From 4a36a3f72775931f41265fae15eb53301a5e74fe Mon Sep 17 00:00:00 2001 From: Stefan Berger Date: Thu, 5 Mar 2026 10:57:28 -0500 Subject: [PATCH 1/2] build-sys: Build libtpms v0.10.3 Signed-off-by: Stefan Berger --- configure.ac | 2 +- dist/libtpms.spec | 2 +- include/libtpms/tpm_library.h | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index b19db106f..bd39d8d8b 100644 --- a/configure.ac +++ b/configure.ac @@ -3,7 +3,7 @@ # # See the LICENSE file for the license associated with this file. -AC_INIT([libtpms],[0.10.2]) +AC_INIT([libtpms],[0.10.3]) AC_PREREQ([2.69]) AC_CONFIG_SRCDIR(Makefile.am) AC_CONFIG_AUX_DIR([.]) diff --git a/dist/libtpms.spec b/dist/libtpms.spec index 68dc47106..7b91b2921 100644 --- a/dist/libtpms.spec +++ b/dist/libtpms.spec @@ -1,7 +1,7 @@ # --- libtpm rpm-spec --- %define name libtpms -%define version 0.10.2 +%define version 0.10.3 %define release 0~dev1 # Valid crypto subsystems are 'freebl' and 'openssl' diff --git a/include/libtpms/tpm_library.h b/include/libtpms/tpm_library.h index 2619d44b4..75b0cede3 100644 --- a/include/libtpms/tpm_library.h +++ b/include/libtpms/tpm_library.h @@ -50,7 +50,7 @@ extern "C" { #define TPM_LIBRARY_VER_MAJOR 0 #define TPM_LIBRARY_VER_MINOR 10 -#define TPM_LIBRARY_VER_MICRO 2 +#define TPM_LIBRARY_VER_MICRO 3 #define TPM_LIBRARY_VERSION_GEN(MAJ, MIN, MICRO) \ (( MAJ << 16 ) | ( MIN << 8 ) | ( MICRO )) From ac4fe5797e5be7813cb3635a3dff73b1229ba716 Mon Sep 17 00:00:00 2001 From: Stefan Berger Date: Thu, 5 Mar 2026 10:15:19 -0500 Subject: [PATCH 2/2] tpm2: Limit array_size to current size of array (ppList/auditCommands) (BUGFIX) The current libtpms v0.10.2 does not accept a TPM 2 state that was written with a more recent version of libtpms if the sizes of ppList and/or auditCommands increased. Remove the asserts that trigger state reading failures and limit array_size to the sizeof(data->ppList) and sizeof(data->auditCommands) respectively . More recent versions of libtpms, if they support more TPM 2 commands, will extend these arrays but those new commands will not be usable by older versions of libtpms (via profile and StateFormatLevel) and can therefore be ignored by truncating those arrays. Signed-off-by: Stefan Berger --- src/tpm2/NVMarshal.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/tpm2/NVMarshal.c b/src/tpm2/NVMarshal.c index 122d4dff0..781a5e57b 100644 --- a/src/tpm2/NVMarshal.c +++ b/src/tpm2/NVMarshal.c @@ -4157,8 +4157,11 @@ PERSISTENT_DATA_PPList_Unmarshal(PERSISTENT_DATA *data, BYTE **buffer, INT32 *si rc = ConvertFromCompressedBitArray(buf, array_size, data->ppList, sizeof(data->ppList)); } else { + /* later versions of libtpms may write bigger arrays - truncate them */ + if (array_size > sizeof(data->ppList)) + array_size = sizeof(data->ppList); + memset(data->ppList, 0, sizeof(data->ppList)); - assert(array_size <= sizeof(data->ppList)); memcpy(data->ppList, buf, array_size); } } @@ -4220,8 +4223,11 @@ PERSISTENT_DATA_AuditCommands_Unmarshal(PERSISTENT_DATA *data, BYTE **buffer, IN rc = ConvertFromCompressedBitArray(buf, array_size, data->auditCommands, sizeof(data->auditCommands)); } else { + /* later versions of libtpms may write bigger arrays - truncate them */ + if (array_size > sizeof(data->auditCommands)) + array_size = sizeof(data->auditCommands); + memset(data->auditCommands, 0, sizeof(data->auditCommands)); - assert(array_size <= sizeof(data->auditCommands)); memcpy(data->auditCommands, buf, array_size); } }