SLFO-pool/tpm2-0-tss
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync from SUSE:SLFO:Main tpm2-0-tss revision b680ea2c79b8570fc45f365d00f6610f

Browse Source
This commit is contained in:
Adrian Schröter 2024-05-04 01:27:19 +02:00
commit 8369368401
7 changed files with 1147 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

12
baselibs.conf Normal file
View File

@ -0,0 +1,12 @@
libtss2-esys0
libtss2-fapi1
libtss2-mu0
libtss2-policy0
libtss2-rc0
libtss2-sys1
libtss2-tcti-cmd0
libtss2-tcti-device0
libtss2-tcti-mssim0
libtss2-tcti-spi-helper0
libtss2-tcti-swtpm0
libtss2-tctildr0

706
tpm2-0-tss.changes Normal file
View File

@ -0,0 +1,706 @@
-------------------------------------------------------------------
Thu Feb 16 14:41:06 UTC 2023 - Alberto Planas Dominguez <aplanas@suse.com>
- Drop 0001-tss2_rc-ensure-layer-number-is-in-bounds.patch as was
already merged upstream
- Update to 4.0.1
+ Fixed:
* A buffer overflow in tss2-rc as CVE-2023-22745.
- Update to 4.0.0
+ Fixed:
* tcti-ldr: Use heap instead of stack when tcti initialize
* Fix usage of NULL pointer if Esys_TR_SetAuth is calles with
ESYS_TR_NONE.
* Conditionally check user/group manipulation commands.
* Store VERSION into the release tarball.
* When using DESTDIR for make einstall, do not invoke
systemd-sysusers and systemd-tmpfiles.
* esys_iutil: fix possible NPD.
* Tss2_Sys_Flushcontext: flushHandle was encoded as a handleArea
handle and not as parameter one, this affected the contents of
cpHash.
* esys: fix allow usage of HMAC sessions for
Esys_TR_FromTPMPublic.
* fapi: fix usage of policy_nv with a TPM nv index.
* linking tcti for libtpms against tss2-tctildr. It should be
linked against tss2-mu.
* build: Remove erroneous trailing comma in linker option. Bug
#2391.
* fapi: fix encoding of complex tpm2bs in authorize nv,
duplication select and policy template policies. Now the complex
and TPMT or TPMS representations can be used. Bug #2383
* The error message for unsupported FAPI curves was in hex without
a leading 0x, make it integer output to clarify.
* Documentation that had various scalar out pointers as "callee
allocated".
* test: build with opaque FILE structure like in musl libc.
* Transient endorsement keys were not recreated according to the
EK credential profile.
* Evict control for a persistent EK failed during provisioning if
an auth value for the storage hierarchy was set.
* The authorization of the storage hierarchy is now added. Fixes
FAPI: Provisioning error if an auth value is needed for the
storage hierarchy #2438.
* Usage of a second profile in a path was not possible because the
default profile was always used.
* The setting of an empty auth value for Fapi_Provision was fixed.
* JSON encoding of a structure TPMS_POLICYAUTHORIZATION used the
field keyPEMhashAlg instead of hashAlg as defined in "TCG TSS
2.0 JSON Data Types and Policy Language Specification". Rename
to hashAlg but preserve support for reading keyPEMhashAlg for
backwards compatibility.
* fapi: PolicySecret did not work with keys as secret object.
* Esys_PCR_SetAuthValue: remembers the auth like other SetAutg
ESAPI functions.
* tests: esys-pcr-auth-value.int moved to destructive tests.
* FAPI: Fix double free if keystore is corrupted.
* Marshaling of TPMU_CAPABILITIES data, only field
intelPttProperty was broken before.a
* Spec deviation in Fapi_GetDescription caused description to be
NULL when it should be empty string. This is API breaking but
considered a bug since it deviated from the FAPI spec.
* FAPI: undefined reference to curl_url_strerror when using curl
less than 7.80.0.
* FAPI: Fixed support for EK templates in NV inidices per the
spec, see #2518 for details.
* FAPI: fix NPD in ifapi_curl logging.
* FAPI: Improve documentation fapi-profile
* FAPI: Fix CURL HTTP handling.
* FAPI: Return FAPI_RC_IO_ERROR if a policy does not exist in
keystore.
+ Added:
* TPM version 1.59 support.
* ci: ubuntu-22.04 added.
* mbedTLS 3.0 is supported by ESAPI.
* Add CreationHash to JSON output for usage between applications
not using the FAPI keystore, like command line tools.
* Reduced code size for SAPI.
* Support for Runtime Switchable ESAPI Crypto Backend via
Esys_SetCryptoCallbacks.
* Testing for TCG EK Credential Profile TPM 2.0, Version 2.4
Rev. 3, 2021 for the low and high address range of EK templates.
* tss2-rc: Tss2_RC_DecodeInfo function for parsing TSS2_RC into
the various bit fields.
* FAPI support for P_ECC384 profile.
* tss2-rc: Tss2_RC_DecodeInfoError: Function to get a human
readable error from a TSS2_RC_INFO returned by
Tss2_RC_DecodeInfo
* tcti: Generic SPI driver, implementors only need to connect to
acquire/release, transmit/receive, and sleep/timeout functions.
* FAPI: Add event logging for Firmware and IMA Events. See #2170
for details.
* FAPI: Fix Fapi_ChangeAuth updates on hierarchy objects not being
reflected across profiles.
* FAPI: Allow keyedhash keys in PolicySigned.
* ESAPI: Support sha512 for mbedtls crypto backend.
* TPM2B_MAX_CAP_BUFFER and mu routines
* vendor field to TPMU_CAPABILTIIES
* FAPI: support for PolicyTemplate
+ Changed
* libmu soname from 0:0:0 to 0:1:0.
* tss2-sys soname from 1:0:0 to 1:1:0
* tss2-esys: from 0:0:0 to 0:1:0
* FAPI ignores vendor properties on Fapi_GetInfo
* FAPI Event Logging JSON format, See #2170 for details.
+ Removed
* Dead struct TPMS_ALGORITHM_DESCRIPTION
* Dead field intelPttProperty from TPMU_CAPABILITIES
* Dead code Tss2_MU_TPMS_ALGORITHM_DESCRIPTION_Marshal
* Dead code Tss2_MU_TPMS_ALGORITHM_DESCRIPTION_Unmarshal
-------------------------------------------------------------------
Fri Jan 20 11:10:30 UTC 2023 - Matthias Gerstner <matthias.gerstner@suse.com>
- add 0001-tss2_rc-ensure-layer-number-is-in-bounds.patch: fixes
CVE-2023-22745 (bsc#1207325): Buffer Overlow in TSS2_RC_Decode. Overly large
RC values passed to the TSS2 function could lead to memory overread or
memory overread.
This patch is not yet part of any upstream git tag.
-------------------------------------------------------------------
Mon Jul 11 11:19:36 UTC 2022 - Alberto Planas Dominguez <aplanas@suse.com>
- Revert "Add version the configuration file tpm2-tss-fapi.conf"
This generate whitelist problems in rpmlint.
-------------------------------------------------------------------
Fri Jul 8 11:52:40 UTC 2022 - Alberto Planas Dominguez <aplanas@suse.com>
- Update to 3.2.0
+ Fixed
* FAPI: fix curl_url_set call
* FAPI: Fix usage of curl url (Should fix Ubuntu 22.04)
* Fix buffer upcast leading to misalignment
* Fix check whether SM3 is available
* Update git.mk to support R/O src-dir
* Fixed file descriptor leak when tcti initialization failed.
* 32 Bit builds of the integration tests.
* Primary key creation, in some cases the unique field was not
cleared before calling create primary.
* Primary keys was used for signing the object were cleared after
loading. So access e.g. to the certificate did not work.
* Primary keys created with Fapi_Create with an auth value, the
auth_value was not used in inSensitive to recreate the primary
key. Now the auth value callback is used to initialize
inSensitive.
* The not possible usage of policies for primary keys generated
with Fapi_CreatePrimary has been fixed.
* An infinite loop when parsing erroneous JSON was fixed in FAPI.
* A buffer overflow in ESAPI xor parameter obfuscation was fixed.
* Certificates could be read only once in one application The
setting the init state of the state automaton for getting
certificates was fixed.
* A double free when executing policy action was fixed.
* A leak in Fapi_Quote was fixed.
* The wrong file locking in FAPI IO was fixed.
* Enable creation of tss group and user on systems with busybox
for fapi.
* One fapi integration test did change the auth value of the
storage hierarchy.
* A leak in fapi crypto with ossl3 was fixed.
* Add initial camelia support to FAPI
* Fix tests of fapi PCR
* Fix tests of ACT functionality if not supported by pTPM
* Fix compiler (unused) warning when building without debug
logging
* Fix leaks in error cases of integration tests
* Fix memory leak after ifapi_init_primary_finish failed
* Fix double-close of stream in FAPI
* Fix segfault when ESYS_TR_NONE is passed to Esys_TR_GetName
* Fix the authorization of hierarchy objects used in policy
secret.
* Fix check of qualifying data in Fapi_VerifyQuote.
* Fix some leaks in FAPI error cases.
* Make scripts compatible with non-posix shells where test does
not know -a and -o.
* Fix usage of variable not initialized when fapi keystore is
empty.
+ Added
* Add additional IFX root CAs
* Added support for SM2, SM3 and SM4.
* Added support for OpenSSL 3.0.0.
* Added authPolicy field to the TPMU_CAPABILITIES union.
* Added actData field to the TPMU_CAPABILITIES union.
* Added TPM2_CAP_AUTH_POLICIES
* Added TPM2_CAP_ACT constants.
* Added updates to the marshalling and unmarshalling of the
TPMU_CAPABILITIES union.
* Added updated to the FAPI serializations and deserializations of
the TPMU_CAPABILITIES union and associated types.
* Add CODE_OF_CONDUCT
* tcti-mssim and tcti-swtpm gained support for UDX communication
* Missing constant for TPM2_RH_PW
+ Removed
* Removed support for OpenSSL < 1.1.0.
* Marked TPMS_ALGORITHM_DESCRIPTION and corresponding MU routines
as deprecated.
* Those were errorous typedefs that are not use and not useful. So
we will remove this with 3.3
* Marked TPM2_RS_PW as deprecated. Use TPM2_RH_PW instead.
- Update to 3.1.1
+ Fixed
* Fixed file descriptor leak when tcti initialization failed.
* Primary key creation, in some cases the unique field was not
cleared before calling create primary.
* Primary keys was used for signing the object were cleared after
loading. So access e.g. to the certificate did not work.
* Primary keys created with Fapi_Create with an auth value, the
auth_value was not used in inSensitive to recreate the primary
key. Now the auth value callback is used to initialize
inSensitive.
* The not possible usage of policies for primary keys generated
with Fapi_CreatePrimary has been fixed.
* An infinite loop when parsing erroneous JSON was fixed in FAPI.
* A buffer overflow in ESAPI xor parameter obfuscation was fixed.
* Certificates could be read only once in one application The
setting the init state of the state automaton for getting
certificates was fixed.
* A double free when executing policy action was fixed.
* A leak in Fapi_Quote was fixed.
* The wrong file locking in FAPI IO was fixed.
* One fapi integration test did change the auth value of the
storage hierarchy.
* Fix test of FAPI PCR
* Fix leaks in error cases of integration tests
* Fix segfault when ESYS_TR_NONE is passed to Esys_TR_GetName
* Fix the authorization of hierarchy objects used in policy
secret.
* Fix check of qualifying data in Fapi_VerifyQuote.
* Fix some leaks in FAPI error cases.
* Fix usage of variable not initialized when fapi keystore is
empty.
+ Added
* Add additional IFX root CAs
-------------------------------------------------------------------
Wed Dec 8 16:57:58 UTC 2021 - Alberto Planas Dominguez <aplanas@suse.com>
- Version 3.1.0 includes:
+ cover update to 2.4.5 (jsc#SLE-17366)
+ cover update to 2.3.0 (jsc#SLE-9515)
+ fix policy session for TPM2_PolicyAuthValue (bsc#1160736)
- Add version the configuration file tpm2-tss-fapi.conf
-------------------------------------------------------------------
Thu Jul 15 15:51:04 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
- Remove conflicting sysusers.d file
-------------------------------------------------------------------
Wed Jul 14 15:11:55 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
- Clean spec file
- Add new library libtss2-tcti-pcap0
- Update to 3.1.0:
* Fix FAPI PolicyPCR not instatiating correctly (CVE-2020-24455)
* Fixed possible access outside the array in ifapi_calculate_tree
* Added pcap TCTI
* Added GlobalSign TPM Root CA certs to FAPI cert store
* Changed EncryptDecrypt mode type to align with TPM2.0 spec 1.59
* Added two new TPM commands TPM2_CC_CertifyX509,
and TPM2_CC_ACT_SetTimeout
-------------------------------------------------------------------
Mon Jun 28 06:52:53 UTC 2021 - Marcus Meissner <meissner@suse.com>
- small services fixes and comments
-------------------------------------------------------------------
Thu Jan 28 09:18:58 UTC 2021 - Matthias Gerstner <matthias.gerstner@suse.com>
- update to 3.0.3:
- changes in 3.0.3:
* Fix Regression in Fapi_List
* Fix memory leak in policy calculation
- changes in 3.0.2:
* FAPI: Fix setting of the system flag of NV objects
* This will let NV object metadata be created system-wide always instead of
* locally in the user. Existing metadata will remain in the user directory.
* It can be moved to the corresponding systemstore manually if needed.
* FAPI: Fix policy searching, when a policyRef was provided
* FAPI: Accept EK-Certs without CRL dist point
* FAPI: Fix return codes of Fapi_List
* FAPI: Fix memleak in policy execution
* FAPI: Fix coverity NULL-pointer check
* FAPI: Set the written flag of NV objects in FAPI PolicyNV commands
* FAPI: Fix deleting of policy files.
* FAPI: Fix wrong file loading during object search.
* Fapi: Fix memory leak
* Fapi: Fix potential NULL-Dereference
* Fapi: Remove superfluous NULL check
* Fix a memory leak in async keystore load.
-------------------------------------------------------------------
Thu Oct 22 11:38:52 UTC 2020 - Matthias Gerstner <matthias.gerstner@suse.com>
- move the tcti-fapi tmpfiles.d config file into the libtss2-fapi1 sub-package.
- improve the descriptions of new libraries (fapi1, cmd0, swtpm0)
- adjust baselibs.conf to match new library versions and added libraries
-------------------------------------------------------------------
Mon Oct 19 13:30:39 UTC 2020 - Guillaume GARDET <guillaume.gardet@opensuse.org>
- Update to 3.0.1, changelog at:
https://github.com/tpm2-software/tpm2-tss/blob/3.0.x/CHANGELOG.md
- Update libtss2-sys0 to libtss2-sys1
- Add new libs:
* libtss2-fapi1
* libtss2-tcti-cmd0
* libtss2-tcti-swtpm0
-------------------------------------------------------------------
Wed Feb 19 19:37:14 UTC 2020 - Martin Hauke <mardnh@gmx.de>
- Update to version 2.3.3
* Fixed mixing salted and unsalted sessions in the same ESAPI
context
* Removed use of VLAs from TPML marshal code
* Added check for object node before calling compute_session_value
function
* Fixed auth calculation in Esys_StartAuthSession called with
optional parameters
* Fixed compute_encrypted_salt error handling in
Esys_StartAuthSession
* Fixed exported symbols map for libtss2-mu
-------------------------------------------------------------------
Fri Jan 31 11:51:03 UTC 2020 - Michal Suchanek <msuchanek@suse.com>
- Use system-users for tss user creation (boo#1162360).
-------------------------------------------------------------------
Fri Jan 24 14:13:01 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
- BuildRequire pkgconfig(udev) instead of udev: allow OBS to
shortcut through the -mini flavor.
-------------------------------------------------------------------
Sun Dec 29 21:06:27 UTC 2019 - Martin Hauke <mardnh@gmx.de>
- update to upstream version 2.3.2:
- changes since version 2.3.0:
- Fix unit tests on S390 architectures
- Fixed HMAC generation for policy sessions
-------------------------------------------------------------------
Wed Dec 11 11:01:44 UTC 2019 - matthias.gerstner@suse.com
- update to upstream version 2.3.0:
- changes in version 2.3.0:
- tss2-tctildr: A new library that helps with tcti initialization
Recommend to use this in place of custom tcti loading code now !
- tss2-rc: A new library that provides textual representations for return
codes
- Option to disable NIST-deprecated crypto (--disable-weak-crypto)
- Support Esys_TR_FromTPMPublic on sessions (for use in Esys_FlushContext)
- map-files with correct symbol lists for tss2-sys and tss2-esys
This may lead to unresolved symbols in linked applications
- Support to call Tss2_Sys_Execute repeatedly on certain errors
- Reduced RAM consumption in Esys due to Tss2_Sys_Execute change
- Automated session attribution clearing for esys (decrypt and encrypt)
per cmd
- Removed libtss2-mu from "Requires" field of libtss2-esys.pc
Needs to be added explicitely now
- All fixes from 2.2.1, 2.2.2 and 2.2.3
- Fixed SPDX License Identifiers
- Fixed Null-pointer problems in tcti-tbs
- Fixed Default locality for tcti-mssim set to LOC_0
- Fixed coverity and valgrind leaks detected in test programs (not library
code)
-------------------------------------------------------------------
Fri Aug 23 12:06:22 UTC 2019 - matthias.gerstner@suse.com
- update to upstream version 2.2.3:
- changes in version 2.2.3:
* Fix computation of session name
* Fixed PolicyPassword handling of session Attributes
* Fixed windows build from dist ball
* Fixed default tcti configure option
* Fixed nonce size calculation in ESYS sessions
- changes in version 2.2.2:
* Fixed wrong encryption flag in EncryptDecrypt
* Fixing openssl engine invocation
-------------------------------------------------------------------
Fri Apr 26 10:37:23 UTC 2019 - mvetter@suse.com
- bsc#1130588: Require shadow instead of old pwdutils
-------------------------------------------------------------------
Wed Mar 6 10:06:35 UTC 2019 - matthias.gerstner@suse.com
- update to upstream version 2.2.1:
- changes from version 2.2.0:
- Fixed leak of hkey on success in iesys_cryptossl_hmac_start
- Fixed NULL ptr issues in Esys_HMAC_Start, Esys_HierarchyChangeAuth and Esys_NV_ChangeAuth
- Fixed NULL ptr issue in sequenceHandleNode
- Fixed NULL ptr auth handling in Esys_TR_SetAuth
- Fixed NULL auth handling in iesys_compute_session_value
- Fixed marshaling of TPM2Bs with sub types.
- Fixed NULL ptr session handling in Esys_TRSess_SetAttributes
- Fixed the way size of the hmac value of a session without authorization
- Added missing MU functions for TPM2_NT type
- Added missing MU functions for TPMA_ID_OBJECT type
- Added missing type TPM2_NT into tss2_tpm2_types.h
- Fixed wrong typename _ID_OBJECT in tss2_tpm2_types.h
- Fixed build breakage when --with-maxloglevel is not 'trace'
- Fixed build breakage in generated configure script when CFLAGS is set
- Fixed configure scritp ERROR_IF_NO_PROG macro
- Changed TPM2B type unmarshal to use sizeof of the dest buffer instead of dest
- Fixed unmarshaling of the TPM2B type with invalid size
- Removed dead code defect detected by coverity from Esys_TRSess_GetNonceTPM
- Added support for QNX build
- Added support for partial reads in device TCTI
- changes from version 2.1.1:
- Fixed leak of hkey on success in iesys_cryptossl_hmac_start
- Fixed NULL ptr issues in Esys_HMAC_Start, Esys_HierarchyChangeAuth and Esys_NV_ChangeAuth
- Fixed NULL ptr issue in sequenceHandleNode
- Fixed NULL ptr auth handling in Esys_TR_SetAuth
- Fixed NULL auth handling in iesys_compute_session_value
- Fixed marshaling of TPM2Bs with sub types.
- Fixed NULL ptr session handling in Esys_TRSess_SetAttributes
- Fixed the way size of the hmac value of a session without authorization
- Added missing MU functions for TPM2_NT type
- Added missing MU functions for TPMA_ID_OBJECT type
- Added missing type TPM2_NT into tss2_tpm2_types.h
- Fixed wrong typename _ID_OBJECT in tss2_tpm2_types.h
- Fixed build breakage when --with-maxloglevel is not 'trace'
- Fixed build breakage in generated configure script when CFLAGS is set
- Fixed configure scritp ERROR_IF_NO_PROG macro
- Changed TPM2B type unmarshal to use sizeof of the dest buffer instead of dest
- Fixed unmarshaling of the TPM2B type with invalid size
- Removed dead code defect detected by coverity from Esys_TRSess_GetNonceTPM
- changes from version 2.1.0:
- Fixed handling of the default TCTI
- Changed logging to be ISO-C99 compatible
- Fixed leak of dlopen handle
- Fixed logging of a response header tag in Tss2_Sys_Execute
- Fixed marshaling of TPM2B parameters in SAPI commands
- Fixed unnecessary warning in Esys_Startup
- Fixed warnings in doxygen documentation
- Added Esys_Free wrapper function for systems using different C runtime libraries
- Added Windows TBS TCTI
- Added non-blocking mode of operation in tcti-device
- Added tests for Esys_HMAC and Esys_Hash
- Enabled integration tests on physical TPM device
- Added openssl libcrypto backend
- Added Doxygen documentation to integration tests
- Refactored SetDecryptParam
- Enabled OpenSSL crypto backend by default
- changes from 2.0.2:
- Fixed NULL ptr issues in Esys_HMAC_Start, Esys_HierarchyChangeAuth and Esys_NV_ChangeAuth
- Fixed NULL ptr issue in sequenceHandleNode
- Fixed NULL ptr auth handling in Esys_TR_SetAuth
- Fixed NULL auth handling in iesys_compute_session_value
- Fixed marshaling of TPM2Bs with sub types.
- Fixed NULL ptr session handling in Esys_TRSess_SetAttributes
- Fixed the way size of the hmac value of a session without authorization
- Added missing MU functions for TPM2_NT type
- Added missing MU functions for TPMA_ID_OBJECT type
- Added missing type TPM2_NT into tss2_tpm2_types.h
- Fixed wrong typename _ID_OBJECT in tss2_tpm2_types.h
- Fixed build breakage when --with-maxloglevel is not 'trace'
- Fixed build breakage in generated configure script when CFLAGS is set
- Fixed configure scritp ERROR_IF_NO_PROG macro
- Changed TPM2B type unmarshal to use sizeof of the dest buffer instead of dest
- Fixed unmarshaling of the TPM2B type with invalid size
- Removed dead code defect detected by coverity from Esys_TRSess_GetNonceTPM
- introduce _service file for syncing with upstream tags
-------------------------------------------------------------------
Wed Sep 26 15:41:27 UTC 2018 - matthias.gerstner@suse.com
- update to upstream version 2.0.1 (FATE#324477):
- Fixed problems with doxygan failing make distcheck
- Fixed conversion of gcrypt mpi numbers to binary data
- Fixed an error in parsing socket address in MSSIM TCTI
- Fixed compilation error with --disable-tcti-mssim
- Added initialization function for gcrypt to suppress warning
- Fixed invalid type base type while marshaling TPMI_ECC_CURVE in Tss2_Sys_ECC_Parameters
- Fixed invalid RSA encryption with exponent equal to 0
- Fixed checking of return codes in ESAPI commands
- Added checks for programs required by the test harness @ configure time
- Fixed warning on TPM2_RC_INITIALIZE rc after a Startup in Esys_Startup
- Checked for 1.2 TPM type response
- Changed constants values in esys header file to unsigned
-------------------------------------------------------------------
Tue Sep 18 09:04:31 UTC 2018 - matthias.gerstner@suse.com
- also process udev triggers for tpmrm subsystem, otherwise /dev/tpmrm0 isn't
properly updated (at least on SLES-12-SP4)
-------------------------------------------------------------------
Thu Jul 5 15:40:23 UTC 2018 - matthias.gerstner@suse.com
- added all librares to baselibs.conf to satisfy 32-bit dependencies of esys0
and sys0
-------------------------------------------------------------------
Tue Jul 3 07:56:18 UTC 2018 - matthias.gerstner@suse.com
- Explicitly require udev to fix missing ownership for /usr/lib/udev.
-------------------------------------------------------------------
Fri Jun 29 10:55:58 UTC 2018 - matthias.gerstner@suse.com
- update to new major version 2.0.0:
- version_fix.patch: removed, we're now using the distribution tarballs
where this problem shouldn't happen
- this update introduces an incompatible ABI to the previous version.
all libraries have been renamed so there is not really a relation to
the old version any more.
- upstream changelog:
## [2.0.0] - 2018-06-20
### Added
- Implementation of the Marshal/Unmarshal library (libtss2-mu)
- Implementation of the Enhanced System API (libtss2-esys aka ESAPI)
- New implemetation of the TPM Command Transmission Interface (TCTI) for:
- communication with Linux TPM2 device driver: libtss2-tcti-device
- communication with Microsoft software simulator: libtss2-tcti-mssim
- New directory layout (API break)
- Updated documentation with new doxygen and updated man pages
- Support for Windows build with Visual Studio and clang, currently limited
to libtss2-mu and libtss2-sys
- Implementation of the new Attached Component (AC) commands
- Implementation of the new TPM2_PolicyAuthorizeNV command
- Implementation of the new TPM2_CreateLoaded command
- Implementation of the new TPM2_PolicyTemplate command
- Addition of _Complete functions to all TPM commands
- New logging framework
- Added const qualifiers to API input pointers (API break)
- Cleaned up headers and remove implementation.h and tpm2.h (API break)
### Changed
- Converted all cpp files to c, removed dependency on C++ compiler.
- Cleaned out a number of marshaling functions from the SAPI code.
- Update Linux / Unix OS detection to use non-obsolete macros.
- Changed TCTI macros to CamelCase (API break)
- Changed TPMA_types to unsigned int with defines instead of bitfield structs (API/ABI break)
- Changed Get/SetCmd/RspAuths to new parameter types (API/ABI break)
- Fixed order of parameters in AC commands: Input command authorizations
now come after the input handles, but still before the command parameters.
### Removed
- Removed all sysapi/sysapi_utils/*arshal_TPM*.c files
### Fixed
- Updated invalid number of handles in TPM2_PolicyNvWritten and TPM2_TestParms
- Updated PlatformCommand function from libtss2-tcti-mssim to no longer send
CANCEL_OFF before every command.
- Expanded TPM2B macros and removed TPM2B_TYPE1 and TPM2B_TYPE2 macros
- Fixed wrong return type for Tss2_Sys_Finalize (API break).
## [1.4.0] - 2018-03-02
### Added
- Attached Component commands from the last public review spec.
### Fixed
- Essential files missing from release tarballs are now included.
- Version string generation has been moved from configure.ac to the
bootstrap script. It is now stored in a file named `VERSION` that is
shipped in the release tarball.
- We've stopped shipping the built man page for InitSocketTcti.3 and now
ship the source.
-------------------------------------------------------------------
Wed Mar 7 14:48:50 UTC 2018 - matthias.gerstner@suse.com
- removed leftover comment from dropped reproducable.patch
-------------------------------------------------------------------
Thu Feb 22 09:41:46 UTC 2018 - matthias.gerstner@suse.com
- update to upstream version 1.3.0:
- support for reproducable builds
- improved documentation / manual pages
- various stability bugfixes
- EncryptDecrypt2 command is now implemented
- removed reproducible.patch. This is now included upstream.
- added version_fix.patch to fix package config version numbers.
-------------------------------------------------------------------
Fri Sep 1 14:27:33 UTC 2017 - matthias.gerstner@suse.com
- fix the "fix", turns out only the unversioned symlink's supposed to go into
-devel.
-------------------------------------------------------------------
Thu Jul 20 13:51:38 UTC 2017 - matthias.gerstner@suse.com
- no longer install the udev rule, it's now part of the new tpm2.0-abrmd
package.
- fixed a warning regarding a missing dependency of the devel package to the
main package
- correctly package library symlinks only in the devel package, the library
itself only in the library package. Was mixed up before.
-------------------------------------------------------------------
Wed Jul 19 14:10:02 UTC 2017 - matthias.gerstner@suse.com
- removed tpm2-0-tss-configure.patch, it was just a hack, fixed by requiring
autoconf-archive, see https://github.com/01org/TPM2.0-TSS/issues/227.
-------------------------------------------------------------------
Wed Jul 19 11:13:43 UTC 2017 - matthias.gerstner@suse.com
- Updated to upstream version 1.1.0
- With this version the resourcemgr daemon is dropped from this package. It
is replaced by a completely new implementation found in a new package
tpm2.0-abrmd. this package will only consist of the libraries any more.
- Changed
- tpmclient, disabled all tests that rely on the old resourcemgr.
- Fixed
- Fixed definition of PCR_LAST AND TRANSIENT_LAST macros.
- Removed
- tpmtest
- resourcemgr, replacement is in new repo: https://github.com/01org/tpm2-abrmd
-------------------------------------------------------------------
Sat May 27 05:07:22 UTC 2017 - bwiedemann@suse.com
- Add reproducible.patch to sort input files to make build reproducible
(boo#1041090)
-------------------------------------------------------------------
Thu May 11 15:13:49 UTC 2017 - matthias.gerstner@suse.com
- create tss user account and install udev rule to fix startup of resourcemgr
(bnc#1038586)
-------------------------------------------------------------------
Wed May 10 13:33:16 CEST 2017 - mgerstner@suse.com
- remove unnecessary dependency of libsapi0 to trousers. trousers has nothing
to do with tpm2-tss.
-------------------------------------------------------------------
Tue Apr 11 14:26:14 UTC 2017 - meissner@suse.com
- fixed typo in resourcemgr.service (bsc#1031004)
-------------------------------------------------------------------
Thu Feb 16 13:35:44 UTC 2017 - jengelh@inai.de
- Remove --with-pic which is only for static libs.
- Fix an improper Requires line.
- Split libtcti* from libsapi0; these are independentlty
developable units.
-------------------------------------------------------------------
Wed Feb 8 13:43:55 UTC 2017 - meissner@suse.com
- Updated to 1.0 (FATE#321508)
- Added
- Travis-CI integration with GitHub
- Unit tests for primitive (un)?marshal functions.
- Example systemd unit for resourcemgr.
- Allow for unit tests to be enabled selectively.
- added pkg-config files for libraries
- Changed
- move simulator initialization code to socket TCTI init function.
- socket TCTI finalize no longer frees context
- rename libtss2 to libsapi
- rename libtcti_device to libtcti-device
- rename libtcti_socket to libtcti-socket
- move $(includedir)/tss to $(includedir)/sapi
- Move default compiler flags to config.site file.
- Fixed
- Fix run away resourcemgr threads by closing client sockets when resourcemgr recv() call returns 0.
- Set MSG_NOSIGNAL for client connections to avoid SIGPIPE killing resourcemgr.
- Fixes to handling of persistent objects by resourcemgr.
- Removed
- Semicolon from TPMA_* macros definitions.
- Windows build files.
- SAPI_CLIENT macro tests.
- Security
- Fix buffer overflow in resourcemgr.
- use sample resourcemanager.service
- tpm2-0-tss-configure.patch: fix weird error.
-------------------------------------------------------------------
Thu Aug 25 14:09:35 UTC 2016 - meissner@suse.com
- Remove type=forking from service file (bsc#995554)
-------------------------------------------------------------------
Sat Aug 6 19:28:27 UTC 2016 - meissner@suse.com
- added a systemd unit service file (FATE#315631)
-------------------------------------------------------------------
Fri May 6 19:45:29 UTC 2016 - jengelh@inai.de
- Correct package naming to be in line with shared library guideline
- Remove unused systemd build and runtime dependencies
(FATE#315631)
-------------------------------------------------------------------
Fri Apr 8 07:54:36 UTC 2016 - dimstar@opensuse.org
- Fix rpm group of library package: libs belong, per definition, to
the group "System/Libraries". (FATE#315631)
-------------------------------------------------------------------
Wed Feb 24 10:22:38 UTC 2016 - meissner@suse.com
- initial import of the tpm 2.0 tss stack (FATE#315631)

336
tpm2-0-tss.spec Normal file
View File

@ -0,0 +1,336 @@
#
# spec file for package tpm2-0-tss
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: tpm2-0-tss
Version: 4.0.1
Release: 0
Summary: Intel's TCG Software Stack access libraries for TPM 2.0 chips
License: BSD-2-Clause
Group: Productivity/Security
URL: https://github.com/tpm2-software/tpm2-tss
Source0: https://github.com/tpm2-software/tpm2-tss/releases/download/%{version}/tpm2-tss-%{version}.tar.gz
Source1: https://github.com/tpm2-software/tpm2-tss/releases/download/%{version}/tpm2-tss-%{version}.tar.gz.asc
# curl https://github.com/williamcroberts.gpg > tpm2-tss.keyring
Source2: tpm2-tss.keyring
Source3: baselibs.conf
BuildRequires: /usr/sbin/groupadd
BuildRequires: acl
BuildRequires: doxygen
BuildRequires: gcc-c++
BuildRequires: libgcrypt-devel
BuildRequires: pkgconfig
BuildRequires: pkgconfig(json-c)
BuildRequires: pkgconfig(libcurl)
BuildRequires: pkgconfig(libopenssl)
BuildRequires: pkgconfig(udev)
BuildRequires: pkgconfig(uuid)
# The same user is employed by trousers (and was employed by the old
# resourcemgr shipped with the tpm2-0-tss package):
#
# trousers just needs those accounts for dropping privileges to. The service
# starts as root and uses set*id to drop to tss, after the tpm device has been
# opened.
#
# tpm2-abrmd has no set*id handling and thus requires /dev/tpm to be owned
# by the tss user. Therefore we also need to install a udev rule file.
#
# trousers was here first and created the user like this, also giving it a
# home in /var/lib/tpm. I don't think the home directory is used by either of
# the packages ATM. Trousers is keeping state there, but the directory is
# owned by root and files are opened before dropping privileges. The passwd
# entry seems not to be evaluated.
Requires(pre): user(tss)
%description
The tpm2-0-tss package provides a TPM 2.0 TSS implementation. This
implementation is developed by INTEL. This package contains the libraries,
see the tpm2.0-abrmd package for the resource manager daemon, tpm2.0-tools for
utilities.
%package devel
Summary: Development headers for the Intel TSS library for TPM 2.0 chips
Group: Development/Libraries/C and C++
Requires: glibc-devel
Requires: libtss2-esys0 = %{version}
Requires: libtss2-fapi1 = %{version}
Requires: libtss2-mu0 = %{version}
Requires: libtss2-policy0 = %{version}
Requires: libtss2-rc0 = %{version}
Requires: libtss2-sys1 = %{version}
Requires: libtss2-tcti-cmd0 = %{version}
Requires: libtss2-tcti-device0 = %{version}
Requires: libtss2-tcti-mssim0 = %{version}
Requires: libtss2-tcti-pcap0 = %{version}
Requires: libtss2-tcti-spi-helper0 = %{version}
Requires: libtss2-tcti-swtpm0 = %{version}
Requires: libtss2-tctildr0 = %{version}
Requires: tpm2-0-tss = %{version}
%description devel
This package provides the development files for the tpm2 stack's libraries for
accessing TPM 2.0 chips.
%package -n libtss2-esys0
Summary: TPM2 Enhanced System API (ESAPI)
Group: System/Libraries
%description -n libtss2-esys0
This API is a 1-to-1 mapping of the TPM2 commands documented in Part 3 of the
TPM2 specification. Additionally there are asynchronous versions of each
command. In addition to SAPI, the ESAPI performs tracking of meta data for
TPM object and automatic calculation of session based authorization and
encryption values. Both the synchronous and asynchronous API are exposed
through this library.
%package -n libtss2-sys1
Summary: TPM2 System API (SAPI)
Group: System/Libraries
%description -n libtss2-sys1
System API (SAPI) as described in the system level API and TPM command
transmission interface specification. This API is a 1-to-1 mapping of the TPM2
commands documented in Part 3 of the TPM2 specification. Additionally there
are asynchronous versions of each command. These asynchronous variants may be
useful for integration into event-driven programming environments. Both the
synchronous and asynchronous API are exposed through this library.
%package -n libtss2-mu0
Summary: TPM2 marshaling/unmarshaling library
Group: System/Libraries
%description -n libtss2-mu0
Marshaling/Unmarshaling (MU) as described in the TCG TSS 2.0
Marshaling/Unmarshaling API Specification. This API provides a set of
marshaling and unmarshaling functions for all data types defined by the TPM
library specification.
%package -n libtss2-rc0
Summary: TPM2 error code translation library
Group: System/Libraries
%description -n libtss2-rc0
This library can translate TPM error codes into human readable strings.
%package -n libtss2-tctildr0
Summary: TCTI interface loading library
Group: System/Libraries
%description -n libtss2-tctildr0
This is a helper library that simplifies loading other tcti libraries. It is
recommended over custom tcti loading code in applications.
%package -n libtss2-tcti-device0
Summary: TCTI interface library for using a native TPM device node
Group: System/Libraries
%description -n libtss2-tcti-device0
TPM Command Transmission Interface library for communicating with a
TPM device node. This provides direct access to the TPM through the Linux
kernel driver.
%package -n libtss2-tcti-mssim0
Summary: TCTI interface library for Microsoft software TPM2 simulator
Group: System/Libraries
%description -n libtss2-tcti-mssim0
TPM Command Transmission Interface library for communicating using the
protocol exposed by the Microsoft software TPM2 simulator.
%package -n libtss2-fapi1
Summary: FAPI interface library
Group: System/Libraries
%description -n libtss2-fapi1
This is the tpm2 Feature API (FAPI) library. This API is designed to be very
high-level API, intended to make programming with the TPM as simple as
possible.
%package -n libtss2-policy0
Summary: TPM2 FAPI policy library
Group: System/Libraries
%description -n libtss2-policy0
Library that exposes the internal FAPI policy engine as a consumable
library and stable API. Users can take arbitrary JSON policy strings
and implement the callbacks required to produce calculated policies
without a TPM as well as execute policies on an ESYS TR session for
satisfying access policies on an object.
%package -n libtss2-tcti-cmd0
Summary: TCTI cmd interface library
Group: System/Libraries
%description -n libtss2-tcti-cmd0
A TCTI for interaction with a subprocess. It abstracts the details of direct
communication with the interface and protocol exposed by a subprocess that can
receive and transmit raw TPM2 command and response buffers.
%package -n libtss2-tcti-swtpm0
Summary: TCTI swtpm interface library
Group: System/Libraries
%description -n libtss2-tcti-swtpm0
A TCTI for interaction with the TPM2 software simulator. It abstracts the
details of direct communication with the interface and protocol exposed by the
daemon hosting the TPM2 reference implementation.
%package -n libtss2-tcti-pcap0
Summary: TCTI pcap interface library
Group: System/Libraries
%description -n libtss2-tcti-pcap0
A TCTI which prints TPM commands and responses to a file in pcap-ng format. It abstracts the
details of direct communication with the interface and protocol exposed by the
daemon hosting the TPM2 reference implementation.
%package -n libtss2-tcti-spi-helper0
Summary: TCTI spi interface library
Group: System/Libraries
%description -n libtss2-tcti-spi-helper0
A TCTI module for communication via SPI TPM device driver. Abstracts
the details of communication with a TPM via SPI protocol. It uses user
supplied methods for SPI and timing operations in order to be platform
independent.
%prep
%autosetup -n tpm2-tss-%{version}
%build
# configure looks for groupadd on PATH
export PATH="$PATH:%{_sbindir}"
%configure --disable-static \
--with-udevrulesdir=%{_udevrulesdir} \
--with-runstatedir=%{_rundir} \
--with-tmpfilesdir=%{_tmpfilesdir} \
--with-sysusersdir=%{_sysusersdir}
%make_build PTHREAD_LDFLAGS=-pthread
%install
%make_install
find %{buildroot} -type f -name "*.la" -delete -print
# rename the rules file to have a numbered prefix as all others have, too
%define udev_rule_file 90-tpm.rules
mv %{buildroot}%{_udevrulesdir}/tpm-udev.rules %{buildroot}%{_udevrulesdir}/%{udev_rule_file}
# Conflicts with system-users
rm %{buildroot}%{_sysusersdir}/tpm2-tss.conf
%post
%{_bindir}/udevadm trigger -s tpm -s tpmrm || :
%post -n libtss2-esys0 -p /sbin/ldconfig
%postun -n libtss2-esys0 -p /sbin/ldconfig
%post -n libtss2-sys1 -p /sbin/ldconfig
%postun -n libtss2-sys1 -p /sbin/ldconfig
%post -n libtss2-tctildr0 -p /sbin/ldconfig
%postun -n libtss2-tctildr0 -p /sbin/ldconfig
%post -n libtss2-tcti-device0 -p /sbin/ldconfig
%postun -n libtss2-tcti-device0 -p /sbin/ldconfig
%post -n libtss2-tcti-mssim0 -p /sbin/ldconfig
%postun -n libtss2-tcti-mssim0 -p /sbin/ldconfig
%post -n libtss2-mu0 -p /sbin/ldconfig
%postun -n libtss2-mu0 -p /sbin/ldconfig
%post -n libtss2-rc0 -p /sbin/ldconfig
%postun -n libtss2-rc0 -p /sbin/ldconfig
%post -n libtss2-fapi1
/sbin/ldconfig
%tmpfiles_create %{_tmpfilesdir}/tpm2-tss-fapi-%{version}.conf
%postun -n libtss2-fapi1 -p /sbin/ldconfig
%post -n libtss2-policy0 -p /sbin/ldconfig
%postun -n libtss2-policy0 -p /sbin/ldconfig
%post -n libtss2-tcti-cmd0 -p /sbin/ldconfig
%postun -n libtss2-tcti-cmd0 -p /sbin/ldconfig
%post -n libtss2-tcti-swtpm0 -p /sbin/ldconfig
%postun -n libtss2-tcti-swtpm0 -p /sbin/ldconfig
%post -n libtss2-tcti-pcap0 -p /sbin/ldconfig
%postun -n libtss2-tcti-pcap0 -p /sbin/ldconfig
%post -n libtss2-tcti-spi-helper0 -p /sbin/ldconfig
%postun -n libtss2-tcti-spi-helper0 -p /sbin/ldconfig
%files
%doc *.md
%license LICENSE
%{_mandir}/man3/*
%{_mandir}/man5/*
%{_mandir}/man7/tss2-*
%{_udevrulesdir}/%{udev_rule_file}
%dir %{_sysconfdir}/tpm2-tss/
%config %{_sysconfdir}/tpm2-tss/fapi-config.json
%dir %{_sysconfdir}/tpm2-tss/fapi-profiles
%config %{_sysconfdir}/tpm2-tss/fapi-profiles/*.json
%files devel
%{_includedir}/tss2
%{_libdir}/*.so
%{_libdir}/pkgconfig/*.pc
%files -n libtss2-esys0
%{_libdir}/libtss2-esys.so.*
%files -n libtss2-sys1
%{_libdir}/libtss2-sys.so.*
%files -n libtss2-mu0
%{_libdir}/libtss2-mu.so.*
%files -n libtss2-rc0
%{_libdir}/libtss2-rc.so.*
%files -n libtss2-tctildr0
%{_libdir}/libtss2-tctildr.so.*
%files -n libtss2-tcti-device0
%{_libdir}/libtss2-tcti-device.so.*
%files -n libtss2-tcti-mssim0
%{_libdir}/libtss2-tcti-mssim.so.*
%files -n libtss2-fapi1
%{_libdir}/libtss2-fapi.so.*
%{_tmpfilesdir}/tpm2-tss-fapi.conf
# this would fix "tmpfile-not-in-filelist" warnings but when adding these
# entries then it complains about "directories not owned by a package:" for
# /run/tpm2-0-tss & friends. When adding them as %%ghost, too, then Leap15.1
# complains about "found conflict of libtss2-fapi1-3.0.1-lp152.103.1.x86_64
# with libtss2-fapi1-3.0.1-lp152.103.1.x86_64". Thus leave it be for the
# moment, some insane circle of errors is involved here.
#
# it seems the problem is that during `make install` the package runs
# systemd-tmpfiles --create, and the directories are created outside the
# package's install tree. It seems this is not expected by RPM.
# %%ghost %%{_sharedstatedir}/%%{name}/system/keystore
# %%ghost %%{_rundir}/%%{name}/eventlog
%files -n libtss2-policy0
%{_libdir}/libtss2-policy.so.*
%files -n libtss2-tcti-cmd0
%{_libdir}/libtss2-tcti-cmd.so.*
%files -n libtss2-tcti-swtpm0
%{_libdir}/libtss2-tcti-swtpm.so.*
%files -n libtss2-tcti-pcap0
%{_libdir}/libtss2-tcti-pcap.so.*
%files -n libtss2-tcti-spi-helper0
%{_libdir}/libtss2-tcti-spi-helper.so.*
%changelog

BIN
tpm2-tss-4.0.1.tar.gz (Stored with Git LFS) Normal file
View File

Binary file not shown.

16
tpm2-tss-4.0.1.tar.gz.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEW0grjj4Z2nyXjh0BbeLpB44fUMEFAmPO1PMACgkQbeLpB44f
UMFtQw/+IDx+P0RGWthfR3f4t/cfp9JBgiHfujNigWpv9LNG439Sew+8njEsmvEP
2yAHIiJGFMkwXadLNWgUnhvGYS628zqoPMLgDUW9PVAirrvo6XMf45wrBVLOZTX/
1N6Bol9wT3TfcVUnSbL/0oZwgTAxSDQJB7I64788ujwGnrbBLTEirDB/sqVVFF5k
1g3rMMH95nTGBqm96PA8gKYutOdOpOH9Gn/CexX9NuDrb00Nqx906kybkCIYEkdy
2Fp03zNTEo+iRtSIhrDZVbab/1UUN2r0rc6T6gABePUHS2lxPth6tLX0tVpq3RLJ
1mi7XJuri2Mqw4APOnavrK5qpCgAqONOn92+QqzmPylUFsRM6mzalDALvDwwknp4
sEohsiPyxCC+oSErm5Urh3yUlZ8c068zQ1OXGOdZPNM281bEGf3ORRemkI1gT7eI
cC4Y3YRuWBeQyoANAzrAJYttsOe9ia/PadnnQiWcMPH4o4hGjgvYPJuI6fePn2SS
dgC9Z1O1LOk17XnNQb3cAshiOPQo8BjQB89QUi4pJRCbpY6WEB6Wc9OmEEhUuWDT
3ECHeDZGPRg6G4xELT2SZ2QMDhlfORaV0hbU0lMoNMQrslrZALm8424bDt3Q7R9j
iPkpp4ArVdxYvbENkdVcZBZF0qAmPmolNv/PkLVK0o9mYEmXVp8=
=vwbh
-----END PGP SIGNATURE-----

51
tpm2-tss.keyring Normal file
View File

@ -0,0 +1,51 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFik3GUBEADYDYbSXH3UTr9oCNCI3UxC1hiLH7cM+QIbMtWiwfAbT3G8wrTa
NPj00qNvI4wQ/Xm3h0hB7kri7vP0FqIjIwsTdM6ZpFdVHHKW1m4P8fkOcxqmLN0g
V36MN5fgoGWf2K94aS7ItoweRMcuHnwWawe6aAtbKSYVqhWhoB/3grgd0xhE61AS
o8fJ7uRYNEAYVeOKlC2j+qKfoJbCa6yqZejFwOOzB6qxNRA7JYvckEf8yJ4+Y16m
qPyZ1ErHzpql3+b5ha+g+9g8WzxAbSfGYZTwaQxyePNjXuq2tdEXf9XnESvoaoN4
pQhiu/0BJEkXPxl1zso65g4Mn22xEELhUnwPDo5YdLlWEZ8xhELLvdJc3Z0nTR5A
4/YaZvvzf7pOD1cwpB6IrRf8n9rOe1aDxh/A//zX9PpIOV25p5kqlE88Ya5VXrnA
Ayfs19RZmK3+FuaI0ij79CRokG9BrI6TXT0pRTDIRu7GvAo2q13MELRvFddyRT2G
mNjsHYcqEbraYTh3LHEiwfWp4ZgDtk8jj3iRabHQUHk9V8vSFzj+wp1E8HzO8Vp3
BxMDIOG1VPdLi81DP+LbZI1h30ZG63ulqkKIhwx5/h2v4VCYPatVtGqVf37tLstj
Wrs0DkBykuZrecp+AJ5ZJ+UVvR8ajO2ncAoOugNwoj9Wuvz0fVTiJIhuNQARAQAB
tDxXaWxsaWFtIFJvYmVydHMgKEJpbGwgUm9iZXJ0cykgPHdpbGxpYW0uYy5yb2Jl
cnRzQGludGVsLmNvbT6JAjgEEwECACIFAlik3GUCGwMGCwkIBwMCBhUIAgkKCwQW
AgMBAh4BAheAAAoJEG3i6QeOH1DBibEQAL4EwEzegkc8NyHiW0mntwDoCv3tkUlG
fprp/g7GWfrP+L+pN5yexg3Zm/CgVN/tTNCEr5XtP+sdds8xBF6ReJ8QPO7EiMiM
asPXh8zlODrySXCGHmpa7IzuUC2wgD3Wq7WjniMvnBmqBdL0+8nqA6NFxOOklvK1
ub7bqLrHKfUfciFOfYAi+C0Bh8kdZtMjfY9sqlJA3sVK2UxVXq9D+oHbL1o454N6
VzV0rDtsK47GSSCXT75kulPdfOCopTgxPgNsK4VnXgMOL5JMURPJa3rBzmBRFed1
ynrqwFdmYdMepsUgt/JS2I/23QChqp6AdVDjtGLKS71hox+vdE4S0DoRnMHwHkkt
B6bqQci3RlUP+wcHHRCUXUubxMSlYJqhBdEOclo6N0X0LseLcdAMGda8ZnqbHlyg
hPLmJrM3C5zTLjDb2YJXCy6RVNwqAnU3o33SZCnHqo/zUjEtR03Ztk1DzSeCjo5w
zLac1VFq5S3QdgZUwmPhyeoigqOvHu6Z1s2eL8Aw7Hn8i6MWLz5sOXAtyC9NPwK/
qbp1a+GQXzNW4rvKl7ZEFKrBKyj8AiRoVLSRKcqZtFT56ltXQjrwKjsWDTEOzjnm
XCSM96xfay6asQH5fw+haC3RIErwyNV0uUDIVC0xDTZ6NgJEBkp8liwNeHE7eHoN
8qWSZZO2syf7uQINBFik3GUBEAC7V2o1kBsLFSKwmgsCuGfW0oBIQiaCcakT6D2X
rKBjmzBvh/UIdXQwl9+vPKtWX3T/7g6UBvezV3uc2ZqrigGmFemoQI3sW7wFk0L9
/QTUWCMfZtyrWgqyetmPYS+i2PnsEPinsgsEHWf3iu/ew1A7npZwINwMdOSOVw2u
JqYyW2tZCErWKVe31ziYUpXA+HaRm9zoVr0F0sE2GYGWbMVYtqxN9TSYcIAHxB71
Y31dcY77ln/1JAH4Yzqc063w/lNYogEbbQY7WNgcKdPP+aovpV7kS3TKwsdb9/xT
pj67nnlvjLTMRoW3Ez0PcIDFhuube9uOQupYG4rC4grLeVLwL/ekVmn6TxRN1hG7
6zYXWiwWi16uAO++eBNt127FwCOVZsPO0ye3/XpOpCdpUadguxF2gGt6xY0gtetj
Vdv6S4kCdSx8NMrO2epS/1pgklxN9R/xl7Wu+JPUuVX4Jy0ycmw7TCWxdK2fuFy6
6aLCXWWEjRSp06oeVJoVV2py+rYaoau7JG7Zgx1A3gYTm6MLFysfROaQgmfRozIH
0boYh3IA1WWzk4I6ew129ynC5zGXg/+UCnKKwn8Tsh9neq9noRDAonWI7jOCipwF
l51py82093M87zjz9o/qxnB8p00jByQ+MunUykaZrkQKHAsiyIF6cUIeQiy/AL7n
wwSPQQARAQABiQIfBBgBAgAJBQJYpNxlAhsMAAoJEG3i6QeOH1DBtO8P/1D98sl3
oz/0oSSz0u9nzgOh93UkLbXpjSR4U+g7Wl2ppxQyGSFeWwRwT5BT74EVP2IcrraX
V9c7l+s8PYqnUdX2XAqGMv06523cCrNUU93kUUNjAo3FxGSn7i2kHIvMkDbUoeVk
jyWKfIvyy2sKcVB9GQxfMrbnTR5/Z6fCyGHNqMFb9e9TUWclLzMIhvtkvLuKmf52
TKKxKQt/wero5zb0fynOttIjuhmOP9CFTiYjdj7qSmQapW8VFdYjyzL+OOFk9gCL
S3mIk1LdkfWah7trmMUTXdmiEibvARAQ3Yjr+Hz9yU1gzEJSPUUugNguqgS5kN+T
3TdwUHAP9whVD2IvN/Mfn29bmFFVfzu3ftJIa1zJmOdZy7KWb6MWVhw3SJ65luPB
qxKWRqFDOSpqzBm6bYQ/Oka49Jl7/dCImSm+7bCC7LDK9hXa3AIlDtWvG4iiL18T
wUOrgXPysB/D/NQaRxT/vSPUOB4WrQzIKIf4vJdyuPdtOtIWm97KUw8r/jDqd4I3
B62qknrrR+FPcz8ACM9fXkpbBEcjFV8EkoOae106Vxjo/lu5LVBbwiKviMMwoK5o
YE7FfCwLBbLTYMeetHo8jGBRonTEOKMtPlp/fCMOp9w7CgMDuvfEwuTsA1ux4uAb
tZZIbipcKcZmsU7Su4+oeyh61giG++M5rL2D
=xdFJ
-----END PGP PUBLIC KEY BLOCK-----