diff --git a/_service b/_service
index 82d6237..716288d 100644
--- a/_service
+++ b/_service
@@ -2,7 +2,7 @@
https://github.com/intel/tpm2-tools.git
git
- 4.1
+ 4.3.0
@PARENT_TAG@
disable
diff --git a/fix_bad_bufsize.patch b/fix_bad_bufsize.patch
deleted file mode 100644
index f9d5eeb..0000000
--- a/fix_bad_bufsize.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-Index: tpm2-tools-4.1/tools/tpm2_policytemplate.c
-===================================================================
---- tpm2-tools-4.1.orig/tools/tpm2_policytemplate.c
-+++ tpm2-tools-4.1/tools/tpm2_policytemplate.c
-@@ -23,7 +23,7 @@ static tpm2_policytemplate_ctx ctx;
-
- static bool process_input_template_hash(char *value) {
-
-- ctx.template_hash.size = UINT16_MAX;
-+ ctx.template_hash.size = sizeof(ctx.template_hash.buffer);
- bool result = files_load_bytes_from_buffer_or_file_or_stdin(NULL, value,
- &ctx.template_hash.size, ctx.template_hash.buffer);
- if (!result) {
-Index: tpm2-tools-4.1/tools/tpm2_policynamehash.c
-===================================================================
---- tpm2-tools-4.1.orig/tools/tpm2_policynamehash.c
-+++ tpm2-tools-4.1/tools/tpm2_policynamehash.c
-@@ -23,7 +23,7 @@ static tpm2_policynamehash_ctx ctx;
-
- static bool process_input_name_hash(char *value) {
-
-- ctx.name_hash.size = UINT16_MAX;
-+ ctx.name_hash.size = sizeof(ctx.name_hash.buffer);
- bool result = files_load_bytes_from_buffer_or_file_or_stdin(NULL, value,
- &ctx.name_hash.size, ctx.name_hash.buffer);
- if (!result) {
diff --git a/fix_bogus_warning.patch b/fix_bogus_warning.patch
index 8945cd5..c75ab17 100644
--- a/fix_bogus_warning.patch
+++ b/fix_bogus_warning.patch
@@ -1,16 +1,3 @@
-Index: tpm2-tools-4.1/lib/tpm2_hash.c
-===================================================================
---- tpm2-tools-4.1.orig/lib/tpm2_hash.c
-+++ tpm2-tools-4.1/lib/tpm2_hash.c
-@@ -14,7 +14,7 @@ static tool_rc tpm2_hash_common(ESYS_CON
- UINT16 inbuffer_len, TPM2B_DIGEST **result,
- TPMT_TK_HASHCHECK **validation) {
- bool use_left, done;
-- unsigned long left;
-+ unsigned long left = 0;
- size_t bytes_read;
- TPM2B_AUTH null_auth = TPM2B_EMPTY_INIT;
- TPMI_DH_OBJECT sequence_handle;
Index: tpm2-tools-4.1/lib/tpm2_attr_util.c
===================================================================
--- tpm2-tools-4.1.orig/lib/tpm2_attr_util.c
diff --git a/tpm2-tools-4.1.tar.gz b/tpm2-tools-4.1.tar.gz
deleted file mode 100644
index 84b7f7d..0000000
--- a/tpm2-tools-4.1.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:07ce37f552ed47f582fbc3423bc316fea64012ef15a92a25766a36534524dcf2
-size 779577
diff --git a/tpm2-tools-4.3.0.tar.gz b/tpm2-tools-4.3.0.tar.gz
new file mode 100644
index 0000000..1e3f277
--- /dev/null
+++ b/tpm2-tools-4.3.0.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ae009b3495b44a16faa3d94d41ac9c9d99c71723482efad53c5eea17eeed80fc
+size 881544
diff --git a/tpm2.0-tools.changes b/tpm2.0-tools.changes
index 81660c7..3cc64fa 100644
--- a/tpm2.0-tools.changes
+++ b/tpm2.0-tools.changes
@@ -1,3 +1,85 @@
+-------------------------------------------------------------------
+Thu Oct 22 11:58:16 UTC 2020 - Matthias Gerstner
+
+- update to version 4.3:
+ - changes in version 4.3:
+ - tss2_*: Fix double-free errors in commands asking for password authorization
+ - tss2_*: Fix shorthand command -f that was falsely requiring an argument
+ - tss2_*: Update tss2_encrypt to the new FAPI interface
+ - The argument 'policyPath' is removed which was never read anyway
+ - tss2_*: Remove the additional '\n' that was appended when redirecting to stdout
+ - tss2_*: Update mandatory vs optional treatment of arguments according to latest Fapi spec
+ - tss2_*: tss2_getinfo now retrieves the correct FAPI version from Fapi_GetInfo
+ - tss2_*: Fix the error handling in case of multiple inputs and/or outputs from stdin/stdout
+ - tss2_*: Fix syntax errors and update content of man pages according to latest Fapi spec
+ - tss2_*: Add parameter types to all man page
+ - tss2_*: tss2_setappdata now reads from file or stdin allowing to store also binary data
+ - tss2_*: Memory leaks are fixed in cases when a returned empty non-char output value was passed to file output
+ - tss2_pcrextend: fix extending PCR 0
+ - tss2_quote: fix unused TSS2_RC in LOG_ERR
+ - changes in 4.2.1:
+ - Fix missing handle maps for ESY3 handle breaks. See #1994.
+ - Bump ESYS minimum dependency version from 2.3.0 to 2.4.0.
+ - Fix for loop declarations build error.
+ - changes in 4.2:
+ - Fix various issues reported by static analysis tools.
+ - Add integration test for ECC based getekcertificate.
+ - Fix for issue #1959 where ARM builds were failing.
+ - Add a check in autotools to add "expect" as a package dependency for fapi tools.
+ - tpm2_createek: Drop the unused -p or --ek-auth option
+ - tpm2_policyor: List of policy files should be specified as an argument
+ - instead of -l option. The -l option is still retained for backwards
+ - compatibility. See issue#1894.
+ - tpm2_eventlog: add a tool for parsing and displaying the event log.
+ - tpm2_createek: Fix an issue where the template option looked for args
+ - tpm2_hierarchycontrol: Fixed bug where tool operation failed silently
+ - tpm2_nvdefine: Fixed an issue where text output suggested failures as passes
+ - tpm2_certify: Add an example usage in man page
+ - tpm2_policyor: Fix a bug where tool failed silently when no input were given
+ - tpm2_getekcertificate: Intel (R) PTT EK cert web portal is set as default address
+ - tpm2_alg_util.c: Fix a bug where string rsa3072 was not parsed
+ - .ci/download-deps.sh: Change tss dependency to 2.4.0 to acquire SAPI handles for cpHash calculations
+ - tpm2_policycphash: Add a tool to implement enhanced authorization with cpHash of a command
+ - Add options to tools to enable cpHash outputs: tpm2_nvsetbits, tpm2_nvextend,
+ tpm2_nvincrement, tpm2_nvread, tpm2_nvreadlock, tpm2_writelock, tpm2_nvdefine,
+ tpm2_nvundefine, tpm2_nvcertify, tpm2_policynv, tpm2_policyauthorizenv,
+ tpm2_policysecret, tpm2_create, tpm2_load, tpm2_activatecredential, tpm2_unseal,
+ tpm2_changeauth, tpm2_duplicate, tpm2_import, tpm2_rsadecrypt, tpm2_certify,
+ tpm2_certifycreation, tpm2_hierarchycontrol, tpm2_setprimarypolicy, tpm2_clearcontrol,
+ tpm2_dictionarylockout, tpm2_evictcontrol, tpm2_setclock, tpm2_clockrateadjust,
+ tpm2_clear, tpm2_nvwrite, tpm2_encryptdecrypt, tpm2_hmac.
+ - tpm2_import: Fix an issue where the imported key always required to have a policy
+ - tpm2_policysecret: Fix an issue where authorization model was fixed to password only
+ - Feature API (FAPI) tools added. These additional set of tools implement utilities
+ - using the FAPI which was added to the tpm2-tss v2.4.4:
+ tss2_decrypt, tss2_encrypt, tss2_list, tss2_changeauth, tss2_delete,
+ tss2_import, tss2_getinfo, tss2_createkey, tss2_createseal, tss2_exportkey,
+ tss2_getcertificate, tss2_getplatformcertificates, tss2_gettpmblobs,
+ tss2_getappdata, tss2_setappdata, tss2_setcertificate, tss2_sign,
+ tss2_verifysignature, tss2_verifyquote, tss2_createnv, tss2_nvextend,
+ tss2_nvincrement, tss2_nvread, tss2_nvsetbits, tss2_nvwrite,
+ tss2_getdescription, tss2_setdescription, tss2_pcrextend, tss2_quote,
+ tss2_pcrread, tss2_authorizepolicy, tss2_exportpolicy, tss2_import,
+ tss2_provision, tss2_getrandom, tss2_unseal, tss2_writeauthorizenv
+ - tpm2_policycountertimer: Fix an issue where operandB array was reversed causing faulty comparisons.
+ - changes in 4.1.1:
+ - tpm2_certify: Fix output of attestation data including size field. Now outputs just bytes.
+ - tpm2_certifycreation: Fix tool to match manpage where the code had the -C and -c options reversed.
+ - tpm2_gettime: Fix output of attestation data including size field. Now outputs just bytes.
+ - tpm2_nvcertify: Fix output of attestation data including size field. Now outputs just bytes.
+ - tpm2_nvreadpublic: add name hash output.
+ - tpm2_import: Support object policies when importing raw key material.
+ - Fix overflow in pcrs.h where sizeof() was used instead of ARRAY_LEN().
+ - build:
+ - Fix compilation issue: lib/tpm2_hash.c:17:19: note: 'left' was declared here.
+ - man:
+ - Fix manpage examples that have "sha" instead of "sha1"
+ - tpm2_shutdown manpage was missing, add it to build.
+ - Fix manpage example for tpm2_createak's tpm2_evictcontrol example.
+- Remove fix_bad_bufsize.patch: is now contained in upstream tarball
+- Adjust fix_bogus_warning.patch: one hunk no longer applies, upstream code
+ changed.
+
-------------------------------------------------------------------
Wed Dec 11 13:29:12 UTC 2019 - matthias.gerstner@suse.com
diff --git a/tpm2.0-tools.spec b/tpm2.0-tools.spec
index 12dc9be..9b94e82 100644
--- a/tpm2.0-tools.spec
+++ b/tpm2.0-tools.spec
@@ -1,7 +1,7 @@
#
# spec file for package tpm2.0-tools
#
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,15 +17,14 @@
Name: tpm2.0-tools
-Version: 4.1
+Version: 4.3.0
Release: 0
Summary: Trusted Platform Module (TPM) 2.0 administration tools
License: BSD-3-Clause
Group: Productivity/Security
-Url: https://github.com/tpm2-software/tpm2-tools/releases
+URL: https://github.com/tpm2-software/tpm2-tools/releases
Source0: https://github.com/tpm2-software/tpm2-tools/releases/download/%{version}/tpm2-tools-%{version}.tar.gz
Patch0: fix_bogus_warning.patch
-Patch1: fix_bad_bufsize.patch
BuildRequires: autoconf-archive
BuildRequires: automake
BuildRequires: gcc-c++
@@ -64,7 +63,6 @@ associated interfaces.
%prep
%setup -q -n tpm2-tools-%{version}
%patch0 -p1
-%patch1 -p1
%build
%configure --disable-static