From 734d58e171d2961376e3797e9729e286a0adf28c4ffeb81e38692cc943036e46 Mon Sep 17 00:00:00 2001 From: Michal Suchanek Date: Tue, 26 Jan 2021 11:19:30 +0000 Subject: [PATCH] Accepting request 866786 from home:pevik:branches:security - Update to upstream version 1.6.0 - Drop patches from this release - ibmtss-certifyx509-Fix-uninitialized-variable.patch - ibmtss-fix-dsa-regression.patch OBS-URL: https://build.opensuse.org/request/show/866786 OBS-URL: https://build.opensuse.org/package/show/security/ibmtss?expand=0&rev=39 --- ...rtifyx509-Fix-uninitialized-variable.patch | 11 - ibmtss-fix-dsa-regression.patch | 233 ------------------ ibmtss.changes | 8 + ibmtss.spec | 8 +- ibmtss1.5.0.tar.gz | 3 - ibmtss1.6.0.tar.gz | 3 + 6 files changed, 14 insertions(+), 252 deletions(-) delete mode 100644 ibmtss-certifyx509-Fix-uninitialized-variable.patch delete mode 100644 ibmtss-fix-dsa-regression.patch delete mode 100644 ibmtss1.5.0.tar.gz create mode 100644 ibmtss1.6.0.tar.gz diff --git a/ibmtss-certifyx509-Fix-uninitialized-variable.patch b/ibmtss-certifyx509-Fix-uninitialized-variable.patch deleted file mode 100644 index a9ce78a..0000000 --- a/ibmtss-certifyx509-Fix-uninitialized-variable.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/utils/certifyx509.c 2020-05-14 20:44:20.000000000 +0200 -+++ b/utils/certifyx509.c 2020-08-17 18:36:52.842956894 +0200 -@@ -137,7 +137,7 @@ - TPMI_DH_OBJECT objectHandle = 0; - TPMI_DH_OBJECT signHandle = 0; - unsigned int algCount = 0; -- TPMI_ALG_SIG_SCHEME scheme; -+ TPMI_ALG_SIG_SCHEME scheme = TPM_ALG_ERROR; - TPMI_RSA_KEY_BITS keyBits = 0; - TPMI_ECC_CURVE curveID = 0; - TPMI_ALG_HASH halg = TPM_ALG_SHA256; diff --git a/ibmtss-fix-dsa-regression.patch b/ibmtss-fix-dsa-regression.patch deleted file mode 100644 index bb5f3e1..0000000 --- a/ibmtss-fix-dsa-regression.patch +++ /dev/null @@ -1,233 +0,0 @@ -This can be fixed by checking first to see if -rsa appears on its own -(either as the last option or followed by another option beginning -with '-') and if it does assuming the default value of 2048 for -keyBits. If a non options follows, parse it as a number which keeps -backwards compatibility with versions before 1.5 while still allowing -expanded rsa key sizes to be specified. - -Signed-off-by: James Bottomley ---- - utils/certifyx509.c | 8 ++----- - utils/create.c | 8 ++----- - utils/createek.c | 46 +++++++++++++++++++---------------------- - utils/createekcert.c | 42 +++++++++++++++++-------------------- - utils/createloaded.c | 8 ++----- - utils/createprimary.c | 8 ++----- - utils/objecttemplates.c | 2 +- - 7 files changed, 49 insertions(+), 73 deletions(-) - -diff --git a/utils/certifyx509.c b/utils/certifyx509.c -index 2b763eb..3eabc45 100644 ---- a/utils/certifyx509.c -+++ b/utils/certifyx509.c -@@ -233,14 +233,10 @@ int main(int argc, char *argv[]) - else if (strcmp(argv[i], "-rsa") == 0) { - scheme = TPM_ALG_RSASSA; - algCount++; -- i++; -- if (i < argc) { -+ if (i + 1 < argc && argv[i+1][0] != '-') { -+ i++; - sscanf(argv[i],"%hu", &keyBits); - } -- else { -- printf("Missing keysize parameter for -rsa\n"); -- printUsage(); -- } - } - else if (strcmp(argv[i], "-ecc") == 0) { - scheme = TPM_ALG_ECDSA; -diff --git a/utils/create.c b/utils/create.c -index f1be83d..a707f2f 100644 ---- a/utils/create.c -+++ b/utils/create.c -@@ -173,14 +173,10 @@ int main(int argc, char *argv[]) - } - else if (strcmp(argv[i], "-rsa") == 0) { - algPublic = TPM_ALG_RSA; -- i++; -- if (i < argc) { -+ if (i + 1 < argc && argv[i+1][0] != '-') { -+ i++; - sscanf(argv[i],"%hu", &keyBits); - } -- else { -- printf("Missing parameter for -rsa\n"); -- printUsage(); -- } - } - else if (strcmp(argv[i], "-ecc") == 0) { - algPublic = TPM_ALG_ECC; -diff --git a/utils/createek.c b/utils/createek.c -index 602d9ce..f561f78 100644 ---- a/utils/createek.c -+++ b/utils/createek.c -@@ -196,33 +196,29 @@ int main(int argc, char *argv[]) - else if (strcmp(argv[i], "-rsa") == 0) { - algPublic = TPM_ALG_RSA; - algCount++; -- i++; -- if (i < argc) { -+ if (i + 1 < argc && argv[i+1][0] != '-') { -+ i++; - sscanf(argv[i],"%hu", &keyBits); -- switch (keyBits) { -- case 2048: -- if (range == LowRange) { -- ekCertIndex = EK_CERT_RSA_INDEX; -- ekNonceIndex = EK_NONCE_RSA_INDEX; -- ekTemplateIndex = EK_TEMPLATE_RSA_INDEX; -- } -- else { /* high range */ -- ekCertIndex = EK_CERT_RSA_2048_INDEX_H1; -- } -- break; -- case 3072: -- ekCertIndex = EK_CERT_RSA_3072_INDEX_H6; -- break; -- case 4096: -- ekCertIndex = EK_CERT_RSA_4096_INDEX_H7; -- break; -- default: -- printf("Bad key size %s for -rsa\n", argv[i]); -- printUsage(); -- } - } -- else { -- printf("Missing keysize parameter for -rsa\n"); -+ switch (keyBits) { -+ case 2048: -+ if (range == LowRange) { -+ ekCertIndex = EK_CERT_RSA_INDEX; -+ ekNonceIndex = EK_NONCE_RSA_INDEX; -+ ekTemplateIndex = EK_TEMPLATE_RSA_INDEX; -+ } -+ else { /* high range */ -+ ekCertIndex = EK_CERT_RSA_2048_INDEX_H1; -+ } -+ break; -+ case 3072: -+ ekCertIndex = EK_CERT_RSA_3072_INDEX_H6; -+ break; -+ case 4096: -+ ekCertIndex = EK_CERT_RSA_4096_INDEX_H7; -+ break; -+ default: -+ printf("Bad key size %s for -rsa\n", argv[i]); - printUsage(); - } - } -diff --git a/utils/createekcert.c b/utils/createekcert.c -index 7049605..02d765c 100644 ---- a/utils/createekcert.c -+++ b/utils/createekcert.c -@@ -179,31 +179,27 @@ int main(int argc, char *argv[]) - else if (strcmp(argv[i], "-rsa") == 0) { - algPublic = TPM_ALG_RSA; - algCount++; -- i++; -- if (i < argc) { -+ if (i + 1 < argc && argv[i+1][0] != '-') { -+ i++; - sscanf(argv[i],"%hu", &keyBits); -- switch (keyBits) { -- case 2048: -- if (range == LowRange) { -- ekCertIndex = EK_CERT_RSA_INDEX; -- } -- else { /* high range */ -- ekCertIndex = EK_CERT_RSA_2048_INDEX_H1; -- } -- break; -- case 3072: -- ekCertIndex = EK_CERT_RSA_3072_INDEX_H6; -- break; -- case 4096: -- ekCertIndex = EK_CERT_RSA_4096_INDEX_H7; -- break; -- default: -- printf("Bad key size %s for -rsa\n", argv[i]); -- printUsage(); -- } - } -- else { -- printf("Missing keysize parameter for -rsa\n"); -+ switch (keyBits) { -+ case 2048: -+ if (range == LowRange) { -+ ekCertIndex = EK_CERT_RSA_INDEX; -+ } -+ else { /* high range */ -+ ekCertIndex = EK_CERT_RSA_2048_INDEX_H1; -+ } -+ break; -+ case 3072: -+ ekCertIndex = EK_CERT_RSA_3072_INDEX_H6; -+ break; -+ case 4096: -+ ekCertIndex = EK_CERT_RSA_4096_INDEX_H7; -+ break; -+ default: -+ printf("Bad key size %s for -rsa\n", argv[i]); - printUsage(); - } - } -diff --git a/utils/createloaded.c b/utils/createloaded.c -index a481cb3..fe97ab4 100644 ---- a/utils/createloaded.c -+++ b/utils/createloaded.c -@@ -167,14 +167,10 @@ int main(int argc, char *argv[]) - } - else if (strcmp(argv[i], "-rsa") == 0) { - algPublic = TPM_ALG_RSA; -- i++; -- if (i < argc) { -+ if (i + 1 < argc && argv[i+1][0] != '-') { -+ i++; - sscanf(argv[i],"%hu", &keyBits); - } -- else { -- printf("Missing parameter for -rsa\n"); -- printUsage(); -- } - } - else if (strcmp(argv[i], "-ecc") == 0) { - algPublic = TPM_ALG_ECC; -diff --git a/utils/createprimary.c b/utils/createprimary.c -index 3c7676f..c805674 100644 ---- a/utils/createprimary.c -+++ b/utils/createprimary.c -@@ -180,14 +180,10 @@ int main(int argc, char *argv[]) - } - else if (strcmp(argv[i], "-rsa") == 0) { - algPublic = TPM_ALG_RSA; -- i++; -- if (i < argc) { -+ if (i + 1 < argc && argv[i+1][0] != '-') { -+ i++; - sscanf(argv[i],"%hu", &keyBits); - } -- else { -- printf("Missing parameter for -rsa\n"); -- printUsage(); -- } - } - else if (strcmp(argv[i], "-ecc") == 0) { - algPublic = TPM_ALG_ECC; -diff --git a/utils/objecttemplates.c b/utils/objecttemplates.c -index 06b07ef..f44398f 100644 ---- a/utils/objecttemplates.c -+++ b/utils/objecttemplates.c -@@ -538,7 +538,7 @@ void printUsageTemplate(void) - { - printf("\t[Asymmetric Key Algorithm]\n"); - printf("\n"); -- printf("\t-rsa keybits (default)\n"); -+ printf("\t-rsa [keybits] (default)\n"); - printf("\t\t(2048 default)\n"); - printf("\t-ecc curve\n"); - printf("\t\tbnp256\n"); --- -2.26.2 - - diff --git a/ibmtss.changes b/ibmtss.changes index 4e518c2..150e4f0 100644 --- a/ibmtss.changes +++ b/ibmtss.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Tue Jan 26 09:19:47 UTC 2021 - Petr Vorel + +- Update to upstream version 1.6.0 +- Drop patches from this release + - ibmtss-certifyx509-Fix-uninitialized-variable.patch + - ibmtss-fix-dsa-regression.patch + ------------------------------------------------------------------- Thu Oct 1 19:24:56 UTC 2020 - Pedro Monreal Gonzalez diff --git a/ibmtss.spec b/ibmtss.spec index 7bbeac9..041ccb3 100644 --- a/ibmtss.spec +++ b/ibmtss.spec @@ -1,7 +1,7 @@ # # spec file for package ibmtss # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,12 +18,12 @@ # %define libversion 1 -%define libversion_full 1.5.0 +%define libversion_full 1.6.0 %define libname libibmtss %define libpkgname %{libname}%{libversion} Name: ibmtss -Version: 1.5.0 +Version: 1.6.0 Release: 0 Summary: IBM's TPM 2.0 TSS License: BSD-3-Clause @@ -32,8 +32,6 @@ URL: https://sourceforge.net/projects/ibmtpm20tss Source: https://sourceforge.net/projects/ibmtpm20tss/files/ibmtss%{version}.tar.gz Source1: 90-tpm-ibmtss.rules Patch1: ibmtss-configure.ac-Do-not-disable-optimization-for-debug-b.patch -Patch2: ibmtss-certifyx509-Fix-uninitialized-variable.patch -Patch3: ibmtss-fix-dsa-regression.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: ibmswtpm2 diff --git a/ibmtss1.5.0.tar.gz b/ibmtss1.5.0.tar.gz deleted file mode 100644 index fec66e4..0000000 --- a/ibmtss1.5.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:22d14871b9cfb1c7ddbcc0e5b379ddc065660d9a7c7b3a4a21a3ba13f1a8ddb1 -size 1037930 diff --git a/ibmtss1.6.0.tar.gz b/ibmtss1.6.0.tar.gz new file mode 100644 index 0000000..1501537 --- /dev/null +++ b/ibmtss1.6.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:83bebb0d36ef9ced6cf3be2be9f0b4463a692d67254df31216271a916aaba851 +size 1255456