diff --git a/0002-tpm2-add-SM3-and-SM4-support.patch b/0000-tpm2-add-SM3-and-SM4-support.patch similarity index 100% rename from 0002-tpm2-add-SM3-and-SM4-support.patch rename to 0000-tpm2-add-SM3-and-SM4-support.patch diff --git a/0001-tpm2-Check-size-of-buffer-before-accessing-it-CVE-20.patch b/0001-tpm2-Check-size-of-buffer-before-accessing-it-CVE-20.patch deleted file mode 100644 index 010c7112e67f9fbc4115356b72d204edb31a06ad..0000000000000000000000000000000000000000 --- a/0001-tpm2-Check-size-of-buffer-before-accessing-it-CVE-20.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 9beadbbf256c5d08511b9fc286ab47626039d6db Mon Sep 17 00:00:00 2001 -From: jiangfangjie 00559066 -Date: Tue, 7 Mar 2023 13:18:44 +0800 -Subject: [PATCH] tpm2: Check size of buffer before accessing it (CVE-2023-1017 - & -1018) Check that there are sufficient bytes in the buffer before reading - the cipherSize from it. Also, reduce the bufferSize variable by the number of - bytes that make up the cipherSize to avoid reading and writing bytes beyond - the buffer in subsequent steps that do in-place decryption. - -This fixes CVE-2023-1017 & CVE-2023-1018. - -Signed-off-by: jiangfangjie ---- - src/tpm2/CryptUtil.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/src/tpm2/CryptUtil.c b/src/tpm2/CryptUtil.c -index 002fde0..9b7d56e 100644 ---- a/src/tpm2/CryptUtil.c -+++ b/src/tpm2/CryptUtil.c -@@ -830,6 +830,10 @@ CryptParameterDecryption( - + sizeof(session->sessionKey.t.buffer))); - TPM2B_HMAC_KEY key; // decryption key - UINT32 cipherSize = 0; // size of cipher text -+ -+ if (leadingSizeInByte > bufferSize) -+ return TPM_RC_INSUFFICIENT; -+ - // Retrieve encrypted data size. - if(leadingSizeInByte == 2) - { -@@ -837,6 +841,7 @@ CryptParameterDecryption( - // data to be decrypted - cipherSize = (UINT32)BYTE_ARRAY_TO_UINT16(buffer); - buffer = &buffer[2]; // advance the buffer -+ bufferSize -= 2; - } - #ifdef TPM4B - else if(leadingSizeInByte == 4) -@@ -844,6 +849,7 @@ CryptParameterDecryption( - // the leading size is four bytes so get the four byte size field - cipherSize = BYTE_ARRAY_TO_UINT32(buffer); - buffer = &buffer[4]; //advance pointer -+ bufferSize -= 4; - } - #endif - else --- -2.21.0.windows.1 - diff --git a/libtpms-0.9.5.tar.gz b/libtpms-0.9.5.tar.gz deleted file mode 100644 index 75403b0ab470ba1f33e251f2dcdff0c29a396c5f..0000000000000000000000000000000000000000 Binary files a/libtpms-0.9.5.tar.gz and /dev/null differ diff --git a/libtpms-0.9.6.tar.gz b/libtpms-0.9.6.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..dff25740329dca5ab64b917ba310f3d9b235f09f Binary files /dev/null and b/libtpms-0.9.6.tar.gz differ diff --git a/libtpms.spec b/libtpms.spec index d62848ec26c83952010c2706c8c6b37f10678f5c..8e626fad3c5f40a62b91decebccab6b75b42f2af 100644 --- a/libtpms.spec +++ b/libtpms.spec @@ -1,8 +1,8 @@ # --- libtpm rpm-spec --- %define name libtpms -%define version 0.9.5 -%define release 4 +%define version 0.9.6 +%define release 1 # Valid crypto subsystems are 'freebl' and 'openssl' %if "%{?crypto_subsystem}" == "" @@ -22,8 +22,7 @@ Url: http://github.com/stefanberger/libtpms Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz Provides: libtpms-%{crypto_subsystem} = %{version}-%{release} -Patch0: 0001-tpm2-Check-size-of-buffer-before-accessing-it-CVE-20.patch -Patch1: 0002-tpm2-add-SM3-and-SM4-support.patch +Patch0: 0000-tpm2-add-SM3-and-SM4-support.patch %if "%{crypto_subsystem}" == "openssl" BuildRequires: openssl-devel @@ -120,6 +119,9 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/libtpms.la %postun -p /sbin/ldconfig %changelog +* Tue Jan 16 2024 zhangxingrong - 0.9.6-1 +- upgrade to 0.9.6 + * Sat Nov 04 2023 fly2x - 0.9.5-4 - Add SM3 and SM4 support