Date: Mon, 01 Jun 2026 21:55:25 +0000 From: Vladimir Druzenko <vvd@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Cc: William Brown <william@firstyear.id.au> Subject: git: e715576c4d46 - main - security/tpm2-tss: Update 4.0.1 => 4.1.3 (CVE-2024-29040) Message-ID: <6a1dffcd.3dbda.20e3029f@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by vvd: URL: https://cgit.FreeBSD.org/ports/commit/?id=e715576c4d46e007740709475b8d491186b135ac commit e715576c4d46e007740709475b8d491186b135ac Author: William Brown <william@firstyear.id.au> AuthorDate: 2026-06-01 21:52:43 +0000 Commit: Vladimir Druzenko <vvd@FreeBSD.org> CommitDate: 2026-06-01 21:52:43 +0000 security/tpm2-tss: Update 4.0.1 => 4.1.3 (CVE-2024-29040) Changelog: https://github.com/tpm2-software/tpm2-tss/blob/4.1.3/CHANGELOG.md - Fix warnings from portclippy. - Merge MKDIRs and RMDIRs. - Refresh patches. PR: 295403 Approved by: Tadeusz Struk <tstruk@gmail.com> (maintainer, timeout 2 weeks) Security: CVE-2024-29040 Sponsored by: UNIS Labs Co-authored-by: Vladimir Druzenko <vvd@FreeBSD.org> MFH: 2026Q2 --- security/tpm2-tss/Makefile | 16 ++++++---------- security/tpm2-tss/distinfo | 6 +++--- .../tpm2-tss/files/patch-src_tss2-esys_esys__context.c | 4 ++-- .../tpm2-tss/files/patch-src_tss2-tcti_tcti-device.c | 8 ++++---- security/tpm2-tss/files/patch-test_unit_tctildr-nodl.c | 4 ++-- security/tpm2-tss/pkg-plist | 16 ++++++++++++++-- 6 files changed, 31 insertions(+), 23 deletions(-) diff --git a/security/tpm2-tss/Makefile b/security/tpm2-tss/Makefile index e7f599522a33..704caff5a74f 100644 --- a/security/tpm2-tss/Makefile +++ b/security/tpm2-tss/Makefile @@ -1,6 +1,5 @@ PORTNAME= tpm2-tss -DISTVERSION= 4.0.1 -PORTREVISION= 3 +DISTVERSION= 4.1.3 CATEGORIES= security MASTER_SITES= https://github.com/tpm2-software/tpm2-tss/releases/download/${DISTVERSION}/ @@ -17,22 +16,19 @@ USES= compiler:c11 gmake libtool pkgconfig ssl USE_LDCONFIG= yes GNU_CONFIGURE= yes -GNU_CONFIGURE_MANPREFIX=${PREFIX}/share -CONFIGURE_ENV= CRYPTO_CFLAGS="-I${OPENSSLINC}" CRYPTO_LIBS="-L${OPENSSLLIB} -lcrypto" \ - EXTRA_CFLAGS="-I${LOCALBASE}/include" - KEYDIR= /var/lib/tpm2-tss/system/keystore RUNDIR= /var/run/tpm2-tss/eventlog CONFIGURE_ARGS= --disable-doxygen-doc --disable-dependency-tracking --enable-valgrind=no \ --with-runstatedir=${RUNDIR} +CONFIGURE_ENV= CRYPTO_CFLAGS="-I${OPENSSLINC}" CRYPTO_LIBS="-L${OPENSSLLIB} -lcrypto" \ + EXTRA_CFLAGS="-I${LOCALBASE}/include" INSTALL_TARGET= install-strip post-install: @${RM} ${STAGEDIR}${PREFIX}/lib/udev/rules.d/tpm-udev.rules - @${RMDIR} ${STAGEDIR}${PREFIX}/lib/udev/rules.d - @${RMDIR} ${STAGEDIR}${PREFIX}/lib/udev - @${MKDIR} ${STAGEDIR}${RUNDIR} - @${MKDIR} ${STAGEDIR}${KEYDIR} + @${RMDIR} ${STAGEDIR}${PREFIX}/lib/udev/rules.d \ + ${STAGEDIR}${PREFIX}/lib/udev + @${MKDIR} ${STAGEDIR}${RUNDIR} ${STAGEDIR}${KEYDIR} .include <bsd.port.mk> diff --git a/security/tpm2-tss/distinfo b/security/tpm2-tss/distinfo index 4976a4cf6e91..44d2c06c4c09 100644 --- a/security/tpm2-tss/distinfo +++ b/security/tpm2-tss/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1694301508 -SHA256 (tpm2-tss-4.0.1.tar.gz) = 532a70133910b6bd842289915b3f9423c0205c0ea009d65294ca18a74087c950 -SIZE (tpm2-tss-4.0.1.tar.gz) = 1787139 +TIMESTAMP = 1779167796 +SHA256 (tpm2-tss-4.1.3.tar.gz) = 37f1580200ab78305d1fc872d89241aaee0c93cbe85bc559bf332737a60d3be8 +SIZE (tpm2-tss-4.1.3.tar.gz) = 1902009 diff --git a/security/tpm2-tss/files/patch-src_tss2-esys_esys__context.c b/security/tpm2-tss/files/patch-src_tss2-esys_esys__context.c index d613ac6e7e64..efbb480115f9 100644 --- a/security/tpm2-tss/files/patch-src_tss2-esys_esys__context.c +++ b/security/tpm2-tss/files/patch-src_tss2-esys_esys__context.c @@ -1,4 +1,4 @@ ---- src/tss2-esys/esys_context.c.orig 2025-02-22 22:43:21 UTC +--- src/tss2-esys/esys_context.c.orig 2024-05-17 08:04:10 UTC +++ src/tss2-esys/esys_context.c @@ -26,7 +26,7 @@ * If not specified, load a TCTI in this order: @@ -7,5 +7,5 @@ - * Device /dev/tpmrm0 (kernel resident resource manager) + * Device /dev/tpmrm0 (kernel resident resource manager, SKIPPED on FreeBSD) * Device /dev/tpm0 (hardware TPM) + * Device /dev/tcm0 (hardware TCM) * TCP socket localhost:2321 (TPM simulator) - * @param esys_context [out] The ESYS_CONTEXT. diff --git a/security/tpm2-tss/files/patch-src_tss2-tcti_tcti-device.c b/security/tpm2-tss/files/patch-src_tss2-tcti_tcti-device.c index 52a165e2a191..77d8e10307a9 100644 --- a/security/tpm2-tss/files/patch-src_tss2-tcti_tcti-device.c +++ b/security/tpm2-tss/files/patch-src_tss2-tcti_tcti-device.c @@ -1,6 +1,6 @@ ---- src/tss2-tcti/tcti-device.c.orig 2023-01-23 18:36:16.000000000 +0000 -+++ src/tss2-tcti/tcti-device.c 2025-05-08 08:40:29.255475000 +0000 -@@ -61,7 +61,9 @@ +--- src/tss2-tcti/tcti-device.c.orig 2024-05-21 12:44:23 UTC ++++ src/tss2-tcti/tcti-device.c +@@ -61,7 +61,9 @@ static char *default_conf[] = { #ifdef __VXWORKS__ "/tpm0" #else @@ -8,5 +8,5 @@ "/dev/tpmrm0", +#endif /* __FreeBSD__ */ "/dev/tpm0", + "/dev/tcm0", #endif /* __VX_WORKS__ */ - }; diff --git a/security/tpm2-tss/files/patch-test_unit_tctildr-nodl.c b/security/tpm2-tss/files/patch-test_unit_tctildr-nodl.c index 99090001bd2b..1c859da089d9 100644 --- a/security/tpm2-tss/files/patch-test_unit_tctildr-nodl.c +++ b/security/tpm2-tss/files/patch-test_unit_tctildr-nodl.c @@ -1,6 +1,6 @@ ---- test/unit/tctildr-nodl.c.orig 2025-02-22 22:43:21 UTC +--- test/unit/tctildr-nodl.c.orig 2024-05-17 08:04:10 UTC +++ test/unit/tctildr-nodl.c -@@ -65,9 +65,11 @@ test_tctildr_get_default_all_fail (void **state) +@@ -68,9 +68,11 @@ test_tctildr_get_default_all_fail (void **state) /* device:/dev/tpm0 */ will_return (__wrap_tcti_from_init, tcti_ctx); will_return (__wrap_tcti_from_init, TEST_RC); diff --git a/security/tpm2-tss/pkg-plist b/security/tpm2-tss/pkg-plist index 33e9fa2a436a..4a08bf0a3cc9 100644 --- a/security/tpm2-tss/pkg-plist +++ b/security/tpm2-tss/pkg-plist @@ -4,11 +4,11 @@ @dir /var/lib @dir /var/run/tpm2-tss/eventlog @dir /var/run/tpm2-tss -etc/sysusers.d/tpm2-tss.conf -etc/tmpfiles.d/tpm2-tss-fapi.conf %%ETCDIR%%/fapi-config.json %%ETCDIR%%/fapi-profiles/P_ECCP256SHA256.json +%%ETCDIR%%/fapi-profiles/P_ECCP384SHA384.json %%ETCDIR%%/fapi-profiles/P_RSA2048SHA256.json +%%ETCDIR%%/fapi-profiles/P_RSA3072SHA384.json include/tss2/tss2_common.h include/tss2/tss2_esys.h include/tss2/tss2_fapi.h @@ -19,6 +19,7 @@ include/tss2/tss2_sys.h include/tss2/tss2_tcti.h include/tss2/tss2_tcti_cmd.h include/tss2/tss2_tcti_device.h +include/tss2/tss2_tcti_i2c_helper.h include/tss2/tss2_tcti_mssim.h include/tss2/tss2_tcti_pcap.h include/tss2/tss2_tcti_spi_helper.h @@ -45,6 +46,10 @@ lib/libtss2-rc.a lib/libtss2-rc.so lib/libtss2-rc.so.0 lib/libtss2-rc.so.0.0.0 +lib/libtss2-tcti-i2c-helper.a +lib/libtss2-tcti-i2c-helper.so +lib/libtss2-tcti-i2c-helper.so.0 +lib/libtss2-tcti-i2c-helper.so.0.0.0 lib/libtss2-tcti-spi-helper.a lib/libtss2-tcti-spi-helper.so lib/libtss2-tcti-spi-helper.so.0 @@ -85,6 +90,7 @@ libdata/pkgconfig/tss2-rc.pc libdata/pkgconfig/tss2-sys.pc libdata/pkgconfig/tss2-tcti-cmd.pc libdata/pkgconfig/tss2-tcti-device.pc +libdata/pkgconfig/tss2-tcti-i2c-helper.pc libdata/pkgconfig/tss2-tcti-mssim.pc libdata/pkgconfig/tss2-tcti-pcap.pc libdata/pkgconfig/tss2-tcti-spi-helper.pc @@ -101,6 +107,12 @@ share/man/man5/fapi-config.5.gz share/man/man5/fapi-profile.5.gz share/man/man7/tss2-tcti-cmd.7.gz share/man/man7/tss2-tcti-device.7.gz +share/man/man7/tss2-tcti-i2c-ftdi.7.gz +share/man/man7/tss2-tcti-i2c-helper.7.gz share/man/man7/tss2-tcti-mssim.7.gz +share/man/man7/tss2-tcti-spi-ftdi.7.gz +share/man/man7/tss2-tcti-spi-helper.7.gz +share/man/man7/tss2-tcti-spi-ltt2go.7.gz +share/man/man7/tss2-tcti-spidev.7.gz share/man/man7/tss2-tcti-swtpm.7.gz share/man/man7/tss2-tctildr.7.gzhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6a1dffcd.3dbda.20e3029f>