rpm/tpm2.0-tools
SHA256
1
0
Fork 0
forked from pool/tpm2.0-tools
Code Pull Requests Activity

Accepting request 843599 from security

Browse Source 
- update to version 4.3:
  - changes in version 4.3:
    - tss2_*: Fix double-free errors in commands asking for password authorization
    - tss2_*: Fix shorthand command -f that was falsely requiring an argument
    - tss2_*: Update tss2_encrypt to the new FAPI interface
    - The argument 'policyPath' is removed which was never read anyway
    - tss2_*: Remove the additional '\n' that was appended when redirecting to stdout
    - tss2_*: Update mandatory vs optional treatment of arguments according to latest Fapi spec
    - tss2_*: tss2_getinfo now retrieves the correct FAPI version from Fapi_GetInfo
    - tss2_*: Fix the error handling in case of multiple inputs and/or outputs from stdin/stdout
    - tss2_*: Fix syntax errors and update content of man pages according to latest Fapi spec
    - tss2_*: Add parameter types to all man page
    - tss2_*: tss2_setappdata now reads from file or stdin allowing to store also binary data
    - tss2_*: Memory leaks are fixed in cases when a returned empty non-char output value was passed to file output
    - tss2_pcrextend: fix extending PCR 0
    - tss2_quote: fix unused TSS2_RC in LOG_ERR
  - changes in 4.2.1:
    - Fix missing handle maps for ESY3 handle breaks. See #1994.
    - Bump ESYS minimum dependency version from 2.3.0 to 2.4.0.
    - Fix for loop declarations build error.
  - changes in 4.2:
    - Fix various issues reported by static analysis tools.
    - Add integration test for ECC based getekcertificate.
    - Fix for issue #1959 where ARM builds were failing.
    - Add a check in autotools to add "expect" as a package dependency for fapi tools.
    - tpm2_createek: Drop the unused -p or --ek-auth option
    - tpm2_policyor: List of policy files should be specified as an argument
    - instead of -l option. The -l option is still retained for backwards
    - compatibility. See issue#1894.
    - tpm2_eventlog: add a tool for parsing and displaying the event log.

OBS-URL: https://build.opensuse.org/request/show/843599
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=21
This commit is contained in:
Dominique Leuenberger 2020-10-28 10:25:39 +00:00 committed by Git OBS Bridge
commit 143120c460
7 changed files with 93 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
_service
View File

@ -2,7 +2,7 @@
<service name="tar_scm" mode="disabled">
<param name="url">https://github.com/intel/tpm2-tools.git</param>
<param name="scm">git</param>
<param name="revision">4.1</param>
<param name="revision">4.3.0</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">disable</param>
</service>

26
fix_bad_bufsize.patch
View File

@ -1,26 +0,0 @@
Index: tpm2-tools-4.1/tools/tpm2_policytemplate.c
===================================================================
--- tpm2-tools-4.1.orig/tools/tpm2_policytemplate.c
+++ tpm2-tools-4.1/tools/tpm2_policytemplate.c
@@ -23,7 +23,7 @@ static tpm2_policytemplate_ctx ctx;
static bool process_input_template_hash(char *value) {
- ctx.template_hash.size = UINT16_MAX;
+ ctx.template_hash.size = sizeof(ctx.template_hash.buffer);
bool result = files_load_bytes_from_buffer_or_file_or_stdin(NULL, value,
&ctx.template_hash.size, ctx.template_hash.buffer);
if (!result) {
Index: tpm2-tools-4.1/tools/tpm2_policynamehash.c
===================================================================
--- tpm2-tools-4.1.orig/tools/tpm2_policynamehash.c
+++ tpm2-tools-4.1/tools/tpm2_policynamehash.c
@@ -23,7 +23,7 @@ static tpm2_policynamehash_ctx ctx;
static bool process_input_name_hash(char *value) {
- ctx.name_hash.size = UINT16_MAX;
+ ctx.name_hash.size = sizeof(ctx.name_hash.buffer);
bool result = files_load_bytes_from_buffer_or_file_or_stdin(NULL, value,
&ctx.name_hash.size, ctx.name_hash.buffer);
if (!result) {

13
fix_bogus_warning.patch
View File

@ -1,16 +1,3 @@
Index: tpm2-tools-4.1/lib/tpm2_hash.c
===================================================================
--- tpm2-tools-4.1.orig/lib/tpm2_hash.c
+++ tpm2-tools-4.1/lib/tpm2_hash.c
@@ -14,7 +14,7 @@ static tool_rc tpm2_hash_common(ESYS_CON
UINT16 inbuffer_len, TPM2B_DIGEST **result,
TPMT_TK_HASHCHECK **validation) {
bool use_left, done;
- unsigned long left;
+ unsigned long left = 0;
size_t bytes_read;
TPM2B_AUTH null_auth = TPM2B_EMPTY_INIT;
TPMI_DH_OBJECT sequence_handle;
Index: tpm2-tools-4.1/lib/tpm2_attr_util.c
===================================================================
--- tpm2-tools-4.1.orig/lib/tpm2_attr_util.c

3
tpm2-tools-4.1.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:07ce37f552ed47f582fbc3423bc316fea64012ef15a92a25766a36534524dcf2
size 779577

3
tpm2-tools-4.3.0.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:ae009b3495b44a16faa3d94d41ac9c9d99c71723482efad53c5eea17eeed80fc
size 881544

82
tpm2.0-tools.changes
View File

@ -1,3 +1,85 @@
-------------------------------------------------------------------
Thu Oct 22 11:58:16 UTC 2020 - Matthias Gerstner <matthias.gerstner@suse.com>
- update to version 4.3:
- changes in version 4.3:
- tss2_*: Fix double-free errors in commands asking for password authorization
- tss2_*: Fix shorthand command -f that was falsely requiring an argument
- tss2_*: Update tss2_encrypt to the new FAPI interface
- The argument 'policyPath' is removed which was never read anyway
- tss2_*: Remove the additional '\n' that was appended when redirecting to stdout
- tss2_*: Update mandatory vs optional treatment of arguments according to latest Fapi spec
- tss2_*: tss2_getinfo now retrieves the correct FAPI version from Fapi_GetInfo
- tss2_*: Fix the error handling in case of multiple inputs and/or outputs from stdin/stdout
- tss2_*: Fix syntax errors and update content of man pages according to latest Fapi spec
- tss2_*: Add parameter types to all man page
- tss2_*: tss2_setappdata now reads from file or stdin allowing to store also binary data
- tss2_*: Memory leaks are fixed in cases when a returned empty non-char output value was passed to file output
- tss2_pcrextend: fix extending PCR 0
- tss2_quote: fix unused TSS2_RC in LOG_ERR
- changes in 4.2.1:
- Fix missing handle maps for ESY3 handle breaks. See #1994.
- Bump ESYS minimum dependency version from 2.3.0 to 2.4.0.
- Fix for loop declarations build error.
- changes in 4.2:
- Fix various issues reported by static analysis tools.
- Add integration test for ECC based getekcertificate.
- Fix for issue #1959 where ARM builds were failing.
- Add a check in autotools to add "expect" as a package dependency for fapi tools.
- tpm2_createek: Drop the unused -p or --ek-auth option
- tpm2_policyor: List of policy files should be specified as an argument
- instead of -l option. The -l option is still retained for backwards
- compatibility. See issue#1894.
- tpm2_eventlog: add a tool for parsing and displaying the event log.
- tpm2_createek: Fix an issue where the template option looked for args
- tpm2_hierarchycontrol: Fixed bug where tool operation failed silently
- tpm2_nvdefine: Fixed an issue where text output suggested failures as passes
- tpm2_certify: Add an example usage in man page
- tpm2_policyor: Fix a bug where tool failed silently when no input were given
- tpm2_getekcertificate: Intel (R) PTT EK cert web portal is set as default address
- tpm2_alg_util.c: Fix a bug where string rsa3072 was not parsed
- .ci/download-deps.sh: Change tss dependency to 2.4.0 to acquire SAPI handles for cpHash calculations
- tpm2_policycphash: Add a tool to implement enhanced authorization with cpHash of a command
- Add options to tools to enable cpHash outputs: tpm2_nvsetbits, tpm2_nvextend,
tpm2_nvincrement, tpm2_nvread, tpm2_nvreadlock, tpm2_writelock, tpm2_nvdefine,
tpm2_nvundefine, tpm2_nvcertify, tpm2_policynv, tpm2_policyauthorizenv,
tpm2_policysecret, tpm2_create, tpm2_load, tpm2_activatecredential, tpm2_unseal,
tpm2_changeauth, tpm2_duplicate, tpm2_import, tpm2_rsadecrypt, tpm2_certify,
tpm2_certifycreation, tpm2_hierarchycontrol, tpm2_setprimarypolicy, tpm2_clearcontrol,
tpm2_dictionarylockout, tpm2_evictcontrol, tpm2_setclock, tpm2_clockrateadjust,
tpm2_clear, tpm2_nvwrite, tpm2_encryptdecrypt, tpm2_hmac.
- tpm2_import: Fix an issue where the imported key always required to have a policy
- tpm2_policysecret: Fix an issue where authorization model was fixed to password only
- Feature API (FAPI) tools added. These additional set of tools implement utilities
- using the FAPI which was added to the tpm2-tss v2.4.4:
tss2_decrypt, tss2_encrypt, tss2_list, tss2_changeauth, tss2_delete,
tss2_import, tss2_getinfo, tss2_createkey, tss2_createseal, tss2_exportkey,
tss2_getcertificate, tss2_getplatformcertificates, tss2_gettpmblobs,
tss2_getappdata, tss2_setappdata, tss2_setcertificate, tss2_sign,
tss2_verifysignature, tss2_verifyquote, tss2_createnv, tss2_nvextend,
tss2_nvincrement, tss2_nvread, tss2_nvsetbits, tss2_nvwrite,
tss2_getdescription, tss2_setdescription, tss2_pcrextend, tss2_quote,
tss2_pcrread, tss2_authorizepolicy, tss2_exportpolicy, tss2_import,
tss2_provision, tss2_getrandom, tss2_unseal, tss2_writeauthorizenv
- tpm2_policycountertimer: Fix an issue where operandB array was reversed causing faulty comparisons.
- changes in 4.1.1:
- tpm2_certify: Fix output of attestation data including size field. Now outputs just bytes.
- tpm2_certifycreation: Fix tool to match manpage where the code had the -C and -c options reversed.
- tpm2_gettime: Fix output of attestation data including size field. Now outputs just bytes.
- tpm2_nvcertify: Fix output of attestation data including size field. Now outputs just bytes.
- tpm2_nvreadpublic: add name hash output.
- tpm2_import: Support object policies when importing raw key material.
- Fix overflow in pcrs.h where sizeof() was used instead of ARRAY_LEN().
- build:
- Fix compilation issue: lib/tpm2_hash.c:17:19: note: 'left' was declared here.
- man:
- Fix manpage examples that have "sha" instead of "sha1"
- tpm2_shutdown manpage was missing, add it to build.
- Fix manpage example for tpm2_createak's tpm2_evictcontrol example.
- Remove fix_bad_bufsize.patch: is now contained in upstream tarball
- Adjust fix_bogus_warning.patch: one hunk no longer applies, upstream code
changed.
-------------------------------------------------------------------
Wed Dec 11 13:29:12 UTC 2019 - matthias.gerstner@suse.com

13
tpm2.0-tools.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package tpm2.0-tools
#
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -17,21 +17,21 @@
Name: tpm2.0-tools
Version: 4.1
Version: 4.3.0
Release: 0
Summary: Trusted Platform Module (TPM) 2.0 administration tools
License: BSD-3-Clause
Group: Productivity/Security
Url: https://github.com/tpm2-software/tpm2-tools/releases
URL: https://github.com/tpm2-software/tpm2-tools/releases
Source0: https://github.com/tpm2-software/tpm2-tools/releases/download/%{version}/tpm2-tools-%{version}.tar.gz
Patch0: fix_bogus_warning.patch
Patch1: fix_bad_bufsize.patch
BuildRequires: autoconf-archive
BuildRequires: automake
BuildRequires: gcc-c++
BuildRequires: libcurl-devel
BuildRequires: libopenssl-devel
BuildRequires: libtool
BuildRequires: libuuid-devel
%if 0%{?is_opensuse}
# releases prior to 3.0.4 required pandoc for building the man pages. On SLE
# we don't have pandoc and it requires a complete haskell stack so adding it
@ -64,7 +64,6 @@ associated interfaces.
%prep
%setup -q -n tpm2-tools-%{version}
%patch0 -p1
%patch1 -p1
%build
%configure --disable-static
@ -79,9 +78,11 @@ find %{buildroot} -type f -name "*.la" -delete -print
%files
%defattr(-,root,root)
%doc README.md LICENSE CHANGELOG.md
%doc README.md doc/LICENSE doc/CHANGELOG.md
/usr/bin/tpm2_*
/usr/bin/tss2_*
%{_mandir}/man1/tpm2_*
%{_mandir}/man1/tss2_*
%dir %{_datadir}/bash-completion
%dir %{_datadir}/bash-completion/completions
%{_datadir}/bash-completion/completions/*