File tpm2.0-abrmd.changes of Package tpm2.0-abrmd.37038
-------------------------------------------------------------------
Thu Dec 19 14:50:41 UTC 2024 - Thomas Blume <thomas.blume@suse.com>
- make sure that udev workers have finished before daemon-reload
(bsc#1231071)
-------------------------------------------------------------------
Wed Dec 8 16:50:13 UTC 2021 - Alberto Planas Dominguez <aplanas@suse.com>
- Version 2.4.0
+ remover syslog deprecation warning (bsc#1185154)
+ cover update to 2.3.3 (jsc#SLE-17366)
+ contains reload fix (bsc#1166936~
+ fix tcti loading using short / long names (bsc#1159176)
-------------------------------------------------------------------
Mon Nov 29 12:54:02 UTC 2021 - Alberto Planas Dominguez <aplanas@suse.com>
- Warp selinux into a bcond
-------------------------------------------------------------------
Thu Nov 25 09:16:32 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
* harden_tpm2-abrmd.service.patch
-------------------------------------------------------------------
Sat Jul 17 21:04:13 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
- Move selinux devel file to devel subpackage
-------------------------------------------------------------------
Wed Jul 14 13:41:59 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
- Update to version 2.4.0:
- Service start depends on systemd device unit: dev-tpm0.device.
- Numerous memory leaks.
- udev settle service deprecation warnings.
- StandardOutput=syslog deprecation warnings.
- Add selinux module files
- Move dbus files out of /etc
-------------------------------------------------------------------
Wed Jun 9 09:37:38 UTC 2021 - Alberto Planas Dominguez <aplanas@suse.com>
- Requires libtss2-tcti-{device0,tabrmd0} (bsc#1187077).
In MicroOS systems the recommendations are not installed, making the
service fail to initialize: Failed to instantiate TCTI
-------------------------------------------------------------------
Thu Oct 22 12:15:24 UTC 2020 - Matthias Gerstner <matthias.gerstner@suse.com>
- update to version 2.3.3:
- changes in version 2.3.1:
- Fixed handle resource leak exhausting TPM resources.
- changes in version 2.3.2:
- Added cirrus CI specific config files to enable FreeBSD builds.
- Changed test scripts to be more portable.
- Changed include header paths specific to FreeBSD.
- changes in version 2.3.1:
- Provide meaningful exit codes on initialization failures.
- Prevent systemd from starting the daemon before udev changes ownership
of the TPM device node.
- Prevent systemd from starting the daemon if there is no TPM device node.
- Prevent systemd from restarting the daemon if it fails.
- Add SELinux policy to allow daemon to resolve names.
- Add SELinux policy boolean (disabled by default) to allow daemon to
connect to all unreserved ports.
-------------------------------------------------------------------
Wed Dec 11 11:55:13 UTC 2019 - matthias.gerstner@suse.com
- update to version 2.3.0:
- changes in version 2.3.0:
- Add '--enable-debug' flag to configure script to simplify debug builds.
This relies on the AX_CHECK_ENABLE_DEBUG autoconf archive macro.
- Replaced custom dynamic TCTI loading code with libtss2-tctildr from
upstream tpm2-tss repo. (requires tpm2-0-tss version 2.3.0)
- Explicitly set '-O2' optimization when using FORTIFY_SOURCE as required.
- changes in version 2.2.0:
- New configuration option `--disable-defaultflags/ added. This is
for use for packaging for targets that do not support the default
compilation / linking flags.
- Use private dependencies properly in pkg-config metadata for TCTI.
- Refactor daemon main module to enable better handling of error
conditions and enable more thorough unit testing.
- Updated dependencies to ensure compatibility with pkg-config fixes
in tpm2-tss.
- Fixed bug causing TCTI to block when used by libtss2-sys built with
partial reads enabled.
- Removed unnecessary libs / flags for pthreads in the TCTI pkg-config.
- Output from configure script now accurately describes the state of the
flags that govern the integration tests.
- drop fix_dlopen.patch: no longer necessary since abrmd not uses the tctildr
shared library. This one hopefully now does the right thing.
-------------------------------------------------------------------
Mon Aug 26 06:49:37 UTC 2019 - mgerstner <matthias.gerstner@suse.com>
- update to version 2.1.1:
- changes in version 2.1.1:
- Unit tests accessing dbus have been fixed to use mock functions. Unit
tests no longer depend on dbus.
- Race condition between client connections and dbus proxy object
creation by registering bus name after instantiation of the proxy object.
-------------------------------------------------------------------
Fri Apr 26 10:35:51 UTC 2019 - mvetter@suse.com
- bsc#1130588: Require shadow instead of old pwdutils
-------------------------------------------------------------------
Wed Mar 6 10:36:46 UTC 2019 - matthias.gerstner@suse.com
- update to version 2.1.0:
- changes in version 2.1.0:
- `-Wstrict-overflow=5` now used in default CFLAGS.
- Handling of `TPM2_RC_CONTEXT_GAP` on behalf of users.
- Convert `TPM2_PT_CONTEXT_GAP_MAX` response from lower layer to
`UINT32_MAX`
- travis-ci now uses 'xenial' builder
- Significant refactoring of TCTI handling code.
- `--install` added to ACLOCAL_AMFLAGS to install aclocal required macros
instead of using the default symlinks
- Launch `dbus-run-session` in the automake test environment to
automagically set up a dbus session bus instance when one isn't present.
- Bug caused by unloading of `libtss2-tcti-tabrmd.so` on dlclose. GLib
does not support reloading a second time.
- Bug causing `-fstack-protector-all` to be used on systems with core
libraries (i.e. libc) that do not support it. This caused failures at
link-time.
- Unnecessary symbols from libtest utility library no longer included in
TCTI library.
- changes in version 2.0.3:
- Update build to account for upstream change to glib '.pc' files
described in: https://gitlab.gnome.org/GNOME/glib/issues/1521
- added _service file for syncing with upstream tags
-------------------------------------------------------------------
Thu Oct 25 09:00:40 UTC 2018 - matthias.gerstner@suse.com
- add a Requires towards tpm2-0-tss, because that main package holds the udev
rules and logic for setting up the tss user. Without this the daemon can't
start up correctly.
-------------------------------------------------------------------
Tue Oct 23 15:46:28 UTC 2018 - matthias.gerstner@suse.com
- fix broken build due to newer glib dependency that reports a full path for
gdbus-codegen, breaking the configure check.
-------------------------------------------------------------------
Wed Sep 26 15:51:01 UTC 2018 - matthias.gerstner@suse.com
- update to version 2.0.2 (FATE#326270):
- --enable-integration option to configure script now works as documented.
- Format specifier with wrong size in util module.
- Initialize TCTI context to 0 before setting values. This will cause all
members that aren't explicitly initialized by be 0.
-------------------------------------------------------------------
Tue Sep 18 09:05:24 UTC 2018 - matthias.gerstner@suse.com
- add recommends to the tcti-device and tcti-abrmd. Otherwise they're not
installed right away, rendering the abrmd quite unusable.
-------------------------------------------------------------------
Fri Aug 10 10:02:21 UTC 2018 - matthias.gerstner@suse.com
- Update to version 2.0.1:
* SessionList: Fix Connection object reference leak.
* source/sink: Organize ControlMessage processing.
* CommandSource: Replace 'connection-removed' signal with ControlMessage.
* SessionList: Remove all locking.
* ConnectionManager: Remove 'connection-removed' signal.
* ci: Build 'check' target when CC is gcc.
* build: Fix bad URLs in configure script.
* CHANGELOG.md: Add version number and date for 2.0.1 release.
* Replace references to drand48_r family of functions for portability
* Fix for type-punned pointer reported in newer compilers that enforce strict aliasing
-------------------------------------------------------------------
Tue Jul 3 09:15:27 UTC 2018 - matthias.gerstner@suse.com
- Trying to fix build on older distros that fail because of a missing or
broken autoconf valgrind detection macro. Removing autoreconf to hopefully
fix this.
-------------------------------------------------------------------
Mon Jul 2 09:27:43 UTC 2018 - matthias.gerstner@suse.com
- add fix_dlopen.patch: fixes an issue with dlopen()'ing the tcti-device
library from tpm2-0-tss. See
https://github.com/tpm2-software/tpm2-abrmd/issues/486.
-------------------------------------------------------------------
Fri Jun 29 11:43:08 UTC 2018 - matthias.gerstner@suse.com
- update to major version 2.0.0:
- support_dbus_activation.diff: removed, is not contained upstream
- the tpm2 stack introduces an incompatible ABI to the previous version with
this update. There is no compatibility layer, libraries have new names
etc.
- upstream changelog:
## 2.0.0 - 2018-06-22
### Added
- Integration test script and build support to execute integration tests
against a physical TPM2 device on the build platform.
- Implementation of dynamic TCTI initialization mechanism.
- configure option `--enable-integration` to enable integration tests.
The simulator executable must be on PATH.
- Support for version 2.0 of tpm2-tss libraries.
### Changed
- 'max-transient-objects' command line option renamted to 'max-transients'.
- Added -Wextra for more strict checks at compile time.
- Install location of headers to $(includedir)/tss2.
### Fixed
- Added missing checks for NULL parameters identified by the check-build.
- Bug in session continuation logic.
- Off by one error in HandleMap.
- Memory leak and uninitialized variable issues in unit tests.
### Removed
- Command line option --fail-on-loaded-trans.
- udev rules for TPM device node. This now lives in the tpm2-tss repo.
- Remove legacy TCTI initialization functions.
- configure option `--with-simulatorbin`.
## 1.3.1 - 2018-03-18
### Fixed
- Distribute systemd preset template instead of the generated file.
## 1.3.0 - 2018-03-02
### Added
- New configure option (--test-hwtpm) to run integration tests against a
physical TPM2 device on the build platform.
- Install systemd service file to allow on-demand systemd unit activation.
### Changed
- Converted some inappropriate uses of g_error to critical / warning instead.
- Removed use of gen_require from SELinux policy, use dbus_stub instead.
- udev rules now give tss group read / write access to the TPM device node.
- udev rules now give tss user and group read / write access to kernel RM
node.
### Fixed
- Memory leak on an error path in the AccessBroker.
-------------------------------------------------------------------
Thu Feb 22 11:34:51 UTC 2018 - matthias.gerstner@suse.com
- update to upstream version 1.2.0:
- Limit maximum number of active sessions per connection with '--max-sessions'.
- Flush all transient objects and sessions on daemon start with '--flush-all'.
- Allow passing of sessions across connections with ContextSave / Load.
- Unref the GUnixFDList returned by GIO / dbus in the TCTI init function.
This fixes a memory leak in the TCTI library.
- correctly trigger udev to update /dev/tpm* permissions after package
installation. (bnc#1078687)
- prepared support_dbus_activation.diff patch which adds D-Bus activation, but
can't use it yet due to rpmlint
-------------------------------------------------------------------
Wed Nov 15 11:43:19 UTC 2017 - matthias.gerstner@suse.com
- fix_service_paths.diff: fixed broken systemd service unit (bnc#1066123). the
service unit file in the upstream distribution tarball is already configured
and looks for binaries and configuration files in the /usr/local prefix
which is wrong.
-------------------------------------------------------------------
Fri Sep 1 14:37:48 UTC 2017 - matthias.gerstner@suse.com
- package version symlink correctly, belongs into the lib package itself, not
the -devel.
-------------------------------------------------------------------
Wed Aug 30 08:29:07 UTC 2017 - matthias.gerstner@suse.com
- update to upstream version 1.1.1 which fixes some local denial-of-service
security issues among other things:
- Replace use of sigaction with g_unix_signal_* stuff from glib.
- Rewrite of INSTALL.md including info on custom configure script options.
- Default value for --with-simulatorbin configure option has been removed.
New default behavior is to disable integration tests.
- CommandSource will no longer reject commands without parameters.
- Unit tests updated to use cmocka v1.0.0 API.
- Integration tests now run daemon under valgrind memcheck and fail when
errors are found.
- CommandSource now tracks max FD in set of client FDs to prevent unnecessary
iterations over FD_SETSIZE fds.
- no longer call bootstrap and switch to the release upstream tarball which
has now been fixed to contain all necessary files
-------------------------------------------------------------------
Thu Jul 20 13:04:41 UTC 2017 - matthias.gerstner@suse.com
- first version of the new arbmd resource manager from Intel's tpm2 stack.
This will replace the old resourcemgr previously shipped with the
tpm2-0-tss package.
