tpm2.0-abrmd/tpm2.0-abrmd.changes

-------------------------------------------------------------------
Thu Oct 25 09:00:40 UTC 2018 - matthias.gerstner@suse.com

- add a Requires towards tpm2-0-tss, because that main package holds the udev
  rules and logic for setting up the tss user. Without this the daemon can't
  start up correctly.

-------------------------------------------------------------------
Tue Oct 23 15:46:28 UTC 2018 - matthias.gerstner@suse.com

- fix broken build due to newer glib dependency that reports a full path for
  gdbus-codegen, breaking the configure check.

-------------------------------------------------------------------
Wed Sep 26 15:51:01 UTC 2018 - matthias.gerstner@suse.com

- update to version 2.0.2 (FATE#326270):
  - --enable-integration option to configure script now works as documented.
  - Format specifier with wrong size in util module.
  - Initialize TCTI context to 0 before setting values. This will cause all
    members that aren't explicitly initialized by be 0.

-------------------------------------------------------------------
Tue Sep 18 09:05:24 UTC 2018 - matthias.gerstner@suse.com

- add recommends to the tcti-device and tcti-abrmd. Otherwise they're not
  installed right away, rendering the abrmd quite unusable.

-------------------------------------------------------------------
Fri Aug 10 10:02:21 UTC 2018 - matthias.gerstner@suse.com

- Update to version 2.0.1:
  * SessionList: Fix Connection object reference leak.
  * source/sink: Organize ControlMessage processing.
  * CommandSource: Replace 'connection-removed' signal with ControlMessage.
  * SessionList: Remove all locking.
  * ConnectionManager: Remove 'connection-removed' signal.
  * ci: Build 'check' target when CC is gcc.
  * build: Fix bad URLs in configure script.
  * CHANGELOG.md: Add version number and date for 2.0.1 release.
  * Replace references to drand48_r family of functions for portability
  * Fix for type-punned pointer reported in newer compilers that enforce strict aliasing

-------------------------------------------------------------------
Tue Jul  3 09:15:27 UTC 2018 - matthias.gerstner@suse.com

- Trying to fix build on older distros that fail because of a missing or
  broken autoconf valgrind detection macro. Removing  autoreconf to hopefully
  fix this.

-------------------------------------------------------------------
Mon Jul  2 09:27:43 UTC 2018 - matthias.gerstner@suse.com

- add fix_dlopen.patch: fixes an issue with dlopen()'ing the tcti-device
  library from tpm2-0-tss. See
  https://github.com/tpm2-software/tpm2-abrmd/issues/486.

-------------------------------------------------------------------
Fri Jun 29 11:43:08 UTC 2018 - matthias.gerstner@suse.com

- update to major version 2.0.0:
  - support_dbus_activation.diff: removed, is not contained upstream
  - the tpm2 stack introduces an incompatible ABI to the previous version with
    this update. There is no compatibility layer, libraries have new names
etc.
  - upstream changelog:
    ## 2.0.0 - 2018-06-22
    ### Added
    - Integration test script and build support to execute integration tests
    against a physical TPM2 device on the build platform.
    - Implementation of dynamic TCTI initialization mechanism.
    - configure option `--enable-integration` to enable integration tests.
    The simulator executable must be on PATH.
    - Support for version 2.0 of tpm2-tss libraries.
    ### Changed
    - 'max-transient-objects' command line option renamted to 'max-transients'.
    - Added -Wextra for more strict checks at compile time.
    - Install location of headers to $(includedir)/tss2.
    ### Fixed
    - Added missing checks for NULL parameters identified by the check-build.
    - Bug in session continuation logic.
    - Off by one error in HandleMap.
    - Memory leak and uninitialized variable issues in unit tests.
    ### Removed
    - Command line option --fail-on-loaded-trans.
    - udev rules for TPM device node. This now lives in the tpm2-tss repo.
    - Remove legacy TCTI initialization functions.
    - configure option `--with-simulatorbin`.
    
    ## 1.3.1 - 2018-03-18
    ### Fixed
    - Distribute systemd preset template instead of the generated file.
    
    ## 1.3.0 - 2018-03-02
    ### Added
    - New configure option (--test-hwtpm) to run integration tests against a
    physical TPM2 device on the build platform.
    - Install systemd service file to allow on-demand systemd unit activation.
    ### Changed
    - Converted some inappropriate uses of g_error to critical / warning instead.
    - Removed use of gen_require from SELinux policy, use dbus_stub instead.
    - udev rules now give tss group read / write access to the TPM device node.
    - udev rules now give tss user and group read / write access to kernel RM
    node.
    ### Fixed
    - Memory leak on an error path in the AccessBroker.

-------------------------------------------------------------------
Thu Feb 22 11:34:51 UTC 2018 - matthias.gerstner@suse.com

- update to upstream version 1.2.0:
  - Limit maximum number of active sessions per connection with '--max-sessions'.
  - Flush all transient objects and sessions on daemon start with '--flush-all'.
  - Allow passing of sessions across connections with ContextSave / Load.
  - Unref the GUnixFDList returned by GIO / dbus in the TCTI init function.
    This fixes a memory leak in the TCTI library.
- correctly trigger udev to update /dev/tpm* permissions after package
  installation. (bnc#1078687)
- prepared support_dbus_activation.diff patch which adds D-Bus activation, but
  can't use it yet due to rpmlint

-------------------------------------------------------------------
Wed Nov 15 11:43:19 UTC 2017 - matthias.gerstner@suse.com

- fix_service_paths.diff: fixed broken systemd service unit (bnc#1066123). the
  service unit file in the upstream distribution tarball is already configured
  and looks for binaries and configuration files in the /usr/local prefix
  which is wrong.

-------------------------------------------------------------------
Fri Sep  1 14:37:48 UTC 2017 - matthias.gerstner@suse.com

- package version symlink correctly, belongs into the lib package itself, not
  the -devel.

-------------------------------------------------------------------
Wed Aug 30 08:29:07 UTC 2017 - matthias.gerstner@suse.com

- update to upstream version 1.1.1 which fixes some local denial-of-service
  security issues among other things:

  - Replace use of sigaction with g_unix_signal_* stuff from glib.
  - Rewrite of INSTALL.md including info on custom configure script options.
  - Default value for --with-simulatorbin configure option has been removed.
  New default behavior is to disable integration tests.
  - CommandSource will no longer reject commands without parameters.
  - Unit tests updated to use cmocka v1.0.0 API.
  - Integration tests now run daemon under valgrind memcheck and fail when
  errors are found.
  - CommandSource now tracks max FD in set of client FDs to prevent unnecessary
  iterations over FD_SETSIZE fds.

- no longer call bootstrap and switch to the release upstream tarball which
  has now been fixed to contain all necessary files

-------------------------------------------------------------------
Thu Jul 20 13:04:41 UTC 2017 - matthias.gerstner@suse.com

- first version of the new arbmd resource manager from Intel's tpm2 stack.
  This will replace the old resourcemgr previously shipped with the
  tpm2-0-tss package.
- add a Requires towards tpm2-0-tss, because that main package holds the udev rules and logic for setting up the tss user. Without this the daemon can't start up correctly. OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-abrmd?expand=0&rev=39 2018-10-25 11:01:40 +02:00			`-------------------------------------------------------------------`
			`Thu Oct 25 09:00:40 UTC 2018 - matthias.gerstner@suse.com`

			`- add a Requires towards tpm2-0-tss, because that main package holds the udev`
			`rules and logic for setting up the tss user. Without this the daemon can't`
			`start up correctly.`

- fix broken build due to newer glib dependency that reports a full path for gdbus-codegen, breaking the configure check. OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-abrmd?expand=0&rev=37 2018-10-23 17:47:33 +02:00			`-------------------------------------------------------------------`
			`Tue Oct 23 15:46:28 UTC 2018 - matthias.gerstner@suse.com`

			`- fix broken build due to newer glib dependency that reports a full path for`
			`gdbus-codegen, breaking the configure check.`

- update to version 2.0.2: - --enable-integration option to configure script now works as documented. - Format specifier with wrong size in util module. - Initialize TCTI context to 0 before setting values. This will cause all members that aren't explicitly initialized by be 0. OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-abrmd?expand=0&rev=34 2018-09-26 17:56:05 +02:00			`-------------------------------------------------------------------`
			`Wed Sep 26 15:51:01 UTC 2018 - matthias.gerstner@suse.com`

Incorporate FATE# in changes file for SLE-15-SP1 (bsc#1121860) OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-abrmd?expand=0&rev=41 2019-01-14 15:21:47 +01:00			`- update to version 2.0.2 (FATE#326270):`
- update to version 2.0.2: - --enable-integration option to configure script now works as documented. - Format specifier with wrong size in util module. - Initialize TCTI context to 0 before setting values. This will cause all members that aren't explicitly initialized by be 0. OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-abrmd?expand=0&rev=34 2018-09-26 17:56:05 +02:00			`- --enable-integration option to configure script now works as documented.`
			`- Format specifier with wrong size in util module.`
			`- Initialize TCTI context to 0 before setting values. This will cause all`
			`members that aren't explicitly initialized by be 0.`

- add recommends to the tcti-device and tcti-abrmd. Otherwise they're not installed right away, rendering the abrmd quite unusable. OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-abrmd?expand=0&rev=32 2018-09-18 11:05:57 +02:00			`-------------------------------------------------------------------`
			`Tue Sep 18 09:05:24 UTC 2018 - matthias.gerstner@suse.com`

			`- add recommends to the tcti-device and tcti-abrmd. Otherwise they're not`
			`installed right away, rendering the abrmd quite unusable.`

- Update to version 2.0.1: * SessionList: Fix Connection object reference leak. * source/sink: Organize ControlMessage processing. * CommandSource: Replace 'connection-removed' signal with ControlMessage. * SessionList: Remove all locking. * ConnectionManager: Remove 'connection-removed' signal. * ci: Build 'check' target when CC is gcc. * build: Fix bad URLs in configure script. * CHANGELOG.md: Add version number and date for 2.0.1 release. * Replace references to drand48_r family of functions for portability * Fix for type-punned pointer reported in newer compilers that enforce strict aliasing OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-abrmd?expand=0&rev=28 2018-08-10 12:31:50 +02:00			`-------------------------------------------------------------------`
			`Fri Aug 10 10:02:21 UTC 2018 - matthias.gerstner@suse.com`

			`- Update to version 2.0.1:`
			`* SessionList: Fix Connection object reference leak.`
			`* source/sink: Organize ControlMessage processing.`
			`* CommandSource: Replace 'connection-removed' signal with ControlMessage.`
			`* SessionList: Remove all locking.`
			`* ConnectionManager: Remove 'connection-removed' signal.`
			`* ci: Build 'check' target when CC is gcc.`
			`* build: Fix bad URLs in configure script.`
			`* CHANGELOG.md: Add version number and date for 2.0.1 release.`
			`* Replace references to drand48_r family of functions for portability`
			`* Fix for type-punned pointer reported in newer compilers that enforce strict aliasing`

- Trying to fix build on older distros that fail because of a missing or broken autoconf valgrind detection macro. Removing autoreconf to hopefully fix this. OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-abrmd?expand=0&rev=21 2018-07-03 11:21:33 +02:00			`-------------------------------------------------------------------`
			`Tue Jul 3 09:15:27 UTC 2018 - matthias.gerstner@suse.com`

			`- Trying to fix build on older distros that fail because of a missing or`
			`broken autoconf valgrind detection macro. Removing autoreconf to hopefully`
			`fix this.`

- add fix_dlopen.patch: fixes an issue with dlopen()'ing the tcti-device library from tpm2-0-tss. See https://github.com/tpm2-software/tpm2-abrmd/issues/486. OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-abrmd?expand=0&rev=20 2018-07-02 11:29:58 +02:00			`-------------------------------------------------------------------`
			`Mon Jul 2 09:27:43 UTC 2018 - matthias.gerstner@suse.com`

			`- add fix_dlopen.patch: fixes an issue with dlopen()'ing the tcti-device`
			`library from tpm2-0-tss. See`
			`https://github.com/tpm2-software/tpm2-abrmd/issues/486.`

OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-abrmd?expand=0&rev=19 2018-06-29 16:14:44 +02:00			`-------------------------------------------------------------------`
			`Fri Jun 29 11:43:08 UTC 2018 - matthias.gerstner@suse.com`

			`- update to major version 2.0.0:`
			`- support_dbus_activation.diff: removed, is not contained upstream`
			`- the tpm2 stack introduces an incompatible ABI to the previous version with`
			`this update. There is no compatibility layer, libraries have new names`
			`etc.`
			`- upstream changelog:`
			`## 2.0.0 - 2018-06-22`
			`### Added`
			`- Integration test script and build support to execute integration tests`
			`against a physical TPM2 device on the build platform.`
			`- Implementation of dynamic TCTI initialization mechanism.`
			- configure option `--enable-integration` to enable integration tests.
			`The simulator executable must be on PATH.`
			`- Support for version 2.0 of tpm2-tss libraries.`
			`### Changed`
			`- 'max-transient-objects' command line option renamted to 'max-transients'.`
			`- Added -Wextra for more strict checks at compile time.`
			`- Install location of headers to $(includedir)/tss2.`
			`### Fixed`
			`- Added missing checks for NULL parameters identified by the check-build.`
			`- Bug in session continuation logic.`
			`- Off by one error in HandleMap.`
			`- Memory leak and uninitialized variable issues in unit tests.`
			`### Removed`
			`- Command line option --fail-on-loaded-trans.`
			`- udev rules for TPM device node. This now lives in the tpm2-tss repo.`
			`- Remove legacy TCTI initialization functions.`
			- configure option `--with-simulatorbin`.

			`## 1.3.1 - 2018-03-18`
			`### Fixed`
			`- Distribute systemd preset template instead of the generated file.`

			`## 1.3.0 - 2018-03-02`
			`### Added`
			`- New configure option (--test-hwtpm) to run integration tests against a`
			`physical TPM2 device on the build platform.`
			`- Install systemd service file to allow on-demand systemd unit activation.`
			`### Changed`
			`- Converted some inappropriate uses of g_error to critical / warning instead.`
			`- Removed use of gen_require from SELinux policy, use dbus_stub instead.`
			`- udev rules now give tss group read / write access to the TPM device node.`
			`- udev rules now give tss user and group read / write access to kernel RM`
			`node.`
			`### Fixed`
			`- Memory leak on an error path in the AccessBroker.`

- update to upstream version 1.2.0: - Limit maximum number of active sessions per connection with '--max-sessions'. - Flush all transient objects and sessions on daemon start with '--flush-all'. - Allow passing of sessions across connections with ContextSave / Load. - Unref the GUnixFDList returned by GIO / dbus in the TCTI init function. This fixes a memory leak in the TCTI library. OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-abrmd?expand=0&rev=15 2018-02-22 12:37:19 +01:00			`-------------------------------------------------------------------`
			`Thu Feb 22 11:34:51 UTC 2018 - matthias.gerstner@suse.com`

			`- update to upstream version 1.2.0:`
			`- Limit maximum number of active sessions per connection with '--max-sessions'.`
			`- Flush all transient objects and sessions on daemon start with '--flush-all'.`
			`- Allow passing of sessions across connections with ContextSave / Load.`
			`- Unref the GUnixFDList returned by GIO / dbus in the TCTI init function.`
			`This fixes a memory leak in the TCTI library.`
- correctly trigger udev to update /dev/tpm* permissions after package installation. (bnc#1078687) OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-abrmd?expand=0&rev=16 2018-02-22 12:39:11 +01:00			`- correctly trigger udev to update /dev/tpm* permissions after package`
			`installation. (bnc#1078687)`
reference added but unused patch to satisfy factory checkers - prepared support_dbus_activation.diff patch which adds D-Bus activation, but can't use it yet due to rpmlint OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-abrmd?expand=0&rev=17 2018-02-22 13:17:22 +01:00			`- prepared support_dbus_activation.diff patch which adds D-Bus activation, but`
			`can't use it yet due to rpmlint`
- update to upstream version 1.2.0: - Limit maximum number of active sessions per connection with '--max-sessions'. - Flush all transient objects and sessions on daemon start with '--flush-all'. - Allow passing of sessions across connections with ContextSave / Load. - Unref the GUnixFDList returned by GIO / dbus in the TCTI init function. This fixes a memory leak in the TCTI library. OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-abrmd?expand=0&rev=15 2018-02-22 12:37:19 +01:00
- fixed broken systemd service unit (bnc#1066123). the service unit file in the upstream distribution tarball is already configured and looks for binaries and configuration files in the /usr/local prefix which is wrong. OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-abrmd?expand=0&rev=11 2017-11-15 12:44:33 +01:00			`-------------------------------------------------------------------`
			`Wed Nov 15 11:43:19 UTC 2017 - matthias.gerstner@suse.com`

removed bogus patch, added patch name to changes file. OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-abrmd?expand=0&rev=13 2017-11-15 13:21:15 +01:00			`- fix_service_paths.diff: fixed broken systemd service unit (bnc#1066123). the`
- service_path.patch: fixed broken systemd service unit (bnc#1066123). the service unit file in the upstream distribution tarball is already configured and looks for binaries and configuration files in the /usr/local prefix which is wrong. OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-abrmd?expand=0&rev=12 2017-11-15 13:20:34 +01:00			`service unit file in the upstream distribution tarball is already configured`
			`and looks for binaries and configuration files in the /usr/local prefix`
			`which is wrong.`
- fixed broken systemd service unit (bnc#1066123). the service unit file in the upstream distribution tarball is already configured and looks for binaries and configuration files in the /usr/local prefix which is wrong. OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-abrmd?expand=0&rev=11 2017-11-15 12:44:33 +01:00
- package version symlink correctly, belongs into the lib package itself, not the -devel. OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-abrmd?expand=0&rev=9 2017-09-01 16:38:05 +02:00			`-------------------------------------------------------------------`
			`Fri Sep 1 14:37:48 UTC 2017 - matthias.gerstner@suse.com`

			`- package version symlink correctly, belongs into the lib package itself, not`
			`the -devel.`

- update to upstream version 1.1.1 which fixes some local denial-of-service security issues among other things: - Replace use of sigaction with g_unix_signal_* stuff from glib. - Rewrite of INSTALL.md including info on custom configure script options. - Default value for --with-simulatorbin configure option has been removed. New default behavior is to disable integration tests. - CommandSource will no longer reject commands without parameters. - Unit tests updated to use cmocka v1.0.0 API. - Integration tests now run daemon under valgrind memcheck and fail when errors are found. - CommandSource now tracks max FD in set of client FDs to prevent unnecessary iterations over FD_SETSIZE fds. - no longer call bootstrap and switch to the release upstream tarball which has now been fixed to contain all necessary files OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-abrmd?expand=0&rev=6 2017-08-30 10:33:05 +02:00			`-------------------------------------------------------------------`
			`Wed Aug 30 08:29:07 UTC 2017 - matthias.gerstner@suse.com`

			`- update to upstream version 1.1.1 which fixes some local denial-of-service`
			`security issues among other things:`

			`- Replace use of sigaction with g_unix_signal_* stuff from glib.`
			`- Rewrite of INSTALL.md including info on custom configure script options.`
			`- Default value for --with-simulatorbin configure option has been removed.`
			`New default behavior is to disable integration tests.`
			`- CommandSource will no longer reject commands without parameters.`
			`- Unit tests updated to use cmocka v1.0.0 API.`
			`- Integration tests now run daemon under valgrind memcheck and fail when`
			`errors are found.`
			`- CommandSource now tracks max FD in set of client FDs to prevent unnecessary`
			`iterations over FD_SETSIZE fds.`

			`- no longer call bootstrap and switch to the release upstream tarball which`
			`has now been fixed to contain all necessary files`

Accepting request 514156 from home:mgerstner:branches:security New package tpm2.0-abrmd containing a new implementation of Intel's tpm 2.0 resource manager. The old one is currently delivered by way of package tpm-2-0-tss. This submission is coupled with updates for tpm2-0-tss and tpm2.0-tools which I will submit right after. OBS-URL: https://build.opensuse.org/request/show/514156 OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-abrmd?expand=0&rev=1 2017-08-03 10:13:01 +02:00			`-------------------------------------------------------------------`
			`Thu Jul 20 13:04:41 UTC 2017 - matthias.gerstner@suse.com`

			`- first version of the new arbmd resource manager from Intel's tpm2 stack.`
			`This will replace the old resourcemgr previously shipped with the`
			`tpm2-0-tss package.`