Accepting request 1069040 from home:schubi2

Update to version 1.1.4

OBS-URL: https://build.opensuse.org/request/show/1069040
OBS-URL: https://build.opensuse.org/package/show/security/fdo-client?expand=0&rev=3

_service

@@ -2,7 +2,7 @@
   <service name="tar_scm" mode="disabled">
     <param name="version">1.0.0</param>
     <param name="versionformat">1.0.0+git%cd.%h</param>
-    <param name="url">git://github.com/intel/safestringlib.git</param>
+    <param name="url">git@github.com:intel/safestringlib.git</param>
     <param name="revision">v1.0.0</param>
     <param name="scm">git</param>
     <param name="changesgenerate">enable</param>
@@ -16,10 +16,10 @@
     <param name="changesgenerate">enable</param>
   </service>  
   <service name="tar_scm" mode="disabled">
-    <param name="version">1.0.0</param>
-    <param name="versionformat">1.0.0+git%cd.%h</param>
+    <param name="version">1.1.4</param>
+    <param name="versionformat">1.1.4+git%cd.%h</param>
     <param name="url">git@github.com:secure-device-onboard/client-sdk-fidoiot.git</param>
-    <param name="revision">v1.0.0</param>
+    <param name="revision">v1.1.4</param>
     <param name="scm">git</param>
     <param name="filename">fdo-client</param>
     <param name="changesgenerate">enable</param>

_servicedata

@@ -9,6 +9,8 @@
  </service> 
   <service name="tar_scm">
     <param name="url">git@github.com:secure-device-onboard/client-sdk-fidoiot.git</param>
-    <param name="changesrevision">baa09b537ddbb4ce9fdf289ad55e885526d045ec</param>
+    <param name="changesrevision">c8ef7576afa1b250ff9460b519238f32711ef175</param>
  </service> 
-</servicedata>
+<service name="tar_scm">
+                <param name="url">git@github.com:intel/safestringlib.git</param>
+              <param name="changesrevision">5da1badd337e68c1334fb232c778166f46f6d9f9</param></service></servicedata>

build.patch

@@ -1,6 +1,5 @@
-diff -u a/blob_path.cmake b/blob_path.cmake
---- a/cmake/blob_path.cmake	2021-10-14 22:02:06.855474972 +0200
-+++ b/cmake/blob_path.cmake	2021-10-14 22:19:21.969170219 +0200
+--- org/cmake/blob_path.cmake	2022-12-09 09:44:34.000000000 +0100
++++ patch/cmake/blob_path.cmake	2023-03-02 14:51:38.637622177 +0100
 @@ -7,17 +7,18 @@
  # Note all blobs and data will be made relative.
  # if absoulte is needed declare BLOB_PATH on CLI
@@ -8,12 +7,12 @@ diff -u a/blob_path.cmake b/blob_path.cmake
 +# RO_BLOB_PATH=<path> is for data which does not need write access
  
  if(TARGET_OS MATCHES linux)
-   
+ 
    client_sdk_compile_definitions(
 -    -DSERIAL_FILE=\"${BLOB_PATH}/data/manufacturer_sn.bin\"
 -    -DMODEL_FILE=\"${BLOB_PATH}/data/manufacturer_mod.bin\"
 +    -DSERIAL_FILE=\"${RO_BLOB_PATH}/data/manufacturer_sn.bin\"
-+    -DMODEL_FILE=\"${RO_BLOB_PATH}/data/manufacturer_mod.bin\"
++    -DMODEL_FILE=\"${RO_BLOB_PATH}/data/manufacturer_mod.bin\"    
      -DPLATFORM_IV=\"${BLOB_PATH}/data/platform_iv.bin\"
      -DPLATFORM_HMAC_KEY=\"${BLOB_PATH}/data/platform_hmac_key.bin\"
      -DPLATFORM_AES_KEY=\"${BLOB_PATH}/data/platform_aes_key.bin\"
@@ -99,7 +98,7 @@ diff -u a/blob_path.cmake b/blob_path.cmake
  	)
        if (${DA_FILE} MATCHES pem)
  	client_sdk_compile_definitions(
-@@ -164,10 +165,10 @@
+@@ -164,9 +165,9 @@
  # Configure if needed at a later point
  # configure_file(${BLOB_PATH}/data/Normal.blob NEWLINE_STYLE DOS)
  
@@ -109,19 +108,15 @@ diff -u a/blob_path.cmake b/blob_path.cmake
 -file(WRITE ${BLOB_PATH}/data/Normal.blob "")
 -file(WRITE ${BLOB_PATH}/data/Secure.blob "")
 -file(WRITE ${BLOB_PATH}/data/raw.blob "")
--file(WRITE ${BLOB_PATH}/data/max_serviceinfo_sz.bin "")
 +file(WRITE ./data/platform_iv.bin "")
 +file(WRITE ./data/platform_hmac_key.bin "")
 +file(WRITE ./data/platform_aes_key.bin "")
 +file(WRITE ./data/Normal.blob "")
 +file(WRITE ./data/Secure.blob "")
 +file(WRITE ./data/raw.blob "")
-+file(WRITE ./data/max_serviceinfo_sz.bin "")
-Nur in b: blob_path.cmake~.
-diff -u a/cli_input.cmake b/cli_input.cmake
---- a/cmake/cli_input.cmake	2021-10-14 22:24:53.078959088 +0200
-+++ b/cmake/cli_input.cmake	2021-10-14 22:26:36.187516122 +0200
-@@ -24,6 +24,7 @@
+--- org/cmake/cli_input.cmake	2022-12-09 09:44:34.000000000 +0100
++++ patch/cmake/cli_input.cmake	2023-03-02 14:56:02.036016802 +0100
+@@ -25,6 +25,7 @@
  set (STORAGE true)
  set (BOARD NUCLEO_F767ZI)
  set (BLOB_PATH .)
@@ -129,7 +124,7 @@ diff -u a/cli_input.cmake b/cli_input.cmake
  set (TPM2_TCTI_TYPE tabrmd)
  set (RESALE true)
  set (REUSE true)
-@@ -501,6 +502,36 @@
+@@ -530,6 +531,37 @@
  message("Selected BLOB_PATH ${BLOB_PATH}")
  
  ###########################################
@@ -162,8 +157,8 @@ diff -u a/cli_input.cmake b/cli_input.cmake
 +set(CACHED_RO_BLOB_PATH ${RO_BLOB_PATH} CACHE STRING "Selected RO_BLOB_PATH")
 +message("Selected RO_BLOB_PATH ${RO_BLOB_PATH}")
 +
++
 +###########################################
  # FOR WIFI_SSID
  get_property(cached_wifi_ssid_value CACHE WIFI_SSID PROPERTY VALUE)
  
-Nur in b: cli_input.cmake~.

fdo-client-1.0.0+git20210816.baa09b5.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f35493ad6470003d707834b11614296300f578163c474c7219a9aa4eff82b3c0
-size 255368

fdo-client.changes

@@ -1,5 +1,62 @@
+-------------------------------------------------------------------
+Thu Mar 02 11:38:56 UTC 2023 - schubi@suse.com
+
+- Update to version 1.1.4+git20221209.c8ef757:
+  * Readme update (#210)
+  * Updating the readme with openssl 1.1.1s (#209)
+  * Fix TO when IP/RV is empty string (#208)
+  * * Replaced unsafe string function (#207)
+  * Increase max message buffer size to 64000 (#205)
+  * Update Curl version as 7.86 in Readme (#206)
+  * Readme updates (#204)
+  * Minimal logs by default (compile time) (#203)
+  * Revert openssl3 (#201)
+  * Update HTTPS connection to use TLS 1.2 (#196)
+  * Openssl 3 porting (#194)
+  * Add curl support for HTTP connection (#195)
+  * Update NOTICE file (#192)
+  * Add CURL support for HTTPS connection (#188)
+  * Readme update for installing safestringlib (#191)
+  * Updating the readme with openssl 1.1.1q (#187)
+  * switch to host.docker.internal (#185)
+  * Fix to enable compilation of CSDK in ubuntu 22 (#183)
+  * Fix TO when IP is NULL (#184)
+  * Update EAT-UEID value as per FIDO working draft specification (#180)
+  * Revert "Update EAT-UEID value as per FIDO working draft specification (#178)" (#179)
+  * Update EAT-UEID value as per FIDO working draft specification (#178)
+  * Updating comments in fdonet.c (#177)
+  * Upgrade OpenSSL toolkit version to 1.1.1n (#176)
+  * Documentation updates (#175)
+  * Add a note regarding fdosys issue (#174)
+  * Update Jenkinsfile to copy PRI artifacts from master (#173)
+  * Merging 1.1 dev branch to master. (#172)
+  * Fix multiple owner support for CSDK devices. (#167)
+  * Fix: fdo_sys:exec_cb/exec not working after initial fdo_sys:exec (#166)
+  * Add implementation for fdo_sys keep-alive (#165)
+  * Fix an issue with keeping in-memory Mfg PublicKey hash (#164)
+  * Update/Tweak Device Status and Cred management (#163)
+  * Updating EAT IANA numbers as per spec ERRATA (#160)
+  * Updating Device ServiceInfo framework to handle writes (#162)
+  * Add TPM support on RHEL (#161)
+  * Update README for RHEL support (#159)
+  * Remove disclaimer from README (#158)
+
+-------------------------------------------------------------------
+Thu Mar 02 11:37:36 UTC 2023 - schubi@suse.com
+
+- Update to version 1.0.0+git20171208.5da1bad:
+  * Use secure functions where appropriate
+  * Added extern definition
+  * Fix Klocwork Errors
+  * Fix output
+  * Fix Core Dump in Unit Test
+  * Add Makefile
+  * publish unit tests
+  * strpcpu_s: remove unsed redundant variable overlap_bumper
+  * Update LICENSE&COPYING.txt
+
 -------------------------------------------------------------------
 Fri Oct 15 17:39:31 UTC 2021 - Stefan Schubert <schubi@suse.de>
 
 - This is the successor of sdo-client
-  EPIC: SLE/SLE-22946
+  EPIC: SLE/SLE-22946

fdo-client.spec

@@ -17,7 +17,7 @@
 
 
 Name:           fdo-client
-Version:        1.0.0+git20210816.baa09b5
+Version:        1.1.4+git20221209.c8ef757
 Release:        0
 Summary:        FIDO Device Onboard Client
 License:        Apache-2.0
@@ -32,11 +32,11 @@ Source5:        README
 Patch0:         build.patch
 Patch1:         gcc.patch
 Requires:       openssl
-Obsoletes:      sdo-client
 BuildRequires:  cmake
 BuildRequires:  vim
 BuildRequires:  gcc-c++
 BuildRequires:  libopenssl-devel
+BuildRequires:  libcurl-devel
 %{?systemd_ordering}
 
 %description

gcc.patch

@@ -1,171 +1,37 @@
---- org/lib/fdoprotctx.c	2021-10-18 21:51:23.914574062 +0200
-+++ patch/lib/fdoprotctx.c	2021-10-18 21:49:40.170002557 +0200
-@@ -118,8 +118,11 @@
+--- org/network/network_if_linux.c	2022-12-09 09:44:34.000000000 +0100
++++ patch/network/network_if_linux.c	2023-03-02 16:05:07.625074915 +0100
+@@ -246,7 +246,7 @@
+ 		goto err;
+ 	}
  
- 	switch (prot_ctx->protdata->state) {
- 	case FDO_STATE_DI_APP_START: /* type 10 */
--		ATTRIBUTE_FALLTHROUGH;
-+		{
-+			ATTRIBUTE_FALLTHROUGH;
-+		}
- 	case FDO_STATE_DI_SET_CREDENTIALS: /* type 11 */
-+		{
- 		if (prot_ctx->host_dns) {
- 			if (prot_ctx->resolved_ip) {
- 				fdo_free(prot_ctx->resolved_ip);
-@@ -133,9 +136,12 @@
- 				break;
- 			}
+-	if (ip_addr->addr) {
++	if (ip_addr->length > 0) {
+ 		ip_ascii = fdo_alloc(IP_TAG_LEN);
+ 		if (!ip_ascii) {
+ 			goto err;
+@@ -331,7 +331,7 @@
  		}
--		ATTRIBUTE_FALLTHROUGH;
-+			ATTRIBUTE_FALLTHROUGH;
-+		}
- 	case FDO_STATE_DI_SET_HMAC: /* type 12 */
--		ATTRIBUTE_FALLTHROUGH;
-+		{
-+			ATTRIBUTE_FALLTHROUGH;
-+		}
- 	case FDO_STATE_DI_DONE: /* type 13 */
- 		ret = connect_to_manufacturer(
- 			      prot_ctx->resolved_ip ? prot_ctx->resolved_ip : prot_ctx->host_ip,
-@@ -144,24 +150,30 @@
- 			      (prot_ctx->tls ? &prot_ctx->ssl : NULL));
- 		break;
- 	case FDO_STATE_T01_SND_HELLO_FDO: /* type 30 */
--		ATTRIBUTE_FALLTHROUGH;
-+		{
-+			ATTRIBUTE_FALLTHROUGH;
-+		}
- 	case FDO_STATE_TO1_RCV_HELLO_FDOACK: /* type 31 */
--		if (prot_ctx->host_dns) {
--			if (prot_ctx->resolved_ip) {
--				fdo_free(prot_ctx->resolved_ip);
--			}
--			if (!resolve_dn(prot_ctx->host_dns,
--					&prot_ctx->resolved_ip,
--					prot_ctx->host_port,
--					(prot_ctx->tls ? &prot_ctx->ssl : NULL),
--					is_rv_proxy_defined())) {
--				ret = false;
--				fdo_free(prot_ctx->resolved_ip);
-+		{
-+			if (prot_ctx->host_dns) {
-+				if (prot_ctx->resolved_ip) {
-+					fdo_free(prot_ctx->resolved_ip);
-+				}
-+				if (!resolve_dn(prot_ctx->host_dns,
-+						&prot_ctx->resolved_ip,
-+						prot_ctx->host_port,
-+						(prot_ctx->tls ? &prot_ctx->ssl : NULL),
-+						is_rv_proxy_defined())) {
-+					ret = false;
-+					fdo_free(prot_ctx->resolved_ip);
-+				}
- 			}
-+			ATTRIBUTE_FALLTHROUGH;
- 		}
--		ATTRIBUTE_FALLTHROUGH;
- 	case FDO_STATE_TO1_SND_PROVE_TO_FDO: /* type 32 */
--		ATTRIBUTE_FALLTHROUGH;
-+		{
-+			ATTRIBUTE_FALLTHROUGH;
-+		}
- 	case FDO_STATE_TO1_RCV_FDO_REDIRECT: /* type 33 */
- 		// try DNS's resolved IP first, if it fails, try given IP address
- 		ret = connect_to_rendezvous(
-@@ -174,40 +186,62 @@
- 		}
- 		break;
- 	case FDO_STATE_T02_SND_HELLO_DEVICE: /* type 60 */
--		ATTRIBUTE_FALLTHROUGH;
-+		{	
-+			ATTRIBUTE_FALLTHROUGH;
-+		}
- 	case FDO_STATE_TO2_RCV_PROVE_OVHDR: /* type 61 */
--		if (prot_ctx->host_dns) {
--			if (prot_ctx->resolved_ip) {
--				fdo_free(prot_ctx->resolved_ip);
--			}
--			if (!resolve_dn(prot_ctx->host_dns,
--					&prot_ctx->resolved_ip,
--					prot_ctx->host_port,
--					(prot_ctx->tls ? &prot_ctx->ssl : NULL),
--					is_owner_proxy_defined())) {
--				ret = false;
--				fdo_free(prot_ctx->resolved_ip);
-+		{
-+			if (prot_ctx->host_dns) {
-+				if (prot_ctx->resolved_ip) {
-+					fdo_free(prot_ctx->resolved_ip);
-+				}
-+				if (!resolve_dn(prot_ctx->host_dns,
-+						&prot_ctx->resolved_ip,
-+						prot_ctx->host_port,
-+						(prot_ctx->tls ? &prot_ctx->ssl : NULL),
-+						is_owner_proxy_defined())) {
-+					ret = false;
-+					fdo_free(prot_ctx->resolved_ip);
-+				}
- 			}
-+			ATTRIBUTE_FALLTHROUGH;
- 		}
--		ATTRIBUTE_FALLTHROUGH;
- 	case FDO_STATE_TO2_SND_GET_OP_NEXT_ENTRY: /* type 62 */
--		ATTRIBUTE_FALLTHROUGH;
-+ 		{
-+			ATTRIBUTE_FALLTHROUGH;
-+		}
- 	case FDO_STATE_T02_RCV_OP_NEXT_ENTRY: /* type 63 */
--		ATTRIBUTE_FALLTHROUGH;
-+		{
-+			ATTRIBUTE_FALLTHROUGH;
-+		}
- 	case FDO_STATE_TO2_SND_PROVE_DEVICE: /* type 64 */
--		ATTRIBUTE_FALLTHROUGH;
-+		{
-+			ATTRIBUTE_FALLTHROUGH;
-+		}
- 	case FDO_STATE_TO2_RCV_GET_NEXT_DEVICE_SERVICE_INFO: /* type 65 */
--		ATTRIBUTE_FALLTHROUGH;
-+		{
-+			ATTRIBUTE_FALLTHROUGH;
-+		}
- 	case FDO_STATE_TO2_SND_NEXT_DEVICE_SERVICE_INFO: /* type 66 */
--		ATTRIBUTE_FALLTHROUGH;
-+		{
-+			ATTRIBUTE_FALLTHROUGH;
-+		}
- 	case FDO_STATE_TO2_RCV_SETUP_DEVICE: /* type 67 */
--		ATTRIBUTE_FALLTHROUGH;
-+		{
-+			ATTRIBUTE_FALLTHROUGH;
-+		}
- 	case FDO_STATE_T02_SND_GET_NEXT_OWNER_SERVICE_INFO: /* type 68 */
--		ATTRIBUTE_FALLTHROUGH;
-+		{
-+			ATTRIBUTE_FALLTHROUGH;
-+		}
- 	case FDO_STATE_T02_RCV_NEXT_OWNER_SERVICE_INFO: /* type 69 */
--		ATTRIBUTE_FALLTHROUGH;
-+		{
-+			ATTRIBUTE_FALLTHROUGH;
-+		}
- 	case FDO_STATE_TO2_SND_DONE: /* type 70 */
--		ATTRIBUTE_FALLTHROUGH;
-+		{
-+			ATTRIBUTE_FALLTHROUGH;
-+		}
- 	case FDO_STATE_TO2_RCV_DONE_2: /* type 71 */
- 		// try DNS's resolved IP first, if it fails, try given IP address
- 		ret = connect_to_owner(prot_ctx->resolved_ip, prot_ctx->host_port,
---- org/lib/credentials_from_file.c	2021-10-18 22:19:33.447783075 +0200
-+++ patch/lib/credentials_from_file.c	2021-10-18 22:19:20.143711330 +0200
-@@ -228,8 +228,6 @@
+ 	}
+ 
+-	if (ip_addr->addr) {
++	if (ip_addr->length > 0) {
+ 		ip_ascii = fdo_alloc(IP_TAG_LEN);
+ 		if (!ip_ascii) {
+ 			goto err;
+--- org/lib/credentials_from_file.c	2022-12-09 09:44:34.000000000 +0100
++++ patch/lib/credentials_from_file.c	2023-03-02 16:34:46.597314561 +0100
+@@ -231,7 +231,6 @@
  		return true;
  	}
  
 -	LOG(LOG_DEBUG, "Reading DeviceCredential blob of length %"PRIu64"\n", dev_cred_len);
--
+ 
  	fdor = fdo_alloc(sizeof(fdor_t));
  	if (!fdor || !fdor_init(fdor) || !fdo_block_alloc_with_size(&fdor->b, dev_cred_len)) {
- 		LOG(LOG_ERROR, "FDOR Initialization/Allocation failed!\n");
+@@ -531,4 +530,4 @@
+ 		return true;
+ 	}
+ 	return false;
+-}
+\ Kein Zeilenumbruch am Dateiende.
++}