Accepting request 1130291 from home:michals

- Update to version 164-2020-192.2 * Implement the RSA 5 primes optimization. * Check command size for int32 overflow. * Add support for OpenSSL 3.1.x * Do not accept a NULL signKey in TPM2_CertifyX509 * Add Nuvoton to gcc makefile - New project URL - move to github - Drop usptreamed ibmswtpm2-OpenSSL-3.1.patch - drop ibmswtpm2-fix-ppc32.patch (upstream) OBS-URL: https://build.opensuse.org/request/show/1130291 OBS-URL: https://build.opensuse.org/package/show/security/ibmswtpm2?expand=0&rev=30
2023-12-01 16:04:22 +00:00 · 2023-12-01 16:04:22 +00:00 · 39f0308cd8
commit 39f0308cd8
parent 5df3f8cbd7
7 changed files with 55 additions and 58 deletions
--- a/ibmswtpm2-164-2020-192.2.tar.gz
+++ b/ibmswtpm2-164-2020-192.2.tar.gz
--- a/ibmswtpm2-NVDynamic-Fix-use-of-uninitialized-value.patch
+++ b/ibmswtpm2-NVDynamic-Fix-use-of-uninitialized-value.patch
@ -1,7 +1,26 @@
-diff -ur ibmswtpm2-1637.orig/src/NVDynamic.c ibmswtpm2-1637/src/NVDynamic.c
--- ibmswtpm2-1637.orig/src/NVDynamic.c	2020-03-26 23:15:48.000000000 +0100
-+++ ibmswtpm2-1637/src/NVDynamic.c	2020-08-20 16:37:09.481920068 +0200
-@@ -122,7 +122,7 @@
+From 8c160d2c7a17eb842fae82de3638b834976f2aa2 Mon Sep 17 00:00:00 2001
+From: Michal Suchanek <msuchanek@suse.de>
+Date: Thu, 20 Aug 2020 16:42:54 +0200
+Subject: [PATCH] NVDynamic: Fix use of uninitialized value.
+
+There is a theoretical possibility that the cycle in NvNextByType does
+not run at all because NvNext fails immediately and never sets nvHandle.
+
+The cycle only runs and nvHandle is set on non-zero addr, and in that
+case addr remains non-zero when breaking out of the cycle.
+
+Use nvHandle only when addr is non-zero.
+
+Signed-off-by: Michal Suchanek <msuchanek@suse.de>
+---
+ src/NVDynamic.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/NVDynamic.c b/src/NVDynamic.c
+index 8ede9e4..535ea03 100644
+--- a/src/NVDynamic.c
+++ b/src/NVDynamic.c
+@@ -122,7 +122,7 @@ NvNextByType(
 	    if(HandleGetType(nvHandle) == type)
 		break;
 	}
@ -10,4 +29,6 @@ diff -ur ibmswtpm2-1637.orig/src/NVDynamic.c ibmswtpm2-1637/src/NVDynamic.c
 	*handle = nvHandle;
     return addr;
 }
-Only in ibmswtpm2-1637/src: NVDynamic.c~
+-- 
+2.42.0
+
--- a/ibmswtpm2-OpenSSL-3.1.patch
+++ b/ibmswtpm2-OpenSSL-3.1.patch
@ -1,37 +0,0 @@
-From 4793486850b588ca5fd5f17896f5cf6bd4bb747c Mon Sep 17 00:00:00 2001
-From: Otto Hollmann <otto.hollmann@suse.com>
-Date: Wed, 15 Mar 2023 09:51:57 +0100
-Subject: [PATCH] Add support for OpenSSL 3.1.x
-
---
- src/TpmToOsslMath.h | 10 +++++++---
- 1 file changed, 7 insertions(+), 3 deletions(-)
-
-diff --git a/src/TpmToOsslMath.h b/src/TpmToOsslMath.h
-index 13e5070..eedec34 100644
--- a/src/TpmToOsslMath.h
-+++ b/src/TpmToOsslMath.h
-@@ -72,16 +72,20 @@
- 
- #define SYMMETRIC_ALIGNMENT RADIX_BYTES
- 
-#if OPENSSL_VERSION_NUMBER > 0x300000ffL
-+/*
-+ * As of release 3.0.0, OPENSSL_VERSION_NUMBER is a combination of the
-+ * major (M), minor (NN) and patch (PP) version into a single integer 0xMNN00PP0L
-+ */
-+#if OPENSSL_VERSION_NUMBER > 0x30100ff0L
- // Check the bignum_st definition in crypto/bn/bn_lcl.h or crypto/bn/bn_local.h and either update
- // the version check or provide the new definition for this version.
-// Currently safe for all 3.0.n.a
-+// Currently safe for all 3.1.x
- #   error Untested OpenSSL version
- #elif OPENSSL_VERSION_NUMBER >= 0x10100000L
- // from crypto/bn/bn_lcl.h
- struct bignum_st {
-     BN_ULONG *d;
-    int top; 
-+    int top;
- 
-     int dmax;
-     int neg;
--- a/ibmswtpm2-TcpServerPosix-Fix-use-of-uninitialized-value.patch
+++ b/ibmswtpm2-TcpServerPosix-Fix-use-of-uninitialized-value.patch
@ -1,4 +1,4 @@
-From 03efa66788ca4828392664c4f6123ad4f190c865 Mon Sep 17 00:00:00 2001
+From 1f64c0bf768f05bfb1980fa354d99a29b26ce99a Mon Sep 17 00:00:00 2001
 From: Michal Suchanek <msuchanek@suse.de>
 Date: Mon, 17 Aug 2020 19:28:51 +0200
 Subject: [PATCH] TcpServerPosix: Fix use of uninitialized value.
@ -11,10 +11,10 @@ Signed-off-by: Michal Suchanek <msuchanek@suse.de>
 src/TcpServerPosix.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

-Index: ibmswtpm2-1682/src/TcpServerPosix.c
-===================================================================
--- ibmswtpm2-1682.orig/src/TcpServerPosix.c
-+++ ibmswtpm2-1682/src/TcpServerPosix.c
+diff --git a/src/TcpServerPosix.c b/src/TcpServerPosix.c
+index ca9e2fd..b776448 100644
+--- a/src/TcpServerPosix.c
+++ b/src/TcpServerPosix.c
@@ -264,7 +264,8 @@ PlatformServer(
 		      {
 			  uint32_t actHandle;
@ -25,3 +25,6 @@ Index: ibmswtpm2-1682/src/TcpServerPosix.c
 			  break;
 		      }
 		  default:
+-- 
+2.42.0
+
--- a/ibmswtpm2.changes
+++ b/ibmswtpm2.changes
@ -1,3 +1,15 @@
+-------------------------------------------------------------------
+Fri Dec  1 15:34:44 UTC 2023 - Michal Suchanek <msuchanek@suse.com>
+
+- Update to version 164-2020-192.2
+  * Implement the RSA 5 primes optimization.
+  * Check command size for int32 overflow.
+  * Add support for OpenSSL 3.1.x
+  * Do not accept a NULL signKey in TPM2_CertifyX509
+  * Add Nuvoton to gcc makefile
+- New project URL - move to github
+- Drop usptreamed ibmswtpm2-OpenSSL-3.1.patch
+
 -------------------------------------------------------------------
 Wed Mar 15 08:21:19 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>

@ -19,7 +31,7 @@ Sat Sep 24 08:23:47 UTC 2022 - Dirk Müller <dmueller@suse.com>
  * PlatformSvc: return error on control socket failure
  * main: set a return code if StartTcpServer fails
  * tpm: Add all updates to TPM specification 164.
- drop ibmswtpm2-fix-ppc32.patch (upstream) 
+- drop ibmswtpm2-fix-ppc32.patch (upstream)
 - makefile.patch: refresh

 -------------------------------------------------------------------
--- a/ibmswtpm2.spec
+++ b/ibmswtpm2.spec
@ -17,24 +17,23 @@


 %define suite ibmtss
+%define download_version 164-2020-192.2
 %ifarch    ppc ppc64 s390 s390x
 %define extra_ccflags -DBIG_ENDIAN_TPM=1
 %else
 %define extra_ccflags ""
 %endif
 Name:           ibmswtpm2
-Version:        1682
+Version:        %(echo %{download_version} | tr '-' '+')
 Release:        0
 Summary:        IBM's Software TPM 2.0
 License:        BSD-3-Clause
 Group:          Development/Tools/Other
-URL:            https://sourceforge.net/projects/ibmswtpm2
-Source:         https://sourceforge.net/projects/ibmswtpm2/files/ibmtpm%{version}.tar.gz
+URL:            https://github.com/kgoldman/ibmswtpm2
+Source:         https://github.com/kgoldman/ibmswtpm2/archive/rev%{download_version}.tar.gz#/%{name}-%{download_version}.tar.gz
 Patch0:         makefile.patch
 Patch1:         ibmswtpm2-TcpServerPosix-Fix-use-of-uninitialized-value.patch
 Patch2:         ibmswtpm2-NVDynamic-Fix-use-of-uninitialized-value.patch
-# PATCH-FIX-OPENSUSE: not yet merged https://github.com/kgoldman/ibmswtpm2/pull/9
-Patch3:         ibmswtpm2-OpenSSL-3.1.patch
 BuildRequires:  libopenssl-devel >= 1.0

 %description
@ -49,8 +48,7 @@ It is probably not of much use other than testing the IBM TSS
 implementation because of this specific interface.

 %prep
-%setup -q -c
-%autopatch -p 1
+%autosetup -p 1 -n %{name}-rev%{download_version}

 %build
 cd src
--- a/ibmtpm1682.tar.gz
+++ b/ibmtpm1682.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:3cb642f871a17b23d50b046e5f95f449c2287415fc1e7aeb4bdbb8920dbcb38f
-size 639100