commit tboot for openSUSE:Factory
Hello community,
here is the log from the commit of package tboot for openSUSE:Factory checked
in at 2020-09-29 19:02:10
Comparing /work/SRC/openSUSE:Factory/tboot (Old)
and /work/SRC/openSUSE:Factory/.tboot.new.4249 (New)
Package is "tboot"
Tue Sep 29 19:02:10 2020 rev:42 rq:838277 version:20200429_1.9.12
Changes:
--- /work/SRC/openSUSE:Factory/tboot/tboot.changes 2019-07-16
08:41:51.451025200 +0200
+++ /work/SRC/openSUSE:Factory/.tboot.new.4249/tboot.changes2020-09-29
19:02:29.309823422 +0200
@@ -1,0 +2,23 @@
+Mon Sep 28 12:14:22 UTC 2020 - matthias.gerst...@suse.com
+
+- update to new upstream release 1.9.12:
+- changes from 1.9.12:
+- Release localities in S3 flow for CRB interface
+- Config.mk, safestringlib/makefile : allow tool overrides
+- safestringlib: fix warnings with GCC 6.4.0
+- Strip executable file before generating tboot.gz
+- Add support for EFI memory map parse/modification
+- Add SHA384 and SHA512 digest algorithms
+- lcptools-v2: add pconf2 policy element support
+- tb_polgen: Add SHA384 and SHA512 support
+- Disable GCC9 address-of-packed-member warning
+- Fix warnings after "Avoid unsafe functions" scan
+- Use SHA256 as default hashing algorithm
+- changes from 1.9.11:
+- tb_polgen: Add support for SHA256
+- Configure IOMMU before executing GETSEC[SENTER]
+- SINIT ACM can have padding, handle that when checking size
+- disable-address-of-packed-member-warning.patch: now contained upstream
+- tboot-grub2-fix-xen-submenu-name.patch: refreshed
+
+---
Old:
disable-address-of-packed-member-warning.patch
tboot-1.9.10.tar.gz
New:
tboot-1.9.12.tar.gz
Other differences:
--
++ tboot.spec ++
--- /var/tmp/diff_new_pack.mOdJ7V/_old 2020-09-29 19:02:29.949824199 +0200
+++ /var/tmp/diff_new_pack.mOdJ7V/_new 2020-09-29 19:02:29.949824199 +0200
@@ -1,7 +1,7 @@
#
# spec file for package tboot
#
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,20 +17,17 @@
Name: tboot
-%define ver 1.9.10
-Version:20190520_%{ver}
+%define ver 1.9.12
+Version:20200429_%{ver}
Release:0
Summary:Program for performing a verified launch using Intel TXT
License:BSD-3-Clause
Group: Productivity/Security
-Url:http://sourceforge.net/projects/tboot/
+URL:http://sourceforge.net/projects/tboot/
Source0:
http://downloads.sourceforge.net/project/tboot/tboot/tboot-%{ver}.tar.gz
Patch3: tboot-grub2-fix-menu-in-xen-host-server.patch
Patch4: tboot-grub2-fix-xen-submenu-name.patch
Patch7: tboot-distributor.patch
-# This patch should be removed once upstream has a stock solution for the
-# gcc-9 warning
-Patch8: disable-address-of-packed-member-warning.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
ExclusiveArch: %{ix86} x86_64
BuildRequires: openssl-devel
@@ -57,7 +54,6 @@
%patch3 -p1
%patch4 -p1
%patch7 -p1
-%patch8 -p1
%build
# Tumbleweed now uses -flto=3 by default which gives us trouble with the
++ tboot-1.9.10.tar.gz -> tboot-1.9.12.tar.gz ++
3557 lines of diff (skipped)
++ tboot-grub2-fix-xen-submenu-name.patch ++
--- /var/tmp/diff_new_pack.mOdJ7V/_old 2020-09-29 19:02:30.169824466 +0200
+++ /var/tmp/diff_new_pack.mOdJ7V/_new 2020-09-29 19:02:30.169824466 +0200
@@ -4,13 +4,13 @@
References: bnc#865815
Patch-Mainline: no
-Index: tboot-1.9.10/tboot/20_linux_xen_tboot
+Index: tboot-1.9.12/tboot/20_linux_xen_tboot
===
tboot-1.9.10.orig/tboot/20_linux_xen_tboot
-+++ tboot-1.9.10/tboot/20_linux_xen_tboot
+--- tboot-1.9.12.orig/tboot/20_linux_xen_tboot
tboot-1.9.12/tboot/20_linux_xen_tboot
@@ -232,7 +232,7 @@ while [ "x${xen_list}" != "x" ] ; do
rel_tboot_dirname=`make_system_path_relative_to_its_root
$tboot_dirname`
- tboot_version="1.9.10"
+ tboot_version="1.9.12"
list="${linux_list}"
-echo "submenu \"Xen ${xen_version}\" \"Tboot ${tboot_version}\"{"
+echo "submenu \"Xen ${xen_version} with Tboot ${tboot_version}\"{"
commit tboot for openSUSE:Factory
Hello community,
here is the log from the commit of package tboot for openSUSE:Factory checked
in at 2019-07-16 08:41:50
Comparing /work/SRC/openSUSE:Factory/tboot (Old)
and /work/SRC/openSUSE:Factory/.tboot.new.1887 (New)
Package is "tboot"
Tue Jul 16 08:41:50 2019 rev:41 rq:715443 version:20190520_1.9.10
Changes:
--- /work/SRC/openSUSE:Factory/tboot/tboot.changes 2019-07-11
13:19:03.742754747 +0200
+++ /work/SRC/openSUSE:Factory/.tboot.new.1887/tboot.changes2019-07-16
08:41:51.451025200 +0200
@@ -1,0 +2,5 @@
+Fri Jul 12 16:24:27 UTC 2019 - Martin Liška
+
+- Disable LTO in more elegant way (boo#1141323).
+
+---
Other differences:
--
++ tboot.spec ++
--- /var/tmp/diff_new_pack.yCPv2f/_old 2019-07-16 08:41:52.003024903 +0200
+++ /var/tmp/diff_new_pack.yCPv2f/_new 2019-07-16 08:41:52.007024901 +0200
@@ -62,8 +62,8 @@
%build
# Tumbleweed now uses -flto=3 by default which gives us trouble with the
# statically linked C and assembler code in tboot. Better to be conservative
-# here since tboot is low level stuff -> disable LTO for us.
-export CFLAGS="%{optflags} -fno-lto"
+# here since tboot is low level stuff -> disable LTO for us (boo#1141323).
+%define _lto_cflags %{nil}
export TBOOT_CFLAGS="$CFLAGS"
make debug=y %{?_smp_mflags}
commit tboot for openSUSE:Factory
Hello community,
here is the log from the commit of package tboot for openSUSE:Factory checked
in at 2019-07-11 13:18:55
Comparing /work/SRC/openSUSE:Factory/tboot (Old)
and /work/SRC/openSUSE:Factory/.tboot.new.4615 (New)
Package is "tboot"
Thu Jul 11 13:18:55 2019 rev:40 rq:714590 version:20190520_1.9.10
Changes:
--- /work/SRC/openSUSE:Factory/tboot/tboot.changes 2019-06-18
14:56:03.477414155 +0200
+++ /work/SRC/openSUSE:Factory/.tboot.new.4615/tboot.changes2019-07-11
13:19:03.742754747 +0200
@@ -1,0 +2,6 @@
+Thu Jul 11 08:06:42 UTC 2019 - mgerstner
+
+- explicitly disable gcc9 link time optimization to fix the build and avoid
+ trouble in low level tboot code.
+
+---
Other differences:
--
++ tboot.spec ++
--- /var/tmp/diff_new_pack.JNoxW8/_old 2019-07-11 13:19:04.498754509 +0200
+++ /var/tmp/diff_new_pack.JNoxW8/_new 2019-07-11 13:19:04.502754508 +0200
@@ -60,7 +60,10 @@
%patch8 -p1
%build
-export CFLAGS="%{optflags}"
+# Tumbleweed now uses -flto=3 by default which gives us trouble with the
+# statically linked C and assembler code in tboot. Better to be conservative
+# here since tboot is low level stuff -> disable LTO for us.
+export CFLAGS="%{optflags} -fno-lto"
export TBOOT_CFLAGS="$CFLAGS"
make debug=y %{?_smp_mflags}
commit tboot for openSUSE:Factory
Hello community,
here is the log from the commit of package tboot for openSUSE:Factory checked
in at 2019-06-18 14:56:00
Comparing /work/SRC/openSUSE:Factory/tboot (Old)
and /work/SRC/openSUSE:Factory/.tboot.new.4811 (New)
Package is "tboot"
Tue Jun 18 14:56:00 2019 rev:39 rq:705831 version:20190520_1.9.10
Changes:
--- /work/SRC/openSUSE:Factory/tboot/tboot.changes 2019-05-21
10:39:55.119105248 +0200
+++ /work/SRC/openSUSE:Factory/.tboot.new.4811/tboot.changes2019-06-18
14:56:03.477414155 +0200
@@ -1,0 +2,6 @@
+Tue May 28 08:19:14 UTC 2019 - mgerstner
+
+- add disable-address-of-packed-member-warning.patch: taken over patch found
+ in the Fedora package to disable a new gcc-9 warning that breaks the build.
+
+---
New:
disable-address-of-packed-member-warning.patch
Other differences:
--
++ tboot.spec ++
--- /var/tmp/diff_new_pack.9FeuGF/_old 2019-06-18 14:56:04.113413757 +0200
+++ /var/tmp/diff_new_pack.9FeuGF/_new 2019-06-18 14:56:04.117413755 +0200
@@ -28,6 +28,9 @@
Patch3: tboot-grub2-fix-menu-in-xen-host-server.patch
Patch4: tboot-grub2-fix-xen-submenu-name.patch
Patch7: tboot-distributor.patch
+# This patch should be removed once upstream has a stock solution for the
+# gcc-9 warning
+Patch8: disable-address-of-packed-member-warning.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
ExclusiveArch: %{ix86} x86_64
BuildRequires: openssl-devel
@@ -54,6 +57,7 @@
%patch3 -p1
%patch4 -p1
%patch7 -p1
+%patch8 -p1
%build
export CFLAGS="%{optflags}"
++ disable-address-of-packed-member-warning.patch ++
>From 1cf1c3e6af1f43555de7ec89cd1e8bc3ea0aaefe Mon Sep 17 00:00:00 2001
From: Yunying Sun
Date: Mon, 13 May 2019 17:26:13 +0800
Subject: [PATCH] disable address of packed member warning
---
Config.mk | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Config.mk b/Config.mk
index 6a64d1a..27bce1b 100644
--- a/Config.mk
+++ b/Config.mk
@@ -43,7 +43,7 @@ CFLAGS_WARN = -Wall -Wformat-security -Werror
-Wstrict-prototypes \
-Wextra -Winit-self -Wswitch-default -Wunused-parameter \
-Wwrite-strings \
$(call cc-option,$(CC),-Wlogical-op,) \
- -Wno-missing-field-initializers
+ -Wno-missing-field-initializers
-Wno-address-of-packed-member
AS = as
LD = ld
--
2.21.0
commit tboot for openSUSE:Factory
Hello community,
here is the log from the commit of package tboot for openSUSE:Factory checked
in at 2019-05-21 10:39:20
Comparing /work/SRC/openSUSE:Factory/tboot (Old)
and /work/SRC/openSUSE:Factory/.tboot.new.5148 (New)
Package is "tboot"
Tue May 21 10:39:20 2019 rev:38 rq:704217 version:20190520_1.9.10
Changes:
--- /work/SRC/openSUSE:Factory/tboot/tboot.changes 2019-01-21
10:53:02.531823717 +0100
+++ /work/SRC/openSUSE:Factory/.tboot.new.5148/tboot.changes2019-05-21
10:39:55.119105248 +0200
@@ -1,0 +2,17 @@
+Mon May 20 11:21:46 UTC 2019 - mgerstner
+
+- update to new upstream release 1.9.10:
+- changes from 1.9.10:
+- lcp-gen2: update with latest version (wxWidgets wildcard bugfix)
+- print latest tag in logs
+- add support for 64bit framebuffer address
+- changes from 1.9.9:
+- tools: fix some dereference-NULL issues reported by klocwork
+- tools: replace banned mem/str fns with corresponding ones in
safestringlib
+- Add safestringlib code to support replacement of banned mem/str fns
+- lcptools: remove tools supporting platforms before 2008
+- tboot: update string/memory fn name to differentiate from c lib
+- Fix a harmless overflow caused by wrong loop limits
+- rebased patches to match new upstream version
+
+---
Old:
tboot-1.9.8.tar.gz
New:
tboot-1.9.10.tar.gz
Other differences:
--
++ tboot.spec ++
--- /var/tmp/diff_new_pack.dVEaIQ/_old 2019-05-21 10:39:56.231104526 +0200
+++ /var/tmp/diff_new_pack.dVEaIQ/_new 2019-05-21 10:39:56.235104523 +0200
@@ -12,13 +12,13 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: tboot
-%define ver 1.9.8
-Version:20170711_%{ver}
+%define ver 1.9.10
+Version:20190520_%{ver}
Release:0
Summary:Program for performing a verified launch using Intel TXT
License:BSD-3-Clause
@@ -32,6 +32,7 @@
ExclusiveArch: %{ix86} x86_64
BuildRequires: openssl-devel
BuildRequires: trousers-devel
+BuildRequires: zlib-devel
%if 0%{?suse_version} > 1320
BuildRequires: update-bootloader-rpm-macros
@@ -64,14 +65,8 @@
%files
%defattr(-,root,root,-)
-%doc README COPYING docs/* lcptools/lcptools2.txt
lcptools/Linux_LCP_Tools_User_Manual.pdf
+%doc README COPYING docs/* lcptools-v2/lcptools.txt
lcptools/Linux_LCP_Tools_User_Manual.pdf
%{_sbindir}/acminfo
-%{_sbindir}/lcp_crtpconf
-%{_sbindir}/lcp_crtpol
-%{_sbindir}/lcp_crtpol2
-%{_sbindir}/lcp_crtpolelt
-%{_sbindir}/lcp_crtpollist
-%{_sbindir}/lcp_mlehash
%{_sbindir}/lcp_readpol
%{_sbindir}/lcp_writepol
%{_sbindir}/parse_err
++ tboot-1.9.8.tar.gz -> tboot-1.9.10.tar.gz ++
40130 lines of diff (skipped)
++ tboot-grub2-fix-xen-submenu-name.patch ++
--- /var/tmp/diff_new_pack.dVEaIQ/_old 2019-05-21 10:39:56.395104419 +0200
+++ /var/tmp/diff_new_pack.dVEaIQ/_new 2019-05-21 10:39:56.395104419 +0200
@@ -4,13 +4,13 @@
References: bnc#865815
Patch-Mainline: no
-Index: tboot-1.9.8/tboot/20_linux_xen_tboot
+Index: tboot-1.9.10/tboot/20_linux_xen_tboot
===
tboot-1.9.8.orig/tboot/20_linux_xen_tboot
-+++ tboot-1.9.8/tboot/20_linux_xen_tboot
+--- tboot-1.9.10.orig/tboot/20_linux_xen_tboot
tboot-1.9.10/tboot/20_linux_xen_tboot
@@ -232,7 +232,7 @@ while [ "x${xen_list}" != "x" ] ; do
rel_tboot_dirname=`make_system_path_relative_to_its_root
$tboot_dirname`
- tboot_version="1.9.8"
+ tboot_version="1.9.10"
list="${linux_list}"
-echo "submenu \"Xen ${xen_version}\" \"Tboot ${tboot_version}\"{"
+echo "submenu \"Xen ${xen_version} with Tboot ${tboot_version}\"{"
commit tboot for openSUSE:Factory
Hello community, here is the log from the commit of package tboot for openSUSE:Factory checked in at 2019-01-21 10:52:52 Comparing /work/SRC/openSUSE:Factory/tboot (Old) and /work/SRC/openSUSE:Factory/.tboot.new.28833 (New) Package is "tboot" Mon Jan 21 10:52:52 2019 rev:37 rq:665950 version:20170711_1.9.8 Changes: --- /work/SRC/openSUSE:Factory/tboot/tboot.changes 2018-10-25 09:11:30.730319613 +0200 +++ /work/SRC/openSUSE:Factory/.tboot.new.28833/tboot.changes 2019-01-21 10:53:02.531823717 +0100 @@ -4 +4 @@ -- update to new upstream release 1.9.8: +- update to new upstream release 1.9.8 (FATE#324359): Other differences: -- ++ tboot.spec ++ --- /var/tmp/diff_new_pack.1C0BCS/_old 2019-01-21 10:53:03.895822068 +0100 +++ /var/tmp/diff_new_pack.1C0BCS/_new 2019-01-21 10:53:03.895822068 +0100 @@ -1,7 +1,7 @@ # # spec file for package tboot # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed
commit tboot for openSUSE:Factory
Hello community,
here is the log from the commit of package tboot for openSUSE:Factory checked
in at 2018-10-25 09:11:30
Comparing /work/SRC/openSUSE:Factory/tboot (Old)
and /work/SRC/openSUSE:Factory/.tboot.new (New)
Package is "tboot"
Thu Oct 25 09:11:30 2018 rev:36 rq:644201 version:20170711_1.9.8
Changes:
--- /work/SRC/openSUSE:Factory/tboot/tboot.changes 2018-09-15
15:41:21.192784743 +0200
+++ /work/SRC/openSUSE:Factory/.tboot.new/tboot.changes 2018-10-25
09:11:30.730319613 +0200
@@ -1,0 +2,10 @@
+Wed Oct 24 08:44:04 UTC 2018 - matthias.gerst...@suse.com
+
+- update to new upstream release 1.9.8:
+- Skip tboot launch error index read/write when ignore prev err option
is true
+- s3-fix: fix a stack overflow caused by enlarged tb_hash_t union
+- S3 fix: revert the mis-changed type casting in changeset
522:8e881a07c059
+- S3-fix: Adding option save_vtd=true to opt-in the vtd table restore
+- rebased patches to match new upstream version
+
+---
Old:
tboot-1.9.7.tar.gz
New:
tboot-1.9.8.tar.gz
Other differences:
--
++ tboot.spec ++
--- /var/tmp/diff_new_pack.rKPaqF/_old 2018-10-25 09:11:31.150319362 +0200
+++ /var/tmp/diff_new_pack.rKPaqF/_new 2018-10-25 09:11:31.154319359 +0200
@@ -17,7 +17,7 @@
Name: tboot
-%define ver 1.9.7
+%define ver 1.9.8
Version:20170711_%{ver}
Release:0
Summary:Program for performing a verified launch using Intel TXT
++ tboot-1.9.7.tar.gz -> tboot-1.9.8.tar.gz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tboot-1.9.7/.hg_archival.txt
new/tboot-1.9.8/.hg_archival.txt
--- old/tboot-1.9.7/.hg_archival.txt2018-09-03 10:43:39.0 +0200
+++ new/tboot-1.9.8/.hg_archival.txt2018-10-18 06:55:47.0 +0200
@@ -1,4 +1,5 @@
repo: cedd93279188334eb41d248d5eb70a41a2bc70ca
-node: fa126d410df0916f0bab32a882349eb401597d5f
+node: bde570f28820ea6cfc4a12fecec9f51e867e28ca
branch: default
-tag: v1.9.7
+latesttag: v1.9.8
+latesttagdistance: 1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tboot-1.9.7/.hgtags new/tboot-1.9.8/.hgtags
--- old/tboot-1.9.7/.hgtags 2018-09-03 10:43:39.0 +0200
+++ new/tboot-1.9.8/.hgtags 2018-10-18 06:55:47.0 +0200
@@ -17,3 +17,6 @@
698548a9b9fe6201361d19099100f8eb59fad4f6 v1.9.5
61c17659bb8670e466c3bac8913459848f5f36d5 v1.9.6
11613463d703e203785b2e4dc9447d76530266c4 v1.9.7
+11613463d703e203785b2e4dc9447d76530266c4 v1.9.7
+fa126d410df0916f0bab32a882349eb401597d5f v1.9.7
+dbc7b1d289f848c3d88a9d4694d67fd409f48039 v1.9.8
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tboot-1.9.7/CHANGELOG new/tboot-1.9.8/CHANGELOG
--- old/tboot-1.9.7/CHANGELOG 2018-09-03 10:43:39.0 +0200
+++ new/tboot-1.9.8/CHANGELOG 2018-10-18 06:55:47.0 +0200
@@ -1,3 +1,8 @@
+20181011: v1.9.8
+Skip tboot launch error index read/write when ignore prev err option
is true
+s3-fix: fix a stack overflow caused by enlarged tb_hash_t union
+S3 fix: revert the mis-changed type casting in changeset
522:8e881a07c059
+S3-fix: Adding option save_vtd=true to opt-in the vtd table restore
20180830: v1.9.7
Fix a lot of issues in tools reported by klocwork scan.
Fix a lot of issues in tboot module reported by klocwork scan.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tboot-1.9.7/README new/tboot-1.9.8/README
--- old/tboot-1.9.7/README 2018-09-03 10:43:39.0 +0200
+++ new/tboot-1.9.8/README 2018-10-18 06:55:47.0 +0200
@@ -315,6 +315,16 @@
setting provides a way to force use of the legacy log format for TPM 2
systems:
force_tpm2_legacy_log=false|true // defaults to false
+o Opt-in the vtd dmar table save/restore process
+ With recent kernel (4.16.3 in fedora28), the acpi table seems changed by
+ kernel. So function restore_vtd_dmar_table() will not work as expected to
+ find the vtd dmar table and restore it in S3 resume, instead, the system
will
+ run into a hang or a reset.
+
+ To solve the S3 issue but still keep vtd dmar table save/restore process for
+ specific case, add below option:
+ save_vtd=false|true // defaults to false
+
PCR Usage:
-
o Legacy PCR mapping
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tboot-1.9.7/tboot/20_linux_tboot
new/tboot-1.9.8/tboot/20_linux_tboot
--- old/tboot-1.9.7/tboot/20_linux_tboot2018-09-03 10:43:39.0
+020
commit tboot for openSUSE:Factory
Hello community,
here is the log from the commit of package tboot for openSUSE:Factory checked
in at 2018-09-04 22:56:37
Comparing /work/SRC/openSUSE:Factory/tboot (Old)
and /work/SRC/openSUSE:Factory/.tboot.new (New)
Package is "tboot"
Tue Sep 4 22:56:37 2018 rev:34 rq:632828 version:20170711_1.9.7
Changes:
--- /work/SRC/openSUSE:Factory/tboot/tboot.changes 2018-09-03
10:35:47.164775305 +0200
+++ /work/SRC/openSUSE:Factory/.tboot.new/tboot.changes 2018-09-04
22:56:40.725105135 +0200
@@ -1,0 +2,9 @@
+Mon Sep 3 10:11:39 UTC 2018 - matthias.gerst...@suse.com
+
+- package new upstream tarball for 1.9.7. It seems the tarball was replaced
+ upstream without notice, because some version numbers have not been
+ incremented.
+- tboot-grub2-fix-menu-in-xen-host-server.patch: rebased
+- tboot-grub2-fix-xen-submenu-name.patch: rebased
+
+---
Other differences:
--
++ tboot-1.9.7.tar.gz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tboot-1.9.7/.hg_archival.txt
new/tboot-1.9.7/.hg_archival.txt
--- old/tboot-1.9.7/.hg_archival.txt2018-08-30 12:15:12.0 +0200
+++ new/tboot-1.9.7/.hg_archival.txt2018-09-03 10:43:39.0 +0200
@@ -1,4 +1,4 @@
repo: cedd93279188334eb41d248d5eb70a41a2bc70ca
-node: 11613463d703e203785b2e4dc9447d76530266c4
+node: fa126d410df0916f0bab32a882349eb401597d5f
branch: default
tag: v1.9.7
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tboot-1.9.7/.hgtags new/tboot-1.9.7/.hgtags
--- old/tboot-1.9.7/.hgtags 2018-08-30 12:15:12.0 +0200
+++ new/tboot-1.9.7/.hgtags 2018-09-03 10:43:39.0 +0200
@@ -16,3 +16,4 @@
9d8ee7ff40107fde7512b0a9196c568152ce1c72 v1.9.4
698548a9b9fe6201361d19099100f8eb59fad4f6 v1.9.5
61c17659bb8670e466c3bac8913459848f5f36d5 v1.9.6
+11613463d703e203785b2e4dc9447d76530266c4 v1.9.7
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tboot-1.9.7/tboot/20_linux_tboot
new/tboot-1.9.7/tboot/20_linux_tboot
--- old/tboot-1.9.7/tboot/20_linux_tboot2018-08-30 12:15:12.0
+0200
+++ new/tboot-1.9.7/tboot/20_linux_tboot2018-09-03 10:43:39.0
+0200
@@ -201,7 +201,7 @@
tboot_dirname=`dirname ${current_tboot}`
rel_tboot_dirname=`make_system_path_relative_to_its_root $tboot_dirname`
#tboot_version=`echo $tboot_basename | sed -e "s,.gz$,,g;s,^tboot-,,g"`
-tboot_version="1.9.6"
+tboot_version="1.9.7"
echo "submenu \"tboot ${tboot_version}\" {"
while [ "x$list" != "x" ] ; do
linux=`version_find_latest $list`
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tboot-1.9.7/tboot/20_linux_xen_tboot
new/tboot-1.9.7/tboot/20_linux_xen_tboot
--- old/tboot-1.9.7/tboot/20_linux_xen_tboot2018-08-30 12:15:12.0
+0200
+++ new/tboot-1.9.7/tboot/20_linux_xen_tboot2018-09-03 10:43:39.0
+0200
@@ -216,7 +216,7 @@
tboot_basename=`basename ${current_tboot}`
tboot_dirname=`dirname ${current_tboot}`
rel_tboot_dirname=`make_system_path_relative_to_its_root
$tboot_dirname`
-tboot_version="1.9.6"
+tboot_version="1.9.7"
list="${linux_list}"
echo "submenu \"Xen ${xen_version}\" \"Tboot ${tboot_version}\"{"
while [ "x$list" != "x" ] ; do
++ tboot-grub2-fix-menu-in-xen-host-server.patch ++
--- /var/tmp/diff_new_pack.moqifS/_old 2018-09-04 22:56:41.189106719 +0200
+++ /var/tmp/diff_new_pack.moqifS/_new 2018-09-04 22:56:41.189106719 +0200
@@ -23,10 +23,10 @@
References: bnc#865815
Porting to tboot in order to fix duplicated xen entries
-Index: tboot-1.9.6/tboot/20_linux_tboot
+Index: tboot-1.9.7/tboot/20_linux_tboot
===
tboot-1.9.6.orig/tboot/20_linux_tboot
-+++ tboot-1.9.6/tboot/20_linux_tboot
+--- tboot-1.9.7.orig/tboot/20_linux_tboot
tboot-1.9.7/tboot/20_linux_tboot
@@ -225,6 +225,49 @@ while [ "x${tboot_list}" != "x" ] && [ "
break
fi
@@ -77,10 +77,10 @@
if test -n "${initrd}" ; then
echo "Found initrd image: ${dirname}/${initrd}" >&2
else
-Index: tboot-1.9.6/tboot/20_linux_xen_tboot
+Index: tboot-1.9.7/tboot/20_linux_xen_tboot
===
tboot-1.9.6.orig/tboot/20_linux_xen_tboot
-+++ tboot-1.9.6/tboot/20_linux_xen_tboot
+--- tboot-1.9.7.orig/tboot/20_linux_xen_tboot
tboot-1.9.7/tboot/20_linux_xen_tboot
@@ -52,6 +52,12 @@ fi
export TEXTDOMAIN=grub
export TEXTDOMAINDIR=${prefix}/share/lo
commit tboot for openSUSE:Factory
Hello community,
here is the log from the commit of package tboot for openSUSE:Factory checked
in at 2018-09-03 10:35:45
Comparing /work/SRC/openSUSE:Factory/tboot (Old)
and /work/SRC/openSUSE:Factory/.tboot.new (New)
Package is "tboot"
Mon Sep 3 10:35:45 2018 rev:33 rq:632523 version:20170711_1.9.7
Changes:
--- /work/SRC/openSUSE:Factory/tboot/tboot.changes 2018-03-16
10:45:09.320570880 +0100
+++ /work/SRC/openSUSE:Factory/.tboot.new/tboot.changes 2018-09-03
10:35:47.164775305 +0200
@@ -1,0 +2,31 @@
+Fri Aug 31 14:23:48 UTC 2018 - matthias.gerst...@suse.com
+
+- update to upstream version 1.9.7. This in mainly a bugfix release:
+Fix a lot of issues in tools reported by klocwork scan.
+Fix a lot of issues in tboot module reported by klocwork scan.
+Remove a redundant tboot option
+Fix indent in heap.c
+Fix 4 issues along with extpol=agile option
+Mitigations for tpm interposer attacks
+Add an option in tboot to force SINIT to use the legacy TPM2 log
format.
+Add support for appending to a TPM2 TCG style event log.
+Ensure tboot log is available even when measured launch is skipped.
+Add centos7 instructions for Use in EFI boot mode.
+Fix memory leak and invalid reads and writes issues.
+Fix TPM 1.2 locality selection issue.
+Fix a null pointer dereference bug when Intel TXT is disabled.
+Optimize tboot docs installation.
+Fix security vulnerabilities rooted in tpm_if structure and g_tpm
variable.
+The size field of the MB2 tag is the size of the tag header + the size
+Fix openssl-1.0.2 double frees
+Make policy element stm_elt use unique type name
+lcptools-v2 utilities fixes
+port to openssl-1.1.0
+Reset debug PCR16 to zero.
+Fix a logical error in function bool evtlog_append(...).
+- removed tboot-CVE-2017-16837.patch: now contained in tarball
+- removed tboot-openssl-1-1-0.patch: now contained in tarball
+- removed tboot-signature-segfault.patch: now contained in tarball
+- removed tboot-ssl-broken.patch: now contained in tarball
+
+---
Old:
tboot-1.9.6.tar.gz
tboot-CVE-2017-16837.patch
tboot-openssl-1-1-0.patch
tboot-signature-segfault.patch
tboot-ssl-broken.patch
New:
tboot-1.9.7.tar.gz
Other differences:
--
++ tboot.spec ++
--- /var/tmp/diff_new_pack.1AHo2A/_old 2018-09-03 10:35:47.684776649 +0200
+++ /var/tmp/diff_new_pack.1AHo2A/_new 2018-09-03 10:35:47.684776649 +0200
@@ -17,8 +17,8 @@
Name: tboot
-%define ver 1.9.6
-Version:20170711_1.9.6
+%define ver 1.9.7
+Version:20170711_%{ver}
Release:0
Summary:Performs a verified launch using Intel(R) TXT
License:BSD-3-Clause
@@ -27,15 +27,7 @@
Source0:
http://downloads.sourceforge.net/project/tboot/tboot/tboot-%{ver}.tar.gz
Patch3: tboot-grub2-fix-menu-in-xen-host-server.patch
Patch4: tboot-grub2-fix-xen-submenu-name.patch
-Patch5: tboot-openssl-1-1-0.patch
-Patch6: tboot-CVE-2017-16837.patch
Patch7: tboot-distributor.patch
-# a stark history regarding SSL: ssl functions never really worked in tboot,
-# even the signature-segfault upstream fix didn't fix the root causes.
-# ssl-broken.patch is my own patch that I have published on the tboot-devel
-# mailing list, but no response so far.
-Patch8: tboot-signature-segfault.patch
-Patch9: tboot-ssl-broken.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
ExclusiveArch: %{ix86} x86_64
BuildRequires: openssl-devel
@@ -60,11 +52,7 @@
%setup -q -n %name-%ver
%patch3 -p1
%patch4 -p1
-%patch5 -p1
-%patch6 -p1
%patch7 -p1
-%patch8 -p1
-%patch9 -p1
%build
export CFLAGS="%{optflags}"
++ tboot-1.9.6.tar.gz -> tboot-1.9.7.tar.gz ++
3807 lines of diff (skipped)
commit tboot for openSUSE:Factory
Hello community,
here is the log from the commit of package tboot for openSUSE:Factory checked
in at 2018-03-16 10:43:50
Comparing /work/SRC/openSUSE:Factory/tboot (Old)
and /work/SRC/openSUSE:Factory/.tboot.new (New)
Package is "tboot"
Fri Mar 16 10:43:50 2018 rev:32 rq:587462 version:20170711_1.9.6
Changes:
--- /work/SRC/openSUSE:Factory/tboot/tboot.changes 2018-02-22
15:03:03.836670196 +0100
+++ /work/SRC/openSUSE:Factory/.tboot.new/tboot.changes 2018-03-16
10:45:09.320570880 +0100
@@ -1,0 +2,10 @@
+Thu Mar 15 09:49:03 UTC 2018 - matthias.gerst...@suse.com
+
+- tboot-signature-segfault.patch: Intermediate patch necessary for
+ tboot-ssl-broken.patch. Upstream tried to fix OpenSSL issues here, but
+ failed to do so.
+- tboot-ssl-broken.patch: Fixed memory corruption when using OpenSSL
+ functionality like in lcp2_crtpollist (bnc#1083693). Fix has not yet been
+ commented on by upstream (posted on tboot-devel mailing list).
+
+---
New:
tboot-signature-segfault.patch
tboot-ssl-broken.patch
Other differences:
--
++ tboot.spec ++
--- /var/tmp/diff_new_pack.uywoS8/_old 2018-03-16 10:45:10.376532857 +0100
+++ /var/tmp/diff_new_pack.uywoS8/_new 2018-03-16 10:45:10.380532713 +0100
@@ -30,7 +30,12 @@
Patch5: tboot-openssl-1-1-0.patch
Patch6: tboot-CVE-2017-16837.patch
Patch7: tboot-distributor.patch
-# PATCH-FIX-UPSTREAM -- https://sourceforge.net/p/tboot/code/merge-requests/1/
+# a stark history regarding SSL: ssl functions never really worked in tboot,
+# even the signature-segfault upstream fix didn't fix the root causes.
+# ssl-broken.patch is my own patch that I have published on the tboot-devel
+# mailing list, but no response so far.
+Patch8: tboot-signature-segfault.patch
+Patch9: tboot-ssl-broken.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
ExclusiveArch: %{ix86} x86_64
BuildRequires: openssl-devel
@@ -58,6 +63,8 @@
%patch5 -p1
%patch6 -p1
%patch7 -p1
+%patch8 -p1
+%patch9 -p1
%build
export CFLAGS="%{optflags}"
@@ -107,7 +114,7 @@
%postun
%if 0%{?update_bootloader_check_type_reinit_post:1}
# there is no clean solution for refresh during package removal at the moment.
-# %posttrans is not executed during package removal.
+# %%posttrans is not executed during package removal.
%update_bootloader_check_type_reinit_post grub2 grub2-efi
%update_bootloader_posttrans
%else
++ tboot-signature-segfault.patch ++
changeset: 506:09fae64a7515
user:Ning Sun
date:Sat Sep 02 01:40:15 2017 -0700
summary: Fix openssl-1.0.2 double frees
Index: tboot-1.9.6/lcptools-v2/crtpollist.c
===
--- tboot-1.9.6.orig/lcptools-v2/crtpollist.c
+++ tboot-1.9.6/lcptools-v2/crtpollist.c
@@ -160,15 +160,14 @@ static lcp_signature_t2 *read_rsa_pubkey
memset(sig, 0, sizeof(lcp_rsa_signature_t) + 2*keysize);
sig->rsa_signature.pubkey_size = keysize;
-
-BIGNUM *modulus = BN_new();
-
+
/* OpenSSL Version 1.1.0 and later don't allow direct access to RSA
stuct */
#if OPENSSL_VERSION_NUMBER >= 0x1010L
+BIGNUM *modulus = BN_new();
RSA_get0_key(pubkey, (const BIGNUM **)&modulus, NULL, NULL);
#else
-modulus = pubkey->n;
+BIGNUM *modulus = BN_dup(pubkey->n);
#endif
unsigned char key[keysize];
Index: tboot-1.9.6/lcptools-v2/lcputils.c
===
--- tboot-1.9.6.orig/lcptools-v2/lcputils.c
+++ tboot-1.9.6/lcptools-v2/lcputils.c
@@ -384,8 +384,8 @@ bool verify_signature(const uint8_t *dat
#if OPENSSL_VERSION_NUMBER >= 0x1010L
RSA_set0_key(rsa_pubkey, modulus, exponent, NULL);
#else
-rsa_pubkey->n = modulus;
-rsa_pubkey->e = exponent;
+rsa_pubkey->n = BN_dup(modulus);
+rsa_pubkey->e = BN_dup(exponent);
rsa_pubkey->d = rsa_pubkey->p = rsa_pubkey->q = NULL;
#endif
Index: tboot-1.9.6/lcptools/crtpollist.c
===
--- tboot-1.9.6.orig/lcptools/crtpollist.c
+++ tboot-1.9.6/lcptools/crtpollist.c
@@ -155,14 +155,14 @@ static lcp_signature_t *read_pubkey_file
memset(sig, 0, sizeof(*sig) + 2*keysize);
sig->pubkey_size = keysize;
-
-BIGNUM *modulus = BN_new();
+
/* OpenSSL Version 1.1.0 and later don't allow direct access to RSA
stuct */
#if OPENSSL_VERSION_NUMBER >= 0x1010L
+BIGNUM *modulus = BN_new();
RSA_get0_key(pubkey, (const BIGNUM **)&modulus, NULL, NULL);
#else
- modulus = pubkey->n;
+
commit tboot for openSUSE:Factory
Hello community,
here is the log from the commit of package tboot for openSUSE:Factory checked
in at 2018-02-22 15:03:00
Comparing /work/SRC/openSUSE:Factory/tboot (Old)
and /work/SRC/openSUSE:Factory/.tboot.new (New)
Package is "tboot"
Thu Feb 22 15:03:00 2018 rev:31 rq:578926 version:20170711_1.9.6
Changes:
--- /work/SRC/openSUSE:Factory/tboot/tboot.changes 2018-02-20
17:55:42.417099729 +0100
+++ /work/SRC/openSUSE:Factory/.tboot.new/tboot.changes 2018-02-22
15:03:03.836670196 +0100
@@ -1,0 +2,6 @@
+Wed Feb 21 12:26:10 UTC 2018 - matthias.gerst...@suse.com
+
+- Also cover cleanup of bootloader configuration after package removal.
+ (bnc#1078262)
+
+---
Other differences:
--
++ tboot.spec ++
--- /var/tmp/diff_new_pack.yO4Otj/_old 2018-02-22 15:03:05.420613218 +0100
+++ /var/tmp/diff_new_pack.yO4Otj/_new 2018-02-22 15:03:05.420613218 +0100
@@ -104,6 +104,16 @@
/sbin/update-bootloader --reinit || true
%endif
+%postun
+%if 0%{?update_bootloader_check_type_reinit_post:1}
+# there is no clean solution for refresh during package removal at the moment.
+# %posttrans is not executed during package removal.
+%update_bootloader_check_type_reinit_post grub2 grub2-efi
+%update_bootloader_posttrans
+%else
+/sbin/update-bootloader --reinit || true
+%endif
+
%posttrans
%{?update_bootloader_posttrans}
commit tboot for openSUSE:Factory
Hello community,
here is the log from the commit of package tboot for openSUSE:Factory checked
in at 2018-02-20 17:55:30
Comparing /work/SRC/openSUSE:Factory/tboot (Old)
and /work/SRC/openSUSE:Factory/.tboot.new (New)
Package is "tboot"
Tue Feb 20 17:55:30 2018 rev:30 rq:578146 version:20170711_1.9.6
Changes:
--- /work/SRC/openSUSE:Factory/tboot/tboot.changes 2017-11-16
14:04:31.529990698 +0100
+++ /work/SRC/openSUSE:Factory/.tboot.new/tboot.changes 2018-02-20
17:55:42.417099729 +0100
@@ -1,0 +2,8 @@
+Mon Feb 12 13:27:20 UTC 2018 - matthias.gerst...@suse.com
+
+- tboot-distributor.patch: don't add GNU/Linux to grub menu entries. SUSE's
+ grub2 itself doesn't do it as well. (bnc#1078262)
+- perform update of bootloader configuration after installation via
+ %posttrans. (bnc#1078262)
+
+---
New:
tboot-distributor.patch
Other differences:
--
++ tboot.spec ++
--- /var/tmp/diff_new_pack.GBApMh/_old 2018-02-20 17:55:43.729052489 +0100
+++ /var/tmp/diff_new_pack.GBApMh/_new 2018-02-20 17:55:43.733052345 +0100
@@ -1,7 +1,7 @@
#
# spec file for package tboot
#
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -29,11 +29,22 @@
Patch4: tboot-grub2-fix-xen-submenu-name.patch
Patch5: tboot-openssl-1-1-0.patch
Patch6: tboot-CVE-2017-16837.patch
+Patch7: tboot-distributor.patch
# PATCH-FIX-UPSTREAM -- https://sourceforge.net/p/tboot/code/merge-requests/1/
BuildRoot: %{_tmppath}/%{name}-%{version}-build
+ExclusiveArch: %{ix86} x86_64
BuildRequires: openssl-devel
BuildRequires: trousers-devel
-ExclusiveArch: %{ix86} x86_64
+
+%if 0%{?suse_version} > 1320
+BuildRequires: update-bootloader-rpm-macros
+%endif
+
+%if 0%{?update_bootloader_requires:1}
+%update_bootloader_requires
+%else
+Requires: perl-Bootloader
+%endif
%description
Trusted Boot (tboot) is a pre-kernel/VMM module that uses Intel(R)
@@ -46,6 +57,7 @@
%patch4 -p1
%patch5 -p1
%patch6 -p1
+%patch7 -p1
%build
export CFLAGS="%{optflags}"
@@ -85,4 +97,14 @@
%{_sysconfdir}/grub.d/20_linux_tboot
%{_sysconfdir}/grub.d/20_linux_xen_tboot
+%post
+%if 0%{?update_bootloader_check_type_reinit_post:1}
+%update_bootloader_check_type_reinit_post grub2 grub2-efi
+%else
+/sbin/update-bootloader --reinit || true
+%endif
+
+%posttrans
+%{?update_bootloader_posttrans}
+
%changelog
++ tboot-distributor.patch ++
Index: tboot-1.9.6/tboot/20_linux_tboot
===
--- tboot-1.9.6.orig/tboot/20_linux_tboot
+++ tboot-1.9.6/tboot/20_linux_tboot
@@ -72,7 +72,7 @@ CLASS="--class gnu-linux --class gnu --c
if [ "x${GRUB_DISTRIBUTOR}" = "x" ] ; then
OS=GNU/Linux
else
- OS="${GRUB_DISTRIBUTOR} GNU/Linux"
+ OS="${GRUB_DISTRIBUTOR}"
CLASS="--class $(echo ${GRUB_DISTRIBUTOR} | tr '[A-Z]' '[a-z]' | cut -d' '
-f1) ${CLASS}"
fi
Index: tboot-1.9.6/tboot/20_linux_xen_tboot
===
--- tboot-1.9.6.orig/tboot/20_linux_xen_tboot
+++ tboot-1.9.6/tboot/20_linux_xen_tboot
@@ -63,7 +63,7 @@ CLASS="--class gnu-linux --class gnu --c
if [ "x${GRUB_DISTRIBUTOR}" = "x" ] ; then
OS=GNU/Linux
else
- OS="${GRUB_DISTRIBUTOR} GNU/Linux"
+ OS="${GRUB_DISTRIBUTOR}"
CLASS="--class $(echo ${GRUB_DISTRIBUTOR} | tr 'A-Z' 'a-z' | cut -d' ' -f1)
${CLASS}"
fi
commit tboot for openSUSE:Factory
Hello community,
here is the log from the commit of package tboot for openSUSE:Factory checked
in at 2017-11-16 14:04:28
Comparing /work/SRC/openSUSE:Factory/tboot (Old)
and /work/SRC/openSUSE:Factory/.tboot.new (New)
Package is "tboot"
Thu Nov 16 14:04:28 2017 rev:29 rq:542218 version:20170711_1.9.6
Changes:
--- /work/SRC/openSUSE:Factory/tboot/tboot.changes 2017-11-11
14:20:13.289846699 +0100
+++ /work/SRC/openSUSE:Factory/.tboot.new/tboot.changes 2017-11-16
14:04:31.529990698 +0100
@@ -1,0 +2,8 @@
+Thu Nov 16 09:49:48 UTC 2017 - matthias.gerst...@suse.com
+
+- tboot-CVE-2017-16837.patch: fix a major security issue in tboot. tboot
+ failed to validate a number of immutable function pointers, which could
+ allow an attacker to bypass the chain of trust and execute arbitrary code
+ (bnc#1068390, CVE-2017-16837).
+
+---
New:
tboot-CVE-2017-16837.patch
Other differences:
--
++ tboot.spec ++
--- /var/tmp/diff_new_pack.HgRMut/_old 2017-11-16 14:04:32.277963588 +0100
+++ /var/tmp/diff_new_pack.HgRMut/_new 2017-11-16 14:04:32.281963443 +0100
@@ -28,6 +28,7 @@
Patch3: tboot-grub2-fix-menu-in-xen-host-server.patch
Patch4: tboot-grub2-fix-xen-submenu-name.patch
Patch5: tboot-openssl-1-1-0.patch
+Patch6: tboot-CVE-2017-16837.patch
# PATCH-FIX-UPSTREAM -- https://sourceforge.net/p/tboot/code/merge-requests/1/
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: openssl-devel
@@ -44,6 +45,7 @@
%patch3 -p1
%patch4 -p1
%patch5 -p1
+%patch6 -p1
%build
export CFLAGS="%{optflags}"
++ tboot-CVE-2017-16837.patch ++
1059 lines (skipped)
commit tboot for openSUSE:Factory
Hello community,
here is the log from the commit of package tboot for openSUSE:Factory checked
in at 2017-11-11 14:19:52
Comparing /work/SRC/openSUSE:Factory/tboot (Old)
and /work/SRC/openSUSE:Factory/.tboot.new (New)
Package is "tboot"
Sat Nov 11 14:19:52 2017 rev:28 rq:540236 version:20170711_1.9.6
Changes:
--- /work/SRC/openSUSE:Factory/tboot/tboot.changes 2017-07-21
22:48:03.468082005 +0200
+++ /work/SRC/openSUSE:Factory/.tboot.new/tboot.changes 2017-11-11
14:20:13.289846699 +0100
@@ -1,0 +2,7 @@
+Thu Nov 9 14:08:59 UTC 2017 - matthias.gerst...@suse.com
+
+- tboot-openssl-1-1-0.patch: make package compatible with OpenSSL 1.1.0.
+ There's no upstream release containing this patch yet. The patch builds
+ against OpenSSL 1.0.x as well. This is for SLE-15 support (bnc#1067229).
+
+---
New:
tboot-openssl-1-1-0.patch
Other differences:
--
++ tboot.spec ++
--- /var/tmp/diff_new_pack.oHhwNa/_old 2017-11-11 14:20:15.837753319 +0100
+++ /var/tmp/diff_new_pack.oHhwNa/_new 2017-11-11 14:20:15.841753173 +0100
@@ -27,6 +27,7 @@
Source0:
http://downloads.sourceforge.net/project/tboot/tboot/tboot-%{ver}.tar.gz
Patch3: tboot-grub2-fix-menu-in-xen-host-server.patch
Patch4: tboot-grub2-fix-xen-submenu-name.patch
+Patch5: tboot-openssl-1-1-0.patch
# PATCH-FIX-UPSTREAM -- https://sourceforge.net/p/tboot/code/merge-requests/1/
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: openssl-devel
@@ -42,6 +43,7 @@
%setup -q -n %name-%ver
%patch3 -p1
%patch4 -p1
+%patch5 -p1
%build
export CFLAGS="%{optflags}"
++ tboot-openssl-1-1-0.patch ++
changeset: 503:2bb331ec268d
user:Ning Sun
date:Mon Aug 28 02:10:28 2017 -0700
summary: port to openssl-1.1.0
diff -r e57efe410a90 -r 2bb331ec268d lcptools/hash.c
--- a/lcptools/hash.c Mon Jul 24 05:34:17 2017 -0700
+++ b/lcptools/hash.c Mon Aug 28 02:10:28 2017 -0700
@@ -74,13 +74,18 @@
return false;
if ( hash_alg == TB_HALG_SHA1_LG ) {
-EVP_MD_CTX ctx;
+EVP_MD_CTX *ctx = EVP_MD_CTX_create();
+if (ctx == NULL) {
+fprintf(stderr, "%s(): EVP_MD_CTX_create() failed.\n", __func__);
+return false;
+}
const EVP_MD *md;
md = EVP_sha1();
-EVP_DigestInit(&ctx, md);
-EVP_DigestUpdate(&ctx, buf, size);
-EVP_DigestFinal(&ctx, hash->sha1, NULL);
+EVP_DigestInit(ctx, md);
+EVP_DigestUpdate(ctx, buf, size);
+EVP_DigestFinal(ctx, hash->sha1, NULL);
+EVP_MD_CTX_destroy(ctx);
return true;
}
else
commit tboot for openSUSE:Factory
Hello community,
here is the log from the commit of package tboot for openSUSE:Factory checked
in at 2017-07-21 22:47:59
Comparing /work/SRC/openSUSE:Factory/tboot (Old)
and /work/SRC/openSUSE:Factory/.tboot.new (New)
Package is "tboot"
Fri Jul 21 22:47:59 2017 rev:27 rq:511178 version:20170711_1.9.6
Changes:
--- /work/SRC/openSUSE:Factory/tboot/tboot.changes 2017-06-05
18:50:33.439397827 +0200
+++ /work/SRC/openSUSE:Factory/.tboot.new/tboot.changes 2017-07-21
22:48:03.468082005 +0200
@@ -1,0 +2,24 @@
+Tue Jul 18 11:10:29 UTC 2017 - matthias.gerst...@suse.com
+
+update to new upstream version 1.9.6:
+
+- removed following patches, because they're now included upstream:
+ * reproducible.patch
+ * tboot-grub2-suse.patch
+ * tboot-gcc7.patch
+
+- Changes in this version:
+ * GCC7 fix, adds generic FALLTHROUGH notations to avoid warnings
appearing on GCC7
+* Ensure Tboot never overwrites modules in the process of moving them.
+* Add support to x2APIC, which uses 32 bit APIC ID.
+* Fix S3 secrets sealing/unsealing failures
+* Support OpenSSL 1.1.0+ for ECDSA signature verification.
+* Support OpenSSL 1.1.0+ for RSA key manipulation.
+* Adds additional checks to prevent the kernel image from being
overwritten.
+* Added TCG TPM event log support.
+* Pass through the EFI memory map that's provided by grub2.
+* Fix a null pointer dereference bug when Intel TXT is disabled in
BIOS.
+* Adjust KERNEL_CMDLINE_OFFSET from 0x9000 to 0x8D00.
+* Bounds checking on the kernel_cmdline string.
+
+---
Old:
reproducible.patch
tboot-1.9.5.tar.gz
tboot-gcc7.patch
tboot-grub2-suse.patch
New:
tboot-1.9.6.tar.gz
Other differences:
--
++ tboot.spec ++
--- /var/tmp/diff_new_pack.zXXjal/_old 2017-07-21 22:48:04.975869313 +0200
+++ /var/tmp/diff_new_pack.zXXjal/_new 2017-07-21 22:48:04.979868749 +0200
@@ -17,20 +17,17 @@
Name: tboot
-%define ver 1.9.5
-Version:20160518_1.9.4
+%define ver 1.9.6
+Version:20170711_1.9.6
Release:0
Summary:Performs a verified launch using Intel(R) TXT
License:BSD-3-Clause
Group: Productivity/Security
Url:http://sourceforge.net/projects/tboot/
Source0:
http://downloads.sourceforge.net/project/tboot/tboot/tboot-%{ver}.tar.gz
-Patch1: tboot-grub2-suse.patch
Patch3: tboot-grub2-fix-menu-in-xen-host-server.patch
Patch4: tboot-grub2-fix-xen-submenu-name.patch
# PATCH-FIX-UPSTREAM -- https://sourceforge.net/p/tboot/code/merge-requests/1/
-Patch5: reproducible.patch
-Patch6: tboot-gcc7.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: openssl-devel
BuildRequires: trousers-devel
@@ -43,11 +40,8 @@
%prep
%setup -q -n %name-%ver
-%patch1 -p1
%patch3 -p1
%patch4 -p1
-%patch5 -p1
-%patch6 -p1
%build
export CFLAGS="%{optflags}"
++ tboot-1.9.5.tar.gz -> tboot-1.9.6.tar.gz ++
3130 lines of diff (skipped)
++ tboot-grub2-fix-menu-in-xen-host-server.patch ++
--- /var/tmp/diff_new_pack.zXXjal/_old 2017-07-21 22:48:05.203837155 +0200
+++ /var/tmp/diff_new_pack.zXXjal/_new 2017-07-21 22:48:05.203837155 +0200
@@ -23,10 +23,10 @@
References: bnc#865815
Porting to tboot in order to fix duplicated xen entries
-Index: tboot-1.9.4/tboot/20_linux_tboot
+Index: tboot-1.9.6/tboot/20_linux_tboot
===
tboot-1.9.4.orig/tboot/20_linux_tboot
-+++ tboot-1.9.4/tboot/20_linux_tboot
+--- tboot-1.9.6.orig/tboot/20_linux_tboot
tboot-1.9.6/tboot/20_linux_tboot
@@ -225,6 +225,49 @@ while [ "x${tboot_list}" != "x" ] && [ "
break
fi
@@ -77,10 +77,10 @@
if test -n "${initrd}" ; then
echo "Found initrd image: ${dirname}/${initrd}" >&2
else
-Index: tboot-1.9.4/tboot/20_linux_xen_tboot
+Index: tboot-1.9.6/tboot/20_linux_xen_tboot
===
tboot-1.9.4.orig/tboot/20_linux_xen_tboot
-+++ tboot-1.9.4/tboot/20_linux_xen_tboot
+--- tboot-1.9.6.orig/tboot/20_linux_xen_tboot
tboot-1.9.6/tboot/20_linux_xen_tboot
@@ -52,6 +52,12 @@ fi
export TEXTDOMAIN=grub
export TEXTDOMAINDIR=${prefix}/share/locale
++ tboot-grub2-fix-xen-submenu-name.patch ++
--- /var/tmp/diff_new_pack.zXXjal/_old 2017-07-21 22:48:05.211836027 +0200
+++ /var/tmp/diff_new_pack.zXXjal/_new 2017-07-21 22:48:05.211836027 +0200
@@ -4,13 +4,13 @@
References: bnc#865815
Patch-Mainline: no
-Index: tboot-1.9.5/tboot/20_linux_xe
commit tboot for openSUSE:Factory
Hello community,
here is the log from the commit of package tboot for openSUSE:Factory checked
in at 2017-06-05 18:50:21
Comparing /work/SRC/openSUSE:Factory/tboot (Old)
and /work/SRC/openSUSE:Factory/.tboot.new (New)
Package is "tboot"
Mon Jun 5 18:50:21 2017 rev:26 rq:500930 version:20160518_1.9.4
Changes:
--- /work/SRC/openSUSE:Factory/tboot/tboot.changes 2017-04-30
21:25:05.158648582 +0200
+++ /work/SRC/openSUSE:Factory/.tboot.new/tboot.changes 2017-06-05
18:50:33.439397827 +0200
@@ -1,0 +2,5 @@
+Sun Jun 4 08:43:14 UTC 2017 - meiss...@suse.com
+
+- tboot-gcc7.patch: fix some gcc7 warnings that lead to errors. (bsc#1041264)
+
+---
@@ -85 +90 @@
-
+- fixes a boot issue on Skylake (bsc#964408)
New:
tboot-gcc7.patch
Other differences:
--
++ tboot.spec ++
--- /var/tmp/diff_new_pack.m5GEqd/_old 2017-06-05 18:50:34.123301426 +0200
+++ /var/tmp/diff_new_pack.m5GEqd/_new 2017-06-05 18:50:34.127300862 +0200
@@ -30,6 +30,7 @@
Patch4: tboot-grub2-fix-xen-submenu-name.patch
# PATCH-FIX-UPSTREAM -- https://sourceforge.net/p/tboot/code/merge-requests/1/
Patch5: reproducible.patch
+Patch6: tboot-gcc7.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: openssl-devel
BuildRequires: trousers-devel
@@ -46,6 +47,7 @@
%patch3 -p1
%patch4 -p1
%patch5 -p1
+%patch6 -p1
%build
export CFLAGS="%{optflags}"
++ tboot-gcc7.patch ++
Index: tboot-1.9.5/tboot/common/tboot.c
===
--- tboot-1.9.5.orig/tboot/common/tboot.c
+++ tboot-1.9.5/tboot/common/tboot.c
@@ -501,11 +501,13 @@ static void shutdown_system(uint32_t shu
/* write our S3 resume vector to ACPI resume addr */
set_s3_resume_vector(&_tboot_shared.acpi_sinfo,
TBOOT_S3_WAKEUP_ADDR);
/* fall through for rest of Sx handling */
+ /* FALLTHROUGH */
case TB_SHUTDOWN_S4:
case TB_SHUTDOWN_S5:
machine_sleep(&_tboot_shared.acpi_sinfo);
/* if machine_sleep() fails, fall through to reset */
+ /* FALLTHROUGH */
case TB_SHUTDOWN_REBOOT:
if ( txt_is_powercycle_required() ) {
/* powercycle by writing 0x0a+0x0e to port 0xcf9 */
@@ -524,6 +526,7 @@ static void shutdown_system(uint32_t shu
outb(0xcf9, 0x06);
}
+ /* FALLTHROUGH */
case TB_SHUTDOWN_HALT:
default:
while ( true )
Index: tboot-1.9.5/tboot/common/vsprintf.c
===
--- tboot-1.9.5.orig/tboot/common/vsprintf.c
+++ tboot-1.9.5/tboot/common/vsprintf.c
@@ -404,6 +404,7 @@ handle_width:
case 'p':
mods.flag |= PREFIX;/* print prefix 0x for %p */
mods.flag_long = LONG;
+ /* FALLTHROUGH */
case 'x':
mods.base = 16;
buf_pos = write_number_to_buffer(buf, size, buf_pos, mods);
Index: tboot-1.9.5/tboot/common/tpm.c
===
--- tboot-1.9.5.orig/tboot/common/tpm.c
+++ tboot-1.9.5/tboot/common/tpm.c
@@ -117,14 +117,14 @@ static bool tpm_send_cmd_ready_status_cr
#endif
if ( reg_ctrl_sts.tpmidle== 1) {
- reg_ctrl_request._raw[0] = 0;
+ memset(®_ctrl_request,0,sizeof(reg_ctrl_request));
reg_ctrl_request.cmdReady = 1;
write_tpm_reg(locality, TPM_CRB_CTRL_REQ, ®_ctrl_request);
return true;
}
- reg_ctrl_request._raw[0] = 0;
+ memset(®_ctrl_request,0,sizeof(reg_ctrl_request));
reg_ctrl_request.goIdle = 1;
write_tpm_reg(locality, TPM_CRB_CTRL_REQ, ®_ctrl_request);
@@ -158,7 +158,7 @@ static bool tpm_send_cmd_ready_status_cr
printk(TBOOT_INFO"2. reg_ctrl_sts.tpmsts: 0x%x\n",
reg_ctrl_sts.tpmsts);
#endif
- reg_ctrl_request._raw[0] = 0;
+ memset(®_ctrl_request,0,sizeof(reg_ctrl_request));
reg_ctrl_request.cmdReady = 1;
write_tpm_reg(locality, TPM_CRB_CTRL_REQ, ®_ctrl_request);
@@ -724,7 +724,7 @@ bool tpm_relinquish_locality_crb(uint32_
if ( reg_loc_state.loc_assigned == 0 )return true;
/* make inactive by writing a 1 */
-reg_loc_ctrl._raw[0] = 0;
+memset(®_loc_ctrl,0,sizeof(reg_loc_ctrl));
reg_loc_ctrl.relinquish = 1;
write_tpm_reg(locality, TPM_REG_LOC_CTRL, ®_loc_ctrl);
@@ -778,7 +778,7 @@ bool tpm_request_locality_crb(uint32_t l
tpm_reg_loc_state_t reg_loc_state;
tpm_reg_loc_ctrl_treg_loc_ctrl;
/* request access to the TPM from locality N */
-reg_loc_ct
commit tboot for openSUSE:Factory
Hello community,
here is the log from the commit of package tboot for openSUSE:Factory checked
in at 2017-04-30 21:24:31
Comparing /work/SRC/openSUSE:Factory/tboot (Old)
and /work/SRC/openSUSE:Factory/.tboot.new (New)
Package is "tboot"
Sun Apr 30 21:24:31 2017 rev:25 rq:492191 version:20160518_1.9.4
Changes:
--- /work/SRC/openSUSE:Factory/tboot/tboot.changes 2017-02-14
00:47:35.309120477 +0100
+++ /work/SRC/openSUSE:Factory/.tboot.new/tboot.changes 2017-04-30
21:25:05.158648582 +0200
@@ -1,0 +2,5 @@
+Sun Apr 30 05:29:57 UTC 2017 - bwiedem...@suse.com
+
+- Add reproducible.patch to call gzip -n to make build fully reproducible
+
+---
New:
reproducible.patch
Other differences:
--
++ tboot.spec ++
--- /var/tmp/diff_new_pack.ATeDae/_old 2017-04-30 21:25:05.914542002 +0200
+++ /var/tmp/diff_new_pack.ATeDae/_new 2017-04-30 21:25:05.914542002 +0200
@@ -28,6 +28,8 @@
Patch1: tboot-grub2-suse.patch
Patch3: tboot-grub2-fix-menu-in-xen-host-server.patch
Patch4: tboot-grub2-fix-xen-submenu-name.patch
+# PATCH-FIX-UPSTREAM -- https://sourceforge.net/p/tboot/code/merge-requests/1/
+Patch5: reproducible.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: openssl-devel
BuildRequires: trousers-devel
@@ -43,6 +45,7 @@
%patch1 -p1
%patch3 -p1
%patch4 -p1
+%patch5 -p1
%build
export CFLAGS="%{optflags}"
++ reproducible.patch ++
Index: tboot-1.9.5/tboot/Makefile
===
--- tboot-1.9.5.orig/tboot/Makefile
+++ tboot-1.9.5/tboot/Makefile
@@ -32,7 +32,7 @@ OBJS := $(obj-y)
TARGET_LDS := $(CURDIR)/common/tboot.lds
$(TARGET).gz : $(TARGET)
- gzip -f -9 < $< > $@
+ gzip -n -f -9 < $< > $@
$(TARGET) : $(OBJS) $(TARGET_LDS)
$(LD) $(LDFLAGS) -T $(TARGET_LDS) -N $(OBJS) -o $(@D)/.$(@F).0
commit tboot for openSUSE:Factory
Hello community,
here is the log from the commit of package tboot for openSUSE:Factory checked
in at 2017-02-14 00:47:34
Comparing /work/SRC/openSUSE:Factory/tboot (Old)
and /work/SRC/openSUSE:Factory/.tboot.new (New)
Package is "tboot"
Changes:
--- /work/SRC/openSUSE:Factory/tboot/tboot.changes 2017-02-10
10:04:26.623023379 +0100
+++ /work/SRC/openSUSE:Factory/.tboot.new/tboot.changes 2017-02-14
00:47:35.309120477 +0100
@@ -1,0 +2,6 @@
+Fri Feb 10 16:56:03 UTC 2017 - jeng...@inai.de
+
+- Trim filler words from description; use modern macros over
+ shell vars.
+
+---
Other differences:
--
++ tboot.spec ++
--- /var/tmp/diff_new_pack.lk9Mkk/_old 2017-02-14 00:47:35.989024495 +0100
+++ /var/tmp/diff_new_pack.lk9Mkk/_new 2017-02-14 00:47:35.993023931 +0100
@@ -34,10 +34,9 @@
ExclusiveArch: %{ix86} x86_64
%description
-Trusted Boot (tboot) is an open source, pre-kernel/VMM module that uses
-Intel(R) Trusted Execution Technology (Intel(R) TXT) to perform a measured
-and verified launch of an OS kernel/VMM.
-
+Trusted Boot (tboot) is a pre-kernel/VMM module that uses Intel(R)
+Trusted Execution Technology (Intel(R) TXT) to perform a measured and
+verified launch of an OS kernel/VMM.
%prep
%setup -q -n %name-%ver
@@ -46,12 +45,12 @@
%patch4 -p1
%build
-export CFLAGS="$RPM_OPT_FLAGS"
+export CFLAGS="%{optflags}"
export TBOOT_CFLAGS="$CFLAGS"
make debug=y %{?_smp_mflags}
%install
-make debug=y install DISTDIR=$RPM_BUILD_ROOT MANPATH=$RPM_BUILD_ROOT/%{_mandir}
+make debug=y install DISTDIR="%{buildroot}" MANPATH="%{buildroot}/%{_mandir}"
%files
%defattr(-,root,root,-)
commit tboot for openSUSE:Factory
Hello community,
here is the log from the commit of package tboot for openSUSE:Factory checked
in at 2017-02-10 10:03:40
Comparing /work/SRC/openSUSE:Factory/tboot (Old)
and /work/SRC/openSUSE:Factory/.tboot.new (New)
Package is "tboot"
Changes:
--- /work/SRC/openSUSE:Factory/tboot/tboot.changes 2016-07-01
09:59:00.0 +0200
+++ /work/SRC/openSUSE:Factory/.tboot.new/tboot.changes 2017-02-10
10:04:26.623023379 +0100
@@ -1,0 +2,17 @@
+Wed Feb 8 13:11:50 UTC 2017 - meiss...@suse.com
+
+- Updated to 20161216: v1.9.5 (FATE#321510)
+ + Add 2nd generation of LCP creation tool source codes for TPM 2.0 platforms.
+ + Add user guide for 2nd generation LCP creation tool
+ + Provide workaround for Intel PTT(Platform Trust Technology) & Linux PTT
driver.
+ + Add new fields in Linux kernel header struct to accommodate Linux kernel
new capabilities.
+ + Fix a pointer dereference regression in the tboot native Linux loader
which manifests itself as a system reset.
+ + Fix the issue of overwriting tboot when the loaded elf kernel is located
below tboot.
+ + Add support to release TPM localities when tboot exits to linux kernel.
+ + Fix the evtlog dump function for tpm2 case.
+ + Initiaize kernel header comdline buffer before copying kernel cmdline
arguments to the buffer to avoid random
+ + data at end of the original cmdline contents.
+ + Move tpm_detect() to an earlier stage so as to get tpm interface
initialized before checking TXT platform capabilities.
+
+
+---
Old:
tboot-1.9.4.tar.gz
New:
tboot-1.9.5.tar.gz
Other differences:
--
++ tboot.spec ++
--- /var/tmp/diff_new_pack.Iu32nL/_old 2017-02-10 10:04:27.182944195 +0100
+++ /var/tmp/diff_new_pack.Iu32nL/_new 2017-02-10 10:04:27.186943629 +0100
@@ -1,7 +1,7 @@
#
# spec file for package tboot
#
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
Name: tboot
-%define ver 1.9.4
+%define ver 1.9.5
Version:20160518_1.9.4
Release:0
Summary:Performs a verified launch using Intel(R) TXT
++ tboot-1.9.4.tar.gz -> tboot-1.9.5.tar.gz ++
13051 lines of diff (skipped)
++ tboot-grub2-fix-xen-submenu-name.patch ++
--- /var/tmp/diff_new_pack.Iu32nL/_old 2017-02-10 10:04:27.410911955 +0100
+++ /var/tmp/diff_new_pack.Iu32nL/_new 2017-02-10 10:04:27.410911955 +0100
@@ -4,13 +4,13 @@
References: bnc#865815
Patch-Mainline: no
-Index: tboot-1.9.4/tboot/20_linux_xen_tboot
+Index: tboot-1.9.5/tboot/20_linux_xen_tboot
===
tboot-1.9.4.orig/tboot/20_linux_xen_tboot
-+++ tboot-1.9.4/tboot/20_linux_xen_tboot
+--- tboot-1.9.5.orig/tboot/20_linux_xen_tboot
tboot-1.9.5/tboot/20_linux_xen_tboot
@@ -232,7 +232,7 @@ while [ "x${xen_list}" != "x" ] ; do
rel_tboot_dirname=`make_system_path_relative_to_its_root
$tboot_dirname`
- tboot_version="1.9.4"
+ tboot_version="1.9.5"
list="${linux_list}"
-echo "submenu \"Xen ${xen_version}\" \"Tboot ${tboot_version}\"{"
+echo "submenu \"Xen ${xen_version} with Tboot ${tboot_version}\"{"
commit tboot for openSUSE:Factory
Hello community,
here is the log from the commit of package tboot for openSUSE:Factory checked
in at 2016-07-01 09:58:58
Comparing /work/SRC/openSUSE:Factory/tboot (Old)
and /work/SRC/openSUSE:Factory/.tboot.new (New)
Package is "tboot"
Changes:
--- /work/SRC/openSUSE:Factory/tboot/tboot.changes 2016-05-20
11:56:11.0 +0200
+++ /work/SRC/openSUSE:Factory/.tboot.new/tboot.changes 2016-07-01
09:59:00.0 +0200
@@ -1,0 +2,11 @@
+Wed Jun 22 06:37:53 UTC 2016 - mch...@suse.com
+
+- Fix wrong pvops kernel config matching (bsc#981948)
+ * modified tboot-grub2-fix-menu-in-xen-host-server.patch
+
+---
+Wed Jun 1 09:29:32 UTC 2016 - meiss...@suse.com
+
+- tboot-grub2-suse.patch: fixed bad if/elif
+
+---
Other differences:
--
++ tboot-grub2-fix-menu-in-xen-host-server.patch ++
--- /var/tmp/diff_new_pack.sIJm2F/_old 2016-07-01 09:59:01.0 +0200
+++ /var/tmp/diff_new_pack.sIJm2F/_new 2016-07-01 09:59:01.0 +0200
@@ -67,7 +67,7 @@
+
+ if test "$xen_pv_domU" = "false" ; then
+ # prevent xen kernel without pv_opt support from booting
-+ if (grep -qx "CONFIG_XEN=y" "${config}" 2> /dev/null && grep -qvx
"CONFIG_PARAVIRT=y" "${config}" 2> /dev/null); then
++ if (grep -qx "CONFIG_XEN=y" "${config}" 2> /dev/null && ! grep -qx
"CONFIG_PARAVIRT=y" "${config}" 2> /dev/null); then
+ echo "Skip xenlinux kernel $linux" >&2
+ list=`echo $list | tr ' ' '\n' | grep -vx $linux | tr '\n' ' '`
+ continue
++ tboot-grub2-suse.patch ++
--- /var/tmp/diff_new_pack.sIJm2F/_old 2016-07-01 09:59:01.0 +0200
+++ /var/tmp/diff_new_pack.sIJm2F/_new 2016-07-01 09:59:01.0 +0200
@@ -19,7 +19,7 @@
sysconfdir=/etc
if test -e /usr/share/grub/grub-mkconfig_lib; then
. /usr/share/grub/grub-mkconfig_lib
-+if test -e /usr/share/grub2/grub-mkconfig_lib; then
++elif test -e /usr/share/grub2/grub-mkconfig_lib; then
+ . /usr/share/grub2/grub-mkconfig_lib
elif test -e ${libdir}/grub/grub-mkconfig_lib; then
. ${libdir}/grub/grub-mkconfig_lib
commit tboot for openSUSE:Factory
Hello community,
here is the log from the commit of package tboot for openSUSE:Factory checked
in at 2016-05-20 11:56:09
Comparing /work/SRC/openSUSE:Factory/tboot (Old)
and /work/SRC/openSUSE:Factory/.tboot.new (New)
Package is "tboot"
Changes:
--- /work/SRC/openSUSE:Factory/tboot/tboot.changes 2015-05-16
07:14:41.0 +0200
+++ /work/SRC/openSUSE:Factory/.tboot.new/tboot.changes 2016-05-20
11:56:11.0 +0200
@@ -1,0 +2,29 @@
+Thu May 19 10:35:27 UTC 2016 - meiss...@suse.com
+
+- Updated to 1.9.4/20160518 (FATE#320665)
+ Added TPM 2.0 CRB support
+ Increased BSP and AP stacks to avoid stack overflow
+ Added an ACPI_RSDP structure g_rsdp in tboot to avoid potential memory
overwritten issue on TPM 2.0 UEFI platforms
+ Added support to both Intel TPM nv index set and TCG TPM nv index set
+ grub2: tboot doesn't skip first argument any more
+ grub2: sanitize whitespace in command lines
+ grub2: Allow addition of policy data in grub.cfg
+ grub2 support: allow the user to customize the command line
+ Mitigated S3 resume delay by adjusting LZ_MAX_OFFSET to 5000 in lz.c.
+ Added SGX TPM nv index support
+ Add 64 bit ELF object support
+ Gentoo Hardened, which uses the GRSecurity and PaX patch sets
+ Disable -fstack-check in CFLAG for compatibility with Gentoo Linux.
+ Enhanced tboot compatiblity running on non-Intel TXT platform with a fix of
is_launched()
+ LCP documentation improvements
+- tboot-grub2-suse.patch: refreshed
+- tboot-grub2-fix-xen-submenu-name.patch: refreshed
+- tboot-fix-stackoverflow.patch: upstream in 1.9.4
+
+---
+Wed Apr 6 09:41:06 UTC 2016 - meiss...@suse.com
+
+- tboot-fix-stackoverflow.patch: fix a excessive stack usage pattern
+ that could lead to resets/crashes (bsc#967441)
+
+---
@@ -4 +33 @@
-- Updated to 1.8.3/20140728
+- Updated to 1.8.3/20140728 FATE#318542
Old:
tboot-1.8.3.tar.gz
New:
tboot-1.9.4.tar.gz
Other differences:
--
++ tboot.spec ++
--- /var/tmp/diff_new_pack.227324/_old 2016-05-20 11:56:12.0 +0200
+++ /var/tmp/diff_new_pack.227324/_new 2016-05-20 11:56:12.0 +0200
@@ -1,7 +1,7 @@
#
# spec file for package tboot
#
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,8 +17,8 @@
Name: tboot
-%define ver 1.8.3
-Version:20140728_1.8.3
+%define ver 1.9.4
+Version:20160518_1.9.4
Release:0
Summary:Performs a verified launch using Intel(R) TXT
License:BSD-3-Clause
++ tboot-1.8.3.tar.gz -> tboot-1.9.4.tar.gz ++
3954 lines of diff (skipped)
++ tboot-grub2-fix-menu-in-xen-host-server.patch ++
--- /var/tmp/diff_new_pack.227324/_old 2016-05-20 11:56:12.0 +0200
+++ /var/tmp/diff_new_pack.227324/_new 2016-05-20 11:56:12.0 +0200
@@ -23,11 +23,11 @@
References: bnc#865815
Porting to tboot in order to fix duplicated xen entries
-Index: tboot-1.8.0/tboot/20_linux_tboot
+Index: tboot-1.9.4/tboot/20_linux_tboot
===
tboot-1.8.0.orig/tboot/20_linux_tboot
-+++ tboot-1.8.0/tboot/20_linux_tboot
-@@ -166,6 +166,49 @@ while [ "x${tboot_list}" != "x" ] && [ "
+--- tboot-1.9.4.orig/tboot/20_linux_tboot
tboot-1.9.4/tboot/20_linux_tboot
+@@ -225,6 +225,49 @@ while [ "x${tboot_list}" != "x" ] && [ "
break
fi
done
@@ -77,11 +77,11 @@
if test -n "${initrd}" ; then
echo "Found initrd image: ${dirname}/${initrd}" >&2
else
-Index: tboot-1.8.0/tboot/20_linux_xen_tboot
+Index: tboot-1.9.4/tboot/20_linux_xen_tboot
===
tboot-1.8.0.orig/tboot/20_linux_xen_tboot
-+++ tboot-1.8.0/tboot/20_linux_xen_tboot
-@@ -30,6 +30,12 @@ fi
+--- tboot-1.9.4.orig/tboot/20_linux_xen_tboot
tboot-1.9.4/tboot/20_linux_xen_tboot
+@@ -52,6 +52,12 @@ fi
export TEXTDOMAIN=grub
export TEXTDOMAINDIR=${prefix}/share/locale
@@ -94,7 +94,7 @@
CLASS="--class gnu-linux --class gnu --class os --class xen"
if [ "x${GRUB_DISTRIBUTOR}" = "x" ] ; then
-@@ -147,9 +153,17 @@ linux_list=`for i in /boot/vmlinu[xz]-*
+@@ -185,9 +191,17 @@ linux_list=`for i in /boot/vmlinu[xz]-*
if [ "x${linux_list}" = "x" ] ; then
exit 0
fi
++ tboot-grub2-fix-xen-submenu-name.patch ++
--- /var/tmp/diff_new_pack.227324/_old 2016-05-20
commit tboot for openSUSE:Factory
Hello community,
here is the log from the commit of package tboot for openSUSE:Factory checked
in at 2015-05-16 07:14:35
Comparing /work/SRC/openSUSE:Factory/tboot (Old)
and /work/SRC/openSUSE:Factory/.tboot.new (New)
Package is "tboot"
Changes:
--- /work/SRC/openSUSE:Factory/tboot/tboot.changes 2014-07-29
16:48:33.0 +0200
+++ /work/SRC/openSUSE:Factory/.tboot.new/tboot.changes 2015-05-16
07:14:41.0 +0200
@@ -1,0 +2,19 @@
+Fri May 8 12:08:52 UTC 2015 - meiss...@suse.com
+
+- Updated to 1.8.3/20140728
+ * Added verified launch control policy user guide
+ * Fixed a bug about var MTRR settings to follow the rule that each VAR MTRR
base must be a multiple of that MTRR's size.
+ * Access tpm sts reg with 3-byte width in v1.2 case and 4-byte width in v2.0
case
+ * Bugfix: lcp2_mlehash get wrong hash if the cmdline string length > 7
+ * Optimized tboot log processing flow to avoid log buffer overflow by
adopting lz Compress/Uncompress algorithms
+ * Added SGX support for Skylake platform
+ * tpm2: use the primary object in NULL Hierarchy instead of Platform
Hierarchy for seal/unseal usage
+ * Fixed a bug for lcp2_mlehash tool
+ * Fixed system hang issue caused by TXT disable, TPM disable or SINIT ACM
not correctly provided in EFI booting mode
+ * Fixed bug for wrong assumption on the way how GRUB2 load modules
+ * Fixed MB2 tags mess issue caused by moving shorter module cmdline to head
+ * Fixed compile issue when debug=y
+
+- refreshed tboot-grub2-fix-xen-submenu-name.patch
+
+---
Old:
tboot-1.8.2.tar.gz
New:
tboot-1.8.3.tar.gz
Other differences:
--
++ tboot.spec ++
--- /var/tmp/diff_new_pack.tU4aJh/_old 2015-05-16 07:14:42.0 +0200
+++ /var/tmp/diff_new_pack.tU4aJh/_new 2015-05-16 07:14:42.0 +0200
@@ -1,7 +1,7 @@
#
# spec file for package tboot
#
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,8 +17,8 @@
Name: tboot
-%define ver 1.8.2
-Version:20140728_1.8.2
+%define ver 1.8.3
+Version:20140728_1.8.3
Release:0
Summary:Performs a verified launch using Intel(R) TXT
License:BSD-3-Clause
++ tboot-1.8.2.tar.gz -> tboot-1.8.3.tar.gz ++
1630 lines of diff (skipped)
++ tboot-grub2-fix-xen-submenu-name.patch ++
--- /var/tmp/diff_new_pack.tU4aJh/_old 2015-05-16 07:14:42.0 +0200
+++ /var/tmp/diff_new_pack.tU4aJh/_new 2015-05-16 07:14:42.0 +0200
@@ -4,13 +4,13 @@
References: bnc#865815
Patch-Mainline: no
-Index: tboot-1.8.1/tboot/20_linux_xen_tboot
+Index: tboot-1.8.3/tboot/20_linux_xen_tboot
===
tboot-1.8.1.orig/tboot/20_linux_xen_tboot
-+++ tboot-1.8.1/tboot/20_linux_xen_tboot
+--- tboot-1.8.3.orig/tboot/20_linux_xen_tboot
tboot-1.8.3/tboot/20_linux_xen_tboot
@@ -187,7 +187,7 @@ while [ "x${xen_list}" != "x" ] ; do
rel_tboot_dirname=`make_system_path_relative_to_its_root
$tboot_dirname`
- tboot_version="1.8.1"
+ tboot_version="1.8.3"
list="${linux_list}"
-echo "submenu \"Xen ${xen_version}\" \"Tboot ${tboot_version}\"{"
+echo "submenu \"Xen ${xen_version} with Tboot ${tboot_version}\"{"
commit tboot for openSUSE:Factory
Hello community,
here is the log from the commit of package tboot for openSUSE:Factory checked
in at 2014-07-29 16:48:24
Comparing /work/SRC/openSUSE:Factory/tboot (Old)
and /work/SRC/openSUSE:Factory/.tboot.new (New)
Package is "tboot"
Changes:
--- /work/SRC/openSUSE:Factory/tboot/tboot.changes 2014-05-21
16:31:20.0 +0200
+++ /work/SRC/openSUSE:Factory/.tboot.new/tboot.changes 2014-07-29
16:48:33.0 +0200
@@ -1,0 +2,8 @@
+Mon Jul 28 12:14:12 UTC 2014 - meiss...@suse.com
+
+- updated to 1.8.2/20140728
+ Security Fix: TBOOT Argument Measurement Vulnerability for GRUB2 + ELF
Kernels
+ fix werror in 32 bit build environment
+- tboot-fix.patch: removed, fixed differently upstream.
+
+---
Old:
tboot-1.8.1.tar.gz
tboot-fix.patch
New:
tboot-1.8.2.tar.gz
Other differences:
--
++ tboot.spec ++
--- /var/tmp/diff_new_pack.GTOtcy/_old 2014-07-29 16:48:33.0 +0200
+++ /var/tmp/diff_new_pack.GTOtcy/_new 2014-07-29 16:48:33.0 +0200
@@ -17,15 +17,14 @@
Name: tboot
-%define ver 1.8.1
-Version:20130705_1.8.0
+%define ver 1.8.2
+Version:20140728_1.8.2
Release:0
Summary:Performs a verified launch using Intel(R) TXT
License:BSD-3-Clause
Group: Productivity/Security
Url:http://sourceforge.net/projects/tboot/
Source0:
http://downloads.sourceforge.net/project/tboot/tboot/tboot-%{ver}.tar.gz
-Patch0: tboot-fix.patch
Patch1: tboot-grub2-suse.patch
Patch3: tboot-grub2-fix-menu-in-xen-host-server.patch
Patch4: tboot-grub2-fix-xen-submenu-name.patch
@@ -42,7 +41,6 @@
%prep
%setup -q -n %name-%ver
-%patch0 -p1
%patch1 -p1
%patch3 -p1
%patch4 -p1
++ tboot-1.8.1.tar.gz -> tboot-1.8.2.tar.gz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tboot-1.8.1/.hg_archival.txt
new/tboot-1.8.2/.hg_archival.txt
--- old/tboot-1.8.1/.hg_archival.txt2014-05-16 09:57:00.0 +0200
+++ new/tboot-1.8.2/.hg_archival.txt1970-01-01 01:00:00.0 +0100
@@ -1,5 +0,0 @@
-repo: cedd93279188334eb41d248d5eb70a41a2bc70ca
-node: b4a3b8ddaf07d7a8fa0c159fbd22de7624d6818d
-branch: default
-latesttag: v1.8.1
-latesttagdistance: 1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tboot-1.8.1/CHANGELOG new/tboot-1.8.2/CHANGELOG
--- old/tboot-1.8.1/CHANGELOG 2014-05-16 09:57:00.0 +0200
+++ new/tboot-1.8.2/CHANGELOG 2014-07-28 10:24:20.0 +0200
@@ -1,3 +1,6 @@
+20140728: v1.8.2
+Security Fix: TBOOT Argument Measurement Vulnerability for GRUB2 + ELF
Kernels
+fix werror in 32 bit build environment
20140516: v1.8.1
Fix build error "may be used uninitialized"
Reset eventlog when S3
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tboot-1.8.1/tb_polgen/param.c
new/tboot-1.8.2/tb_polgen/param.c
--- old/tboot-1.8.1/tb_polgen/param.c 2014-05-16 09:57:00.0 +0200
+++ new/tboot-1.8.2/tb_polgen/param.c 2014-07-28 10:24:21.0 +0200
@@ -184,7 +184,8 @@
info_msg("\t pcr = %d\n", params->pcr);
info_msg("\t hash_type = %d\n", params->hash_type);
info_msg("\t pos = %d\n", params->pos);
-info_msg("\t cmdline length = %lu\n", strlen(params->cmdline));
+info_msg("\t cmdline length = %lu\n",
+ (unsigned long int)strlen(params->cmdline));
info_msg("\t cmdline = %s\n", params->cmdline);
info_msg("\t image_file = %s\n", params->image_file);
info_msg("\t elt_file = %s\n", params->elt_file);
@@ -411,7 +412,8 @@
if (strlen(optarg) > sizeof(params->cmdline) - 1) {
error_msg("Command line length of %lu exceeds %d "
"character maximum\n",
- strlen(optarg), TBOOT_KERNEL_CMDLINE_SIZE-1);
+ (unsigned long int)strlen(optarg),
+ TBOOT_KERNEL_CMDLINE_SIZE-1);
return false;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tboot-1.8.1/tboot/Config.mk
new/tboot-1.8.2/tboot/Config.mk
--- old/tboot-1.8.1/tboot/Config.mk 2014-05-16 09:57:00.0 +0200
+++ new/tboot-1.8.2/tboot/Config.mk 2014-07-28 10:24:21.0 +0200
@@ -32,7 +32,7 @@
CFLAGS += $(call cc-option,$(CC),-fno-stack-protector-all,)
# changeset variable for banner
-CFLAGS += -DTBOOT_CHANGESET=\""$(shell ((hg parents --template
"{isodate|isodate} {rev}:{node|short}"
commit tboot for openSUSE:Factory
Hello community,
here is the log from the commit of package tboot for openSUSE:Factory checked
in at 2014-05-21 16:31:19
Comparing /work/SRC/openSUSE:Factory/tboot (Old)
and /work/SRC/openSUSE:Factory/.tboot.new (New)
Package is "tboot"
Changes:
--- /work/SRC/openSUSE:Factory/tboot/tboot.changes 2014-05-02
14:03:34.0 +0200
+++ /work/SRC/openSUSE:Factory/.tboot.new/tboot.changes 2014-05-21
16:31:20.0 +0200
@@ -1,0 +2,42 @@
+Mon May 19 11:11:10 UTC 2014 - meiss...@suse.com
+
+- updated to 1.8.1/20140516
+ Fix build error "may be used uninitialized"
+ Reset eventlog when S3
+ Update tboot version to 1.8.1 in grub title
+ Fix grub cfg file generation scripts for SLES12
+ Fix seal failure issue
+ tpm2 lcptools
+ Restore local apic base for AP
+ Fix typo in hash_alg_to_string()
+ Change to create primary object only once
+ Add prepare_tpm call in S3 path to ensure locality 0 was released before
senter
+ Fix possible dead loop in print_bios_data when bios_data version 4
+ Fix possible null pointer dereference in loader.c
+ Fix possible null pointer dereference in tpm_12.c and tpm_20.c
+ Avoid buffer overrun when append tpm12 eventlog
+ Fix possible NULL pointer dereference
+ Fix one event log issue caused by wrong append and print operation
+ Fix error "unsupported hash alg" for agile extend policy
+ Fix warning "ACM info_table version mismatch"
+ Update the tpm family detection with a general way
+ Fix a lcp tools issue caused by redefining TB_HALG_SHA1 from 0 to 4
+ Assign g_tpm a value for no tpm case to avoid NULL checks
+ Fix crash when TPM is missing
+ Fix infinite loop in determine_multiboot_type()
+ Fix typo in tpm20_init() and remove unused variable
+ Allow the to-be-measured nv to be protected by AUTHWRITE
+ Check cpu vendor id to avoid unexpected behavior in non-intel cpu
+ Change to detect TPM family only once
+ Fix some typos caused by copy-paste
+
+- removed tboot-cs381.patch: upstream
+
+---
+Fri May 16 06:10:17 UTC 2014 - mch...@suse.com
+
+- fix grub2 boot menu after installing lots of kernels (bnc#865815)
+- add tboot-grub2-fix-menu-in-xen-host-server.patch
+- add tboot-grub2-fix-xen-submenu-name.patch
+
+---
Old:
tboot-1.8.0.tar.gz
tboot-cs381.patch
New:
tboot-1.8.1.tar.gz
tboot-grub2-fix-menu-in-xen-host-server.patch
tboot-grub2-fix-xen-submenu-name.patch
Other differences:
--
++ tboot.spec ++
--- /var/tmp/diff_new_pack.F0ZzxV/_old 2014-05-21 16:31:22.0 +0200
+++ /var/tmp/diff_new_pack.F0ZzxV/_new 2014-05-21 16:31:22.0 +0200
@@ -17,7 +17,7 @@
Name: tboot
-%define ver 1.8.0
+%define ver 1.8.1
Version:20130705_1.8.0
Release:0
Summary:Performs a verified launch using Intel(R) TXT
@@ -27,7 +27,8 @@
Source0:
http://downloads.sourceforge.net/project/tboot/tboot/tboot-%{ver}.tar.gz
Patch0: tboot-fix.patch
Patch1: tboot-grub2-suse.patch
-Patch2: tboot-cs381.patch
+Patch3: tboot-grub2-fix-menu-in-xen-host-server.patch
+Patch4: tboot-grub2-fix-xen-submenu-name.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: openssl-devel
BuildRequires: trousers-devel
@@ -43,7 +44,8 @@
%setup -q -n %name-%ver
%patch0 -p1
%patch1 -p1
-%patch2 -p1
+%patch3 -p1
+%patch4 -p1
%build
export CFLAGS="$RPM_OPT_FLAGS"
@@ -72,6 +74,10 @@
%{_sbindir}/tpmnv_lock
%{_sbindir}/tpmnv_relindex
%{_sbindir}/txt-stat
+%{_sbindir}/lcp2_crtpol
+%{_sbindir}/lcp2_crtpolelt
+%{_sbindir}/lcp2_crtpollist
+%{_sbindir}/lcp2_mlehash
/boot/tboot.gz
/boot/tboot-syms
%{_mandir}/man8/*
++ tboot-1.8.0.tar.gz -> tboot-1.8.1.tar.gz ++
7573 lines of diff (skipped)
++ tboot-grub2-fix-menu-in-xen-host-server.patch ++
From: Michael Chang
Subject: [PATCH] fix menu in xen host server
References: bnc#771689, bnc#757895
Patch-Mainline: no
When system is configred as "Xen Virtual Machines Host Server", the
grub2 menu is not well organized. We could see some issues on it.
- Many duplicated xen entries generated by links to xen hypervisor
- Non bootable kernel entries trying to boot xen kernel natively
- The -dbg xen hypervisor takes precedence over release version
This patch fixes above three issues.
v2:
References: bnc#877040
Create only hypervisor pointed by /boot/xen.gz symlink to not clutter
the menu with multiple versions and also not include -dbg. Use custom.cfg
if you need any other custom entries.
v3:
References: bnc#865815
Porting to tboot in order to fix duplicated xen entries
Index: tboot-1.8.0/tboot/20_linux_tboot
commit tboot for openSUSE:Factory
Hello community,
here is the log from the commit of package tboot for openSUSE:Factory checked
in at 2014-05-02 14:03:33
Comparing /work/SRC/openSUSE:Factory/tboot (Old)
and /work/SRC/openSUSE:Factory/.tboot.new (New)
Package is "tboot"
Changes:
--- /work/SRC/openSUSE:Factory/tboot/tboot.changes 2014-02-20
06:23:39.0 +0100
+++ /work/SRC/openSUSE:Factory/.tboot.new/tboot.changes 2014-05-02
14:03:34.0 +0200
@@ -1,0 +2,6 @@
+Wed Apr 30 08:42:27 UTC 2014 - meiss...@suse.com
+
+- tboot-cs381.patch: generate tboot entries correctly, from Intel.
+ bnc#875581
+
+---
New:
tboot-cs381.patch
Other differences:
--
++ tboot.spec ++
--- /var/tmp/diff_new_pack.7oLMRb/_old 2014-05-02 14:03:35.0 +0200
+++ /var/tmp/diff_new_pack.7oLMRb/_new 2014-05-02 14:03:35.0 +0200
@@ -27,6 +27,7 @@
Source0:
http://downloads.sourceforge.net/project/tboot/tboot/tboot-%{ver}.tar.gz
Patch0: tboot-fix.patch
Patch1: tboot-grub2-suse.patch
+Patch2: tboot-cs381.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: openssl-devel
BuildRequires: trousers-devel
@@ -42,6 +43,7 @@
%setup -q -n %name-%ver
%patch0 -p1
%patch1 -p1
+%patch2 -p1
%build
export CFLAGS="$RPM_OPT_FLAGS"
++ tboot-cs381.patch ++
# HG changeset patch
# User Gang Wei
# Date 1398749209 -28800
# Tue Apr 29 13:26:49 2014 +0800
# Node ID 0883c5da94978917c81e654cabbf734e82a33b23
# Parent acfeeead17db852d23631a3dd0ec8a29836fce2d
Fix grub cfg file generation scripts for SLES12
Signed-off-by: Gang Wei
diff -r acfeeead17db -r 0883c5da9497 tboot/20_linux_tboot
--- a/tboot/20_linux_tboot Tue Apr 22 14:00:56 2014 +0800
+++ b/tboot/20_linux_tboot Tue Apr 29 13:26:49 2014 +0800
@@ -44,11 +44,6 @@
case ${GRUB_DEVICE} in
/dev/loop/*|/dev/loop[0-9])
GRUB_DEVICE=`losetup ${GRUB_DEVICE} | sed -e "s/^[^(]*(\([^)]\+\)).*/\1/"`
-# We can't cope with devices loop-mounted from files here.
-case ${GRUB_DEVICE} in
- /dev/*) ;;
- *) exit 0 ;;
-esac
;;
esac
diff -r acfeeead17db -r 0883c5da9497 tboot/20_linux_xen_tboot
--- a/tboot/20_linux_xen_tboot Tue Apr 22 14:00:56 2014 +0800
+++ b/tboot/20_linux_xen_tboot Tue Apr 29 13:26:49 2014 +0800
@@ -44,11 +44,6 @@
case ${GRUB_DEVICE} in
/dev/loop/*|/dev/loop[0-9])
GRUB_DEVICE=`losetup ${GRUB_DEVICE} | sed -e "s/^[^(]*(\([^)]\+\)).*/\1/"`
-# We can't cope with devices loop-mounted from files here.
-case ${GRUB_DEVICE} in
- /dev/*) ;;
- *) exit 0 ;;
-esac
;;
esac
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit tboot for openSUSE:Factory
Hello community,
here is the log from the commit of package tboot for openSUSE:Factory checked
in at 2014-02-20 06:23:38
Comparing /work/SRC/openSUSE:Factory/tboot (Old)
and /work/SRC/openSUSE:Factory/.tboot.new (New)
Package is "tboot"
Changes:
--- /work/SRC/openSUSE:Factory/tboot/tboot.changes 2014-02-02
07:40:15.0 +0100
+++ /work/SRC/openSUSE:Factory/.tboot.new/tboot.changes 2014-02-20
06:23:39.0 +0100
@@ -1,0 +2,6 @@
+Wed Feb 19 16:05:10 UTC 2014 - meiss...@suse.com
+
+- fixed path for /usr/share/grub2/grub-mkconfig_lib in our grub2
+ snippets. (bnc#864633)
+
+---
New:
tboot-grub2-suse.patch
Other differences:
--
++ tboot.spec ++
--- /var/tmp/diff_new_pack.pgeQvY/_old 2014-02-20 06:23:40.0 +0100
+++ /var/tmp/diff_new_pack.pgeQvY/_new 2014-02-20 06:23:40.0 +0100
@@ -26,6 +26,7 @@
Url:http://sourceforge.net/projects/tboot/
Source0:
http://downloads.sourceforge.net/project/tboot/tboot/tboot-%{ver}.tar.gz
Patch0: tboot-fix.patch
+Patch1: tboot-grub2-suse.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: openssl-devel
BuildRequires: trousers-devel
@@ -40,6 +41,7 @@
%prep
%setup -q -n %name-%ver
%patch0 -p1
+%patch1 -p1
%build
export CFLAGS="$RPM_OPT_FLAGS"
++ tboot-grub2-suse.patch ++
Index: tboot-1.8.0/tboot/20_linux_tboot
===
--- tboot-1.8.0.orig/tboot/20_linux_tboot
+++ tboot-1.8.0/tboot/20_linux_tboot
@@ -21,8 +21,8 @@ prefix=/usr
exec_prefix=${prefix}
bindir=${exec_prefix}/bin
libdir=${exec_prefix}/lib
-if test -e /usr/share/grub/grub-mkconfig_lib; then
- . /usr/share/grub/grub-mkconfig_lib
+if test -e /usr/share/grub2/grub-mkconfig_lib; then
+ . /usr/share/grub2/grub-mkconfig_lib
elif test -e ${libdir}/grub/grub-mkconfig_lib; then
. ${libdir}/grub/grub-mkconfig_lib
fi
Index: tboot-1.8.0/tboot/20_linux_xen_tboot
===
--- tboot-1.8.0.orig/tboot/20_linux_xen_tboot
+++ tboot-1.8.0/tboot/20_linux_xen_tboot
@@ -21,8 +21,8 @@ prefix=/usr
exec_prefix=${prefix}
bindir=${exec_prefix}/bin
libdir=${exec_prefix}/lib
-if test -e /usr/share/grub/grub-mkconfig_lib; then
- . /usr/share/grub/grub-mkconfig_lib
+if test -e /usr/share/grub2/grub-mkconfig_lib; then
+ . /usr/share/grub2/grub-mkconfig_lib
elif test -e ${libdir}/grub/grub-mkconfig_lib; then
. ${libdir}/grub/grub-mkconfig_lib
fi
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit tboot for openSUSE:Factory
Hello community, here is the log from the commit of package tboot for openSUSE:Factory checked in at 2014-02-02 07:40:14 Comparing /work/SRC/openSUSE:Factory/tboot (Old) and /work/SRC/openSUSE:Factory/.tboot.new (New) Package is "tboot" Changes: --- /work/SRC/openSUSE:Factory/tboot/tboot.changes 2013-08-12 10:17:09.0 +0200 +++ /work/SRC/openSUSE:Factory/.tboot.new/tboot.changes 2014-02-02 07:40:15.0 +0100 @@ -1,0 +2,16 @@ +Thu Jan 30 21:59:46 UTC 2014 - meiss...@suse.com + +- updated to 1.8.0/20130705 + Update README for TPM2 support + tpm2 support + Adding sha256 algorithm implementation + Update README for TPM NV measuring + Update README for EFI support + Fix typo in tboot/Makefile + Increase the supported maximum number of cpus from 256 to 512 + Extend tboot policy supporting measuring TPM NV + EFI support via multiboot2 changes + Fix typo in common/hash.c + Fix verification for extended data elements in txt heap + +--- Old: tboot-1.7.4.tar.gz New: tboot-1.8.0.tar.gz Other differences: -- ++ tboot.spec ++ --- /var/tmp/diff_new_pack.1tEPJN/_old 2014-02-02 07:40:15.0 +0100 +++ /var/tmp/diff_new_pack.1tEPJN/_new 2014-02-02 07:40:15.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package tboot # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,8 +17,8 @@ Name: tboot -%define ver 1.7.4 -Version:20130705_1.7.4 +%define ver 1.8.0 +Version:20130705_1.8.0 Release:0 Summary:Performs a verified launch using Intel(R) TXT License:BSD-3-Clause ++ tboot-1.7.4.tar.gz -> tboot-1.8.0.tar.gz ++ 14881 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit tboot for openSUSE:Factory
Hello community, here is the log from the commit of package tboot for openSUSE:Factory checked in at 2013-08-12 10:17:08 Comparing /work/SRC/openSUSE:Factory/tboot (Old) and /work/SRC/openSUSE:Factory/.tboot.new (New) Package is "tboot" Changes: --- /work/SRC/openSUSE:Factory/tboot/tboot.changes 2013-01-10 15:20:19.0 +0100 +++ /work/SRC/openSUSE:Factory/.tboot.new/tboot.changes 2013-08-12 10:17:09.0 +0200 @@ -1,0 +2,8 @@ +Thu Aug 8 11:56:45 UTC 2013 - meiss...@suse.com + +- updated to 1.7.4/20130705 + Fix possible empty submenu block in generated grub.cfg + Add a call_racm=check option for easy RACM launch result check + Fix type check for revocation ACM. + +--- Old: tboot-1.7.3.tar.gz New: tboot-1.7.4.tar.gz Other differences: -- ++ tboot.spec ++ --- /var/tmp/diff_new_pack.tNhbkH/_old 2013-08-12 10:17:10.0 +0200 +++ /var/tmp/diff_new_pack.tNhbkH/_new 2013-08-12 10:17:10.0 +0200 @@ -17,8 +17,8 @@ Name: tboot -%define ver 1.7.3 -Version:20121228_1.7.3 +%define ver 1.7.4 +Version:20130705_1.7.4 Release:0 Summary:Performs a verified launch using Intel(R) TXT License:BSD-3-Clause ++ tboot-1.7.3.tar.gz -> tboot-1.7.4.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tboot-1.7.3/.hg_archival.txt new/tboot-1.7.4/.hg_archival.txt --- old/tboot-1.7.3/.hg_archival.txt2012-12-28 07:30:13.0 +0100 +++ new/tboot-1.7.4/.hg_archival.txt2013-07-08 04:48:29.0 +0200 @@ -1,5 +1,5 @@ repo: cedd93279188334eb41d248d5eb70a41a2bc70ca -node: 5192fef95f6f443c1b017d6c9bcfb5823a0c447b +node: 22b9704961c34f22f9ee12f4a822263d3159669d branch: default -latesttag: v1.7.3 +latesttag: v1.7.4 latesttagdistance: 1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tboot-1.7.3/.hgtags new/tboot-1.7.4/.hgtags --- old/tboot-1.7.3/.hgtags 2012-12-28 07:30:13.0 +0100 +++ new/tboot-1.7.4/.hgtags 2013-07-08 04:48:29.0 +0200 @@ -4,3 +4,4 @@ bd086f9ac6abcc4403a4fd32ce2604882025bc2c v1.7.2 221ec0974a31576ce197aa9ce793925b1cca0cfc v1.7.3-rc1 feeb4cc736710d1b6abbb6561a31737f19d10021 v1.7.3 +794e9c2ef61a9a8911b9b58b2f3f3724bf3873be v1.7.4 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tboot-1.7.3/CHANGELOG new/tboot-1.7.4/CHANGELOG --- old/tboot-1.7.3/CHANGELOG 2012-12-28 07:30:13.0 +0100 +++ new/tboot-1.7.4/CHANGELOG 2013-07-08 04:48:29.0 +0200 @@ -1,4 +1,9 @@ -20121228 v1.7.3 +20130705: v1.7.4 + Fix possible empty submenu block in generated grub.cfg + Add a call_racm=check option for easy RACM launch result check + Fix type check for revocation ACM. + +20121228: v1.7.3 Update README with updated code repository url. Fix grub2 scripts to be compatible with more distros. Update README for RACM launch support diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tboot-1.7.3/README new/tboot-1.7.4/README --- old/tboot-1.7.3/README 2012-12-28 07:30:13.0 +0100 +++ new/tboot-1.7.4/README 2013-07-08 04:48:29.0 +0200 @@ -205,7 +205,7 @@ o Tboot provides support to launch Revocation ACM (RACM) to revoke old buggy SINIT version if following command line option is used (default vaule is false): - call_racm=true|false + call_racm=true|false|check RACM is also loaded into memory via bootload like grub or syslinux, and is launched with getsec[ENTERACCS] instruction. Below is a example GRUB entry @@ -217,9 +217,10 @@ module /racm.bin Tboot will always warm reset platform after RACM was launched & executed. - Whether RACM launch has succeeded or not could be checked via doing a normal - tboot launch right after the warm reset and looking into the TXT.ERRORCODE - value output by the normal tboot launch. + Whether RACM launch has succeeded or not could be checked via doing a tboot + launch with "call_racm=check" right after the warm reset. This tboot launch + will end with halt right after the RACM launch result was output, and the + system need manually reset. PCR Usage: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tboot-1.7.3/tboot/20_linux_tboot new/tboot-1.7.4/tboot/20_linux_tboot --- old/tboot-1.7.3/tboot/20_linux_tboot2012-12-28 07:30:13.0 +0100 +++ new/tboot-1.7.4/tboot/20_linux_tboot2013-07-08 04:48:29.0 +0200 @@ -127,7 +127,7 @@ done` pr
commit tboot for openSUSE:Factory
Hello community, here is the log from the commit of package tboot for openSUSE:Factory checked in at 2013-01-10 15:20:16 Comparing /work/SRC/openSUSE:Factory/tboot (Old) and /work/SRC/openSUSE:Factory/.tboot.new (New) Package is "tboot", Maintainer is "meiss...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/tboot/tboot.changes 2012-10-13 21:10:39.0 +0200 +++ /work/SRC/openSUSE:Factory/.tboot.new/tboot.changes 2013-01-10 15:20:19.0 +0100 @@ -1,0 +2,18 @@ +Tue Jan 8 15:26:59 UTC 2013 - meiss...@suse.com + +- updated to 1.7.3/20121228 + Update README with updated code repository url. + Fix grub2 scripts to be compatible with more distros. + Update README for RACM launch support + Add a new option "call_racm=true|false" for revocation acm(RACM) launch + Fix potential buffer overrun & memory leak in crtpconf.c + Fix a potential buffer overrun in lcptools/lock.c + Print cmdline in multi-lines + Optional print TXT.ERRORCODE under level error or info + Fix side effects of tboot log level macros in tools + Update readme for the new detail log level + Classify all logs into different log levels + Add detail log level and the macros defined for log level + Fix acmod_error_t type to correctly align all bits in 4bytes + +--- Old: tboot-1.7.2.tar.gz New: tboot-1.7.3.tar.gz Other differences: -- ++ tboot.spec ++ --- /var/tmp/diff_new_pack.ZS7XXV/_old 2013-01-10 15:20:20.0 +0100 +++ /var/tmp/diff_new_pack.ZS7XXV/_new 2013-01-10 15:20:20.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package tboot # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,8 +17,8 @@ Name: tboot -%define ver 1.7.2 -Version:20120929_1.7.2 +%define ver 1.7.3 +Version:20121228_1.7.3 Release:0 Summary:Performs a verified launch using Intel(R) TXT License:BSD-3-Clause ++ tboot-1.7.2.tar.gz -> tboot-1.7.3.tar.gz ++ 5990 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit tboot for openSUSE:Factory
Hello community,
here is the log from the commit of package tboot for openSUSE:Factory checked
in at 2012-10-13 21:05:26
Comparing /work/SRC/openSUSE:Factory/tboot (Old)
and /work/SRC/openSUSE:Factory/.tboot.new (New)
Package is "tboot", Maintainer is "meiss...@suse.com"
Changes:
--- /work/SRC/openSUSE:Factory/tboot/tboot.changes 2012-06-01
07:24:35.0 +0200
+++ /work/SRC/openSUSE:Factory/.tboot.new/tboot.changes 2012-10-13
21:10:39.0 +0200
@@ -1,0 +2,23 @@
+Wed Oct 10 15:31:57 UTC 2012 - meiss...@suse.com
+
+- updated to 1.7.2/20120929
+ Add Makefile for docs to install man pages.
+ Add man pages for tools
+ Add grub-mkconfig helper scripts for tboot case in GRUB2
+ Fix for deb build in ubuntu
+ Fix S3 issue brought by c/s 308
+ Fix a S4 hang issue and a potential shutdown reset issue
+ Fix build with new zlib 1.2.7.
+ Initialize event log when S3
+ Update README to change upstream repo url from bughost.org to sf.net.
+
+- updated to 1.7.1/20120427
+ Fix cmdline size in tb_polgen
+ Add description for option min_ram in README.
+ new tboot cmdline option "min_ram=0xXX"
+ Update test-patches/tpm-test.patch to fit in latest code.
+- zlib patch upstreamed.
+- spec file adjustments
+- tboot-fix.patch: fixed printf type mismatch
+
+---
Old:
tboot-1.7.0.tar.gz
zlib.patch
New:
tboot-1.7.2.tar.gz
tboot-fix.patch
Other differences:
--
++ tboot.spec ++
--- /var/tmp/diff_new_pack.Vj3W48/_old 2012-10-13 21:10:43.0 +0200
+++ /var/tmp/diff_new_pack.Vj3W48/_new 2012-10-13 21:10:43.0 +0200
@@ -17,15 +17,15 @@
Name: tboot
-%define ver 1.7.0
-Version:20120115_1.7.0
+%define ver 1.7.2
+Version:20120929_1.7.2
Release:0
Summary:Performs a verified launch using Intel(R) TXT
License:BSD-3-Clause
Group: Productivity/Security
Url:http://sourceforge.net/projects/tboot/
-Source0:%{name}-%{ver}.tar.gz
-Patch0: zlib.patch
+Source0:
http://downloads.sourceforge.net/project/tboot/tboot/tboot-%{ver}.tar.gz
+Patch0: tboot-fix.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: openssl-devel
BuildRequires: trousers-devel
@@ -47,10 +47,7 @@
make debug=y %{?_smp_mflags}
%install
-make debug=y install DISTDIR=$RPM_BUILD_ROOT
-
-%clean
-rm -rf $RPM_BUILD_ROOT
+make debug=y install DISTDIR=$RPM_BUILD_ROOT MANPATH=$RPM_BUILD_ROOT/%{_mandir}
%files
%defattr(-,root,root,-)
@@ -73,5 +70,9 @@
%{_sbindir}/txt-stat
/boot/tboot.gz
/boot/tboot-syms
+%{_mandir}/man8/*
+%dir %{_sysconfdir}/grub.d/
+%{_sysconfdir}/grub.d/20_linux_tboot
+%{_sysconfdir}/grub.d/20_linux_xen_tboot
%changelog
++ tboot-1.7.0.tar.gz -> tboot-1.7.2.tar.gz ++
1745 lines of diff (skipped)
++ tboot-fix.patch ++
Index: tboot-1.7.2/tb_polgen/param.c
===
--- tboot-1.7.2.orig/tb_polgen/param.c
+++ tboot-1.7.2/tb_polgen/param.c
@@ -184,7 +184,7 @@ void print_params(param_data_t *params)
info_msg("\t pcr = %d\n", params->pcr);
info_msg("\t hash_type = %d\n", params->hash_type);
info_msg("\t pos = %d\n", params->pos);
-info_msg("\t cmdline length = %lu\n", strlen(params->cmdline));
+info_msg("\t cmdline length = %u\n", (unsigned
int)strlen(params->cmdline));
info_msg("\t cmdline = %s\n", params->cmdline);
info_msg("\t image_file = %s\n", params->image_file);
info_msg("\t elt_file = %s\n", params->elt_file);
@@ -409,9 +409,9 @@ bool parse_input_params(int argc, char *
return false;
}
if (strlen(optarg) > sizeof(params->cmdline) - 1) {
-error_msg("Command line length of %lu exceeds %d "
+error_msg("Command line length of %u exceeds %d "
"character maximum\n",
- strlen(optarg), TBOOT_KERNEL_CMDLINE_SIZE-1);
+ (int)strlen(optarg),
TBOOT_KERNEL_CMDLINE_SIZE-1);
return false;
}
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit tboot for openSUSE:Factory
Hello community,
here is the log from the commit of package tboot for openSUSE:Factory checked
in at 2012-06-01 07:24:33
Comparing /work/SRC/openSUSE:Factory/tboot (Old)
and /work/SRC/openSUSE:Factory/.tboot.new (New)
Package is "tboot", Maintainer is "meiss...@suse.com"
Changes:
--- /work/SRC/openSUSE:Factory/tboot/tboot.changes 2012-05-03
11:00:52.0 +0200
+++ /work/SRC/openSUSE:Factory/.tboot.new/tboot.changes 2012-06-01
07:24:35.0 +0200
@@ -1,0 +2,5 @@
+Thu May 31 13:20:57 CEST 2012 - meiss...@suse.de
+
+- adjust to changed zlib api
+
+---
New:
zlib.patch
Other differences:
--
++ tboot.spec ++
--- /var/tmp/diff_new_pack.uMg8ZO/_old 2012-06-01 07:24:36.0 +0200
+++ /var/tmp/diff_new_pack.uMg8ZO/_new 2012-06-01 07:24:36.0 +0200
@@ -25,7 +25,7 @@
Group: Productivity/Security
Url:http://sourceforge.net/projects/tboot/
Source0:%{name}-%{ver}.tar.gz
-#Patch0: tboot-%{version}-Makefile_typo.diff
+Patch0: zlib.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: openssl-devel
BuildRequires: trousers-devel
@@ -39,6 +39,7 @@
%prep
%setup -q -n %name-%ver
+%patch0 -p1
%build
export CFLAGS="$RPM_OPT_FLAGS"
++ zlib.patch ++
Index: tboot-1.7.0/lcptools/mlehash.c
===
--- tboot-1.7.0.orig/lcptools/mlehash.c
+++ tboot-1.7.0/lcptools/mlehash.c
@@ -233,8 +233,8 @@ static void print_dump(uint32_t s, uint3
*/
static bool read_file(const char *filename, void **buffer, size_t *length)
{
-FILE *fcompressed = NULL;
-FILE *fdecompressed = NULL;
+gzFile fcompressed = NULL;
+FILE *fdecompressed = NULL;
struct stat filestat;
char tmpbuffer[1024];
unsigned long i;
Index: tboot-1.7.0/tb_polgen/commands.c
===
--- tboot-1.7.0.orig/tb_polgen/commands.c
+++ tboot-1.7.0/tb_polgen/commands.c
@@ -54,26 +54,31 @@ extern tb_policy_t *g_policy;
static bool hash_file(const char *filename, bool unzip, tb_hash_t *hash)
{
FILE *f;
+gzFile gf;
static char buf[1024];
EVP_MD_CTX ctx;
const EVP_MD *md;
int read_cnt;
-if ( unzip )
-f = gzopen(filename, "rb");
-else
+if ( unzip ) {
+gf = gzopen(filename, "rb");
+if ( gf == NULL ) {
+error_msg("File %s does not exist\n", filename);
+return false;
+}
+} else {
f = fopen(filename, "rb");
-
-if ( f == NULL ) {
-error_msg("File %s does not exist\n", filename);
-return false;
+if ( f == NULL ) {
+error_msg("File %s does not exist\n", filename);
+return false;
+}
}
md = EVP_sha1();
EVP_DigestInit(&ctx, md);
do {
if ( unzip )
-read_cnt = gzread(f, buf, sizeof(buf));
+read_cnt = gzread(gf, buf, sizeof(buf));
else
read_cnt = fread(buf, 1, sizeof(buf), f);
if ( read_cnt == 0 )
@@ -84,7 +89,7 @@ static bool hash_file(const char *filena
EVP_DigestFinal(&ctx, hash->sha1, NULL);
if ( unzip )
-gzclose(f);
+gzclose(gf);
else
fclose(f);
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit tboot for openSUSE:Factory
Hello community,
here is the log from the commit of package tboot for openSUSE:Factory checked
in at 2012-05-03 11:00:51
Comparing /work/SRC/openSUSE:Factory/tboot (Old)
and /work/SRC/openSUSE:Factory/.tboot.new (New)
Package is "tboot", Maintainer is "meiss...@suse.com"
Changes:
--- /work/SRC/openSUSE:Factory/tboot/tboot.changes 2012-03-02
13:50:19.0 +0100
+++ /work/SRC/openSUSE:Factory/.tboot.new/tboot.changes 2012-05-03
11:00:52.0 +0200
@@ -1,0 +2,5 @@
+Wed Apr 25 23:16:20 CEST 2012 - meiss...@suse.de
+
+- reenable exclusivearch to avoid building it on ppc and arm.
+
+---
Other differences:
--
++ tboot.spec ++
--- /var/tmp/diff_new_pack.djob6p/_old 2012-05-03 11:00:53.0 +0200
+++ /var/tmp/diff_new_pack.djob6p/_new 2012-05-03 11:00:53.0 +0200
@@ -29,8 +29,7 @@
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: openssl-devel
BuildRequires: trousers-devel
-
-#ExclusiveArch: %{ix86} x86_64
+ExclusiveArch: %{ix86} x86_64
%description
Trusted Boot (tboot) is an open source, pre-kernel/VMM module that uses
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit tboot for openSUSE:Factory
Hello community,
here is the log from the commit of package tboot for openSUSE:Factory checked
in at 2012-03-02 13:50:18
Comparing /work/SRC/openSUSE:Factory/tboot (Old)
and /work/SRC/openSUSE:Factory/.tboot.new (New)
Package is "tboot", Maintainer is "meiss...@suse.com"
Changes:
--- /work/SRC/openSUSE:Factory/tboot/tboot.changes 2012-01-19
10:35:22.0 +0100
+++ /work/SRC/openSUSE:Factory/.tboot.new/tboot.changes 2012-03-02
13:50:19.0 +0100
@@ -1,0 +2,53 @@
+Tue Feb 28 14:03:52 UTC 2012 - meiss...@suse.com
+
+- updated to 1.7.0
+Print version number while changeset info unavailable
+Document DA changes in README
+Add event log for PCR extends in tboot
+Follow details / authorities PCR mapping style in tboot
+Support details / authorities PCR mapping
+Support TPM event log
+fix build issue for txt-stat in 64 bit environment.
+update README for mwait AP wakeup mechanism
+tboot: provide a new AP wakeup way for OS/VMM - mwait then memory write
+Original txt-stat.c doesn't display TXT heap info by default. Add
+command line options to display help info and optionally enable
+displaying heap info.
+Fix a shutdown issue on heavily throttled large server
+Adjust mle_hdr.{mle|cmdline}_{start|end}_off according to CS285,286
+changes to give lcp_mlehash correct info to produce hash value.
+Fix boot issue caused by including mle page table into tboot memory
+Fix for possible overwritting to mle page table by GRUB2
+Add PAGE_UP() fn that rounds things up/donw to a page.
+Update get_mbi_mem_end() with a accurate, safer calculating way
+ACPI fix and sanity check
+Add some sanity check before using mods_count in a count-down loop
+TPM: add waiting on expect==0 before issue tpmGo
+txt-stat: Don't show heap info by default.
+Exchange definitions for TBOOT_BASE_ADDR & TBOOT_START
+Add const qualifier for suibable parms of all possible fns.
+fix possible mbi overwrite issue for Linux with grub2
+enhance print_mbi() to print more mbi info for debug purpose
+Fix for GRUB2 loading elf image such as Xen.
+Move apply_policy() call into txt_post_launch()
+Don't zap s3_key in tboot shared page if sealing failed due to tpm
+unowned
+Update the explanation of signed lists to make it clearer.
+tboot: add a fall back for reboot via keyboard reset vector
+tboot: revise README to explain how to configure GRUB2 config file for
+tboot
+tboot: rewrite acpi reg access fns to refer to bit_width instead of
+access_width
+tboot: change reboot mechanism to use keyboard reset vector
+tboot: handle mis-programmed TXT config regs and TXT heap gracefully
+tboot: add warning when TPM timeout values are wrong
+all PM1_CNT accesses should be 16bit.
+Enlarge NR_CPUS from 64 to 256
+Add support for SBIOS policy element type (LCP_SBIOS_ELEMENT) to
+lcp_crtpolelt
+Fix processor id list matching between platform and acmod
+Make lcp_crtpollist support empty lists (i.e. with no elements)
+print a bit more error reasons in txt-stat
+Fix segmentation fault in txt-stat on some systems
+
+---
Old:
tboot-20110520.tar.bz2
New:
tboot-1.7.0.tar.gz
Other differences:
--
++ tboot.spec ++
--- /var/tmp/diff_new_pack.o4DKtr/_old 2012-03-02 13:50:21.0 +0100
+++ /var/tmp/diff_new_pack.o4DKtr/_new 2012-03-02 13:50:21.0 +0100
@@ -15,14 +15,16 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
+
Name: tboot
-Version:20110520
+%define ver 1.7.0
+Version:20120115_1.7.0
Release:0
Summary:Performs a verified launch using Intel(R) TXT
License:BSD-3-Clause
Group: Productivity/Security
Url:http://sourceforge.net/projects/tboot/
-Source0:%{name}-%{version}.tar.bz2
+Source0:%{name}-%{ver}.tar.gz
#Patch0: tboot-%{version}-Makefile_typo.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: openssl-devel
@@ -37,7 +39,7 @@
%prep
-%setup -q
+%setup -q -n %name-%ver
%build
export CFLAGS="$RPM_OPT_FLAGS"
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit tboot for openSUSE:Factory
Hello community,
here is the log from the commit of package tboot for openSUSE:Factory checked
in at 2012-01-19 10:35:21
Comparing /work/SRC/openSUSE:Factory/tboot (Old)
and /work/SRC/openSUSE:Factory/.tboot.new (New)
Package is "tboot", Maintainer is "meiss...@suse.com"
Changes:
--- /work/SRC/openSUSE:Factory/tboot/tboot.changes 2011-09-23
12:47:28.0 +0200
+++ /work/SRC/openSUSE:Factory/.tboot.new/tboot.changes 2012-01-19
10:35:22.0 +0100
@@ -1,0 +2,5 @@
+Thu Jan 12 11:31:12 UTC 2012 - co...@suse.com
+
+- change license to be in spdx.org format
+
+---
Other differences:
--
++ tboot.spec ++
--- /var/tmp/diff_new_pack.gSAa6V/_old 2012-01-19 10:35:23.0 +0100
+++ /var/tmp/diff_new_pack.gSAa6V/_new 2012-01-19 10:35:23.0 +0100
@@ -1,7 +1,7 @@
#
# spec file for package tboot
#
-# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -15,19 +15,18 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
-
-
Name: tboot
Version:20110520
-Release:1
+Release:0
Summary:Performs a verified launch using Intel(R) TXT
+License:BSD-3-Clause
Group: Productivity/Security
-License:BSD
Url:http://sourceforge.net/projects/tboot/
Source0:%{name}-%{version}.tar.bz2
#Patch0: tboot-%{version}-Makefile_typo.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
-BuildRequires: openssl-devel trousers-devel
+BuildRequires: openssl-devel
+BuildRequires: trousers-devel
#ExclusiveArch: %{ix86} x86_64
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit tboot for openSUSE:Factory
Hello community,
here is the log from the commit of package tboot for openSUSE:Factory
checked in at Mon May 30 10:44:28 CEST 2011.
--- tboot/tboot.changes 2011-04-27 18:41:27.0 +0200
+++ /mounts/work_src_done/STABLE/tboot/tboot.changes2011-05-27
17:42:52.0 +0200
@@ -1,0 +2,11 @@
+Tue May 24 14:48:45 UTC 2011 - idon...@novell.com
+
+- Update to changeset 261
++ gcc 4.6 fixes
++ Fix segmentation fault in txt-stat on some systems
++ Add support for TXT heap extended data elements and BiosData version 4
++ Add support for AC Module chipset info table version 4 (ProcessorIDList)
++ Removed no_usb command line parameter and SMI disabling
++ Support MAXPHYADDR > 36b
+
+---
calling whatdependson for head-i586
Old:
tboot-20101005.tar.gz
New:
tboot-20110520.tar.bz2
Other differences:
--
++ tboot.spec ++
--- /var/tmp/diff_new_pack.3VIgXF/_old 2011-05-30 10:44:11.0 +0200
+++ /var/tmp/diff_new_pack.3VIgXF/_new 2011-05-30 10:44:11.0 +0200
@@ -18,13 +18,13 @@
Name: tboot
-Version:20101005
+Version:20110520
Release:1
Summary:Performs a verified launch using Intel(R) TXT
Group: Productivity/Security
License:BSD
Url:http://sourceforge.net/projects/tboot/
-Source0:%{name}-%{version}.tar.gz
+Source0:%{name}-%{version}.tar.bz2
#Patch0: tboot-%{version}-Makefile_typo.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: openssl-devel trousers-devel
++ tboot-20101005.tar.gz -> tboot-20110520.tar.bz2 ++
5278 lines of diff (skipped)
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit tboot for openSUSE:Factory
Hello community,
here is the log from the commit of package tboot for openSUSE:Factory
checked in at Fri Apr 29 09:26:44 CEST 2011.
New Changes file:
--- /dev/null 2010-08-26 16:28:41.0 +0200
+++ /mounts/work_src_done/STABLE/tboot/tboot.changes2011-04-27
18:41:27.0 +0200
@@ -0,0 +1,4 @@
+---
+Wed Apr 27 18:38:23 CEST 2011 - meiss...@suse.de
+
+- initial import of current intel trusted boot loader
calling whatdependson for head-i586
New:
tboot-20101005.tar.gz
tboot.changes
tboot.spec
Other differences:
--
++ tboot.spec ++
#
# spec file for package tboot
#
# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: tboot
Version:20101005
Release:1
Summary:Performs a verified launch using Intel(R) TXT
Group: Productivity/Security
License:BSD
Url:http://sourceforge.net/projects/tboot/
Source0:%{name}-%{version}.tar.gz
#Patch0: tboot-%{version}-Makefile_typo.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: openssl-devel trousers-devel
#ExclusiveArch: %{ix86} x86_64
%description
Trusted Boot (tboot) is an open source, pre-kernel/VMM module that uses
Intel(R) Trusted Execution Technology (Intel(R) TXT) to perform a measured
and verified launch of an OS kernel/VMM.
%prep
%setup -q
%build
export CFLAGS="$RPM_OPT_FLAGS"
export TBOOT_CFLAGS="$CFLAGS"
make debug=y %{?_smp_mflags}
%install
make debug=y install DISTDIR=$RPM_BUILD_ROOT
%clean
rm -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root,-)
%doc README COPYING docs/* lcptools/lcptools2.txt
lcptools/Linux_LCP_Tools_User_Manual.pdf
%{_sbindir}/acminfo
%{_sbindir}/lcp_crtpconf
%{_sbindir}/lcp_crtpol
%{_sbindir}/lcp_crtpol2
%{_sbindir}/lcp_crtpolelt
%{_sbindir}/lcp_crtpollist
%{_sbindir}/lcp_mlehash
%{_sbindir}/lcp_readpol
%{_sbindir}/lcp_writepol
%{_sbindir}/parse_err
%{_sbindir}/tb_polgen
%{_sbindir}/tpmnv_defindex
%{_sbindir}/tpmnv_getcap
%{_sbindir}/tpmnv_lock
%{_sbindir}/tpmnv_relindex
%{_sbindir}/txt-stat
/boot/tboot.gz
/boot/tboot-syms
%changelog
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
