* Fri Aug 22 2025 giacomo.leidi@suse.com
- Allow for %is_opensuse to be unset, following up to
https://src.suse.de/products/SLFO/pulls/204 (bsc#1248486).
* Fri Dec 06 2024 manfred.h@gmx.net
- Use gcc/g++-13 on Leap to fix the following failure:
"tpm2_setprofile.c:49:24: error: initializer element is not constant"
* Wed Dec 04 2024 aplanas@suse.com
- Add tpm2-Add-padding-to-OBJECT-for-32bit-targets.patch
- Update to 0.10.0:
* tpm2: Support for profiles: default-v1 & custom
* tpm2: Add new API call TPMLIB_SetProfile to enable user to set a
profile
* tpm2: Extende TPMLIB_GetInfo to return profiles-related info
* tpm2: Implemented crypto tests and restrictions on crypto related
to FIPS-140-3; can be enabled with profiles
* tpm2: Enable Camellia-192 and AES-192
* tpm2: Implement TPMLIB_WasManufactured API call
* tpm2: Fixes for issues detected by static analyzers
* tpm2: Use OpenSSL-based KDFe implementation if possible
* tpm2: Update to TPM 2 spec rev 183 (many changes)
* tpm2: Better support for OpenSSL 3.x
* tpm2: Use Carmichael function for RSA priv. exponent D (>= 2048
bits)
* tpm2: Fixes for CVE-2023-1017 and CVE-2023-1018
* tpm2: Fix of SignedCompareB().
- NOTE: This fix may result in backwards compatibility issues with PCR
policies used by TPM2_PolicyCounterTimer and TPM2_PolicyNV when
upgrading from v0.9 to v0.10.
* Mon Mar 06 2023 aplanas@suse.com
- Update to 0.9.6:
* CVE-2023-1018: tpm2: Fixed out of bounds read in CryptParameterDecryption (bsc#1206023)
* CVE-2023-1017: tpm2: Fixed out of bounds write in CryptParameterDecryption (bsc#1206022)
- 0001-tpm2-Check-size-of-buffer-before-accessing-it-CVE-20.patch: upstreamed
* Sat Dec 03 2022 dmueller@suse.com
- update to 0.9.5:
* tpm2: Do not set RSA_FLAG_NO_BLINDING on RSA keys anymore
* tpm2: Fix a potential overflow expression (coverity)
* tpm2: Fix size check in CryptSecretDecrypt
* tpm: #undef printf in case it is #define'd (OSS-Fuzz)
* tpm2: Check return code of BN_div()
* tpm2: Initialize variables due to gcc complaint (s390x, false positive)
* tpm12: Initialize variables due to gcc complaint (s390x, false positive)
* build-sys: Fix configure script to support _FORTIFY_SOURCE=3
* Fri Nov 25 2022 pgajdos@suse.com
- fix build for ppc64le: use -Wl,--no-as-needed in check-local
[bsc#1204556]
* Sun Apr 10 2022 dmueller@suse.com
- update to 0.9.3:
* build-sys: Add probing for -fstack-protector
* tpm2: Do not call EVP_PKEY_CTX_set0_rsa_oaep_label() for label of size
* (OSSL 3)
* tpm2: When writing state initialize s_ContextSlotMask if not set
* Thu Dec 09 2021 rpm@fthiessen.de
- Update to version 0.9.1
* Downgrade to previous versions is not possible, as the size of
the context gap has been adjusted to 0xffff from 0xff.
* Enabled Camellia symmetric key encryption algorithm
* tpm2: Update to TPM 2 spec rev 164
* tpm2: Added a cache for private exponent D and prime Q
* tpm2: bug fixes
- Drop upstream fixed libtpms-CVE-2021-3746.patch
- Fixed CVE-2021-3623 (bsc#1187767)
- Used in SLE:
0001-tpm2-Reset-TPM2B-buffer-sizes-after-test-fails-for-v.patch
0002-tpm2-Add-maxSize-parameter-to-TPM2B_Marshal-for-sani.patch
0003-tpm2-Restore-original-value-if-unmarsalled-value-was.patch
* Tue Aug 31 2021 pgajdos@suse.com
- security update
- added patches
fix CVE-2021-3746 [bsc#1189935], out-of-bounds access via specially crafted TPM 2 command packets
+ libtpms-CVE-2021-3746.patch
* Sat Aug 07 2021 gmbr3@opensuse.org
- Update to version 0.8.4:
* Reset too large size indicators in TPM2B to avoid access
beyond buffer
* Restore original value in buffer if unmarshalled one was
illegal