Accepting request 1130292 from security

OBS-URL: https://build.opensuse.org/request/show/1130292
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ibmswtpm2?expand=0&rev=12

ibmswtpm2-NVDynamic-Fix-use-of-uninitialized-value.patch

@@ -1,7 +1,26 @@
-diff -ur ibmswtpm2-1637.orig/src/NVDynamic.c ibmswtpm2-1637/src/NVDynamic.c
---- ibmswtpm2-1637.orig/src/NVDynamic.c	2020-03-26 23:15:48.000000000 +0100
-+++ ibmswtpm2-1637/src/NVDynamic.c	2020-08-20 16:37:09.481920068 +0200
-@@ -122,7 +122,7 @@
+From 8c160d2c7a17eb842fae82de3638b834976f2aa2 Mon Sep 17 00:00:00 2001
+From: Michal Suchanek <msuchanek@suse.de>
+Date: Thu, 20 Aug 2020 16:42:54 +0200
+Subject: [PATCH] NVDynamic: Fix use of uninitialized value.
+
+There is a theoretical possibility that the cycle in NvNextByType does
+not run at all because NvNext fails immediately and never sets nvHandle.
+
+The cycle only runs and nvHandle is set on non-zero addr, and in that
+case addr remains non-zero when breaking out of the cycle.
+
+Use nvHandle only when addr is non-zero.
+
+Signed-off-by: Michal Suchanek <msuchanek@suse.de>
+---
+ src/NVDynamic.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/NVDynamic.c b/src/NVDynamic.c
+index 8ede9e4..535ea03 100644
+--- a/src/NVDynamic.c
++++ b/src/NVDynamic.c
+@@ -122,7 +122,7 @@ NvNextByType(
  	    if(HandleGetType(nvHandle) == type)
  		break;
  	}
@@ -10,4 +29,6 @@ diff -ur ibmswtpm2-1637.orig/src/NVDynamic.c ibmswtpm2-1637/src/NVDynamic.c
  	*handle = nvHandle;
      return addr;
  }
-Only in ibmswtpm2-1637/src: NVDynamic.c~
+-- 
+2.42.0
+

ibmswtpm2-OpenSSL-3.1.patch

@@ -1,37 +0,0 @@
-From 4793486850b588ca5fd5f17896f5cf6bd4bb747c Mon Sep 17 00:00:00 2001
-From: Otto Hollmann <otto.hollmann@suse.com>
-Date: Wed, 15 Mar 2023 09:51:57 +0100
-Subject: [PATCH] Add support for OpenSSL 3.1.x
-
----
- src/TpmToOsslMath.h | 10 +++++++---
- 1 file changed, 7 insertions(+), 3 deletions(-)
-
-diff --git a/src/TpmToOsslMath.h b/src/TpmToOsslMath.h
-index 13e5070..eedec34 100644
---- a/src/TpmToOsslMath.h
-+++ b/src/TpmToOsslMath.h
-@@ -72,16 +72,20 @@
- 
- #define SYMMETRIC_ALIGNMENT RADIX_BYTES
- 
--#if OPENSSL_VERSION_NUMBER > 0x300000ffL
-+/*
-+ * As of release 3.0.0, OPENSSL_VERSION_NUMBER is a combination of the
-+ * major (M), minor (NN) and patch (PP) version into a single integer 0xMNN00PP0L
-+ */
-+#if OPENSSL_VERSION_NUMBER > 0x30100ff0L
- // Check the bignum_st definition in crypto/bn/bn_lcl.h or crypto/bn/bn_local.h and either update
- // the version check or provide the new definition for this version.
--// Currently safe for all 3.0.n.a
-+// Currently safe for all 3.1.x
- #   error Untested OpenSSL version
- #elif OPENSSL_VERSION_NUMBER >= 0x10100000L
- // from crypto/bn/bn_lcl.h
- struct bignum_st {
-     BN_ULONG *d;
--    int top; 
-+    int top;
- 
-     int dmax;
-     int neg;

ibmswtpm2-TcpServerPosix-Fix-use-of-uninitialized-value.patch

@@ -1,4 +1,4 @@
-From 03efa66788ca4828392664c4f6123ad4f190c865 Mon Sep 17 00:00:00 2001
+From 1f64c0bf768f05bfb1980fa354d99a29b26ce99a Mon Sep 17 00:00:00 2001
 From: Michal Suchanek <msuchanek@suse.de>
 Date: Mon, 17 Aug 2020 19:28:51 +0200
 Subject: [PATCH] TcpServerPosix: Fix use of uninitialized value.
@@ -11,10 +11,10 @@ Signed-off-by: Michal Suchanek <msuchanek@suse.de>
  src/TcpServerPosix.c | 3 ++-
  1 file changed, 2 insertions(+), 1 deletion(-)
 
-Index: ibmswtpm2-1682/src/TcpServerPosix.c
-===================================================================
---- ibmswtpm2-1682.orig/src/TcpServerPosix.c
-+++ ibmswtpm2-1682/src/TcpServerPosix.c
+diff --git a/src/TcpServerPosix.c b/src/TcpServerPosix.c
+index ca9e2fd..b776448 100644
+--- a/src/TcpServerPosix.c
++++ b/src/TcpServerPosix.c
 @@ -264,7 +264,8 @@ PlatformServer(
  		      {
  			  uint32_t actHandle;
@@ -25,3 +25,6 @@ Index: ibmswtpm2-1682/src/TcpServerPosix.c
  			  break;
  		      }
  		  default:
+-- 
+2.42.0
+

ibmswtpm2.changes

@@ -1,3 +1,15 @@
+-------------------------------------------------------------------
+Fri Dec  1 15:34:44 UTC 2023 - Michal Suchanek <msuchanek@suse.com>
+
+- Update to version 164-2020-192.2
+  * Implement the RSA 5 primes optimization.
+  * Check command size for int32 overflow.
+  * Add support for OpenSSL 3.1.x
+  * Do not accept a NULL signKey in TPM2_CertifyX509
+  * Add Nuvoton to gcc makefile
+- New project URL - move to github
+- Drop usptreamed ibmswtpm2-OpenSSL-3.1.patch
+
 -------------------------------------------------------------------
 Wed Mar 15 08:21:19 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>
 

ibmswtpm2.spec

@@ -17,24 +17,23 @@
 
 
 %define suite ibmtss
+%define download_version 164-2020-192.2
 %ifarch    ppc ppc64 s390 s390x
 %define extra_ccflags -DBIG_ENDIAN_TPM=1
 %else
 %define extra_ccflags ""
 %endif
 Name:           ibmswtpm2
-Version:        1682
+Version:        %(echo %{download_version} | tr '-' '+')
 Release:        0
 Summary:        IBM's Software TPM 2.0
 License:        BSD-3-Clause
 Group:          Development/Tools/Other
-URL:            https://sourceforge.net/projects/ibmswtpm2
-Source:         https://sourceforge.net/projects/ibmswtpm2/files/ibmtpm%{version}.tar.gz
+URL:            https://github.com/kgoldman/ibmswtpm2
+Source:         https://github.com/kgoldman/ibmswtpm2/archive/rev%{download_version}.tar.gz#/%{name}-%{download_version}.tar.gz
 Patch0:         makefile.patch
 Patch1:         ibmswtpm2-TcpServerPosix-Fix-use-of-uninitialized-value.patch
 Patch2:         ibmswtpm2-NVDynamic-Fix-use-of-uninitialized-value.patch
-# PATCH-FIX-OPENSUSE: not yet merged https://github.com/kgoldman/ibmswtpm2/pull/9
-Patch3:         ibmswtpm2-OpenSSL-3.1.patch
 BuildRequires:  libopenssl-devel >= 1.0
 
 %description
@@ -49,8 +48,7 @@ It is probably not of much use other than testing the IBM TSS
 implementation because of this specific interface.
 
 %prep
-%setup -q -c
-%autopatch -p 1
+%autosetup -p 1 -n %{name}-rev%{download_version}
 
 %build
 cd src

ibmtpm1682.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:3cb642f871a17b23d50b046e5f95f449c2287415fc1e7aeb4bdbb8920dbcb38f
-size 639100