Compare commits
No commits in common. "c9-beta" and "c8s-stream-rhel" have entirely different histories.
c9-beta
...
c8s-stream
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
||||
SOURCES/libtpms-0.9.6.tar.gz
|
||||
SOURCES/libtpms-20211126.tar.xz
|
||||
|
||||
@ -1 +1 @@
|
||||
a585c1d34dc8ecd90eda1a2a91d0d2057cbd3914 SOURCES/libtpms-0.9.6.tar.gz
|
||||
ae609402e34992590961b0d025e9ef1202d8dede SOURCES/libtpms-20211126.tar.xz
|
||||
|
||||
@ -1,52 +0,0 @@
|
||||
From 0b1db4bd1c668c56f1d893c9ed19a94d46c228f7 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
|
||||
Date: Wed, 11 Jun 2025 23:05:08 +0400
|
||||
Subject: [PATCH] tpm2: CVE-2025-49133 fix
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Based from upstream commit 04b2d8e9afc ("tpm2: Fix potential
|
||||
out-of-bound access & abort due to HMAC signing issue")
|
||||
|
||||
Fix an HMAC signing issue that may causes an out-of-bounds access in a
|
||||
TPM2B that in turn was running into an assert() in libtpms causing an
|
||||
abort. The signing issue was due to an inconsistent pairing of the signKey
|
||||
and signScheme parameters, where the signKey is ALG_KEYEDHASH key and
|
||||
inScheme is an ECC or RSA scheme.
|
||||
|
||||
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||
---
|
||||
src/tpm2/CryptUtil.c | 16 ++++++++++------
|
||||
1 file changed, 10 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/src/tpm2/CryptUtil.c b/src/tpm2/CryptUtil.c
|
||||
index 8fae5b6..aadf7f6 100644
|
||||
--- a/src/tpm2/CryptUtil.c
|
||||
+++ b/src/tpm2/CryptUtil.c
|
||||
@@ -79,12 +79,16 @@ CryptHmacSign(
|
||||
{
|
||||
HMAC_STATE hmacState;
|
||||
UINT32 digestSize;
|
||||
- digestSize = CryptHmacStart2B(&hmacState, signature->signature.any.hashAlg,
|
||||
- &signKey->sensitive.sensitive.bits.b);
|
||||
- CryptDigestUpdate2B(&hmacState.hashState, &hashData->b);
|
||||
- CryptHmacEnd(&hmacState, digestSize,
|
||||
- (BYTE *)&signature->signature.hmac.digest);
|
||||
- return TPM_RC_SUCCESS;
|
||||
+ if (signature->sigAlg == TPM_ALG_HMAC)
|
||||
+ {
|
||||
+ digestSize = CryptHmacStart2B(&hmacState, signature->signature.any.hashAlg,
|
||||
+ &signKey->sensitive.sensitive.bits.b);
|
||||
+ CryptDigestUpdate2B(&hmacState.hashState, &hashData->b);
|
||||
+ CryptHmacEnd(&hmacState, digestSize,
|
||||
+ (BYTE *)&signature->signature.hmac.digest);
|
||||
+ return TPM_RC_SUCCESS;
|
||||
+ }
|
||||
+ return TPM_RC_SCHEME;
|
||||
}
|
||||
/* 10.2.6.3.2 CryptHMACVerifySignature() */
|
||||
/* This function will verify a signature signed by a HMAC key. Note that a caller needs to prepare
|
||||
--
|
||||
2.49.0
|
||||
|
||||
@ -1,31 +0,0 @@
|
||||
From 1b0b41293a0d49ff8063542fcb3a5ee1d4e10f7e Mon Sep 17 00:00:00 2001
|
||||
From: Stefan Berger <stefanb@linux.ibm.com>
|
||||
Date: Mon, 29 Jul 2024 10:19:00 -0400
|
||||
Subject: [PATCH] tpm2: Return TPM_RC_VALUE upon decryption failure
|
||||
|
||||
When decryption fails then return TPM_RC_VALUE rather than TPM_RC_FAILURE.
|
||||
The old error code could indicate to an application or driver that
|
||||
something is wrong with the TPM (has possibly gone into failure mode) even
|
||||
though only the decryption failed, possibly due to a wrong key.
|
||||
|
||||
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
|
||||
---
|
||||
src/tpm2/crypto/openssl/CryptRsa.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/tpm2/crypto/openssl/CryptRsa.c b/src/tpm2/crypto/openssl/CryptRsa.c
|
||||
index b5d6b6c3..88ee3bac 100644
|
||||
--- a/src/tpm2/crypto/openssl/CryptRsa.c
|
||||
+++ b/src/tpm2/crypto/openssl/CryptRsa.c
|
||||
@@ -1457,7 +1457,7 @@ CryptRsaDecrypt(
|
||||
outlen = sizeof(buffer);
|
||||
if (EVP_PKEY_decrypt(ctx, buffer, &outlen,
|
||||
cIn->buffer, cIn->size) <= 0)
|
||||
- ERROR_RETURN(TPM_RC_FAILURE);
|
||||
+ ERROR_RETURN(TPM_RC_VALUE);
|
||||
|
||||
if (outlen > dOut->size)
|
||||
ERROR_RETURN(TPM_RC_FAILURE);
|
||||
--
|
||||
2.41.0.28.gd7d8841f67
|
||||
|
||||
@ -0,0 +1,51 @@
|
||||
From b662e6fd7169f31ef664ecd0b0b45547462e1e31 Mon Sep 17 00:00:00 2001
|
||||
From: Stefan Berger <stefanb@linux.ibm.com>
|
||||
Date: Tue, 4 Jan 2022 14:45:31 -0500
|
||||
Subject: [PATCH] tpm2: When writing state initialize s_ContextSlotMask if not
|
||||
set
|
||||
|
||||
If s_ContextSlotMask was not set since the TPM 2 was not initialized
|
||||
by a call to TPM_Manufacture() or the state was not resumed, then
|
||||
initialize the s_ContextSlotMask to 0xffff.
|
||||
|
||||
This situation can occur if a VM with an attached swtpm was started
|
||||
and the VM's firmware either doesn't support TPM or didn't get to
|
||||
initialize the vTPM.
|
||||
|
||||
The following commands recreated the issue with a SeaBIOS-only VM that
|
||||
had no attached hard disk but an attached TPM 2:
|
||||
|
||||
virsh start BIOS-only-VM ; virsh save BIOS-only-VM save.bin ; \
|
||||
virsh restore save.bin
|
||||
|
||||
Error: Failed to restore domain from save.bin
|
||||
error: internal error: qemu unexpectedly closed the monitor: \
|
||||
2022-01-04T19:26:18.835851Z qemu-system-x86_64: tpm-emulator: Setting the stateblob (type 2) failed with a TPM error 0x3 a parameter is bad
|
||||
2022-01-04T19:26:18.835899Z qemu-system-x86_64: error while loading state for instance 0x0 of device 'tpm-emulator'
|
||||
2022-01-04T19:26:18.835929Z qemu-system-x86_64: load of migration failed: Input/output error
|
||||
|
||||
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2035731
|
||||
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
|
||||
---
|
||||
src/tpm2/NVMarshal.c | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/src/tpm2/NVMarshal.c b/src/tpm2/NVMarshal.c
|
||||
index 996c73c..c7cd1e0 100644
|
||||
--- a/src/tpm2/NVMarshal.c
|
||||
+++ b/src/tpm2/NVMarshal.c
|
||||
@@ -1422,6 +1422,11 @@ STATE_RESET_DATA_Marshal(STATE_RESET_DATA *data, BYTE **buffer, INT32 *size)
|
||||
written += UINT16_Marshal(&array_size, buffer, size);
|
||||
for (i = 0; i < array_size; i++)
|
||||
written += UINT16_Marshal(&data->contextArray[i], buffer, size);
|
||||
+
|
||||
+ if (s_ContextSlotMask != 0x00ff && s_ContextSlotMask != 0xffff) {
|
||||
+ /* TPM wasn't initialized, so s_ContextSlotMask wasn't set */
|
||||
+ s_ContextSlotMask = 0xffff;
|
||||
+ }
|
||||
written += UINT16_Marshal(&s_ContextSlotMask, buffer, size);
|
||||
|
||||
written += UINT64_Marshal(&data->contextCounter, buffer, size);
|
||||
--
|
||||
2.36.1
|
||||
|
||||
@ -1,18 +0,0 @@
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mQENBFnVA4YBCAD3fs+WUzvB6OPoj0HhvBlemEV6I8AcDwZHCNvA4UMc03sSVl/Q
|
||||
tDr4WuZd1v9utvi0xHjsTHbF1ndsgNkNzisvTIBHptcxw+Z3+VskOl3GTsfiKG22
|
||||
OfZJsdXfhjYW/Oezl2IVy6/QqOV0JeEtV3J10gCHR/5PKhOy+pP/8jlw3EA8GYtY
|
||||
ojM4znfEXHh6vx//hbf8FVMlVcKwUKHB1zHhM5jF9Kx4ZLU8rYHkMiXXbzdWBkCa
|
||||
L6E2P2T01hQ1wPpowU9aL/zLt7ISiKMcYLvZJYcgX3quPVSXJRG+y3q3lXv1IOrV
|
||||
HoGJLdkNu/0bLJoeNBFXiEGs7+tfk4XAjBTTABEBAAG0KlN0ZWZhbiBCZXJnZXIg
|
||||
PHN0ZWZhbmJAbGludXgudm5ldC5pYm0uY29tPokBPgQTAQIAKAUCWdUDhgIbAwUJ
|
||||
EswDAAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQda1lgCoLQhENQQf/XmyD
|
||||
zWL5VSAKbDKcpI5t0PjiC/Brrs1xNtKLht5le4UdhAH6e/y+3H6lhoJCNbHGBE7r
|
||||
cAM/LVv8MT+4WXhLvRDUkn6Z5cSiMx0ANWDABCHGI3+z2imqI5XjB5fwFq2FIRdu
|
||||
MUhWRhxSYHDd4E0BN2FvHNUhqm60QlLCrH9zjar8XcJQ1lnDgcSDP9EWENZizYW9
|
||||
W5DKFiWR4vMXU0lvDpAYyDR1EU4pfnoMDc/19MoI3oR+wP0ELXI52CG0w4Lcs+Y5
|
||||
8ywb0/El789qRTNQG6bPcZYx6KrRNq8KSrtNY20ID2tyM4boRQ412mD87x/kNWqU
|
||||
CHklMi79wKcJ7OA73g==
|
||||
=l1ZJ
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
@ -1,12 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQFPBAABCAA5FiEEuBi5yt+QicLVzsZrda1lgCoLQhEFAmP+i0gbHHN0ZWZhbmJA
|
||||
bGludXgudm5ldC5pYm0uY29tAAoJEHWtZYAqC0IRPUcH/R4+fk5ivbwAE02YIYWg
|
||||
eqDj6Rs05lkZv6fhn8cyTjW0hncsUiSeui1huyxam/DFgNtBwFPk9Fzjkm3mzasw
|
||||
SyYcqp5jN2fP9VptfEc33Epa3+80LwoAvQZadqDB5ruFcSKfpZGH1etFRGpD9A48
|
||||
UBFts9WZM66R9dz0dilLzilTauWOuMcNgydtRNxbo55wdTEBko4MG0Z3cgPaGuYo
|
||||
mPqKGIOiH8dpQYe8UsuhTWQgY6xJuGGOBdouDbJG+8RlYEQCmc++xH52jMjA/D0S
|
||||
Rn41+/Pe0n+dq4VfIJXJRKqOuwVISoYMenXMXRZkHu+69w4Ji2JKc3Xz4n7oYEiy
|
||||
V70=
|
||||
=QrLR
|
||||
-----END PGP SIGNATURE-----
|
||||
@ -1,29 +1,22 @@
|
||||
%global gitdate 20211126
|
||||
%global gitversion 1ff6fe1f43
|
||||
|
||||
Name: libtpms
|
||||
Version: 0.9.6
|
||||
Release: 11%{?dist}
|
||||
Version: 0.9.1
|
||||
Release: 1.%{gitdate}git%{gitversion}%{?dist}
|
||||
|
||||
Summary: Library providing Trusted Platform Module (TPM) functionality
|
||||
License: BSD-3-Clause AND LicenseRef-TCGL
|
||||
License: BSD
|
||||
Url: http://github.com/stefanberger/libtpms
|
||||
Source0: libtpms-%{gitdate}.tar.xz
|
||||
ExcludeArch: i686
|
||||
Patch0003: 0001-tpm2-When-writing-state-initialize-s_ContextSlotMask.patch
|
||||
|
||||
URL: https://github.com/stefanberger/libtpms
|
||||
Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
|
||||
Source1: %{url}/releases/download/v%{version}/v%{version}.tar.gz.asc#/%{name}-%{version}.tar.gz.asc
|
||||
# https://github.com/stefanberger.gpg
|
||||
Source2: gpgkey-B818B9CADF9089C2D5CEC66B75AD65802A0B4211.asc
|
||||
|
||||
Patch0001: 0001-tpm2-Return-TPM_RC_VALUE-upon-decryption-failure.patch
|
||||
Patch0002: 0001-tpm2-CVE-2025-49133-fix.patch
|
||||
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: automake
|
||||
BuildRequires: coreutils
|
||||
BuildRequires: gawk
|
||||
BuildRequires: gcc-c++
|
||||
BuildRequires: gnupg2
|
||||
BuildRequires: libtool
|
||||
BuildRequires: make
|
||||
BuildRequires: openssl-devel
|
||||
BuildRequires: pkgconfig
|
||||
BuildRequires: sed
|
||||
BuildRequires: pkgconfig gawk sed
|
||||
BuildRequires: automake autoconf libtool bash coreutils gcc-c++
|
||||
BuildRequires: git
|
||||
BuildRequires: make
|
||||
|
||||
%description
|
||||
A library providing TPM functionality for VMs. Targeted for integration
|
||||
@ -37,188 +30,89 @@ Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||
Libtpms header files and documentation.
|
||||
|
||||
%prep
|
||||
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
|
||||
%autosetup -p1
|
||||
|
||||
%autosetup -S git -n %{name}-%{gitdate}
|
||||
%build
|
||||
NOCONFIGURE=1 ./autogen.sh
|
||||
%configure --disable-static --with-tpm2 --with-openssl --without-tpm1
|
||||
NOCONFIGURE=1 sh autogen.sh
|
||||
%configure --disable-static --with-tpm2 --without-tpm1 --with-openssl
|
||||
%make_build
|
||||
|
||||
%install
|
||||
%make_install
|
||||
find %{buildroot} -type f -name '*.la' -print -delete
|
||||
|
||||
%check
|
||||
make check
|
||||
|
||||
%install
|
||||
%make_install
|
||||
find %{buildroot} -type f -name '*.la' | xargs rm -f -- || :
|
||||
|
||||
%ldconfig_scriptlets
|
||||
|
||||
%files
|
||||
%license LICENSE
|
||||
%doc README CHANGES
|
||||
%{_libdir}/%{name}.so.0{,.*}
|
||||
%{_libdir}/lib*.so.*
|
||||
|
||||
%files devel
|
||||
%{_includedir}/%{name}/
|
||||
%{_libdir}/%{name}.so
|
||||
%{_libdir}/pkgconfig/%{name}.pc
|
||||
%{_mandir}/man3/TPM*
|
||||
%dir %{_includedir}/%{name}
|
||||
%{_includedir}/%{name}/*.h
|
||||
%{_libdir}/lib*.so
|
||||
%{_libdir}/pkgconfig/*.pc
|
||||
%{_mandir}/man3/*
|
||||
|
||||
%changelog
|
||||
* Mon Jun 16 2025 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.6-11
|
||||
- Fix CVE-2025-49133
|
||||
Resolves: RHEL-96247
|
||||
* Thu Jul 28 2022 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.1-1.20211126git1ff6fe1f43
|
||||
- Backport s_ContextSlotMask initialization fix
|
||||
Resolves: rhbz#2111433
|
||||
|
||||
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 0.9.6-10
|
||||
- Bump release for October 2024 mass rebuild:
|
||||
Resolves: RHEL-64018
|
||||
* Thu Dec 09 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.1-0.20211126git1ff6fe1f43
|
||||
- Rebase to 0.9.1 (sync with RHEL9)
|
||||
Resolves: rhbz#2029355
|
||||
|
||||
* Wed Sep 11 2024 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.6-9
|
||||
- Backport "tpm2: Return TPM_RC_VALUE upon decryption failure"
|
||||
Resolves: RHEL-52968
|
||||
* Tue Aug 31 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.4-6.20201106git2452a24dab
|
||||
- Fix CVE-2021-3746 libtpms: out-of-bounds access via specially crafted TPM 2 command packets
|
||||
Resolves: rhbz#1999307
|
||||
|
||||
* Tue Aug 06 2024 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.6-8
|
||||
- Disable TPM 1.2 support, as it is not supported by RHEL.
|
||||
* Mon Jun 28 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.4-5.20201106git2452a24dab
|
||||
- Fix CVE-2021-3623: out-of-bounds access when trying to resume the state of the vTPM
|
||||
Fixes: rhbz#1976816
|
||||
|
||||
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 0.9.6-7
|
||||
- Bump release for June 2024 mass rebuild
|
||||
* Wed Mar 17 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.4-4.20201106git2452a24dab
|
||||
- tpm2: CryptSym: fix AES output IV
|
||||
Fixes: rhbz#1942904
|
||||
|
||||
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.6-6
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
|
||||
* Fri Feb 19 2021 Eduardo Lima (Etrunko) <etrunko@redhat.com> - 0.7.4-3.20201106git2452a24dab
|
||||
- Add git as build dependency
|
||||
Related: rhbz#1858821
|
||||
|
||||
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.6-5
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
|
||||
* Wed Feb 17 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.4-2.20201106git2452a24dab
|
||||
- tpm2: Return properly sized array for b parameter for NIST P521 (HLK) #180
|
||||
Fixes: rhbz#1858821
|
||||
|
||||
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.6-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
|
||||
* Fri Nov 6 18:46:36 +04 2020 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.4-1.20201106git2452a24dab
|
||||
- Follow stable-0.7.0 branch to v0.7.4 with security-related fixes.
|
||||
Fixes: rhbz#1893444
|
||||
|
||||
* Mon Jul 17 2023 Stefan Berger <stefanb@linux.ibm.com> - 0.9.6-3
|
||||
- Set license to 'BSD and TCGL' from previous 'BSD' (BZ2219548)
|
||||
* Tue Aug 18 2020 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.3-1.20200818git1d392d466a
|
||||
- Update to v0.7.3 stable, fixes rhbz#1868447
|
||||
- (includes "tpm2: fix PCRBelongsTCBGroup for PCClient")
|
||||
|
||||
* Sat Mar 18 2023 Todd Zullinger <tmz@pobox.com> - 0.9.6-2
|
||||
- verify upstream source signature
|
||||
|
||||
* Tue Feb 28 2023 Stefan Berger <stefanb@linux.ibm.com> - 0.9.6-1
|
||||
- Build of libtpms 0.9.6 with fixes for CVE-2023-1017 & CVE-2023-1018
|
||||
|
||||
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.5-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
|
||||
|
||||
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.5-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
|
||||
|
||||
* Fri Jul 01 2022 Stefan Berger <stefanb@linux.ibm.com> - 0.9.5-1
|
||||
- Build of libtpms 0.9.5
|
||||
|
||||
* Wed Apr 27 2022 Fabio Valentini <decathorpe@gmail.com> - 0.9.4-2
|
||||
- Use standard method for fetching a GitHub release tarball.
|
||||
- Fix Versioning scheme to confirm with Packaging Guidelines.
|
||||
- Tighten file globs to match Packaging Guidelines.
|
||||
|
||||
* Mon Apr 25 2022 Stefan Berger <stefanb@linux.ibm.com> - 0.9.4-1.20220425gite4d68670e1
|
||||
- Build of libtpms 0.9.4
|
||||
|
||||
* Mon Mar 07 2022 Stefan Berger <stefanb@linux.ibm.com> - 0.9.3-1.20220307gita63c51805e
|
||||
- Build of libtpms 0.9.3
|
||||
|
||||
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.2-0.20220106gite81d634c27.1
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
|
||||
|
||||
* Thu Jan 06 2022 Stefan Berger <stefanb@linux.ibm.com> - 0.9.2-0.20220106gite81d634c27
|
||||
- Build of libtpms 0.9.2
|
||||
|
||||
* Fri Nov 26 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.9.1-0.20211126git1ff6fe1f43
|
||||
- Build of libtpms 0.9.1
|
||||
|
||||
* Mon Oct 04 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.9.0-0.20211004gitdc4e3f6313
|
||||
- Build of libtpms 0.9.0
|
||||
|
||||
* Thu Sep 16 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.7-0.20210916gitfb9f0a61e8
|
||||
- Build upcoming libtpms 0.8.7
|
||||
|
||||
* Wed Sep 15 2021 Sahana Prasad <sahana@redhat.com> - 0.8.6-0.20210910git7a4d46a119.3
|
||||
- Rebuilt with OpenSSL 3.0.0
|
||||
|
||||
* Tue Sep 14 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.6-0.20210910git7a4d46a119.2
|
||||
- Build with -Wno-deprecated-declarations
|
||||
|
||||
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 0.8.6-0.20210910git7a4d46a119.1
|
||||
- Rebuilt with OpenSSL 3.0.0
|
||||
|
||||
* Fri Sep 10 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.6-1.20210910git7a4d46a119
|
||||
- tpm2: Marshal event sequence objects' hash state
|
||||
|
||||
* Wed Sep 01 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.5-1.20210901git18ba4c0206
|
||||
- Build of libtpms 0.8.5
|
||||
|
||||
* Wed Aug 11 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.4-1.20210625gita594c4692a
|
||||
- Applied patches resolving issues solved in upcoming 0.8.5
|
||||
|
||||
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.4-0.20210624gita594c4692a.2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
|
||||
|
||||
* Thu Jun 24 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.4-0.20210625gita594c4692a
|
||||
- tpm2: Reset too large size indicators in TPM2B to avoid access beyond buffer
|
||||
- tpm2: Restore original value in buffer if unmarshalled one was illegal
|
||||
|
||||
* Tue Jun 01 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.3-0.20210601git9e736d5281
|
||||
- tpm2: Work-around for Windows 2016 & 2019 bug related to ContextLoad
|
||||
|
||||
* Mon Mar 01 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.2-0.20210301git729fc6a4ca
|
||||
- tpm2: CryptSym: fix AES output IV; a CVE has been filed for this issue
|
||||
|
||||
* Sat Feb 27 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.1-0.20210227git5bf2746e47
|
||||
- Fixed a context save and suspend/resume problem when public keys are loaded
|
||||
|
||||
* Thu Feb 25 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.0-0.20210225git3fd4b94903
|
||||
- Release of v0.8.0
|
||||
|
||||
* Thu Feb 18 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.7.5-0.20210218gite271498466
|
||||
- Addressed UBSAN and cppcheck detected issues
|
||||
- Return proper size of ECC Parameters to pass HLK tests
|
||||
|
||||
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.4-0.20201031git2452a24dab.1
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||
|
||||
* Sat Oct 31 2020 Stefan Berger <stefanb@linux.ibm.com> - 0.7.4-0.20201031git2452a24dab
|
||||
- Follow stable-0.7.0 branch to v0.7.4 with security-related fixes
|
||||
|
||||
* Fri Jul 31 2020 Stefan Berger <stefanb@linux.ibm.com> - 0.7.3-0.20200731git1d392d466a
|
||||
- Follow stable-0.7.0 branch to v0.7.3
|
||||
|
||||
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.2-0.20200527git7325acb477.1
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Wed May 27 2020 Stefan Berger <stefanb@linux.ibm.com> - 0.7.2-0.20200527git7325acb477
|
||||
* Thu May 28 2020 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.2-1.20200527git7325acb477
|
||||
- Update to v0.7.2 stable snapshot, fixes rhbz#1809676
|
||||
- exclude i686 build
|
||||
- Following stable-0.7.0 branch for TPM 2 related fixes: RSA decryption,
|
||||
PSS salt length, symmetric decryption (padding)
|
||||
- Under certain circumstances an RSA decryption could cause a buffer overflow causing
|
||||
termination of the program (swtpm)
|
||||
|
||||
* Wed May 20 2020 Stefan Berger <stefanb@linux.ibm.com> - 0.7.1-0.20200520git8fe99d1fd0
|
||||
- Following stable-0.7.0 branch for TPM 2 related fixes; v0.7.1 + gcc related patch
|
||||
- elliptic curve fixes
|
||||
- MANUFACTURER changed from "IBM " to "IBM"
|
||||
- gcc 10 related fix
|
||||
|
||||
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.0-0.20191018gitdc116933b7.1
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
* Fri Oct 18 2019 Stefan Berger <stefanb@linux.ibm.com> - 0.7.0-0.20191018gitdc116933b7
|
||||
- Following stable-0.7.0 branch for TPM 1.2 related bugfix
|
||||
|
||||
* Tue Oct 08 2019 Stefan Berger <stefanb@linux.ibm.com> - 0.7.0-0.20191008gitc26e8f7b08
|
||||
- Following stable-0.7.0 branch for bug fix
|
||||
* Fri Oct 18 2019 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.0-1.20191018gitdc116933b7
|
||||
- RHEL8.1.1 update
|
||||
- Update to v0.7.0 stable snapshot
|
||||
|
||||
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.0-0.20190719gitd061d8065b.2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||
|
||||
* Fri Jul 19 2019 Stefan Berger <stefanb@linux.ibm.com> - 0.7.0-0.20190719gitd061d8065b
|
||||
- Update to v0.7.0
|
||||
|
||||
* Fri May 10 2019 Stefan Berger <stefanb@linux.ibm.com> - 0.6.1-0.20190510gitb244bdf6e2
|
||||
- Applied bugfix for CMAC
|
||||
* Tue Apr 16 2019 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.6.1-0.20190121git9dc915572b.2
|
||||
- RHEL8.1 build
|
||||
|
||||
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.1-0.20190121git9dc915572b.1
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||
|
||||
Loading…
Reference in New Issue
Block a user