开源软件构建与测试

_service:tar_scm:tpm2-tss.spec Changed

@@ -1,15 +1,13 @@
 Name:          tpm2-tss
-Version:       3.2.1
-Release:       2
+Version:       3.2.2
+Release:       1
 Summary:       TPM2.0 Software Stack
 License:       BSD
 URL:           https://github.com/tpm2-software/tpm2-tss
 Source0:       https://github.com/tpm2-software/tpm2-tss/releases/download/%{version}/%{name}-%{version}.tar.gz
 
-Patch1: backport-CVE-2023-22745.patch
-
 BuildRequires: gcc-c++ autoconf-archive libtool pkgconfig systemd libgcrypt-devel openssl-devel doxygen json-c-devel libcurl-devel
-BuildRequires: curl >= 7.80.0
+BuildRequires: curl >= 7.80.0 libcmocka-devel iproute uthash-devel swtpm
 
 %description
 tpm2-tss is a software stack supporting Trusted Platform Module(TPM) 2.0 system
@@ -31,7 +29,8 @@
 
 %build
 %configure --disable-static --disable-silent-rules --with-udevrulesdir=%{_udevrulesdir} --with-udevrulesprefix=80- \
-           --with-runstatedir=%{_rundir} --with-tmpfilesdir=%{_tmpfilesdir} --with-sysusersdir=%{_sysusersdir}
+           --with-runstatedir=%{_rundir} --with-tmpfilesdir=%{_tmpfilesdir} --with-sysusersdir=%{_sysusersdir} \
+           --enable-unit --enable-integration
 
 %make_build
 
@@ -72,6 +71,18 @@
 %{_mandir}/man*/*
 
 %changelog
+* Tue Jul 18 2023 jinlun <jinlun@huawei.com> - 3.2.2-1
+- Type:enhancement
+- ID:NA
+- SUG:NA
+- DESC:update version to 3.2.2
+
+* Tue Mar 21 2023 jinlun <jinlun@huawei.com> - 3.2.1-3
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:add check code in tpm2-tss
+
 * Tue Jan 31 2023 huangzq6 <huangzhenqiang2@huawei.com> - 3.2.1-2
 - Type:CVE
 - ID:NA

_service:tar_scm:backport-CVE-2023-22745.patch Deleted

@@ -1,139 +0,0 @@
-From 306490c8d848c367faa2d9df81f5e69dab46ffb5 Mon Sep 17 00:00:00 2001
-From: William Roberts <william.c.roberts@intel.com>
-Date: Thu, 19 Jan 2023 11:53:06 -0600
-Subject: PATCH tss2_rc: ensure layer number is in bounds
-
-The layer handler array was defined as 255, the max number of uint8,
-which is the size of the layer field, however valid values are 0-255
-allowing for 256 possibilities and thus the array was off by one and
-needed to be sized to 256 entries. Update the size and add tests.
-
-Note: previous implementations incorrectly dropped bits on unknown error
-output, ie TSS2_RC of 0xFFFFFF should yeild a string of 255:0xFFFFFF,
-but earlier implementations returned 255:0xFFFF, dropping the middle
-bits, this patch fixes that.
-
-Fixes: CVE-2023-22745
-
-Signed-off-by: William Roberts <william.c.roberts@intel.com>
----
- src/tss2-rc/tss2_rc.c    | 31 +++++++++++++++++++++----------
- test/unit/test_tss2_rc.c | 21 ++++++++++++++++++++-
- 2 files changed, 41 insertions(+), 11 deletions(-)
-
-diff --git a/src/tss2-rc/tss2_rc.c b/src/tss2-rc/tss2_rc.c
-index 15ced56..4e14659 100644
---- a/src/tss2-rc/tss2_rc.c
-+++ b/src/tss2-rc/tss2_rc.c
-@@ -1,5 +1,8 @@
- /* SPDX-License-Identifier: BSD-2-Clause */
--
-+#ifdef HAVE_CONFIG_H
-+#include "config.h"
-+#endif
-+#include <assert.h>
- #include <stdarg.h>
- #include <stdbool.h>
- #include <stdio.h>
-@@ -834,7 +837,7 @@ tss_err_handler (TSS2_RC rc)
- static struct {
-     char nameTSS2_ERR_LAYER_NAME_MAX;
-     TSS2_RC_HANDLER handler;
--} layer_handlerTPM2_ERROR_TSS2_RC_LAYER_COUNT = {
-+} layer_handlerTPM2_ERROR_TSS2_RC_LAYER_COUNT + 1 = {
-     ADD_HANDLER("tpm" , tpm2_ehandler),
-     ADD_NULL_HANDLER,                       /* layer 1  is unused */
-     ADD_NULL_HANDLER,                       /* layer 2  is unused */
-@@ -869,7 +872,7 @@ unknown_layer_handler(TSS2_RC rc)
-     static __thread char buf32;
- 
-     clearbuf(buf);
--    catbuf(buf, "0x%X", tpm2_error_get(rc));
-+    catbuf(buf, "0x%X", rc);
- 
-     return buf;
- }
-@@ -966,19 +969,27 @@ Tss2_RC_Decode(TSS2_RC rc)
-         catbuf(buf, "%u:", layer);
-     }
- 
--    handler = !handler ? unknown_layer_handler : handler;
--
-     /*
-      * Handlers only need the error bits. This way they don't
-      * need to concern themselves with masking off the layer
-      * bits or anything else.
-      */
--    UINT16 err_bits = tpm2_error_get(rc);
--    const char *e = err_bits ? handler(err_bits) : "success";
--    if (e) {
--        catbuf(buf, "%s", e);
-+    if (handler) {
-+        UINT16 err_bits = tpm2_error_get(rc);
-+        const char *e = err_bits ? handler(err_bits) : "success";
-+        if (e) {
-+            catbuf(buf, "%s", e);
-+        } else {
-+            catbuf(buf, "0x%X", err_bits);
-+        }
-     } else {
--        catbuf(buf, "0x%X", err_bits);
-+        /*
-+         * we don't want to drop any bits if we don't know what to do with it
-+         * so drop the layer byte since we we already have that.
-+         */
-+        const char *e = unknown_layer_handler(rc >> 8);
-+        assert(e);
-+        catbuf(buf, "%s", e);
-     }
- 
-     return buf;
-diff --git a/test/unit/test_tss2_rc.c b/test/unit/test_tss2_rc.c
-index f4249b7..6d8428b 100644
---- a/test/unit/test_tss2_rc.c
-+++ b/test/unit/test_tss2_rc.c
-@@ -199,7 +199,7 @@ test_custom_handler(void **state)
-      * Test an unknown layer
-      */
-     e = Tss2_RC_Decode(rc);
--    assert_string_equal(e, "1:0x2A");
-+    assert_string_equal(e, "1:0x100");
- }
- 
- static void
-@@ -282,6 +282,23 @@ test_tcti(void **state)
-     assert_string_equal(e, "tcti:Fails to connect to next lower layer");
- }
- 
-+static void
-+test_all_FFs(void **state)
-+{
-+    (void) state;
-+
-+    const char *e = Tss2_RC_Decode(0xFFFFFFFF);
-+    assert_string_equal(e, "255:0xFFFFFF");
-+}
-+
-+static void
-+test_all_FFs_set_handler(void **state)
-+{
-+    (void) state;
-+    Tss2_RC_SetHandler(0xFF, "garbage", custom_err_handler);
-+    Tss2_RC_SetHandler(0xFF, NULL, NULL);
-+}
-+
- /* link required symbol, but tpm2_tool.c declares it AND main, which
-  * we have a main below for cmocka tests.
-  */
-@@ -313,6 +330,8 @@ main(int argc, char* argv)
-             cmocka_unit_test(test_esys),
-             cmocka_unit_test(test_mu),
-             cmocka_unit_test(test_tcti),
-+            cmocka_unit_test(test_all_FFs),
-+            cmocka_unit_test(test_all_FFs_set_handler)
-     };
- 
-     return cmocka_run_group_tests(tests, NULL, NULL);
--- 
-2.27.0
-

_service:tar_scm:tpm2-tss-3.2.1.tar.gz/AUTHORS -> _service:tar_scm:tpm2-tss-3.2.2.tar.gz/AUTHORS Changed

_service:tar_scm:tpm2-tss-3.2.1.tar.gz/CHANGELOG.md -> _service:tar_scm:tpm2-tss-3.2.2.tar.gz/CHANGELOG.md Changed

_service:tar_scm:tpm2-tss-3.2.1.tar.gz/Makefile.in -> _service:tar_scm:tpm2-tss-3.2.2.tar.gz/Makefile.in Changed

_service:tar_scm:tpm2-tss-3.2.1.tar.gz/VERSION -> _service:tar_scm:tpm2-tss-3.2.2.tar.gz/VERSION Changed

_service:tar_scm:tpm2-tss-3.2.1.tar.gz/aminclude_static.am -> _service:tar_scm:tpm2-tss-3.2.2.tar.gz/aminclude_static.am Changed

_service:tar_scm:tpm2-tss-3.2.1.tar.gz/config.h.in -> _service:tar_scm:tpm2-tss-3.2.2.tar.gz/config.h.in Changed

_service:tar_scm:tpm2-tss-3.2.1.tar.gz/configure -> _service:tar_scm:tpm2-tss-3.2.2.tar.gz/configure Changed

@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for tpm2-tss 3.2.1.
+# Generated by GNU Autoconf 2.69 for tpm2-tss 3.2.2.
 #
 # Report bugs to <https://github.com/tpm2-software/tpm2-tss/issues>.
 #
@@ -590,8 +590,8 @@
 # Identity of this package.
 PACKAGE_NAME='tpm2-tss'
 PACKAGE_TARNAME='tpm2-tss'
-PACKAGE_VERSION='3.2.1'
-PACKAGE_STRING='tpm2-tss 3.2.1'
+PACKAGE_VERSION='3.2.2'
+PACKAGE_STRING='tpm2-tss 3.2.2'
 PACKAGE_BUGREPORT='https://github.com/tpm2-software/tpm2-tss/issues'
 PACKAGE_URL='https://github.com/tpm2-software/tpm2-tss'
 
@@ -1574,7 +1574,7 @@
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures tpm2-tss 3.2.1 to adapt to many kinds of systems.
+\`configure' configures tpm2-tss 3.2.2 to adapt to many kinds of systems.
 
 Usage: $0 OPTION... VAR=VALUE...
 
@@ -1645,7 +1645,7 @@
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of tpm2-tss 3.2.1:";;
+     short | recursive ) echo "Configuration of tpm2-tss 3.2.2:";;
    esac
   cat <<\_ACEOF
 
@@ -1857,7 +1857,7 @@
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-tpm2-tss configure 3.2.1
+tpm2-tss configure 3.2.2
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2393,7 +2393,7 @@
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by tpm2-tss $as_me 3.2.1, which was
+It was created by tpm2-tss $as_me 3.2.2, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -3257,7 +3257,7 @@
 
 # Define the identity of the package.
  PACKAGE='tpm2-tss'
- VERSION='3.2.1'
+ VERSION='3.2.2'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -17542,6 +17542,48 @@
 
 fi
 fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for curl_url_strerror in -lcurl" >&5
+$as_echo_n "checking for curl_url_strerror in -lcurl... " >&6; }
+if ${ac_cv_lib_curl_curl_url_strerror+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lcurl  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char curl_url_strerror ();
+int
+main ()
+{
+return curl_url_strerror ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_curl_curl_url_strerror=yes
+else
+  ac_cv_lib_curl_curl_url_strerror=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_curl_curl_url_strerror" >&5
+$as_echo "$ac_cv_lib_curl_curl_url_strerror" >&6; }
+if test "x$ac_cv_lib_curl_curl_url_strerror" = xyes; then :
+
+$as_echo "#define HAVE_CURL_URL_STRERROR 1" >>confdefs.h
+
+fi
+
 
 
 # Check whether --with-tctidefaultmodule was given.
@@ -23706,7 +23748,7 @@
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by tpm2-tss $as_me 3.2.1, which was
+This file was extended by tpm2-tss $as_me 3.2.2, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -23773,7 +23815,7 @@
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/\\""\`\$/\\\\&/g'`"
 ac_cs_version="\\
-tpm2-tss config.status 3.2.1
+tpm2-tss config.status 3.2.2
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"

_service:tar_scm:tpm2-tss-3.2.1.tar.gz/configure.ac -> _service:tar_scm:tpm2-tss-3.2.2.tar.gz/configure.ac Changed

_service:tar_scm:tpm2-tss-3.2.1.tar.gz/man/man7/tss2-tcti-swtpm.7 -> _service:tar_scm:tpm2-tss-3.2.2.tar.gz/man/man7/tss2-tcti-swtpm.7 Changed

_service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-fapi/ifapi_helpers.c -> _service:tar_scm:tpm2-tss-3.2.2.tar.gz/src/tss2-fapi/ifapi_helpers.c Changed

_service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/tss2-rc/tss2_rc.c -> _service:tar_scm:tpm2-tss-3.2.2.tar.gz/src/tss2-rc/tss2_rc.c Changed

@@ -1,5 +1,8 @@
 /* SPDX-License-Identifier: BSD-2-Clause */
-
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+#include <assert.h>
 #include <stdarg.h>
 #include <stdbool.h>
 #include <stdio.h>
@@ -834,7 +837,7 @@
 static struct {
     char nameTSS2_ERR_LAYER_NAME_MAX;
     TSS2_RC_HANDLER handler;
-} layer_handlerTPM2_ERROR_TSS2_RC_LAYER_COUNT = {
+} layer_handlerTPM2_ERROR_TSS2_RC_LAYER_COUNT + 1 = {
     ADD_HANDLER("tpm" , tpm2_ehandler),
     ADD_NULL_HANDLER,                       /* layer 1  is unused */
     ADD_NULL_HANDLER,                       /* layer 2  is unused */
@@ -852,7 +855,7 @@
                                             /* The RM usually duplicates TPM responses */
                                             /* So just default the handler to tpm2. */
     ADD_HANDLER("rm", NULL),                /* layer 12 is the rm rc */
-    ADD_HANDLER("drvr", NULL),              /* layer 13 is the driver rc */
+    ADD_HANDLER("policy", tss_err_handler), /* layer 13 is the policy rc */
 };
 
 /**
@@ -869,7 +872,7 @@
     static __thread char buf32;
 
     clearbuf(buf);
-    catbuf(buf, "0x%X", tpm2_error_get(rc));
+    catbuf(buf, "0x%X", rc);
 
     return buf;
 }
@@ -966,19 +969,27 @@
         catbuf(buf, "%u:", layer);
     }
 
-    handler = !handler ? unknown_layer_handler : handler;
-
     /*
      * Handlers only need the error bits. This way they don't
      * need to concern themselves with masking off the layer
      * bits or anything else.
      */
-    UINT16 err_bits = tpm2_error_get(rc);
-    const char *e = err_bits ? handler(err_bits) : "success";
-    if (e) {
-        catbuf(buf, "%s", e);
+    if (handler) {
+        UINT16 err_bits = tpm2_error_get(rc);
+        const char *e = err_bits ? handler(err_bits) : "success";
+        if (e) {
+            catbuf(buf, "%s", e);
+        } else {
+            catbuf(buf, "0x%X", err_bits);
+        }
     } else {
-        catbuf(buf, "0x%X", err_bits);
+        /*
+         * we don't want to drop any bits if we don't know what to do with it
+         * so drop the layer byte since we we already have that.
+         */
+        const char *e = unknown_layer_handler(rc >> 8);
+        assert(e);
+        catbuf(buf, "%s", e);
     }
 
     return buf;

_service:tar_scm:tpm2-tss-3.2.1.tar.gz/src/util/log.c -> _service:tar_scm:tpm2-tss-3.2.2.tar.gz/src/util/log.c Changed

_service:tar_scm:tpm2-tss-3.2.1.tar.gz/test/unit/test_tss2_rc.c -> _service:tar_scm:tpm2-tss-3.2.2.tar.gz/test/unit/test_tss2_rc.c Changed

@@ -39,7 +39,7 @@
         "tcti:",
         "rmt",
         "rm",
-        "drvr",
+        "policy",
     };
 
     UINT8 layer;
@@ -199,7 +199,7 @@
      * Test an unknown layer
      */
     e = Tss2_RC_Decode(rc);
-    assert_string_equal(e, "1:0x2A");
+    assert_string_equal(e, "1:0x100");
 }
 
 static void
@@ -282,6 +282,23 @@
     assert_string_equal(e, "tcti:Fails to connect to next lower layer");
 }
 
+static void
+test_all_FFs(void **state)
+{
+    (void) state;
+
+    const char *e = Tss2_RC_Decode(0xFFFFFFFF);
+    assert_string_equal(e, "255:0xFFFFFF");
+}
+
+static void
+test_all_FFs_set_handler(void **state)
+{
+    (void) state;
+    Tss2_RC_SetHandler(0xFF, "garbage", custom_err_handler);
+    Tss2_RC_SetHandler(0xFF, NULL, NULL);
+}
+
 /* link required symbol, but tpm2_tool.c declares it AND main, which
  * we have a main below for cmocka tests.
  */
@@ -313,6 +330,8 @@
             cmocka_unit_test(test_esys),
             cmocka_unit_test(test_mu),
             cmocka_unit_test(test_tcti),
+            cmocka_unit_test(test_all_FFs),
+            cmocka_unit_test(test_all_FFs_set_handler)
     };
 
     return cmocka_run_group_tests(tests, NULL, NULL);

Changes of Revision 8