Accepting request 876508 from security

- upgrade to minor version 1.3.9.2: - upstream now provide openssl 1.1 compatibility on their own - dropped 0001-Fix-build-against-OpenSSL-1.1.0.patch since the tarbal is now compatible. OBS-URL: https://build.opensuse.org/request/show/876508 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm-tools?expand=0&rev=33
2021-03-30 19:10:52 +00:00 · 2021-03-30 19:10:52 +00:00 · f487f2ac58
commit f487f2ac58
parent 7b3ae2c428 5ef0d120cf
5 changed files with 18 additions and 234 deletions
--- a/0001-Fix-build-against-OpenSSL-1.1.0.patch
+++ b/0001-Fix-build-against-OpenSSL-1.1.0.patch
@ -1,220 +0,0 @@
-From e6ef35d6a7dd4ab3d755c9cde5a5f589146af9e7 Mon Sep 17 00:00:00 2001
-From: Matthias Gerstner <matthias.gerstner@suse.de>
-Date: Thu, 9 Nov 2017 17:53:30 +0100
-Subject: [PATCH] Fix build against OpenSSL 1.1.0 when P11 support is enabled
-
---
- src/data_mgmt/data_import.c | 154 ++++++++++++++++++++++++++++++++++++++------
- 1 file changed, 133 insertions(+), 21 deletions(-)
-
-diff --git a/src/data_mgmt/data_import.c b/src/data_mgmt/data_import.c
-index f534717..0ba4162 100644
--- a/src/data_mgmt/data_import.c
-+++ b/src/data_mgmt/data_import.c
-@@ -39,6 +39,9 @@
- #include <openssl/evp.h>
- #include <openssl/err.h>
- 
-+#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
-+#	define USE_OPENSSL_110_API
-+#endif
- 
- /*
-  * Global variables
-@@ -58,6 +61,104 @@ CK_ULONG  g_ulIdLen      = 0;
- CK_BYTE  *g_pchName      = NULL;	// LABEL attribute value
- CK_ULONG  g_ulNameLen    = 0;
- 
-+static const BIGNUM*
-+getRSAModulus( RSA *a_pRsa ) {
-+#ifdef USE_OPENSSL_110_API
-+	const BIGNUM *ret;
-+	RSA_get0_key(a_pRsa, &ret, NULL, NULL);
-+	return ret;
-+#else
-+	return a_pRsa->n;
-+#endif
-+}
-+
-+static const BIGNUM*
-+getRSAPublicExponent( RSA *a_pRsa ) {
-+#ifdef USE_OPENSSL_110_API
-+	const BIGNUM *ret = NULL;
-+	RSA_get0_key(a_pRsa, NULL, &ret, NULL);
-+	return ret;
-+#else
-+	return a_pRsa->e;
-+#endif
-+}
-+
-+static const BIGNUM*
-+getRSAPrivateExponent( RSA *a_pRsa ) {
-+#ifdef USE_OPENSSL_110_API
-+	const BIGNUM *ret = NULL;
-+	RSA_get0_key(a_pRsa, NULL, NULL, &ret);
-+	return ret;
-+#else
-+	return a_pRsa->d;
-+#endif
-+}
-+
-+static const BIGNUM*
-+getRSAFactorP( RSA *a_pRsa ) {
-+#ifdef USE_OPENSSL_110_API
-+	const BIGNUM *ret = NULL;
-+	RSA_get0_factors(a_pRsa, &ret, NULL);
-+	return ret;
-+#else
-+	return a_pRsa->p;
-+#endif
-+}
-+
-+static const BIGNUM*
-+getRSAFactorQ( RSA *a_pRsa ) {
-+#ifdef USE_OPENSSL_110_API
-+	const BIGNUM *ret = NULL;
-+	RSA_get0_factors(a_pRsa, NULL, &ret);
-+	return ret;
-+#else
-+	return a_pRsa->q;
-+#endif
-+}
-+
-+static const BIGNUM*
-+getRSACrtParamDmp1( RSA *a_pRsa ) {
-+#ifdef USE_OPENSSL_110_API
-+	const BIGNUM *ret = NULL;
-+	RSA_get0_crt_params(a_pRsa, &ret, NULL, NULL);
-+	return ret;
-+#else
-+	return a_pRsa->dmp1;
-+#endif
-+}
-+
-+static const BIGNUM*
-+getRSACrtParamDmq1( RSA *a_pRsa ) {
-+#ifdef USE_OPENSSL_110_API
-+	const BIGNUM *ret = NULL;
-+	RSA_get0_crt_params(a_pRsa, NULL, &ret, NULL);
-+	return ret;
-+#else
-+	return a_pRsa->dmq1;
-+#endif
-+}
-+
-+static const BIGNUM*
-+getRSACrtParamIqmp( RSA *a_pRsa ) {
-+#ifdef USE_OPENSSL_110_API
-+	const BIGNUM *ret = NULL;
-+	RSA_get0_crt_params(a_pRsa, NULL, NULL, &ret);
-+	return ret;
-+#else
-+	return a_pRsa->iqmp;
-+#endif
-+}
-+
-+static int
-+getEVPKeyType( EVP_PKEY *a_pKey ) {
-+#ifdef USE_OPENSSL_110_API
-+	return EVP_PKEY_base_id( a_pKey );
-+#else
-+	return EVP_PKEY_type( a_pKey->type );
-+#endif
-+}
-+
-+
- /*
-  * parseCallback
-  *   Process the command specific options.
-@@ -372,7 +473,7 @@ readX509Cert( const char  *a_pszFile,
- 		goto out;
- 	}
- 
-	if ( EVP_PKEY_type( pKey->type ) != EVP_PKEY_RSA ) {
-+	if ( getEVPKeyType(pKey) != EVP_PKEY_RSA ) {
- 		logError( TOKEN_RSA_KEY_ERROR );
- 
- 		X509_free( pX509 );
-@@ -690,9 +791,11 @@ createRsaPubKeyObject( RSA               *a_pRsa,
-                        CK_OBJECT_HANDLE  *a_hObject ) {
- 
- 	int  rc = -1;
-+	const BIGNUM *bn_n = getRSAModulus(a_pRsa);
-+	const BIGNUM *bn_e = getRSAPublicExponent(a_pRsa);
- 
-	int  nLen = BN_num_bytes( a_pRsa->n );
-	int  eLen = BN_num_bytes( a_pRsa->e );
-+	int  nLen = BN_num_bytes( bn_n );
-+	int  eLen = BN_num_bytes( bn_e );
- 
- 	CK_RV  rv;
- 
-@@ -732,8 +835,8 @@ createRsaPubKeyObject( RSA               *a_pRsa,
- 	}
- 
- 	// Get binary representations of the RSA key information
-	BN_bn2bin( a_pRsa->n, n );
-	BN_bn2bin( a_pRsa->e, e );
-+	BN_bn2bin( bn_n, n );
-+	BN_bn2bin( bn_e, e );
- 
- 	// Create the RSA public key object
- 	rv = createObject( a_hSession, tAttr, ulAttrCount, a_hObject );
-@@ -760,14 +863,23 @@ createRsaPrivKeyObject( RSA               *a_pRsa,
- 
- 	int  rc = -1;
- 
-	int  nLen = BN_num_bytes( a_pRsa->n );
-	int  eLen = BN_num_bytes( a_pRsa->e );
-	int  dLen = BN_num_bytes( a_pRsa->d );
-	int  pLen = BN_num_bytes( a_pRsa->p );
-	int  qLen = BN_num_bytes( a_pRsa->q );
-	int  dmp1Len = BN_num_bytes( a_pRsa->dmp1 );
-	int  dmq1Len = BN_num_bytes( a_pRsa->dmq1 );
-	int  iqmpLen = BN_num_bytes( a_pRsa->iqmp );
-+	const BIGNUM *bn_n = getRSAModulus(a_pRsa);
-+	const BIGNUM *bn_e = getRSAPublicExponent(a_pRsa);
-+	const BIGNUM *bn_d = getRSAPrivateExponent(a_pRsa);
-+	const BIGNUM *bn_p = getRSAFactorP(a_pRsa);
-+	const BIGNUM *bn_q = getRSAFactorQ(a_pRsa);
-+	const BIGNUM *bn_dmp1 = getRSACrtParamDmp1(a_pRsa);
-+	const BIGNUM *bn_dmq1 = getRSACrtParamDmq1(a_pRsa);
-+	const BIGNUM *bn_iqmp = getRSACrtParamIqmp(a_pRsa);
-+
-+	int  nLen = BN_num_bytes( bn_n );
-+	int  eLen = BN_num_bytes( bn_e );
-+	int  dLen = BN_num_bytes( bn_d );
-+	int  pLen = BN_num_bytes( bn_p );
-+	int  qLen = BN_num_bytes( bn_q );
-+	int  dmp1Len = BN_num_bytes( bn_dmp1 );
-+	int  dmq1Len = BN_num_bytes( bn_dmq1 );
-+	int  iqmpLen = BN_num_bytes( bn_iqmp );
- 
- 	CK_RV  rv;
- 
-@@ -821,14 +933,14 @@ createRsaPrivKeyObject( RSA               *a_pRsa,
- 	}
- 
- 	// Get binary representations of the RSA key information
-	BN_bn2bin( a_pRsa->n, n );
-	BN_bn2bin( a_pRsa->e, e );
-	BN_bn2bin( a_pRsa->d, d );
-	BN_bn2bin( a_pRsa->p, p );
-	BN_bn2bin( a_pRsa->q, q );
-	BN_bn2bin( a_pRsa->dmp1, dmp1 );
-	BN_bn2bin( a_pRsa->dmq1, dmq1 );
-	BN_bn2bin( a_pRsa->iqmp, iqmp );
-+	BN_bn2bin( bn_n, n );
-+	BN_bn2bin( bn_e, e );
-+	BN_bn2bin( bn_d, d );
-+	BN_bn2bin( bn_p, p );
-+	BN_bn2bin( bn_q, q );
-+	BN_bn2bin( bn_dmp1, dmp1 );
-+	BN_bn2bin( bn_dmq1, dmq1 );
-+	BN_bn2bin( bn_iqmp, iqmp );
- 
- 	// Create the RSA private key object
- 	rv = createObject( a_hSession, tAttr, ulAttrCount, a_hObject );
-- 
-2.13.6
-
--- a/tpm-tools-1.3.9.1.tar.gz
+++ b/tpm-tools-1.3.9.1.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9cb714e2650826e2e932f65bc0ba9d61b927dc5fea47f2c2a2b64f0fdfcbfa68
-size 482859
--- a/tpm-tools-1.3.9.2.tar.gz
+++ b/tpm-tools-1.3.9.2.tar.gz
--- a/tpm-tools.changes
+++ b/tpm-tools.changes
@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Wed Mar  3 11:29:22 UTC 2021 - Matthias Gerstner <matthias.gerstner@suse.com>
+
+- upgrade to minor version 1.3.9.2:
+  - upstream now provide openssl 1.1 compatibility on their own
+- dropped 0001-Fix-build-against-OpenSSL-1.1.0.patch since the tarbal is now
+  compatible.
+
 -------------------------------------------------------------------
 Thu Nov  9 17:14:32 UTC 2017 - matthias.gerstner@suse.com

--- a/tpm-tools.spec
+++ b/tpm-tools.spec
@ -1,7 +1,7 @@
 #
 # spec file for package tpm-tools
 #
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2021 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -12,18 +12,18 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.

-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #


 %define lib_name libtpm_unseal1
 Name:           tpm-tools
-Version:        1.3.9.1
+Version:        1.3.9.2
 Release:        0
 Summary:        Trusted Platform Module (TPM) administration tools
 License:        IPL-1.0
 Group:          Productivity/Security
-Url:            http://trousers.sourceforge.net/
+URL:            http://trousers.sourceforge.net/
 Source0:        http://downloads.sourceforge.net/project/trousers/tpm-tools/%{version}/tpm-tools-%{version}.tar.gz
 BuildRequires:  autoconf
 BuildRequires:  automake
@ -32,9 +32,6 @@ BuildRequires:  openCryptoki-devel
 BuildRequires:  openssl-devel
 BuildRequires:  trousers-devel
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-# upstream has already got a pull request for this problem but didn't react
-# for some months... so this is my own patch to tackle the problem
-Patch0:         0001-Fix-build-against-OpenSSL-1.1.0.patch

 %description
 Trusted Computing is a set of specifications published by the Trusted
@ -88,15 +85,14 @@ provides tools for enablement and configuration of the TPM and
 associated interfaces. Also look inside the trousers package for more
 software for TC.

-This package contains the libraries and headers necessary for developing 
+This package contains the libraries and headers necessary for developing
 tpm-tools applications.

 %prep
-%setup -q -c %{name}-%{version}
-%patch0 -p1
+%setup -q -n %{name}-%{version}

 %build
-autoreconf -fiv
+sh bootstrap.sh
 # Disable unused-but-set warnings with gcc >= 4.6
 %configure \
 	--disable-static