b4aaef02e4- also enable SELinux features for SLE-16 (bsc#1240070). On SLE-16 abrmd does not work, because the SELinux configuration is missing and thus its operations are denied. Include SLE-16 to fix this.
devel
Matthias Gerstner2025-03-26 11:32:16 +00:00
9bffff1eff- dbus-access.patch: restrict D-Bus access to tpm2-abrmd to members of the tss group (bsc#1197532). This prevents arbitrary users from meddling with TPM state and thus potential denial-of-service vectors.Matthias Gerstner2022-04-04 11:06:24 +00:00
f5802a1cf0- restrict D-Bus access to tpm2-abrmd to members of the tss group (bsc#1197532). This prevents arbitrary users from meddling with TPM state and thus potential denial-of-service vectors.Matthias Gerstner2022-04-04 10:57:16 +00:00
878c029dde- update to version 2.3.3: - changes in version 2.3.1: - Fixed handle resource leak exhausting TPM resources. - changes in version 2.3.2: - Added cirrus CI specific config files to enable FreeBSD builds. - Changed test scripts to be more portable. - Changed include header paths specific to FreeBSD. - changes in version 2.3.1: - Provide meaningful exit codes on initialization failures. - Prevent systemd from starting the daemon before udev changes ownership of the TPM device node. - Prevent systemd from starting the daemon if there is no TPM device node. - Prevent systemd from restarting the daemon if it fails. - Add SELinux policy to allow daemon to resolve names. - Add SELinux policy boolean (disabled by default) to allow daemon to connect to all unreserved ports.Matthias Gerstner2020-10-22 12:19:32 +00:00
d451320a04- drop fix_dlopen.patch: no longer necessary since abrmd not uses the tctildr shared library. This one hopefully now does the right thing.Matthias Gerstner2019-12-11 12:02:48 +00:00
73b5f87efa- update to version 2.3.0: - changes in version 2.3.0: - Add '--enable-debug' flag to configure script to simplify debug builds. This relies on the AX_CHECK_ENABLE_DEBUG autoconf archive macro. - Replaced custom dynamic TCTI loading code with libtss2-tctildr from upstream tpm2-tss repo. (requires tpm2-0-tss version 2.3.0) - Explicitly set '-O2' optimization when using FORTIFY_SOURCE as required. - changes in version 2.2.0: - New configuration option `--disable-defaultflags/ added. This is for use for packaging for targets that do not support the default compilation / linking flags. - Use private dependencies properly in pkg-config metadata for TCTI. - Refactor daemon main module to enable better handling of error conditions and enable more thorough unit testing. - Updated dependencies to ensure compatibility with pkg-config fixes in tpm2-tss. - Fixed bug causing TCTI to block when used by libtss2-sys built with partial reads enabled. - Removed unnecessary libs / flags for pthreads in the TCTI pkg-config. - Output from configure script now accurately describes the state of the flags that govern the integration tests.Matthias Gerstner2019-12-11 12:00:43 +00:00
76e0c2b6a5- update to version 2.1.1: - changes in version 2.1.1: - Unit tests accessing dbus have been fixed to use mock functions. Unit tests no longer depend on dbus. - Race condition between client connections and dbus proxy object creation by registering bus name after instantiation of the proxy object.Matthias Gerstner2019-08-26 06:52:49 +00:00
6cbdab952aAccepting request 698147 from securityYuchen Lin2019-04-26 20:55:02 +00:00
d9c5e11335Accepting request 698139 from home:jubalh:branches:securityMatthias Gerstner2019-04-26 10:42:04 +00:00
fae18a1e25- update to version 2.1.0: - changes in 2.1.0: - -Wstrict-overflow=5 now used in default CFLAGS. - Handling of TPM2_RC_CONTEXT_GAP on behalf of users. - Convert TPM2_PT_CONTEXT_GAP_MAX response from lower layer to UINT32_MAX - travis-ci now uses 'xenial' builder - Significant refactoring of TCTI handling code. - --install added to ACLOCAL_AMFLAGS to install aclocal required macros instead of using the default symlinks - Launch dbus-run-session in the automake test environment to automagically set up a dbus session bus instance when one isn't present. - Bug caused by unloading of libtss2-tcti-tabrmd.so on dlclose. GLib does not support reloading a second time. - Bug causing -fstack-protector-all to be used on systems with core libraries (i.e. libc) that do not support it. This caused failures at link-time. - Unnecessary symbols from libtest utility library no longer included in TCTI library. - changes in 2.0.3: - Update build to account for upstream change to glib '.pc' files described in: https://gitlab.gnome.org/GNOME/glib/issues/1521 - changes in 2.0.2: - --enable-integration option to configure script now works as documented.Matthias Gerstner2019-03-06 10:39:57 +00:00
1d9194c69e- add a Requires towards tpm2-0-tss, because that main package holds the udev rules and logic for setting up the tss user. Without this the daemon can't start up correctly.Matthias Gerstner2018-10-25 09:01:40 +00:00
14047cdd08- fix broken build due to newer glib dependency that reports a full path for gdbus-codegen, breaking the configure check.Matthias Gerstner2018-10-23 15:47:33 +00:00
6860a81c92- update to version 2.0.2: - --enable-integration option to configure script now works as documented. - Format specifier with wrong size in util module. - Initialize TCTI context to 0 before setting values. This will cause all members that aren't explicitly initialized by be 0.Matthias Gerstner2018-09-26 15:56:05 +00:00
121abbe5e0Accepting request 636379 from securityYuchen Lin2018-09-19 12:30:37 +00:00
b29ad9fd05- add recommends to the tcti-device and tcti-abrmd. Otherwise they're not installed right away, rendering the abrmd quite unusable.Matthias Gerstner2018-09-18 09:05:57 +00:00
c0e2898883- Update to version 2.0.1: * SessionList: Fix Connection object reference leak. * source/sink: Organize ControlMessage processing. * CommandSource: Replace 'connection-removed' signal with ControlMessage. * SessionList: Remove all locking. * ConnectionManager: Remove 'connection-removed' signal. * ci: Build 'check' target when CC is gcc. * build: Fix bad URLs in configure script. * CHANGELOG.md: Add version number and date for 2.0.1 release. * Replace references to drand48_r family of functions for portability * Fix for type-punned pointer reported in newer compilers that enforce strict aliasingMatthias Gerstner2018-08-10 10:31:50 +00:00
ea25d61a41- Trying to fix build on older distros that fail because of a missing or broken autoconf valgrind detection macro. Removing autoreconf to hopefully fix this.Matthias Gerstner2018-07-03 09:21:33 +00:00
e7db476738reference added but unused patch to satisfy factory checkersMatthias Gerstner2018-02-22 12:17:22 +00:00
e91d8694b6- correctly trigger udev to update /dev/tpm* permissions after package installation. (bnc#1078687)Matthias Gerstner2018-02-22 11:39:11 +00:00
895b7f4def- update to upstream version 1.2.0: - Limit maximum number of active sessions per connection with '--max-sessions'. - Flush all transient objects and sessions on daemon start with '--flush-all'. - Allow passing of sessions across connections with ContextSave / Load. - Unref the GUnixFDList returned by GIO / dbus in the TCTI init function. This fixes a memory leak in the TCTI library.Matthias Gerstner2018-02-22 11:37:19 +00:00
177ba37246- service_path.patch: fixed broken systemd service unit (bnc#1066123). the service unit file in the upstream distribution tarball is already configured and looks for binaries and configuration files in the /usr/local prefix which is wrong.Matthias Gerstner2017-11-15 12:20:34 +00:00
b981d03939- fixed broken systemd service unit (bnc#1066123). the service unit file in the upstream distribution tarball is already configured and looks for binaries and configuration files in the /usr/local prefix which is wrong.Matthias Gerstner2017-11-15 11:44:33 +00:00
5acd8f14e1- update to upstream version 1.1.1 which fixes some local denial-of-service security issues among other things: - Replace use of sigaction with g_unix_signal_* stuff from glib. - Rewrite of INSTALL.md including info on custom configure script options. - Default value for --with-simulatorbin configure option has been removed. New default behavior is to disable integration tests. - CommandSource will no longer reject commands without parameters. - Unit tests updated to use cmocka v1.0.0 API. - Integration tests now run daemon under valgrind memcheck and fail when errors are found. - CommandSource now tracks max FD in set of client FDs to prevent unnecessary iterations over FD_SETSIZE fds. - no longer call bootstrap and switch to the release upstream tarball which has now been fixed to contain all necessary filesMatthias Gerstner2017-08-30 08:33:05 +00:00
Ana Guerrero
Matthias Gerstner
Dominique Leuenberger
Alberto Planas Dominguez
Marcus Meissner
Yuchen Lin