Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package tpm2.0-tools for openSUSE:Factory checked in at 2022-12-10 21:17:41 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tpm2.0-tools (Old) and /work/SRC/openSUSE:Factory/.tpm2.0-tools.new.1835 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tpm2.0-tools" Sat Dec 10 21:17:41 2022 rev:36 rq:1041885 version:5.4 Changes: -------- --- /work/SRC/openSUSE:Factory/tpm2.0-tools/tpm2.0-tools.changes 2022-07-14 16:33:33.488587695 +0200 +++ /work/SRC/openSUSE:Factory/.tpm2.0-tools.new.1835/tpm2.0-tools.changes 2022-12-10 21:17:58.501607951 +0100 @@ -1,0 +2,189 @@ +Thu Dec 8 12:51:17 UTC 2022 - Alberto Planas Dominguez <apla...@suse.com> + +- Update to version 5.4 + + Added: + * tpm2_policyrestart: Added option --cphash to output the cpHash + for the command PM2_CC_PolicyRestart. + * tpm2_policynvwritten: Added option --cphash to output the cpHash + for the command TPM2_CC_PolicyNvWritten. + * tpm2_policylocality: Added option --cphash to output the cpHash + for the command TPM2_CC_PolicyLocality. + * tpm2_policycountertimer: Added option --cphash to output the + cpHash for the command TPM2_CC_PolicyCounterTimer. + * tpm2_policycommandcode: Added option --cphash to output the + cpHash for the command TPM2_CC_PolicyCommandCode. + * tpm2_policypassword: Added option --cphash to output the cpHash + for the command TPM2_CC_PolicyPassword. + * tpm2_policyauthvalue: Added option --cphash to output the cpHash + for the command TPM2_CC_PolicyAuthValue. + * tpm2_policyauthorize: Added option --cphash to output the cpHash + for the command TPM2_CC_PolicyAuthorize. + * tpm2_print: Support printing serialized ESYS_TR's + * tpm2_create: Add a clarifying message to usage of -c when + TPM2_CreateLoaded is not supported. + * tpm2_getcap: Add support for vendor agnostic + capabilites. Requires tpm2-tss version 4.0 and higher to enable. + * Add a script, check_endorsement_cert.sh, to validate the + endorsement certificate chain. It takes two inputs - A + TPM2B_PUBLIC format EKpublic and a PEM format EKcertificate + specified in that order as arguments. + +- Update to version 5.3 + + Features: + * lib/tpm2_tool.c: add --help=no-man for tpm2 option. Prior to + this change the tool parsed no-man as an unrecognized option and + errored out. Now it lists all the available tool options. + * tpm2_encodeobject: New tool to encode TPM2 object. It takes + public and private portions of an object and encode them in a + combined PEM form called tssprivkey used by tpm2-tss-engine and + other applications. + * Support alternative ECC curves for which default EK templates + exist (NIST_P256, NIST_P384, NIST_P521, and SM2_P256). + * tools/misc/tpm2_checkquote: add sm2 verification of signature. + * crypto: support the TPM2_ECC_SM2_P256 curveID. + * fapi: add new command to enable the use of fapi objects for tpm2 + tools. The new command tss2_gettpm2object was added. With this + command context files which can be used for tpm2 tool commands + can be created. + * Support for sign and verify with sm2 algorithms. + * tools/tpm2_startauthsession: add sym-algorithm argument for + supported symmetric algorithm. + * Attestation (certify, command audit, sessionaudit and quote): + add scheme argument for supported signature schemes. This also + enable support for SM signing. + * tpm2_flushcontext: support all options at a time. Support the + -t/-l/-s options all at once so folks don't have to call it + multiple times. + * tools/tpm2_nvread: add human readable output for NV content + Enable parsing and YAML-style output for the different NV index + types. + * New event types in tpm2_eventlog: + EV_EFI_PLATFORM_FIRMWARE_BLOB2, EV_EFI_HANDOFF_TABLES2, + EV_EFI_VARIABLE_BOOT2 + * VERSION: add version file - Generate the version file with + bootstrap and include in the DIST tarball so endusers can call + autoreconf on a dist tarball which doesn't have git. This + alleviates git describe errors on release tarballs in the + autoreconf case. + * import: support restricted parents - Support a restricted parent + with an aes128cfb symmetric parameter. + * tpm2_load - Added capability to load pem files in + TSS2-Private-Key format for interoperability with + tpm2-tss-engine, tpm2-openssl provider tpm2-pkcs11, and + tpm2-pytss. + * tpm2_print - Added capability to parse out and print the public + portion of a TSS Private Key in the PEM format with the arg + option TSSPRIVKEY_OBJ. + * tpm2_loadexternal: Added support to tpm2_loadexternal for + parsing and loading the public portion of a TSS2 Privkey PEM + file. The path to the PEM file must be specified using the -r + option while skipping the -G option for key type. + * Support added for calculating cpHash, rpHash, sessions for + parameter encryption and auditing in: tpm2_nvwrite, + tpm2_nvcertify, tpm2_nvincrement, tpm2_nvwritelock, + tpm2_nvreadlock, tpm2_nvundefine and tpm2_nvreadpublic. + * Support added for calculating cpHash in: tpm2_clear, + tpm2_dictionarylockout, tpm2_clearcontrol, tpm2_sign, + tpm2_setprimarypolicy, tpm2_setclock, tpm2_rsadecrypt, + tpm2_duplicate, tpm2_clockrateadjust, tpm2_createprimary, + tpm2_quote, tpm2_policysecret, tpm2_policynv, + tpm2_policyauthorizenv, tpm2_import, tpm2_hmac, + tpm2_hierarchycontrol, tpm2_load, tpm2_gettime, + tpm2_evictcontrol, tpm2_encryptdecrypt, tpm2_getpolicydigest, + tpm2_loadexternal, tpm2_commit, tpm2_ecdhkeygen, tpm2_ecdhzgen, + tpm2_ecephemeral, tpm2_geteccparameters, tpm2_flushcontext, + tpm2_pcrallocate, tpm2_pcrevent, tpm2_pcrreset, tpm2_pcrread. + * Support for using tcti=none for cpHash calculations to avoid + invoking checks for active TPM in: tpm2_nvreadpublic, + tpm2_nvundefine, tpm2_nvreadlock, tpm2_nvwritelock, + tpm2_nvincrement, tpm2_nvcertify, tpm2_nvdefine, tpm2_nvwrite. + + Known issue: + * FAPI tools will not work on 32bit user-static qemu on 64bit host + because readdir returns NULL. Follow the issue on + https://gitlab.com/qemu-project/qemu/-/issues/263 + + Bug fixes: + * tools/tpm2_pcrreset.c: fix build errors in 32bit systems. + * Fix tssprivkey formatted PEM generation and load errors on 32 + bit systems. + * CI: Add testing of 32bit systems with multiarch/qemu-user-static + containers. + * tools/tpm2_evictcontrol: fix for calls to Esys_TR_Close on bad + handles. + * tools/tpm2_nvextend: fix for ESYS_TR handle not being used in + calculating the object name. + * tools/tpm2_nvwrite, tools/tpm2_nvread: Policy authorization must + be re-instantiated on each iteration of the read/ write when + size exceeds the allowed operating size + (TPM2_PT_NV_BUFFER_MAX). However, information on the compounded + policies cannot be retrieved from the only policy digest read + from the session and hence the session cannot be + re-instantiated. To avoid this scenario only a single iteration + is allowed when policy authorization is in use. + * Fix argument parsing in tpm2_policylocality to fix an issue + causing almost always to generate PolicyLocality(0). There was a + logical inversion that caused almost any argument (including + invalid ones) to be interpreted as zero, except âzero" would be + interpreted as one. + * test/fapi/fapi-quote-verify.sh Fix check of qualifying + data. Because of a bug in Fapi_VerifyQuote the qualifying data + was not checked correctly. Errors that were not recognized + before occur now. The order of the tests was cleaned up and for + every quote and verify quote now the correct combination of the + qualifying data and quote info containing the nonce is used. + * tpm2_nvdefine: set TPMA_NV_PLATFORMCREATE when authenticating + with the platform hierarchy. + * tools/tpm2_getekcertificate: fixed the url link to + ekop.intel.com. There were two places where the fix was needed: + o In the tool source code where a forward slash was always + appended irrespective of it already being part of the link + specified by the user and + o In the integration test where curl tests the link to the + ekop.intel.com backend. It now requires the full link to + include the base64 encoded ek pub hash. + * tools/tpm2_tool.c: Fix an issue where LOG_WARN is always + displayed Despite setting the 'quiet' flag with -Q. + * fapi: fix usage of parameter pcrLog for tss2_quote. pcrLog is an + optional parameter. If pcrLog is not used as parameter currently + the pcr log is still calculated in Fapi_Quote. To avoid this + calculation a NULL pointer will be passed to Fapi_Quote if the + parameter pcrLog is not passed. So tss2_quote can be executed + for a user which has no access rights to the files with the + system measurements. + * import: fix bug on using scheme wherein if scheme is specified + in the template, the openssl load functions clobber the scheme + value and set it to TPM2_ALG_NULL. + * tools/tpm2_sign and tpm2_verifysignature: fix sm2 sign and + verifysignature bugs : (1.) sm2 sign could not get output + signature. (2.) sm2 verify tss format signature failed. + * lib/tpm2.c: added workaround for a system api bug where in the + flush handle is erroneously placed in the handle area instead of + the parameter area. + * nvreadpublic: drop ntoh on attributes The attributes get + marshalled to correct endianess by libmu and donât need to be + changed again. + * Removing unused '-i' option from tpm2_print + * tpm2_policyor: fix unallocated policy list The TPML_DIGEST + policy list was calloc'd for some reason, however it could just + be statically allocated in the context. The side effect is that + when no options or arguments were given a NPD occured when + checking the count of the policy list. + * tools/tpm2_certify: fix man page for short options and add tests + The short options for the signing-key-auth and + certified-key-auth were swapped. The case fix in the man page + makes it less intuitive but have to go through with the change + so that we don't break any existing scripts. This change does + not affect the long options. Tests have been added to ensure the + functionality. + + CI: + * ci: add ubuntu-22.04. This also requires the min tpm2-tss + version to be at 3.2.0 to support the openSSL major version 3. + * cirrus.yml: update freebsd version to 13.1 + * .ci/download-deps.sh: update tpm2-abrmd dependency version to + 2.4.1 +- Drop 0001-tests-getekcertificate.sh-Skip-the-test-if-curl-is-n.patch + (merged) +- Drop add_missing_shut_down_call_on_cleanup.patch (merged) +- Drop fix_check_of_qualifying_data.patch (merged) +- Add echo_tcti_call_python3_binary.patch (upstreamed) + +------------------------------------------------------------------- Old: ---- 0001-tests-getekcertificate.sh-Skip-the-test-if-curl-is-n.patch add_missing_shut_down_call_on_cleanup.patch fix_check_of_qualifying_data.patch tpm2-tools-5.2.tar.gz tpm2-tools-5.2.tar.gz.asc New: ---- echo_tcti_call_python3_binary.patch tpm2-tools-5.4.tar.gz tpm2-tools-5.4.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tpm2.0-tools.spec ++++++ --- /var/tmp/diff_new_pack.UMhX3R/_old 2022-12-10 21:17:59.185611951 +0100 +++ /var/tmp/diff_new_pack.UMhX3R/_new 2022-12-10 21:17:59.189611974 +0100 @@ -17,14 +17,9 @@ %define _lto_cflags %{nil} -%ifarch %{ix86} x86_64 aarch64 %{arm} ppc64le %bcond_without test -%else -# ppc ppc64 s390x -%bcond_with test -%endif Name: tpm2.0-tools -Version: 5.2 +Version: 5.4 Release: 0 Summary: Trusted Platform Module (TPM) 2.0 administration tools License: BSD-3-Clause @@ -35,12 +30,8 @@ # git show william-roberts-pub javier-martinez-pub joshua-lock-pub idesai-pub > tpm2-tools.keyring Source2: tpm2-tools.keyring Patch0: fix_bogus_warning.patch -# PATCH-FIX-UPSTREAM 0001-tests-getekcertificate.sh-Skip-the-test-if-curl-is-n.patch -- based on PR#3041 -Patch1: 0001-tests-getekcertificate.sh-Skip-the-test-if-curl-is-n.patch -# PATCH-FIX-UPSTREAM add_missing_shut_down_call_on_cleanup.patch -- based on PR#3047 -Patch2: add_missing_shut_down_call_on_cleanup.patch -# PATCH-FIX-UPSTREAM fix_check_of_qualifying_data.patch -- already merged -Patch3: fix_check_of_qualifying_data.patch +# PATCH-FIX-UPSTREAM add_missing_shut_down_call_on_cleanup.patch -- based on PR#3176 +Patch1: echo_tcti_call_python3_binary.patch BuildRequires: gcc-c++ BuildRequires: libcurl-devel BuildRequires: libopenssl-devel @@ -97,8 +88,8 @@ find %{buildroot} -type f -name "*.la" -delete -print %files -%doc doc/README.md doc/CHANGELOG.md -%license doc/LICENSE +%doc docs/README.md docs/CHANGELOG.md +%license docs/LICENSE %{_bindir}/tpm2* %{_bindir}/tss2* %{_mandir}/man1/tpm2* ++++++ echo_tcti_call_python3_binary.patch ++++++ >From d191b1f3cd66e9334d000c622bc6cc4bdc63304e Mon Sep 17 00:00:00 2001 From: Alberto Planas <apla...@suse.com> Date: Thu, 8 Dec 2022 15:23:50 +0100 Subject: [PATCH] echo_tcti: call python3 binary Most distributions are now in Python3. The binary for Python3 is still called `python3`. Signed-off-by: Alberto Planas <apla...@suse.com> --- test/scripts/echo_tcti.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/scripts/echo_tcti.py b/test/scripts/echo_tcti.py index 3e4c1f462..325e35315 100755 --- a/test/scripts/echo_tcti.py +++ b/test/scripts/echo_tcti.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python +#!/usr/bin/env python3 # # This TCTI is designed to use with the subprocess TCTI and echo the contents ++++++ tpm2-tools-5.2.tar.gz -> tpm2-tools-5.4.tar.gz ++++++ ++++ 52744 lines of diff (skipped)
