Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package swtpm for openSUSE:Factory checked 
in at 2022-02-24 18:18:18
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/swtpm (Old)
 and      /work/SRC/openSUSE:Factory/.swtpm.new.1958 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "swtpm"

Thu Feb 24 18:18:18 2022 rev:9 rq:957026 version:0.7.1

Changes:
--------
--- /work/SRC/openSUSE:Factory/swtpm/swtpm.changes      2021-11-12 
15:59:20.674567142 +0100
+++ /work/SRC/openSUSE:Factory/.swtpm.new.1958/swtpm.changes    2022-02-24 
18:18:20.458740252 +0100
@@ -1,0 +2,9 @@
+Mon Feb 21 12:04:56 UTC 2022 - Marcus Meissner <meiss...@suse.com>
+
+- Update to version 0.7.1:
+  - swtpm:
+    - Check header size indicator against expected size (CVE-2022-23645 
bsc#1196240)
+  - swtpm_localca:
+    - Test for available issuercert before creating CA
+
+-------------------------------------------------------------------

Old:
----
  swtpm-0.7.0.tar.gz

New:
----
  swtpm-0.7.1.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ swtpm.spec ++++++
--- /var/tmp/diff_new_pack.xi2WGB/_old  2022-02-24 18:18:20.978740114 +0100
+++ /var/tmp/diff_new_pack.xi2WGB/_new  2022-02-24 18:18:20.982740113 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package swtpm
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -24,7 +24,7 @@
 %define modulename2 swtpm_svirt
 %define modulename3 swtpmcuse
 Name:           swtpm
-Version:        0.7.0
+Version:        0.7.1
 Release:        0
 Summary:        Software TPM emulator
 License:        BSD-3-Clause

++++++ swtpm-0.7.0.tar.gz -> swtpm-0.7.1.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/swtpm-0.7.0/CHANGES new/swtpm-0.7.1/CHANGES
--- old/swtpm-0.7.0/CHANGES     2021-11-09 16:49:45.000000000 +0100
+++ new/swtpm-0.7.1/CHANGES     2022-02-18 14:32:34.000000000 +0100
@@ -1,5 +1,11 @@
 CHANGES - changes for swtpm
 
+version 0.7.1:
+  - swtpm:
+    - Check header size indicator against expected size (CVE-2022-23645)
+  - swtpm_localca:
+    - Test for available issuercert before creating CA
+
 version 0.7.0:
   - swtpm:
     - Support for linear file storage backend (file://)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/swtpm-0.7.0/configure.ac new/swtpm-0.7.1/configure.ac
--- old/swtpm-0.7.0/configure.ac        2021-11-09 16:49:45.000000000 +0100
+++ new/swtpm-0.7.1/configure.ac        2022-02-18 14:32:34.000000000 +0100
@@ -23,7 +23,7 @@
 #       This file is derived from tpm-tool's configure.in.
 #
 
-AC_INIT([swtpm],[0.7.0])
+AC_INIT([swtpm],[0.7.1])
 AC_PREREQ([2.69])
 AC_CONFIG_SRCDIR(Makefile.am)
 AC_CONFIG_HEADERS([config.h])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/swtpm-0.7.0/debian/changelog 
new/swtpm-0.7.1/debian/changelog
--- old/swtpm-0.7.0/debian/changelog    2021-11-09 16:49:45.000000000 +0100
+++ new/swtpm-0.7.1/debian/changelog    2022-02-18 14:32:34.000000000 +0100
@@ -1,3 +1,9 @@
+swtpm (0.7.1) RELEASED; urgency=medium
+
+  * Stable release
+
+ -- Stefan Berger <stef...@linux.ibm.com>  Fri, 18 Feb 2022 09:00:00 -0500
+
 swtpm (0.7.0) RELEASED; urgency=medium
 
   * Stable release
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/swtpm-0.7.0/src/swtpm/swtpm_nvstore.c 
new/swtpm-0.7.1/src/swtpm/swtpm_nvstore.c
--- old/swtpm-0.7.0/src/swtpm/swtpm_nvstore.c   2021-11-09 16:49:45.000000000 
+0100
+++ new/swtpm-0.7.1/src/swtpm/swtpm_nvstore.c   2022-02-18 14:32:34.000000000 
+0100
@@ -1075,6 +1075,7 @@
                         uint8_t *hdrversion, bool quiet)
 {
     blobheader *bh = (blobheader *)data;
+    uint16_t hdrsize;
 
     if (length < sizeof(bh)) {
         if (!quiet)
@@ -1100,8 +1101,16 @@
         return TPM_BAD_VERSION;
     }
 
+    hdrsize = ntohs(bh->hdrsize);
+    if (hdrsize != sizeof(blobheader)) {
+        logprintf(STDERR_FILENO,
+                  "bad header size: %u != %zu\n",
+                  hdrsize, sizeof(blobheader));
+        return TPM_BAD_DATASIZE;
+    }
+
     *hdrversion = bh->version;
-    *dataoffset = ntohs(bh->hdrsize);
+    *dataoffset = hdrsize;
     *hdrflags = ntohs(bh->flags);
 
     return TPM_SUCCESS;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/swtpm-0.7.0/src/swtpm_localca/swtpm_localca.c 
new/swtpm-0.7.1/src/swtpm_localca/swtpm_localca.c
--- old/swtpm-0.7.0/src/swtpm_localca/swtpm_localca.c   2021-11-09 
16:49:45.000000000 +0100
+++ new/swtpm-0.7.1/src/swtpm_localca/swtpm_localca.c   2022-02-18 
14:32:34.000000000 +0100
@@ -117,7 +117,7 @@
             goto error;
     }
 
-    if (access(signkey, R_OK) != 0) {
+    if (access(signkey, R_OK) != 0 || access(issuercert, R_OK) != 0) {
         g_autofree gchar *directory = g_path_get_dirname(signkey);
         g_autofree gchar *cakey = g_strjoin(G_DIR_SEPARATOR_S, directory, 
"swtpm-localca-rootca-privkey.pem", NULL);
         g_autofree gchar *cacert = g_strjoin(G_DIR_SEPARATOR_S, directory, 
"swtpm-localca-rootca-cert.pem", NULL);
@@ -808,13 +808,28 @@
         if (ret != 0)
             goto error;
     } else {
+        int create_certs = 0;
+
+        /* create certificate if either the signing key or issuer cert are 
missing */
         if (access(signkey, R_OK) != 0) {
             if (stat(signkey, &statbuf) == 0) {
                 logerr(gl_LOGFILE, "Need read rights on signing key %s for 
user %s.\n",
                        signkey, curr_user ? curr_user->pw_name : "<unknown>");
                 goto error;
             }
+            create_certs = 1;
+        }
+
+        if (access(issuercert, R_OK) != 0) {
+            if (stat(issuercert, &statbuf) == 0) {
+                logerr(gl_LOGFILE, "Need read rights on issuer certificate %s 
for user %s.\n",
+                       issuercert, curr_user ? curr_user->pw_name : 
"<unknown>");
+                goto error;
+            }
+            create_certs = 1;
+        }
 
+        if (create_certs) {
             logit(gl_LOGFILE, "Creating root CA and a local CA's signing key 
and issuer cert.\n");
             if (create_localca_cert(lockfile, statedir, signkey, 
signkey_password,
                                     issuercert) != 0) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/swtpm-0.7.0/swtpm.spec new/swtpm-0.7.1/swtpm.spec
--- old/swtpm-0.7.0/swtpm.spec  2021-11-09 16:49:45.000000000 +0100
+++ new/swtpm-0.7.1/swtpm.spec  2022-02-18 14:32:34.000000000 +0100
@@ -8,7 +8,7 @@
 
 Summary: TPM Emulator
 Name:           swtpm
-Version:        0.7.0
+Version:        0.7.1
 Release:        1%{?dist}
 License:        BSD
 Url:            https://github.com/stefanberger/swtpm
@@ -174,6 +174,9 @@
 %{_datadir}/swtpm/swtpm-create-tpmca
 
 %changelog
+* Fri Feb 18 2022 Stefan Berger <stef...@linux.ibm.com> - 
0.7.1-1.20220218git-------
+- v0.7.1 release
+
 * Tue Nov 09 2021 Stefan Berger <stef...@linux.ibm.com> - 
0.7.0-0.20211022git-------
 - v0.7.0 release
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/swtpm-0.7.0/swtpm.spec.in 
new/swtpm-0.7.1/swtpm.spec.in
--- old/swtpm-0.7.0/swtpm.spec.in       2021-11-09 16:49:45.000000000 +0100
+++ new/swtpm-0.7.1/swtpm.spec.in       2022-02-18 14:32:34.000000000 +0100
@@ -174,6 +174,9 @@
 %{_datadir}/swtpm/swtpm-create-tpmca
 
 %changelog
+* Fri Feb 18 2022 Stefan Berger <stef...@linux.ibm.com> - 
0.7.1-1.20220218git-------
+- v0.7.1 release
+
 * Tue Nov 09 2021 Stefan Berger <stef...@linux.ibm.com> - 
0.7.0-0.20211022git-------
 - v0.7.0 release
 

Reply via email to