diff --git a/tpm2-0-tss.changes b/tpm2-0-tss.changes index c3fe64d..d610246 100644 --- a/tpm2-0-tss.changes +++ b/tpm2-0-tss.changes @@ -1,3 +1,82 @@ +------------------------------------------------------------------- +Fri May 3 14:14:50 UTC 2024 - Matthias Gerstner + +Update to version 4.1: + ++ Security + + - Fixed CVE-2024-29040 + ++ Fixed + + - fapi: Fix length check on FAPI auth callbacks + - mu: Correct error message for errors + - tss2-rc: fix unknown laer handler dropping bits. + - fapi: Fix deviation from CEL specification (template_value was used instead of template_data). + - fapi: Fix json syntax error in FAPI profiles which was ignored by json-c. + - build: fix build fail after make clean. + - mu: Fix unneeded size check in TPM2B unmarshaling. + - fapi: Fix missing parameter encryption. + - build: Fix failed build with --disable-vendor. + - fapi: Fix flush of persistent handles. + - fapi: Fix test provisioning with template with self generated certificate disabled. + - fapi: Fix error in Fapi_GetInfo it TPM supports SHA3 hash algs. + - fapi: Revert pcr extension for EV_NO_ACTION events. + - fapi: Fix strange error messages if nv, ext, or policy path does not exits. + - fapi: Fix segfault caused by wrong allocation of pcr policy. + - esys: Fix leak in Esys_EvictControl for persistent handles. + - tss2-tcti: tcti-libtpms: fix test failure on big-endian platform. + - esys: Add reference counting for Esys_TR_FromTPMPublic. + - esys: Fix HMAC error if session bind key has an auth value with a trailing 0. + - fapi: fix usage of self signed certificates in TPM. + - fapi: Usage of self signed certificates. + - fapi: A segfault after the error handling of non existing keys. + - fapi: Fix several leaks. + - fapi: Fix error handling for policy execution. + - fapi: Fix usage of persistent handles (should not be flushed) + - fapi: Fix test provisioning with template (skip test without self generated certificate). + - fapi: Fix pcr extension for EV_NO_ACTION + - test: Fix fapi-key-create-policy-signed-keyedhash with P_ECC384 profile + - tcti_spi_helper_transmit: ensure FIFO is accessed only after TPM reports commandReady bit is set + - fapi: Fix read large system eventlog (> UINT16_MAX). + - esys tests: Fix layer check for TPM2_RC_COMMAND_CODE (for /dev/tpmrm0) + - test: unit: tcti-libtpms: fix test failed at 32-bit platforms. + - fapi: Fix possible null pointer dereferencing in Fapi_List. + - sys: Fix size check in Tss2_Sys_GetCapability. + - esys: Fix leak in Esys_TR_FromTPMPublic. + - esys: fix unchecked return value in esys crypto. + - fapi: Fix wrong usage of local variable in provisioning. + - fapi: Fix memset 0 in ifapi_json_TPMS_POLICYNV_deserialize. + - fapi: Fix possible out of bound array access in IMA parser. + - tcti device: Fix possible unmarshalling from uninitialized variable. + - fapi: Fix error checking authorization of signing key. + - fapi: Fix cleanup of policy sessions. + - fapi: Eventlog H-CRTM events and different localities. + - fapi: Fix missing synchronization of quote and eventlog. + - faii: Fix invalid free in Fapi_Quote with empty eventlog. + ++ Added + + - tcti: LetsTrust-TPM2Go TCTI module spi-ltt2go. + - mbedtls: add sha512 hmac. + - fapi: Enable usage of external keys for Fapi_Encrypt. + - fapi: Support download of AMD certificates. + - tcti: Add USB TPM (FTDI MPSSE USB to SPI bridge) TCTI module. + - fapi: The recreation of primaries (except EK) in the owner hierarchy instead the endorsement hierarchy is fixed. + - rc: New TPM return codes added. + - fapi: Further Nuvoton certificates added. + - tpm_types/esys: Add support for Attestable TPM changes in latest TPM spec. + - tcti: Add '/dev/tcm0' to default conf + - fapi: New Nuvoton certificates added. + - esys: Fix leak in Esys_TR_FromTPMPublic. + ++ Removed + + - Testing on Ubuntu 18.04 as it's near EOL (May 2023). + +- tpm2-tss.keyring: added Andreas Fuchs 0x8F4F9A45D7FFEE74 key, documented + in upstream repo, which was used for signing this new release tarball. + ------------------------------------------------------------------- Sat Jan 13 17:45:03 UTC 2024 - Callum Farmer diff --git a/tpm2-0-tss.spec b/tpm2-0-tss.spec index 077a869..269ef53 100644 --- a/tpm2-0-tss.spec +++ b/tpm2-0-tss.spec @@ -1,7 +1,7 @@ # # spec file for package tpm2-0-tss # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: tpm2-0-tss -Version: 4.0.1 +Version: 4.1.0 Release: 0 Summary: Intel's TCG Software Stack access libraries for TPM 2.0 chips License: BSD-2-Clause @@ -74,9 +74,11 @@ Requires: libtss2-rc0 = %{version} Requires: libtss2-sys1 = %{version} Requires: libtss2-tcti-cmd0 = %{version} Requires: libtss2-tcti-device0 = %{version} +Requires: libtss2-tcti-i2c-helper0 = %{version} Requires: libtss2-tcti-mssim0 = %{version} Requires: libtss2-tcti-pcap0 = %{version} Requires: libtss2-tcti-spi-helper0 = %{version} +Requires: libtss2-tcti-spidev0 = %{version} Requires: libtss2-tcti-swtpm0 = %{version} Requires: libtss2-tctildr0 = %{version} Requires: tpm2-0-tss = %{version} @@ -143,6 +145,15 @@ TPM Command Transmission Interface library for communicating with a TPM device node. This provides direct access to the TPM through the Linux kernel driver. +%package -n libtss2-tcti-spidev0 +Summary: TCTI interface library for communicating with a SPI attached TPM +Group: System/Libraries + +%description -n libtss2-tcti-spidev0 +TPM Command Transmission Interface library for communicating with a +TPM device node. This provides direct access to the TPM through the Linux +kernel driver. + %package -n libtss2-tcti-mssim0 Summary: TCTI interface library for Microsoft software TPM2 simulator Group: System/Libraries @@ -219,6 +230,16 @@ the details of communication with a TPM via SPI protocol. It uses user supplied methods for SPI and timing operations in order to be platform independent. +%package -n libtss2-tcti-i2c-helper0 +Summary: TCTI i2c interface library +Group: System/Libraries + +%description -n libtss2-tcti-i2c-helper0 +A TCTI module for communication via I2C TPM device driver. Abstracts +the details of communication with a TPM via I2C protocol. It uses user +supplied methods for I2C and timing operations in order to be platform +independent. + %prep %autosetup -n tpm2-tss-%{version} @@ -255,6 +276,8 @@ rm %{buildroot}%{_sysusersdir}/tpm2-tss.conf %postun -n libtss2-tctildr0 -p /sbin/ldconfig %post -n libtss2-tcti-device0 -p /sbin/ldconfig %postun -n libtss2-tcti-device0 -p /sbin/ldconfig +%post -n libtss2-tcti-spidev0 -p /sbin/ldconfig +%postun -n libtss2-tcti-spidev0 -p /sbin/ldconfig %post -n libtss2-tcti-mssim0 -p /sbin/ldconfig %postun -n libtss2-tcti-mssim0 -p /sbin/ldconfig %post -n libtss2-mu0 -p /sbin/ldconfig @@ -273,6 +296,8 @@ rm %{buildroot}%{_sysusersdir}/tpm2-tss.conf %postun -n libtss2-tcti-pcap0 -p /sbin/ldconfig %post -n libtss2-tcti-spi-helper0 -p /sbin/ldconfig %postun -n libtss2-tcti-spi-helper0 -p /sbin/ldconfig +%post -n libtss2-tcti-i2c-helper0 -p /sbin/ldconfig +%postun -n libtss2-tcti-i2c-helper0 -p /sbin/ldconfig %files %doc *.md @@ -309,6 +334,9 @@ rm %{buildroot}%{_sysusersdir}/tpm2-tss.conf %files -n libtss2-tcti-device0 %{_libdir}/libtss2-tcti-device.so.* +%files -n libtss2-tcti-spidev0 +%{_libdir}/libtss2-tcti-spidev.so.* + %files -n libtss2-tcti-mssim0 %{_libdir}/libtss2-tcti-mssim.so.* @@ -338,4 +366,7 @@ rm %{buildroot}%{_sysusersdir}/tpm2-tss.conf %files -n libtss2-tcti-spi-helper0 %{_libdir}/libtss2-tcti-spi-helper.so.* +%files -n libtss2-tcti-i2c-helper0 +%{_libdir}/libtss2-tcti-i2c-helper.so.* + %changelog diff --git a/tpm2-tss-4.0.1.tar.gz b/tpm2-tss-4.0.1.tar.gz deleted file mode 100644 index 1aa8a39..0000000 --- a/tpm2-tss-4.0.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:532a70133910b6bd842289915b3f9423c0205c0ea009d65294ca18a74087c950 -size 1787139 diff --git a/tpm2-tss-4.0.1.tar.gz.asc b/tpm2-tss-4.0.1.tar.gz.asc deleted file mode 100644 index 4bed970..0000000 --- a/tpm2-tss-4.0.1.tar.gz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEEW0grjj4Z2nyXjh0BbeLpB44fUMEFAmPO1PMACgkQbeLpB44f -UMFtQw/+IDx+P0RGWthfR3f4t/cfp9JBgiHfujNigWpv9LNG439Sew+8njEsmvEP -2yAHIiJGFMkwXadLNWgUnhvGYS628zqoPMLgDUW9PVAirrvo6XMf45wrBVLOZTX/ -1N6Bol9wT3TfcVUnSbL/0oZwgTAxSDQJB7I64788ujwGnrbBLTEirDB/sqVVFF5k -1g3rMMH95nTGBqm96PA8gKYutOdOpOH9Gn/CexX9NuDrb00Nqx906kybkCIYEkdy -2Fp03zNTEo+iRtSIhrDZVbab/1UUN2r0rc6T6gABePUHS2lxPth6tLX0tVpq3RLJ -1mi7XJuri2Mqw4APOnavrK5qpCgAqONOn92+QqzmPylUFsRM6mzalDALvDwwknp4 -sEohsiPyxCC+oSErm5Urh3yUlZ8c068zQ1OXGOdZPNM281bEGf3ORRemkI1gT7eI -cC4Y3YRuWBeQyoANAzrAJYttsOe9ia/PadnnQiWcMPH4o4hGjgvYPJuI6fePn2SS -dgC9Z1O1LOk17XnNQb3cAshiOPQo8BjQB89QUi4pJRCbpY6WEB6Wc9OmEEhUuWDT -3ECHeDZGPRg6G4xELT2SZ2QMDhlfORaV0hbU0lMoNMQrslrZALm8424bDt3Q7R9j -iPkpp4ArVdxYvbENkdVcZBZF0qAmPmolNv/PkLVK0o9mYEmXVp8= -=vwbh ------END PGP SIGNATURE----- diff --git a/tpm2-tss-4.1.0.tar.gz b/tpm2-tss-4.1.0.tar.gz new file mode 100644 index 0000000..81ad851 --- /dev/null +++ b/tpm2-tss-4.1.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ac9c38e019aebe0d04a79e8f8db7ff805d23dcc7c45131c02960947576214329 +size 1902337 diff --git a/tpm2-tss-4.1.0.tar.gz.asc b/tpm2-tss-4.1.0.tar.gz.asc new file mode 100644 index 0000000..c0f153e --- /dev/null +++ b/tpm2-tss-4.1.0.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEE1TMnWwEj0KZ59R/0j0+aRdf/7nQFAmYrk68ACgkQj0+aRdf/ +7nQveRAAmYAVPbiF77l5pyLh6Ti+qeZpr2vtJh7CFSYbvuMZ0QGSKLKaOmC/NoMe +AQOgl72oYsv+cFZUs7xHLOOZx+quLlDoXQVEc8LNtByOwZJ8ROeXO0VNRshl3+/4 +yDDzbYZT33APHxh/8NBkuplHztr5bsiqHX6y/xKrrfoyWKPQufd+YVSsHq2qHAUE +MVXI78vS+RltR72pT+5VxUQq0zDFjS38DBJ6JJOmhLr+JqY3i0Ajfv1yCRl8CINw +xPlcVAh/Vy/THOXkt7rETlZQPtaCLfIrp3/Lo7fRbjn1MNDbD9kZdbsDmRuRu2Q+ +dZWTa8yiXyzPQyGJd7lmRWor1HiW4VonGAHVMsGl+DyMoNaH2ObJPYZnLDDNA/WS +qj89vA71BB7urvHmn4r9h7cIQNg9rYweXtYxNII2El7mmJF2p8SbN47CKD7JZVzT ++lIXtdfq8RlYmfqkYVA6rRyr/RH8jcxY0ICr0+zs1Cn5o/m1nPAaOaQ9l2a0aIQG +AqBtGADuX+o37Cn4oWJ93lK/fbpcfM1gPMd7akEUR0RSNGhQsjE/QEYH9SsgKQHk ++PGAztgdNd+3+5FQ9MQTSmvHp60hHWoQhfkTreCvp+6Q69Hmw3fpxVZINMivuITP +CDFUkszTVRjNpg9NnThbdYae9zV9RznoKe0Cr8nJ5d5JfMPpLpc= +=kG6x +-----END PGP SIGNATURE----- diff --git a/tpm2-tss.keyring b/tpm2-tss.keyring index 0f0421b..62e7871 100644 --- a/tpm2-tss.keyring +++ b/tpm2-tss.keyring @@ -48,4 +48,56 @@ B62qknrrR+FPcz8ACM9fXkpbBEcjFV8EkoOae106Vxjo/lu5LVBbwiKviMMwoK5o YE7FfCwLBbLTYMeetHo8jGBRonTEOKMtPlp/fCMOp9w7CgMDuvfEwuTsA1ux4uAb tZZIbipcKcZmsU7Su4+oeyh61giG++M5rL2D =xdFJ ------END PGP PUBLIC KEY BLOCK----- \ No newline at end of file +-----END PGP PUBLIC KEY BLOCK----- +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGW4tWABEADShIa5S7B036c2JMRfM26ihylWXfU0emxn4n9JwdewWakT6r2y +HU5L9b3hkcz8KOIsGAiVyn7bWoK9Q+OJGr0Alm38Jl1FbXGa/TaKeenVCTNWrOHZ +SLrDPbs8k84KNsvPEOMCapnrOHl+Nm1T0GosJonIzNe1X1ArCN9Zn+SstW+JZeaQ +IVNjVGKm59roU+EejaYuXqalAWhKq4I9Jd52yfy8TgWEFjk2STF3S3FST7SjiHds +bmclhp+Vai2WZGrnbzwyMWL324Nyy8h9+/l9WGspxLh2/1qPXtmaDWp8b49RuYDV +V7OVUSUDfp9eTB7ftfTMFXNbq1TShAkcbxT0xMu+UdTrnfKz1S5rFZ2AwfvvBCBR +laA2T6/lQ/5oOFAK9u96GRtQjsw4YtTnIQyaRj+UD+KWyXL9cZMdQRWyzjRLkINZ +dfj5TpXMmerO1ObOPvdji9o7yqAB3BQklhURlcs86z0dwKI3Cnho+2IbI+7jMKIn +0OGVPAx6GjE3Fia2USHlEPfMx1oTw6eC8PDvtUevz4BcS0GKRvu6n2ucOjtawet4 +lDZPnKQwiscwblBE+zL5/dw1gpQ2/jpIMKOPzUL/pclQDi/uQkfaoViyznLkKTr1 +l4witEysoKNFcKiorqznVAAermTB3jv7zqVzWRjhs2mhofAaPTtWxc0qSQARAQAB +tCpBbmRyZWFzIEZ1Y2hzIDxhbmRyZWFzLmZ1Y2hzQGluZmluZW9uLmNvbT6JAk4E +EwEKADgWIQTVMydbASPQpnn1H/SPT5pF1//udAUCZbi1YAIbAwULCQgHAgYVCgkI +CwIEFgIDAQIeAQIXgAAKCRCPT5pF1//udCAMD/93TGsv34ICGjfnrrMSCb787L/X +bdziMuqQ62LEaFxy9XlqXDusCF3OxPWXWYzQgCVmBj/zVUSvphsnBsQZR8rtuObr +pfZCXoGM8ig6u16Gqw7zAym5ckDJnAN3urKqQne7jU3R73QpZADHJR/0FDQFOh3q +6g+ZWYeyceaYE1ow1A4QX8OmCdulZHaqEqxNXdVf8PRp5ufpNJ9IyDs3Bki2oh73 +hRZuXrp6mo++WqImOkTqepCXyR4ejU5d++Pa7lfdwBOIusmh3f3suGc+6L9sI43j +ndA9+itheUZV7oUW5OvebPQVh9MQ0AXnnCBTlUEG2piJZ9I6XEqTaJCWYqVFHcbY +ZEeuhiNnvtdQOTeeYCWbgK50FW9Aw9knSeqym5nLvoYSFGbOCWOVP9z9mArlObQr +4FoapPXdJgznHnpX8YRdR3t6pCA32NyXppRdUCPylvKsflfLRexwPMPyq4/Zp2tG +RV0VMeZulnujBD4QYUwaChVocj0Hhgti5hfcDn5p+DJZgrm8uyHmEKBZF3tiIw+o +ACVz++mbaVlU3f1wGCwopA6E49U5DozkBXYKQFJ1kLXrSk8XsMNcRDTQROifkIl1 +JdZZgXyRkgm/frrCBHeoeK6c9HYLlHBKAYKmDF4spLcK9LFUHfEbOaPxr8/+Lvo3 +NwGQM0/sSrngdfjl67kCDQRluLVgARAAzg83xfiOX2qwYIxwf+4phpmUOhK8q8h1 +P+rdQWNur4XU+dJRwN94tsA51CrbltOQGBRerz3CVMbSnXMCCz+y7+jFEhWMTc71 +B7twmzXWz8kBtHAEUcIA6jI9JExvJlMtp+8FbGwvmOUaCPsFqAfpTMXY3brbxjIZ +cl99AEiWh5HLQNzO9eTCL8a3v2jtIaEFoqUAcsPAlOUYCp7GOguyHmDfGQfYGpO/ +rJPbjabx/FAd+A2PuIPXr0KqQItoPrhTRj1pGL80PI71Z9iinIaaTZEDSa2VwKB2 +9A+aCYeUi5nWzOhkQdhKYONLuqWjvAdEObfJ79IKiCbzk26Jd3/BvRcUwEnLSBQI +CcBa0K8CmCCWmcmHQGAYG5cNt9VCl+/Lnip0HlU54u8J3CQqy1SfDBL+yqf4gMtI +FcRljUh2mBoc8qDg170EdDx7X7prPOAg/j7PK4/+tCOmPpbZsSyRzJWxLIpxTjvW +JZ+xyn4CM6uxhQLcJsRDMIgHXt3F3Enw4PtgIAjFIyUcCPinebcFUJ2ZpSqtWFhQ +aAFQOvrtz/q7ZlNNtZGHx3HodtK1rhw2AqBE6f930RSW+dqHTcNQXRoDr7y0dtel +eCJA4FLprav4ywQCv67f42zNBwNfz2sHNADoeCwr3KKoSk/EN7IWHgyxWw8J5S7y +x24uTv//7B8AEQEAAYkCNgQYAQoAIBYhBNUzJ1sBI9CmefUf9I9PmkXX/+50BQJl +uLVgAhsMAAoJEI9PmkXX/+50pWAQALC72x4NLjdsru7hLbJYvBj2Lfm2XVxRhEEJ +aotNoCeB45P+QhL6XEQl1xtFc3aUWXAgDMe+9Wc9W90SoAZ6fiuAvifV3EMm6NI6 +DO7ScyIOB1qsrxRvbMGo8kCglNb7dCXh/CBnglsnH+jdl1SBrAsWhopYcetPQvOr +JudtTK4FNQYGevgYtcLNmzMmRX7F7N2DJ1IHDHWF2vEECCvEquXXgwJehZ4XmTL7 +OAeg1ogz6W3QVpTIK6r07a7RmwBkAtxWiGAcVTxEQQZVkwrWwplRHaVqSfXWIe4V +2MT5zjSzgZ2UqpWHNSxSECctYYXdDjrMXp8ECszk/PIxBV8HJ+ouBw/mBcs6uL8r +TBeOchmlf5wGKzrf/svzQ+8C5o61rC+eqoOVmlkF6l7OJj9s50DS35ty1CEBpJ4H +vG9tAmEadNM+kw3JGN+z/sn1xJek8VpUociQstXLDLZwEKIDYb56u/xEfeR5X5NN +SZvaPpnvbgVUI59GV2stWl53t53EvBW5AokKiYTv2rCddqnOmWomtsUVmvI7ftIn +kCkaxtx2krMCvxaHZ2ickvJH+LCd65IGZ4G3N/MudGp5PlGhAX1KlT7EkQtDWfnD +vT8auAcNHeSG2gCTW3sIkZNm7QvunexwIpe85YqAze8+ZpCtxDP34ahhZGrpIkKN +lFcjH/3q +=o8mM +-----END PGP PUBLIC KEY BLOCK-----