Adding debian version 0.9.2-3.1.debian/0.9.2-3.1debian

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

6 files changed, 135 insertions, 0 deletions

diff --git a/debian/patches/0003-set-man-page-date-to-last-changelog.patch b/debian/patches/0003-set-man-page-date-to-last-changelog.patch
new file mode 100644
index 0000000..39d4a19
--- /dev/null
+++ b/debian/patches/0003-set-man-page-date-to-last-changelog.patch
@@ -0,0 +1,20 @@
+Description: Set the date of man pages to the last changelog entry.
+Forwarded: not-needed
+
+--- a/man/man3/Makefile.am
++++ b/man/man3/Makefile.am
+@@ -55,11 +55,14 @@
+ 	TPM_Malloc.3
+ 
+ man3_MANS += $(man3_MANS_generated)
++BUILD_DATE ?= $$(dpkg-parsechangelog -S Date -l../../debian/changelog)
++PODDATE = $$(date -u "+%Y-%m-%d" -d "$(BUILD_DATE)")
+ 
+ %.3 : %.pod
+ 	@pod2man -r "libtpms" \
+ 		-c "" \
+ 		-n $(basename $@) \
++		--date="$(PODDATE)" \
+ 		--section=3 $< > $@
+ 
+ EXTRA_DIST = $(man3_MANS) $(man3_PODS)
diff --git a/debian/patches/0004-fix-ftbfs-bug.patch b/debian/patches/0004-fix-ftbfs-bug.patch
new file mode 100644
index 0000000..a8e456b
--- /dev/null
+++ b/debian/patches/0004-fix-ftbfs-bug.patch
@@ -0,0 +1,14 @@
+Description: Fix FTBFS caused by the incomplete condition.
+Forwarded: not-needed
+
+--- a/src/tpm2/NVDynamic.c
++++ b/src/tpm2/NVDynamic.c
+@@ -122,7 +122,7 @@
+ 	    if(HandleGetType(nvHandle) == type)
+ 		break;
+ 	}
+-    if(handle != NULL)
++    if((handle != NULL) && (addr != 0))
+ 	*handle = nvHandle;
+     return addr;
+ }
diff --git a/debian/patches/do_not_inline_makeiv.patch b/debian/patches/do_not_inline_makeiv.patch
new file mode 100644
index 0000000..393e2ac
--- /dev/null
+++ b/debian/patches/do_not_inline_makeiv.patch
@@ -0,0 +1,20 @@
+Do not inline MakeIV due toppc64 compiler issue
+
+The ppc64 gcc compiler has an issue with MakeIv.
+
+---
+ src/tpm2/AlgorithmTests.c |    3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/src/tpm2/AlgorithmTests.c
++++ b/src/tpm2/AlgorithmTests.c
+@@ -179,6 +179,9 @@
+ /* 10.2.1.4.1 MakeIv() */
+ /* Internal function to make the appropriate IV depending on the mode. */
+ static UINT32
++#if defined(__powerpc64__)
++__attribute__((noinline))
++#endif
+ MakeIv(
+        TPM_ALG_ID    mode,     // IN: symmetric mode
+        UINT32        size,     // IN: block size of the algorithm
diff --git a/debian/patches/no_local_check.patch b/debian/patches/no_local_check.patch
new file mode 100644
index 0000000..c7f461e
--- /dev/null
+++ b/debian/patches/no_local_check.patch
@@ -0,0 +1,21 @@
+Do not run check-local due to bug in ppc64 gcc on Jammy
+
+ppc64 gcc has a bug causing issued in check-local.
+Therefore, do not run check-local while ppc64 gcc is broken
+on Ubuntu Jammy.
+
+---
+ src/Makefile.am |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -599,7 +599,7 @@
+ LDFLAGS_ARCH += $(findstring -m64, $(AM_LDFLAGS))
+ 
+ check-local: SHELL?="/usr/bin/env bash"
+-check-local:
++NO-check-local:
+ 	@case $(host_os) in \
+ 	  openbsd*) ADDLIBS="-lc" ;; \
+ 	  darwin*|freebsd*) LDFLAGS_OS="-shared" ;; \
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..1f4b815
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1,5 @@
+0003-set-man-page-date-to-last-changelog.patch
+0004-fix-ftbfs-bug.patch
+do_not_inline_makeiv.patch
+no_local_check.patch
+tpm2-Check-size-of-buffer-before-accessing-it-CVE-20.patch
diff --git a/debian/patches/tpm2-Check-size-of-buffer-before-accessing-it-CVE-20.patch b/debian/patches/tpm2-Check-size-of-buffer-before-accessing-it-CVE-20.patch
new file mode 100644
index 0000000..89fef6a
--- /dev/null
+++ b/debian/patches/tpm2-Check-size-of-buffer-before-accessing-it-CVE-20.patch
@@ -0,0 +1,55 @@
+From: Stefan Berger <stefanb@linux.ibm.com>
+Date: Mon, 20 Feb 2023 14:41:10 -0500
+Subject: tpm2: Check size of buffer before accessing it (CVE-2023-1017 &
+ -1018)
+Origin: https://github.com/stefanberger/libtpms/commit/324dbb4c27ae789c73b69dbf4611242267919dd4
+Bug-Debian: https://bugs.debian.org/1032420
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2023-1018
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2023-1017
+
+Check that there are sufficient bytes in the buffer before reading the
+cipherSize from it. Also, reduce the bufferSize variable by the number
+of bytes that make up the cipherSize to avoid reading and writing bytes
+beyond the buffer in subsequent steps that do in-place decryption.
+
+This fixes CVE-2023-1017 & CVE-2023-1018.
+
+Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
+---
+ src/tpm2/CryptUtil.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/tpm2/CryptUtil.c b/src/tpm2/CryptUtil.c
+index 002fde0987a9..8fae5b6903ca 100644
+--- a/src/tpm2/CryptUtil.c
++++ b/src/tpm2/CryptUtil.c
+@@ -830,6 +830,10 @@ CryptParameterDecryption(
+ 			  + sizeof(session->sessionKey.t.buffer)));
+     TPM2B_HMAC_KEY          key;            // decryption key
+     UINT32                  cipherSize = 0; // size of cipher text
++
++    if (leadingSizeInByte > bufferSize)
++	return TPM_RC_INSUFFICIENT;
++
+     // Retrieve encrypted data size.
+     if(leadingSizeInByte == 2)
+ 	{
+@@ -837,6 +841,7 @@ CryptParameterDecryption(
+ 	    // data to be decrypted
+ 	    cipherSize = (UINT32)BYTE_ARRAY_TO_UINT16(buffer);
+ 	    buffer = &buffer[2];   // advance the buffer
++	    bufferSize -= 2;
+ 	}
+ #ifdef  TPM4B
+     else if(leadingSizeInByte == 4)
+@@ -844,6 +849,7 @@ CryptParameterDecryption(
+ 	    // the leading size is four bytes so get the four byte size field
+ 	    cipherSize = BYTE_ARRAY_TO_UINT32(buffer);
+ 	    buffer = &buffer[4];   //advance pointer
++	    bufferSize -= 4;
+ 	}
+ #endif
+     else
+-- 
+2.39.2
+