Add ibmtss-2.4.0-fix-FTBFS-2026.patch to fix tests after 2026 (boo#1102840)

OBS-URL: https://build.opensuse.org/package/show/security/ibmtss?expand=0&rev=49
2024-12-03 15:09:05 +00:00 · 2024-12-03 15:09:05 +00:00 · 48c2216868
commit 48c2216868
11 changed files with 651 additions and 0 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+.osc
--- a/90-tpm-ibmtss.rules
+++ b/90-tpm-ibmtss.rules
@ -0,0 +1,4 @@
+# tpm devices can only be accessed by the tss user but the tss
+# group members can access tpmrm devices
+KERNEL=="tpm[0-9]*", MODE="0660", OWNER="tss"
+KERNEL=="tpmrm[0-9]*", MODE="0660", OWNER="tss", GROUP="tss"
--- a/ibmtss-2.4.0-fix-FTBFS-2026.patch
+++ b/ibmtss-2.4.0-fix-FTBFS-2026.patch
@ -0,0 +1,92 @@
+From 3a17ac01bea73d3568272d61b895a16a0bd85440 Mon Sep 17 00:00:00 2001
+From: Ken Goldman <kgold@linux.ibm.com>
+Date: Sun, 23 Oct 2050 00:02:27 -0400
+Subject: [PATCH] certs: Issue new self signed test EK CA certificates.
+
+The original CA certificates for signing EKs for TSS regression
+testing expired in 2026. This caused a failure in a distro that
+expects tests to pass for 15 years from the present. The new one is
+good until 2044.
+
+This affected neither the TSS nor the TPM vendor certificates.
+
+Signed-off-by: Ken Goldman <kgold@linux.ibm.com>
+---
+ utils/certificates/cacert.pem    | 38 ++++++++++++++++----------------
+ utils/certificates/cacertecc.pem | 22 +++++++++---------
+ 2 files changed, 30 insertions(+), 30 deletions(-)
+
+diff --git a/utils/certificates/cacert.pem b/utils/certificates/cacert.pem
+index b752ba54..5c7d1a5f 100644
+--- a/utils/certificates/cacert.pem
+++ b/utils/certificates/cacert.pem
+@@ -1,21 +1,21 @@
+ -----BEGIN CERTIFICATE-----
+-MIIDbDCCAlKgAwIBAgIJALbpb8xivmmsMA0GCSqGSIb3DQEBBQUAMEsxCzAJBgNV
+-BAYTAlVTMQswCQYDVQQIDAJOWTERMA8GA1UEBwwIWW9ya3Rvd24xDDAKBgNVBAoM
+-A0lCTTEOMAwGA1UEAwwFRUsgQ0EwHhcNMTYwNTIzMTkwNjExWhcNMjYwMjIwMTkw
+-NjExWjBLMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTlkxETAPBgNVBAcMCFlvcmt0
+-b3duMQwwCgYDVQQKDANJQk0xDjAMBgNVBAMMBUVLIENBMIIBIzANBgkqhkiG9w0B
+-AQEFAAOCARAAMIIBCwKCAQICsUzdWU1yjZNL5QeJU/emaKBbOuHvZqdCvApjGM+T
+-31XO1s52BkxRtOjULxd+xiK0xogdxDwwsnh/o/YR9zmj7aDVFz068WCEBvjKkClf
+-KOk+1VpdAFzni+NNYMNESNul3ZWwEzpfBmghI7zJQrUBh1rn27PC9OtfTFhONzRT
+-XPq5K2vScvU3Wz0papT4+hEmsd8YyhMYJr00cjV2bDzphZ7wg9YNNpUMJZ4yipYy
+-4XLG+HVPb9DyERFQNpDooA/ZhCZVT8auDbdSvYyrO9q+Uxz30UeqXK3YnDCyk00k
+-JCBWmf3TobjWMKwZO3gUIRMrBuJ7UsEtkkh8+jLaJ7Qcl68CAwEAAaNQME4wHQYD
+-VR0OBBYEFMSPNuKcE6FeRlRc+DKJeakTyaDpMB8GA1UdIwQYMBaAFMSPNuKcE6Fe
+-RlRc+DKJeakTyaDpMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEDAAFr
+-xBCzqiAkYNofYGNidpGrkiP2T3xj/hUx57HjVVoWNlVDBGsxbnoB+WlBqzApJLZC
+-/XZs/zuvS4bnMiSUEw2v8v3/sAqkzMJN7VOg0US1etNjPSrlBmSeun/6HX0C+5M2
+-wQ836P6Y49PePvJO6zGdxJ9SlZ8jKNgtQgQKyUSViSEj0N09CndQJMnOPYIYhc+T
+-/9/HPaNMymHu7Hep0/NgASoLnm8LzP+nzmR286L4DeZ47hKBHMbnTeNNlodEjh92
+-AyI4yaGKjujRjPokTHWUWjFt6t1VXn1cc6Sdpj2YVeFCjkjB9NmDV+Msv9h4UAqy
+-K0wEax/1fsWqDeoom5I1NA==
+MIIDejCCAmCgAwIBAgIUVOe6TM3djGkrJ/G+ttuqcW2o/ccwDQYJKoZIhvcNAQEL
+BQAwSzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5ZMREwDwYDVQQHDAhZb3JrdG93
+bjEMMAoGA1UECgwDSUJNMQ4wDAYDVQQDDAVFSyBDQTAeFw0yNDEwMjIwNDAwNDJa
+Fw00NDEwMTcwNDAwNDJaMEsxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOWTERMA8G
+A1UEBwwIWW9ya3Rvd24xDDAKBgNVBAoMA0lCTTEOMAwGA1UEAwwFRUsgQ0EwggEj
+MA0GCSqGSIb3DQEBAQUAA4IBEAAwggELAoIBAgKxTN1ZTXKNk0vlB4lT96ZooFs6
+4e9mp0K8CmMYz5PfVc7WznYGTFG06NQvF37GIrTGiB3EPDCyeH+j9hH3OaPtoNUX
+PTrxYIQG+MqQKV8o6T7VWl0AXOeL401gw0RI26XdlbATOl8GaCEjvMlCtQGHWufb
+s8L0619MWE43NFNc+rkra9Jy9TdbPSlqlPj6ESax3xjKExgmvTRyNXZsPOmFnvCD
+1g02lQwlnjKKljLhcsb4dU9v0PIREVA2kOigD9mEJlVPxq4Nt1K9jKs72r5THPfR
+R6pcrdicMLKTTSQkIFaZ/dOhuNYwrBk7eBQhEysG4ntSwS2SSHz6MtontByXrwID
+AQABo1MwUTAdBgNVHQ4EFgQUxI824pwToV5GVFz4Mol5qRPJoOkwHwYDVR0jBBgw
+FoAUxI824pwToV5GVFz4Mol5qRPJoOkwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
+9w0BAQsFAAOCAQMAADawHyUjkBDBEjf9ITGSbdWhhPFAZ5R1YNxVY7gERFNIqm2/
+K2C0Dj8L3eYr7dyGSafQfOaMZRHaDDx/LiIrrrGGfcDMoBLdCPNNp04etRIe6w+y
+pSM3ebJm2RW415L8YrirXVO+cUEWvLZcotvszLgE4hzt+mFosmIy5U3/MQU7RyiW
+LS066Nw2IXyisb2kKiwEqw+iC4eWvj6DWnjgHqZJ6/0zuV9RjJXDFEq5YvV6E13I
+2OnvDaoq9FRadXHJmqdlSbpzuLMY4JOftXOTps1kfejMun303HUfzf7+LiA1bOf4
+UGt6LgzbOG72WRDQMKlhXNZcthNWtqU8ZCD0KQgP
+ -----END CERTIFICATE-----
+diff --git a/utils/certificates/cacertecc.pem b/utils/certificates/cacertecc.pem
+index a47eb31c..cfa802e4 100644
+--- a/utils/certificates/cacertecc.pem
+++ b/utils/certificates/cacertecc.pem
+@@ -1,13 +1,13 @@
+ -----BEGIN CERTIFICATE-----
+-MIIB4zCCAYmgAwIBAgIJALX8+MVL3dXPMAoGCCqGSM49BAMCME4xCzAJBgNVBAYT
+-AlVTMQswCQYDVQQIDAJOWTERMA8GA1UEBwwIWW9ya3Rvd24xDDAKBgNVBAoMA0lC
+-TTERMA8GA1UEAwwIRUsgRUMgQ0EwHhcNMTcwMTEzMjAzOTE2WhcNMjcwMTExMjAz
+-OTE2WjBOMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTlkxETAPBgNVBAcMCFlvcmt0
+-b3duMQwwCgYDVQQKDANJQk0xETAPBgNVBAMMCEVLIEVDIENBMFkwEwYHKoZIzj0C
+-AQYIKoZIzj0DAQcDQgAEahnfxuCQ+NsMcDIe8GZxIiFSX65CXICk6zc3NLRPbPvq
+-ToRdIanaP14TT6eu76FkNDzbtsY6PSMgVNTeAAnfGqNQME4wHQYDVR0OBBYEFAFk
+-p5Lu8Z+laxVYak8/WHhLsG+lMB8GA1UdIwQYMBaAFAFkp5Lu8Z+laxVYak8/WHhL
+-sG+lMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgQ9GClH24Y9NPpKdh
+-3HTwudrjYPYyjK8o5HQ9c8Xc9ecCIQD0NgIj1iUvkEzgNoXS7UP1RD0MpKdzywqM
+-5RyP15ckRA==
+MIIB8TCCAZegAwIBAgIUNMOdoYR8km3U06frlHaKH3I94pIwCgYIKoZIzj0EAwIw
+TjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5ZMREwDwYDVQQHDAhZb3JrdG93bjEM
+MAoGA1UECgwDSUJNMREwDwYDVQQDDAhFSyBFQyBDQTAeFw0yNDEwMjMxNTAwMjFa
+Fw00NDEwMTgxNTAwMjFaME4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOWTERMA8G
+A1UEBwwIWW9ya3Rvd24xDDAKBgNVBAoMA0lCTTERMA8GA1UEAwwIRUsgRUMgQ0Ew
+WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARqGd/G4JD42wxwMh7wZnEiIVJfrkJc
+gKTrNzc0tE9s++pOhF0hqdo/XhNPp67voWQ0PNu2xjo9IyBU1N4ACd8ao1MwUTAd
+BgNVHQ4EFgQUAWSnku7xn6VrFVhqTz9YeEuwb6UwHwYDVR0jBBgwFoAUAWSnku7x
+n6VrFVhqTz9YeEuwb6UwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNIADBF
+AiEAhLQDUXzw9zBXSgAM1PHdhKT9AcVN6DIOpZhniHwXnnQCIAM5Uzc7DrUpuWUM
+aXcP5Jnwafl78umJOocN/R72zWqt
+ -----END CERTIFICATE-----
--- a/ibmtss-2.4.0.tar.gz
+++ b/ibmtss-2.4.0.tar.gz
--- a/ibmtss-configure.ac-Do-not-disable-optimization-for-debug-b.patch
+++ b/ibmtss-configure.ac-Do-not-disable-optimization-for-debug-b.patch
@ -0,0 +1,30 @@
+From 6d5c05a167d847ac21315aa4a1c171715cd816af Mon Sep 17 00:00:00 2001
+From: Michal Suchanek <msuchanek@suse.de>
+Date: Mon, 17 Aug 2020 18:21:51 +0200
+Subject: [PATCH] configure.ac: Do not override optimization for debug build.
+
+-O0 conflicts with FORTIFY_SOURCE and generates completely different
+assembly for debug and production. If user passes in C flags let them
+override the suggested -O0.
+
+Signed-off-by: Michal Suchanek <msuchanek@suse.de>
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 30e9254b339a..883c4bb84efa 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -67,7 +67,7 @@ AC_CHECK_FUNCS([gethostbyname memmove memset socket strerror strtoul])
+ # Replace autotools default optimization
+ AC_ARG_ENABLE(debug,
+    AS_HELP_STRING([--enable-debug], [Build a TSS library used for debugging]))
+-   AS_IF([test "$enable_debug" = "yes"], [CFLAGS="$USER_CFLAGS -g -ggdb -O0"])
+   AS_IF([test "$enable_debug" = "yes"], [CFLAGS="-O0 -g -ggdb $USER_CFLAGS -Wextra -Werror"])
+ 
+ # Linux requires -DTPM_POSIX
+ case $host_os in
+-- 
+2.46.1
+
--- a/ibmtss.changes
+++ b/ibmtss.changes
@ -0,0 +1,192 @@
+-------------------------------------------------------------------
+Tue Dec  3 07:26:17 UTC 2024 - Bernhard Wiedemann <bwiedemann@suse.com>
+
+- Add ibmtss-2.4.0-fix-FTBFS-2026.patch to fix tests after 2026 (boo#1102840)
+
+-------------------------------------------------------------------
+Mon Oct 21 09:23:53 UTC 2024 - Michal Suchanek <msuchanek@suse.de>
+
+- Update to 2.4.0:
+  * Add support for EK intermediate certificates
+  * Support different IMA log digest algorithms
+  * add regtest
+  * html documentation
+- Refresh ibmtss-configure.ac-Do-not-disable-optimization-for-debug-b.patch
+- tss-Commit-changelog-and-autotools-version-update.patch
+- utils-Update-.so-version-to-2.4.patch
+
+-------------------------------------------------------------------
+Thu Nov 30 14:36:22 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 2.1.1:
+  * Add man page for tpmproxy.
+- Update to 2.1.0:
+  * Parse new IMA event log template data fields.
+  * Add option to verify IMA template data
+  * Correct minor regression test script typos.
+- Update to 2.0.0
+  * Expand TPMU_SENSITIVE_COMPOSITE to handle HW TPMs that return 5
+    RSA primes.  This is an ABI (not API) break.
+  * Add support for TPM2_ECC_Encrypt and TPM2_ECC_Decrypt
+  * Add more EFI event log handlers and event tracing.
+  * SW TPM test CA now uses SHA-256, not the deprecated SHA-1.
+  * Port tpmproxy for TPM 2.0 to Linux and Windows.
+  * Add many new EK root certificates.
+  * Remove OpenSSL functions deprecated in 3.x.
+  * Fix TSS bug when using encrypt and decrypt in a PWAP session.
+  * Add build flag to suppress SHA-1.
+- Remove patches fixed upstream:
+  * ibmtss-regtests-Update-openssl-key-generation-for-3.0.0.patch
+  * ibmtss-utils-Update-certifyx509-for-Openssl-3.0.0.patch
+  * ibmtss-utils-Remove-unused-variables-from-certifyx509.patch
+  * ibmtss-tss-Port-HMAC-operations-to-openssl-3.0.patch
+  * ibmtss-utils-Port-to-openssl-3.0.0-replaces-RSA-with-EVP_PK.patch
+  * ibmtss-openssl3-deprecation.patch
+
+-------------------------------------------------------------------
+Wed Nov  9 13:33:51 UTC 2022 - Pedro Monreal <pmonreal@suse.com>
+
+- Build with OpenSSL 3.0 deprecated functions until fixed upstream
+in the next version update [bsc#1205042]
+  * ibmtss-openssl3-deprecation.patch
+- Add upstream patches to fix build with OpenSSL 3.0
+  * ibmtss-regtests-Update-openssl-key-generation-for-3.0.0.patch
+  * ibmtss-utils-Update-certifyx509-for-Openssl-3.0.0.patch
+  * ibmtss-utils-Remove-unused-variables-from-certifyx509.patch
+  * ibmtss-tss-Port-HMAC-operations-to-openssl-3.0.patch
+  * ibmtss-utils-Port-to-openssl-3.0.0-replaces-RSA-with-EVP_PK.patch
+
+-------------------------------------------------------------------
+Thu Nov 25 11:48:53 UTC 2021 - Michal Suchanek <msuchanek@suse.com>
+
+- Fix certificate list, run all tests.
+
+-------------------------------------------------------------------
+Tue Jan 26 09:19:47 UTC 2021 - Petr Vorel <pvorel@suse.cz>
+
+- Update to upstream version 1.6.0 (jsc#SLE-18268).
+- Drop patches from this release
+  - ibmtss-certifyx509-Fix-uninitialized-variable.patch
+  - ibmtss-fix-dsa-regression.patch
+
+-------------------------------------------------------------------
+Thu Oct  1 19:24:56 UTC 2020 - Pedro Monreal Gonzalez <pmonreal@suse.com>
+
+- Regression fix:
+  * utils: fix ABI break caused by additional argument to -rsa
+  * https://sourceforge.net/p/ibmtpm20tss/mailman/message/37119441/
+- Add ibmtss-fix-dsa-regression.patch
+
+-------------------------------------------------------------------
+Mon Aug 17 14:38:12 UTC 2020 - Michal Suchanek <msuchanek@suse.de>
+
+- Update to upstream version 1.5.0 (jsc#SLE-13828).
+- Fix build warning due to -O0
+  + ibmtss-configure.ac-Do-not-disable-optimization-for-debug-b.patch
+- Fix uninitialized variable warning
+  + ibmtss-certifyx509-Fix-uninitialized-variable.patch
+
+-------------------------------------------------------------------
+Fri Mar 27 13:19:08 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Don't mess with Epoch: in the long run it can't but cause
+  problems. Upstreams that don't understand the meaning of version
+  numbers can't be helped with Epoch. Let's rely on the distro
+  features for dist-upgrade (that has no problem with a 'version
+  downgrade'.
+
+-------------------------------------------------------------------
+Mon Mar 23 20:10:11 UTC 2020 - Michal Suchanek <msuchanek@suse.com>
+
+- Fix dependencies for epoch, remove useless define.
+
+-------------------------------------------------------------------
+Fri Jan 31 11:53:40 UTC 2020 - Michal Suchanek <msuchanek@suse.com>
+
+- Update to upstream version 1.3.0
+- copy tpm device permission handling udev rule from tpm2-0-tss
+- depend on user(tss) (boo#1162360).
+
+-------------------------------------------------------------------
+Sat Aug 24 04:36:04 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
+
+- Disable static libs (standard openSUSE behavior)
+
+-------------------------------------------------------------------
+Wed Aug 14 08:21:58 UTC 2019 - Michal Suchanek <msuchanek@suse.de>
+
+- Remove installed .cvsignore file
+- Don't create already created directory
+
+-------------------------------------------------------------------
+Fri Aug  9 15:52:02 UTC 2019 - Michal Suchanek <msuchanek@suse.com>
+
+- Don't install duplicate headers
+
+-------------------------------------------------------------------
+Mon Jul  8 09:59:35 UTC 2019 - Michal Suchanek <msuchanek@suse.com>
+
+- Remove .la files
+
+-------------------------------------------------------------------
+Thu Jul  4 16:51:35 UTC 2019 - Michal Suchanek <msuchanek@suse.de>
+
+- Update to v1047 (FATE#327307, jsc#SLE-6593, jsc#SLE-9179).
+  - now supports autotools
+  - supports library versioning
+  - installs tools with program prefx
+ - remove binary tool wrapper
+ - remove makefile.patch
+
+-------------------------------------------------------------------
+Tue May 22 10:18:35 UTC 2018 - msuchanek@suse.com
+
+- Add post/postun ldconfig call
+
+-------------------------------------------------------------------
+Fri May 18 21:55:16 UTC 2018 - jengelh@inai.de
+
+- Fix RPM groups
+
+-------------------------------------------------------------------
+Thu May 17 13:12:22 UTC 2018 - msuchanek@suse.com
+
+- Split off library, spec-clean (bsc#1093612)
+
+-------------------------------------------------------------------
+Thu Jan 18 08:34:51 UTC 2018 - msuchanek@suse.com
+
+- Enable test on BE
+
+-------------------------------------------------------------------
+Wed Nov  8 15:35:53 UTC 2017 - msuchanek@suse.com
+
+- Update to upstream version 1045 - works with OpenSSL 1.1 (bsc#1066914)
+
+-------------------------------------------------------------------
+Thu Mar  2 12:28:23 UTC 2017 - msuchanek@suse.com
+
+- fix description of -devel package
+
+-------------------------------------------------------------------
+Wed Mar  1 17:06:55 UTC 2017 - meissner@suse.com
+
+- update to v755 (FATE#321601)
+  - This is the version prefered by IBM.
+
+-------------------------------------------------------------------
+Wed Feb  8 09:33:13 UTC 2017 - jengelh@inai.de
+
+- Wrap description and spell out TSS.
+- Move package description up before any build recipes,
+  this is the more usual layout.
+- Drop unusable "return" command; %build already executes with
+  sh -e.
+
+-------------------------------------------------------------------
+Fri Jan 27 11:44:04 UTC 2017 - msuchanek@suse.com
+
+- Import v713 (FATE#321601)
+- Move to libdir and add wrapper script.
+- repack source without makefile-beam which has incompatible
+  license and is not used in build anyway
--- a/ibmtss.spec
+++ b/ibmtss.spec
@ -0,0 +1,130 @@
+#
+# spec file for package ibmtss
+#
+# Copyright (c) 2024 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+%define libversion 2
+%define libname libibmtss
+%define libpkgname %{libname}%{libversion}
+
+Name:           ibmtss
+Version:        2.4.0
+Release:        0
+Summary:        IBM's TPM 2.0 TSS
+License:        BSD-3-Clause
+Group:          Productivity/Security
+URL:            https://github.com/kgoldman/ibmtss
+Source:         https://github.com/kgoldman/ibmtss/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
+Source1:        90-tpm-ibmtss.rules
+Patch1:         ibmtss-configure.ac-Do-not-disable-optimization-for-debug-b.patch
+Patch2:         tss-Commit-changelog-and-autotools-version-update.patch
+Patch3:         utils-Update-.so-version-to-2.4.patch
+Patch4:         ibmtss-2.4.0-fix-FTBFS-2026.patch
+BuildRequires:  autoconf
+BuildRequires:  automake
+BuildRequires:  ibmswtpm2
+BuildRequires:  libopenssl-devel
+BuildRequires:  libtool
+
+%description
+This is a user space TCG Software Stack (TSS) for TPM 2.0. It
+implements the functionality equivalent to the TCG TSS working
+group's planned ESAPI, SAPI, and TCTI APIs.
+
+It comes with over 100 "TPM tools" that can be used for scripted
+apps, rapid prototyping, education, and debugging.
+
+%package -n %{libpkgname}
+Summary:        Shared library for IBM's TPM 2.0 TSS
+Group:          System/Libraries
+Recommends:     %{name}-base = %{version}
+
+%description -n %{libpkgname}
+Shared library for IBM's TPM 2.0 TSS tools
+
+%package base
+Summary:        IBM's TPM 2.0 TSS shared files
+Group:          Productivity/Security
+BuildArch:      noarch
+Requires(post): user(tss)
+
+%description base
+Includes IBM's TPM 2.0 TSS certificates and policy files.
+
+%package devel
+Summary:        IBM's TPM 2.0 TSS headers
+Group:          Development/Libraries/C and C++
+Requires:       %{libpkgname} = %{version}
+Requires:       %{name} = %{version}
+
+%description devel
+Includes IBM's TPM 2.0 TSS C header files
+
+%prep
+%autosetup -p1
+
+%build
+autoreconf -ifv
+%configure --enable-debug --disable-static
+cd utils
+sed -i -e "s|/home/kgold/tss2/utils|$PWD|" certificates/rootcerts.txt
+%{_libexecdir}/%{name}/tpm_server & tpm_server="$!"
+export CCFLAGS="%{optflags}"
+export LNAFLAGS="-Wl,-rpath,%{_libdir}"
+%{make_build}
+testfailed=0
+TPM_INTERFACE_TYPE=socsim LD_LIBRARY_PATH=.libs ./reg.sh -a || testfailed=$?
+kill "$tpm_server" || :
+[ "$testfailed" -eq 0 ]
+sed -i -e "s|$PWD|%{_datadir}/%{name}|" certificates/rootcerts.txt
+
+%install
+install -m 644 -D -t %{buildroot}%{_prefix}/lib/udev/rules.d/ %{SOURCE1}
+cd utils
+%make_install
+
+mkdir -p %{buildroot}/%{_datadir}/%{name}
+cp -a policies certificates %{buildroot}/%{_datadir}/%{name}
+
+find %{buildroot} -type f -name "*.la" -delete -print
+find %{buildroot} -name .cvsignore | xargs rm -v
+
+%post base
+%_bindir/udevadm trigger -s tpm -s tpmrm || :
+%post   -n %{libpkgname} -p /sbin/ldconfig
+%postun -n %{libpkgname} -p /sbin/ldconfig
+
+%files
+%license LICENSE
+%doc ibmtss.html ibmtss.docx README
+%{_bindir}/tss*
+%{_mandir}/man1/tss*.1%{?ext_man}
+
+%files -n %{libpkgname}
+%{_libdir}/%{libname}*.so.%{version}
+%{_libdir}/%{libname}*.so.%{libversion}
+
+%files base
+%license LICENSE
+%{_datadir}/%{name}
+%{_prefix}/lib/udev/rules.d/*
+
+%files devel
+%license LICENSE
+%{_includedir}/%{name}
+%{_libdir}/%{libname}*.so
+
+%changelog
--- a/ibmtss2.1.1.tar.gz
+++ b/ibmtss2.1.1.tar.gz
--- a/tss-Commit-changelog-and-autotools-version-update.patch
+++ b/tss-Commit-changelog-and-autotools-version-update.patch
@ -0,0 +1,69 @@
+From 851bdd1ba8f5bda7f739161ec8db27f3df383751 Mon Sep 17 00:00:00 2001
+From: Ken Goldman <kgold@linux.ibm.com>
+Date: Mon, 14 Oct 2024 14:05:24 -0400
+Subject: [PATCH] tss: Commit changelog and autotools version update
+
+Signed-off-by: Ken Goldman <kgold@linux.ibm.com>
+---
+ ChangeLog    | 12 ++++++++++++
+ configure.ac |  6 +++---
+ tss2.spec    |  2 +-
+ 3 files changed, 16 insertions(+), 4 deletions(-)
+
+diff --git a/ChangeLog b/ChangeLog
+index b2433926fa3e..024eda389b88 100644
+--- a/ChangeLog
+++ b/ChangeLog
+@@ -1,3 +1,15 @@
+----------------
+Changes in 2.4.0
+----------------
+
+Add support for SHA-256, SHA-384, and SHA-512 IMA event logs. Add
+local command line support and update the API to support
+attestation. Add known value test to event regression tests. Change
+the -ty switch to -ealg for event log angorithms.
+
+Add support for EK intermediate certificates in the IWG standard
+locations.
+
+ ----------------
+ Changes in 2.3 1
+ ----------------
+diff --git a/configure.ac b/configure.ac
+index 081bc19528e0..30e9254b339a 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -3,13 +3,13 @@
+ 
+ # Set package release version"
+ # After committing set git tag version.
+-AC_INIT(ibmtss, 2.3.1, kgold@linux.ibm.com)
+AC_INIT(ibmtss, 2.4.0, kgold@linux.ibm.com)
+ AC_PREREQ([2.63])
+ 
+ # Convert major.minor.micro to libtool versioning (current-revision-age)
+ TSSLIB_VER_MAJOR=2
+-TSSLIB_VER_MINOR=3
+-TSSLIB_VER_MICRO=1
+TSSLIB_VER_MINOR=4
+TSSLIB_VER_MICRO=0
+ TSSLIB_VERSION_INFO=`expr $TSSLIB_VER_MAJOR + $TSSLIB_VER_MINOR`:$TSSLIB_VER_MICRO:$TSSLIB_VER_MINOR
+ AC_SUBST([TSSLIB_VERSION_INFO], [$TSSLIB_VERSION_INFO])
+ 
+diff --git a/tss2.spec b/tss2.spec
+index e32583d69b11..68c2047f96f5 100644
+--- a/tss2.spec
+++ b/tss2.spec
+@@ -7,7 +7,7 @@
+ 
+ Name:           tss2
+ # this is the release of the TSS library
+-Version:        2.3.2
+Version:        2.4.0
+ # this is the release of the fedora package, goes back to 1 when version changes
+ Release:        1%{?dist}
+ Epoch:          1
+-- 
+2.46.1
+
--- a/utils-Update-.so-version-to-2.4.patch
+++ b/utils-Update-.so-version-to-2.4.patch
@ -0,0 +1,104 @@
+From 7cd742915823c0e18439c207018292c46deef513 Mon Sep 17 00:00:00 2001
+From: Ken Goldman <kgold@linux.ibm.com>
+Date: Thu, 17 Oct 2024 16:41:36 -0400
+Subject: [PATCH] utils: Update .so version to 2.4
+
+Signed-off-by: Ken Goldman <kgold@linux.ibm.com>
+---
+ utils/makefile.nofile | 4 ++--
+ utils/makefiletpm12   | 4 ++--
+ utils/makefiletpm20   | 4 ++--
+ utils/makefiletpmc    | 4 ++--
+ 4 files changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/utils/makefile.nofile b/utils/makefile.nofile
+index 860ab6f019db..f67581cd9f8b 100644
+--- a/utils/makefile.nofile
+++ b/utils/makefile.nofile
+@@ -90,7 +90,7 @@ LNAFLAGS += -pie -Wl,-z,now -Wl,-rpath,.
+ LNALIBS +=  -libmtssutils -libmtssmin
+ 
+ # versioned shared library
+-LIBTSSVERSIONED=libibmtssmin.so.2.1
+LIBTSSVERSIONED=libibmtssmin.so.2.4
+ 
+ # soname field of the shared library
+ # which will be made symbolic link to the versioned shared library
+@@ -109,7 +109,7 @@ endif
+ 
+ # TSS utilities shared library
+ 
+-LIBTSSUTILSVERSIONED=libibmtssutils.so.2.1
+LIBTSSUTILSVERSIONED=libibmtssutils.so.2.4
+ LIBTSSUTILSSONAME=libibmtssutils.so.2
+ LIBTSSUTILS=libibmtssutils.so
+ 
+diff --git a/utils/makefiletpm12 b/utils/makefiletpm12
+index 9a115cbd3003..cae10cbec301 100644
+--- a/utils/makefiletpm12
+++ b/utils/makefiletpm12
+@@ -103,7 +103,7 @@ LNALIBS +=  -libmtss
+ # shared library
+ 
+ # versioned shared library
+-LIBTSSVERSIONED=libibmtss.so.2.1
+LIBTSSVERSIONED=libibmtss.so.2.4
+ 
+ # soname field of the shared library
+ # which will be made symbolic link to the versioned shared library
+@@ -122,7 +122,7 @@ endif
+ 
+ # TSS utilities shared library
+ 
+-LIBTSSUTILSVERSIONED=libibmtssutils.so.2.1
+LIBTSSUTILSVERSIONED=libibmtssutils.so.2.4
+ LIBTSSUTILSSONAME=libibmtssutils.so.2
+ LIBTSSUTILS=libibmtssutils.so
+ 
+diff --git a/utils/makefiletpm20 b/utils/makefiletpm20
+index f6e55a9e822f..88e9343b76e8 100644
+--- a/utils/makefiletpm20
+++ b/utils/makefiletpm20
+@@ -140,7 +140,7 @@ LNALIBS +=  -libmtssutils -libmtss
+ # shared library
+ 
+ # versioned shared library
+-LIBTSSVERSIONED=libibmtss.so.2.3
+LIBTSSVERSIONED=libibmtss.so.2.4
+ 
+ # soname field of the shared library
+ # which will be made symbolic link to the versioned shared library
+@@ -159,7 +159,7 @@ endif
+ 
+ # TSS utilities shared library
+ 
+-LIBTSSUTILSVERSIONED=libibmtssutils.so.2.3
+LIBTSSUTILSVERSIONED=libibmtssutils.so.2.4
+ LIBTSSUTILSSONAME=libibmtssutils.so.2
+ LIBTSSUTILS=libibmtssutils.so
+ 
+diff --git a/utils/makefiletpmc b/utils/makefiletpmc
+index d2558f33b16b..00748b174bd4 100644
+--- a/utils/makefiletpmc
+++ b/utils/makefiletpmc
+@@ -108,7 +108,7 @@ LNALIBS +=  -libmtssutils -libmtss
+ # shared library
+ 
+ # versioned shared library
+-LIBTSSVERSIONED=libibmtss.so.2.3
+LIBTSSVERSIONED=libibmtss.so.2.4
+ 
+ # soname field of the shared library
+ # which will be made symbolic link to the versioned shared library
+@@ -127,7 +127,7 @@ endif
+ 
+ # TSS utilities shared library
+ 
+-LIBTSSUTILSVERSIONED=libibmtssutils.so.2.3
+LIBTSSUTILSVERSIONED=libibmtssutils.so.2.4
+ LIBTSSUTILSSONAME=libibmtssutils.so.2
+ LIBTSSUTILS=libibmtssutils.so
+ 
+-- 
+2.46.1
+