From 5b742cbf73657fefaa446bcc39359863b169d244c4b43e788013b13e05af12c4 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Wed, 20 Oct 2021 10:28:43 +0000 Subject: [PATCH 1/2] Accepting request 926517 from home:aplanas:branches:security - Update to 1.7.0 + DB Schema Change from 5 to 7. * Backup your DB before upgrading + Fixed compilation issues with GCC11. + Fixed errors on releases due to newer compilers from failing by only adding -Werror for non-release builds. + Fixed error message when the DB is too new in tpm2_ptool. + Added support for tpm2_ptool import with ssh-keygen format keys. Note: Requires cryptography >= 3.0. + Changed default long level from error to warning. + Added better error message for FAPI backend errors along with docs/FAPI.md document. + Changed tpm2_ptool make --algorithm optional. + Fixed error message of wrong attribute name on expected attribute check to be false. + Added support for ECDSA 256, 384 and 512. + Fixed a bug in the Python code DB upgrade path from 4 to 5 where it didn't add AES mode CTR to CKA_ALLOWED_MECHANISMS. + Added tpm2_ptool support for ECC key size 192. + Added support passwordless login for tokens, ie not setting CKF_LOGIN_REQUIRED. + Fixed Running integration tests when Java version has the -ea, like on Debian 11 and OpenJDK 17. + Added support for HMAC keys using tpm2_ptool and the C_Sign and C_Verify interfaces. The following interfaces in ptool have support: * addkey: previous working versions of tpm2-tools will support this. * link: previous working versions of tpm2-tools will support this. * import: requires tpm2-tools 5.2+ for support. + Fixed leaking of temp file descriptors in tpm2_ptool. + Fixed wrong free in tpm code, should use Esys_Free. + Fixed a space formatting issue in tpm2_ptool verify. + Fixed leaked file descriptor in tpm2_ptool. + Fixed a few suspicious sizeof usages in str_padded_copy + Fixed a memory leak of the token list on a failure condition in initialization. OBS-URL: https://build.opensuse.org/request/show/926517 OBS-URL: https://build.opensuse.org/package/show/security/tpm2-pkcs11?expand=0&rev=8 --- tpm2-pkcs11-1.6.0.tar.gz | 3 --- tpm2-pkcs11-1.7.0.tar.gz | 3 +++ tpm2-pkcs11-1.7.0.tar.gz.asc | 16 ++++++++++++++ tpm2-pkcs11.changes | 41 ++++++++++++++++++++++++++++++++++++ tpm2-pkcs11.spec | 8 +++---- 5 files changed, 64 insertions(+), 7 deletions(-) delete mode 100644 tpm2-pkcs11-1.6.0.tar.gz create mode 100644 tpm2-pkcs11-1.7.0.tar.gz create mode 100644 tpm2-pkcs11-1.7.0.tar.gz.asc diff --git a/tpm2-pkcs11-1.6.0.tar.gz b/tpm2-pkcs11-1.6.0.tar.gz deleted file mode 100644 index 476a9cc..0000000 --- a/tpm2-pkcs11-1.6.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:61e2849c07acb4acbf756bdd6a9fe44f9475343256fa0bdc966b77321169c125 -size 1370370 diff --git a/tpm2-pkcs11-1.7.0.tar.gz b/tpm2-pkcs11-1.7.0.tar.gz new file mode 100644 index 0000000..16134af --- /dev/null +++ b/tpm2-pkcs11-1.7.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:078a445ed0e9f5009675a162b4b7b88f3520436cfbc791bb2249f37bd1f475bd +size 1386693 diff --git a/tpm2-pkcs11-1.7.0.tar.gz.asc b/tpm2-pkcs11-1.7.0.tar.gz.asc new file mode 100644 index 0000000..14a5ac2 --- /dev/null +++ b/tpm2-pkcs11-1.7.0.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEW0grjj4Z2nyXjh0BbeLpB44fUMEFAmFSG3QACgkQbeLpB44f +UMElEQ/9GEz+wfA85IKbd2rtNQax059vLRxU1cwS8N1U0KI3Ij1Y10+mK7aii0JV +p/iqq3h7lsTU83Im/KX2Bs13I68YTENeTkgtqdIS5/VvGGOWeFdLwBOA3Mfw/S3A +ZW8X1fyX6hqFB44io/2m+j7EvmHCCQn9x0pVheUo9Jrx2aulknDoKiHorj/esWWp +NoniIuDWIofrBJ0RrtzzSxJznzQEol6XpZqrWK8Wg2LrlEX9j86PE5dBM9fnHHlx +rIc4wOl+GXDB6Ulac4F0O2Q8zfroc/tLBkKZyq8tqTYVlew6WDCtgkBWbO1Onbc6 +ZlXGPWoSZGhm1LoM3pbuewyXi2F+8sJiDaySGGubCGC0HT6uStbWqtIHiI4zb8+V +ih62dDQOLzWe6dIRO187k8N0EsgAe5Dy948xJ0DLTvz+gtwsbpF/Iz0M0py8S8cQ +9N7BAmHOsJ8Rui4Wix5Fg7PAEof6m6nTxawQpWZEinax0nyF0MeVUc5Dw1w8/Mpu +0wsIPmCsNgrd7ucsodNpJ2qxj1Uitzh1hRm4K3CbJPWtFRPhF8wOxRQkWkFK98Km +gChX1uO0VTPjAqqZs1ON0UxAeNgXruE2pbJFKUAe0pxU/k6QRJ3NSi6LeVW6NICN +DMrT/S4utPlnfGwKsUPtPWQXwCECmT6VA9fR6d/nQG7As4TlSgs= +=Gwnb +-----END PGP SIGNATURE----- diff --git a/tpm2-pkcs11.changes b/tpm2-pkcs11.changes index cb001c0..ea2e15f 100644 --- a/tpm2-pkcs11.changes +++ b/tpm2-pkcs11.changes @@ -1,3 +1,44 @@ +------------------------------------------------------------------- +Wed Oct 20 09:58:09 UTC 2021 - Alberto Planas Dominguez + +- Update to 1.7.0 + + DB Schema Change from 5 to 7. + * Backup your DB before upgrading + + Fixed compilation issues with GCC11. + + Fixed errors on releases due to newer compilers from failing by + only adding -Werror for non-release builds. + + Fixed error message when the DB is too new in tpm2_ptool. + + Added support for tpm2_ptool import with ssh-keygen format + keys. Note: Requires cryptography >= 3.0. + + Changed default long level from error to warning. + + Added better error message for FAPI backend errors along with + docs/FAPI.md document. + + Changed tpm2_ptool make --algorithm optional. + + Fixed error message of wrong attribute name on expected attribute + check to be false. + + Added support for ECDSA 256, 384 and 512. + + Fixed a bug in the Python code DB upgrade path from 4 to 5 where + it didn't add AES mode CTR to CKA_ALLOWED_MECHANISMS. + + Added tpm2_ptool support for ECC key size 192. + + Added support passwordless login for tokens, ie not setting + CKF_LOGIN_REQUIRED. + + Fixed Running integration tests when Java version has the -ea, + like on Debian 11 and OpenJDK 17. + + Added support for HMAC keys using tpm2_ptool and the C_Sign and + C_Verify interfaces. The following interfaces in ptool have + support: + * addkey: previous working versions of tpm2-tools will support + this. + * link: previous working versions of tpm2-tools will support this. + * import: requires tpm2-tools 5.2+ for support. + + Fixed leaking of temp file descriptors in tpm2_ptool. + + Fixed wrong free in tpm code, should use Esys_Free. + + Fixed a space formatting issue in tpm2_ptool verify. + + Fixed leaked file descriptor in tpm2_ptool. + + Fixed a few suspicious sizeof usages in str_padded_copy + + Fixed a memory leak of the token list on a failure condition in + initialization. + ------------------------------------------------------------------- Sun Aug 22 11:04:39 UTC 2021 - Jan Engelhardt diff --git a/tpm2-pkcs11.spec b/tpm2-pkcs11.spec index fe4d2a9..3f8f422 100644 --- a/tpm2-pkcs11.spec +++ b/tpm2-pkcs11.spec @@ -19,7 +19,7 @@ %define so_ver 0 %define pythons python3 Name: tpm2-pkcs11 -Version: 1.6.0 +Version: 1.7.0 Release: 0 Summary: A PKCS#11 interface for TPM2 hardware License: BSD-2-Clause @@ -29,12 +29,13 @@ Source0: %{url}/releases/download/%{version}/%{name}-%{version}.tar.gz BuildRequires: autoconf BuildRequires: autoconf-archive >= 2017.03.21 BuildRequires: automake +BuildRequires: fdupes BuildRequires: libtool BuildRequires: pkgconfig -BuildRequires: tpm2.0-tools +BuildRequires: python-rpm-generators BuildRequires: python3-base BuildRequires: python3-setuptools -BuildRequires: fdupes +BuildRequires: tpm2.0-tools BuildRequires: pkgconfig(libcrypto) >= 1.0.2g BuildRequires: pkgconfig(p11-kit-1) BuildRequires: pkgconfig(sqlite3) @@ -43,7 +44,6 @@ BuildRequires: pkgconfig(tss2-mu) BuildRequires: pkgconfig(tss2-rc) BuildRequires: pkgconfig(tss2-tctildr) BuildRequires: pkgconfig(yaml-0.1) -BuildRequires: python-rpm-generators %{?python_enable_dependency_generator} %description From 9dd8ca96285441de0203d4a09a61e623a9ef2bda881f98d5cb306a60113cd82c Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Wed, 20 Oct 2021 10:58:41 +0000 Subject: [PATCH 2/2] Accepting request 926535 from home:gmbr3:Active - Add keyring & use source verification OBS-URL: https://build.opensuse.org/request/show/926535 OBS-URL: https://build.opensuse.org/package/show/security/tpm2-pkcs11?expand=0&rev=9 --- tpm2-pkcs11.changes | 5 +++++ tpm2-pkcs11.keyring | 53 +++++++++++++++++++++++++++++++++++++++++++++ tpm2-pkcs11.spec | 2 ++ 3 files changed, 60 insertions(+) create mode 100644 tpm2-pkcs11.keyring diff --git a/tpm2-pkcs11.changes b/tpm2-pkcs11.changes index ea2e15f..19f29fe 100644 --- a/tpm2-pkcs11.changes +++ b/tpm2-pkcs11.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Oct 20 10:48:58 UTC 2021 - Callum Farmer + +- Add keyring & use source verification + ------------------------------------------------------------------- Wed Oct 20 09:58:09 UTC 2021 - Alberto Planas Dominguez diff --git a/tpm2-pkcs11.keyring b/tpm2-pkcs11.keyring new file mode 100644 index 0000000..e416a5d --- /dev/null +++ b/tpm2-pkcs11.keyring @@ -0,0 +1,53 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Comment: Hostname: +Version: Hockeypuck ~unreleased + +xsFNBFik3GUBEADYDYbSXH3UTr9oCNCI3UxC1hiLH7cM+QIbMtWiwfAbT3G8wrTa +NPj00qNvI4wQ/Xm3h0hB7kri7vP0FqIjIwsTdM6ZpFdVHHKW1m4P8fkOcxqmLN0g +V36MN5fgoGWf2K94aS7ItoweRMcuHnwWawe6aAtbKSYVqhWhoB/3grgd0xhE61AS +o8fJ7uRYNEAYVeOKlC2j+qKfoJbCa6yqZejFwOOzB6qxNRA7JYvckEf8yJ4+Y16m +qPyZ1ErHzpql3+b5ha+g+9g8WzxAbSfGYZTwaQxyePNjXuq2tdEXf9XnESvoaoN4 +pQhiu/0BJEkXPxl1zso65g4Mn22xEELhUnwPDo5YdLlWEZ8xhELLvdJc3Z0nTR5A +4/YaZvvzf7pOD1cwpB6IrRf8n9rOe1aDxh/A//zX9PpIOV25p5kqlE88Ya5VXrnA +Ayfs19RZmK3+FuaI0ij79CRokG9BrI6TXT0pRTDIRu7GvAo2q13MELRvFddyRT2G +mNjsHYcqEbraYTh3LHEiwfWp4ZgDtk8jj3iRabHQUHk9V8vSFzj+wp1E8HzO8Vp3 +BxMDIOG1VPdLi81DP+LbZI1h30ZG63ulqkKIhwx5/h2v4VCYPatVtGqVf37tLstj +Wrs0DkBykuZrecp+AJ5ZJ+UVvR8ajO2ncAoOugNwoj9Wuvz0fVTiJIhuNQARAQAB +zTxXaWxsaWFtIFJvYmVydHMgKEJpbGwgUm9iZXJ0cykgPHdpbGxpYW0uYy5yb2Jl +cnRzQGludGVsLmNvbT7CwXgEEwECACIFAlik3GUCGwMGCwkIBwMCBhUIAgkKCwQW +AgMBAh4BAheAAAoJEG3i6QeOH1DBibEQAL4EwEzegkc8NyHiW0mntwDoCv3tkUlG +fprp/g7GWfrP+L+pN5yexg3Zm/CgVN/tTNCEr5XtP+sdds8xBF6ReJ8QPO7EiMiM +asPXh8zlODrySXCGHmpa7IzuUC2wgD3Wq7WjniMvnBmqBdL0+8nqA6NFxOOklvK1 +ub7bqLrHKfUfciFOfYAi+C0Bh8kdZtMjfY9sqlJA3sVK2UxVXq9D+oHbL1o454N6 +VzV0rDtsK47GSSCXT75kulPdfOCopTgxPgNsK4VnXgMOL5JMURPJa3rBzmBRFed1 +ynrqwFdmYdMepsUgt/JS2I/23QChqp6AdVDjtGLKS71hox+vdE4S0DoRnMHwHkkt +B6bqQci3RlUP+wcHHRCUXUubxMSlYJqhBdEOclo6N0X0LseLcdAMGda8ZnqbHlyg +hPLmJrM3C5zTLjDb2YJXCy6RVNwqAnU3o33SZCnHqo/zUjEtR03Ztk1DzSeCjo5w +zLac1VFq5S3QdgZUwmPhyeoigqOvHu6Z1s2eL8Aw7Hn8i6MWLz5sOXAtyC9NPwK/ +qbp1a+GQXzNW4rvKl7ZEFKrBKyj8AiRoVLSRKcqZtFT56ltXQjrwKjsWDTEOzjnm +XCSM96xfay6asQH5fw+haC3RIErwyNV0uUDIVC0xDTZ6NgJEBkp8liwNeHE7eHoN +8qWSZZO2syf7zsFNBFik3GUBEAC7V2o1kBsLFSKwmgsCuGfW0oBIQiaCcakT6D2X +rKBjmzBvh/UIdXQwl9+vPKtWX3T/7g6UBvezV3uc2ZqrigGmFemoQI3sW7wFk0L9 +/QTUWCMfZtyrWgqyetmPYS+i2PnsEPinsgsEHWf3iu/ew1A7npZwINwMdOSOVw2u +JqYyW2tZCErWKVe31ziYUpXA+HaRm9zoVr0F0sE2GYGWbMVYtqxN9TSYcIAHxB71 +Y31dcY77ln/1JAH4Yzqc063w/lNYogEbbQY7WNgcKdPP+aovpV7kS3TKwsdb9/xT +pj67nnlvjLTMRoW3Ez0PcIDFhuube9uOQupYG4rC4grLeVLwL/ekVmn6TxRN1hG7 +6zYXWiwWi16uAO++eBNt127FwCOVZsPO0ye3/XpOpCdpUadguxF2gGt6xY0gtetj +Vdv6S4kCdSx8NMrO2epS/1pgklxN9R/xl7Wu+JPUuVX4Jy0ycmw7TCWxdK2fuFy6 +6aLCXWWEjRSp06oeVJoVV2py+rYaoau7JG7Zgx1A3gYTm6MLFysfROaQgmfRozIH +0boYh3IA1WWzk4I6ew129ynC5zGXg/+UCnKKwn8Tsh9neq9noRDAonWI7jOCipwF +l51py82093M87zjz9o/qxnB8p00jByQ+MunUykaZrkQKHAsiyIF6cUIeQiy/AL7n +wwSPQQARAQABwsFfBBgBAgAJBQJYpNxlAhsMAAoJEG3i6QeOH1DBtO8P/1D98sl3 +oz/0oSSz0u9nzgOh93UkLbXpjSR4U+g7Wl2ppxQyGSFeWwRwT5BT74EVP2IcrraX +V9c7l+s8PYqnUdX2XAqGMv06523cCrNUU93kUUNjAo3FxGSn7i2kHIvMkDbUoeVk +jyWKfIvyy2sKcVB9GQxfMrbnTR5/Z6fCyGHNqMFb9e9TUWclLzMIhvtkvLuKmf52 +TKKxKQt/wero5zb0fynOttIjuhmOP9CFTiYjdj7qSmQapW8VFdYjyzL+OOFk9gCL +S3mIk1LdkfWah7trmMUTXdmiEibvARAQ3Yjr+Hz9yU1gzEJSPUUugNguqgS5kN+T +3TdwUHAP9whVD2IvN/Mfn29bmFFVfzu3ftJIa1zJmOdZy7KWb6MWVhw3SJ65luPB +qxKWRqFDOSpqzBm6bYQ/Oka49Jl7/dCImSm+7bCC7LDK9hXa3AIlDtWvG4iiL18T +wUOrgXPysB/D/NQaRxT/vSPUOB4WrQzIKIf4vJdyuPdtOtIWm97KUw8r/jDqd4I3 +B62qknrrR+FPcz8ACM9fXkpbBEcjFV8EkoOae106Vxjo/lu5LVBbwiKviMMwoK5o +YE7FfCwLBbLTYMeetHo8jGBRonTEOKMtPlp/fCMOp9w7CgMDuvfEwuTsA1ux4uAb +tZZIbipcKcZmsU7Su4+oeyh61giG++M5rL2D +=NFsd +-----END PGP PUBLIC KEY BLOCK----- diff --git a/tpm2-pkcs11.spec b/tpm2-pkcs11.spec index 3f8f422..a2a5ec1 100644 --- a/tpm2-pkcs11.spec +++ b/tpm2-pkcs11.spec @@ -26,6 +26,8 @@ License: BSD-2-Clause Group: Productivity/Security URL: https://github.com/tpm2-software/tpm2-pkcs11 Source0: %{url}/releases/download/%{version}/%{name}-%{version}.tar.gz +Source1: %{url}/releases/download/%{version}/%{name}-%{version}.tar.gz.asc +Source2: %{name}.keyring BuildRequires: autoconf BuildRequires: autoconf-archive >= 2017.03.21 BuildRequires: automake