Accepting request 886589 from home:gary_lin:branches:security

- Update to version 0.8.2 * tpm2: rev155: Add new RsaAdjustPrimeCandidate code but do not use (bsc#1184939 CVE-2021-3505) * tpm2: Activate SEED_COMPAT_LEVEL_RSA_PRIME_ADJUST_FIX (bsc#1184939 CVE-2021-3505) OBS-URL: https://build.opensuse.org/request/show/886589 OBS-URL: https://build.opensuse.org/package/show/security/libtpms?expand=0&rev=25
2021-04-19 14:15:21 +00:00 · 2021-04-19 14:15:21 +00:00 · 3b46b43aa0
commit 3b46b43aa0
parent 15458222e5
4 changed files with 38 additions and 4 deletions
--- a/libtpms.changes
+++ b/libtpms.changes
@ -1,3 +1,37 @@
+-------------------------------------------------------------------
+Mon Apr 19 07:18:37 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
+
+- Update to version 0.8.2
+  * NOTE: Downgrade to 0.7.x or below is not possible.
+    Due to fixes in the TPM 2 prime number generation code in
+    rev155 it is not possible to downgrade from libtpms version
+    0.8.0 to some previous version. The seeds are now associated
+    with an age so that older seeds use the old TPM 2 prime number
+    generation code while newer seed use the newer code.
+  * tpm2: rev155: Add new RsaAdjustPrimeCandidate code but do
+    not use (bsc#1184939 CVE-2021-3505)
+  * tpm2: Activate SEED_COMPAT_LEVEL_RSA_PRIME_ADJUST_FIX
+    (bsc#1184939 CVE-2021-3505)
+  * Update to TPM 2 code release 159
+    - X509 support is enabled
+       + SM2 signing of ceritificates is NOT supported
+    - Authenticated timers are disabled
+  * Update to TPM 2 code relase 162
+    - ECC encryption / decryption is disabled
+  * Fix support for elliptic curve due to missing unmarshalling
+    code
+  * Runtime filter supported elliptic curves supported by OpenSSL
+  * Fix output buffer parameter and size for RSA decryption that
+    could cause stack corruption under certain circumstances
+  * Set the RSA PSS salt length to the digest length rather than
+    max
+  * Fixes to symmetric decryption related to input size check,
+    defer padding to the user [EVP_CIPHER_CTX_set_padding(ctx, 0)]
+    and to always use a temporary malloc'ed buffer for decryption
+  * Fixed the set of PCRs belonging to the TCB group. This affects
+    the pcrUpdateCounter in TPM2_Pcrread() responses, thus needs
+    latest swtpm for test cases to succeed there.
+
 -------------------------------------------------------------------
 Fri Mar 19 02:03:20 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>

--- a/libtpms.spec
+++ b/libtpms.spec
@ -18,7 +18,7 @@

 %define lname libtpms0
 Name:           libtpms
-Version:        0.7.7
+Version:        0.8.2
 Release:        0
 Summary:        Library providing Trusted Platform Module (TPM) functionality
 License:        BSD-3-Clause
--- a/v0.7.7.tar.gz
+++ b/v0.7.7.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9f23b97594bb9c6d3c50e33c9be8435f03d91a591c2288b03056321e06c95db3
-size 1217129
--- a/v0.8.2.tar.gz
+++ b/v0.8.2.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3c533017b4eee60d907409ee39ad6f1cd0380c2ceabf583f1749a73ea87e9d3e
+size 1253915