rpms/libtpms
6
0
Fork 0
Code Issues Pull Requests Releases Activity

import CS libtpms-0.9.6-11.el9

Browse Source
This commit is contained in:
eabdullin 2025-09-15 12:16:53 +00:00
parent 0580917f64
commit f77df19e1a
10 changed files with 244 additions and 179 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/libtpms-20211126.tar.xz
SOURCES/libtpms-0.9.6.tar.gz

2
.libtpms.metadata
View File

@ -1 +1 @@
ae609402e34992590961b0d025e9ef1202d8dede SOURCES/libtpms-20211126.tar.xz
a585c1d34dc8ecd90eda1a2a91d0d2057cbd3914 SOURCES/libtpms-0.9.6.tar.gz

52
SOURCES/0001-tpm2-CVE-2025-49133-fix.patch Normal file
View File

@ -0,0 +1,52 @@
From 0b1db4bd1c668c56f1d893c9ed19a94d46c228f7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
Date: Wed, 11 Jun 2025 23:05:08 +0400
Subject: [PATCH] tpm2: CVE-2025-49133 fix
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Based from upstream commit 04b2d8e9afc ("tpm2: Fix potential
out-of-bound access & abort due to HMAC signing issue")
Fix an HMAC signing issue that may causes an out-of-bounds access in a
TPM2B that in turn was running into an assert() in libtpms causing an
abort. The signing issue was due to an inconsistent pairing of the signKey
and signScheme parameters, where the signKey is ALG_KEYEDHASH key and
inScheme is an ECC or RSA scheme.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
src/tpm2/CryptUtil.c | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/src/tpm2/CryptUtil.c b/src/tpm2/CryptUtil.c
index 8fae5b6..aadf7f6 100644
--- a/src/tpm2/CryptUtil.c
+++ b/src/tpm2/CryptUtil.c
@@ -79,12 +79,16 @@ CryptHmacSign(
{
HMAC_STATE hmacState;
UINT32 digestSize;
- digestSize = CryptHmacStart2B(&hmacState, signature->signature.any.hashAlg,
- &signKey->sensitive.sensitive.bits.b);
- CryptDigestUpdate2B(&hmacState.hashState, &hashData->b);
- CryptHmacEnd(&hmacState, digestSize,
- (BYTE *)&signature->signature.hmac.digest);
- return TPM_RC_SUCCESS;
+ if (signature->sigAlg == TPM_ALG_HMAC)
+ {
+ digestSize = CryptHmacStart2B(&hmacState, signature->signature.any.hashAlg,
+ &signKey->sensitive.sensitive.bits.b);
+ CryptDigestUpdate2B(&hmacState.hashState, &hashData->b);
+ CryptHmacEnd(&hmacState, digestSize,
+ (BYTE *)&signature->signature.hmac.digest);
+ return TPM_RC_SUCCESS;
+ }
+ return TPM_RC_SCHEME;
}
/* 10.2.6.3.2 CryptHMACVerifySignature() */
/* This function will verify a signature signed by a HMAC key. Note that a caller needs to prepare
--
2.49.0

37
SOURCES/0001-tpm2-Do-not-call-EVP_PKEY_CTX_set0_rsa_oaep_label-fo.patch
View File

@ -1,37 +0,0 @@
From e4261984374556da65c9d46097d5a1200b335c0c Mon Sep 17 00:00:00 2001
From: Juergen Repp <juergen.repp@sit.fraunhofer.de>
Date: Sat, 19 Feb 2022 12:59:32 +0100
Subject: [PATCH] tpm2: Do not call EVP_PKEY_CTX_set0_rsa_oaep_label() for
label of size 0 (OSSL 3)
Openssl 3.0 did return an error if EVP_PKEY_CTX_set0_rsa_oaep_label was called
with label size 0. The function should only be called if the size of the label
is greater 0.
With this fix TPM2_RSA_Encrypt/Decrypt did work with OpenSSL 1.1 and 3.0
for encryption without label.
Signed-off-by: Juergen Repp <juergen.repp@sit.fraunhofer.de>
---
src/tpm2/crypto/openssl/CryptRsa.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/src/tpm2/crypto/openssl/CryptRsa.c b/src/tpm2/crypto/openssl/CryptRsa.c
index 4ed04384feb0..b5d6b6c3be82 100644
--- a/src/tpm2/crypto/openssl/CryptRsa.c
+++ b/src/tpm2/crypto/openssl/CryptRsa.c
@@ -1356,10 +1356,9 @@ CryptRsaEncrypt(
if (tmp == NULL)
ERROR_RETURN(TPM_RC_FAILURE);
memcpy(tmp, label->buffer, label->size);
+ if (EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, tmp, label->size) <= 0)
+ ERROR_RETURN(TPM_RC_FAILURE);
}
- // label->size == 0 is supported
- if (EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, tmp, label->size) <= 0)
- ERROR_RETURN(TPM_RC_FAILURE);
tmp = NULL;
break;
default:
--
2.36.0.44.g0f828332d5ac

31
SOURCES/0001-tpm2-Fix-size-check-in-CryptSecretDecrypt.patch
View File

@ -1,31 +0,0 @@
From 3d2bbe2f1947784506ba0a7f9e8ab81eefb69929 Mon Sep 17 00:00:00 2001
From: Ross Lagerwall <ross.lagerwall@citrix.com>
Date: Mon, 23 May 2022 14:16:57 +0100
Subject: [PATCH] tpm2: Fix size check in CryptSecretDecrypt
Check the secret size against the size of the buffer, not the size
member that has not been set yet.
Reported by Coverity.
Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
---
src/tpm2/CryptUtil.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/tpm2/CryptUtil.c b/src/tpm2/CryptUtil.c
index 9879f918acb6..002fde0987a9 100644
--- a/src/tpm2/CryptUtil.c
+++ b/src/tpm2/CryptUtil.c
@@ -732,7 +732,7 @@ CryptSecretDecrypt(
nonceCaller->t.size);
}
// make sure secret will fit
- if(secret->t.size > data->t.size)
+ if(secret->t.size > sizeof(data->t.buffer))
return TPM_RC_FAILURE;
data->t.size = secret->t.size;
// CFB decrypt, using nonceCaller as iv
--
2.36.0.44.g0f828332d5ac

31
SOURCES/0001-tpm2-Return-TPM_RC_VALUE-upon-decryption-failure.patch Normal file
View File

@ -0,0 +1,31 @@
From 1b0b41293a0d49ff8063542fcb3a5ee1d4e10f7e Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.ibm.com>
Date: Mon, 29 Jul 2024 10:19:00 -0400
Subject: [PATCH] tpm2: Return TPM_RC_VALUE upon decryption failure
When decryption fails then return TPM_RC_VALUE rather than TPM_RC_FAILURE.
The old error code could indicate to an application or driver that
something is wrong with the TPM (has possibly gone into failure mode) even
though only the decryption failed, possibly due to a wrong key.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
src/tpm2/crypto/openssl/CryptRsa.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/tpm2/crypto/openssl/CryptRsa.c b/src/tpm2/crypto/openssl/CryptRsa.c
index b5d6b6c3..88ee3bac 100644
--- a/src/tpm2/crypto/openssl/CryptRsa.c
+++ b/src/tpm2/crypto/openssl/CryptRsa.c
@@ -1457,7 +1457,7 @@ CryptRsaDecrypt(
outlen = sizeof(buffer);
if (EVP_PKEY_decrypt(ctx, buffer, &outlen,
cIn->buffer, cIn->size) <= 0)
- ERROR_RETURN(TPM_RC_FAILURE);
+ ERROR_RETURN(TPM_RC_VALUE);
if (outlen > dOut->size)
ERROR_RETURN(TPM_RC_FAILURE);
--
2.41.0.28.gd7d8841f67

51
SOURCES/0001-tpm2-When-writing-state-initialize-s_ContextSlotMask.patch
View File

@ -1,51 +0,0 @@
From b662e6fd7169f31ef664ecd0b0b45547462e1e31 Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.ibm.com>
Date: Tue, 4 Jan 2022 14:45:31 -0500
Subject: [PATCH] tpm2: When writing state initialize s_ContextSlotMask if not
set
If s_ContextSlotMask was not set since the TPM 2 was not initialized
by a call to TPM_Manufacture() or the state was not resumed, then
initialize the s_ContextSlotMask to 0xffff.
This situation can occur if a VM with an attached swtpm was started
and the VM's firmware either doesn't support TPM or didn't get to
initialize the vTPM.
The following commands recreated the issue with a SeaBIOS-only VM that
had no attached hard disk but an attached TPM 2:
virsh start BIOS-only-VM ; virsh save BIOS-only-VM save.bin ; \
virsh restore save.bin
Error: Failed to restore domain from save.bin
error: internal error: qemu unexpectedly closed the monitor: \
2022-01-04T19:26:18.835851Z qemu-system-x86_64: tpm-emulator: Setting the stateblob (type 2) failed with a TPM error 0x3 a parameter is bad
2022-01-04T19:26:18.835899Z qemu-system-x86_64: error while loading state for instance 0x0 of device 'tpm-emulator'
2022-01-04T19:26:18.835929Z qemu-system-x86_64: load of migration failed: Input/output error
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2035731
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
src/tpm2/NVMarshal.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/tpm2/NVMarshal.c b/src/tpm2/NVMarshal.c
index 996c73c..c7cd1e0 100644
--- a/src/tpm2/NVMarshal.c
+++ b/src/tpm2/NVMarshal.c
@@ -1422,6 +1422,11 @@ STATE_RESET_DATA_Marshal(STATE_RESET_DATA *data, BYTE **buffer, INT32 *size)
written += UINT16_Marshal(&array_size, buffer, size);
for (i = 0; i < array_size; i++)
written += UINT16_Marshal(&data->contextArray[i], buffer, size);
+
+ if (s_ContextSlotMask != 0x00ff && s_ContextSlotMask != 0xffff) {
+ /* TPM wasn't initialized, so s_ContextSlotMask wasn't set */
+ s_ContextSlotMask = 0xffff;
+ }
written += UINT16_Marshal(&s_ContextSlotMask, buffer, size);
written += UINT64_Marshal(&data->contextCounter, buffer, size);
--
2.36.1

18
SOURCES/gpgkey-B818B9CADF9089C2D5CEC66B75AD65802A0B4211.asc Normal file
View File

@ -0,0 +1,18 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQENBFnVA4YBCAD3fs+WUzvB6OPoj0HhvBlemEV6I8AcDwZHCNvA4UMc03sSVl/Q
tDr4WuZd1v9utvi0xHjsTHbF1ndsgNkNzisvTIBHptcxw+Z3+VskOl3GTsfiKG22
OfZJsdXfhjYW/Oezl2IVy6/QqOV0JeEtV3J10gCHR/5PKhOy+pP/8jlw3EA8GYtY
ojM4znfEXHh6vx//hbf8FVMlVcKwUKHB1zHhM5jF9Kx4ZLU8rYHkMiXXbzdWBkCa
L6E2P2T01hQ1wPpowU9aL/zLt7ISiKMcYLvZJYcgX3quPVSXJRG+y3q3lXv1IOrV
HoGJLdkNu/0bLJoeNBFXiEGs7+tfk4XAjBTTABEBAAG0KlN0ZWZhbiBCZXJnZXIg
PHN0ZWZhbmJAbGludXgudm5ldC5pYm0uY29tPokBPgQTAQIAKAUCWdUDhgIbAwUJ
EswDAAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQda1lgCoLQhENQQf/XmyD
zWL5VSAKbDKcpI5t0PjiC/Brrs1xNtKLht5le4UdhAH6e/y+3H6lhoJCNbHGBE7r
cAM/LVv8MT+4WXhLvRDUkn6Z5cSiMx0ANWDABCHGI3+z2imqI5XjB5fwFq2FIRdu
MUhWRhxSYHDd4E0BN2FvHNUhqm60QlLCrH9zjar8XcJQ1lnDgcSDP9EWENZizYW9
W5DKFiWR4vMXU0lvDpAYyDR1EU4pfnoMDc/19MoI3oR+wP0ELXI52CG0w4Lcs+Y5
8ywb0/El789qRTNQG6bPcZYx6KrRNq8KSrtNY20ID2tyM4boRQ412mD87x/kNWqU
CHklMi79wKcJ7OA73g==
=l1ZJ
-----END PGP PUBLIC KEY BLOCK-----

12
SOURCES/libtpms-0.9.6.tar.gz.asc Normal file
View File

@ -0,0 +1,12 @@
-----BEGIN PGP SIGNATURE-----
iQFPBAABCAA5FiEEuBi5yt+QicLVzsZrda1lgCoLQhEFAmP+i0gbHHN0ZWZhbmJA
bGludXgudm5ldC5pYm0uY29tAAoJEHWtZYAqC0IRPUcH/R4+fk5ivbwAE02YIYWg
eqDj6Rs05lkZv6fhn8cyTjW0hncsUiSeui1huyxam/DFgNtBwFPk9Fzjkm3mzasw
SyYcqp5jN2fP9VptfEc33Epa3+80LwoAvQZadqDB5ruFcSKfpZGH1etFRGpD9A48
UBFts9WZM66R9dz0dilLzilTauWOuMcNgydtRNxbo55wdTEBko4MG0Z3cgPaGuYo
mPqKGIOiH8dpQYe8UsuhTWQgY6xJuGGOBdouDbJG+8RlYEQCmc++xH52jMjA/D0S
Rn41+/Pe0n+dq4VfIJXJRKqOuwVISoYMenXMXRZkHu+69w4Ji2JKc3Xz4n7oYEiy
V70=
=QrLR
-----END PGP SIGNATURE-----

187
SPECS/libtpms.spec
View File

@ -1,22 +1,29 @@
%global gitdate 20211126
%global gitversion 1ff6fe1f43
Name: libtpms
Version: 0.9.1
Release: 2.%{gitdate}git%{gitversion}%{?dist}
Version: 0.9.6
Release: 11%{?dist}
Summary: Library providing Trusted Platform Module (TPM) functionality
License: BSD-3-Clause AND LicenseRef-TCGL
Summary: Library providing Trusted Platform Module (TPM) functionality
License: BSD
Url: http://github.com/stefanberger/libtpms
Source0: libtpms-%{gitdate}.tar.xz
Patch0001: 0001-tpm2-Do-not-call-EVP_PKEY_CTX_set0_rsa_oaep_label-fo.patch
Patch0002: 0001-tpm2-Fix-size-check-in-CryptSecretDecrypt.patch
Patch0003: 0001-tpm2-When-writing-state-initialize-s_ContextSlotMask.patch
URL: https://github.com/stefanberger/libtpms
Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
Source1: %{url}/releases/download/v%{version}/v%{version}.tar.gz.asc#/%{name}-%{version}.tar.gz.asc
# https://github.com/stefanberger.gpg
Source2: gpgkey-B818B9CADF9089C2D5CEC66B75AD65802A0B4211.asc
Patch0001: 0001-tpm2-Return-TPM_RC_VALUE-upon-decryption-failure.patch
Patch0002: 0001-tpm2-CVE-2025-49133-fix.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: coreutils
BuildRequires: gawk
BuildRequires: gcc-c++
BuildRequires: gnupg2
BuildRequires: libtool
BuildRequires: make
BuildRequires: openssl-devel
BuildRequires: pkgconfig gawk sed
BuildRequires: automake autoconf libtool bash coreutils gcc-c++
BuildRequires: make
BuildRequires: pkgconfig
BuildRequires: sed
%description
A library providing TPM functionality for VMs. Targeted for integration
@ -30,72 +37,133 @@ Requires: %{name}%{?_isa} = %{version}-%{release}
Libtpms header files and documentation.
%prep
%autosetup -p1 -n %{name}-%{gitdate}
%build
NOCONFIGURE=1 sh autogen.sh
%configure --disable-static --with-tpm2 --without-tpm1 --with-openssl
%make_build
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
%autosetup -p1
%check
make check
%build
NOCONFIGURE=1 ./autogen.sh
%configure --disable-static --with-tpm2 --with-openssl --without-tpm1
%make_build
%install
%make_install
find %{buildroot} -type f -name '*.la' | xargs rm -f -- || :
find %{buildroot} -type f -name '*.la' -print -delete
%check
make check
%ldconfig_scriptlets
%files
%license LICENSE
%doc README CHANGES
%{_libdir}/lib*.so.*
%{_libdir}/%{name}.so.0{,.*}
%files devel
%dir %{_includedir}/%{name}
%{_includedir}/%{name}/*.h
%{_libdir}/lib*.so
%{_libdir}/pkgconfig/*.pc
%{_mandir}/man3/*
%{_includedir}/%{name}/
%{_libdir}/%{name}.so
%{_libdir}/pkgconfig/%{name}.pc
%{_mandir}/man3/TPM*
%changelog
* Mon Jun 20 2022 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.1-2.20211126git1ff6fe1f43
- Backport s_ContextSlotMask initialization fix
Resolves: rhbz#2035731
* Mon Jun 16 2025 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.6-11
- Fix CVE-2025-49133
Resolves: RHEL-96247
* Mon Jun 13 2022 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.1-1.20211126git1ff6fe1f43
- Backport RSA/OAEP fixes.
Resolves: rhbz#2093651
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 0.9.6-10
- Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018
* Wed Dec 01 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.1-0.20211126git1ff6fe1f43
- Rebase to 0.9.1
Resolves: rhbz#2027951
* Wed Sep 11 2024 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.6-9
- Backport "tpm2: Return TPM_RC_VALUE upon decryption failure"
Resolves: RHEL-52968
* Tue Nov 9 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.0-0.20211004gitdc4e3f6313
- Rebase to 0.9.0, disable TPM 1.2
Resolves: rhbz#1990152 & rhbz#2021628
* Tue Aug 06 2024 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.6-8
- Disable TPM 1.2 support, as it is not supported by RHEL.
* Tue Aug 31 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.8.2-0.20210301git729fc6a4ca.7
- Fixes CVE-2021-3746 libtpms: out-of-bounds access via specially crafted TPM 2 command packets
Resolves: rhbz#1999303
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 0.9.6-7
- Bump release for June 2024 mass rebuild
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.8.2-0.20210301git729fc6a4ca.6
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.6-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Jun 30 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.8.2-0.20210301git729fc6a4ca.5
- Fixes CVE-2021-3623: out-of-bounds access when trying to resume the state of the vTPM
Resolves: rhbz#1976814
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.6-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.8.2-0.20210301git729fc6a4ca.4
- Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.6-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue May 18 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.8.2-0.20210301git729fc6a4ca.3
- Add -Wno-error=deprecated-declarations, to ignore OpenSSL 3.0 deprecation warnings.
Fixes: rhbz#1958054
* Mon Jul 17 2023 Stefan Berger <stefanb@linux.ibm.com> - 0.9.6-3
- Set license to 'BSD and TCGL' from previous 'BSD' (BZ2219548)
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.8.2-0.20210301git729fc6a4ca.2
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Sat Mar 18 2023 Todd Zullinger <tmz@pobox.com> - 0.9.6-2
- verify upstream source signature
* Tue Feb 28 2023 Stefan Berger <stefanb@linux.ibm.com> - 0.9.6-1
- Build of libtpms 0.9.6 with fixes for CVE-2023-1017 & CVE-2023-1018
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Fri Jul 01 2022 Stefan Berger <stefanb@linux.ibm.com> - 0.9.5-1
- Build of libtpms 0.9.5
* Wed Apr 27 2022 Fabio Valentini <decathorpe@gmail.com> - 0.9.4-2
- Use standard method for fetching a GitHub release tarball.
- Fix Versioning scheme to confirm with Packaging Guidelines.
- Tighten file globs to match Packaging Guidelines.
* Mon Apr 25 2022 Stefan Berger <stefanb@linux.ibm.com> - 0.9.4-1.20220425gite4d68670e1
- Build of libtpms 0.9.4
* Mon Mar 07 2022 Stefan Berger <stefanb@linux.ibm.com> - 0.9.3-1.20220307gita63c51805e
- Build of libtpms 0.9.3
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.2-0.20220106gite81d634c27.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Thu Jan 06 2022 Stefan Berger <stefanb@linux.ibm.com> - 0.9.2-0.20220106gite81d634c27
- Build of libtpms 0.9.2
* Fri Nov 26 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.9.1-0.20211126git1ff6fe1f43
- Build of libtpms 0.9.1
* Mon Oct 04 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.9.0-0.20211004gitdc4e3f6313
- Build of libtpms 0.9.0
* Thu Sep 16 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.7-0.20210916gitfb9f0a61e8
- Build upcoming libtpms 0.8.7
* Wed Sep 15 2021 Sahana Prasad <sahana@redhat.com> - 0.8.6-0.20210910git7a4d46a119.3
- Rebuilt with OpenSSL 3.0.0
* Tue Sep 14 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.6-0.20210910git7a4d46a119.2
- Build with -Wno-deprecated-declarations
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 0.8.6-0.20210910git7a4d46a119.1
- Rebuilt with OpenSSL 3.0.0
* Fri Sep 10 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.6-1.20210910git7a4d46a119
- tpm2: Marshal event sequence objects' hash state
* Wed Sep 01 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.5-1.20210901git18ba4c0206
- Build of libtpms 0.8.5
* Wed Aug 11 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.4-1.20210625gita594c4692a
- Applied patches resolving issues solved in upcoming 0.8.5
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.4-0.20210624gita594c4692a.2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Thu Jun 24 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.4-0.20210625gita594c4692a
- tpm2: Reset too large size indicators in TPM2B to avoid access beyond buffer
- tpm2: Restore original value in buffer if unmarshalled one was illegal
* Tue Jun 01 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.3-0.20210601git9e736d5281
- tpm2: Work-around for Windows 2016 & 2019 bug related to ContextLoad
* Mon Mar 01 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.2-0.20210301git729fc6a4ca
- tpm2: CryptSym: fix AES output IV; a CVE has been filed for this issue
@ -103,6 +171,9 @@ find %{buildroot} -type f -name '*.la' | xargs rm -f -- || :
* Sat Feb 27 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.1-0.20210227git5bf2746e47
- Fixed a context save and suspend/resume problem when public keys are loaded
* Thu Feb 25 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.0-0.20210225git3fd4b94903
- Release of v0.8.0
* Thu Feb 18 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.7.5-0.20210218gite271498466
- Addressed UBSAN and cppcheck detected issues
- Return proper size of ECC Parameters to pass HLK tests