Accepting request 900548 from home:aplanas:branches:security
- Add 0001-tpm2_checkquote-fix-uninitialized-variable.patch for a better fix of boo#1187316 - Re-enable lto OBS-URL: https://build.opensuse.org/request/show/900548 OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=76
This commit is contained in:
parent
6478528698
commit
ce6c7778e0
37
0001-tpm2_checkquote-fix-uninitialized-variable.patch
Normal file
37
0001-tpm2_checkquote-fix-uninitialized-variable.patch
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
From 3d7edb1c70cba6c34c71c9b856c07b8adcebb15c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Alberto Planas <aplanas@suse.com>
|
||||||
|
Date: Thu, 17 Jun 2021 11:07:25 +0200
|
||||||
|
Subject: [PATCH] tpm2_checkquote: fix uninitialized variable
|
||||||
|
|
||||||
|
The variable `temp_pcrs` is uninitialized, and later partially
|
||||||
|
uninitialized when reading the selection data from file.
|
||||||
|
|
||||||
|
When activating lto optimizations, this bug presents itself showing an
|
||||||
|
error during the read of the quote:
|
||||||
|
|
||||||
|
ERROR: Malformed PCR file, pcr count cannot be greater than 32, got: ...
|
||||||
|
|
||||||
|
Fixes: #2767
|
||||||
|
|
||||||
|
Co-authored-by: Martin Liska <marxin.liska@gmail.com>
|
||||||
|
Signed-off-by: Alberto Planas <aplanas@suse.com>
|
||||||
|
---
|
||||||
|
tools/misc/tpm2_checkquote.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/tools/misc/tpm2_checkquote.c b/tools/misc/tpm2_checkquote.c
|
||||||
|
index 53150857..8d780f11 100644
|
||||||
|
--- a/tools/misc/tpm2_checkquote.c
|
||||||
|
+++ b/tools/misc/tpm2_checkquote.c
|
||||||
|
@@ -376,7 +376,7 @@ static tool_rc init(void) {
|
||||||
|
TPM2B_ATTEST *msg = NULL;
|
||||||
|
TPML_PCR_SELECTION pcr_select;
|
||||||
|
tpm2_pcrs *pcrs;
|
||||||
|
- tpm2_pcrs temp_pcrs;
|
||||||
|
+ tpm2_pcrs temp_pcrs = {};
|
||||||
|
tool_rc return_value = tool_rc_general_error;
|
||||||
|
|
||||||
|
msg = message_from_file(ctx.msg_file_path);
|
||||||
|
--
|
||||||
|
2.32.0
|
||||||
|
|
@ -1,3 +1,10 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jun 17 09:26:42 UTC 2021 - Alberto Planas Dominguez <aplanas@suse.com>
|
||||||
|
|
||||||
|
- Add 0001-tpm2_checkquote-fix-uninitialized-variable.patch for a better
|
||||||
|
fix of boo#1187316
|
||||||
|
- Re-enable lto
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Jun 15 09:36:37 UTC 2021 - Alberto Planas Dominguez <aplanas@suse.com>
|
Tue Jun 15 09:36:37 UTC 2021 - Alberto Planas Dominguez <aplanas@suse.com>
|
||||||
|
|
||||||
|
@ -16,7 +16,6 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
|
|
||||||
%define _lto_cflags %{nil}
|
|
||||||
Name: tpm2.0-tools
|
Name: tpm2.0-tools
|
||||||
Version: 5.1
|
Version: 5.1
|
||||||
Release: 0
|
Release: 0
|
||||||
@ -27,6 +26,7 @@ URL: https://github.com/tpm2-software/tpm2-tools/releases
|
|||||||
Source0: https://github.com/tpm2-software/tpm2-tools/releases/download/%{version}/tpm2-tools-%{version}.tar.gz
|
Source0: https://github.com/tpm2-software/tpm2-tools/releases/download/%{version}/tpm2-tools-%{version}.tar.gz
|
||||||
Patch0: fix_bogus_warning.patch
|
Patch0: fix_bogus_warning.patch
|
||||||
Patch1: 0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch
|
Patch1: 0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch
|
||||||
|
Patch2: 0001-tpm2_checkquote-fix-uninitialized-variable.patch
|
||||||
BuildRequires: autoconf-archive
|
BuildRequires: autoconf-archive
|
||||||
BuildRequires: automake
|
BuildRequires: automake
|
||||||
BuildRequires: gcc-c++
|
BuildRequires: gcc-c++
|
||||||
@ -69,6 +69,7 @@ associated interfaces.
|
|||||||
%setup -q -n tpm2-tools-%{version}
|
%setup -q -n tpm2-tools-%{version}
|
||||||
%patch0 -p1
|
%patch0 -p1
|
||||||
%patch1 -p1
|
%patch1 -p1
|
||||||
|
%patch2 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
# TODO: remove autoreconf once fix_pie_linking patch is no longer needed
|
# TODO: remove autoreconf once fix_pie_linking patch is no longer needed
|
||||||
|
Loading…
Reference in New Issue
Block a user