Sync from SUSE:SLFO:Main tpm-tools revision 1601c6c0dc020e9bcad73c4f78e2172b

.gitattributes

@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text

0001-tpm_version-avoid-outputting-NULL-bytes-from-tpmVend.patch

@@ -0,0 +1,51 @@
+From c927f67f36a4719bd15b8a535efb6980f1e87a6b Mon Sep 17 00:00:00 2001
+From: Matthias Gerstner <matthias.gerstner@suse.de>
+Date: Fri, 30 Nov 2018 12:48:37 +0100
+Subject: [PATCH] tpm_version: avoid outputting NULL bytes from tpmVendorID
+
+When the vendor ID contains null bytes then '^@' characters appear in
+the tpm_version output. This can confuse users and it also causes e.g.
+'grep' to treat the input as binary. Example:
+
+  TPM Vendor ID:       WEC\000
+
+This change copies the vendor ID bytes over into a local string object.
+This makes the code more independent of the vendor ID dimension and also
+avoids NULL bytes being printed.
+---
+ src/tpm_mgmt/tpm_version.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+Index: tpm-tools-1.3.9.1/src/tpm_mgmt/tpm_version.c
+===================================================================
+--- tpm-tools-1.3.9.1.orig/src/tpm_mgmt/tpm_version.c
++++ tpm-tools-1.3.9.1/src/tpm_mgmt/tpm_version.c
+@@ -133,6 +133,7 @@ int cmdVersion(const char *a_szCmd)
+ 		UINT64 offset;
+ 		TSS_RESULT uiResult;
+ 		TPM_CAP_VERSION_INFO versionInfo;
++		char vendor_id[sizeof(versionInfo.tpmVendorID)+1];
+ 		char *errbuf = NULL; // Buffer containing what was sent to stderr during getCapability.
+ 
+ 		/* Disable logging to of "Bad Mode" during this call. 
+@@ -169,15 +170,17 @@ int cmdVersion(const char *a_szCmd)
+ 			goto out_close;
+ 		}
+ 
++		// copy over the individual characters into a regular string.
++		// This avoids that null bytes are written to stdout.
++		snprintf ( vendor_id, sizeof(vendor_id), "%s", (const char*)versionInfo.tpmVendorID );
++
+ 		logMsg(_("  TPM 1.2 Version Info:\n"));
+ 		logMsg(_("  Chip Version:        %hhu.%hhu.%hhu.%hhu\n"),
+ 		       versionInfo.version.major, versionInfo.version.minor,
+ 		       versionInfo.version.revMajor, versionInfo.version.revMinor);
+ 		logMsg(_("  Spec Level:          %hu\n"), versionInfo.specLevel);
+ 		logMsg(_("  Errata Revision:     %hhu\n"), versionInfo.errataRev);
+-		logMsg(_("  TPM Vendor ID:       %c%c%c%c\n"),
+-		       versionInfo.tpmVendorID[0], versionInfo.tpmVendorID[1],
+-		       versionInfo.tpmVendorID[2], versionInfo.tpmVendorID[3]);
++		logMsg(_("  TPM Vendor ID:       %s\n"), vendor_id);
+ 
+ 		if (versionInfo.vendorSpecificSize) {
+ 			logMsg(_("  Vendor Specific data: "));

0001-tpm_version-avoid-outputting-undefined-data-on-stder.patch

@@ -0,0 +1,35 @@
+From f0f30ff3e3b08751ebb8524303d80b6e94882134 Mon Sep 17 00:00:00 2001
+From: Matthias Gerstner <matthias.gerstner@suse.de>
+Date: Fri, 30 Nov 2018 13:17:01 +0100
+Subject: [PATCH] tpm_version: avoid outputting undefined data on stderr
+
+If there was no data written to the temporary file then memsize == 1, no
+data will be read from the file into the buffer and the buffer will not
+be null terminated. This can cause random data to be output later on to
+the original stderr like:
+
+'#precedence ::ffff:0:0/'
+
+or
+
+'xl?8?'
+
+Fix this by making sure the buffer is always zero terminated.
+---
+ src/tpm_mgmt/tpm_version.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+Index: tpm-tools-1.3.9.1/src/tpm_mgmt/tpm_version.c
+===================================================================
+--- tpm-tools-1.3.9.1.orig/src/tpm_mgmt/tpm_version.c
++++ tpm-tools-1.3.9.1/src/tpm_mgmt/tpm_version.c
+@@ -99,6 +99,9 @@ char* end_capture_stderr(int olderr)
+     perror("read()");
+   }
+ 
++  // make sure the buffer is null terminated.
++  buf[st.st_size] = '\0';
++
+   // Restore stderr.
+  errout:
+   if (0 > dup2(olderr, STDERR_FILENO)) {

tpm-tools.changes

@@ -0,0 +1,148 @@
+-------------------------------------------------------------------
+Tue Apr 12 14:08:44 UTC 2022 - Marcus Meissner <meissner@suse.com>
+
+- changed source url to https
+
+-------------------------------------------------------------------
+Tue Oct  5 12:10:20 UTC 2021 - Matthias Gerstner <matthias.gerstner@suse.com>
+
+- fix undefined and binary data being output in the tpm_version command
+  (bsc#1114793)
+  - add 0001-tpm_version-avoid-outputting-NULL-bytes-from-tpmVend.patch
+  - add 0001-tpm_version-avoid-outputting-undefined-data-on-stder.patch
+
+-------------------------------------------------------------------
+Wed Mar  3 11:29:22 UTC 2021 - Matthias Gerstner <matthias.gerstner@suse.com>
+
+- upgrade to minor version 1.3.9.2:
+  - upstream now provide openssl 1.1 compatibility on their own
+- dropped 0001-Fix-build-against-OpenSSL-1.1.0.patch since the tarbal is now
+  compatible.
+
+-------------------------------------------------------------------
+Thu Nov  9 17:14:32 UTC 2017 - matthias.gerstner@suse.com
+
+- 0001-Fix-build-against-OpenSSL-1.1.0.patch: fix openssl 1.1.0 build in the
+  P11 code. Upstream has not reacted to a pull request to fix this for some
+  months now. This is my own patch (that doesn't violate C89 declaration rules
+  and is backward compatible to openssl. 1.0.x)).
+
+  For comparison see: https://sourceforge.net/p/trousers/tpm-tools/merge-requests/2/
+
+-------------------------------------------------------------------
+Wed Mar  1 10:56:33 UTC 2017 - meissner@suse.com
+
+- updated to 1.3.9.1 (FATE#321450)
+  - bugfixes after openssl 1.1 porting
+
+-------------------------------------------------------------------
+Sun Jan  1 05:21:10 UTC 2017 - mailaender@opensuse.org
+
+- Update to version 1.3.9
+
+-------------------------------------------------------------------
+Fri Jun 19 16:03:22 UTC 2015 - crrodriguez@opensuse.org
+
+- Do not use -Werror. 
+
+-------------------------------------------------------------------
+Thu Apr  2 12:31:34 UTC 2015 - mpluskal@suse.com
+
+- Cleanup spec file with spec-cleaner
+- Remove tpm-tools-rpmlintrc
+- Use automake and autoconf as recomended by upstream
+- Split library, devel adn pkcs11 package
+
+-------------------------------------------------------------------
+Thu Oct  2 21:52:42 UTC 2014 - crrodriguez@opensuse.org
+
+- Remove a number of unused build requires, probably copy/paste 
+ error, never used.
+
+-------------------------------------------------------------------
+Tue Jun 12 14:29:53 UTC 2012 - meissner@suse.com
+
+- Updated to 1.3.8
+  - bugfixes
+  - pcr/nvram sealing options
+
+-------------------------------------------------------------------
+Wed Mar 14 13:34:35 UTC 2012 - meissner@suse.com
+
+- Updated to 1.3.7.1
+  - smaller bugfixes from last release
+
+-------------------------------------------------------------------
+Mon Feb 13 10:57:07 UTC 2012 - coolo@suse.com
+
+- patch license to follow spdx.org standard
+
+-------------------------------------------------------------------
+Thu Sep  8 16:53:21 CEST 2011 - meissner@suse.de
+
+- Updated to 1.3.7
+  - NVRAM support, new binaries: tpm_nvdefine tpm_nvinfo tpm_nvrelease
+    tpm_nvread tpm_nvwrite
+
+-------------------------------------------------------------------
+Tue Aug 30 14:50:07 UTC 2011 - pgajdos@suse.com
+
+- build with --no-copy-dt-needed-entries
+
+-------------------------------------------------------------------
+Mon Jun 20 15:54:46 CEST 2011 - meissner@suse.de
+
+- Update to 1.3.6
+  - some unsealing fixes, do not unseal much
+
+-------------------------------------------------------------------
+Fri May 27 11:17:43 UTC 2011 - idonmez@novell.com
+
+- Disable gcc's new unused-but-set-variable warnings, these are just
+  noise as BIO_*(...) functions returns a value and needs to 
+  be handled 
+
+-------------------------------------------------------------------
+Mon Sep 27 07:54:30 CEST 2010 - meissner@suse.de
+
+- add opencryptoki support (bnc#641919)
+
+-------------------------------------------------------------------
+Thu Mar 18 11:50:00 CET 2010 - meissner@suse.de
+
+- updated to 1.3.5 upstream
+  - small bugfixes mostly, nothing new
+
+-------------------------------------------------------------------
+Thu Aug 27 15:28:58 CEST 2009 - meissner@suse.de
+
+- updated to 1.3.2 upstream.
+
+-------------------------------------------------------------------
+Wed Apr 16 11:57:34 CEST 2008 - meissner@suse.de
+
+- disable static
+- make check added, even if it does nothing currently.
+
+-------------------------------------------------------------------
+Tue Apr 15 16:12:55 CEST 2008 - meissner@suse.de
+
+- do not build static library for now.
+
+-------------------------------------------------------------------
+Fri Mar 28 12:01:10 CET 2008 - meissner@suse.de
+
+- Imported from buildservice
+- ingore rpmlint shared library errors, shared lib
+  is only used in here.
+
+-------------------------------------------------------------------
+Mon Aug 13 17:52:08 CEST 2007 - skh@suse.de
+
+- initial build service import with version 1.2.5.1
+
+-------------------------------------------------------------------
+Thu Nov 10 14:15 CET 2005 - draht@suse.de
+
+- initial package, version 1.1.0
+

tpm-tools.spec

@@ -0,0 +1,142 @@
+#
+# spec file for package tpm-tools
+#
+# Copyright (c) 2022 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+%define lib_name libtpm_unseal1
+Name:           tpm-tools
+Version:        1.3.9.2
+Release:        0
+Summary:        Trusted Platform Module (TPM) administration tools
+License:        IPL-1.0
+Group:          Productivity/Security
+URL:            http://trousers.sourceforge.net/
+Source0:        https://downloads.sourceforge.net/project/trousers/tpm-tools/%{version}/tpm-tools-%{version}.tar.gz
+BuildRequires:  autoconf
+BuildRequires:  automake
+BuildRequires:  libtool
+BuildRequires:  openCryptoki-devel
+BuildRequires:  openssl-devel
+BuildRequires:  trousers-devel
+BuildRoot:      %{_tmppath}/%{name}-%{version}-build
+# I reported this to the tpm-tools/trousers mailing list on 2018-12-03 but the
+# patches never made it into the upstream repo for some reason
+Patch0:         0001-tpm_version-avoid-outputting-NULL-bytes-from-tpmVend.patch
+Patch1:         0001-tpm_version-avoid-outputting-undefined-data-on-stder.patch
+
+%description
+Trusted Computing is a set of specifications published by the Trusted
+Computing Group (TCG). The Trusted Platform Module (TPM) is the
+hardware component for Trusted Computing. The tpm-tools package
+provides tools for enablement and configuration of the TPM and
+associated interfaces. Also look inside the trousers package for more
+software for TC.
+
+%package        pkcs11
+Summary:        Management tools using PKCS#11 for the TPM hardware
+Group:          Applications/System
+
+%description    pkcs11
+Trusted Computing is a set of specifications published by the Trusted
+Computing Group (TCG). The Trusted Platform Module (TPM) is the
+hardware component for Trusted Computing. The tpm-tools package
+provides tools for enablement and configuration of the TPM and
+associated interfaces. Also look inside the trousers package for more
+software for TC.
+
+This package contains group of tools that use the TPM PKCS#11 token. All data
+contained in the PKCS#11 data store is protected by the TPM (keys,
+certificates, etc.). You can import keys and certificates, list out the
+objects in the data store, and protect data.
+
+%package -n %{lib_name}
+Summary:        Management tools for the TPM hardware (library)
+Group:          System/Libraries
+
+%description -n %{lib_name}
+Trusted Computing is a set of specifications published by the Trusted
+Computing Group (TCG). The Trusted Platform Module (TPM) is the
+hardware component for Trusted Computing. The tpm-tools package
+provides tools for enablement and configuration of the TPM and
+associated interfaces. Also look inside the trousers package for more
+software for TC.
+
+This package contains shared libraries
+
+%package 	devel
+Summary:        Files to use the library routines supplied with tpm-tools
+Group:          Development/Libraries
+Requires:       %{lib_name} = %{version}
+
+%description 	devel
+Trusted Computing is a set of specifications published by the Trusted
+Computing Group (TCG). The Trusted Platform Module (TPM) is the
+hardware component for Trusted Computing. The tpm-tools package
+provides tools for enablement and configuration of the TPM and
+associated interfaces. Also look inside the trousers package for more
+software for TC.
+
+This package contains the libraries and headers necessary for developing
+tpm-tools applications.
+
+%prep
+%autosetup -p1 -n %{name}-%{version}
+
+%build
+sh bootstrap.sh
+# Disable unused-but-set warnings with gcc >= 4.6
+%configure \
+	--disable-static
+make %{?_smp_mflags}
+
+%check
+make %{?_smp_mflags} check
+
+%post -n %{lib_name} -p /sbin/ldconfig
+
+%postun -n %{lib_name} -p /sbin/ldconfig
+
+%install
+make DESTDIR=%{buildroot} install %{?_smp_mflags}
+find %{buildroot} -type f -name "*.la" -delete -print
+cp include/*.h %{buildroot}%{_includedir}/tpm_tools
+
+%files
+%defattr(-,root,root)
+%doc README LICENSE
+%{_mandir}/man1/tpm_*
+%{_mandir}/man8/tpm_*
+%{_sbindir}/tpm_*
+%{_bindir}/tpm_*
+
+%files -n %{lib_name}
+%defattr(-,root,root,-)
+%doc LICENSE
+%{_libdir}/*.so.*
+
+%files pkcs11
+%defattr(-,root,root,-)
+%doc LICENSE
+%{_bindir}/tpmtoken_*
+%{_mandir}/man1/tpmtoken_*
+
+%files devel
+%defattr(-,root,root)
+%{_libdir}/*.so
+%{_includedir}/tpm_tools
+%{_mandir}/man3/tpmUnseal*
+
+%changelog