2016-02-24 11:20:32 +01:00
|
|
|
#
|
2016-04-08 11:42:06 +02:00
|
|
|
# spec file for package tpm2-0-tss
|
2016-02-24 11:20:32 +01:00
|
|
|
#
|
2022-04-27 08:57:23 +02:00
|
|
|
# Copyright (c) 2022 SUSE LLC
|
2016-02-24 11:20:32 +01:00
|
|
|
#
|
|
|
|
# All modifications and additions to the file contributed by third parties
|
|
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
|
|
# upon. The license for this file, and modifications and additions to the
|
|
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
|
|
# license for the pristine package is not an Open Source License, in which
|
|
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
|
|
# published by the Open Source Initiative.
|
|
|
|
|
2019-08-23 14:08:26 +02:00
|
|
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
2016-02-24 11:20:32 +01:00
|
|
|
#
|
|
|
|
|
|
|
|
|
2016-02-24 11:22:48 +01:00
|
|
|
Name: tpm2-0-tss
|
2022-07-08 14:20:43 +02:00
|
|
|
Version: 3.2.0
|
2016-02-24 11:20:32 +01:00
|
|
|
Release: 0
|
2017-08-03 10:12:52 +02:00
|
|
|
Summary: Intel's TCG Software Stack access libraries for TPM 2.0 chips
|
2016-03-24 18:38:07 +01:00
|
|
|
License: BSD-2-Clause
|
2016-02-24 11:20:32 +01:00
|
|
|
Group: Productivity/Security
|
2020-01-27 09:58:42 +01:00
|
|
|
URL: https://github.com/tpm2-software/tpm2-tss
|
2018-09-26 17:42:09 +02:00
|
|
|
Source0: https://github.com/tpm2-software/tpm2-tss/releases/download/%{version}/tpm2-tss-%{version}.tar.gz
|
2022-07-08 14:20:43 +02:00
|
|
|
Source1: https://github.com/tpm2-software/tpm2-tss/releases/download/%{version}/tpm2-tss-%{version}.tar.gz.asc
|
|
|
|
# curl https://keys.openpgp.org/vks/v1/by-fingerprint/D6B4D8BAC7E0CC97DCD4AC7272E88B53F7A95D84 > tpm2-tss.keyring
|
|
|
|
Source2: tpm2-tss.keyring
|
|
|
|
Source3: baselibs.conf
|
2021-12-08 10:29:33 +01:00
|
|
|
BuildRequires: /usr/sbin/groupadd
|
|
|
|
BuildRequires: acl
|
2019-03-06 11:09:35 +01:00
|
|
|
BuildRequires: doxygen
|
2016-02-24 14:01:43 +01:00
|
|
|
BuildRequires: gcc-c++
|
2018-06-29 16:14:43 +02:00
|
|
|
BuildRequires: libgcrypt-devel
|
2021-12-08 10:29:33 +01:00
|
|
|
BuildRequires: pkgconfig
|
2021-07-15 13:15:44 +02:00
|
|
|
BuildRequires: pkgconfig(json-c)
|
2021-12-08 10:29:33 +01:00
|
|
|
BuildRequires: pkgconfig(libcurl)
|
2021-07-15 13:15:44 +02:00
|
|
|
BuildRequires: pkgconfig(libopenssl)
|
2020-01-27 09:58:42 +01:00
|
|
|
BuildRequires: pkgconfig(udev)
|
2020-01-31 15:16:21 +01:00
|
|
|
# The same user is employed by trousers (and was employed by the old
|
|
|
|
# resourcemgr shipped with the tpm2-0-tss package):
|
|
|
|
#
|
|
|
|
# trousers just needs those accounts for dropping privileges to. The service
|
|
|
|
# starts as root and uses set*id to drop to tss, after the tpm device has been
|
|
|
|
# opened.
|
|
|
|
#
|
|
|
|
# tpm2-abrmd has no set*id handling and thus requires /dev/tpm to be owned
|
|
|
|
# by the tss user. Therefore we also need to install a udev rule file.
|
|
|
|
#
|
|
|
|
# trousers was here first and created the user like this, also giving it a
|
|
|
|
# home in /var/lib/tpm. I don't think the home directory is used by either of
|
|
|
|
# the packages ATM. Trousers is keeping state there, but the directory is
|
|
|
|
# owned by root and files are opened before dropping privileges. The passwd
|
|
|
|
# entry seems not to be evaluated.
|
2021-07-15 13:15:44 +02:00
|
|
|
Requires(pre): user(tss)
|
2016-02-24 11:20:32 +01:00
|
|
|
|
|
|
|
%description
|
2017-05-11 17:15:35 +02:00
|
|
|
The tpm2-0-tss package provides a TPM 2.0 TSS implementation. This
|
2017-08-03 10:12:52 +02:00
|
|
|
implementation is developed by INTEL. This package contains the libraries,
|
|
|
|
see the tpm2.0-abrmd package for the resource manager daemon, tpm2.0-tools for
|
|
|
|
utilities.
|
2016-02-24 11:20:32 +01:00
|
|
|
|
|
|
|
%package devel
|
2017-02-18 12:42:59 +01:00
|
|
|
Summary: Development headers for the Intel TSS library for TPM 2.0 chips
|
2016-02-24 11:20:32 +01:00
|
|
|
Group: Development/Libraries/C and C++
|
|
|
|
Requires: glibc-devel
|
2018-06-29 16:14:43 +02:00
|
|
|
Requires: libtss2-esys0 = %{version}
|
2020-10-22 12:27:22 +02:00
|
|
|
Requires: libtss2-fapi1 = %{version}
|
2018-06-29 16:14:43 +02:00
|
|
|
Requires: libtss2-mu0 = %{version}
|
2019-12-11 12:27:31 +01:00
|
|
|
Requires: libtss2-rc0 = %{version}
|
2020-10-22 12:27:22 +02:00
|
|
|
Requires: libtss2-sys1 = %{version}
|
|
|
|
Requires: libtss2-tcti-cmd0 = %{version}
|
2018-06-29 16:14:43 +02:00
|
|
|
Requires: libtss2-tcti-device0 = %{version}
|
|
|
|
Requires: libtss2-tcti-mssim0 = %{version}
|
2021-07-15 13:15:44 +02:00
|
|
|
Requires: libtss2-tcti-pcap0 = %{version}
|
2021-12-08 10:29:33 +01:00
|
|
|
Requires: libtss2-tcti-swtpm0 = %{version}
|
2019-12-11 12:27:31 +01:00
|
|
|
Requires: libtss2-tctildr0 = %{version}
|
2017-08-03 10:12:52 +02:00
|
|
|
Requires: tpm2-0-tss = %{version}
|
2016-02-24 11:20:32 +01:00
|
|
|
|
|
|
|
%description devel
|
2018-06-29 16:14:43 +02:00
|
|
|
This package provides the development files for the tpm2 stack's libraries for
|
|
|
|
accessing TPM 2.0 chips.
|
2016-02-24 11:20:32 +01:00
|
|
|
|
2018-06-29 16:14:43 +02:00
|
|
|
%package -n libtss2-esys0
|
|
|
|
Summary: TPM2 Enhanced System API (ESAPI)
|
2017-08-03 10:12:52 +02:00
|
|
|
Group: System/Libraries
|
2016-02-24 11:20:32 +01:00
|
|
|
|
2018-06-29 16:14:43 +02:00
|
|
|
%description -n libtss2-esys0
|
|
|
|
This API is a 1-to-1 mapping of the TPM2 commands documented in Part 3 of the
|
|
|
|
TPM2 specification. Additionally there are asynchronous versions of each
|
|
|
|
command. In addition to SAPI, the ESAPI performs tracking of meta data for
|
|
|
|
TPM object and automatic calculation of session based authorization and
|
|
|
|
encryption values. Both the synchronous and asynchronous API are exposed
|
|
|
|
through this library.
|
2016-02-24 11:20:32 +01:00
|
|
|
|
2020-10-22 12:27:22 +02:00
|
|
|
%package -n libtss2-sys1
|
2018-06-29 16:14:43 +02:00
|
|
|
Summary: TPM2 System API (SAPI)
|
2017-02-18 12:42:59 +01:00
|
|
|
Group: System/Libraries
|
|
|
|
|
2020-10-22 12:27:22 +02:00
|
|
|
%description -n libtss2-sys1
|
2018-06-29 16:14:43 +02:00
|
|
|
System API (SAPI) as described in the system level API and TPM command
|
|
|
|
transmission interface specification. This API is a 1-to-1 mapping of the TPM2
|
|
|
|
commands documented in Part 3 of the TPM2 specification. Additionally there
|
|
|
|
are asynchronous versions of each command. These asynchronous variants may be
|
|
|
|
useful for integration into event-driven programming environments. Both the
|
|
|
|
synchronous and asynchronous API are exposed through this library.
|
2017-02-18 12:42:59 +01:00
|
|
|
|
2018-06-29 16:14:43 +02:00
|
|
|
%package -n libtss2-mu0
|
|
|
|
Summary: TPM2 marshaling/unmarshaling library
|
2017-02-18 12:42:59 +01:00
|
|
|
Group: System/Libraries
|
|
|
|
|
2018-06-29 16:14:43 +02:00
|
|
|
%description -n libtss2-mu0
|
|
|
|
Marshaling/Unmarshaling (MU) as described in the TCG TSS 2.0
|
|
|
|
Marshaling/Unmarshaling API Specification. This API provides a set of
|
|
|
|
marshaling and unmarshaling functions for all data types defined by the TPM
|
|
|
|
library specification.
|
|
|
|
|
2019-12-11 12:27:31 +01:00
|
|
|
%package -n libtss2-rc0
|
|
|
|
Summary: TPM2 error code translation library
|
|
|
|
Group: System/Libraries
|
|
|
|
|
|
|
|
%description -n libtss2-rc0
|
|
|
|
This library can translate TPM error codes into human readable strings.
|
|
|
|
|
|
|
|
%package -n libtss2-tctildr0
|
|
|
|
Summary: TCTI interface loading library
|
|
|
|
Group: System/Libraries
|
|
|
|
|
|
|
|
%description -n libtss2-tctildr0
|
|
|
|
This is a helper library that simplifies loading other tcti libraries. It is
|
|
|
|
recommended over custom tcti loading code in applications.
|
|
|
|
|
2018-06-29 16:14:43 +02:00
|
|
|
%package -n libtss2-tcti-device0
|
|
|
|
Summary: TCTI interface library for using a native TPM device node
|
|
|
|
Group: System/Libraries
|
|
|
|
|
|
|
|
%description -n libtss2-tcti-device0
|
2017-02-18 12:42:59 +01:00
|
|
|
TPM Command Transmission Interface library for communicating with a
|
2018-06-29 16:14:43 +02:00
|
|
|
TPM device node. This provides direct access to the TPM through the Linux
|
|
|
|
kernel driver.
|
|
|
|
|
|
|
|
%package -n libtss2-tcti-mssim0
|
|
|
|
Summary: TCTI interface library for Microsoft software TPM2 simulator
|
|
|
|
Group: System/Libraries
|
|
|
|
|
|
|
|
%description -n libtss2-tcti-mssim0
|
|
|
|
TPM Command Transmission Interface library for communicating using the
|
|
|
|
protocol exposed by the Microsoft software TPM2 simulator.
|
2017-02-18 12:42:59 +01:00
|
|
|
|
2020-10-22 12:27:22 +02:00
|
|
|
%package -n libtss2-fapi1
|
|
|
|
Summary: FAPI interface library
|
|
|
|
Group: System/Libraries
|
|
|
|
|
|
|
|
%description -n libtss2-fapi1
|
2020-10-22 13:43:23 +02:00
|
|
|
This is the tpm2 Feature API (FAPI) library. This API is designed to be very
|
|
|
|
high-level API, intended to make programming with the TPM as simple as
|
|
|
|
possible.
|
2020-10-22 12:27:22 +02:00
|
|
|
|
|
|
|
%package -n libtss2-tcti-cmd0
|
|
|
|
Summary: TCTI cmd interface library
|
|
|
|
Group: System/Libraries
|
|
|
|
|
|
|
|
%description -n libtss2-tcti-cmd0
|
2020-10-22 13:43:23 +02:00
|
|
|
A TCTI for interaction with a subprocess. It abstracts the details of direct
|
|
|
|
communication with the interface and protocol exposed by a subprocess that can
|
|
|
|
receive and transmit raw TPM2 command and response buffers.
|
2020-10-22 12:27:22 +02:00
|
|
|
|
|
|
|
%package -n libtss2-tcti-swtpm0
|
|
|
|
Summary: TCTI swtpm interface library
|
|
|
|
Group: System/Libraries
|
|
|
|
|
|
|
|
%description -n libtss2-tcti-swtpm0
|
2020-10-22 13:43:23 +02:00
|
|
|
A TCTI for interaction with the TPM2 software simulator. It abstracts the
|
|
|
|
details of direct communication with the interface and protocol exposed by the
|
|
|
|
daemon hosting the TPM2 reference implementation.
|
2020-10-22 12:27:22 +02:00
|
|
|
|
2021-07-15 13:15:44 +02:00
|
|
|
%package -n libtss2-tcti-pcap0
|
|
|
|
Summary: TCTI pcap interface library
|
|
|
|
Group: System/Libraries
|
|
|
|
|
|
|
|
%description -n libtss2-tcti-pcap0
|
|
|
|
A TCTI which prints TPM commands and responses to a file in pcap-ng format. It abstracts the
|
|
|
|
details of direct communication with the interface and protocol exposed by the
|
|
|
|
daemon hosting the TPM2 reference implementation.
|
|
|
|
|
2016-02-24 11:20:32 +01:00
|
|
|
%prep
|
2021-07-15 13:15:44 +02:00
|
|
|
%autosetup -n tpm2-tss-%{version}
|
2018-06-29 16:14:43 +02:00
|
|
|
|
2016-02-24 11:20:32 +01:00
|
|
|
%build
|
2021-07-15 13:15:44 +02:00
|
|
|
# configure looks for groupadd on PATH
|
|
|
|
export PATH="$PATH:%{_sbindir}"
|
2020-10-22 12:27:22 +02:00
|
|
|
%configure --disable-static \
|
|
|
|
--with-udevrulesdir=%{_udevrulesdir} \
|
|
|
|
--with-runstatedir=%{_rundir} \
|
|
|
|
--with-tmpfilesdir=%{_tmpfilesdir} \
|
|
|
|
--with-sysusersdir=%{_sysusersdir}
|
2021-12-08 10:29:33 +01:00
|
|
|
%make_build PTHREAD_LDFLAGS=-pthread
|
2016-02-24 11:20:32 +01:00
|
|
|
|
|
|
|
%install
|
2016-02-24 11:22:48 +01:00
|
|
|
%make_install
|
2016-04-08 11:42:06 +02:00
|
|
|
find %{buildroot} -type f -name "*.la" -delete -print
|
2018-06-29 16:14:43 +02:00
|
|
|
# rename the rules file to have a numbered prefix as all others have, too
|
|
|
|
%define udev_rule_file 90-tpm.rules
|
|
|
|
mv %{buildroot}%{_udevrulesdir}/tpm-udev.rules %{buildroot}%{_udevrulesdir}/%{udev_rule_file}
|
2021-07-16 10:13:53 +02:00
|
|
|
# Conflicts with system-users
|
|
|
|
rm %{buildroot}%{_sysusersdir}/tpm2-tss.conf
|
Accepting request 937743 from home:aplanas:branches:security
- Version 3.1.0 includes:
+ cover update to 2.4.5 (jsc#SLE-17366)
+ cover update to 2.3.0 (jsc#SLE-9515)
+ fix policy session for TPM2_PolicyAuthValue (bsc#1160736)
- Add version the configuration file tpm2-tss-fapi.conf
- Remove conflicting sysusers.d file
- Clean spec file
- Add new library libtss2-tcti-pcap0
- Update to 3.1.0:
* Fix FAPI PolicyPCR not instatiating correctly (CVE-2020-24455)
* Fixed possible access outside the array in ifapi_calculate_tree
* Added pcap TCTI
* Added GlobalSign TPM Root CA certs to FAPI cert store
* Changed EncryptDecrypt mode type to align with TPM2.0 spec 1.59
* Added two new TPM commands TPM2_CC_CertifyX509,
and TPM2_CC_ACT_SetTimeout
- small services fixes and comments
- update to 3.0.3:
- changes in 3.0.3:
* Fix Regression in Fapi_List
* Fix memory leak in policy calculation
- changes in 3.0.2:
* FAPI: Fix setting of the system flag of NV objects
* This will let NV object metadata be created system-wide always instead of
* locally in the user. Existing metadata will remain in the user directory.
* It can be moved to the corresponding systemstore manually if needed.
* FAPI: Fix policy searching, when a policyRef was provided
* FAPI: Accept EK-Certs without CRL dist point
* FAPI: Fix return codes of Fapi_List
* FAPI: Fix memleak in policy execution
* FAPI: Fix coverity NULL-pointer check
* FAPI: Set the written flag of NV objects in FAPI PolicyNV commands
* FAPI: Fix deleting of policy files.
* FAPI: Fix wrong file loading during object search.
* Fapi: Fix memory leak
* Fapi: Fix potential NULL-Dereference
* Fapi: Remove superfluous NULL check
* Fix a memory leak in async keystore load.
- move the tcti-fapi tmpfiles.d config file into the libtss2-fapi1 sub-package.
- improve the descriptions of new libraries (fapi1, cmd0, swtpm0)
- adjust baselibs.conf to match new library versions and added libraries
- Update to 3.0.1, changelog at:
https://github.com/tpm2-software/tpm2-tss/blob/3.0.x/CHANGELOG.md
- Update libtss2-sys0 to libtss2-sys1
- Add new libs:
* libtss2-fapi1
* libtss2-tcti-cmd0
* libtss2-tcti-swtpm0
- Update to version 2.3.3
* Fixed mixing salted and unsalted sessions in the same ESAPI
context
* Removed use of VLAs from TPML marshal code
* Added check for object node before calling compute_session_value
function
* Fixed auth calculation in Esys_StartAuthSession called with
optional parameters
* Fixed compute_encrypted_salt error handling in
Esys_StartAuthSession
* Fixed exported symbols map for libtss2-mu
- Use system-users for tss user creation (boo#1162360).
- BuildRequire pkgconfig(udev) instead of udev: allow OBS to
shortcut through the -mini flavor.
- update to upstream version 2.3.2:
- changes since version 2.3.0:
- Fix unit tests on S390 architectures
- Fixed HMAC generation for policy sessions
- update to upstream version 2.3.0:
- changes in version 2.3.0:
- tss2-tctildr: A new library that helps with tcti initialization
Recommend to use this in place of custom tcti loading code now !
- tss2-rc: A new library that provides textual representations for return
codes
- Option to disable NIST-deprecated crypto (--disable-weak-crypto)
- Support Esys_TR_FromTPMPublic on sessions (for use in Esys_FlushContext)
- map-files with correct symbol lists for tss2-sys and tss2-esys
This may lead to unresolved symbols in linked applications
- Support to call Tss2_Sys_Execute repeatedly on certain errors
- Reduced RAM consumption in Esys due to Tss2_Sys_Execute change
- Automated session attribution clearing for esys (decrypt and encrypt)
per cmd
- Removed libtss2-mu from "Requires" field of libtss2-esys.pc
Needs to be added explicitely now
- All fixes from 2.2.1, 2.2.2 and 2.2.3
- Fixed SPDX License Identifiers
- Fixed Null-pointer problems in tcti-tbs
- Fixed Default locality for tcti-mssim set to LOC_0
- Fixed coverity and valgrind leaks detected in test programs (not library
code)
- update to upstream version 2.2.3:
- changes in version 2.2.3:
* Fix computation of session name
* Fixed PolicyPassword handling of session Attributes
* Fixed windows build from dist ball
* Fixed default tcti configure option
* Fixed nonce size calculation in ESYS sessions
- changes in version 2.2.2:
* Fixed wrong encryption flag in EncryptDecrypt
* Fixing openssl engine invocation
- bsc#1130588: Require shadow instead of old pwdutils
- update to upstream version 2.2.1:
- changes from version 2.2.0:
- Fixed leak of hkey on success in iesys_cryptossl_hmac_start
- Fixed NULL ptr issues in Esys_HMAC_Start, Esys_HierarchyChangeAuth and Esys_NV_ChangeAuth
- Fixed NULL ptr issue in sequenceHandleNode
- Fixed NULL ptr auth handling in Esys_TR_SetAuth
- Fixed NULL auth handling in iesys_compute_session_value
- Fixed marshaling of TPM2Bs with sub types.
- Fixed NULL ptr session handling in Esys_TRSess_SetAttributes
- Fixed the way size of the hmac value of a session without authorization
- Added missing MU functions for TPM2_NT type
- Added missing MU functions for TPMA_ID_OBJECT type
- Added missing type TPM2_NT into tss2_tpm2_types.h
- Fixed wrong typename _ID_OBJECT in tss2_tpm2_types.h
- Fixed build breakage when --with-maxloglevel is not 'trace'
- Fixed build breakage in generated configure script when CFLAGS is set
- Fixed configure scritp ERROR_IF_NO_PROG macro
- Changed TPM2B type unmarshal to use sizeof of the dest buffer instead of dest
- Fixed unmarshaling of the TPM2B type with invalid size
- Removed dead code defect detected by coverity from Esys_TRSess_GetNonceTPM
- Added support for QNX build
- Added support for partial reads in device TCTI
- changes from version 2.1.1:
- Fixed leak of hkey on success in iesys_cryptossl_hmac_start
- Fixed NULL ptr issues in Esys_HMAC_Start, Esys_HierarchyChangeAuth and Esys_NV_ChangeAuth
- Fixed NULL ptr issue in sequenceHandleNode
- Fixed NULL ptr auth handling in Esys_TR_SetAuth
- Fixed NULL auth handling in iesys_compute_session_value
- Fixed marshaling of TPM2Bs with sub types.
- Fixed NULL ptr session handling in Esys_TRSess_SetAttributes
- Fixed the way size of the hmac value of a session without authorization
- Added missing MU functions for TPM2_NT type
- Added missing MU functions for TPMA_ID_OBJECT type
- Added missing type TPM2_NT into tss2_tpm2_types.h
- Fixed wrong typename _ID_OBJECT in tss2_tpm2_types.h
- Fixed build breakage when --with-maxloglevel is not 'trace'
- Fixed build breakage in generated configure script when CFLAGS is set
- Fixed configure scritp ERROR_IF_NO_PROG macro
- Changed TPM2B type unmarshal to use sizeof of the dest buffer instead of dest
- Fixed unmarshaling of the TPM2B type with invalid size
- Removed dead code defect detected by coverity from Esys_TRSess_GetNonceTPM
- changes from version 2.1.0:
- Fixed handling of the default TCTI
- Changed logging to be ISO-C99 compatible
- Fixed leak of dlopen handle
- Fixed logging of a response header tag in Tss2_Sys_Execute
- Fixed marshaling of TPM2B parameters in SAPI commands
- Fixed unnecessary warning in Esys_Startup
- Fixed warnings in doxygen documentation
- Added Esys_Free wrapper function for systems using different C runtime libraries
- Added Windows TBS TCTI
- Added non-blocking mode of operation in tcti-device
- Added tests for Esys_HMAC and Esys_Hash
- Enabled integration tests on physical TPM device
- Added openssl libcrypto backend
- Added Doxygen documentation to integration tests
- Refactored SetDecryptParam
- Enabled OpenSSL crypto backend by default
- changes from 2.0.2:
- Fixed NULL ptr issues in Esys_HMAC_Start, Esys_HierarchyChangeAuth and Esys_NV_ChangeAuth
- Fixed NULL ptr issue in sequenceHandleNode
- Fixed NULL ptr auth handling in Esys_TR_SetAuth
- Fixed NULL auth handling in iesys_compute_session_value
- Fixed marshaling of TPM2Bs with sub types.
- Fixed NULL ptr session handling in Esys_TRSess_SetAttributes
- Fixed the way size of the hmac value of a session without authorization
- Added missing MU functions for TPM2_NT type
- Added missing MU functions for TPMA_ID_OBJECT type
- Added missing type TPM2_NT into tss2_tpm2_types.h
- Fixed wrong typename _ID_OBJECT in tss2_tpm2_types.h
- Fixed build breakage when --with-maxloglevel is not 'trace'
- Fixed build breakage in generated configure script when CFLAGS is set
- Fixed configure scritp ERROR_IF_NO_PROG macro
- Changed TPM2B type unmarshal to use sizeof of the dest buffer instead of dest
- Fixed unmarshaling of the TPM2B type with invalid size
- Removed dead code defect detected by coverity from Esys_TRSess_GetNonceTPM
- introduce _service file for syncing with upstream tags
- update to upstream version 2.0.1 (FATE#324477):
- Fixed problems with doxygan failing make distcheck
- Fixed conversion of gcrypt mpi numbers to binary data
- Fixed an error in parsing socket address in MSSIM TCTI
- Fixed compilation error with --disable-tcti-mssim
- Added initialization function for gcrypt to suppress warning
- Fixed invalid type base type while marshaling TPMI_ECC_CURVE in Tss2_Sys_ECC_Parameters
- Fixed invalid RSA encryption with exponent equal to 0
- Fixed checking of return codes in ESAPI commands
- Added checks for programs required by the test harness @ configure time
- Fixed warning on TPM2_RC_INITIALIZE rc after a Startup in Esys_Startup
- Checked for 1.2 TPM type response
- Changed constants values in esys header file to unsigned
- also process udev triggers for tpmrm subsystem, otherwise /dev/tpmrm0 isn't
properly updated (at least on SLES-12-SP4)
- added all librares to baselibs.conf to satisfy 32-bit dependencies of esys0
and sys0
- Explicitly require udev to fix missing ownership for /usr/lib/udev.
- update to new major version 2.0.0:
- version_fix.patch: removed, we're now using the distribution tarballs
where this problem shouldn't happen
- this update introduces an incompatible ABI to the previous version.
all libraries have been renamed so there is not really a relation to
the old version any more.
- upstream changelog:
## [2.0.0] - 2018-06-20
### Added
- Implementation of the Marshal/Unmarshal library (libtss2-mu)
- Implementation of the Enhanced System API (libtss2-esys aka ESAPI)
- New implemetation of the TPM Command Transmission Interface (TCTI) for:
- communication with Linux TPM2 device driver: libtss2-tcti-device
- communication with Microsoft software simulator: libtss2-tcti-mssim
- New directory layout (API break)
- Updated documentation with new doxygen and updated man pages
- Support for Windows build with Visual Studio and clang, currently limited
to libtss2-mu and libtss2-sys
- Implementation of the new Attached Component (AC) commands
- Implementation of the new TPM2_PolicyAuthorizeNV command
- Implementation of the new TPM2_CreateLoaded command
- Implementation of the new TPM2_PolicyTemplate command
- Addition of _Complete functions to all TPM commands
- New logging framework
- Added const qualifiers to API input pointers (API break)
- Cleaned up headers and remove implementation.h and tpm2.h (API break)
### Changed
- Converted all cpp files to c, removed dependency on C++ compiler.
- Cleaned out a number of marshaling functions from the SAPI code.
- Update Linux / Unix OS detection to use non-obsolete macros.
- Changed TCTI macros to CamelCase (API break)
- Changed TPMA_types to unsigned int with defines instead of bitfield structs (API/ABI break)
- Changed Get/SetCmd/RspAuths to new parameter types (API/ABI break)
- Fixed order of parameters in AC commands: Input command authorizations
now come after the input handles, but still before the command parameters.
### Removed
- Removed all sysapi/sysapi_utils/*arshal_TPM*.c files
### Fixed
- Updated invalid number of handles in TPM2_PolicyNvWritten and TPM2_TestParms
- Updated PlatformCommand function from libtss2-tcti-mssim to no longer send
CANCEL_OFF before every command.
- Expanded TPM2B macros and removed TPM2B_TYPE1 and TPM2B_TYPE2 macros
- Fixed wrong return type for Tss2_Sys_Finalize (API break).
## [1.4.0] - 2018-03-02
### Added
- Attached Component commands from the last public review spec.
### Fixed
- Essential files missing from release tarballs are now included.
- Version string generation has been moved from configure.ac to the
bootstrap script. It is now stored in a file named `VERSION` that is
shipped in the release tarball.
- We've stopped shipping the built man page for InitSocketTcti.3 and now
ship the source.
- removed leftover comment from dropped reproducable.patch
- update to upstream version 1.3.0:
- support for reproducable builds
- improved documentation / manual pages
- various stability bugfixes
- EncryptDecrypt2 command is now implemented
- removed reproducible.patch. This is now included upstream.
- added version_fix.patch to fix package config version numbers.
- fix the "fix", turns out only the unversioned symlink's supposed to go into
-devel.
- no longer install the udev rule, it's now part of the new tpm2.0-abrmd
package.
- fixed a warning regarding a missing dependency of the devel package to the
main package
- correctly package library symlinks only in the devel package, the library
itself only in the library package. Was mixed up before.
- removed tpm2-0-tss-configure.patch, it was just a hack, fixed by requiring
autoconf-archive, see https://github.com/01org/TPM2.0-TSS/issues/227.
- Updated to upstream version 1.1.0
- With this version the resourcemgr daemon is dropped from this package. It
is replaced by a completely new implementation found in a new package
tpm2.0-abrmd. this package will only consist of the libraries any more.
- Changed
- tpmclient, disabled all tests that rely on the old resourcemgr.
- Fixed
- Fixed definition of PCR_LAST AND TRANSIENT_LAST macros.
- Removed
- tpmtest
- resourcemgr, replacement is in new repo: https://github.com/01org/tpm2-abrmd
- Add reproducible.patch to sort input files to make build reproducible
(boo#1041090)
- create tss user account and install udev rule to fix startup of resourcemgr
(bnc#1038586)
- remove unnecessary dependency of libsapi0 to trousers. trousers has nothing
to do with tpm2-tss.
- fixed typo in resourcemgr.service (bsc#1031004)
- Remove --with-pic which is only for static libs.
- Fix an improper Requires line.
- Split libtcti* from libsapi0; these are independentlty
developable units.
- Updated to 1.0 (FATE#321508)
- Added
- Travis-CI integration with GitHub
- Unit tests for primitive (un)?marshal functions.
- Example systemd unit for resourcemgr.
- Allow for unit tests to be enabled selectively.
- added pkg-config files for libraries
- Changed
- move simulator initialization code to socket TCTI init function.
- socket TCTI finalize no longer frees context
- rename libtss2 to libsapi
- rename libtcti_device to libtcti-device
- rename libtcti_socket to libtcti-socket
- move $(includedir)/tss to $(includedir)/sapi
- Move default compiler flags to config.site file.
- Fixed
- Fix run away resourcemgr threads by closing client sockets when resourcemgr recv() call returns 0.
- Set MSG_NOSIGNAL for client connections to avoid SIGPIPE killing resourcemgr.
- Fixes to handling of persistent objects by resourcemgr.
- Removed
- Semicolon from TPMA_* macros definitions.
- Windows build files.
- SAPI_CLIENT macro tests.
- Security
- Fix buffer overflow in resourcemgr.
- use sample resourcemanager.service
- tpm2-0-tss-configure.patch: fix weird error.
- Remove type=forking from service file (bsc#995554)
- added a systemd unit service file (FATE#315631)
- Correct package naming to be in line with shared library guideline
- Remove unused systemd build and runtime dependencies
(FATE#315631)
- Fix rpm group of library package: libs belong, per definition, to
the group "System/Libraries". (FATE#315631)
- initial import of the tpm 2.0 tss stack (FATE#315631)
OBS-URL: https://build.opensuse.org/request/show/937743
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=117
2021-12-09 11:31:03 +01:00
|
|
|
# Add version into the configuration tmpfiles.d configuration file
|
|
|
|
mv %{buildroot}%{_tmpfilesdir}/tpm2-tss-fapi.conf %{buildroot}%{_tmpfilesdir}/tpm2-tss-fapi-%{version}.conf
|
2018-06-29 16:14:43 +02:00
|
|
|
|
|
|
|
%post
|
2021-12-08 10:29:33 +01:00
|
|
|
%{_bindir}/udevadm trigger -s tpm -s tpmrm || :
|
2018-06-29 16:14:43 +02:00
|
|
|
|
|
|
|
%post -n libtss2-esys0 -p /sbin/ldconfig
|
|
|
|
%postun -n libtss2-esys0 -p /sbin/ldconfig
|
2020-10-22 12:27:22 +02:00
|
|
|
%post -n libtss2-sys1 -p /sbin/ldconfig
|
|
|
|
%postun -n libtss2-sys1 -p /sbin/ldconfig
|
2019-12-11 12:27:31 +01:00
|
|
|
%post -n libtss2-tctildr0 -p /sbin/ldconfig
|
|
|
|
%postun -n libtss2-tctildr0 -p /sbin/ldconfig
|
2018-06-29 16:14:43 +02:00
|
|
|
%post -n libtss2-tcti-device0 -p /sbin/ldconfig
|
|
|
|
%postun -n libtss2-tcti-device0 -p /sbin/ldconfig
|
|
|
|
%post -n libtss2-tcti-mssim0 -p /sbin/ldconfig
|
|
|
|
%postun -n libtss2-tcti-mssim0 -p /sbin/ldconfig
|
|
|
|
%post -n libtss2-mu0 -p /sbin/ldconfig
|
|
|
|
%postun -n libtss2-mu0 -p /sbin/ldconfig
|
2019-12-11 12:27:31 +01:00
|
|
|
%post -n libtss2-rc0 -p /sbin/ldconfig
|
|
|
|
%postun -n libtss2-rc0 -p /sbin/ldconfig
|
Accepting request 937743 from home:aplanas:branches:security
- Version 3.1.0 includes:
+ cover update to 2.4.5 (jsc#SLE-17366)
+ cover update to 2.3.0 (jsc#SLE-9515)
+ fix policy session for TPM2_PolicyAuthValue (bsc#1160736)
- Add version the configuration file tpm2-tss-fapi.conf
- Remove conflicting sysusers.d file
- Clean spec file
- Add new library libtss2-tcti-pcap0
- Update to 3.1.0:
* Fix FAPI PolicyPCR not instatiating correctly (CVE-2020-24455)
* Fixed possible access outside the array in ifapi_calculate_tree
* Added pcap TCTI
* Added GlobalSign TPM Root CA certs to FAPI cert store
* Changed EncryptDecrypt mode type to align with TPM2.0 spec 1.59
* Added two new TPM commands TPM2_CC_CertifyX509,
and TPM2_CC_ACT_SetTimeout
- small services fixes and comments
- update to 3.0.3:
- changes in 3.0.3:
* Fix Regression in Fapi_List
* Fix memory leak in policy calculation
- changes in 3.0.2:
* FAPI: Fix setting of the system flag of NV objects
* This will let NV object metadata be created system-wide always instead of
* locally in the user. Existing metadata will remain in the user directory.
* It can be moved to the corresponding systemstore manually if needed.
* FAPI: Fix policy searching, when a policyRef was provided
* FAPI: Accept EK-Certs without CRL dist point
* FAPI: Fix return codes of Fapi_List
* FAPI: Fix memleak in policy execution
* FAPI: Fix coverity NULL-pointer check
* FAPI: Set the written flag of NV objects in FAPI PolicyNV commands
* FAPI: Fix deleting of policy files.
* FAPI: Fix wrong file loading during object search.
* Fapi: Fix memory leak
* Fapi: Fix potential NULL-Dereference
* Fapi: Remove superfluous NULL check
* Fix a memory leak in async keystore load.
- move the tcti-fapi tmpfiles.d config file into the libtss2-fapi1 sub-package.
- improve the descriptions of new libraries (fapi1, cmd0, swtpm0)
- adjust baselibs.conf to match new library versions and added libraries
- Update to 3.0.1, changelog at:
https://github.com/tpm2-software/tpm2-tss/blob/3.0.x/CHANGELOG.md
- Update libtss2-sys0 to libtss2-sys1
- Add new libs:
* libtss2-fapi1
* libtss2-tcti-cmd0
* libtss2-tcti-swtpm0
- Update to version 2.3.3
* Fixed mixing salted and unsalted sessions in the same ESAPI
context
* Removed use of VLAs from TPML marshal code
* Added check for object node before calling compute_session_value
function
* Fixed auth calculation in Esys_StartAuthSession called with
optional parameters
* Fixed compute_encrypted_salt error handling in
Esys_StartAuthSession
* Fixed exported symbols map for libtss2-mu
- Use system-users for tss user creation (boo#1162360).
- BuildRequire pkgconfig(udev) instead of udev: allow OBS to
shortcut through the -mini flavor.
- update to upstream version 2.3.2:
- changes since version 2.3.0:
- Fix unit tests on S390 architectures
- Fixed HMAC generation for policy sessions
- update to upstream version 2.3.0:
- changes in version 2.3.0:
- tss2-tctildr: A new library that helps with tcti initialization
Recommend to use this in place of custom tcti loading code now !
- tss2-rc: A new library that provides textual representations for return
codes
- Option to disable NIST-deprecated crypto (--disable-weak-crypto)
- Support Esys_TR_FromTPMPublic on sessions (for use in Esys_FlushContext)
- map-files with correct symbol lists for tss2-sys and tss2-esys
This may lead to unresolved symbols in linked applications
- Support to call Tss2_Sys_Execute repeatedly on certain errors
- Reduced RAM consumption in Esys due to Tss2_Sys_Execute change
- Automated session attribution clearing for esys (decrypt and encrypt)
per cmd
- Removed libtss2-mu from "Requires" field of libtss2-esys.pc
Needs to be added explicitely now
- All fixes from 2.2.1, 2.2.2 and 2.2.3
- Fixed SPDX License Identifiers
- Fixed Null-pointer problems in tcti-tbs
- Fixed Default locality for tcti-mssim set to LOC_0
- Fixed coverity and valgrind leaks detected in test programs (not library
code)
- update to upstream version 2.2.3:
- changes in version 2.2.3:
* Fix computation of session name
* Fixed PolicyPassword handling of session Attributes
* Fixed windows build from dist ball
* Fixed default tcti configure option
* Fixed nonce size calculation in ESYS sessions
- changes in version 2.2.2:
* Fixed wrong encryption flag in EncryptDecrypt
* Fixing openssl engine invocation
- bsc#1130588: Require shadow instead of old pwdutils
- update to upstream version 2.2.1:
- changes from version 2.2.0:
- Fixed leak of hkey on success in iesys_cryptossl_hmac_start
- Fixed NULL ptr issues in Esys_HMAC_Start, Esys_HierarchyChangeAuth and Esys_NV_ChangeAuth
- Fixed NULL ptr issue in sequenceHandleNode
- Fixed NULL ptr auth handling in Esys_TR_SetAuth
- Fixed NULL auth handling in iesys_compute_session_value
- Fixed marshaling of TPM2Bs with sub types.
- Fixed NULL ptr session handling in Esys_TRSess_SetAttributes
- Fixed the way size of the hmac value of a session without authorization
- Added missing MU functions for TPM2_NT type
- Added missing MU functions for TPMA_ID_OBJECT type
- Added missing type TPM2_NT into tss2_tpm2_types.h
- Fixed wrong typename _ID_OBJECT in tss2_tpm2_types.h
- Fixed build breakage when --with-maxloglevel is not 'trace'
- Fixed build breakage in generated configure script when CFLAGS is set
- Fixed configure scritp ERROR_IF_NO_PROG macro
- Changed TPM2B type unmarshal to use sizeof of the dest buffer instead of dest
- Fixed unmarshaling of the TPM2B type with invalid size
- Removed dead code defect detected by coverity from Esys_TRSess_GetNonceTPM
- Added support for QNX build
- Added support for partial reads in device TCTI
- changes from version 2.1.1:
- Fixed leak of hkey on success in iesys_cryptossl_hmac_start
- Fixed NULL ptr issues in Esys_HMAC_Start, Esys_HierarchyChangeAuth and Esys_NV_ChangeAuth
- Fixed NULL ptr issue in sequenceHandleNode
- Fixed NULL ptr auth handling in Esys_TR_SetAuth
- Fixed NULL auth handling in iesys_compute_session_value
- Fixed marshaling of TPM2Bs with sub types.
- Fixed NULL ptr session handling in Esys_TRSess_SetAttributes
- Fixed the way size of the hmac value of a session without authorization
- Added missing MU functions for TPM2_NT type
- Added missing MU functions for TPMA_ID_OBJECT type
- Added missing type TPM2_NT into tss2_tpm2_types.h
- Fixed wrong typename _ID_OBJECT in tss2_tpm2_types.h
- Fixed build breakage when --with-maxloglevel is not 'trace'
- Fixed build breakage in generated configure script when CFLAGS is set
- Fixed configure scritp ERROR_IF_NO_PROG macro
- Changed TPM2B type unmarshal to use sizeof of the dest buffer instead of dest
- Fixed unmarshaling of the TPM2B type with invalid size
- Removed dead code defect detected by coverity from Esys_TRSess_GetNonceTPM
- changes from version 2.1.0:
- Fixed handling of the default TCTI
- Changed logging to be ISO-C99 compatible
- Fixed leak of dlopen handle
- Fixed logging of a response header tag in Tss2_Sys_Execute
- Fixed marshaling of TPM2B parameters in SAPI commands
- Fixed unnecessary warning in Esys_Startup
- Fixed warnings in doxygen documentation
- Added Esys_Free wrapper function for systems using different C runtime libraries
- Added Windows TBS TCTI
- Added non-blocking mode of operation in tcti-device
- Added tests for Esys_HMAC and Esys_Hash
- Enabled integration tests on physical TPM device
- Added openssl libcrypto backend
- Added Doxygen documentation to integration tests
- Refactored SetDecryptParam
- Enabled OpenSSL crypto backend by default
- changes from 2.0.2:
- Fixed NULL ptr issues in Esys_HMAC_Start, Esys_HierarchyChangeAuth and Esys_NV_ChangeAuth
- Fixed NULL ptr issue in sequenceHandleNode
- Fixed NULL ptr auth handling in Esys_TR_SetAuth
- Fixed NULL auth handling in iesys_compute_session_value
- Fixed marshaling of TPM2Bs with sub types.
- Fixed NULL ptr session handling in Esys_TRSess_SetAttributes
- Fixed the way size of the hmac value of a session without authorization
- Added missing MU functions for TPM2_NT type
- Added missing MU functions for TPMA_ID_OBJECT type
- Added missing type TPM2_NT into tss2_tpm2_types.h
- Fixed wrong typename _ID_OBJECT in tss2_tpm2_types.h
- Fixed build breakage when --with-maxloglevel is not 'trace'
- Fixed build breakage in generated configure script when CFLAGS is set
- Fixed configure scritp ERROR_IF_NO_PROG macro
- Changed TPM2B type unmarshal to use sizeof of the dest buffer instead of dest
- Fixed unmarshaling of the TPM2B type with invalid size
- Removed dead code defect detected by coverity from Esys_TRSess_GetNonceTPM
- introduce _service file for syncing with upstream tags
- update to upstream version 2.0.1 (FATE#324477):
- Fixed problems with doxygan failing make distcheck
- Fixed conversion of gcrypt mpi numbers to binary data
- Fixed an error in parsing socket address in MSSIM TCTI
- Fixed compilation error with --disable-tcti-mssim
- Added initialization function for gcrypt to suppress warning
- Fixed invalid type base type while marshaling TPMI_ECC_CURVE in Tss2_Sys_ECC_Parameters
- Fixed invalid RSA encryption with exponent equal to 0
- Fixed checking of return codes in ESAPI commands
- Added checks for programs required by the test harness @ configure time
- Fixed warning on TPM2_RC_INITIALIZE rc after a Startup in Esys_Startup
- Checked for 1.2 TPM type response
- Changed constants values in esys header file to unsigned
- also process udev triggers for tpmrm subsystem, otherwise /dev/tpmrm0 isn't
properly updated (at least on SLES-12-SP4)
- added all librares to baselibs.conf to satisfy 32-bit dependencies of esys0
and sys0
- Explicitly require udev to fix missing ownership for /usr/lib/udev.
- update to new major version 2.0.0:
- version_fix.patch: removed, we're now using the distribution tarballs
where this problem shouldn't happen
- this update introduces an incompatible ABI to the previous version.
all libraries have been renamed so there is not really a relation to
the old version any more.
- upstream changelog:
## [2.0.0] - 2018-06-20
### Added
- Implementation of the Marshal/Unmarshal library (libtss2-mu)
- Implementation of the Enhanced System API (libtss2-esys aka ESAPI)
- New implemetation of the TPM Command Transmission Interface (TCTI) for:
- communication with Linux TPM2 device driver: libtss2-tcti-device
- communication with Microsoft software simulator: libtss2-tcti-mssim
- New directory layout (API break)
- Updated documentation with new doxygen and updated man pages
- Support for Windows build with Visual Studio and clang, currently limited
to libtss2-mu and libtss2-sys
- Implementation of the new Attached Component (AC) commands
- Implementation of the new TPM2_PolicyAuthorizeNV command
- Implementation of the new TPM2_CreateLoaded command
- Implementation of the new TPM2_PolicyTemplate command
- Addition of _Complete functions to all TPM commands
- New logging framework
- Added const qualifiers to API input pointers (API break)
- Cleaned up headers and remove implementation.h and tpm2.h (API break)
### Changed
- Converted all cpp files to c, removed dependency on C++ compiler.
- Cleaned out a number of marshaling functions from the SAPI code.
- Update Linux / Unix OS detection to use non-obsolete macros.
- Changed TCTI macros to CamelCase (API break)
- Changed TPMA_types to unsigned int with defines instead of bitfield structs (API/ABI break)
- Changed Get/SetCmd/RspAuths to new parameter types (API/ABI break)
- Fixed order of parameters in AC commands: Input command authorizations
now come after the input handles, but still before the command parameters.
### Removed
- Removed all sysapi/sysapi_utils/*arshal_TPM*.c files
### Fixed
- Updated invalid number of handles in TPM2_PolicyNvWritten and TPM2_TestParms
- Updated PlatformCommand function from libtss2-tcti-mssim to no longer send
CANCEL_OFF before every command.
- Expanded TPM2B macros and removed TPM2B_TYPE1 and TPM2B_TYPE2 macros
- Fixed wrong return type for Tss2_Sys_Finalize (API break).
## [1.4.0] - 2018-03-02
### Added
- Attached Component commands from the last public review spec.
### Fixed
- Essential files missing from release tarballs are now included.
- Version string generation has been moved from configure.ac to the
bootstrap script. It is now stored in a file named `VERSION` that is
shipped in the release tarball.
- We've stopped shipping the built man page for InitSocketTcti.3 and now
ship the source.
- removed leftover comment from dropped reproducable.patch
- update to upstream version 1.3.0:
- support for reproducable builds
- improved documentation / manual pages
- various stability bugfixes
- EncryptDecrypt2 command is now implemented
- removed reproducible.patch. This is now included upstream.
- added version_fix.patch to fix package config version numbers.
- fix the "fix", turns out only the unversioned symlink's supposed to go into
-devel.
- no longer install the udev rule, it's now part of the new tpm2.0-abrmd
package.
- fixed a warning regarding a missing dependency of the devel package to the
main package
- correctly package library symlinks only in the devel package, the library
itself only in the library package. Was mixed up before.
- removed tpm2-0-tss-configure.patch, it was just a hack, fixed by requiring
autoconf-archive, see https://github.com/01org/TPM2.0-TSS/issues/227.
- Updated to upstream version 1.1.0
- With this version the resourcemgr daemon is dropped from this package. It
is replaced by a completely new implementation found in a new package
tpm2.0-abrmd. this package will only consist of the libraries any more.
- Changed
- tpmclient, disabled all tests that rely on the old resourcemgr.
- Fixed
- Fixed definition of PCR_LAST AND TRANSIENT_LAST macros.
- Removed
- tpmtest
- resourcemgr, replacement is in new repo: https://github.com/01org/tpm2-abrmd
- Add reproducible.patch to sort input files to make build reproducible
(boo#1041090)
- create tss user account and install udev rule to fix startup of resourcemgr
(bnc#1038586)
- remove unnecessary dependency of libsapi0 to trousers. trousers has nothing
to do with tpm2-tss.
- fixed typo in resourcemgr.service (bsc#1031004)
- Remove --with-pic which is only for static libs.
- Fix an improper Requires line.
- Split libtcti* from libsapi0; these are independentlty
developable units.
- Updated to 1.0 (FATE#321508)
- Added
- Travis-CI integration with GitHub
- Unit tests for primitive (un)?marshal functions.
- Example systemd unit for resourcemgr.
- Allow for unit tests to be enabled selectively.
- added pkg-config files for libraries
- Changed
- move simulator initialization code to socket TCTI init function.
- socket TCTI finalize no longer frees context
- rename libtss2 to libsapi
- rename libtcti_device to libtcti-device
- rename libtcti_socket to libtcti-socket
- move $(includedir)/tss to $(includedir)/sapi
- Move default compiler flags to config.site file.
- Fixed
- Fix run away resourcemgr threads by closing client sockets when resourcemgr recv() call returns 0.
- Set MSG_NOSIGNAL for client connections to avoid SIGPIPE killing resourcemgr.
- Fixes to handling of persistent objects by resourcemgr.
- Removed
- Semicolon from TPMA_* macros definitions.
- Windows build files.
- SAPI_CLIENT macro tests.
- Security
- Fix buffer overflow in resourcemgr.
- use sample resourcemanager.service
- tpm2-0-tss-configure.patch: fix weird error.
- Remove type=forking from service file (bsc#995554)
- added a systemd unit service file (FATE#315631)
- Correct package naming to be in line with shared library guideline
- Remove unused systemd build and runtime dependencies
(FATE#315631)
- Fix rpm group of library package: libs belong, per definition, to
the group "System/Libraries". (FATE#315631)
- initial import of the tpm 2.0 tss stack (FATE#315631)
OBS-URL: https://build.opensuse.org/request/show/937743
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=117
2021-12-09 11:31:03 +01:00
|
|
|
|
|
|
|
%post -n libtss2-fapi1
|
|
|
|
/sbin/ldconfig
|
|
|
|
%tmpfiles_create %{_tmpfilesdir}/tpm2-tss-fapi-%{version}.conf
|
|
|
|
|
2020-10-22 12:27:22 +02:00
|
|
|
%postun -n libtss2-fapi1 -p /sbin/ldconfig
|
|
|
|
%post -n libtss2-tcti-cmd0 -p /sbin/ldconfig
|
|
|
|
%postun -n libtss2-tcti-cmd0 -p /sbin/ldconfig
|
|
|
|
%post -n libtss2-tcti-swtpm0 -p /sbin/ldconfig
|
|
|
|
%postun -n libtss2-tcti-swtpm0 -p /sbin/ldconfig
|
2021-07-15 13:15:44 +02:00
|
|
|
%post -n libtss2-tcti-pcap0 -p /sbin/ldconfig
|
|
|
|
%postun -n libtss2-tcti-pcap0 -p /sbin/ldconfig
|
|
|
|
|
2016-02-24 11:20:32 +01:00
|
|
|
%files
|
2020-01-27 09:58:42 +01:00
|
|
|
%doc *.md
|
|
|
|
%license LICENSE
|
2018-02-22 11:16:24 +01:00
|
|
|
%{_mandir}/man3/*
|
2020-10-22 12:27:22 +02:00
|
|
|
%{_mandir}/man5/*
|
2018-06-29 16:14:43 +02:00
|
|
|
%{_mandir}/man7/tss2-*
|
|
|
|
%{_udevrulesdir}/%{udev_rule_file}
|
2021-12-08 10:29:33 +01:00
|
|
|
%dir %{_sysconfdir}/tpm2-tss/
|
|
|
|
%config %{_sysconfdir}/tpm2-tss/fapi-config.json
|
|
|
|
%dir %{_sysconfdir}/tpm2-tss/fapi-profiles
|
|
|
|
%config %{_sysconfdir}/tpm2-tss/fapi-profiles/*.json
|
2016-02-24 11:20:32 +01:00
|
|
|
|
|
|
|
%files devel
|
2018-06-29 16:14:43 +02:00
|
|
|
%{_includedir}/tss2
|
2016-02-24 11:20:32 +01:00
|
|
|
%{_libdir}/*.so
|
2017-02-15 19:15:01 +01:00
|
|
|
%{_libdir}/pkgconfig/*.pc
|
2016-02-24 11:20:32 +01:00
|
|
|
|
2018-06-29 16:14:43 +02:00
|
|
|
%files -n libtss2-esys0
|
|
|
|
%{_libdir}/libtss2-esys.so.*
|
|
|
|
|
2020-10-22 12:27:22 +02:00
|
|
|
%files -n libtss2-sys1
|
2018-06-29 16:14:43 +02:00
|
|
|
%{_libdir}/libtss2-sys.so.*
|
|
|
|
|
|
|
|
%files -n libtss2-mu0
|
|
|
|
%{_libdir}/libtss2-mu.so.*
|
2017-02-18 12:42:59 +01:00
|
|
|
|
2019-12-11 12:27:31 +01:00
|
|
|
%files -n libtss2-rc0
|
|
|
|
%{_libdir}/libtss2-rc.so.*
|
|
|
|
|
|
|
|
%files -n libtss2-tctildr0
|
|
|
|
%{_libdir}/libtss2-tctildr.so.*
|
|
|
|
|
2018-06-29 16:14:43 +02:00
|
|
|
%files -n libtss2-tcti-device0
|
|
|
|
%{_libdir}/libtss2-tcti-device.so.*
|
2017-02-18 12:42:59 +01:00
|
|
|
|
2018-06-29 16:14:43 +02:00
|
|
|
%files -n libtss2-tcti-mssim0
|
|
|
|
%{_libdir}/libtss2-tcti-mssim.so.*
|
2016-02-24 14:01:43 +01:00
|
|
|
|
2020-10-22 12:27:22 +02:00
|
|
|
%files -n libtss2-fapi1
|
|
|
|
%{_libdir}/libtss2-fapi.so.*
|
Accepting request 937743 from home:aplanas:branches:security
- Version 3.1.0 includes:
+ cover update to 2.4.5 (jsc#SLE-17366)
+ cover update to 2.3.0 (jsc#SLE-9515)
+ fix policy session for TPM2_PolicyAuthValue (bsc#1160736)
- Add version the configuration file tpm2-tss-fapi.conf
- Remove conflicting sysusers.d file
- Clean spec file
- Add new library libtss2-tcti-pcap0
- Update to 3.1.0:
* Fix FAPI PolicyPCR not instatiating correctly (CVE-2020-24455)
* Fixed possible access outside the array in ifapi_calculate_tree
* Added pcap TCTI
* Added GlobalSign TPM Root CA certs to FAPI cert store
* Changed EncryptDecrypt mode type to align with TPM2.0 spec 1.59
* Added two new TPM commands TPM2_CC_CertifyX509,
and TPM2_CC_ACT_SetTimeout
- small services fixes and comments
- update to 3.0.3:
- changes in 3.0.3:
* Fix Regression in Fapi_List
* Fix memory leak in policy calculation
- changes in 3.0.2:
* FAPI: Fix setting of the system flag of NV objects
* This will let NV object metadata be created system-wide always instead of
* locally in the user. Existing metadata will remain in the user directory.
* It can be moved to the corresponding systemstore manually if needed.
* FAPI: Fix policy searching, when a policyRef was provided
* FAPI: Accept EK-Certs without CRL dist point
* FAPI: Fix return codes of Fapi_List
* FAPI: Fix memleak in policy execution
* FAPI: Fix coverity NULL-pointer check
* FAPI: Set the written flag of NV objects in FAPI PolicyNV commands
* FAPI: Fix deleting of policy files.
* FAPI: Fix wrong file loading during object search.
* Fapi: Fix memory leak
* Fapi: Fix potential NULL-Dereference
* Fapi: Remove superfluous NULL check
* Fix a memory leak in async keystore load.
- move the tcti-fapi tmpfiles.d config file into the libtss2-fapi1 sub-package.
- improve the descriptions of new libraries (fapi1, cmd0, swtpm0)
- adjust baselibs.conf to match new library versions and added libraries
- Update to 3.0.1, changelog at:
https://github.com/tpm2-software/tpm2-tss/blob/3.0.x/CHANGELOG.md
- Update libtss2-sys0 to libtss2-sys1
- Add new libs:
* libtss2-fapi1
* libtss2-tcti-cmd0
* libtss2-tcti-swtpm0
- Update to version 2.3.3
* Fixed mixing salted and unsalted sessions in the same ESAPI
context
* Removed use of VLAs from TPML marshal code
* Added check for object node before calling compute_session_value
function
* Fixed auth calculation in Esys_StartAuthSession called with
optional parameters
* Fixed compute_encrypted_salt error handling in
Esys_StartAuthSession
* Fixed exported symbols map for libtss2-mu
- Use system-users for tss user creation (boo#1162360).
- BuildRequire pkgconfig(udev) instead of udev: allow OBS to
shortcut through the -mini flavor.
- update to upstream version 2.3.2:
- changes since version 2.3.0:
- Fix unit tests on S390 architectures
- Fixed HMAC generation for policy sessions
- update to upstream version 2.3.0:
- changes in version 2.3.0:
- tss2-tctildr: A new library that helps with tcti initialization
Recommend to use this in place of custom tcti loading code now !
- tss2-rc: A new library that provides textual representations for return
codes
- Option to disable NIST-deprecated crypto (--disable-weak-crypto)
- Support Esys_TR_FromTPMPublic on sessions (for use in Esys_FlushContext)
- map-files with correct symbol lists for tss2-sys and tss2-esys
This may lead to unresolved symbols in linked applications
- Support to call Tss2_Sys_Execute repeatedly on certain errors
- Reduced RAM consumption in Esys due to Tss2_Sys_Execute change
- Automated session attribution clearing for esys (decrypt and encrypt)
per cmd
- Removed libtss2-mu from "Requires" field of libtss2-esys.pc
Needs to be added explicitely now
- All fixes from 2.2.1, 2.2.2 and 2.2.3
- Fixed SPDX License Identifiers
- Fixed Null-pointer problems in tcti-tbs
- Fixed Default locality for tcti-mssim set to LOC_0
- Fixed coverity and valgrind leaks detected in test programs (not library
code)
- update to upstream version 2.2.3:
- changes in version 2.2.3:
* Fix computation of session name
* Fixed PolicyPassword handling of session Attributes
* Fixed windows build from dist ball
* Fixed default tcti configure option
* Fixed nonce size calculation in ESYS sessions
- changes in version 2.2.2:
* Fixed wrong encryption flag in EncryptDecrypt
* Fixing openssl engine invocation
- bsc#1130588: Require shadow instead of old pwdutils
- update to upstream version 2.2.1:
- changes from version 2.2.0:
- Fixed leak of hkey on success in iesys_cryptossl_hmac_start
- Fixed NULL ptr issues in Esys_HMAC_Start, Esys_HierarchyChangeAuth and Esys_NV_ChangeAuth
- Fixed NULL ptr issue in sequenceHandleNode
- Fixed NULL ptr auth handling in Esys_TR_SetAuth
- Fixed NULL auth handling in iesys_compute_session_value
- Fixed marshaling of TPM2Bs with sub types.
- Fixed NULL ptr session handling in Esys_TRSess_SetAttributes
- Fixed the way size of the hmac value of a session without authorization
- Added missing MU functions for TPM2_NT type
- Added missing MU functions for TPMA_ID_OBJECT type
- Added missing type TPM2_NT into tss2_tpm2_types.h
- Fixed wrong typename _ID_OBJECT in tss2_tpm2_types.h
- Fixed build breakage when --with-maxloglevel is not 'trace'
- Fixed build breakage in generated configure script when CFLAGS is set
- Fixed configure scritp ERROR_IF_NO_PROG macro
- Changed TPM2B type unmarshal to use sizeof of the dest buffer instead of dest
- Fixed unmarshaling of the TPM2B type with invalid size
- Removed dead code defect detected by coverity from Esys_TRSess_GetNonceTPM
- Added support for QNX build
- Added support for partial reads in device TCTI
- changes from version 2.1.1:
- Fixed leak of hkey on success in iesys_cryptossl_hmac_start
- Fixed NULL ptr issues in Esys_HMAC_Start, Esys_HierarchyChangeAuth and Esys_NV_ChangeAuth
- Fixed NULL ptr issue in sequenceHandleNode
- Fixed NULL ptr auth handling in Esys_TR_SetAuth
- Fixed NULL auth handling in iesys_compute_session_value
- Fixed marshaling of TPM2Bs with sub types.
- Fixed NULL ptr session handling in Esys_TRSess_SetAttributes
- Fixed the way size of the hmac value of a session without authorization
- Added missing MU functions for TPM2_NT type
- Added missing MU functions for TPMA_ID_OBJECT type
- Added missing type TPM2_NT into tss2_tpm2_types.h
- Fixed wrong typename _ID_OBJECT in tss2_tpm2_types.h
- Fixed build breakage when --with-maxloglevel is not 'trace'
- Fixed build breakage in generated configure script when CFLAGS is set
- Fixed configure scritp ERROR_IF_NO_PROG macro
- Changed TPM2B type unmarshal to use sizeof of the dest buffer instead of dest
- Fixed unmarshaling of the TPM2B type with invalid size
- Removed dead code defect detected by coverity from Esys_TRSess_GetNonceTPM
- changes from version 2.1.0:
- Fixed handling of the default TCTI
- Changed logging to be ISO-C99 compatible
- Fixed leak of dlopen handle
- Fixed logging of a response header tag in Tss2_Sys_Execute
- Fixed marshaling of TPM2B parameters in SAPI commands
- Fixed unnecessary warning in Esys_Startup
- Fixed warnings in doxygen documentation
- Added Esys_Free wrapper function for systems using different C runtime libraries
- Added Windows TBS TCTI
- Added non-blocking mode of operation in tcti-device
- Added tests for Esys_HMAC and Esys_Hash
- Enabled integration tests on physical TPM device
- Added openssl libcrypto backend
- Added Doxygen documentation to integration tests
- Refactored SetDecryptParam
- Enabled OpenSSL crypto backend by default
- changes from 2.0.2:
- Fixed NULL ptr issues in Esys_HMAC_Start, Esys_HierarchyChangeAuth and Esys_NV_ChangeAuth
- Fixed NULL ptr issue in sequenceHandleNode
- Fixed NULL ptr auth handling in Esys_TR_SetAuth
- Fixed NULL auth handling in iesys_compute_session_value
- Fixed marshaling of TPM2Bs with sub types.
- Fixed NULL ptr session handling in Esys_TRSess_SetAttributes
- Fixed the way size of the hmac value of a session without authorization
- Added missing MU functions for TPM2_NT type
- Added missing MU functions for TPMA_ID_OBJECT type
- Added missing type TPM2_NT into tss2_tpm2_types.h
- Fixed wrong typename _ID_OBJECT in tss2_tpm2_types.h
- Fixed build breakage when --with-maxloglevel is not 'trace'
- Fixed build breakage in generated configure script when CFLAGS is set
- Fixed configure scritp ERROR_IF_NO_PROG macro
- Changed TPM2B type unmarshal to use sizeof of the dest buffer instead of dest
- Fixed unmarshaling of the TPM2B type with invalid size
- Removed dead code defect detected by coverity from Esys_TRSess_GetNonceTPM
- introduce _service file for syncing with upstream tags
- update to upstream version 2.0.1 (FATE#324477):
- Fixed problems with doxygan failing make distcheck
- Fixed conversion of gcrypt mpi numbers to binary data
- Fixed an error in parsing socket address in MSSIM TCTI
- Fixed compilation error with --disable-tcti-mssim
- Added initialization function for gcrypt to suppress warning
- Fixed invalid type base type while marshaling TPMI_ECC_CURVE in Tss2_Sys_ECC_Parameters
- Fixed invalid RSA encryption with exponent equal to 0
- Fixed checking of return codes in ESAPI commands
- Added checks for programs required by the test harness @ configure time
- Fixed warning on TPM2_RC_INITIALIZE rc after a Startup in Esys_Startup
- Checked for 1.2 TPM type response
- Changed constants values in esys header file to unsigned
- also process udev triggers for tpmrm subsystem, otherwise /dev/tpmrm0 isn't
properly updated (at least on SLES-12-SP4)
- added all librares to baselibs.conf to satisfy 32-bit dependencies of esys0
and sys0
- Explicitly require udev to fix missing ownership for /usr/lib/udev.
- update to new major version 2.0.0:
- version_fix.patch: removed, we're now using the distribution tarballs
where this problem shouldn't happen
- this update introduces an incompatible ABI to the previous version.
all libraries have been renamed so there is not really a relation to
the old version any more.
- upstream changelog:
## [2.0.0] - 2018-06-20
### Added
- Implementation of the Marshal/Unmarshal library (libtss2-mu)
- Implementation of the Enhanced System API (libtss2-esys aka ESAPI)
- New implemetation of the TPM Command Transmission Interface (TCTI) for:
- communication with Linux TPM2 device driver: libtss2-tcti-device
- communication with Microsoft software simulator: libtss2-tcti-mssim
- New directory layout (API break)
- Updated documentation with new doxygen and updated man pages
- Support for Windows build with Visual Studio and clang, currently limited
to libtss2-mu and libtss2-sys
- Implementation of the new Attached Component (AC) commands
- Implementation of the new TPM2_PolicyAuthorizeNV command
- Implementation of the new TPM2_CreateLoaded command
- Implementation of the new TPM2_PolicyTemplate command
- Addition of _Complete functions to all TPM commands
- New logging framework
- Added const qualifiers to API input pointers (API break)
- Cleaned up headers and remove implementation.h and tpm2.h (API break)
### Changed
- Converted all cpp files to c, removed dependency on C++ compiler.
- Cleaned out a number of marshaling functions from the SAPI code.
- Update Linux / Unix OS detection to use non-obsolete macros.
- Changed TCTI macros to CamelCase (API break)
- Changed TPMA_types to unsigned int with defines instead of bitfield structs (API/ABI break)
- Changed Get/SetCmd/RspAuths to new parameter types (API/ABI break)
- Fixed order of parameters in AC commands: Input command authorizations
now come after the input handles, but still before the command parameters.
### Removed
- Removed all sysapi/sysapi_utils/*arshal_TPM*.c files
### Fixed
- Updated invalid number of handles in TPM2_PolicyNvWritten and TPM2_TestParms
- Updated PlatformCommand function from libtss2-tcti-mssim to no longer send
CANCEL_OFF before every command.
- Expanded TPM2B macros and removed TPM2B_TYPE1 and TPM2B_TYPE2 macros
- Fixed wrong return type for Tss2_Sys_Finalize (API break).
## [1.4.0] - 2018-03-02
### Added
- Attached Component commands from the last public review spec.
### Fixed
- Essential files missing from release tarballs are now included.
- Version string generation has been moved from configure.ac to the
bootstrap script. It is now stored in a file named `VERSION` that is
shipped in the release tarball.
- We've stopped shipping the built man page for InitSocketTcti.3 and now
ship the source.
- removed leftover comment from dropped reproducable.patch
- update to upstream version 1.3.0:
- support for reproducable builds
- improved documentation / manual pages
- various stability bugfixes
- EncryptDecrypt2 command is now implemented
- removed reproducible.patch. This is now included upstream.
- added version_fix.patch to fix package config version numbers.
- fix the "fix", turns out only the unversioned symlink's supposed to go into
-devel.
- no longer install the udev rule, it's now part of the new tpm2.0-abrmd
package.
- fixed a warning regarding a missing dependency of the devel package to the
main package
- correctly package library symlinks only in the devel package, the library
itself only in the library package. Was mixed up before.
- removed tpm2-0-tss-configure.patch, it was just a hack, fixed by requiring
autoconf-archive, see https://github.com/01org/TPM2.0-TSS/issues/227.
- Updated to upstream version 1.1.0
- With this version the resourcemgr daemon is dropped from this package. It
is replaced by a completely new implementation found in a new package
tpm2.0-abrmd. this package will only consist of the libraries any more.
- Changed
- tpmclient, disabled all tests that rely on the old resourcemgr.
- Fixed
- Fixed definition of PCR_LAST AND TRANSIENT_LAST macros.
- Removed
- tpmtest
- resourcemgr, replacement is in new repo: https://github.com/01org/tpm2-abrmd
- Add reproducible.patch to sort input files to make build reproducible
(boo#1041090)
- create tss user account and install udev rule to fix startup of resourcemgr
(bnc#1038586)
- remove unnecessary dependency of libsapi0 to trousers. trousers has nothing
to do with tpm2-tss.
- fixed typo in resourcemgr.service (bsc#1031004)
- Remove --with-pic which is only for static libs.
- Fix an improper Requires line.
- Split libtcti* from libsapi0; these are independentlty
developable units.
- Updated to 1.0 (FATE#321508)
- Added
- Travis-CI integration with GitHub
- Unit tests for primitive (un)?marshal functions.
- Example systemd unit for resourcemgr.
- Allow for unit tests to be enabled selectively.
- added pkg-config files for libraries
- Changed
- move simulator initialization code to socket TCTI init function.
- socket TCTI finalize no longer frees context
- rename libtss2 to libsapi
- rename libtcti_device to libtcti-device
- rename libtcti_socket to libtcti-socket
- move $(includedir)/tss to $(includedir)/sapi
- Move default compiler flags to config.site file.
- Fixed
- Fix run away resourcemgr threads by closing client sockets when resourcemgr recv() call returns 0.
- Set MSG_NOSIGNAL for client connections to avoid SIGPIPE killing resourcemgr.
- Fixes to handling of persistent objects by resourcemgr.
- Removed
- Semicolon from TPMA_* macros definitions.
- Windows build files.
- SAPI_CLIENT macro tests.
- Security
- Fix buffer overflow in resourcemgr.
- use sample resourcemanager.service
- tpm2-0-tss-configure.patch: fix weird error.
- Remove type=forking from service file (bsc#995554)
- added a systemd unit service file (FATE#315631)
- Correct package naming to be in line with shared library guideline
- Remove unused systemd build and runtime dependencies
(FATE#315631)
- Fix rpm group of library package: libs belong, per definition, to
the group "System/Libraries". (FATE#315631)
- initial import of the tpm 2.0 tss stack (FATE#315631)
OBS-URL: https://build.opensuse.org/request/show/937743
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=117
2021-12-09 11:31:03 +01:00
|
|
|
%{_tmpfilesdir}/tpm2-tss-fapi-%{version}.conf
|
2020-10-23 12:56:19 +02:00
|
|
|
# this would fix "tmpfile-not-in-filelist" warnings but when adding these
|
|
|
|
# entries then it complains about "directories not owned by a package:" for
|
2021-01-28 10:46:02 +01:00
|
|
|
# /run/tpm2-0-tss & friends. When adding them as %%ghost, too, then Leap15.1
|
2020-10-23 12:56:19 +02:00
|
|
|
# complains about "found conflict of libtss2-fapi1-3.0.1-lp152.103.1.x86_64
|
|
|
|
# with libtss2-fapi1-3.0.1-lp152.103.1.x86_64". Thus leave it be for the
|
|
|
|
# moment, some insane circle of errors is involved here.
|
2021-01-29 10:58:11 +01:00
|
|
|
#
|
|
|
|
# it seems the problem is that during `make install` the package runs
|
|
|
|
# systemd-tmpfiles --create, and the directories are created outside the
|
|
|
|
# package's install tree. It seems this is not expected by RPM.
|
2021-01-28 10:46:02 +01:00
|
|
|
# %%ghost %%{_sharedstatedir}/%%{name}/system/keystore
|
|
|
|
# %%ghost %%{_rundir}/%%{name}/eventlog
|
2020-10-22 12:27:22 +02:00
|
|
|
|
|
|
|
%files -n libtss2-tcti-cmd0
|
|
|
|
%{_libdir}/libtss2-tcti-cmd.so.*
|
|
|
|
|
|
|
|
%files -n libtss2-tcti-swtpm0
|
|
|
|
%{_libdir}/libtss2-tcti-swtpm.so.*
|
|
|
|
|
2021-07-15 13:15:44 +02:00
|
|
|
%files -n libtss2-tcti-pcap0
|
|
|
|
%{_libdir}/libtss2-tcti-pcap.so.*
|
|
|
|
|
2016-02-24 11:20:32 +01:00
|
|
|
%changelog
|