Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package libtpms for openSUSE:Factory checked
in at 2022-12-07 17:33:34
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libtpms (Old)
and /work/SRC/openSUSE:Factory/.libtpms.new.1835 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libtpms"
Wed Dec 7 17:33:34 2022 rev:17 rq:1040190 version:0.9.5
Changes:
--------
--- /work/SRC/openSUSE:Factory/libtpms/libtpms.changes 2022-11-26
18:45:14.967140318 +0100
+++ /work/SRC/openSUSE:Factory/.libtpms.new.1835/libtpms.changes
2022-12-07 17:33:57.844210291 +0100
@@ -1,0 +2,13 @@
+Sat Dec 3 09:56:13 UTC 2022 - Dirk Müller <dmuel...@suse.com>
+
+- update to 0.9.5:
+ * tpm2: Do not set RSA_FLAG_NO_BLINDING on RSA keys anymore
+ * tpm2: Fix a potential overflow expression (coverity)
+ * tpm2: Fix size check in CryptSecretDecrypt
+ * tpm: #undef printf in case it is #define'd (OSS-Fuzz)
+ * tpm2: Check return code of BN_div()
+ * tpm2: Initialize variables due to gcc complaint (s390x, false positive)
+ * tpm12: Initialize variables due to gcc complaint (s390x, false positive)
+ * build-sys: Fix configure script to support _FORTIFY_SOURCE=3
+
+-------------------------------------------------------------------
Old:
----
libtpms-0.9.3.tar.gz
New:
----
libtpms-0.9.5.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libtpms.spec ++++++
--- /var/tmp/diff_new_pack.ridXUp/_old 2022-12-07 17:33:58.624214562 +0100
+++ /var/tmp/diff_new_pack.ridXUp/_new 2022-12-07 17:33:58.628214584 +0100
@@ -18,7 +18,7 @@
%define lname libtpms0
Name: libtpms
-Version: 0.9.3
+Version: 0.9.5
Release: 0
Summary: Library providing Trusted Platform Module (TPM) functionality
License: BSD-3-Clause
++++++ libtpms-0.9.3.tar.gz -> libtpms-0.9.5.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libtpms-0.9.3/CHANGES new/libtpms-0.9.5/CHANGES
--- old/libtpms-0.9.3/CHANGES 2022-03-07 18:07:25.000000000 +0100
+++ new/libtpms-0.9.5/CHANGES 2022-07-01 17:36:16.000000000 +0200
@@ -1,5 +1,17 @@
CHANGES - changes for libtpms
+version 0.9.5:
+ - tpm2: Do not set RSA_FLAG_NO_BLINDING on RSA keys anymore
+ - tpm2: Fix a potential overflow expression (coverity)
+ - tpm2: Fix size check in CryptSecretDecrypt
+
+version 0.9.4:
+ - tpm: #undef printf in case it is #define'd (OSS-Fuzz)
+ - tpm2: Check return code of BN_div()
+ - tpm2: Initialize variables due to gcc complaint (s390x, false positive)
+ - tpm12: Initialize variables due to gcc complaint (s390x, false positive)
+ - build-sys: Fix configure script to support _FORTIFY_SOURCE=3
+
version 0.9.3:
- build-sys: Add probing for -fstack-protector
- tpm2: Do not call EVP_PKEY_CTX_set0_rsa_oaep_label() for label of size
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libtpms-0.9.3/configure.ac
new/libtpms-0.9.5/configure.ac
--- old/libtpms-0.9.3/configure.ac 2022-03-07 18:07:25.000000000 +0100
+++ new/libtpms-0.9.5/configure.ac 2022-07-01 17:36:16.000000000 +0200
@@ -3,7 +3,7 @@
#
# See the LICENSE file for the license associated with this file.
-AC_INIT([libtpms],[0.9.3])
+AC_INIT([libtpms],[0.9.5])
AC_PREREQ([2.69])
AC_CONFIG_SRCDIR(Makefile.am)
AC_CONFIG_AUX_DIR([.])
@@ -294,11 +294,10 @@
HARDENING_CFLAGS="-fstack-protector-strong "
fi
- dnl Must not have -O0 but must have a -O for -D_FORTIFY_SOURCE=2
- TMP1="$(echo $CFLAGS | sed -n 's/.*\(-O0\).*/\1/p')"
- TMP2="$(echo $CFLAGS | sed -n 's/.*\(-O\).*/\1/p')"
- if test -z "$TMP1" && test -n "$TPM2"; then
- HARDENING_CFLAGS="$HARDENING_CFLAGS -D_FORTIFY_SOURCE=2 "
+ dnl Only support -D_FORTIFY_SOURCE=2 and have higher levels passed in
by user
+ dnl since they may create more overhead
+ if $CC $CFLAGS -Werror -D_FORTIFY_SOURCE=2
$srcdir/include/libtpms/tpm_library.h 2>/dev/null; then
+ HARDENING_CFLAGS="$HARDENING_CFLAGS -D_FORTIFY_SOURCE=2"
fi
dnl Check linker for 'relro' and 'now'
save_CFLAGS="$CFLAGS"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libtpms-0.9.3/debian/changelog
new/libtpms-0.9.5/debian/changelog
--- old/libtpms-0.9.3/debian/changelog 2022-03-07 18:07:25.000000000 +0100
+++ new/libtpms-0.9.5/debian/changelog 2022-07-01 17:36:16.000000000 +0200
@@ -1,3 +1,21 @@
+libtpms (0.9.5) RELEASED; urgency=medium
+
+ - tpm2: Do not set RSA_FLAG_NO_BLINDING on RSA keys anymore
+ - tpm2: Fix a potential overflow expression (coverity)
+ - tpm2: Fix size check in CryptSecretDecrypt
+
+ -- Stefan Berger <stef...@linux.ibm.com> Fri, 01 Jul 2022 09:00:00 -0500
+
+libtpms (0.9.4) RELEASED; urgency=medium
+
+ - tpm: #undef printf in case it is #define'd (OSS-Fuzz)
+ - tpm2: Check return code of BN_div()
+ - tpm2: Initialize variables due to gcc complaint (s390x, false positive)
+ - tpm12: Initialize variables due to gcc complaint (s390x, false positive)
+ - build-sys: Fix configure script to support _FORTIFY_SOURCE=3
+
+ -- Stefan Berger <stef...@linux.ibm.com> Mon, 25 Apr 2022 09:00:00 -0500
+
libtpms (0.9.3) RELEASED; urgency=medium
- build-sys: Add probing for -fstack-protector
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libtpms-0.9.3/dist/libtpms.spec
new/libtpms-0.9.5/dist/libtpms.spec
--- old/libtpms-0.9.3/dist/libtpms.spec 2022-03-07 18:07:25.000000000 +0100
+++ new/libtpms-0.9.5/dist/libtpms.spec 2022-07-01 17:36:16.000000000 +0200
@@ -1,8 +1,8 @@
# --- libtpm rpm-spec ---
%define name libtpms
-%define version 0.9.3
-%define release 0~dev1
+%define version 0.9.5
+%define release 1
# Valid crypto subsystems are 'freebl' and 'openssl'
%if "%{?crypto_subsystem}" == ""
@@ -112,6 +112,12 @@
%postun -p /sbin/ldconfig
%changelog
+* Fri Jul 01 2022 Stefan Berger - 0.9.5-1
+- Release of version 0.9.5
+
+* Mon Apr 25 2022 Stefan Berger - 0.9.4-1
+- Release of version 0.9.4
+
* Mon Mar 07 2022 Stefan Berger - 0.9.3-1
- Release of version 0.9.3
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libtpms-0.9.3/dist/libtpms.spec.in
new/libtpms-0.9.5/dist/libtpms.spec.in
--- old/libtpms-0.9.3/dist/libtpms.spec.in 2022-03-07 18:07:25.000000000
+0100
+++ new/libtpms-0.9.5/dist/libtpms.spec.in 2022-07-01 17:36:16.000000000
+0200
@@ -2,7 +2,7 @@
%define name @PACKAGE@
%define version @VERSION@
-%define release 0~dev1
+%define release 1
# Valid crypto subsystems are 'freebl' and 'openssl'
%if "%{?crypto_subsystem}" == ""
@@ -112,6 +112,12 @@
%postun -p /sbin/ldconfig
%changelog
+* Fri Jul 01 2022 Stefan Berger - 0.9.5-1
+- Release of version 0.9.5
+
+* Mon Apr 25 2022 Stefan Berger - 0.9.4-1
+- Release of version 0.9.4
+
* Mon Mar 07 2022 Stefan Berger - 0.9.3-1
- Release of version 0.9.3
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libtpms-0.9.3/include/libtpms/tpm_library.h
new/libtpms-0.9.5/include/libtpms/tpm_library.h
--- old/libtpms-0.9.3/include/libtpms/tpm_library.h 2022-03-07
18:07:25.000000000 +0100
+++ new/libtpms-0.9.5/include/libtpms/tpm_library.h 2022-07-01
17:36:16.000000000 +0200
@@ -50,7 +50,7 @@
#define TPM_LIBRARY_VER_MAJOR 0
#define TPM_LIBRARY_VER_MINOR 9
-#define TPM_LIBRARY_VER_MICRO 3
+#define TPM_LIBRARY_VER_MICRO 5
#define TPM_LIBRARY_VERSION_GEN(MAJ, MIN, MICRO) \
(( MAJ << 16 ) | ( MIN << 8 ) | ( MICRO ))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libtpms-0.9.3/src/tpm12/tpm_nvram.c
new/libtpms-0.9.5/src/tpm12/tpm_nvram.c
--- old/libtpms-0.9.3/src/tpm12/tpm_nvram.c 2022-03-07 18:07:25.000000000
+0100
+++ new/libtpms-0.9.5/src/tpm12/tpm_nvram.c 2022-07-01 17:36:16.000000000
+0200
@@ -1290,7 +1290,7 @@
TPM_BOOL physicalPresence;
TPM_BOOL isGPIO = FALSE;
BYTE *gpioData = NULL;
- TPM_NV_DATA_SENSITIVE *d1NvdataSensitive;
+ TPM_NV_DATA_SENSITIVE *d1NvdataSensitive = NULL;
uint32_t s1Last;
/* output parameters */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libtpms-0.9.3/src/tpm2/BnMath.c
new/libtpms-0.9.5/src/tpm2/BnMath.c
--- old/libtpms-0.9.3/src/tpm2/BnMath.c 2022-03-07 18:07:25.000000000 +0100
+++ new/libtpms-0.9.5/src/tpm2/BnMath.c 2022-07-01 17:36:16.000000000 +0200
@@ -426,7 +426,7 @@
// Grow the number if necessary to set the bit.
while(bn->size <= offset)
bn->d[bn->size++] = 0;
- bn->d[offset] |= (crypt_uword_t)(1 << RADIX_MOD(bitNum));
+ bn->d[offset] |= ((crypt_uword_t)1 << RADIX_MOD(bitNum));
return TRUE;
}
/* 10.2.3.3.17 BnTestBit() */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libtpms-0.9.3/src/tpm2/CryptUtil.c
new/libtpms-0.9.5/src/tpm2/CryptUtil.c
--- old/libtpms-0.9.3/src/tpm2/CryptUtil.c 2022-03-07 18:07:25.000000000
+0100
+++ new/libtpms-0.9.5/src/tpm2/CryptUtil.c 2022-07-01 17:36:16.000000000
+0200
@@ -732,7 +732,7 @@
nonceCaller->t.size);
}
// make sure secret will fit
- if(secret->t.size > data->t.size)
+ if(secret->t.size > sizeof(data->t.buffer))
return TPM_RC_FAILURE;
data->t.size = secret->t.size;
// CFB decrypt, using nonceCaller as iv
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libtpms-0.9.3/src/tpm2/Marshal.c
new/libtpms-0.9.5/src/tpm2/Marshal.c
--- old/libtpms-0.9.3/src/tpm2/Marshal.c 2022-03-07 18:07:25.000000000
+0100
+++ new/libtpms-0.9.5/src/tpm2/Marshal.c 2022-07-01 17:36:16.000000000
+0200
@@ -2195,7 +2195,7 @@
TPM2B_NV_PUBLIC_Marshal(TPM2B_NV_PUBLIC *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- BYTE *sizePtr;
+ BYTE *sizePtr = NULL;
if (buffer != NULL) {
sizePtr = *buffer;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libtpms-0.9.3/src/tpm2/crypto/openssl/Helpers.c
new/libtpms-0.9.5/src/tpm2/crypto/openssl/Helpers.c
--- old/libtpms-0.9.3/src/tpm2/crypto/openssl/Helpers.c 2022-03-07
18:07:25.000000000 +0100
+++ new/libtpms-0.9.5/src/tpm2/crypto/openssl/Helpers.c 2022-07-01
17:36:16.000000000 +0200
@@ -439,8 +439,6 @@
EVP_PKEY_assign_RSA(*pkey, rsakey) == 0)
ERROR_RETURN(TPM_RC_FAILURE)
- RSA_set_flags(rsakey, RSA_FLAG_NO_BLINDING);
-
retVal = TPM_RC_SUCCESS;
Exit:
@@ -521,8 +519,7 @@
ERROR_RETURN(TPM_RC_FAILURE);
/* Q = N/P; no remainder */
BN_set_flags(P, BN_FLG_CONSTTIME); // P is secret
- BN_div(Q, Qr, N, P, ctx);
- if(!BN_is_zero(Qr))
+ if (!BN_div(Q, Qr, N, P, ctx) || !BN_is_zero(Qr))
ERROR_RETURN(TPM_RC_BINDING);
BN_set_flags(Q, BN_FLG_CONSTTIME); // Q is secret
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libtpms-0.9.3/src/tpm_debug.h
new/libtpms-0.9.5/src/tpm_debug.h
--- old/libtpms-0.9.3/src/tpm_debug.h 2022-03-07 18:07:25.000000000 +0100
+++ new/libtpms-0.9.5/src/tpm_debug.h 2022-07-01 17:36:16.000000000 +0200
@@ -66,6 +66,9 @@
#endif /* TPM_DEBUG */
#endif
+#ifdef printf
+# undef printf
+#endif
#define printf(...) TPMLIB_LogPrintf(__VA_ARGS__);
#endif
