rpm/libtpms
SHA256
1
0
Fork 0
forked from pool/libtpms
Code Pull Requests Activity

Accepting request 886589 from home:gary_lin:branches:security

Browse Source 
- Update to version 0.8.2
  * tpm2: rev155: Add new RsaAdjustPrimeCandidate code but do
    not use (bsc#1184939 CVE-2021-3505)
  * tpm2: Activate SEED_COMPAT_LEVEL_RSA_PRIME_ADJUST_FIX
    (bsc#1184939 CVE-2021-3505)

OBS-URL: https://build.opensuse.org/request/show/886589
OBS-URL: https://build.opensuse.org/package/show/security/libtpms?expand=0&rev=25
This commit is contained in:
Marcus Meissner 2021-04-19 14:15:21 +00:00 committed by Git OBS Bridge
parent 15458222e5
commit 3b46b43aa0
4 changed files with 38 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
libtpms.changes
View File

@ -1,3 +1,37 @@
-------------------------------------------------------------------
Mon Apr 19 07:18:37 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
- Update to version 0.8.2
* NOTE: Downgrade to 0.7.x or below is not possible.
Due to fixes in the TPM 2 prime number generation code in
rev155 it is not possible to downgrade from libtpms version
0.8.0 to some previous version. The seeds are now associated
with an age so that older seeds use the old TPM 2 prime number
generation code while newer seed use the newer code.
* tpm2: rev155: Add new RsaAdjustPrimeCandidate code but do
not use (bsc#1184939 CVE-2021-3505)
* tpm2: Activate SEED_COMPAT_LEVEL_RSA_PRIME_ADJUST_FIX
(bsc#1184939 CVE-2021-3505)
* Update to TPM 2 code release 159
- X509 support is enabled
+ SM2 signing of ceritificates is NOT supported
- Authenticated timers are disabled
* Update to TPM 2 code relase 162
- ECC encryption / decryption is disabled
* Fix support for elliptic curve due to missing unmarshalling
code
* Runtime filter supported elliptic curves supported by OpenSSL
* Fix output buffer parameter and size for RSA decryption that
could cause stack corruption under certain circumstances
* Set the RSA PSS salt length to the digest length rather than
max
* Fixes to symmetric decryption related to input size check,
defer padding to the user [EVP_CIPHER_CTX_set_padding(ctx, 0)]
and to always use a temporary malloc'ed buffer for decryption
* Fixed the set of PCRs belonging to the TCB group. This affects
the pcrUpdateCounter in TPM2_Pcrread() responses, thus needs
latest swtpm for test cases to succeed there.
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Mar 19 02:03:20 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com> Fri Mar 19 02:03:20 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>

2
libtpms.spec
View File

@ -18,7 +18,7 @@
%define lname libtpms0 %define lname libtpms0
Name: libtpms Name: libtpms
Version: 0.7.7 Version: 0.8.2
Release: 0 Release: 0
Summary: Library providing Trusted Platform Module (TPM) functionality Summary: Library providing Trusted Platform Module (TPM) functionality
License: BSD-3-Clause License: BSD-3-Clause

3
v0.7.7.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:9f23b97594bb9c6d3c50e33c9be8435f03d91a591c2288b03056321e06c95db3
size 1217129

3
v0.8.2.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:3c533017b4eee60d907409ee39ad6f1cd0380c2ceabf583f1749a73ea87e9d3e
size 1253915