------------------------------------------------------------------- Thu Dec 12 12:37:19 UTC 2024 - Lucas Mulling - Enable unit testing ------------------------------------------------------------------- Wed Dec 11 16:38:18 UTC 2024 - Lucas Mulling - Update to 1.9.1 + Fixed * configure: Change mistaken += to =. use user supplied --prefix even when p11kit is detected. * Remove warning about unable to find FAPI when it's is not-compiled in and not chosen as the beckend. * Fix memory leaks in tpm_create_transient_primary_from_template. * Fix NULL pointer dereference in db.c on uses of CKA_ALLOWED_MECHANISMS. * Fix offset miscalculation in FAPI backend that was corrupting data. * Support CKM_ECDH1_DERIVE via C_DeriveKey. * Fix usages of tpm2-ptool for its wrapped tpm2_ptool in tests. * Fix failing db upgrades on double conversion to int. * Fix db lock file due to missing parenthesis and order of operations. * documentation: Fix use of objects where tokens was meant. + Changed * --enable-fapi to --with-fapi. Note this is not a major version bump as its internal to builders only. However --enable-fapi left in place for backwards compat. + Add maintainer public key: tpm2-pkcs11.keyring ------------------------------------------------------------------- Thu May 18 15:29:46 UTC 2023 - Alberto Planas Dominguez - Merge subpackages lib and devel into the main one ------------------------------------------------------------------- Thu Feb 16 15:21:43 UTC 2023 - Alberto Planas Dominguez - Update to 1.9.0 + Fixed * Fix autoconf invocation on a release tarball not being a git repo for VERSION. VERSION file now generated and packaged as part of the release tarball from the git version information. * Fix TPM2_PKCS11_OWNER_AUTH not being used when a persistent SRK is needed in the C_InitToken path. * During an upgrade of the database to version 4, the config key 'persistent' is added instead of 'transient', causing KeyError when using the upgraded database. * Leave the original db on upgrade failure, a bug caused the original db to be unlinked not the upgraded db. * A bug prevented the use of CreateLoaded if the TPM supports the command. * A bug when creating keys through the PKCS11 interface (not tpm2-ptool), the attributes for CKA_ALLOWED_MECHANISMS were encoded as a hex string and not a sequence of ints within the YAML. Correcting this will trigger a db upgrade to 8 + Added * Env varibale PKCS11_SQL_LOCK to allow setting a lock directory, eg for temprary directory so lock files do not persist across reboots. ------------------------------------------------------------------- Fri Jul 8 12:23:01 UTC 2022 - Alberto Planas Dominguez - Update to 1.8.0 + Fixed * Fix GetRandom Memory Leak * Fix some spelling mistakes * Fix unit test test_parser * Fix importing of RSA private key through pkcs11 interface should fail. * Fix ECDSA signature length calculation. * Fix memory leak of tokens. * Fix suspicious sizeof usage in _str_padded_copy * Fix encoding errors when importing a certificate into the pkcs11 store. * Fix try/finally scope issues in tpm2_ptool. * Fix, an OOB access in db upgrade path. * Fix ECDSA length calculation that was causing issues with Mutual TLS in Firefox and Chrome. + Changed * remove unused macro set_safe_rc + Added * Add support for OpenSSL 3. Note that calls through engine are no longer supported on OpenSSL3. * Add tpm2_ptool export commandlet for exporting token keys into PEM and TPM blob format. - Add new dependencies to PyYAML, cryptography, pyasn1 and tpm2-pytss ------------------------------------------------------------------- Sat Feb 26 14:12:48 UTC 2022 - Callum Farmer - Use hardlinks in %fdupes for python files ------------------------------------------------------------------- Wed Oct 20 10:48:58 UTC 2021 - Callum Farmer - Add keyring & use source verification ------------------------------------------------------------------- Wed Oct 20 09:58:09 UTC 2021 - Alberto Planas Dominguez - Update to 1.7.0 + DB Schema Change from 5 to 7. * Backup your DB before upgrading + Fixed compilation issues with GCC11. + Fixed errors on releases due to newer compilers from failing by only adding -Werror for non-release builds. + Fixed error message when the DB is too new in tpm2_ptool. + Added support for tpm2_ptool import with ssh-keygen format keys. Note: Requires cryptography >= 3.0. + Changed default long level from error to warning. + Added better error message for FAPI backend errors along with docs/FAPI.md document. + Changed tpm2_ptool make --algorithm optional. + Fixed error message of wrong attribute name on expected attribute check to be false. + Added support for ECDSA 256, 384 and 512. + Fixed a bug in the Python code DB upgrade path from 4 to 5 where it didn't add AES mode CTR to CKA_ALLOWED_MECHANISMS. + Added tpm2_ptool support for ECC key size 192. + Added support passwordless login for tokens, ie not setting CKF_LOGIN_REQUIRED. + Fixed Running integration tests when Java version has the -ea, like on Debian 11 and OpenJDK 17. + Added support for HMAC keys using tpm2_ptool and the C_Sign and C_Verify interfaces. The following interfaces in ptool have support: * addkey: previous working versions of tpm2-tools will support this. * link: previous working versions of tpm2-tools will support this. * import: requires tpm2-tools 5.2+ for support. + Fixed leaking of temp file descriptors in tpm2_ptool. + Fixed wrong free in tpm code, should use Esys_Free. + Fixed a space formatting issue in tpm2_ptool verify. + Fixed leaked file descriptor in tpm2_ptool. + Fixed a few suspicious sizeof usages in str_padded_copy + Fixed a memory leak of the token list on a failure condition in initialization. ------------------------------------------------------------------- Sun Aug 22 11:04:39 UTC 2021 - Jan Engelhardt - Use definite tense in %description. ------------------------------------------------------------------- Sat Aug 21 13:32:30 UTC 2021 - Callum Farmer - Build and install python tools ------------------------------------------------------------------- Fri Aug 20 17:59:05 UTC 2021 - Callum Farmer - Clean spec file - Use better source URL - Split library - Don't package .la files - Create store directory - Move devel library to devel subpackage ------------------------------------------------------------------- Wed Sep 9 10:05:02 UTC 2020 - Alexander Evseev - 1.4.0 - New upstream version - 1.4.0 ------------------------------------------------------------------- Mon Aug 3 14:19:30 UTC 2020 - Alexander Evseev - 1.3.1 - First build. Version - 1.3.1