Accepting request 866786 from home:pevik:branches:security

- Update to upstream version 1.6.0 - Drop patches from this release - ibmtss-certifyx509-Fix-uninitialized-variable.patch - ibmtss-fix-dsa-regression.patch OBS-URL: https://build.opensuse.org/request/show/866786 OBS-URL: https://build.opensuse.org/package/show/security/ibmtss?expand=0&rev=39
2021-01-26 11:19:30 +00:00 · 2021-01-26 11:19:30 +00:00 · 734d58e171
commit 734d58e171
parent cb4d660b2f
6 changed files with 14 additions and 252 deletions
--- a/ibmtss-certifyx509-Fix-uninitialized-variable.patch
+++ b/ibmtss-certifyx509-Fix-uninitialized-variable.patch
@ -1,11 +0,0 @@
--- a/utils/certifyx509.c	2020-05-14 20:44:20.000000000 +0200
-+++ b/utils/certifyx509.c	2020-08-17 18:36:52.842956894 +0200
-@@ -137,7 +137,7 @@
-     TPMI_DH_OBJECT		objectHandle = 0;
-     TPMI_DH_OBJECT		signHandle = 0;
-     unsigned int		algCount = 0;
-    TPMI_ALG_SIG_SCHEME    	scheme;
-+    TPMI_ALG_SIG_SCHEME    	scheme = TPM_ALG_ERROR;
-     TPMI_RSA_KEY_BITS 		keyBits = 0;
-     TPMI_ECC_CURVE		curveID = 0;
-     TPMI_ALG_HASH		halg = TPM_ALG_SHA256;
--- a/ibmtss-fix-dsa-regression.patch
+++ b/ibmtss-fix-dsa-regression.patch
@ -1,233 +0,0 @@
-This can be fixed by checking first to see if -rsa appears on its own
-(either as the last option or followed by another option beginning
-with '-') and if it does assuming the default value of 2048 for
-keyBits.  If a non options follows, parse it as a number which keeps
-backwards compatibility with versions before 1.5 while still allowing
-expanded rsa key sizes to be specified.
-
-Signed-off-by: James Bottomley <James.Bottomley@...>
---
- utils/certifyx509.c     |  8 ++-----
- utils/create.c          |  8 ++-----
- utils/createek.c        | 46 +++++++++++++++++++----------------------
- utils/createekcert.c    | 42 +++++++++++++++++--------------------
- utils/createloaded.c    |  8 ++-----
- utils/createprimary.c   |  8 ++-----
- utils/objecttemplates.c |  2 +-
- 7 files changed, 49 insertions(+), 73 deletions(-)
-
-diff --git a/utils/certifyx509.c b/utils/certifyx509.c
-index 2b763eb..3eabc45 100644
--- a/utils/certifyx509.c
-+++ b/utils/certifyx509.c
-@@ -233,14 +233,10 @@ int main(int argc, char *argv[])
- 	else if (strcmp(argv[i], "-rsa") == 0) {
- 	    scheme = TPM_ALG_RSASSA;
- 	    algCount++;
-	    i++;
-	    if (i < argc) {
-+	    if (i + 1 < argc && argv[i+1][0] != '-') {
-+		i++;
- 		sscanf(argv[i],"%hu", &keyBits);
- 	    }
-	    else {
-		printf("Missing keysize parameter for -rsa\n");
-		printUsage();
-	    }
- 	}
- 	else if (strcmp(argv[i], "-ecc") == 0) {
- 	    scheme = TPM_ALG_ECDSA;
-diff --git a/utils/create.c b/utils/create.c
-index f1be83d..a707f2f 100644
--- a/utils/create.c
-+++ b/utils/create.c
-@@ -173,14 +173,10 @@ int main(int argc, char *argv[])
- 	}
- 	else if (strcmp(argv[i], "-rsa") == 0) {
- 	    algPublic = TPM_ALG_RSA;
-	    i++;
-	    if (i < argc) {
-+	    if (i + 1 < argc && argv[i+1][0] != '-') {
-+		i++;
- 		sscanf(argv[i],"%hu", &keyBits);
- 	    }
-	    else {
-		printf("Missing parameter for -rsa\n");
-		printUsage();
-	    }
- 	}
- 	else if (strcmp(argv[i], "-ecc") == 0) {
- 	    algPublic = TPM_ALG_ECC;
-diff --git a/utils/createek.c b/utils/createek.c
-index 602d9ce..f561f78 100644
--- a/utils/createek.c
-+++ b/utils/createek.c
-@@ -196,33 +196,29 @@ int main(int argc, char *argv[])
- 	else if (strcmp(argv[i], "-rsa") == 0) {
- 	    algPublic = TPM_ALG_RSA;
- 	    algCount++;
-	    i++;
-	    if (i < argc) {
-+	    if (i + 1 < argc && argv[i+1][0] != '-') {
-+		i++;
- 		sscanf(argv[i],"%hu", &keyBits);
-		switch (keyBits) {
-		  case 2048:
-		    if (range == LowRange) {
-			ekCertIndex = EK_CERT_RSA_INDEX;
-			ekNonceIndex = EK_NONCE_RSA_INDEX;
-			ekTemplateIndex = EK_TEMPLATE_RSA_INDEX;
-		    }
-		    else {	/* high range */
-			ekCertIndex = EK_CERT_RSA_2048_INDEX_H1;
-		    }
-		    break;
-		  case 3072:
-		    ekCertIndex = EK_CERT_RSA_3072_INDEX_H6;
-		    break;
-		  case 4096:
-		    ekCertIndex = EK_CERT_RSA_4096_INDEX_H7;
-		    break;
-		  default:
-		    printf("Bad key size %s for -rsa\n", argv[i]);
-		    printUsage();
-		}
- 	    }
-	    else {
-		printf("Missing keysize parameter for -rsa\n");
-+	    switch (keyBits) {
-+	    case 2048:
-+		if (range == LowRange) {
-+		    ekCertIndex = EK_CERT_RSA_INDEX;
-+		    ekNonceIndex = EK_NONCE_RSA_INDEX;
-+		    ekTemplateIndex = EK_TEMPLATE_RSA_INDEX;
-+		}
-+		else {	/* high range */
-+		    ekCertIndex = EK_CERT_RSA_2048_INDEX_H1;
-+		}
-+		break;
-+	    case 3072:
-+		ekCertIndex = EK_CERT_RSA_3072_INDEX_H6;
-+		break;
-+	    case 4096:
-+		ekCertIndex = EK_CERT_RSA_4096_INDEX_H7;
-+		break;
-+	    default:
-+		printf("Bad key size %s for -rsa\n", argv[i]);
- 		printUsage();
- 	    }
- 	}
-diff --git a/utils/createekcert.c b/utils/createekcert.c
-index 7049605..02d765c 100644
--- a/utils/createekcert.c
-+++ b/utils/createekcert.c
-@@ -179,31 +179,27 @@ int main(int argc, char *argv[])
- 	else if (strcmp(argv[i], "-rsa") == 0) {
- 	    algPublic = TPM_ALG_RSA;
- 	    algCount++;
-	    i++;
-	    if (i < argc) {
-+	    if (i + 1 < argc && argv[i+1][0] != '-') {
-+		i++;
- 		sscanf(argv[i],"%hu", &keyBits);
-		switch (keyBits) {
-		  case 2048:
-		    if (range == LowRange) {
-			ekCertIndex = EK_CERT_RSA_INDEX;
-		    }
-		    else {	/* high range */
-			ekCertIndex = EK_CERT_RSA_2048_INDEX_H1;
-		    }
-		    break;
-		  case 3072:
-		    ekCertIndex = EK_CERT_RSA_3072_INDEX_H6;
-		    break;
-		  case 4096:
-		    ekCertIndex = EK_CERT_RSA_4096_INDEX_H7;
-		    break;
-		  default:
-		    printf("Bad key size %s for -rsa\n", argv[i]);
-		    printUsage();
-		}
- 	    }
-	    else {
-		printf("Missing keysize parameter for -rsa\n");
-+	    switch (keyBits) {
-+	    case 2048:
-+		if (range == LowRange) {
-+		    ekCertIndex = EK_CERT_RSA_INDEX;
-+		}
-+		else {	/* high range */
-+		    ekCertIndex = EK_CERT_RSA_2048_INDEX_H1;
-+		}
-+		break;
-+	    case 3072:
-+		ekCertIndex = EK_CERT_RSA_3072_INDEX_H6;
-+		break;
-+	    case 4096:
-+		ekCertIndex = EK_CERT_RSA_4096_INDEX_H7;
-+		break;
-+	    default:
-+		printf("Bad key size %s for -rsa\n", argv[i]);
- 		printUsage();
- 	    }
- 	}
-diff --git a/utils/createloaded.c b/utils/createloaded.c
-index a481cb3..fe97ab4 100644
--- a/utils/createloaded.c
-+++ b/utils/createloaded.c
-@@ -167,14 +167,10 @@ int main(int argc, char *argv[])
- 	}
- 	else if (strcmp(argv[i], "-rsa") == 0) {
- 	    algPublic = TPM_ALG_RSA;
-	    i++;
-	    if (i < argc) {
-+	    if (i + 1 < argc && argv[i+1][0] != '-') {
-+		i++;
- 		sscanf(argv[i],"%hu", &keyBits);
- 	    }
-	    else {
-		printf("Missing parameter for -rsa\n");
-		printUsage();
-	    }
- 	}
- 	else if (strcmp(argv[i], "-ecc") == 0) {
- 	    algPublic = TPM_ALG_ECC;
-diff --git a/utils/createprimary.c b/utils/createprimary.c
-index 3c7676f..c805674 100644
--- a/utils/createprimary.c
-+++ b/utils/createprimary.c
-@@ -180,14 +180,10 @@ int main(int argc, char *argv[])
- 	}
- 	else if (strcmp(argv[i], "-rsa") == 0) {
- 	    algPublic = TPM_ALG_RSA;
-	    i++;
-	    if (i < argc) {
-+	    if (i + 1 < argc && argv[i+1][0] != '-') {
-+		i++;
- 		sscanf(argv[i],"%hu", &keyBits);
- 	    }
-	    else {
-		printf("Missing parameter for -rsa\n");
-		printUsage();
-	    }
- 	}
- 	else if (strcmp(argv[i], "-ecc") == 0) {
- 	    algPublic = TPM_ALG_ECC;
-diff --git a/utils/objecttemplates.c b/utils/objecttemplates.c
-index 06b07ef..f44398f 100644
--- a/utils/objecttemplates.c
-+++ b/utils/objecttemplates.c
-@@ -538,7 +538,7 @@ void printUsageTemplate(void)
- {
-     printf("\t[Asymmetric Key Algorithm]\n");
-     printf("\n");
-    printf("\t-rsa keybits (default)\n");
-+    printf("\t-rsa [keybits] (default)\n");
-     printf("\t\t(2048 default)\n");
-     printf("\t-ecc curve\n");
-     printf("\t\tbnp256\n");
-- 
-2.26.2
-
-
--- a/ibmtss.changes
+++ b/ibmtss.changes
@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Tue Jan 26 09:19:47 UTC 2021 - Petr Vorel <pvorel@suse.cz>
+
+- Update to upstream version 1.6.0
+- Drop patches from this release
+  - ibmtss-certifyx509-Fix-uninitialized-variable.patch
+  - ibmtss-fix-dsa-regression.patch
+
 -------------------------------------------------------------------
 Thu Oct  1 19:24:56 UTC 2020 - Pedro Monreal Gonzalez <pmonreal@suse.com>

--- a/ibmtss.spec
+++ b/ibmtss.spec
@ -1,7 +1,7 @@
 #
 # spec file for package ibmtss
 #
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -18,12 +18,12 @@

 #
 %define libversion 1
-%define libversion_full 1.5.0
+%define libversion_full 1.6.0
 %define libname libibmtss
 %define libpkgname %{libname}%{libversion}

 Name:           ibmtss
-Version:        1.5.0
+Version:        1.6.0
 Release:        0
 Summary:        IBM's TPM 2.0 TSS
 License:        BSD-3-Clause
@ -32,8 +32,6 @@ URL:            https://sourceforge.net/projects/ibmtpm20tss
 Source:         https://sourceforge.net/projects/ibmtpm20tss/files/ibmtss%{version}.tar.gz
 Source1:        90-tpm-ibmtss.rules
 Patch1:         ibmtss-configure.ac-Do-not-disable-optimization-for-debug-b.patch
-Patch2:         ibmtss-certifyx509-Fix-uninitialized-variable.patch
-Patch3:         ibmtss-fix-dsa-regression.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  ibmswtpm2
--- a/ibmtss1.5.0.tar.gz
+++ b/ibmtss1.5.0.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:22d14871b9cfb1c7ddbcc0e5b379ddc065660d9a7c7b3a4a21a3ba13f1a8ddb1
-size 1037930
--- a/ibmtss1.6.0.tar.gz
+++ b/ibmtss1.6.0.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:83bebb0d36ef9ced6cf3be2be9f0b4463a692d67254df31216271a916aaba851
+size 1255456