Hello community, here is the log from the commit of package tboot for openSUSE:Factory checked in at 2014-07-29 16:48:24 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tboot (Old) and /work/SRC/openSUSE:Factory/.tboot.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tboot" Changes: -------- --- /work/SRC/openSUSE:Factory/tboot/tboot.changes 2014-05-21 16:31:20.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.tboot.new/tboot.changes 2014-07-29 16:48:33.000000000 +0200 @@ -1,0 +2,8 @@ +Mon Jul 28 12:14:12 UTC 2014 - meiss...@suse.com + +- updated to 1.8.2/20140728 + Security Fix: TBOOT Argument Measurement Vulnerability for GRUB2 + ELF Kernels + fix werror in 32 bit build environment +- tboot-fix.patch: removed, fixed differently upstream. + +------------------------------------------------------------------- Old: ---- tboot-1.8.1.tar.gz tboot-fix.patch New: ---- tboot-1.8.2.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tboot.spec ++++++ --- /var/tmp/diff_new_pack.GTOtcy/_old 2014-07-29 16:48:33.000000000 +0200 +++ /var/tmp/diff_new_pack.GTOtcy/_new 2014-07-29 16:48:33.000000000 +0200 @@ -17,15 +17,14 @@ Name: tboot -%define ver 1.8.1 -Version: 20130705_1.8.0 +%define ver 1.8.2 +Version: 20140728_1.8.2 Release: 0 Summary: Performs a verified launch using Intel(R) TXT License: BSD-3-Clause Group: Productivity/Security Url: http://sourceforge.net/projects/tboot/ Source0: http://downloads.sourceforge.net/project/tboot/tboot/tboot-%{ver}.tar.gz -Patch0: tboot-fix.patch Patch1: tboot-grub2-suse.patch Patch3: tboot-grub2-fix-menu-in-xen-host-server.patch Patch4: tboot-grub2-fix-xen-submenu-name.patch @@ -42,7 +41,6 @@ %prep %setup -q -n %name-%ver -%patch0 -p1 %patch1 -p1 %patch3 -p1 %patch4 -p1 ++++++ tboot-1.8.1.tar.gz -> tboot-1.8.2.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tboot-1.8.1/.hg_archival.txt new/tboot-1.8.2/.hg_archival.txt --- old/tboot-1.8.1/.hg_archival.txt 2014-05-16 09:57:00.000000000 +0200 +++ new/tboot-1.8.2/.hg_archival.txt 1970-01-01 01:00:00.000000000 +0100 @@ -1,5 +0,0 @@ -repo: cedd93279188334eb41d248d5eb70a41a2bc70ca -node: b4a3b8ddaf07d7a8fa0c159fbd22de7624d6818d -branch: default -latesttag: v1.8.1 -latesttagdistance: 1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tboot-1.8.1/CHANGELOG new/tboot-1.8.2/CHANGELOG --- old/tboot-1.8.1/CHANGELOG 2014-05-16 09:57:00.000000000 +0200 +++ new/tboot-1.8.2/CHANGELOG 2014-07-28 10:24:20.000000000 +0200 @@ -1,3 +1,6 @@ +20140728: v1.8.2 + Security Fix: TBOOT Argument Measurement Vulnerability for GRUB2 + ELF Kernels + fix werror in 32 bit build environment 20140516: v1.8.1 Fix build error "may be used uninitialized" Reset eventlog when S3 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tboot-1.8.1/tb_polgen/param.c new/tboot-1.8.2/tb_polgen/param.c --- old/tboot-1.8.1/tb_polgen/param.c 2014-05-16 09:57:00.000000000 +0200 +++ new/tboot-1.8.2/tb_polgen/param.c 2014-07-28 10:24:21.000000000 +0200 @@ -184,7 +184,8 @@ info_msg("\t pcr = %d\n", params->pcr); info_msg("\t hash_type = %d\n", params->hash_type); info_msg("\t pos = %d\n", params->pos); - info_msg("\t cmdline length = %lu\n", strlen(params->cmdline)); + info_msg("\t cmdline length = %lu\n", + (unsigned long int)strlen(params->cmdline)); info_msg("\t cmdline = %s\n", params->cmdline); info_msg("\t image_file = %s\n", params->image_file); info_msg("\t elt_file = %s\n", params->elt_file); @@ -411,7 +412,8 @@ if (strlen(optarg) > sizeof(params->cmdline) - 1) { error_msg("Command line length of %lu exceeds %d " "character maximum\n", - strlen(optarg), TBOOT_KERNEL_CMDLINE_SIZE-1); + (unsigned long int)strlen(optarg), + TBOOT_KERNEL_CMDLINE_SIZE-1); return false; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tboot-1.8.1/tboot/Config.mk new/tboot-1.8.2/tboot/Config.mk --- old/tboot-1.8.1/tboot/Config.mk 2014-05-16 09:57:00.000000000 +0200 +++ new/tboot-1.8.2/tboot/Config.mk 2014-07-28 10:24:21.000000000 +0200 @@ -32,7 +32,7 @@ CFLAGS += $(call cc-option,$(CC),-fno-stack-protector-all,) # changeset variable for banner -CFLAGS += -DTBOOT_CHANGESET=\""$(shell ((hg parents --template "{isodate|isodate} {rev}:{node|short}" >/dev/null && hg parents --template "{isodate|isodate} {rev}:{node|short}") || echo "2014-05-16 12:00 +0800 1.8.1") 2>/dev/null)"\" +CFLAGS += -DTBOOT_CHANGESET=\""$(shell ((hg parents --template "{isodate|isodate} {rev}:{node|short}" >/dev/null && hg parents --template "{isodate|isodate} {rev}:{node|short}") || echo "2014-07-28 12:00 +0800 1.8.2") 2>/dev/null)"\" AFLAGS += -D__ASSEMBLY__ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tboot-1.8.1/tboot/common/loader.c new/tboot-1.8.2/tboot/common/loader.c --- old/tboot-1.8.1/tboot/common/loader.c 2014-05-16 09:57:00.000000000 +0200 +++ new/tboot-1.8.2/tboot/common/loader.c 2014-07-28 10:24:21.000000000 +0200 @@ -54,6 +54,7 @@ #include <txt/txt.h> #include <mle.h> #include <txt/acmod.h> +#include <cmdline.h> /* copy of kernel/VMM command line so that can append 'tboot=0x1234' */ static char *new_cmdline = (char *)TBOOT_KERNEL_CMDLINE_ADDR; @@ -952,6 +953,39 @@ } } +static const char *get_boot_loader_name(loader_ctx *lctx) +{ + if (LOADER_CTX_BAD(lctx)) + return NULL; + if (lctx->type == MB1_ONLY ){ + if (((multiboot_info_t *)lctx->addr)->flags & MBI_BTLDNAME) + return (char *)((multiboot_info_t *)lctx->addr)->boot_loader_name; + return NULL; + } + + /* currently must be type 2 */ + struct mb2_tag *start = (struct mb2_tag *)(lctx->addr + 8); + start = find_mb2_tag_type(start, MB2_TAG_TYPE_LOADER_NAME); + if (start) + return &((struct mb2_tag_string *)start)->string[0]; + + return NULL; +} + +static void remove_filename_from_modules_cmdline(loader_ctx *lctx) +{ + if (LOADER_CTX_BAD(lctx)) + return; + + for ( unsigned int i = 0; i < get_module_count(lctx); i++ ) { + module_t *m = get_module(lctx, i); + char *cmdline = get_module_cmd(lctx, m); + const char *adjusted_cmdline = skip_filename(cmdline); + if ( adjusted_cmdline != NULL && cmdline != adjusted_cmdline ) + strncpy(cmdline, adjusted_cmdline, strlen(cmdline)); + } +} + static void *remove_first_module(loader_ctx *lctx) { @@ -1242,6 +1276,12 @@ /* fix for GRUB2, which may load modules into memory before tboot */ move_modules(g_ldr_ctx); + + /* for GRUB 2, remove the filename in mods' cmdline */ + const char *loader_name = get_boot_loader_name(g_ldr_ctx); + if ( loader_name != NULL && strncmp(loader_name, "GNU GRUB 0", 10) ) + remove_filename_from_modules_cmdline(g_ldr_ctx); + } else { printk(TBOOT_INFO"assuming kernel is Linux format\n"); -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org