From d34e8168e294b932130c6fa2c2a9c98ec155af19c99e1af74b6d11b45a6fa8af Mon Sep 17 00:00:00 2001 From: Matthias Gerstner Date: Wed, 10 May 2017 11:58:47 +0000 Subject: [PATCH 1/5] - Major update to 2.0.0 - dropped fixes.patch, now part of the upstream version - a set of man pages have been added to the package - Upstream changes: * Tracked on the milestone: https://github.com/01org/tpm2.0-tools/milestone/2 * Reworked all the tools to support configurable TCTIs, based on build time configuration, one can specify the tcti via the --tcti (-T) option to all tools. * tpm2_getrandom interface made -s a positional argument. * Numerous bug fixes. OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=15 --- fixes.patch | 25 ------------------------- tpm2.0-tools.changes | 14 ++++++++++++++ tpm2.0-tools.spec | 5 ++--- v1.1.0.zip | 3 --- v2.0.0.zip | 3 +++ 5 files changed, 19 insertions(+), 31 deletions(-) delete mode 100644 fixes.patch delete mode 100644 v1.1.0.zip create mode 100644 v2.0.0.zip diff --git a/fixes.patch b/fixes.patch deleted file mode 100644 index 5523412..0000000 --- a/fixes.patch +++ /dev/null @@ -1,25 +0,0 @@ -Index: tpm2.0-tools-1.1.0/src/tpm2_listpcrs.cpp -=================================================================== ---- tpm2.0-tools-1.1.0.orig/src/tpm2_listpcrs.cpp -+++ tpm2.0-tools-1.1.0/src/tpm2_listpcrs.cpp -@@ -159,7 +159,7 @@ int readPcrValues() - return 0; - } - --int preparePcrSelections_g(TPMI_ALG_HASH algId) -+void preparePcrSelections_g(TPMI_ALG_HASH algId) - { - UINT32 pcrId = 0; - -Index: tpm2.0-tools-1.1.0/src/tpm2_rc_decode.c -=================================================================== ---- tpm2.0-tools-1.1.0.orig/src/tpm2_rc_decode.c -+++ tpm2.0-tools-1.1.0/src/tpm2_rc_decode.c -@@ -246,6 +246,7 @@ print_tpm_rc_tpm_error_code (TPM_RC rc) - fprintf (stderr, "Unknown TPM_RC format\n"); - return -1; - } -+ return 0; - } - /* Top level function to dump human readable data about TPM_RCs. - */ diff --git a/tpm2.0-tools.changes b/tpm2.0-tools.changes index c309c91..b955d8f 100644 --- a/tpm2.0-tools.changes +++ b/tpm2.0-tools.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Wed May 10 11:52:40 UTC 2017 - matthias.gerstner@suse.com + +- Major update to 2.0.0 + - dropped fixes.patch, now part of the upstream version + - a set of man pages have been added to the package + - Upstream changes: + * Tracked on the milestone: https://github.com/01org/tpm2.0-tools/milestone/2 + * Reworked all the tools to support configurable TCTIs, based on build time + configuration, one can specify the tcti via the --tcti (-T) option to all + tools. + * tpm2_getrandom interface made -s a positional argument. + * Numerous bug fixes. + ------------------------------------------------------------------- Mon Mar 6 16:23:15 UTC 2017 - meissner@suse.com diff --git a/tpm2.0-tools.spec b/tpm2.0-tools.spec index 54269f9..0387ac9 100644 --- a/tpm2.0-tools.spec +++ b/tpm2.0-tools.spec @@ -17,14 +17,13 @@ Name: tpm2.0-tools -Version: 1.1.0 +Version: 2.0.0 Release: 0 Summary: Trusted Platform Module (TPM) 2.0 administration tools License: BSD-3-Clause Group: Productivity/Security Url: https://github.com/01org/tpm2.0-tools Source0: https://github.com/01org/tpm2.0-tools/archive/v%{version}.zip -Patch0: fixes.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: gcc-c++ @@ -45,7 +44,6 @@ associated interfaces. %prep %setup -q -%patch0 -p1 %build bash ./bootstrap @@ -63,5 +61,6 @@ find %{buildroot} -type f -name "*.la" -delete -print %defattr(-,root,root) %doc README.md manual LICENSE /usr/sbin/tpm2_* +%{_mandir}/man8/tpm2_* %changelog diff --git a/v1.1.0.zip b/v1.1.0.zip deleted file mode 100644 index 60b02ba..0000000 --- a/v1.1.0.zip +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:8410472b4166035beba9eedc54c7f499666aee1d0258706eb0c9ddf7052e0dbb -size 251778 diff --git a/v2.0.0.zip b/v2.0.0.zip new file mode 100644 index 0000000..a1d4027 --- /dev/null +++ b/v2.0.0.zip @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:677458f94a1d29662cb2d02401c086d381c3642c1288374b802975e6581c9231 +size 318022 From 8e77d6920b3d51cf6744dac1087c7549b54a521e2e25bacb81d06e3a40c7330e Mon Sep 17 00:00:00 2001 From: Matthias Gerstner Date: Wed, 10 May 2017 12:27:03 +0000 Subject: [PATCH 2/5] fixed source URL, upstream has no consistent namin scheme ... OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=16 --- v2.0.0.zip => 2.0.0.zip | 0 tpm2.0-tools.spec | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename v2.0.0.zip => 2.0.0.zip (100%) diff --git a/v2.0.0.zip b/2.0.0.zip similarity index 100% rename from v2.0.0.zip rename to 2.0.0.zip diff --git a/tpm2.0-tools.spec b/tpm2.0-tools.spec index 0387ac9..cf9c7bd 100644 --- a/tpm2.0-tools.spec +++ b/tpm2.0-tools.spec @@ -23,7 +23,7 @@ Summary: Trusted Platform Module (TPM) 2.0 administration tools License: BSD-3-Clause Group: Productivity/Security Url: https://github.com/01org/tpm2.0-tools -Source0: https://github.com/01org/tpm2.0-tools/archive/v%{version}.zip +Source0: https://github.com/01org/tpm2.0-tools/archive/%{version}.zip BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: gcc-c++ From 3e796b468bc8dae884df1aef3fde4071d8353e045569ef50b4020116343840d4 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Fri, 2 Jun 2017 07:17:27 +0000 Subject: [PATCH 3/5] - tpm2.0-tools-fix-hardening.patch: do not disable fortify, do not use -Wstack-protector as it warns also for non-utilized functions and then -Werror fails. OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=17 --- tpm2.0-tools-fix-hardening.patch | 14 ++++++++++++++ tpm2.0-tools.changes | 7 +++++++ tpm2.0-tools.spec | 2 ++ 3 files changed, 23 insertions(+) create mode 100644 tpm2.0-tools-fix-hardening.patch diff --git a/tpm2.0-tools-fix-hardening.patch b/tpm2.0-tools-fix-hardening.patch new file mode 100644 index 0000000..c140801 --- /dev/null +++ b/tpm2.0-tools-fix-hardening.patch @@ -0,0 +1,14 @@ +--- tpm2.0-tools-2.0.0/configure.ac.fix 2017-06-02 09:15:49.118425187 +0200 ++++ tpm2.0-tools-2.0.0/configure.ac 2017-06-02 09:15:59.698416673 +0200 +@@ -100,11 +100,9 @@ + + add_hardened_c_flag([-Wformat]) + add_hardened_c_flag([-Wformat-security]) +- add_hardened_c_flag([-Wstack-protector]) + add_hardened_c_flag([-fstack-protector-all]) + + add_hardened_define_flag([-D_FORTIFY_SOURCE=2]) +- add_hardened_define_flag([-U_FORTIFY_SOURCE]) + + add_hardened_c_flag([-fPIC]) + add_hardened_ld_flag([[-shared]]) diff --git a/tpm2.0-tools.changes b/tpm2.0-tools.changes index b955d8f..5695dff 100644 --- a/tpm2.0-tools.changes +++ b/tpm2.0-tools.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Fri Jun 2 07:16:45 UTC 2017 - meissner@suse.com + +- tpm2.0-tools-fix-hardening.patch: do not disable fortify, + do not use -Wstack-protector as it warns also for non-utilized + functions and then -Werror fails. + ------------------------------------------------------------------- Wed May 10 11:52:40 UTC 2017 - matthias.gerstner@suse.com diff --git a/tpm2.0-tools.spec b/tpm2.0-tools.spec index cf9c7bd..f903423 100644 --- a/tpm2.0-tools.spec +++ b/tpm2.0-tools.spec @@ -24,6 +24,7 @@ License: BSD-3-Clause Group: Productivity/Security Url: https://github.com/01org/tpm2.0-tools Source0: https://github.com/01org/tpm2.0-tools/archive/%{version}.zip +Patch0: tpm2.0-tools-fix-hardening.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: gcc-c++ @@ -44,6 +45,7 @@ associated interfaces. %prep %setup -q +%patch0 -p1 %build bash ./bootstrap From 867d9609b52169d7fe1107ba23e1b6a11f187b81fbcedbe13717d92b8170a8a8 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Fri, 2 Jun 2017 07:36:48 +0000 Subject: [PATCH 4/5] OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=18 --- tpm2.0-tools-fix-gcc7.patch | 26 ++++++++++++++++++++++++++ tpm2.0-tools.spec | 2 ++ 2 files changed, 28 insertions(+) create mode 100644 tpm2.0-tools-fix-gcc7.patch diff --git a/tpm2.0-tools-fix-gcc7.patch b/tpm2.0-tools-fix-gcc7.patch new file mode 100644 index 0000000..8eb684e --- /dev/null +++ b/tpm2.0-tools-fix-gcc7.patch @@ -0,0 +1,26 @@ +Index: tpm2.0-tools-2.0.0/tools/main.c +=================================================================== +--- tpm2.0-tools-2.0.0.orig/tools/main.c ++++ tpm2.0-tools-2.0.0/tools/main.c +@@ -61,7 +61,7 @@ main (int argc, + execute_man (argv[0], envp); + fprintf (stderr, + "failed to load manpage, check your environment / PATH\n"); +- /* no break */ ++ /* FALLTHROUGH */ + case 2: + exit (1); + } +Index: tpm2.0-tools-2.0.0/tools/tpm2_dump_capability.c +=================================================================== +--- tpm2.0-tools-2.0.0.orig/tools/tpm2_dump_capability.c ++++ tpm2.0-tools-2.0.0/tools/tpm2_dump_capability.c +@@ -595,7 +595,7 @@ dump_tpm_capability (TPMU_CAPABILITIES + case TPM_CAP_COMMANDS: + dump_command_attr_array (capabilities->command.commandAttributes, + capabilities->command.count); +- /* no break */ ++ /* FALLTHROUGH */ + default: + return 1; + } diff --git a/tpm2.0-tools.spec b/tpm2.0-tools.spec index f903423..f1d37dd 100644 --- a/tpm2.0-tools.spec +++ b/tpm2.0-tools.spec @@ -25,6 +25,7 @@ Group: Productivity/Security Url: https://github.com/01org/tpm2.0-tools Source0: https://github.com/01org/tpm2.0-tools/archive/%{version}.zip Patch0: tpm2.0-tools-fix-hardening.patch +Patch1: tpm2.0-tools-fix-gcc7.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: gcc-c++ @@ -46,6 +47,7 @@ associated interfaces. %prep %setup -q %patch0 -p1 +%patch1 -p1 %build bash ./bootstrap From f72afddb76e25ddb000e8dd713d6d1ade24026ca012ec08be28d1d51aa7cc7a7 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Fri, 2 Jun 2017 07:38:55 +0000 Subject: [PATCH 5/5] - tpm2.0-tools-fix-gcc7.patch: fixed gcc7 case fallthrough errors OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=19 --- tpm2.0-tools.changes | 1 + 1 file changed, 1 insertion(+) diff --git a/tpm2.0-tools.changes b/tpm2.0-tools.changes index 5695dff..30fab5b 100644 --- a/tpm2.0-tools.changes +++ b/tpm2.0-tools.changes @@ -4,6 +4,7 @@ Fri Jun 2 07:16:45 UTC 2017 - meissner@suse.com - tpm2.0-tools-fix-hardening.patch: do not disable fortify, do not use -Wstack-protector as it warns also for non-utilized functions and then -Werror fails. +- tpm2.0-tools-fix-gcc7.patch: fixed gcc7 case fallthrough errors ------------------------------------------------------------------- Wed May 10 11:52:40 UTC 2017 - matthias.gerstner@suse.com