2016-02-24 11:20:32 +01:00
|
|
|
#
|
2016-04-08 11:42:06 +02:00
|
|
|
# spec file for package tpm2-0-tss
|
2016-02-24 11:20:32 +01:00
|
|
|
#
|
2024-05-03 16:16:18 +02:00
|
|
|
# Copyright (c) 2024 SUSE LLC
|
2016-02-24 11:20:32 +01:00
|
|
|
#
|
|
|
|
|
# All modifications and additions to the file contributed by third parties
|
|
|
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
|
|
|
# upon. The license for this file, and modifications and additions to the
|
|
|
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
|
|
|
# license for the pristine package is not an Open Source License, in which
|
|
|
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
|
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
|
|
|
# published by the Open Source Initiative.
|
|
|
|
|
|
2019-08-23 14:08:26 +02:00
|
|
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
2016-02-24 11:20:32 +01:00
|
|
|
#
|
|
|
|
|
|
|
|
|
|
|
2016-02-24 11:22:48 +01:00
|
|
|
Name: tpm2-0-tss
|
2024-05-03 16:16:18 +02:00
|
|
|
Version: 4.1.0
|
2016-02-24 11:20:32 +01:00
|
|
|
Release: 0
|
2017-08-03 10:12:52 +02:00
|
|
|
Summary: Intel's TCG Software Stack access libraries for TPM 2.0 chips
|
2016-03-24 18:38:07 +01:00
|
|
|
License: BSD-2-Clause
|
2016-02-24 11:20:32 +01:00
|
|
|
Group: Productivity/Security
|
2020-01-27 09:58:42 +01:00
|
|
|
URL: https://github.com/tpm2-software/tpm2-tss
|
2018-09-26 17:42:09 +02:00
|
|
|
Source0: https://github.com/tpm2-software/tpm2-tss/releases/download/%{version}/tpm2-tss-%{version}.tar.gz
|
2022-07-08 14:20:43 +02:00
|
|
|
Source1: https://github.com/tpm2-software/tpm2-tss/releases/download/%{version}/tpm2-tss-%{version}.tar.gz.asc
|
Accepting request 1066192 from home:aplanas:branches:security
- Drop 0001-tss2_rc-ensure-layer-number-is-in-bounds.patch as was
already merged upstream
- Update to 4.0.1
+ Fixed:
* A buffer overflow in tss2-rc as CVE-2023-22745.
- Update to 4.0.0
+ Fixed:
* tcti-ldr: Use heap instead of stack when tcti initialize
* Fix usage of NULL pointer if Esys_TR_SetAuth is calles with
ESYS_TR_NONE.
* Conditionally check user/group manipulation commands.
* Store VERSION into the release tarball.
* When using DESTDIR for make einstall, do not invoke
systemd-sysusers and systemd-tmpfiles.
* esys_iutil: fix possible NPD.
* Tss2_Sys_Flushcontext: flushHandle was encoded as a handleArea
handle and not as parameter one, this affected the contents of
cpHash.
* esys: fix allow usage of HMAC sessions for
Esys_TR_FromTPMPublic.
* fapi: fix usage of policy_nv with a TPM nv index.
* linking tcti for libtpms against tss2-tctildr. It should be
linked against tss2-mu.
* build: Remove erroneous trailing comma in linker option. Bug
#2391.
* fapi: fix encoding of complex tpm2bs in authorize nv,
duplication select and policy template policies. Now the complex
and TPMT or TPMS representations can be used. Bug #2383
* The error message for unsupported FAPI curves was in hex without
a leading 0x, make it integer output to clarify.
* Documentation that had various scalar out pointers as "callee
allocated".
* test: build with opaque FILE structure like in musl libc.
* Transient endorsement keys were not recreated according to the
EK credential profile.
* Evict control for a persistent EK failed during provisioning if
an auth value for the storage hierarchy was set.
* The authorization of the storage hierarchy is now added. Fixes
FAPI: Provisioning error if an auth value is needed for the
storage hierarchy #2438.
* Usage of a second profile in a path was not possible because the
default profile was always used.
* The setting of an empty auth value for Fapi_Provision was fixed.
* JSON encoding of a structure TPMS_POLICYAUTHORIZATION used the
field keyPEMhashAlg instead of hashAlg as defined in "TCG TSS
2.0 JSON Data Types and Policy Language Specification". Rename
to hashAlg but preserve support for reading keyPEMhashAlg for
backwards compatibility.
* fapi: PolicySecret did not work with keys as secret object.
* Esys_PCR_SetAuthValue: remembers the auth like other SetAutg
ESAPI functions.
* tests: esys-pcr-auth-value.int moved to destructive tests.
* FAPI: Fix double free if keystore is corrupted.
* Marshaling of TPMU_CAPABILITIES data, only field
intelPttProperty was broken before.a
* Spec deviation in Fapi_GetDescription caused description to be
NULL when it should be empty string. This is API breaking but
considered a bug since it deviated from the FAPI spec.
* FAPI: undefined reference to curl_url_strerror when using curl
less than 7.80.0.
* FAPI: Fixed support for EK templates in NV inidices per the
spec, see #2518 for details.
* FAPI: fix NPD in ifapi_curl logging.
* FAPI: Improve documentation fapi-profile
* FAPI: Fix CURL HTTP handling.
* FAPI: Return FAPI_RC_IO_ERROR if a policy does not exist in
keystore.
+ Added:
* TPM version 1.59 support.
* ci: ubuntu-22.04 added.
* mbedTLS 3.0 is supported by ESAPI.
* Add CreationHash to JSON output for usage between applications
not using the FAPI keystore, like command line tools.
* Reduced code size for SAPI.
* Support for Runtime Switchable ESAPI Crypto Backend via
Esys_SetCryptoCallbacks.
* Testing for TCG EK Credential Profile TPM 2.0, Version 2.4
Rev. 3, 2021 for the low and high address range of EK templates.
* tss2-rc: Tss2_RC_DecodeInfo function for parsing TSS2_RC into
the various bit fields.
* FAPI support for P_ECC384 profile.
* tss2-rc: Tss2_RC_DecodeInfoError: Function to get a human
readable error from a TSS2_RC_INFO returned by
Tss2_RC_DecodeInfo
* tcti: Generic SPI driver, implementors only need to connect to
acquire/release, transmit/receive, and sleep/timeout functions.
* FAPI: Add event logging for Firmware and IMA Events. See #2170
for details.
* FAPI: Fix Fapi_ChangeAuth updates on hierarchy objects not being
reflected across profiles.
* FAPI: Allow keyedhash keys in PolicySigned.
* ESAPI: Support sha512 for mbedtls crypto backend.
* TPM2B_MAX_CAP_BUFFER and mu routines
* vendor field to TPMU_CAPABILTIIES
* FAPI: support for PolicyTemplate
+ Changed
* libmu soname from 0:0:0 to 0:1:0.
* tss2-sys soname from 1:0:0 to 1:1:0
* tss2-esys: from 0:0:0 to 0:1:0
* FAPI ignores vendor properties on Fapi_GetInfo
* FAPI Event Logging JSON format, See #2170 for details.
+ Removed
* Dead struct TPMS_ALGORITHM_DESCRIPTION
* Dead field intelPttProperty from TPMU_CAPABILITIES
* Dead code Tss2_MU_TPMS_ALGORITHM_DESCRIPTION_Marshal
* Dead code Tss2_MU_TPMS_ALGORITHM_DESCRIPTION_Unmarshal
OBS-URL: https://build.opensuse.org/request/show/1066192
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=126
2023-02-16 16:00:57 +01:00
|
|
|
# curl https://github.com/williamcroberts.gpg > tpm2-tss.keyring
|
2022-07-08 14:20:43 +02:00
|
|
|
Source2: tpm2-tss.keyring
|
|
|
|
|
Source3: baselibs.conf
|
2021-12-08 10:29:33 +01:00
|
|
|
BuildRequires: /usr/sbin/groupadd
|
|
|
|
|
BuildRequires: acl
|
2019-03-06 11:09:35 +01:00
|
|
|
BuildRequires: doxygen
|
2016-02-24 14:01:43 +01:00
|
|
|
BuildRequires: gcc-c++
|
2018-06-29 16:14:43 +02:00
|
|
|
BuildRequires: libgcrypt-devel
|
2021-12-08 10:29:33 +01:00
|
|
|
BuildRequires: pkgconfig
|
2021-07-15 13:15:44 +02:00
|
|
|
BuildRequires: pkgconfig(json-c)
|
2021-12-08 10:29:33 +01:00
|
|
|
BuildRequires: pkgconfig(libcurl)
|
2023-07-24 11:27:24 +02:00
|
|
|
BuildRequires: pkgconfig(libopenssl) >= 3
|
2020-01-27 09:58:42 +01:00
|
|
|
BuildRequires: pkgconfig(udev)
|
Accepting request 1066192 from home:aplanas:branches:security
- Drop 0001-tss2_rc-ensure-layer-number-is-in-bounds.patch as was
already merged upstream
- Update to 4.0.1
+ Fixed:
* A buffer overflow in tss2-rc as CVE-2023-22745.
- Update to 4.0.0
+ Fixed:
* tcti-ldr: Use heap instead of stack when tcti initialize
* Fix usage of NULL pointer if Esys_TR_SetAuth is calles with
ESYS_TR_NONE.
* Conditionally check user/group manipulation commands.
* Store VERSION into the release tarball.
* When using DESTDIR for make einstall, do not invoke
systemd-sysusers and systemd-tmpfiles.
* esys_iutil: fix possible NPD.
* Tss2_Sys_Flushcontext: flushHandle was encoded as a handleArea
handle and not as parameter one, this affected the contents of
cpHash.
* esys: fix allow usage of HMAC sessions for
Esys_TR_FromTPMPublic.
* fapi: fix usage of policy_nv with a TPM nv index.
* linking tcti for libtpms against tss2-tctildr. It should be
linked against tss2-mu.
* build: Remove erroneous trailing comma in linker option. Bug
#2391.
* fapi: fix encoding of complex tpm2bs in authorize nv,
duplication select and policy template policies. Now the complex
and TPMT or TPMS representations can be used. Bug #2383
* The error message for unsupported FAPI curves was in hex without
a leading 0x, make it integer output to clarify.
* Documentation that had various scalar out pointers as "callee
allocated".
* test: build with opaque FILE structure like in musl libc.
* Transient endorsement keys were not recreated according to the
EK credential profile.
* Evict control for a persistent EK failed during provisioning if
an auth value for the storage hierarchy was set.
* The authorization of the storage hierarchy is now added. Fixes
FAPI: Provisioning error if an auth value is needed for the
storage hierarchy #2438.
* Usage of a second profile in a path was not possible because the
default profile was always used.
* The setting of an empty auth value for Fapi_Provision was fixed.
* JSON encoding of a structure TPMS_POLICYAUTHORIZATION used the
field keyPEMhashAlg instead of hashAlg as defined in "TCG TSS
2.0 JSON Data Types and Policy Language Specification". Rename
to hashAlg but preserve support for reading keyPEMhashAlg for
backwards compatibility.
* fapi: PolicySecret did not work with keys as secret object.
* Esys_PCR_SetAuthValue: remembers the auth like other SetAutg
ESAPI functions.
* tests: esys-pcr-auth-value.int moved to destructive tests.
* FAPI: Fix double free if keystore is corrupted.
* Marshaling of TPMU_CAPABILITIES data, only field
intelPttProperty was broken before.a
* Spec deviation in Fapi_GetDescription caused description to be
NULL when it should be empty string. This is API breaking but
considered a bug since it deviated from the FAPI spec.
* FAPI: undefined reference to curl_url_strerror when using curl
less than 7.80.0.
* FAPI: Fixed support for EK templates in NV inidices per the
spec, see #2518 for details.
* FAPI: fix NPD in ifapi_curl logging.
* FAPI: Improve documentation fapi-profile
* FAPI: Fix CURL HTTP handling.
* FAPI: Return FAPI_RC_IO_ERROR if a policy does not exist in
keystore.
+ Added:
* TPM version 1.59 support.
* ci: ubuntu-22.04 added.
* mbedTLS 3.0 is supported by ESAPI.
* Add CreationHash to JSON output for usage between applications
not using the FAPI keystore, like command line tools.
* Reduced code size for SAPI.
* Support for Runtime Switchable ESAPI Crypto Backend via
Esys_SetCryptoCallbacks.
* Testing for TCG EK Credential Profile TPM 2.0, Version 2.4
Rev. 3, 2021 for the low and high address range of EK templates.
* tss2-rc: Tss2_RC_DecodeInfo function for parsing TSS2_RC into
the various bit fields.
* FAPI support for P_ECC384 profile.
* tss2-rc: Tss2_RC_DecodeInfoError: Function to get a human
readable error from a TSS2_RC_INFO returned by
Tss2_RC_DecodeInfo
* tcti: Generic SPI driver, implementors only need to connect to
acquire/release, transmit/receive, and sleep/timeout functions.
* FAPI: Add event logging for Firmware and IMA Events. See #2170
for details.
* FAPI: Fix Fapi_ChangeAuth updates on hierarchy objects not being
reflected across profiles.
* FAPI: Allow keyedhash keys in PolicySigned.
* ESAPI: Support sha512 for mbedtls crypto backend.
* TPM2B_MAX_CAP_BUFFER and mu routines
* vendor field to TPMU_CAPABILTIIES
* FAPI: support for PolicyTemplate
+ Changed
* libmu soname from 0:0:0 to 0:1:0.
* tss2-sys soname from 1:0:0 to 1:1:0
* tss2-esys: from 0:0:0 to 0:1:0
* FAPI ignores vendor properties on Fapi_GetInfo
* FAPI Event Logging JSON format, See #2170 for details.
+ Removed
* Dead struct TPMS_ALGORITHM_DESCRIPTION
* Dead field intelPttProperty from TPMU_CAPABILITIES
* Dead code Tss2_MU_TPMS_ALGORITHM_DESCRIPTION_Marshal
* Dead code Tss2_MU_TPMS_ALGORITHM_DESCRIPTION_Unmarshal
OBS-URL: https://build.opensuse.org/request/show/1066192
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=126
2023-02-16 16:00:57 +01:00
|
|
|
BuildRequires: pkgconfig(uuid)
|
2020-01-31 15:16:21 +01:00
|
|
|
# The same user is employed by trousers (and was employed by the old
|
|
|
|
|
# resourcemgr shipped with the tpm2-0-tss package):
|
|
|
|
|
#
|
|
|
|
|
# trousers just needs those accounts for dropping privileges to. The service
|
|
|
|
|
# starts as root and uses set*id to drop to tss, after the tpm device has been
|
|
|
|
|
# opened.
|
|
|
|
|
#
|
|
|
|
|
# tpm2-abrmd has no set*id handling and thus requires /dev/tpm to be owned
|
|
|
|
|
# by the tss user. Therefore we also need to install a udev rule file.
|
|
|
|
|
#
|
|
|
|
|
# trousers was here first and created the user like this, also giving it a
|
|
|
|
|
# home in /var/lib/tpm. I don't think the home directory is used by either of
|
|
|
|
|
# the packages ATM. Trousers is keeping state there, but the directory is
|
|
|
|
|
# owned by root and files are opened before dropping privileges. The passwd
|
|
|
|
|
# entry seems not to be evaluated.
|
2021-07-15 13:15:44 +02:00
|
|
|
Requires(pre): user(tss)
|
2016-02-24 11:20:32 +01:00
|
|
|
|
|
|
|
|
%description
|
2017-05-11 17:15:35 +02:00
|
|
|
The tpm2-0-tss package provides a TPM 2.0 TSS implementation. This
|
2017-08-03 10:12:52 +02:00
|
|
|
implementation is developed by INTEL. This package contains the libraries,
|
|
|
|
|
see the tpm2.0-abrmd package for the resource manager daemon, tpm2.0-tools for
|
|
|
|
|
utilities.
|
2016-02-24 11:20:32 +01:00
|
|
|
|
|
|
|
|
%package devel
|
2017-02-18 12:42:59 +01:00
|
|
|
Summary: Development headers for the Intel TSS library for TPM 2.0 chips
|
2016-02-24 11:20:32 +01:00
|
|
|
Group: Development/Libraries/C and C++
|
|
|
|
|
Requires: glibc-devel
|
2018-06-29 16:14:43 +02:00
|
|
|
Requires: libtss2-esys0 = %{version}
|
2020-10-22 12:27:22 +02:00
|
|
|
Requires: libtss2-fapi1 = %{version}
|
2018-06-29 16:14:43 +02:00
|
|
|
Requires: libtss2-mu0 = %{version}
|
Accepting request 1066192 from home:aplanas:branches:security
- Drop 0001-tss2_rc-ensure-layer-number-is-in-bounds.patch as was
already merged upstream
- Update to 4.0.1
+ Fixed:
* A buffer overflow in tss2-rc as CVE-2023-22745.
- Update to 4.0.0
+ Fixed:
* tcti-ldr: Use heap instead of stack when tcti initialize
* Fix usage of NULL pointer if Esys_TR_SetAuth is calles with
ESYS_TR_NONE.
* Conditionally check user/group manipulation commands.
* Store VERSION into the release tarball.
* When using DESTDIR for make einstall, do not invoke
systemd-sysusers and systemd-tmpfiles.
* esys_iutil: fix possible NPD.
* Tss2_Sys_Flushcontext: flushHandle was encoded as a handleArea
handle and not as parameter one, this affected the contents of
cpHash.
* esys: fix allow usage of HMAC sessions for
Esys_TR_FromTPMPublic.
* fapi: fix usage of policy_nv with a TPM nv index.
* linking tcti for libtpms against tss2-tctildr. It should be
linked against tss2-mu.
* build: Remove erroneous trailing comma in linker option. Bug
#2391.
* fapi: fix encoding of complex tpm2bs in authorize nv,
duplication select and policy template policies. Now the complex
and TPMT or TPMS representations can be used. Bug #2383
* The error message for unsupported FAPI curves was in hex without
a leading 0x, make it integer output to clarify.
* Documentation that had various scalar out pointers as "callee
allocated".
* test: build with opaque FILE structure like in musl libc.
* Transient endorsement keys were not recreated according to the
EK credential profile.
* Evict control for a persistent EK failed during provisioning if
an auth value for the storage hierarchy was set.
* The authorization of the storage hierarchy is now added. Fixes
FAPI: Provisioning error if an auth value is needed for the
storage hierarchy #2438.
* Usage of a second profile in a path was not possible because the
default profile was always used.
* The setting of an empty auth value for Fapi_Provision was fixed.
* JSON encoding of a structure TPMS_POLICYAUTHORIZATION used the
field keyPEMhashAlg instead of hashAlg as defined in "TCG TSS
2.0 JSON Data Types and Policy Language Specification". Rename
to hashAlg but preserve support for reading keyPEMhashAlg for
backwards compatibility.
* fapi: PolicySecret did not work with keys as secret object.
* Esys_PCR_SetAuthValue: remembers the auth like other SetAutg
ESAPI functions.
* tests: esys-pcr-auth-value.int moved to destructive tests.
* FAPI: Fix double free if keystore is corrupted.
* Marshaling of TPMU_CAPABILITIES data, only field
intelPttProperty was broken before.a
* Spec deviation in Fapi_GetDescription caused description to be
NULL when it should be empty string. This is API breaking but
considered a bug since it deviated from the FAPI spec.
* FAPI: undefined reference to curl_url_strerror when using curl
less than 7.80.0.
* FAPI: Fixed support for EK templates in NV inidices per the
spec, see #2518 for details.
* FAPI: fix NPD in ifapi_curl logging.
* FAPI: Improve documentation fapi-profile
* FAPI: Fix CURL HTTP handling.
* FAPI: Return FAPI_RC_IO_ERROR if a policy does not exist in
keystore.
+ Added:
* TPM version 1.59 support.
* ci: ubuntu-22.04 added.
* mbedTLS 3.0 is supported by ESAPI.
* Add CreationHash to JSON output for usage between applications
not using the FAPI keystore, like command line tools.
* Reduced code size for SAPI.
* Support for Runtime Switchable ESAPI Crypto Backend via
Esys_SetCryptoCallbacks.
* Testing for TCG EK Credential Profile TPM 2.0, Version 2.4
Rev. 3, 2021 for the low and high address range of EK templates.
* tss2-rc: Tss2_RC_DecodeInfo function for parsing TSS2_RC into
the various bit fields.
* FAPI support for P_ECC384 profile.
* tss2-rc: Tss2_RC_DecodeInfoError: Function to get a human
readable error from a TSS2_RC_INFO returned by
Tss2_RC_DecodeInfo
* tcti: Generic SPI driver, implementors only need to connect to
acquire/release, transmit/receive, and sleep/timeout functions.
* FAPI: Add event logging for Firmware and IMA Events. See #2170
for details.
* FAPI: Fix Fapi_ChangeAuth updates on hierarchy objects not being
reflected across profiles.
* FAPI: Allow keyedhash keys in PolicySigned.
* ESAPI: Support sha512 for mbedtls crypto backend.
* TPM2B_MAX_CAP_BUFFER and mu routines
* vendor field to TPMU_CAPABILTIIES
* FAPI: support for PolicyTemplate
+ Changed
* libmu soname from 0:0:0 to 0:1:0.
* tss2-sys soname from 1:0:0 to 1:1:0
* tss2-esys: from 0:0:0 to 0:1:0
* FAPI ignores vendor properties on Fapi_GetInfo
* FAPI Event Logging JSON format, See #2170 for details.
+ Removed
* Dead struct TPMS_ALGORITHM_DESCRIPTION
* Dead field intelPttProperty from TPMU_CAPABILITIES
* Dead code Tss2_MU_TPMS_ALGORITHM_DESCRIPTION_Marshal
* Dead code Tss2_MU_TPMS_ALGORITHM_DESCRIPTION_Unmarshal
OBS-URL: https://build.opensuse.org/request/show/1066192
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=126
2023-02-16 16:00:57 +01:00
|
|
|
Requires: libtss2-policy0 = %{version}
|
2019-12-11 12:27:31 +01:00
|
|
|
Requires: libtss2-rc0 = %{version}
|
2020-10-22 12:27:22 +02:00
|
|
|
Requires: libtss2-sys1 = %{version}
|
|
|
|
|
Requires: libtss2-tcti-cmd0 = %{version}
|
2018-06-29 16:14:43 +02:00
|
|
|
Requires: libtss2-tcti-device0 = %{version}
|
2024-05-03 16:16:18 +02:00
|
|
|
Requires: libtss2-tcti-i2c-helper0 = %{version}
|
2018-06-29 16:14:43 +02:00
|
|
|
Requires: libtss2-tcti-mssim0 = %{version}
|
2021-07-15 13:15:44 +02:00
|
|
|
Requires: libtss2-tcti-pcap0 = %{version}
|
Accepting request 1066192 from home:aplanas:branches:security
- Drop 0001-tss2_rc-ensure-layer-number-is-in-bounds.patch as was
already merged upstream
- Update to 4.0.1
+ Fixed:
* A buffer overflow in tss2-rc as CVE-2023-22745.
- Update to 4.0.0
+ Fixed:
* tcti-ldr: Use heap instead of stack when tcti initialize
* Fix usage of NULL pointer if Esys_TR_SetAuth is calles with
ESYS_TR_NONE.
* Conditionally check user/group manipulation commands.
* Store VERSION into the release tarball.
* When using DESTDIR for make einstall, do not invoke
systemd-sysusers and systemd-tmpfiles.
* esys_iutil: fix possible NPD.
* Tss2_Sys_Flushcontext: flushHandle was encoded as a handleArea
handle and not as parameter one, this affected the contents of
cpHash.
* esys: fix allow usage of HMAC sessions for
Esys_TR_FromTPMPublic.
* fapi: fix usage of policy_nv with a TPM nv index.
* linking tcti for libtpms against tss2-tctildr. It should be
linked against tss2-mu.
* build: Remove erroneous trailing comma in linker option. Bug
#2391.
* fapi: fix encoding of complex tpm2bs in authorize nv,
duplication select and policy template policies. Now the complex
and TPMT or TPMS representations can be used. Bug #2383
* The error message for unsupported FAPI curves was in hex without
a leading 0x, make it integer output to clarify.
* Documentation that had various scalar out pointers as "callee
allocated".
* test: build with opaque FILE structure like in musl libc.
* Transient endorsement keys were not recreated according to the
EK credential profile.
* Evict control for a persistent EK failed during provisioning if
an auth value for the storage hierarchy was set.
* The authorization of the storage hierarchy is now added. Fixes
FAPI: Provisioning error if an auth value is needed for the
storage hierarchy #2438.
* Usage of a second profile in a path was not possible because the
default profile was always used.
* The setting of an empty auth value for Fapi_Provision was fixed.
* JSON encoding of a structure TPMS_POLICYAUTHORIZATION used the
field keyPEMhashAlg instead of hashAlg as defined in "TCG TSS
2.0 JSON Data Types and Policy Language Specification". Rename
to hashAlg but preserve support for reading keyPEMhashAlg for
backwards compatibility.
* fapi: PolicySecret did not work with keys as secret object.
* Esys_PCR_SetAuthValue: remembers the auth like other SetAutg
ESAPI functions.
* tests: esys-pcr-auth-value.int moved to destructive tests.
* FAPI: Fix double free if keystore is corrupted.
* Marshaling of TPMU_CAPABILITIES data, only field
intelPttProperty was broken before.a
* Spec deviation in Fapi_GetDescription caused description to be
NULL when it should be empty string. This is API breaking but
considered a bug since it deviated from the FAPI spec.
* FAPI: undefined reference to curl_url_strerror when using curl
less than 7.80.0.
* FAPI: Fixed support for EK templates in NV inidices per the
spec, see #2518 for details.
* FAPI: fix NPD in ifapi_curl logging.
* FAPI: Improve documentation fapi-profile
* FAPI: Fix CURL HTTP handling.
* FAPI: Return FAPI_RC_IO_ERROR if a policy does not exist in
keystore.
+ Added:
* TPM version 1.59 support.
* ci: ubuntu-22.04 added.
* mbedTLS 3.0 is supported by ESAPI.
* Add CreationHash to JSON output for usage between applications
not using the FAPI keystore, like command line tools.
* Reduced code size for SAPI.
* Support for Runtime Switchable ESAPI Crypto Backend via
Esys_SetCryptoCallbacks.
* Testing for TCG EK Credential Profile TPM 2.0, Version 2.4
Rev. 3, 2021 for the low and high address range of EK templates.
* tss2-rc: Tss2_RC_DecodeInfo function for parsing TSS2_RC into
the various bit fields.
* FAPI support for P_ECC384 profile.
* tss2-rc: Tss2_RC_DecodeInfoError: Function to get a human
readable error from a TSS2_RC_INFO returned by
Tss2_RC_DecodeInfo
* tcti: Generic SPI driver, implementors only need to connect to
acquire/release, transmit/receive, and sleep/timeout functions.
* FAPI: Add event logging for Firmware and IMA Events. See #2170
for details.
* FAPI: Fix Fapi_ChangeAuth updates on hierarchy objects not being
reflected across profiles.
* FAPI: Allow keyedhash keys in PolicySigned.
* ESAPI: Support sha512 for mbedtls crypto backend.
* TPM2B_MAX_CAP_BUFFER and mu routines
* vendor field to TPMU_CAPABILTIIES
* FAPI: support for PolicyTemplate
+ Changed
* libmu soname from 0:0:0 to 0:1:0.
* tss2-sys soname from 1:0:0 to 1:1:0
* tss2-esys: from 0:0:0 to 0:1:0
* FAPI ignores vendor properties on Fapi_GetInfo
* FAPI Event Logging JSON format, See #2170 for details.
+ Removed
* Dead struct TPMS_ALGORITHM_DESCRIPTION
* Dead field intelPttProperty from TPMU_CAPABILITIES
* Dead code Tss2_MU_TPMS_ALGORITHM_DESCRIPTION_Marshal
* Dead code Tss2_MU_TPMS_ALGORITHM_DESCRIPTION_Unmarshal
OBS-URL: https://build.opensuse.org/request/show/1066192
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=126
2023-02-16 16:00:57 +01:00
|
|
|
Requires: libtss2-tcti-spi-helper0 = %{version}
|
2024-05-03 16:16:18 +02:00
|
|
|
Requires: libtss2-tcti-spidev0 = %{version}
|
2021-12-08 10:29:33 +01:00
|
|
|
Requires: libtss2-tcti-swtpm0 = %{version}
|
2019-12-11 12:27:31 +01:00
|
|
|
Requires: libtss2-tctildr0 = %{version}
|
2017-08-03 10:12:52 +02:00
|
|
|
Requires: tpm2-0-tss = %{version}
|
2016-02-24 11:20:32 +01:00
|
|
|
|
|
|
|
|
%description devel
|
2018-06-29 16:14:43 +02:00
|
|
|
This package provides the development files for the tpm2 stack's libraries for
|
|
|
|
|
accessing TPM 2.0 chips.
|
2016-02-24 11:20:32 +01:00
|
|
|
|
2018-06-29 16:14:43 +02:00
|
|
|
%package -n libtss2-esys0
|
|
|
|
|
Summary: TPM2 Enhanced System API (ESAPI)
|
2017-08-03 10:12:52 +02:00
|
|
|
Group: System/Libraries
|
2016-02-24 11:20:32 +01:00
|
|
|
|
2018-06-29 16:14:43 +02:00
|
|
|
%description -n libtss2-esys0
|
|
|
|
|
This API is a 1-to-1 mapping of the TPM2 commands documented in Part 3 of the
|
|
|
|
|
TPM2 specification. Additionally there are asynchronous versions of each
|
|
|
|
|
command. In addition to SAPI, the ESAPI performs tracking of meta data for
|
|
|
|
|
TPM object and automatic calculation of session based authorization and
|
|
|
|
|
encryption values. Both the synchronous and asynchronous API are exposed
|
|
|
|
|
through this library.
|
2016-02-24 11:20:32 +01:00
|
|
|
|
2020-10-22 12:27:22 +02:00
|
|
|
%package -n libtss2-sys1
|
2018-06-29 16:14:43 +02:00
|
|
|
Summary: TPM2 System API (SAPI)
|
2017-02-18 12:42:59 +01:00
|
|
|
Group: System/Libraries
|
|
|
|
|
|
2020-10-22 12:27:22 +02:00
|
|
|
%description -n libtss2-sys1
|
2018-06-29 16:14:43 +02:00
|
|
|
System API (SAPI) as described in the system level API and TPM command
|
|
|
|
|
transmission interface specification. This API is a 1-to-1 mapping of the TPM2
|
|
|
|
|
commands documented in Part 3 of the TPM2 specification. Additionally there
|
|
|
|
|
are asynchronous versions of each command. These asynchronous variants may be
|
|
|
|
|
useful for integration into event-driven programming environments. Both the
|
|
|
|
|
synchronous and asynchronous API are exposed through this library.
|
2017-02-18 12:42:59 +01:00
|
|
|
|
2018-06-29 16:14:43 +02:00
|
|
|
%package -n libtss2-mu0
|
|
|
|
|
Summary: TPM2 marshaling/unmarshaling library
|
2017-02-18 12:42:59 +01:00
|
|
|
Group: System/Libraries
|
|
|
|
|
|
2018-06-29 16:14:43 +02:00
|
|
|
%description -n libtss2-mu0
|
|
|
|
|
Marshaling/Unmarshaling (MU) as described in the TCG TSS 2.0
|
|
|
|
|
Marshaling/Unmarshaling API Specification. This API provides a set of
|
|
|
|
|
marshaling and unmarshaling functions for all data types defined by the TPM
|
|
|
|
|
library specification.
|
|
|
|
|
|
2019-12-11 12:27:31 +01:00
|
|
|
%package -n libtss2-rc0
|
|
|
|
|
Summary: TPM2 error code translation library
|
|
|
|
|
Group: System/Libraries
|
|
|
|
|
|
|
|
|
|
%description -n libtss2-rc0
|
|
|
|
|
This library can translate TPM error codes into human readable strings.
|
|
|
|
|
|
|
|
|
|
%package -n libtss2-tctildr0
|
|
|
|
|
Summary: TCTI interface loading library
|
|
|
|
|
Group: System/Libraries
|
|
|
|
|
|
|
|
|
|
%description -n libtss2-tctildr0
|
|
|
|
|
This is a helper library that simplifies loading other tcti libraries. It is
|
|
|
|
|
recommended over custom tcti loading code in applications.
|
|
|
|
|
|
2018-06-29 16:14:43 +02:00
|
|
|
%package -n libtss2-tcti-device0
|
|
|
|
|
Summary: TCTI interface library for using a native TPM device node
|
|
|
|
|
Group: System/Libraries
|
|
|
|
|
|
|
|
|
|
%description -n libtss2-tcti-device0
|
2017-02-18 12:42:59 +01:00
|
|
|
TPM Command Transmission Interface library for communicating with a
|
2018-06-29 16:14:43 +02:00
|
|
|
TPM device node. This provides direct access to the TPM through the Linux
|
|
|
|
|
kernel driver.
|
|
|
|
|
|
2024-05-03 16:16:18 +02:00
|
|
|
%package -n libtss2-tcti-spidev0
|
|
|
|
|
Summary: TCTI interface library for communicating with a SPI attached TPM
|
|
|
|
|
Group: System/Libraries
|
|
|
|
|
|
|
|
|
|
%description -n libtss2-tcti-spidev0
|
|
|
|
|
TPM Command Transmission Interface library for communicating with a
|
|
|
|
|
TPM device node. This provides direct access to the TPM through the Linux
|
|
|
|
|
kernel driver.
|
|
|
|
|
|
2018-06-29 16:14:43 +02:00
|
|
|
%package -n libtss2-tcti-mssim0
|
|
|
|
|
Summary: TCTI interface library for Microsoft software TPM2 simulator
|
|
|
|
|
Group: System/Libraries
|
|
|
|
|
|
|
|
|
|
%description -n libtss2-tcti-mssim0
|
|
|
|
|
TPM Command Transmission Interface library for communicating using the
|
|
|
|
|
protocol exposed by the Microsoft software TPM2 simulator.
|
2017-02-18 12:42:59 +01:00
|
|
|
|
2020-10-22 12:27:22 +02:00
|
|
|
%package -n libtss2-fapi1
|
|
|
|
|
Summary: FAPI interface library
|
|
|
|
|
Group: System/Libraries
|
2024-01-09 09:27:44 +01:00
|
|
|
Requires: libtss2-fapi-common
|
2020-10-22 12:27:22 +02:00
|
|
|
|
|
|
|
|
%description -n libtss2-fapi1
|
2020-10-22 13:43:23 +02:00
|
|
|
This is the tpm2 Feature API (FAPI) library. This API is designed to be very
|
|
|
|
|
high-level API, intended to make programming with the TPM as simple as
|
|
|
|
|
possible.
|
2020-10-22 12:27:22 +02:00
|
|
|
|
2024-01-09 09:27:44 +01:00
|
|
|
%package -n libtss2-fapi-common
|
|
|
|
|
Summary: Common files for FAPI interface library
|
|
|
|
|
Group: System/Libraries
|
|
|
|
|
Provides: libtss2-fapi1:%{_tmpfilesdir}/tpm2-tss-fapi.conf
|
|
|
|
|
Requires: user(tss)
|
|
|
|
|
Requires(pre): user(tss)
|
|
|
|
|
|
|
|
|
|
%description -n libtss2-fapi-common
|
|
|
|
|
Provides files needed by the tpm2 Feature API (FAPI) library
|
|
|
|
|
|
Accepting request 1066192 from home:aplanas:branches:security
- Drop 0001-tss2_rc-ensure-layer-number-is-in-bounds.patch as was
already merged upstream
- Update to 4.0.1
+ Fixed:
* A buffer overflow in tss2-rc as CVE-2023-22745.
- Update to 4.0.0
+ Fixed:
* tcti-ldr: Use heap instead of stack when tcti initialize
* Fix usage of NULL pointer if Esys_TR_SetAuth is calles with
ESYS_TR_NONE.
* Conditionally check user/group manipulation commands.
* Store VERSION into the release tarball.
* When using DESTDIR for make einstall, do not invoke
systemd-sysusers and systemd-tmpfiles.
* esys_iutil: fix possible NPD.
* Tss2_Sys_Flushcontext: flushHandle was encoded as a handleArea
handle and not as parameter one, this affected the contents of
cpHash.
* esys: fix allow usage of HMAC sessions for
Esys_TR_FromTPMPublic.
* fapi: fix usage of policy_nv with a TPM nv index.
* linking tcti for libtpms against tss2-tctildr. It should be
linked against tss2-mu.
* build: Remove erroneous trailing comma in linker option. Bug
#2391.
* fapi: fix encoding of complex tpm2bs in authorize nv,
duplication select and policy template policies. Now the complex
and TPMT or TPMS representations can be used. Bug #2383
* The error message for unsupported FAPI curves was in hex without
a leading 0x, make it integer output to clarify.
* Documentation that had various scalar out pointers as "callee
allocated".
* test: build with opaque FILE structure like in musl libc.
* Transient endorsement keys were not recreated according to the
EK credential profile.
* Evict control for a persistent EK failed during provisioning if
an auth value for the storage hierarchy was set.
* The authorization of the storage hierarchy is now added. Fixes
FAPI: Provisioning error if an auth value is needed for the
storage hierarchy #2438.
* Usage of a second profile in a path was not possible because the
default profile was always used.
* The setting of an empty auth value for Fapi_Provision was fixed.
* JSON encoding of a structure TPMS_POLICYAUTHORIZATION used the
field keyPEMhashAlg instead of hashAlg as defined in "TCG TSS
2.0 JSON Data Types and Policy Language Specification". Rename
to hashAlg but preserve support for reading keyPEMhashAlg for
backwards compatibility.
* fapi: PolicySecret did not work with keys as secret object.
* Esys_PCR_SetAuthValue: remembers the auth like other SetAutg
ESAPI functions.
* tests: esys-pcr-auth-value.int moved to destructive tests.
* FAPI: Fix double free if keystore is corrupted.
* Marshaling of TPMU_CAPABILITIES data, only field
intelPttProperty was broken before.a
* Spec deviation in Fapi_GetDescription caused description to be
NULL when it should be empty string. This is API breaking but
considered a bug since it deviated from the FAPI spec.
* FAPI: undefined reference to curl_url_strerror when using curl
less than 7.80.0.
* FAPI: Fixed support for EK templates in NV inidices per the
spec, see #2518 for details.
* FAPI: fix NPD in ifapi_curl logging.
* FAPI: Improve documentation fapi-profile
* FAPI: Fix CURL HTTP handling.
* FAPI: Return FAPI_RC_IO_ERROR if a policy does not exist in
keystore.
+ Added:
* TPM version 1.59 support.
* ci: ubuntu-22.04 added.
* mbedTLS 3.0 is supported by ESAPI.
* Add CreationHash to JSON output for usage between applications
not using the FAPI keystore, like command line tools.
* Reduced code size for SAPI.
* Support for Runtime Switchable ESAPI Crypto Backend via
Esys_SetCryptoCallbacks.
* Testing for TCG EK Credential Profile TPM 2.0, Version 2.4
Rev. 3, 2021 for the low and high address range of EK templates.
* tss2-rc: Tss2_RC_DecodeInfo function for parsing TSS2_RC into
the various bit fields.
* FAPI support for P_ECC384 profile.
* tss2-rc: Tss2_RC_DecodeInfoError: Function to get a human
readable error from a TSS2_RC_INFO returned by
Tss2_RC_DecodeInfo
* tcti: Generic SPI driver, implementors only need to connect to
acquire/release, transmit/receive, and sleep/timeout functions.
* FAPI: Add event logging for Firmware and IMA Events. See #2170
for details.
* FAPI: Fix Fapi_ChangeAuth updates on hierarchy objects not being
reflected across profiles.
* FAPI: Allow keyedhash keys in PolicySigned.
* ESAPI: Support sha512 for mbedtls crypto backend.
* TPM2B_MAX_CAP_BUFFER and mu routines
* vendor field to TPMU_CAPABILTIIES
* FAPI: support for PolicyTemplate
+ Changed
* libmu soname from 0:0:0 to 0:1:0.
* tss2-sys soname from 1:0:0 to 1:1:0
* tss2-esys: from 0:0:0 to 0:1:0
* FAPI ignores vendor properties on Fapi_GetInfo
* FAPI Event Logging JSON format, See #2170 for details.
+ Removed
* Dead struct TPMS_ALGORITHM_DESCRIPTION
* Dead field intelPttProperty from TPMU_CAPABILITIES
* Dead code Tss2_MU_TPMS_ALGORITHM_DESCRIPTION_Marshal
* Dead code Tss2_MU_TPMS_ALGORITHM_DESCRIPTION_Unmarshal
OBS-URL: https://build.opensuse.org/request/show/1066192
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=126
2023-02-16 16:00:57 +01:00
|
|
|
%package -n libtss2-policy0
|
|
|
|
|
Summary: TPM2 FAPI policy library
|
|
|
|
|
Group: System/Libraries
|
|
|
|
|
|
|
|
|
|
%description -n libtss2-policy0
|
|
|
|
|
Library that exposes the internal FAPI policy engine as a consumable
|
|
|
|
|
library and stable API. Users can take arbitrary JSON policy strings
|
|
|
|
|
and implement the callbacks required to produce calculated policies
|
|
|
|
|
without a TPM as well as execute policies on an ESYS TR session for
|
|
|
|
|
satisfying access policies on an object.
|
|
|
|
|
|
2020-10-22 12:27:22 +02:00
|
|
|
%package -n libtss2-tcti-cmd0
|
|
|
|
|
Summary: TCTI cmd interface library
|
|
|
|
|
Group: System/Libraries
|
|
|
|
|
|
|
|
|
|
%description -n libtss2-tcti-cmd0
|
2020-10-22 13:43:23 +02:00
|
|
|
A TCTI for interaction with a subprocess. It abstracts the details of direct
|
|
|
|
|
communication with the interface and protocol exposed by a subprocess that can
|
|
|
|
|
receive and transmit raw TPM2 command and response buffers.
|
2020-10-22 12:27:22 +02:00
|
|
|
|
|
|
|
|
%package -n libtss2-tcti-swtpm0
|
|
|
|
|
Summary: TCTI swtpm interface library
|
|
|
|
|
Group: System/Libraries
|
|
|
|
|
|
|
|
|
|
%description -n libtss2-tcti-swtpm0
|
2020-10-22 13:43:23 +02:00
|
|
|
A TCTI for interaction with the TPM2 software simulator. It abstracts the
|
|
|
|
|
details of direct communication with the interface and protocol exposed by the
|
|
|
|
|
daemon hosting the TPM2 reference implementation.
|
2020-10-22 12:27:22 +02:00
|
|
|
|
2021-07-15 13:15:44 +02:00
|
|
|
%package -n libtss2-tcti-pcap0
|
|
|
|
|
Summary: TCTI pcap interface library
|
|
|
|
|
Group: System/Libraries
|
|
|
|
|
|
|
|
|
|
%description -n libtss2-tcti-pcap0
|
|
|
|
|
A TCTI which prints TPM commands and responses to a file in pcap-ng format. It abstracts the
|
|
|
|
|
details of direct communication with the interface and protocol exposed by the
|
|
|
|
|
daemon hosting the TPM2 reference implementation.
|
|
|
|
|
|
Accepting request 1066192 from home:aplanas:branches:security
- Drop 0001-tss2_rc-ensure-layer-number-is-in-bounds.patch as was
already merged upstream
- Update to 4.0.1
+ Fixed:
* A buffer overflow in tss2-rc as CVE-2023-22745.
- Update to 4.0.0
+ Fixed:
* tcti-ldr: Use heap instead of stack when tcti initialize
* Fix usage of NULL pointer if Esys_TR_SetAuth is calles with
ESYS_TR_NONE.
* Conditionally check user/group manipulation commands.
* Store VERSION into the release tarball.
* When using DESTDIR for make einstall, do not invoke
systemd-sysusers and systemd-tmpfiles.
* esys_iutil: fix possible NPD.
* Tss2_Sys_Flushcontext: flushHandle was encoded as a handleArea
handle and not as parameter one, this affected the contents of
cpHash.
* esys: fix allow usage of HMAC sessions for
Esys_TR_FromTPMPublic.
* fapi: fix usage of policy_nv with a TPM nv index.
* linking tcti for libtpms against tss2-tctildr. It should be
linked against tss2-mu.
* build: Remove erroneous trailing comma in linker option. Bug
#2391.
* fapi: fix encoding of complex tpm2bs in authorize nv,
duplication select and policy template policies. Now the complex
and TPMT or TPMS representations can be used. Bug #2383
* The error message for unsupported FAPI curves was in hex without
a leading 0x, make it integer output to clarify.
* Documentation that had various scalar out pointers as "callee
allocated".
* test: build with opaque FILE structure like in musl libc.
* Transient endorsement keys were not recreated according to the
EK credential profile.
* Evict control for a persistent EK failed during provisioning if
an auth value for the storage hierarchy was set.
* The authorization of the storage hierarchy is now added. Fixes
FAPI: Provisioning error if an auth value is needed for the
storage hierarchy #2438.
* Usage of a second profile in a path was not possible because the
default profile was always used.
* The setting of an empty auth value for Fapi_Provision was fixed.
* JSON encoding of a structure TPMS_POLICYAUTHORIZATION used the
field keyPEMhashAlg instead of hashAlg as defined in "TCG TSS
2.0 JSON Data Types and Policy Language Specification". Rename
to hashAlg but preserve support for reading keyPEMhashAlg for
backwards compatibility.
* fapi: PolicySecret did not work with keys as secret object.
* Esys_PCR_SetAuthValue: remembers the auth like other SetAutg
ESAPI functions.
* tests: esys-pcr-auth-value.int moved to destructive tests.
* FAPI: Fix double free if keystore is corrupted.
* Marshaling of TPMU_CAPABILITIES data, only field
intelPttProperty was broken before.a
* Spec deviation in Fapi_GetDescription caused description to be
NULL when it should be empty string. This is API breaking but
considered a bug since it deviated from the FAPI spec.
* FAPI: undefined reference to curl_url_strerror when using curl
less than 7.80.0.
* FAPI: Fixed support for EK templates in NV inidices per the
spec, see #2518 for details.
* FAPI: fix NPD in ifapi_curl logging.
* FAPI: Improve documentation fapi-profile
* FAPI: Fix CURL HTTP handling.
* FAPI: Return FAPI_RC_IO_ERROR if a policy does not exist in
keystore.
+ Added:
* TPM version 1.59 support.
* ci: ubuntu-22.04 added.
* mbedTLS 3.0 is supported by ESAPI.
* Add CreationHash to JSON output for usage between applications
not using the FAPI keystore, like command line tools.
* Reduced code size for SAPI.
* Support for Runtime Switchable ESAPI Crypto Backend via
Esys_SetCryptoCallbacks.
* Testing for TCG EK Credential Profile TPM 2.0, Version 2.4
Rev. 3, 2021 for the low and high address range of EK templates.
* tss2-rc: Tss2_RC_DecodeInfo function for parsing TSS2_RC into
the various bit fields.
* FAPI support for P_ECC384 profile.
* tss2-rc: Tss2_RC_DecodeInfoError: Function to get a human
readable error from a TSS2_RC_INFO returned by
Tss2_RC_DecodeInfo
* tcti: Generic SPI driver, implementors only need to connect to
acquire/release, transmit/receive, and sleep/timeout functions.
* FAPI: Add event logging for Firmware and IMA Events. See #2170
for details.
* FAPI: Fix Fapi_ChangeAuth updates on hierarchy objects not being
reflected across profiles.
* FAPI: Allow keyedhash keys in PolicySigned.
* ESAPI: Support sha512 for mbedtls crypto backend.
* TPM2B_MAX_CAP_BUFFER and mu routines
* vendor field to TPMU_CAPABILTIIES
* FAPI: support for PolicyTemplate
+ Changed
* libmu soname from 0:0:0 to 0:1:0.
* tss2-sys soname from 1:0:0 to 1:1:0
* tss2-esys: from 0:0:0 to 0:1:0
* FAPI ignores vendor properties on Fapi_GetInfo
* FAPI Event Logging JSON format, See #2170 for details.
+ Removed
* Dead struct TPMS_ALGORITHM_DESCRIPTION
* Dead field intelPttProperty from TPMU_CAPABILITIES
* Dead code Tss2_MU_TPMS_ALGORITHM_DESCRIPTION_Marshal
* Dead code Tss2_MU_TPMS_ALGORITHM_DESCRIPTION_Unmarshal
OBS-URL: https://build.opensuse.org/request/show/1066192
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=126
2023-02-16 16:00:57 +01:00
|
|
|
%package -n libtss2-tcti-spi-helper0
|
|
|
|
|
Summary: TCTI spi interface library
|
|
|
|
|
Group: System/Libraries
|
|
|
|
|
|
|
|
|
|
%description -n libtss2-tcti-spi-helper0
|
|
|
|
|
A TCTI module for communication via SPI TPM device driver. Abstracts
|
|
|
|
|
the details of communication with a TPM via SPI protocol. It uses user
|
|
|
|
|
supplied methods for SPI and timing operations in order to be platform
|
|
|
|
|
independent.
|
|
|
|
|
|
2024-05-03 16:16:18 +02:00
|
|
|
%package -n libtss2-tcti-i2c-helper0
|
|
|
|
|
Summary: TCTI i2c interface library
|
|
|
|
|
Group: System/Libraries
|
|
|
|
|
|
|
|
|
|
%description -n libtss2-tcti-i2c-helper0
|
|
|
|
|
A TCTI module for communication via I2C TPM device driver. Abstracts
|
|
|
|
|
the details of communication with a TPM via I2C protocol. It uses user
|
|
|
|
|
supplied methods for I2C and timing operations in order to be platform
|
|
|
|
|
independent.
|
|
|
|
|
|
2016-02-24 11:20:32 +01:00
|
|
|
%prep
|
Accepting request 1066192 from home:aplanas:branches:security
- Drop 0001-tss2_rc-ensure-layer-number-is-in-bounds.patch as was
already merged upstream
- Update to 4.0.1
+ Fixed:
* A buffer overflow in tss2-rc as CVE-2023-22745.
- Update to 4.0.0
+ Fixed:
* tcti-ldr: Use heap instead of stack when tcti initialize
* Fix usage of NULL pointer if Esys_TR_SetAuth is calles with
ESYS_TR_NONE.
* Conditionally check user/group manipulation commands.
* Store VERSION into the release tarball.
* When using DESTDIR for make einstall, do not invoke
systemd-sysusers and systemd-tmpfiles.
* esys_iutil: fix possible NPD.
* Tss2_Sys_Flushcontext: flushHandle was encoded as a handleArea
handle and not as parameter one, this affected the contents of
cpHash.
* esys: fix allow usage of HMAC sessions for
Esys_TR_FromTPMPublic.
* fapi: fix usage of policy_nv with a TPM nv index.
* linking tcti for libtpms against tss2-tctildr. It should be
linked against tss2-mu.
* build: Remove erroneous trailing comma in linker option. Bug
#2391.
* fapi: fix encoding of complex tpm2bs in authorize nv,
duplication select and policy template policies. Now the complex
and TPMT or TPMS representations can be used. Bug #2383
* The error message for unsupported FAPI curves was in hex without
a leading 0x, make it integer output to clarify.
* Documentation that had various scalar out pointers as "callee
allocated".
* test: build with opaque FILE structure like in musl libc.
* Transient endorsement keys were not recreated according to the
EK credential profile.
* Evict control for a persistent EK failed during provisioning if
an auth value for the storage hierarchy was set.
* The authorization of the storage hierarchy is now added. Fixes
FAPI: Provisioning error if an auth value is needed for the
storage hierarchy #2438.
* Usage of a second profile in a path was not possible because the
default profile was always used.
* The setting of an empty auth value for Fapi_Provision was fixed.
* JSON encoding of a structure TPMS_POLICYAUTHORIZATION used the
field keyPEMhashAlg instead of hashAlg as defined in "TCG TSS
2.0 JSON Data Types and Policy Language Specification". Rename
to hashAlg but preserve support for reading keyPEMhashAlg for
backwards compatibility.
* fapi: PolicySecret did not work with keys as secret object.
* Esys_PCR_SetAuthValue: remembers the auth like other SetAutg
ESAPI functions.
* tests: esys-pcr-auth-value.int moved to destructive tests.
* FAPI: Fix double free if keystore is corrupted.
* Marshaling of TPMU_CAPABILITIES data, only field
intelPttProperty was broken before.a
* Spec deviation in Fapi_GetDescription caused description to be
NULL when it should be empty string. This is API breaking but
considered a bug since it deviated from the FAPI spec.
* FAPI: undefined reference to curl_url_strerror when using curl
less than 7.80.0.
* FAPI: Fixed support for EK templates in NV inidices per the
spec, see #2518 for details.
* FAPI: fix NPD in ifapi_curl logging.
* FAPI: Improve documentation fapi-profile
* FAPI: Fix CURL HTTP handling.
* FAPI: Return FAPI_RC_IO_ERROR if a policy does not exist in
keystore.
+ Added:
* TPM version 1.59 support.
* ci: ubuntu-22.04 added.
* mbedTLS 3.0 is supported by ESAPI.
* Add CreationHash to JSON output for usage between applications
not using the FAPI keystore, like command line tools.
* Reduced code size for SAPI.
* Support for Runtime Switchable ESAPI Crypto Backend via
Esys_SetCryptoCallbacks.
* Testing for TCG EK Credential Profile TPM 2.0, Version 2.4
Rev. 3, 2021 for the low and high address range of EK templates.
* tss2-rc: Tss2_RC_DecodeInfo function for parsing TSS2_RC into
the various bit fields.
* FAPI support for P_ECC384 profile.
* tss2-rc: Tss2_RC_DecodeInfoError: Function to get a human
readable error from a TSS2_RC_INFO returned by
Tss2_RC_DecodeInfo
* tcti: Generic SPI driver, implementors only need to connect to
acquire/release, transmit/receive, and sleep/timeout functions.
* FAPI: Add event logging for Firmware and IMA Events. See #2170
for details.
* FAPI: Fix Fapi_ChangeAuth updates on hierarchy objects not being
reflected across profiles.
* FAPI: Allow keyedhash keys in PolicySigned.
* ESAPI: Support sha512 for mbedtls crypto backend.
* TPM2B_MAX_CAP_BUFFER and mu routines
* vendor field to TPMU_CAPABILTIIES
* FAPI: support for PolicyTemplate
+ Changed
* libmu soname from 0:0:0 to 0:1:0.
* tss2-sys soname from 1:0:0 to 1:1:0
* tss2-esys: from 0:0:0 to 0:1:0
* FAPI ignores vendor properties on Fapi_GetInfo
* FAPI Event Logging JSON format, See #2170 for details.
+ Removed
* Dead struct TPMS_ALGORITHM_DESCRIPTION
* Dead field intelPttProperty from TPMU_CAPABILITIES
* Dead code Tss2_MU_TPMS_ALGORITHM_DESCRIPTION_Marshal
* Dead code Tss2_MU_TPMS_ALGORITHM_DESCRIPTION_Unmarshal
OBS-URL: https://build.opensuse.org/request/show/1066192
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=126
2023-02-16 16:00:57 +01:00
|
|
|
%autosetup -n tpm2-tss-%{version}
|
2018-06-29 16:14:43 +02:00
|
|
|
|
2016-02-24 11:20:32 +01:00
|
|
|
%build
|
2021-07-15 13:15:44 +02:00
|
|
|
# configure looks for groupadd on PATH
|
|
|
|
|
export PATH="$PATH:%{_sbindir}"
|
2020-10-22 12:27:22 +02:00
|
|
|
%configure --disable-static \
|
|
|
|
|
--with-udevrulesdir=%{_udevrulesdir} \
|
|
|
|
|
--with-runstatedir=%{_rundir} \
|
|
|
|
|
--with-tmpfilesdir=%{_tmpfilesdir} \
|
|
|
|
|
--with-sysusersdir=%{_sysusersdir}
|
2021-12-08 10:29:33 +01:00
|
|
|
%make_build PTHREAD_LDFLAGS=-pthread
|
2016-02-24 11:20:32 +01:00
|
|
|
|
|
|
|
|
%install
|
2016-02-24 11:22:48 +01:00
|
|
|
%make_install
|
2016-04-08 11:42:06 +02:00
|
|
|
find %{buildroot} -type f -name "*.la" -delete -print
|
2018-06-29 16:14:43 +02:00
|
|
|
# rename the rules file to have a numbered prefix as all others have, too
|
|
|
|
|
%define udev_rule_file 90-tpm.rules
|
|
|
|
|
mv %{buildroot}%{_udevrulesdir}/tpm-udev.rules %{buildroot}%{_udevrulesdir}/%{udev_rule_file}
|
2021-07-16 10:13:53 +02:00
|
|
|
# Conflicts with system-users
|
|
|
|
|
rm %{buildroot}%{_sysusersdir}/tpm2-tss.conf
|
2018-06-29 16:14:43 +02:00
|
|
|
|
|
|
|
|
%post
|
2021-12-08 10:29:33 +01:00
|
|
|
%{_bindir}/udevadm trigger -s tpm -s tpmrm || :
|
2018-06-29 16:14:43 +02:00
|
|
|
|
2024-01-09 09:27:44 +01:00
|
|
|
%post -n libtss2-fapi-common
|
|
|
|
|
%tmpfiles_create %{_tmpfilesdir}/tpm2-tss-fapi.conf
|
|
|
|
|
|
2018-06-29 16:14:43 +02:00
|
|
|
%post -n libtss2-esys0 -p /sbin/ldconfig
|
|
|
|
|
%postun -n libtss2-esys0 -p /sbin/ldconfig
|
2020-10-22 12:27:22 +02:00
|
|
|
%post -n libtss2-sys1 -p /sbin/ldconfig
|
|
|
|
|
%postun -n libtss2-sys1 -p /sbin/ldconfig
|
2019-12-11 12:27:31 +01:00
|
|
|
%post -n libtss2-tctildr0 -p /sbin/ldconfig
|
|
|
|
|
%postun -n libtss2-tctildr0 -p /sbin/ldconfig
|
2018-06-29 16:14:43 +02:00
|
|
|
%post -n libtss2-tcti-device0 -p /sbin/ldconfig
|
|
|
|
|
%postun -n libtss2-tcti-device0 -p /sbin/ldconfig
|
2024-05-03 16:16:18 +02:00
|
|
|
%post -n libtss2-tcti-spidev0 -p /sbin/ldconfig
|
|
|
|
|
%postun -n libtss2-tcti-spidev0 -p /sbin/ldconfig
|
2018-06-29 16:14:43 +02:00
|
|
|
%post -n libtss2-tcti-mssim0 -p /sbin/ldconfig
|
|
|
|
|
%postun -n libtss2-tcti-mssim0 -p /sbin/ldconfig
|
|
|
|
|
%post -n libtss2-mu0 -p /sbin/ldconfig
|
|
|
|
|
%postun -n libtss2-mu0 -p /sbin/ldconfig
|
2019-12-11 12:27:31 +01:00
|
|
|
%post -n libtss2-rc0 -p /sbin/ldconfig
|
|
|
|
|
%postun -n libtss2-rc0 -p /sbin/ldconfig
|
2024-01-09 09:27:44 +01:00
|
|
|
%post -n libtss2-fapi1 -p /sbin/ldconfig
|
2020-10-22 12:27:22 +02:00
|
|
|
%postun -n libtss2-fapi1 -p /sbin/ldconfig
|
Accepting request 1066192 from home:aplanas:branches:security
- Drop 0001-tss2_rc-ensure-layer-number-is-in-bounds.patch as was
already merged upstream
- Update to 4.0.1
+ Fixed:
* A buffer overflow in tss2-rc as CVE-2023-22745.
- Update to 4.0.0
+ Fixed:
* tcti-ldr: Use heap instead of stack when tcti initialize
* Fix usage of NULL pointer if Esys_TR_SetAuth is calles with
ESYS_TR_NONE.
* Conditionally check user/group manipulation commands.
* Store VERSION into the release tarball.
* When using DESTDIR for make einstall, do not invoke
systemd-sysusers and systemd-tmpfiles.
* esys_iutil: fix possible NPD.
* Tss2_Sys_Flushcontext: flushHandle was encoded as a handleArea
handle and not as parameter one, this affected the contents of
cpHash.
* esys: fix allow usage of HMAC sessions for
Esys_TR_FromTPMPublic.
* fapi: fix usage of policy_nv with a TPM nv index.
* linking tcti for libtpms against tss2-tctildr. It should be
linked against tss2-mu.
* build: Remove erroneous trailing comma in linker option. Bug
#2391.
* fapi: fix encoding of complex tpm2bs in authorize nv,
duplication select and policy template policies. Now the complex
and TPMT or TPMS representations can be used. Bug #2383
* The error message for unsupported FAPI curves was in hex without
a leading 0x, make it integer output to clarify.
* Documentation that had various scalar out pointers as "callee
allocated".
* test: build with opaque FILE structure like in musl libc.
* Transient endorsement keys were not recreated according to the
EK credential profile.
* Evict control for a persistent EK failed during provisioning if
an auth value for the storage hierarchy was set.
* The authorization of the storage hierarchy is now added. Fixes
FAPI: Provisioning error if an auth value is needed for the
storage hierarchy #2438.
* Usage of a second profile in a path was not possible because the
default profile was always used.
* The setting of an empty auth value for Fapi_Provision was fixed.
* JSON encoding of a structure TPMS_POLICYAUTHORIZATION used the
field keyPEMhashAlg instead of hashAlg as defined in "TCG TSS
2.0 JSON Data Types and Policy Language Specification". Rename
to hashAlg but preserve support for reading keyPEMhashAlg for
backwards compatibility.
* fapi: PolicySecret did not work with keys as secret object.
* Esys_PCR_SetAuthValue: remembers the auth like other SetAutg
ESAPI functions.
* tests: esys-pcr-auth-value.int moved to destructive tests.
* FAPI: Fix double free if keystore is corrupted.
* Marshaling of TPMU_CAPABILITIES data, only field
intelPttProperty was broken before.a
* Spec deviation in Fapi_GetDescription caused description to be
NULL when it should be empty string. This is API breaking but
considered a bug since it deviated from the FAPI spec.
* FAPI: undefined reference to curl_url_strerror when using curl
less than 7.80.0.
* FAPI: Fixed support for EK templates in NV inidices per the
spec, see #2518 for details.
* FAPI: fix NPD in ifapi_curl logging.
* FAPI: Improve documentation fapi-profile
* FAPI: Fix CURL HTTP handling.
* FAPI: Return FAPI_RC_IO_ERROR if a policy does not exist in
keystore.
+ Added:
* TPM version 1.59 support.
* ci: ubuntu-22.04 added.
* mbedTLS 3.0 is supported by ESAPI.
* Add CreationHash to JSON output for usage between applications
not using the FAPI keystore, like command line tools.
* Reduced code size for SAPI.
* Support for Runtime Switchable ESAPI Crypto Backend via
Esys_SetCryptoCallbacks.
* Testing for TCG EK Credential Profile TPM 2.0, Version 2.4
Rev. 3, 2021 for the low and high address range of EK templates.
* tss2-rc: Tss2_RC_DecodeInfo function for parsing TSS2_RC into
the various bit fields.
* FAPI support for P_ECC384 profile.
* tss2-rc: Tss2_RC_DecodeInfoError: Function to get a human
readable error from a TSS2_RC_INFO returned by
Tss2_RC_DecodeInfo
* tcti: Generic SPI driver, implementors only need to connect to
acquire/release, transmit/receive, and sleep/timeout functions.
* FAPI: Add event logging for Firmware and IMA Events. See #2170
for details.
* FAPI: Fix Fapi_ChangeAuth updates on hierarchy objects not being
reflected across profiles.
* FAPI: Allow keyedhash keys in PolicySigned.
* ESAPI: Support sha512 for mbedtls crypto backend.
* TPM2B_MAX_CAP_BUFFER and mu routines
* vendor field to TPMU_CAPABILTIIES
* FAPI: support for PolicyTemplate
+ Changed
* libmu soname from 0:0:0 to 0:1:0.
* tss2-sys soname from 1:0:0 to 1:1:0
* tss2-esys: from 0:0:0 to 0:1:0
* FAPI ignores vendor properties on Fapi_GetInfo
* FAPI Event Logging JSON format, See #2170 for details.
+ Removed
* Dead struct TPMS_ALGORITHM_DESCRIPTION
* Dead field intelPttProperty from TPMU_CAPABILITIES
* Dead code Tss2_MU_TPMS_ALGORITHM_DESCRIPTION_Marshal
* Dead code Tss2_MU_TPMS_ALGORITHM_DESCRIPTION_Unmarshal
OBS-URL: https://build.opensuse.org/request/show/1066192
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=126
2023-02-16 16:00:57 +01:00
|
|
|
%post -n libtss2-policy0 -p /sbin/ldconfig
|
|
|
|
|
%postun -n libtss2-policy0 -p /sbin/ldconfig
|
2020-10-22 12:27:22 +02:00
|
|
|
%post -n libtss2-tcti-cmd0 -p /sbin/ldconfig
|
|
|
|
|
%postun -n libtss2-tcti-cmd0 -p /sbin/ldconfig
|
|
|
|
|
%post -n libtss2-tcti-swtpm0 -p /sbin/ldconfig
|
|
|
|
|
%postun -n libtss2-tcti-swtpm0 -p /sbin/ldconfig
|
2021-07-15 13:15:44 +02:00
|
|
|
%post -n libtss2-tcti-pcap0 -p /sbin/ldconfig
|
|
|
|
|
%postun -n libtss2-tcti-pcap0 -p /sbin/ldconfig
|
Accepting request 1066192 from home:aplanas:branches:security
- Drop 0001-tss2_rc-ensure-layer-number-is-in-bounds.patch as was
already merged upstream
- Update to 4.0.1
+ Fixed:
* A buffer overflow in tss2-rc as CVE-2023-22745.
- Update to 4.0.0
+ Fixed:
* tcti-ldr: Use heap instead of stack when tcti initialize
* Fix usage of NULL pointer if Esys_TR_SetAuth is calles with
ESYS_TR_NONE.
* Conditionally check user/group manipulation commands.
* Store VERSION into the release tarball.
* When using DESTDIR for make einstall, do not invoke
systemd-sysusers and systemd-tmpfiles.
* esys_iutil: fix possible NPD.
* Tss2_Sys_Flushcontext: flushHandle was encoded as a handleArea
handle and not as parameter one, this affected the contents of
cpHash.
* esys: fix allow usage of HMAC sessions for
Esys_TR_FromTPMPublic.
* fapi: fix usage of policy_nv with a TPM nv index.
* linking tcti for libtpms against tss2-tctildr. It should be
linked against tss2-mu.
* build: Remove erroneous trailing comma in linker option. Bug
#2391.
* fapi: fix encoding of complex tpm2bs in authorize nv,
duplication select and policy template policies. Now the complex
and TPMT or TPMS representations can be used. Bug #2383
* The error message for unsupported FAPI curves was in hex without
a leading 0x, make it integer output to clarify.
* Documentation that had various scalar out pointers as "callee
allocated".
* test: build with opaque FILE structure like in musl libc.
* Transient endorsement keys were not recreated according to the
EK credential profile.
* Evict control for a persistent EK failed during provisioning if
an auth value for the storage hierarchy was set.
* The authorization of the storage hierarchy is now added. Fixes
FAPI: Provisioning error if an auth value is needed for the
storage hierarchy #2438.
* Usage of a second profile in a path was not possible because the
default profile was always used.
* The setting of an empty auth value for Fapi_Provision was fixed.
* JSON encoding of a structure TPMS_POLICYAUTHORIZATION used the
field keyPEMhashAlg instead of hashAlg as defined in "TCG TSS
2.0 JSON Data Types and Policy Language Specification". Rename
to hashAlg but preserve support for reading keyPEMhashAlg for
backwards compatibility.
* fapi: PolicySecret did not work with keys as secret object.
* Esys_PCR_SetAuthValue: remembers the auth like other SetAutg
ESAPI functions.
* tests: esys-pcr-auth-value.int moved to destructive tests.
* FAPI: Fix double free if keystore is corrupted.
* Marshaling of TPMU_CAPABILITIES data, only field
intelPttProperty was broken before.a
* Spec deviation in Fapi_GetDescription caused description to be
NULL when it should be empty string. This is API breaking but
considered a bug since it deviated from the FAPI spec.
* FAPI: undefined reference to curl_url_strerror when using curl
less than 7.80.0.
* FAPI: Fixed support for EK templates in NV inidices per the
spec, see #2518 for details.
* FAPI: fix NPD in ifapi_curl logging.
* FAPI: Improve documentation fapi-profile
* FAPI: Fix CURL HTTP handling.
* FAPI: Return FAPI_RC_IO_ERROR if a policy does not exist in
keystore.
+ Added:
* TPM version 1.59 support.
* ci: ubuntu-22.04 added.
* mbedTLS 3.0 is supported by ESAPI.
* Add CreationHash to JSON output for usage between applications
not using the FAPI keystore, like command line tools.
* Reduced code size for SAPI.
* Support for Runtime Switchable ESAPI Crypto Backend via
Esys_SetCryptoCallbacks.
* Testing for TCG EK Credential Profile TPM 2.0, Version 2.4
Rev. 3, 2021 for the low and high address range of EK templates.
* tss2-rc: Tss2_RC_DecodeInfo function for parsing TSS2_RC into
the various bit fields.
* FAPI support for P_ECC384 profile.
* tss2-rc: Tss2_RC_DecodeInfoError: Function to get a human
readable error from a TSS2_RC_INFO returned by
Tss2_RC_DecodeInfo
* tcti: Generic SPI driver, implementors only need to connect to
acquire/release, transmit/receive, and sleep/timeout functions.
* FAPI: Add event logging for Firmware and IMA Events. See #2170
for details.
* FAPI: Fix Fapi_ChangeAuth updates on hierarchy objects not being
reflected across profiles.
* FAPI: Allow keyedhash keys in PolicySigned.
* ESAPI: Support sha512 for mbedtls crypto backend.
* TPM2B_MAX_CAP_BUFFER and mu routines
* vendor field to TPMU_CAPABILTIIES
* FAPI: support for PolicyTemplate
+ Changed
* libmu soname from 0:0:0 to 0:1:0.
* tss2-sys soname from 1:0:0 to 1:1:0
* tss2-esys: from 0:0:0 to 0:1:0
* FAPI ignores vendor properties on Fapi_GetInfo
* FAPI Event Logging JSON format, See #2170 for details.
+ Removed
* Dead struct TPMS_ALGORITHM_DESCRIPTION
* Dead field intelPttProperty from TPMU_CAPABILITIES
* Dead code Tss2_MU_TPMS_ALGORITHM_DESCRIPTION_Marshal
* Dead code Tss2_MU_TPMS_ALGORITHM_DESCRIPTION_Unmarshal
OBS-URL: https://build.opensuse.org/request/show/1066192
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=126
2023-02-16 16:00:57 +01:00
|
|
|
%post -n libtss2-tcti-spi-helper0 -p /sbin/ldconfig
|
|
|
|
|
%postun -n libtss2-tcti-spi-helper0 -p /sbin/ldconfig
|
2024-05-03 16:16:18 +02:00
|
|
|
%post -n libtss2-tcti-i2c-helper0 -p /sbin/ldconfig
|
|
|
|
|
%postun -n libtss2-tcti-i2c-helper0 -p /sbin/ldconfig
|
2021-07-15 13:15:44 +02:00
|
|
|
|
2016-02-24 11:20:32 +01:00
|
|
|
%files
|
2020-01-27 09:58:42 +01:00
|
|
|
%doc *.md
|
|
|
|
|
%license LICENSE
|
2018-02-22 11:16:24 +01:00
|
|
|
%{_mandir}/man3/*
|
2020-10-22 12:27:22 +02:00
|
|
|
%{_mandir}/man5/*
|
2018-06-29 16:14:43 +02:00
|
|
|
%{_mandir}/man7/tss2-*
|
|
|
|
|
%{_udevrulesdir}/%{udev_rule_file}
|
2021-12-08 10:29:33 +01:00
|
|
|
%dir %{_sysconfdir}/tpm2-tss/
|
|
|
|
|
%config %{_sysconfdir}/tpm2-tss/fapi-config.json
|
|
|
|
|
%dir %{_sysconfdir}/tpm2-tss/fapi-profiles
|
|
|
|
|
%config %{_sysconfdir}/tpm2-tss/fapi-profiles/*.json
|
2016-02-24 11:20:32 +01:00
|
|
|
|
|
|
|
|
%files devel
|
2018-06-29 16:14:43 +02:00
|
|
|
%{_includedir}/tss2
|
2016-02-24 11:20:32 +01:00
|
|
|
%{_libdir}/*.so
|
2017-02-15 19:15:01 +01:00
|
|
|
%{_libdir}/pkgconfig/*.pc
|
2016-02-24 11:20:32 +01:00
|
|
|
|
2018-06-29 16:14:43 +02:00
|
|
|
%files -n libtss2-esys0
|
|
|
|
|
%{_libdir}/libtss2-esys.so.*
|
|
|
|
|
|
2020-10-22 12:27:22 +02:00
|
|
|
%files -n libtss2-sys1
|
2018-06-29 16:14:43 +02:00
|
|
|
%{_libdir}/libtss2-sys.so.*
|
|
|
|
|
|
|
|
|
|
%files -n libtss2-mu0
|
|
|
|
|
%{_libdir}/libtss2-mu.so.*
|
2017-02-18 12:42:59 +01:00
|
|
|
|
2019-12-11 12:27:31 +01:00
|
|
|
%files -n libtss2-rc0
|
|
|
|
|
%{_libdir}/libtss2-rc.so.*
|
|
|
|
|
|
|
|
|
|
%files -n libtss2-tctildr0
|
|
|
|
|
%{_libdir}/libtss2-tctildr.so.*
|
|
|
|
|
|
2018-06-29 16:14:43 +02:00
|
|
|
%files -n libtss2-tcti-device0
|
|
|
|
|
%{_libdir}/libtss2-tcti-device.so.*
|
2017-02-18 12:42:59 +01:00
|
|
|
|
2024-05-03 16:16:18 +02:00
|
|
|
%files -n libtss2-tcti-spidev0
|
|
|
|
|
%{_libdir}/libtss2-tcti-spidev.so.*
|
|
|
|
|
|
2018-06-29 16:14:43 +02:00
|
|
|
%files -n libtss2-tcti-mssim0
|
|
|
|
|
%{_libdir}/libtss2-tcti-mssim.so.*
|
2016-02-24 14:01:43 +01:00
|
|
|
|
2020-10-22 12:27:22 +02:00
|
|
|
%files -n libtss2-fapi1
|
|
|
|
|
%{_libdir}/libtss2-fapi.so.*
|
2024-01-09 09:27:44 +01:00
|
|
|
|
|
|
|
|
%files -n libtss2-fapi-common
|
2022-07-11 13:24:21 +02:00
|
|
|
%{_tmpfilesdir}/tpm2-tss-fapi.conf
|
2024-01-15 09:16:44 +01:00
|
|
|
%ghost %{_sharedstatedir}/tpm2-tss
|
|
|
|
|
%ghost %{_sharedstatedir}/tpm2-tss/system
|
|
|
|
|
%ghost %{_sharedstatedir}/tpm2-tss/system/keystore
|
|
|
|
|
%ghost %{_rundir}/tpm2-tss
|
|
|
|
|
%ghost %{_rundir}/tpm2-tss/eventlog
|
2020-10-22 12:27:22 +02:00
|
|
|
|
Accepting request 1066192 from home:aplanas:branches:security
- Drop 0001-tss2_rc-ensure-layer-number-is-in-bounds.patch as was
already merged upstream
- Update to 4.0.1
+ Fixed:
* A buffer overflow in tss2-rc as CVE-2023-22745.
- Update to 4.0.0
+ Fixed:
* tcti-ldr: Use heap instead of stack when tcti initialize
* Fix usage of NULL pointer if Esys_TR_SetAuth is calles with
ESYS_TR_NONE.
* Conditionally check user/group manipulation commands.
* Store VERSION into the release tarball.
* When using DESTDIR for make einstall, do not invoke
systemd-sysusers and systemd-tmpfiles.
* esys_iutil: fix possible NPD.
* Tss2_Sys_Flushcontext: flushHandle was encoded as a handleArea
handle and not as parameter one, this affected the contents of
cpHash.
* esys: fix allow usage of HMAC sessions for
Esys_TR_FromTPMPublic.
* fapi: fix usage of policy_nv with a TPM nv index.
* linking tcti for libtpms against tss2-tctildr. It should be
linked against tss2-mu.
* build: Remove erroneous trailing comma in linker option. Bug
#2391.
* fapi: fix encoding of complex tpm2bs in authorize nv,
duplication select and policy template policies. Now the complex
and TPMT or TPMS representations can be used. Bug #2383
* The error message for unsupported FAPI curves was in hex without
a leading 0x, make it integer output to clarify.
* Documentation that had various scalar out pointers as "callee
allocated".
* test: build with opaque FILE structure like in musl libc.
* Transient endorsement keys were not recreated according to the
EK credential profile.
* Evict control for a persistent EK failed during provisioning if
an auth value for the storage hierarchy was set.
* The authorization of the storage hierarchy is now added. Fixes
FAPI: Provisioning error if an auth value is needed for the
storage hierarchy #2438.
* Usage of a second profile in a path was not possible because the
default profile was always used.
* The setting of an empty auth value for Fapi_Provision was fixed.
* JSON encoding of a structure TPMS_POLICYAUTHORIZATION used the
field keyPEMhashAlg instead of hashAlg as defined in "TCG TSS
2.0 JSON Data Types and Policy Language Specification". Rename
to hashAlg but preserve support for reading keyPEMhashAlg for
backwards compatibility.
* fapi: PolicySecret did not work with keys as secret object.
* Esys_PCR_SetAuthValue: remembers the auth like other SetAutg
ESAPI functions.
* tests: esys-pcr-auth-value.int moved to destructive tests.
* FAPI: Fix double free if keystore is corrupted.
* Marshaling of TPMU_CAPABILITIES data, only field
intelPttProperty was broken before.a
* Spec deviation in Fapi_GetDescription caused description to be
NULL when it should be empty string. This is API breaking but
considered a bug since it deviated from the FAPI spec.
* FAPI: undefined reference to curl_url_strerror when using curl
less than 7.80.0.
* FAPI: Fixed support for EK templates in NV inidices per the
spec, see #2518 for details.
* FAPI: fix NPD in ifapi_curl logging.
* FAPI: Improve documentation fapi-profile
* FAPI: Fix CURL HTTP handling.
* FAPI: Return FAPI_RC_IO_ERROR if a policy does not exist in
keystore.
+ Added:
* TPM version 1.59 support.
* ci: ubuntu-22.04 added.
* mbedTLS 3.0 is supported by ESAPI.
* Add CreationHash to JSON output for usage between applications
not using the FAPI keystore, like command line tools.
* Reduced code size for SAPI.
* Support for Runtime Switchable ESAPI Crypto Backend via
Esys_SetCryptoCallbacks.
* Testing for TCG EK Credential Profile TPM 2.0, Version 2.4
Rev. 3, 2021 for the low and high address range of EK templates.
* tss2-rc: Tss2_RC_DecodeInfo function for parsing TSS2_RC into
the various bit fields.
* FAPI support for P_ECC384 profile.
* tss2-rc: Tss2_RC_DecodeInfoError: Function to get a human
readable error from a TSS2_RC_INFO returned by
Tss2_RC_DecodeInfo
* tcti: Generic SPI driver, implementors only need to connect to
acquire/release, transmit/receive, and sleep/timeout functions.
* FAPI: Add event logging for Firmware and IMA Events. See #2170
for details.
* FAPI: Fix Fapi_ChangeAuth updates on hierarchy objects not being
reflected across profiles.
* FAPI: Allow keyedhash keys in PolicySigned.
* ESAPI: Support sha512 for mbedtls crypto backend.
* TPM2B_MAX_CAP_BUFFER and mu routines
* vendor field to TPMU_CAPABILTIIES
* FAPI: support for PolicyTemplate
+ Changed
* libmu soname from 0:0:0 to 0:1:0.
* tss2-sys soname from 1:0:0 to 1:1:0
* tss2-esys: from 0:0:0 to 0:1:0
* FAPI ignores vendor properties on Fapi_GetInfo
* FAPI Event Logging JSON format, See #2170 for details.
+ Removed
* Dead struct TPMS_ALGORITHM_DESCRIPTION
* Dead field intelPttProperty from TPMU_CAPABILITIES
* Dead code Tss2_MU_TPMS_ALGORITHM_DESCRIPTION_Marshal
* Dead code Tss2_MU_TPMS_ALGORITHM_DESCRIPTION_Unmarshal
OBS-URL: https://build.opensuse.org/request/show/1066192
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=126
2023-02-16 16:00:57 +01:00
|
|
|
%files -n libtss2-policy0
|
|
|
|
|
%{_libdir}/libtss2-policy.so.*
|
|
|
|
|
|
2020-10-22 12:27:22 +02:00
|
|
|
%files -n libtss2-tcti-cmd0
|
|
|
|
|
%{_libdir}/libtss2-tcti-cmd.so.*
|
|
|
|
|
|
|
|
|
|
%files -n libtss2-tcti-swtpm0
|
|
|
|
|
%{_libdir}/libtss2-tcti-swtpm.so.*
|
|
|
|
|
|
2021-07-15 13:15:44 +02:00
|
|
|
%files -n libtss2-tcti-pcap0
|
|
|
|
|
%{_libdir}/libtss2-tcti-pcap.so.*
|
|
|
|
|
|
Accepting request 1066192 from home:aplanas:branches:security
- Drop 0001-tss2_rc-ensure-layer-number-is-in-bounds.patch as was
already merged upstream
- Update to 4.0.1
+ Fixed:
* A buffer overflow in tss2-rc as CVE-2023-22745.
- Update to 4.0.0
+ Fixed:
* tcti-ldr: Use heap instead of stack when tcti initialize
* Fix usage of NULL pointer if Esys_TR_SetAuth is calles with
ESYS_TR_NONE.
* Conditionally check user/group manipulation commands.
* Store VERSION into the release tarball.
* When using DESTDIR for make einstall, do not invoke
systemd-sysusers and systemd-tmpfiles.
* esys_iutil: fix possible NPD.
* Tss2_Sys_Flushcontext: flushHandle was encoded as a handleArea
handle and not as parameter one, this affected the contents of
cpHash.
* esys: fix allow usage of HMAC sessions for
Esys_TR_FromTPMPublic.
* fapi: fix usage of policy_nv with a TPM nv index.
* linking tcti for libtpms against tss2-tctildr. It should be
linked against tss2-mu.
* build: Remove erroneous trailing comma in linker option. Bug
#2391.
* fapi: fix encoding of complex tpm2bs in authorize nv,
duplication select and policy template policies. Now the complex
and TPMT or TPMS representations can be used. Bug #2383
* The error message for unsupported FAPI curves was in hex without
a leading 0x, make it integer output to clarify.
* Documentation that had various scalar out pointers as "callee
allocated".
* test: build with opaque FILE structure like in musl libc.
* Transient endorsement keys were not recreated according to the
EK credential profile.
* Evict control for a persistent EK failed during provisioning if
an auth value for the storage hierarchy was set.
* The authorization of the storage hierarchy is now added. Fixes
FAPI: Provisioning error if an auth value is needed for the
storage hierarchy #2438.
* Usage of a second profile in a path was not possible because the
default profile was always used.
* The setting of an empty auth value for Fapi_Provision was fixed.
* JSON encoding of a structure TPMS_POLICYAUTHORIZATION used the
field keyPEMhashAlg instead of hashAlg as defined in "TCG TSS
2.0 JSON Data Types and Policy Language Specification". Rename
to hashAlg but preserve support for reading keyPEMhashAlg for
backwards compatibility.
* fapi: PolicySecret did not work with keys as secret object.
* Esys_PCR_SetAuthValue: remembers the auth like other SetAutg
ESAPI functions.
* tests: esys-pcr-auth-value.int moved to destructive tests.
* FAPI: Fix double free if keystore is corrupted.
* Marshaling of TPMU_CAPABILITIES data, only field
intelPttProperty was broken before.a
* Spec deviation in Fapi_GetDescription caused description to be
NULL when it should be empty string. This is API breaking but
considered a bug since it deviated from the FAPI spec.
* FAPI: undefined reference to curl_url_strerror when using curl
less than 7.80.0.
* FAPI: Fixed support for EK templates in NV inidices per the
spec, see #2518 for details.
* FAPI: fix NPD in ifapi_curl logging.
* FAPI: Improve documentation fapi-profile
* FAPI: Fix CURL HTTP handling.
* FAPI: Return FAPI_RC_IO_ERROR if a policy does not exist in
keystore.
+ Added:
* TPM version 1.59 support.
* ci: ubuntu-22.04 added.
* mbedTLS 3.0 is supported by ESAPI.
* Add CreationHash to JSON output for usage between applications
not using the FAPI keystore, like command line tools.
* Reduced code size for SAPI.
* Support for Runtime Switchable ESAPI Crypto Backend via
Esys_SetCryptoCallbacks.
* Testing for TCG EK Credential Profile TPM 2.0, Version 2.4
Rev. 3, 2021 for the low and high address range of EK templates.
* tss2-rc: Tss2_RC_DecodeInfo function for parsing TSS2_RC into
the various bit fields.
* FAPI support for P_ECC384 profile.
* tss2-rc: Tss2_RC_DecodeInfoError: Function to get a human
readable error from a TSS2_RC_INFO returned by
Tss2_RC_DecodeInfo
* tcti: Generic SPI driver, implementors only need to connect to
acquire/release, transmit/receive, and sleep/timeout functions.
* FAPI: Add event logging for Firmware and IMA Events. See #2170
for details.
* FAPI: Fix Fapi_ChangeAuth updates on hierarchy objects not being
reflected across profiles.
* FAPI: Allow keyedhash keys in PolicySigned.
* ESAPI: Support sha512 for mbedtls crypto backend.
* TPM2B_MAX_CAP_BUFFER and mu routines
* vendor field to TPMU_CAPABILTIIES
* FAPI: support for PolicyTemplate
+ Changed
* libmu soname from 0:0:0 to 0:1:0.
* tss2-sys soname from 1:0:0 to 1:1:0
* tss2-esys: from 0:0:0 to 0:1:0
* FAPI ignores vendor properties on Fapi_GetInfo
* FAPI Event Logging JSON format, See #2170 for details.
+ Removed
* Dead struct TPMS_ALGORITHM_DESCRIPTION
* Dead field intelPttProperty from TPMU_CAPABILITIES
* Dead code Tss2_MU_TPMS_ALGORITHM_DESCRIPTION_Marshal
* Dead code Tss2_MU_TPMS_ALGORITHM_DESCRIPTION_Unmarshal
OBS-URL: https://build.opensuse.org/request/show/1066192
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=126
2023-02-16 16:00:57 +01:00
|
|
|
%files -n libtss2-tcti-spi-helper0
|
|
|
|
|
%{_libdir}/libtss2-tcti-spi-helper.so.*
|
|
|
|
|
|
2024-05-03 16:16:18 +02:00
|
|
|
%files -n libtss2-tcti-i2c-helper0
|
|
|
|
|
%{_libdir}/libtss2-tcti-i2c-helper.so.*
|
|
|
|
|
|
2016-02-24 11:20:32 +01:00
|
|
|
%changelog
|
