pool/tpm2.0-abrmd
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
factory
tpm2.0-abrmd/tpm2.0-abrmd.changes

341 lines
15 KiB
Plaintext
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

-------------------------------------------------------------------
Tue May 23 12:31:21 UTC 2023 - Alberto Planas Dominguez <aplanas@suse.com>
- Cover ALP via the %{suse_version} macro
-------------------------------------------------------------------
Thu Dec 8 15:07:28 UTC 2022 - Alberto Planas Dominguez <aplanas@suse.com>
- Version 3.0.0
+ Fixed
* A bug in special command processing in TPM2_GetCapability when
an audit session is in use cuased tpm2-abrmd to abort.
+ Added
* New SELinux interfaces for communication with keylime
+ Changed
* DBUS permissions in tpm2-abrmd.conf to match the in-kernel RM,
ie /dev/tpmrm0, permissions. Now users MUST be in the tss group
to send to tpm2-abrmd over DBUS.
- Drop dbus-access.patch (merged in PR#805)
-------------------------------------------------------------------
Fri Jul 8 08:43:16 UTC 2022 - Alberto Planas Dominguez <aplanas@suse.com>
- Version 2.4.1
+ Added
Contributor Covenant Code of Conduct.
+ Fixed
* superflous warning messages about tcti status.
WARNING **: 11:00:56.205: tcti_conf before: "(null)"
WARNING **: 11:00:56.205: tcti_conf after: "mssim"
* GCC 11 build error: error: argument 2 of __atomic_load discards
'volatile' qualifier
* Initialize gerror pointer variable to NULL to fix use of
unitialized memory and segfault.
* Updated missing defaults in manpage.
* Port CI to composite actions in tpm2-software/ci.
+ Removed
Dependency on 'which' utility in configure.ac.
ubuntu-16.04 from CI.
-------------------------------------------------------------------
Mon Apr 4 10:45:24 UTC 2022 - Matthias Gerstner <matthias.gerstner@suse.com>
- dbus-access.patch: restrict D-Bus access to tpm2-abrmd to members of the tss
group (bsc#1197532). This prevents arbitrary users from meddling with TPM
state and thus potential denial-of-service vectors.
-------------------------------------------------------------------
Wed Dec 8 16:50:13 UTC 2021 - Alberto Planas Dominguez <aplanas@suse.com>
- Version 2.4.0
+ remover syslog deprecation warning (bsc#1185154)
+ cover update to 2.3.3 (jsc#SLE-17366)
+ contains reload fix (bsc#1166936)
+ fix tcti loading using short / long names (bsc#1159176)
-------------------------------------------------------------------
Mon Nov 29 12:54:02 UTC 2021 - Alberto Planas Dominguez <aplanas@suse.com>
- Warp selinux into a bcond
-------------------------------------------------------------------
Thu Nov 25 09:16:32 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
* harden_tpm2-abrmd.service.patch
-------------------------------------------------------------------
Sat Jul 17 21:04:13 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
- Move selinux devel file to devel subpackage
-------------------------------------------------------------------
Wed Jul 14 13:41:59 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
- Update to version 2.4.0:
- Service start depends on systemd device unit: dev-tpm0.device.
- Numerous memory leaks.
- udev settle service deprecation warnings.
- StandardOutput=syslog deprecation warnings.
- Add selinux module files
- Move dbus files out of /etc
-------------------------------------------------------------------
Wed Jun 9 09:37:38 UTC 2021 - Alberto Planas Dominguez <aplanas@suse.com>
- Requires libtss2-tcti-{device0,tabrmd0} (bsc#1187077).
In MicroOS systems the recommendations are not installed, making the
service fail to initialize: Failed to instantiate TCTI
-------------------------------------------------------------------
Thu Oct 22 12:15:24 UTC 2020 - Matthias Gerstner <matthias.gerstner@suse.com>
- update to version 2.3.3:
- changes in version 2.3.1:
- Fixed handle resource leak exhausting TPM resources.
- changes in version 2.3.2:
- Added cirrus CI specific config files to enable FreeBSD builds.
- Changed test scripts to be more portable.
- Changed include header paths specific to FreeBSD.
- changes in version 2.3.1:
- Provide meaningful exit codes on initialization failures.
- Prevent systemd from starting the daemon before udev changes ownership
of the TPM device node.
- Prevent systemd from starting the daemon if there is no TPM device node.
- Prevent systemd from restarting the daemon if it fails.
- Add SELinux policy to allow daemon to resolve names.
- Add SELinux policy boolean (disabled by default) to allow daemon to
connect to all unreserved ports.
-------------------------------------------------------------------
Wed Dec 11 11:55:13 UTC 2019 - matthias.gerstner@suse.com
- update to version 2.3.0:
- changes in version 2.3.0:
- Add '--enable-debug' flag to configure script to simplify debug builds.
This relies on the AX_CHECK_ENABLE_DEBUG autoconf archive macro.
- Replaced custom dynamic TCTI loading code with libtss2-tctildr from
upstream tpm2-tss repo. (requires tpm2-0-tss version 2.3.0)
- Explicitly set '-O2' optimization when using FORTIFY_SOURCE as required.
- changes in version 2.2.0:
- New configuration option `--disable-defaultflags/ added. This is
for use for packaging for targets that do not support the default
compilation / linking flags.
- Use private dependencies properly in pkg-config metadata for TCTI.
- Refactor daemon main module to enable better handling of error
conditions and enable more thorough unit testing.
- Updated dependencies to ensure compatibility with pkg-config fixes
in tpm2-tss.
- Fixed bug causing TCTI to block when used by libtss2-sys built with
partial reads enabled.
- Removed unnecessary libs / flags for pthreads in the TCTI pkg-config.
- Output from configure script now accurately describes the state of the
flags that govern the integration tests.
- drop fix_dlopen.patch: no longer necessary since abrmd not uses the tctildr
shared library. This one hopefully now does the right thing.
-------------------------------------------------------------------
Mon Aug 26 06:49:37 UTC 2019 - mgerstner <matthias.gerstner@suse.com>
- update to version 2.1.1:
- changes in version 2.1.1:
- Unit tests accessing dbus have been fixed to use mock functions. Unit
tests no longer depend on dbus.
- Race condition between client connections and dbus proxy object
creation by registering bus name after instantiation of the proxy object.
-------------------------------------------------------------------
Fri Apr 26 10:35:51 UTC 2019 - mvetter@suse.com
- bsc#1130588: Require shadow instead of old pwdutils
-------------------------------------------------------------------
Wed Mar 6 10:36:46 UTC 2019 - matthias.gerstner@suse.com
- update to version 2.1.0:
- changes in version 2.1.0:
- `-Wstrict-overflow=5` now used in default CFLAGS.
- Handling of `TPM2_RC_CONTEXT_GAP` on behalf of users.
- Convert `TPM2_PT_CONTEXT_GAP_MAX` response from lower layer to
`UINT32_MAX`
- travis-ci now uses 'xenial' builder
- Significant refactoring of TCTI handling code.
- `--install` added to ACLOCAL_AMFLAGS to install aclocal required macros
instead of using the default symlinks
- Launch `dbus-run-session` in the automake test environment to
automagically set up a dbus session bus instance when one isn't present.
- Bug caused by unloading of `libtss2-tcti-tabrmd.so` on dlclose. GLib
does not support reloading a second time.
- Bug causing `-fstack-protector-all` to be used on systems with core
libraries (i.e. libc) that do not support it. This caused failures at
link-time.
- Unnecessary symbols from libtest utility library no longer included in
TCTI library.
- changes in version 2.0.3:
- Update build to account for upstream change to glib '.pc' files
described in: https://gitlab.gnome.org/GNOME/glib/issues/1521
- added _service file for syncing with upstream tags
-------------------------------------------------------------------
Thu Oct 25 09:00:40 UTC 2018 - matthias.gerstner@suse.com
- add a Requires towards tpm2-0-tss, because that main package holds the udev
rules and logic for setting up the tss user. Without this the daemon can't
start up correctly.
-------------------------------------------------------------------
Tue Oct 23 15:46:28 UTC 2018 - matthias.gerstner@suse.com
- fix broken build due to newer glib dependency that reports a full path for
gdbus-codegen, breaking the configure check.
-------------------------------------------------------------------
Wed Sep 26 15:51:01 UTC 2018 - matthias.gerstner@suse.com
- update to version 2.0.2 (FATE#326270):
- --enable-integration option to configure script now works as documented.
- Format specifier with wrong size in util module.
- Initialize TCTI context to 0 before setting values. This will cause all
members that aren't explicitly initialized by be 0.
-------------------------------------------------------------------
Tue Sep 18 09:05:24 UTC 2018 - matthias.gerstner@suse.com
- add recommends to the tcti-device and tcti-abrmd. Otherwise they're not
installed right away, rendering the abrmd quite unusable.
-------------------------------------------------------------------
Fri Aug 10 10:02:21 UTC 2018 - matthias.gerstner@suse.com
- Update to version 2.0.1:
* SessionList: Fix Connection object reference leak.
* source/sink: Organize ControlMessage processing.
* CommandSource: Replace 'connection-removed' signal with ControlMessage.
* SessionList: Remove all locking.
* ConnectionManager: Remove 'connection-removed' signal.
* ci: Build 'check' target when CC is gcc.
* build: Fix bad URLs in configure script.
* CHANGELOG.md: Add version number and date for 2.0.1 release.
* Replace references to drand48_r family of functions for portability
* Fix for type-punned pointer reported in newer compilers that enforce strict aliasing
-------------------------------------------------------------------
Tue Jul 3 09:15:27 UTC 2018 - matthias.gerstner@suse.com
- Trying to fix build on older distros that fail because of a missing or
broken autoconf valgrind detection macro. Removing autoreconf to hopefully
fix this.
-------------------------------------------------------------------
Mon Jul 2 09:27:43 UTC 2018 - matthias.gerstner@suse.com
- add fix_dlopen.patch: fixes an issue with dlopen()'ing the tcti-device
library from tpm2-0-tss. See
https://github.com/tpm2-software/tpm2-abrmd/issues/486.
-------------------------------------------------------------------
Fri Jun 29 11:43:08 UTC 2018 - matthias.gerstner@suse.com
- update to major version 2.0.0:
- support_dbus_activation.diff: removed, is not contained upstream
- the tpm2 stack introduces an incompatible ABI to the previous version with
this update. There is no compatibility layer, libraries have new names
etc.
- upstream changelog:
## 2.0.0 - 2018-06-22
### Added
- Integration test script and build support to execute integration tests
against a physical TPM2 device on the build platform.
- Implementation of dynamic TCTI initialization mechanism.
- configure option `--enable-integration` to enable integration tests.
The simulator executable must be on PATH.
- Support for version 2.0 of tpm2-tss libraries.
### Changed
- 'max-transient-objects' command line option renamted to 'max-transients'.
- Added -Wextra for more strict checks at compile time.
- Install location of headers to $(includedir)/tss2.
### Fixed
- Added missing checks for NULL parameters identified by the check-build.
- Bug in session continuation logic.
- Off by one error in HandleMap.
- Memory leak and uninitialized variable issues in unit tests.
### Removed
- Command line option --fail-on-loaded-trans.
- udev rules for TPM device node. This now lives in the tpm2-tss repo.
- Remove legacy TCTI initialization functions.
- configure option `--with-simulatorbin`.
## 1.3.1 - 2018-03-18
### Fixed
- Distribute systemd preset template instead of the generated file.
## 1.3.0 - 2018-03-02
### Added
- New configure option (--test-hwtpm) to run integration tests against a
physical TPM2 device on the build platform.
- Install systemd service file to allow on-demand systemd unit activation.
### Changed
- Converted some inappropriate uses of g_error to critical / warning instead.
- Removed use of gen_require from SELinux policy, use dbus_stub instead.
- udev rules now give tss group read / write access to the TPM device node.
- udev rules now give tss user and group read / write access to kernel RM
node.
### Fixed
- Memory leak on an error path in the AccessBroker.
-------------------------------------------------------------------
Thu Feb 22 11:34:51 UTC 2018 - matthias.gerstner@suse.com
- update to upstream version 1.2.0:
- Limit maximum number of active sessions per connection with '--max-sessions'.
- Flush all transient objects and sessions on daemon start with '--flush-all'.
- Allow passing of sessions across connections with ContextSave / Load.
- Unref the GUnixFDList returned by GIO / dbus in the TCTI init function.
This fixes a memory leak in the TCTI library.
- correctly trigger udev to update /dev/tpm* permissions after package
installation. (bnc#1078687)
- prepared support_dbus_activation.diff patch which adds D-Bus activation, but
can't use it yet due to rpmlint
-------------------------------------------------------------------
Wed Nov 15 11:43:19 UTC 2017 - matthias.gerstner@suse.com
- fix_service_paths.diff: fixed broken systemd service unit (bnc#1066123). the
service unit file in the upstream distribution tarball is already configured
and looks for binaries and configuration files in the /usr/local prefix
which is wrong.
-------------------------------------------------------------------
Fri Sep 1 14:37:48 UTC 2017 - matthias.gerstner@suse.com
- package version symlink correctly, belongs into the lib package itself, not
the -devel.
-------------------------------------------------------------------
Wed Aug 30 08:29:07 UTC 2017 - matthias.gerstner@suse.com
- update to upstream version 1.1.1 which fixes some local denial-of-service
security issues among other things:
- Replace use of sigaction with g_unix_signal_* stuff from glib.
- Rewrite of INSTALL.md including info on custom configure script options.
- Default value for --with-simulatorbin configure option has been removed.
New default behavior is to disable integration tests.
- CommandSource will no longer reject commands without parameters.
- Unit tests updated to use cmocka v1.0.0 API.
- Integration tests now run daemon under valgrind memcheck and fail when
errors are found.
- CommandSource now tracks max FD in set of client FDs to prevent unnecessary
iterations over FD_SETSIZE fds.
- no longer call bootstrap and switch to the release upstream tarball which
has now been fixed to contain all necessary files
-------------------------------------------------------------------
Thu Jul 20 13:04:41 UTC 2017 - matthias.gerstner@suse.com
- first version of the new arbmd resource manager from Intel's tpm2 stack.
This will replace the old resourcemgr previously shipped with the
tpm2-0-tss package.
Reference in New Issue View Git Blame Copy Permalink