SHA256
1
0
forked from pool/tpm2-0-tss

Update to version 4.1:

+ Security
    - Fixed CVE-2024-29040
+ Fixed
    - fapi: Fix length check on FAPI auth callbacks
    - mu: Correct error message for errors
    - tss2-rc: fix unknown laer handler dropping bits.
    - fapi: Fix deviation from CEL specification (template_value was used instead of template_data).
    - fapi: Fix json syntax error in FAPI profiles which was ignored by json-c.
    - build: fix build fail after make clean.
    - mu: Fix unneeded size check in TPM2B unmarshaling.
    - fapi: Fix missing parameter encryption.
    - build: Fix failed build with --disable-vendor.
    - fapi: Fix flush of persistent handles.
    - fapi: Fix test provisioning with template with self generated certificate disabled.
    - fapi: Fix error in Fapi_GetInfo it TPM supports SHA3 hash algs.
    - fapi: Revert pcr extension for EV_NO_ACTION events.
    - fapi: Fix strange error messages if nv, ext, or policy path does not exits.
    - fapi: Fix segfault caused by wrong allocation of pcr policy.
    - esys: Fix leak in Esys_EvictControl for persistent handles.
    - tss2-tcti: tcti-libtpms: fix test failure on big-endian platform.
    - esys: Add reference counting for Esys_TR_FromTPMPublic.
    - esys: Fix HMAC error if session bind key has an auth value with a trailing 0.
    - fapi: fix usage of self signed certificates in TPM.
    - fapi: Usage of self signed certificates.
    - fapi: A segfault after the error handling of non existing keys.
    - fapi: Fix several leaks.
    - fapi: Fix error handling for policy execution.
    - fapi: Fix usage of persistent handles (should not be flushed)
    - fapi: Fix test provisioning with template (skip test without self generated certificate).

OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=137
This commit is contained in:
Matthias Gerstner 2024-05-03 14:16:18 +00:00 committed by Git OBS Bridge
parent 43cbd52bf9
commit 57ab8ba31f
7 changed files with 184 additions and 22 deletions

View File

@ -1,3 +1,82 @@
-------------------------------------------------------------------
Fri May 3 14:14:50 UTC 2024 - Matthias Gerstner <matthias.gerstner@suse.com>
Update to version 4.1:
+ Security
- Fixed CVE-2024-29040
+ Fixed
- fapi: Fix length check on FAPI auth callbacks
- mu: Correct error message for errors
- tss2-rc: fix unknown laer handler dropping bits.
- fapi: Fix deviation from CEL specification (template_value was used instead of template_data).
- fapi: Fix json syntax error in FAPI profiles which was ignored by json-c.
- build: fix build fail after make clean.
- mu: Fix unneeded size check in TPM2B unmarshaling.
- fapi: Fix missing parameter encryption.
- build: Fix failed build with --disable-vendor.
- fapi: Fix flush of persistent handles.
- fapi: Fix test provisioning with template with self generated certificate disabled.
- fapi: Fix error in Fapi_GetInfo it TPM supports SHA3 hash algs.
- fapi: Revert pcr extension for EV_NO_ACTION events.
- fapi: Fix strange error messages if nv, ext, or policy path does not exits.
- fapi: Fix segfault caused by wrong allocation of pcr policy.
- esys: Fix leak in Esys_EvictControl for persistent handles.
- tss2-tcti: tcti-libtpms: fix test failure on big-endian platform.
- esys: Add reference counting for Esys_TR_FromTPMPublic.
- esys: Fix HMAC error if session bind key has an auth value with a trailing 0.
- fapi: fix usage of self signed certificates in TPM.
- fapi: Usage of self signed certificates.
- fapi: A segfault after the error handling of non existing keys.
- fapi: Fix several leaks.
- fapi: Fix error handling for policy execution.
- fapi: Fix usage of persistent handles (should not be flushed)
- fapi: Fix test provisioning with template (skip test without self generated certificate).
- fapi: Fix pcr extension for EV_NO_ACTION
- test: Fix fapi-key-create-policy-signed-keyedhash with P_ECC384 profile
- tcti_spi_helper_transmit: ensure FIFO is accessed only after TPM reports commandReady bit is set
- fapi: Fix read large system eventlog (> UINT16_MAX).
- esys tests: Fix layer check for TPM2_RC_COMMAND_CODE (for /dev/tpmrm0)
- test: unit: tcti-libtpms: fix test failed at 32-bit platforms.
- fapi: Fix possible null pointer dereferencing in Fapi_List.
- sys: Fix size check in Tss2_Sys_GetCapability.
- esys: Fix leak in Esys_TR_FromTPMPublic.
- esys: fix unchecked return value in esys crypto.
- fapi: Fix wrong usage of local variable in provisioning.
- fapi: Fix memset 0 in ifapi_json_TPMS_POLICYNV_deserialize.
- fapi: Fix possible out of bound array access in IMA parser.
- tcti device: Fix possible unmarshalling from uninitialized variable.
- fapi: Fix error checking authorization of signing key.
- fapi: Fix cleanup of policy sessions.
- fapi: Eventlog H-CRTM events and different localities.
- fapi: Fix missing synchronization of quote and eventlog.
- faii: Fix invalid free in Fapi_Quote with empty eventlog.
+ Added
- tcti: LetsTrust-TPM2Go TCTI module spi-ltt2go.
- mbedtls: add sha512 hmac.
- fapi: Enable usage of external keys for Fapi_Encrypt.
- fapi: Support download of AMD certificates.
- tcti: Add USB TPM (FTDI MPSSE USB to SPI bridge) TCTI module.
- fapi: The recreation of primaries (except EK) in the owner hierarchy instead the endorsement hierarchy is fixed.
- rc: New TPM return codes added.
- fapi: Further Nuvoton certificates added.
- tpm_types/esys: Add support for Attestable TPM changes in latest TPM spec.
- tcti: Add '/dev/tcm0' to default conf
- fapi: New Nuvoton certificates added.
- esys: Fix leak in Esys_TR_FromTPMPublic.
+ Removed
- Testing on Ubuntu 18.04 as it's near EOL (May 2023).
- tpm2-tss.keyring: added Andreas Fuchs 0x8F4F9A45D7FFEE74 key, documented
in upstream repo, which was used for signing this new release tarball.
------------------------------------------------------------------- -------------------------------------------------------------------
Sat Jan 13 17:45:03 UTC 2024 - Callum Farmer <gmbr3@opensuse.org> Sat Jan 13 17:45:03 UTC 2024 - Callum Farmer <gmbr3@opensuse.org>

View File

@ -1,7 +1,7 @@
# #
# spec file for package tpm2-0-tss # spec file for package tpm2-0-tss
# #
# Copyright (c) 2023 SUSE LLC # Copyright (c) 2024 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -17,7 +17,7 @@
Name: tpm2-0-tss Name: tpm2-0-tss
Version: 4.0.1 Version: 4.1.0
Release: 0 Release: 0
Summary: Intel's TCG Software Stack access libraries for TPM 2.0 chips Summary: Intel's TCG Software Stack access libraries for TPM 2.0 chips
License: BSD-2-Clause License: BSD-2-Clause
@ -74,9 +74,11 @@ Requires: libtss2-rc0 = %{version}
Requires: libtss2-sys1 = %{version} Requires: libtss2-sys1 = %{version}
Requires: libtss2-tcti-cmd0 = %{version} Requires: libtss2-tcti-cmd0 = %{version}
Requires: libtss2-tcti-device0 = %{version} Requires: libtss2-tcti-device0 = %{version}
Requires: libtss2-tcti-i2c-helper0 = %{version}
Requires: libtss2-tcti-mssim0 = %{version} Requires: libtss2-tcti-mssim0 = %{version}
Requires: libtss2-tcti-pcap0 = %{version} Requires: libtss2-tcti-pcap0 = %{version}
Requires: libtss2-tcti-spi-helper0 = %{version} Requires: libtss2-tcti-spi-helper0 = %{version}
Requires: libtss2-tcti-spidev0 = %{version}
Requires: libtss2-tcti-swtpm0 = %{version} Requires: libtss2-tcti-swtpm0 = %{version}
Requires: libtss2-tctildr0 = %{version} Requires: libtss2-tctildr0 = %{version}
Requires: tpm2-0-tss = %{version} Requires: tpm2-0-tss = %{version}
@ -143,6 +145,15 @@ TPM Command Transmission Interface library for communicating with a
TPM device node. This provides direct access to the TPM through the Linux TPM device node. This provides direct access to the TPM through the Linux
kernel driver. kernel driver.
%package -n libtss2-tcti-spidev0
Summary: TCTI interface library for communicating with a SPI attached TPM
Group: System/Libraries
%description -n libtss2-tcti-spidev0
TPM Command Transmission Interface library for communicating with a
TPM device node. This provides direct access to the TPM through the Linux
kernel driver.
%package -n libtss2-tcti-mssim0 %package -n libtss2-tcti-mssim0
Summary: TCTI interface library for Microsoft software TPM2 simulator Summary: TCTI interface library for Microsoft software TPM2 simulator
Group: System/Libraries Group: System/Libraries
@ -219,6 +230,16 @@ the details of communication with a TPM via SPI protocol. It uses user
supplied methods for SPI and timing operations in order to be platform supplied methods for SPI and timing operations in order to be platform
independent. independent.
%package -n libtss2-tcti-i2c-helper0
Summary: TCTI i2c interface library
Group: System/Libraries
%description -n libtss2-tcti-i2c-helper0
A TCTI module for communication via I2C TPM device driver. Abstracts
the details of communication with a TPM via I2C protocol. It uses user
supplied methods for I2C and timing operations in order to be platform
independent.
%prep %prep
%autosetup -n tpm2-tss-%{version} %autosetup -n tpm2-tss-%{version}
@ -255,6 +276,8 @@ rm %{buildroot}%{_sysusersdir}/tpm2-tss.conf
%postun -n libtss2-tctildr0 -p /sbin/ldconfig %postun -n libtss2-tctildr0 -p /sbin/ldconfig
%post -n libtss2-tcti-device0 -p /sbin/ldconfig %post -n libtss2-tcti-device0 -p /sbin/ldconfig
%postun -n libtss2-tcti-device0 -p /sbin/ldconfig %postun -n libtss2-tcti-device0 -p /sbin/ldconfig
%post -n libtss2-tcti-spidev0 -p /sbin/ldconfig
%postun -n libtss2-tcti-spidev0 -p /sbin/ldconfig
%post -n libtss2-tcti-mssim0 -p /sbin/ldconfig %post -n libtss2-tcti-mssim0 -p /sbin/ldconfig
%postun -n libtss2-tcti-mssim0 -p /sbin/ldconfig %postun -n libtss2-tcti-mssim0 -p /sbin/ldconfig
%post -n libtss2-mu0 -p /sbin/ldconfig %post -n libtss2-mu0 -p /sbin/ldconfig
@ -273,6 +296,8 @@ rm %{buildroot}%{_sysusersdir}/tpm2-tss.conf
%postun -n libtss2-tcti-pcap0 -p /sbin/ldconfig %postun -n libtss2-tcti-pcap0 -p /sbin/ldconfig
%post -n libtss2-tcti-spi-helper0 -p /sbin/ldconfig %post -n libtss2-tcti-spi-helper0 -p /sbin/ldconfig
%postun -n libtss2-tcti-spi-helper0 -p /sbin/ldconfig %postun -n libtss2-tcti-spi-helper0 -p /sbin/ldconfig
%post -n libtss2-tcti-i2c-helper0 -p /sbin/ldconfig
%postun -n libtss2-tcti-i2c-helper0 -p /sbin/ldconfig
%files %files
%doc *.md %doc *.md
@ -309,6 +334,9 @@ rm %{buildroot}%{_sysusersdir}/tpm2-tss.conf
%files -n libtss2-tcti-device0 %files -n libtss2-tcti-device0
%{_libdir}/libtss2-tcti-device.so.* %{_libdir}/libtss2-tcti-device.so.*
%files -n libtss2-tcti-spidev0
%{_libdir}/libtss2-tcti-spidev.so.*
%files -n libtss2-tcti-mssim0 %files -n libtss2-tcti-mssim0
%{_libdir}/libtss2-tcti-mssim.so.* %{_libdir}/libtss2-tcti-mssim.so.*
@ -338,4 +366,7 @@ rm %{buildroot}%{_sysusersdir}/tpm2-tss.conf
%files -n libtss2-tcti-spi-helper0 %files -n libtss2-tcti-spi-helper0
%{_libdir}/libtss2-tcti-spi-helper.so.* %{_libdir}/libtss2-tcti-spi-helper.so.*
%files -n libtss2-tcti-i2c-helper0
%{_libdir}/libtss2-tcti-i2c-helper.so.*
%changelog %changelog

BIN
tpm2-tss-4.0.1.tar.gz (Stored with Git LFS)

Binary file not shown.

View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEW0grjj4Z2nyXjh0BbeLpB44fUMEFAmPO1PMACgkQbeLpB44f
UMFtQw/+IDx+P0RGWthfR3f4t/cfp9JBgiHfujNigWpv9LNG439Sew+8njEsmvEP
2yAHIiJGFMkwXadLNWgUnhvGYS628zqoPMLgDUW9PVAirrvo6XMf45wrBVLOZTX/
1N6Bol9wT3TfcVUnSbL/0oZwgTAxSDQJB7I64788ujwGnrbBLTEirDB/sqVVFF5k
1g3rMMH95nTGBqm96PA8gKYutOdOpOH9Gn/CexX9NuDrb00Nqx906kybkCIYEkdy
2Fp03zNTEo+iRtSIhrDZVbab/1UUN2r0rc6T6gABePUHS2lxPth6tLX0tVpq3RLJ
1mi7XJuri2Mqw4APOnavrK5qpCgAqONOn92+QqzmPylUFsRM6mzalDALvDwwknp4
sEohsiPyxCC+oSErm5Urh3yUlZ8c068zQ1OXGOdZPNM281bEGf3ORRemkI1gT7eI
cC4Y3YRuWBeQyoANAzrAJYttsOe9ia/PadnnQiWcMPH4o4hGjgvYPJuI6fePn2SS
dgC9Z1O1LOk17XnNQb3cAshiOPQo8BjQB89QUi4pJRCbpY6WEB6Wc9OmEEhUuWDT
3ECHeDZGPRg6G4xELT2SZ2QMDhlfORaV0hbU0lMoNMQrslrZALm8424bDt3Q7R9j
iPkpp4ArVdxYvbENkdVcZBZF0qAmPmolNv/PkLVK0o9mYEmXVp8=
=vwbh
-----END PGP SIGNATURE-----

BIN
tpm2-tss-4.1.0.tar.gz (Stored with Git LFS) Normal file

Binary file not shown.

16
tpm2-tss-4.1.0.tar.gz.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEE1TMnWwEj0KZ59R/0j0+aRdf/7nQFAmYrk68ACgkQj0+aRdf/
7nQveRAAmYAVPbiF77l5pyLh6Ti+qeZpr2vtJh7CFSYbvuMZ0QGSKLKaOmC/NoMe
AQOgl72oYsv+cFZUs7xHLOOZx+quLlDoXQVEc8LNtByOwZJ8ROeXO0VNRshl3+/4
yDDzbYZT33APHxh/8NBkuplHztr5bsiqHX6y/xKrrfoyWKPQufd+YVSsHq2qHAUE
MVXI78vS+RltR72pT+5VxUQq0zDFjS38DBJ6JJOmhLr+JqY3i0Ajfv1yCRl8CINw
xPlcVAh/Vy/THOXkt7rETlZQPtaCLfIrp3/Lo7fRbjn1MNDbD9kZdbsDmRuRu2Q+
dZWTa8yiXyzPQyGJd7lmRWor1HiW4VonGAHVMsGl+DyMoNaH2ObJPYZnLDDNA/WS
qj89vA71BB7urvHmn4r9h7cIQNg9rYweXtYxNII2El7mmJF2p8SbN47CKD7JZVzT
+lIXtdfq8RlYmfqkYVA6rRyr/RH8jcxY0ICr0+zs1Cn5o/m1nPAaOaQ9l2a0aIQG
AqBtGADuX+o37Cn4oWJ93lK/fbpcfM1gPMd7akEUR0RSNGhQsjE/QEYH9SsgKQHk
+PGAztgdNd+3+5FQ9MQTSmvHp60hHWoQhfkTreCvp+6Q69Hmw3fpxVZINMivuITP
CDFUkszTVRjNpg9NnThbdYae9zV9RznoKe0Cr8nJ5d5JfMPpLpc=
=kG6x
-----END PGP SIGNATURE-----

View File

@ -49,3 +49,55 @@ YE7FfCwLBbLTYMeetHo8jGBRonTEOKMtPlp/fCMOp9w7CgMDuvfEwuTsA1ux4uAb
tZZIbipcKcZmsU7Su4+oeyh61giG++M5rL2D tZZIbipcKcZmsU7Su4+oeyh61giG++M5rL2D
=xdFJ =xdFJ
-----END PGP PUBLIC KEY BLOCK----- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGW4tWABEADShIa5S7B036c2JMRfM26ihylWXfU0emxn4n9JwdewWakT6r2y
HU5L9b3hkcz8KOIsGAiVyn7bWoK9Q+OJGr0Alm38Jl1FbXGa/TaKeenVCTNWrOHZ
SLrDPbs8k84KNsvPEOMCapnrOHl+Nm1T0GosJonIzNe1X1ArCN9Zn+SstW+JZeaQ
IVNjVGKm59roU+EejaYuXqalAWhKq4I9Jd52yfy8TgWEFjk2STF3S3FST7SjiHds
bmclhp+Vai2WZGrnbzwyMWL324Nyy8h9+/l9WGspxLh2/1qPXtmaDWp8b49RuYDV
V7OVUSUDfp9eTB7ftfTMFXNbq1TShAkcbxT0xMu+UdTrnfKz1S5rFZ2AwfvvBCBR
laA2T6/lQ/5oOFAK9u96GRtQjsw4YtTnIQyaRj+UD+KWyXL9cZMdQRWyzjRLkINZ
dfj5TpXMmerO1ObOPvdji9o7yqAB3BQklhURlcs86z0dwKI3Cnho+2IbI+7jMKIn
0OGVPAx6GjE3Fia2USHlEPfMx1oTw6eC8PDvtUevz4BcS0GKRvu6n2ucOjtawet4
lDZPnKQwiscwblBE+zL5/dw1gpQ2/jpIMKOPzUL/pclQDi/uQkfaoViyznLkKTr1
l4witEysoKNFcKiorqznVAAermTB3jv7zqVzWRjhs2mhofAaPTtWxc0qSQARAQAB
tCpBbmRyZWFzIEZ1Y2hzIDxhbmRyZWFzLmZ1Y2hzQGluZmluZW9uLmNvbT6JAk4E
EwEKADgWIQTVMydbASPQpnn1H/SPT5pF1//udAUCZbi1YAIbAwULCQgHAgYVCgkI
CwIEFgIDAQIeAQIXgAAKCRCPT5pF1//udCAMD/93TGsv34ICGjfnrrMSCb787L/X
bdziMuqQ62LEaFxy9XlqXDusCF3OxPWXWYzQgCVmBj/zVUSvphsnBsQZR8rtuObr
pfZCXoGM8ig6u16Gqw7zAym5ckDJnAN3urKqQne7jU3R73QpZADHJR/0FDQFOh3q
6g+ZWYeyceaYE1ow1A4QX8OmCdulZHaqEqxNXdVf8PRp5ufpNJ9IyDs3Bki2oh73
hRZuXrp6mo++WqImOkTqepCXyR4ejU5d++Pa7lfdwBOIusmh3f3suGc+6L9sI43j
ndA9+itheUZV7oUW5OvebPQVh9MQ0AXnnCBTlUEG2piJZ9I6XEqTaJCWYqVFHcbY
ZEeuhiNnvtdQOTeeYCWbgK50FW9Aw9knSeqym5nLvoYSFGbOCWOVP9z9mArlObQr
4FoapPXdJgznHnpX8YRdR3t6pCA32NyXppRdUCPylvKsflfLRexwPMPyq4/Zp2tG
RV0VMeZulnujBD4QYUwaChVocj0Hhgti5hfcDn5p+DJZgrm8uyHmEKBZF3tiIw+o
ACVz++mbaVlU3f1wGCwopA6E49U5DozkBXYKQFJ1kLXrSk8XsMNcRDTQROifkIl1
JdZZgXyRkgm/frrCBHeoeK6c9HYLlHBKAYKmDF4spLcK9LFUHfEbOaPxr8/+Lvo3
NwGQM0/sSrngdfjl67kCDQRluLVgARAAzg83xfiOX2qwYIxwf+4phpmUOhK8q8h1
P+rdQWNur4XU+dJRwN94tsA51CrbltOQGBRerz3CVMbSnXMCCz+y7+jFEhWMTc71
B7twmzXWz8kBtHAEUcIA6jI9JExvJlMtp+8FbGwvmOUaCPsFqAfpTMXY3brbxjIZ
cl99AEiWh5HLQNzO9eTCL8a3v2jtIaEFoqUAcsPAlOUYCp7GOguyHmDfGQfYGpO/
rJPbjabx/FAd+A2PuIPXr0KqQItoPrhTRj1pGL80PI71Z9iinIaaTZEDSa2VwKB2
9A+aCYeUi5nWzOhkQdhKYONLuqWjvAdEObfJ79IKiCbzk26Jd3/BvRcUwEnLSBQI
CcBa0K8CmCCWmcmHQGAYG5cNt9VCl+/Lnip0HlU54u8J3CQqy1SfDBL+yqf4gMtI
FcRljUh2mBoc8qDg170EdDx7X7prPOAg/j7PK4/+tCOmPpbZsSyRzJWxLIpxTjvW
JZ+xyn4CM6uxhQLcJsRDMIgHXt3F3Enw4PtgIAjFIyUcCPinebcFUJ2ZpSqtWFhQ
aAFQOvrtz/q7ZlNNtZGHx3HodtK1rhw2AqBE6f930RSW+dqHTcNQXRoDr7y0dtel
eCJA4FLprav4ywQCv67f42zNBwNfz2sHNADoeCwr3KKoSk/EN7IWHgyxWw8J5S7y
x24uTv//7B8AEQEAAYkCNgQYAQoAIBYhBNUzJ1sBI9CmefUf9I9PmkXX/+50BQJl
uLVgAhsMAAoJEI9PmkXX/+50pWAQALC72x4NLjdsru7hLbJYvBj2Lfm2XVxRhEEJ
aotNoCeB45P+QhL6XEQl1xtFc3aUWXAgDMe+9Wc9W90SoAZ6fiuAvifV3EMm6NI6
DO7ScyIOB1qsrxRvbMGo8kCglNb7dCXh/CBnglsnH+jdl1SBrAsWhopYcetPQvOr
JudtTK4FNQYGevgYtcLNmzMmRX7F7N2DJ1IHDHWF2vEECCvEquXXgwJehZ4XmTL7
OAeg1ogz6W3QVpTIK6r07a7RmwBkAtxWiGAcVTxEQQZVkwrWwplRHaVqSfXWIe4V
2MT5zjSzgZ2UqpWHNSxSECctYYXdDjrMXp8ECszk/PIxBV8HJ+ouBw/mBcs6uL8r
TBeOchmlf5wGKzrf/svzQ+8C5o61rC+eqoOVmlkF6l7OJj9s50DS35ty1CEBpJ4H
vG9tAmEadNM+kw3JGN+z/sn1xJek8VpUociQstXLDLZwEKIDYb56u/xEfeR5X5NN
SZvaPpnvbgVUI59GV2stWl53t53EvBW5AokKiYTv2rCddqnOmWomtsUVmvI7ftIn
kCkaxtx2krMCvxaHZ2ickvJH+LCd65IGZ4G3N/MudGp5PlGhAX1KlT7EkQtDWfnD
vT8auAcNHeSG2gCTW3sIkZNm7QvunexwIpe85YqAze8+ZpCtxDP34ahhZGrpIkKN
lFcjH/3q
=o8mM
-----END PGP PUBLIC KEY BLOCK-----