.gitignore

@@ -1 +1,2 @@
-SOURCES/libtpms-20211126.tar.xz
+/libtpms-*/
+/libtpms-*.tar.gz*

.libtpms.metadata

@@ -1 +0,0 @@
-ae609402e34992590961b0d025e9ef1202d8dede SOURCES/libtpms-20211126.tar.xz

0001-tpm2-Return-TPM_RC_VALUE-upon-decryption-failure.patch

@@ -0,0 +1,31 @@
+From 1b0b41293a0d49ff8063542fcb3a5ee1d4e10f7e Mon Sep 17 00:00:00 2001
+From: Stefan Berger <stefanb@linux.ibm.com>
+Date: Mon, 29 Jul 2024 10:19:00 -0400
+Subject: [PATCH] tpm2: Return TPM_RC_VALUE upon decryption failure
+
+When decryption fails then return TPM_RC_VALUE rather than TPM_RC_FAILURE.
+The old error code could indicate to an application or driver that
+something is wrong with the TPM (has possibly gone into failure mode) even
+though only the decryption failed, possibly due to a wrong key.
+
+Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
+---
+ src/tpm2/crypto/openssl/CryptRsa.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/tpm2/crypto/openssl/CryptRsa.c b/src/tpm2/crypto/openssl/CryptRsa.c
+index b5d6b6c3..88ee3bac 100644
+--- a/src/tpm2/crypto/openssl/CryptRsa.c
++++ b/src/tpm2/crypto/openssl/CryptRsa.c
+@@ -1457,7 +1457,7 @@ CryptRsaDecrypt(
+     outlen = sizeof(buffer);
+     if (EVP_PKEY_decrypt(ctx, buffer, &outlen,
+                          cIn->buffer, cIn->size) <= 0)
+-        ERROR_RETURN(TPM_RC_FAILURE);
++        ERROR_RETURN(TPM_RC_VALUE);
+ 
+     if (outlen > dOut->size)
+         ERROR_RETURN(TPM_RC_FAILURE);
+-- 
+2.41.0.28.gd7d8841f67
+

SOURCES/0001-tpm2-When-writing-state-initialize-s_ContextSlotMask.patch

@@ -1,51 +0,0 @@
-From b662e6fd7169f31ef664ecd0b0b45547462e1e31 Mon Sep 17 00:00:00 2001
-From: Stefan Berger <stefanb@linux.ibm.com>
-Date: Tue, 4 Jan 2022 14:45:31 -0500
-Subject: [PATCH] tpm2: When writing state initialize s_ContextSlotMask if not
- set
-
-If s_ContextSlotMask was not set since the TPM 2 was not initialized
-by a call to TPM_Manufacture() or the state was not resumed, then
-initialize the s_ContextSlotMask to 0xffff.
-
-This situation can occur if a VM with an attached swtpm was started
-and the VM's firmware either doesn't support TPM or didn't get to
-initialize the vTPM.
-
-The following commands recreated the issue with a SeaBIOS-only VM that
-had no attached hard disk but an attached TPM 2:
-
-virsh start BIOS-only-VM ; virsh save BIOS-only-VM save.bin ; \
- virsh restore save.bin
-
-Error: Failed to restore domain from save.bin
-error: internal error: qemu unexpectedly closed the monitor: \
-2022-01-04T19:26:18.835851Z qemu-system-x86_64: tpm-emulator: Setting the stateblob (type 2) failed with a TPM error 0x3 a parameter is bad
-2022-01-04T19:26:18.835899Z qemu-system-x86_64: error while loading state for instance 0x0 of device 'tpm-emulator'
-2022-01-04T19:26:18.835929Z qemu-system-x86_64: load of migration failed: Input/output error
-
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2035731
-Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
----
- src/tpm2/NVMarshal.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/src/tpm2/NVMarshal.c b/src/tpm2/NVMarshal.c
-index 996c73c..c7cd1e0 100644
---- a/src/tpm2/NVMarshal.c
-+++ b/src/tpm2/NVMarshal.c
-@@ -1422,6 +1422,11 @@ STATE_RESET_DATA_Marshal(STATE_RESET_DATA *data, BYTE **buffer, INT32 *size)
-     written += UINT16_Marshal(&array_size, buffer, size);
-     for (i = 0; i < array_size; i++)
-         written += UINT16_Marshal(&data->contextArray[i], buffer, size);
-+
-+    if (s_ContextSlotMask != 0x00ff && s_ContextSlotMask != 0xffff) {
-+        /* TPM wasn't initialized, so s_ContextSlotMask wasn't set */
-+        s_ContextSlotMask = 0xffff;
-+    }
-     written += UINT16_Marshal(&s_ContextSlotMask, buffer, size);
- 
-     written += UINT64_Marshal(&data->contextCounter, buffer, size);
--- 
-2.36.1
-

SPECS/libtpms.spec

@@ -1,263 +0,0 @@
-%global gitdate   20211126
-%global gitversion 1ff6fe1f43
-
-Name:           libtpms
-Version:        0.9.1
-Release:        1.%{gitdate}git%{gitversion}%{?dist}
-
-Summary: Library providing Trusted Platform Module (TPM) functionality
-License:        BSD
-Url:            http://github.com/stefanberger/libtpms
-Source0:        libtpms-%{gitdate}.tar.xz
-ExcludeArch:    i686
-Patch0003:      0001-tpm2-When-writing-state-initialize-s_ContextSlotMask.patch
-
-BuildRequires:  openssl-devel
-BuildRequires:  pkgconfig gawk sed
-BuildRequires:  automake autoconf libtool bash coreutils gcc-c++
-BuildRequires:  git
-BuildRequires:  make
-
-%description
-A library providing TPM functionality for VMs. Targeted for integration
-into Qemu.
-
-%package        devel
-Summary:        Include files for libtpms
-Requires:       %{name}%{?_isa} = %{version}-%{release}
-
-%description   devel
-Libtpms header files and documentation.
-
-%prep
-%autosetup -S git -n %{name}-%{gitdate}
-%build
-NOCONFIGURE=1 sh autogen.sh
-%configure --disable-static --with-tpm2 --without-tpm1 --with-openssl
-%make_build
-
-%check
-make check
-
-%install
-%make_install
-find %{buildroot} -type f -name '*.la' | xargs rm -f -- || :
-
-%ldconfig_scriptlets
-
-%files
-%license LICENSE
-%doc README CHANGES
-%{_libdir}/lib*.so.*
-
-%files devel
-%dir %{_includedir}/%{name}
-%{_includedir}/%{name}/*.h
-%{_libdir}/lib*.so
-%{_libdir}/pkgconfig/*.pc
-%{_mandir}/man3/*
-
-%changelog
-* Thu Jul 28 2022 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.1-1.20211126git1ff6fe1f43
-- Backport s_ContextSlotMask initialization fix
-  Resolves: rhbz#2111433
-
-* Thu Dec 09 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.1-0.20211126git1ff6fe1f43
-- Rebase to 0.9.1 (sync with RHEL9)
-  Resolves: rhbz#2029355
-
-* Tue Aug 31 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.4-6.20201106git2452a24dab
-- Fix CVE-2021-3746 libtpms: out-of-bounds access via specially crafted TPM 2 command packets
-  Resolves: rhbz#1999307
-
-* Mon Jun 28 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.4-5.20201106git2452a24dab
-- Fix CVE-2021-3623: out-of-bounds access when trying to resume the state of the vTPM
-  Fixes: rhbz#1976816
-
-* Wed Mar 17 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.4-4.20201106git2452a24dab
-- tpm2: CryptSym: fix AES output IV
-  Fixes: rhbz#1942904
-
-* Fri Feb 19 2021 Eduardo Lima (Etrunko) <etrunko@redhat.com> - 0.7.4-3.20201106git2452a24dab
-- Add git as build dependency
-  Related: rhbz#1858821
-
-* Wed Feb 17 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.4-2.20201106git2452a24dab
-- tpm2: Return properly sized array for b parameter for NIST P521 (HLK) #180 
-  Fixes: rhbz#1858821
-
-* Fri Nov  6 18:46:36 +04 2020 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.4-1.20201106git2452a24dab
-- Follow stable-0.7.0 branch to v0.7.4 with security-related fixes.
-  Fixes: rhbz#1893444
-
-* Tue Aug 18 2020 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.3-1.20200818git1d392d466a
-- Update to v0.7.3 stable, fixes rhbz#1868447
-- (includes "tpm2: fix PCRBelongsTCBGroup for PCClient")
-
-* Thu May 28 2020 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.2-1.20200527git7325acb477
-- Update to v0.7.2 stable snapshot, fixes rhbz#1809676
-- exclude i686 build
-- Following stable-0.7.0 branch for TPM 2 related fixes: RSA decryption,
-  PSS salt length, symmetric decryption (padding)
-- Under certain circumstances an RSA decryption could cause a buffer overflow causing
-  termination of the program (swtpm)
-- Following stable-0.7.0 branch for TPM 2 related fixes; v0.7.1 + gcc related patch
-- elliptic curve fixes
-- MANUFACTURER changed from "IBM " to "IBM"
-- gcc 10 related fix
-- Following stable-0.7.0 branch for TPM 1.2 related bugfix
-
-* Fri Oct 18 2019 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.0-1.20191018gitdc116933b7
-- RHEL8.1.1 update
-- Update to v0.7.0 stable snapshot
-
-* Tue Apr 16 2019 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.6.1-0.20190121git9dc915572b.2
-- RHEL8.1 build
-
-* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.1-0.20190121git9dc915572b.1
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
-
-* Mon Jan 21 2019 Stefan Berger <stefanb@linux.ibm.com> - 0.6.1-0.20190121git9dc915572b
-- Libtpms was updated to rev. 150 of TPM 2.0 code
-- following branch stable-0.6.0
-
-* Tue Dec 11 2018 Stefan Berger <stefanb@linux.ibm.com> - 0.6.0-0.20181211gitba56737b93
-- Following bugfixes in libtpms
-
-* Wed Oct 31 2018 Stefan Berger <stefanb@linux.ibm.com> - 0.6.0-0.20181031git0466fcf6a4
-- Following improvements in libtpms
-
-* Tue Sep 18 2018 Stefan Berger <stefanb@linux.vnet.ibm.com - 0.6.0-0.20180918gite8e8633089
-- Fixed changelog
-
-* Mon Sep 17 2018 Stefan Berger <stefanb@linux.vnet.ibm.com - 0.6.0-0.20180917gite8e8633089
-- Build snapshot from git after libtpms fix.
-
-* Fri Sep 14 2018 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.6.0-0.20180914git4111bd1bcf
-- Build snapshot from git, simplify spec
-
-* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.2-12
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
-
-* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.2-11
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
-
-* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.2-10
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
-
-* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.2-9
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
-
-* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.2-8
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
-
-* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.2-7
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
-
-* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.2-6
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
-
-* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.2-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
-
-* Sat Aug 16 2014 Stefan Berger - 0.5.2-3
-- do not include libtpms.la in rpm
-
-* Mon Jul 14 2014 Stefan Berger - 0.5.2-2
-- Added patches
-
-* Mon Jun 30 2014 Stefan Berger - 0.5.2-1
-- Updated to version 0.5.2
-- coverity fixes
-- fixes for ARM64 using __aarch64__
-
-* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.1-20.1
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
-
-* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.1-19
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
-
-* Mon Mar 25 2013 Stefan Berger - 0.5.1-18
-- Ran autoreconf for support of aarch64
-- Checking for __arm64__ in code
-
-* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.1-17
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
-
-* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.1-16
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
-
-* Fri Feb 17 2012 Peter Robinson <pbrobinson@fedoraproject.org> - 0.5.1-15
-- Add dist tag as required by package guidelines
-
-* Fri Jan 27 2012 Stefan Berger - 0.5.1-14
-- fix gcc-4.7 compilation problem
-
-* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.1-13
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
-
-* Tue Dec 20 2011 Dan Horák <dan[at]danny.cz> - 0.5.1-12
-- fix build on secondary arches
-
-* Wed Nov 2 2011 Stefan Berger - 0.5.1-11
-- added (lib)gmp as runtime dependency
-
-* Sat Oct 8 2011 Stefan Berger - 0.5.1-10
-- internal fixes; callback fixes
-
-* Tue Aug 30 2011 Stefan Berger - 0.5.1-9
-- new directory structure and build process
-
-* Tue Jul 12 2011 Stefan Berger - 0.5.1-8
-- added pkgconfig as build dependency
-- enabling __powerpc__ build following Bz 728220
-
-* Wed May 25 2011 Stefan Berger - 0.5.1-7
-- increasing NVRAM area space to have enough room for certificates
-
-* Wed May 25 2011 Stefan Berger - 0.5.1-6
-- adding libtpms.pc pkg-config file
-
-* Wed Apr 13 2011 Stefan Berger - 0.5.1-5
-- adding BuildRequires for nss-softokn-freebl-static
-- several libtpms-internal changes around state serialization and 
-  deserialization
-- fixes to libtpms makefile (makefile-libtpms)
-- adding build_type to generate a debug or production build
-- need nss-devel to have nss-config
-
-* Tue Mar 08 2011 Stefan Berger - 0.5.1-4
-- small fixes to libtpms makefile
-
-* Fri Feb 25 2011 Stefan Berger - 0.5.1-3
-- removing release from tar ball name
-- Use {?_smp_mflags} for make rather than hardcoding it
-- Fixing post and postun scripts; removing the scripts for devel package
-- Fixing usage of defattr
-- Adding version information into the changelog headers and spaces between the changelog entries
-- Adding LICENSE, README and CHANGELOG file into tar ball and main rpm
-- Removing clean section
-- removed command to clean the build root
-- adding library version to the libries required for building and during
-  runtime
-- Extended Requires in devel package with {?_isa}
-
-* Fri Feb 18 2011 Stefan Berger - 0.5.1-2
-- make rpmlint happy by replacing tabs with spaces
-- providing a valid URL for the tgz file
-- release is now 2 -> 0.5.1-2
-
-* Mon Jan 17 2011 Stefan Berger - 0.5.1-1
-- Update version to 0.5.1
-
-* Fri Jan 14 2011 Stefan Berger - 0.5.0-1
-- Changes following Fedora review comments
-
-* Thu Dec 2 2010 Stefan Berger
-- Small tweaks after reading the FedoreCore packaging requirements
-
-* Tue Nov 16 2010 Stefan Berger
-- Created initial version of rpm spec files
-- Version of library is now 0.5.0
-- Debuginfo rpm is built but empty -- seems to be a known problem
-  Check https://bugzilla.redhat.com/show_bug.cgi?id=209316

gating.yaml

@@ -0,0 +1,8 @@
+# recipients: kvmqe-ci, yfu, lkotek, qcheng
+--- !Policy
+product_versions:
+  - rhel-10
+decision_context: osci_compose_gate
+subject_type: brew-build
+rules:
+  - !PassingTestCaseRule {test_case_name: kvm-ci.libtpms.x86_64.brew-build.gating.tier1.functional}

gpgkey-B818B9CADF9089C2D5CEC66B75AD65802A0B4211.asc

@@ -0,0 +1,18 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBFnVA4YBCAD3fs+WUzvB6OPoj0HhvBlemEV6I8AcDwZHCNvA4UMc03sSVl/Q
+tDr4WuZd1v9utvi0xHjsTHbF1ndsgNkNzisvTIBHptcxw+Z3+VskOl3GTsfiKG22
+OfZJsdXfhjYW/Oezl2IVy6/QqOV0JeEtV3J10gCHR/5PKhOy+pP/8jlw3EA8GYtY
+ojM4znfEXHh6vx//hbf8FVMlVcKwUKHB1zHhM5jF9Kx4ZLU8rYHkMiXXbzdWBkCa
+L6E2P2T01hQ1wPpowU9aL/zLt7ISiKMcYLvZJYcgX3quPVSXJRG+y3q3lXv1IOrV
+HoGJLdkNu/0bLJoeNBFXiEGs7+tfk4XAjBTTABEBAAG0KlN0ZWZhbiBCZXJnZXIg
+PHN0ZWZhbmJAbGludXgudm5ldC5pYm0uY29tPokBPgQTAQIAKAUCWdUDhgIbAwUJ
+EswDAAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQda1lgCoLQhENQQf/XmyD
+zWL5VSAKbDKcpI5t0PjiC/Brrs1xNtKLht5le4UdhAH6e/y+3H6lhoJCNbHGBE7r
+cAM/LVv8MT+4WXhLvRDUkn6Z5cSiMx0ANWDABCHGI3+z2imqI5XjB5fwFq2FIRdu
+MUhWRhxSYHDd4E0BN2FvHNUhqm60QlLCrH9zjar8XcJQ1lnDgcSDP9EWENZizYW9
+W5DKFiWR4vMXU0lvDpAYyDR1EU4pfnoMDc/19MoI3oR+wP0ELXI52CG0w4Lcs+Y5
+8ywb0/El789qRTNQG6bPcZYx6KrRNq8KSrtNY20ID2tyM4boRQ412mD87x/kNWqU
+CHklMi79wKcJ7OA73g==
+=l1ZJ
+-----END PGP PUBLIC KEY BLOCK-----

libtpms.spec

@@ -0,0 +1,364 @@
+Name:           libtpms
+Version:        0.9.6
+Release:        10%{?dist}
+Summary:        Library providing Trusted Platform Module (TPM) functionality
+License:        BSD-3-Clause AND LicenseRef-TCGL
+
+URL:            https://github.com/stefanberger/libtpms
+Source0:        %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
+Source1:        %{url}/releases/download/v%{version}/v%{version}.tar.gz.asc#/%{name}-%{version}.tar.gz.asc
+# https://github.com/stefanberger.gpg
+Source2:        gpgkey-B818B9CADF9089C2D5CEC66B75AD65802A0B4211.asc
+
+Patch0001:      0001-tpm2-Return-TPM_RC_VALUE-upon-decryption-failure.patch
+
+BuildRequires:  autoconf
+BuildRequires:  automake
+BuildRequires:  coreutils
+BuildRequires:  gawk
+BuildRequires:  gcc-c++
+BuildRequires:  gnupg2
+BuildRequires:  libtool
+BuildRequires:  make
+BuildRequires:  openssl-devel
+BuildRequires:  pkgconfig
+BuildRequires:  sed
+
+%description
+A library providing TPM functionality for VMs. Targeted for integration
+into Qemu.
+
+%package        devel
+Summary:        Include files for libtpms
+Requires:       %{name}%{?_isa} = %{version}-%{release}
+
+%description   devel
+Libtpms header files and documentation.
+
+%prep
+%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
+%autosetup -p1
+
+%build
+NOCONFIGURE=1 ./autogen.sh
+%configure --disable-static --with-tpm2 --with-openssl --without-tpm1
+%make_build
+
+%install
+%make_install
+find %{buildroot} -type f -name '*.la' -print -delete
+
+%check
+make check
+
+%ldconfig_scriptlets
+
+%files
+%license LICENSE
+%doc README CHANGES
+%{_libdir}/%{name}.so.0{,.*}
+
+%files devel
+%{_includedir}/%{name}/
+%{_libdir}/%{name}.so
+%{_libdir}/pkgconfig/%{name}.pc
+%{_mandir}/man3/TPM*
+
+%changelog
+* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 0.9.6-10
+- Bump release for October 2024 mass rebuild:
+  Resolves: RHEL-64018
+
+* Wed Sep 11 2024 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.6-9
+- Backport "tpm2: Return TPM_RC_VALUE upon decryption failure"
+  Resolves: RHEL-52968
+
+* Tue Aug 06 2024 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.6-8
+- Disable TPM 1.2 support, as it is not supported by RHEL.
+
+* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 0.9.6-7
+- Bump release for June 2024 mass rebuild
+
+* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.6-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.6-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.6-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Mon Jul 17 2023 Stefan Berger <stefanb@linux.ibm.com> - 0.9.6-3
+- Set license to 'BSD and TCGL' from previous 'BSD' (BZ2219548)
+
+* Sat Mar 18 2023 Todd Zullinger <tmz@pobox.com> - 0.9.6-2
+- verify upstream source signature
+
+* Tue Feb 28 2023 Stefan Berger <stefanb@linux.ibm.com> - 0.9.6-1
+- Build of libtpms 0.9.6 with fixes for CVE-2023-1017 & CVE-2023-1018
+
+* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.5-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.5-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Fri Jul 01 2022 Stefan Berger <stefanb@linux.ibm.com> - 0.9.5-1
+- Build of libtpms 0.9.5
+
+* Wed Apr 27 2022 Fabio Valentini <decathorpe@gmail.com> - 0.9.4-2
+- Use standard method for fetching a GitHub release tarball.
+- Fix Versioning scheme to confirm with Packaging Guidelines.
+- Tighten file globs to match Packaging Guidelines.
+
+* Mon Apr 25 2022 Stefan Berger <stefanb@linux.ibm.com> - 0.9.4-1.20220425gite4d68670e1
+- Build of libtpms 0.9.4
+
+* Mon Mar 07 2022 Stefan Berger <stefanb@linux.ibm.com> - 0.9.3-1.20220307gita63c51805e
+- Build of libtpms 0.9.3
+
+* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.2-0.20220106gite81d634c27.1
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Thu Jan 06 2022 Stefan Berger <stefanb@linux.ibm.com> - 0.9.2-0.20220106gite81d634c27
+- Build of libtpms 0.9.2
+
+* Fri Nov 26 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.9.1-0.20211126git1ff6fe1f43
+- Build of libtpms 0.9.1
+
+* Mon Oct 04 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.9.0-0.20211004gitdc4e3f6313
+- Build of libtpms 0.9.0
+
+* Thu Sep 16 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.7-0.20210916gitfb9f0a61e8
+- Build upcoming libtpms 0.8.7
+
+* Wed Sep 15 2021 Sahana Prasad <sahana@redhat.com> - 0.8.6-0.20210910git7a4d46a119.3
+- Rebuilt with OpenSSL 3.0.0
+
+* Tue Sep 14 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.6-0.20210910git7a4d46a119.2
+- Build with -Wno-deprecated-declarations
+
+* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 0.8.6-0.20210910git7a4d46a119.1
+- Rebuilt with OpenSSL 3.0.0
+
+* Fri Sep 10 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.6-1.20210910git7a4d46a119
+- tpm2: Marshal event sequence objects' hash state
+
+* Wed Sep 01 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.5-1.20210901git18ba4c0206
+- Build of libtpms 0.8.5
+
+* Wed Aug 11 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.4-1.20210625gita594c4692a
+- Applied patches resolving issues solved in upcoming 0.8.5
+
+* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.4-0.20210624gita594c4692a.2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Thu Jun 24 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.4-0.20210625gita594c4692a
+- tpm2: Reset too large size indicators in TPM2B to avoid access beyond buffer
+- tpm2: Restore original value in buffer if unmarshalled one was illegal
+
+* Tue Jun 01 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.3-0.20210601git9e736d5281
+- tpm2: Work-around for Windows 2016 & 2019 bug related to ContextLoad
+
+* Mon Mar 01 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.2-0.20210301git729fc6a4ca
+- tpm2: CryptSym: fix AES output IV; a CVE has been filed for this issue
+
+* Sat Feb 27 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.1-0.20210227git5bf2746e47
+- Fixed a context save and suspend/resume problem when public keys are loaded
+
+* Thu Feb 25 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.0-0.20210225git3fd4b94903
+- Release of v0.8.0
+
+* Thu Feb 18 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.7.5-0.20210218gite271498466
+- Addressed UBSAN and cppcheck detected issues
+- Return proper size of ECC Parameters to pass HLK tests
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.4-0.20201031git2452a24dab.1
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Sat Oct 31 2020 Stefan Berger <stefanb@linux.ibm.com> - 0.7.4-0.20201031git2452a24dab
+- Follow stable-0.7.0 branch to v0.7.4 with security-related fixes
+
+* Fri Jul 31 2020 Stefan Berger <stefanb@linux.ibm.com> - 0.7.3-0.20200731git1d392d466a
+- Follow stable-0.7.0 branch to v0.7.3
+
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.2-0.20200527git7325acb477.1
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Wed May 27 2020 Stefan Berger <stefanb@linux.ibm.com> - 0.7.2-0.20200527git7325acb477
+- Following stable-0.7.0 branch for TPM 2 related fixes: RSA decryption,
+  PSS salt length, symmetric decryption (padding)
+- Under certain circumstances an RSA decryption could cause a buffer overflow causing
+  termination of the program (swtpm)
+
+* Wed May 20 2020 Stefan Berger <stefanb@linux.ibm.com> - 0.7.1-0.20200520git8fe99d1fd0
+- Following stable-0.7.0 branch for TPM 2 related fixes; v0.7.1 + gcc related patch
+- elliptic curve fixes
+- MANUFACTURER changed from "IBM " to "IBM"
+- gcc 10 related fix
+
+* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.0-0.20191018gitdc116933b7.1
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Fri Oct 18 2019 Stefan Berger <stefanb@linux.ibm.com> - 0.7.0-0.20191018gitdc116933b7
+- Following stable-0.7.0 branch for TPM 1.2 related bugfix
+
+* Tue Oct 08 2019 Stefan Berger <stefanb@linux.ibm.com> - 0.7.0-0.20191008gitc26e8f7b08
+- Following stable-0.7.0 branch for bug fix
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.0-0.20190719gitd061d8065b.2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Fri Jul 19 2019 Stefan Berger <stefanb@linux.ibm.com> - 0.7.0-0.20190719gitd061d8065b
+- Update to v0.7.0
+
+* Fri May 10 2019 Stefan Berger <stefanb@linux.ibm.com> - 0.6.1-0.20190510gitb244bdf6e2
+- Applied bugfix for CMAC
+
+* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.1-0.20190121git9dc915572b.1
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Mon Jan 21 2019 Stefan Berger <stefanb@linux.ibm.com> - 0.6.1-0.20190121git9dc915572b
+- Libtpms was updated to rev. 150 of TPM 2.0 code
+- following branch stable-0.6.0
+
+* Tue Dec 11 2018 Stefan Berger <stefanb@linux.ibm.com> - 0.6.0-0.20181211gitba56737b93
+- Following bugfixes in libtpms
+
+* Wed Oct 31 2018 Stefan Berger <stefanb@linux.ibm.com> - 0.6.0-0.20181031git0466fcf6a4
+- Following improvements in libtpms
+
+* Tue Sep 18 2018 Stefan Berger <stefanb@linux.vnet.ibm.com - 0.6.0-0.20180918gite8e8633089
+- Fixed changelog
+
+* Mon Sep 17 2018 Stefan Berger <stefanb@linux.vnet.ibm.com - 0.6.0-0.20180917gite8e8633089
+- Build snapshot from git after libtpms fix.
+
+* Fri Sep 14 2018 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.6.0-0.20180914git4111bd1bcf
+- Build snapshot from git, simplify spec
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.2-12
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.2-11
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.2-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.2-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.2-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.2-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.2-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.2-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Sat Aug 16 2014 Stefan Berger - 0.5.2-3
+- do not include libtpms.la in rpm
+
+* Mon Jul 14 2014 Stefan Berger - 0.5.2-2
+- Added patches
+
+* Mon Jun 30 2014 Stefan Berger - 0.5.2-1
+- Updated to version 0.5.2
+- coverity fixes
+- fixes for ARM64 using __aarch64__
+
+* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.1-20.1
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.1-19
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
+* Mon Mar 25 2013 Stefan Berger - 0.5.1-18
+- Ran autoreconf for support of aarch64
+- Checking for __arm64__ in code
+
+* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.1-17
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.1-16
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Fri Feb 17 2012 Peter Robinson <pbrobinson@fedoraproject.org> - 0.5.1-15
+- Add dist tag as required by package guidelines
+
+* Fri Jan 27 2012 Stefan Berger - 0.5.1-14
+- fix gcc-4.7 compilation problem
+
+* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.1-13
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Tue Dec 20 2011 Dan Horák <dan[at]danny.cz> - 0.5.1-12
+- fix build on secondary arches
+
+* Wed Nov 2 2011 Stefan Berger - 0.5.1-11
+- added (lib)gmp as runtime dependency
+
+* Sat Oct 8 2011 Stefan Berger - 0.5.1-10
+- internal fixes; callback fixes
+
+* Tue Aug 30 2011 Stefan Berger - 0.5.1-9
+- new directory structure and build process
+
+* Tue Jul 12 2011 Stefan Berger - 0.5.1-8
+- added pkgconfig as build dependency
+- enabling __powerpc__ build following Bz 728220
+
+* Wed May 25 2011 Stefan Berger - 0.5.1-7
+- increasing NVRAM area space to have enough room for certificates
+
+* Wed May 25 2011 Stefan Berger - 0.5.1-6
+- adding libtpms.pc pkg-config file
+
+* Wed Apr 13 2011 Stefan Berger - 0.5.1-5
+- adding BuildRequires for nss-softokn-freebl-static
+- several libtpms-internal changes around state serialization and 
+  deserialization
+- fixes to libtpms makefile (makefile-libtpms)
+- adding build_type to generate a debug or production build
+- need nss-devel to have nss-config
+
+* Tue Mar 08 2011 Stefan Berger - 0.5.1-4
+- small fixes to libtpms makefile
+
+* Fri Feb 25 2011 Stefan Berger - 0.5.1-3
+- removing release from tar ball name
+- Use {?_smp_mflags} for make rather than hardcoding it
+- Fixing post and postun scripts; removing the scripts for devel package
+- Fixing usage of defattr
+- Adding version information into the changelog headers and spaces between the changelog entries
+- Adding LICENSE, README and CHANGELOG file into tar ball and main rpm
+- Removing clean section
+- removed command to clean the build root
+- adding library version to the libries required for building and during
+  runtime
+- Extended Requires in devel package with {?_isa}
+
+* Fri Feb 18 2011 Stefan Berger - 0.5.1-2
+- make rpmlint happy by replacing tabs with spaces
+- providing a valid URL for the tgz file
+- release is now 2 -> 0.5.1-2
+
+* Mon Jan 17 2011 Stefan Berger - 0.5.1-1
+- Update version to 0.5.1
+
+* Fri Jan 14 2011 Stefan Berger - 0.5.0-1
+- Changes following Fedora review comments
+
+* Thu Dec 2 2010 Stefan Berger
+- Small tweaks after reading the FedoreCore packaging requirements
+
+* Tue Nov 16 2010 Stefan Berger
+- Created initial version of rpm spec files
+- Version of library is now 0.5.0
+- Debuginfo rpm is built but empty -- seems to be a known problem
+  Check https://bugzilla.redhat.com/show_bug.cgi?id=209316

sources

@@ -0,0 +1,2 @@
+SHA512 (libtpms-0.9.6.tar.gz) = 35f26e4849eb98cd73461aff439c19f77bbbcde9b7661402e3d419354c4dcddd057349c4f7178573f1ceea2e95326498eb9afea3bd48064bbff534fc7f6939c3
+SHA512 (libtpms-0.9.6.tar.gz.asc) = 595d4e4a227357cb9154e024d92701aed170c5730a0b999622415ce509d0473366fbc2c4242f3c81b5e0233b74a7e79c1731f95d425944e6cc4498001b149531