openSUSE Commits
Threads by month
- ----- 2024 -----
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
February 2023
- 1 participants
- 2020 discussions
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package perl-IO-Socket-SSL for openSUSE:Factory checked in at 2023-02-01 16:38:37
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/perl-IO-Socket-SSL (Old)
and /work/SRC/openSUSE:Factory/.perl-IO-Socket-SSL.new.32243 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-IO-Socket-SSL"
Wed Feb 1 16:38:37 2023 rev:96 rq:1062235 version:2.081
Changes:
--------
--- /work/SRC/openSUSE:Factory/perl-IO-Socket-SSL/perl-IO-Socket-SSL.changes 2022-12-13 18:54:38.778940369 +0100
+++ /work/SRC/openSUSE:Factory/.perl-IO-Socket-SSL.new.32243/perl-IO-Socket-SSL.changes 2023-02-01 16:49:51.953465164 +0100
@@ -1,0 +2,19 @@
+Thu Jan 26 03:07:12 UTC 2023 - Tina M��ller <timueller+perl(a)suse.de>
+
+- updated to 2.081
+ see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
+
+ 2.081 2023/01/25
+ - new function set_msg_callback for user defined callback on each SSL message
+ - showcase function in example/ssl_client.pl and example/ssl_server.pl for
+ computing JA3S/JA3 fingerprints
+ - fix tracing added in 2.076 to no longer include SSL3_RT_HEADER (noise)
+ 2.080 2023/01/18
+ - move certs into t/ so that distributions like CentOS don't install the
+ test certificates as part of the documentation any longer.
+ 2.079 2023/01/16
+ - properly extract IPv6 address for verification from PeerAddr if not explicitly
+ given as SSL_verifycn_name.
+ https://github.com/noxxi/p5-io-socket-ssl/issues/123
+
+-------------------------------------------------------------------
Old:
----
IO-Socket-SSL-2.078.tar.gz
New:
----
IO-Socket-SSL-2.081.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ perl-IO-Socket-SSL.spec ++++++
--- /var/tmp/diff_new_pack.ZE2xoJ/_old 2023-02-01 16:49:52.373465075 +0100
+++ /var/tmp/diff_new_pack.ZE2xoJ/_new 2023-02-01 16:49:52.377465074 +0100
@@ -1,7 +1,7 @@
#
# spec file for package perl-IO-Socket-SSL
#
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
%define cpan_name IO-Socket-SSL
Name: perl-IO-Socket-SSL
-Version: 2.078
+Version: 2.081
Release: 0
License: Artistic-1.0 OR GPL-1.0-or-later
Summary: Nearly transparent SSL encapsulation for IO::Socket::INET
@@ -77,6 +77,7 @@
%prep
%autosetup -n %{cpan_name}-%{version} -p1
+
find . -type f ! -path "*/t/*" ! -name "*.pl" ! -path "*/bin/*" ! -path "*/script/*" ! -name "configure" -print0 | xargs -0 chmod 644
%build
++++++ IO-Socket-SSL-2.078.tar.gz -> IO-Socket-SSL-2.081.tar.gz ++++++
++++ 2474 lines of diff (skipped)
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package perl-Class-Method-Modifiers for openSUSE:Factory checked in at 2023-02-01 16:38:47
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/perl-Class-Method-Modifiers (Old)
and /work/SRC/openSUSE:Factory/.perl-Class-Method-Modifiers.new.32243 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-Class-Method-Modifiers"
Wed Feb 1 16:38:47 2023 rev:21 rq:1062269 version:2.14
Changes:
--------
--- /work/SRC/openSUSE:Factory/perl-Class-Method-Modifiers/perl-Class-Method-Modifiers.changes 2019-08-13 13:20:16.209434083 +0200
+++ /work/SRC/openSUSE:Factory/.perl-Class-Method-Modifiers.new.32243/perl-Class-Method-Modifiers.changes 2023-02-01 16:49:28.257356045 +0100
@@ -1,0 +2,10 @@
+Tue Jan 17 03:06:06 UTC 2023 - Tina M��ller <timueller+perl(a)suse.de>
+
+- updated to 2.14
+ see /usr/share/doc/packages/perl-Class-Method-Modifiers/Changes
+
+ 2.14 2023-01-16 21:26:04Z
+ - remove Test::Fatal and Test::Needs from test prereqs (PRs #7, #8,
+ Graham Knop)
+
+-------------------------------------------------------------------
Old:
----
Class-Method-Modifiers-2.13.tar.gz
New:
----
Class-Method-Modifiers-2.14.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ perl-Class-Method-Modifiers.spec ++++++
--- /var/tmp/diff_new_pack.hixTHe/_old 2023-02-01 16:49:29.413363025 +0100
+++ /var/tmp/diff_new_pack.hixTHe/_new 2023-02-01 16:49:29.449363243 +0100
@@ -1,7 +1,7 @@
#
# spec file for package perl-Class-Method-Modifiers
#
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -16,23 +16,19 @@
#
+%define cpan_name Class-Method-Modifiers
Name: perl-Class-Method-Modifiers
-Version: 2.13
+Version: 2.14
Release: 0
-%define cpan_name Class-Method-Modifiers
-Summary: Provides Moose-like method modifiers
License: Artistic-1.0 OR GPL-1.0-or-later
-Group: Development/Libraries/Perl
-Url: https://metacpan.org/release/%{cpan_name}
+Summary: Provides Moose-like method modifiers
+URL: https://metacpan.org/release/%{cpan_name}
Source0: https://cpan.metacpan.org/authors/id/E/ET/ETHER/%{cpan_name}-%{version}.tar…
Source1: cpanspec.yml
BuildArch: noarch
-BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: perl
BuildRequires: perl-macros
-BuildRequires: perl(Test::Fatal)
BuildRequires: perl(Test::More) >= 0.88
-BuildRequires: perl(Test::Needs)
%{perl_requires}
%description
@@ -72,11 +68,11 @@
'fresh'; see below.
%prep
-%setup -q -n %{cpan_name}-%{version}
+%autosetup -n %{cpan_name}-%{version}
%build
perl Makefile.PL INSTALLDIRS=vendor
-make %{?_smp_mflags}
+%make_build
%check
make test
@@ -87,7 +83,6 @@
%perl_gen_filelist
%files -f %{name}.files
-%defattr(-,root,root,755)
%doc Changes CONTRIBUTING README
%license LICENSE
++++++ Class-Method-Modifiers-2.13.tar.gz -> Class-Method-Modifiers-2.14.tar.gz ++++++
++++ 2220 lines of diff (skipped)
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package perl-CPAN-Meta-Check for openSUSE:Factory checked in at 2023-02-01 16:38:41
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/perl-CPAN-Meta-Check (Old)
and /work/SRC/openSUSE:Factory/.perl-CPAN-Meta-Check.new.32243 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-CPAN-Meta-Check"
Wed Feb 1 16:38:41 2023 rev:18 rq:1062250 version:0.017
Changes:
--------
--- /work/SRC/openSUSE:Factory/perl-CPAN-Meta-Check/perl-CPAN-Meta-Check.changes 2016-12-05 16:31:34.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.perl-CPAN-Meta-Check.new.32243/perl-CPAN-Meta-Check.changes 2023-02-01 16:49:24.941336020 +0100
@@ -1,0 +2,15 @@
+Wed Jan 4 03:06:48 UTC 2023 - Tina M��ller <timueller+perl(a)suse.de>
+
+- updated to 0.017
+ see /usr/share/doc/packages/perl-CPAN-Meta-Check/Changes
+
+ 0.017 2023-01-03 16:53:14+01:00 Europe/Amsterdam
+ - Use Module::Metadata for more accurate testing
+
+ 0.016 2023-01-03 14:25:46+01:00 Europe/Amsterdam
+ - Fix rounding issue in test
+
+ 0.015 2023-01-03 03:42:47+01:00 Europe/Amsterdam
+ - Drop Test::Deep prereq
+
+-------------------------------------------------------------------
Old:
----
CPAN-Meta-Check-0.014.tar.gz
New:
----
CPAN-Meta-Check-0.017.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ perl-CPAN-Meta-Check.spec ++++++
--- /var/tmp/diff_new_pack.BqTzdO/_old 2023-02-01 16:49:25.321338315 +0100
+++ /var/tmp/diff_new_pack.BqTzdO/_new 2023-02-01 16:49:25.325338339 +0100
@@ -1,7 +1,7 @@
#
# spec file for package perl-CPAN-Meta-Check
#
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -12,29 +12,26 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
+%define cpan_name CPAN-Meta-Check
Name: perl-CPAN-Meta-Check
-Version: 0.014
+Version: 0.017
Release: 0
-%define cpan_name CPAN-Meta-Check
+License: Artistic-1.0 OR GPL-1.0-or-later
Summary: Verify requirements in a CPAN::Meta object
-License: Artistic-1.0 or GPL-1.0+
-Group: Development/Libraries/Perl
-Url: http://search.cpan.org/dist/CPAN-Meta-Check/
-Source0: http://www.cpan.org/authors/id/L/LE/LEONT/%{cpan_name}-%{version}.tar.gz
+URL: https://metacpan.org/release/%{cpan_name}
+Source0: https://cpan.metacpan.org/authors/id/L/LE/LEONT/%{cpan_name}-%{version}.tar…
Source1: cpanspec.yml
BuildArch: noarch
-BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: perl
BuildRequires: perl-macros
BuildRequires: perl(CPAN::Meta) >= 2.120920
BuildRequires: perl(CPAN::Meta::Prereqs) >= 2.132830
BuildRequires: perl(CPAN::Meta::Requirements) >= 2.121000
BuildRequires: perl(Module::Metadata) >= 1.000023
-BuildRequires: perl(Test::Deep)
BuildRequires: perl(Test::More) >= 0.88
Requires: perl(CPAN::Meta::Prereqs) >= 2.132830
Requires: perl(CPAN::Meta::Requirements) >= 2.121000
@@ -46,14 +43,14 @@
present.
%prep
-%setup -q -n %{cpan_name}-%{version}
+%autosetup -n %{cpan_name}-%{version}
%build
-%{__perl} Makefile.PL INSTALLDIRS=vendor
-%{__make} %{?_smp_mflags}
+perl Makefile.PL INSTALLDIRS=vendor
+%make_build
%check
-%{__make} test
+make test
%install
%perl_make_install
@@ -61,7 +58,7 @@
%perl_gen_filelist
%files -f %{name}.files
-%defattr(-,root,root,755)
-%doc Changes LICENSE README
+%doc Changes README
+%license LICENSE
%changelog
++++++ CPAN-Meta-Check-0.014.tar.gz -> CPAN-Meta-Check-0.017.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CPAN-Meta-Check-0.014/Changes new/CPAN-Meta-Check-0.017/Changes
--- old/CPAN-Meta-Check-0.014/Changes 2016-11-25 13:09:04.000000000 +0100
+++ new/CPAN-Meta-Check-0.017/Changes 2023-01-03 16:53:16.000000000 +0100
@@ -1,5 +1,14 @@
Revision history for CPAN-Meta-Check
+0.017 2023-01-03 16:53:14+01:00 Europe/Amsterdam
+ - Use Module::Metadata for more accurate testing
+
+0.016 2023-01-03 14:25:46+01:00 Europe/Amsterdam
+ - Fix rounding issue in test
+
+0.015 2023-01-03 03:42:47+01:00 Europe/Amsterdam
+ - Drop Test::Deep prereq
+
0.014 2016-11-25 13:09:01+01:00 Europe/Amsterdam
- Undef versions are now passed through to CPAN::Meta::Requirements
for the check, rather than failing with "Missing version" errors.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CPAN-Meta-Check-0.014/INSTALL new/CPAN-Meta-Check-0.017/INSTALL
--- old/CPAN-Meta-Check-0.014/INSTALL 2016-11-25 13:09:04.000000000 +0100
+++ new/CPAN-Meta-Check-0.017/INSTALL 2023-01-03 16:53:16.000000000 +0100
@@ -8,10 +8,10 @@
% cpanm CPAN::Meta::Check
-If you are installing into a system-wide directory, you may need to pass the
-"-S" flag to cpanm, which uses sudo to install the module:
-
- % cpanm -S CPAN::Meta::Check
+If it does not have permission to install modules to the current perl, cpanm
+will automatically set up and install to a local::lib in your home directory.
+See the local::lib documentation (https://metacpan.org/pod/local::lib) for
+details on enabling it in your environment.
## Installing with the CPAN shell
@@ -21,8 +21,11 @@
## Manual installation
-As a last resort, you can manually install it. Download the tarball, untar it,
-then build it:
+As a last resort, you can manually install it. If you have not already
+downloaded the release tarball, you can find the download link on the module's
+MetaCPAN page: https://metacpan.org/pod/CPAN::Meta::Check
+
+Untar the tarball, install configure prerequisites (see below), then build it:
% perl Makefile.PL
% make && make test
@@ -31,13 +34,42 @@
% make install
-If you are installing into a system-wide directory, you may need to run:
+On Windows platforms, you should use `dmake` or `nmake`, instead of `make`.
+
+If your perl is system-managed, you can create a local::lib in your home
+directory to install modules to. For details, see the local::lib documentation:
+https://metacpan.org/pod/local::lib
+
+The prerequisites of this distribution will also have to be installed manually. The
+prerequisites are listed in one of the files: `MYMETA.yml` or `MYMETA.json` generated
+by running the manual build process described above.
+
+## Configure Prerequisites
- % sudo make install
+This distribution requires other modules to be installed before this
+distribution's installer can be run. They can be found under the
+"configure_requires" key of META.yml or the
+"{prereqs}{configure}{requires}" key of META.json.
+
+## Other Prerequisites
+
+This distribution may require additional modules to be installed after running
+Makefile.PL.
+Look for prerequisites in the following phases:
+
+* to run make, PHASE = build
+* to use the module code itself, PHASE = runtime
+* to run tests, PHASE = test
+
+They can all be found in the "PHASE_requires" key of MYMETA.yml or the
+"{prereqs}{PHASE}{requires}" key of MYMETA.json.
## Documentation
CPAN-Meta-Check documentation is available as POD.
-You can run perldoc from a shell to read the documentation:
+You can run `perldoc` from a shell to read the documentation:
% perldoc CPAN::Meta::Check
+
+For more information on installing Perl modules via CPAN, please see:
+https://www.cpan.org/modules/INSTALL.html
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CPAN-Meta-Check-0.014/LICENSE new/CPAN-Meta-Check-0.017/LICENSE
--- old/CPAN-Meta-Check-0.014/LICENSE 2016-11-25 13:09:04.000000000 +0100
+++ new/CPAN-Meta-Check-0.017/LICENSE 2023-01-03 16:53:16.000000000 +0100
@@ -292,21 +292,21 @@
- "Package" refers to the collection of files distributed by the Copyright
Holder, and derivatives of that collection of files created through
- textual modification.
+ textual modification.
- "Standard Version" refers to such a Package if it has not been modified,
or has been modified in accordance with the wishes of the Copyright
- Holder.
+ Holder.
- "Copyright Holder" is whoever is named in the copyright or copyrights for
- the package.
+ the package.
- "You" is you, if you're thinking about copying or distributing this Package.
- "Reasonable copying fee" is whatever you can justify on the basis of media
cost, duplication charges, time of people involved, and so on. (You will
not be required to justify it to the Copyright Holder, but only to the
- computing community at large as a market that must bear the fee.)
+ computing community at large as a market that must bear the fee.)
- "Freely Available" means that no fee is charged for the item itself, though
there may be fees involved in handling the item. It also means that
recipients of the item may redistribute it under the same conditions they
- received it.
+ received it.
1. You may make and give away verbatim copies of the source form of the
Standard Version of this Package without restriction, provided that you
@@ -373,7 +373,7 @@
9. THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
-MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
The End
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CPAN-Meta-Check-0.014/MANIFEST new/CPAN-Meta-Check-0.017/MANIFEST
--- old/CPAN-Meta-Check-0.014/MANIFEST 2016-11-25 13:09:04.000000000 +0100
+++ new/CPAN-Meta-Check-0.017/MANIFEST 2023-01-03 16:53:16.000000000 +0100
@@ -1,4 +1,4 @@
-# This file was automatically generated by Dist::Zilla::Plugin::Manifest v6.007.
+# This file was automatically generated by Dist::Zilla::Plugin::Manifest v6.029.
Changes
INSTALL
LICENSE
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CPAN-Meta-Check-0.014/META.json new/CPAN-Meta-Check-0.017/META.json
--- old/CPAN-Meta-Check-0.014/META.json 2016-11-25 13:09:04.000000000 +0100
+++ new/CPAN-Meta-Check-0.017/META.json 2023-01-03 16:53:16.000000000 +0100
@@ -4,7 +4,7 @@
"Leon Timmermans <leont(a)cpan.org>"
],
"dynamic_config" : 0,
- "generated_by" : "Dist::Zilla version 6.007, CPAN::Meta::Converter version 2.150005",
+ "generated_by" : "Dist::Zilla version 6.029, CPAN::Meta::Converter version 2.150010",
"license" : [
"perl_5"
],
@@ -29,7 +29,6 @@
"Test::More" : "0",
"Test::Pod" : "1.41",
"Test::Pod::Coverage" : "1.08",
- "blib" : "1.01",
"perl" : "5.006"
}
},
@@ -49,7 +48,7 @@
"requires" : {
"CPAN::Meta" : "2.120920",
"Env" : "0",
- "Test::Deep" : "0",
+ "Scalar::Util" : "0",
"Test::More" : "0.88",
"lib" : "0",
"perl" : "5.006"
@@ -59,7 +58,7 @@
"provides" : {
"CPAN::Meta::Check" : {
"file" : "lib/CPAN/Meta/Check.pm",
- "version" : "0.014"
+ "version" : "0.017"
}
},
"release_status" : "stable",
@@ -74,12 +73,15 @@
"web" : "https://github.com/Leont/cpan-meta-check"
}
},
- "version" : "0.014",
+ "version" : "0.017",
"x_contributors" : [
"David Steinbrunner <dsteinbrunner(a)pobox.com>",
+ "Graham Knop <haarg(a)haarg.org>",
"Karen Etheridge <ether(a)cpan.org>",
"Leon Timmermans <fawaka(a)gmail.com>"
],
- "x_serialization_backend" : "Cpanel::JSON::XS version 3.0215"
+ "x_generated_by_perl" : "v5.36.0",
+ "x_serialization_backend" : "Cpanel::JSON::XS version 4.29",
+ "x_spdx_expression" : "Artistic-1.0-Perl OR GPL-1.0-or-later"
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CPAN-Meta-Check-0.014/META.yml new/CPAN-Meta-Check-0.017/META.yml
--- old/CPAN-Meta-Check-0.014/META.yml 2016-11-25 13:09:04.000000000 +0100
+++ new/CPAN-Meta-Check-0.017/META.yml 2023-01-03 16:53:16.000000000 +0100
@@ -5,7 +5,7 @@
build_requires:
CPAN::Meta: '2.120920'
Env: '0'
- Test::Deep: '0'
+ Scalar::Util: '0'
Test::More: '0.88'
lib: '0'
perl: '5.006'
@@ -13,7 +13,7 @@
ExtUtils::MakeMaker: '0'
perl: '5.006'
dynamic_config: 0
-generated_by: 'Dist::Zilla version 6.007, CPAN::Meta::Converter version 2.150005'
+generated_by: 'Dist::Zilla version 6.029, CPAN::Meta::Converter version 2.150010'
license: perl
meta-spec:
url: http://module-build.sourceforge.net/META-spec-v1.4.html
@@ -22,7 +22,7 @@
provides:
CPAN::Meta::Check:
file: lib/CPAN/Meta/Check.pm
- version: '0.014'
+ version: '0.017'
requires:
CPAN::Meta::Prereqs: '2.132830'
CPAN::Meta::Requirements: '2.121'
@@ -35,9 +35,12 @@
resources:
bugtracker: http://rt.cpan.org/Public/Dist/Display.html?Name=CPAN-Meta-Check
repository: git://github.com/Leont/cpan-meta-check.git
-version: '0.014'
+version: '0.017'
x_contributors:
- 'David Steinbrunner <dsteinbrunner(a)pobox.com>'
+ - 'Graham Knop <haarg(a)haarg.org>'
- 'Karen Etheridge <ether(a)cpan.org>'
- 'Leon Timmermans <fawaka(a)gmail.com>'
-x_serialization_backend: 'YAML::Tiny version 1.69'
+x_generated_by_perl: v5.36.0
+x_serialization_backend: 'YAML::Tiny version 1.73'
+x_spdx_expression: 'Artistic-1.0-Perl OR GPL-1.0-or-later'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CPAN-Meta-Check-0.014/Makefile.PL new/CPAN-Meta-Check-0.017/Makefile.PL
--- old/CPAN-Meta-Check-0.014/Makefile.PL 2016-11-25 13:09:04.000000000 +0100
+++ new/CPAN-Meta-Check-0.017/Makefile.PL 2023-01-03 16:53:16.000000000 +0100
@@ -1,4 +1,4 @@
-# This file was automatically generated by Dist::Zilla::Plugin::MakeMaker v6.007.
+# This file was automatically generated by Dist::Zilla::Plugin::MakeMaker v6.029.
use strict;
use warnings;
@@ -28,11 +28,11 @@
"TEST_REQUIRES" => {
"CPAN::Meta" => "2.120920",
"Env" => 0,
- "Test::Deep" => 0,
+ "Scalar::Util" => 0,
"Test::More" => "0.88",
"lib" => 0
},
- "VERSION" => "0.014",
+ "VERSION" => "0.017",
"test" => {
"TESTS" => "t/*.t"
}
@@ -46,7 +46,7 @@
"Env" => 0,
"Exporter" => 0,
"Module::Metadata" => "1.000023",
- "Test::Deep" => 0,
+ "Scalar::Util" => 0,
"Test::More" => "0.88",
"base" => 0,
"lib" => 0,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CPAN-Meta-Check-0.014/README new/CPAN-Meta-Check-0.017/README
--- old/CPAN-Meta-Check-0.014/README 2016-11-25 13:09:04.000000000 +0100
+++ new/CPAN-Meta-Check-0.017/README 2023-01-03 16:53:16.000000000 +0100
@@ -1,7 +1,5 @@
-
-
This archive contains the distribution CPAN-Meta-Check,
-version 0.014:
+version 0.017:
Verify requirements in a CPAN::Meta object
@@ -11,5 +9,4 @@
the same terms as the Perl 5 programming language system itself.
-This README file was generated by Dist::Zilla::Plugin::Readme v6.007.
-
+This README file was generated by Dist::Zilla::Plugin::Readme v6.029.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CPAN-Meta-Check-0.014/lib/CPAN/Meta/Check.pm new/CPAN-Meta-Check-0.017/lib/CPAN/Meta/Check.pm
--- old/CPAN-Meta-Check-0.014/lib/CPAN/Meta/Check.pm 2016-11-25 13:09:04.000000000 +0100
+++ new/CPAN-Meta-Check-0.017/lib/CPAN/Meta/Check.pm 2023-01-03 16:53:16.000000000 +0100
@@ -1,5 +1,6 @@
package CPAN::Meta::Check;
-$CPAN::Meta::Check::VERSION = '0.014';
+# vi:noet:sts=2:sw=2:ts=2
+$CPAN::Meta::Check::VERSION = '0.017';
use strict;
use warnings;
@@ -80,7 +81,7 @@
=head1 VERSION
-version 0.014
+version 0.017
=head1 SYNOPSIS
@@ -114,8 +115,6 @@
=item * L<CPAN::Meta|CPAN::Meta>
-=for comment # vi:noet:sts=2:sw=2:ts=2
-
=back
=head1 AUTHOR
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CPAN-Meta-Check-0.014/t/10-basics.t new/CPAN-Meta-Check-0.017/t/10-basics.t
--- old/CPAN-Meta-Check-0.014/t/10-basics.t 2016-11-25 13:09:04.000000000 +0100
+++ new/CPAN-Meta-Check-0.017/t/10-basics.t 2023-01-03 16:53:16.000000000 +0100
@@ -3,13 +3,16 @@
use strict;
use warnings;
use Test::More 0.88;
-use Test::Deep;
use CPAN::Meta 2.120920;
use CPAN::Meta::Check qw/check_requirements verify_dependencies/;
+use Module::Metadata;
+use Scalar::Util ();
use Env ();
+my $scalar_version = Module::Metadata->new_from_module('Scalar::Util')->version;
+
my %prereq_struct = (
runtime => {
requires => {
@@ -24,9 +27,9 @@
Env => 99999,
},
conflicts => {
- 'CPAN::Meta' => '<= 100.0', # check should fail
- 'Test::Deep' => '== ' . Test::Deep->VERSION, # check should fail
- 'Test::More' => '<= 0.01', # check should pass (up to 0.01 is bad)
+ 'CPAN::Meta' => '<= 100.0', # check should fail
+ 'Scalar::Util' => "== $scalar_version", # check should fail
+ 'Test::More' => '<= 0.01', # check should pass (up to 0.01 is bad)
},
},
build => {
@@ -38,26 +41,26 @@
my $meta = CPAN::Meta->create({ prereqs => \%prereq_struct, version => 1, name => 'Foo' }, { lazy_validation => 1 });
-cmp_deeply([ verify_dependencies($meta, 'runtime', 'requires') ], [], 'Requirements are verified');
+is_deeply([ verify_dependencies($meta, 'runtime', 'requires') ], [], 'Requirements are verified');
my $pre_req = $meta->effective_prereqs->requirements_for('runtime', 'requires');
is($pre_req->required_modules, 4, 'Requires 4 modules');
-cmp_deeply(check_requirements($pre_req, 'requires'), { map { ( $_ => undef ) } qw/Config File::Spec IO::File perl/ }, 'Requirements are satisfied ');
+is_deeply(check_requirements($pre_req, 'requires'), { map { ( $_ => undef ) } qw/Config File::Spec IO::File perl/ }, 'Requirements are satisfied ');
my $pre_rec = $meta->effective_prereqs->requirements_for('runtime', 'recommends');
-cmp_deeply([ sort +$pre_rec->required_modules ], [ qw/Env Pod::Text This::Should::Be::NonExistent/ ], 'The right recommendations are present');
-cmp_deeply(check_requirements($pre_rec, 'recommends'), {
+is_deeply([ sort +$pre_rec->required_modules ], [ qw/Env Pod::Text This::Should::Be::NonExistent/ ], 'The right recommendations are present');
+is_deeply(check_requirements($pre_rec, 'recommends'), {
Env => "Installed version ($Env::VERSION) of Env is not in range '99999'",
'Pod::Text' => undef,
'This::Should::Be::NonExistent' => 'Module \'This::Should::Be::NonExistent\' is not installed',
}, 'Recommendations give the right errors');
my $pre_con = $meta->effective_prereqs->requirements_for('runtime', 'conflicts');
-cmp_deeply([ sort +$pre_con->required_modules ], [ qw/CPAN::Meta Test::Deep Test::More/ ], 'The right conflicts are present');
-cmp_deeply(check_requirements($pre_con, 'conflicts'), {
- 'CPAN::Meta' => re(qr/Installed version \([\d._]+\) of CPAN::Meta is in range '<= 100.0'/),
+is_deeply([ sort +$pre_con->required_modules ], [ qw/CPAN::Meta Scalar::Util Test::More/ ], 'The right conflicts are present');
+is_deeply(check_requirements($pre_con, 'conflicts'), {
+ 'CPAN::Meta' => "Installed version ($CPAN::Meta::VERSION) of CPAN::Meta is in range '<= 100.0'",
'Test::More' => undef,
- 'Test::Deep' => re(qr/Installed version \([\d._]+\) of Test::Deep is in range '== $Test::Deep::VERSION'/),
+ 'Scalar::Util' => sprintf("Installed version (%s) of Scalar::Util is in range '== %s'", $scalar_version, $scalar_version),
}, 'Conflicts give the right errors');
done_testing();
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CPAN-Meta-Check-0.014/t/20-undef-version.t new/CPAN-Meta-Check-0.017/t/20-undef-version.t
--- old/CPAN-Meta-Check-0.014/t/20-undef-version.t 2016-11-25 13:09:04.000000000 +0100
+++ new/CPAN-Meta-Check-0.017/t/20-undef-version.t 2023-01-03 16:53:16.000000000 +0100
@@ -2,7 +2,6 @@
use warnings;
use Test::More 0.88;
-use Test::Deep;
use CPAN::Meta 2.120920;
use CPAN::Meta::Check 'check_requirements';
@@ -33,8 +32,8 @@
requires => { 'Local::HasNoVersion' => undef },
},
test => {
- conflicts => { 'Local::HasNoVersion' => re(qr/Installed version \(undef\) of Local::HasNoVersion is in range '<= 1.0'/) },
- requires => { 'Local::HasNoVersion' => re(qr/Installed version \(undef\) of Local::HasNoVersion is not in range '== 1.0'/) },
+ conflicts => { 'Local::HasNoVersion' => q[Installed version (undef) of Local::HasNoVersion is in range '<= 1.0'] },
+ requires => { 'Local::HasNoVersion' => q[Installed version (undef) of Local::HasNoVersion is not in range '== 1.0'] },
},
);
@@ -43,7 +42,7 @@
foreach my $phase (sort keys %expected_issues) {
foreach my $type (sort keys %{$expected_issues{$phase}}) {
my $issues = check_requirements($meta->effective_prereqs->requirements_for($phase, $type), $type, ['t/lib']);
- cmp_deeply(
+ is_deeply(
$issues,
$expected_issues{$phase}{$type},
"$phase $type checked",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CPAN-Meta-Check-0.014/xt/author/00-compile.t new/CPAN-Meta-Check-0.017/xt/author/00-compile.t
--- old/CPAN-Meta-Check-0.014/xt/author/00-compile.t 2016-11-25 13:09:04.000000000 +0100
+++ new/CPAN-Meta-Check-0.017/xt/author/00-compile.t 2023-01-03 16:53:16.000000000 +0100
@@ -2,7 +2,7 @@
use strict;
use warnings;
-# this test was generated with Dist::Zilla::Plugin::Test::Compile 2.054
+# this test was generated with Dist::Zilla::Plugin::Test::Compile 2.058
use Test::More;
@@ -16,7 +16,9 @@
# no fake home requested
-my $inc_switch = -d 'blib' ? '-Mblib' : '-Ilib';
+my @switches = (
+ -d 'blib' ? '-Mblib' : '-Ilib',
+);
use File::Spec;
use IPC::Open3;
@@ -30,14 +32,18 @@
# see L<perlfaq8/How can I capture STDERR from an external command?>
my $stderr = IO::Handle->new;
- my $pid = open3($stdin, '>&STDERR', $stderr, $^X, $inc_switch, '-e', "require q[$lib]");
+ diag('Running: ', join(', ', map { my $str = $_; $str =~ s/'/\\'/g; q{'} . $str . q{'} }
+ $^X, @switches, '-e', "require q[$lib]"))
+ if $ENV{PERL_COMPILE_TEST_DEBUG};
+
+ my $pid = open3($stdin, '>&STDERR', $stderr, $^X, @switches, '-e', "require q[$lib]");
binmode $stderr, ':crlf' if $^O eq 'MSWin32';
my @_warnings = <$stderr>;
waitpid($pid, 0);
is($?, 0, "$lib loaded ok");
shift @_warnings if @_warnings and $_warnings[0] =~ /^Using .*\bblib/
- and not eval { require blib; blib->VERSION('1.01') };
+ and not eval { +require blib; blib->VERSION('1.01') };
if (@_warnings)
{
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CPAN-Meta-Check-0.014/xt/author/pod-coverage.t new/CPAN-Meta-Check-0.017/xt/author/pod-coverage.t
--- old/CPAN-Meta-Check-0.014/xt/author/pod-coverage.t 2016-11-25 13:09:04.000000000 +0100
+++ new/CPAN-Meta-Check-0.017/xt/author/pod-coverage.t 2023-01-03 16:53:16.000000000 +0100
@@ -1,6 +1,7 @@
#!perl
# This file was automatically generated by Dist::Zilla::Plugin::PodCoverageTests.
-
+use strict;
+use warnings;
use Test::Pod::Coverage 1.08;
use Pod::Coverage::TrustPod;
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package perl-Alien-Build for openSUSE:Factory checked in at 2023-02-01 16:38:36
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/perl-Alien-Build (Old)
and /work/SRC/openSUSE:Factory/.perl-Alien-Build.new.32243 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-Alien-Build"
Wed Feb 1 16:38:36 2023 rev:38 rq:1062203 version:2.77
Changes:
--------
--- /work/SRC/openSUSE:Factory/perl-Alien-Build/perl-Alien-Build.changes 2023-01-04 18:10:13.756415233 +0100
+++ /work/SRC/openSUSE:Factory/.perl-Alien-Build.new.32243/perl-Alien-Build.changes 2023-02-01 16:49:19.757304716 +0100
@@ -1,0 +2,12 @@
+Sat Jan 21 03:06:04 UTC 2023 - Tina M��ller <timueller+perl(a)suse.de>
+
+- updated to 2.77
+ see /usr/share/doc/packages/perl-Alien-Build/Changes
+
+ 2.77 2023-01-20 14:59:14 +1100
+ - Documentation improvements (gh#389, #gh#390)
+ - Additional noisy diagnostic when trying to use the regular
+ download negotiator plugin with a GitHub releases page
+ (gh#388, gh#390)
+
+-------------------------------------------------------------------
Old:
----
Alien-Build-2.76.tar.gz
New:
----
Alien-Build-2.77.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ perl-Alien-Build.spec ++++++
--- /var/tmp/diff_new_pack.QyW5Kw/_old 2023-02-01 16:49:20.193307348 +0100
+++ /var/tmp/diff_new_pack.QyW5Kw/_new 2023-02-01 16:49:20.197307373 +0100
@@ -1,7 +1,7 @@
#
# spec file for package perl-Alien-Build
#
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
%define cpan_name Alien-Build
Name: perl-Alien-Build
-Version: 2.76
+Version: 2.77
Release: 0
License: Artistic-1.0 OR GPL-1.0-or-later
Summary: Build external dependencies for use in CPAN
@@ -68,6 +68,7 @@
%prep
%autosetup -n %{cpan_name}-%{version}
+
find . -type f ! -path "*/t/*" ! -name "*.pl" ! -path "*/bin/*" ! -path "*/script/*" ! -name "configure" -print0 | xargs -0 chmod 644
%build
++++++ Alien-Build-2.76.tar.gz -> Alien-Build-2.77.tar.gz ++++++
++++ 1971 lines of diff (skipped)
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package openssl_tpm2_engine for openSUSE:Factory checked in at 2023-02-01 16:39:34
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/openssl_tpm2_engine (Old)
and /work/SRC/openSUSE:Factory/.openssl_tpm2_engine.new.32243 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssl_tpm2_engine"
Wed Feb 1 16:39:34 2023 rev:10 rq:1062393 version:3.3.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/openssl_tpm2_engine/openssl_tpm2_engine.changes 2023-01-14 00:03:44.197892246 +0100
+++ /work/SRC/openSUSE:Factory/.openssl_tpm2_engine.new.32243/openssl_tpm2_engine.changes 2023-02-01 16:49:00.417187926 +0100
@@ -1,0 +2,9 @@
+Tue Jan 31 21:17:40 UTC 2023 - James.Bottomley(a)HansenPartnership.com
+
+- Update to version 3.3.1
+ * fix intermittent EC TPM_RC_KEY return
+ * add import section to man pages
+ * Add importable sealed data
+ * Fix name hash for importable keys and data
+
+-------------------------------------------------------------------
Old:
----
openssl_tpm2_engine-3.2.1.tar.gz
New:
----
openssl_tpm2_engine-3.3.1.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ openssl_tpm2_engine.spec ++++++
--- /var/tmp/diff_new_pack.D3Iddi/_old 2023-02-01 16:49:00.773190075 +0100
+++ /var/tmp/diff_new_pack.D3Iddi/_new 2023-02-01 16:49:00.781190124 +0100
@@ -18,7 +18,7 @@
Name: openssl_tpm2_engine
-Version: 3.2.1
+Version: 3.3.1
Release: 0
Summary: OpenSSL TPM 2.0 interface engine plugin
License: LGPL-2.1-only
++++++ openssl_tpm2_engine-3.2.1.tar.gz -> openssl_tpm2_engine-3.3.1.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssl_tpm2_engine-3.2.1/configure.ac new/openssl_tpm2_engine-3.3.1/configure.ac
--- old/openssl_tpm2_engine-3.2.1/configure.ac 2023-01-12 21:56:04.000000000 +0100
+++ new/openssl_tpm2_engine-3.3.1/configure.ac 2023-01-31 17:21:01.000000000 +0100
@@ -2,7 +2,7 @@
# configure.in for the OpenSSL TPM engine project
#
-AC_INIT(openssl-tpm2-engine, 3.2.1, <openssl-tpm2-engine(a)groups.io>)
+AC_INIT(openssl-tpm2-engine, 3.3.1, <openssl-tpm2-engine(a)groups.io>)
AM_INIT_AUTOMAKE([foreign 1.6.3])
AC_CANONICAL_HOST
AM_CONDITIONAL(NATIVE_BUILD, test "x$cross_compiling" = "xno")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssl_tpm2_engine-3.2.1/create_tpm2_key.1.in new/openssl_tpm2_engine-3.3.1/create_tpm2_key.1.in
--- old/openssl_tpm2_engine-3.2.1/create_tpm2_key.1.in 2023-01-12 21:56:04.000000000 +0100
+++ new/openssl_tpm2_engine-3.3.1/create_tpm2_key.1.in 2023-01-31 17:21:01.000000000 +0100
@@ -45,6 +45,25 @@
sha512:1,3-5 means PCRs 1,3,4 and 5 in the sha512 bank
+[Import]
+
+In some cases, there may be a need to wrap a key without access to the
+TPM it will be use on. For these cases an importable key may be
+specified with the --import option. For this to work, you must use a
+public key corresponding exactly to the one the importing TPM will use
+(Note: only Elliptic Curve parents are currently supported). For
+instance the owner seed elliptic curve storage key may be produced as
+
+tsscreateprimary -hi o -st -ecc nistp256 -opem parent.pub
+
+Then an importable key may be wrapped to the TPM via:
+
+create_tpm2_key --import parent.pub --wrap key.priv key.tpm
+
+Note that certain parameters must be assumed about a parent when it is
+wrapped, like the template (must be standard restricted decryption
+key) and the name hash (must be sha256).
+
[Signed Policies]
When the option --signed-policy <key> is used, it creates a key whose
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssl_tpm2_engine-3.2.1/create_tpm2_key.c new/openssl_tpm2_engine-3.3.1/create_tpm2_key.c
--- old/openssl_tpm2_engine-3.2.1/create_tpm2_key.c 2023-01-12 21:56:04.000000000 +0100
+++ new/openssl_tpm2_engine-3.3.1/create_tpm2_key.c 2023-01-31 17:21:01.000000000 +0100
@@ -204,141 +204,6 @@
return TPM_RC_SUCCESS;
}
-TPM_RC tpm2_outerwrap(EVP_PKEY *parent,
- TPMT_SENSITIVE *s,
- TPMT_PUBLIC *pub,
- PRIVATE_2B *p,
- ENCRYPTED_SECRET_2B *enc_secret)
-{
- PRIVATE_2B secret, seed;
- /* amount of room in the buffer for the integrity TPM2B */
- const int name_alg_size = TSS_GetDigestSize(pub->nameAlg);
- const int integrity_skip = name_alg_size + 2;
- // BYTE *integrity = p->buffer;
- BYTE *sensitive = p->buffer + integrity_skip;
- BYTE *buf;
- TPM2B *t2b;
- INT32 size;
- size_t ssize;
- UINT16 bsize, written = 0;
- EVP_PKEY *ephemeral = NULL;
- EVP_PKEY_CTX *ctx;
- TPM2B_ECC_POINT pub_pt, ephemeral_pt;
- EC_KEY *e_parent, *e_ephemeral;
- const EC_GROUP *group;
- unsigned char aeskey[T2_AES_KEY_BYTES];
- /* hmac follows namealg, so set to max size */
- KEY_2B hmackey;
- TPMT_HA hmac;
- NAME_2B name;
- DIGEST_2B digest;
- unsigned char null_iv[AES_128_BLOCK_SIZE_BYTES];
- TPM2B null_2b;
-
- null_2b.size = 0;
-
- if (EVP_PKEY_type(EVP_PKEY_id(parent)) != EVP_PKEY_EC) {
- printf("Can only currently wrap to EC parent\n");
- return TPM_RC_ASYMMETRIC;
- }
-
- e_parent = EVP_PKEY_get1_EC_KEY(parent);
- group = EC_KEY_get0_group(e_parent);
-
- /* marshal the sensitive into a TPM2B */
- t2b = (TPM2B *)sensitive;
- buf = t2b->buffer;
- size = sizeof(p->buffer) - integrity_skip;
- bsize = 0;
- TSS_TPMT_SENSITIVE_Marshal(s, &bsize, &buf, &size);
- buf = (BYTE *)&t2b->size;
- size = 2;
- TSS_UINT16_Marshal(&bsize, &written, &buf, &size);
- /* set the total size of the private entity */
- p->size = bsize + sizeof(UINT16) + integrity_skip;
-
- /* compute the elliptic curve shared (and encrypted) secret */
- ctx = EVP_PKEY_CTX_new(parent, NULL);
- if (!ctx)
- goto openssl_err;
- if (EVP_PKEY_keygen_init(ctx) != 1)
- goto openssl_err;
- EVP_PKEY_keygen(ctx, &ephemeral);
- if (!ephemeral)
- goto openssl_err;
- /* otherwise the ctx free will free the key */
-#if OPENSSL_VERSION_NUMBER < 0x10100000
- CRYPTO_add(&ephemeral->references, 1, CRYPTO_LOCK_EVP_PKEY);
-#else
- EVP_PKEY_up_ref(ephemeral);
-#endif
- EVP_PKEY_CTX_free(ctx);
-
- e_ephemeral = EVP_PKEY_get1_EC_KEY(ephemeral);
-
- /* now begin again with the ephemeral private key because the
- * context must be initialised with the private key */
- ctx = EVP_PKEY_CTX_new(ephemeral, NULL);
- if (!ctx)
- goto openssl_err;
- if (EVP_PKEY_derive_init(ctx) != 1)
- goto openssl_err;
- if (EVP_PKEY_derive_set_peer(ctx, parent) != 1)
- goto openssl_err;
- ssize = sizeof(secret.buffer);
- if (EVP_PKEY_derive(ctx, secret.buffer, &ssize) != 1)
- goto openssl_err;
- secret.size = ssize;
- EVP_PKEY_CTX_free(ctx);
-
- tpm2_get_public_point(&pub_pt, group, EC_KEY_get0_public_key(e_parent));
- tpm2_get_public_point(&ephemeral_pt, group,
- EC_KEY_get0_public_key(e_ephemeral));
- EC_KEY_free(e_parent);
- EC_KEY_free(e_ephemeral);
-
- /* now pass the secret through KDFe to get the shared secret
- * The size is the size of the parent name algorithm which we
- * assume to be sha256 */
- TSS_KDFE(seed.buffer, pub->nameAlg, (TPM2B *)&secret, "DUPLICATE",
- (TPM2B *)&ephemeral_pt.point.x, (TPM2B *)&pub_pt.point.x,
- SHA256_DIGEST_LENGTH*8);
- seed.size = SHA256_DIGEST_LENGTH;
-
- /* and finally through KDFa to get the aes symmetric encryption key */
- tpm2_ObjectPublic_GetName(&name, pub);
- TSS_KDFA(aeskey, pub->nameAlg, (TPM2B *)&seed, "STORAGE",
- (TPM2B *)&name, &null_2b, T2_AES_KEY_BITS);
- /* and then the outer HMAC key */
- hmackey.size = name_alg_size;
- TSS_KDFA(hmackey.buffer, pub->nameAlg, (TPM2B *)&seed, "INTEGRITY",
- &null_2b, &null_2b, name_alg_size * 8);
- /* OK the ephermeral public point is now the encrypted secret */
- size = sizeof(ephemeral_pt);
- buf = enc_secret->secret;
- TSS_TPM2B_ECC_POINT_Marshal(&ephemeral_pt, &written,
- &buf, &size);
- enc_secret->size = written;
- memset(null_iv, 0, sizeof(null_iv));
- TSS_AES_EncryptCFB(sensitive, T2_AES_KEY_BITS, aeskey, null_iv,
- p->size - integrity_skip, sensitive);
- hmac.hashAlg = pub->nameAlg;
- TSS_HMAC_Generate(&hmac, (TPM2B_KEY *)&hmackey,
- p->size - integrity_skip, sensitive,
- name.size, name.name,
- 0, NULL);
- digest.size = name_alg_size;
- memcpy(digest.buffer, &hmac.digest, digest.size);
- size = integrity_skip;
- buf = p->buffer;
- TSS_TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&digest, &written, &buf, &size);
- return TPM_RC_SUCCESS;
-
- openssl_err:
- ERR_print_errors_fp(stderr);
- return TPM_RC_ASYMMETRIC;
-}
-
EVP_PKEY *
openssl_read_key(char *filename)
{
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssl_tpm2_engine-3.2.1/seal_tpm2_data.1.in new/openssl_tpm2_engine-3.3.1/seal_tpm2_data.1.in
--- old/openssl_tpm2_engine-3.2.1/seal_tpm2_data.1.in 2023-01-12 21:56:04.000000000 +0100
+++ new/openssl_tpm2_engine-3.3.1/seal_tpm2_data.1.in 2023-01-31 17:21:01.000000000 +0100
@@ -21,6 +21,25 @@
sha512:1,3-5 means PCRs 1,3,4 and 5 in the sha512 bank
+[Import]
+
+In some cases, there may be a need to wrap a key without access to the
+TPM it will be use on. For these cases an importable key may be
+specified with the --import option. For this to work, you must use a
+public key corresponding exactly to the one the importing TPM will use
+(Note: only Elliptic Curve parents are currently supported). For
+instance the owner seed elliptic curve storage key may be produced as
+
+tsscreateprimary -hi o -st -ecc nistp256 -opem parent.pub
+
+Then a sealed data file may be wrapped to the TPM via:
+
+echo "data" | seal_tpm2_data --import parent.pub seal.tpm
+
+Note that certain parameters must be assumed about a parent when it is
+wrapped, like the template (must be standard restricted decryption
+key) and the name hash (must be sha256).
+
[Signed Policies]
When the option --signed-policy <key> is used, it creates a sealed
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssl_tpm2_engine-3.2.1/seal_tpm2_data.c new/openssl_tpm2_engine-3.3.1/seal_tpm2_data.c
--- old/openssl_tpm2_engine-3.2.1/seal_tpm2_data.c 2023-01-12 21:56:04.000000000 +0100
+++ new/openssl_tpm2_engine-3.3.1/seal_tpm2_data.c 2023-01-31 17:21:01.000000000 +0100
@@ -14,6 +14,7 @@
#include <openssl/evp.h>
#include <openssl/pem.h>
+#include <openssl/rand.h>
#include <openssl/ui.h>
#include "tpm2-tss.h"
@@ -35,6 +36,7 @@
{"policy", 1, 0, 'c'},
{"nomigrate", 0, 0, 'm'},
{"name-scheme", 1, 0, 'n'},
+ {"import", 1, 0, 'i'},
{0, 0, 0, 0}
};
@@ -78,7 +80,10 @@
" details about formatting\n"
"\t--signed-policy <key> Add a signed policy directive that allows\n"
"\t policies signed by the specified public <key>\n"
- "\t to authorize use of the key\n"
+ "\t to authorize unsealing\n"
+ "\t-i, --import <pubkey> Create an importable key with the outer\n"
+ " wrapper encrypted to <pubkey>\n"
+ "\t-c, --policy Specify a policy for unsealing the data\n"
"\n"
"\n"
"Report bugs to " PACKAGE_BUGREPORT "\n",
@@ -86,6 +91,24 @@
exit(-1);
}
+void wrap_data(TPMT_SENSITIVE *s, const char *password, void *data,
+ int data_len)
+{
+ memset(s, 0, sizeof(*s));
+
+ s->sensitiveType = TPM_ALG_KEYEDHASH;
+ if (password) {
+ int len = strlen(password);
+
+ memcpy(VAL_2B(s->authValue, buffer), password, len);
+ VAL_2B(s->authValue, size) = len;
+ } else {
+ VAL_2B(s->authValue, size) = 0;
+ }
+ VAL_2B(s->sensitive.bits, size) = data_len;
+ memcpy(VAL_2B(s->sensitive.bits, buffer), data, data_len);
+}
+
int main(int argc, char **argv)
{
int option_index, c;
@@ -95,8 +118,8 @@
char *filename;
uint32_t noda = TPMA_OBJECT_NODA, phandle;
TPM_RC rc;
- TSS_CONTEXT *tssContext;
- const char *dir;
+ TSS_CONTEXT *tssContext = NULL;
+ const char *dir = NULL;
const char *reason = ""; /* gcc 4.8.5 gives spurious uninitialized warning without this */
TPMT_HA digest;
uint32_t sizeInBytes;
@@ -115,15 +138,17 @@
int32_t size;
uint16_t pubkey_len, privkey_len;
char *parent_str = NULL;
+ char *import = NULL;
TPML_PCR_SELECTION pcr_lock;
int has_policy = 0;
char *signed_policy = NULL;
+ ENCRYPTED_SECRET_2B secret, *enc_secret = NULL;
pcr_lock.count = 0;
while (1) {
option_index = 0;
- c = getopt_long(argc, argv, "ak:b:hp:vdsun",
+ c = getopt_long(argc, argv, "ak:b:hp:vdsun:i:",
long_options, &option_index);
if (c == -1)
break;
@@ -182,6 +207,9 @@
case 'x':
tpm2_get_pcr_lock(&pcr_lock, optarg);
break;
+ case 'i':
+ import = optarg;
+ break;
case OPT_SIGNED_POLICY:
signed_policy = optarg;
break;
@@ -208,6 +236,11 @@
exit(1);
}
+ if (pcr_lock.count != 0 && import) {
+ fprintf(stderr, "cannot specify pcr lock and import because pcrs may not be correct\n");
+ exit(1);
+ }
+
if (pcr_lock.count != 0 || policyFilename || signed_policy)
has_policy = 1;
@@ -254,39 +287,39 @@
tpm2_add_auth_policy(sk, &digest);
}
- dir = tpm2_set_unique_tssdir();
- rc = tpm2_create(&tssContext, dir);
- if (rc) {
- reason = "TSS_Create";
- goto out_rmdir;
- }
-
- if (pcr_lock.count != 0) {
- rc = tpm2_pcr_lock_policy(tssContext, &pcr_lock,
- sk, &digest);
+ if (!import) {
+ dir = tpm2_set_unique_tssdir();
+ rc = tpm2_create(&tssContext, dir);
if (rc) {
- reason = "create pcr policy";
- goto out_free_auth;
+ reason = "TSS_Create";
+ goto out_rmdir;
}
- }
-
- if (parent_str) {
- parent = tpm2_get_parent(tssContext, parent_str);
- if (parent == 0) {
- reason = "Invalid parent";
- goto out_delete;
+ if (pcr_lock.count != 0) {
+ rc = tpm2_pcr_lock_policy(tssContext, &pcr_lock,
+ sk, &digest);
+ if (rc) {
+ reason = "create pcr policy";
+ goto out_free_auth;
+ }
+ }
+ if (parent_str) {
+ parent = tpm2_get_parent(tssContext, parent_str);
+ if (parent == 0) {
+ reason = "Invalid parent";
+ goto out_delete;
+ }
}
- }
- if (tpm2_handle_mso(tssContext, parent, TPM_HT_PERMANENT)) {
- rc = tpm2_load_srk(tssContext, &phandle, parent_auth,
- NULL, parent, 1);
- if (rc) {
+ if (tpm2_handle_mso(tssContext, parent, TPM_HT_PERMANENT)) {
+ rc = tpm2_load_srk(tssContext, &phandle, parent_auth,
+ NULL, parent, 1);
+ if (rc) {
reason = "tpm2_load_srk";
goto out_delete;
+ }
+ } else {
+ phandle = parent;
}
- } else {
- phandle = parent;
}
tpm2_public_template_seal(p);
@@ -321,6 +354,37 @@
TPMA_OBJECT_FIXEDPARENT |
TPMA_OBJECT_FIXEDTPM;
+ if (import) {
+ TPMT_SENSITIVE ts;
+ EVP_PKEY *p_pkey = openssl_read_public_key(import);
+
+ wrap_data(&ts, data_auth, VAL_2B(s->data, buffer),
+ VAL_2B(s->data, size));
+
+ /* random nonce for seed to add entropy to wrapping */
+ VAL_2B(ts.seedValue, size) = TSS_GetDigestSize(name_alg);
+ RAND_bytes(VAL_2B(ts.seedValue, buffer),
+ VAL_2B(ts.seedValue, size));
+
+ /* fill in the unique area as Hash(seed||key) */
+ digest.hashAlg = name_alg;
+ TSS_Hash_Generate(&digest,
+ VAL_2B(ts.seedValue, size),
+ VAL_2B(ts.seedValue, buffer),
+ VAL_2B(ts.sensitive.bits, size),
+ VAL_2B(ts.sensitive.bits, buffer),
+ 0, NULL);
+ VAL_2B(p->unique.keyedHash, size) = TSS_GetDigestSize(name_alg);
+ memcpy(VAL_2B(p->unique.keyedHash, buffer),
+ &digest.digest, VAL_2B(p->unique.keyedHash, size));
+
+ outPublic = inPublic;
+ rc = tpm2_outerwrap(p_pkey, &ts, &outPublic.publicArea, &outPrivate, &secret);
+ if (rc)
+ goto out_flush;
+ enc_secret = &secret;
+ goto write_file;
+ }
/* use salted parameter encryption to hide the key */
rc = tpm2_get_session_handle(tssContext, &authHandle, phandle,
TPM_SE_HMAC, name_alg);
@@ -339,6 +403,9 @@
goto out_flush;
}
+ parent = tpm2_handle_ext(tssContext, parent);
+
+ write_file:
buffer = pubkey;
pubkey_len = 0;
size = sizeof(pubkey);
@@ -349,18 +416,19 @@
size = sizeof(privkey);
TSS_TPM2B_PRIVATE_Marshal((TPM2B_PRIVATE *)&outPrivate, &privkey_len,
&buffer, &size);
- parent = tpm2_handle_ext(tssContext, parent);
tpm2_write_tpmfile(filename, pubkey, pubkey_len,
privkey, privkey_len, data_auth == NULL,
- parent, sk, 2, NULL);
-
+ parent, sk, 2, enc_secret);
out_flush:
- tpm2_flush_srk(tssContext, phandle);
+ if (tssContext)
+ tpm2_flush_srk(tssContext, phandle);
out_delete:
- TSS_Delete(tssContext);
+ if (tssContext)
+ TSS_Delete(tssContext);
out_rmdir:
- rmdir(dir);
+ if (dir)
+ rmdir(dir);
out_free_auth:
free(data_auth);
out_free_policy:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssl_tpm2_engine-3.2.1/tests/check_importable.sh new/openssl_tpm2_engine-3.3.1/tests/check_importable.sh
--- old/openssl_tpm2_engine-3.2.1/tests/check_importable.sh 2023-01-12 21:56:04.000000000 +0100
+++ new/openssl_tpm2_engine-3.3.1/tests/check_importable.sh 2023-01-31 17:21:01.000000000 +0100
@@ -6,21 +6,32 @@
prim=$(tsscreateprimary -ecc nistp256 -hi o -opem srk.pub | sed 's/Handle //') || exit 1
tssflushcontext -ha ${prim} || exit 1
-# check an EC key with a cert and password
-openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:prime256v1 -out key.priv || exit 1
-${bindir}/create_tpm2_key --import srk.pub --wrap key.priv -a -k passw0rd key.tpm || exit 1
-openssl req -new -x509 -subj '/CN=test/' -key key.tpm -passin pass:passw0rd -engine tpm2 -keyform engine -out tmp.crt || exit 1
-openssl verify -CAfile tmp.crt -check_ss_sig tmp.crt || exit 1
+for n in sha1 sha256 sha384; do
+ echo "Checking Name Hash $n"
+ if [ "$n" = "sha256" ]; then
+ POLICYFILE=policies/policy_pcr.txt
+ else
+ POLICYFILE=policies/policy_pcr${n}.txt
+ fi
+ # check an EC key with a cert and password
+ openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:prime256v1 -out key.priv || exit 1
+ ${bindir}/create_tpm2_key --import srk.pub --wrap key.priv -n ${n} -a -k passw0rd key.tpm || exit 1
+ openssl req -new -x509 -subj '/CN=test/' -key key.tpm -passin pass:passw0rd -engine tpm2 -keyform engine -out tmp.crt || exit 1
+ openssl verify -CAfile tmp.crt -check_ss_sig tmp.crt || exit 1
-# Check the loadability of an importable key
-NV=81000201
-${bindir}/load_tpm2_key key.tpm ${NV} || exit 1
-openssl req -new -x509 -subj '/CN=test/' -key //nvkey:${NV} -passin pass:passw0rd -engine tpm2 -keyform engine -out tmp.crt || exit 1
-openssl verify -CAfile tmp.crt -check_ss_sig tmp.crt || exit 1
-
-#check an RSA key with a cert and policy
-openssl genrsa 2048 > key.priv || exit 1
-${bindir}/create_tpm2_key --import srk.pub --wrap key.priv -a -k passw0rd -c policies/policy_authvalue.txt key.tpm || exit 1
-openssl req -new -x509 -subj '/CN=test/' -key key.tpm -passin pass:passw0rd -engine tpm2 -keyform engine -out tmp.crt || exit 1
-openssl verify -CAfile tmp.crt -check_ss_sig tmp.crt || exit 1
+ # Check the loadability of an importable key
+ NV=81000201
+ ${bindir}/load_tpm2_key key.tpm ${NV} || exit 1
+ openssl req -new -x509 -subj '/CN=test/' -key //nvkey:${NV} -passin pass:passw0rd -engine tpm2 -keyform engine -out tmp.crt || exit 1
+ openssl verify -CAfile tmp.crt -check_ss_sig tmp.crt || exit 1
+ tssevictcontrol -hi o -ho ${NV} -hp ${NV}
+ #check an RSA key with a cert and policy
+ openssl genrsa 2048 > key.priv || exit 1
+ tsspcrreset -ha 16
+ ${bindir}/create_tpm2_key --import srk.pub -n ${n} --wrap key.priv -c ${POLICYFILE} key.tpm || exit 1
+ openssl req -new -x509 -subj '/CN=test/' -key key.tpm -engine tpm2 -keyform engine -out tmp.crt && exit 1
+ tsspcrextend -ha 16 -ic aaa
+ openssl req -new -x509 -subj '/CN=test/' -key key.tpm -engine tpm2 -keyform engine -out tmp.crt || exit 1
+ openssl verify -CAfile tmp.crt -check_ss_sig tmp.crt || exit 1
+done
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssl_tpm2_engine-3.2.1/tests/seal_unseal.sh new/openssl_tpm2_engine-3.3.1/tests/seal_unseal.sh
--- old/openssl_tpm2_engine-3.2.1/tests/seal_unseal.sh 2023-01-12 21:56:04.000000000 +0100
+++ new/openssl_tpm2_engine-3.3.1/tests/seal_unseal.sh 2023-01-31 17:21:01.000000000 +0100
@@ -1,37 +1,65 @@
#!/bin/bash
-set -x
bindir=${srcdir}/..
-##
-# test is
-# 1. Verify that a standard key can't be unsealed
-# 2. seal a phrase
-# 3. recover the same phrase on unseal
-##
-DATA="This is some DATA"
-AUTH="Passw0rd"
-${bindir}/create_tpm2_key key.tpm || exit 1;
-${bindir}/unseal_tpm2_data key.tpm 2> /dev/null && exit 1;
-echo $DATA | ${bindir}/seal_tpm2_data -a -k ${AUTH} seal.tpm || exit 1;
-${bindir}/unseal_tpm2_data -k ${AUTH} seal.tpm | grep -q "${DATA}" || exit 1;
-
-##
-# Check with policy
-# test is
-# 1. seal with a pcr lock and no auth
-# 2. verify unseal
-# 3. move PCR on and verify no unseal
-# 4. 1-3 with auth and pcr lock
-##
-echo $DATA | ${bindir}/seal_tpm2_data --pcr-lock 2,16 seal.tpm || exit 1;
-${bindir}/unseal_tpm2_data seal.tpm | grep -q "${DATA}" || exit 1;
-tsspcrextend -ha 16 -ic $RANDOM
-${bindir}/unseal_tpm2_data seal.tpm && exit 1
-echo $DATA | ${bindir}/seal_tpm2_data -a -k ${AUTH} --pcr-lock 2,16 seal.tpm || exit 1;
-${bindir}/unseal_tpm2_data -k ${AUTH} seal.tpm | grep -q "${DATA}" || exit 1;
-tsspcrextend -ha 16 -ic $RANDOM
-${bindir}/unseal_tpm2_data -k ${AUTH} seal.tpm && exit 1
+for n in sha1 sha256 sha384; do
+ echo "Checking Name Hash $n"
+ ##
+ # test is
+ # 1. Verify that a standard key can't be unsealed
+ # 2. seal a phrase
+ # 3. recover the same phrase on unseal
+ ##
+ DATA="This is some DATA $n"
+ AUTH="Passw0rd"
+ ${bindir}/create_tpm2_key key.tpm || exit 1;
+ ${bindir}/unseal_tpm2_data key.tpm 2> /dev/null && exit 1;
+ echo $DATA | ${bindir}/seal_tpm2_data -n ${n} -a -k ${AUTH} seal.tpm || exit 1;
+ ${bindir}/unseal_tpm2_data -k ${AUTH} seal.tpm | grep -q "${DATA}" || exit 1;
+ ##
+ # Check with policy
+ # test is
+ # 1. seal with a pcr lock and no auth
+ # 2. verify unseal
+ # 3. move PCR on and verify no unseal
+ # 4. 1-3 with auth and pcr lock
+ ##
+ echo $DATA | ${bindir}/seal_tpm2_data -n ${n} --pcr-lock 2,16 seal.tpm || exit 1;
+ ${bindir}/unseal_tpm2_data seal.tpm | grep -q "${DATA}" || exit 1;
+ tsspcrextend -ha 16 -ic $RANDOM
+ ${bindir}/unseal_tpm2_data seal.tpm && exit 1
+ echo $DATA | ${bindir}/seal_tpm2_data -a -k ${AUTH} --pcr-lock 2,16 seal.tpm || exit 1;
+ ${bindir}/unseal_tpm2_data -k ${AUTH} seal.tpm | grep -q "${DATA}" || exit 1;
+ tsspcrextend -ha 16 -ic $RANDOM
+ ${bindir}/unseal_tpm2_data -k ${AUTH} seal.tpm && exit 1
+
+ ##
+ # Check importable
+ # test is
+ # 1. create srk.pub as parent for import
+ # 2. seal with password
+ # 3. check unseal
+ # 4. seal with policy
+ # 5. check unseal
+ # 6. update PCR and check unseal failure
+ DATA="Some Different DATA $n"
+ if [ "$n" = "sha256" ]; then
+ POLICYFILE="policies/policy_pcr.txt"
+ else
+ POLICYFILE="policies/policy_pcr${n}.txt"
+ fi
+ prim=$(tsscreateprimary -hi o -st -ecc nistp256 -opem srk.pub | sed 's/Handle //') || exit 1
+ tssflushcontext -ha $prim
+ TPM_INTERFACE_TYPE= echo $DATA | ${bindir}/seal_tpm2_data -n ${n} -a -k ${AUTH} --import srk.pub seal.tpm || exit 1;
+ ${bindir}/unseal_tpm2_data -k ${AUTH} seal.tpm | grep -q "${DATA}" || exit 1;
+ rm seal.tpm
+
+ TPM_INTERFACE_TYPE= echo $DATA | ${bindir}/seal_tpm2_data -n ${n} --import srk.pub --policy ${POLICYFILE} seal.tpm || exit 1;
+ tsspcrreset -ha 16
+ ${bindir}/unseal_tpm2_data -k ${AUTH} seal.tpm && exit 1
+ tsspcrextend -ha 16 -ic aaa
+ ${bindir}/unseal_tpm2_data -k ${AUTH} seal.tpm | grep -q "${DATA}" || exit 1;
+done
exit 0
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssl_tpm2_engine-3.2.1/tpm2-common.c new/openssl_tpm2_engine-3.3.1/tpm2-common.c
--- old/openssl_tpm2_engine-3.2.1/tpm2-common.c 2023-01-12 21:56:04.000000000 +0100
+++ new/openssl_tpm2_engine-3.3.1/tpm2-common.c 2023-01-31 17:21:01.000000000 +0100
@@ -1171,6 +1171,17 @@
return 0;
}
+int tpm2_curve_to_order(TPMI_ECC_CURVE curve)
+{
+ int i;
+
+ for (i = 0; tpm2_supported_curves[i].name != NULL; i++)
+ if (tpm2_supported_curves[i].curve == curve)
+ return tpm2_supported_curves[i].C[5].s;
+
+ return 0;
+}
+
TPMI_ECC_CURVE tpm2_nid_to_curve_name(int nid)
{
int i;
@@ -1773,7 +1784,7 @@
}
}
- if (strcmp(OID_importableKey, oid) == 0) {
+ if (secret) {
TPM_HANDLE session;
TPM_HANDLE parentHandle;
DATA_2B encryptionKey;
@@ -2059,12 +2070,16 @@
k.tpk.type = OBJ_txt2obj(OID_sealedData, 1);
} else if (secret) {
k.tpk.type = OBJ_txt2obj(OID_importableKey, 1);
+ } else {
+ k.tpk.type = OBJ_txt2obj(OID_loadableKey, 1);
+ }
+
+ if (secret) {
k.tpk.secret = ASN1_OCTET_STRING_new();
ASN1_STRING_set(k.tpk.secret, secret->secret,
secret->size);
- } else {
- k.tpk.type = OBJ_txt2obj(OID_loadableKey, 1);
}
+
k.tpk.emptyAuth = empty_auth;
k.tpk.parent = ASN1_INTEGER_new();
ASN1_INTEGER_set(k.tpk.parent, parent);
@@ -2691,6 +2706,7 @@
TPM_RC rc = TPM_RC_CURVE;
BN_CTX *ctx = NULL;
BIGNUM *x, *y;
+ int order;
if (curve == TPM_ECC_NONE) {
fprintf(stderr, "TPM does not support the curve in this EC key\n");
@@ -2722,10 +2738,11 @@
goto err;
}
+ order = tpm2_curve_to_order(curve);
VAL_2B(pub->unique.ecc.x, size) =
- BN_bn2bin(x, VAL_2B(pub->unique.ecc.x, buffer));
+ BN_bn2binpad(x, VAL_2B(pub->unique.ecc.x, buffer), order);
VAL_2B(pub->unique.ecc.y, size) =
- BN_bn2bin(y, VAL_2B(pub->unique.ecc.y, buffer));
+ BN_bn2binpad(y, VAL_2B(pub->unique.ecc.y, buffer), order);
rc = TPM_RC_SUCCESS;
@@ -2795,6 +2812,140 @@
return TPM_RC_ASYMMETRIC;
}
+TPM_RC tpm2_outerwrap(EVP_PKEY *parent,
+ TPMT_SENSITIVE *s,
+ TPMT_PUBLIC *pub,
+ PRIVATE_2B *p,
+ ENCRYPTED_SECRET_2B *enc_secret)
+{
+ PRIVATE_2B secret, seed;
+ /* amount of room in the buffer for the integrity TPM2B */
+ const int integrity_skip = SHA256_DIGEST_LENGTH + 2;
+ // BYTE *integrity = p->buffer;
+ BYTE *sensitive = p->buffer + integrity_skip;
+ BYTE *buf;
+ TPM2B *t2b;
+ INT32 size;
+ size_t ssize;
+ UINT16 bsize, written = 0;
+ EVP_PKEY *ephemeral = NULL;
+ EVP_PKEY_CTX *ctx;
+ TPM2B_ECC_POINT pub_pt, ephemeral_pt;
+ EC_KEY *e_parent, *e_ephemeral;
+ const EC_GROUP *group;
+ unsigned char aeskey[T2_AES_KEY_BYTES];
+ /* hmac follows namealg, so set to max size */
+ KEY_2B hmackey;
+ TPMT_HA hmac;
+ NAME_2B name;
+ DIGEST_2B digest;
+ unsigned char null_iv[AES_128_BLOCK_SIZE_BYTES];
+ TPM2B null_2b;
+
+ null_2b.size = 0;
+
+ if (EVP_PKEY_type(EVP_PKEY_id(parent)) != EVP_PKEY_EC) {
+ printf("Can only currently wrap to EC parent\n");
+ return TPM_RC_ASYMMETRIC;
+ }
+
+ e_parent = EVP_PKEY_get1_EC_KEY(parent);
+ group = EC_KEY_get0_group(e_parent);
+
+ /* marshal the sensitive into a TPM2B */
+ t2b = (TPM2B *)sensitive;
+ buf = t2b->buffer;
+ size = sizeof(p->buffer) - integrity_skip;
+ bsize = 0;
+ TSS_TPMT_SENSITIVE_Marshal(s, &bsize, &buf, &size);
+ buf = (BYTE *)&t2b->size;
+ size = 2;
+ TSS_UINT16_Marshal(&bsize, &written, &buf, &size);
+ /* set the total size of the private entity */
+ p->size = bsize + sizeof(UINT16) + integrity_skip;
+
+ /* compute the elliptic curve shared (and encrypted) secret */
+ ctx = EVP_PKEY_CTX_new(parent, NULL);
+ if (!ctx)
+ goto openssl_err;
+ if (EVP_PKEY_keygen_init(ctx) != 1)
+ goto openssl_err;
+ EVP_PKEY_keygen(ctx, &ephemeral);
+ if (!ephemeral)
+ goto openssl_err;
+ /* otherwise the ctx free will free the key */
+#if OPENSSL_VERSION_NUMBER < 0x10100000
+ CRYPTO_add(&ephemeral->references, 1, CRYPTO_LOCK_EVP_PKEY);
+#else
+ EVP_PKEY_up_ref(ephemeral);
+#endif
+ EVP_PKEY_CTX_free(ctx);
+
+ e_ephemeral = EVP_PKEY_get1_EC_KEY(ephemeral);
+
+ /* now begin again with the ephemeral private key because the
+ * context must be initialised with the private key */
+ ctx = EVP_PKEY_CTX_new(ephemeral, NULL);
+ if (!ctx)
+ goto openssl_err;
+ if (EVP_PKEY_derive_init(ctx) != 1)
+ goto openssl_err;
+ if (EVP_PKEY_derive_set_peer(ctx, parent) != 1)
+ goto openssl_err;
+ ssize = sizeof(secret.buffer);
+ if (EVP_PKEY_derive(ctx, secret.buffer, &ssize) != 1)
+ goto openssl_err;
+ secret.size = ssize;
+ EVP_PKEY_CTX_free(ctx);
+
+ tpm2_get_public_point(&pub_pt, group, EC_KEY_get0_public_key(e_parent));
+ tpm2_get_public_point(&ephemeral_pt, group,
+ EC_KEY_get0_public_key(e_ephemeral));
+ EC_KEY_free(e_parent);
+ EC_KEY_free(e_ephemeral);
+
+ /* now pass the secret through KDFe to get the shared secret
+ * The size is the size of the parent name algorithm which we
+ * assume to be sha256 */
+ TSS_KDFE(seed.buffer, TPM_ALG_SHA256, (TPM2B *)&secret, "DUPLICATE",
+ (TPM2B *)&ephemeral_pt.point.x, (TPM2B *)&pub_pt.point.x,
+ SHA256_DIGEST_LENGTH*8);
+ seed.size = SHA256_DIGEST_LENGTH;
+
+ /* and finally through KDFa to get the aes symmetric encryption key */
+ tpm2_ObjectPublic_GetName(&name, pub);
+ TSS_KDFA(aeskey, TPM_ALG_SHA256, (TPM2B *)&seed, "STORAGE",
+ (TPM2B *)&name, &null_2b, T2_AES_KEY_BITS);
+ /* and then the outer HMAC key */
+ hmackey.size = SHA256_DIGEST_LENGTH;
+ TSS_KDFA(hmackey.buffer, TPM_ALG_SHA256, (TPM2B *)&seed, "INTEGRITY",
+ &null_2b, &null_2b, SHA256_DIGEST_LENGTH*8);
+ /* OK the ephermeral public point is now the encrypted secret */
+ size = sizeof(ephemeral_pt);
+ buf = enc_secret->secret;
+ TSS_TPM2B_ECC_POINT_Marshal(&ephemeral_pt, &written,
+ &buf, &size);
+ enc_secret->size = written;
+ memset(null_iv, 0, sizeof(null_iv));
+ TSS_AES_EncryptCFB(sensitive, T2_AES_KEY_BITS, aeskey, null_iv,
+ p->size - integrity_skip, sensitive);
+ hmac.hashAlg = TPM_ALG_SHA256;
+ TSS_HMAC_Generate(&hmac, (TPM2B_KEY *)&hmackey,
+ p->size - integrity_skip, sensitive,
+ name.size, name.name,
+ 0, NULL);
+ digest.size = SHA256_DIGEST_LENGTH;
+ memcpy(digest.buffer, &hmac.digest, digest.size);
+ size = integrity_skip;
+ buf = p->buffer;
+ TSS_TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&digest, &written, &buf, &size);
+ return TPM_RC_SUCCESS;
+
+ openssl_err:
+ ERR_print_errors_fp(stderr);
+ return TPM_RC_ASYMMETRIC;
+}
+
void
openssl_print_errors()
{
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssl_tpm2_engine-3.2.1/tpm2-common.h new/openssl_tpm2_engine-3.3.1/tpm2-common.h
--- old/openssl_tpm2_engine-3.2.1/tpm2-common.h 2023-01-12 21:56:04.000000000 +0100
+++ new/openssl_tpm2_engine-3.3.1/tpm2-common.h 2023-01-31 17:21:01.000000000 +0100
@@ -115,4 +115,9 @@
TPMT_HA *digest);
TPM_RC tpm2_new_signed_policy(char *tpmkey, char *policykey, char *engine,
TSSAUTHPOLICY *ap, TPMT_HA *digest);
+TPM_RC tpm2_outerwrap(EVP_PKEY *parent,
+ TPMT_SENSITIVE *s,
+ TPMT_PUBLIC *pub,
+ PRIVATE_2B *p,
+ ENCRYPTED_SECRET_2B *enc_secret);
#endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssl_tpm2_engine-3.2.1/unseal_tpm2_data.c new/openssl_tpm2_engine-3.3.1/unseal_tpm2_data.c
--- old/openssl_tpm2_engine-3.2.1/unseal_tpm2_data.c 2023-01-12 21:56:04.000000000 +0100
+++ new/openssl_tpm2_engine-3.3.1/unseal_tpm2_data.c 2023-01-31 17:21:01.000000000 +0100
@@ -142,6 +142,8 @@
goto out_free_app_data;
}
+ name_alg = app_data->name_alg;
+
itemHandle = rc;
rc = tpm2_get_session_handle(tssContext, &session, parent,
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package openhantek for openSUSE:Factory checked in at 2023-02-01 16:39:19
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/openhantek (Old)
and /work/SRC/openSUSE:Factory/.openhantek.new.32243 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openhantek"
Wed Feb 1 16:39:19 2023 rev:2 rq:1062339 version:3.3.2.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/openhantek/openhantek.changes 2022-12-16 17:52:23.540262248 +0100
+++ /work/SRC/openSUSE:Factory/.openhantek.new.32243/openhantek.changes 2023-02-01 16:48:56.997167273 +0100
@@ -1,0 +2,11 @@
+Tue Jan 31 20:01:23 UTC 2023 - Dirk M��ller <dmueller(a)suse.com>
+
+- update to 3.3.2.1:
+ * This version is a fix that allows building directly from zip / tgz
+ sources without having to use git.
+ * After some hacking around GH runner issues finally the _New Year
+ Release_.
+ * Full Changelog:
+ https://github.com/OpenHantek/OpenHantek6022/compare/3.3.1...3.3.2
+
+-------------------------------------------------------------------
Old:
----
openhantek-3.3.1.tar.gz
New:
----
openhantek-3.3.2.1.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ openhantek.spec ++++++
--- /var/tmp/diff_new_pack.dy3EMC/_old 2023-02-01 16:48:57.429169882 +0100
+++ /var/tmp/diff_new_pack.dy3EMC/_new 2023-02-01 16:48:57.433169906 +0100
@@ -1,7 +1,7 @@
#
# spec file for package openhantek
#
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
Name: openhantek
-Version: 3.3.1
+Version: 3.3.2.1
Release: 0
Summary: Software for Hantek DSO6022 USB digital signal oscilloscopes
License: GPL-3.0-or-later
++++++ openhantek-3.3.1.tar.gz -> openhantek-3.3.2.1.tar.gz ++++++
/work/SRC/openSUSE:Factory/openhantek/openhantek-3.3.1.tar.gz /work/SRC/openSUSE:Factory/.openhantek.new.32243/openhantek-3.3.2.1.tar.gz differ: char 13, line 1
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package okteto for openSUSE:Factory checked in at 2023-02-01 16:39:07
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/okteto (Old)
and /work/SRC/openSUSE:Factory/.okteto.new.32243 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "okteto"
Wed Feb 1 16:39:07 2023 rev:39 rq:1062289 version:2.12.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/okteto/okteto.changes 2023-01-14 00:04:03.602005271 +0100
+++ /work/SRC/openSUSE:Factory/.okteto.new.32243/okteto.changes 2023-02-01 16:48:50.905130486 +0100
@@ -1,0 +2,16 @@
+Tue Jan 31 15:04:26 UTC 2023 - kastl(a)b1-systems.de
+
+- Update to version 2.12.0:
+ * fix deploy when field notes not given to external (#3347)
+ * Added labelSelector to configmap lists at waitForNamespaceD��� (#3329)
+ * build(deps): Bump mheap/github-action-required-labels from 2 to 3 (#3319)
+ * build(deps): Bump actions/stale from 6 to 7 (#3306)
+ * Add parameter for pass thru of allowPrivilegeEscalation (#3291) (#3292)
+ * fix: add markdown reading (#3332)
+ * Check deployed dev environments when inferring the name (#3300)
+ * feat: add support for custom commands in `okteto up` (#3215)
+ * feat: update copyright to 2023 (#3324)
+ * Filled up an incomplete comment (#3318)
+ * Solves okteto/app#5180. Destroy preview calls Okteto API to destroy the preview and stream logs (#3308)
+
+-------------------------------------------------------------------
Old:
----
okteto-2.11.1.tar.gz
New:
----
okteto-2.12.0.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ okteto.spec ++++++
--- /var/tmp/diff_new_pack.3I860j/_old 2023-02-01 16:48:51.753135607 +0100
+++ /var/tmp/diff_new_pack.3I860j/_new 2023-02-01 16:48:51.777135752 +0100
@@ -19,7 +19,7 @@
%define __arch_install_post export NO_BRP_STRIP_DEBUG=true
Name: okteto
-Version: 2.11.1
+Version: 2.12.0
Release: 0
Summary: Develop your applications directly in your Kubernetes Cluster
License: Apache-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.3I860j/_old 2023-02-01 16:48:51.981136983 +0100
+++ /var/tmp/diff_new_pack.3I860j/_new 2023-02-01 16:48:51.989137033 +0100
@@ -3,10 +3,10 @@
<param name="url">https://github.com/okteto/okteto</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
- <param name="revision">2.11.1</param>
+ <param name="revision">2.12.0</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
- <param name="match-tag">2.11.1</param>
+ <param name="match-tag">2.12.0</param>
</service>
<service name="set_version" mode="disabled">
<param name="basename">okteto</param>
@@ -16,7 +16,7 @@
<param name="compression">gz</param>
</service>
<service name="go_modules" mode="disabled">
- <param name="archive">okteto-2.11.1.tar.gz</param>
+ <param name="archive">okteto-2.12.0.tar.gz</param>
</service>
</services>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.3I860j/_old 2023-02-01 16:48:52.013137177 +0100
+++ /var/tmp/diff_new_pack.3I860j/_new 2023-02-01 16:48:52.013137177 +0100
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/okteto/okteto</param>
- <param name="changesrevision">8e0fcf7935591905b92af53c591c1fea22fb6b4a</param></service></servicedata>
+ <param name="changesrevision">02efdb5ac915334ff61774a16e131433255cc2e4</param></service></servicedata>
(No newline at EOF)
++++++ okteto-2.11.1.tar.gz -> okteto-2.12.0.tar.gz ++++++
++++ 5183 lines of diff (skipped)
++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/okteto/vendor.tar.gz /work/SRC/openSUSE:Factory/.okteto.new.32243/vendor.tar.gz differ: char 5, line 1
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package mupdf for openSUSE:Factory checked in at 2023-02-01 16:39:00
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/mupdf (Old)
and /work/SRC/openSUSE:Factory/.mupdf.new.32243 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mupdf"
Wed Feb 1 16:39:00 2023 rev:49 rq:1062292 version:1.21.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/mupdf/mupdf.changes 2022-09-13 15:09:48.344712981 +0200
+++ /work/SRC/openSUSE:Factory/.mupdf.new.32243/mupdf.changes 2023-02-01 16:48:27.276987802 +0100
@@ -1,0 +2,19 @@
+Sat Dec 17 17:35:13 UTC 2022 - Dirk M��ller <dmueller(a)suse.com>
+
+- update to 1.21.1:
+ * Garbage collection problem causing file bloat on clean
+ * Don't assume sorted objects in pdf_objcmp
+ * Don't layout empty documents
+ * Type 3 font char bboxes
+ * Added MOBI input format support
+ * Added Story API for creating PDF documents from formatted text
+ * Added API to create, edit, and delete links
+ * Support custom images for Stamp annotations
+ * Support interior color on Polygon annotations
+ * Support line endings on PolyLine annotations
+ * Improved SVG output
+ * C++/Python/C# binding:
+ * Changes to naming of wrapper functions and classes
+ * Added limited support for callbacks into Python, using SWIG Directors
+
+-------------------------------------------------------------------
Old:
----
mupdf-1.20.3-source.tar.zst
New:
----
mupdf-1.21.1-source.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ mupdf.spec ++++++
--- /var/tmp/diff_new_pack.f58Gs3/_old 2023-02-01 16:48:27.848991256 +0100
+++ /var/tmp/diff_new_pack.f58Gs3/_new 2023-02-01 16:48:27.852991280 +0100
@@ -18,13 +18,13 @@
Name: mupdf
-Version: 1.20.3
+Version: 1.21.1
Release: 0
Summary: PDF and XPS Viewer and Parser and Rendering Library
License: AGPL-3.0-or-later
Group: Productivity/Office/Other
URL: https://mupdf.com/
-Source0: https://mupdf.com/downloads/archive/%{name}-%{version}-source.tar.zst
+Source0: https://mupdf.com/downloads/archive/%{name}-%{version}-source.tar.gz
Source1: %{name}.desktop
Source2: %{name}-gl.desktop
Patch0: mupdf-no-strip.patch
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package matrix-synapse for openSUSE:Factory checked in at 2023-02-01 16:39:23
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/matrix-synapse (Old)
and /work/SRC/openSUSE:Factory/.matrix-synapse.new.32243 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "matrix-synapse"
Wed Feb 1 16:39:23 2023 rev:78 rq:1062352 version:1.76.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/matrix-synapse/matrix-synapse.changes 2023-01-30 17:26:03.485402804 +0100
+++ /work/SRC/openSUSE:Factory/.matrix-synapse.new.32243/matrix-synapse.changes 2023-02-01 16:48:04.640851108 +0100
@@ -1,0 +2,155 @@
+Tue Jan 31 23:13:24 UTC 2023 - Marcus Rueckert <mrueckert(a)suse.de>
+
+- Update to 1.76.0
+ The 1.76 release is the first to enable faster joins (MSC3706 and
+ MSC3902) by default. Admins can opt-out: see the upgrade notes
+ for more details.
+
+ The upgrade from 1.75 to 1.76 changes the account data
+ replication streams in a backwards-incompatible manner. Server
+ operators running a multi-worker deployment should consult the
+ upgrade notes.
+
+ Those who are poetry installing from source using our lockfile
+ should ensure their poetry version is 1.3.2 or higher; see
+ upgrade notes.
+
+ Notes on faster joins
+
+ The faster joins project sees the most benefit when joining a
+ room with a large number of members (joined or historical). We
+ expect it to be particularly useful for joining large public
+ rooms like the Matrix HQ or Synapse Admins rooms.
+
+ After a faster join, Synapse considers that room "partially
+ joined". In this state, you should be able to
+
+ - read incoming messages;
+ - see incoming state changes, e.g. room topic changes; and
+ - send messages, if the room is unencrypted.
+
+ Synapse has to spend more effort to complete the join in the
+ background. Once this finishes, you will be able to
+
+ - send messages, if the room is in encrypted;
+ - retrieve room history from before your join, if permitted by
+ the room settings; and
+ - access the full list of room members.
+
+ - Features
+ - Update the default room version to v10 (MSC 3904).
+ Contributed by @FSG-Cat. (#14111)
+ - Add a set_displayname() method to the module API for setting
+ a user's display name. (#14629)
+ - Add a dedicated listener configuration for health endpoint.
+ (#14747)
+ - Implement support for MSC3890: Remotely silence local
+ notifications. (#14775)
+ - Implement experimental support for MSC3930: Push rules for
+ (MSC3381) Polls. (#14787)
+ - Per MSC3925, bundle the whole of the replacement with any
+ edited events, and optionally inhibit server-side
+ replacement. (#14811)
+ - Faster joins: always serve a partial join response to servers
+ that request it with the stable query param. (#14839)
+ - Faster joins: allow non-lazy-loading ("eager") syncs to
+ complete after a partial join by omitting partial state rooms
+ until they become fully stated. (#14870)
+ - Faster joins: request partial joins by default. Admins can
+ opt-out of this for the time being---see the upgrade notes.
+ (#14905)
+ - Bugfixes
+ - Faster joins: Fix a bug introduced in Synapse 1.69 where
+ device list EDUs could fail to be handled after a restart
+ when a faster join sync is in progress. (#14914)
+ - Add index to improve performance of the /timestamp_to_event
+ endpoint used for jumping to a specific date in the timeline
+ of a room. (#14799)
+ - Fix a long-standing bug where Synapse would exhaust the stack
+ when processing many federation requests where the remote
+ homeserver has disconencted early. (#14812, #14842)
+ - Fix rare races when using workers. (#14820)
+ - Fix a bug introduced in Synapse 1.64.0 when using room
+ version 10 with frozen events enabled. (#14864)
+ - Fix a long-standing bug where the populate_room_stats
+ background job could fail on broken rooms. (#14873)
+ - Faster joins: Fix a bug in worker deployments where the room
+ stats and user directory would not get updated when finishing
+ a fast join until another event is sent or received. (#14874)
+ - Faster joins: Fix incompatibility with joins into restricted
+ rooms where no local users have the ability to invite.
+ (#14882)
+ - Fix a regression introduced in Synapse 1.69.0 which can
+ result in database corruption when database migrations are
+ interrupted on sqlite. (#14910)
+ - Updates to the Docker image
+ - Bump default Python version in the Dockerfile from 3.9 to
+ 3.11. (#14875)
+ - Improved Documentation
+ - Describe the ideas and the internal machinery behind faster
+ joins. (#14677)
+ - Include x_forwarded entry in the HTTP listener example
+ configs and remove the remaining worker_main_http_uri
+ entries. (#14667)
+ - Remove duplicate commands from the Code Style documentation
+ page; point to the Contributing Guide instead. (#14773)
+ - Add missing documentation for tag to listeners section.
+ (#14803)
+ - Updated documentation in configuration manual for
+ user_directory.search_all_users. (#14818)
+ - Add worker_manhole to configuration manual. (#14824)
+ - Fix the example config missing the id field in application
+ service documentation. (#14845)
+ - Minor corrections to the logging configuration documentation.
+ (#14868)
+ - Document the export user data command. Contributed by
+ @thezaidbintariq. (#14883)
+ - Deprecations and Removals
+ - Poetry 1.3.2 or higher is now required when poetry installing
+ from source. (#14860)
+ - Internal Changes
+ - Faster joins: Improve performance of looking up partial-state
+ status of rooms. (#14917)
+ - Faster remote room joins (worker mode): do not populate
+ external hosts-in-room cache when sending events as this
+ requires blocking for full state. (#14749)
+ - Enable Complement tests for Faster Remote Room Joins against
+ worker-mode Synapse. (#14752)
+ - Add some clarifying comments and refactor a portion of the
+ Keyring class for readability. (#14804)
+ - Add local poetry config files (poetry.toml) to .gitignore.
+ (#14807)
+ - Add missing type hints. (#14816, #14885, #14889)
+ - Refactor push tests. (#14819)
+ - Re-enable some linting that was disabled when we switched to
+ ruff. (#14821)
+ - Add cargo fmt and cargo clippy to the lint script. (#14822)
+ - Drop unused table presence. (#14825)
+ - Merge the two account data and the two device list
+ replication streams. (#14826, #14833)
+ - Faster joins: use stable identifiers from MSC3706. (#14832,
+ #14841)
+ - Add a parameter to control whether the federation client
+ performs a partial state join. (#14843)
+ - Add check to avoid starting duplicate partial state syncs.
+ (#14844)
+ - Add an early return when handling no-op presence updates.
+ (#14855)
+ - Fix wait_for_stream_position to correctly wait for the right
+ instance to advance its token. (#14856, #14872)
+ - Always notify replication when a stream advances
+ automatically. (#14877)
+ - Reduce max time we wait for stream positions. (#14881)
+ - Faster joins: allow the resync process more time to fetch
+ /state ids. (#14912)
+ - Bump regex from 1.7.0 to 1.7.1. (#14848)
+ - Bump peaceiris/actions-gh-pages from 3.9.1 to 3.9.2. (#14861)
+ - Bump ruff from 0.0.215 to 0.0.224. (#14862)
+ - Bump types-pillow from 9.4.0.0 to 9.4.0.3. (#14863)
+ - Bump types-opentracing from 2.4.10 to 2.4.10.1. (#14896)
+ - Bump ruff from 0.0.224 to 0.0.230. (#14897)
+ - Bump types-requests from 2.28.11.7 to 2.28.11.8. (#14899)
+ - Bump types-psycopg2 from 2.9.21.2 to 2.9.21.4. (#14900)
+ - Bump types-commonmark from 0.9.2 to 0.9.2.1. (#14901)
+
+-------------------------------------------------------------------
Old:
----
matrix-synapse-1.75.0.obscpio
New:
----
matrix-synapse-1.76.0.obscpio
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ matrix-synapse-test.spec ++++++
--- /var/tmp/diff_new_pack.2sSZrV/_old 2023-02-01 16:48:05.380855577 +0100
+++ /var/tmp/diff_new_pack.2sSZrV/_new 2023-02-01 16:48:05.384855601 +0100
@@ -27,7 +27,7 @@
%define pkgname matrix-synapse
Name: %{pkgname}-test
-Version: 1.75.0
+Version: 1.76.0
Release: 0
Summary: Test package for %{pkgname}
License: Apache-2.0
++++++ matrix-synapse.spec ++++++
--- /var/tmp/diff_new_pack.2sSZrV/_old 2023-02-01 16:48:05.412855770 +0100
+++ /var/tmp/diff_new_pack.2sSZrV/_new 2023-02-01 16:48:05.416855794 +0100
@@ -25,20 +25,20 @@
%global PyYAML_version 6.0
%global Twisted_version 22.10.0
%global attrs_version 22.2.0
-%global bcrypt_version 3.2.0
-%global bleach_version 3.3.0
+%global bcrypt_version 4.0.1
+%global bleach_version 5.0.1
%global canonicaljson_version 1.6.4
%global canonicaljson_max_version 2
%global cryptography_version 38.0.4
-%global frozendict_version 2.3.3
-%global idna_version 3.3
+%global frozendict_version 2.3.4
+%global idna_version 3.4
%global ijson_version 3.1.4
%global jsonschema_version 4.17.3
%global matrix_common_version 1.3.0
%global matrix_common_max_version 2
-%global msgpack_version 1.0.3
+%global msgpack_version 1.0.4
%global netaddr_version 0.8.0
-%global phonenumbers_version 8.13.2
+%global phonenumbers_version 8.13.4
%global prometheus_client_version 0.15.0
%global psutil_version 2.0.0
%global pyOpenSSL_version 23.0.0
@@ -53,9 +53,9 @@
%global typing_extensions_version 4.1.1
%global treq_version 22.2.0
%global unpaddedbase64_version 2.1.0
-%global matrix_synapse_ldap3_version 0.2.1
+%global matrix_synapse_ldap3_version 0.2.2
# TODO: bump to 22.0
-%global packaging_version 21.3
+%global packaging_version 23.0
%global psycopg2_version 2.9.5
%global pysaml2_version 7.2.1
%global Authlib_version 1.2.0
@@ -156,7 +156,7 @@
%define pkgname matrix-synapse
%define eggname matrix_synapse
Name: %{pkgname}
-Version: 1.75.0
+Version: 1.76.0
Release: 0
Summary: Matrix protocol reference homeserver
License: Apache-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.2sSZrV/_old 2023-02-01 16:48:05.460856060 +0100
+++ /var/tmp/diff_new_pack.2sSZrV/_new 2023-02-01 16:48:05.464856084 +0100
@@ -4,11 +4,11 @@
<param name="versionformat">@PARENT_TAG@</param>
<param name="url">https://github.com/matrix-org/synapse.git</param>
<param name="scm">git</param>
- <param name="revision">v1.75.0</param>
+ <param name="revision">v1.76.0</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="versionrewrite-replacement">\1</param>
<!--
- <param name="revision">v1.76.0rc1</param>
+ <param name="revision">v1.77.0rc1</param>
<param name="versionrewrite-pattern">v([\.\d]+)(rc.*)</param>
<param name="versionrewrite-replacement">\1~\2</param>
-->
++++++ matrix-synapse-1.75.0.obscpio -> matrix-synapse-1.76.0.obscpio ++++++
/work/SRC/openSUSE:Factory/matrix-synapse/matrix-synapse-1.75.0.obscpio /work/SRC/openSUSE:Factory/.matrix-synapse.new.32243/matrix-synapse-1.76.0.obscpio differ: char 49, line 1
++++++ matrix-synapse.obsinfo ++++++
--- /var/tmp/diff_new_pack.2sSZrV/_old 2023-02-01 16:48:05.536856518 +0100
+++ /var/tmp/diff_new_pack.2sSZrV/_new 2023-02-01 16:48:05.536856518 +0100
@@ -1,5 +1,5 @@
name: matrix-synapse
-version: 1.75.0
-mtime: 1673955382
-commit: b6955673bfab5c8d553e8b43e9c50dd7b1212e2a
+version: 1.76.0
+mtime: 1675182922
+commit: eafdb12dd8db985fbe1ac27ca75d28af8d4e4c5d
++++++ vendor.tar.xz ++++++
/work/SRC/openSUSE:Factory/matrix-synapse/vendor.tar.xz /work/SRC/openSUSE:Factory/.matrix-synapse.new.32243/vendor.tar.xz differ: char 27, line 1
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package makedepend for openSUSE:Factory checked in at 2023-02-01 16:38:25
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/makedepend (Old)
and /work/SRC/openSUSE:Factory/.makedepend.new.32243 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "makedepend"
Wed Feb 1 16:38:25 2023 rev:13 rq:1062231 version:1.0.8
Changes:
--------
--- /work/SRC/openSUSE:Factory/makedepend/makedepend.changes 2023-01-02 15:01:36.057159619 +0100
+++ /work/SRC/openSUSE:Factory/.makedepend.new.32243/makedepend.changes 2023-02-01 16:47:59.256818595 +0100
@@ -1,0 +2,13 @@
+Tue Jan 31 12:42:13 UTC 2023 - Stefan Dirsch <sndirsch(a)suse.com>
+
+- renamed 0001-Avoid-depending-on-xproto.patch to
+ u_Avoid-depending-on-xproto.patch, i.e. patch is to be upstreamed
+
+-------------------------------------------------------------------
+Tue Jan 31 09:27:16 UTC 2023 - Fabian Vogt <fvogt(a)suse.com>
+
+- Add patch to avoid the xproto (+pkgconfig) dependency,
+ useful for boo#1207721:
+ * 0001-Avoid-depending-on-xproto.patch
+
+-------------------------------------------------------------------
New:
----
u_Avoid-depending-on-xproto.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ makedepend.spec ++++++
--- /var/tmp/diff_new_pack.MJ34aV/_old 2023-02-01 16:47:59.892822435 +0100
+++ /var/tmp/diff_new_pack.MJ34aV/_new 2023-02-01 16:47:59.900822484 +0100
@@ -1,7 +1,7 @@
#
# spec file for package makedepend
#
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -24,8 +24,12 @@
Group: Development/Tools/Building
URL: https://xorg.freedesktop.org/
Source0: http://xorg.freedesktop.org/releases/individual/util/%{name}-%{version}.tar…
-BuildRequires: pkgconfig
-BuildRequires: pkgconfig(xproto) >= 7.0.17
+# PATCH-FIX-UPSTREAM https://gitlab.freedesktop.org/xorg/util/makedepend/-/merge_requests/10
+Patch1: u_Avoid-depending-on-xproto.patch
+# For autogen.sh
+BuildRequires: autoconf
+BuildRequires: automake
+BuildRequires: pkgconfig(xorg-macros) >= 1.8
# This was part of the xorg-x11-util-devel package up to version 7.6
Conflicts: xorg-x11-util-devel <= 7.6
@@ -42,6 +46,7 @@
%autosetup -p1
%build
+NOCONFIGURE=1 ./autogen.sh
%configure
%make_build
++++++ u_Avoid-depending-on-xproto.patch ++++++
From 1c75b54c0f05da2a979347712eae6f07d9d2ab1b Mon Sep 17 00:00:00 2001
From: Fabian Vogt <fvogt(a)suse.de>
Date: Tue, 31 Jan 2023 10:22:52 +0100
Subject: [PATCH] Avoid depending on xproto
makedepend is rather early in the distro bootstrap chain, so it shouldn't pull
in anything it doesn't really need.
xproto is only pulled in for two macros which we can just as easily provide
ourselves.
---
configure.ac | 3 ---
def.h | 21 +++++++++++++++++++--
main.c | 1 +
3 files changed, 20 insertions(+), 5 deletions(-)
Index: makedepend-1.0.8/configure.ac
===================================================================
--- makedepend-1.0.8.orig/configure.ac
+++ makedepend-1.0.8/configure.ac
@@ -26,8 +26,5 @@ AC_CHECK_FUNCS([rename fchmod])
dnl Use 64-bit file operations on 32-bit systems that support them
AC_SYS_LARGEFILE
-dnl Check for pkg-config packages
-PKG_CHECK_MODULES(X, [xproto >= 7.0.17])
-
AC_CONFIG_FILES([Makefile])
AC_OUTPUT
Index: makedepend-1.0.8/def.h
===================================================================
--- makedepend-1.0.8.orig/def.h
+++ makedepend-1.0.8/def.h
@@ -28,8 +28,6 @@ in this Software without prior written a
# include "makedepend-config.h"
#endif
-#include <X11/Xos.h>
-#include <X11/Xfuncproto.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
@@ -38,6 +36,25 @@ in this Software without prior written a
#include <fcntl.h>
#include <sys/stat.h>
+#ifndef _X_ATTRIBUTE_PRINTF
+#if __has_attribute(__format__) \
+ || defined(__GNUC__) && ((__GNUC__ * 100 + __GNUC_MINOR__) >= 203)
+# define _X_ATTRIBUTE_PRINTF(x,y) __attribute__((__format__(__printf__,x,y)))
+#else /* not gcc >= 2.3 */
+# define _X_ATTRIBUTE_PRINTF(x,y)
+#endif
+#endif
+
+#ifndef _X_NORETURN
+#if __has_attribute(noreturn) \
+ || (defined(__GNUC__) && ((__GNUC__ * 100 + __GNUC_MINOR__) >= 205)) \
+ || (defined(__SUNPRO_C) && (__SUNPRO_C >= 0x590))
+# define _X_NORETURN __attribute((noreturn))
+#else
+# define _X_NORETURN
+#endif /* GNUC */
+#endif
+
#define MAXDEFINES 512
#define MAXFILES 2048
#define MAXINCFILES 128 /* "-include" files */
Index: makedepend-1.0.8/main.c
===================================================================
--- makedepend-1.0.8.orig/main.c
+++ makedepend-1.0.8/main.c
@@ -44,6 +44,7 @@ in this Software without prior written a
#endif
#include <stdarg.h>
+#include <unistd.h>
#ifdef __sun
# include <sys/utsname.h>
1
0