.gear/rules | 4 + .../tags/70c615a04be80fd6955c8907de4c8c9257d4036e | 25 +++ .gear/tags/list | 1 + .gear/tpm2-tss.spec | 167 +++++++++++++++++++++ .gear/tpm2-tss.watch | 3 + .gear/upstream/remotes | 3 + Makefile.am | 73 +-------- bootstrap | 2 +- configure.ac | 17 --- 9 files changed, 205 insertions(+), 90 deletions(-) diff --git a/.gear/rules b/.gear/rules new file mode 100644 index 00000000..4c622e77 --- /dev/null +++ b/.gear/rules @@ -0,0 +1,4 @@ +tar: @version@:. +diff: @version@:. . +spec: .gear/tpm2-tss.spec +copy: .gear/tpm2-tss.watch diff --git a/.gear/tags/70c615a04be80fd6955c8907de4c8c9257d4036e b/.gear/tags/70c615a04be80fd6955c8907de4c8c9257d4036e new file mode 100644 index 00000000..000966c5 --- /dev/null +++ b/.gear/tags/70c615a04be80fd6955c8907de4c8c9257d4036e @@ -0,0 +1,25 @@ +object 8b404ee7e5886c71aa53accb4ad38823724f7b13 +type commit +tag 4.0.1 +tagger William Roberts 1674499137 -0600 + +[4.0.1] - 2023-01-23 + +Fixed: + - A buffer overflow in tss2-rc as CVE-2023-22745. +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEW0grjj4Z2nyXjh0BbeLpB44fUMEFAmPO1F8ACgkQbeLpB44f +UMG0CxAAjkvLpRdCxYL1XR020GLC58biQMtViwJULUqVSOm1AVb8uLxNK1ArYKC3 +pqqyO4Z8G5yA7lVOkN57/b3k7nVDzHeg6XdM5Su5ozng7Lidpx1xf8tQ3lGz1Wq1 +TFemOXHzgGUk7GjohXRXuBIlc4nCw8P/ADEFYjvwfjyrd4Dh90jIKlFy9k+8KjnO ++cJ/Chzpgs6jnGawSSGZAQIikRUAoKIMcE7dGk1X+41JbLoD6S6Aemg9jgsJaPxv +emwIcDfHHq3WzxvyPVyOsC4APuFInXne03kBpOtOT07fcnA81xi7wdw1YWu0Cd8M +nt3Vkxbz/izYtSkRM7OVU44A0JlaBNt9TZy43pc6m70mKHoramhhUQ0VFHPSFKHE +4QIdWGdxWS4ug8P5HBEyvMBtoOwuHS2X7jxgKQhfB34DkgL6LZqgQhq0JNe4ftDq +sJsRDa1u6TFO+RCsVzL5843W9NyI7GG44SzOdeZ1mHboiFFhue1kzNwHJO7OJhJc +Q4SwMBS0JIh1H5Xw5HO4B2TTlQG2bDGiU80OuWC0gb4U71awuYJwoBFjvDSyYWhv +PGVcNY3RSK3ey8IZ5KJyhrfFPp9l1FZ/ubo8Ll3zK6Eg7ZmnDEOf6SKS7OSZluTE +xmM0ZQF4TPZ1qiPFuJa3vM7brj7QvGd003Za0jTuHjGL4LAoGSw= +=ZEnN +-----END PGP SIGNATURE----- diff --git a/.gear/tags/list b/.gear/tags/list new file mode 100644 index 00000000..09bd0034 --- /dev/null +++ b/.gear/tags/list @@ -0,0 +1 @@ +70c615a04be80fd6955c8907de4c8c9257d4036e 4.0.1 diff --git a/.gear/tpm2-tss.spec b/.gear/tpm2-tss.spec new file mode 100644 index 00000000..21735895 --- /dev/null +++ b/.gear/tpm2-tss.spec @@ -0,0 +1,167 @@ +%define udevrules_prefix 60- +%define soname 0 +%define _localstatedir /var +%def_disable check + +Name: tpm2-tss +Version: 4.0.1 +Release: alt1 +Summary: TPM2.0 Software Stack +# The entire source code is under BSD except implementation.h and tpmb.h which +# is under TCGL(Trusted Computing Group License). +License: BSD-2-Clause +Url: https://github.com/tpm2-software/tpm2-tss +Source0: %name-%version.tar +Source1: %name.watch +Patch: %name-%version-%release.patch +Group: System/Configuration/Hardware +BuildRequires: gcc-c++ +BuildRequires: doxygen +BuildRequires: autoconf-archive +BuildRequires: libtool +BuildRequires: pkgconfig +BuildRequires: libsystemd-devel +BuildRequires: libgcrypt-devel +BuildRequires: openssl-devel +BuildRequires: libjson-c-devel +BuildRequires: libcurl-devel +BuildRequires: libuuid-devel +%if_enabled check +BuildRequires: libuthash-devel +BuildRequires: procps +BuildRequires: libcmocka-devel +%endif + +%description +tpm2-tss is a software stack supporting Trusted Platform Module(TPM) 2.0 system +APIs. It sits between TPM driver and applications, providing TPM2.0 specified +APIs for applications to access TPM module through kernel TPM drivers. + +%package -n lib%name%soname +Summary: TPM2.0 Software Stack +Group: System/Configuration/Hardware +Requires: lib%name-common = %EVR + +%description -n lib%name%soname +tpm2-tss is a software stack supporting Trusted Platform Module(TPM) 2.0 system +APIs. It sits between TPM driver and applications, providing TPM2.0 specified +APIs for applications to access TPM module through kernel TPM drivers. + +%package -n lib%name-common +Summary: Common files for TPM2.0 Software Stack +Group: System/Configuration/Hardware + +%description -n lib%name-common +This package contains common files required to work witj libtpm2-tss. + +%package -n lib%name-devel +Summary: Headers and libraries for building apps that use tpm2-tss +Group: Development/C +Requires: lib%name%soname = %EVR + +%description -n lib%name-devel +This package contains headers and libraries required to build applications that +use tpm2-tss. + +%prep +%setup +%patch -p1 +echo "%version" > VERSION + +%build +./bootstrap +%autoreconf +# Use built-in tpm-udev.rules, with specified installation path and prefix. +%configure \ + --disable-static \ + --disable-silent-rules \ + --with-udevrulesdir=%_udevrulesdir \ + --with-udevrulesprefix=%udevrules_prefix \ + --with-runstatedir=/run \ + --with-sysusersdir=/lib/sysusers.d \ + --with-tmpfilesdir=%_tmpfilesdir \ +%if_enabled check + --enable-unit \ +%endif + %nil + +%make_build + +%check +%make_build check + +%install +%makeinstall_std +mkdir -p %buildroot%_sharedstatedir/%name/system/keystore + +%pre -n lib%name-common +groupadd -r -f tss >/dev/null 2>&1 ||: +useradd -g tss -c 'TPM2 Software Stack User' \ + -d /var/empty -s /dev/null -r -l -M tss >/dev/null 2>&1 ||: + +%files -n lib%name%soname +%_libdir/*.so.* + +%files -n lib%name-common +%doc README.md CHANGELOG.md LICENSE +%dir %_sysconfdir/%name +%config(noreplace) %_sysconfdir/%name/* +%_udevrulesdir/%{udevrules_prefix}tpm-udev.rules +%_tmpfilesdir/* +%_man5dir/* +/lib/sysusers.d/* +%dir %_sharedstatedir/%name +%dir %_sharedstatedir/%name/system +%attr(2775,tss,tss) %dir %_sharedstatedir/%name/system/keystore + +%files -n lib%name-devel +%_includedir/tss2 +%_libdir/*.so +%_pkgconfigdir/* +%_man3dir/* +%_man7dir/* + +%changelog +* Sat Feb 18 2023 Alexey Shabalin 4.0.1-alt1 +- 4.0.1 (Fixes: CVE-2023-22745) + +* Thu Mar 24 2022 Alexey Shabalin 3.2.0-alt1 +- new version 3.2.0 + +* Tue Jul 06 2021 Alexey Shabalin 3.1.0-alt1 +- new version 3.1.0 (Fixes: CVE-2020-24455) +- Revert "Added dependency from systemd-stateless" +- Drop execute adduser, groupadd and other root utils in Makefile +- Disable check (fail 1 from 41) + +* Fri Jan 22 2021 Danil Shein 3.0.3-alt1 +- 3.0.3 + +* Tue Dec 01 2020 Danil Shein 3.0.2-alt1 +- update version to 3.0.2 +- enable unit tests + +* Thu Oct 08 2020 Anton Farygin 2.4.3-alt1 +- 2.4.3 (fixes: CVE-2020-24455) + +* Thu Aug 20 2020 Anton Farygin 2.4.2-alt1 +- 2.4.2 + +* Wed Jul 15 2020 Anton Farygin 2.4.1-alt1 +- 2.4.1 + +* Wed Mar 25 2020 Alexey Shabalin 2.4.0-alt1 +- 2.4.0 + +* Thu Mar 12 2020 Anton Farygin 2.3.3-alt1 +- 2.3.3 + +* Fri Jan 10 2020 Anton Farygin 2.3.2-alt1 +- 2.3.2 + +* Tue Nov 05 2019 Alexey Shabalin 2.3.1-alt2 +- add tss user and group (ALT #37279) + +* Mon Sep 16 2019 Anton Farygin 2.3.1-alt1 +- first build for ALT, based on specfile from Fedora + diff --git a/.gear/tpm2-tss.watch b/.gear/tpm2-tss.watch new file mode 100644 index 00000000..304bb18a --- /dev/null +++ b/.gear/tpm2-tss.watch @@ -0,0 +1,3 @@ +version=2 +opts=filenamemangle=s/.+\/v?(\d\S*)\.tar\.gz/tpm2-tss-$1\.tar\.gz/ \ + https://github.com/01org/TPM2.0-TSS/tags .*/v?(\d\S*)\.tar\.gz diff --git a/.gear/upstream/remotes b/.gear/upstream/remotes new file mode 100644 index 00000000..fcada94a --- /dev/null +++ b/.gear/upstream/remotes @@ -0,0 +1,3 @@ +[remote "upstream"] + url = https://github.com/tpm2-software/tpm2-tss.git + fetch = +refs/heads/*:refs/remotes/upstream/* diff --git a/Makefile.am b/Makefile.am index 2c81cfa9..8c3ce860 100644 --- a/Makefile.am +++ b/Makefile.am @@ -736,59 +736,10 @@ define make_parent_dir if [ ! -d $(dir $1) ]; then mkdir -p $(dir $1); fi endef -define make_tss_user_and_group - if test -z "${DESTDIR}"; then \ - if type -p groupadd > /dev/null; then \ - id -g tss 2>/dev/null || groupadd --system tss; \ - else \ - id -g tss 2>/dev/null || \ - addgroup --system tss; \ - fi && \ - if type -p useradd > /dev/null; then \ - id -u tss 2>/dev/null || \ - useradd --system --home-dir / --shell `type -p nologin` \ - --no-create-home -g tss tss; \ - else \ - id -u tss 2>/dev/null || \ - adduser --system --home / --shell `type -p nologin` \ - --no-create-home --ingroup tss tss; \ - fi; \ - fi -endef - -define make_tss_dir - ($(call make_parent_dir,$1)) -endef - -define set_tss_permissions - (chown -R tss:tss "$1") && \ - (chmod -R 2775 "$1") && \ - (setfacl -m default:group:tss:rwx "$1") -endef - -define make_fapi_dirs - ($(call make_tss_dir,$(DESTDIR)$(runstatedir)/tpm2-tss/eventlog/) || true) && \ - ($(call make_tss_dir,$(DESTDIR)$(localstatedir)/lib/tpm2-tss/system/keystore/)) -endef - -define set_fapi_permissions - if test -z "${DESTDIR}"; then \ e - ($(call set_tss_permissions,$(DESTDIR)$(runstatedir)/tpm2-tss)) && \ - ($(call set_tss_permissions,$(DESTDIR)$(localstatedir)/lib/tpm2-tss)) \ - fi -endef - define check_dir if [ ! -d "$1" ]; then echo "WARNING Directory $1 could not be created"; fi endef -define check_fapi_dirs - if test -z "${DESTDIR}"; then \ - ($(call check_dir,$(DESTDIR)$(runstatedir)/tpm2-tss/eventlog/)) && \ - ($(call check_dir,$(DESTDIR)$(localstatedir)/lib/tpm2-tss/system/keystore/)) \ - fi; -endef - ### Man Pages man3_MANS = \ man/man3/Tss2_Tcti_Cmd_Init.3 \ @@ -831,29 +782,7 @@ endif #FAPI EXTRA_DIST += dist/tpm-udev.rules -install-dirs: -if HOSTOS_LINUX -if SYSD_SYSUSERS - @test -n "$(DESTDIR)" || echo "systemd-sysusers $(sysusersdir)/tpm2-tss.conf" - @test -n "$(DESTDIR)" || ( systemd-sysusers $(sysusersdir)/tpm2-tss.conf || echo "WARNING Failed to create the tss user and group" ) -else - @echo "call make_tss_user_and_group" - @$(call make_tss_user_and_group) || echo "WARNING Failed to create the tss user and group" -endif -if SYSD_TMPFILES - @test -n "$(DESTDIR)" || echo "systemd-tmpfiles --create $(tmpfilesdir)/tpm2-tss-fapi.conf" - @test -n "$(DESTDIR)" || ( systemd-tmpfiles --create $(tmpfilesdir)/tpm2-tss-fapi.conf|| echo "WARNING Failed to create the FAPI directories with the correct permissions" ) - @test -z "$(DESTDIR)" || echo "(call make_fapi_dirs)" - @test -z "$(DESTDIR)" || $(call make_fapi_dirs) -else - @echo "(call make_fapi_dirs) && (call set_fapi_permissions)" - @-$(call make_fapi_dirs) && $(call set_fapi_permissions) || echo "WARNING Failed to create the FAPI directories with the correct permissions" -endif - @test -n "$(DESTDIR)" || echo "call check_fapi_dirs" - @test -n "$(DESTDIR)" || $(call check_fapi_dirs) -endif - -install-data-hook: install-dirs +install-data-hook: -if [ ! -z "$(udevrulesprefix)" ]; then \ mv $(DESTDIR)$(udevrulesdir)/tpm-udev.rules $(DESTDIR)$(udevrulesdir)/$(udevrulesprefix)tpm-udev.rules; \ fi diff --git a/bootstrap b/bootstrap index c25c9a37..bca01b96 100755 --- a/bootstrap +++ b/bootstrap @@ -1,7 +1,7 @@ #!/bin/sh set -e -git describe --tags --always --dirty > VERSION +#git describe --tags --always --dirty > VERSION # generate list of source files for use in Makefile.am # if you add new source files, you must run ./bootstrap again diff --git a/configure.ac b/configure.ac index b6550278..01a0f648 100644 --- a/configure.ac +++ b/configure.ac @@ -548,23 +548,6 @@ AS_IF([test "x$enable_self_generated_certificate" = xyes], AS_IF([test "x$enable_integration" = "xyes" && test "x$enable_self_generated_certificate" != "xyes" && test "x$integration_tcti" != "xdevice"], [AC_MSG_WARN([Running integration tests without EK certificate verification, use --enable-self-generated-certificate for full test coverage])]) -# Check for systemd helper tools used by make install -AC_CHECK_PROG(systemd_sysusers, systemd-sysusers, yes) -AM_CONDITIONAL(SYSD_SYSUSERS, test "x$systemd_sysusers" = "xyes") -AC_CHECK_PROG(systemd_tmpfiles, systemd-tmpfiles, yes) -AM_CONDITIONAL(SYSD_TMPFILES, test "x$systemd_tmpfiles" = "xyes") - -# Check all tools used by make install -AS_IF([test "$HOSTOS" = "Linux" && test "x$systemd_sysusers" != "xyes"], - [ AC_CHECK_PROG(useradd, useradd, yes) - AC_CHECK_PROG(groupadd, groupadd, yes) - AC_CHECK_PROG(adduser, adduser, yes) - AC_CHECK_PROG(addgroup, addgroup, yes) - AS_IF([test "x$addgroup" != "xyes" && test "x$groupadd" != "xyes" ], - [AC_MSG_ERROR([addgroup or groupadd are needed.])]) - AS_IF([test "x$adduser" != "xyes" && test "x$useradd" != "xyes" ], - [AC_MSG_ERROR([adduser or useradd are needed.])])]) - AC_SUBST([PATH]) dnl --------- Doxy Gen -----------------------