Revisions of tpm2-0-tss
buildservice-autocommit
accepted
request 1172147
from
Matthias Gerstner (mgerstner)
(revision 140)
Matthias Gerstner (mgerstner)
(revision 140)
baserev update by copy to link target
Matthias Gerstner (mgerstner)
committed
(revision 139)
- add new sub-package libtss2-tcti-spidev0: TCTI for communicating with a TPM connected directly via SPI. - add new sub-package libtss2-tcti-i2c-helper0: TCTI for communicating with a TPM connected directly via I2C.
Matthias Gerstner (mgerstner)
committed
(revision 137)
Update to version 4.1:
+ Security
- Fixed CVE-2024-29040
+ Fixed
- fapi: Fix length check on FAPI auth callbacks
- mu: Correct error message for errors
- tss2-rc: fix unknown laer handler dropping bits.
- fapi: Fix deviation from CEL specification (template_value was used instead of template_data).
- fapi: Fix json syntax error in FAPI profiles which was ignored by json-c.
- build: fix build fail after make clean.
- mu: Fix unneeded size check in TPM2B unmarshaling.
- fapi: Fix missing parameter encryption.
- build: Fix failed build with --disable-vendor.
- fapi: Fix flush of persistent handles.
- fapi: Fix test provisioning with template with self generated certificate disabled.
- fapi: Fix error in Fapi_GetInfo it TPM supports SHA3 hash algs.
- fapi: Revert pcr extension for EV_NO_ACTION events.
- fapi: Fix strange error messages if nv, ext, or policy path does not exits.
- fapi: Fix segfault caused by wrong allocation of pcr policy.
- esys: Fix leak in Esys_EvictControl for persistent handles.
- tss2-tcti: tcti-libtpms: fix test failure on big-endian platform.
- esys: Add reference counting for Esys_TR_FromTPMPublic.
- esys: Fix HMAC error if session bind key has an auth value with a trailing 0.
- fapi: fix usage of self signed certificates in TPM.
- fapi: Usage of self signed certificates.
- fapi: A segfault after the error handling of non existing keys.
- fapi: Fix several leaks.
- fapi: Fix error handling for policy execution.
- fapi: Fix usage of persistent handles (should not be flushed)
- fapi: Fix test provisioning with template (skip test without self generated certificate).
buildservice-autocommit
accepted
request 1138772
from
Marcus Meissner (msmeissn)
(revision 136)
Marcus Meissner (msmeissn)
(revision 136)
baserev update by copy to link target
Marcus Meissner (msmeissn)
accepted
request 1138485
from
Callum Farmer (gmbr3)
(revision 135)
- Fix tmpfiles %ghost file names
Marcus Meissner (msmeissn)
accepted
request 1137558
from
Callum Farmer (gmbr3)
(revision 134)
- Move tmpfiles config to different package:
* tmpfiles_create was being called with bad input (version ?)
* it avoids breaking SLPP for libtss2-fapi1 (hence the prior
warning in spec)
- tss sysusers requires should be pre not post
buildservice-autocommit
accepted
request 1129154
from
Marcus Meissner (msmeissn)
(revision 133)
Marcus Meissner (msmeissn)
(revision 133)
baserev update by copy to link target
Marcus Meissner (msmeissn)
accepted
request 1129124
from
Ludwig Nussel (lnussel)
(revision 132)
- libtss2-fapi1 requires system-user-tss for tmpfile creation
buildservice-autocommit
accepted
request 1100357
from
Matthias Gerstner (mgerstner)
(revision 131)
Matthias Gerstner (mgerstner)
(revision 131)
baserev update by copy to link target
Matthias Gerstner (mgerstner)
accepted
request 1100221
from
William Brown (firstyear)
(revision 130)
Require openssl-3 over openssl-1 to assist migration of applications to newer openssl-3. Alternately we might need to have two copies of the package for openssl-3 and openssl-1, but we have to transition to just openssl-3 at some point. This is required for Kanidm as it requires openssl-3 and tpm2-0-tss.
Alberto Planas Dominguez (aplanas)
accepted
request 1070181
from
Alberto Planas Dominguez (aplanas)
(revision 129)
Undo last change
Alberto Planas Dominguez (aplanas)
accepted
request 1069986
from
Alberto Planas Dominguez (aplanas)
(revision 128)
- Drop version from the systemd-tmpfiles config file
buildservice-autocommit
accepted
request 1066193
from
Alberto Planas Dominguez (aplanas)
(revision 127)
Alberto Planas Dominguez (aplanas)
(revision 127)
baserev update by copy to link target
Alberto Planas Dominguez (aplanas)
accepted
request 1066192
from
Alberto Planas Dominguez (aplanas)
(revision 126)
- Drop 0001-tss2_rc-ensure-layer-number-is-in-bounds.patch as was
already merged upstream
- Update to 4.0.1
+ Fixed:
* A buffer overflow in tss2-rc as CVE-2023-22745.
- Update to 4.0.0
+ Fixed:
* tcti-ldr: Use heap instead of stack when tcti initialize
* Fix usage of NULL pointer if Esys_TR_SetAuth is calles with
ESYS_TR_NONE.
* Conditionally check user/group manipulation commands.
* Store VERSION into the release tarball.
* When using DESTDIR for make einstall, do not invoke
systemd-sysusers and systemd-tmpfiles.
* esys_iutil: fix possible NPD.
* Tss2_Sys_Flushcontext: flushHandle was encoded as a handleArea
handle and not as parameter one, this affected the contents of
cpHash.
* esys: fix allow usage of HMAC sessions for
Esys_TR_FromTPMPublic.
* fapi: fix usage of policy_nv with a TPM nv index.
* linking tcti for libtpms against tss2-tctildr. It should be
linked against tss2-mu.
* build: Remove erroneous trailing comma in linker option. Bug
#2391.
* fapi: fix encoding of complex tpm2bs in authorize nv,
duplication select and policy template policies. Now the complex
and TPMT or TPMS representations can be used. Bug #2383
* The error message for unsupported FAPI curves was in hex without
a leading 0x, make it integer output to clarify.
* Documentation that had various scalar out pointers as "callee
allocated".
* test: build with opaque FILE structure like in musl libc.
* Transient endorsement keys were not recreated according to the
EK credential profile.
* Evict control for a persistent EK failed during provisioning if
an auth value for the storage hierarchy was set.
* The authorization of the storage hierarchy is now added. Fixes
FAPI: Provisioning error if an auth value is needed for the
storage hierarchy #2438.
* Usage of a second profile in a path was not possible because the
default profile was always used.
* The setting of an empty auth value for Fapi_Provision was fixed.
* JSON encoding of a structure TPMS_POLICYAUTHORIZATION used the
field keyPEMhashAlg instead of hashAlg as defined in "TCG TSS
2.0 JSON Data Types and Policy Language Specification". Rename
to hashAlg but preserve support for reading keyPEMhashAlg for
backwards compatibility.
* fapi: PolicySecret did not work with keys as secret object.
* Esys_PCR_SetAuthValue: remembers the auth like other SetAutg
ESAPI functions.
* tests: esys-pcr-auth-value.int moved to destructive tests.
* FAPI: Fix double free if keystore is corrupted.
* Marshaling of TPMU_CAPABILITIES data, only field
intelPttProperty was broken before.a
* Spec deviation in Fapi_GetDescription caused description to be
NULL when it should be empty string. This is API breaking but
considered a bug since it deviated from the FAPI spec.
* FAPI: undefined reference to curl_url_strerror when using curl
less than 7.80.0.
* FAPI: Fixed support for EK templates in NV inidices per the
spec, see #2518 for details.
* FAPI: fix NPD in ifapi_curl logging.
* FAPI: Improve documentation fapi-profile
* FAPI: Fix CURL HTTP handling.
* FAPI: Return FAPI_RC_IO_ERROR if a policy does not exist in
keystore.
+ Added:
* TPM version 1.59 support.
* ci: ubuntu-22.04 added.
* mbedTLS 3.0 is supported by ESAPI.
* Add CreationHash to JSON output for usage between applications
not using the FAPI keystore, like command line tools.
* Reduced code size for SAPI.
* Support for Runtime Switchable ESAPI Crypto Backend via
Esys_SetCryptoCallbacks.
* Testing for TCG EK Credential Profile TPM 2.0, Version 2.4
Rev. 3, 2021 for the low and high address range of EK templates.
* tss2-rc: Tss2_RC_DecodeInfo function for parsing TSS2_RC into
the various bit fields.
* FAPI support for P_ECC384 profile.
* tss2-rc: Tss2_RC_DecodeInfoError: Function to get a human
readable error from a TSS2_RC_INFO returned by
Tss2_RC_DecodeInfo
* tcti: Generic SPI driver, implementors only need to connect to
acquire/release, transmit/receive, and sleep/timeout functions.
* FAPI: Add event logging for Firmware and IMA Events. See #2170
for details.
* FAPI: Fix Fapi_ChangeAuth updates on hierarchy objects not being
reflected across profiles.
* FAPI: Allow keyedhash keys in PolicySigned.
* ESAPI: Support sha512 for mbedtls crypto backend.
* TPM2B_MAX_CAP_BUFFER and mu routines
* vendor field to TPMU_CAPABILTIIES
* FAPI: support for PolicyTemplate
+ Changed
* libmu soname from 0:0:0 to 0:1:0.
* tss2-sys soname from 1:0:0 to 1:1:0
* tss2-esys: from 0:0:0 to 0:1:0
* FAPI ignores vendor properties on Fapi_GetInfo
* FAPI Event Logging JSON format, See #2170 for details.
+ Removed
* Dead struct TPMS_ALGORITHM_DESCRIPTION
* Dead field intelPttProperty from TPMU_CAPABILITIES
* Dead code Tss2_MU_TPMS_ALGORITHM_DESCRIPTION_Marshal
* Dead code Tss2_MU_TPMS_ALGORITHM_DESCRIPTION_Unmarshal
buildservice-autocommit
accepted
request 1059943
from
Matthias Gerstner (mgerstner)
(revision 125)
Matthias Gerstner (mgerstner)
(revision 125)
baserev update by copy to link target
Matthias Gerstner (mgerstner)
committed
(revision 124)
- add 0001-tss2_rc-ensure-layer-number-is-in-bounds.patch: fixes CVE-2023-22745 (bsc#1207325): Buffer Overlow in TSS2_RC_Decode. Overly large RC values passed to the TSS2 function could lead to memory overread or memory overread. This patch is not yet part of any upstream git tag.
buildservice-autocommit
accepted
request 988349
from
Alberto Planas Dominguez (aplanas)
(revision 123)
Alberto Planas Dominguez (aplanas)
(revision 123)
baserev update by copy to link target
Alberto Planas Dominguez (aplanas)
accepted
request 988348
from
Alberto Planas Dominguez (aplanas)
(revision 122)
- Revert "Add version the configuration file tpm2-tss-fapi.conf" This generate whitelist problems in rpmlint.
buildservice-autocommit
accepted
request 987923
from
Alberto Planas Dominguez (aplanas)
(revision 121)
Alberto Planas Dominguez (aplanas)
(revision 121)
baserev update by copy to link target
Displaying revisions 1 - 20 of 140
