- Version 3.0.0
+ Fixed
* A bug in special command processing in TPM2_GetCapability when
an audit session is in use cuased tpm2-abrmd to abort.
+ Added
* New SELinux interfaces for communication with keylime
+ Changed
* DBUS permissions in tpm2-abrmd.conf to match the in-kernel RM,
ie /dev/tpmrm0, permissions. Now users MUST be in the tss group
to send to tpm2-abrmd over DBUS.
- Drop dbus-access.patch (merged in PR#805)
OBS-URL: https://build.opensuse.org/request/show/1041872
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-abrmd?expand=0&rev=71
- update to version 2.3.3:
- changes in version 2.3.1:
- Fixed handle resource leak exhausting TPM resources.
- changes in version 2.3.2:
- Added cirrus CI specific config files to enable FreeBSD builds.
- Changed test scripts to be more portable.
- Changed include header paths specific to FreeBSD.
- changes in version 2.3.1:
- Provide meaningful exit codes on initialization failures.
- Prevent systemd from starting the daemon before udev changes ownership
of the TPM device node.
- Prevent systemd from starting the daemon if there is no TPM device node.
- Prevent systemd from restarting the daemon if it fails.
- Add SELinux policy to allow daemon to resolve names.
- Add SELinux policy boolean (disabled by default) to allow daemon to
connect to all unreserved ports.
OBS-URL: https://build.opensuse.org/request/show/843600
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-abrmd?expand=0&rev=17
- changes in version 2.3.1:
- Fixed handle resource leak exhausting TPM resources.
- changes in version 2.3.2:
- Added cirrus CI specific config files to enable FreeBSD builds.
- Changed test scripts to be more portable.
- Changed include header paths specific to FreeBSD.
- changes in version 2.3.1:
- Provide meaningful exit codes on initialization failures.
- Prevent systemd from starting the daemon before udev changes ownership
of the TPM device node.
- Prevent systemd from starting the daemon if there is no TPM device node.
- Prevent systemd from restarting the daemon if it fails.
- Add SELinux policy to allow daemon to resolve names.
- Add SELinux policy boolean (disabled by default) to allow daemon to
connect to all unreserved ports.
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-abrmd?expand=0&rev=53
! please handle this together with sr#755853 for tpm2-0-tss !
- update to version 2.3.0:
- changes in version 2.3.0:
- Add '--enable-debug' flag to configure script to simplify debug builds.
This relies on the AX_CHECK_ENABLE_DEBUG autoconf archive macro.
- Replaced custom dynamic TCTI loading code with libtss2-tctildr from
upstream tpm2-tss repo. (requires tpm2-0-tss version 2.3.0)
- Explicitly set '-O2' optimization when using FORTIFY_SOURCE as required.
- changes in version 2.2.0:
- New configuration option `--disable-defaultflags/ added. This is
for use for packaging for targets that do not support the default
compilation / linking flags.
- Use private dependencies properly in pkg-config metadata for TCTI.
- Refactor daemon main module to enable better handling of error
conditions and enable more thorough unit testing.
- Updated dependencies to ensure compatibility with pkg-config fixes
in tpm2-tss.
- Fixed bug causing TCTI to block when used by libtss2-sys built with
partial reads enabled.
- Removed unnecessary libs / flags for pthreads in the TCTI pkg-config.
- Output from configure script now accurately describes the state of the
flags that govern the integration tests.
- drop fix_dlopen.patch: no longer necessary since abrmd not uses the tctildr
shared library. This one hopefully now does the right thing.
OBS-URL: https://build.opensuse.org/request/show/755854
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-abrmd?expand=0&rev=16
- changes in version 2.3.0:
- Add '--enable-debug' flag to configure script to simplify debug builds.
This relies on the AX_CHECK_ENABLE_DEBUG autoconf archive macro.
- Replaced custom dynamic TCTI loading code with libtss2-tctildr from
upstream tpm2-tss repo. (requires tpm2-0-tss version 2.3.0)
- Explicitly set '-O2' optimization when using FORTIFY_SOURCE as required.
- changes in version 2.2.0:
- New configuration option `--disable-defaultflags/ added. This is
for use for packaging for targets that do not support the default
compilation / linking flags.
- Use private dependencies properly in pkg-config metadata for TCTI.
- Refactor daemon main module to enable better handling of error
conditions and enable more thorough unit testing.
- Updated dependencies to ensure compatibility with pkg-config fixes
in tpm2-tss.
- Fixed bug causing TCTI to block when used by libtss2-sys built with
partial reads enabled.
- Removed unnecessary libs / flags for pthreads in the TCTI pkg-config.
- Output from configure script now accurately describes the state of the
flags that govern the integration tests.
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-abrmd?expand=0&rev=50
- changes in version 2.1.1:
- Unit tests accessing dbus have been fixed to use mock functions. Unit
tests no longer depend on dbus.
- Race condition between client connections and dbus proxy object
creation by registering bus name after instantiation of the proxy object.
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-abrmd?expand=0&rev=48
- update to version 2.1.0:
- changes in version 2.1.0:
- `-Wstrict-overflow=5` now used in default CFLAGS.
- Handling of `TPM2_RC_CONTEXT_GAP` on behalf of users.
- Convert `TPM2_PT_CONTEXT_GAP_MAX` response from lower layer to
`UINT32_MAX`
- travis-ci now uses 'xenial' builder
- Significant refactoring of TCTI handling code.
- `--install` added to ACLOCAL_AMFLAGS to install aclocal required macros
instead of using the default symlinks
- Launch `dbus-run-session` in the automake test environment to
automagically set up a dbus session bus instance when one isn't present.
- Bug caused by unloading of `libtss2-tcti-tabrmd.so` on dlclose. GLib
does not support reloading a second time.
- Bug causing `-fstack-protector-all` to be used on systems with core
libraries (i.e. libc) that do not support it. This caused failures at
link-time.
- Unnecessary symbols from libtest utility library no longer included in
TCTI library.
- changes in version 2.0.3:
- Update build to account for upstream change to glib '.pc' files
described in: https://gitlab.gnome.org/GNOME/glib/issues/1521
- added _service file for syncing with upstream tags
OBS-URL: https://build.opensuse.org/request/show/682103
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-abrmd?expand=0&rev=13
- changes in 2.1.0:
- `-Wstrict-overflow=5` now used in default CFLAGS.
- Handling of `TPM2_RC_CONTEXT_GAP` on behalf of users.
- Convert `TPM2_PT_CONTEXT_GAP_MAX` response from lower layer to
`UINT32_MAX`
- travis-ci now uses 'xenial' builder
- Significant refactoring of TCTI handling code.
- `--install` added to ACLOCAL_AMFLAGS to install aclocal required macros
instead of using the default symlinks
- Launch `dbus-run-session` in the automake test environment to
automagically set up a dbus session bus instance when one isn't present.
- Bug caused by unloading of `libtss2-tcti-tabrmd.so` on dlclose. GLib
does not support reloading a second time.
- Bug causing `-fstack-protector-all` to be used on systems with core
libraries (i.e. libc) that do not support it. This caused failures at
link-time.
- Unnecessary symbols from libtest utility library no longer included in
TCTI library.
- changes in 2.0.3:
- Update build to account for upstream change to glib '.pc' files
described in: https://gitlab.gnome.org/GNOME/glib/issues/1521
- changes in 2.0.2:
- --enable-integration option to configure script now works as documented.
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-abrmd?expand=0&rev=43
- --enable-integration option to configure script now works as documented.
- Format specifier with wrong size in util module.
- Initialize TCTI context to 0 before setting values. This will cause all
members that aren't explicitly initialized by be 0.
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-abrmd?expand=0&rev=34
- Update to version 2.0.1:
* SessionList: Fix Connection object reference leak.
* source/sink: Organize ControlMessage processing.
* CommandSource: Replace 'connection-removed' signal with ControlMessage.
* SessionList: Remove all locking.
* ConnectionManager: Remove 'connection-removed' signal.
* ci: Build 'check' target when CC is gcc.
* build: Fix bad URLs in configure script.
* CHANGELOG.md: Add version number and date for 2.0.1 release.
* Replace references to drand48_r family of functions for portability
* Fix for type-punned pointer reported in newer compilers that enforce strict aliasing
OBS-URL: https://build.opensuse.org/request/show/628591
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-abrmd?expand=0&rev=7
