Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package tpm2.0-abrmd for openSUSE:Factory checked in at 2022-12-10 21:17:39 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tpm2.0-abrmd (Old) and /work/SRC/openSUSE:Factory/.tpm2.0-abrmd.new.1835 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tpm2.0-abrmd" Sat Dec 10 21:17:39 2022 rev:24 rq:1041873 version:3.0.0 Changes: -------- --- /work/SRC/openSUSE:Factory/tpm2.0-abrmd/tpm2.0-abrmd.changes 2022-07-09 16:59:05.536441049 +0200 +++ /work/SRC/openSUSE:Factory/.tpm2.0-abrmd.new.1835/tpm2.0-abrmd.changes 2022-12-10 21:17:57.613602759 +0100 @@ -1,0 +2,15 @@ +Thu Dec 8 15:07:28 UTC 2022 - Alberto Planas Dominguez <apla...@suse.com> + +- Version 3.0.0 + + Fixed + * A bug in special command processing in TPM2_GetCapability when + an audit session is in use cuased tpm2-abrmd to abort. + + Added + * New SELinux interfaces for communication with keylime + + Changed + * DBUS permissions in tpm2-abrmd.conf to match the in-kernel RM, + ie /dev/tpmrm0, permissions. Now users MUST be in the tss group + to send to tpm2-abrmd over DBUS. +- Drop dbus-access.patch (merged in PR#805) + +------------------------------------------------------------------- Old: ---- dbus-access.patch tpm2-abrmd-2.4.1.tar.gz tpm2-abrmd-2.4.1.tar.gz.asc New: ---- tpm2-abrmd-3.0.0.tar.gz tpm2-abrmd-3.0.0.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tpm2.0-abrmd.spec ++++++ --- /var/tmp/diff_new_pack.aQjKC4/_old 2022-12-10 21:17:58.025605168 +0100 +++ /var/tmp/diff_new_pack.aQjKC4/_new 2022-12-10 21:17:58.029605191 +0100 @@ -29,7 +29,7 @@ %bcond_with selinux %endif Name: tpm2.0-abrmd -Version: 2.4.1 +Version: 3.0.0 Release: 0 Summary: Intel's TCG Software Stack Access Broker & Resource Manager for TPM 2.0 chips License: BSD-2-Clause @@ -37,12 +37,11 @@ URL: https://github.com/tpm2-software/tpm2-abrmd Source0: https://github.com/tpm2-software/tpm2-abrmd/releases/download/%{version}/tpm2-abrmd-%{version}.tar.gz Source1: https://github.com/tpm2-software/tpm2-abrmd/releases/download/%{version}/tpm2-abrmd-%{version}.tar.gz.asc -# curl https://github.com/flihp.gpg > tpm2-abrmd.keyring +# curl https://github.com/williamcroberts.gpg > tpm2-abrmd.keyring Source2: tpm2-abrmd.keyring Source3: tpm2.0-abrmd.rpmlintrc Source4: README.SUSE Patch0: harden_tpm2-abrmd.service.patch -Patch1: dbus-access.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: checkpolicy ++++++ tpm2-abrmd-2.4.1.tar.gz -> tpm2-abrmd-3.0.0.tar.gz ++++++ ++++ 1651 lines of diff (skipped) ++++ retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/tpm2-abrmd-2.4.1/AUTHORS new/tpm2-abrmd-3.0.0/AUTHORS --- old/tpm2-abrmd-2.4.1/AUTHORS 2022-03-05 23:52:30.000000000 +0100 +++ new/tpm2-abrmd-3.0.0/AUTHORS 2022-12-05 17:03:31.000000000 +0100 @@ -26,6 +26,7 @@ Thomas Furtner <t.furt...@gmail.com> Steven Clark <davolf...@gmail.com> Petr Gotthard <petr.gotth...@centrum.cz> +Patrik Koncity <pkonc...@redhat.com> Nicolas Iooss <nicolas.io...@ledger.fr> Mantas MikulÄnas <graw...@gmail.com> Lu Gong <lu.g...@intel.com> @@ -33,6 +34,7 @@ Jerry Snitselaar <jsnit...@redhat.com> Jeffrey Ferreira <jeffpferre...@gmail.com> Imran Desai <imran.de...@intel.com> +Erik Larsson <who+git...@cnackers.org> Dominic Grauvogl <dominicmanuel.grauv...@infineon.com> dguerri <davide.gue...@gmail.com> Davide Guerri <davide.gue...@gmail.com> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/tpm2-abrmd-2.4.1/CHANGELOG.md new/tpm2-abrmd-3.0.0/CHANGELOG.md --- old/tpm2-abrmd-2.4.1/CHANGELOG.md 2022-03-05 00:34:04.000000000 +0100 +++ new/tpm2-abrmd-3.0.0/CHANGELOG.md 2022-12-05 16:30:33.000000000 +0100 @@ -3,6 +3,20 @@ The format is based on [Keep a CHANGELOG](http://keepachangelog.com/) +### 3.0.0 - 2022-12-05 + +### Fixed + - A bug in special command processing in TPM2_GetCapability when an + audit session is in use cuased tpm2-abrmd to abort. + +### Added + - New SELinux interfaces for communication with keylime + +### Changed + - DBUS permissions in tpm2-abrmd.conf to match the in-kernel RM, ie + /dev/tpmrm0, permissions. Now users MUST be in the tss group to + send to tpm2-abrmd over DBUS. + ### 2.4.1 - 2022-03-04 ### Added - Contributor Covenant Code of Conduct. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/tpm2-abrmd-2.4.1/CONTRIBUTING.md new/tpm2-abrmd-3.0.0/CONTRIBUTING.md --- old/tpm2-abrmd-2.4.1/CONTRIBUTING.md 2019-03-08 21:08:06.000000000 +0100 +++ new/tpm2-abrmd-3.0.0/CONTRIBUTING.md 2022-05-09 17:17:03.000000000 +0200 @@ -2,9 +2,8 @@ All non security bugs should be filed on the Issues tracker: https://github.com/01org/tpm2-abrmd/issues -Security sensitive bugs should be emailed to a maintainer directly, or to Intel -via the guidelines here: -https://security-center.intel.com/VulnerabilityHandlingGuidelines.aspx +Security sensitive bugs should be handled per the instructions in +SECURITY.md. # Guideline for submitting changes: All changes to the source code must follow the coding standard used in the diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/tpm2-abrmd-2.4.1/Makefile.am new/tpm2-abrmd-3.0.0/Makefile.am --- old/tpm2-abrmd-2.4.1/Makefile.am 2022-01-31 06:00:06.000000000 +0100 +++ new/tpm2-abrmd-3.0.0/Makefile.am 2022-10-25 15:57:32.000000000 +0200 @@ -67,7 +67,8 @@ test/integration/not-enough-handles-for-command.int \ test/integration/password-authorization.int \ test/integration/tpm2-command-flush-no-handle.int \ - test/integration/util-buf-max-upper-bound.int + test/integration/util-buf-max-upper-bound.int \ + test/integration/get-capability-with-session.int TESTS_INTEGRATION_NOHW = test/integration/tcti-connect-multiple.int @@ -527,6 +528,10 @@ test_integration_util_buf_max_upper_bound_int_SOURCES = \ test/integration/main.c test/integration/util-buf-max-upper-bound.int.c +test_integration_get_capability_with_session_int_LDADD = $(TEST_INT_LIBS) +test_integration_get_capability_with_session_int_SOURCES = \ + test/integration/main.c test/integration/get-capability-with-session.int.c + if WITH_SEPOLICY refpoldir = $(datadir)/selinux/packages diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/tpm2-abrmd-2.4.1/VERSION new/tpm2-abrmd-3.0.0/VERSION --- old/tpm2-abrmd-2.4.1/VERSION 2022-03-05 23:51:45.000000000 +0100 +++ new/tpm2-abrmd-3.0.0/VERSION 2022-12-05 17:02:24.000000000 +0100 @@ -1 +1 @@ -2.4.1 +3.0.0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/tpm2-abrmd-2.4.1/aminclude_static.am new/tpm2-abrmd-3.0.0/aminclude_static.am --- old/tpm2-abrmd-2.4.1/aminclude_static.am 2022-03-05 23:51:54.000000000 +0100 +++ new/tpm2-abrmd-3.0.0/aminclude_static.am 2022-12-05 17:03:25.000000000 +0100 @@ -1,6 +1,6 @@ # aminclude_static.am generated automatically by Autoconf -# from AX_AM_MACROS_STATIC on Sat Mar 5 14:51:54 PST 2022 +# from AX_AM_MACROS_STATIC on Mon Dec 5 10:03:25 CST 2022 # Code coverage diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/tpm2-abrmd-2.4.1/compile new/tpm2-abrmd-3.0.0/compile --- old/tpm2-abrmd-2.4.1/compile 2021-01-04 06:32:20.000000000 +0100 +++ new/tpm2-abrmd-3.0.0/compile 2020-02-05 15:31:03.000000000 +0100 @@ -3,7 +3,7 @@ scriptversion=2018-03-07.03; # UTC -# Copyright (C) 1999-2020 Free Software Foundation, Inc. +# Copyright (C) 1999-2018 Free Software Foundation, Inc. # Written by Tom Tromey <tro...@cygnus.com>. # # This program is free software; you can redistribute it and/or modify @@ -53,7 +53,7 @@ MINGW*) file_conv=mingw ;; - CYGWIN* | MSYS*) + CYGWIN*) file_conv=cygwin ;; *) @@ -67,7 +67,7 @@ mingw/*) file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'` ;; - cygwin/* | msys/*) + cygwin/*) file=`cygpath -m "$file" || echo "$file"` ;; wine/*) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/tpm2-abrmd-2.4.1/dist/tpm2-abrmd.conf new/tpm2-abrmd-3.0.0/dist/tpm2-abrmd.conf --- old/tpm2-abrmd-2.4.1/dist/tpm2-abrmd.conf 2018-06-22 14:32:34.000000000 +0200 +++ new/tpm2-abrmd-3.0.0/dist/tpm2-abrmd.conf 2022-05-09 17:39:53.000000000 +0200 @@ -8,7 +8,20 @@ <policy user="root"> <allow own="com.intel.tss2.Tabrmd"/> </policy> - <policy context="default"> + <!-- Match /dev/tpmrm0 permissions tss tss 0660 --> + <policy user="root"> + <allow send_destination="com.intel.tss2.Tabrmd"/> + <allow receive_sender="com.intel.tss2.Tabrmd"/> + </policy> + <policy group="root"> + <allow send_destination="com.intel.tss2.Tabrmd"/> + <allow receive_sender="com.intel.tss2.Tabrmd"/> + </policy> + <policy user="tss"> + <allow send_destination="com.intel.tss2.Tabrmd"/> + <allow receive_sender="com.intel.tss2.Tabrmd"/> + </policy> + <policy group="tss"> <allow send_destination="com.intel.tss2.Tabrmd"/> <allow receive_sender="com.intel.tss2.Tabrmd"/> </policy> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/tpm2-abrmd-2.4.1/m4/libtool.m4 new/tpm2-abrmd-3.0.0/m4/libtool.m4 --- old/tpm2-abrmd-2.4.1/m4/libtool.m4 2022-03-05 23:51:49.000000000 +0100 +++ new/tpm2-abrmd-3.0.0/m4/libtool.m4 2022-12-05 17:02:47.000000000 +0100 @@ -1071,11 +1071,11 @@ # to the OS version, if on x86, and 10.4, the deployment # target defaults to 10.4. Don't you love it? case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in - 10.0,*86*-darwin8*|10.0,*-darwin[[912]]*) + 10.0,*86*-darwin8*|10.0,*-darwin[[91]]*) _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; 10.[[012]][[,.]]*) _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; - 10.*|11.*) + 10.*) _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; esac ;; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/tpm2-abrmd-2.4.1/m4/pkg.m4 new/tpm2-abrmd-3.0.0/m4/pkg.m4 --- old/tpm2-abrmd-2.4.1/m4/pkg.m4 2022-03-05 23:51:49.000000000 +0100 +++ new/tpm2-abrmd-3.0.0/m4/pkg.m4 2022-12-05 17:02:47.000000000 +0100 @@ -1,6 +1,6 @@ -# pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*- -# serial 12 (pkg-config-0.29.2) - +dnl pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*- +dnl serial 11 (pkg-config-0.29.1) +dnl dnl Copyright © 2004 Scott James Remnant <sc...@netsplit.com>. dnl Copyright © 2012-2015 Dan Nicholson <dbn.li...@gmail.com> dnl @@ -41,7 +41,7 @@ dnl See the "Since" comment for each macro you use to see what version dnl of the macros you require. m4_defun([PKG_PREREQ], -[m4_define([PKG_MACROS_VERSION], [0.29.2]) +[m4_define([PKG_MACROS_VERSION], [0.29.1]) m4_if(m4_version_compare(PKG_MACROS_VERSION, [$1]), -1, [m4_fatal([pkg.m4 version $1 or higher is required but ]PKG_MACROS_VERSION[ found])]) ])dnl PKG_PREREQ @@ -142,7 +142,7 @@ AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl pkg_failed=no -AC_MSG_CHECKING([for $2]) +AC_MSG_CHECKING([for $1]) _PKG_CONFIG([$1][_CFLAGS], [cflags], [$2]) _PKG_CONFIG([$1][_LIBS], [libs], [$2]) @@ -152,11 +152,11 @@ See the pkg-config man page for more details.]) if test $pkg_failed = yes; then - AC_MSG_RESULT([no]) + AC_MSG_RESULT([no]) _PKG_SHORT_ERRORS_SUPPORTED if test $_pkg_short_errors_supported = yes; then $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1` - else + else $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1` fi # Put the nasty error message in config.log where it belongs @@ -173,7 +173,7 @@ _PKG_TEXT])[]dnl ]) elif test $pkg_failed = untried; then - AC_MSG_RESULT([no]) + AC_MSG_RESULT([no]) m4_default([$4], [AC_MSG_FAILURE( [The pkg-config script could not be found or is too old. Make sure it is in your PATH or set the PKG_CONFIG environment variable to the full diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/tpm2-abrmd-2.4.1/missing new/tpm2-abrmd-3.0.0/missing --- old/tpm2-abrmd-2.4.1/missing 2021-01-04 06:32:20.000000000 +0100 +++ new/tpm2-abrmd-3.0.0/missing 2020-02-05 15:31:03.000000000 +0100 @@ -3,7 +3,7 @@ scriptversion=2018-03-07.03; # UTC -# Copyright (C) 1996-2020 Free Software Foundation, Inc. +# Copyright (C) 1996-2018 Free Software Foundation, Inc. # Originally written by Fran,cois Pinard <pin...@iro.umontreal.ca>, 1996. # This program is free software; you can redistribute it and/or modify diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/tpm2-abrmd-2.4.1/selinux/tabrmd.if new/tpm2-abrmd-3.0.0/selinux/tabrmd.if --- old/tpm2-abrmd-2.4.1/selinux/tabrmd.if 2018-06-22 14:32:34.000000000 +0200 +++ new/tpm2-abrmd-3.0.0/selinux/tabrmd.if 2022-10-24 17:23:16.000000000 +0200 @@ -1 +1,41 @@ ## <summary></summary> + +######################################## +## <summary> +## Create and use a unix stream socket +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`tabrmd_create_unix_stream_sockets',` + gen_require(` + type tabrmd_t; + ') + + allow $1 tabrmd_t:unix_stream_socket create_stream_socket_perms; +') + +######################################## +## <summary> +## Send messages to and from +## tabrmd over DBUS. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`tabr,d_dbus_chat',` + gen_require(` + type tabrmd_t; + class dbus send_msg; + ') + + allow $1 tabrmd_t:dbus send_msg; + allow tabrmd_t $1:dbus send_msg; +') + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/tpm2-abrmd-2.4.1/src/resource-manager.c new/tpm2-abrmd-3.0.0/src/resource-manager.c --- old/tpm2-abrmd-2.4.1/src/resource-manager.c 2022-01-31 06:00:06.000000000 +0100 +++ new/tpm2-abrmd-3.0.0/src/resource-manager.c 2022-10-25 15:57:32.000000000 +0200 @@ -1121,8 +1121,10 @@ response = resource_manager_load_context (resmgr, command); break; case TPM2_CC_GetCapability: - g_debug ("processing TPM2_CC_GetCapability"); - response = get_cap_gen_response (resmgr, command); + if (!tpm2_command_has_auths(command)) { + g_debug ("processing TPM2_CC_GetCapability"); + response = get_cap_gen_response (resmgr, command); + } break; default: break; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/tpm2-abrmd-2.4.1/src/tabrmd-generated.c new/tpm2-abrmd-3.0.0/src/tabrmd-generated.c --- old/tpm2-abrmd-2.4.1/src/tabrmd-generated.c 2022-03-05 23:52:19.000000000 +0100 +++ new/tpm2-abrmd-3.0.0/src/tabrmd-generated.c 2022-12-05 17:03:31.000000000 +0100 @@ -488,7 +488,7 @@ * * Finishes an operation started with tcti_tabrmd_call_create_connection(). * - * Returns: (skip): %TRUE if the call succeeded, %FALSE if @error is set. + * Returns: (skip): %TRUE if the call succeded, %FALSE if @error is set. */ gboolean tcti_tabrmd_call_create_connection_finish ( @@ -520,7 +520,7 @@ * * See tcti_tabrmd_call_create_connection() for the asynchronous version of this method. * - * Returns: (skip): %TRUE if the call succeeded, %FALSE if @error is set. + * Returns: (skip): %TRUE if the call succeded, %FALSE if @error is set. */ gboolean tcti_tabrmd_call_create_connection_sync ( @@ -589,7 +589,7 @@ * * Finishes an operation started with tcti_tabrmd_call_cancel(). * - * Returns: (skip): %TRUE if the call succeeded, %FALSE if @error is set. + * Returns: (skip): %TRUE if the call succeded, %FALSE if @error is set. */ gboolean tcti_tabrmd_call_cancel_finish ( @@ -622,7 +622,7 @@ * * See tcti_tabrmd_call_cancel() for the asynchronous version of this method. * - * Returns: (skip): %TRUE if the call succeeded, %FALSE if @error is set. + * Returns: (skip): %TRUE if the call succeded, %FALSE if @error is set. */ gboolean tcti_tabrmd_call_cancel_sync ( @@ -696,7 +696,7 @@ * * Finishes an operation started with tcti_tabrmd_call_set_locality(). * - * Returns: (skip): %TRUE if the call succeeded, %FALSE if @error is set. + * Returns: (skip): %TRUE if the call succeded, %FALSE if @error is set. */ gboolean tcti_tabrmd_call_set_locality_finish ( @@ -730,7 +730,7 @@ * * See tcti_tabrmd_call_set_locality() for the asynchronous version of this method. * - * Returns: (skip): %TRUE if the call succeeded, %FALSE if @error is set. + * Returns: (skip): %TRUE if the call succeded, %FALSE if @error is set. */ gboolean tcti_tabrmd_call_set_locality_sync ( diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/tpm2-abrmd-2.4.1/test/integration/common.c new/tpm2-abrmd-3.0.0/test/integration/common.c --- old/tpm2-abrmd-2.4.1/test/integration/common.c 2019-07-17 19:30:35.000000000 +0200 +++ new/tpm2-abrmd-3.0.0/test/integration/common.c 2022-10-25 15:57:32.000000000 +0200 @@ -448,6 +448,48 @@ return rc; } + +TSS2_RC +start_auth_session_hmac (TSS2_SYS_CONTEXT *sapi_context, + TPMI_SH_AUTH_SESSION *session_handle) +{ + TSS2_RC rc; + TPM2B_NONCE nonce_caller = { + .size = TPM2_SHA256_DIGEST_SIZE, + .buffer = { + 0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 0xef, + 0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 0xef, + 0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 0xef, + 0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 0xef + } + }; + TPM2B_NONCE nonce_tpm = { + .size = TPM2_SHA256_DIGEST_SIZE, + .buffer = { 0 } + }; + TPM2B_ENCRYPTED_SECRET encrypted_salt = TPM2B_ENCRYPTED_SECRET_ZERO_INIT; + TPMT_SYM_DEF symmetric = { .algorithm = TPM2_ALG_NULL }; + + g_debug ("StartAuthSession for TPM_SE_HMAC (HMAC session)"); + rc = Tss2_Sys_StartAuthSession (sapi_context, + TPM2_RH_NULL, /* tpmKey */ + TPM2_RH_NULL, /* bind */ + 0, /* cmdAuthsArray */ + &nonce_caller, /* nonceCaller */ + &encrypted_salt, /* encryptedSalt */ + TPM2_SE_HMAC, /* sessionType */ + &symmetric, /* symmetric */ + TPM2_ALG_SHA256, /* authHash */ + session_handle, /* sessionHandle */ + &nonce_tpm, /* nonceTPM */ + 0 /* rspAuthsArray */ + ); + if (rc != TSS2_RC_SUCCESS) + g_warning ("Tss2_Sys_StartAuthSession failed: 0x%" PRIx32, rc); + + return rc; +} + /* * This function dumps the fields of the TPMS_CONTEXT structure. The one * encrypted field (contextBlob) is dumped as an address. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/tpm2-abrmd-2.4.1/test/integration/common.h new/tpm2-abrmd-3.0.0/test/integration/common.h --- old/tpm2-abrmd-2.4.1/test/integration/common.h 2019-07-17 19:30:35.000000000 +0200 +++ new/tpm2-abrmd-3.0.0/test/integration/common.h 2022-10-25 15:57:32.000000000 +0200 @@ -80,6 +80,12 @@ TPMI_SH_AUTH_SESSION *session_handle ); +TSS2_RC +start_auth_session_hmac ( + TSS2_SYS_CONTEXT *sapi_context, + TPMI_SH_AUTH_SESSION *session_handle + ); + void prettyprint_context ( TPMS_CONTEXT *context diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/tpm2-abrmd-2.4.1/test/integration/get-capability-with-session.int.c new/tpm2-abrmd-3.0.0/test/integration/get-capability-with-session.int.c --- old/tpm2-abrmd-2.4.1/test/integration/get-capability-with-session.int.c 1970-01-01 01:00:00.000000000 +0100 +++ new/tpm2-abrmd-3.0.0/test/integration/get-capability-with-session.int.c 2022-10-25 15:57:32.000000000 +0200 @@ -0,0 +1,60 @@ +/* SPDX-License-Identifier: BSD-2-Clause */ +#include <glib.h> + +#include "common.h" + +/* test that TPM2_GetCapability works with an audit session and fails + * with a password session. + */ +int +test_invoke (TSS2_SYS_CONTEXT *sapi_context) { + TSS2_RC rc = 0, expected_rc = + (TPM2_RC_HANDLE | TPM2_RC_S | TPM2_RC_1); + TPM2_HANDLE session; + TSS2L_SYS_AUTH_COMMAND cmdauths = {.count = 1 }; + TSS2L_SYS_AUTH_RESPONSE respauths; + TPMI_YES_NO more = 0; + TPMS_CAPABILITY_DATA capdata; + + cmdauths.auths[0].sessionHandle = TPM2_RH_PW; + + rc = Tss2_Sys_GetCapability(sapi_context, + &cmdauths, + TPM2_CAP_PCRS, + 0, + 0, + &more, + &capdata, + &respauths); + + if (rc != (TPM2_RC_HANDLE | TPM2_RC_S | TPM2_RC_1)) { + g_warning("Tss2_Sys_GetCapability with password session " + "failed with 0x%x, expected 0x%x", rc, expected_rc); + return rc; + } + + rc = start_auth_session_hmac(sapi_context, &session); + if (rc) { + g_warning("start_auth_session_hmac failed with 0x%x", rc); + return rc; + } + + cmdauths.auths[0].sessionHandle = session; + cmdauths.auths[0].sessionAttributes |= TPMA_SESSION_AUDIT; + + rc = Tss2_Sys_GetCapability(sapi_context, + &cmdauths, + TPM2_CAP_PCRS, + 0, + 0, + &more, + &capdata, + &respauths); + if (rc) { + g_warning("Tss2_Sys_GetCapability with audit session failed " + "with 0x%x", rc); + return rc; + } + + return 0; +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/tpm2-abrmd-2.4.1/test-driver new/tpm2-abrmd-3.0.0/test-driver --- old/tpm2-abrmd-2.4.1/test-driver 2021-01-04 06:32:20.000000000 +0100 +++ new/tpm2-abrmd-3.0.0/test-driver 2020-02-05 15:31:03.000000000 +0100 @@ -3,7 +3,7 @@ scriptversion=2018-03-07.03; # UTC -# Copyright (C) 2011-2020 Free Software Foundation, Inc. +# Copyright (C) 2011-2018 Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -42,13 +42,11 @@ { cat <<END Usage: - test-driver --test-name NAME --log-file PATH --trs-file PATH - [--expect-failure {yes|no}] [--color-tests {yes|no}] - [--enable-hard-errors {yes|no}] [--] + test-driver --test-name=NAME --log-file=PATH --trs-file=PATH + [--expect-failure={yes|no}] [--color-tests={yes|no}] + [--enable-hard-errors={yes|no}] [--] TEST-SCRIPT [TEST-SCRIPT-ARGUMENTS] - The '--test-name', '--log-file' and '--trs-file' options are mandatory. -See the GNU Automake documentation for information. END } ++++++ tpm2-abrmd.keyring ++++++ --- /var/tmp/diff_new_pack.aQjKC4/_old 2022-12-10 21:17:58.221606314 +0100 +++ /var/tmp/diff_new_pack.aQjKC4/_new 2022-12-10 21:17:58.225606338 +0100 @@ -1,166 +1,53 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -mQINBE7nGygBEADI+q4qji0Yq661/gzuVrURT90MKDWLtObF+xrd6E6BN4ukmMf1 -E53tLOhXrp3pHOAHv0wJF46JIdvtin3taVbJ+7d8jQRMCKCcD5osMQIZ6RaDLGNv -OfqW0+wLG13vkylYuwJZkTfGvlsUhXLJfcPE5FjuNQ5Q/1k4VmvcK9q0MO5W9Ztn -0QnfLmcMya7qSVdIIkTosxZ+qqnxM9QsrcVLBLPbERfz1fRKO2bCsvL6zN0+V+5z -742yO+ozDdb/Uh0JPzxU76DO5M3VU1Y3qpekNpU/o0x6fH2uwmKFhHhbACLEfJk9 -VNjp2vYbdEgoEaAt5dp4KJRQFaA5dw0x5AXbaVS+GKs6Xx6xHO6iIs9Xxe7DdoNv -mrEp26+1hvBqdMaFH0Inh/VJTjvuYesOWd6K78Bpp8NYADj/rXqr1xMef04j51Uz -mRl4RkUpA0RAAMpP2sbgLXEea0VGh/0DzHfp24efopN3H/v94FDANIk33eHyFMgs -DoUfDP/0bCL1ILyQVC2mVveY4AJKlqXjt4hXkH7tWSe+L0BMtqStDkcwu33ak6zK -au6tZKY1dKQKsimmJytkg26kBMBPthDSr/YNzIsOWS3qNulrXaVZcPqJJSo08GFD -pCzE53DFIN/kZrgC8s91wKrYX8TDFZESty70+78bNpvv+7ZeSe4jvPnP1QARAQAB -tB9QaGlsaXAgVHJpY2NhIDxmbGlocEB0d29iaXQudXM+iQI6BBMBCgAkAhsDBQsJ -CAcDBRUKCQgLBRYCAwEAAh4BAheABQJPDww/AhkBAAoJEK5FSNBD3sfDNxoP/2Az -ZGJDvum0LoAWQBpNk8me5TOrlREZSIINcHw8QcXCY3E8VZVFuT7fk/Jy2hJ3Vfpo -D8VSktgxOiQK2gTkDj539yk/LCp9Ll9FC7qhlGhEkAzfnEgGgpwFDtd0SAbzPrpq -Lmcgn885gti3DIlKIe9BmbJF1wF1NoSTSGg3Mc/Lx3UI9XWe64v36YbeNhW0kilf -qdtClBXG5gRW0joexonHpx3nWUGI43Iu/uAEjLwKzcAlZOs9VV/TGSIArn6PY550 -r09pG5rmMgxElhZLf76gZrgUrcx9BAEaY9ysHPkhz6VvvaWN8deAvJoTtmC4Ko1v -DBgqr0UJonRXEouVp4M1NfDwUC8Q02lP1y2Dy2dnBvONMRpJOnuHoU1rUuvZXLzw -LlcCDjRZF+ex6b40TvkwQUK2jrAURUO5EIt8lgQtlJIlKVSXCUKVgVenco3VNQ49 -caEWJ2VnawiR2vGXAWca5Giv4szCMv+q4OE7O/fif6KmEqzlHhVNjxy4GRAm+uxG -HA7xoKTwdFl1/VJQvPVrs2aalmDK/vYFhJmJTUEce7W7xJoxLnmoda+Ibf7SL7dM -poiUKlyUyGFo7NGXCBZ7f4bKlGlzNSwFjZoP5dZpcv+9FOnc7MDy7tOQD7UIXCK1 -XYiaJhuMsVHMDLG1wp6IAp3DSEoNqi7T7LbtK6EUiEYEEBEKAAYFAk7nIhIACgkQ -kWUgEgxOAqr52wCePsEi26z+RWZNheB1N6fXQEJ/EI0AniCN2zyNUMUNpmOaLQtC -9PSpHZjeiQI3BBMBCgAhBQJO5xsoAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheA -AAoJEK5FSNBD3sfDP8oP/2QgzhjNIkEP20Lkrj8uK1M6+Ja3tjr6AtlTSpbMRXUU -vglZOHDc7v1Osh0Cv0oHooPlPOomeX4LqnPsj4HIUtVfW2mLdeWMM5VdG3Qmg+sX -MZqU5yJxYFX5bZ/bQsxyHFp79zjtya7w/EJxaZccTRog2QKL2+nTYrEiPGLM1Rl5 -1hz/cDVrFF5cQezUle114iphPU9ZaJgzu3HCDCfRx6dIS2A4POlhwmT0CPIQ9pNo -/p609WHiNC4RpsRDRVlciXrKITPH76ZqeAogggLDkVPuXZyQFkGGHl6OKoYJqFZc -95sLu3LBHM+nI7KwFBg5kdQvaSS1WijPgVm4ZH/mspqKuUb51d415xeAuOrETQNo -jObpSjDtwS/OXBoM2aGAN9RtQ7PedWLZM+cGym6Y83LNsiBxHiAjkReuL8hzhrGp -gEzesvWepU1wvFtsvFQTMe8wnJB1DMs9vQWBBBDRginLRUYNjUkIfYdDdbFZq8E3 -W7u8ta+e2AANVD1o6PJVc2+UaRORo8T4TCvLMtjuvM4uTaTUYltwA9IoNWA0uptb -pcHSE73hTL9wOFz3Ukqy+cPL5SJfiaflw/pufgAc7as8S4V8iMmgWoZSF7KbQe2S -CnpON+FQ+cMYsgOauZnDN7GSEHp+P+dAcgZ2o/CPStwSyTKnf4TCWeOJ0HCSSwZO -iEYEEhECAAYFAlroimIACgkQMWzB+ySr3HJbdwCfXgBxfck95WoYzWMqAA0v9Fk2 -a9UAn12vMrut5puYQTN+J6AyJA4nx+hKtChQaGlsaXAgVHJpY2NhIDxwaGlsaXAu -dHJpY2NhQGNpdHJpeC5jb20+iQI3BBMBCgAhBQJPDwf4AhsDBQsJCAcDBRUKCQgL -BRYCAwEAAh4BAheAAAoJEK5FSNBD3sfDZgMQAKnBooqo79rtwsU7HcquIKsis55W -xdLjN0QdPKHMAmLXsmdwBPOooZZnWn3tOwYXJF9m6HH6w0BN/tjHwH5XUkfWj1bW -mLSGtr3FsU66VdtUBD+HmPZ8tKr3WP93g1hH3gNDN/bWcX6sTr2uYQusqcCNXPNt -bQt2QDusmcD8vfr6yGDBPttxUK6zwTCXgf3BE0zacX9wmCD2Jg9Yfm8Ai2BVNBcv -0f6wSi1zC9HFjPOgr0Ztbb9rjQALbE0c8vjE9FcNVU0e4zYtFVzBFHgaLZaF7fdr -QNFFsgQ/E8i0akbTICN16NSXSZbVHDf9gjCtWsmt/czLfsrhL5MceW+c/ojEd8O0 -XMrvc060hhrppbe4HovKVDukIITGCyHvu+EgizwBexRYT56GtoKt2okGWMOS0ny6 -ovr2rEOZueTMNZ3Q8UShxiORvFAwId00W5LCiIy53aMAq8O8DH5/3EWGk0mL9KQK -DBbIpL9g3jnlYXC6QitfeUtlQVu04X/cEVva6F8wz19t8RiVftASppDmhE9U54NU -Th+8FMiVJCPdrU+a+P0krYT2wvcGzDFr6iLxTX7k1KBFtTWW+fsPwXYweTp9p4FI -O+m9YYDtzrJG2dgcg2Hs7F4WNS8qdC7de0XO71gGaF/DCpM2VoQXka4mCE8PCaSZ -gkJfAG/BeL+wlvJciEYEEBEKAAYFAk8PC6cACgkQkWUgEgxOAqo0xQCgpES2uGvv -SkP5D4C3eXfcvR9mzpYAn2wYSQBlYyOz0RYUe+QQw3DO6sMYiQIfBDABAgAJBQJV -mMgIAh0gAAoJEK5FSNBD3sfDNp8P/jeTLFJnu4NLZ0H3fnAdbDX0FM2YrndFcUxh -d/a0K2UrGWLNyQWjpkVo5/gjEd0gXZ3C6CfxvZIj6JRWcb43y/AtXdmVkEAwajIu -E5r8aFSlM5feUDrP7QoUpBxIf+cbE7Xg0ycT66KH6uTrITiy4qTkdFx+P0t5ZIeF -hxfJzUaMif0XArweOtXj3Mt42hqz65NAIkbeIEJM2yHuBQ/qO4a5dNZ+fAENaHzJ -loR/PQ/d14HyBkkgNwtwVjxNgQhHSRUahMaG0NFaw2sgBhIAgObToTQIudlFTKVq -jobNfBiICDxf/MJZIqqfzfaP75BtRXxIPZd2Hj27zLdRxmBN5hVwexAsswzQMiU2 -4cnS4TJNItg5e/rSfrOsAUTFbw2zHrWe6fwqJcMuIZrKCQ8Msmuh6xwqIiOHM7E/ -FbM/WcSxv2SfGsz2hLJs4alqvGDIZFCYnocOrotiMGvMU/JIwNNBLItEsYXkQCUq -JGtBMsWJf/gizfPacYfwvuDYJYQXcEEKfQUqGRfrygzrYhIO/xbJ+WfEZPLaQWY9 -1Krsr0WFopDsgRw2710qXKl3wIMuKsatHlDDmgJBHdZxXEpnlaOwcpULBJWxs8an -twVb8d1D+zMTUTsTgelH8B8EPaxU7BgjFbjUUMqX0cf9NJzbqaKstD9ZoAVOXVhL -gtP06gBVtClQaGlsaXAgVHJpY2NhIDxwaGlsaXAuYi50cmljY2FAaW50ZWwuY29t -PokCNgQwAQoAIBYhBEIAfodvJI4Eo/L+Ja5FSNBD3sfDBQJeh5amAh0gAAoJEK5F -SNBD3sfDknoQAK707c1KU+KZoIR4dSQJUWU1+HQcl2o5Qk9dMjGT3I+uRfXUGpsj -1XG630b8yuQJ8r971zOQmQPXWHtkP1+ZyBv6hhmyK2SvkzxhlsIY+nigxyplODcr -yhQT5xbTzxFqpQAvIc38/rmtGHZfX1CdL64KpVodd0Ek3Ylm70nRXAAIKNISxQc6 -1xlTidJUUPpoQ1FVNUye3ZS8bo0ektJBiDYtlKSDRXc/M4SVi83ez0wJniSGRCFF -Hk9k8IqJk9MSKLGvD6CwgFmt0zulbhqDzbT7KAVu+N0QHdmDq2z0J7bXo/Lgk8uq -VZCEcLgSA2GUaUXKs1rHDuG6bE8iCKnm94Axj+vfUf+ts0cOwwJeWuH7xMDqPsBN -6fIPuku+KRT1Ovf4rqXiHuKtaYopVLaePxJU0IhYh2+ACtk7e7+pHkJU+NNub0EW -vpEca3gKvO9XaT+m3mzWPJVnXO5dSe6VA7Xg5I9BuYzIGb6gUvorUSGiVo+DaJj7 -g+VZAQjssSKevEV8WvorVK0tSsGd2hv02UXJLu1pzay/fHq43NWUs/A+CuOWyKvn -H23BCjQNdrZ+pnojqSAnPeoIlea5EhlJXfyTgpTSooEtz10eKUX3rMy/Nv7J00UR -gsy5rmnKBoMzNSFAe9BYnC7+LitGMq6ElqWNBKutryKGYr945UNQc4mpiEYEEhEC -AAYFAlroimIACgkQMWzB+ySr3HIylgCfeEgRPV1PJYupd+3/0hvBPXojiJ4An0WJ -Ekfm+EHydZxgzAZVMjcaguzmiQI4BBMBAgAiBQJZlMU9AhsDBgsJCAcDAgYVCAIJ -CgsEFgIDAQIeAQIXgAAKCRCuRUjQQ97Hw3RcD/4yFbkiw6JFVURPnlXs2+t8YqPA -sWxWrW8r0ZzJSk/lhOSz0WmiIrz3/Xna0DJtONVtceMsW4gaP7DUTOpynaNOqH60 -/xaqH4PLxnZXRm9I2W16WwnnA2heHOvoca+gVGvC4uJrYzsNBLGUOUideh0xazMK -emuvG2cItW9uJp4VHX6PUB/vK9rkJYQH9eNDA9h2I8l/A6VpcFCt8PWViCY/7I8f -yCXQ4P0+Uzoaqh2e3KCaKjOKc9BHvu8pN3R3GiKaezFVg0FwKZMZpAQyFZv/HqkK -8nt59kcX/urkpkpcPVASmpa49E978BqUeEXbHnzyILaAG6NYVxDmg2n2v/woA12Z -Kk27d5CD5ZZcepYZfsnyQFEco2Zjyjk6iJH88VI5ihY4T5uvYWU6AhafTqaJuUM2 -/ectLaRLn9+9z3Sn8qHM/B8bASU17UPGOgkDRguwvEJhF03n8megIhxmakEGurDN -bVqYIwSuOEkM5bfgxNJrI128aLE6ZSNYctzmu+kHvFrl8CxkQeO5VDWIZ6bkgfWB -fLKSOoQbZk4yQvQupzhdE00zr2KVzMN4CkaTQscRIL7/TnYMF5GBP/KbYPXUKcQk -Ln3FtsKW1Od7qtUXbq0YOl+95Pmh7IEAZgLcEwegodUPo+dhfwxCDKq44lT2FOdb -mhnQ7a1sO2v07EQa6bQgUGhpbGlwIFRyaWNjYSA8ZmxpaHBAdHdvYml0Lm9yZz6J -Ak4EEwEKADgWIQRCAH6HbySOBKPy/iWuRUjQQ97HwwUCXoeX3QIbAwULCQgHAwUV -CgkICwUWAgMBAAIeAQIXgAAKCRCuRUjQQ97Hw1uxEACYGGb7QReoBV42SCp/aMJN -MOH1/IBH8E2J5ZZzNv+89y6xRHQR1wj/wEQMphkoq6WEq0XJ1yPBVD82waRJCeDK -+Cb0X1MbFmVHQM5TqqJT1jo58kKBz/ulD3BtNMcpEp2YJZoxOBGgauuIEN7LfNuP -hnSZAvpw2kfE9kkux+ai4dHyndkM4DOeAczHzVZePup1W+kCyjsLAktF2qPcNhRZ -rScHQRXnhH4em6KLHUp4vfd/cTOQbNscdZi2uXhS6mZeNhzc+mrj4j+tPaF67DBX -LcF0uCjEECHZm2DGhl2HiDwUhz6vZ2BoMlrtvOfhZgt98tD2IhD8V8f7C8TTb7Lk -Hzju3QITYxniFZUHZPkQ8TI7ux3ZJvXHJxxY2ShiTGt4dvd8NWwZsrUUzaX6E6Qg -3F4r9iSS7rCiSo9c08GDSKwiHLd77mHEu2UNs7IyZybJIzxvJLaQ7YwHy/sUwSCP -SU0ee6Bgg2qF6cM68Dn8CND2DnddFveNfx52TQ3J2xilhrm0NRlnlDiS51pNw54L -XCzwQqepfR1gQcL/rLvwYTjhTdFajR9n9JSm8sQqbRHY7LWa2wklQA2sBz0q4Y4g -SQ3Rf5cEEJix0gL9cOwbSSvDb/6oJ8CjK0dqb/YmmL7OOdfFDbhAw0ozroCjld2Y -fvyYhjBSZeFV6C6mmm8k3LkCDQRO5xsoARAA2SWRuUsaMgb6cqwsYyh+u6xSkoYo -Bh5ApKZ7MTEXMsnDwZRh9tFDoQVRz0G/+FD8ajGNAxWHUHGnuHfKO/lpWprNywTy -QPuAWMcmWjSU8jTR4UaUu5XPpO4nV4mSL0F1kkc/Zfj6MdzocwKcaygDpaZUT4xN -vCXHztkQKt9l3cDKX09xvQOJ/z4qiMGdg8w+rzG6FBqvhy00niTd2wxH7HPwcxdP -rHYD80uqba65M1drJGfcuKYdgrHYfK5TEWv2lCZl6K3uIL3FuGbjIZdkM8A1k1r+ -ii6bWBZOsHasH99gQl3y+bnEUbCPml33XJjLjiXVaSFSxmfIp1de7k2/glY1EQ1Z -TExCFMOraZuZoPomVvRz0mdL8gTJwiTM3/23i506NNl/J1JcCZCCGZhnXbRioEiJ -5nlfkTQT2F2GpfNlHLx1zMa/3Y87fwQjENe2eG5ZYRNm/EoVICd6YFS1Oi2ZeFy1 -80IZ5fmq9WL8eNUEhMYu7tR8OGNk8OIQPXi94DFwe+ImWkW97SrBPAevo/c09xbf -uQXzmLK/PZwBCZEhQVrTuLXBgQd22BypWBK2Rcss+2yM857ACCBv2aGbFGrRZ9mK -8DpeMxmBM+QhIdVE7zLBK5q0igTTBv/wRlHMON1ynUNwvgQizbHYG5EZ3IRApy2H -1iOsLTGVu6asnhUAEQEAAYkCHwQYAQoACQUCTucbKAIbDAAKCRCuRUjQQ97Hw2lA -D/91gfdjJGShrCb6NvBnEwVGhP3Yj08euf8PNbGE/LU1mCEgyEpXxQx2afPo0jNo -xrUgWWICgCleNfBDKLo0qisEnIymw8zL9NapcDcXd2U78kgryVqek8R+Yn4PQW4m -P3Pp1+BGXrCEI7bH6OeR2upu9ucmbWqrg1g572Pm0NPOxISTgTzqYVvpxSKcTJ3i -JOVXpi51Rd0AJjGBblrEFo8Gwd09bSKq2r9wL72R/EoU6MuGGBLN3K388V+/CTFk -WnU1GmX79FV47Jz9HYdwVTTzwyXiqBKoVtJL2yU43nSzXdDmNwn+KNWCk9q1Av8s -dTADVTYh1Ld0GEXMjXWaEEiC7pQo2ugVSXkFf7MPkJI7J38oJWGa5qEWLbWNz9ry -zP4STjujnNOTe/V9LWn4R1yCRLM7C23u5PZunQDPg8XpYxTPhLFFm1vjqnBYsIW8 -L9T4szs/dGO6EKlCBoHtRoSJmnx5CBMETerjdx8qpjeU4xMF7+xMUW7LQTVKjKh3 -DIMahEMDAsjDZXt3s+2uuHI+ggJHbIaqCY6bkA2nxKd7l7G8+PnxlphxlYN8fK6l -6AOwchd5ohiqgZ4tWPztrgTvsmorYm9xEJNbsi8eObNho9vTIuysn+zHYARrPbt8 -EsPhm+I+vAmBi573QjJ0f+Th5DZ7syiHirDqz3M4P9XFA7kCDQRO7hbTARAAtPqe -MQfyWLXTTismVBhl/m8dPQql9luBpqg5Gg7+HgS6H1kmOJqRyVl8ddwHmA21piOZ -17AmM4RabrG4UbjV29P+Sptz0zfzURUe60amI3+fuTkjn0pPchDmszfwy0ANDrul -bQ89pkMuSFgft6AzG5768aGgCPRJNAK40ixmV4yZlw+GcmgSv9GkoVVm9uii0dNY -VlVwBR0GSSajPn05RM9TeekUfZvn3XCMbrPRgIAc8OlbGjtgYhFQ0Sz7yispT+1r -mS/0WG4QSY/OQKeUlLLr8hjj57r/U5U8zuCv26tbYkI9uhl62kriW5DtlOyHD+To -kQjgntuX8UU2wpaft9yQBxTcDByTYxkSE3BHmacQHBkmVUw3fWd0N1SAyLvGK3J7 -qrvMjJGfmlFZHd9D3Icdm/327AlxydD7bhCnmE2m2u3HbdVlVIyXMZ+twnSHDarE -5EA9zhq/GMWeTE/ko0U6zhfh7uulmyCP4sUjKZLw/VF9hozzydcqzqc0WxwaRT98 -2b21qu+KTSrB8Tl9UDuWfqH9AHKOCI03+7IwB+yy5Hx4rTXCfrsRNLFRAydzhrcZ -bPdaxKokGha+j9qWhshskq3XmQbMve2xx/1Sl4tz6SW8K9XfBx3Qt8VmPqYUPrNJ -ECcw6XDsD23Mz3d9dRm6WZP8lpeIdBCOMCv2NhUAEQEAAYkEPgQYAQoACQUCTu4W -0wIbAgIpCRCuRUjQQ97Hw8FdIAQZAQoABgUCTu4W0wAKCRAy9351wuHTuqsDD/wN -DHAUPO6rcr5BoQVx3Km9G9MMaDjtEKm2wx4S+el0zRBbRce9Nadcymjew//LdMfg -egxVNJl0pEaCemtrdk21hPqHOKPe54UDMufClA34mV5ZVTiYKDwyX4TTLm7Z2CsO -DRmbyJ2ytDNQOrpK5VQdwrikIWCSU8LWt9kHzPw9iESMrAiUc42Q4MIpjzynMg0t -kUu2wbbNOiYy1i8plsu3PAAnpNioiB49lN8oEuIHkc1LGWLh9T131YSAW1hKx0h1 -V9Ue9jgammMV3ZMb7Xu1EDtmyTbceHKo0LlYS5GbXk72iKZNugZjcYIh2UO98lC7 -+42TOBmomzchSPwCyjR7aszoCaYeKm4ZLKzCoDD+cr8wzmyNjRa9G1hpO3+tL+iH -/TO9YnDczGm6NwCSI77tkaXwAeFyht1AJgv5eLA/28LLLKPRU8gHCmQd5mLJaCHc -hZ1pLyY8lPBd7vskYBObomTS4NoSA6/Y2XV5Bw618y7U1yzBdA9zrZ/7sGNFT8cc -6PnBEtbUFrL6hZ3fjPg3JRKFyEWlw5jXAAIfodaEtEXIL0oAtDnrQH8AxNSdYqPB -kfIMkE8SkRO1K6tPvZQ/WhP6xXWCZhx99wfASzQjI/gAytbDdbzhlRO94wAQypCi -CUXpR8tHv+8nSPisW8/fYhQT5jOPIfM64DJh62rU5zcGD/99xr3ro7Zr9Nhb+mWT -7kYyyiBptVs74U4fW7MfX8QPu4ix9mUt2rx2M6tQLlgEM6874w2VSdjlrwS3/GQh -OyzQmnBFKR4GXNTa5jKnE4/cZduwH8CxC8ZKu8H2d9LJSiljOuzEUtfkPa9bOlJc -n6qb5NY136M7VNaGu3WOqQIibkru5NCI7W6FSKp/Rd/YIS/lHxpswrLvLtj3EyqL -CcnvBXgZbJkp3GAcmcmsLZ3d1Vv+WfW/y/W6Oyoz8vsysCJGA5u1ErHwNOIsMXjM -jjvfEkgiuPxnL2ZaGk6opyla3/oJhc7oHt0/9fSbufoL0AzIUbTMl8HaZWUxTAgF -/D2Iwt8NsIu3fgTbh5McQo7pg60kMnZdJc4lZXILPnxMCgJvVKi9y2ZF9KR8bty9 -WAo9/YoEviQbBjUC0CKlZHnYI3jYdOsB6/fYscV0FWxQI/65n7UVae4GcES3Dh9v -Hm9avDkElK0b5Mg/jdRpbJ26+gVO2VOTaViOCZj5jvriIaW7JcPaMxDoklURLBdA -d4MSiEhFqNNMGJsv6reVgTDDMbOF9+YhEUzDw0XXXsxO1nl5/FbP3q7FnF8D1da+ -oB8bBpV8We7WvFrI0ie270L3nFraT/cgeu+VODxtN98dR+DKNtH37eEtIoo88Spk -JvApW6bWg2vtAHrd6Ynb1kLR6w== -=UK/N +mQINBFik3GUBEADYDYbSXH3UTr9oCNCI3UxC1hiLH7cM+QIbMtWiwfAbT3G8wrTa +NPj00qNvI4wQ/Xm3h0hB7kri7vP0FqIjIwsTdM6ZpFdVHHKW1m4P8fkOcxqmLN0g +V36MN5fgoGWf2K94aS7ItoweRMcuHnwWawe6aAtbKSYVqhWhoB/3grgd0xhE61AS +o8fJ7uRYNEAYVeOKlC2j+qKfoJbCa6yqZejFwOOzB6qxNRA7JYvckEf8yJ4+Y16m +qPyZ1ErHzpql3+b5ha+g+9g8WzxAbSfGYZTwaQxyePNjXuq2tdEXf9XnESvoaoN4 +pQhiu/0BJEkXPxl1zso65g4Mn22xEELhUnwPDo5YdLlWEZ8xhELLvdJc3Z0nTR5A +4/YaZvvzf7pOD1cwpB6IrRf8n9rOe1aDxh/A//zX9PpIOV25p5kqlE88Ya5VXrnA +Ayfs19RZmK3+FuaI0ij79CRokG9BrI6TXT0pRTDIRu7GvAo2q13MELRvFddyRT2G +mNjsHYcqEbraYTh3LHEiwfWp4ZgDtk8jj3iRabHQUHk9V8vSFzj+wp1E8HzO8Vp3 +BxMDIOG1VPdLi81DP+LbZI1h30ZG63ulqkKIhwx5/h2v4VCYPatVtGqVf37tLstj +Wrs0DkBykuZrecp+AJ5ZJ+UVvR8ajO2ncAoOugNwoj9Wuvz0fVTiJIhuNQARAQAB +tDxXaWxsaWFtIFJvYmVydHMgKEJpbGwgUm9iZXJ0cykgPHdpbGxpYW0uYy5yb2Jl +cnRzQGludGVsLmNvbT6JAjgEEwECACIFAlik3GUCGwMGCwkIBwMCBhUIAgkKCwQW +AgMBAh4BAheAAAoJEG3i6QeOH1DBibEQAL4EwEzegkc8NyHiW0mntwDoCv3tkUlG +fprp/g7GWfrP+L+pN5yexg3Zm/CgVN/tTNCEr5XtP+sdds8xBF6ReJ8QPO7EiMiM +asPXh8zlODrySXCGHmpa7IzuUC2wgD3Wq7WjniMvnBmqBdL0+8nqA6NFxOOklvK1 +ub7bqLrHKfUfciFOfYAi+C0Bh8kdZtMjfY9sqlJA3sVK2UxVXq9D+oHbL1o454N6 +VzV0rDtsK47GSSCXT75kulPdfOCopTgxPgNsK4VnXgMOL5JMURPJa3rBzmBRFed1 +ynrqwFdmYdMepsUgt/JS2I/23QChqp6AdVDjtGLKS71hox+vdE4S0DoRnMHwHkkt +B6bqQci3RlUP+wcHHRCUXUubxMSlYJqhBdEOclo6N0X0LseLcdAMGda8ZnqbHlyg +hPLmJrM3C5zTLjDb2YJXCy6RVNwqAnU3o33SZCnHqo/zUjEtR03Ztk1DzSeCjo5w +zLac1VFq5S3QdgZUwmPhyeoigqOvHu6Z1s2eL8Aw7Hn8i6MWLz5sOXAtyC9NPwK/ +qbp1a+GQXzNW4rvKl7ZEFKrBKyj8AiRoVLSRKcqZtFT56ltXQjrwKjsWDTEOzjnm +XCSM96xfay6asQH5fw+haC3RIErwyNV0uUDIVC0xDTZ6NgJEBkp8liwNeHE7eHoN +8qWSZZO2syf7uQINBFik3GUBEAC7V2o1kBsLFSKwmgsCuGfW0oBIQiaCcakT6D2X +rKBjmzBvh/UIdXQwl9+vPKtWX3T/7g6UBvezV3uc2ZqrigGmFemoQI3sW7wFk0L9 +/QTUWCMfZtyrWgqyetmPYS+i2PnsEPinsgsEHWf3iu/ew1A7npZwINwMdOSOVw2u +JqYyW2tZCErWKVe31ziYUpXA+HaRm9zoVr0F0sE2GYGWbMVYtqxN9TSYcIAHxB71 +Y31dcY77ln/1JAH4Yzqc063w/lNYogEbbQY7WNgcKdPP+aovpV7kS3TKwsdb9/xT +pj67nnlvjLTMRoW3Ez0PcIDFhuube9uOQupYG4rC4grLeVLwL/ekVmn6TxRN1hG7 +6zYXWiwWi16uAO++eBNt127FwCOVZsPO0ye3/XpOpCdpUadguxF2gGt6xY0gtetj +Vdv6S4kCdSx8NMrO2epS/1pgklxN9R/xl7Wu+JPUuVX4Jy0ycmw7TCWxdK2fuFy6 +6aLCXWWEjRSp06oeVJoVV2py+rYaoau7JG7Zgx1A3gYTm6MLFysfROaQgmfRozIH +0boYh3IA1WWzk4I6ew129ynC5zGXg/+UCnKKwn8Tsh9neq9noRDAonWI7jOCipwF +l51py82093M87zjz9o/qxnB8p00jByQ+MunUykaZrkQKHAsiyIF6cUIeQiy/AL7n +wwSPQQARAQABiQIfBBgBAgAJBQJYpNxlAhsMAAoJEG3i6QeOH1DBtO8P/1D98sl3 +oz/0oSSz0u9nzgOh93UkLbXpjSR4U+g7Wl2ppxQyGSFeWwRwT5BT74EVP2IcrraX +V9c7l+s8PYqnUdX2XAqGMv06523cCrNUU93kUUNjAo3FxGSn7i2kHIvMkDbUoeVk +jyWKfIvyy2sKcVB9GQxfMrbnTR5/Z6fCyGHNqMFb9e9TUWclLzMIhvtkvLuKmf52 +TKKxKQt/wero5zb0fynOttIjuhmOP9CFTiYjdj7qSmQapW8VFdYjyzL+OOFk9gCL +S3mIk1LdkfWah7trmMUTXdmiEibvARAQ3Yjr+Hz9yU1gzEJSPUUugNguqgS5kN+T +3TdwUHAP9whVD2IvN/Mfn29bmFFVfzu3ftJIa1zJmOdZy7KWb6MWVhw3SJ65luPB +qxKWRqFDOSpqzBm6bYQ/Oka49Jl7/dCImSm+7bCC7LDK9hXa3AIlDtWvG4iiL18T +wUOrgXPysB/D/NQaRxT/vSPUOB4WrQzIKIf4vJdyuPdtOtIWm97KUw8r/jDqd4I3 +B62qknrrR+FPcz8ACM9fXkpbBEcjFV8EkoOae106Vxjo/lu5LVBbwiKviMMwoK5o +YE7FfCwLBbLTYMeetHo8jGBRonTEOKMtPlp/fCMOp9w7CgMDuvfEwuTsA1ux4uAb +tZZIbipcKcZmsU7Su4+oeyh61giG++M5rL2D +=xdFJ -----END PGP PUBLIC KEY BLOCK----- (No newline at EOF)