Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=1&version=Tumbleweed&build=20211024 https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&component=Kubic&query_format=advanced&resolution=--- Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: boost-base file (5.40 -> 5.41) libglvnd tpm2.0-tools (5.1.1 -> 5.2) === Details === ==== boost-base ==== Subpackages: boost-license1_77_0 libboost_thread1_77_0 - make boost-json-devel require boost-container-devel (bsc#1191822) ==== file ==== Version update (5.40 -> 5.41) Subpackages: file-magic libmagic1 - Remove file-5.38-allow-readlinkat.dif as already doen in latest file 5.41 - Update to 5.41: * Avinash Sonawane: Fix tzname detection * Fix relationship tests with "search" magic, don't short circuit logic * Fix memory leak in compile mode * PR/272: kiefermat: Only set returnval = 1 when we printed something (in all cases print or !print). This simplifies the logic and fixes the issue in the PR with -k and --mime-type there was no continuation printed before the default case. * PR/270: Don't translate unprintable characters in %s magic formats when -r * PR/269: Avoid undefined behavior with clang (adding offset to NULL) * Add a new flag (f) that requires that the match is a full word, not a partial word match. * Add varint types (unused) * PR/256: mutableVoid: If the file is less than 3 bytes, use the file length to determine type * PR/259: aleksandr.v.novichkov: mime printing through indirect magic is not taken into account, use match directly so that it does. - Remove patches now upstream * file-5.40-1c677c04.patch * file-5.40-3096f87f.patch * file-5.40-4c5fe1ad.patch * file-5.40-6b34436a.patch * file-5.40-749e1ecf.patch * file-5.40-9b0459af.patch * file-5.40-9e2becec.patch * file-5.40-ascii.patch * file-5.40-f0601504.patch * file-5.40-f7705dca.patch - Port patches * file-5.19-biorad.dif * file-5.19-printf.dif * file-5.19-zip2.0.dif * file-5.23-endian.patch * file-5.28-btrfs-image.dif * file-5.38-allow-readlinkat.dif * file-secure_getenv.patch - Port and rename patch file-5.39.dif which is now file-5.41.dif ==== libglvnd ==== - libglvnd.rpmlintrc * workaround for future buildcheck (boo#1191763) ==== tpm2.0-tools ==== Version update (5.1.1 -> 5.2) - Update to version 5.2: + tpm2_nvextend: * Added option -n, --name to specify the name of the nvindex in hex bytes. This is used when cpHash ought to be calculated without dispatching the TPM2_NV_Extend command to the TPM. + tpm2_nvread: * Added option --rphash=FILE to specify ile path to record the hash of the response parameters. This is commonly termed as rpHash. * Added option -n, --name to specify the name of the nvindex in hex bytes. This is used when cpHash ought to be calculated without dispatching the TPM2_NVRead command to the TPM. * Added option -S, --session to specify to specify an auxiliary session for auditing and or encryption/decryption of the parameters. + tpm2_nvsetbits: * Added option --rphash=FILE to specify file path to record the hash of the response parameters. This is commonly termed as rpHash. * Added option -S, --session to specify to specify an auxiliary session for auditing and or encryption/decryption of the parameters. * Added option -n, --name to specify the name of the nvindex in hex bytes. This is used when cpHash ought to be calculated without dispatching the TPM2_NV_SetBits command to the TPM. + tpm2_createprimary: * Support public-key output at creation time in various public-key formats. + tpm2_create: * Support public-key output at creation time in various public-key formats. + tpm2_print: * Support outputing public key in various public key formats over the default YAML output. Supports taking -u output from tpm2_create and converting it to a PEM or DER file format. + tpm2_import: * Add support for importing keys with sealed-data-blobs. + tpm2_rsaencrypt, tpm2_rsadecrypt: * Add support for specifying the hash algorithm with oaep. + tpm2_pcrread, tpm2_quote: * Add option -F, --pcrs_format to specify PCR format selection for the binary blob in the PCR output file. 'values' will output a binary blob of the PCR values. 'serialized' will output a binary blob of the PCR values in the form of serialized data structure in little endian format. + tpm2_eventlog: * Add support for decoding StartupLocality. * Add support for printing the partition information. * Add support for reading eventlogs longer than 64kb including from /sys/kernel/security/tpm0/binary_bios-measurements. + tpm2_duplicate: * Add option -L, --policy to specify an authorization policy to be associated with the duplicated object. * Added support for external key duplication without needing the TCTI. + tools: * Enhance error message on invalid passwords when sessions cannot be used. + lib/tpm2_options: * Add option to specify fake tcti which is required in cases where sapi ctx is required to be initialized for retrieving command parameters without invoking the tcti to talk to the TPM. + openssl: * Dropped support for OpenSSL < 1.1.0 * Add support for OpenSSL 3.0.0 + Support added to make the repository documentation and man pages available live on readthedocs. + Bug-fixes: * tpm2_import: Don't allow setting passwords for imported object with -p option as the tool doesn't modify the TPM2B_SENSITIVE structure. Added appropriate logging to indicate using tpm2_changeauth after import. * lib/tpm2_util.c: The function to calculate pHash algorithm returned error when input session is a password session and the only session in the command. * lib/tpm2_alg_util.c: Fix an error where oaep was parsed under ECC. * tpm2_sign: Fix segfaults when tool does not find TPM resources (TPM or RM). * tpm2_makecredential: Fix an issue where reading input from stdin could result in unsupported data size larger than the largest digest size. * tpm2_loadexternal: Fix an issue where restricted attribute could not be set. * lib/tpm2_nv_util.h: The NV index size is dependent on different data sets read from the GetCapability structures because there is a dependency on the NV operation type: Define vs Read vs Write vs Extend. Fix a sane default in the case where GetCapability fails or fails to report the specific property/ data set. This is especially true because some properties are TPM implementation dependent. * tpm2_createpolicy: Fix an issue where tool exited silently without reporting an error if wrong pcr string is specified. * lib/tpm2_alg_util: add error message on public init to prevent tools from dying silently, add an error message. * tpm2_import: fix an issue where an imported hmac object scheme was NULL. While allowed, it was inconsistent with other tools like tpm2_create which set the scheme as hmac->sha256 when generating a keyedhash object. - Drop patches already in upstream: + 0001-tpm2_checkquote-fix-uninitialized-variable.patch + 0001-tpm2_eventlog-fix-buffer-offset-when-reading-the-eve.patch + 0001-tpm2_eventlog-read-eventlog-file-in-chunks.patch