Accepting request 500551 from security

- tpm2.0-tools-fix-hardening.patch: do not disable fortify,
  do not use -Wstack-protector as it warns also for non-utilized
  functions and then -Werror fails.
- tpm2.0-tools-fix-gcc7.patch: fixed gcc7 case fallthrough errors

- Major update to 2.0.0
  - dropped fixes.patch, now part of the upstream version
  - a set of man pages have been added to the package
  - Upstream changes:
    * Tracked on the milestone: https://github.com/01org/tpm2.0-tools/milestone/2
    * Reworked all the tools to support configurable TCTIs, based on build time
      configuration, one can specify the tcti via the --tcti (-T) option to all
      tools.
    * tpm2_getrandom interface made -s a positional argument.
    * Numerous bug fixes.

OBS-URL: https://build.opensuse.org/request/show/500551
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=4

2.0.0.zip

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:677458f94a1d29662cb2d02401c086d381c3642c1288374b802975e6581c9231
+size 318022

fixes.patch

@@ -1,25 +0,0 @@
-Index: tpm2.0-tools-1.1.0/src/tpm2_listpcrs.cpp
-===================================================================
---- tpm2.0-tools-1.1.0.orig/src/tpm2_listpcrs.cpp
-+++ tpm2.0-tools-1.1.0/src/tpm2_listpcrs.cpp
-@@ -159,7 +159,7 @@ int readPcrValues()
-     return 0;
- }
- 
--int preparePcrSelections_g(TPMI_ALG_HASH algId)
-+void preparePcrSelections_g(TPMI_ALG_HASH algId)
- {
-     UINT32 pcrId = 0;
- 
-Index: tpm2.0-tools-1.1.0/src/tpm2_rc_decode.c
-===================================================================
---- tpm2.0-tools-1.1.0.orig/src/tpm2_rc_decode.c
-+++ tpm2.0-tools-1.1.0/src/tpm2_rc_decode.c
-@@ -246,6 +246,7 @@ print_tpm_rc_tpm_error_code (TPM_RC rc)
-         fprintf (stderr, "Unknown TPM_RC format\n");
-         return -1;
-     }
-+    return 0;
- }
- /* Top level function to dump human readable data about TPM_RCs.
-  */

tpm2.0-tools-fix-gcc7.patch

@@ -0,0 +1,26 @@
+Index: tpm2.0-tools-2.0.0/tools/main.c
+===================================================================
+--- tpm2.0-tools-2.0.0.orig/tools/main.c
++++ tpm2.0-tools-2.0.0/tools/main.c
+@@ -61,7 +61,7 @@ main (int   argc,
+         execute_man (argv[0], envp);
+         fprintf (stderr,
+                  "failed to load manpage, check your environment / PATH\n");
+-        /* no break */
++        /* FALLTHROUGH */
+     case 2:
+         exit (1);
+     }
+Index: tpm2.0-tools-2.0.0/tools/tpm2_dump_capability.c
+===================================================================
+--- tpm2.0-tools-2.0.0.orig/tools/tpm2_dump_capability.c
++++ tpm2.0-tools-2.0.0/tools/tpm2_dump_capability.c
+@@ -595,7 +595,7 @@ dump_tpm_capability (TPMU_CAPABILITIES
+     case TPM_CAP_COMMANDS:
+         dump_command_attr_array (capabilities->command.commandAttributes,
+                                  capabilities->command.count);
+-        /* no break */
++        /* FALLTHROUGH */
+     default:
+         return 1;
+     }

tpm2.0-tools-fix-hardening.patch

@@ -0,0 +1,14 @@
+--- tpm2.0-tools-2.0.0/configure.ac.fix	2017-06-02 09:15:49.118425187 +0200
++++ tpm2.0-tools-2.0.0/configure.ac	2017-06-02 09:15:59.698416673 +0200
+@@ -100,11 +100,9 @@
+ 
+   add_hardened_c_flag([-Wformat])
+   add_hardened_c_flag([-Wformat-security])
+-  add_hardened_c_flag([-Wstack-protector])
+   add_hardened_c_flag([-fstack-protector-all])
+ 
+   add_hardened_define_flag([-D_FORTIFY_SOURCE=2])
+-  add_hardened_define_flag([-U_FORTIFY_SOURCE])
+ 
+   add_hardened_c_flag([-fPIC])
+   add_hardened_ld_flag([[-shared]])

tpm2.0-tools.changes

@@ -1,3 +1,25 @@
+-------------------------------------------------------------------
+Fri Jun  2 07:16:45 UTC 2017 - meissner@suse.com
+
+- tpm2.0-tools-fix-hardening.patch: do not disable fortify,
+  do not use -Wstack-protector as it warns also for non-utilized
+  functions and then -Werror fails.
+- tpm2.0-tools-fix-gcc7.patch: fixed gcc7 case fallthrough errors
+
+-------------------------------------------------------------------
+Wed May 10 11:52:40 UTC 2017 - matthias.gerstner@suse.com
+
+- Major update to 2.0.0
+  - dropped fixes.patch, now part of the upstream version
+  - a set of man pages have been added to the package
+  - Upstream changes:
+    * Tracked on the milestone: https://github.com/01org/tpm2.0-tools/milestone/2
+    * Reworked all the tools to support configurable TCTIs, based on build time
+      configuration, one can specify the tcti via the --tcti (-T) option to all
+      tools.
+    * tpm2_getrandom interface made -s a positional argument.
+    * Numerous bug fixes.
+
 -------------------------------------------------------------------
 Mon Mar  6 16:23:15 UTC 2017 - meissner@suse.com
 

tpm2.0-tools.spec

@@ -17,14 +17,15 @@
 
 
 Name:           tpm2.0-tools
-Version:        1.1.0
+Version:        2.0.0
 Release:        0
 Summary:        Trusted Platform Module (TPM) 2.0 administration tools
 License:        BSD-3-Clause
 Group:          Productivity/Security
 Url:            https://github.com/01org/tpm2.0-tools
-Source0:        https://github.com/01org/tpm2.0-tools/archive/v%{version}.zip
-Patch0:         fixes.patch
+Source0:        https://github.com/01org/tpm2.0-tools/archive/%{version}.zip
+Patch0:         tpm2.0-tools-fix-hardening.patch
+Patch1:         tpm2.0-tools-fix-gcc7.patch
 BuildRequires:  autoconf-archive
 BuildRequires:  automake
 BuildRequires:  gcc-c++
@@ -46,6 +47,7 @@ associated interfaces.
 %prep
 %setup -q
 %patch0 -p1
+%patch1 -p1
 
 %build
 bash ./bootstrap
@@ -63,5 +65,6 @@ find %{buildroot} -type f -name "*.la" -delete -print
 %defattr(-,root,root)
 %doc README.md manual LICENSE
 /usr/sbin/tpm2_*
+%{_mandir}/man8/tpm2_*
 
 %changelog

v1.1.0.zip

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:8410472b4166035beba9eedc54c7f499666aee1d0258706eb0c9ddf7052e0dbb
-size 251778