Commit Graph

142 Commits

Author SHA256 Message Date
Dominique Leuenberger
0162b788d3 Accepting request 1172147 from security
Update to version 4.1:
+ Security
    - Fixed CVE-2024-29040 (bsc#1223690)
+ Fixed
    - fapi: Fix length check on FAPI auth callbacks
    - mu: Correct error message for errors
    - tss2-rc: fix unknown laer handler dropping bits.
    - fapi: Fix deviation from CEL specification (template_value was used instead of template_data).
    - fapi: Fix json syntax error in FAPI profiles which was ignored by json-c.
    - build: fix build fail after make clean.
    - mu: Fix unneeded size check in TPM2B unmarshaling.
    - fapi: Fix missing parameter encryption.
    - build: Fix failed build with --disable-vendor.
    - fapi: Fix flush of persistent handles.
    - fapi: Fix test provisioning with template with self generated certificate disabled.
    - fapi: Fix error in Fapi_GetInfo it TPM supports SHA3 hash algs.
    - fapi: Revert pcr extension for EV_NO_ACTION events.
    - fapi: Fix strange error messages if nv, ext, or policy path does not exits.
    - fapi: Fix segfault caused by wrong allocation of pcr policy.
    - esys: Fix leak in Esys_EvictControl for persistent handles.
    - tss2-tcti: tcti-libtpms: fix test failure on big-endian platform.
    - esys: Add reference counting for Esys_TR_FromTPMPublic.
    - esys: Fix HMAC error if session bind key has an auth value with a trailing 0.
    - fapi: fix usage of self signed certificates in TPM.
    - fapi: Usage of self signed certificates.
    - fapi: A segfault after the error handling of non existing keys.
    - fapi: Fix several leaks.
    - fapi: Fix error handling for policy execution.
    - fapi: Fix usage of persistent handles (should not be flushed)
    - fapi: Fix test provisioning with template (skip test without self generated certificate).

OBS-URL: https://build.opensuse.org/request/show/1172147
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2-0-tss?expand=0&rev=36
2024-05-07 16:02:28 +00:00
0fcf37062f - add new sub-package libtss2-tcti-spidev0: TCTI for communicating with a TPM
connected directly via SPI.
- add new sub-package libtss2-tcti-i2c-helper0: TCTI for communicating with a
  TPM connected directly via I2C.

OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=139
2024-05-06 10:47:12 +00:00
edb29b2668 - Fixed CVE-2024-29040 (bsc#1223690)
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=138
2024-05-06 10:16:07 +00:00
57ab8ba31f Update to version 4.1:
+ Security
    - Fixed CVE-2024-29040
+ Fixed
    - fapi: Fix length check on FAPI auth callbacks
    - mu: Correct error message for errors
    - tss2-rc: fix unknown laer handler dropping bits.
    - fapi: Fix deviation from CEL specification (template_value was used instead of template_data).
    - fapi: Fix json syntax error in FAPI profiles which was ignored by json-c.
    - build: fix build fail after make clean.
    - mu: Fix unneeded size check in TPM2B unmarshaling.
    - fapi: Fix missing parameter encryption.
    - build: Fix failed build with --disable-vendor.
    - fapi: Fix flush of persistent handles.
    - fapi: Fix test provisioning with template with self generated certificate disabled.
    - fapi: Fix error in Fapi_GetInfo it TPM supports SHA3 hash algs.
    - fapi: Revert pcr extension for EV_NO_ACTION events.
    - fapi: Fix strange error messages if nv, ext, or policy path does not exits.
    - fapi: Fix segfault caused by wrong allocation of pcr policy.
    - esys: Fix leak in Esys_EvictControl for persistent handles.
    - tss2-tcti: tcti-libtpms: fix test failure on big-endian platform.
    - esys: Add reference counting for Esys_TR_FromTPMPublic.
    - esys: Fix HMAC error if session bind key has an auth value with a trailing 0.
    - fapi: fix usage of self signed certificates in TPM.
    - fapi: Usage of self signed certificates.
    - fapi: A segfault after the error handling of non existing keys.
    - fapi: Fix several leaks.
    - fapi: Fix error handling for policy execution.
    - fapi: Fix usage of persistent handles (should not be flushed)
    - fapi: Fix test provisioning with template (skip test without self generated certificate).

OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=137
2024-05-03 14:16:18 +00:00
Ana Guerrero
27e8c205b8 Accepting request 1138772 from security
- Fix tmpfiles %ghost file names (forwarded request 1138485 from gmbr3)

OBS-URL: https://build.opensuse.org/request/show/1138772
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2-0-tss?expand=0&rev=35
2024-01-15 21:15:33 +00:00
43cbd52bf9 Accepting request 1138485 from home:gmbr3:Active
- Fix tmpfiles %ghost file names

OBS-URL: https://build.opensuse.org/request/show/1138485
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=135
2024-01-15 08:16:44 +00:00
6f8e5ebb7e Accepting request 1137558 from home:gmbr3:Active
- Move tmpfiles config to different package:
  * tmpfiles_create was being called with bad input (version ?)
  * it avoids breaking SLPP for libtss2-fapi1 (hence the prior
    warning in spec)
- tss sysusers requires should be pre not post

OBS-URL: https://build.opensuse.org/request/show/1137558
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=134
2024-01-09 08:27:44 +00:00
Ana Guerrero
9812c29b26 Accepting request 1129154 from security
OBS-URL: https://build.opensuse.org/request/show/1129154
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2-0-tss?expand=0&rev=34
2023-11-27 21:42:06 +00:00
d17d372bf4 Accepting request 1129124 from home:lnussel:branches:security
- libtss2-fapi1 requires system-user-tss for tmpfile creation

OBS-URL: https://build.opensuse.org/request/show/1129124
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=132
2023-11-27 14:34:08 +00:00
Ana Guerrero
c3f5f96bb4 Accepting request 1100357 from security
Require openssl-3 over openssl-1 to assist migration of applications to newer openssl-3.

Alternately we might need to have two copies of the package for openssl-3 and openssl-1, but
we have to transition to just openssl-3 at some point.

This is required for Kanidm as it requires openssl-3 and tpm2-0-tss. (forwarded request 1100221 from firstyear)

OBS-URL: https://build.opensuse.org/request/show/1100357
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2-0-tss?expand=0&rev=33
2023-07-25 09:22:50 +00:00
19dbe542bb Accepting request 1100221 from home:firstyear:kanidm
Require openssl-3 over openssl-1 to assist migration of applications to newer openssl-3.

Alternately we might need to have two copies of the package for openssl-3 and openssl-1, but
we have to transition to just openssl-3 at some point.

This is required for Kanidm as it requires openssl-3 and tpm2-0-tss.

OBS-URL: https://build.opensuse.org/request/show/1100221
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=130
2023-07-24 09:27:24 +00:00
71ea17d68f Accepting request 1070181 from home:aplanas:branches:security
Undo last change

OBS-URL: https://build.opensuse.org/request/show/1070181
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=129
2023-03-08 12:58:53 +00:00
072812fe73 Accepting request 1069986 from home:aplanas:branches:security
- Drop version from the systemd-tmpfiles config file

OBS-URL: https://build.opensuse.org/request/show/1069986
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=128
2023-03-07 16:35:07 +00:00
Dominique Leuenberger
b44ac4081b Accepting request 1066193 from security
OBS-URL: https://build.opensuse.org/request/show/1066193
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2-0-tss?expand=0&rev=32
2023-02-17 15:43:57 +00:00
c4218a3a27 Accepting request 1066192 from home:aplanas:branches:security
- Drop 0001-tss2_rc-ensure-layer-number-is-in-bounds.patch as was
  already merged upstream
- Update to 4.0.1
  + Fixed:
    * A buffer overflow in tss2-rc as CVE-2023-22745.
- Update to 4.0.0
  + Fixed:
    * tcti-ldr: Use heap instead of stack when tcti initialize
    * Fix usage of NULL pointer if Esys_TR_SetAuth is calles with
      ESYS_TR_NONE.
    * Conditionally check user/group manipulation commands.
    * Store VERSION into the release tarball.
    * When using DESTDIR for make einstall, do not invoke
      systemd-sysusers and systemd-tmpfiles.
    * esys_iutil: fix possible NPD.
    * Tss2_Sys_Flushcontext: flushHandle was encoded as a handleArea
      handle and not as parameter one, this affected the contents of
      cpHash.
    * esys: fix allow usage of HMAC sessions for
      Esys_TR_FromTPMPublic.
    * fapi: fix usage of policy_nv with a TPM nv index.
    * linking tcti for libtpms against tss2-tctildr. It should be
      linked against tss2-mu.
    * build: Remove erroneous trailing comma in linker option. Bug
      #2391.
    * fapi: fix encoding of complex tpm2bs in authorize nv,
      duplication select and policy template policies. Now the complex
      and TPMT or TPMS representations can be used. Bug #2383
    * The error message for unsupported FAPI curves was in hex without
      a leading 0x, make it integer output to clarify.
    * Documentation that had various scalar out pointers as "callee
      allocated".
    * test: build with opaque FILE structure like in musl libc.
    * Transient endorsement keys were not recreated according to the
      EK credential profile.
    * Evict control for a persistent EK failed during provisioning if
      an auth value for the storage hierarchy was set.
    * The authorization of the storage hierarchy is now added. Fixes
      FAPI: Provisioning error if an auth value is needed for the
      storage hierarchy #2438.
    * Usage of a second profile in a path was not possible because the
      default profile was always used.
    * The setting of an empty auth value for Fapi_Provision was fixed.
    * JSON encoding of a structure TPMS_POLICYAUTHORIZATION used the
      field keyPEMhashAlg instead of hashAlg as defined in "TCG TSS
      2.0 JSON Data Types and Policy Language Specification". Rename
      to hashAlg but preserve support for reading keyPEMhashAlg for
      backwards compatibility.
    * fapi: PolicySecret did not work with keys as secret object.
    * Esys_PCR_SetAuthValue: remembers the auth like other SetAutg
      ESAPI functions.
    * tests: esys-pcr-auth-value.int moved to destructive tests.
    * FAPI: Fix double free if keystore is corrupted.
    * Marshaling of TPMU_CAPABILITIES data, only field
      intelPttProperty was broken before.a
    * Spec deviation in Fapi_GetDescription caused description to be
      NULL when it should be empty string. This is API breaking but
      considered a bug since it deviated from the FAPI spec.
    * FAPI: undefined reference to curl_url_strerror when using curl
      less than 7.80.0.
    * FAPI: Fixed support for EK templates in NV inidices per the
      spec, see #2518 for details.
    * FAPI: fix NPD in ifapi_curl logging.
    * FAPI: Improve documentation fapi-profile
    * FAPI: Fix CURL HTTP handling.
    * FAPI: Return FAPI_RC_IO_ERROR if a policy does not exist in
      keystore.
  + Added:
    * TPM version 1.59 support.
    * ci: ubuntu-22.04 added.
    * mbedTLS 3.0 is supported by ESAPI.
    * Add CreationHash to JSON output for usage between applications
      not using the FAPI keystore, like command line tools.
    * Reduced code size for SAPI.
    * Support for Runtime Switchable ESAPI Crypto Backend via
      Esys_SetCryptoCallbacks.
    * Testing for TCG EK Credential Profile TPM 2.0, Version 2.4
      Rev. 3, 2021 for the low and high address range of EK templates.
    * tss2-rc: Tss2_RC_DecodeInfo function for parsing TSS2_RC into
      the various bit fields.
    * FAPI support for P_ECC384 profile.
    * tss2-rc: Tss2_RC_DecodeInfoError: Function to get a human
      readable error from a TSS2_RC_INFO returned by
      Tss2_RC_DecodeInfo
    * tcti: Generic SPI driver, implementors only need to connect to
      acquire/release, transmit/receive, and sleep/timeout functions.
    * FAPI: Add event logging for Firmware and IMA Events. See #2170
      for details.
    * FAPI: Fix Fapi_ChangeAuth updates on hierarchy objects not being
      reflected across profiles.
    * FAPI: Allow keyedhash keys in PolicySigned.
    * ESAPI: Support sha512 for mbedtls crypto backend.
    * TPM2B_MAX_CAP_BUFFER and mu routines
    * vendor field to TPMU_CAPABILTIIES
    * FAPI: support for PolicyTemplate
  + Changed
    * libmu soname from 0:0:0 to 0:1:0.
    * tss2-sys soname from 1:0:0 to 1:1:0
    * tss2-esys: from 0:0:0 to 0:1:0
    * FAPI ignores vendor properties on Fapi_GetInfo
    * FAPI Event Logging JSON format, See #2170 for details.
  + Removed
    * Dead struct TPMS_ALGORITHM_DESCRIPTION
    * Dead field intelPttProperty from TPMU_CAPABILITIES
    * Dead code Tss2_MU_TPMS_ALGORITHM_DESCRIPTION_Marshal
    * Dead code Tss2_MU_TPMS_ALGORITHM_DESCRIPTION_Unmarshal

OBS-URL: https://build.opensuse.org/request/show/1066192
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=126
2023-02-16 15:00:57 +00:00
Dominique Leuenberger
1cb5b7a946 Accepting request 1059943 from security
- add 0001-tss2_rc-ensure-layer-number-is-in-bounds.patch: fixes
  CVE-2023-22745 (bsc#1207325): Buffer Overlow in TSS2_RC_Decode. Overly large
  RC values passed to the TSS2 function could lead to memory overread or
  memory overread.
  This patch is not yet part of any upstream git tag.

OBS-URL: https://build.opensuse.org/request/show/1059943
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2-0-tss?expand=0&rev=31
2023-01-21 18:10:13 +00:00
4cd4a5bc82 - add 0001-tss2_rc-ensure-layer-number-is-in-bounds.patch: fixes
CVE-2023-22745 (bsc#1207325): Buffer Overlow in TSS2_RC_Decode. Overly large
  RC values passed to the TSS2 function could lead to memory overread or
  memory overread.
  This patch is not yet part of any upstream git tag.

OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=124
2023-01-20 11:24:42 +00:00
Dominique Leuenberger
91c97e0294 Accepting request 988349 from security
OBS-URL: https://build.opensuse.org/request/show/988349
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2-0-tss?expand=0&rev=30
2022-07-12 09:12:12 +00:00
4281ba40c5 Accepting request 988348 from home:aplanas:branches:security
- Revert "Add version the configuration file tpm2-tss-fapi.conf"
  This generate whitelist problems in rpmlint.

OBS-URL: https://build.opensuse.org/request/show/988348
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=122
2022-07-11 11:24:21 +00:00
Dominique Leuenberger
85cccdc993 Accepting request 987923 from security
OBS-URL: https://build.opensuse.org/request/show/987923
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2-0-tss?expand=0&rev=29
2022-07-09 14:59:10 +00:00
4623b2e0a3 Accepting request 987922 from home:aplanas:branches:security
Fix GPG comment

OBS-URL: https://build.opensuse.org/request/show/987922
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=120
2022-07-08 13:38:46 +00:00
71131875bd Accepting request 987905 from home:aplanas:branches:security
- Update to 3.2.0
  + Fixed
    * FAPI: fix curl_url_set call
    * FAPI: Fix usage of curl url (Should fix Ubuntu 22.04)
    * Fix buffer upcast leading to misalignment
    * Fix check whether SM3 is available
    * Update git.mk to support R/O src-dir
    * Fixed file descriptor leak when tcti initialization failed.
    * 32 Bit builds of the integration tests.
    * Primary key creation, in some cases the unique field was not
      cleared before calling create primary.
    * Primary keys was used for signing the object were cleared after
      loading. So access e.g. to the certificate did not work.
    * Primary keys created with Fapi_Create with an auth value, the
      auth_value was not used in inSensitive to recreate the primary
      key. Now the auth value callback is used to initialize
      inSensitive.
    * The not possible usage of policies for primary keys generated
      with Fapi_CreatePrimary has been fixed.
    * An infinite loop when parsing erroneous JSON was fixed in FAPI.
    * A buffer overflow in ESAPI xor parameter obfuscation was fixed.
    * Certificates could be read only once in one application The
      setting the init state of the state automaton for getting
      certificates was fixed.
    * A double free when executing policy action was fixed.
    * A leak in Fapi_Quote was fixed.
    * The wrong file locking in FAPI IO was fixed.
    * Enable creation of tss group and user on systems with busybox
      for fapi.
    * One fapi integration test did change the auth value of the
      storage hierarchy.
    * A leak in fapi crypto with ossl3 was fixed.
    * Add initial camelia support to FAPI
    * Fix tests of fapi PCR
    * Fix tests of ACT functionality if not supported by pTPM
    * Fix compiler (unused) warning when building without debug
      logging
    * Fix leaks in error cases of integration tests
    * Fix memory leak after ifapi_init_primary_finish failed
    * Fix double-close of stream in FAPI
    * Fix segfault when ESYS_TR_NONE is passed to Esys_TR_GetName
    * Fix the authorization of hierarchy objects used in policy
      secret.
    * Fix check of qualifying data in Fapi_VerifyQuote.
    * Fix some leaks in FAPI error cases.
    * Make scripts compatible with non-posix shells where test does
      not know -a and -o.
    * Fix usage of variable not initialized when fapi keystore is
      empty.
  + Added
    * Add additional IFX root CAs
    * Added support for SM2, SM3 and SM4.
    * Added support for OpenSSL 3.0.0.
    * Added authPolicy field to the TPMU_CAPABILITIES union.
    * Added actData field to the TPMU_CAPABILITIES union.
    * Added TPM2_CAP_AUTH_POLICIES
    * Added TPM2_CAP_ACT constants.
    * Added updates to the marshalling and unmarshalling of the
      TPMU_CAPABILITIES union.
    * Added updated to the FAPI serializations and deserializations of
      the TPMU_CAPABILITIES union and associated types.
    * Add CODE_OF_CONDUCT
    * tcti-mssim and tcti-swtpm gained support for UDX communication
    * Missing constant for TPM2_RH_PW
  + Removed
    * Removed support for OpenSSL < 1.1.0.
    * Marked TPMS_ALGORITHM_DESCRIPTION and corresponding MU routines
      as deprecated.
    * Those were errorous typedefs that are not use and not useful. So
      we will remove this with 3.3
    * Marked TPM2_RS_PW as deprecated. Use TPM2_RH_PW instead.
- Update to 3.1.1
  + Fixed
    * Fixed file descriptor leak when tcti initialization failed.
    * Primary key creation, in some cases the unique field was not
      cleared before calling create primary.
    * Primary keys was used for signing the object were cleared after
      loading. So access e.g. to the certificate did not work.
    * Primary keys created with Fapi_Create with an auth value, the
      auth_value was not used in inSensitive to recreate the primary
      key. Now the auth value callback is used to initialize
      inSensitive.
    * The not possible usage of policies for primary keys generated
      with Fapi_CreatePrimary has been fixed.
    * An infinite loop when parsing erroneous JSON was fixed in FAPI.
    * A buffer overflow in ESAPI xor parameter obfuscation was fixed.
    * Certificates could be read only once in one application The
      setting the init state of the state automaton for getting
      certificates was fixed.
    * A double free when executing policy action was fixed.
    * A leak in Fapi_Quote was fixed.
    * The wrong file locking in FAPI IO was fixed.
    * One fapi integration test did change the auth value of the
      storage hierarchy.
    * Fix test of FAPI PCR
    * Fix leaks in error cases of integration tests
    * Fix segfault when ESYS_TR_NONE is passed to Esys_TR_GetName
    * Fix the authorization of hierarchy objects used in policy
      secret.
    * Fix check of qualifying data in Fapi_VerifyQuote.
    * Fix some leaks in FAPI error cases.
    * Fix usage of variable not initialized when fapi keystore is
      empty.
  + Added
    * Add additional IFX root CAs

OBS-URL: https://build.opensuse.org/request/show/987905
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=119
2022-07-08 12:20:43 +00:00
9150f41d89 OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=118 2022-04-27 06:57:23 +00:00
Dominique Leuenberger
03ebf4999d Accepting request 937744 from security
OBS-URL: https://build.opensuse.org/request/show/937744
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2-0-tss?expand=0&rev=28
2021-12-13 19:42:09 +00:00
6aad16be69 Accepting request 937743 from home:aplanas:branches:security
- Version 3.1.0 includes:
  + cover update to 2.4.5 (jsc#SLE-17366)
  + cover update to 2.3.0 (jsc#SLE-9515)
  + fix policy session for TPM2_PolicyAuthValue (bsc#1160736)
- Add version the configuration file tpm2-tss-fapi.conf
- Remove conflicting sysusers.d file
- Clean spec file
- Add new library libtss2-tcti-pcap0
- Update to 3.1.0:
  * Fix FAPI PolicyPCR not instatiating correctly (CVE-2020-24455)
  * Fixed possible access outside the array in ifapi_calculate_tree
  * Added pcap TCTI
  * Added GlobalSign TPM Root CA certs to FAPI cert store
  * Changed EncryptDecrypt mode type to align with TPM2.0 spec 1.59
  * Added two new TPM commands TPM2_CC_CertifyX509,
    and TPM2_CC_ACT_SetTimeout
- small services fixes and comments
- update to 3.0.3:
  - changes in 3.0.3:
    * Fix Regression in Fapi_List
    * Fix memory leak in policy calculation
  - changes in 3.0.2:
    * FAPI: Fix setting of the system flag of NV objects
    * This will let NV object metadata be created system-wide always instead of
    * locally in the user. Existing metadata will remain in the user directory.
    * It can be moved to the corresponding systemstore manually if needed.
    * FAPI: Fix policy searching, when a policyRef was provided
    * FAPI: Accept EK-Certs without CRL dist point
    * FAPI: Fix return codes of Fapi_List
    * FAPI: Fix memleak in policy execution
    * FAPI: Fix coverity NULL-pointer check
    * FAPI: Set the written flag of NV objects in FAPI PolicyNV commands
    * FAPI: Fix deleting of policy files.
    * FAPI: Fix wrong file loading during object search.
    * Fapi: Fix memory leak
    * Fapi: Fix potential NULL-Dereference
    * Fapi: Remove superfluous NULL check
    * Fix a memory leak in async keystore load.
- move the tcti-fapi tmpfiles.d config file into the libtss2-fapi1 sub-package.
- improve the descriptions of new libraries (fapi1, cmd0, swtpm0)
- adjust baselibs.conf to match new library versions and added libraries
- Update to 3.0.1, changelog at:
  https://github.com/tpm2-software/tpm2-tss/blob/3.0.x/CHANGELOG.md
- Update libtss2-sys0 to libtss2-sys1
- Add new libs:
  * libtss2-fapi1
  * libtss2-tcti-cmd0
  * libtss2-tcti-swtpm0
- Update to version 2.3.3
  * Fixed mixing salted and unsalted sessions in the same ESAPI
    context
  * Removed use of VLAs from TPML marshal code
  * Added check for object node before calling compute_session_value
    function
  * Fixed auth calculation in Esys_StartAuthSession called with
    optional parameters
  * Fixed compute_encrypted_salt error handling in
    Esys_StartAuthSession
  * Fixed exported symbols map for libtss2-mu
- Use system-users for tss user creation (boo#1162360).
- BuildRequire pkgconfig(udev) instead of udev: allow OBS to
  shortcut through the -mini flavor.
- update to upstream version 2.3.2:
  - changes since version 2.3.0:
    - Fix unit tests on S390 architectures
    - Fixed HMAC generation for policy sessions
- update to upstream version 2.3.0:
  - changes in version 2.3.0:
    - tss2-tctildr: A new library that helps with tcti initialization
      Recommend to use this in place of custom tcti loading code now !
    - tss2-rc: A new library that provides textual representations for return
      codes
    - Option to disable NIST-deprecated crypto (--disable-weak-crypto)
    - Support Esys_TR_FromTPMPublic on sessions (for use in Esys_FlushContext)
    - map-files with correct symbol lists for tss2-sys and tss2-esys
      This may lead to unresolved symbols in linked applications
    - Support to call Tss2_Sys_Execute repeatedly on certain errors
    - Reduced RAM consumption in Esys due to Tss2_Sys_Execute change
    - Automated session attribution clearing for esys (decrypt and encrypt)
      per cmd
    - Removed libtss2-mu from "Requires" field of libtss2-esys.pc
      Needs to be added explicitely now
    - All fixes from 2.2.1, 2.2.2 and 2.2.3
    - Fixed SPDX License Identifiers
    - Fixed Null-pointer problems in tcti-tbs
    - Fixed Default locality for tcti-mssim set to LOC_0
    - Fixed coverity and valgrind leaks detected in test programs (not library
      code)
- update to upstream version 2.2.3:
  - changes in version 2.2.3:
    * Fix computation of session name
    * Fixed PolicyPassword handling of session Attributes
    * Fixed windows build from dist ball
    * Fixed default tcti configure option
    * Fixed nonce size calculation in ESYS sessions
  - changes in version 2.2.2:
    * Fixed wrong encryption flag in EncryptDecrypt
    * Fixing openssl engine invocation
- bsc#1130588: Require shadow instead of old pwdutils
- update to upstream version 2.2.1:
  - changes from version 2.2.0:
    - Fixed leak of hkey on success in iesys_cryptossl_hmac_start
    - Fixed NULL ptr issues in Esys_HMAC_Start, Esys_HierarchyChangeAuth and Esys_NV_ChangeAuth
    - Fixed NULL ptr issue in sequenceHandleNode
    - Fixed NULL ptr auth handling in Esys_TR_SetAuth
    - Fixed NULL auth handling in iesys_compute_session_value
    - Fixed marshaling of TPM2Bs with sub types.
    - Fixed NULL ptr session handling in Esys_TRSess_SetAttributes
    - Fixed the way size of the hmac value of a session without authorization
    - Added missing MU functions for TPM2_NT type
    - Added missing MU functions for TPMA_ID_OBJECT type
    - Added missing type TPM2_NT into tss2_tpm2_types.h
    - Fixed wrong typename _ID_OBJECT in tss2_tpm2_types.h
    - Fixed build breakage when --with-maxloglevel is not 'trace'
    - Fixed build breakage in generated configure script when CFLAGS is set
    - Fixed configure scritp ERROR_IF_NO_PROG macro
    - Changed TPM2B type unmarshal to use sizeof of the dest buffer instead of dest
    - Fixed unmarshaling of the TPM2B type with invalid size
    - Removed dead code defect detected by coverity from Esys_TRSess_GetNonceTPM
    - Added support for QNX build
    - Added support for partial reads in device TCTI
  - changes from version 2.1.1:
    - Fixed leak of hkey on success in iesys_cryptossl_hmac_start
    - Fixed NULL ptr issues in Esys_HMAC_Start, Esys_HierarchyChangeAuth and Esys_NV_ChangeAuth
    - Fixed NULL ptr issue in sequenceHandleNode
    - Fixed NULL ptr auth handling in Esys_TR_SetAuth
    - Fixed NULL auth handling in iesys_compute_session_value
    - Fixed marshaling of TPM2Bs with sub types.
    - Fixed NULL ptr session handling in Esys_TRSess_SetAttributes
    - Fixed the way size of the hmac value of a session without authorization
    - Added missing MU functions for TPM2_NT type
    - Added missing MU functions for TPMA_ID_OBJECT type
    - Added missing type TPM2_NT into tss2_tpm2_types.h
    - Fixed wrong typename _ID_OBJECT in tss2_tpm2_types.h
    - Fixed build breakage when --with-maxloglevel is not 'trace'
    - Fixed build breakage in generated configure script when CFLAGS is set
    - Fixed configure scritp ERROR_IF_NO_PROG macro
    - Changed TPM2B type unmarshal to use sizeof of the dest buffer instead of dest
    - Fixed unmarshaling of the TPM2B type with invalid size
    - Removed dead code defect detected by coverity from Esys_TRSess_GetNonceTPM
  - changes from version 2.1.0:
    - Fixed handling of the default TCTI
    - Changed logging to be ISO-C99 compatible
    - Fixed leak of dlopen handle
    - Fixed logging of a response header tag in Tss2_Sys_Execute
    - Fixed marshaling of TPM2B parameters in SAPI commands
    - Fixed unnecessary warning in Esys_Startup
    - Fixed warnings in doxygen documentation
    - Added Esys_Free wrapper function for systems using different C runtime libraries
    - Added Windows TBS TCTI
    - Added non-blocking mode of operation in tcti-device
    - Added tests for Esys_HMAC and Esys_Hash
    - Enabled integration tests on physical TPM device
    - Added openssl libcrypto backend
    - Added Doxygen documentation to integration tests
    - Refactored SetDecryptParam
    - Enabled OpenSSL crypto backend by default
  - changes from 2.0.2:
    - Fixed NULL ptr issues in Esys_HMAC_Start, Esys_HierarchyChangeAuth and Esys_NV_ChangeAuth
    - Fixed NULL ptr issue in sequenceHandleNode
    - Fixed NULL ptr auth handling in Esys_TR_SetAuth
    - Fixed NULL auth handling in iesys_compute_session_value
    - Fixed marshaling of TPM2Bs with sub types.
    - Fixed NULL ptr session handling in Esys_TRSess_SetAttributes
    - Fixed the way size of the hmac value of a session without authorization
    - Added missing MU functions for TPM2_NT type
    - Added missing MU functions for TPMA_ID_OBJECT type
    - Added missing type TPM2_NT into tss2_tpm2_types.h
    - Fixed wrong typename _ID_OBJECT in tss2_tpm2_types.h
    - Fixed build breakage when --with-maxloglevel is not 'trace'
    - Fixed build breakage in generated configure script when CFLAGS is set
    - Fixed configure scritp ERROR_IF_NO_PROG macro
    - Changed TPM2B type unmarshal to use sizeof of the dest buffer instead of dest
    - Fixed unmarshaling of the TPM2B type with invalid size
    - Removed dead code defect detected by coverity from Esys_TRSess_GetNonceTPM
- introduce _service file for syncing with upstream tags
- update to upstream version 2.0.1 (FATE#324477):
  - Fixed problems with doxygan failing make distcheck
  - Fixed conversion of gcrypt mpi numbers to binary data
  - Fixed an error in parsing socket address in MSSIM TCTI
  - Fixed compilation error with --disable-tcti-mssim
  - Added initialization function for gcrypt to suppress warning
  - Fixed invalid type base type while marshaling TPMI_ECC_CURVE in Tss2_Sys_ECC_Parameters
  - Fixed invalid RSA encryption with exponent equal to 0
  - Fixed checking of return codes in ESAPI commands
  - Added checks for programs required by the test harness @ configure time
  - Fixed warning on TPM2_RC_INITIALIZE rc after a Startup in Esys_Startup
  - Checked for 1.2 TPM type response
  - Changed constants values in esys header file to unsigned
- also process udev triggers for tpmrm subsystem, otherwise /dev/tpmrm0 isn't
  properly updated (at least on SLES-12-SP4)
- added all librares to baselibs.conf to satisfy 32-bit dependencies of esys0
  and sys0
- Explicitly require udev to fix missing ownership for /usr/lib/udev.
- update to new major version 2.0.0:
  - version_fix.patch: removed, we're now using the distribution tarballs
    where this problem shouldn't happen
  - this update introduces an incompatible ABI to the previous version.
    all libraries have been renamed so there is not really a relation to
    the old version any more.
  - upstream changelog:
    ## [2.0.0] - 2018-06-20
    ### Added
    - Implementation of the Marshal/Unmarshal library (libtss2-mu)
    - Implementation of the Enhanced System API (libtss2-esys aka ESAPI)
    - New implemetation of the TPM Command Transmission Interface (TCTI) for:
      - communication with Linux TPM2 device driver: libtss2-tcti-device
      - communication with Microsoft software simulator: libtss2-tcti-mssim
    - New directory layout (API break)
    - Updated documentation with new doxygen and updated man pages
    - Support for Windows build with Visual Studio and clang, currently limited
    to libtss2-mu and libtss2-sys
    - Implementation of the new Attached Component (AC) commands
    - Implementation of the new TPM2_PolicyAuthorizeNV command
    - Implementation of the new TPM2_CreateLoaded command
    - Implementation of the new TPM2_PolicyTemplate command
    - Addition of _Complete functions to all TPM commands
    - New logging framework
    - Added const qualifiers to API input pointers (API break)
    - Cleaned up headers and remove implementation.h and tpm2.h (API break)
    ### Changed
    - Converted all cpp files to c, removed dependency on C++ compiler.
    - Cleaned out a number of marshaling functions from the SAPI code.
    - Update Linux / Unix OS detection to use non-obsolete macros.
    - Changed TCTI macros to CamelCase (API break)
    - Changed TPMA_types to unsigned int with defines instead of bitfield structs (API/ABI break)
    - Changed Get/SetCmd/RspAuths to new parameter types (API/ABI break)
    - Fixed order of parameters in AC commands: Input command authorizations
    now come after the input handles, but still before the command parameters.
    ### Removed
    - Removed all sysapi/sysapi_utils/*arshal_TPM*.c files
    ### Fixed
    - Updated invalid number of handles in TPM2_PolicyNvWritten and TPM2_TestParms
    - Updated PlatformCommand function from libtss2-tcti-mssim to no longer send
    CANCEL_OFF before every command.
    - Expanded TPM2B macros and removed TPM2B_TYPE1 and TPM2B_TYPE2 macros
    - Fixed wrong return type for Tss2_Sys_Finalize (API break).
    ## [1.4.0] - 2018-03-02
    ### Added
    - Attached Component commands from the last public review spec.
    ### Fixed
    - Essential files missing from release tarballs are now included.
    - Version string generation has been moved from configure.ac to the
    bootstrap script. It is now stored in a file named `VERSION` that is
    shipped in the release tarball.
    - We've stopped shipping the built man page for InitSocketTcti.3 and now
    ship the source.
- removed leftover comment from dropped reproducable.patch
- update to upstream version 1.3.0:
  - support for reproducable builds
  - improved documentation / manual pages
  - various stability bugfixes
  - EncryptDecrypt2 command is now implemented
- removed reproducible.patch. This is now included upstream.
- added version_fix.patch to fix package config version numbers.
- fix the "fix", turns out only the unversioned symlink's supposed to go into
  -devel.
- no longer install the udev rule, it's now part of the new tpm2.0-abrmd
  package.
- fixed a warning regarding a missing dependency of the devel package to the
  main package
- correctly package library symlinks only in the devel package, the library
  itself only in the library package. Was mixed up before.
- removed tpm2-0-tss-configure.patch, it was just a hack, fixed by requiring
  autoconf-archive, see https://github.com/01org/TPM2.0-TSS/issues/227.
- Updated to upstream version 1.1.0
  - With this version the resourcemgr daemon is dropped from this package. It
    is replaced by a completely new implementation found in a new package
    tpm2.0-abrmd. this package will only consist of the libraries any more.
  - Changed
    - tpmclient, disabled all tests that rely on the old resourcemgr.
  - Fixed
    - Fixed definition of PCR_LAST AND TRANSIENT_LAST macros.
  - Removed
    - tpmtest
    - resourcemgr, replacement is in new repo: https://github.com/01org/tpm2-abrmd
- Add reproducible.patch to sort input files to make build reproducible
  (boo#1041090)
- create tss user account and install udev rule to fix startup of resourcemgr
  (bnc#1038586)
- remove unnecessary dependency of libsapi0 to trousers. trousers has nothing
  to do with tpm2-tss.
- fixed typo in resourcemgr.service (bsc#1031004)
- Remove --with-pic which is only for static libs.
- Fix an improper Requires line.
- Split libtcti* from libsapi0; these are independentlty
  developable units.
- Updated to 1.0 (FATE#321508)
  - Added
    - Travis-CI integration with GitHub
    - Unit tests for primitive (un)?marshal functions.
    - Example systemd unit for resourcemgr.
    - Allow for unit tests to be enabled selectively.
    - added pkg-config files for libraries
  - Changed
    - move simulator initialization code to socket TCTI init function.
    - socket TCTI finalize no longer frees context
    - rename libtss2 to libsapi
    - rename libtcti_device to libtcti-device
    - rename libtcti_socket to libtcti-socket
    - move $(includedir)/tss to $(includedir)/sapi
    - Move default compiler flags to config.site file.
  - Fixed
    - Fix run away resourcemgr threads by closing client sockets when resourcemgr recv() call returns 0.
    - Set MSG_NOSIGNAL for client connections to avoid SIGPIPE killing resourcemgr.
    - Fixes to handling of persistent objects by resourcemgr.
  - Removed
    - Semicolon from TPMA_* macros definitions.
    - Windows build files.
    - SAPI_CLIENT macro tests.
  - Security
    - Fix buffer overflow in resourcemgr.
- use sample resourcemanager.service
- tpm2-0-tss-configure.patch: fix weird error.
 
- Remove type=forking from service file (bsc#995554)
- added a systemd unit service file (FATE#315631)
- Correct package naming to be in line with shared library guideline
- Remove unused systemd build and runtime dependencies
  (FATE#315631)
- Fix rpm group of library package: libs belong, per definition, to
  the group "System/Libraries". (FATE#315631)
- initial import of the tpm 2.0 tss stack (FATE#315631)

OBS-URL: https://build.opensuse.org/request/show/937743
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=117
2021-12-09 10:31:03 +00:00
d3c5c884e2 Accepting request 936752 from home:aplanas:branches:security
- Version 3.1.0 includes:
  + cover update to 2.4.5 (jsc#SLE-17366)
  + cover update to 2.3.0 (jsc#SLE-9515)
  + fix policy session for TPM2_PolicyAuthValue (bsc#1160736)

OBS-URL: https://build.opensuse.org/request/show/936752
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=116
2021-12-08 17:09:11 +00:00
5aa8997739 Accepting request 936605 from home:aplanas:branches:security
Rename the new subpackage

OBS-URL: https://build.opensuse.org/request/show/936605
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=115
2021-12-08 16:05:32 +00:00
af4cb0d3eb Accepting request 936541 from home:aplanas:branches:security
- Separate tpm2-tss-fapi.conf in a different subpackage

OBS-URL: https://build.opensuse.org/request/show/936541
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=114
2021-12-08 15:34:06 +00:00
525e740b90 Accepting request 936251 from home:aplanas:branches:security
- Obsoletes libtss2-fapi0

OBS-URL: https://build.opensuse.org/request/show/936251
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=113
2021-12-08 09:29:33 +00:00
Dominique Leuenberger
98eba292d4 Accepting request 906621 from security
- Remove conflicting sysusers.d file (forwarded request 906490 from gmbr3)

OBS-URL: https://build.opensuse.org/request/show/906621
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2-0-tss?expand=0&rev=27
2021-07-17 21:36:31 +00:00
7fefa963ed Accepting request 906490 from home:gmbr3:Active
- Remove conflicting sysusers.d file

OBS-URL: https://build.opensuse.org/request/show/906490
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=112
2021-07-16 08:13:53 +00:00
bcdc60d0a7 Accepting request 906442 from home:gmbr3:Active
- Clean spec file
- Add new library libtss2-tcti-pcap0
- Update to 3.1.0:
  * Fix FAPI PolicyPCR not instatiating correctly (CVE-2020-24455)
  * Fixed possible access outside the array in ifapi_calculate_tree
  * Added pcap TCTI
  * Added GlobalSign TPM Root CA certs to FAPI cert store
  * Changed EncryptDecrypt mode type to align with TPM2.0 spec 1.59
  * Added two new TPM commands TPM2_CC_CertifyX509,
    and TPM2_CC_ACT_SetTimeout

OBS-URL: https://build.opensuse.org/request/show/906442
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=111
2021-07-15 11:15:44 +00:00
Dominique Leuenberger
c0b9258829 Accepting request 902710 from security
- small services fixes and comments

OBS-URL: https://build.opensuse.org/request/show/902710
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2-0-tss?expand=0&rev=26
2021-07-02 11:26:22 +00:00
3495640baa - small services fixes and comments
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=110
2021-06-28 06:53:09 +00:00
Dominique Leuenberger
ccc94ddaa8 Accepting request 867410 from security
- update to 3.0.3:
  - changes in 3.0.3:
    * Fix Regression in Fapi_List
    * Fix memory leak in policy calculation
  - changes in 3.0.2:
    * FAPI: Fix setting of the system flag of NV objects
    * This will let NV object metadata be created system-wide always instead of
    * locally in the user. Existing metadata will remain in the user directory.
    * It can be moved to the corresponding systemstore manually if needed.
    * FAPI: Fix policy searching, when a policyRef was provided
    * FAPI: Accept EK-Certs without CRL dist point
    * FAPI: Fix return codes of Fapi_List
    * FAPI: Fix memleak in policy execution
    * FAPI: Fix coverity NULL-pointer check
    * FAPI: Set the written flag of NV objects in FAPI PolicyNV commands
    * FAPI: Fix deleting of policy files.
    * FAPI: Fix wrong file loading during object search.
    * Fapi: Fix memory leak
    * Fapi: Fix potential NULL-Dereference
    * Fapi: Remove superfluous NULL check
    * Fix a memory leak in async keystore load.

OBS-URL: https://build.opensuse.org/request/show/867410
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2-0-tss?expand=0&rev=25
2021-02-01 12:25:56 +00:00
2657dd4a32 note about download_files magic
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=108
2021-01-29 13:10:09 +00:00
1b371b3d5b further explanation abuot tmpfiles %ghost madness
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=107
2021-01-29 09:58:11 +00:00
1367d22f99 fix macros in comments
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=106
2021-01-28 09:46:02 +00:00
db6ae61a8c - update to 3.0.3:
- changes in 3.0.3:
    * Fix Regression in Fapi_List
    * Fix memory leak in policy calculation
  - changes in 3.0.2:
    * FAPI: Fix setting of the system flag of NV objects
    * This will let NV object metadata be created system-wide always instead of
    * locally in the user. Existing metadata will remain in the user directory.
    * It can be moved to the corresponding systemstore manually if needed.
    * FAPI: Fix policy searching, when a policyRef was provided
    * FAPI: Accept EK-Certs without CRL dist point
    * FAPI: Fix return codes of Fapi_List
    * FAPI: Fix memleak in policy execution
    * FAPI: Fix coverity NULL-pointer check
    * FAPI: Set the written flag of NV objects in FAPI PolicyNV commands
    * FAPI: Fix deleting of policy files.
    * FAPI: Fix wrong file loading during object search.
    * Fapi: Fix memory leak
    * Fapi: Fix potential NULL-Dereference
    * Fapi: Remove superfluous NULL check
    * Fix a memory leak in async keystore load.

OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=105
2021-01-28 09:21:04 +00:00
Dominique Leuenberger
259739975d Accepting request 844057 from security
- also add tctildr0 and cmd0 libraries to baselibs.conf
- move the tcti-fapi tmpfiles.d config file into the libtss2-fapi1 sub-package.
- improve the descriptions of new libraries (fapi1, cmd0, swtpm0)
- adjust baselibs.conf to match new library versions and added libraries

- Update to 3.0.1, changelog at:
  https://github.com/tpm2-software/tpm2-tss/blob/3.0.x/CHANGELOG.md
- Update libtss2-sys0 to libtss2-sys1
- Add new libs:
  * libtss2-fapi1
  * libtss2-tcti-cmd0
  * libtss2-tcti-swtpm0

OBS-URL: https://build.opensuse.org/request/show/844057
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2-0-tss?expand=0&rev=24
2020-10-28 08:58:30 +00:00
ec6907c8f9 OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=103 2020-10-26 08:24:22 +00:00
f5f7e05c1a OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=102 2020-10-26 08:23:05 +00:00
6054f8f0f8 OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=101 2020-10-23 10:56:19 +00:00
b111eaabb3 OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=100 2020-10-23 07:37:41 +00:00
a1c55ce29a OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=99 2020-10-22 14:02:30 +00:00
a083903c1f - move the tcti-fapi tmpfiles.d config file into the libtss2-fapi1 sub-package.
- improve the descriptions of new libraries (fapi1, cmd0, swtpm0)

OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=98
2020-10-22 11:43:23 +00:00
ac062faf0c Accepting request 843352 from home:Guillaume_G:branches:openSUSE:Factory
- Update to 3.0.1, changelog at:
  https://github.com/tpm2-software/tpm2-tss/blob/3.0.x/CHANGELOG.md
- Update libtss2-sys0 to libtss2-sys1
- Add new libs:
  * libtss2-fapi1
  * libtss2-tcti-cmd0
  * libtss2-tcti-swtpm0

OBS-URL: https://build.opensuse.org/request/show/843352
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=97
2020-10-22 10:27:22 +00:00
Dominique Leuenberger
d61f568b38 Accepting request 778720 from security
- Update to version 2.3.3
  * Fixed mixing salted and unsalted sessions in the same ESAPI
    context
  * Removed use of VLAs from TPML marshal code
  * Added check for object node before calling compute_session_value
    function
  * Fixed auth calculation in Esys_StartAuthSession called with
    optional parameters
  * Fixed compute_encrypted_salt error handling in
    Esys_StartAuthSession
  * Fixed exported symbols map for libtss2-mu

OBS-URL: https://build.opensuse.org/request/show/778720
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2-0-tss?expand=0&rev=23
2020-02-26 14:02:05 +00:00
11ea812f83 sync _service with current version
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=95
2020-02-24 09:44:44 +00:00
9dfcbbab6b Accepting request 778034 from home:mnhauke
- Update to version 2.3.3
  * Fixed mixing salted and unsalted sessions in the same ESAPI
    context
  * Removed use of VLAs from TPML marshal code
  * Added check for object node before calling compute_session_value
    function
  * Fixed auth calculation in Esys_StartAuthSession called with
    optional parameters
  * Fixed compute_encrypted_salt error handling in
    Esys_StartAuthSession
  * Fixed exported symbols map for libtss2-mu

OBS-URL: https://build.opensuse.org/request/show/778034
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-0-tss?expand=0&rev=94
2020-02-24 09:44:15 +00:00