Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package swtpm for openSUSE:Factory checked in at 2022-05-04 15:17:37 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/swtpm (Old) and /work/SRC/openSUSE:Factory/.swtpm.new.1538 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "swtpm" Wed May 4 15:17:37 2022 rev:12 rq:974426 version:0.7.3 Changes: -------- --- /work/SRC/openSUSE:Factory/swtpm/swtpm.changes 2022-04-08 00:27:47.886268838 +0200 +++ /work/SRC/openSUSE:Factory/.swtpm.new.1538/swtpm.changes 2022-05-04 15:17:38.684647972 +0200 @@ -1,0 +2,9 @@ +Fri Apr 29 07:41:51 UTC 2022 - Marcus Meissner <meiss...@suse.com> + +- Updated to version 0.7.3: + - swtpm: + - Use uint64_t in tlv_data_append() to avoid integer overflows + - Use uint64_t to avoid integer wrap-around when adding a uint32_t +- removed allow-FORTIFY_SOURCE=3.patch (upstreamed) + +------------------------------------------------------------------- Old: ---- allow-FORTIFY_SOURCE=3.patch swtpm-0.7.2.tar.gz New: ---- swtpm-0.7.3.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ swtpm.spec ++++++ --- /var/tmp/diff_new_pack.AUJm8e/_old 2022-05-04 15:17:39.224648630 +0200 +++ /var/tmp/diff_new_pack.AUJm8e/_new 2022-05-04 15:17:39.228648635 +0200 @@ -24,7 +24,7 @@ %define modulename2 swtpm_svirt %define modulename3 swtpmcuse Name: swtpm -Version: 0.7.2 +Version: 0.7.3 Release: 0 Summary: Software TPM emulator License: BSD-3-Clause @@ -32,7 +32,6 @@ URL: https://github.com/stefanberger/swtpm Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz Source100: swtpm-rpmlintrc -Patch0: allow-FORTIFY_SOURCE=3.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: expect ++++++ swtpm-0.7.2.tar.gz -> swtpm-0.7.3.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/swtpm-0.7.2/CHANGES new/swtpm-0.7.3/CHANGES --- old/swtpm-0.7.2/CHANGES 2022-03-07 15:16:11.000000000 +0100 +++ new/swtpm-0.7.3/CHANGES 2022-04-27 18:56:29.000000000 +0200 @@ -1,5 +1,13 @@ CHANGES - changes for swtpm +version 0.7.3: + - swtpm: + - Use uint64_t in tlv_data_append() to avoid integer overflows + - Use uint64_t to avoid integer wrap-around when adding a uint32_t + - build-sys: + - Fix configure script to support _FORTIFY_SOURCE=3 + - Define __USE_LINUX_IOCTL_DEFS in header file (Cygwin) + version 0.7.2: - swtpm: - Do not chdir(/) when using --daemon diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/swtpm-0.7.2/configure.ac new/swtpm-0.7.3/configure.ac --- old/swtpm-0.7.2/configure.ac 2022-03-07 15:16:11.000000000 +0100 +++ new/swtpm-0.7.3/configure.ac 2022-04-27 18:56:29.000000000 +0200 @@ -23,7 +23,7 @@ # This file is derived from tpm-tool's configure.in. # -AC_INIT([swtpm],[0.7.2]) +AC_INIT([swtpm],[0.7.3]) AC_PREREQ([2.69]) AC_CONFIG_SRCDIR(Makefile.am) AC_CONFIG_HEADERS([config.h]) @@ -410,10 +410,9 @@ HARDENING_CFLAGS="-fstack-protector-strong -Wstack-protector" fi - dnl Must not have -O0 but must have a -O for -D_FORTIFY_SOURCE=2 - TMP1="$(echo $CFLAGS | sed -n 's/.*\(-O0\).*/\1/p')" - TMP2="$(echo $CFLAGS | sed -n 's/.*\(-O\).*/\1/p')" - if test -z "$TMP1" && test -n "$TMP2"; then + dnl Only support -D_FORTIFY_SOURCE=2 and have higher levels passed in by user + dnl since they may create more overhead + if $CC $CFLAGS -Werror -D_FORTIFY_SOURCE=2 $srcdir/include/swtpm/tpm_ioctl.h 2>/dev/null; then HARDENING_CFLAGS="$HARDENING_CFLAGS -D_FORTIFY_SOURCE=2" fi dnl Check linker for 'relro' and 'now' @@ -533,11 +532,6 @@ [whether to build in vTPM proxy support (Linux only)]) esac -case $host_os in -cygwin) - CFLAGS="$CFLAGS -D__USE_LINUX_IOCTL_DEFS" -esac - dnl Seccomp profile using -lseccomp (Linux only) case $host_os in linux-*) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/swtpm-0.7.2/debian/changelog new/swtpm-0.7.3/debian/changelog --- old/swtpm-0.7.2/debian/changelog 2022-03-07 15:16:11.000000000 +0100 +++ new/swtpm-0.7.3/debian/changelog 2022-04-27 18:56:29.000000000 +0200 @@ -1,3 +1,9 @@ +swtpm (0.7.3) RELEASED; urgency=low + + * Stable release + + -- Stefan Berger <stef...@linux.ibm.com> Wed, 27 Apr 2022 09:00:00 -0500 + swtpm (0.7.2) RELEASED; urgency=low * Stable release diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/swtpm-0.7.2/include/swtpm/tpm_ioctl.h new/swtpm-0.7.3/include/swtpm/tpm_ioctl.h --- old/swtpm-0.7.2/include/swtpm/tpm_ioctl.h 2022-03-07 15:16:11.000000000 +0100 +++ new/swtpm-0.7.3/include/swtpm/tpm_ioctl.h 2022-04-27 18:56:29.000000000 +0200 @@ -8,6 +8,10 @@ #ifndef _TPM_IOCTL_H_ #define _TPM_IOCTL_H_ +#if defined(__CYGWIN__) +# define __USE_LINUX_IOCTL_DEFS +#endif + #include <stdint.h> #include <sys/uio.h> #include <sys/types.h> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/swtpm-0.7.2/src/swtpm/tlv.c new/swtpm-0.7.3/src/swtpm/tlv.c --- old/swtpm-0.7.2/src/swtpm/tlv.c 2022-03-07 15:16:11.000000000 +0100 +++ new/swtpm-0.7.3/src/swtpm/tlv.c 2022-04-27 18:56:29.000000000 +0200 @@ -72,8 +72,8 @@ { size_t i; tlv_header tlv; - uint32_t totlen; - size_t addlen = 0; + uint64_t totlen; + uint64_t addlen = 0; unsigned char *ptr; unsigned char *tmp; @@ -85,7 +85,13 @@ else totlen = addlen; - tmp = realloc(*buffer, totlen); + if (totlen > 0xffffffff) { + /* can only happen if tlv.length or *buffer_len were excessive */ + logprintf(STDERR_FILENO, "%s: Excessive buffer size error.\n", __func__); + return TPM_FAIL; + } + + tmp = realloc(*buffer, (size_t)totlen); if (!tmp) { logprintf(STDERR_FILENO, "Could not allocate %u bytes.\n", totlen); return TPM_FAIL; @@ -126,7 +132,7 @@ tlv_data_find_tag(const unsigned char *buffer, uint32_t buffer_len, uint16_t tag, tlv_data *td) { - uint32_t offset = 0; + uint64_t offset = 0; /* uint64_t to prevent integer overflow */ while (offset < buffer_len) { if (offset + sizeof(td->tlv) > buffer_len) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/swtpm-0.7.2/src/swtpm_ioctl/tpm_ioctl.c new/swtpm-0.7.3/src/swtpm_ioctl/tpm_ioctl.c --- old/swtpm-0.7.2/src/swtpm_ioctl/tpm_ioctl.c 2022-03-07 15:16:11.000000000 +0100 +++ new/swtpm-0.7.3/src/swtpm_ioctl/tpm_ioctl.c 2022-04-27 18:56:29.000000000 +0200 @@ -58,7 +58,6 @@ #include <errno.h> #include <fcntl.h> #include <unistd.h> -#include <sys/ioctl.h> #include <getopt.h> #include <sys/un.h> #include <sys/types.h> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/swtpm-0.7.2/swtpm.spec new/swtpm-0.7.3/swtpm.spec --- old/swtpm-0.7.2/swtpm.spec 2022-03-07 15:16:11.000000000 +0100 +++ new/swtpm-0.7.3/swtpm.spec 2022-04-27 18:56:29.000000000 +0200 @@ -8,7 +8,7 @@ Summary: TPM Emulator Name: swtpm -Version: 0.7.2 +Version: 0.7.3 Release: 1%{?dist} License: BSD Url: https://github.com/stefanberger/swtpm @@ -174,6 +174,9 @@ %{_datadir}/swtpm/swtpm-create-tpmca %changelog +* Mon Apr 27 2022 Stefan Berger <stef...@linux.ibm.com> - 0.7.3-1.20220427git------- +- v0.7.3 release + * Mon Mar 07 2022 Stefan Berger <stef...@linux.ibm.com> - 0.7.2-1.20220225git------- - v0.7.2 release diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/swtpm-0.7.2/swtpm.spec.in new/swtpm-0.7.3/swtpm.spec.in --- old/swtpm-0.7.2/swtpm.spec.in 2022-03-07 15:16:11.000000000 +0100 +++ new/swtpm-0.7.3/swtpm.spec.in 2022-04-27 18:56:29.000000000 +0200 @@ -174,6 +174,9 @@ %{_datadir}/swtpm/swtpm-create-tpmca %changelog +* Mon Apr 27 2022 Stefan Berger <stef...@linux.ibm.com> - 0.7.3-1.20220427git------- +- v0.7.3 release + * Mon Mar 07 2022 Stefan Berger <stef...@linux.ibm.com> - 0.7.2-1.20220225git------- - v0.7.2 release
