8 changed files with 116 additions and 284 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/libtpms-0.9.6.tar.gz
+SOURCES/libtpms-20211126.tar.xz
--- a/.libtpms.metadata
+++ b/.libtpms.metadata
@ -1 +1 @@
-a585c1d34dc8ecd90eda1a2a91d0d2057cbd3914 SOURCES/libtpms-0.9.6.tar.gz
+ae609402e34992590961b0d025e9ef1202d8dede SOURCES/libtpms-20211126.tar.xz
--- a/SOURCES/0001-tpm2-CVE-2025-49133-fix.patch
+++ b/SOURCES/0001-tpm2-CVE-2025-49133-fix.patch
@ -1,52 +0,0 @@
 From 0b1db4bd1c668c56f1d893c9ed19a94d46c228f7 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
 Date: Wed, 11 Jun 2025 23:05:08 +0400
 Subject: [PATCH] tpm2: CVE-2025-49133 fix
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 Based from upstream commit 04b2d8e9afc ("tpm2: Fix potential
 out-of-bound access & abort due to HMAC signing issue")
 Fix an HMAC signing issue that may causes an out-of-bounds access in a
 TPM2B that in turn was running into an assert() in libtpms causing an
 abort. The signing issue was due to an inconsistent pairing of the signKey
 and signScheme parameters, where the signKey is ALG_KEYEDHASH key and
 inScheme is an ECC or RSA scheme.
 Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
 ---
 src/tpm2/CryptUtil.c | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)
 diff --git a/src/tpm2/CryptUtil.c b/src/tpm2/CryptUtil.c
 index 8fae5b6..aadf7f6 100644
 --- a/src/tpm2/CryptUtil.c
 +++ b/src/tpm2/CryptUtil.c
@@ -79,12 +79,16 @@ CryptHmacSign(
 {
     HMAC_STATE       hmacState;
     UINT32           digestSize;
 -    digestSize = CryptHmacStart2B(&hmacState, signature->signature.any.hashAlg,
 -				  &signKey->sensitive.sensitive.bits.b);
 -    CryptDigestUpdate2B(&hmacState.hashState, &hashData->b);
 -    CryptHmacEnd(&hmacState, digestSize,
 -		 (BYTE *)&signature->signature.hmac.digest);
 -    return TPM_RC_SUCCESS;
 +    if (signature->sigAlg == TPM_ALG_HMAC)
 +    {
 +        digestSize = CryptHmacStart2B(&hmacState, signature->signature.any.hashAlg,
 +                                      &signKey->sensitive.sensitive.bits.b);
 +        CryptDigestUpdate2B(&hmacState.hashState, &hashData->b);
 +        CryptHmacEnd(&hmacState, digestSize,
 +                     (BYTE *)&signature->signature.hmac.digest);
 +        return TPM_RC_SUCCESS;
 +    }
 +    return TPM_RC_SCHEME;
 }
 /* 10.2.6.3.2 CryptHMACVerifySignature() */
 /* This function will verify a signature signed by a HMAC key. Note that a caller needs to prepare
 -- 
 2.49.0
--- a/SOURCES/0001-tpm2-Return-TPM_RC_VALUE-upon-decryption-failure.patch
+++ b/SOURCES/0001-tpm2-Return-TPM_RC_VALUE-upon-decryption-failure.patch
@ -1,31 +0,0 @@
 From 1b0b41293a0d49ff8063542fcb3a5ee1d4e10f7e Mon Sep 17 00:00:00 2001
 From: Stefan Berger <stefanb@linux.ibm.com>
 Date: Mon, 29 Jul 2024 10:19:00 -0400
 Subject: [PATCH] tpm2: Return TPM_RC_VALUE upon decryption failure
 When decryption fails then return TPM_RC_VALUE rather than TPM_RC_FAILURE.
 The old error code could indicate to an application or driver that
 something is wrong with the TPM (has possibly gone into failure mode) even
 though only the decryption failed, possibly due to a wrong key.
 Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 ---
 src/tpm2/crypto/openssl/CryptRsa.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/src/tpm2/crypto/openssl/CryptRsa.c b/src/tpm2/crypto/openssl/CryptRsa.c
 index b5d6b6c3..88ee3bac 100644
 --- a/src/tpm2/crypto/openssl/CryptRsa.c
 +++ b/src/tpm2/crypto/openssl/CryptRsa.c
@@ -1457,7 +1457,7 @@ CryptRsaDecrypt(
     outlen = sizeof(buffer);
     if (EVP_PKEY_decrypt(ctx, buffer, &outlen,
                          cIn->buffer, cIn->size) <= 0)
 -        ERROR_RETURN(TPM_RC_FAILURE);
 +        ERROR_RETURN(TPM_RC_VALUE);
     if (outlen > dOut->size)
         ERROR_RETURN(TPM_RC_FAILURE);
 -- 
 2.41.0.28.gd7d8841f67
--- a/SOURCES/0001-tpm2-When-writing-state-initialize-s_ContextSlotMask.patch
+++ b/SOURCES/0001-tpm2-When-writing-state-initialize-s_ContextSlotMask.patch
@ -0,0 +1,51 @@
 From b662e6fd7169f31ef664ecd0b0b45547462e1e31 Mon Sep 17 00:00:00 2001
 From: Stefan Berger <stefanb@linux.ibm.com>
 Date: Tue, 4 Jan 2022 14:45:31 -0500
 Subject: [PATCH] tpm2: When writing state initialize s_ContextSlotMask if not
 set
 If s_ContextSlotMask was not set since the TPM 2 was not initialized
 by a call to TPM_Manufacture() or the state was not resumed, then
 initialize the s_ContextSlotMask to 0xffff.
 This situation can occur if a VM with an attached swtpm was started
 and the VM's firmware either doesn't support TPM or didn't get to
 initialize the vTPM.
 The following commands recreated the issue with a SeaBIOS-only VM that
 had no attached hard disk but an attached TPM 2:
 virsh start BIOS-only-VM ; virsh save BIOS-only-VM save.bin ; \
 virsh restore save.bin
 Error: Failed to restore domain from save.bin
 error: internal error: qemu unexpectedly closed the monitor: \
 2022-01-04T19:26:18.835851Z qemu-system-x86_64: tpm-emulator: Setting the stateblob (type 2) failed with a TPM error 0x3 a parameter is bad
 2022-01-04T19:26:18.835899Z qemu-system-x86_64: error while loading state for instance 0x0 of device 'tpm-emulator'
 2022-01-04T19:26:18.835929Z qemu-system-x86_64: load of migration failed: Input/output error
 Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2035731
 Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 ---
 src/tpm2/NVMarshal.c | 5 +++++
 1 file changed, 5 insertions(+)
 diff --git a/src/tpm2/NVMarshal.c b/src/tpm2/NVMarshal.c
 index 996c73c..c7cd1e0 100644
 --- a/src/tpm2/NVMarshal.c
 +++ b/src/tpm2/NVMarshal.c
@@ -1422,6 +1422,11 @@ STATE_RESET_DATA_Marshal(STATE_RESET_DATA *data, BYTE **buffer, INT32 *size)
     written += UINT16_Marshal(&array_size, buffer, size);
     for (i = 0; i < array_size; i++)
         written += UINT16_Marshal(&data->contextArray[i], buffer, size);
 +
 +    if (s_ContextSlotMask != 0x00ff && s_ContextSlotMask != 0xffff) {
 +        /* TPM wasn't initialized, so s_ContextSlotMask wasn't set */
 +        s_ContextSlotMask = 0xffff;
 +    }
     written += UINT16_Marshal(&s_ContextSlotMask, buffer, size);
     written += UINT64_Marshal(&data->contextCounter, buffer, size);
 -- 
 2.36.1
--- a/SOURCES/gpgkey-B818B9CADF9089C2D5CEC66B75AD65802A0B4211.asc
+++ b/SOURCES/gpgkey-B818B9CADF9089C2D5CEC66B75AD65802A0B4211.asc
@ -1,18 +0,0 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 mQENBFnVA4YBCAD3fs+WUzvB6OPoj0HhvBlemEV6I8AcDwZHCNvA4UMc03sSVl/Q
 tDr4WuZd1v9utvi0xHjsTHbF1ndsgNkNzisvTIBHptcxw+Z3+VskOl3GTsfiKG22
 OfZJsdXfhjYW/Oezl2IVy6/QqOV0JeEtV3J10gCHR/5PKhOy+pP/8jlw3EA8GYtY
 ojM4znfEXHh6vx//hbf8FVMlVcKwUKHB1zHhM5jF9Kx4ZLU8rYHkMiXXbzdWBkCa
 L6E2P2T01hQ1wPpowU9aL/zLt7ISiKMcYLvZJYcgX3quPVSXJRG+y3q3lXv1IOrV
 HoGJLdkNu/0bLJoeNBFXiEGs7+tfk4XAjBTTABEBAAG0KlN0ZWZhbiBCZXJnZXIg
 PHN0ZWZhbmJAbGludXgudm5ldC5pYm0uY29tPokBPgQTAQIAKAUCWdUDhgIbAwUJ
 EswDAAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQda1lgCoLQhENQQf/XmyD
 zWL5VSAKbDKcpI5t0PjiC/Brrs1xNtKLht5le4UdhAH6e/y+3H6lhoJCNbHGBE7r
 cAM/LVv8MT+4WXhLvRDUkn6Z5cSiMx0ANWDABCHGI3+z2imqI5XjB5fwFq2FIRdu
 MUhWRhxSYHDd4E0BN2FvHNUhqm60QlLCrH9zjar8XcJQ1lnDgcSDP9EWENZizYW9
 W5DKFiWR4vMXU0lvDpAYyDR1EU4pfnoMDc/19MoI3oR+wP0ELXI52CG0w4Lcs+Y5
 8ywb0/El789qRTNQG6bPcZYx6KrRNq8KSrtNY20ID2tyM4boRQ412mD87x/kNWqU
 CHklMi79wKcJ7OA73g==
 =l1ZJ
 -----END PGP PUBLIC KEY BLOCK-----
--- a/SOURCES/libtpms-0.9.6.tar.gz.asc
+++ b/SOURCES/libtpms-0.9.6.tar.gz.asc
@ -1,12 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 iQFPBAABCAA5FiEEuBi5yt+QicLVzsZrda1lgCoLQhEFAmP+i0gbHHN0ZWZhbmJA
 bGludXgudm5ldC5pYm0uY29tAAoJEHWtZYAqC0IRPUcH/R4+fk5ivbwAE02YIYWg
 eqDj6Rs05lkZv6fhn8cyTjW0hncsUiSeui1huyxam/DFgNtBwFPk9Fzjkm3mzasw
 SyYcqp5jN2fP9VptfEc33Epa3+80LwoAvQZadqDB5ruFcSKfpZGH1etFRGpD9A48
 UBFts9WZM66R9dz0dilLzilTauWOuMcNgydtRNxbo55wdTEBko4MG0Z3cgPaGuYo
 mPqKGIOiH8dpQYe8UsuhTWQgY6xJuGGOBdouDbJG+8RlYEQCmc++xH52jMjA/D0S
 Rn41+/Pe0n+dq4VfIJXJRKqOuwVISoYMenXMXRZkHu+69w4Ji2JKc3Xz4n7oYEiy
 V70=
 =QrLR
 -----END PGP SIGNATURE-----
--- a/SPECS/libtpms.spec
+++ b/SPECS/libtpms.spec
@ -1,29 +1,22 @@
 %global gitdate   20211126
 %global gitversion 1ff6fe1f43
 Name:           libtpms
-Version:        0.9.6
+Version:        0.9.1
-Release:        11%{?dist}
+Release:        1.%{gitdate}git%{gitversion}%{?dist}
 Summary: Library providing Trusted Platform Module (TPM) functionality
-License:        BSD-3-Clause AND LicenseRef-TCGL
+License:        BSD
 Url:            http://github.com/stefanberger/libtpms
 Source0:        libtpms-%{gitdate}.tar.xz
 ExcludeArch:    i686
 Patch0003:      0001-tpm2-When-writing-state-initialize-s_ContextSlotMask.patch
 URL:            https://github.com/stefanberger/libtpms
 Source0:        %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
 Source1:        %{url}/releases/download/v%{version}/v%{version}.tar.gz.asc#/%{name}-%{version}.tar.gz.asc
 # https://github.com/stefanberger.gpg
 Source2:        gpgkey-B818B9CADF9089C2D5CEC66B75AD65802A0B4211.asc
 Patch0001:      0001-tpm2-Return-TPM_RC_VALUE-upon-decryption-failure.patch
 Patch0002:      0001-tpm2-CVE-2025-49133-fix.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  coreutils
 BuildRequires:  gawk
 BuildRequires:  gcc-c++
 BuildRequires:  gnupg2
 BuildRequires:  libtool
 BuildRequires:  make
 BuildRequires:  openssl-devel
-BuildRequires:  pkgconfig
+BuildRequires:  pkgconfig gawk sed
-BuildRequires:  sed
+BuildRequires:  automake autoconf libtool bash coreutils gcc-c++
 BuildRequires:  git
 BuildRequires:  make
 %description
 A library providing TPM functionality for VMs. Targeted for integration
@ -37,188 +30,89 @@ Requires:       %{name}%{?_isa} = %{version}-%{release}
 Libtpms header files and documentation.
 %prep
-%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
+%autosetup -S git -n %{name}-%{gitdate}
 %autosetup -p1
 %build
-NOCONFIGURE=1 ./autogen.sh
+NOCONFIGURE=1 sh autogen.sh
-%configure --disable-static --with-tpm2 --with-openssl --without-tpm1
+%configure --disable-static --with-tpm2 --without-tpm1 --with-openssl
 %make_build
 %install
 %make_install
 find %{buildroot} -type f -name '*.la' -print -delete
 %check
 make check
 %install
 %make_install
 find %{buildroot} -type f -name '*.la' | xargs rm -f -- || :
 %ldconfig_scriptlets
 %files
 %license LICENSE
 %doc README CHANGES
-%{_libdir}/%{name}.so.0{,.*}
+%{_libdir}/lib*.so.*
 %files devel
-%{_includedir}/%{name}/
+%dir %{_includedir}/%{name}
-%{_libdir}/%{name}.so
+%{_includedir}/%{name}/*.h
-%{_libdir}/pkgconfig/%{name}.pc
+%{_libdir}/lib*.so
-%{_mandir}/man3/TPM*
+%{_libdir}/pkgconfig/*.pc
 %{_mandir}/man3/*
 %changelog
-* Mon Jun 16 2025 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.6-11
+* Thu Jul 28 2022 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.1-1.20211126git1ff6fe1f43
- Fix CVE-2025-49133
+- Backport s_ContextSlotMask initialization fix
-  Resolves: RHEL-96247
+  Resolves: rhbz#2111433
-* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 0.9.6-10
+* Thu Dec 09 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.1-0.20211126git1ff6fe1f43
- Bump release for October 2024 mass rebuild:
+- Rebase to 0.9.1 (sync with RHEL9)
-  Resolves: RHEL-64018
+  Resolves: rhbz#2029355
-* Wed Sep 11 2024 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.6-9
+* Tue Aug 31 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.4-6.20201106git2452a24dab
- Backport "tpm2: Return TPM_RC_VALUE upon decryption failure"
+- Fix CVE-2021-3746 libtpms: out-of-bounds access via specially crafted TPM 2 command packets
-  Resolves: RHEL-52968
+  Resolves: rhbz#1999307
-* Tue Aug 06 2024 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.6-8
+* Mon Jun 28 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.4-5.20201106git2452a24dab
- Disable TPM 1.2 support, as it is not supported by RHEL.
+- Fix CVE-2021-3623: out-of-bounds access when trying to resume the state of the vTPM
  Fixes: rhbz#1976816
-* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 0.9.6-7
+* Wed Mar 17 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.4-4.20201106git2452a24dab
- Bump release for June 2024 mass rebuild
+- tpm2: CryptSym: fix AES output IV
  Fixes: rhbz#1942904
-* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.6-6
+* Fri Feb 19 2021 Eduardo Lima (Etrunko) <etrunko@redhat.com> - 0.7.4-3.20201106git2452a24dab
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+- Add git as build dependency
  Related: rhbz#1858821
-* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.6-5
+* Wed Feb 17 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.4-2.20201106git2452a24dab
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+- tpm2: Return properly sized array for b parameter for NIST P521 (HLK) #180 
  Fixes: rhbz#1858821
-* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.6-4
+* Fri Nov  6 18:46:36 +04 2020 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.4-1.20201106git2452a24dab
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+- Follow stable-0.7.0 branch to v0.7.4 with security-related fixes.
  Fixes: rhbz#1893444
-* Mon Jul 17 2023 Stefan Berger <stefanb@linux.ibm.com> - 0.9.6-3
+* Tue Aug 18 2020 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.3-1.20200818git1d392d466a
- Set license to 'BSD and TCGL' from previous 'BSD' (BZ2219548)
+- Update to v0.7.3 stable, fixes rhbz#1868447
 - (includes "tpm2: fix PCRBelongsTCBGroup for PCClient")
-* Sat Mar 18 2023 Todd Zullinger <tmz@pobox.com> - 0.9.6-2
+* Thu May 28 2020 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.2-1.20200527git7325acb477
- verify upstream source signature
+- Update to v0.7.2 stable snapshot, fixes rhbz#1809676
-
+- exclude i686 build
 * Tue Feb 28 2023 Stefan Berger <stefanb@linux.ibm.com> - 0.9.6-1
 - Build of libtpms 0.9.6 with fixes for CVE-2023-1017 & CVE-2023-1018
 * Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.5-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
 * Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.5-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
 * Fri Jul 01 2022 Stefan Berger <stefanb@linux.ibm.com> - 0.9.5-1
 - Build of libtpms 0.9.5
 * Wed Apr 27 2022 Fabio Valentini <decathorpe@gmail.com> - 0.9.4-2
 - Use standard method for fetching a GitHub release tarball.
 - Fix Versioning scheme to confirm with Packaging Guidelines.
 - Tighten file globs to match Packaging Guidelines.
 * Mon Apr 25 2022 Stefan Berger <stefanb@linux.ibm.com> - 0.9.4-1.20220425gite4d68670e1
 - Build of libtpms 0.9.4
 * Mon Mar 07 2022 Stefan Berger <stefanb@linux.ibm.com> - 0.9.3-1.20220307gita63c51805e
 - Build of libtpms 0.9.3
 * Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.2-0.20220106gite81d634c27.1
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
 * Thu Jan 06 2022 Stefan Berger <stefanb@linux.ibm.com> - 0.9.2-0.20220106gite81d634c27
 - Build of libtpms 0.9.2
 * Fri Nov 26 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.9.1-0.20211126git1ff6fe1f43
 - Build of libtpms 0.9.1
 * Mon Oct 04 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.9.0-0.20211004gitdc4e3f6313
 - Build of libtpms 0.9.0
 * Thu Sep 16 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.7-0.20210916gitfb9f0a61e8
 - Build upcoming libtpms 0.8.7
 * Wed Sep 15 2021 Sahana Prasad <sahana@redhat.com> - 0.8.6-0.20210910git7a4d46a119.3
 - Rebuilt with OpenSSL 3.0.0
 * Tue Sep 14 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.6-0.20210910git7a4d46a119.2
 - Build with -Wno-deprecated-declarations
 * Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 0.8.6-0.20210910git7a4d46a119.1
 - Rebuilt with OpenSSL 3.0.0
 * Fri Sep 10 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.6-1.20210910git7a4d46a119
 - tpm2: Marshal event sequence objects' hash state
 * Wed Sep 01 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.5-1.20210901git18ba4c0206
 - Build of libtpms 0.8.5
 * Wed Aug 11 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.4-1.20210625gita594c4692a
 - Applied patches resolving issues solved in upcoming 0.8.5
 * Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.4-0.20210624gita594c4692a.2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
 * Thu Jun 24 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.4-0.20210625gita594c4692a
 - tpm2: Reset too large size indicators in TPM2B to avoid access beyond buffer
 - tpm2: Restore original value in buffer if unmarshalled one was illegal
 * Tue Jun 01 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.3-0.20210601git9e736d5281
 - tpm2: Work-around for Windows 2016 & 2019 bug related to ContextLoad
 * Mon Mar 01 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.2-0.20210301git729fc6a4ca
 - tpm2: CryptSym: fix AES output IV; a CVE has been filed for this issue
 * Sat Feb 27 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.1-0.20210227git5bf2746e47
 - Fixed a context save and suspend/resume problem when public keys are loaded
 * Thu Feb 25 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.8.0-0.20210225git3fd4b94903
 - Release of v0.8.0
 * Thu Feb 18 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.7.5-0.20210218gite271498466
 - Addressed UBSAN and cppcheck detected issues
 - Return proper size of ECC Parameters to pass HLK tests
 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.4-0.20201031git2452a24dab.1
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
 * Sat Oct 31 2020 Stefan Berger <stefanb@linux.ibm.com> - 0.7.4-0.20201031git2452a24dab
 - Follow stable-0.7.0 branch to v0.7.4 with security-related fixes
 * Fri Jul 31 2020 Stefan Berger <stefanb@linux.ibm.com> - 0.7.3-0.20200731git1d392d466a
 - Follow stable-0.7.0 branch to v0.7.3
 * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.2-0.20200527git7325acb477.1
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 * Wed May 27 2020 Stefan Berger <stefanb@linux.ibm.com> - 0.7.2-0.20200527git7325acb477
 - Following stable-0.7.0 branch for TPM 2 related fixes: RSA decryption,
  PSS salt length, symmetric decryption (padding)
 - Under certain circumstances an RSA decryption could cause a buffer overflow causing
  termination of the program (swtpm)
 * Wed May 20 2020 Stefan Berger <stefanb@linux.ibm.com> - 0.7.1-0.20200520git8fe99d1fd0
 - Following stable-0.7.0 branch for TPM 2 related fixes; v0.7.1 + gcc related patch
 - elliptic curve fixes
 - MANUFACTURER changed from "IBM " to "IBM"
 - gcc 10 related fix
 * Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.0-0.20191018gitdc116933b7.1
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
 * Fri Oct 18 2019 Stefan Berger <stefanb@linux.ibm.com> - 0.7.0-0.20191018gitdc116933b7
 - Following stable-0.7.0 branch for TPM 1.2 related bugfix
-* Tue Oct 08 2019 Stefan Berger <stefanb@linux.ibm.com> - 0.7.0-0.20191008gitc26e8f7b08
+* Fri Oct 18 2019 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7.0-1.20191018gitdc116933b7
- Following stable-0.7.0 branch for bug fix
+- RHEL8.1.1 update
 - Update to v0.7.0 stable snapshot
-* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.0-0.20190719gitd061d8065b.2
+* Tue Apr 16 2019 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.6.1-0.20190121git9dc915572b.2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+- RHEL8.1 build
 * Fri Jul 19 2019 Stefan Berger <stefanb@linux.ibm.com> - 0.7.0-0.20190719gitd061d8065b
 - Update to v0.7.0
 * Fri May 10 2019 Stefan Berger <stefanb@linux.ibm.com> - 0.6.1-0.20190510gitb244bdf6e2
 - Applied bugfix for CMAC
 * Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.1-0.20190121git9dc915572b.1
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
`@ -1 +1 @@`
	`SOURCES/libtpms-0.9.6.tar.gz`	`SOURCES/libtpms-20211126.tar.xz`
`@ -1 +1 @@`
	`a585c1d34dc8ecd90eda1a2a91d0d2057cbd3914 SOURCES/libtpms-0.9.6.tar.gz`	`ae609402e34992590961b0d025e9ef1202d8dede SOURCES/libtpms-20211126.tar.xz`