Update to version 4.1:

+ Security
    - Fixed CVE-2024-29040
+ Fixed
    - fapi: Fix length check on FAPI auth callbacks
    - mu: Correct error message for errors
    - tss2-rc: fix unknown laer handler dropping bits.
    - fapi: Fix deviation from CEL specification (template_value was used instead of template_data).
    - fapi: Fix json syntax error in FAPI profiles which was ignored by json-c.
    - build: fix build fail after make clean.
    - mu: Fix unneeded size check in TPM2B unmarshaling.
    - fapi: Fix missing parameter encryption.
    - build: Fix failed build with --disable-vendor.
    - fapi: Fix flush of persistent handles.
    - fapi: Fix test provisioning with template with self generated certificate disabled.
    - fapi: Fix error in Fapi_GetInfo it TPM supports SHA3 hash algs.
    - fapi: Revert pcr extension for EV_NO_ACTION events.
    - fapi: Fix strange error messages if nv, ext, or policy path does not exits.
    - fapi: Fix segfault caused by wrong allocation of pcr policy.
    - esys: Fix leak in Esys_EvictControl for persistent handles.
    - tss2-tcti: tcti-libtpms: fix test failure on big-endian platform.
    - esys: Add reference counting for Esys_TR_FromTPMPublic.
    - esys: Fix HMAC error if session bind key has an auth value with a trailing 0.
    - fapi: fix usage of self signed certificates in TPM.
    - fapi: Usage of self signed certificates.
    - fapi: A segfault after the error handling of non existing keys.
    - fapi: Fix several leaks.
    - fapi: Fix error handling for policy execution.
    - fapi: Fix usage of persistent handles (should not be flushed)
    - fapi: Fix test provisioning with template (skip test without self generated certificate).

OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=137
This commit is contained in:
Matthias Gerstner 2024-05-03 14:16:18 +00:00 committed by Git OBS Bridge
parent 43cbd52bf9
commit 57ab8ba31f
7 changed files with 184 additions and 22 deletions

View File

@ -1,3 +1,82 @@
-------------------------------------------------------------------
Fri May 3 14:14:50 UTC 2024 - Matthias Gerstner <matthias.gerstner@suse.com>
Update to version 4.1:
+ Security
- Fixed CVE-2024-29040
+ Fixed
- fapi: Fix length check on FAPI auth callbacks
- mu: Correct error message for errors
- tss2-rc: fix unknown laer handler dropping bits.
- fapi: Fix deviation from CEL specification (template_value was used instead of template_data).
- fapi: Fix json syntax error in FAPI profiles which was ignored by json-c.
- build: fix build fail after make clean.
- mu: Fix unneeded size check in TPM2B unmarshaling.
- fapi: Fix missing parameter encryption.
- build: Fix failed build with --disable-vendor.
- fapi: Fix flush of persistent handles.
- fapi: Fix test provisioning with template with self generated certificate disabled.
- fapi: Fix error in Fapi_GetInfo it TPM supports SHA3 hash algs.
- fapi: Revert pcr extension for EV_NO_ACTION events.
- fapi: Fix strange error messages if nv, ext, or policy path does not exits.
- fapi: Fix segfault caused by wrong allocation of pcr policy.
- esys: Fix leak in Esys_EvictControl for persistent handles.
- tss2-tcti: tcti-libtpms: fix test failure on big-endian platform.
- esys: Add reference counting for Esys_TR_FromTPMPublic.
- esys: Fix HMAC error if session bind key has an auth value with a trailing 0.
- fapi: fix usage of self signed certificates in TPM.
- fapi: Usage of self signed certificates.
- fapi: A segfault after the error handling of non existing keys.
- fapi: Fix several leaks.
- fapi: Fix error handling for policy execution.
- fapi: Fix usage of persistent handles (should not be flushed)
- fapi: Fix test provisioning with template (skip test without self generated certificate).
- fapi: Fix pcr extension for EV_NO_ACTION
- test: Fix fapi-key-create-policy-signed-keyedhash with P_ECC384 profile
- tcti_spi_helper_transmit: ensure FIFO is accessed only after TPM reports commandReady bit is set
- fapi: Fix read large system eventlog (> UINT16_MAX).
- esys tests: Fix layer check for TPM2_RC_COMMAND_CODE (for /dev/tpmrm0)
- test: unit: tcti-libtpms: fix test failed at 32-bit platforms.
- fapi: Fix possible null pointer dereferencing in Fapi_List.
- sys: Fix size check in Tss2_Sys_GetCapability.
- esys: Fix leak in Esys_TR_FromTPMPublic.
- esys: fix unchecked return value in esys crypto.
- fapi: Fix wrong usage of local variable in provisioning.
- fapi: Fix memset 0 in ifapi_json_TPMS_POLICYNV_deserialize.
- fapi: Fix possible out of bound array access in IMA parser.
- tcti device: Fix possible unmarshalling from uninitialized variable.
- fapi: Fix error checking authorization of signing key.
- fapi: Fix cleanup of policy sessions.
- fapi: Eventlog H-CRTM events and different localities.
- fapi: Fix missing synchronization of quote and eventlog.
- faii: Fix invalid free in Fapi_Quote with empty eventlog.
+ Added
- tcti: LetsTrust-TPM2Go TCTI module spi-ltt2go.
- mbedtls: add sha512 hmac.
- fapi: Enable usage of external keys for Fapi_Encrypt.
- fapi: Support download of AMD certificates.
- tcti: Add USB TPM (FTDI MPSSE USB to SPI bridge) TCTI module.
- fapi: The recreation of primaries (except EK) in the owner hierarchy instead the endorsement hierarchy is fixed.
- rc: New TPM return codes added.
- fapi: Further Nuvoton certificates added.
- tpm_types/esys: Add support for Attestable TPM changes in latest TPM spec.
- tcti: Add '/dev/tcm0' to default conf
- fapi: New Nuvoton certificates added.
- esys: Fix leak in Esys_TR_FromTPMPublic.
+ Removed
- Testing on Ubuntu 18.04 as it's near EOL (May 2023).
- tpm2-tss.keyring: added Andreas Fuchs 0x8F4F9A45D7FFEE74 key, documented
in upstream repo, which was used for signing this new release tarball.
-------------------------------------------------------------------
Sat Jan 13 17:45:03 UTC 2024 - Callum Farmer <gmbr3@opensuse.org>

View File

@ -1,7 +1,7 @@
#
# spec file for package tpm2-0-tss
#
# Copyright (c) 2023 SUSE LLC
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -17,7 +17,7 @@
Name: tpm2-0-tss
Version: 4.0.1
Version: 4.1.0
Release: 0
Summary: Intel's TCG Software Stack access libraries for TPM 2.0 chips
License: BSD-2-Clause
@ -74,9 +74,11 @@ Requires: libtss2-rc0 = %{version}
Requires: libtss2-sys1 = %{version}
Requires: libtss2-tcti-cmd0 = %{version}
Requires: libtss2-tcti-device0 = %{version}
Requires: libtss2-tcti-i2c-helper0 = %{version}
Requires: libtss2-tcti-mssim0 = %{version}
Requires: libtss2-tcti-pcap0 = %{version}
Requires: libtss2-tcti-spi-helper0 = %{version}
Requires: libtss2-tcti-spidev0 = %{version}
Requires: libtss2-tcti-swtpm0 = %{version}
Requires: libtss2-tctildr0 = %{version}
Requires: tpm2-0-tss = %{version}
@ -143,6 +145,15 @@ TPM Command Transmission Interface library for communicating with a
TPM device node. This provides direct access to the TPM through the Linux
kernel driver.
%package -n libtss2-tcti-spidev0
Summary: TCTI interface library for communicating with a SPI attached TPM
Group: System/Libraries
%description -n libtss2-tcti-spidev0
TPM Command Transmission Interface library for communicating with a
TPM device node. This provides direct access to the TPM through the Linux
kernel driver.
%package -n libtss2-tcti-mssim0
Summary: TCTI interface library for Microsoft software TPM2 simulator
Group: System/Libraries
@ -219,6 +230,16 @@ the details of communication with a TPM via SPI protocol. It uses user
supplied methods for SPI and timing operations in order to be platform
independent.
%package -n libtss2-tcti-i2c-helper0
Summary: TCTI i2c interface library
Group: System/Libraries
%description -n libtss2-tcti-i2c-helper0
A TCTI module for communication via I2C TPM device driver. Abstracts
the details of communication with a TPM via I2C protocol. It uses user
supplied methods for I2C and timing operations in order to be platform
independent.
%prep
%autosetup -n tpm2-tss-%{version}
@ -255,6 +276,8 @@ rm %{buildroot}%{_sysusersdir}/tpm2-tss.conf
%postun -n libtss2-tctildr0 -p /sbin/ldconfig
%post -n libtss2-tcti-device0 -p /sbin/ldconfig
%postun -n libtss2-tcti-device0 -p /sbin/ldconfig
%post -n libtss2-tcti-spidev0 -p /sbin/ldconfig
%postun -n libtss2-tcti-spidev0 -p /sbin/ldconfig
%post -n libtss2-tcti-mssim0 -p /sbin/ldconfig
%postun -n libtss2-tcti-mssim0 -p /sbin/ldconfig
%post -n libtss2-mu0 -p /sbin/ldconfig
@ -273,6 +296,8 @@ rm %{buildroot}%{_sysusersdir}/tpm2-tss.conf
%postun -n libtss2-tcti-pcap0 -p /sbin/ldconfig
%post -n libtss2-tcti-spi-helper0 -p /sbin/ldconfig
%postun -n libtss2-tcti-spi-helper0 -p /sbin/ldconfig
%post -n libtss2-tcti-i2c-helper0 -p /sbin/ldconfig
%postun -n libtss2-tcti-i2c-helper0 -p /sbin/ldconfig
%files
%doc *.md
@ -309,6 +334,9 @@ rm %{buildroot}%{_sysusersdir}/tpm2-tss.conf
%files -n libtss2-tcti-device0
%{_libdir}/libtss2-tcti-device.so.*
%files -n libtss2-tcti-spidev0
%{_libdir}/libtss2-tcti-spidev.so.*
%files -n libtss2-tcti-mssim0
%{_libdir}/libtss2-tcti-mssim.so.*
@ -338,4 +366,7 @@ rm %{buildroot}%{_sysusersdir}/tpm2-tss.conf
%files -n libtss2-tcti-spi-helper0
%{_libdir}/libtss2-tcti-spi-helper.so.*
%files -n libtss2-tcti-i2c-helper0
%{_libdir}/libtss2-tcti-i2c-helper.so.*
%changelog

BIN
tpm2-tss-4.0.1.tar.gz (Stored with Git LFS)

Binary file not shown.

View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEW0grjj4Z2nyXjh0BbeLpB44fUMEFAmPO1PMACgkQbeLpB44f
UMFtQw/+IDx+P0RGWthfR3f4t/cfp9JBgiHfujNigWpv9LNG439Sew+8njEsmvEP
2yAHIiJGFMkwXadLNWgUnhvGYS628zqoPMLgDUW9PVAirrvo6XMf45wrBVLOZTX/
1N6Bol9wT3TfcVUnSbL/0oZwgTAxSDQJB7I64788ujwGnrbBLTEirDB/sqVVFF5k
1g3rMMH95nTGBqm96PA8gKYutOdOpOH9Gn/CexX9NuDrb00Nqx906kybkCIYEkdy
2Fp03zNTEo+iRtSIhrDZVbab/1UUN2r0rc6T6gABePUHS2lxPth6tLX0tVpq3RLJ
1mi7XJuri2Mqw4APOnavrK5qpCgAqONOn92+QqzmPylUFsRM6mzalDALvDwwknp4
sEohsiPyxCC+oSErm5Urh3yUlZ8c068zQ1OXGOdZPNM281bEGf3ORRemkI1gT7eI
cC4Y3YRuWBeQyoANAzrAJYttsOe9ia/PadnnQiWcMPH4o4hGjgvYPJuI6fePn2SS
dgC9Z1O1LOk17XnNQb3cAshiOPQo8BjQB89QUi4pJRCbpY6WEB6Wc9OmEEhUuWDT
3ECHeDZGPRg6G4xELT2SZ2QMDhlfORaV0hbU0lMoNMQrslrZALm8424bDt3Q7R9j
iPkpp4ArVdxYvbENkdVcZBZF0qAmPmolNv/PkLVK0o9mYEmXVp8=
=vwbh
-----END PGP SIGNATURE-----

BIN
tpm2-tss-4.1.0.tar.gz (Stored with Git LFS) Normal file

Binary file not shown.

16
tpm2-tss-4.1.0.tar.gz.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEE1TMnWwEj0KZ59R/0j0+aRdf/7nQFAmYrk68ACgkQj0+aRdf/
7nQveRAAmYAVPbiF77l5pyLh6Ti+qeZpr2vtJh7CFSYbvuMZ0QGSKLKaOmC/NoMe
AQOgl72oYsv+cFZUs7xHLOOZx+quLlDoXQVEc8LNtByOwZJ8ROeXO0VNRshl3+/4
yDDzbYZT33APHxh/8NBkuplHztr5bsiqHX6y/xKrrfoyWKPQufd+YVSsHq2qHAUE
MVXI78vS+RltR72pT+5VxUQq0zDFjS38DBJ6JJOmhLr+JqY3i0Ajfv1yCRl8CINw
xPlcVAh/Vy/THOXkt7rETlZQPtaCLfIrp3/Lo7fRbjn1MNDbD9kZdbsDmRuRu2Q+
dZWTa8yiXyzPQyGJd7lmRWor1HiW4VonGAHVMsGl+DyMoNaH2ObJPYZnLDDNA/WS
qj89vA71BB7urvHmn4r9h7cIQNg9rYweXtYxNII2El7mmJF2p8SbN47CKD7JZVzT
+lIXtdfq8RlYmfqkYVA6rRyr/RH8jcxY0ICr0+zs1Cn5o/m1nPAaOaQ9l2a0aIQG
AqBtGADuX+o37Cn4oWJ93lK/fbpcfM1gPMd7akEUR0RSNGhQsjE/QEYH9SsgKQHk
+PGAztgdNd+3+5FQ9MQTSmvHp60hHWoQhfkTreCvp+6Q69Hmw3fpxVZINMivuITP
CDFUkszTVRjNpg9NnThbdYae9zV9RznoKe0Cr8nJ5d5JfMPpLpc=
=kG6x
-----END PGP SIGNATURE-----

View File

@ -49,3 +49,55 @@ YE7FfCwLBbLTYMeetHo8jGBRonTEOKMtPlp/fCMOp9w7CgMDuvfEwuTsA1ux4uAb
tZZIbipcKcZmsU7Su4+oeyh61giG++M5rL2D
=xdFJ
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGW4tWABEADShIa5S7B036c2JMRfM26ihylWXfU0emxn4n9JwdewWakT6r2y
HU5L9b3hkcz8KOIsGAiVyn7bWoK9Q+OJGr0Alm38Jl1FbXGa/TaKeenVCTNWrOHZ
SLrDPbs8k84KNsvPEOMCapnrOHl+Nm1T0GosJonIzNe1X1ArCN9Zn+SstW+JZeaQ
IVNjVGKm59roU+EejaYuXqalAWhKq4I9Jd52yfy8TgWEFjk2STF3S3FST7SjiHds
bmclhp+Vai2WZGrnbzwyMWL324Nyy8h9+/l9WGspxLh2/1qPXtmaDWp8b49RuYDV
V7OVUSUDfp9eTB7ftfTMFXNbq1TShAkcbxT0xMu+UdTrnfKz1S5rFZ2AwfvvBCBR
laA2T6/lQ/5oOFAK9u96GRtQjsw4YtTnIQyaRj+UD+KWyXL9cZMdQRWyzjRLkINZ
dfj5TpXMmerO1ObOPvdji9o7yqAB3BQklhURlcs86z0dwKI3Cnho+2IbI+7jMKIn
0OGVPAx6GjE3Fia2USHlEPfMx1oTw6eC8PDvtUevz4BcS0GKRvu6n2ucOjtawet4
lDZPnKQwiscwblBE+zL5/dw1gpQ2/jpIMKOPzUL/pclQDi/uQkfaoViyznLkKTr1
l4witEysoKNFcKiorqznVAAermTB3jv7zqVzWRjhs2mhofAaPTtWxc0qSQARAQAB
tCpBbmRyZWFzIEZ1Y2hzIDxhbmRyZWFzLmZ1Y2hzQGluZmluZW9uLmNvbT6JAk4E
EwEKADgWIQTVMydbASPQpnn1H/SPT5pF1//udAUCZbi1YAIbAwULCQgHAgYVCgkI
CwIEFgIDAQIeAQIXgAAKCRCPT5pF1//udCAMD/93TGsv34ICGjfnrrMSCb787L/X
bdziMuqQ62LEaFxy9XlqXDusCF3OxPWXWYzQgCVmBj/zVUSvphsnBsQZR8rtuObr
pfZCXoGM8ig6u16Gqw7zAym5ckDJnAN3urKqQne7jU3R73QpZADHJR/0FDQFOh3q
6g+ZWYeyceaYE1ow1A4QX8OmCdulZHaqEqxNXdVf8PRp5ufpNJ9IyDs3Bki2oh73
hRZuXrp6mo++WqImOkTqepCXyR4ejU5d++Pa7lfdwBOIusmh3f3suGc+6L9sI43j
ndA9+itheUZV7oUW5OvebPQVh9MQ0AXnnCBTlUEG2piJZ9I6XEqTaJCWYqVFHcbY
ZEeuhiNnvtdQOTeeYCWbgK50FW9Aw9knSeqym5nLvoYSFGbOCWOVP9z9mArlObQr
4FoapPXdJgznHnpX8YRdR3t6pCA32NyXppRdUCPylvKsflfLRexwPMPyq4/Zp2tG
RV0VMeZulnujBD4QYUwaChVocj0Hhgti5hfcDn5p+DJZgrm8uyHmEKBZF3tiIw+o
ACVz++mbaVlU3f1wGCwopA6E49U5DozkBXYKQFJ1kLXrSk8XsMNcRDTQROifkIl1
JdZZgXyRkgm/frrCBHeoeK6c9HYLlHBKAYKmDF4spLcK9LFUHfEbOaPxr8/+Lvo3
NwGQM0/sSrngdfjl67kCDQRluLVgARAAzg83xfiOX2qwYIxwf+4phpmUOhK8q8h1
P+rdQWNur4XU+dJRwN94tsA51CrbltOQGBRerz3CVMbSnXMCCz+y7+jFEhWMTc71
B7twmzXWz8kBtHAEUcIA6jI9JExvJlMtp+8FbGwvmOUaCPsFqAfpTMXY3brbxjIZ
cl99AEiWh5HLQNzO9eTCL8a3v2jtIaEFoqUAcsPAlOUYCp7GOguyHmDfGQfYGpO/
rJPbjabx/FAd+A2PuIPXr0KqQItoPrhTRj1pGL80PI71Z9iinIaaTZEDSa2VwKB2
9A+aCYeUi5nWzOhkQdhKYONLuqWjvAdEObfJ79IKiCbzk26Jd3/BvRcUwEnLSBQI
CcBa0K8CmCCWmcmHQGAYG5cNt9VCl+/Lnip0HlU54u8J3CQqy1SfDBL+yqf4gMtI
FcRljUh2mBoc8qDg170EdDx7X7prPOAg/j7PK4/+tCOmPpbZsSyRzJWxLIpxTjvW
JZ+xyn4CM6uxhQLcJsRDMIgHXt3F3Enw4PtgIAjFIyUcCPinebcFUJ2ZpSqtWFhQ
aAFQOvrtz/q7ZlNNtZGHx3HodtK1rhw2AqBE6f930RSW+dqHTcNQXRoDr7y0dtel
eCJA4FLprav4ywQCv67f42zNBwNfz2sHNADoeCwr3KKoSk/EN7IWHgyxWw8J5S7y
x24uTv//7B8AEQEAAYkCNgQYAQoAIBYhBNUzJ1sBI9CmefUf9I9PmkXX/+50BQJl
uLVgAhsMAAoJEI9PmkXX/+50pWAQALC72x4NLjdsru7hLbJYvBj2Lfm2XVxRhEEJ
aotNoCeB45P+QhL6XEQl1xtFc3aUWXAgDMe+9Wc9W90SoAZ6fiuAvifV3EMm6NI6
DO7ScyIOB1qsrxRvbMGo8kCglNb7dCXh/CBnglsnH+jdl1SBrAsWhopYcetPQvOr
JudtTK4FNQYGevgYtcLNmzMmRX7F7N2DJ1IHDHWF2vEECCvEquXXgwJehZ4XmTL7
OAeg1ogz6W3QVpTIK6r07a7RmwBkAtxWiGAcVTxEQQZVkwrWwplRHaVqSfXWIe4V
2MT5zjSzgZ2UqpWHNSxSECctYYXdDjrMXp8ECszk/PIxBV8HJ+ouBw/mBcs6uL8r
TBeOchmlf5wGKzrf/svzQ+8C5o61rC+eqoOVmlkF6l7OJj9s50DS35ty1CEBpJ4H
vG9tAmEadNM+kw3JGN+z/sn1xJek8VpUociQstXLDLZwEKIDYb56u/xEfeR5X5NN
SZvaPpnvbgVUI59GV2stWl53t53EvBW5AokKiYTv2rCddqnOmWomtsUVmvI7ftIn
kCkaxtx2krMCvxaHZ2ickvJH+LCd65IGZ4G3N/MudGp5PlGhAX1KlT7EkQtDWfnD
vT8auAcNHeSG2gCTW3sIkZNm7QvunexwIpe85YqAze8+ZpCtxDP34ahhZGrpIkKN
lFcjH/3q
=o8mM
-----END PGP PUBLIC KEY BLOCK-----