From 3b46b43aa0f142e264f7ed0e72405f74768b5e0980e57efe9cbb621ae6ffe2fb Mon Sep 17 00:00:00 2001
From: Marcus Meissner <meissner@suse.com>
Date: Mon, 19 Apr 2021 14:15:21 +0000
Subject: [PATCH] Accepting request 886589 from home:gary_lin:branches:security

- Update to version 0.8.2
  * tpm2: rev155: Add new RsaAdjustPrimeCandidate code but do
    not use (bsc#1184939 CVE-2021-3505)
  * tpm2: Activate SEED_COMPAT_LEVEL_RSA_PRIME_ADJUST_FIX
    (bsc#1184939 CVE-2021-3505)

OBS-URL: https://build.opensuse.org/request/show/886589
OBS-URL: https://build.opensuse.org/package/show/security/libtpms?expand=0&rev=25
---
 libtpms.changes | 34 ++++++++++++++++++++++++++++++++++
 libtpms.spec    |  2 +-
 v0.7.7.tar.gz   |  3 ---
 v0.8.2.tar.gz   |  3 +++
 4 files changed, 38 insertions(+), 4 deletions(-)
 delete mode 100644 v0.7.7.tar.gz
 create mode 100644 v0.8.2.tar.gz

diff --git a/libtpms.changes b/libtpms.changes
index c26f8c3..cb1b8be 100644
--- a/libtpms.changes
+++ b/libtpms.changes
@@ -1,3 +1,37 @@
+-------------------------------------------------------------------
+Mon Apr 19 07:18:37 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
+
+- Update to version 0.8.2
+  * NOTE: Downgrade to 0.7.x or below is not possible.
+    Due to fixes in the TPM 2 prime number generation code in
+    rev155 it is not possible to downgrade from libtpms version
+    0.8.0 to some previous version. The seeds are now associated
+    with an age so that older seeds use the old TPM 2 prime number
+    generation code while newer seed use the newer code.
+  * tpm2: rev155: Add new RsaAdjustPrimeCandidate code but do
+    not use (bsc#1184939 CVE-2021-3505)
+  * tpm2: Activate SEED_COMPAT_LEVEL_RSA_PRIME_ADJUST_FIX
+    (bsc#1184939 CVE-2021-3505)
+  * Update to TPM 2 code release 159
+    - X509 support is enabled
+       + SM2 signing of ceritificates is NOT supported
+    - Authenticated timers are disabled
+  * Update to TPM 2 code relase 162
+    - ECC encryption / decryption is disabled
+  * Fix support for elliptic curve due to missing unmarshalling
+    code
+  * Runtime filter supported elliptic curves supported by OpenSSL
+  * Fix output buffer parameter and size for RSA decryption that
+    could cause stack corruption under certain circumstances
+  * Set the RSA PSS salt length to the digest length rather than
+    max
+  * Fixes to symmetric decryption related to input size check,
+    defer padding to the user [EVP_CIPHER_CTX_set_padding(ctx, 0)]
+    and to always use a temporary malloc'ed buffer for decryption
+  * Fixed the set of PCRs belonging to the TCB group. This affects
+    the pcrUpdateCounter in TPM2_Pcrread() responses, thus needs
+    latest swtpm for test cases to succeed there.
+
 -------------------------------------------------------------------
 Fri Mar 19 02:03:20 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
 
diff --git a/libtpms.spec b/libtpms.spec
index 36380db..50c03b3 100644
--- a/libtpms.spec
+++ b/libtpms.spec
@@ -18,7 +18,7 @@
 
 %define lname libtpms0
 Name:           libtpms
-Version:        0.7.7
+Version:        0.8.2
 Release:        0
 Summary:        Library providing Trusted Platform Module (TPM) functionality
 License:        BSD-3-Clause
diff --git a/v0.7.7.tar.gz b/v0.7.7.tar.gz
deleted file mode 100644
index 707ae9a..0000000
--- a/v0.7.7.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9f23b97594bb9c6d3c50e33c9be8435f03d91a591c2288b03056321e06c95db3
-size 1217129
diff --git a/v0.8.2.tar.gz b/v0.8.2.tar.gz
new file mode 100644
index 0000000..50f80e5
--- /dev/null
+++ b/v0.8.2.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3c533017b4eee60d907409ee39ad6f1cd0380c2ceabf583f1749a73ea87e9d3e
+size 1253915