Accepting request 926517 from home:aplanas:branches:security

- Update to 1.7.0 + DB Schema Change from 5 to 7. * Backup your DB before upgrading + Fixed compilation issues with GCC11. + Fixed errors on releases due to newer compilers from failing by only adding -Werror for non-release builds. + Fixed error message when the DB is too new in tpm2_ptool. + Added support for tpm2_ptool import with ssh-keygen format keys. Note: Requires cryptography >= 3.0. + Changed default long level from error to warning. + Added better error message for FAPI backend errors along with docs/FAPI.md document. + Changed tpm2_ptool make --algorithm optional. + Fixed error message of wrong attribute name on expected attribute check to be false. + Added support for ECDSA 256, 384 and 512. + Fixed a bug in the Python code DB upgrade path from 4 to 5 where it didn't add AES mode CTR to CKA_ALLOWED_MECHANISMS. + Added tpm2_ptool support for ECC key size 192. + Added support passwordless login for tokens, ie not setting CKF_LOGIN_REQUIRED. + Fixed Running integration tests when Java version has the -ea, like on Debian 11 and OpenJDK 17. + Added support for HMAC keys using tpm2_ptool and the C_Sign and C_Verify interfaces. The following interfaces in ptool have support: * addkey: previous working versions of tpm2-tools will support this. * link: previous working versions of tpm2-tools will support this. * import: requires tpm2-tools 5.2+ for support. + Fixed leaking of temp file descriptors in tpm2_ptool. + Fixed wrong free in tpm code, should use Esys_Free. + Fixed a space formatting issue in tpm2_ptool verify. + Fixed leaked file descriptor in tpm2_ptool. + Fixed a few suspicious sizeof usages in str_padded_copy + Fixed a memory leak of the token list on a failure condition in initialization. OBS-URL: https://build.opensuse.org/request/show/926517 OBS-URL: https://build.opensuse.org/package/show/security/tpm2-pkcs11?expand=0&rev=8
2021-10-20 10:28:43 +00:00 · 2021-10-20 10:28:43 +00:00 · 5b742cbf73
commit 5b742cbf73
parent 5f60b973da
5 changed files with 64 additions and 7 deletions
--- a/tpm2-pkcs11-1.6.0.tar.gz
+++ b/tpm2-pkcs11-1.6.0.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:61e2849c07acb4acbf756bdd6a9fe44f9475343256fa0bdc966b77321169c125
-size 1370370
--- a/tpm2-pkcs11-1.7.0.tar.gz
+++ b/tpm2-pkcs11-1.7.0.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:078a445ed0e9f5009675a162b4b7b88f3520436cfbc791bb2249f37bd1f475bd
+size 1386693
--- a/tpm2-pkcs11-1.7.0.tar.gz.asc
+++ b/tpm2-pkcs11-1.7.0.tar.gz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEW0grjj4Z2nyXjh0BbeLpB44fUMEFAmFSG3QACgkQbeLpB44f
+UMElEQ/9GEz+wfA85IKbd2rtNQax059vLRxU1cwS8N1U0KI3Ij1Y10+mK7aii0JV
+p/iqq3h7lsTU83Im/KX2Bs13I68YTENeTkgtqdIS5/VvGGOWeFdLwBOA3Mfw/S3A
+ZW8X1fyX6hqFB44io/2m+j7EvmHCCQn9x0pVheUo9Jrx2aulknDoKiHorj/esWWp
+NoniIuDWIofrBJ0RrtzzSxJznzQEol6XpZqrWK8Wg2LrlEX9j86PE5dBM9fnHHlx
+rIc4wOl+GXDB6Ulac4F0O2Q8zfroc/tLBkKZyq8tqTYVlew6WDCtgkBWbO1Onbc6
+ZlXGPWoSZGhm1LoM3pbuewyXi2F+8sJiDaySGGubCGC0HT6uStbWqtIHiI4zb8+V
+ih62dDQOLzWe6dIRO187k8N0EsgAe5Dy948xJ0DLTvz+gtwsbpF/Iz0M0py8S8cQ
+9N7BAmHOsJ8Rui4Wix5Fg7PAEof6m6nTxawQpWZEinax0nyF0MeVUc5Dw1w8/Mpu
+0wsIPmCsNgrd7ucsodNpJ2qxj1Uitzh1hRm4K3CbJPWtFRPhF8wOxRQkWkFK98Km
+gChX1uO0VTPjAqqZs1ON0UxAeNgXruE2pbJFKUAe0pxU/k6QRJ3NSi6LeVW6NICN
+DMrT/S4utPlnfGwKsUPtPWQXwCECmT6VA9fR6d/nQG7As4TlSgs=
+=Gwnb
+-----END PGP SIGNATURE-----
--- a/tpm2-pkcs11.changes
+++ b/tpm2-pkcs11.changes
@ -1,3 +1,44 @@
+-------------------------------------------------------------------
+Wed Oct 20 09:58:09 UTC 2021 - Alberto Planas Dominguez <aplanas@suse.com>
+
+- Update to 1.7.0
+  + DB Schema Change from 5 to 7.
+    * Backup your DB before upgrading
+  + Fixed compilation issues with GCC11.
+  + Fixed errors on releases due to newer compilers from failing by
+    only adding -Werror for non-release builds.
+  + Fixed error message when the DB is too new in tpm2_ptool.
+  + Added support for tpm2_ptool import with ssh-keygen format
+    keys. Note: Requires cryptography >= 3.0.
+  + Changed default long level from error to warning.
+  + Added better error message for FAPI backend errors along with
+    docs/FAPI.md document.
+  + Changed tpm2_ptool make --algorithm optional.
+  + Fixed error message of wrong attribute name on expected attribute
+    check to be false.
+  + Added support for ECDSA 256, 384 and 512.
+  + Fixed a bug in the Python code DB upgrade path from 4 to 5 where
+    it didn't add AES mode CTR to CKA_ALLOWED_MECHANISMS.
+  + Added tpm2_ptool support for ECC key size 192.
+  + Added support passwordless login for tokens, ie not setting
+    CKF_LOGIN_REQUIRED.
+  + Fixed Running integration tests when Java version has the -ea,
+    like on Debian 11 and OpenJDK 17.
+  + Added support for HMAC keys using tpm2_ptool and the C_Sign and
+    C_Verify interfaces. The following interfaces in ptool have
+    support:
+    * addkey: previous working versions of tpm2-tools will support
+      this.
+    * link: previous working versions of tpm2-tools will support this.
+    * import: requires tpm2-tools 5.2+ for support.
+  + Fixed leaking of temp file descriptors in tpm2_ptool.
+  + Fixed wrong free in tpm code, should use Esys_Free.
+  + Fixed a space formatting issue in tpm2_ptool verify.
+  + Fixed leaked file descriptor in tpm2_ptool.
+  + Fixed a few suspicious sizeof usages in str_padded_copy
+  + Fixed a memory leak of the token list on a failure condition in
+    initialization.
+
 -------------------------------------------------------------------
 Sun Aug 22 11:04:39 UTC 2021 - Jan Engelhardt <jengelh@inai.de>

--- a/tpm2-pkcs11.spec
+++ b/tpm2-pkcs11.spec
@ -19,7 +19,7 @@
 %define so_ver  0
 %define pythons python3
 Name:           tpm2-pkcs11
-Version:        1.6.0
+Version:        1.7.0
 Release:        0
 Summary:        A PKCS#11 interface for TPM2 hardware
 License:        BSD-2-Clause
@ -29,12 +29,13 @@ Source0:        %{url}/releases/download/%{version}/%{name}-%{version}.tar.gz
 BuildRequires:  autoconf
 BuildRequires:  autoconf-archive >= 2017.03.21
 BuildRequires:  automake
+BuildRequires:  fdupes
 BuildRequires:  libtool
 BuildRequires:  pkgconfig
-BuildRequires:  tpm2.0-tools
+BuildRequires:  python-rpm-generators
 BuildRequires:  python3-base
 BuildRequires:  python3-setuptools
-BuildRequires:  fdupes
+BuildRequires:  tpm2.0-tools
 BuildRequires:  pkgconfig(libcrypto) >= 1.0.2g
 BuildRequires:  pkgconfig(p11-kit-1)
 BuildRequires:  pkgconfig(sqlite3)
@ -43,7 +44,6 @@ BuildRequires:  pkgconfig(tss2-mu)
 BuildRequires:  pkgconfig(tss2-rc)
 BuildRequires:  pkgconfig(tss2-tctildr)
 BuildRequires:  pkgconfig(yaml-0.1)
-BuildRequires:  python-rpm-generators
 %{?python_enable_dependency_generator}

 %description