From bcdc60d0a744ffb3c53c48d6d6e67ac7f70cc52d6e670cd8ae451163cfcc98b2 Mon Sep 17 00:00:00 2001
From: Matthias Gerstner <matthias.gerstner@suse.com>
Date: Thu, 15 Jul 2021 11:15:44 +0000
Subject: [PATCH] Accepting request 906442 from home:gmbr3:Active

- Clean spec file
- Add new library libtss2-tcti-pcap0
- Update to 3.1.0:
  * Fix FAPI PolicyPCR not instatiating correctly (CVE-2020-24455)
  * Fixed possible access outside the array in ifapi_calculate_tree
  * Added pcap TCTI
  * Added GlobalSign TPM Root CA certs to FAPI cert store
  * Changed EncryptDecrypt mode type to align with TPM2.0 spec 1.59
  * Added two new TPM commands TPM2_CC_CertifyX509,
    and TPM2_CC_ACT_SetTimeout

OBS-URL: https://build.opensuse.org/request/show/906442
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=111
---
 _service              | 11 ----------
 tpm2-0-tss.changes    | 14 +++++++++++++
 tpm2-0-tss.spec       | 47 +++++++++++++++++++++++++------------------
 tpm2-tss-3.0.3.tar.gz |  3 ---
 tpm2-tss-3.1.0.tar.gz |  3 +++
 5 files changed, 44 insertions(+), 34 deletions(-)
 delete mode 100644 _service
 delete mode 100644 tpm2-tss-3.0.3.tar.gz
 create mode 100644 tpm2-tss-3.1.0.tar.gz

diff --git a/_service b/_service
deleted file mode 100644
index d44c021..0000000
--- a/_service
+++ /dev/null
@@ -1,11 +0,0 @@
-<services>
-  <!-- we need to setup a download_files service here. it is already called implicitly for some reason in the devel project, but not in e.g. SLE-15 -->
-  <service name="tar_scm" mode="disabled">
-    <param name="url">https://github.com/intel/tpm2-tss.git</param>
-    <param name="scm">git</param>
-    <param name="revision">3.0.3</param>
-    <param name="versionformat">@PARENT_TAG@</param>
-    <param name="changesgenerate">disable</param>
-  </service>
-  <service name="set_version" mode="disabled"/>
-</services>
diff --git a/tpm2-0-tss.changes b/tpm2-0-tss.changes
index c295d9a..3653dc1 100644
--- a/tpm2-0-tss.changes
+++ b/tpm2-0-tss.changes
@@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Wed Jul 14 15:11:55 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
+
+- Clean spec file
+- Add new library libtss2-tcti-pcap0
+- Update to 3.1.0:
+  * Fix FAPI PolicyPCR not instatiating correctly (CVE-2020-24455)
+  * Fixed possible access outside the array in ifapi_calculate_tree
+  * Added pcap TCTI
+  * Added GlobalSign TPM Root CA certs to FAPI cert store
+  * Changed EncryptDecrypt mode type to align with TPM2.0 spec 1.59
+  * Added two new TPM commands TPM2_CC_CertifyX509,
+    and TPM2_CC_ACT_SetTimeout
+
 -------------------------------------------------------------------
 Mon Jun 28 06:52:53 UTC 2021 - Marcus Meissner <meissner@suse.com>
 
diff --git a/tpm2-0-tss.spec b/tpm2-0-tss.spec
index 7b546f0..07cc3c4 100644
--- a/tpm2-0-tss.spec
+++ b/tpm2-0-tss.spec
@@ -17,7 +17,7 @@
 
 
 Name:           tpm2-0-tss
-Version:        3.0.3
+Version:        3.1.0
 Release:        0
 Summary:        Intel's TCG Software Stack access libraries for TPM 2.0 chips
 License:        BSD-2-Clause
@@ -27,12 +27,14 @@ Source0:        https://github.com/tpm2-software/tpm2-tss/releases/download/%{ve
 Source2:        baselibs.conf
 BuildRequires:  doxygen
 BuildRequires:  gcc-c++
-BuildRequires:  libcurl-devel
+BuildRequires:  pkgconfig(libcurl)
 BuildRequires:  libgcrypt-devel
-BuildRequires:  libjson-c-devel
-BuildRequires:  libopenssl-devel
-BuildRequires:  pkg-config
+BuildRequires:  pkgconfig(json-c)
+BuildRequires:  pkgconfig(libopenssl)
+BuildRequires:  pkgconfig
 BuildRequires:  pkgconfig(udev)
+BuildRequires:  /usr/sbin/groupadd
+BuildRequires:  acl
 # The same user is employed by trousers (and was employed by the old
 # resourcemgr shipped with the tpm2-0-tss package):
 #
@@ -48,8 +50,7 @@ BuildRequires:  pkgconfig(udev)
 # the packages ATM. Trousers is keeping state there, but the directory is
 # owned by root and files are opened before dropping privileges. The passwd
 # entry seems not to be evaluated.
-Requires:       user(tss)
-BuildRoot:      %{_tmppath}/%{name}-%{version}-build
+Requires(pre):  user(tss)
 
 %description
 The tpm2-0-tss package provides a TPM 2.0 TSS implementation. This
@@ -70,6 +71,7 @@ Requires:       libtss2-tcti-cmd0 = %{version}
 Requires:       libtss2-tcti-device0 = %{version}
 Requires:       libtss2-tcti-mssim0 = %{version}
 Requires:       libtss2-tcti-swtpm0 = %{version}
+Requires:       libtss2-tcti-pcap0 = %{version}
 Requires:       libtss2-tctildr0 = %{version}
 Requires:       tpm2-0-tss = %{version}
 
@@ -170,10 +172,21 @@ A TCTI for interaction with the TPM2 software simulator. It abstracts the
 details of direct communication with the interface and protocol exposed by the
 daemon hosting the TPM2 reference implementation.
 
+%package -n     libtss2-tcti-pcap0
+Summary:        TCTI pcap interface library
+Group:          System/Libraries
+
+%description -n libtss2-tcti-pcap0
+A TCTI which prints TPM commands and responses to a file in pcap-ng format. It abstracts the
+details of direct communication with the interface and protocol exposed by the
+daemon hosting the TPM2 reference implementation.
+
 %prep
-%setup -q -n tpm2-tss-%{version}
+%autosetup -n tpm2-tss-%{version}
 
 %build
+# configure looks for groupadd on PATH
+export PATH="$PATH:%{_sbindir}"
 %configure --disable-static \
     --with-udevrulesdir=%{_udevrulesdir} \
     --with-runstatedir=%{_rundir} \
@@ -213,9 +226,11 @@ mv %{buildroot}%{_udevrulesdir}/tpm-udev.rules %{buildroot}%{_udevrulesdir}/%{ud
 %postun -n libtss2-tcti-cmd0 -p /sbin/ldconfig
 %post -n libtss2-tcti-swtpm0 -p /sbin/ldconfig
 %postun -n libtss2-tcti-swtpm0 -p /sbin/ldconfig
+%post -n libtss2-tcti-pcap0 -p /sbin/ldconfig
+%postun -n libtss2-tcti-pcap0 -p /sbin/ldconfig
+
 
 %files
-%defattr(-,root,root)
 %doc *.md
 %license LICENSE
 %{_mandir}/man3/*
@@ -229,41 +244,32 @@ mv %{buildroot}%{_udevrulesdir}/tpm-udev.rules %{buildroot}%{_udevrulesdir}/%{ud
 %config /etc/tpm2-tss/fapi-profiles/*.json
 
 %files devel
-%defattr(-,root,root)
 %{_includedir}/tss2
 %{_libdir}/*.so
 %{_libdir}/pkgconfig/*.pc
 
 %files -n libtss2-esys0
-%defattr(-,root,root)
 %{_libdir}/libtss2-esys.so.*
 
 %files -n libtss2-sys1
-%defattr(-,root,root)
 %{_libdir}/libtss2-sys.so.*
 
 %files -n libtss2-mu0
-%defattr(-,root,root)
 %{_libdir}/libtss2-mu.so.*
 
 %files -n libtss2-rc0
-%defattr(-,root,root)
 %{_libdir}/libtss2-rc.so.*
 
 %files -n libtss2-tctildr0
-%defattr(-,root,root)
 %{_libdir}/libtss2-tctildr.so.*
 
 %files -n libtss2-tcti-device0
-%defattr(-,root,root)
 %{_libdir}/libtss2-tcti-device.so.*
 
 %files -n libtss2-tcti-mssim0
-%defattr(-,root,root)
 %{_libdir}/libtss2-tcti-mssim.so.*
 
 %files -n libtss2-fapi1
-%defattr(-,root,root)
 %{_libdir}/libtss2-fapi.so.*
 %{_tmpfilesdir}/tpm2-tss-fapi.conf
 # this would fix "tmpfile-not-in-filelist" warnings but when adding these
@@ -280,11 +286,12 @@ mv %{buildroot}%{_udevrulesdir}/tpm-udev.rules %{buildroot}%{_udevrulesdir}/%{ud
 # %%ghost %%{_rundir}/%%{name}/eventlog
 
 %files -n libtss2-tcti-cmd0
-%defattr(-,root,root)
 %{_libdir}/libtss2-tcti-cmd.so.*
 
 %files -n libtss2-tcti-swtpm0
-%defattr(-,root,root)
 %{_libdir}/libtss2-tcti-swtpm.so.*
 
+%files -n libtss2-tcti-pcap0
+%{_libdir}/libtss2-tcti-pcap.so.*
+
 %changelog
diff --git a/tpm2-tss-3.0.3.tar.gz b/tpm2-tss-3.0.3.tar.gz
deleted file mode 100644
index 2f80aff..0000000
--- a/tpm2-tss-3.0.3.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:78392be7309baf47f51b122f566ac915fd4d1760ea78571cba2e1484f9b5be17
-size 1489136
diff --git a/tpm2-tss-3.1.0.tar.gz b/tpm2-tss-3.1.0.tar.gz
new file mode 100644
index 0000000..8ac30d6
--- /dev/null
+++ b/tpm2-tss-3.1.0.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:8900a6603f74310b749b65f23c3461cde6e2a23a5f61058b21004c25f9cf19e8
+size 1584690