- Fix tmpfiles %ghost file names (forwarded request 1138485 from gmbr3)

• Files Changed
• Browse Source

• Files Changed
• Browse Source

Require openssl-3 over openssl-1 to assist migration of applications to newer openssl-3.

Alternately we might need to have two copies of the package for openssl-3 and openssl-1, but
we have to transition to just openssl-3 at some point.

This is required for Kanidm as it requires openssl-3 and tpm2-0-tss. (forwarded request 1100221 from firstyear)

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- add 0001-tss2_rc-ensure-layer-number-is-in-bounds.patch: fixes
  CVE-2023-22745 (bsc#1207325): Buffer Overlow in TSS2_RC_Decode. Overly large
  RC values passed to the TSS2 function could lead to memory overread or
  memory overread.
  This patch is not yet part of any upstream git tag.

• Files Changed
• Browse Source

• Files Changed
• Browse Source

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- Remove conflicting sysusers.d file (forwarded request 906490 from gmbr3)

• Files Changed
• Browse Source

- small services fixes and comments

• Files Changed
• Browse Source

- update to 3.0.3:
  - changes in 3.0.3:
    * Fix Regression in Fapi_List
    * Fix memory leak in policy calculation
  - changes in 3.0.2:
    * FAPI: Fix setting of the system flag of NV objects
    * This will let NV object metadata be created system-wide always instead of
    * locally in the user. Existing metadata will remain in the user directory.
    * It can be moved to the corresponding systemstore manually if needed.
    * FAPI: Fix policy searching, when a policyRef was provided
    * FAPI: Accept EK-Certs without CRL dist point
    * FAPI: Fix return codes of Fapi_List
    * FAPI: Fix memleak in policy execution
    * FAPI: Fix coverity NULL-pointer check
    * FAPI: Set the written flag of NV objects in FAPI PolicyNV commands
    * FAPI: Fix deleting of policy files.
    * FAPI: Fix wrong file loading during object search.
    * Fapi: Fix memory leak
    * Fapi: Fix potential NULL-Dereference
    * Fapi: Remove superfluous NULL check
    * Fix a memory leak in async keystore load.

• Files Changed
• Browse Source

- also add tctildr0 and cmd0 libraries to baselibs.conf
- move the tcti-fapi tmpfiles.d config file into the libtss2-fapi1 sub-package.
- improve the descriptions of new libraries (fapi1, cmd0, swtpm0)
- adjust baselibs.conf to match new library versions and added libraries

- Update to 3.0.1, changelog at:
  https://github.com/tpm2-software/tpm2-tss/blob/3.0.x/CHANGELOG.md
- Update libtss2-sys0 to libtss2-sys1
- Add new libs:
  * libtss2-fapi1
  * libtss2-tcti-cmd0
  * libtss2-tcti-swtpm0

• Files Changed
• Browse Source

- Update to version 2.3.3
  * Fixed mixing salted and unsalted sessions in the same ESAPI
    context
  * Removed use of VLAs from TPML marshal code
  * Added check for object node before calling compute_session_value
    function
  * Fixed auth calculation in Esys_StartAuthSession called with
    optional parameters
  * Fixed compute_encrypted_salt error handling in
    Esys_StartAuthSession
  * Fixed exported symbols map for libtss2-mu

• Files Changed
• Browse Source

- Use system-users for tss user creation (boo#1162360).

This should be handled together with sr#769061

• Files Changed
• Browse Source

- BuildRequire pkgconfig(udev) instead of udev: allow OBS to
  shortcut through the -mini flavor. (forwarded request 766910 from dimstar)

• Files Changed
• Browse Source

- update to upstream version 2.3.2:
  - changes since version 2.3.0:
    - Fix unit tests on S390 architectures
    - Fixed HMAC generation for policy sessions (forwarded request 759944 from mnhauke)

• Files Changed
• Browse Source

- update to upstream version 2.3.0:
  - changes in version 2.3.0:
    - tss2-tctildr: A new library that helps with tcti initialization
      Recommend to use this in place of custom tcti loading code now !
    - tss2-rc: A new library that provides textual representations for return
      codes
    - Option to disable NIST-deprecated crypto (--disable-weak-crypto)
    - Support Esys_TR_FromTPMPublic on sessions (for use in Esys_FlushContext)
    - map-files with correct symbol lists for tss2-sys and tss2-esys
      This may lead to unresolved symbols in linked applications
    - Support to call Tss2_Sys_Execute repeatedly on certain errors
    - Reduced RAM consumption in Esys due to Tss2_Sys_Execute change
    - Automated session attribution clearing for esys (decrypt and encrypt)
      per cmd
    - Removed libtss2-mu from "Requires" field of libtss2-esys.pc
      Needs to be added explicitely now
    - All fixes from 2.2.1, 2.2.2 and 2.2.3
    - Fixed SPDX License Identifiers
    - Fixed Null-pointer problems in tcti-tbs
    - Fixed Default locality for tcti-mssim set to LOC_0
    - Fixed coverity and valgrind leaks detected in test programs (not library
      code)

• Files Changed
• Browse Source

- update to upstream version 2.2.3:
  - changes in version 2.2.3:
    * Fix computation of session name
    * Fixed PolicyPassword handling of session Attributes
    * Fixed windows build from dist ball
    * Fixed default tcti configure option
    * Fixed nonce size calculation in ESYS sessions
  - changes in version 2.2.2:
    * Fixed wrong encryption flag in EncryptDecrypt
    * Fixing openssl engine invocation

• Files Changed
• Browse Source

- bsc#1130588: Require shadow instead of old pwdutils (forwarded request 698141 from jubalh)

• Files Changed
• Browse Source

- update to upstream version 2.2.1:
  - changes from version 2.2.0:
    - Fixed leak of hkey on success in iesys_cryptossl_hmac_start
    - Fixed NULL ptr issues in Esys_HMAC_Start, Esys_HierarchyChangeAuth and Esys_NV_ChangeAuth
    - Fixed NULL ptr issue in sequenceHandleNode
    - Fixed NULL ptr auth handling in Esys_TR_SetAuth
    - Fixed NULL auth handling in iesys_compute_session_value
    - Fixed marshaling of TPM2Bs with sub types.
    - Fixed NULL ptr session handling in Esys_TRSess_SetAttributes
    - Fixed the way size of the hmac value of a session without authorization
    - Added missing MU functions for TPM2_NT type
    - Added missing MU functions for TPMA_ID_OBJECT type
    - Added missing type TPM2_NT into tss2_tpm2_types.h
    - Fixed wrong typename _ID_OBJECT in tss2_tpm2_types.h
    - Fixed build breakage when --with-maxloglevel is not 'trace'
    - Fixed build breakage in generated configure script when CFLAGS is set
    - Fixed configure scritp ERROR_IF_NO_PROG macro
    - Changed TPM2B type unmarshal to use sizeof of the dest buffer instead of dest
    - Fixed unmarshaling of the TPM2B type with invalid size
    - Removed dead code defect detected by coverity from Esys_TRSess_GetNonceTPM
    - Added support for QNX build
    - Added support for partial reads in device TCTI
  - changes from version 2.1.1:
    - Fixed leak of hkey on success in iesys_cryptossl_hmac_start
    - Fixed NULL ptr issues in Esys_HMAC_Start, Esys_HierarchyChangeAuth and Esys_NV_ChangeAuth
    - Fixed NULL ptr issue in sequenceHandleNode
    - Fixed NULL ptr auth handling in Esys_TR_SetAuth
    - Fixed NULL auth handling in iesys_compute_session_value
    - Fixed marshaling of TPM2Bs with sub types.
    - Fixed NULL ptr session handling in Esys_TRSess_SetAttributes

• Files Changed
• Browse Source