + +------------------------------------------------------------------- +Mon Feb 13 10:57:07 UTC 2012 - coolo@suse.com + +- patch license to follow spdx.org standard + +------------------------------------------------------------------- +Thu Sep 8 16:53:21 CEST 2011 - meissner@suse.de + +- Updated to 1.3.7 + - NVRAM support, new binaries: tpm_nvdefine tpm_nvinfo tpm_nvrelease + tpm_nvread tpm_nvwrite + +------------------------------------------------------------------- +Tue Aug 30 14:50:07 UTC 2011 - pgajdos@suse.com + +- build with --no-copy-dt-needed-entries + +------------------------------------------------------------------- +Mon Jun 20 15:54:46 CEST 2011 - meissner@suse.de + +- Update to 1.3.6 + - some unsealing fixes, do not unseal much + +------------------------------------------------------------------- +Fri May 27 11:17:43 UTC 2011 - idonmez@novell.com + +- Disable gcc's new unused-but-set-variable warnings, these are just + noise as BIO_*(...) functions returns a value and needs to + be handled + +------------------------------------------------------------------- +Mon Sep 27 07:54:30 CEST 2010 - meissner@suse.de + +- add opencryptoki support (bnc#641919) + +------------------------------------------------------------------- +Thu Mar 18 11:50:00 CET 2010 - meissner@suse.de + +- updated to 1.3.5 upstream + - small bugfixes mostly, nothing new + +------------------------------------------------------------------- +Thu Aug 27 15:28:58 CEST 2009 - meissner@suse.de + +- updated to 1.3.2 upstream. + +------------------------------------------------------------------- +Wed Apr 16 11:57:34 CEST 2008 - meissner@suse.de + +- disable static +- make check added, even if it does nothing currently. + +------------------------------------------------------------------- +Tue Apr 15 16:12:55 CEST 2008 - meissner@suse.de + +- do not build static library for now. + +------------------------------------------------------------------- +Fri Mar 28 12:01:10 CET 2008 - meissner@suse.de + +- Imported from buildservice +- ingore rpmlint shared library errors, shared lib + is only used in here. + +------------------------------------------------------------------- +Mon Aug 13 17:52:08 CEST 2007 - skh@suse.de + +- initial build service import with version 1.2.5.1 + +------------------------------------------------------------------- +Thu Nov 10 14:15 CET 2005 - draht@suse.de + +- initial package, version 1.1.0 + diff --git a/tpm-tools.spec b/tpm-tools.spec new file mode 100644 index 0000000..54f0361 --- /dev/null +++ b/tpm-tools.spec @@ -0,0 +1,142 @@ +# +# spec file for package tpm-tools +# +# Copyright (c) 2022 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define lib_name libtpm_unseal1 +Name: tpm-tools +Version: 1.3.9.2 +Release: 0 +Summary: Trusted Platform Module (TPM) administration tools +License: IPL-1.0 +Group: Productivity/Security +URL: http://trousers.sourceforge.net/ +Source0: https://downloads.sourceforge.net/project/trousers/tpm-tools/%{version}/tpm-tools-%{version}.tar.gz +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: libtool +BuildRequires: openCryptoki-devel +BuildRequires: openssl-devel +BuildRequires: trousers-devel +BuildRoot: %{_tmppath}/%{name}-%{version}-build +# I reported this to the tpm-tools/trousers mailing list on 2018-12-03 but the +# patches never made it into the upstream repo for some reason +Patch0: 0001-tpm_version-avoid-outputting-NULL-bytes-from-tpmVend.patch +Patch1: 0001-tpm_version-avoid-outputting-undefined-data-on-stder.patch + +%description +Trusted Computing is a set of specifications published by the Trusted +Computing Group (TCG). The Trusted Platform Module (TPM) is the +hardware component for Trusted Computing. The tpm-tools package +provides tools for enablement and configuration of the TPM and +associated interfaces. Also look inside the trousers package for more +software for TC. + +%package pkcs11 +Summary: Management tools using PKCS#11 for the TPM hardware +Group: Applications/System + +%description pkcs11 +Trusted Computing is a set of specifications published by the Trusted +Computing Group (TCG). The Trusted Platform Module (TPM) is the +hardware component for Trusted Computing. The tpm-tools package +provides tools for enablement and configuration of the TPM and +associated interfaces. Also look inside the trousers package for more +software for TC. + +This package contains group of tools that use the TPM PKCS#11 token. All data +contained in the PKCS#11 data store is protected by the TPM (keys, +certificates, etc.). You can import keys and certificates, list out the +objects in the data store, and protect data. + +%package -n %{lib_name} +Summary: Management tools for the TPM hardware (library) +Group: System/Libraries + +%description -n %{lib_name} +Trusted Computing is a set of specifications published by the Trusted +Computing Group (TCG). The Trusted Platform Module (TPM) is the +hardware component for Trusted Computing. The tpm-tools package +provides tools for enablement and configuration of the TPM and +associated interfaces. Also look inside the trousers package for more +software for TC. + +This package contains shared libraries + +%package devel +Summary: Files to use the library routines supplied with tpm-tools +Group: Development/Libraries +Requires: %{lib_name} = %{version} + +%description devel +Trusted Computing is a set of specifications published by the Trusted +Computing Group (TCG). The Trusted Platform Module (TPM) is the +hardware component for Trusted Computing. The tpm-tools package +provides tools for enablement and configuration of the TPM and +associated interfaces. Also look inside the trousers package for more +software for TC. + +This package contains the libraries and headers necessary for developing +tpm-tools applications. + +%prep +%autosetup -p1 -n %{name}-%{version} + +%build +sh bootstrap.sh +# Disable unused-but-set warnings with gcc >= 4.6 +%configure \ + --disable-static +make %{?_smp_mflags} + +%check +make %{?_smp_mflags} check + +%post -n %{lib_name} -p /sbin/ldconfig + +%postun -n %{lib_name} -p /sbin/ldconfig + +%install +make DESTDIR=%{buildroot} install %{?_smp_mflags} +find %{buildroot} -type f -name "*.la" -delete -print +cp include/*.h %{buildroot}%{_includedir}/tpm_tools + +%files +%defattr(-,root,root) +%doc README LICENSE +%{_mandir}/man1/tpm_* +%{_mandir}/man8/tpm_* +%{_sbindir}/tpm_* +%{_bindir}/tpm_* + +%files -n %{lib_name} +%defattr(-,root,root,-) +%doc LICENSE +%{_libdir}/*.so.* + +%files pkcs11 +%defattr(-,root,root,-) +%doc LICENSE +%{_bindir}/tpmtoken_* +%{_mandir}/man1/tpmtoken_* + +%files devel +%defattr(-,root,root) +%{_libdir}/*.so +%{_includedir}/tpm_tools +%{_mandir}/man3/tpmUnseal* + +%changelog