update to 5.0 and fix segmentation fault on tpm2

2021-05-24 19:15:06 +08:00 · 2021-05-24 19:15:06 +08:00 · 7bc9aa507b
commit 7bc9aa507b
parent 200f725026
6 changed files with 59 additions and 155 deletions
--- a/0001-tpm2_getcap-fix-misspelling-of-TPM2_PT_HR_-constants.patch
+++ b/0001-tpm2_getcap-fix-misspelling-of-TPM2_PT_HR_-constants.patch
@ -1,104 +0,0 @@
 From 7e9bb6c3a91a5da2792010f42df88ab9f80e8093 Mon Sep 17 00:00:00 2001
 From: Matthew Dempsky <matthew@dempsky.org>
 Date: Tue, 27 Aug 2019 18:11:27 -0700
 Subject: [PATCH] tpm2_getcap: fix misspelling of TPM2_PT_HR_ constants
 tpm2-tss mispelled some of these constants as TPM2_PT_TPM2_HR_*
 instead of just TPM2_PT_HR_*, and tpm2_getcap blindly followed suit.
 This commit switches tpm2_getcap to use the proper names, and to
 define them locally if they're missing. Once tpm2-tools can assume a
 fixed tpm2-tss, this workaround can be removed.
 Updates tpm2-software/tpm2-tss#1500.
 Signed-off-by: Matthew Dempsky <matthew@dempsky.org>
 ---
 tools/tpm2_getcap.c | 37 +++++++++++++++++++++++++------------
 1 file changed, 25 insertions(+), 12 deletions(-)
 diff --git a/tools/tpm2_getcap.c b/tools/tpm2_getcap.c
 index 9b15e3b..8b753dd 100644
 --- a/tools/tpm2_getcap.c
 +++ b/tools/tpm2_getcap.c
@@ -38,6 +38,19 @@
 #include "tpm2_tool.h"
 #include "tpm2_util.h"
 +/*
 + * Older versions of tpm2-tss misspelled these constants' names.
 + * See https://github.com/tpm2-software/tpm2-tss/issues/1500.
 + */
 +#ifndef TPM2_PT_HR_TRANSIENT_MIN
 +#define TPM2_PT_HR_TRANSIENT_MIN    ((TPM2_PT) (TPM2_PT_FIXED + 14))
 +#define TPM2_PT_HR_PERSISTENT_MIN   ((TPM2_PT) (TPM2_PT_FIXED + 15))
 +#define TPM2_PT_HR_NV_INDEX         ((TPM2_PT) (TPM2_PT_VAR + 2))
 +#define TPM2_PT_HR_TRANSIENT_AVAIL  ((TPM2_PT) (TPM2_PT_VAR + 7))
 +#define TPM2_PT_HR_PERSISTENT       ((TPM2_PT) (TPM2_PT_VAR + 8))
 +#define TPM2_PT_HR_PERSISTENT_AVAIL ((TPM2_PT) (TPM2_PT_VAR + 9))
 +#endif
 +
 /* convenience macro to convert flags into "set" / "clear" strings */
 #define prop_str(val) val ? "set" : "clear"
 /* number of eleents in the capability_map array */
@@ -313,11 +313,11 @@ dump_tpm_properties_fixed (TPMS_TAGGED_PROPERTY properties[],
         case TPM2_PT_INPUT_BUFFER:
             tpm2_tool_output ("TPM2_PT_INPUT_BUFFER:        0x%08x\n", value);
             break;
 -        case TPM2_PT_TPM2_HR_TRANSIENT_MIN:
 -            tpm2_tool_output ("TPM2_PT_TPM2_HR_TRANSIENT_MIN:    0x%08x\n", value);
 +        case TPM2_PT_HR_TRANSIENT_MIN:
 +            tpm2_tool_output ("TPM2_PT_HR_TRANSIENT_MIN:    0x%08x\n", value);
             break;
 -        case TPM2_PT_TPM2_HR_PERSISTENT_MIN:
 -            tpm2_tool_output ("TPM2_PT_TPM2_HR_PERSISTENT_MIN:   0x%08x\n", value);
 +        case TPM2_PT_HR_PERSISTENT_MIN:
 +            tpm2_tool_output ("TPM2_PT_HR_PERSISTENT_MIN:   0x%08x\n", value);
             break;
         case TPM2_PT_HR_LOADED_MIN:
             tpm2_tool_output ("TPM2_PT_HR_LOADED_MIN:       0x%08x\n", value);
@@ -428,8 +428,8 @@ dump_tpm_properties_var (TPMS_TAGGED_PROPERTY properties[],
         case TPM2_PT_STARTUP_CLEAR:
             dump_startup_clear_attrs ((TPMA_STARTUP_CLEAR)value);
             break;
 -        case TPM2_PT_TPM2_HR_NV_INDEX:
 -            tpm2_tool_output ("TPM2_PT_TPM2_HR_NV_INDEX:          0x%08x\n", value);
 +        case TPM2_PT_HR_NV_INDEX:
 +            tpm2_tool_output ("TPM2_PT_HR_NV_INDEX:          0x%08x\n", value);
             break;
         case TPM2_PT_HR_LOADED:
             tpm2_tool_output ("TPM2_PT_HR_LOADED:            0x%08x\n", value);
@@ -443,14 +443,14 @@ dump_tpm_properties_var (TPMS_TAGGED_PROPERTY properties[],
         case TPM2_PT_HR_ACTIVE_AVAIL:
             tpm2_tool_output ("TPM2_PT_HR_ACTIVE_AVAIL:      0x%08x\n", value);
             break;
 -        case TPM2_PT_TPM2_HR_TRANSIENT_AVAIL:
 -            tpm2_tool_output ("TPM2_PT_TPM2_HR_TRANSIENT_AVAIL:   0x%08x\n", value);
 +        case TPM2_PT_HR_TRANSIENT_AVAIL:
 +            tpm2_tool_output ("TPM2_PT_HR_TRANSIENT_AVAIL:   0x%08x\n", value);
             break;
 -        case TPM2_PT_TPM2_HR_PERSISTENT:
 -            tpm2_tool_output ("TPM2_PT_TPM2_HR_PERSISTENT:        0x%08x\n", value);
 +        case TPM2_PT_HR_PERSISTENT:
 +            tpm2_tool_output ("TPM2_PT_HR_PERSISTENT:        0x%08x\n", value);
             break;
 -        case TPM2_PT_TPM2_HR_PERSISTENT_AVAIL:
 -            tpm2_tool_output ("TPM2_PT_TPM2_HR_PERSISTENT_AVAIL:  0x%08x\n", value);
 +        case TPM2_PT_HR_PERSISTENT_AVAIL:
 +            tpm2_tool_output ("TPM2_PT_HR_PERSISTENT_AVAIL:  0x%08x\n", value);
             break;
         case TPM2_PT_NV_COUNTERS:
             tpm2_tool_output ("TPM2_PT_NV_COUNTERS:          0x%08x\n", value);
 diff --git a/tools/tpm2_listpersistent.c b/tools/tpm2_listpersistent.c
 index 45da1a4..d693e6c 100644
 --- a/tools/tpm2_listpersistent.c
 +++ b/tools/tpm2_listpersistent.c
@@ -152,7 +152,7 @@ int tpm2_tool_onrun(TSS2_SYS_CONTEXT *sapi_context, tpm2_option_flags flags) {
     UINT32 property = tpm2_util_endian_swap_32(TPM2_HT_PERSISTENT);
     rval = TSS2_RETRY_EXP(Tss2_Sys_GetCapability(sapi_context, 0, TPM2_CAP_HANDLES,
 -                                   property, TPM2_PT_TPM2_HR_PERSISTENT, &moreData,
 +                                   property, TPM2_PT_HR_PERSISTENT, &moreData,
                                    &capabilityData, 0));
     if(rval != TPM2_RC_SUCCESS)
     {
--- a/Revert-objectattrs-clear-before-or-ing-in-values.patch
+++ b/Revert-objectattrs-clear-before-or-ing-in-values.patch
@ -1,43 +0,0 @@
 From 1f3451ee7b046a590b6dfc20b6af010166670ff7 Mon Sep 17 00:00:00 2001
 From: Javier Martinez Canillas <javierm@redhat.com>
 Date: Thu, 12 Jul 2018 19:50:26 +0200
 Subject: [PATCH 1/1] Revert "objectattrs: clear before or'ing in values"
 This reverts commit e103bbf5117b0b62b358fd15f18f848854fcb0ee.
 The tpm2-tools 3.1.0 release contains a backward incompatible change that
 was introduced by commit e103bbf5117 ("objectattrs: clear before or'ing
 in values"), that changed the way that object attributes were specified.
 Before there were a set of default attributes and the user could specify
 additional attributes to be used, but after the mentioned commit the user
 must specify all attributes.
 This is a user visible change that changes the tools semantics, so is not
 a suitable change for a MINOR version number increment, according to the
 Semantic Versioning document (https://semver.org) since it breaks rule 2:
 2.MINOR version when you add functionality in a backwards-compatible manner
 Fixes: #1097
 Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
 ---
 lib/tpm2_attr_util.c | 1 -
 1 file changed, 1 deletion(-)
 diff --git a/lib/tpm2_attr_util.c b/lib/tpm2_attr_util.c
 index d461a744c0d..e43d03f9e0a 100644
 --- a/lib/tpm2_attr_util.c
 +++ b/lib/tpm2_attr_util.c
@@ -501,7 +501,6 @@ bool tpm2_attr_util_nv_strtoattr(char *attribute_list, TPMA_NV *nvattrs) {
 bool tpm2_attr_util_obj_strtoattr(char *attribute_list, TPMA_OBJECT *objattrs) {
 -    memset(objattrs, 0, sizeof(*objattrs));
     return common_strtoattr(attribute_list, objattrs, obj_attr_table, ARRAY_LEN(obj_attr_table));
 }
 -- 
 2.17.1
--- a/backport-Don-t-assume-end-of-argv-is-NULL.patch
+++ b/backport-Don-t-assume-end-of-argv-is-NULL.patch
@ -0,0 +1,43 @@
 From fb1e0d98eca5279bf33304deedd9019b0130393a Mon Sep 17 00:00:00 2001
 From: Erik Larsson <who+github@cnackers.org>
 Date: Sat, 21 Nov 2020 10:59:13 +0100
 Subject: [PATCH] Don't assume end of argv is NULL
 On a musl based system argv[optind] && strcmp(...) where optind > argc might read random memory and segfault.
 Signed-off-by: Erik Larsson <who+github@cnackers.org>
 ---
 lib/tpm2_options.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
 diff --git a/lib/tpm2_options.c b/lib/tpm2_options.c
 index e9aaa0364..9fa583c60 100644
 --- a/lib/tpm2_options.c
 +++ b/lib/tpm2_options.c
@@ -300,7 +300,7 @@ tpm2_option_code tpm2_handle_options(int argc, char **argv,
             if (argv[optind - 1]) {
                 if (!strcmp(argv[optind - 1], "--help=no-man") ||
                     !strcmp(argv[optind - 1], "-h=no-man") ||
 -                    (argv[optind] && !strcmp(argv[optind], "no-man"))) {
 +                    (argc < optind && !strcmp(argv[optind], "no-man"))) {
                     manpager = false;
                     optind++;
                 /*
@@ -309,7 +309,7 @@ tpm2_option_code tpm2_handle_options(int argc, char **argv,
                  */
                 } else if (!strcmp(argv[optind - 1], "--help=man") ||
                            !strcmp(argv[optind - 1], "-h=man") ||
 -                           (argv[optind] && !strcmp(argv[optind], "man"))) {
 +                           (argc < optind && !strcmp(argv[optind], "man"))) {
                     manpager = true;
                     explicit_manpager = true;
                     optind++;
@@ -318,7 +318,7 @@ tpm2_option_code tpm2_handle_options(int argc, char **argv,
                      * argv[0] = "tool name"
                      * argv[1] = "--help" argv[2] = 0
                      */
 -                    if (!argv[optind] && argc == 2) {
 +                    if (optind >= argc && argc == 2) {
                         manpager = false;
                     } else {
                         /*
--- a/tpm2-tools-3.1.1.tar.gz
+++ b/tpm2-tools-3.1.1.tar.gz
--- a/tpm2-tools-5.0.tar.gz
+++ b/tpm2-tools-5.0.tar.gz
--- a/tpm2-tools.spec
+++ b/tpm2-tools.spec
@ -1,18 +1,18 @@
 Name:          tpm2-tools
-Version:       3.1.1
+Version:       5.0
-Release:       8
+Release:       2
 Summary:       A TPM2.0 testing tool based on TPM2.0-TSS
 License:       BSD
 URL:           https://github.com/tpm2-software/tpm2-tools
 Source0:       https://github.com/tpm2-software/tpm2-tools/releases/download/%{version}/%{name}-%{version}.tar.gz
-Patch1:        Revert-objectattrs-clear-before-or-ing-in-values.patch
+Patch0:        backport-Don-t-assume-end-of-argv-is-NULL.patch
 Patch2:        0001-tpm2_getcap-fix-misspelling-of-TPM2_PT_HR_-constants.patch 
 BuildRequires: gcc-c++ libtool autoconf-archive pkgconfig(cmocka) pkgconfig(libcurl) pkgconfig(openssl)
-BuildRequires: pkgconfig(tss2-mu) pkgconfig(tss2-sys) pkgconfig(tss2-esys) git libgcrypt
+BuildRequires: pkgconfig(tss2-mu) pkgconfig(tss2-sys) pkgconfig(tss2-esys) pkgconfig(uuid) git libgcrypt
 BuildRequires: libgcrypt-devel gdb
-Requires:  tpm2-tss >= 2.0.0-2
+Requires:  tpm2-tss >= 2.3.1
 Requires:  tpm2-tools-help = %{version}-%{release}
 Obsoletes: tpm2-tools <= 2.1.1-2
 %description
@ -48,14 +48,22 @@ make check
 %files
 %defattr(-,root,root)
-%license LICENSE
+%license doc/LICENSE
 %{_bindir}/*
 %{_datadir}/bash-completion/completions/tpm2*
 %{_datadir}/bash-completion/completions/tss2*
 %files help
-%doc README.md CHANGELOG.md
+%doc README.md doc/CHANGELOG.md
 %{_mandir}/*/*
 %changelog
 * Mon May 24 2021 panxiaohe<panxiaohe@huawei.com> - 5.0-2
 - fix segmentation fault on tpm2
 * Mon May 24 2021 panxiaohe<panxiaohe@huawei.com> - 5.0-1
 - update to 5.0
 * Tue May 12 2020 wanghongzhe<wanghongzhe@openeuler.org> - 3.1.1-8
 - bugfix for tpm2-tss upgrade