Hello community, here is the log from the commit of package tpm2.0-tools for openSUSE:Factory checked in at 2019-12-18 14:44:47 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tpm2.0-tools (Old) and /work/SRC/openSUSE:Factory/.tpm2.0-tools.new.4691 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tpm2.0-tools" Wed Dec 18 14:44:47 2019 rev:20 rq:755855 version:4.1 Changes: -------- --- /work/SRC/openSUSE:Factory/tpm2.0-tools/tpm2.0-tools.changes 2019-08-27 10:24:12.383928297 +0200 +++ /work/SRC/openSUSE:Factory/.tpm2.0-tools.new.4691/tpm2.0-tools.changes 2019-12-18 14:48:15.981937189 +0100 @@ -1,0 +2,698 @@ +Wed Dec 11 13:29:12 UTC 2019 - matthias.gerst...@suse.com + +- add fix_bad_bufsize.patch: fixes findings from compile time fread() checks + that indicate bad buffer size specification. +- add fix_bogus_warning.patch: fixes `maybe-unitialized` warnings that are + bogus, since the variables in questions will be initialized in any case + later on. + +------------------------------------------------------------------- +Wed Dec 11 12:35:52 UTC 2019 - matthias.gerst...@suse.com + +- update to major version 4.1: + - changes in version 4.1: + * tpm2_certifycreation: New tool enabling command TPM2_CertifyCreation. + + * tpm2_checkquote: + - Fix YAML output bug. + - -g option for specifying hash algorithm is optional and defaults to + sha256. + + * tpm2_changeeps: A new tool for changing the Endorsement hierarchy + primary seed. + + * tpm2_changepps: A new tool for changing the Platform hierarchy primary seed. + + * tpm2_clockrateadjust: Add a new tool for modifying the period on the TPM. + + * tpm2_create: Add tool options for specifying output data for use in + certification + - --creation-data to save the creation data + - --creation-ticket or -t to save the creation ticket + - --creation-hash or -d to save the creation hash + - --template-data for saving the template data of the key + - --outside-info or -q for specifying unique data to include in creation data. + - --pcr-list or -l Add option to specify pcr list to add to creation data. + + * tpm2_createprimary: Add tool options for specifying output data for use + in certification + - --creation-data to save the creation data + - --creation-ticket or -t to save the creation ticket + - --creation-hash or -d to save the creation hash + - --template-data for saving the template data of the key + - --outside-info or -q for specifying unique data to include in creation data. + - --pcr-list or -l Add option to specify pcr list to add to creation data. + + * tpm2_evictcontrol: + - Fix bug in automatic persistent handle selection when + hierarchy is platform. + - Fix bug in YAML key action where action was wrong when using ESYS_TR. + + * tpm2_getcap: clean up remanenats of -c option in manpages and tool output. + + * tpm2_gettime: Add a new tool for retrieving a signed timestamp from a TPM. + + * tpm2_nvcertify: Add a new tool for certifying the contents of an NV index. + + * tpm2_nvdefine: + - Support default set of attributes so -a is not mandatory. + - Support searching for free index if an index isn't specified. + + * tpm2_nvextend: Add a new tool for extending an NV index similair to a PCR. + + * tpm2_nvreadpublic: + - Support specifying nv index to read public data from as argument. + + * tpm2_nvsetbits: Add a new tool for setting the values of PCR with type + "bits". + + * tpm2_nvundefine: Add support for deleting NV indices with attribute + `TPMA_NV_POLICY_DELETE` set using NV Undefine Special command. + + * tpm2_nvwritelock: Add a new tool for setting a write lock on an NV index + or globally locking nv indices with TPMA_NV_GLOBALLOCK. + + * tpm2_policyauthorizenv: New tool enabling signed, revocable policies. + + * tpm2_policyauthvalue: New tool enabling authorization to be bound to the + authorization of another object. + + * tpm2_policycountertimer: Add a new tool for enabling policy bound to TPM + clock or timer values. + + * tpm2_policynamehash: Add a new tool for specifying policy based on object + name. + + * tpm2_policynv: Add a new tool for specifying policy based on NV contents. + + * tpm2_nvwritten: Add a new tool for specifying policy based on whether or not + an NV index was written to. + + * tpm2_policysecret: Add tool options for specifying + - --expiration or -t + - --ticket + - --timeout + - --nonce-tpm or -x + - --qualification or -q + + * tpm2_policysigned: New tool enabling policy command TPM2_PolicySigned. + + * tpm2_policytemplate: New tool enabling policy command TPM2_PolicyTemplate. + + * tpm2_policyticket: New tool enabling policy command TPM2_PolicyTicket. + + * tpm2_readclock: Add a new tool for reading the TPM clock. + + * tpm2_setclock: Add a new tool for setting the TPM clock. + + * tpm2_setprimarypolicy: New tool setting policy on hierarchies. + + * tpm2_shutdown: Add a new tool for issuing a TPM shutdown command. + + * misc: + - Support "tpmt" as a public key output format that only saves the TPMT + structure. + - Qualifying data or extra data in many tools can be hex array string or + binary file. + - Add support for specifying NV index type when specifying NV attributes. + - Support added for tools to run on FreeBSD. + - Skip and notify of action that man pages will not install if the package + pandoc is missing. + - Fix precedence issue with bitwise operator order int tpm2_getcap + - travis: bump abrmd version 2.3.0 + - tpm2_util.c: Fix an issue int variable size was checked against uint + - pcr.c: Fix buffer length issue to support all defined hash algorithm + + - changes in version 4.0.1: + + * tpm2_checkquote: Fix YAML output bug. + + - changes in version 4.0: + + * tpm2_activatecredential: + - --context is now --credentialedkey-context. + - --key-context is now --credentialkey-context. + - --Password is now --credentialedkey-auth. + - --endorse-passwd is now --credentialkey-auth. + - --in-file is now --credential-secret. + - --out-file is now --certinfo-data. + - -f becomes -i. + - -k becomes -C. + - -e becomes -E. + + * tpm2_certify: + - --halg is now --hash-algorithm. + - --obj-context is now --certifiedkey-context. + - --key-context is now --signingkey-context. + - --pwdo is now --certifiedkey-auth. + - --pwdk is now --signingkey-auth. + - -a becomes -o. + - -k becomes -p. + - -c becomes -C. + - -k becomes -K. + + * tpm2_changeauth: + - New tool for changing the authorization values of: + - Hierarchies + - NV + - Objects + - Replaces tpm2_takeownership with more generic functionality. + + * tpm2_checkquote: + - --halg is now --hash-algorithm. + - --pcr-input-file is now --pcr. + - --pubfile is now --public. + - --qualify-data is now --qualification. + - -f becomes -F. + - -F becomes -f. + - -G becomes -g. + + * tpm2_clear: + - --lockout-passwd is now --auth-lockout. + + * tpm2_clearcontrol: + - New tool for enabling or disabling tpm2_clear commands. + + * tpm2_create + - --object-attributes is now --attributes. + - --pwdp is now --parent-auth. + - --pwdo is now --key-auth. + - --in-file is now --sealing-input. + - --policy-file is now --policy. + - --pubfile is now --public. + - --privfile is now --private. + - --out-context is now --key-context. + - --halg is now --hash-algorithm. + - --kalg is now --key-algorithm. + - -o becomes -c. + - -K becomes -p. + - -A becomes -b. + - -I becomes -i. + - -g becomes an optional option. + - -G becomes an optional option. + - Supports TPM command CreateLoaded via -c. + + * tpm2_createak: + - Renamed from tpm2_getpubak + ++++ 501 more lines (skipped) ++++ between /work/SRC/openSUSE:Factory/tpm2.0-tools/tpm2.0-tools.changes ++++ and /work/SRC/openSUSE:Factory/.tpm2.0-tools.new.4691/tpm2.0-tools.changes Old: ---- tpm2-tools-3.1.4.tar.gz New: ---- fix_bad_bufsize.patch fix_bogus_warning.patch tpm2-tools-4.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tpm2.0-tools.spec ++++++ --- /var/tmp/diff_new_pack.5mi8Jh/_old 2019-12-18 14:48:16.365937364 +0100 +++ /var/tmp/diff_new_pack.5mi8Jh/_new 2019-12-18 14:48:16.365937364 +0100 @@ -17,13 +17,15 @@ Name: tpm2.0-tools -Version: 3.1.4 +Version: 4.1 Release: 0 Summary: Trusted Platform Module (TPM) 2.0 administration tools License: BSD-3-Clause Group: Productivity/Security Url: https://github.com/tpm2-software/tpm2-tools/releases Source0: https://github.com/tpm2-software/tpm2-tools/releases/download/%{version}/tpm2-tools-%{version}.tar.gz +Patch0: fix_bogus_warning.patch +Patch1: fix_bad_bufsize.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: gcc-c++ @@ -61,6 +63,8 @@ %prep %setup -q -n tpm2-tools-%{version} +%patch0 -p1 +%patch1 -p1 %build %configure --disable-static @@ -78,5 +82,8 @@ %doc README.md LICENSE CHANGELOG.md /usr/bin/tpm2_* %{_mandir}/man1/tpm2_* +%dir %{_datadir}/bash-completion +%dir %{_datadir}/bash-completion/completions +%{_datadir}/bash-completion/completions/* %changelog ++++++ _service ++++++ --- /var/tmp/diff_new_pack.5mi8Jh/_old 2019-12-18 14:48:16.393937377 +0100 +++ /var/tmp/diff_new_pack.5mi8Jh/_new 2019-12-18 14:48:16.397937380 +0100 @@ -2,7 +2,7 @@ <service name="tar_scm" mode="disabled"> <param name="url">https://github.com/intel/tpm2-tools.git</param> <param name="scm">git</param> - <param name="revision">3.1.4</param> + <param name="revision">4.1</param> <param name="versionformat">@PARENT_TAG@</param> <param name="changesgenerate">disable</param> </service> ++++++ fix_bad_bufsize.patch ++++++ Index: tpm2-tools-4.1/tools/tpm2_policytemplate.c =================================================================== --- tpm2-tools-4.1.orig/tools/tpm2_policytemplate.c +++ tpm2-tools-4.1/tools/tpm2_policytemplate.c @@ -23,7 +23,7 @@ static tpm2_policytemplate_ctx ctx; static bool process_input_template_hash(char *value) { - ctx.template_hash.size = UINT16_MAX; + ctx.template_hash.size = sizeof(ctx.template_hash.buffer); bool result = files_load_bytes_from_buffer_or_file_or_stdin(NULL, value, &ctx.template_hash.size, ctx.template_hash.buffer); if (!result) { Index: tpm2-tools-4.1/tools/tpm2_policynamehash.c =================================================================== --- tpm2-tools-4.1.orig/tools/tpm2_policynamehash.c +++ tpm2-tools-4.1/tools/tpm2_policynamehash.c @@ -23,7 +23,7 @@ static tpm2_policynamehash_ctx ctx; static bool process_input_name_hash(char *value) { - ctx.name_hash.size = UINT16_MAX; + ctx.name_hash.size = sizeof(ctx.name_hash.buffer); bool result = files_load_bytes_from_buffer_or_file_or_stdin(NULL, value, &ctx.name_hash.size, ctx.name_hash.buffer); if (!result) { ++++++ fix_bogus_warning.patch ++++++ Index: tpm2-tools-4.1/lib/tpm2_hash.c =================================================================== --- tpm2-tools-4.1.orig/lib/tpm2_hash.c +++ tpm2-tools-4.1/lib/tpm2_hash.c @@ -14,7 +14,7 @@ static tool_rc tpm2_hash_common(ESYS_CON UINT16 inbuffer_len, TPM2B_DIGEST **result, TPMT_TK_HASHCHECK **validation) { bool use_left, done; - unsigned long left; + unsigned long left = 0; size_t bytes_read; TPM2B_AUTH null_auth = TPM2B_EMPTY_INIT; TPMI_DH_OBJECT sequence_handle; Index: tpm2-tools-4.1/lib/tpm2_attr_util.c =================================================================== --- tpm2-tools-4.1.orig/lib/tpm2_attr_util.c +++ tpm2-tools-4.1/lib/tpm2_attr_util.c @@ -202,7 +202,7 @@ static bool lookup_nt_friendly_name(cons static bool nt(TPMA_NV *nv, char *arg) { - uint16_t value; + uint16_t value = 0; bool result = tpm2_util_string_to_uint16(arg, &value); if (!result) { result = lookup_nt_friendly_name(arg, &value); ++++++ tpm2-tools-3.1.4.tar.gz -> tpm2-tools-4.1.tar.gz ++++++ ++++ 122080 lines of diff (skipped)