SHA256
1
0
forked from pool/tpm2.0-tools
Commit Graph

74 Commits

Author SHA256 Message Date
Dominique Leuenberger
b042d28e80 Accepting request 900121 from security
- Disable lto to fix tpm2_checkquote error (boo#1187316)
- Update service file to point to the correct revision (forwarded request 900118 from aplanas)

OBS-URL: https://build.opensuse.org/request/show/900121
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=26
2021-06-15 14:38:07 +00:00
6478528698 Accepting request 900118 from home:aplanas:branches:security
- Disable lto to fix tpm2_checkquote error (boo#1187316)
- Update service file to point to the correct revision

OBS-URL: https://build.opensuse.org/request/show/900118
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=74
2021-06-15 09:48:43 +00:00
Dominique Leuenberger
e97ee890ce Accepting request 899908 from security
OBS-URL: https://build.opensuse.org/request/show/899908
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=25
2021-06-14 21:11:13 +00:00
3d2db2a128 Accepting request 898108 from home:dimstar:Factory
- Do not BuildRequire pandoc on ix86 architectures: the haskell
  stack is not supported on intel 32bit archs.

OBS-URL: https://build.opensuse.org/request/show/898108
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=72
2021-06-14 08:57:05 +00:00
Dominique Leuenberger
9751b0d045 Accepting request 895955 from security
- add 0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch: no longer use a
  fixed AES key in the context of the tpm2_import command. Fixes CVE-2021-3565
  (bsc#1186490).
- drop fix_pie_linking.patch: now contained in upstream tarball
- drop fix_warnings.patch: now contained in upstream tarball
- update to upstream version 5.1:
  - Minimum tpm2-tss version dependency bumped to 3.1.0
  - Minimum tpm2-abrmd version dependency bumped to 2.4.0
  - tss2:
    - Support in tools for PolicyRef inclusion in policy search per latest TSS.
    - Support to use TPM objects protected by a policy with PolicySigned.
    - Enable backward compatibility to old Fapi callback API.
    - Fix PCR selection for tss2 quote.
    - Support policy signed policies by implementing Fapi_SetSignCB.
  - Command/ response parameter support for auditing and pHash policies:
    - lib/tpm2_util.c: Add method to determine hashing alg for cp/rphash
    - Add support to calculate rphash for tpm2_create, tpm2_activatecredential,
      tpm2_certify, tpm2_certifycreation, tpm2_changeauth, tpm2_changeeps,
      tpm2_changepps, tpm2_nvdefine, tpm2_nvextend, tpm2_unseal
    - Add support to calculate cphash for tpm2_changeeps, tpm2_changepps.
  - Session-support:
    - tpm2_sessionconfig: Add tool to display and configure session attributes.
    - tpm2_getrandom: Fix— session input was hardcoded for audit-only
    - tpm2_startauthsession: Add option to specify the bind object  and its
      authorization value.
    - tpm2_startauthsession: support for bounded-only session.
    - tpm2_startauthsession: support for salted-only session.
    - tpm2_startauthsession: add option to specify an hmac session type.
    - Add support for specifying non-authorization sessions for audit and
      parameter encryption for tpm2_getrandom, tpm2_create, tpm2_nvextend,

OBS-URL: https://build.opensuse.org/request/show/895955
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=24
2021-06-01 08:38:02 +00:00
Matthias Gerstner
b000df49d3 - add 0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch: no longer use a
fixed AES key in the context of the tpm2_import command. Fixes CVE-2021-3565
  (bsc#1186490).
- drop fix_pie_linking.patch: now contained in upstream tarball
- drop fix_warnings.patch: now contained in upstream tarball
- update to upstream version 5.1:
  - Minimum tpm2-tss version dependency bumped to 3.1.0
  - Minimum tpm2-abrmd version dependency bumped to 2.4.0
  - tss2:
    - Support in tools for PolicyRef inclusion in policy search per latest TSS.
    - Support to use TPM objects protected by a policy with PolicySigned.
    - Enable backward compatibility to old Fapi callback API.
    - Fix PCR selection for tss2 quote.
    - Support policy signed policies by implementing Fapi_SetSignCB.
  - Command/ response parameter support for auditing and pHash policies:
    - lib/tpm2_util.c: Add method to determine hashing alg for cp/rphash
    - Add support to calculate rphash for tpm2_create, tpm2_activatecredential,
      tpm2_certify, tpm2_certifycreation, tpm2_changeauth, tpm2_changeeps,
      tpm2_changepps, tpm2_nvdefine, tpm2_nvextend, tpm2_unseal
    - Add support to calculate cphash for tpm2_changeeps, tpm2_changepps.
  - Session-support:
    - tpm2_sessionconfig: Add tool to display and configure session attributes.
    - tpm2_getrandom: Fix— session input was hardcoded for audit-only
    - tpm2_startauthsession: Add option to specify the bind object  and its
      authorization value.
    - tpm2_startauthsession: support for bounded-only session.
    - tpm2_startauthsession: support for salted-only session.
    - tpm2_startauthsession: add option to specify an hmac session type.
    - Add support for specifying non-authorization sessions for audit and
      parameter encryption for tpm2_getrandom, tpm2_create, tpm2_nvextend,

OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=70
2021-05-28 10:32:05 +00:00
Dominique Leuenberger
b165e43c84 Accepting request 890270 from security
- fix `--version` output of tools. Since now autoreconf is called and
  configure.ac attempts to fetch the version from git (which we don't have
  during building), the version was empty. Fix this by replacing the git
  invocation in configure.ac.

OBS-URL: https://build.opensuse.org/request/show/890270
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=23
2021-05-04 20:01:01 +00:00
Matthias Gerstner
d836ba0360 - fix --version output of tools. Since now autoreconf is called and
configure.ac attempts to fetch the version from git (which we don't have
  during building), the version was empty. Fix this by replacing the git
  invocation in configure.ac.

OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=68
2021-05-04 08:56:15 +00:00
Matthias Gerstner
f914fdbf72 explicitly mark %license
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=67
2021-02-02 12:23:20 +00:00
Matthias Gerstner
722545cd47 note about download_files magic
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=66
2021-01-29 13:09:40 +00:00
Dominique Leuenberger
bd294f5c13 Accepting request 867453 from security
- add fix_warnings.patch: fixes a couple of build errors resulting from LTO
  linking and -Werror.
- add fix_pie_linking.patch: fixes an error in the build system that causes
  the tss2 binary to be linked without passed LDFLAGS (like -pie), which
  causes the binary not to be position independent.
- update to major version 5.0:
  - Non Backwards Compatible Changes
    * Default hash algorithm is now sha256. Prior versions claimed sha1, but were
      inconsistent in choice. Best practice is to specify the hash algorithm to
      avoid surprises.
    * tpm2_tools and tss2_tools are now a busybox style commandlet. Ie
      tpm2_getrandom becomes tpm2 getrandom. make install will install symlinks
      to the old tool names and the tpm2 commandlet will interrogate argv[0] for
      the command to run. This will provide backwards compatibility if they are
      installed. If you wish to use the old names not installed system wide, set
      DESTDIR during install to a separate path and set the proper directory on
      PATH.
    * tpm2_eventlog's output changed to be YAML compliant. The output before
      was intended to be YAML compliant but was never properly checked and
      tested.
    * umask set to 0117 for all tools.
    * tpm2_getekcertificate now outputs the INTC EK certificates in PEM format
      by default. In order to output the URL safe variant of base64 encoded
      output of the INTC EK certificate use the added option --raw.
  - Dependency update
    * Update tpm2-tss dependency version to 3.0.1
    * Update tpm2-abrmd dependency version to 2.3.3
  - New tools and features
    * tpm2_zgen2phase: Add new tool to support command TPM2_CC_ZGen_2Phase.
    * tpm2_ecdhzgen: Add new tool to support command TPM2_CC_ECDH_ZGen.

OBS-URL: https://build.opensuse.org/request/show/867453
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=22
2021-01-28 20:29:02 +00:00
Matthias Gerstner
a5a59f0dae - add fix_pie_linking.patch: fixes an error in the build system that causes
the tss2 binary to be linked without passed LDFLAGS (like -pie), which
  causes the binary not to be position independent.

OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=64
2021-01-28 11:16:25 +00:00
Matthias Gerstner
784ccd7c1d - add fix_warnings.patch: fixes a couple of build errors resulting from LTO
linking and -Werror.
- update to major version 5.0:
  - Non Backwards Compatible Changes
    * Default hash algorithm is now sha256. Prior versions claimed sha1, but were
      inconsistent in choice. Best practice is to specify the hash algorithm to
      avoid surprises.
    * tpm2_tools and tss2_tools are now a busybox style commandlet. Ie
      tpm2_getrandom becomes tpm2 getrandom. make install will install symlinks
      to the old tool names and the tpm2 commandlet will interrogate argv[0] for
      the command to run. This will provide backwards compatibility if they are
      installed. If you wish to use the old names not installed system wide, set
      DESTDIR during install to a separate path and set the proper directory on
      PATH.
    * tpm2_eventlog's output changed to be YAML compliant. The output before
      was intended to be YAML compliant but was never properly checked and
      tested.
    * umask set to 0117 for all tools.
    * tpm2_getekcertificate now outputs the INTC EK certificates in PEM format
      by default. In order to output the URL safe variant of base64 encoded
      output of the INTC EK certificate use the added option --raw.
  - Dependency update
    * Update tpm2-tss dependency version to 3.0.1
    * Update tpm2-abrmd dependency version to 2.3.3
  - New tools and features
    * tpm2_zgen2phase: Add new tool to support command TPM2_CC_ZGen_2Phase.
    * tpm2_ecdhzgen: Add new tool to support command TPM2_CC_ECDH_ZGen.
    * tpm2_ecdhkeygen: Add new tool to support command TPM2_CC_ECDH_KeyGen.
    * tpm2_commit: Add new tool to support command TPM2_CC_Commit.
    * tpm2_ecephemeral: Add new tool to support command TPM2_CC_EC_Ephemeral.

OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=63
2021-01-28 10:50:59 +00:00
Dominique Leuenberger
143120c460 Accepting request 843599 from security
- update to version 4.3:
  - changes in version 4.3:
    - tss2_*: Fix double-free errors in commands asking for password authorization
    - tss2_*: Fix shorthand command -f that was falsely requiring an argument
    - tss2_*: Update tss2_encrypt to the new FAPI interface
    - The argument 'policyPath' is removed which was never read anyway
    - tss2_*: Remove the additional '\n' that was appended when redirecting to stdout
    - tss2_*: Update mandatory vs optional treatment of arguments according to latest Fapi spec
    - tss2_*: tss2_getinfo now retrieves the correct FAPI version from Fapi_GetInfo
    - tss2_*: Fix the error handling in case of multiple inputs and/or outputs from stdin/stdout
    - tss2_*: Fix syntax errors and update content of man pages according to latest Fapi spec
    - tss2_*: Add parameter types to all man page
    - tss2_*: tss2_setappdata now reads from file or stdin allowing to store also binary data
    - tss2_*: Memory leaks are fixed in cases when a returned empty non-char output value was passed to file output
    - tss2_pcrextend: fix extending PCR 0
    - tss2_quote: fix unused TSS2_RC in LOG_ERR
  - changes in 4.2.1:
    - Fix missing handle maps for ESY3 handle breaks. See #1994.
    - Bump ESYS minimum dependency version from 2.3.0 to 2.4.0.
    - Fix for loop declarations build error.
  - changes in 4.2:
    - Fix various issues reported by static analysis tools.
    - Add integration test for ECC based getekcertificate.
    - Fix for issue #1959 where ARM builds were failing.
    - Add a check in autotools to add "expect" as a package dependency for fapi tools.
    - tpm2_createek: Drop the unused -p or --ek-auth option
    - tpm2_policyor: List of policy files should be specified as an argument
    - instead of -l option. The -l option is still retained for backwards
    - compatibility. See issue#1894.
    - tpm2_eventlog: add a tool for parsing and displaying the event log.

OBS-URL: https://build.opensuse.org/request/show/843599
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=21
2020-10-28 10:25:39 +00:00
Matthias Gerstner
106c7bd534 OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=61 2020-10-22 13:54:22 +00:00
Matthias Gerstner
9cd18c2c7f OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=60 2020-10-22 13:44:19 +00:00
Matthias Gerstner
58f4c3e7dc OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=59 2020-10-22 13:30:56 +00:00
Matthias Gerstner
756009e46c - update to version 4.3:
- changes in version 4.3:
    - tss2_*: Fix double-free errors in commands asking for password authorization
    - tss2_*: Fix shorthand command -f that was falsely requiring an argument
    - tss2_*: Update tss2_encrypt to the new FAPI interface
    - The argument 'policyPath' is removed which was never read anyway
    - tss2_*: Remove the additional '\n' that was appended when redirecting to stdout
    - tss2_*: Update mandatory vs optional treatment of arguments according to latest Fapi spec
    - tss2_*: tss2_getinfo now retrieves the correct FAPI version from Fapi_GetInfo
    - tss2_*: Fix the error handling in case of multiple inputs and/or outputs from stdin/stdout
    - tss2_*: Fix syntax errors and update content of man pages according to latest Fapi spec
    - tss2_*: Add parameter types to all man page
    - tss2_*: tss2_setappdata now reads from file or stdin allowing to store also binary data
    - tss2_*: Memory leaks are fixed in cases when a returned empty non-char output value was passed to file output
    - tss2_pcrextend: fix extending PCR 0
    - tss2_quote: fix unused TSS2_RC in LOG_ERR
  - changes in 4.2.1:
    - Fix missing handle maps for ESY3 handle breaks. See #1994.
    - Bump ESYS minimum dependency version from 2.3.0 to 2.4.0.
    - Fix for loop declarations build error.
  - changes in 4.2:
    - Fix various issues reported by static analysis tools.
    - Add integration test for ECC based getekcertificate.
    - Fix for issue #1959 where ARM builds were failing.
    - Add a check in autotools to add "expect" as a package dependency for fapi tools.
    - tpm2_createek: Drop the unused -p or --ek-auth option
    - tpm2_policyor: List of policy files should be specified as an argument
    - instead of -l option. The -l option is still retained for backwards
    - compatibility. See issue#1894.
    - tpm2_eventlog: add a tool for parsing and displaying the event log.

OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=58
2020-10-22 12:14:07 +00:00
Dominique Leuenberger
f15d2d4306 Accepting request 755855 from security
! please handle this together with sr#755853 for tpm2-0-tss !

- add fix_bad_bufsize.patch: fixes findings from compile time fread() checks
  that indicate bad buffer size specification.
- add fix_bogus_warning.patch: fixes `maybe-unitialized` warnings that are
  bogus, since the variables in questions will be initialized in any case
  later on.

- update to major version 4.1:
  - changes in version 4.1:
    * tpm2_certifycreation: New tool enabling command TPM2_CertifyCreation.
    
    * tpm2_checkquote:
       - Fix YAML output bug.
       - -g option for specifying hash algorithm is optional and defaults to
         sha256.
    
    * tpm2_changeeps: A new tool for changing the Endorsement hierarchy
      primary seed.
    
    * tpm2_changepps: A new tool for changing the Platform hierarchy primary seed.
    
    * tpm2_clockrateadjust: Add a new tool for modifying the period on the TPM.
    
    * tpm2_create: Add tool options for specifying output data for use in
      certification
      - --creation-data to save the creation data
      - --creation-ticket or -t to save the creation ticket
      - --creation-hash or -d to save the creation hash
      - --template-data for saving the template data of the key
      - --outside-info or -q for specifying unique data to include in creation data.
      - --pcr-list or -l  Add option to specify pcr list to add to creation data.

OBS-URL: https://build.opensuse.org/request/show/755855
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=20
2019-12-18 13:44:47 +00:00
Matthias Gerstner
4d75d747d9 correct bogus_warning_patch
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=56
2019-12-11 13:32:27 +00:00
Matthias Gerstner
2100671155 - add fix_bad_bufsize.patch: fixes findings from compile time fread() checks
that indicate bad buffer size specification.
- add fix_bogus_warning.patch: fixes `maybe-unitialized` warnings that are
  bogus, since the variables in questions will be initialized in any case
  later on.

OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=55
2019-12-11 13:30:50 +00:00
Matthias Gerstner
394bb79c04 - update to major version 4.1:
- changes in version 4.1:
    * tpm2_certifycreation: New tool enabling command TPM2_CertifyCreation.
    
    * tpm2_checkquote:
       - Fix YAML output bug.
       - -g option for specifying hash algorithm is optional and defaults to
         sha256.
    
    * tpm2_changeeps: A new tool for changing the Endorsement hierarchy
      primary seed.
    
    * tpm2_changepps: A new tool for changing the Platform hierarchy primary seed.
    
    * tpm2_clockrateadjust: Add a new tool for modifying the period on the TPM.
    
    * tpm2_create: Add tool options for specifying output data for use in
      certification
      - --creation-data to save the creation data
      - --creation-ticket or -t to save the creation ticket
      - --creation-hash or -d to save the creation hash
      - --template-data for saving the template data of the key
      - --outside-info or -q for specifying unique data to include in creation data.
      - --pcr-list or -l  Add option to specify pcr list to add to creation data.
    
    * tpm2_createprimary: Add tool options for specifying output data for use
      in certification
      - --creation-data to save the creation data
      - --creation-ticket or -t to save the creation ticket
      - --creation-hash or -d to save the creation hash

OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=54
2019-12-11 12:45:49 +00:00
Dominique Leuenberger
698e740696 Accepting request 726072 from security
- update to minor version 3.1.4:
  * Fix various man pages
  * tpm2_getmanufec: fix OSSL build warnings
  * Fix broken -T option
  * Various build compatibility fixes
  * Fix some unit tests
  * Update build for recent autoconf-archive versions
  * Install m4 files

OBS-URL: https://build.opensuse.org/request/show/726072
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=19
2019-08-27 08:23:58 +00:00
Matthias Gerstner
06e79ab919 - update to minor version 3.1.4:
* Fix various man pages
  * tpm2_getmanufec: fix OSSL build warnings
  * Fix broken -T option
  * Various build compatibility fixes
  * Fix some unit tests
  * Update build for recent autoconf-archive versions
  * Install m4 files

OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=52
2019-08-26 07:43:27 +00:00
Dominique Leuenberger
0f58e8a3e3 Accepting request 682127 from security
- update to minor version 3.1.3:
  - Restore support for the TPM2TOOLS_* env vars for TCTI configuration, in
    addition to supporting the new unified TPM2TOOLS_ENV_TCTI
  - Fix tpm2_getcap to print properties with the TPM_PT prefix, rather than
    TPM2_PT
  - Make test_tpm2_activecredential Python 3 compatible
  - Fix tpm2_takeownership to only attempt to change the specified hierarchies
- use a _service file to sync with upstream tags

OBS-URL: https://build.opensuse.org/request/show/682127
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=18
2019-03-06 14:52:18 +00:00
Matthias Gerstner
f1323dc909 - update to minor version 3.1.3:
- Restore support for the TPM2TOOLS_* env vars for TCTI configuration, in
    addition to supporting the new unified TPM2TOOLS_ENV_TCTI
  - Fix tpm2_getcap to print properties with the TPM_PT prefix, rather than
    TPM2_PT
  - Make test_tpm2_activecredential Python 3 compatible
  - Fix tpm2_takeownership to only attempt to change the specified hierarchies
- use a _service file to sync with upstream tags

OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=50
2019-03-06 10:49:41 +00:00
Dominique Leuenberger
66b1dc2233 Accepting request 665954 from security
incorporate FATE# in changes file for SLE-15-SP1 (bsc#1121860)

OBS-URL: https://build.opensuse.org/request/show/665954
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=17
2019-01-21 09:53:02 +00:00
Matthias Gerstner
2b2ef21cc0 incorporate FATE# in changes file for SLE-15-SP1 (bsc#1121860)
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=48
2019-01-14 14:23:36 +00:00
Dominique Leuenberger
abc442bb2e Accepting request 638482 from security
- update to minor version 3.1.2:
  - Revert the change to use user supplied object attributes exclusively. This
    is an inappropriate behavioural change for a MINOR version number
    increment.
  - Fix inclusion of object attribute specifiers section in tpm2_create and
    tpm2_createprimary man pages.
  - Use better object attribute defaults for authentication, preventing an
    empty password being used for authentication when a policy is set.

OBS-URL: https://build.opensuse.org/request/show/638482
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=16
2018-09-28 06:53:21 +00:00
Matthias Gerstner
50f2c4ff46 - update to minor version 3.1.2:
- Revert the change to use user supplied object attributes exclusively. This
    is an inappropriate behavioural change for a MINOR version number
    increment.
  - Fix inclusion of object attribute specifiers section in tpm2_create and
    tpm2_createprimary man pages.
  - Use better object attribute defaults for authentication, preventing an
    empty password being used for authentication when a policy is set.

OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=46
2018-09-26 16:05:23 +00:00
Dominique Leuenberger
648bab42ff Accepting request 630849 from security
- update to minor version 3.1.1:
  - Allow man page installation without pandoc being available

OBS-URL: https://build.opensuse.org/request/show/630849
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=15
2018-08-22 12:22:37 +00:00
Matthias Gerstner
7ae3e16bae - update to minor version 3.1.1:
- Allow man page installation without pandoc being available

OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=44
2018-08-22 09:07:13 +00:00
Dominique Leuenberger
0afd2b19a5 Accepting request 620445 from security
Please handle together with sr#620443, sr#620444, required dependencies.

- update to major version 3.1.0:
  - the tpm2 stack introduces an incompatible ABI to the previous version with
    this update. There is no compatibility layer, libraries have new names
  - install-man.patch: dropped, because we don't really need it
  - tpm2.0-tools-fix-hardening.patch: contained in upstream tarball now
s etc.
  - upstream changelog:
    * tpm2_unseal: -P becomes -p
    * tpm2_sign: -P becomes -p
    * tpm2_nvreadlock: long form for -P is now --auth-hierarchy
    * tpm2_rsadecrypt: -P becomes -p
    * tpm2_nvrelease: long-form of -P becomes --auth-hierarchy
    * tpm2_nvdefine: -I becomes -p
    * tpm2_encryptdecrypt: -P becomes -p
    * tpm2_dictionarylockout: -P becomes -p
    * tpm2_createprimary: -K becomes -p
    * tpm2_createak: -E becomes -e
    * tpm2_certify: -k becomes -p
    * tpm2_hash: -g changes to -G
    * tpm2_encryptdecrypt: Support IVs via -i and algorithm modes via -G.
    * tpm2_hmac: drop -g, just use the algorithm associated with the object.
    * tpm2_getmanufec: -g changes to -G
    * tpm2_createek: -g changes to -G
    * tpm2_createak: -g changes to -G
    * tpm2_verifysignature: -g becomes -G
    * tpm2_sign: -g becomes -G
    * tpm2_import: support specifying parent key with a context file,
      --parent-key-handle/-H becomes --parent-key/-C
    * tpm2_nvwrite and tpm2_nvread: when -P is "index" -a is optional and defaults to
      the NV_INDEX value passed to -x.

OBS-URL: https://build.opensuse.org/request/show/620445
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=14
2018-07-06 08:41:14 +00:00
Matthias Gerstner
49a7dff047 OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=42 2018-06-29 14:14:45 +00:00
Dominique Leuenberger
06f893a56a Accepting request 614208 from security
- fix build after adding install-man.patch: autoreconf is needed again (sigh!)

OBS-URL: https://build.opensuse.org/request/show/614208
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=13
2018-06-08 21:14:01 +00:00
Matthias Gerstner
9deb2b9aaa - fix build after adding install-man.patch: autoreconf is needed again (sigh!)
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=40
2018-06-05 09:56:06 +00:00
Dominique Leuenberger
7314156e15 Accepting request 603119 from security
- install-man.patch: even after update to 3.0.4 the man pages are not
  installed correctly. This patch fixes it locally.

- update to version 3.0.4:
  - Fix save and load for TPM2B_PRIVATE object.
  - Use a default buffer size for tpm2_nv{read,write} if the TPM reports a 0 size.
  - Fix --verbose and --version options crossover.
  - Generate man pages from markdown and include them in the distribution tarball.
  - Print usage summary if tools are executed with no options or man page can't be displayed.
- man pages will be shipped for SLE version now, too (pandoc dependency was removed)

OBS-URL: https://build.opensuse.org/request/show/603119
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=12
2018-05-03 10:34:00 +00:00
Matthias Gerstner
04fa779b2e - install-man.patch: even after update to 3.0.4 the man pages are not
installed correctly. This patch fixes it locally.

OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=38
2018-05-02 12:11:07 +00:00
Matthias Gerstner
f479ea4d55 - update to version 3.0.4:
- Fix save and load for TPM2B_PRIVATE object.
  - Use a default buffer size for tpm2_nv{read,write} if the TPM reports a 0 size.
  - Fix --verbose and --version options crossover.
  - Generate man pages from markdown and include them in the distribution tarball.
  - Print usage summary if tools are executed with no options or man page can't be displayed.
- man pages will be shipped for SLE version now, too (pandoc dependency was removed)

OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=37
2018-05-02 11:07:16 +00:00
Dominique Leuenberger
8df45f9c6d Accepting request 583976 from security
- disable pandoc for all but openSUSE, since pandoc never was on SLE

- disable pandoc/man pages generation on SLE-15, because pandoc is not
  available there (and adding it would require two dozen additional haskell
  packages)

OBS-URL: https://build.opensuse.org/request/show/583976
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=11
2018-03-08 09:59:21 +00:00
Matthias Gerstner
b936ba61f5 - disable pandoc for all but openSUSE, since pandoc never was on SLE
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=35
2018-03-07 15:44:46 +00:00
Matthias Gerstner
190967a254 - disable pandoc/man pages generation on SLE-15, because pandoc is not
available there (and adding it would require two dozen additional haskell
  packages)

OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=34
2018-03-07 14:45:11 +00:00
Dominique Leuenberger
71d06872b5 Accepting request 578990 from security
- update to version 3.0.3:
  - various changes in tool options
  - man pages are now in section 1 (formerly in section 8)
  - tools are now installed in /usr/bin (formerly /usr/sbin)

this depends on sr#578988, please put it into the same staging project.

OBS-URL: https://build.opensuse.org/request/show/578990
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=10
2018-02-26 22:24:17 +00:00
Matthias Gerstner
14f68543f3 - update to version 3.0.3:
- various changes in tool options
  - man pages are now in section 1 (formerly in section 8)
  - tools are now installed in /usr/bin (formerly /usr/sbin)

OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=32
2018-02-22 11:21:56 +00:00
Dominique Leuenberger
5b27cc75a1 Accepting request 540241 from security
- update to version 2.1.1
  * Potential memory leak fix when tcti/sapi initialization fails.
  * tpm2_listpcrs: use TPM2_GetCapability to determine PCRs to read
  * listpcrs: remove one redundant call to tpm get cap
  * listpcrs: fix for unsupported/disabled alg in -L
  * build: use supported comment to suppress GCC7 fallthrough warning
  * kdfa: allow to build with OpenSSL 1.1.x (bsc#1067392)
- drop patches (upstream)
  * 0001-tpm2_listpcrs-use-TPM2_GetCapability-to-determine-PC.patch
  * tpm2.0-tools-fix-gcc7.patch

OBS-URL: https://build.opensuse.org/request/show/540241
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=9
2017-11-11 13:20:13 +00:00
Matthias Gerstner
d61e6c9bf0 Accepting request 540183 from home:vitezslav_cizek:branches:security
- update to version 2.1.1
  * Potential memory leak fix when tcti/sapi initialization fails.
  * tpm2_listpcrs: use TPM2_GetCapability to determine PCRs to read
  * listpcrs: remove one redundant call to tpm get cap
  * listpcrs: fix for unsupported/disabled alg in -L
  * build: use supported comment to suppress GCC7 fallthrough warning
  * kdfa: allow to build with OpenSSL 1.1.x (bsc#1067392)
- drop patches (upstream)
  * 0001-tpm2_listpcrs-use-TPM2_GetCapability-to-determine-PC.patch
  * tpm2.0-tools-fix-gcc7.patch

OBS-URL: https://build.opensuse.org/request/show/540183
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=30
2017-11-09 14:39:53 +00:00
Dominique Leuenberger
f8ff91ad97 Accepting request 517972 from security
- update to version 2.1.0:
  - dropped 0002-kdfa-use-openssl-for-hmac-not-tpm.patch, was backported
   upstream in commit 788a17abbe0000c560935ef9f31c9a6892d9ea33
  - this version now can interact with the new resource manager tpm2.0-abrmd
  - Upstream changes:
    * Fix readx and writex on multiple EINTR returns.
    * Add support for the tabrmd TCTI. This is the new default.
    * Change default socket port from 2323 (the old resourcemgr) to 2321
    (default simulator port).
    * Cherry-pick fix for CVE-2017-7524.
    * Fix tpm2_listpcr command line option handling.
    * Fix tpm2_getmanufec memory issues. (forwarded request 517963 from mgerstner)

OBS-URL: https://build.opensuse.org/request/show/517972
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=8
2017-08-28 13:12:10 +00:00
df8d6a816d Accepting request 517963 from home:mgerstner:branches:security
- update to version 2.1.0:
  - dropped 0002-kdfa-use-openssl-for-hmac-not-tpm.patch, was backported
   upstream in commit 788a17abbe0000c560935ef9f31c9a6892d9ea33
  - this version now can interact with the new resource manager tpm2.0-abrmd
  - Upstream changes:
    * Fix readx and writex on multiple EINTR returns.
    * Add support for the tabrmd TCTI. This is the new default.
    * Change default socket port from 2323 (the old resourcemgr) to 2321
    (default simulator port).
    * Cherry-pick fix for CVE-2017-7524.
    * Fix tpm2_listpcr command line option handling.
    * Fix tpm2_getmanufec memory issues.

OBS-URL: https://build.opensuse.org/request/show/517963
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=28
2017-08-21 16:23:48 +00:00
Dominique Leuenberger
a81dc31f7d Accepting request 514173 from security
1

OBS-URL: https://build.opensuse.org/request/show/514173
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=7
2017-08-21 09:36:34 +00:00
66300d848f Accepting request 514158 from home:mgerstner:branches:security
this submission is coupled with sr#514156 and sr#514157

- added the new abrmd package to recommends, because the tools will otherwise
  not function

OBS-URL: https://build.opensuse.org/request/show/514158
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=26
2017-08-03 08:12:24 +00:00