From 756009e46cc670f9ec5c2bd82987ef6c2db16af59e9dc3d8831cd5b902d85762 Mon Sep 17 00:00:00 2001 From: Matthias Gerstner Date: Thu, 22 Oct 2020 12:14:07 +0000 Subject: [PATCH] - update to version 4.3: - changes in version 4.3: - tss2_*: Fix double-free errors in commands asking for password authorization - tss2_*: Fix shorthand command -f that was falsely requiring an argument - tss2_*: Update tss2_encrypt to the new FAPI interface - The argument 'policyPath' is removed which was never read anyway - tss2_*: Remove the additional '\n' that was appended when redirecting to stdout - tss2_*: Update mandatory vs optional treatment of arguments according to latest Fapi spec - tss2_*: tss2_getinfo now retrieves the correct FAPI version from Fapi_GetInfo - tss2_*: Fix the error handling in case of multiple inputs and/or outputs from stdin/stdout - tss2_*: Fix syntax errors and update content of man pages according to latest Fapi spec - tss2_*: Add parameter types to all man page - tss2_*: tss2_setappdata now reads from file or stdin allowing to store also binary data - tss2_*: Memory leaks are fixed in cases when a returned empty non-char output value was passed to file output - tss2_pcrextend: fix extending PCR 0 - tss2_quote: fix unused TSS2_RC in LOG_ERR - changes in 4.2.1: - Fix missing handle maps for ESY3 handle breaks. See #1994. - Bump ESYS minimum dependency version from 2.3.0 to 2.4.0. - Fix for loop declarations build error. - changes in 4.2: - Fix various issues reported by static analysis tools. - Add integration test for ECC based getekcertificate. - Fix for issue #1959 where ARM builds were failing. - Add a check in autotools to add "expect" as a package dependency for fapi tools. - tpm2_createek: Drop the unused -p or --ek-auth option - tpm2_policyor: List of policy files should be specified as an argument - instead of -l option. The -l option is still retained for backwards - compatibility. See issue#1894. - tpm2_eventlog: add a tool for parsing and displaying the event log. OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=58 --- _service | 2 +- fix_bad_bufsize.patch | 26 ------------- fix_bogus_warning.patch | 13 ------- tpm2-tools-4.1.tar.gz | 3 -- tpm2-tools-4.3.0.tar.gz | 3 ++ tpm2.0-tools.changes | 82 +++++++++++++++++++++++++++++++++++++++++ tpm2.0-tools.spec | 8 ++-- 7 files changed, 89 insertions(+), 48 deletions(-) delete mode 100644 fix_bad_bufsize.patch delete mode 100644 tpm2-tools-4.1.tar.gz create mode 100644 tpm2-tools-4.3.0.tar.gz diff --git a/_service b/_service index 82d6237..716288d 100644 --- a/_service +++ b/_service @@ -2,7 +2,7 @@ https://github.com/intel/tpm2-tools.git git - 4.1 + 4.3.0 @PARENT_TAG@ disable diff --git a/fix_bad_bufsize.patch b/fix_bad_bufsize.patch deleted file mode 100644 index f9d5eeb..0000000 --- a/fix_bad_bufsize.patch +++ /dev/null @@ -1,26 +0,0 @@ -Index: tpm2-tools-4.1/tools/tpm2_policytemplate.c -=================================================================== ---- tpm2-tools-4.1.orig/tools/tpm2_policytemplate.c -+++ tpm2-tools-4.1/tools/tpm2_policytemplate.c -@@ -23,7 +23,7 @@ static tpm2_policytemplate_ctx ctx; - - static bool process_input_template_hash(char *value) { - -- ctx.template_hash.size = UINT16_MAX; -+ ctx.template_hash.size = sizeof(ctx.template_hash.buffer); - bool result = files_load_bytes_from_buffer_or_file_or_stdin(NULL, value, - &ctx.template_hash.size, ctx.template_hash.buffer); - if (!result) { -Index: tpm2-tools-4.1/tools/tpm2_policynamehash.c -=================================================================== ---- tpm2-tools-4.1.orig/tools/tpm2_policynamehash.c -+++ tpm2-tools-4.1/tools/tpm2_policynamehash.c -@@ -23,7 +23,7 @@ static tpm2_policynamehash_ctx ctx; - - static bool process_input_name_hash(char *value) { - -- ctx.name_hash.size = UINT16_MAX; -+ ctx.name_hash.size = sizeof(ctx.name_hash.buffer); - bool result = files_load_bytes_from_buffer_or_file_or_stdin(NULL, value, - &ctx.name_hash.size, ctx.name_hash.buffer); - if (!result) { diff --git a/fix_bogus_warning.patch b/fix_bogus_warning.patch index 8945cd5..c75ab17 100644 --- a/fix_bogus_warning.patch +++ b/fix_bogus_warning.patch @@ -1,16 +1,3 @@ -Index: tpm2-tools-4.1/lib/tpm2_hash.c -=================================================================== ---- tpm2-tools-4.1.orig/lib/tpm2_hash.c -+++ tpm2-tools-4.1/lib/tpm2_hash.c -@@ -14,7 +14,7 @@ static tool_rc tpm2_hash_common(ESYS_CON - UINT16 inbuffer_len, TPM2B_DIGEST **result, - TPMT_TK_HASHCHECK **validation) { - bool use_left, done; -- unsigned long left; -+ unsigned long left = 0; - size_t bytes_read; - TPM2B_AUTH null_auth = TPM2B_EMPTY_INIT; - TPMI_DH_OBJECT sequence_handle; Index: tpm2-tools-4.1/lib/tpm2_attr_util.c =================================================================== --- tpm2-tools-4.1.orig/lib/tpm2_attr_util.c diff --git a/tpm2-tools-4.1.tar.gz b/tpm2-tools-4.1.tar.gz deleted file mode 100644 index 84b7f7d..0000000 --- a/tpm2-tools-4.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:07ce37f552ed47f582fbc3423bc316fea64012ef15a92a25766a36534524dcf2 -size 779577 diff --git a/tpm2-tools-4.3.0.tar.gz b/tpm2-tools-4.3.0.tar.gz new file mode 100644 index 0000000..1e3f277 --- /dev/null +++ b/tpm2-tools-4.3.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ae009b3495b44a16faa3d94d41ac9c9d99c71723482efad53c5eea17eeed80fc +size 881544 diff --git a/tpm2.0-tools.changes b/tpm2.0-tools.changes index 81660c7..3cc64fa 100644 --- a/tpm2.0-tools.changes +++ b/tpm2.0-tools.changes @@ -1,3 +1,85 @@ +------------------------------------------------------------------- +Thu Oct 22 11:58:16 UTC 2020 - Matthias Gerstner + +- update to version 4.3: + - changes in version 4.3: + - tss2_*: Fix double-free errors in commands asking for password authorization + - tss2_*: Fix shorthand command -f that was falsely requiring an argument + - tss2_*: Update tss2_encrypt to the new FAPI interface + - The argument 'policyPath' is removed which was never read anyway + - tss2_*: Remove the additional '\n' that was appended when redirecting to stdout + - tss2_*: Update mandatory vs optional treatment of arguments according to latest Fapi spec + - tss2_*: tss2_getinfo now retrieves the correct FAPI version from Fapi_GetInfo + - tss2_*: Fix the error handling in case of multiple inputs and/or outputs from stdin/stdout + - tss2_*: Fix syntax errors and update content of man pages according to latest Fapi spec + - tss2_*: Add parameter types to all man page + - tss2_*: tss2_setappdata now reads from file or stdin allowing to store also binary data + - tss2_*: Memory leaks are fixed in cases when a returned empty non-char output value was passed to file output + - tss2_pcrextend: fix extending PCR 0 + - tss2_quote: fix unused TSS2_RC in LOG_ERR + - changes in 4.2.1: + - Fix missing handle maps for ESY3 handle breaks. See #1994. + - Bump ESYS minimum dependency version from 2.3.0 to 2.4.0. + - Fix for loop declarations build error. + - changes in 4.2: + - Fix various issues reported by static analysis tools. + - Add integration test for ECC based getekcertificate. + - Fix for issue #1959 where ARM builds were failing. + - Add a check in autotools to add "expect" as a package dependency for fapi tools. + - tpm2_createek: Drop the unused -p or --ek-auth option + - tpm2_policyor: List of policy files should be specified as an argument + - instead of -l option. The -l option is still retained for backwards + - compatibility. See issue#1894. + - tpm2_eventlog: add a tool for parsing and displaying the event log. + - tpm2_createek: Fix an issue where the template option looked for args + - tpm2_hierarchycontrol: Fixed bug where tool operation failed silently + - tpm2_nvdefine: Fixed an issue where text output suggested failures as passes + - tpm2_certify: Add an example usage in man page + - tpm2_policyor: Fix a bug where tool failed silently when no input were given + - tpm2_getekcertificate: Intel (R) PTT EK cert web portal is set as default address + - tpm2_alg_util.c: Fix a bug where string rsa3072 was not parsed + - .ci/download-deps.sh: Change tss dependency to 2.4.0 to acquire SAPI handles for cpHash calculations + - tpm2_policycphash: Add a tool to implement enhanced authorization with cpHash of a command + - Add options to tools to enable cpHash outputs: tpm2_nvsetbits, tpm2_nvextend, + tpm2_nvincrement, tpm2_nvread, tpm2_nvreadlock, tpm2_writelock, tpm2_nvdefine, + tpm2_nvundefine, tpm2_nvcertify, tpm2_policynv, tpm2_policyauthorizenv, + tpm2_policysecret, tpm2_create, tpm2_load, tpm2_activatecredential, tpm2_unseal, + tpm2_changeauth, tpm2_duplicate, tpm2_import, tpm2_rsadecrypt, tpm2_certify, + tpm2_certifycreation, tpm2_hierarchycontrol, tpm2_setprimarypolicy, tpm2_clearcontrol, + tpm2_dictionarylockout, tpm2_evictcontrol, tpm2_setclock, tpm2_clockrateadjust, + tpm2_clear, tpm2_nvwrite, tpm2_encryptdecrypt, tpm2_hmac. + - tpm2_import: Fix an issue where the imported key always required to have a policy + - tpm2_policysecret: Fix an issue where authorization model was fixed to password only + - Feature API (FAPI) tools added. These additional set of tools implement utilities + - using the FAPI which was added to the tpm2-tss v2.4.4: + tss2_decrypt, tss2_encrypt, tss2_list, tss2_changeauth, tss2_delete, + tss2_import, tss2_getinfo, tss2_createkey, tss2_createseal, tss2_exportkey, + tss2_getcertificate, tss2_getplatformcertificates, tss2_gettpmblobs, + tss2_getappdata, tss2_setappdata, tss2_setcertificate, tss2_sign, + tss2_verifysignature, tss2_verifyquote, tss2_createnv, tss2_nvextend, + tss2_nvincrement, tss2_nvread, tss2_nvsetbits, tss2_nvwrite, + tss2_getdescription, tss2_setdescription, tss2_pcrextend, tss2_quote, + tss2_pcrread, tss2_authorizepolicy, tss2_exportpolicy, tss2_import, + tss2_provision, tss2_getrandom, tss2_unseal, tss2_writeauthorizenv + - tpm2_policycountertimer: Fix an issue where operandB array was reversed causing faulty comparisons. + - changes in 4.1.1: + - tpm2_certify: Fix output of attestation data including size field. Now outputs just bytes. + - tpm2_certifycreation: Fix tool to match manpage where the code had the -C and -c options reversed. + - tpm2_gettime: Fix output of attestation data including size field. Now outputs just bytes. + - tpm2_nvcertify: Fix output of attestation data including size field. Now outputs just bytes. + - tpm2_nvreadpublic: add name hash output. + - tpm2_import: Support object policies when importing raw key material. + - Fix overflow in pcrs.h where sizeof() was used instead of ARRAY_LEN(). + - build: + - Fix compilation issue: lib/tpm2_hash.c:17:19: note: 'left' was declared here. + - man: + - Fix manpage examples that have "sha" instead of "sha1" + - tpm2_shutdown manpage was missing, add it to build. + - Fix manpage example for tpm2_createak's tpm2_evictcontrol example. +- Remove fix_bad_bufsize.patch: is now contained in upstream tarball +- Adjust fix_bogus_warning.patch: one hunk no longer applies, upstream code + changed. + ------------------------------------------------------------------- Wed Dec 11 13:29:12 UTC 2019 - matthias.gerstner@suse.com diff --git a/tpm2.0-tools.spec b/tpm2.0-tools.spec index 12dc9be..9b94e82 100644 --- a/tpm2.0-tools.spec +++ b/tpm2.0-tools.spec @@ -1,7 +1,7 @@ # # spec file for package tpm2.0-tools # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,15 +17,14 @@ Name: tpm2.0-tools -Version: 4.1 +Version: 4.3.0 Release: 0 Summary: Trusted Platform Module (TPM) 2.0 administration tools License: BSD-3-Clause Group: Productivity/Security -Url: https://github.com/tpm2-software/tpm2-tools/releases +URL: https://github.com/tpm2-software/tpm2-tools/releases Source0: https://github.com/tpm2-software/tpm2-tools/releases/download/%{version}/tpm2-tools-%{version}.tar.gz Patch0: fix_bogus_warning.patch -Patch1: fix_bad_bufsize.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: gcc-c++ @@ -64,7 +63,6 @@ associated interfaces. %prep %setup -q -n tpm2-tools-%{version} %patch0 -p1 -%patch1 -p1 %build %configure --disable-static