Accepting request 1069040 from home:schubi2

Update to version 1.1.4 OBS-URL: https://build.opensuse.org/request/show/1069040 OBS-URL: https://build.opensuse.org/package/show/security/fdo-client?expand=0&rev=3
2023-03-03 06:19:06 +00:00 · 2023-03-03 06:19:06 +00:00 · 3c2696c3f3
commit 3c2696c3f3
parent 48aec158a4
8 changed files with 110 additions and 190 deletions
--- a/8
+++ b/8
@ -2,7 +2,7 @@
  <service name="tar_scm" mode="disabled">
    <param name="version">1.0.0</param>
    <param name="versionformat">1.0.0+git%cd.%h</param>
-    <param name="url">git://github.com/intel/safestringlib.git</param>
+    <param name="url">git@github.com:intel/safestringlib.git</param>
    <param name="revision">v1.0.0</param>
    <param name="scm">git</param>
    <param name="changesgenerate">enable</param>
@ -16,10 +16,10 @@
    <param name="changesgenerate">enable</param>
  </service>  
  <service name="tar_scm" mode="disabled">
-    <param name="version">1.0.0</param>
-    <param name="versionformat">1.0.0+git%cd.%h</param>
+    <param name="version">1.1.4</param>
+    <param name="versionformat">1.1.4+git%cd.%h</param>
    <param name="url">git@github.com:secure-device-onboard/client-sdk-fidoiot.git</param>
-    <param name="revision">v1.0.0</param>
+    <param name="revision">v1.1.4</param>
    <param name="scm">git</param>
    <param name="filename">fdo-client</param>
    <param name="changesgenerate">enable</param>
--- a/6
+++ b/6
@ -9,6 +9,8 @@
 </service> 
  <service name="tar_scm">
    <param name="url">git@github.com:secure-device-onboard/client-sdk-fidoiot.git</param>
-    <param name="changesrevision">baa09b537ddbb4ce9fdf289ad55e885526d045ec</param>
+    <param name="changesrevision">c8ef7576afa1b250ff9460b519238f32711ef175</param>
 </service> 
-</servicedata>
+<service name="tar_scm">
+                <param name="url">git@github.com:intel/safestringlib.git</param>
+              <param name="changesrevision">5da1badd337e68c1334fb232c778166f46f6d9f9</param></service></servicedata>
--- a/build.patch
+++ b/build.patch
@ -1,6 +1,5 @@
-diff -u a/blob_path.cmake b/blob_path.cmake
--- a/cmake/blob_path.cmake	2021-10-14 22:02:06.855474972 +0200
-+++ b/cmake/blob_path.cmake	2021-10-14 22:19:21.969170219 +0200
+--- org/cmake/blob_path.cmake	2022-12-09 09:44:34.000000000 +0100
+++ patch/cmake/blob_path.cmake	2023-03-02 14:51:38.637622177 +0100
@@ -7,17 +7,18 @@
 # Note all blobs and data will be made relative.
 # if absoulte is needed declare BLOB_PATH on CLI
@ -99,7 +98,7 @@ diff -u a/blob_path.cmake b/blob_path.cmake
 	)
       if (${DA_FILE} MATCHES pem)
 	client_sdk_compile_definitions(
-@@ -164,10 +165,10 @@
+@@ -164,9 +165,9 @@
 # Configure if needed at a later point
 # configure_file(${BLOB_PATH}/data/Normal.blob NEWLINE_STYLE DOS)
 
@ -109,19 +108,15 @@ diff -u a/blob_path.cmake b/blob_path.cmake
 -file(WRITE ${BLOB_PATH}/data/Normal.blob "")
 -file(WRITE ${BLOB_PATH}/data/Secure.blob "")
 -file(WRITE ${BLOB_PATH}/data/raw.blob "")
-file(WRITE ${BLOB_PATH}/data/max_serviceinfo_sz.bin "")
 +file(WRITE ./data/platform_iv.bin "")
 +file(WRITE ./data/platform_hmac_key.bin "")
 +file(WRITE ./data/platform_aes_key.bin "")
 +file(WRITE ./data/Normal.blob "")
 +file(WRITE ./data/Secure.blob "")
 +file(WRITE ./data/raw.blob "")
-+file(WRITE ./data/max_serviceinfo_sz.bin "")
-Nur in b: blob_path.cmake~.
-diff -u a/cli_input.cmake b/cli_input.cmake
--- a/cmake/cli_input.cmake	2021-10-14 22:24:53.078959088 +0200
-+++ b/cmake/cli_input.cmake	2021-10-14 22:26:36.187516122 +0200
-@@ -24,6 +24,7 @@
+--- org/cmake/cli_input.cmake	2022-12-09 09:44:34.000000000 +0100
+++ patch/cmake/cli_input.cmake	2023-03-02 14:56:02.036016802 +0100
+@@ -25,6 +25,7 @@
 set (STORAGE true)
 set (BOARD NUCLEO_F767ZI)
 set (BLOB_PATH .)
@ -129,7 +124,7 @@ diff -u a/cli_input.cmake b/cli_input.cmake
 set (TPM2_TCTI_TYPE tabrmd)
 set (RESALE true)
 set (REUSE true)
-@@ -501,6 +502,36 @@
+@@ -530,6 +531,37 @@
 message("Selected BLOB_PATH ${BLOB_PATH}")
 
 ###########################################
@ -162,8 +157,8 @@ diff -u a/cli_input.cmake b/cli_input.cmake
 +set(CACHED_RO_BLOB_PATH ${RO_BLOB_PATH} CACHE STRING "Selected RO_BLOB_PATH")
 +message("Selected RO_BLOB_PATH ${RO_BLOB_PATH}")
 +
+
 +###########################################
 # FOR WIFI_SSID
 get_property(cached_wifi_ssid_value CACHE WIFI_SSID PROPERTY VALUE)
 
-Nur in b: cli_input.cmake~.
--- a/fdo-client-1.0.0+git20210816.baa09b5.tar.xz
+++ b/fdo-client-1.0.0+git20210816.baa09b5.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f35493ad6470003d707834b11614296300f578163c474c7219a9aa4eff82b3c0
-size 255368
--- a/fdo-client-1.1.4+git20221209.c8ef757.tar.xz
+++ b/fdo-client-1.1.4+git20221209.c8ef757.tar.xz
--- a/fdo-client.changes
+++ b/fdo-client.changes
@ -1,3 +1,60 @@
+-------------------------------------------------------------------
+Thu Mar 02 11:38:56 UTC 2023 - schubi@suse.com
+
+- Update to version 1.1.4+git20221209.c8ef757:
+  * Readme update (#210)
+  * Updating the readme with openssl 1.1.1s (#209)
+  * Fix TO when IP/RV is empty string (#208)
+  * * Replaced unsafe string function (#207)
+  * Increase max message buffer size to 64000 (#205)
+  * Update Curl version as 7.86 in Readme (#206)
+  * Readme updates (#204)
+  * Minimal logs by default (compile time) (#203)
+  * Revert openssl3 (#201)
+  * Update HTTPS connection to use TLS 1.2 (#196)
+  * Openssl 3 porting (#194)
+  * Add curl support for HTTP connection (#195)
+  * Update NOTICE file (#192)
+  * Add CURL support for HTTPS connection (#188)
+  * Readme update for installing safestringlib (#191)
+  * Updating the readme with openssl 1.1.1q (#187)
+  * switch to host.docker.internal (#185)
+  * Fix to enable compilation of CSDK in ubuntu 22 (#183)
+  * Fix TO when IP is NULL (#184)
+  * Update EAT-UEID value as per FIDO working draft specification (#180)
+  * Revert "Update EAT-UEID value as per FIDO working draft specification (#178)" (#179)
+  * Update EAT-UEID value as per FIDO working draft specification (#178)
+  * Updating comments in fdonet.c (#177)
+  * Upgrade OpenSSL toolkit version to 1.1.1n (#176)
+  * Documentation updates (#175)
+  * Add a note regarding fdosys issue (#174)
+  * Update Jenkinsfile to copy PRI artifacts from master (#173)
+  * Merging 1.1 dev branch to master. (#172)
+  * Fix multiple owner support for CSDK devices. (#167)
+  * Fix: fdo_sys:exec_cb/exec not working after initial fdo_sys:exec (#166)
+  * Add implementation for fdo_sys keep-alive (#165)
+  * Fix an issue with keeping in-memory Mfg PublicKey hash (#164)
+  * Update/Tweak Device Status and Cred management (#163)
+  * Updating EAT IANA numbers as per spec ERRATA (#160)
+  * Updating Device ServiceInfo framework to handle writes (#162)
+  * Add TPM support on RHEL (#161)
+  * Update README for RHEL support (#159)
+  * Remove disclaimer from README (#158)
+
+-------------------------------------------------------------------
+Thu Mar 02 11:37:36 UTC 2023 - schubi@suse.com
+
+- Update to version 1.0.0+git20171208.5da1bad:
+  * Use secure functions where appropriate
+  * Added extern definition
+  * Fix Klocwork Errors
+  * Fix output
+  * Fix Core Dump in Unit Test
+  * Add Makefile
+  * publish unit tests
+  * strpcpu_s: remove unsed redundant variable overlap_bumper
+  * Update LICENSE&COPYING.txt
+
 -------------------------------------------------------------------
 Fri Oct 15 17:39:31 UTC 2021 - Stefan Schubert <schubi@suse.de>

--- a/fdo-client.spec
+++ b/fdo-client.spec
@ -17,7 +17,7 @@


 Name:           fdo-client
-Version:        1.0.0+git20210816.baa09b5
+Version:        1.1.4+git20221209.c8ef757
 Release:        0
 Summary:        FIDO Device Onboard Client
 License:        Apache-2.0
@ -32,11 +32,11 @@ Source5:        README
 Patch0:         build.patch
 Patch1:         gcc.patch
 Requires:       openssl
-Obsoletes:      sdo-client
 BuildRequires:  cmake
 BuildRequires:  vim
 BuildRequires:  gcc-c++
 BuildRequires:  libopenssl-devel
+BuildRequires:  libcurl-devel
 %{?systemd_ordering}

 %description
--- a/gcc.patch
+++ b/gcc.patch
@ -1,171 +1,37 @@
--- org/lib/fdoprotctx.c	2021-10-18 21:51:23.914574062 +0200
-+++ patch/lib/fdoprotctx.c	2021-10-18 21:49:40.170002557 +0200
-@@ -118,8 +118,11 @@
+--- org/network/network_if_linux.c	2022-12-09 09:44:34.000000000 +0100
+++ patch/network/network_if_linux.c	2023-03-02 16:05:07.625074915 +0100
+@@ -246,7 +246,7 @@
+ 		goto err;
+ 	}
 
- 	switch (prot_ctx->protdata->state) {
- 	case FDO_STATE_DI_APP_START: /* type 10 */
-		ATTRIBUTE_FALLTHROUGH;
-+		{
-+			ATTRIBUTE_FALLTHROUGH;
-+		}
- 	case FDO_STATE_DI_SET_CREDENTIALS: /* type 11 */
-+		{
- 		if (prot_ctx->host_dns) {
- 			if (prot_ctx->resolved_ip) {
- 				fdo_free(prot_ctx->resolved_ip);
-@@ -133,9 +136,12 @@
- 				break;
+-	if (ip_addr->addr) {
+	if (ip_addr->length > 0) {
+ 		ip_ascii = fdo_alloc(IP_TAG_LEN);
+ 		if (!ip_ascii) {
+ 			goto err;
+@@ -331,7 +331,7 @@
 		}
 	}
-		ATTRIBUTE_FALLTHROUGH;
-+			ATTRIBUTE_FALLTHROUGH;
-+		}
- 	case FDO_STATE_DI_SET_HMAC: /* type 12 */
-		ATTRIBUTE_FALLTHROUGH;
-+		{
-+			ATTRIBUTE_FALLTHROUGH;
-+		}
- 	case FDO_STATE_DI_DONE: /* type 13 */
- 		ret = connect_to_manufacturer(
- 			      prot_ctx->resolved_ip ? prot_ctx->resolved_ip : prot_ctx->host_ip,
-@@ -144,24 +150,30 @@
- 			      (prot_ctx->tls ? &prot_ctx->ssl : NULL));
- 		break;
- 	case FDO_STATE_T01_SND_HELLO_FDO: /* type 30 */
-		ATTRIBUTE_FALLTHROUGH;
-+		{
-+			ATTRIBUTE_FALLTHROUGH;
-+		}
- 	case FDO_STATE_TO1_RCV_HELLO_FDOACK: /* type 31 */
-		if (prot_ctx->host_dns) {
-			if (prot_ctx->resolved_ip) {
-				fdo_free(prot_ctx->resolved_ip);
-			}
-			if (!resolve_dn(prot_ctx->host_dns,
-					&prot_ctx->resolved_ip,
-					prot_ctx->host_port,
-					(prot_ctx->tls ? &prot_ctx->ssl : NULL),
-					is_rv_proxy_defined())) {
-				ret = false;
-				fdo_free(prot_ctx->resolved_ip);
-+		{
-+			if (prot_ctx->host_dns) {
-+				if (prot_ctx->resolved_ip) {
-+					fdo_free(prot_ctx->resolved_ip);
-+				}
-+				if (!resolve_dn(prot_ctx->host_dns,
-+						&prot_ctx->resolved_ip,
-+						prot_ctx->host_port,
-+						(prot_ctx->tls ? &prot_ctx->ssl : NULL),
-+						is_rv_proxy_defined())) {
-+					ret = false;
-+					fdo_free(prot_ctx->resolved_ip);
-+				}
- 			}
-+			ATTRIBUTE_FALLTHROUGH;
- 		}
-		ATTRIBUTE_FALLTHROUGH;
- 	case FDO_STATE_TO1_SND_PROVE_TO_FDO: /* type 32 */
-		ATTRIBUTE_FALLTHROUGH;
-+		{
-+			ATTRIBUTE_FALLTHROUGH;
-+		}
- 	case FDO_STATE_TO1_RCV_FDO_REDIRECT: /* type 33 */
- 		// try DNS's resolved IP first, if it fails, try given IP address
- 		ret = connect_to_rendezvous(
-@@ -174,40 +186,62 @@
- 		}
- 		break;
- 	case FDO_STATE_T02_SND_HELLO_DEVICE: /* type 60 */
-		ATTRIBUTE_FALLTHROUGH;
-+		{	
-+			ATTRIBUTE_FALLTHROUGH;
-+		}
- 	case FDO_STATE_TO2_RCV_PROVE_OVHDR: /* type 61 */
-		if (prot_ctx->host_dns) {
-			if (prot_ctx->resolved_ip) {
-				fdo_free(prot_ctx->resolved_ip);
-			}
-			if (!resolve_dn(prot_ctx->host_dns,
-					&prot_ctx->resolved_ip,
-					prot_ctx->host_port,
-					(prot_ctx->tls ? &prot_ctx->ssl : NULL),
-					is_owner_proxy_defined())) {
-				ret = false;
-				fdo_free(prot_ctx->resolved_ip);
-+		{
-+			if (prot_ctx->host_dns) {
-+				if (prot_ctx->resolved_ip) {
-+					fdo_free(prot_ctx->resolved_ip);
-+				}
-+				if (!resolve_dn(prot_ctx->host_dns,
-+						&prot_ctx->resolved_ip,
-+						prot_ctx->host_port,
-+						(prot_ctx->tls ? &prot_ctx->ssl : NULL),
-+						is_owner_proxy_defined())) {
-+					ret = false;
-+					fdo_free(prot_ctx->resolved_ip);
-+				}
- 			}
-+			ATTRIBUTE_FALLTHROUGH;
- 		}
-		ATTRIBUTE_FALLTHROUGH;
- 	case FDO_STATE_TO2_SND_GET_OP_NEXT_ENTRY: /* type 62 */
-		ATTRIBUTE_FALLTHROUGH;
-+ 		{
-+			ATTRIBUTE_FALLTHROUGH;
-+		}
- 	case FDO_STATE_T02_RCV_OP_NEXT_ENTRY: /* type 63 */
-		ATTRIBUTE_FALLTHROUGH;
-+		{
-+			ATTRIBUTE_FALLTHROUGH;
-+		}
- 	case FDO_STATE_TO2_SND_PROVE_DEVICE: /* type 64 */
-		ATTRIBUTE_FALLTHROUGH;
-+		{
-+			ATTRIBUTE_FALLTHROUGH;
-+		}
- 	case FDO_STATE_TO2_RCV_GET_NEXT_DEVICE_SERVICE_INFO: /* type 65 */
-		ATTRIBUTE_FALLTHROUGH;
-+		{
-+			ATTRIBUTE_FALLTHROUGH;
-+		}
- 	case FDO_STATE_TO2_SND_NEXT_DEVICE_SERVICE_INFO: /* type 66 */
-		ATTRIBUTE_FALLTHROUGH;
-+		{
-+			ATTRIBUTE_FALLTHROUGH;
-+		}
- 	case FDO_STATE_TO2_RCV_SETUP_DEVICE: /* type 67 */
-		ATTRIBUTE_FALLTHROUGH;
-+		{
-+			ATTRIBUTE_FALLTHROUGH;
-+		}
- 	case FDO_STATE_T02_SND_GET_NEXT_OWNER_SERVICE_INFO: /* type 68 */
-		ATTRIBUTE_FALLTHROUGH;
-+		{
-+			ATTRIBUTE_FALLTHROUGH;
-+		}
- 	case FDO_STATE_T02_RCV_NEXT_OWNER_SERVICE_INFO: /* type 69 */
-		ATTRIBUTE_FALLTHROUGH;
-+		{
-+			ATTRIBUTE_FALLTHROUGH;
-+		}
- 	case FDO_STATE_TO2_SND_DONE: /* type 70 */
-		ATTRIBUTE_FALLTHROUGH;
-+		{
-+			ATTRIBUTE_FALLTHROUGH;
-+		}
- 	case FDO_STATE_TO2_RCV_DONE_2: /* type 71 */
- 		// try DNS's resolved IP first, if it fails, try given IP address
- 		ret = connect_to_owner(prot_ctx->resolved_ip, prot_ctx->host_port,
--- org/lib/credentials_from_file.c	2021-10-18 22:19:33.447783075 +0200
-+++ patch/lib/credentials_from_file.c	2021-10-18 22:19:20.143711330 +0200
-@@ -228,8 +228,6 @@
+ 
+-	if (ip_addr->addr) {
+	if (ip_addr->length > 0) {
+ 		ip_ascii = fdo_alloc(IP_TAG_LEN);
+ 		if (!ip_ascii) {
+ 			goto err;
+--- org/lib/credentials_from_file.c	2022-12-09 09:44:34.000000000 +0100
+++ patch/lib/credentials_from_file.c	2023-03-02 16:34:46.597314561 +0100
+@@ -231,7 +231,6 @@
 		return true;
 	}
 
 -	LOG(LOG_DEBUG, "Reading DeviceCredential blob of length %"PRIu64"\n", dev_cred_len);
-
+ 
 	fdor = fdo_alloc(sizeof(fdor_t));
 	if (!fdor || !fdor_init(fdor) || !fdo_block_alloc_with_size(&fdor->b, dev_cred_len)) {
- 		LOG(LOG_ERROR, "FDOR Initialization/Allocation failed!\n");
+@@ -531,4 +530,4 @@
+ 		return true;
+ 	}
+ 	return false;
+-}
+\ Kein Zeilenumbruch am Dateiende.
+}