commit libtpms for openSUSE:Factory

Source-Sync Wed, 08 Mar 2023 06:48:04 -0800

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package libtpms for openSUSE:Factory checked 
in at 2023-03-08 14:51:27
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libtpms (Old)
 and      /work/SRC/openSUSE:Factory/.libtpms.new.31432 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "libtpms"

Wed Mar  8 14:51:27 2023 rev:18 rq:1069859 version:0.9.6

Changes:
--------
--- /work/SRC/openSUSE:Factory/libtpms/libtpms.changes  2022-12-07 
17:33:57.844210291 +0100
+++ /work/SRC/openSUSE:Factory/.libtpms.new.31432/libtpms.changes       
2023-03-08 14:51:28.990320107 +0100
@@ -1,0 +2,7 @@
+Mon Mar  6 16:32:02 UTC 2023 - Alberto Planas Dominguez <apla...@suse.com>
+
+- Update to 0.9.6:
+  * CVE-2023-1018: tpm2: Fixed out of bounds read in CryptParameterDecryption 
(bsc#1206023)
+  * CVE-2023-1017: tpm2: Fixed out of bounds write in CryptParameterDecryption 
(bsc#1206022)
+
+-------------------------------------------------------------------

Old:
----
  libtpms-0.9.5.tar.gz

New:
----
  libtpms-0.9.6.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ libtpms.spec ++++++
--- /var/tmp/diff_new_pack.vW0nEF/_old  2023-03-08 14:51:29.578323309 +0100
+++ /var/tmp/diff_new_pack.vW0nEF/_new  2023-03-08 14:51:29.582323330 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package libtpms
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
 
 %define lname libtpms0
 Name:           libtpms
-Version:        0.9.5
+Version:        0.9.6
 Release:        0
 Summary:        Library providing Trusted Platform Module (TPM) functionality
 License:        BSD-3-Clause

++++++ libtpms-0.9.5.tar.gz -> libtpms-0.9.6.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/libtpms-0.9.5/CHANGES new/libtpms-0.9.6/CHANGES
--- old/libtpms-0.9.5/CHANGES   2022-07-01 17:36:16.000000000 +0200
+++ new/libtpms-0.9.6/CHANGES   2023-02-28 21:57:55.000000000 +0100
@@ -1,5 +1,8 @@
 CHANGES - changes for libtpms
 
+version 0.9.6:
+  - tpm2: Check size of buffer before accessing it (CVE-2023-1017 & -1018)
+
 version 0.9.5:
   - tpm2: Do not set RSA_FLAG_NO_BLINDING on RSA keys anymore
   - tpm2: Fix a potential overflow expression (coverity)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/libtpms-0.9.5/configure.ac 
new/libtpms-0.9.6/configure.ac
--- old/libtpms-0.9.5/configure.ac      2022-07-01 17:36:16.000000000 +0200
+++ new/libtpms-0.9.6/configure.ac      2023-02-28 21:57:55.000000000 +0100
@@ -3,7 +3,7 @@
 #
 # See the LICENSE file for the license associated with this file.
 
-AC_INIT([libtpms],[0.9.5])
+AC_INIT([libtpms],[0.9.6])
 AC_PREREQ([2.69])
 AC_CONFIG_SRCDIR(Makefile.am)
 AC_CONFIG_AUX_DIR([.])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/libtpms-0.9.5/debian/changelog 
new/libtpms-0.9.6/debian/changelog
--- old/libtpms-0.9.5/debian/changelog  2022-07-01 17:36:16.000000000 +0200
+++ new/libtpms-0.9.6/debian/changelog  2023-02-28 21:57:55.000000000 +0100
@@ -1,3 +1,9 @@
+libtpms (0.9.6) RELEASED; urgency=high
+
+  - tpm2: Check size of buffer before accessing it (CVE-2023-1017 & -1018)
+
+ -- Stefan Berger <stef...@linux.ibm.com>  Tue, 28 Feb 2023 09:00:00 -0500
+
 libtpms (0.9.5) RELEASED; urgency=medium
 
   - tpm2: Do not set RSA_FLAG_NO_BLINDING on RSA keys anymore
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/libtpms-0.9.5/dist/libtpms.spec 
new/libtpms-0.9.6/dist/libtpms.spec
--- old/libtpms-0.9.5/dist/libtpms.spec 2022-07-01 17:36:16.000000000 +0200
+++ new/libtpms-0.9.6/dist/libtpms.spec 2023-02-28 21:57:55.000000000 +0100
@@ -1,7 +1,7 @@
 # --- libtpm rpm-spec ---
 
 %define name      libtpms
-%define version   0.9.5
+%define version   0.9.6
 %define release   1
 
 # Valid crypto subsystems are 'freebl' and 'openssl'
@@ -112,6 +112,9 @@
 %postun -p /sbin/ldconfig
 
 %changelog
+* Tue Feb 28 2023 Stefan Berger - 0.9.6-1
+- tpm2: Check size of buffer before accessing it (CVE-2023-1017 & -1018)
+
 * Fri Jul 01 2022 Stefan Berger - 0.9.5-1
 - Release of version 0.9.5
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/libtpms-0.9.5/dist/libtpms.spec.in 
new/libtpms-0.9.6/dist/libtpms.spec.in
--- old/libtpms-0.9.5/dist/libtpms.spec.in      2022-07-01 17:36:16.000000000 
+0200
+++ new/libtpms-0.9.6/dist/libtpms.spec.in      2023-02-28 21:57:55.000000000 
+0100
@@ -112,6 +112,9 @@
 %postun -p /sbin/ldconfig
 
 %changelog
+* Tue Feb 28 2023 Stefan Berger - 0.9.6-1
+- tpm2: Check size of buffer before accessing it (CVE-2023-1017 & -1018)
+
 * Fri Jul 01 2022 Stefan Berger - 0.9.5-1
 - Release of version 0.9.5
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/libtpms-0.9.5/include/libtpms/tpm_library.h 
new/libtpms-0.9.6/include/libtpms/tpm_library.h
--- old/libtpms-0.9.5/include/libtpms/tpm_library.h     2022-07-01 
17:36:16.000000000 +0200
+++ new/libtpms-0.9.6/include/libtpms/tpm_library.h     2023-02-28 
21:57:55.000000000 +0100
@@ -50,7 +50,7 @@
 
 #define TPM_LIBRARY_VER_MAJOR 0
 #define TPM_LIBRARY_VER_MINOR 9
-#define TPM_LIBRARY_VER_MICRO 5
+#define TPM_LIBRARY_VER_MICRO 6
 
 #define TPM_LIBRARY_VERSION_GEN(MAJ, MIN, MICRO) \
     (( MAJ << 16 ) | ( MIN << 8 ) | ( MICRO ))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/libtpms-0.9.5/src/tpm2/CryptUtil.c 
new/libtpms-0.9.6/src/tpm2/CryptUtil.c
--- old/libtpms-0.9.5/src/tpm2/CryptUtil.c      2022-07-01 17:36:16.000000000 
+0200
+++ new/libtpms-0.9.6/src/tpm2/CryptUtil.c      2023-02-28 21:57:55.000000000 
+0100
@@ -830,6 +830,10 @@
                          + sizeof(session->sessionKey.t.buffer)));
     TPM2B_HMAC_KEY          key;            // decryption key
     UINT32                  cipherSize = 0; // size of cipher text
+
+    if (leadingSizeInByte > bufferSize)
+       return TPM_RC_INSUFFICIENT;
+
     // Retrieve encrypted data size.
     if(leadingSizeInByte == 2)
        {
@@ -837,6 +841,7 @@
            // data to be decrypted
            cipherSize = (UINT32)BYTE_ARRAY_TO_UINT16(buffer);
            buffer = &buffer[2];   // advance the buffer
+           bufferSize -= 2;
        }
 #ifdef  TPM4B
     else if(leadingSizeInByte == 4)
@@ -844,6 +849,7 @@
            // the leading size is four bytes so get the four byte size field
            cipherSize = BYTE_ARRAY_TO_UINT32(buffer);
            buffer = &buffer[4];   //advance pointer
+           bufferSize -= 4;
        }
 #endif
     else

commit libtpms for openSUSE:Factory

Reply via email to