Hello community, here is the log from the commit of package tpm2.0-tools for openSUSE:Factory checked in at 2018-07-06 10:41:14 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tpm2.0-tools (Old) and /work/SRC/openSUSE:Factory/.tpm2.0-tools.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "tpm2.0-tools" Fri Jul 6 10:41:14 2018 rev:14 rq:620445 version:3.1.0 Changes: -------- --- /work/SRC/openSUSE:Factory/tpm2.0-tools/tpm2.0-tools.changes 2018-06-08 23:14:11.234833892 +0200 +++ /work/SRC/openSUSE:Factory/.tpm2.0-tools.new/tpm2.0-tools.changes 2018-07-06 10:41:22.275299313 +0200 @@ -1,0 +2,107 @@ +Fri Jun 29 12:03:48 UTC 2018 - matthias.gerstner@suse.com + +- update to major version 3.1.0: + - the tpm2 stack introduces an incompatible ABI to the previous version with + this update. There is no compatibility layer, libraries have new names + - install-man.patch: dropped, because we don't really need it + - tpm2.0-tools-fix-hardening.patch: contained in upstream tarball now +s etc. + - upstream changelog: + * tpm2_unseal: -P becomes -p + * tpm2_sign: -P becomes -p + * tpm2_nvreadlock: long form for -P is now --auth-hierarchy + * tpm2_rsadecrypt: -P becomes -p + * tpm2_nvrelease: long-form of -P becomes --auth-hierarchy + * tpm2_nvdefine: -I becomes -p + * tpm2_encryptdecrypt: -P becomes -p + * tpm2_dictionarylockout: -P becomes -p + * tpm2_createprimary: -K becomes -p + * tpm2_createak: -E becomes -e + * tpm2_certify: -k becomes -p + * tpm2_hash: -g changes to -G + * tpm2_encryptdecrypt: Support IVs via -i and algorithm modes via -G. + * tpm2_hmac: drop -g, just use the algorithm associated with the object. + * tpm2_getmanufec: -g changes to -G + * tpm2_createek: -g changes to -G + * tpm2_createak: -g changes to -G + * tpm2_verifysignature: -g becomes -G + * tpm2_sign: -g becomes -G + * tpm2_import: support specifying parent key with a context file, + --parent-key-handle/-H becomes --parent-key/-C + * tpm2_nvwrite and tpm2_nvread: when -P is "index" -a is optional and defaults to + the NV_INDEX value passed to -x. + * Load TCTI's by SONAME, not raw .so file + * tpm2_activatecredential: -e becomes -E + * tpm2_activatecredential: -e becomes -E + * tpm2_certify: -c and -C are swapped, -k becomes -K + * tpm2_createprimary: -K becomes -k + * tpm2_encryptdecrypt: supports input and output to stdin and stdout respectively. + * tpm2_create: -g/-G become optional options. + * tpm2_createprimary: -g/-G become optional options. + * tpm2_verifysignature - Option `-r` changes to `-f` and supports signature format "rsa". + * tpm2_import - Parent public data option, `-K` is optional. + * tpm2_import - Supports importing external RSA 2048 keys via pem files. + * tpm2_pcrlist: Option `--algorithm` changes to `--halg`, which is in line with other tools. + * tpm2_verifysignature: Option `-r` and `--raw` have been removed. This were unused within the tool. + * tpm2_hmac: Option `--algorithm` changes to `--halg`, which is in line with the manpage. + * tpm2_makecredential: Option `--sec` changes to `--secret`. + * tpm2_activatecredential: Option `--Password` changes to `--auth-key`. + * system tests are now run with make check when --enable-unit is used in configure. + * tpm2_unseal: Option `--pwdk` changes to `--auth-key`. + * tpm2_sign: Option `--pwdk` changes to `--auth-key`. + * tpm2_rsadecrypt: Option `--pwdk` changes to `--auth-key`. + * tpm2_quote: Option `--ak-passwd` changes to `--auth-ak` + * tpm2_pcrevent: Option `--passwd` changes to `--auth-pcr` + * tpm2_nvwrite: Options `--authhandle` and `--handle-passwd` + changes to `--hierarchy` and `--auth-hierarchy` respectively. + * tpm2_nvread: Options `--authhandle` and `--handle-passwd` + changes to `--hierarchy` and `--auth-hierarchy` respectively. + * tpm2_nvdefine: Options `--authhandle`, `--handle-passwd` and `--index-passwd` + changes to `--hierarchy`, `--auth-hierarchy` and `--auth-index` + respectively. + * tpm2_loadexternal: `-H` changes to `-a` for specifying hierarchy. + * tpm2_load: Option `--pwdp` changes to `--auth-parent`. + * tpm2_hmac: Option `--pwdk` changes to `--auth-key`. + * tpm2_hash: `-H` changes to `-a` for specifying hierarchy. + * tpm2_getmanufec: Options `--owner-passwd`, `--endorse-passwd` + * and `--ek-passwd`change to `--auth-owner`, `--auth-endorse` + and `--auth-ek` respectively. + * tpm2_evictcontrol: Option group `-A` and `--auth` changes to `-a` and `--hierarchy` + Option `--pwda` changes to `--auth-hierarchy` + * tpm2_encryptdecrypt: Option `--pwdk` changes to `--auth-key`. + * tpm2_dictionarylockout: Option `--lockout-passwd` changes to `--auth-lockout` + * tpm2_createprimary: Options `--pwdp` and `--pwdk` change to + `--auth-hierarchy` and `--auth-object` respectively. + * tpm2_createek: Options `--owner-passwd`, `--endorse-passwd` + * and `--ek-passwd`change to `--auth-owner`, `--auth-endorse` + and `--auth-ek` respectively. + * tpm2_createak: Options `--owner-passwd`, `--endorse-passwd` + * and `--ak-passwd`change to `--auth-owner`, `--auth-endorse` + and `--auth-ak` respectively. + * tpm2_create: Options `--pwdo` and `--pwdk` change to `--auth-object` and + `--auth-key` respectively. + * tpm2_clearlock: Option `--lockout-passwd` changes to `--auth-lockout` + * tpm2_clear: Option `--lockout-passwd` changes to `--auth-lockout` + * tpm2_changeauth: Options, `--old-owner-passwd`, `--old-endorse-passwd`, + and `--old-lockout-passwd` go to `--old-auth-owner`, `--old-auth-endorse`, + and `--old-auth-lockout` respectively. + * tpm2_certify: Options `--pwdo` and `--pwdk` change to `--auth-object` and + `--auth-key` respectively. + * tpm2_createprimary: `-H` changes to `-a` for specifying hierarchy. + * tpm2_createak: support for non-persistent AK generation. + * tpm2_createek: support for non-persistent EK generation. + * tpm2_getpubak renamed to tpm2_createak, -f becomes -p and -f is used for format of public key + output. + * tpm2_getpubek renamed to tpm2_createek, -f becomes -p and -f is used for format of public key + output. + * Libre SSL builds fixed. + * Dynamic TCTIS. Support for pluggable TCTI modules via the -T or --tcti options. + * tpm2_sign: supports signing a pre-computed hash via -D + * tpm2_clearlock: tool added + * test: system testing scripts moved into subordinate test directory. + * fix a buffer overflow in nvread/write tools. + * configure: enable code coverage option. + * tpm2_takeownership: split into tpm2_clear and tpm2_changeauth + * env: add TPM2TOOLS_ENABLE_ERRATA to control the -Z or errata option. + +------------------------------------------------------------------- Old: ---- install-man.patch tpm2-tools-3.0.4.tar.gz tpm2.0-tools-fix-hardening.patch New: ---- tpm2-tools-3.1.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tpm2.0-tools.spec ++++++ --- /var/tmp/diff_new_pack.csVce1/_old 2018-07-06 10:41:24.711296415 +0200 +++ /var/tmp/diff_new_pack.csVce1/_new 2018-07-06 10:41:24.711296415 +0200 @@ -17,15 +17,13 @@ Name: tpm2.0-tools -Version: 3.0.4 +Version: 3.1.0 Release: 0 Summary: Trusted Platform Module (TPM) 2.0 administration tools License: BSD-3-Clause Group: Productivity/Security Url: https://github.com/tpm2-software/tpm2-tools/releases Source0: https://github.com/tpm2-software/tpm2-tools/releases/download/%{version}/tpm2-tools-%{version}.tar.gz -Patch0: tpm2.0-tools-fix-hardening.patch -Patch1: install-man.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: gcc-c++ @@ -41,6 +39,10 @@ # don't need to generate them any more. On openSUSE we can still keep this # dependency for having fresh builds of the man pages (if that helps # anything?). +# +# Update: In the 3.1.0 a required patch is still missing and the man pages +# won't be installed. they're shipped, though. so if pandoc isn't installed we +# need to install them explicitly. BuildRequires: pandoc %endif BuildRequires: pkgconfig @@ -59,13 +61,8 @@ %prep %setup -q -n tpm2-tools-%{version} -%patch0 -p1 -%patch1 -p1 %build -# patch1 (install-man) requires to run autoreconf ATM, because it modifies -# Makefile.am. This can be dropped with the next release containing the fix. -autoreconf %configure --disable-static make %{?_smp_mflags} @@ -75,6 +72,12 @@ %install make DESTDIR=%{buildroot} install %{?_smp_mflags} find %{buildroot} -type f -name "*.la" -delete -print +%if ! 0%{?is_opensuse} +# install man pages explicitly, until upstream fixes their installation +# setup in autotools, see commit 72a28f36151db9bfa59a460ae0114dcece218862 +mkdir -p %{buildroot}/%{_mandir}/man1/ +cp %{_builddir}/tpm2-tools-%{version}/man/man1/* %{buildroot}/%{_mandir}/man1/ +%endif %files %defattr(-,root,root) ++++++ tpm2-tools-3.0.4.tar.gz -> tpm2-tools-3.1.0.tar.gz ++++++ ++++ 23542 lines of diff (skipped)