Hello community, here is the log from the commit of package tpm2.0-tools for openSUSE:Factory checked in at 2017-08-28 15:12:10 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tpm2.0-tools (Old) and /work/SRC/openSUSE:Factory/.tpm2.0-tools.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "tpm2.0-tools" Mon Aug 28 15:12:10 2017 rev:8 rq:517972 version:2.1.0 Changes: -------- --- /work/SRC/openSUSE:Factory/tpm2.0-tools/tpm2.0-tools.changes 2017-08-21 11:36:37.689672025 +0200 +++ /work/SRC/openSUSE:Factory/.tpm2.0-tools.new/tpm2.0-tools.changes 2017-08-28 15:12:57.196242067 +0200 @@ -1,0 +2,16 @@ +Mon Aug 21 14:32:13 UTC 2017 - matthias.gerstner@suse.com + +- update to version 2.1.0: + - dropped 0002-kdfa-use-openssl-for-hmac-not-tpm.patch, was backported + upstream in commit 788a17abbe0000c560935ef9f31c9a6892d9ea33 + - this version now can interact with the new resource manager tpm2.0-abrmd + - Upstream changes: + * Fix readx and writex on multiple EINTR returns. + * Add support for the tabrmd TCTI. This is the new default. + * Change default socket port from 2323 (the old resourcemgr) to 2321 + (default simulator port). + * Cherry-pick fix for CVE-2017-7524. + * Fix tpm2_listpcr command line option handling. + * Fix tpm2_getmanufec memory issues. + +------------------------------------------------------------------- Old: ---- 0002-kdfa-use-openssl-for-hmac-not-tpm.patch 2.0.0.zip New: ---- 2.1.0.zip ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tpm2.0-tools.spec ++++++ --- /var/tmp/diff_new_pack.pUuJfG/_old 2017-08-28 15:12:58.264091840 +0200 +++ /var/tmp/diff_new_pack.pUuJfG/_new 2017-08-28 15:12:58.272090714 +0200 @@ -17,7 +17,7 @@ Name: tpm2.0-tools -Version: 2.0.0 +Version: 2.1.0 Release: 0 Summary: Trusted Platform Module (TPM) 2.0 administration tools License: BSD-3-Clause @@ -29,7 +29,6 @@ # this fixes an error with an unexpectedly large number of PCRS (bnc#1044419) # there's no release containing this fix yet Patch2: 0001-tpm2_listpcrs-use-TPM2_GetCapability-to-determine-PC.patch -Patch3: 0002-kdfa-use-openssl-for-hmac-not-tpm.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: gcc-c++ @@ -38,6 +37,7 @@ BuildRequires: libtool BuildRequires: pkgconfig BuildRequires: tpm2-0-tss-devel +BuildRequires: tpm2.0-abrmd-devel BuildRequires: unzip Recommends: tpm2.0-abrmd BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -50,11 +50,10 @@ associated interfaces. %prep -%setup -q +%setup -q -n tpm2-tools-2.1.0 %patch0 -p1 %patch1 -p1 %patch2 -p1 -%patch3 -p1 %build bash ./bootstrap ++++++ 0001-tpm2_listpcrs-use-TPM2_GetCapability-to-determine-PC.patch ++++++ --- /var/tmp/diff_new_pack.pUuJfG/_old 2017-08-28 15:12:58.332082275 +0200 +++ /var/tmp/diff_new_pack.pUuJfG/_new 2017-08-28 15:12:58.336081712 +0200 @@ -22,11 +22,11 @@ tools/tpm2_listpcrs.c | 55 +++++++++++++++++++++++++-------------------------- 1 file changed, 27 insertions(+), 28 deletions(-) -diff --git a/tools/tpm2_listpcrs.c b/tools/tpm2_listpcrs.c -index f50c200..42bb8c6 100644 ---- a/tools/tpm2_listpcrs.c -+++ b/tools/tpm2_listpcrs.c -@@ -173,38 +173,35 @@ static bool read_pcr_values(listpcr_context *context) { +Index: tpm2-tools-2.1.0/tools/tpm2_listpcrs.c +=================================================================== +--- tpm2-tools-2.1.0.orig/tools/tpm2_listpcrs.c ++++ tpm2-tools-2.1.0/tools/tpm2_listpcrs.c +@@ -173,38 +173,35 @@ static bool read_pcr_values(listpcr_cont return true; } @@ -38,14 +38,15 @@ - pcr_selections->pcrSelections[0].hash = alg_id; - set_pcr_select_size(&pcr_selections->pcrSelections[0], 3); - clear_pcr_select_bits(&pcr_selections->pcrSelections[0]); +- +- UINT32 pcr_id; +- for (pcr_id = 0; pcr_id < 24; pcr_id++) { +- set_pcr_select_bit(&pcr_selections->pcrSelections[0], pcr_id); + TPMI_YES_NO moreData; + TPMS_CAPABILITY_DATA cap_data; + TPML_PCR_SELECTION *pcr_sel = &context->pcr_selections; + UINT32 rval, i, j; - -- UINT32 pcr_id; -- for (pcr_id = 0; pcr_id < 24; pcr_id++) { -- set_pcr_select_bit(&pcr_selections->pcrSelections[0], pcr_id); ++ + rval = Tss2_Sys_GetCapability(context->sapi_context, 0, TPM_CAP_PCRS, 0, 1, &moreData, &cap_data, 0); + if (rval != TPM_RC_SUCCESS) { + LOG_ERR("GetCapability: Get PCR allocation status Error. TPM Error:0x%x......\n", rval); @@ -56,38 +57,39 @@ -/* XXX Could this internally call init_pcr_selection_from_algorithm to reduce duplicate code? */ -static void init_pcr_selection_all(tpm2_algorithm *algorithm, - TPML_PCR_SELECTION *pcr_selections) { -+ pcr_sel->count = 0; - +- - pcr_selections->count = 0; -+ for (i = 0; i < cap_data.data.assignedPCR.count; i++) { -+ if (alg_id && (cap_data.data.assignedPCR.pcrSelections[i].hash != alg_id)) -+ continue; -+ pcr_sel->pcrSelections[pcr_sel->count].hash = cap_data.data.assignedPCR.pcrSelections[i].hash; -+ set_pcr_select_size(&pcr_sel->pcrSelections[pcr_sel->count], cap_data.data.assignedPCR.pcrSelections[i].sizeofSelect); -+ for (j = 0; j < pcr_sel->pcrSelections[pcr_sel->count].sizeofSelect; j++) -+ pcr_sel->pcrSelections[pcr_sel->count].pcrSelect[j] = cap_data.data.assignedPCR.pcrSelections[i].pcrSelect[j]; -+ pcr_sel->count++; -+ } - +- - int i; - for (i = 0; i < algorithm->count; i++) { - pcr_selections->pcrSelections[i].hash = algorithm->alg[i]; - set_pcr_select_size(&pcr_selections->pcrSelections[i], 3); - clear_pcr_select_bits(&pcr_selections->pcrSelections[i]); -+ if (pcr_sel->count == 0) -+ return false; ++ pcr_sel->count = 0; - UINT32 pcr_id; - for (pcr_id = 0; pcr_id < 24; pcr_id++) { - set_pcr_select_bit(&pcr_selections->pcrSelections[i], pcr_id); - } - pcr_selections->count++; -- } ++ for (i = 0; i < cap_data.data.assignedPCR.count; i++) { ++ if (alg_id && (cap_data.data.assignedPCR.pcrSelections[i].hash != alg_id)) ++ continue; ++ pcr_sel->pcrSelections[pcr_sel->count].hash = cap_data.data.assignedPCR.pcrSelections[i].hash; ++ set_pcr_select_size(&pcr_sel->pcrSelections[pcr_sel->count], cap_data.data.assignedPCR.pcrSelections[i].sizeofSelect); ++ for (j = 0; j < pcr_sel->pcrSelections[pcr_sel->count].sizeofSelect; j++) ++ pcr_sel->pcrSelections[pcr_sel->count].pcrSelect[j] = cap_data.data.assignedPCR.pcrSelections[i].pcrSelect[j]; ++ pcr_sel->count++; + } ++ ++ if (pcr_sel->count == 0) ++ return false; ++ + return true; } // show all PCR banks according to g_pcrSelection & g_pcrs-> -@@ -220,7 +217,7 @@ static bool show_pcr_values(listpcr_context *context) { +@@ -220,7 +217,7 @@ static bool show_pcr_values(listpcr_cont context->pcr_selections.pcrSelections[i].hash); UINT32 pcr_id; @@ -96,7 +98,7 @@ if (!is_pcr_select_bit_set(&context->pcr_selections.pcrSelections[i], pcr_id)) { continue; -@@ -271,14 +268,16 @@ static bool show_selected_pcr_values(listpcr_context *context) { +@@ -271,14 +268,16 @@ static bool show_selected_pcr_values(lis static bool show_all_pcr_values(listpcr_context *context) { @@ -115,6 +117,3 @@ return show_selected_pcr_values(context); } --- -2.12.3 - ++++++ tpm2.0-tools-fix-gcc7.patch ++++++ --- /var/tmp/diff_new_pack.pUuJfG/_old 2017-08-28 15:12:58.444066521 +0200 +++ /var/tmp/diff_new_pack.pUuJfG/_new 2017-08-28 15:12:58.444066521 +0200 @@ -1,7 +1,7 @@ -Index: tpm2.0-tools-2.0.0/tools/main.c +Index: tpm2-tools-2.1.0/tools/main.c =================================================================== ---- tpm2.0-tools-2.0.0.orig/tools/main.c -+++ tpm2.0-tools-2.0.0/tools/main.c +--- tpm2-tools-2.1.0.orig/tools/main.c ++++ tpm2-tools-2.1.0/tools/main.c @@ -61,7 +61,7 @@ main (int argc, execute_man (argv[0], envp); fprintf (stderr, @@ -11,10 +11,10 @@ case 2: exit (1); } -Index: tpm2.0-tools-2.0.0/tools/tpm2_dump_capability.c +Index: tpm2-tools-2.1.0/tools/tpm2_dump_capability.c =================================================================== ---- tpm2.0-tools-2.0.0.orig/tools/tpm2_dump_capability.c -+++ tpm2.0-tools-2.0.0/tools/tpm2_dump_capability.c +--- tpm2-tools-2.1.0.orig/tools/tpm2_dump_capability.c ++++ tpm2-tools-2.1.0/tools/tpm2_dump_capability.c @@ -595,7 +595,7 @@ dump_tpm_capability (TPMU_CAPABILITIES case TPM_CAP_COMMANDS: dump_command_attr_array (capabilities->command.commandAttributes, ++++++ tpm2.0-tools-fix-hardening.patch ++++++ --- /var/tmp/diff_new_pack.pUuJfG/_old 2017-08-28 15:12:58.456064833 +0200 +++ /var/tmp/diff_new_pack.pUuJfG/_new 2017-08-28 15:12:58.460064270 +0200 @@ -1,6 +1,8 @@ ---- tpm2.0-tools-2.0.0/configure.ac.fix 2017-06-02 09:15:49.118425187 +0200 -+++ tpm2.0-tools-2.0.0/configure.ac 2017-06-02 09:15:59.698416673 +0200 -@@ -100,11 +100,9 @@ +Index: tpm2-tools-2.1.0/configure.ac +=================================================================== +--- tpm2-tools-2.1.0.orig/configure.ac ++++ tpm2-tools-2.1.0/configure.ac +@@ -121,11 +121,9 @@ AS_IF([test x"$hardening" != x"no"], [ add_hardened_c_flag([-Wformat]) add_hardened_c_flag([-Wformat-security])