rpms
/
tpm2-tss
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

import tpm2-tss-3.2.2-2.el9

Browse Source
i9c-beta changed/i9c-beta/tpm2-tss-3.2.2-2.el9
MSVSphere Packaging Team 1 year ago
commit e4039348ab
16 changed files with 968 additions and 0 deletions
Show Stats Download Patch File Download Diff File

1
.gitignore vendored
Unescape View File

@ -0,0 +1 @@
SOURCES/tpm2-tss-3.2.2.tar.gz

1
.tpm2-tss.metadata
Unescape View File

@ -0,0 +1 @@
6ebd166443d782e270b3f408e1489284e30dd608 SOURCES/tpm2-tss-3.2.2.tar.gz

41
SOURCES/0001-esys_iutil-fix-possible-NPD.patch
Unescape View File

@ -0,0 +1,41 @@
From f5907e96363729e16475172ef1056532d9404482 Mon Sep 17 00:00:00 2001
From: William Roberts <william.c.roberts@intel.com>
Date: Fri, 3 Jun 2022 11:51:02 -0500
Subject: [PATCH 1/2] esys_iutil: fix possible NPD
Clang-10 scan-build reports:
src/tss2-esys/esys_iutil.c:1366:56: warning: Dereference of null pointer
auths->auths[auths->count].sessionHandle = session->rsrc.handle;
^~~~~~~~~~~~~~~~~~~~
1 warning generated.
The code above the report checks that session might be NULL:
RSRC_NODE_T *session = esys_context->session_tab[session_idx];
if (session != NULL) {
IESYS_SESSION *rsrc_session = &session->rsrc.misc.rsrc_session;
if (rsrc_session->type_policy_session == POLICY_PASSWORD) {
Thus suggesting/indicating session may be NULL in subsequent code where
session is dereferenced.
Signed-off-by: William Roberts <william.c.roberts@intel.com>
---
src/tss2-esys/esys_iutil.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/tss2-esys/esys_iutil.c b/src/tss2-esys/esys_iutil.c
index 4d31cef8..b364dd73 100644
--- a/src/tss2-esys/esys_iutil.c
+++ b/src/tss2-esys/esys_iutil.c
@@ -1352,7 +1352,7 @@ iesys_gen_auths(ESYS_CONTEXT * esys_context,
&& encryptNonceIdx > 0) ? encryptNonce : NULL,
&auths->auths[session_idx]);
return_if_error(r, "Error while computing hmacs");
- if (esys_context->session_tab[session_idx] != NULL) {
+ if (esys_context->session_tab[session_idx] != NULL && session != NULL) {
auths->auths[auths->count].sessionHandle = session->rsrc.handle;
auths->count++;
}
--
2.39.2

65
SOURCES/0001-tss2-rc-fix-unknown-layer-handler-dropping-bits.patch
Unescape View File

@ -0,0 +1,65 @@
From eb2fd8b436688377a20d24a467fd03e62d3e6c06 Mon Sep 17 00:00:00 2001
From: William Roberts <william.c.roberts@intel.com>
Date: Tue, 24 Jan 2023 10:01:23 -0600
Subject: [PATCH 01/10] tss2-rc: fix unknown layer handler dropping bits
The commit (on 4.0.1 and master):
- 49107d65d5c7 tss2_rc: ensure layer number is in bounds
Introduces a bug where the right shift by 8 drops the lower byte going
into the unknown_layer handler function. This will effectively drop rc
error bits for unknown layers. The largest impact will be on windows
where their resource manager is not a registered handler.
Fix this by just dumping all the bytes and not get fancy with masking
things out.
Fixes: #2550
Signed-off-by: William Roberts <william.c.roberts@intel.com>
---
src/tss2-rc/tss2_rc.c | 4 ++--
test/unit/test_tss2_rc.c | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/tss2-rc/tss2_rc.c b/src/tss2-rc/tss2_rc.c
index 7e668a46..6de7d6f3 100644
--- a/src/tss2-rc/tss2_rc.c
+++ b/src/tss2-rc/tss2_rc.c
@@ -985,9 +985,9 @@ Tss2_RC_Decode(TSS2_RC rc)
} else {
/*
* we don't want to drop any bits if we don't know what to do with it
- * so drop the layer byte since we we already have that.
+ * so just send the whole thing.
*/
- const char *e = unknown_layer_handler(rc >> 8);
+ const char *e = unknown_layer_handler(rc);
assert(e);
catbuf(buf, "%s", e);
}
diff --git a/test/unit/test_tss2_rc.c b/test/unit/test_tss2_rc.c
index 0b0f57c6..e5051c85 100644
--- a/test/unit/test_tss2_rc.c
+++ b/test/unit/test_tss2_rc.c
@@ -199,7 +199,7 @@ test_custom_handler(void **state)
* Test an unknown layer
*/
e = Tss2_RC_Decode(rc);
- assert_string_equal(e, "1:0x100");
+ assert_string_equal(e, "1:0x1002A");
}
static void
@@ -288,7 +288,7 @@ test_all_FFs(void **state)
(void) state;
const char *e = Tss2_RC_Decode(0xFFFFFFFF);
- assert_string_equal(e, "255:0xFFFFFF");
+ assert_string_equal(e, "255:0xFFFFFFFF");
}
static void
--
2.41.0

65
SOURCES/0002-MU-Fix-unneeded-size-check-in-TPM2B-unmarshaling.patch
Unescape View File

@ -0,0 +1,65 @@
From 6e4f8823ca6f7f062df3cd4ee88e397fac9adc37 Mon Sep 17 00:00:00 2001
From: Juergen Repp <juergen_repp@web.de>
Date: Thu, 9 Feb 2023 15:22:08 +0100
Subject: [PATCH 02/10] MU: Fix unneeded size check in TPM2B unmarshaling
There is a size check for the destination object whether the size is zero.
If the memory of the destination object is no cleared this might cause
a race conditions.
Unneeded tests from the integration test tpmclient were removed.
Fixes: #2564
Signed-off-by: Juergen Repp <juergen_repp@web.de>
---
src/tss2-mu/tpm2b-types.c | 6 +-----
test/tpmclient/tpmclient.int.c | 9 ---------
2 files changed, 1 insertion(+), 14 deletions(-)
diff --git a/src/tss2-mu/tpm2b-types.c b/src/tss2-mu/tpm2b-types.c
index 2e10f487..6e8915f6 100644
--- a/src/tss2-mu/tpm2b-types.c
+++ b/src/tss2-mu/tpm2b-types.c
@@ -248,11 +248,7 @@ TSS2_RC Tss2_MU_##type##_Unmarshal(uint8_t const buffer[], size_t buffer_size, \
sizeof(size)); \
return TSS2_MU_RC_INSUFFICIENT_BUFFER; \
} \
- if (dest && dest->size != 0) { \
- LOG_WARNING("Size not zero"); \
- return TSS2_SYS_RC_BAD_VALUE; \
- } \
-\
+ \
rc = Tss2_MU_UINT16_Unmarshal(buffer, buffer_size, &local_offset, &size); \
if (rc) \
return rc; \
diff --git a/test/tpmclient/tpmclient.int.c b/test/tpmclient/tpmclient.int.c
index deedcfb7..16443955 100644
--- a/test/tpmclient/tpmclient.int.c
+++ b/test/tpmclient/tpmclient.int.c
@@ -847,12 +847,6 @@ static void TestHierarchyControl()
rval = Tss2_Sys_NV_DefineSpace( sysContext, TPM2_RH_PLATFORM, &sessionsData, &nvAuth, &publicInfo, 0 );
CheckPassed( rval );
- /* Test SYS for case where nvPublic.size != 0 */
- nvPublic.size = 0xff;
- INIT_SIMPLE_TPM2B_SIZE( nvName );
- rval = Tss2_Sys_NV_ReadPublic( sysContext, TPM20_INDEX_TEST1, 0, &nvPublic, &nvName, 0 );
- CheckFailed( rval, TSS2_SYS_RC_BAD_VALUE );
-
nvPublic.size = 0;
INIT_SIMPLE_TPM2B_SIZE( nvName );
rval = Tss2_Sys_NV_ReadPublic( sysContext, TPM20_INDEX_TEST1, 0, &nvPublic, &nvName, 0 );
@@ -2135,10 +2129,7 @@ static void EcEphemeralTest()
LOG_INFO("EC Ephemeral TESTS:" );
- /* Test SYS for case of Q size field not being set to 0. */
INIT_SIMPLE_TPM2B_SIZE( Q );
- rval = Tss2_Sys_EC_Ephemeral( sysContext, 0, TPM2_ECC_BN_P256, &Q, &counter, 0 );
- CheckFailed( rval, TSS2_SYS_RC_BAD_VALUE );
Q.size = 0;
rval = Tss2_Sys_EC_Ephemeral( sysContext, 0, TPM2_ECC_BN_P256, &Q, &counter, 0 );
--
2.41.0

78
SOURCES/0003-FAPI-Fix-parameter-encryption-for-provisioning.patch
Unescape View File

@ -0,0 +1,78 @@
From d486edf730d652c8ab2fc50eb00e45223b43628f Mon Sep 17 00:00:00 2001
From: Juergen Repp <juergen_repp@web.de>
Date: Tue, 14 Feb 2023 19:52:28 +0100
Subject: [PATCH 03/10] FAPI: Fix parameter encryption for provisioning
Currently no parameter encryption was made during provisioning.
Now the EK es used as tpmkey for the create primary session of
the SRK and the SRK is used for parameter encryption of the
other command executed during provisioning.
Signed-off-by: Juergen Repp <juergen_repp@web.de>
---
src/tss2-fapi/api/Fapi_Provision.c | 6 ++++--
src/tss2-fapi/fapi_int.h | 7 ++++---
src/tss2-fapi/fapi_util.c | 5 ++++-
3 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/src/tss2-fapi/api/Fapi_Provision.c b/src/tss2-fapi/api/Fapi_Provision.c
index 97c25828..48f2fd3b 100644
--- a/src/tss2-fapi/api/Fapi_Provision.c
+++ b/src/tss2-fapi/api/Fapi_Provision.c
@@ -884,7 +884,8 @@ Fapi_Provision_Finish(FAPI_CONTEXT *context)
statecase(context->state, PROVISION_INIT_SRK);
/* Create session which will be used for SRK generation. */
context->srk_handle = context->ek_handle;
- r = ifapi_get_sessions_async(context, IFAPI_SESSION1, 0, 0);
+ r = ifapi_get_sessions_async(context, IFAPI_SESSION_USE_SRK | IFAPI_SESSION1,
+ TPMA_SESSION_DECRYPT, 0);
goto_if_error_reset_state(r, "Create sessions", error_cleanup);
fallthrough;
@@ -1084,7 +1085,8 @@ Fapi_Provision_Finish(FAPI_CONTEXT *context)
try_again_or_error_goto(r, "Cleanup", error_cleanup);
/* Create session which will be used for parameter encryption. */
- r = ifapi_get_sessions_async(context, IFAPI_SESSION1, 0, 0);
+ r = ifapi_get_sessions_async(context, IFAPI_SESSION_USE_SRK | IFAPI_SESSION1,
+ TPMA_SESSION_DECRYPT, 0);
goto_if_error_reset_state(r, "Create sessions", error_cleanup);
fallthrough;
diff --git a/src/tss2-fapi/fapi_int.h b/src/tss2-fapi/fapi_int.h
index 5f666a75..8533112a 100644
--- a/src/tss2-fapi/fapi_int.h
+++ b/src/tss2-fapi/fapi_int.h
@@ -55,9 +55,10 @@ typedef UINT32 TSS2_KEY_TYPE;
#define MAX_PLATFORM_CERT_HANDLE 0x01C0FFFF
typedef UINT8 IFAPI_SESSION_TYPE;
-#define IFAPI_SESSION_GENEK 0x01
-#define IFAPI_SESSION1 0x02
-#define IFAPI_SESSION2 0x04
+#define IFAPI_SESSION_GENEK 0x01
+#define IFAPI_SESSION1 0x02
+#define IFAPI_SESSION2 0x04
+#define IFAPI_SESSION_USE_SRK 0x08
#define IFAPI_POLICY_PATH "policy"
#define IFAPI_NV_PATH "nv"
diff --git a/src/tss2-fapi/fapi_util.c b/src/tss2-fapi/fapi_util.c
index 44dd4168..ded0d247 100644
--- a/src/tss2-fapi/fapi_util.c
+++ b/src/tss2-fapi/fapi_util.c
@@ -1327,7 +1327,10 @@ ifapi_get_sessions_async(FAPI_CONTEXT *context,
context->session2_attribute_flags = attribute_flags2;
char *file = NULL;
- if (!(session_flags & IFAPI_SESSION_GENEK)) {
+ if (session_flags & IFAPI_SESSION_USE_SRK) {
+ context->session_state = SESSION_CREATE_SESSION;
+ return TSS2_RC_SUCCESS;
+ } else if (!(session_flags & IFAPI_SESSION_GENEK)) {
context->srk_handle = ESYS_TR_NONE;
context->session_state = SESSION_CREATE_SESSION;
return TSS2_RC_SUCCESS;
--
2.41.0

101
SOURCES/0004-FAPI-Fix-missing-parameter-encryption-for-policy-ses.patch
Unescape View File

@ -0,0 +1,101 @@
From 6bb79f17b89592909830f872dc47d09c0e5dadda Mon Sep 17 00:00:00 2001
From: Juergen Repp <juergen_repp@web.de>
Date: Fri, 3 Mar 2023 11:17:43 +0100
Subject: [PATCH 04/10] FAPI: Fix missing parameter encryption for policy
sessions.
The parameter encryption for policy sessions was not enabled.
Now the parameter encryption is enabled and the auth value of
objects is added to the session key.
One exception is the cp hash policy. In this case the
the cp hash check forced by this policy would fail with an
encrypted parameter.
Signed-off-by: Juergen Repp <juergen_repp@web.de>
---
src/tss2-fapi/fapi_util.c | 28 ++++++++++++------------
src/tss2-fapi/ifapi_policy_execute.c | 5 +++++
src/tss2-fapi/ifapi_policyutil_execute.c | 4 ++++
3 files changed, 23 insertions(+), 14 deletions(-)
diff --git a/src/tss2-fapi/fapi_util.c b/src/tss2-fapi/fapi_util.c
index ded0d247..55ce3327 100644
--- a/src/tss2-fapi/fapi_util.c
+++ b/src/tss2-fapi/fapi_util.c
@@ -2110,21 +2110,20 @@ ifapi_authorize_object(FAPI_CONTEXT *context, IFAPI_OBJECT *object, ESYS_TR *ses
statecase(object->authorization_state, AUTH_INIT)
LOG_TRACE("**STATE** AUTH_INIT");
- if (!policy_digest_size(object)) {
- /* No policy used authorization callbacks have to be called if necessary. */
- if (object_with_auth(object)) {
- /* Check whether hierarchy was already authorized. */
- if (object->objectType != IFAPI_HIERARCHY_OBJ ||
- !object->misc.hierarchy.authorized) {
- char *description = NULL;
- r = ifapi_get_description(object, &description);
- return_if_error(r, "Get description");
-
- r = ifapi_set_auth(context, object, description);
- SAFE_FREE(description);
- return_if_error(r, "Set auth value");
- }
+ if (object_with_auth(object)) {
+ /* Check whether hierarchy was already authorized. */
+ if (object->objectType != IFAPI_HIERARCHY_OBJ ||
+ !object->misc.hierarchy.authorized) {
+ char *description = NULL;
+ r = ifapi_get_description(object, &description);
+ return_if_error(r, "Get description");
+
+ r = ifapi_set_auth(context, object, description);
+ SAFE_FREE(description);
+ return_if_error(r, "Set auth value");
}
+ }
+ if (!policy_digest_size(object)) {
/* No policy session needed current fapi session can be used */
if (context->session1 && context->session1 != ESYS_TR_NONE)
*session = context->session1;
@@ -2133,6 +2132,7 @@ ifapi_authorize_object(FAPI_CONTEXT *context, IFAPI_OBJECT *object, ESYS_TR *ses
*session = ESYS_TR_PASSWORD;
break;
}
+
/* Save current object to be authorized in context. */
context->current_auth_object = object;
r = ifapi_policyutil_execute_prepare(context, get_name_alg(context, object),
diff --git a/src/tss2-fapi/ifapi_policy_execute.c b/src/tss2-fapi/ifapi_policy_execute.c
index c2ce3301..0e7de316 100644
--- a/src/tss2-fapi/ifapi_policy_execute.c
+++ b/src/tss2-fapi/ifapi_policy_execute.c
@@ -1245,6 +1245,11 @@ execute_policy_cp_hash(
r = Esys_PolicyCpHash_Finish(esys_ctx);
try_again_or_error(r, "Execute PolicyCpHash_Finish.");
+ /* Disable encryption to enable check of cp hash defined in
+ policy cp. */
+ r = Esys_TRSess_SetAttributes(esys_ctx, current_policy->session,
+ 0, 0xff);
+
current_policy->state = POLICY_EXECUTE_INIT;
return r;
diff --git a/src/tss2-fapi/ifapi_policyutil_execute.c b/src/tss2-fapi/ifapi_policyutil_execute.c
index 997fb504..0e2823cb 100644
--- a/src/tss2-fapi/ifapi_policyutil_execute.c
+++ b/src/tss2-fapi/ifapi_policyutil_execute.c
@@ -119,6 +119,10 @@ create_session(
r = Esys_StartAuthSession_Finish(context->esys, session);
if (r != TSS2_RC_SUCCESS)
return r;
+
+ r = Esys_TRSess_SetAttributes(context->esys, *session,
+ TPMA_SESSION_ENCRYPT | TPMA_SESSION_DECRYPT,
+ 0xff);
context->policy.create_session_state = CREATE_SESSION_INIT;
break;
--
2.41.0

59
SOURCES/0005-FAPI-Fix-missing-parameter-encryption-for-some-HMAC-.patch
Unescape View File

@ -0,0 +1,59 @@
From c7cd976e7152e3f5aaa813aaebf4ab1e5d9b1f3e Mon Sep 17 00:00:00 2001
From: Juergen Repp <juergen_repp@web.de>
Date: Sun, 5 Mar 2023 19:19:22 +0100
Subject: [PATCH 05/10] FAPI: Fix missing parameter encryption for some HMAC
sessions.
* For Fapi_CreateNv and Fap_NvSetBits the parameter encryption was not enabled.
* For Fapi_Unseal the response description was not enabled.
Signed-off-by: Juergen Repp <juergen_repp@web.de>
---
src/tss2-fapi/api/Fapi_CreateNv.c | 2 +-
src/tss2-fapi/api/Fapi_NvSetBits.c | 2 +-
src/tss2-fapi/fapi_util.c | 3 ++-
3 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/tss2-fapi/api/Fapi_CreateNv.c b/src/tss2-fapi/api/Fapi_CreateNv.c
index 45e72e33..8160b99d 100644
--- a/src/tss2-fapi/api/Fapi_CreateNv.c
+++ b/src/tss2-fapi/api/Fapi_CreateNv.c
@@ -399,7 +399,7 @@ Fapi_CreateNv_Finish(
context->primary_state = PRIMARY_INIT;
r = ifapi_get_sessions_async(context,
IFAPI_SESSION_GENEK | IFAPI_SESSION1,
- 0, 0);
+ TPMA_SESSION_DECRYPT, 0);
goto_if_error_reset_state(r, "Create sessions", error_cleanup);
fallthrough;
diff --git a/src/tss2-fapi/api/Fapi_NvSetBits.c b/src/tss2-fapi/api/Fapi_NvSetBits.c
index 0615aa12..adf332e0 100644
--- a/src/tss2-fapi/api/Fapi_NvSetBits.c
+++ b/src/tss2-fapi/api/Fapi_NvSetBits.c
@@ -282,7 +282,7 @@ Fapi_NvSetBits_Finish(
/* Prepare session for authorization */
r = ifapi_get_sessions_async(context,
IFAPI_SESSION_GENEK | IFAPI_SESSION1,
- 0, 0);
+ TPMA_SESSION_DECRYPT, 0);
goto_if_error_reset_state(r, "Create sessions", error_cleanup);
fallthrough;
diff --git a/src/tss2-fapi/fapi_util.c b/src/tss2-fapi/fapi_util.c
index 55ce3327..ef4a92d0 100644
--- a/src/tss2-fapi/fapi_util.c
+++ b/src/tss2-fapi/fapi_util.c
@@ -2743,7 +2743,8 @@ ifapi_load_key(
/* Prepare the session creation. */
r = ifapi_get_sessions_async(context,
IFAPI_SESSION_GENEK | IFAPI_SESSION1,
- TPMA_SESSION_DECRYPT, 0);
+ TPMA_SESSION_DECRYPT | TPMA_SESSION_ENCRYPT,
+ 0);
goto_if_error_reset_state(r, "Create sessions", error_cleanup);
fallthrough;
--
2.41.0

61
SOURCES/0006-FAPI-Fix-usage-of-persistent-handles.patch
Unescape View File

@ -0,0 +1,61 @@
From db8ccb1df778dc92d1be88a88ddcd9d6c92c3e63 Mon Sep 17 00:00:00 2001
From: Juergen Repp <juergen_repp@web.de>
Date: Mon, 3 Apr 2023 21:21:55 +0200
Subject: [PATCH 06/10] FAPI: Fix usage of persistent handles.
* Evict control for persistent keys created with Fapi_CreateKey was
called with the wrong handle.
* If Fapi_Quote was executed with a primary key for this key flush
context was called.
Signed-off-by: Juergen Repp <juergen_repp@web.de>
---
src/tss2-fapi/api/Fapi_Quote.c | 14 +++++++++-----
src/tss2-fapi/fapi_util.c | 1 +
2 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/src/tss2-fapi/api/Fapi_Quote.c b/src/tss2-fapi/api/Fapi_Quote.c
index b71267a7..61e4e3db 100644
--- a/src/tss2-fapi/api/Fapi_Quote.c
+++ b/src/tss2-fapi/api/Fapi_Quote.c
@@ -392,16 +392,20 @@ Fapi_Quote_Finish(
goto_if_error(r, "Error: PCR_Quote", error_cleanup);
/* Flush the key used for the quote. */
- r = Esys_FlushContext_Async(context->esys, command->handle);
- goto_if_error(r, "Error: FlushContext", error_cleanup);
+ if (!command->key_object->misc.key.persistent_handle) {
+ r = Esys_FlushContext_Async(context->esys, command->handle);
+ goto_if_error(r, "Error: FlushContext", error_cleanup);
+ }
command->handle = ESYS_TR_NONE;
fallthrough;
statecase(context->state, PCR_QUOTE_WAIT_FOR_FLUSH);
- r = Esys_FlushContext_Finish(context->esys);
- return_try_again(r);
- goto_if_error(r, "Error: Sign", error_cleanup);
+ if (!command->key_object->misc.key.persistent_handle) {
+ r = Esys_FlushContext_Finish(context->esys);
+ return_try_again(r);
+ goto_if_error(r, "Error: Sign", error_cleanup);
+ }
sig_key_object = command->key_object;
/* Convert the TPM-encoded signature into something useful for the caller. */
diff --git a/src/tss2-fapi/fapi_util.c b/src/tss2-fapi/fapi_util.c
index ef4a92d0..49f7dd07 100644
--- a/src/tss2-fapi/fapi_util.c
+++ b/src/tss2-fapi/fapi_util.c
@@ -4746,6 +4746,7 @@ ifapi_create_primary(
statecase(context->cmd.Key_Create.state, KEY_CREATE_PRIMARY_WAIT_FOR_AUTHORIZE2);
if (template->persistent_handle) {
+ object->misc.key.persistent_handle = template->persistent_handle;
r = ifapi_authorize_object(context, hierarchy, &auth_session);
FAPI_SYNC(r, "Authorize hierarchy.", error_cleanup);
--
2.41.0

62
SOURCES/0007-build-Fix-failed-build-with-disable-vendor.patch
Unescape View File

@ -0,0 +1,62 @@
From e46840f3ec5932f3f9206f3eab903d82b7a977db Mon Sep 17 00:00:00 2001
From: Juergen Repp <juergen_repp@web.de>
Date: Mon, 27 Feb 2023 18:00:54 +0100
Subject: [PATCH 07/10] build: Fix failed build with --disable-vendor
The compilation of the marshaling functions for TPML_INTEL_PTT_PROPERTY
is now disabled for builds with --disable-vendor.
Fixes: #2571
Signed-off-by: Juergen Repp <juergen_repp@web.de>
---
include/tss2/tss2_tpm2_types.h | 2 ++
src/tss2-mu/tpml-types.c | 2 ++
tss2-dlopen/tss2-dlopen-mu.c | 2 ++
3 files changed, 6 insertions(+)
diff --git a/include/tss2/tss2_tpm2_types.h b/include/tss2/tss2_tpm2_types.h
index 96286fb7..39a6978c 100644
--- a/include/tss2/tss2_tpm2_types.h
+++ b/include/tss2/tss2_tpm2_types.h
@@ -63,7 +63,9 @@
#define TPM2_PRIVATE_VENDOR_SPECIFIC_BYTES ((TPM2_MAX_RSA_KEY_BYTES / 2) * (3 + 2))
/* Vendor Specific Defines */
+#ifndef DISABLE_VENDOR
#define TPM2_MAX_PTT_PROPERTIES (TPM2_MAX_CAP_BUFFER / sizeof(UINT32))
+#endif
/* Attached Component Capabilities */
#define TPM2_MAX_AC_CAPABILITIES (TPM2_MAX_CAP_BUFFER / sizeof(TPMS_AC_OUTPUT))
diff --git a/src/tss2-mu/tpml-types.c b/src/tss2-mu/tpml-types.c
index 60f85a8c..1df9bbb8 100644
--- a/src/tss2-mu/tpml-types.c
+++ b/src/tss2-mu/tpml-types.c
@@ -175,8 +175,10 @@ TPML_MARSHAL(TPML_PCR_SELECTION, Tss2_MU_TPMS_PCR_SELECTION_Marshal, pcrSelectio
TPML_UNMARSHAL(TPML_PCR_SELECTION, Tss2_MU_TPMS_PCR_SELECTION_Unmarshal, pcrSelections)
TPML_MARSHAL(TPML_DIGEST_VALUES, Tss2_MU_TPMT_HA_Marshal, digests, ADDR)
TPML_UNMARSHAL(TPML_DIGEST_VALUES, Tss2_MU_TPMT_HA_Unmarshal, digests)
+#ifndef DISABLE_VENDOR
TPML_MARSHAL(TPML_INTEL_PTT_PROPERTY, Tss2_MU_UINT32_Marshal, property, VAL)
TPML_UNMARSHAL(TPML_INTEL_PTT_PROPERTY, Tss2_MU_UINT32_Unmarshal, property)
+#endif
TPML_MARSHAL(TPML_AC_CAPABILITIES, Tss2_MU_TPMS_AC_OUTPUT_Marshal, acCapabilities, ADDR)
TPML_UNMARSHAL(TPML_AC_CAPABILITIES, Tss2_MU_TPMS_AC_OUTPUT_Unmarshal, acCapabilities)
TPML_MARSHAL(TPML_TAGGED_POLICY, Tss2_MU_TPMS_TAGGED_POLICY_Marshal, policies, ADDR)
diff --git a/tss2-dlopen/tss2-dlopen-mu.c b/tss2-dlopen/tss2-dlopen-mu.c
index 2297818b..21cd1123 100644
--- a/tss2-dlopen/tss2-dlopen-mu.c
+++ b/tss2-dlopen/tss2-dlopen-mu.c
@@ -254,7 +254,9 @@ MAKE_MU_STRUCT(TPML_ALG_PROPERTY);
MAKE_MU_STRUCT(TPML_ECC_CURVE);
MAKE_MU_STRUCT(TPML_TAGGED_PCR_PROPERTY);
MAKE_MU_STRUCT(TPML_TAGGED_TPM_PROPERTY);
+#ifndef DISABLE_VENDOR
MAKE_MU_STRUCT(TPML_INTEL_PTT_PROPERTY);
+#endif
MAKE_MU_STRUCT(TPML_AC_CAPABILITIES);
MAKE_MU_STRUCT(TPML_TAGGED_POLICY);
MAKE_MU_STRUCT(TPML_ACT_DATA);
--
2.41.0

35
SOURCES/0008-FAPI-Fapi_GetInfo-display-warning-for-SHA3-hash-algs.patch
Unescape View File

@ -0,0 +1,35 @@
From acb274ee0c59d6159b66e2df08aaf410e179f5f9 Mon Sep 17 00:00:00 2001
From: Juergen Repp <juergen_repp@web.de>
Date: Mon, 10 Apr 2023 20:20:24 +0200
Subject: [PATCH 08/10] FAPI: Fapi_GetInfo display warning for SHA3 hash algs.
Currenlty FAPI_GetInfo did produce errors if the TPM implements
SHA3 hash algs. Now a warning is displayed.
Signed-off-by: Juergen Repp <juergen_repp@web.de>
---
src/tss2-fapi/tpm_json_serialize.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/tss2-fapi/tpm_json_serialize.c b/src/tss2-fapi/tpm_json_serialize.c
index 1eaa4eb2..65320da6 100644
--- a/src/tss2-fapi/tpm_json_serialize.c
+++ b/src/tss2-fapi/tpm_json_serialize.c
@@ -1558,6 +1558,14 @@ ifapi_json_TPMS_ALG_PROPERTY_serialize(const TPMS_ALG_PROPERTY *in, json_object
return_if_null(in, "Bad reference.", TSS2_FAPI_RC_BAD_REFERENCE);
TSS2_RC r;
+
+ if ((in->alg == TPM2_ALG_SHA3_256 ||
+ in->alg == TPM2_ALG_SHA3_384 ||
+ in->alg == TPM2_ALG_SHA3_512)) {
+ LOG_WARNING("SHA3 hash algs are not supported by TSS");
+ return TSS2_RC_SUCCESS;
+ }
+
json_object *jso2;
if (*jso == NULL)
*jso = json_object_new_object ();
--
2.41.0

39
SOURCES/0009-FAPI-Skip-provisioning-test-for-nv-ext-and-profile-p.patch
Unescape View File

@ -0,0 +1,39 @@
From e43323dd5c089ed6af0a6a77b30f97350e1fbb6a Mon Sep 17 00:00:00 2001
From: Juergen Repp <juergen_repp@web.de>
Date: Sun, 9 Apr 2023 08:38:56 +0200
Subject: [PATCH 09/10] FAPI: Skip provisioning test for nv ext and profile
paths.
The provisioning test in ifapi_check_provisioned will be skipped
for ext nv and profile paths. The test did produce inappropriate
error messages if the corresponding paths did not exist in keystore.
The test is only needed for pathnames starting with the profile.
Fixes: #2596
Signed-off-by: Juergen Repp <juergen_repp@web.de>
---
src/tss2-fapi/ifapi_keystore.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/tss2-fapi/ifapi_keystore.c b/src/tss2-fapi/ifapi_keystore.c
index 7e50ee1e..38c2f7fd 100644
--- a/src/tss2-fapi/ifapi_keystore.c
+++ b/src/tss2-fapi/ifapi_keystore.c
@@ -1772,6 +1772,14 @@ ifapi_check_provisioned(
*ok = false;
+ /* No profile in path, test can be skipped. */
+ if (ifapi_path_type_p(rel_path, IFAPI_NV_PATH) ||
+ ifapi_path_type_p(rel_path, IFAPI_POLICY_PATH) ||
+ ifapi_path_type_p(rel_path, IFAPI_EXT_PATH)) {
+ *ok = true;
+ return TSS2_RC_SUCCESS;
+ }
+
/* First expand path in user directory */
r = expand_path(keystore, rel_path, &directory);
goto_if_error(r, "Expand path", cleanup);
--
2.41.0

30
SOURCES/0010-FAPI-Fix-wrong-allocation-of-pcr-policy.patch
Unescape View File

@ -0,0 +1,30 @@
From 12519626a221f0e4c20e66ec101429fc0f321c6f Mon Sep 17 00:00:00 2001
From: Juergen Repp <juergen_repp@web.de>
Date: Fri, 12 May 2023 09:30:53 +0200
Subject: [PATCH 10/10] FAPI: Fix wrong allocation of pcr policy.
The list of pcr registers was was allocated with the wrong size in the
function copy_policy_element which caused a segfault if more than one
pcr was used.
Signed-off-by: Juergen Repp <juergen_repp@web.de>
---
src/tss2-fapi/ifapi_helpers.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/tss2-fapi/ifapi_helpers.c b/src/tss2-fapi/ifapi_helpers.c
index e1c4220b..5c574717 100644
--- a/src/tss2-fapi/ifapi_helpers.c
+++ b/src/tss2-fapi/ifapi_helpers.c
@@ -1343,7 +1343,7 @@ copy_policy_element(const TPMT_POLICYELEMENT *from_policy, TPMT_POLICYELEMENT *t
case POLICYPCR:
to_policy->element.PolicyPCR.pcrs =
calloc(1, sizeof(TPML_PCRVALUES) +
- from_policy->element.PolicyPCR.pcrs->count + sizeof(TPMS_PCRVALUE));
+ from_policy->element.PolicyPCR.pcrs->count * sizeof(TPMS_PCRVALUE));
goto_if_null2(to_policy->element.PolicyPCR.pcrs, "Out of memory.",
r, TSS2_FAPI_RC_MEMORY, error);
to_policy->element.PolicyPCR.pcrs->count
--
2.41.0

15
SOURCES/tpm2-tss-3.0.0-doxygen.patch
Unescape View File

@ -0,0 +1,15 @@
diff -up tpm2-tss-3.0.0/Doxyfile.in.me tpm2-tss-3.0.0/Doxyfile.in
--- tpm2-tss-3.0.0/Doxyfile.in.me 2020-09-15 20:24:26.463314644 +0200
+++ tpm2-tss-3.0.0/Doxyfile.in 2020-09-15 20:26:29.010866650 +0200
@@ -947,7 +947,10 @@ EXCLUDE_PATTERNS =
# Note that the wildcards are matched against the file with absolute path, so to
# exclude all test directories use the pattern */test/*
-EXCLUDE_SYMBOLS = *_IN IESYS_CMD_IN_PARAM
+EXCLUDE_SYMBOLS = StartAuthSession_IN CreatePrimary_IN ContextSave_IN ContextLoad_IN \
+ Load_IN LoadExternal_IN CreateLoaded_IN EvictControl_IN HMAC_Start_IN \
+ HierarchyChangeAuth_IN SequenceComplete_IN Policy_IN NV_IN FlushContext_IN \
+ IESYS_CMD_IN_PARAM
# The EXAMPLE_PATH tag can be used to specify one or more files or directories
# that contain example code fragments that are included (see the \include

2
SOURCES/tpm2-tss-systemd-sysusers.conf
Unescape View File

@ -0,0 +1,2 @@
#Type Name ID GECOS Home directory Shell
u tss 59 "Account used for TPM access" - -

313
SPECS/tpm2-tss.spec
Unescape View File

@ -0,0 +1,313 @@
Name: tpm2-tss
Version: 3.2.2
Release: 2%{?dist}
Summary: TPM2.0 Software Stack
License: BSD
URL: https://github.com/tpm2-software/tpm2-tss
Source0: https://github.com/tpm2-software/tpm2-tss/releases/download/%{version}/%{name}-%{version}.tar.gz
Source1: tpm2-tss-systemd-sysusers.conf
# doxygen patch
Patch0: tpm2-tss-3.0.0-doxygen.patch
Patch2: 0001-esys_iutil-fix-possible-NPD.patch
Patch3: 0001-tss2-rc-fix-unknown-layer-handler-dropping-bits.patch
Patch4: 0002-MU-Fix-unneeded-size-check-in-TPM2B-unmarshaling.patch
Patch5: 0003-FAPI-Fix-parameter-encryption-for-provisioning.patch
Patch6: 0004-FAPI-Fix-missing-parameter-encryption-for-policy-ses.patch
Patch7: 0005-FAPI-Fix-missing-parameter-encryption-for-some-HMAC-.patch
Patch8: 0006-FAPI-Fix-usage-of-persistent-handles.patch
Patch11: 0007-build-Fix-failed-build-with-disable-vendor.patch
Patch12: 0008-FAPI-Fapi_GetInfo-display-warning-for-SHA3-hash-algs.patch
Patch13: 0009-FAPI-Skip-provisioning-test-for-nv-ext-and-profile-p.patch
Patch14: 0010-FAPI-Fix-wrong-allocation-of-pcr-policy.patch
%global udevrules_prefix 60-
BuildRequires: make
BuildRequires: autoconf-archive
BuildRequires: doxygen
BuildRequires: gcc
BuildRequires: gcc-c++
BuildRequires: json-c-devel
BuildRequires: libcurl-devel
BuildRequires: libgcrypt-devel
BuildRequires: libtool
BuildRequires: openssl-devel
BuildRequires: pkgconfig
BuildRequires: systemd
BuildRequires: systemd-rpm-macros
Requires(pre): shadow-utils
%description
tpm2-tss is a software stack supporting Trusted Platform Module(TPM) 2.0 system
APIs. It sits between TPM driver and applications, providing TPM2.0 specified
APIs for applications to access TPM module through kernel TPM drivers.
%prep
%autosetup -p1 -n %{name}-%{version}
%build
# Use built-in tpm-udev.rules, with specified installation path and prefix.
%configure --disable-static --disable-silent-rules \
--disable-tcti-pcap --disable-tcti-libtpms \
--with-udevrulesdir=%{_udevrulesdir} --with-udevrulesprefix=%{udevrules_prefix} \
--with-runstatedir=%{_rundir} --with-tmpfilesdir=%{_tmpfilesdir} --with-sysusersdir=%{_sysusersdir}
# This is to fix Rpath errors. Taken from https://fedoraproject.org/wiki/Packaging:Guidelines#Removing_Rpath
sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
%make_build
%install
%make_install
find %{buildroot}%{_libdir} -type f -name \*.la -delete
rm %{buildroot}%{_sysusersdir}/tpm2-tss.conf
install -p -D -m 0644 %{SOURCE1} %{buildroot}%{_sysusersdir}/tpm2-tss.conf
%pre
%sysusers_create_compat %{SOURCE1}
exit 0
%ldconfig_scriptlets
%files
%doc README.md CHANGELOG.md
%license LICENSE
%{_sysconfdir}/tpm2-tss/
%{_libdir}/libtss2-mu.so.0*
%{_libdir}/libtss2-sys.so.1*
%{_libdir}/libtss2-esys.so.0*
%{_libdir}/libtss2-fapi.so.1*
%{_libdir}/libtss2-rc.so.0*
%{_libdir}/libtss2-tctildr.so.0*
%{_libdir}/libtss2-tcti-cmd.so.0*
%{_libdir}/libtss2-tcti-device.so.0*
%{_libdir}/libtss2-tcti-mssim.so.0*
%{_libdir}/libtss2-tcti-swtpm.so.0*
%{_sysusersdir}/tpm2-tss.conf
%{_tmpfilesdir}/tpm2-tss-fapi.conf
%{_udevrulesdir}/%{udevrules_prefix}tpm-udev.rules
%package devel
Summary: Headers and libraries for building apps that use tpm2-tss
Requires: %{name}%{_isa} = %{version}-%{release}
%description devel
This package contains headers and libraries required to build applications that
use tpm2-tss.
%files devel
%{_includedir}/tss2/
%{_libdir}/libtss2-mu.so
%{_libdir}/libtss2-sys.so
%{_libdir}/libtss2-esys.so
%{_libdir}/libtss2-fapi.so
%{_libdir}/libtss2-rc.so
%{_libdir}/libtss2-tctildr.so
%{_libdir}/libtss2-tcti-cmd.so
%{_libdir}/libtss2-tcti-device.so
%{_libdir}/libtss2-tcti-mssim.so
%{_libdir}/libtss2-tcti-swtpm.so
%{_libdir}/pkgconfig/tss2-mu.pc
%{_libdir}/pkgconfig/tss2-sys.pc
%{_libdir}/pkgconfig/tss2-esys.pc
%{_libdir}/pkgconfig/tss2-fapi.pc
%{_libdir}/pkgconfig/tss2-rc.pc
%{_libdir}/pkgconfig/tss2-tctildr.pc
%{_libdir}/pkgconfig/tss2-tcti-cmd.pc
%{_libdir}/pkgconfig/tss2-tcti-device.pc
%{_libdir}/pkgconfig/tss2-tcti-mssim.pc
%{_libdir}/pkgconfig/tss2-tcti-swtpm.pc
%{_mandir}/man3/*.3.gz
%{_mandir}/man5/*.5.gz
%{_mandir}/man7/tss2*.7.gz
%changelog
* Fri Sep 22 2023 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 3.2.2-2
- Rebuilt for MSVSphere 9.3 beta
* Mon Jul 3 2023 Štěpán Horáček <shoracek@redhat.com> - 3.2.2-2
- Remove misapplied license
Resolves: rhbz#2160307
* Fri Jun 23 2023 Štěpán Horáček <shoracek@redhat.com> - 3.2.2-1
- Rebase to 3.2.2
- Use systemd-sysusers to create user
Resolves: CVE-2023-22745
Resolves: rhbz#2095479
Resolves: rhbz#2160307
Resolves: rhbz#2162613
* Wed Aug 10 2022 Štěpán Horáček <shoracek@redhat.com> - 3.0.3-8
- Fix memory leaks, potential crashes, upgrade to OpenSSL 3
Resolves: rhbz#2041919
* Thu Feb 17 2022 Štěpán Horáček <shoracek@redhat.com> - 3.0.3-7
- Rebuild with latest json-c library
Related: rhbz#2023328
* Wed Aug 18 2021 Štěpán Horáček <shoracek@redhat.com> - 3.0.3-6
- Fix failures while using OpenSSL 3
Resolves: rhbz#1984634
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 3.0.3-5
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 3.0.3-4
- Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 3.0.3-3
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Thu Nov 26 2020 Peter Robinson <pbrobinson@fedoraproject.org> - 3.0.3-1
- Update to 3.0.2
* Sun Nov 22 2020 Peter Robinson <pbrobinson@fedoraproject.org> - 3.0.2-1
- Update to 3.0.2
* Wed Sep 23 2020 Peter Robinson <pbrobinson@fedoraproject.org> - 3.0.1-1
- Update to 3.0.1
* Tue Sep 15 2020 Than Ngo <than@redhat.com> - 3.0.0-4
- Fix doxygen crash
* Tue Sep 15 2020 Peter Robinson <pbrobinson@fedoraproject.org> - 3.0.0-3
- Create tss user, if it doesn't exist, for userspace TPM access
* Fri Aug 07 2020 Peter Robinson <pbrobinson@fedoraproject.org> - 3.0.0-2
- Install sysusers config in sysusersdir (rhbz #1834519)
* Wed Aug 05 2020 Peter Robinson <pbrobinson@fedoraproject.org> - 3.0.0-1
- Update to 3.0.0
* Wed Aug 05 2020 Peter Robinson <pbrobinson@fedoraproject.org> - 2.4.2-1
- Update to 2.4.2
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Thu May 14 2020 Peter Robinson <pbrobinson@fedoraproject.org> - 2.4.1-1
- Update to 2.4.1
* Fri May 08 2020 Paul Wouters <pwouters@redhat.com> - 2.4.0-3
- Use proper rundir and tmpfiles macros so proper directories are used
* Tue Apr 21 2020 Björn Esser <besser82@fedoraproject.org> - 2.4.0-2
- Rebuild (json-c)
* Thu Mar 12 2020 Peter Robinson <pbrobinson@fedoraproject.org> - 2.4.0-1
- Update to 2.4.0 release
* Mon Feb 24 2020 Peter Robinson <pbrobinson@fedoraproject.org> - 2.3.3-1
- Update to 2.3.3 release
* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Dec 13 2019 Yunying Sun <yunying.sun@intel.com> - 2.3.2-1
- Update to 2.3.2 release
* Fri Sep 6 2019 Yunying Sun <yunying.sun@intel.com> - 2.3.1-1
- Update to 2.3.1 release
* Thu Aug 15 2019 Yunying Sun <yunying.sun@intel.com> - 2.3.0-1
- Update to 2.3.0 release
* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Wed May 29 2019 Yunying Sun <yunying.sun@intel.com> - 2.2.3-1
- Update to 2.2.3 release
* Fri Mar 29 2019 Yunying Sun <yunying.sun@intel.com> - 2.2.2-1
- Update to 2.2.2 release
* Mon Mar 4 2019 Peter Robinson <pbrobinson@fedoraproject.org> 2.2.1-1
- Update to 2.2.1 release
* Wed Feb 06 2019 Javier Martinez Canillas <javierm@redhat.com> - 2.2.0-1
- Update to 2.2.0 release
* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Wed Oct 10 2018 Yunying Sun <yunying.sun@intel.com> - 2.1.0-1
- Update to 2.1.0 release
* Thu Aug 30 2018 Yunying Sun <yunying.sun@intel.com> - 2.0.1-1
- Update to 2.0.1 release
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Jul 4 2018 Yunying Sun <yunying.sun@intel.com> - 2.0.0-2
- Re-enable ESAPI since gcrypt dependency is not an issue for Fedora
- Bump release version to 2.0.0-2
* Mon Jul 2 2018 Yunying Sun <yunying.sun@intel.com> - 2.0.0-1
- Update to 2.0.0 release (RHBZ#1508870)
- Remove patch file 60-tpm-udev.rules, use upstream tpm-udev.rules instead
- Disable ESAPI to fix build errors caused by dependency to libgcrypt 1.6.0
- Add scriptlet to fix Rpath errors
- Update file installation paths and names accordingly
* Sun Mar 04 2018 Javier Martinez Canillas <javierm@redhat.com> - 1.4.0-1
- Update URLs to point to the new project location
- Add README.md CHANGELOG.md to %%files directive
- Update to 1.4.0 release (RHBZ#1508870)
* Fri Feb 23 2018 Javier Martinez Canillas <javierm@redhat.com> - 1.3.0-4
- Install udev rule for TPM character devices
* Wed Feb 21 2018 Javier Martinez Canillas <javierm@redhat.com> - 1.3.0-3
- Remove ExclusiveArch: %%{ix86} x86_64 directive
* Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.3.0-2
- Escape macros in %%changelog
* Fri Dec 08 2017 Javier Martinez Canillas <javierm@redhat.com> - 1.3.0-1
- Update to 1.3.0 release
* Wed Nov 29 2017 Javier Martinez Canillas <javierm@redhat.com> - 1.3.0-0.1.rc2
- Update to 1.3.0 release candidate 2 (RHBZ#1508870)
- Remove global pkg_prefix since now the upstream repo and package names match
- Update URLs to point to the new project location
- Remove -Wno-int-in-bool-context compiler flag since now upstream takes care
- Remove %%doc directive since README.md and CHANGELOG.md are not in the tarball
- Add patch to include a LICENSE since the generated tarball does not have it
* Mon Aug 28 2017 Javier Martinez Canillas <javierm@redhat.com> - 1.2.0-1
- Update to 1.2.0 release
- Use tpm2-tss instead of TPM2.0-TSS as prefix since project name changed
- Fix SPEC file access mode
- Include new man pages in %%files directive
* Fri Aug 18 2017 Javier Martinez Canillas <javierm@redhat.com> - 1.1.0-3
- Remove unneeded source tarballs (RHBZ#1482828)
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Sun Yunying <yunying.sun@intel.com> - 1.1.0-1
- Update to 1.1.0 release
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Mon Dec 12 2016 Sun Yunying <yunying.sun@intel.com> - 1.0-2
- Remove global macro pkg_version to avoid duplicate of version
- Use ExclusiveArch instead of ExcludeArch
- Use less wildcard in %%files section to be more specific
- Add trailing slash at end of added directory in %%file section
- Remove autoconf/automake/pkgconfig(cmocka) from BuildRequires
- Increase release version to 2
* Fri Dec 2 2016 Sun Yunying <yunying.sun@intel.com> - 1.0-1
- Initial version of the package
Write Preview
Loading…
Cancel
Save