Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package swtpm for openSUSE:Factory checked
in at 2022-02-24 18:18:18
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/swtpm (Old)
and /work/SRC/openSUSE:Factory/.swtpm.new.1958 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "swtpm"
Thu Feb 24 18:18:18 2022 rev:9 rq:957026 version:0.7.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/swtpm/swtpm.changes 2021-11-12
15:59:20.674567142 +0100
+++ /work/SRC/openSUSE:Factory/.swtpm.new.1958/swtpm.changes 2022-02-24
18:18:20.458740252 +0100
@@ -1,0 +2,9 @@
+Mon Feb 21 12:04:56 UTC 2022 - Marcus Meissner <meiss...@suse.com>
+
+- Update to version 0.7.1:
+ - swtpm:
+ - Check header size indicator against expected size (CVE-2022-23645
bsc#1196240)
+ - swtpm_localca:
+ - Test for available issuercert before creating CA
+
+-------------------------------------------------------------------
Old:
----
swtpm-0.7.0.tar.gz
New:
----
swtpm-0.7.1.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ swtpm.spec ++++++
--- /var/tmp/diff_new_pack.xi2WGB/_old 2022-02-24 18:18:20.978740114 +0100
+++ /var/tmp/diff_new_pack.xi2WGB/_new 2022-02-24 18:18:20.982740113 +0100
@@ -1,7 +1,7 @@
#
# spec file for package swtpm
#
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -24,7 +24,7 @@
%define modulename2 swtpm_svirt
%define modulename3 swtpmcuse
Name: swtpm
-Version: 0.7.0
+Version: 0.7.1
Release: 0
Summary: Software TPM emulator
License: BSD-3-Clause
++++++ swtpm-0.7.0.tar.gz -> swtpm-0.7.1.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/swtpm-0.7.0/CHANGES new/swtpm-0.7.1/CHANGES
--- old/swtpm-0.7.0/CHANGES 2021-11-09 16:49:45.000000000 +0100
+++ new/swtpm-0.7.1/CHANGES 2022-02-18 14:32:34.000000000 +0100
@@ -1,5 +1,11 @@
CHANGES - changes for swtpm
+version 0.7.1:
+ - swtpm:
+ - Check header size indicator against expected size (CVE-2022-23645)
+ - swtpm_localca:
+ - Test for available issuercert before creating CA
+
version 0.7.0:
- swtpm:
- Support for linear file storage backend (file://)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/swtpm-0.7.0/configure.ac new/swtpm-0.7.1/configure.ac
--- old/swtpm-0.7.0/configure.ac 2021-11-09 16:49:45.000000000 +0100
+++ new/swtpm-0.7.1/configure.ac 2022-02-18 14:32:34.000000000 +0100
@@ -23,7 +23,7 @@
# This file is derived from tpm-tool's configure.in.
#
-AC_INIT([swtpm],[0.7.0])
+AC_INIT([swtpm],[0.7.1])
AC_PREREQ([2.69])
AC_CONFIG_SRCDIR(Makefile.am)
AC_CONFIG_HEADERS([config.h])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/swtpm-0.7.0/debian/changelog
new/swtpm-0.7.1/debian/changelog
--- old/swtpm-0.7.0/debian/changelog 2021-11-09 16:49:45.000000000 +0100
+++ new/swtpm-0.7.1/debian/changelog 2022-02-18 14:32:34.000000000 +0100
@@ -1,3 +1,9 @@
+swtpm (0.7.1) RELEASED; urgency=medium
+
+ * Stable release
+
+ -- Stefan Berger <stef...@linux.ibm.com> Fri, 18 Feb 2022 09:00:00 -0500
+
swtpm (0.7.0) RELEASED; urgency=medium
* Stable release
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/swtpm-0.7.0/src/swtpm/swtpm_nvstore.c
new/swtpm-0.7.1/src/swtpm/swtpm_nvstore.c
--- old/swtpm-0.7.0/src/swtpm/swtpm_nvstore.c 2021-11-09 16:49:45.000000000
+0100
+++ new/swtpm-0.7.1/src/swtpm/swtpm_nvstore.c 2022-02-18 14:32:34.000000000
+0100
@@ -1075,6 +1075,7 @@
uint8_t *hdrversion, bool quiet)
{
blobheader *bh = (blobheader *)data;
+ uint16_t hdrsize;
if (length < sizeof(bh)) {
if (!quiet)
@@ -1100,8 +1101,16 @@
return TPM_BAD_VERSION;
}
+ hdrsize = ntohs(bh->hdrsize);
+ if (hdrsize != sizeof(blobheader)) {
+ logprintf(STDERR_FILENO,
+ "bad header size: %u != %zu\n",
+ hdrsize, sizeof(blobheader));
+ return TPM_BAD_DATASIZE;
+ }
+
*hdrversion = bh->version;
- *dataoffset = ntohs(bh->hdrsize);
+ *dataoffset = hdrsize;
*hdrflags = ntohs(bh->flags);
return TPM_SUCCESS;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/swtpm-0.7.0/src/swtpm_localca/swtpm_localca.c
new/swtpm-0.7.1/src/swtpm_localca/swtpm_localca.c
--- old/swtpm-0.7.0/src/swtpm_localca/swtpm_localca.c 2021-11-09
16:49:45.000000000 +0100
+++ new/swtpm-0.7.1/src/swtpm_localca/swtpm_localca.c 2022-02-18
14:32:34.000000000 +0100
@@ -117,7 +117,7 @@
goto error;
}
- if (access(signkey, R_OK) != 0) {
+ if (access(signkey, R_OK) != 0 || access(issuercert, R_OK) != 0) {
g_autofree gchar *directory = g_path_get_dirname(signkey);
g_autofree gchar *cakey = g_strjoin(G_DIR_SEPARATOR_S, directory,
"swtpm-localca-rootca-privkey.pem", NULL);
g_autofree gchar *cacert = g_strjoin(G_DIR_SEPARATOR_S, directory,
"swtpm-localca-rootca-cert.pem", NULL);
@@ -808,13 +808,28 @@
if (ret != 0)
goto error;
} else {
+ int create_certs = 0;
+
+ /* create certificate if either the signing key or issuer cert are
missing */
if (access(signkey, R_OK) != 0) {
if (stat(signkey, &statbuf) == 0) {
logerr(gl_LOGFILE, "Need read rights on signing key %s for
user %s.\n",
signkey, curr_user ? curr_user->pw_name : "<unknown>");
goto error;
}
+ create_certs = 1;
+ }
+
+ if (access(issuercert, R_OK) != 0) {
+ if (stat(issuercert, &statbuf) == 0) {
+ logerr(gl_LOGFILE, "Need read rights on issuer certificate %s
for user %s.\n",
+ issuercert, curr_user ? curr_user->pw_name :
"<unknown>");
+ goto error;
+ }
+ create_certs = 1;
+ }
+ if (create_certs) {
logit(gl_LOGFILE, "Creating root CA and a local CA's signing key
and issuer cert.\n");
if (create_localca_cert(lockfile, statedir, signkey,
signkey_password,
issuercert) != 0) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/swtpm-0.7.0/swtpm.spec new/swtpm-0.7.1/swtpm.spec
--- old/swtpm-0.7.0/swtpm.spec 2021-11-09 16:49:45.000000000 +0100
+++ new/swtpm-0.7.1/swtpm.spec 2022-02-18 14:32:34.000000000 +0100
@@ -8,7 +8,7 @@
Summary: TPM Emulator
Name: swtpm
-Version: 0.7.0
+Version: 0.7.1
Release: 1%{?dist}
License: BSD
Url: https://github.com/stefanberger/swtpm
@@ -174,6 +174,9 @@
%{_datadir}/swtpm/swtpm-create-tpmca
%changelog
+* Fri Feb 18 2022 Stefan Berger <stef...@linux.ibm.com> -
0.7.1-1.20220218git-------
+- v0.7.1 release
+
* Tue Nov 09 2021 Stefan Berger <stef...@linux.ibm.com> -
0.7.0-0.20211022git-------
- v0.7.0 release
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/swtpm-0.7.0/swtpm.spec.in
new/swtpm-0.7.1/swtpm.spec.in
--- old/swtpm-0.7.0/swtpm.spec.in 2021-11-09 16:49:45.000000000 +0100
+++ new/swtpm-0.7.1/swtpm.spec.in 2022-02-18 14:32:34.000000000 +0100
@@ -174,6 +174,9 @@
%{_datadir}/swtpm/swtpm-create-tpmca
%changelog
+* Fri Feb 18 2022 Stefan Berger <stef...@linux.ibm.com> -
0.7.1-1.20220218git-------
+- v0.7.1 release
+
* Tue Nov 09 2021 Stefan Berger <stef...@linux.ibm.com> -
0.7.0-0.20211022git-------
- v0.7.0 release
