Accepting request 987905 from home:aplanas:branches:security

- Update to 3.2.0
  + Fixed
    * FAPI: fix curl_url_set call
    * FAPI: Fix usage of curl url (Should fix Ubuntu 22.04)
    * Fix buffer upcast leading to misalignment
    * Fix check whether SM3 is available
    * Update git.mk to support R/O src-dir
    * Fixed file descriptor leak when tcti initialization failed.
    * 32 Bit builds of the integration tests.
    * Primary key creation, in some cases the unique field was not
      cleared before calling create primary.
    * Primary keys was used for signing the object were cleared after
      loading. So access e.g. to the certificate did not work.
    * Primary keys created with Fapi_Create with an auth value, the
      auth_value was not used in inSensitive to recreate the primary
      key. Now the auth value callback is used to initialize
      inSensitive.
    * The not possible usage of policies for primary keys generated
      with Fapi_CreatePrimary has been fixed.
    * An infinite loop when parsing erroneous JSON was fixed in FAPI.
    * A buffer overflow in ESAPI xor parameter obfuscation was fixed.
    * Certificates could be read only once in one application The
      setting the init state of the state automaton for getting
      certificates was fixed.
    * A double free when executing policy action was fixed.
    * A leak in Fapi_Quote was fixed.
    * The wrong file locking in FAPI IO was fixed.
    * Enable creation of tss group and user on systems with busybox
      for fapi.
    * One fapi integration test did change the auth value of the
      storage hierarchy.
    * A leak in fapi crypto with ossl3 was fixed.
    * Add initial camelia support to FAPI
    * Fix tests of fapi PCR
    * Fix tests of ACT functionality if not supported by pTPM
    * Fix compiler (unused) warning when building without debug
      logging
    * Fix leaks in error cases of integration tests
    * Fix memory leak after ifapi_init_primary_finish failed
    * Fix double-close of stream in FAPI
    * Fix segfault when ESYS_TR_NONE is passed to Esys_TR_GetName
    * Fix the authorization of hierarchy objects used in policy
      secret.
    * Fix check of qualifying data in Fapi_VerifyQuote.
    * Fix some leaks in FAPI error cases.
    * Make scripts compatible with non-posix shells where test does
      not know -a and -o.
    * Fix usage of variable not initialized when fapi keystore is
      empty.
  + Added
    * Add additional IFX root CAs
    * Added support for SM2, SM3 and SM4.
    * Added support for OpenSSL 3.0.0.
    * Added authPolicy field to the TPMU_CAPABILITIES union.
    * Added actData field to the TPMU_CAPABILITIES union.
    * Added TPM2_CAP_AUTH_POLICIES
    * Added TPM2_CAP_ACT constants.
    * Added updates to the marshalling and unmarshalling of the
      TPMU_CAPABILITIES union.
    * Added updated to the FAPI serializations and deserializations of
      the TPMU_CAPABILITIES union and associated types.
    * Add CODE_OF_CONDUCT
    * tcti-mssim and tcti-swtpm gained support for UDX communication
    * Missing constant for TPM2_RH_PW
  + Removed
    * Removed support for OpenSSL < 1.1.0.
    * Marked TPMS_ALGORITHM_DESCRIPTION and corresponding MU routines
      as deprecated.
    * Those were errorous typedefs that are not use and not useful. So
      we will remove this with 3.3
    * Marked TPM2_RS_PW as deprecated. Use TPM2_RH_PW instead.
- Update to 3.1.1
  + Fixed
    * Fixed file descriptor leak when tcti initialization failed.
    * Primary key creation, in some cases the unique field was not
      cleared before calling create primary.
    * Primary keys was used for signing the object were cleared after
      loading. So access e.g. to the certificate did not work.
    * Primary keys created with Fapi_Create with an auth value, the
      auth_value was not used in inSensitive to recreate the primary
      key. Now the auth value callback is used to initialize
      inSensitive.
    * The not possible usage of policies for primary keys generated
      with Fapi_CreatePrimary has been fixed.
    * An infinite loop when parsing erroneous JSON was fixed in FAPI.
    * A buffer overflow in ESAPI xor parameter obfuscation was fixed.
    * Certificates could be read only once in one application The
      setting the init state of the state automaton for getting
      certificates was fixed.
    * A double free when executing policy action was fixed.
    * A leak in Fapi_Quote was fixed.
    * The wrong file locking in FAPI IO was fixed.
    * One fapi integration test did change the auth value of the
      storage hierarchy.
    * Fix test of FAPI PCR
    * Fix leaks in error cases of integration tests
    * Fix segfault when ESYS_TR_NONE is passed to Esys_TR_GetName
    * Fix the authorization of hierarchy objects used in policy
      secret.
    * Fix check of qualifying data in Fapi_VerifyQuote.
    * Fix some leaks in FAPI error cases.
    * Fix usage of variable not initialized when fapi keystore is
      empty.
  + Added
    * Add additional IFX root CAs

OBS-URL: https://build.opensuse.org/request/show/987905
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=119

tpm2-0-tss.changes

@@ -1,3 +1,113 @@
+-------------------------------------------------------------------
+Fri Jul  8 11:52:40 UTC 2022 - Alberto Planas Dominguez <aplanas@suse.com>
+
+- Update to 3.2.0
+  + Fixed
+    * FAPI: fix curl_url_set call
+    * FAPI: Fix usage of curl url (Should fix Ubuntu 22.04)
+    * Fix buffer upcast leading to misalignment
+    * Fix check whether SM3 is available
+    * Update git.mk to support R/O src-dir
+    * Fixed file descriptor leak when tcti initialization failed.
+    * 32 Bit builds of the integration tests.
+    * Primary key creation, in some cases the unique field was not
+      cleared before calling create primary.
+    * Primary keys was used for signing the object were cleared after
+      loading. So access e.g. to the certificate did not work.
+    * Primary keys created with Fapi_Create with an auth value, the
+      auth_value was not used in inSensitive to recreate the primary
+      key. Now the auth value callback is used to initialize
+      inSensitive.
+    * The not possible usage of policies for primary keys generated
+      with Fapi_CreatePrimary has been fixed.
+    * An infinite loop when parsing erroneous JSON was fixed in FAPI.
+    * A buffer overflow in ESAPI xor parameter obfuscation was fixed.
+    * Certificates could be read only once in one application The
+      setting the init state of the state automaton for getting
+      certificates was fixed.
+    * A double free when executing policy action was fixed.
+    * A leak in Fapi_Quote was fixed.
+    * The wrong file locking in FAPI IO was fixed.
+    * Enable creation of tss group and user on systems with busybox
+      for fapi.
+    * One fapi integration test did change the auth value of the
+      storage hierarchy.
+    * A leak in fapi crypto with ossl3 was fixed.
+    * Add initial camelia support to FAPI
+    * Fix tests of fapi PCR
+    * Fix tests of ACT functionality if not supported by pTPM
+    * Fix compiler (unused) warning when building without debug
+      logging
+    * Fix leaks in error cases of integration tests
+    * Fix memory leak after ifapi_init_primary_finish failed
+    * Fix double-close of stream in FAPI
+    * Fix segfault when ESYS_TR_NONE is passed to Esys_TR_GetName
+    * Fix the authorization of hierarchy objects used in policy
+      secret.
+    * Fix check of qualifying data in Fapi_VerifyQuote.
+    * Fix some leaks in FAPI error cases.
+    * Make scripts compatible with non-posix shells where test does
+      not know -a and -o.
+    * Fix usage of variable not initialized when fapi keystore is
+      empty.
+  + Added
+    * Add additional IFX root CAs
+    * Added support for SM2, SM3 and SM4.
+    * Added support for OpenSSL 3.0.0.
+    * Added authPolicy field to the TPMU_CAPABILITIES union.
+    * Added actData field to the TPMU_CAPABILITIES union.
+    * Added TPM2_CAP_AUTH_POLICIES
+    * Added TPM2_CAP_ACT constants.
+    * Added updates to the marshalling and unmarshalling of the
+      TPMU_CAPABILITIES union.
+    * Added updated to the FAPI serializations and deserializations of
+      the TPMU_CAPABILITIES union and associated types.
+    * Add CODE_OF_CONDUCT
+    * tcti-mssim and tcti-swtpm gained support for UDX communication
+    * Missing constant for TPM2_RH_PW
+  + Removed
+    * Removed support for OpenSSL < 1.1.0.
+    * Marked TPMS_ALGORITHM_DESCRIPTION and corresponding MU routines
+      as deprecated.
+    * Those were errorous typedefs that are not use and not useful. So
+      we will remove this with 3.3
+    * Marked TPM2_RS_PW as deprecated. Use TPM2_RH_PW instead.
+
+- Update to 3.1.1
+  + Fixed
+    * Fixed file descriptor leak when tcti initialization failed.
+    * Primary key creation, in some cases the unique field was not
+      cleared before calling create primary.
+    * Primary keys was used for signing the object were cleared after
+      loading. So access e.g. to the certificate did not work.
+    * Primary keys created with Fapi_Create with an auth value, the
+      auth_value was not used in inSensitive to recreate the primary
+      key. Now the auth value callback is used to initialize
+      inSensitive.
+    * The not possible usage of policies for primary keys generated
+      with Fapi_CreatePrimary has been fixed.
+    * An infinite loop when parsing erroneous JSON was fixed in FAPI.
+    * A buffer overflow in ESAPI xor parameter obfuscation was fixed.
+    * Certificates could be read only once in one application The
+      setting the init state of the state automaton for getting
+      certificates was fixed.
+    * A double free when executing policy action was fixed.
+    * A leak in Fapi_Quote was fixed.
+    * The wrong file locking in FAPI IO was fixed.
+    * One fapi integration test did change the auth value of the
+      storage hierarchy.
+    * Fix test of FAPI PCR
+    * Fix leaks in error cases of integration tests
+    * Fix segfault when ESYS_TR_NONE is passed to Esys_TR_GetName
+    * Fix the authorization of hierarchy objects used in policy
+      secret.
+    * Fix check of qualifying data in Fapi_VerifyQuote.
+    * Fix some leaks in FAPI error cases.
+    * Fix usage of variable not initialized when fapi keystore is
+      empty.
+  + Added
+    * Add additional IFX root CAs
+
 -------------------------------------------------------------------
 Wed Dec  8 16:57:58 UTC 2021 - Alberto Planas Dominguez <aplanas@suse.com>
 

tpm2-0-tss.spec

@@ -17,14 +17,17 @@
 
 
 Name:           tpm2-0-tss
-Version:        3.1.0
+Version:        3.2.0
 Release:        0
 Summary:        Intel's TCG Software Stack access libraries for TPM 2.0 chips
 License:        BSD-2-Clause
 Group:          Productivity/Security
 URL:            https://github.com/tpm2-software/tpm2-tss
 Source0:        https://github.com/tpm2-software/tpm2-tss/releases/download/%{version}/tpm2-tss-%{version}.tar.gz
-Source2:        baselibs.conf
+Source1:        https://github.com/tpm2-software/tpm2-tss/releases/download/%{version}/tpm2-tss-%{version}.tar.gz.asc
+# curl https://keys.openpgp.org/vks/v1/by-fingerprint/D6B4D8BAC7E0CC97DCD4AC7272E88B53F7A95D84 > tpm2-tss.keyring
+Source2:        tpm2-tss.keyring
+Source3:        baselibs.conf
 BuildRequires:  /usr/sbin/groupadd
 BuildRequires:  acl
 BuildRequires:  doxygen

tpm2-tss-3.1.0.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:8900a6603f74310b749b65f23c3461cde6e2a23a5f61058b21004c25f9cf19e8
-size 1584690

tpm2-tss-3.2.0.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:48305e4144dcf6d10f3b25b7bccf0189fd2d1186feafd8cd68c6b17ecf0d7912
+size 1629211

tpm2-tss-3.2.0.tar.gz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE1rTYusfgzJfc1KxycuiLU/epXYQFAmIPsO0ACgkQcuiLU/ep
+XYRd+RAApB43omQ9MpVgQTIRcvwVhZkORXqPC/o9KxorFe7apA1BN5Lj4s5otOUK
+C4N86W8eaPjXmoj+yiV7z97ZNVTZ0uUTNrDRh3uS52f7j3BwR1k0CuRcYdi3K34N
+92X1VaP3BA37zw4esV5RyhLFBW/o2PJYg092ZOsQ4ko/HcBoUEp87dmH9xoem/O1
+6sMGry+4CbvMX0o9XtQ/1yfJpuINTEVs0Ex7YVNwdseDolP6bmphdyJTF4j9iElV
+dNqUBtV0GHgSPj0//JTeMdgsgeRUooufVH+mtBmieFfX4LXzF+0MxcZEUMZyB0IJ
+Dc/IkKVglT83t0TQdwtFqxrJHcJJb6UrVW5N8/ogbwR882mhoF3N4k5njEshBn8B
+9xph9h91qaelj33uiJiILzyw+dCK1tp3dC0p7vg+GfhHSUjA5mNSS62qQffm59E4
+3tO1mbZ+g3P80oHWJxT2GEDQmWbZN0ao42vLXlInYT7ZOn+tdbV7TUbN33r1i0DD
+QAHZevE3d0F9dady0llKWCY7XFKqZ6rC8O7QaJDcPWdZ3urzVgRNDRLIc38WJaYQ
+GiHaagsLNi8hvLEumz8F8L/rvcZ24jJeEjkjRewMHQDL0Z8qaSd7y1wdxhvpJdvQ
+s0PXDRsg0GU61Fb1l/rYyWfjUJKeJbbmCsviCOUHWjuByyujES0=
+=CvUq
+-----END PGP SIGNATURE-----

tpm2-tss.keyring

@@ -0,0 +1,54 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Comment: Hostname: 
+Version: Hockeypuck 2.1.0-152-ga266fd3
+
+xsFNBFxtMHkBEACtvqN9RbZbJrtpqxLml+j5qVuXQDMTBF99PAhD0rgHfcsG8ezT
+oiTf2PEo/DW59D5qwJEJVEMbwh59SX97UJ+diI2gGn2FTzia4qkGG76LGps5LSQU
+TTpX+NpOOEy+zttJQJPtk7toHKKfyZBFsgxPepwblEotR047Z0mri2vhXZWum+np
++2B+9IwebS1U1/EBVl10ab9UjFv3Pj3bASCKpseZEJcitKlcjpVFc4hyLZIl+syB
+ysZX2+DhiUXFetjz+h4Zb4nAWF5ZPbs0KXo8gnTxqprbfOL+XZFYyeo/63dSlaxt
+fkChWb4DIGtxDGogipcGmoZBoFiXzGxc6X+y3wGvoJyzeArusx2IR6VCzSQvuEfz
+4kII1tWngId/cokmNx1ervARrf+gOpeii9qva6bYsulqNqaoh68ODJFosbn5DVVb
+fXv3l7SmT766Q7yKFSg2TN1aLMn1pY+TE9pxGza5G37qBc/WLC7NTgmUTst8hpCD
+kiMj1fRdHoJ3Ura6WilJC8tg/0d0mCiFc8nxOSbf8qvTgDBss4Hpe/cpfS4m4ymk
+G23wtg/6arkmOADXsENkGIObTv0pNXklQtZvl9TyTXU7d+GyCL1gQJoI/ZVu1/Zf
+8Fds5iPFX9eMqBvh6enZd65FgAyKSxZ+tgwXwFeNZDRsORX3cLG8H3lfiQARAQAB
+zS9BbmRyZWFzIEZ1Y2hzIDxhbmRyZWFzLmZ1Y2hzQHNpdC5mcmF1bmhvZmVyLmRl
+PsLBlAQTAQoAPhYhBNa02LrH4MyX3NSscnLoi1P3qV2EBQJcbTB5AhsDBQkJZgGA
+BQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEHLoi1P3qV2Eq1QP/i8mU22JaONg
+9JcRz/usGnwWBpe+dTnCieoC7mwLTM2vj3ywax/xh8eAw5I3EWWUEKb0Rq/0wWJN
+53Ve7Ecge0zY0YJEr/ZOJs/e4D0T0eUxVuRrto67B8XlkagXNeVI6picS1CRY/7r
+5ORdgx2p+VLEwnX6KeFa9BsBXOEHdvSDEvupG098cbc7sdl2mLfKJdXBD4Pve7r4
+FpV7QuY+dXsTj5CG23hw6BLNGDm99p2j40y7wfLh1oEAj1b9Gt8QHsiSYiHfndqf
+lzc5FWvoU3jxQcXVkGuaLfa1DFgeZZoXUPbbw9jaXTC1LDtnnjnF79Zs8fFvgek/
+wpfnpGhQfa0rIWDoCDEp6yD9X0fbPKAs0glj5PZ1JlFUYfbIbEy29K+YHj3NHGFi
+50WcEg+kqbalOEGpQxCfaFDLdQhXrmIUBBwGP15HFPofWgp0gt+gHyYbR92Os/G9
+Vjk4RGcvZM7t24n0hwkUR8ORH4eSQaCOIL3sdQuVjeWnYbzrMSJ1bsJPprn+pmWC
+59rcrKEcTXtkBpjTGls2Nng3FWKDeYLsPXYReGjEtPSHulwpMHq46uCWFfAX2ta1
+5qgleeriFq2yCAbWAV+AGL66E+F4iarLyAQHStXl0vRXsl9U4v6sNIL5TC+mxiry
+qa64wLi8tDSs1tCDEHxZGyaWxrSM/bwkzsFNBFxtMHkBEADOk0m6SZOJOPrTL+Qw
+oSwyxxCWu+ONld98pSRNDDJx38+fvTMWehzYJLqUiyfs8KILvBebVYXpGBOKdk1j
+rXHmPE1EOwaxgCgdl1yXQbIcd1eoRMov4gqLSj2gmAYhyrvfM9TU0Uy5zPTEd36Z
+f/HjsmRLhBv356s3YsenGfJO/VPlfQfVeJ/e955Xvs6gpo+7njRpHOWHd6zDzfij
+y+ArzYYM7Z+bAK1SpJQpwAQ88JmIb9KtumBXOX7Y7RuWvHBbj+LR54pa/VPtMhx5
+Rq3SEz9kJZZjLcUj3EemnA30loJJzGBVTdAMdne6XqLcJPcLELD2ELZDXf2ebzXB
+s7uQ7oCDI01uBNi1kSjrRC2wTvCbV3a44B7lVEmYvlXGom3rm6KB8Q68c86/bsAq
+CmJ98x1HXBPPFL4PyIIq55e91n/1QfrjceIZu86PAnWTDRselKO3Rhr/ebHXBsNg
+lf1rjOIy4YkdRYvUfRq49PR9gRXD6vRfDBzg7VPHuEBWLib2XB1gamkMT0uqaLNM
+W61Xm+MW6NKcaO1PY0UYRpfE0VdMJtLYIJVL81IO67+sBO0tegHboJHzxJA9SGEm
+Kz37Fw2XYViKkAtuYqfp7hZBQe3LgFJ0kBokJ2cSzlLBkVp73hIVTqPg8wAFvjY0
+MCPuwsRfQG8sQSyomHbETiNuGwARAQABwsF8BBgBCgAmFiEE1rTYusfgzJfc1Kxy
+cuiLU/epXYQFAlxtMHkCGwwFCQlmAYAACgkQcuiLU/epXYSZyQ/+P/LpGH70Vx4g
+07xBZ7D63IXl3wblvZsJ0jwSStnreCylcJz62wn5ewgucBBaD878dNyJvDEtIvgx
+ev1RPvUffvCdWjOmYCnSx/GlzaJES25Nx4Ye40QOrNRd+p34edqrdRKlfiVM5GuS
+G9b/EGE1Aq3yFqtGG/tmteM0VOixfXRWBvMuCwZ/oSHyaQzywMJbdammxUahpDLm
+CblVAcEAX+PvVd8B0JfTMOkUZJbj6t+9i05X6nbwjn54hJz7/RkyO4mTDeu+/8I7
+z6xLC8DZlDSrTyow83H9YYrbSi9Bcr75CkDCV2Eo0G/WR+lwLxod12a/gmsVnFk+
+JillaEn8NLons/UuglI0RPahdQBeCr3o7m2qg1tKQZue6qhi/X9lYpg7BYvAWt8V
+UdSG7uszNBLMCF255VF9g/c/sxPCQqAeivNmd45gSJmcFh4j5Y7J5UI1FYmuMRP6
+m/TxrRkUcpZQItWlItyEatwQqEqloCS1flfeCSKDH048YuZuqoQREj7s8fCJhEmL
+yasQrJgzKqOgmHSohHPL3+Y70MmraQrmzsaTNG0pbl12ZYYA326fMcoIuzk8BbFn
+OdgQtf8uBxjBxQYwUAQ5vDSGndopizUW7RKegM8eAEqsV9t+nKDFnnvAd88gVxKy
+lCrKeqs8B01YCW/gCy709t5b/XvI/xA=
+=tkEk
+-----END PGP PUBLIC KEY BLOCK-----