Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package secvarctl for openSUSE:Factory
checked in at 2024-02-14 23:19:27
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/secvarctl (Old)
and /work/SRC/openSUSE:Factory/.secvarctl.new.1815 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "secvarctl"
Wed Feb 14 23:19:27 2024 rev:8 rq:1146544 version:1.0.0+git0.73d91fa
Changes:
--------
--- /work/SRC/openSUSE:Factory/secvarctl/secvarctl.changes 2023-12-17
21:34:34.890503988 +0100
+++ /work/SRC/openSUSE:Factory/.secvarctl.new.1815/secvarctl.changes
2024-02-14 23:19:33.674032038 +0100
@@ -1,0 +2,8 @@
+Wed Feb 14 09:46:08 UTC 2024 - msucha...@suse.com
+
+- Update to version v1.0.0 (jsc#PED-5449):
+ * guest/generate: fix multiple input/output format specifier argument parsing
+ * guest/read: fix segfault in read -c caused by empty variable name
+ * guest/verify: only print default PK in get_current_esl_data if verbose is
set
+
+-------------------------------------------------------------------
@@ -4 +12 @@
-- Update to version 1.0.0~rc3 (jsc#PED-5449):
+- Update to version 1.0.0~rc3:
Old:
----
secvarctl-1.0.0~rc3+git0.6f4d730.tar.gz
New:
----
secvarctl-1.0.0+git0.73d91fa.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ secvarctl.spec ++++++
--- /var/tmp/diff_new_pack.OHPYcz/_old 2024-02-14 23:19:34.182050353 +0100
+++ /var/tmp/diff_new_pack.OHPYcz/_new 2024-02-14 23:19:34.186050497 +0100
@@ -1,7 +1,7 @@
#
# spec file for package secvarctl
#
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
%global make_parms OPENSSL=1 DEBUG=1
Name: secvarctl
-Version: 1.0.0~rc3+git0.6f4d730
+Version: 1.0.0+git0.73d91fa
Release: 0
Summary: Suite of tools to manipulate and generate Secure Boot
variables on POWER
License: Apache-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.OHPYcz/_old 2024-02-14 23:19:34.210051362 +0100
+++ /var/tmp/diff_new_pack.OHPYcz/_new 2024-02-14 23:19:34.214051506 +0100
@@ -2,9 +2,9 @@
<service name="tar_scm" mode="disabled">
<param name="scm">git</param>
<param name="url">https://github.com/open-power/secvarctl.git</param>
- <param name="revision">guest-devel</param>
- <param name="versionrewrite-pattern">v(.*)-(rc.*)</param>
- <param name="versionrewrite-replacement">\1~\2</param>
+ <param name="revision">main</param>
+ <param name="versionrewrite-pattern">v(.*)</param>
+ <param name="versionrewrite-replacement">\1</param>
<param name="versionformat">@PARENT_TAG@+git@TAG_OFFSET@.%h</param>
<param name="changesgenerate">enable</param>
</service>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.OHPYcz/_old 2024-02-14 23:19:34.230052083 +0100
+++ /var/tmp/diff_new_pack.OHPYcz/_new 2024-02-14 23:19:34.234052227 +0100
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/open-power/secvarctl.git</param>
- <param
name="changesrevision">6f4d730e0d797d9add247bf5285ba51458fbda89</param></service></servicedata>
+ <param
name="changesrevision">73d91faeca1677218d034b117fb6bd3603319fb8</param></service></servicedata>
(No newline at EOF)
++++++ secvarctl-1.0.0~rc3+git0.6f4d730.tar.gz ->
secvarctl-1.0.0+git0.73d91fa.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/secvarctl-1.0.0~rc3+git0.6f4d730/backends/guest/guest_svc_generate.c
new/secvarctl-1.0.0+git0.73d91fa/backends/guest/guest_svc_generate.c
--- old/secvarctl-1.0.0~rc3+git0.6f4d730/backends/guest/guest_svc_generate.c
2023-12-08 21:04:16.000000000 +0100
+++ new/secvarctl-1.0.0+git0.73d91fa/backends/guest/guest_svc_generate.c
2024-02-06 18:13:02.000000000 +0100
@@ -483,6 +483,19 @@
args->append_flag = 1;
break;
case ARGP_KEY_ARG:
+ /* there should only be one format specifier, error if another
is supplied */
+ if (args->input_form && args->output_form) {
+ prlog(PR_ERR, "ERROR: unknown additional positional
argument %s\n", arg);
+ rc = ARG_PARSE_FAIL;
+ break;
+ }
+ /* both forms should be either set or NULL, this should never
be reached. */
+ if (!args->input_form ^ !args->output_form) {
+ prlog(PR_ERR,
+ "ERROR: only one of input_form/output_form is
set, this should not happen\n");
+ rc = ARG_PARSE_FAIL;
+ break;
+ }
/* check if reset key is desired */
if (!strcmp(arg, "reset")) {
args->input_form = "reset";
@@ -493,14 +506,22 @@
/* else set input and output formats */
args->input_form = strtok(arg, ":");
args->output_form = strtok(NULL, ":");
+
+ /* verify both input and output forms are parsed correctly,
error otherwise */
+ if (!args->input_form || !args->output_form) {
+ prlog(PR_ERR,
+ "ERROR: '%s' is not in the correct
'<input_format>:<output_format>' form, see usage...\n",
+ arg);
+ rc = ARG_PARSE_FAIL;
+ }
break;
case ARGP_KEY_SUCCESS:
/* check that all essential args are given and valid */
if (args->help_flag)
break;
else if (args->input_form == NULL || args->output_form == NULL)
- prlog(PR_ERR, "ERROR: incorrect
'<input_format>:<output_format>', see "
- "usage...\n");
+ prlog(PR_ERR,
+ "ERROR: invalid or missing
'<input_format>:<output_format>', see usage...\n");
else if (args->time && validate_time(args->time))
prlog(PR_ERR, "invalid timestamp flag '-t
YYYY-MM-DDThh:mm:ss' , "
"see usage...\n");
@@ -523,13 +544,6 @@
if (rc)
prlog(PR_ERR, "failed during argument parsing\n");
- // Special case, filter out appends on PK
- if (args->append_flag > 0 && args->variable_name != NULL &&
- strcmp(PK_VARIABLE, args->variable_name) == 0) {
- prlog(PR_ERR, "ERROR: PK does not support the append flag\n");
- rc = ARG_PARSE_FAIL;
- }
-
return rc;
}
@@ -668,6 +682,14 @@
rc = ARG_PARSE_FAIL;
goto out;
}
+
+ /* special case, filter out appends on PK */
+ if (args.append_flag > 0 && args.variable_name != NULL &&
+ strcmp(PK_VARIABLE, args.variable_name) == 0) {
+ prlog(PR_ERR, "ERROR: PK does not support the append flag\n");
+ rc = ARG_PARSE_FAIL;
+ goto out;
+ }
prlog(PR_INFO, "input file is %s of type %s , output file is %s of type
%s\n",
args.input_file, args.input_form, args.output_file,
args.output_form);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/secvarctl-1.0.0~rc3+git0.6f4d730/backends/guest/guest_svc_read.c
new/secvarctl-1.0.0+git0.73d91fa/backends/guest/guest_svc_read.c
--- old/secvarctl-1.0.0~rc3+git0.6f4d730/backends/guest/guest_svc_read.c
2023-12-08 21:04:16.000000000 +0100
+++ new/secvarctl-1.0.0+git0.73d91fa/backends/guest/guest_svc_read.c
2024-02-06 18:13:02.000000000 +0100
@@ -126,7 +126,7 @@
rc = validate_x509_certificate(x509);
if (rc)
prlog(PR_ERR, "ERROR: x509 certificate is invalid (%d)\n", rc);
- else if (is_trustedcadb_variable(variable_name)) {
+ else if (variable_name && is_trustedcadb_variable(variable_name)) {
if (!crypto_x509_is_CA(x509)) {
prlog(PR_ERR, "ERROR: it is not CA certificate\n");
rc = CERT_FAIL;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/secvarctl-1.0.0~rc3+git0.6f4d730/test/Makefile
new/secvarctl-1.0.0+git0.73d91fa/test/Makefile
--- old/secvarctl-1.0.0~rc3+git0.6f4d730/test/Makefile 2023-12-08
21:04:16.000000000 +0100
+++ new/secvarctl-1.0.0+git0.73d91fa/test/Makefile 2024-02-06
18:13:02.000000000 +0100
@@ -14,6 +14,8 @@
HOST_BACKEND = 1
GUEST_BACKEND = 1
+export ASAN_OPTIONS = abort_on_error=1
+
define test_host
@$(py) host_tests.py
@$(py) host_generate_tests.py
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/secvarctl-1.0.0~rc3+git0.6f4d730/test/common.py
new/secvarctl-1.0.0+git0.73d91fa/test/common.py
--- old/secvarctl-1.0.0~rc3+git0.6f4d730/test/common.py 2023-12-08
21:04:16.000000000 +0100
+++ new/secvarctl-1.0.0+git0.73d91fa/test/common.py 2024-02-06
18:13:02.000000000 +0100
@@ -1,6 +1,7 @@
import unittest
import subprocess
import os
+import signal
SECTOOLS = os.environ.get("SECVAR_TOOL", "../bin/secvarctl-dbg")
SECVARPATH = "/sys/firmware/secvar/vars/"
@@ -31,7 +32,11 @@
print(f"Error in command '{' '.join(args)}")
raise e
- return CommandOutput(out)
+ ret = CommandOutput(out)
+ if out.returncode < 0:
+ sig = signal.Signals(-out.returncode).name
+ self.assertTrue(out.returncode >= 0, msg=f"Command exited via
signal {sig}: '{' '.join(args)}'\n{ret}'")
+ return ret
def assertCmd(self, args, expected: bool):
tmp_assert, msg = {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/secvarctl-1.0.0~rc3+git0.6f4d730/test/guest_tests.py
new/secvarctl-1.0.0+git0.73d91fa/test/guest_tests.py
--- old/secvarctl-1.0.0~rc3+git0.6f4d730/test/guest_tests.py 2023-12-08
21:04:16.000000000 +0100
+++ new/secvarctl-1.0.0+git0.73d91fa/test/guest_tests.py 2024-02-06
18:13:02.000000000 +0100
@@ -92,7 +92,7 @@
if file.endswith(".auth"):
auth_files.append(test_dir[1] + file)
for file in os.listdir(test_dir[2]):
- if file.endswith(".cert"):
+ if file.endswith(".crt"):
cert_files.append(test_dir[2] + file)
for file in os.listdir(test_dir[4]):
if file.endswith(".pkcs7"):
@@ -172,6 +172,23 @@
# f.write(f"POWER SECVAR LOCATION( {SECVARPATH} ) DOES NOT
EXIST SO NO TESTS RAN\n")
# f.close()
+ def test_malformed_generate(self):
+ cert = cert_files[0] # arbitrarily use the first cert for testing
+
+ # Generate without a inform:outform should fail
+ cmd = list(filter(lambda x: x, generate_esl("db", "", cert,
"foo.esl")))
+ self.assertCmdFalse(cmd)
+
+ # Generate with bad inform:output should fail
+ cmd.append("beans")
+ self.assertCmdFalse(cmd)
+ cmd.pop(-1)
+
+ # Generate with more than one inform:outform should also fail
+ cmd.append("c:e")
+ cmd.append("c:e")
+ self.assertCmdFalse(cmd)
+
def test_generate_esl_files(self):
for var_name in variables:
esl_file = gen_dir + var_name + ".esl"
