rpms
/
libtpms
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: rpms:c9
Branches Tags
rpms:i9c
rpms:c9
rpms:i10cs
rpms:cs10
rpms:i10c-beta
rpms:c10-beta
rpms:i8c-beta-stream-rhel
rpms:c8-beta-stream-rhel
rpms:i8c-stream-rhel
rpms:c8-stream-rhel
...
pull from: rpms:c10-beta
Branches Tags
rpms:i9c
rpms:c9
rpms:i10cs
rpms:cs10
rpms:i10c-beta
rpms:c10-beta
rpms:i8c-beta-stream-rhel
rpms:c8-beta-stream-rhel
rpms:i8c-stream-rhel
rpms:c8-stream-rhel

No commits in common. 'c9' and 'c10-beta' have entirely different histories.
c9 ... c10-beta

10 changed files with 142 additions and 272 deletions
Show Stats

2
.gitignore vendored
Unescape View File

@ -1 +1 @@
SOURCES/libtpms-20211126.tar.xz
SOURCES/libtpms-0.9.6.tar.gz

2
.libtpms.metadata
Unescape View File

@ -1 +1 @@
ae609402e34992590961b0d025e9ef1202d8dede SOURCES/libtpms-20211126.tar.xz
a585c1d34dc8ecd90eda1a2a91d0d2057cbd3914 SOURCES/libtpms-0.9.6.tar.gz

52
SOURCES/0001-tpm2-Check-size-of-buffer-before-accessing-it-CVE-20.patch
Unescape View File

@ -1,52 +0,0 @@
From 324dbb4c27ae789c73b69dbf4611242267919dd4 Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.ibm.com>
Date: Mon, 20 Feb 2023 14:41:10 -0500
Subject: [PATCH] tpm2: Check size of buffer before accessing it (CVE-2023-1017
& -1018)
Check that there are sufficient bytes in the buffer before reading the
cipherSize from it. Also, reduce the bufferSize variable by the number
of bytes that make up the cipherSize to avoid reading and writing bytes
beyond the buffer in subsequent steps that do in-place decryption.
This fixes CVE-2023-1017 & CVE-2023-1018.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
src/tpm2/CryptUtil.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/tpm2/CryptUtil.c b/src/tpm2/CryptUtil.c
index 002fde0..8fae5b6 100644
--- a/src/tpm2/CryptUtil.c
+++ b/src/tpm2/CryptUtil.c
@@ -830,6 +830,10 @@ CryptParameterDecryption(
+ sizeof(session->sessionKey.t.buffer)));
TPM2B_HMAC_KEY key; // decryption key
UINT32 cipherSize = 0; // size of cipher text
+
+ if (leadingSizeInByte > bufferSize)
+ return TPM_RC_INSUFFICIENT;
+
// Retrieve encrypted data size.
if(leadingSizeInByte == 2)
{
@@ -837,6 +841,7 @@ CryptParameterDecryption(
// data to be decrypted
cipherSize = (UINT32)BYTE_ARRAY_TO_UINT16(buffer);
buffer = &buffer[2]; // advance the buffer
+ bufferSize -= 2;
}
#ifdef TPM4B
else if(leadingSizeInByte == 4)
@@ -844,6 +849,7 @@ CryptParameterDecryption(
// the leading size is four bytes so get the four byte size field
cipherSize = BYTE_ARRAY_TO_UINT32(buffer);
buffer = &buffer[4]; //advance pointer
+ bufferSize -= 4;
}
#endif
else
--
2.39.2

37
SOURCES/0001-tpm2-Do-not-call-EVP_PKEY_CTX_set0_rsa_oaep_label-fo.patch
Unescape View File

@ -1,37 +0,0 @@
From e4261984374556da65c9d46097d5a1200b335c0c Mon Sep 17 00:00:00 2001
From: Juergen Repp <juergen.repp@sit.fraunhofer.de>
Date: Sat, 19 Feb 2022 12:59:32 +0100
Subject: [PATCH] tpm2: Do not call EVP_PKEY_CTX_set0_rsa_oaep_label() for
label of size 0 (OSSL 3)
Openssl 3.0 did return an error if EVP_PKEY_CTX_set0_rsa_oaep_label was called
with label size 0. The function should only be called if the size of the label
is greater 0.
With this fix TPM2_RSA_Encrypt/Decrypt did work with OpenSSL 1.1 and 3.0
for encryption without label.
Signed-off-by: Juergen Repp <juergen.repp@sit.fraunhofer.de>
---
src/tpm2/crypto/openssl/CryptRsa.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/src/tpm2/crypto/openssl/CryptRsa.c b/src/tpm2/crypto/openssl/CryptRsa.c
index 4ed04384feb0..b5d6b6c3be82 100644
--- a/src/tpm2/crypto/openssl/CryptRsa.c
+++ b/src/tpm2/crypto/openssl/CryptRsa.c
@@ -1356,10 +1356,9 @@ CryptRsaEncrypt(
if (tmp == NULL)
ERROR_RETURN(TPM_RC_FAILURE);
memcpy(tmp, label->buffer, label->size);
+ if (EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, tmp, label->size) <= 0)
+ ERROR_RETURN(TPM_RC_FAILURE);
}
- // label->size == 0 is supported
- if (EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, tmp, label->size) <= 0)
- ERROR_RETURN(TPM_RC_FAILURE);
tmp = NULL;
break;
default:
--
2.36.0.44.g0f828332d5ac

31
SOURCES/0001-tpm2-Fix-size-check-in-CryptSecretDecrypt.patch
Unescape View File

@ -1,31 +0,0 @@
From 3d2bbe2f1947784506ba0a7f9e8ab81eefb69929 Mon Sep 17 00:00:00 2001
From: Ross Lagerwall <ross.lagerwall@citrix.com>
Date: Mon, 23 May 2022 14:16:57 +0100
Subject: [PATCH] tpm2: Fix size check in CryptSecretDecrypt
Check the secret size against the size of the buffer, not the size
member that has not been set yet.
Reported by Coverity.
Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
---
src/tpm2/CryptUtil.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/tpm2/CryptUtil.c b/src/tpm2/CryptUtil.c
index 9879f918acb6..002fde0987a9 100644
--- a/src/tpm2/CryptUtil.c
+++ b/src/tpm2/CryptUtil.c
@@ -732,7 +732,7 @@ CryptSecretDecrypt(
nonceCaller->t.size);
}
// make sure secret will fit
- if(secret->t.size > data->t.size)
+ if(secret->t.size > sizeof(data->t.buffer))
return TPM_RC_FAILURE;
data->t.size = secret->t.size;
// CFB decrypt, using nonceCaller as iv
--
2.36.0.44.g0f828332d5ac

31
SOURCES/0001-tpm2-Return-TPM_RC_VALUE-upon-decryption-failure.patch
Unescape View File

@ -1,31 +0,0 @@
From 1b0b41293a0d49ff8063542fcb3a5ee1d4e10f7e Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.ibm.com>
Date: Mon, 29 Jul 2024 10:19:00 -0400
Subject: [PATCH] tpm2: Return TPM_RC_VALUE upon decryption failure
When decryption fails then return TPM_RC_VALUE rather than TPM_RC_FAILURE.
The old error code could indicate to an application or driver that
something is wrong with the TPM (has possibly gone into failure mode) even
though only the decryption failed, possibly due to a wrong key.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
src/tpm2/crypto/openssl/CryptRsa.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/tpm2/crypto/openssl/CryptRsa.c b/src/tpm2/crypto/openssl/CryptRsa.c
index b5d6b6c3..88ee3bac 100644
--- a/src/tpm2/crypto/openssl/CryptRsa.c
+++ b/src/tpm2/crypto/openssl/CryptRsa.c
@@ -1457,7 +1457,7 @@ CryptRsaDecrypt(
outlen = sizeof(buffer);
if (EVP_PKEY_decrypt(ctx, buffer, &outlen,
cIn->buffer, cIn->size) <= 0)
- ERROR_RETURN(TPM_RC_FAILURE);
+ ERROR_RETURN(TPM_RC_VALUE);
if (outlen > dOut->size)
ERROR_RETURN(TPM_RC_FAILURE);
--
2.41.0.28.gd7d8841f67

51
SOURCES/0001-tpm2-When-writing-state-initialize-s_ContextSlotMask.patch
Unescape View File

@ -1,51 +0,0 @@
From b662e6fd7169f31ef664ecd0b0b45547462e1e31 Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.ibm.com>
Date: Tue, 4 Jan 2022 14:45:31 -0500
Subject: [PATCH] tpm2: When writing state initialize s_ContextSlotMask if not
set
If s_ContextSlotMask was not set since the TPM 2 was not initialized
by a call to TPM_Manufacture() or the state was not resumed, then
initialize the s_ContextSlotMask to 0xffff.
This situation can occur if a VM with an attached swtpm was started
and the VM's firmware either doesn't support TPM or didn't get to
initialize the vTPM.
The following commands recreated the issue with a SeaBIOS-only VM that
had no attached hard disk but an attached TPM 2:
virsh start BIOS-only-VM ; virsh save BIOS-only-VM save.bin ; \
virsh restore save.bin
Error: Failed to restore domain from save.bin
error: internal error: qemu unexpectedly closed the monitor: \
2022-01-04T19:26:18.835851Z qemu-system-x86_64: tpm-emulator: Setting the stateblob (type 2) failed with a TPM error 0x3 a parameter is bad
2022-01-04T19:26:18.835899Z qemu-system-x86_64: error while loading state for instance 0x0 of device 'tpm-emulator'
2022-01-04T19:26:18.835929Z qemu-system-x86_64: load of migration failed: Input/output error
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2035731
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
src/tpm2/NVMarshal.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/tpm2/NVMarshal.c b/src/tpm2/NVMarshal.c
index 996c73c..c7cd1e0 100644
--- a/src/tpm2/NVMarshal.c
+++ b/src/tpm2/NVMarshal.c
@@ -1422,6 +1422,11 @@ STATE_RESET_DATA_Marshal(STATE_RESET_DATA *data, BYTE **buffer, INT32 *size)
written += UINT16_Marshal(&array_size, buffer, size);
for (i = 0; i < array_size; i++)
written += UINT16_Marshal(&data->contextArray[i], buffer, size);
+
+ if (s_ContextSlotMask != 0x00ff && s_ContextSlotMask != 0xffff) {
+ /* TPM wasn't initialized, so s_ContextSlotMask wasn't set */
+ s_ContextSlotMask = 0xffff;
+ }
written += UINT16_Marshal(&s_ContextSlotMask, buffer, size);
written += UINT64_Marshal(&data->contextCounter, buffer, size);
--
2.36.1

18
SOURCES/gpgkey-B818B9CADF9089C2D5CEC66B75AD65802A0B4211.asc
Unescape View File

@ -0,0 +1,18 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQENBFnVA4YBCAD3fs+WUzvB6OPoj0HhvBlemEV6I8AcDwZHCNvA4UMc03sSVl/Q
tDr4WuZd1v9utvi0xHjsTHbF1ndsgNkNzisvTIBHptcxw+Z3+VskOl3GTsfiKG22
OfZJsdXfhjYW/Oezl2IVy6/QqOV0JeEtV3J10gCHR/5PKhOy+pP/8jlw3EA8GYtY
ojM4znfEXHh6vx//hbf8FVMlVcKwUKHB1zHhM5jF9Kx4ZLU8rYHkMiXXbzdWBkCa
L6E2P2T01hQ1wPpowU9aL/zLt7ISiKMcYLvZJYcgX3quPVSXJRG+y3q3lXv1IOrV
HoGJLdkNu/0bLJoeNBFXiEGs7+tfk4XAjBTTABEBAAG0KlN0ZWZhbiBCZXJnZXIg
PHN0ZWZhbmJAbGludXgudm5ldC5pYm0uY29tPokBPgQTAQIAKAUCWdUDhgIbAwUJ
EswDAAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQda1lgCoLQhENQQf/XmyD
zWL5VSAKbDKcpI5t0PjiC/Brrs1xNtKLht5le4UdhAH6e/y+3H6lhoJCNbHGBE7r
cAM/LVv8MT+4WXhLvRDUkn6Z5cSiMx0ANWDABCHGI3+z2imqI5XjB5fwFq2FIRdu
MUhWRhxSYHDd4E0BN2FvHNUhqm60QlLCrH9zjar8XcJQ1lnDgcSDP9EWENZizYW9
W5DKFiWR4vMXU0lvDpAYyDR1EU4pfnoMDc/19MoI3oR+wP0ELXI52CG0w4Lcs+Y5
8ywb0/El789qRTNQG6bPcZYx6KrRNq8KSrtNY20ID2tyM4boRQ412mD87x/kNWqU
CHklMi79wKcJ7OA73g==
=l1ZJ
-----END PGP PUBLIC KEY BLOCK-----

12
SOURCES/libtpms-0.9.6.tar.gz.asc
Unescape View File

@ -0,0 +1,12 @@
-----BEGIN PGP SIGNATURE-----
iQFPBAABCAA5FiEEuBi5yt+QicLVzsZrda1lgCoLQhEFAmP+i0gbHHN0ZWZhbmJA
bGludXgudm5ldC5pYm0uY29tAAoJEHWtZYAqC0IRPUcH/R4+fk5ivbwAE02YIYWg
eqDj6Rs05lkZv6fhn8cyTjW0hncsUiSeui1huyxam/DFgNtBwFPk9Fzjkm3mzasw
SyYcqp5jN2fP9VptfEc33Epa3+80LwoAvQZadqDB5ruFcSKfpZGH1etFRGpD9A48
UBFts9WZM66R9dz0dilLzilTauWOuMcNgydtRNxbo55wdTEBko4MG0Z3cgPaGuYo
mPqKGIOiH8dpQYe8UsuhTWQgY6xJuGGOBdouDbJG+8RlYEQCmc++xH52jMjA/D0S
Rn41+/Pe0n+dq4VfIJXJRKqOuwVISoYMenXMXRZkHu+69w4Ji2JKc3Xz4n7oYEiy
V70=
=QrLR
-----END PGP SIGNATURE-----

178
SPECS/libtpms.spec
Unescape View File

@ -1,24 +1,26 @@
%global gitdate 20211126
%global gitversion 1ff6fe1f43
Name: libtpms
Version: 0.9.1
Release: 4.%{gitdate}git%{gitversion}%{?dist}
Summary: Library providing Trusted Platform Module (TPM) functionality
License: BSD
Url: http://github.com/stefanberger/libtpms
Source0: libtpms-%{gitdate}.tar.xz
Patch0001: 0001-tpm2-Do-not-call-EVP_PKEY_CTX_set0_rsa_oaep_label-fo.patch
Patch0002: 0001-tpm2-Fix-size-check-in-CryptSecretDecrypt.patch
Patch0003: 0001-tpm2-When-writing-state-initialize-s_ContextSlotMask.patch
Patch0004: 0001-tpm2-Check-size-of-buffer-before-accessing-it-CVE-20.patch
Patch0005: 0001-tpm2-Return-TPM_RC_VALUE-upon-decryption-failure.patch
Version: 0.9.6
Release: 7%{?dist}
Summary: Library providing Trusted Platform Module (TPM) functionality
License: BSD-3-Clause AND LicenseRef-TCGL
URL: https://github.com/stefanberger/libtpms
Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
Source1: %{url}/releases/download/v%{version}/v%{version}.tar.gz.asc#/%{name}-%{version}.tar.gz.asc
# https://github.com/stefanberger.gpg
Source2: gpgkey-B818B9CADF9089C2D5CEC66B75AD65802A0B4211.asc
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: coreutils
BuildRequires: gawk
BuildRequires: gcc-c++
BuildRequires: gnupg2
BuildRequires: libtool
BuildRequires: make
BuildRequires: openssl-devel
BuildRequires: pkgconfig gawk sed
BuildRequires: automake autoconf libtool bash coreutils gcc-c++
BuildRequires: make
BuildRequires: pkgconfig
BuildRequires: sed
%description
A library providing TPM functionality for VMs. Targeted for integration
@ -32,81 +34,118 @@ Requires: %{name}%{?_isa} = %{version}-%{release}
Libtpms header files and documentation.
%prep
%autosetup -p1 -n %{name}-%{gitdate}
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
%autosetup
%build
NOCONFIGURE=1 sh autogen.sh
%configure --disable-static --with-tpm2 --without-tpm1 --with-openssl
NOCONFIGURE=1 ./autogen.sh
%configure --disable-static --with-tpm2 --with-openssl
%make_build
%check
make check
%install
%make_install
find %{buildroot} -type f -name '*.la' | xargs rm -f -- || :
find %{buildroot} -type f -name '*.la' -print -delete
%check
make check
%ldconfig_scriptlets
%files
%license LICENSE
%doc README CHANGES
%{_libdir}/lib*.so.*
%{_libdir}/%{name}.so.0{,.*}
%files devel
%dir %{_includedir}/%{name}
%{_includedir}/%{name}/*.h
%{_libdir}/lib*.so
%{_libdir}/pkgconfig/*.pc
%{_mandir}/man3/*
%{_includedir}/%{name}/
%{_libdir}/%{name}.so
%{_libdir}/pkgconfig/%{name}.pc
%{_mandir}/man3/TPM*
%changelog
* Wed Sep 04 2024 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.1-4.20211126git1ff6fe1f43
- Backport "tpm2: Return TPM_RC_VALUE upon decryption failure"
Resolves: RHEL-58056
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 0.9.6-7
- Bump release for June 2024 mass rebuild
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.6-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.6-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.6-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Mon Jul 17 2023 Stefan Berger <stefanb@linux.ibm.com> - 0.9.6-3
- Set license to 'BSD and TCGL' from previous 'BSD' (BZ2219548)
* Wed Mar 01 2023 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.1-3.20211126git1ff6fe1f43
- Backport "tpm2: Check size of buffer before accessing it" (CVE-2023-1017 & CVE-2023-1018)
Resolves: rhbz#2173960
Resolves: rhbz#2173967
* Sat Mar 18 2023 Todd Zullinger <tmz@pobox.com> - 0.9.6-2
- verify upstream source signature
* Mon Jun 20 2022 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.1-2.20211126git1ff6fe1f43
- Backport s_ContextSlotMask initialization fix
Resolves: rhbz#2035731
* Tue Feb 28 2023 Stefan Berger <stefanb@linux.ibm.com> - 0.9.6-1
- Build of libtpms 0.9.6 with fixes for CVE-2023-1017 & CVE-2023-1018
* Mon Jun 13 2022 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.1-1.20211126git1ff6fe1f43
- Backport RSA/OAEP fixes.
Resolves: rhbz#2093651
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Wed Dec 01 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.1-0.20211126git1ff6fe1f43
- Rebase to 0.9.1
Resolves: rhbz#2027951
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue Nov 9 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.0-0.20211004gitdc4e3f6313
- Rebase to 0.9.0, disable TPM 1.2
Resolves: rhbz#1990152 & rhbz#2021628
* Fri Jul 01 2022 Stefan Berger <stefanb@linux.ibm.com> - 0.9.5-1
- Build of libtpms 0.9.5
* Tue Aug 31 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.8.2-0.20210301git729fc6a4ca.7
- Fixes CVE-2021-3746 libtpms: out-of-bounds access via specially crafted TPM 2 command packets
Resolves: rhbz#1999303
* Wed Apr 27 2022 Fabio Valentini <decathorpe@gmail.com> - 0.9.4-2
- Use standard method for fetching a GitHub release tarball.
- Fix Versioning scheme to confirm with Packaging Guidelines.
- Tighten file globs to match Packaging Guidelines.
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.8.2-0.20210301git729fc6a4ca.6
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Mon Apr 25 2022 Stefan Berger <stefanb@linux.ibm.com> - 0.9.4-1.20220425gite4d68670e1
- Build of libtpms 0.9.4
* Wed Jun 30 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.8.2-0.20210301git729fc6a4ca.5
- Fixes CVE-2021-3623: out-of-bounds access when trying to resume the state of the vTPM
Resolves: rhbz#1976814
* Mon Mar 07 2022 Stefan Berger <stefanb@linux.ibm.com> - 0.9.3-1.20220307gita63c51805e
- Build of libtpms 0.9.3
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.8.2-0.20210301git729fc6a4ca.4
- Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.2-0.20220106gite81d634c27.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Tue May 18 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.8.2-0.20210301git729fc6a4ca.3
- Add -Wno-error=deprecated-declarations, to ignore OpenSSL 3.0 deprecation warnings.
Fixes: rhbz#1958054
* Thu Jan 06 2022 Stefan Berger <stefanb@linux.ibm.com> - 0.9.2-0.20220106gite81d634c27
- Build of libtpms 0.9.2
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.8.2-0.20210301git729fc6a4ca.2
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Fri Nov 26 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.9.1-0.20211126git1ff6fe1f43
- Build of libtpms 0.9.1
* Mon Oct 04 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.9.0-0.20211004gitdc4e3f6313
- Build of libtpms 0.9.0
* Thu Sep 16 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.7-0.20210916gitfb9f0a61e8
- Build upcoming libtpms 0.8.7
* Wed Sep 15 2021 Sahana Prasad <sahana@redhat.com> - 0.8.6-0.20210910git7a4d46a119.3
- Rebuilt with OpenSSL 3.0.0
* Tue Sep 14 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.6-0.20210910git7a4d46a119.2
- Build with -Wno-deprecated-declarations
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 0.8.6-0.20210910git7a4d46a119.1
- Rebuilt with OpenSSL 3.0.0
* Fri Sep 10 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.6-1.20210910git7a4d46a119
- tpm2: Marshal event sequence objects' hash state
* Wed Sep 01 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.5-1.20210901git18ba4c0206
- Build of libtpms 0.8.5
* Wed Aug 11 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.4-1.20210625gita594c4692a
- Applied patches resolving issues solved in upcoming 0.8.5
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.4-0.20210624gita594c4692a.2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Thu Jun 24 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.4-0.20210625gita594c4692a
- tpm2: Reset too large size indicators in TPM2B to avoid access beyond buffer
- tpm2: Restore original value in buffer if unmarshalled one was illegal
* Tue Jun 01 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.3-0.20210601git9e736d5281
- tpm2: Work-around for Windows 2016 & 2019 bug related to ContextLoad
* Mon Mar 01 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.2-0.20210301git729fc6a4ca
- tpm2: CryptSym: fix AES output IV; a CVE has been filed for this issue
@ -114,6 +153,9 @@ find %{buildroot} -type f -name '*.la' | xargs rm -f -- || :
* Sat Feb 27 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.1-0.20210227git5bf2746e47
- Fixed a context save and suspend/resume problem when public keys are loaded
* Thu Feb 25 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.0-0.20210225git3fd4b94903
- Release of v0.8.0
* Thu Feb 18 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.7.5-0.20210218gite271498466
- Addressed UBSAN and cppcheck detected issues
- Return proper size of ECC Parameters to pass HLK tests

Write Preview
Loading…
Cancel
Save