Accepting request 900548 from home:aplanas:branches:security

- Add 0001-tpm2_checkquote-fix-uninitialized-variable.patch for a better fix of boo#1187316 - Re-enable lto OBS-URL: https://build.opensuse.org/request/show/900548 OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=76
2021-06-17 09:37:22 +00:00 · 2021-06-17 09:37:22 +00:00 · ce6c7778e0
commit ce6c7778e0
parent 6478528698
3 changed files with 46 additions and 1 deletions
--- a/0001-tpm2_checkquote-fix-uninitialized-variable.patch
+++ b/0001-tpm2_checkquote-fix-uninitialized-variable.patch
@ -0,0 +1,37 @@
+From 3d7edb1c70cba6c34c71c9b856c07b8adcebb15c Mon Sep 17 00:00:00 2001
+From: Alberto Planas <aplanas@suse.com>
+Date: Thu, 17 Jun 2021 11:07:25 +0200
+Subject: [PATCH] tpm2_checkquote: fix uninitialized variable
+
+The variable `temp_pcrs` is uninitialized, and later partially
+uninitialized when reading the selection data from file.
+
+When activating lto optimizations, this bug presents itself showing an
+error during the read of the quote:
+
+ERROR: Malformed PCR file, pcr count cannot be greater than 32, got: ...
+
+Fixes: #2767
+
+Co-authored-by: Martin Liska <marxin.liska@gmail.com>
+Signed-off-by: Alberto Planas <aplanas@suse.com>
+---
+ tools/misc/tpm2_checkquote.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tools/misc/tpm2_checkquote.c b/tools/misc/tpm2_checkquote.c
+index 53150857..8d780f11 100644
+--- a/tools/misc/tpm2_checkquote.c
+++ b/tools/misc/tpm2_checkquote.c
+@@ -376,7 +376,7 @@ static tool_rc init(void) {
+     TPM2B_ATTEST *msg = NULL;
+     TPML_PCR_SELECTION pcr_select;
+     tpm2_pcrs *pcrs;
+-    tpm2_pcrs temp_pcrs;
+    tpm2_pcrs temp_pcrs = {};
+     tool_rc return_value = tool_rc_general_error;
+ 
+     msg = message_from_file(ctx.msg_file_path);
+-- 
+2.32.0
+
--- a/tpm2.0-tools.changes
+++ b/tpm2.0-tools.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Thu Jun 17 09:26:42 UTC 2021 - Alberto Planas Dominguez <aplanas@suse.com>
+
+- Add 0001-tpm2_checkquote-fix-uninitialized-variable.patch for a better
+  fix of boo#1187316
+- Re-enable lto
+
 -------------------------------------------------------------------
 Tue Jun 15 09:36:37 UTC 2021 - Alberto Planas Dominguez <aplanas@suse.com>

--- a/tpm2.0-tools.spec
+++ b/tpm2.0-tools.spec
@ -16,7 +16,6 @@
 #


-%define _lto_cflags %{nil}
 Name:           tpm2.0-tools
 Version:        5.1
 Release:        0
@ -27,6 +26,7 @@ URL:            https://github.com/tpm2-software/tpm2-tools/releases
 Source0:        https://github.com/tpm2-software/tpm2-tools/releases/download/%{version}/tpm2-tools-%{version}.tar.gz
 Patch0:         fix_bogus_warning.patch
 Patch1:         0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch
+Patch2:         0001-tpm2_checkquote-fix-uninitialized-variable.patch
 BuildRequires:  autoconf-archive
 BuildRequires:  automake
 BuildRequires:  gcc-c++
@ -69,6 +69,7 @@ associated interfaces.
 %setup -q -n tpm2-tools-%{version}
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1

 %build
 # TODO: remove autoreconf once fix_pie_linking patch is no longer needed