- Version 3.0.0
+ Fixed
* A bug in special command processing in TPM2_GetCapability when
an audit session is in use cuased tpm2-abrmd to abort.
+ Added
* New SELinux interfaces for communication with keylime
+ Changed
* DBUS permissions in tpm2-abrmd.conf to match the in-kernel RM,
ie /dev/tpmrm0, permissions. Now users MUST be in the tss group
to send to tpm2-abrmd over DBUS.
- Drop dbus-access.patch (merged in PR#805)
OBS-URL: https://build.opensuse.org/request/show/1041872
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-abrmd?expand=0&rev=71
- changes in version 2.3.1:
- Fixed handle resource leak exhausting TPM resources.
- changes in version 2.3.2:
- Added cirrus CI specific config files to enable FreeBSD builds.
- Changed test scripts to be more portable.
- Changed include header paths specific to FreeBSD.
- changes in version 2.3.1:
- Provide meaningful exit codes on initialization failures.
- Prevent systemd from starting the daemon before udev changes ownership
of the TPM device node.
- Prevent systemd from starting the daemon if there is no TPM device node.
- Prevent systemd from restarting the daemon if it fails.
- Add SELinux policy to allow daemon to resolve names.
- Add SELinux policy boolean (disabled by default) to allow daemon to
connect to all unreserved ports.
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-abrmd?expand=0&rev=53
- changes in version 2.3.0:
- Add '--enable-debug' flag to configure script to simplify debug builds.
This relies on the AX_CHECK_ENABLE_DEBUG autoconf archive macro.
- Replaced custom dynamic TCTI loading code with libtss2-tctildr from
upstream tpm2-tss repo. (requires tpm2-0-tss version 2.3.0)
- Explicitly set '-O2' optimization when using FORTIFY_SOURCE as required.
- changes in version 2.2.0:
- New configuration option `--disable-defaultflags/ added. This is
for use for packaging for targets that do not support the default
compilation / linking flags.
- Use private dependencies properly in pkg-config metadata for TCTI.
- Refactor daemon main module to enable better handling of error
conditions and enable more thorough unit testing.
- Updated dependencies to ensure compatibility with pkg-config fixes
in tpm2-tss.
- Fixed bug causing TCTI to block when used by libtss2-sys built with
partial reads enabled.
- Removed unnecessary libs / flags for pthreads in the TCTI pkg-config.
- Output from configure script now accurately describes the state of the
flags that govern the integration tests.
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-abrmd?expand=0&rev=50
- changes in version 2.1.1:
- Unit tests accessing dbus have been fixed to use mock functions. Unit
tests no longer depend on dbus.
- Race condition between client connections and dbus proxy object
creation by registering bus name after instantiation of the proxy object.
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-abrmd?expand=0&rev=48
- changes in 2.1.0:
- `-Wstrict-overflow=5` now used in default CFLAGS.
- Handling of `TPM2_RC_CONTEXT_GAP` on behalf of users.
- Convert `TPM2_PT_CONTEXT_GAP_MAX` response from lower layer to
`UINT32_MAX`
- travis-ci now uses 'xenial' builder
- Significant refactoring of TCTI handling code.
- `--install` added to ACLOCAL_AMFLAGS to install aclocal required macros
instead of using the default symlinks
- Launch `dbus-run-session` in the automake test environment to
automagically set up a dbus session bus instance when one isn't present.
- Bug caused by unloading of `libtss2-tcti-tabrmd.so` on dlclose. GLib
does not support reloading a second time.
- Bug causing `-fstack-protector-all` to be used on systems with core
libraries (i.e. libc) that do not support it. This caused failures at
link-time.
- Unnecessary symbols from libtest utility library no longer included in
TCTI library.
- changes in 2.0.3:
- Update build to account for upstream change to glib '.pc' files
described in: https://gitlab.gnome.org/GNOME/glib/issues/1521
- changes in 2.0.2:
- --enable-integration option to configure script now works as documented.
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-abrmd?expand=0&rev=43
- --enable-integration option to configure script now works as documented.
- Format specifier with wrong size in util module.
- Initialize TCTI context to 0 before setting values. This will cause all
members that aren't explicitly initialized by be 0.
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-abrmd?expand=0&rev=34
* SessionList: Fix Connection object reference leak.
* source/sink: Organize ControlMessage processing.
* CommandSource: Replace 'connection-removed' signal with ControlMessage.
* SessionList: Remove all locking.
* ConnectionManager: Remove 'connection-removed' signal.
* ci: Build 'check' target when CC is gcc.
* build: Fix bad URLs in configure script.
* CHANGELOG.md: Add version number and date for 2.0.1 release.
* Replace references to drand48_r family of functions for portability
* Fix for type-punned pointer reported in newer compilers that enforce strict aliasing
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-abrmd?expand=0&rev=28
- Limit maximum number of active sessions per connection with '--max-sessions'.
- Flush all transient objects and sessions on daemon start with '--flush-all'.
- Allow passing of sessions across connections with ContextSave / Load.
- Unref the GUnixFDList returned by GIO / dbus in the TCTI init function.
This fixes a memory leak in the TCTI library.
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-abrmd?expand=0&rev=15
security issues among other things:
- Replace use of sigaction with g_unix_signal_* stuff from glib.
- Rewrite of INSTALL.md including info on custom configure script options.
- Default value for --with-simulatorbin configure option has been removed.
New default behavior is to disable integration tests.
- CommandSource will no longer reject commands without parameters.
- Unit tests updated to use cmocka v1.0.0 API.
- Integration tests now run daemon under valgrind memcheck and fail when
errors are found.
- CommandSource now tracks max FD in set of client FDs to prevent unnecessary
iterations over FD_SETSIZE fds.
- no longer call bootstrap and switch to the release upstream tarball which
has now been fixed to contain all necessary files
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-abrmd?expand=0&rev=6
