pool/tpm2.0-abrmd
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
factory
tpm2.0-abrmd/tpm2.0-abrmd.changes

355 lines
16 KiB
Plaintext
Raw Permalink Normal View History

- Fix SELinux sbin/bin merge (bsc#1229047) 1229047-fix-bin-sbin-selinux.patch Can be dropped once https://github.com/tpm2-software/tpm2-abrmd/pull/846 is merged upstream OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-abrmd?expand=0&rev=78
2024-08-13 11:25:31 +02:00
-------------------------------------------------------------------
Tue Aug 13 08:52:59 UTC 2024 - Cathy Hu <cathy.hu@suse.com>
- Fix SELinux sbin/bin merge (bsc#1229047)
1229047-fix-bin-sbin-selinux.patch
Can be dropped once https://github.com/tpm2-software/tpm2-abrmd/pull/846
is merged upstream
-------------------------------------------------------------------
Thu Aug 1 09:39:15 UTC 2024 - Johannes Segitz <jsegitz@suse.com>
- Update harden_tpm2-abrmd.service.patch to contain necessary SELinux
changes (bsc#1209831)
-------------------------------------------------------------------
Tue May 23 12:31:21 UTC 2023 - Alberto Planas Dominguez <aplanas@suse.com>
- Cover ALP via the %{suse_version} macro
-------------------------------------------------------------------
Thu Dec 8 15:07:28 UTC 2022 - Alberto Planas Dominguez <aplanas@suse.com>
- Version 3.0.0
+ Fixed
* A bug in special command processing in TPM2_GetCapability when
an audit session is in use cuased tpm2-abrmd to abort.
+ Added
* New SELinux interfaces for communication with keylime
+ Changed
* DBUS permissions in tpm2-abrmd.conf to match the in-kernel RM,
ie /dev/tpmrm0, permissions. Now users MUST be in the tss group
to send to tpm2-abrmd over DBUS.
- Drop dbus-access.patch (merged in PR#805)
-------------------------------------------------------------------
Fri Jul 8 08:43:16 UTC 2022 - Alberto Planas Dominguez <aplanas@suse.com>
- Version 2.4.1
+ Added
Contributor Covenant Code of Conduct.
+ Fixed
* superflous warning messages about tcti status.
WARNING **: 11:00:56.205: tcti_conf before: "(null)"
WARNING **: 11:00:56.205: tcti_conf after: "mssim"
* GCC 11 build error: error: argument 2 of __atomic_load discards
'volatile' qualifier
* Initialize gerror pointer variable to NULL to fix use of
unitialized memory and segfault.
* Updated missing defaults in manpage.
* Port CI to composite actions in tpm2-software/ci.
+ Removed
Dependency on 'which' utility in configure.ac.
ubuntu-16.04 from CI.
-------------------------------------------------------------------
Mon Apr 4 10:45:24 UTC 2022 - Matthias Gerstner <matthias.gerstner@suse.com>
- dbus-access.patch: restrict D-Bus access to tpm2-abrmd to members of the tss
group (bsc#1197532). This prevents arbitrary users from meddling with TPM
state and thus potential denial-of-service vectors.
-------------------------------------------------------------------
Wed Dec 8 16:50:13 UTC 2021 - Alberto Planas Dominguez <aplanas@suse.com>
- Version 2.4.0
+ remover syslog deprecation warning (bsc#1185154)
+ cover update to 2.3.3 (jsc#SLE-17366)
+ contains reload fix (bsc#1166936)
+ fix tcti loading using short / long names (bsc#1159176)
-------------------------------------------------------------------
Mon Nov 29 12:54:02 UTC 2021 - Alberto Planas Dominguez <aplanas@suse.com>
- Warp selinux into a bcond
-------------------------------------------------------------------
Thu Nov 25 09:16:32 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
* harden_tpm2-abrmd.service.patch
-------------------------------------------------------------------
Sat Jul 17 21:04:13 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
- Move selinux devel file to devel subpackage
-------------------------------------------------------------------
Wed Jul 14 13:41:59 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
- Update to version 2.4.0:
- Service start depends on systemd device unit: dev-tpm0.device.
- Numerous memory leaks.
- udev settle service deprecation warnings.
- StandardOutput=syslog deprecation warnings.
- Add selinux module files
- Move dbus files out of /etc
-------------------------------------------------------------------
Wed Jun 9 09:37:38 UTC 2021 - Alberto Planas Dominguez <aplanas@suse.com>
- Requires libtss2-tcti-{device0,tabrmd0} (bsc#1187077).
In MicroOS systems the recommendations are not installed, making the
service fail to initialize: Failed to instantiate TCTI
-------------------------------------------------------------------
Thu Oct 22 12:15:24 UTC 2020 - Matthias Gerstner <matthias.gerstner@suse.com>
- update to version 2.3.3:
- changes in version 2.3.1:
- Fixed handle resource leak exhausting TPM resources.
- changes in version 2.3.2:
- Added cirrus CI specific config files to enable FreeBSD builds.
- Changed test scripts to be more portable.
- Changed include header paths specific to FreeBSD.
- changes in version 2.3.1:
- Provide meaningful exit codes on initialization failures.
- Prevent systemd from starting the daemon before udev changes ownership
of the TPM device node.
- Prevent systemd from starting the daemon if there is no TPM device node.
- Prevent systemd from restarting the daemon if it fails.
- Add SELinux policy to allow daemon to resolve names.
- Add SELinux policy boolean (disabled by default) to allow daemon to
connect to all unreserved ports.
-------------------------------------------------------------------
Wed Dec 11 11:55:13 UTC 2019 - matthias.gerstner@suse.com
- update to version 2.3.0:
- changes in version 2.3.0:
- Add '--enable-debug' flag to configure script to simplify debug builds.
This relies on the AX_CHECK_ENABLE_DEBUG autoconf archive macro.
- Replaced custom dynamic TCTI loading code with libtss2-tctildr from
upstream tpm2-tss repo. (requires tpm2-0-tss version 2.3.0)
- Explicitly set '-O2' optimization when using FORTIFY_SOURCE as required.
- changes in version 2.2.0:
- New configuration option `--disable-defaultflags/ added. This is
for use for packaging for targets that do not support the default
compilation / linking flags.
- Use private dependencies properly in pkg-config metadata for TCTI.
- Refactor daemon main module to enable better handling of error
conditions and enable more thorough unit testing.
- Updated dependencies to ensure compatibility with pkg-config fixes
in tpm2-tss.
- Fixed bug causing TCTI to block when used by libtss2-sys built with
partial reads enabled.
- Removed unnecessary libs / flags for pthreads in the TCTI pkg-config.
- Output from configure script now accurately describes the state of the
flags that govern the integration tests.
- drop fix_dlopen.patch: no longer necessary since abrmd not uses the tctildr
shared library. This one hopefully now does the right thing.
-------------------------------------------------------------------
Mon Aug 26 06:49:37 UTC 2019 - mgerstner <matthias.gerstner@suse.com>
- update to version 2.1.1:
- changes in version 2.1.1:
- Unit tests accessing dbus have been fixed to use mock functions. Unit
tests no longer depend on dbus.
- Race condition between client connections and dbus proxy object
creation by registering bus name after instantiation of the proxy object.
-------------------------------------------------------------------
Fri Apr 26 10:35:51 UTC 2019 - mvetter@suse.com
- bsc#1130588: Require shadow instead of old pwdutils
-------------------------------------------------------------------
Wed Mar 6 10:36:46 UTC 2019 - matthias.gerstner@suse.com
- update to version 2.1.0:
- changes in version 2.1.0:
- `-Wstrict-overflow=5` now used in default CFLAGS.
- Handling of `TPM2_RC_CONTEXT_GAP` on behalf of users.
- Convert `TPM2_PT_CONTEXT_GAP_MAX` response from lower layer to
`UINT32_MAX`
- travis-ci now uses 'xenial' builder
- Significant refactoring of TCTI handling code.
- `--install` added to ACLOCAL_AMFLAGS to install aclocal required macros
instead of using the default symlinks
- Launch `dbus-run-session` in the automake test environment to
automagically set up a dbus session bus instance when one isn't present.
- Bug caused by unloading of `libtss2-tcti-tabrmd.so` on dlclose. GLib
does not support reloading a second time.
- Bug causing `-fstack-protector-all` to be used on systems with core
libraries (i.e. libc) that do not support it. This caused failures at
link-time.
- Unnecessary symbols from libtest utility library no longer included in
TCTI library.
- changes in version 2.0.3:
- Update build to account for upstream change to glib '.pc' files
described in: https://gitlab.gnome.org/GNOME/glib/issues/1521
- added _service file for syncing with upstream tags
-------------------------------------------------------------------
Thu Oct 25 09:00:40 UTC 2018 - matthias.gerstner@suse.com
- add a Requires towards tpm2-0-tss, because that main package holds the udev
rules and logic for setting up the tss user. Without this the daemon can't
start up correctly.
-------------------------------------------------------------------
Tue Oct 23 15:46:28 UTC 2018 - matthias.gerstner@suse.com
- fix broken build due to newer glib dependency that reports a full path for
gdbus-codegen, breaking the configure check.
-------------------------------------------------------------------
Wed Sep 26 15:51:01 UTC 2018 - matthias.gerstner@suse.com
- update to version 2.0.2 (FATE#326270):
- --enable-integration option to configure script now works as documented.
- Format specifier with wrong size in util module.
- Initialize TCTI context to 0 before setting values. This will cause all
members that aren't explicitly initialized by be 0.
-------------------------------------------------------------------
Tue Sep 18 09:05:24 UTC 2018 - matthias.gerstner@suse.com
- add recommends to the tcti-device and tcti-abrmd. Otherwise they're not
installed right away, rendering the abrmd quite unusable.
-------------------------------------------------------------------
Fri Aug 10 10:02:21 UTC 2018 - matthias.gerstner@suse.com
- Update to version 2.0.1:
* SessionList: Fix Connection object reference leak.
* source/sink: Organize ControlMessage processing.
* CommandSource: Replace 'connection-removed' signal with ControlMessage.
* SessionList: Remove all locking.
* ConnectionManager: Remove 'connection-removed' signal.
* ci: Build 'check' target when CC is gcc.
* build: Fix bad URLs in configure script.
* CHANGELOG.md: Add version number and date for 2.0.1 release.
* Replace references to drand48_r family of functions for portability
* Fix for type-punned pointer reported in newer compilers that enforce strict aliasing
-------------------------------------------------------------------
Tue Jul 3 09:15:27 UTC 2018 - matthias.gerstner@suse.com
- Trying to fix build on older distros that fail because of a missing or
broken autoconf valgrind detection macro. Removing autoreconf to hopefully
fix this.
-------------------------------------------------------------------
Mon Jul 2 09:27:43 UTC 2018 - matthias.gerstner@suse.com
- add fix_dlopen.patch: fixes an issue with dlopen()'ing the tcti-device
library from tpm2-0-tss. See
https://github.com/tpm2-software/tpm2-abrmd/issues/486.
-------------------------------------------------------------------
Fri Jun 29 11:43:08 UTC 2018 - matthias.gerstner@suse.com
- update to major version 2.0.0:
- support_dbus_activation.diff: removed, is not contained upstream
- the tpm2 stack introduces an incompatible ABI to the previous version with
this update. There is no compatibility layer, libraries have new names
etc.
- upstream changelog:
## 2.0.0 - 2018-06-22
### Added
- Integration test script and build support to execute integration tests
against a physical TPM2 device on the build platform.
- Implementation of dynamic TCTI initialization mechanism.
- configure option `--enable-integration` to enable integration tests.
The simulator executable must be on PATH.
- Support for version 2.0 of tpm2-tss libraries.
### Changed
- 'max-transient-objects' command line option renamted to 'max-transients'.
- Added -Wextra for more strict checks at compile time.
- Install location of headers to $(includedir)/tss2.
### Fixed
- Added missing checks for NULL parameters identified by the check-build.
- Bug in session continuation logic.
- Off by one error in HandleMap.
- Memory leak and uninitialized variable issues in unit tests.
### Removed
- Command line option --fail-on-loaded-trans.
- udev rules for TPM device node. This now lives in the tpm2-tss repo.
- Remove legacy TCTI initialization functions.
- configure option `--with-simulatorbin`.
## 1.3.1 - 2018-03-18
### Fixed
- Distribute systemd preset template instead of the generated file.
## 1.3.0 - 2018-03-02
### Added
- New configure option (--test-hwtpm) to run integration tests against a
physical TPM2 device on the build platform.
- Install systemd service file to allow on-demand systemd unit activation.
### Changed
- Converted some inappropriate uses of g_error to critical / warning instead.
- Removed use of gen_require from SELinux policy, use dbus_stub instead.
- udev rules now give tss group read / write access to the TPM device node.
- udev rules now give tss user and group read / write access to kernel RM
node.
### Fixed
- Memory leak on an error path in the AccessBroker.
-------------------------------------------------------------------
Thu Feb 22 11:34:51 UTC 2018 - matthias.gerstner@suse.com
- update to upstream version 1.2.0:
- Limit maximum number of active sessions per connection with '--max-sessions'.
- Flush all transient objects and sessions on daemon start with '--flush-all'.
- Allow passing of sessions across connections with ContextSave / Load.
- Unref the GUnixFDList returned by GIO / dbus in the TCTI init function.
This fixes a memory leak in the TCTI library.
- correctly trigger udev to update /dev/tpm* permissions after package
installation. (bnc#1078687)
- prepared support_dbus_activation.diff patch which adds D-Bus activation, but
can't use it yet due to rpmlint
-------------------------------------------------------------------
Wed Nov 15 11:43:19 UTC 2017 - matthias.gerstner@suse.com
- fix_service_paths.diff: fixed broken systemd service unit (bnc#1066123). the
service unit file in the upstream distribution tarball is already configured
and looks for binaries and configuration files in the /usr/local prefix
which is wrong.
-------------------------------------------------------------------
Fri Sep 1 14:37:48 UTC 2017 - matthias.gerstner@suse.com
- package version symlink correctly, belongs into the lib package itself, not
the -devel.
-------------------------------------------------------------------
Wed Aug 30 08:29:07 UTC 2017 - matthias.gerstner@suse.com
- update to upstream version 1.1.1 which fixes some local denial-of-service
security issues among other things:
- Replace use of sigaction with g_unix_signal_* stuff from glib.
- Rewrite of INSTALL.md including info on custom configure script options.
- Default value for --with-simulatorbin configure option has been removed.
New default behavior is to disable integration tests.
- CommandSource will no longer reject commands without parameters.
- Unit tests updated to use cmocka v1.0.0 API.
- Integration tests now run daemon under valgrind memcheck and fail when
errors are found.
- CommandSource now tracks max FD in set of client FDs to prevent unnecessary
iterations over FD_SETSIZE fds.
- no longer call bootstrap and switch to the release upstream tarball which
has now been fixed to contain all necessary files
-------------------------------------------------------------------
Thu Jul 20 13:04:41 UTC 2017 - matthias.gerstner@suse.com
- first version of the new arbmd resource manager from Intel's tpm2 stack.
This will replace the old resourcemgr previously shipped with the
tpm2-0-tss package.
Reference in New Issue Copy Permalink