From 5b742cbf73657fefaa446bcc39359863b169d244c4b43e788013b13e05af12c4 Mon Sep 17 00:00:00 2001
From: Marcus Meissner <meissner@suse.com>
Date: Wed, 20 Oct 2021 10:28:43 +0000
Subject: [PATCH] Accepting request 926517 from home:aplanas:branches:security

- Update to 1.7.0
  + DB Schema Change from 5 to 7.
    * Backup your DB before upgrading
  + Fixed compilation issues with GCC11.
  + Fixed errors on releases due to newer compilers from failing by
    only adding -Werror for non-release builds.
  + Fixed error message when the DB is too new in tpm2_ptool.
  + Added support for tpm2_ptool import with ssh-keygen format
    keys. Note: Requires cryptography >= 3.0.
  + Changed default long level from error to warning.
  + Added better error message for FAPI backend errors along with
    docs/FAPI.md document.
  + Changed tpm2_ptool make --algorithm optional.
  + Fixed error message of wrong attribute name on expected attribute
    check to be false.
  + Added support for ECDSA 256, 384 and 512.
  + Fixed a bug in the Python code DB upgrade path from 4 to 5 where
    it didn't add AES mode CTR to CKA_ALLOWED_MECHANISMS.
  + Added tpm2_ptool support for ECC key size 192.
  + Added support passwordless login for tokens, ie not setting
    CKF_LOGIN_REQUIRED.
  + Fixed Running integration tests when Java version has the -ea,
    like on Debian 11 and OpenJDK 17.
  + Added support for HMAC keys using tpm2_ptool and the C_Sign and
    C_Verify interfaces. The following interfaces in ptool have
    support:
    * addkey: previous working versions of tpm2-tools will support
      this.
    * link: previous working versions of tpm2-tools will support this.
    * import: requires tpm2-tools 5.2+ for support.
  + Fixed leaking of temp file descriptors in tpm2_ptool.
  + Fixed wrong free in tpm code, should use Esys_Free.
  + Fixed a space formatting issue in tpm2_ptool verify.
  + Fixed leaked file descriptor in tpm2_ptool.
  + Fixed a few suspicious sizeof usages in str_padded_copy
  + Fixed a memory leak of the token list on a failure condition in
    initialization.

OBS-URL: https://build.opensuse.org/request/show/926517
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-pkcs11?expand=0&rev=8
---
 tpm2-pkcs11-1.6.0.tar.gz     |  3 ---
 tpm2-pkcs11-1.7.0.tar.gz     |  3 +++
 tpm2-pkcs11-1.7.0.tar.gz.asc | 16 ++++++++++++++
 tpm2-pkcs11.changes          | 41 ++++++++++++++++++++++++++++++++++++
 tpm2-pkcs11.spec             |  8 +++----
 5 files changed, 64 insertions(+), 7 deletions(-)
 delete mode 100644 tpm2-pkcs11-1.6.0.tar.gz
 create mode 100644 tpm2-pkcs11-1.7.0.tar.gz
 create mode 100644 tpm2-pkcs11-1.7.0.tar.gz.asc

diff --git a/tpm2-pkcs11-1.6.0.tar.gz b/tpm2-pkcs11-1.6.0.tar.gz
deleted file mode 100644
index 476a9cc..0000000
--- a/tpm2-pkcs11-1.6.0.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:61e2849c07acb4acbf756bdd6a9fe44f9475343256fa0bdc966b77321169c125
-size 1370370
diff --git a/tpm2-pkcs11-1.7.0.tar.gz b/tpm2-pkcs11-1.7.0.tar.gz
new file mode 100644
index 0000000..16134af
--- /dev/null
+++ b/tpm2-pkcs11-1.7.0.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:078a445ed0e9f5009675a162b4b7b88f3520436cfbc791bb2249f37bd1f475bd
+size 1386693
diff --git a/tpm2-pkcs11-1.7.0.tar.gz.asc b/tpm2-pkcs11-1.7.0.tar.gz.asc
new file mode 100644
index 0000000..14a5ac2
--- /dev/null
+++ b/tpm2-pkcs11-1.7.0.tar.gz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEW0grjj4Z2nyXjh0BbeLpB44fUMEFAmFSG3QACgkQbeLpB44f
+UMElEQ/9GEz+wfA85IKbd2rtNQax059vLRxU1cwS8N1U0KI3Ij1Y10+mK7aii0JV
+p/iqq3h7lsTU83Im/KX2Bs13I68YTENeTkgtqdIS5/VvGGOWeFdLwBOA3Mfw/S3A
+ZW8X1fyX6hqFB44io/2m+j7EvmHCCQn9x0pVheUo9Jrx2aulknDoKiHorj/esWWp
+NoniIuDWIofrBJ0RrtzzSxJznzQEol6XpZqrWK8Wg2LrlEX9j86PE5dBM9fnHHlx
+rIc4wOl+GXDB6Ulac4F0O2Q8zfroc/tLBkKZyq8tqTYVlew6WDCtgkBWbO1Onbc6
+ZlXGPWoSZGhm1LoM3pbuewyXi2F+8sJiDaySGGubCGC0HT6uStbWqtIHiI4zb8+V
+ih62dDQOLzWe6dIRO187k8N0EsgAe5Dy948xJ0DLTvz+gtwsbpF/Iz0M0py8S8cQ
+9N7BAmHOsJ8Rui4Wix5Fg7PAEof6m6nTxawQpWZEinax0nyF0MeVUc5Dw1w8/Mpu
+0wsIPmCsNgrd7ucsodNpJ2qxj1Uitzh1hRm4K3CbJPWtFRPhF8wOxRQkWkFK98Km
+gChX1uO0VTPjAqqZs1ON0UxAeNgXruE2pbJFKUAe0pxU/k6QRJ3NSi6LeVW6NICN
+DMrT/S4utPlnfGwKsUPtPWQXwCECmT6VA9fR6d/nQG7As4TlSgs=
+=Gwnb
+-----END PGP SIGNATURE-----
diff --git a/tpm2-pkcs11.changes b/tpm2-pkcs11.changes
index cb001c0..ea2e15f 100644
--- a/tpm2-pkcs11.changes
+++ b/tpm2-pkcs11.changes
@@ -1,3 +1,44 @@
+-------------------------------------------------------------------
+Wed Oct 20 09:58:09 UTC 2021 - Alberto Planas Dominguez <aplanas@suse.com>
+
+- Update to 1.7.0
+  + DB Schema Change from 5 to 7.
+    * Backup your DB before upgrading
+  + Fixed compilation issues with GCC11.
+  + Fixed errors on releases due to newer compilers from failing by
+    only adding -Werror for non-release builds.
+  + Fixed error message when the DB is too new in tpm2_ptool.
+  + Added support for tpm2_ptool import with ssh-keygen format
+    keys. Note: Requires cryptography >= 3.0.
+  + Changed default long level from error to warning.
+  + Added better error message for FAPI backend errors along with
+    docs/FAPI.md document.
+  + Changed tpm2_ptool make --algorithm optional.
+  + Fixed error message of wrong attribute name on expected attribute
+    check to be false.
+  + Added support for ECDSA 256, 384 and 512.
+  + Fixed a bug in the Python code DB upgrade path from 4 to 5 where
+    it didn't add AES mode CTR to CKA_ALLOWED_MECHANISMS.
+  + Added tpm2_ptool support for ECC key size 192.
+  + Added support passwordless login for tokens, ie not setting
+    CKF_LOGIN_REQUIRED.
+  + Fixed Running integration tests when Java version has the -ea,
+    like on Debian 11 and OpenJDK 17.
+  + Added support for HMAC keys using tpm2_ptool and the C_Sign and
+    C_Verify interfaces. The following interfaces in ptool have
+    support:
+    * addkey: previous working versions of tpm2-tools will support
+      this.
+    * link: previous working versions of tpm2-tools will support this.
+    * import: requires tpm2-tools 5.2+ for support.
+  + Fixed leaking of temp file descriptors in tpm2_ptool.
+  + Fixed wrong free in tpm code, should use Esys_Free.
+  + Fixed a space formatting issue in tpm2_ptool verify.
+  + Fixed leaked file descriptor in tpm2_ptool.
+  + Fixed a few suspicious sizeof usages in str_padded_copy
+  + Fixed a memory leak of the token list on a failure condition in
+    initialization.
+
 -------------------------------------------------------------------
 Sun Aug 22 11:04:39 UTC 2021 - Jan Engelhardt <jengelh@inai.de>
 
diff --git a/tpm2-pkcs11.spec b/tpm2-pkcs11.spec
index fe4d2a9..3f8f422 100644
--- a/tpm2-pkcs11.spec
+++ b/tpm2-pkcs11.spec
@@ -19,7 +19,7 @@
 %define so_ver  0
 %define pythons python3
 Name:           tpm2-pkcs11
-Version:        1.6.0
+Version:        1.7.0
 Release:        0
 Summary:        A PKCS#11 interface for TPM2 hardware
 License:        BSD-2-Clause
@@ -29,12 +29,13 @@ Source0:        %{url}/releases/download/%{version}/%{name}-%{version}.tar.gz
 BuildRequires:  autoconf
 BuildRequires:  autoconf-archive >= 2017.03.21
 BuildRequires:  automake
+BuildRequires:  fdupes
 BuildRequires:  libtool
 BuildRequires:  pkgconfig
-BuildRequires:  tpm2.0-tools
+BuildRequires:  python-rpm-generators
 BuildRequires:  python3-base
 BuildRequires:  python3-setuptools
-BuildRequires:  fdupes
+BuildRequires:  tpm2.0-tools
 BuildRequires:  pkgconfig(libcrypto) >= 1.0.2g
 BuildRequires:  pkgconfig(p11-kit-1)
 BuildRequires:  pkgconfig(sqlite3)
@@ -43,7 +44,6 @@ BuildRequires:  pkgconfig(tss2-mu)
 BuildRequires:  pkgconfig(tss2-rc)
 BuildRequires:  pkgconfig(tss2-tctildr)
 BuildRequires:  pkgconfig(yaml-0.1)
-BuildRequires:  python-rpm-generators
 %{?python_enable_dependency_generator}
 
 %description