- changes in version 4.3:
- tss2_*: Fix double-free errors in commands asking for password authorization
- tss2_*: Fix shorthand command -f that was falsely requiring an argument
- tss2_*: Update tss2_encrypt to the new FAPI interface
- The argument 'policyPath' is removed which was never read anyway
- tss2_*: Remove the additional '\n' that was appended when redirecting to stdout
- tss2_*: Update mandatory vs optional treatment of arguments according to latest Fapi spec
- tss2_*: tss2_getinfo now retrieves the correct FAPI version from Fapi_GetInfo
- tss2_*: Fix the error handling in case of multiple inputs and/or outputs from stdin/stdout
- tss2_*: Fix syntax errors and update content of man pages according to latest Fapi spec
- tss2_*: Add parameter types to all man page
- tss2_*: tss2_setappdata now reads from file or stdin allowing to store also binary data
- tss2_*: Memory leaks are fixed in cases when a returned empty non-char output value was passed to file output
- tss2_pcrextend: fix extending PCR 0
- tss2_quote: fix unused TSS2_RC in LOG_ERR
- changes in 4.2.1:
- Fix missing handle maps for ESY3 handle breaks. See #1994.
- Bump ESYS minimum dependency version from 2.3.0 to 2.4.0.
- Fix for loop declarations build error.
- changes in 4.2:
- Fix various issues reported by static analysis tools.
- Add integration test for ECC based getekcertificate.
- Fix for issue #1959 where ARM builds were failing.
- Add a check in autotools to add "expect" as a package dependency for fapi tools.
- tpm2_createek: Drop the unused -p or --ek-auth option
- tpm2_policyor: List of policy files should be specified as an argument
- instead of -l option. The -l option is still retained for backwards
- compatibility. See issue#1894.
- tpm2_eventlog: add a tool for parsing and displaying the event log.
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=58
! please handle this together with sr#755853 for tpm2-0-tss !
- add fix_bad_bufsize.patch: fixes findings from compile time fread() checks
that indicate bad buffer size specification.
- add fix_bogus_warning.patch: fixes `maybe-unitialized` warnings that are
bogus, since the variables in questions will be initialized in any case
later on.
- update to major version 4.1:
- changes in version 4.1:
* tpm2_certifycreation: New tool enabling command TPM2_CertifyCreation.
* tpm2_checkquote:
- Fix YAML output bug.
- -g option for specifying hash algorithm is optional and defaults to
sha256.
* tpm2_changeeps: A new tool for changing the Endorsement hierarchy
primary seed.
* tpm2_changepps: A new tool for changing the Platform hierarchy primary seed.
* tpm2_clockrateadjust: Add a new tool for modifying the period on the TPM.
* tpm2_create: Add tool options for specifying output data for use in
certification
- --creation-data to save the creation data
- --creation-ticket or -t to save the creation ticket
- --creation-hash or -d to save the creation hash
- --template-data for saving the template data of the key
- --outside-info or -q for specifying unique data to include in creation data.
- --pcr-list or -l Add option to specify pcr list to add to creation data.
OBS-URL: https://build.opensuse.org/request/show/755855
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=20
- changes in version 4.1:
* tpm2_certifycreation: New tool enabling command TPM2_CertifyCreation.
* tpm2_checkquote:
- Fix YAML output bug.
- -g option for specifying hash algorithm is optional and defaults to
sha256.
* tpm2_changeeps: A new tool for changing the Endorsement hierarchy
primary seed.
* tpm2_changepps: A new tool for changing the Platform hierarchy primary seed.
* tpm2_clockrateadjust: Add a new tool for modifying the period on the TPM.
* tpm2_create: Add tool options for specifying output data for use in
certification
- --creation-data to save the creation data
- --creation-ticket or -t to save the creation ticket
- --creation-hash or -d to save the creation hash
- --template-data for saving the template data of the key
- --outside-info or -q for specifying unique data to include in creation data.
- --pcr-list or -l Add option to specify pcr list to add to creation data.
* tpm2_createprimary: Add tool options for specifying output data for use
in certification
- --creation-data to save the creation data
- --creation-ticket or -t to save the creation ticket
- --creation-hash or -d to save the creation hash
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=54
- update to minor version 3.1.3:
- Restore support for the TPM2TOOLS_* env vars for TCTI configuration, in
addition to supporting the new unified TPM2TOOLS_ENV_TCTI
- Fix tpm2_getcap to print properties with the TPM_PT prefix, rather than
TPM2_PT
- Make test_tpm2_activecredential Python 3 compatible
- Fix tpm2_takeownership to only attempt to change the specified hierarchies
- use a _service file to sync with upstream tags
OBS-URL: https://build.opensuse.org/request/show/682127
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=18
- Restore support for the TPM2TOOLS_* env vars for TCTI configuration, in
addition to supporting the new unified TPM2TOOLS_ENV_TCTI
- Fix tpm2_getcap to print properties with the TPM_PT prefix, rather than
TPM2_PT
- Make test_tpm2_activecredential Python 3 compatible
- Fix tpm2_takeownership to only attempt to change the specified hierarchies
- use a _service file to sync with upstream tags
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=50
- update to minor version 3.1.2:
- Revert the change to use user supplied object attributes exclusively. This
is an inappropriate behavioural change for a MINOR version number
increment.
- Fix inclusion of object attribute specifiers section in tpm2_create and
tpm2_createprimary man pages.
- Use better object attribute defaults for authentication, preventing an
empty password being used for authentication when a policy is set.
OBS-URL: https://build.opensuse.org/request/show/638482
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=16
- Revert the change to use user supplied object attributes exclusively. This
is an inappropriate behavioural change for a MINOR version number
increment.
- Fix inclusion of object attribute specifiers section in tpm2_create and
tpm2_createprimary man pages.
- Use better object attribute defaults for authentication, preventing an
empty password being used for authentication when a policy is set.
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=46
Please handle together with sr#620443, sr#620444, required dependencies.
- update to major version 3.1.0:
- the tpm2 stack introduces an incompatible ABI to the previous version with
this update. There is no compatibility layer, libraries have new names
- install-man.patch: dropped, because we don't really need it
- tpm2.0-tools-fix-hardening.patch: contained in upstream tarball now
s etc.
- upstream changelog:
* tpm2_unseal: -P becomes -p
* tpm2_sign: -P becomes -p
* tpm2_nvreadlock: long form for -P is now --auth-hierarchy
* tpm2_rsadecrypt: -P becomes -p
* tpm2_nvrelease: long-form of -P becomes --auth-hierarchy
* tpm2_nvdefine: -I becomes -p
* tpm2_encryptdecrypt: -P becomes -p
* tpm2_dictionarylockout: -P becomes -p
* tpm2_createprimary: -K becomes -p
* tpm2_createak: -E becomes -e
* tpm2_certify: -k becomes -p
* tpm2_hash: -g changes to -G
* tpm2_encryptdecrypt: Support IVs via -i and algorithm modes via -G.
* tpm2_hmac: drop -g, just use the algorithm associated with the object.
* tpm2_getmanufec: -g changes to -G
* tpm2_createek: -g changes to -G
* tpm2_createak: -g changes to -G
* tpm2_verifysignature: -g becomes -G
* tpm2_sign: -g becomes -G
* tpm2_import: support specifying parent key with a context file,
--parent-key-handle/-H becomes --parent-key/-C
* tpm2_nvwrite and tpm2_nvread: when -P is "index" -a is optional and defaults to
the NV_INDEX value passed to -x.
OBS-URL: https://build.opensuse.org/request/show/620445
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=14
- install-man.patch: even after update to 3.0.4 the man pages are not
installed correctly. This patch fixes it locally.
- update to version 3.0.4:
- Fix save and load for TPM2B_PRIVATE object.
- Use a default buffer size for tpm2_nv{read,write} if the TPM reports a 0 size.
- Fix --verbose and --version options crossover.
- Generate man pages from markdown and include them in the distribution tarball.
- Print usage summary if tools are executed with no options or man page can't be displayed.
- man pages will be shipped for SLE version now, too (pandoc dependency was removed)
OBS-URL: https://build.opensuse.org/request/show/603119
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=12
- Fix save and load for TPM2B_PRIVATE object.
- Use a default buffer size for tpm2_nv{read,write} if the TPM reports a 0 size.
- Fix --verbose and --version options crossover.
- Generate man pages from markdown and include them in the distribution tarball.
- Print usage summary if tools are executed with no options or man page can't be displayed.
- man pages will be shipped for SLE version now, too (pandoc dependency was removed)
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=37
- update to version 2.1.1
* Potential memory leak fix when tcti/sapi initialization fails.
* tpm2_listpcrs: use TPM2_GetCapability to determine PCRs to read
* listpcrs: remove one redundant call to tpm get cap
* listpcrs: fix for unsupported/disabled alg in -L
* build: use supported comment to suppress GCC7 fallthrough warning
* kdfa: allow to build with OpenSSL 1.1.x (bsc#1067392)
- drop patches (upstream)
* 0001-tpm2_listpcrs-use-TPM2_GetCapability-to-determine-PC.patch
* tpm2.0-tools-fix-gcc7.patch
OBS-URL: https://build.opensuse.org/request/show/540241
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=9
- update to version 2.1.1
* Potential memory leak fix when tcti/sapi initialization fails.
* tpm2_listpcrs: use TPM2_GetCapability to determine PCRs to read
* listpcrs: remove one redundant call to tpm get cap
* listpcrs: fix for unsupported/disabled alg in -L
* build: use supported comment to suppress GCC7 fallthrough warning
* kdfa: allow to build with OpenSSL 1.1.x (bsc#1067392)
- drop patches (upstream)
* 0001-tpm2_listpcrs-use-TPM2_GetCapability-to-determine-PC.patch
* tpm2.0-tools-fix-gcc7.patch
OBS-URL: https://build.opensuse.org/request/show/540183
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=30
- update to version 2.1.0:
- dropped 0002-kdfa-use-openssl-for-hmac-not-tpm.patch, was backported
upstream in commit 788a17abbe0000c560935ef9f31c9a6892d9ea33
- this version now can interact with the new resource manager tpm2.0-abrmd
- Upstream changes:
* Fix readx and writex on multiple EINTR returns.
* Add support for the tabrmd TCTI. This is the new default.
* Change default socket port from 2323 (the old resourcemgr) to 2321
(default simulator port).
* Cherry-pick fix for CVE-2017-7524.
* Fix tpm2_listpcr command line option handling.
* Fix tpm2_getmanufec memory issues. (forwarded request 517963 from mgerstner)
OBS-URL: https://build.opensuse.org/request/show/517972
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=8
- update to version 2.1.0:
- dropped 0002-kdfa-use-openssl-for-hmac-not-tpm.patch, was backported
upstream in commit 788a17abbe0000c560935ef9f31c9a6892d9ea33
- this version now can interact with the new resource manager tpm2.0-abrmd
- Upstream changes:
* Fix readx and writex on multiple EINTR returns.
* Add support for the tabrmd TCTI. This is the new default.
* Change default socket port from 2323 (the old resourcemgr) to 2321
(default simulator port).
* Cherry-pick fix for CVE-2017-7524.
* Fix tpm2_listpcr command line option handling.
* Fix tpm2_getmanufec memory issues.
OBS-URL: https://build.opensuse.org/request/show/517963
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=28
- tpm2.0-tools-fix-hardening.patch: do not disable fortify,
do not use -Wstack-protector as it warns also for non-utilized
functions and then -Werror fails.
- tpm2.0-tools-fix-gcc7.patch: fixed gcc7 case fallthrough errors
- Major update to 2.0.0
- dropped fixes.patch, now part of the upstream version
- a set of man pages have been added to the package
- Upstream changes:
* Tracked on the milestone: https://github.com/01org/tpm2.0-tools/milestone/2
* Reworked all the tools to support configurable TCTIs, based on build time
configuration, one can specify the tcti via the --tcti (-T) option to all
tools.
* tpm2_getrandom interface made -s a positional argument.
* Numerous bug fixes.
OBS-URL: https://build.opensuse.org/request/show/500551
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=4
- dropped fixes.patch, now part of the upstream version
- a set of man pages have been added to the package
- Upstream changes:
* Tracked on the milestone: https://github.com/01org/tpm2.0-tools/milestone/2
* Reworked all the tools to support configurable TCTIs, based on build time
configuration, one can specify the tcti via the --tcti (-T) option to all
tools.
* tpm2_getrandom interface made -s a positional argument.
* Numerous bug fixes.
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=15
- buildrequire pkgconfig
- Updated to 1.1.0 / 016-11-04 (FATE#321509)
- Added
* travis ci support.
* Allow for unit tests to be enabled selectively.
* tpm2_rc_decode tool: Decode TPM_RC error codes.
* Android Make file
* tpm2_listpersistent: list all persistent objects
* test scripts for tpm2-tools
* tpm2_nvreadlock
* tpm2_getmanufec: retrieve EC from tpm manufacturer server.
* Copy 'common' and 'sample' code from the TPM2.0-TSS repo.
- Modified
* tpm2_takeownership: update option -c to use lockout password to clear.
* tpm2_listpcrs: add options -L and -s, rewrite to increase performance.
* tpm2_quote: added -L option to support selection of multiple banks.
* tpm2_quote: add -q option to get qualifying data.
* configure: Use pkg-config to get info about libcurl and libcrypto.
* configure: Use pkg-config to locate SAPI and TCTI headers / libraries.
* tpm2_x: Add -X option to enable password input in Hex format.
* tpm2_nvdefine: Change -X option to -I.
* tpm2-nvwrite: fix for unable to write 1024B+ data.
* tpm2_getmanufec: Fix base64 encoding.
* tpm2_x: fixed a lot of TPM2B failures caused by wrong initialization.
* tpm2_getmanufec: let configure handle libs.
* tpm2_getmanufec: Convert from dos to unix format.
* build: Check for TSS2 library @ configure time.
* build: Detect required TSS2 and TCTI headers.
* build: Use libtool to build the common library
OBS-URL: https://build.opensuse.org/request/show/477412
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=3
- Updated to 1.1.0 / 016-11-04
- Added
* travis ci support.
* Allow for unit tests to be enabled selectively.
* tpm2_rc_decode tool: Decode TPM_RC error codes.
* Android Make file
* tpm2_listpersistent: list all persistent objects
* test scripts for tpm2-tools
* tpm2_nvreadlock
* tpm2_getmanufec: retrieve EC from tpm manufacturer server.
* Copy 'common' and 'sample' code from the TPM2.0-TSS repo.
- Modified
* tpm2_takeownership: update option -c to use lockout password to clear.
* tpm2_listpcrs: add options -L and -s, rewrite to increase performance.
* tpm2_quote: added -L option to support selection of multiple banks.
* tpm2_quote: add -q option to get qualifying data.
* configure: Use pkg-config to get info about libcurl and libcrypto.
* configure: Use pkg-config to locate SAPI and TCTI headers / libraries.
* tpm2_x: Add -X option to enable password input in Hex format.
* tpm2_nvdefine: Change -X option to -I.
* tpm2-nvwrite: fix for unable to write 1024B+ data.
* tpm2_getmanufec: Fix base64 encoding.
* tpm2_x: fixed a lot of TPM2B failures caused by wrong initialization.
* tpm2_getmanufec: let configure handle libs.
* tpm2_getmanufec: Convert from dos to unix format.
* build: Check for TSS2 library @ configure time.
* build: Detect required TSS2 and TCTI headers.
* build: Use libtool to build the common library
* build: Install all binaries into sbin.
* build: Build common sources into library.
OBS-URL: https://build.opensuse.org/request/show/461444
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=11