openSUSE Commits
Threads by month
- ----- 2024 -----
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
August 2024
- 2 participants
- 1399 discussions
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-Django for openSUSE:Factory checked in at 2024-08-08 10:57:04
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-Django (Old)
and /work/SRC/openSUSE:Factory/.python-Django.new.7232 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-Django"
Thu Aug 8 10:57:04 2024 rev:119 rq:1192060 version:5.0.8
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-Django/python-Django.changes 2024-07-18 19:15:57.794211493 +0200
+++ /work/SRC/openSUSE:Factory/.python-Django.new.7232/python-Django.changes 2024-08-08 10:57:21.589058411 +0200
@@ -1,0 +2,32 @@
+Wed Aug 7 06:07:48 UTC 2024 - Alberto Planas Dominguez <aplanas(a)suse.com>
+
+- Update to 5.0.8
+ * CVE-2024-41989: Memory exhaustion in
+ django.utils.numberformat.floatformat()
+ * CVE-2024-41990: Potential denial-of-service vulnerability in
+ django.utils.html.urlize()
+ * CVE-2024-41991: Potential denial-of-service vulnerability in
+ django.utils.html.urlize() and AdminURLFieldWidget
+ * CVE-2024-42005: Potential SQL injection in QuerySet.values() and
+ values_list()
+ * Added missing validation for
+ UniqueConstraint(nulls_distinct=False) when using *expressions
+ * Fixed a regression in Django 5.0 where ModelAdmin.action_checkbox
+ could break the admin changelist HTML page when rendering a model
+ instance with a __html__ method
+ * Fixed a crash when creating a model with a Field.db_default and a
+ Meta.constraints constraint composed of __endswith, __startswith,
+ or __contains lookups
+ * Fixed a regression in Django 5.0.7 that caused a crash in
+ LocaleMiddleware when processing a language code over 500
+ characters
+ * Fixed a bug in Django 5.0 that caused a system check crash when
+ ModelAdmin.date_hierarchy was a GeneratedField with an
+ output_field of DateField or DateTimeField
+ * Fixed a bug in Django 5.0 which caused constraint validation to
+ either crash or incorrectly raise validation errors for
+ constraints referring to fields using Field.db_default
+ * Fixed a crash in Django 5.0 when saving a model containing a
+ FileField with a db_default set
+
+-------------------------------------------------------------------
Old:
----
Django-5.0.7.checksum.txt
Django-5.0.7.tar.gz
New:
----
Django-5.0.8.checksum.txt
Django-5.0.8.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-Django.spec ++++++
--- /var/tmp/diff_new_pack.wkLkZB/_old 2024-08-08 10:57:22.273086531 +0200
+++ /var/tmp/diff_new_pack.wkLkZB/_new 2024-08-08 10:57:22.277086695 +0200
@@ -23,7 +23,7 @@
%bcond_with memcached
%{?sle15_python_module_pythons}
Name: python-Django
-Version: 5.0.7
+Version: 5.0.8
Release: 0
Summary: A high-level Python Web framework
License: BSD-3-Clause
++++++ Django-5.0.7.checksum.txt -> Django-5.0.8.checksum.txt ++++++
--- /work/SRC/openSUSE:Factory/python-Django/Django-5.0.7.checksum.txt 2024-07-11 20:29:22.760489621 +0200
+++ /work/SRC/openSUSE:Factory/.python-Django.new.7232/Django-5.0.8.checksum.txt 2024-08-08 10:57:21.405050846 +0200
@@ -2,24 +2,24 @@
Hash: SHA256
This file contains MD5, SHA1, and SHA256 checksums for the source-code
-tarball and wheel files of Django 5.0.7, released July 9, 2024.
+tarball and wheel files of Django 5.0.8, released August 6, 2024.
To use this file, you will need a working install of PGP or other
compatible public-key encryption software. You will also need to have
the Django release manager's public key in your keyring. This key has
-the ID ``2EE82A8D9470983E`` and can be imported from the MIT
+the ID ``3955B19851EA96EF`` and can be imported from the MIT
keyserver, for example, if using the open-source GNU Privacy Guard
implementation of PGP:
- gpg --keyserver pgp.mit.edu --recv-key 2EE82A8D9470983E
+ gpg --keyserver pgp.mit.edu --recv-key 3955B19851EA96EF
or via the GitHub API:
- curl https://github.com/nessita.gpg | gpg --import -
+ curl https://github.com/sarahboyce.gpg | gpg --import -
Once the key is imported, verify this file:
- gpg --verify Django-5.0.7.checksum.txt
+ gpg --verify Django-5.0.8.checksum.txt
Once you have verified this file, you can use normal MD5, SHA1, or SHA256
checksumming applications to generate the checksums of the Django
@@ -28,40 +28,38 @@
Release packages
================
-https://www.djangoproject.com/m/releases/5.0/Django-5.0.7.tar.gz
-https://www.djangoproject.com/m/releases/5.0/Django-5.0.7-py3-none-any.whl
+https://www.djangoproject.com/m/releases/5.0/Django-5.0.8.tar.gz
+https://www.djangoproject.com/m/releases/5.0/Django-5.0.8-py3-none-any.whl
MD5 checksums
=============
-454d23ea901892fd544541f4a1a33a3e Django-5.0.7.tar.gz
-c687175397b8d6d98b8e0e35e6f142fb Django-5.0.7-py3-none-any.whl
+fb167eef987a98421cad62036868a1ca Django-5.0.8.tar.gz
+59c31f54f7e064b9a26152e1d16ac18e Django-5.0.8-py3-none-any.whl
SHA1 checksums
==============
-ed070e21b5bf0b188104338a3b8a495b9d59593d Django-5.0.7.tar.gz
-4aecb9aeab348f003c32952906eef7556a5be54b Django-5.0.7-py3-none-any.whl
+b2ec7cbd6e73f9d2259456e5be86156df4d3933e Django-5.0.8.tar.gz
+caa744bb5e668e661e0182a5cc3b9a8c6611f029 Django-5.0.8-py3-none-any.whl
SHA256 checksums
================
-bd4505cae0b9bd642313e8fb71810893df5dc2ffcacaa67a33af2d5cd61888f2 Django-5.0.7.tar.gz
-f216510ace3de5de01329463a315a629f33480e893a9024fc93d8c32c22913da Django-5.0.7-py3-none-any.whl
+ebe859c9da6fead9c9ee6dbfa4943b04f41342f4cea2c4d8c978ef0d10694f2b Django-5.0.8.tar.gz
+333a7988f7ca4bc14d360d3d8f6b793704517761ae3813b95432043daec22a45 Django-5.0.8-py3-none-any.whl
-----BEGIN PGP SIGNATURE-----
-iQJcBAEBCABGFiEEW1sboQ2FrHxcduOPLugqjZRwmD4FAmaNPRgoHDEyNDMwNCtu
-ZXNzaXRhQHVzZXJzLm5vcmVwbHkuZ2l0aHViLmNvbQAKCRAu6CqNlHCYPgnUD/47
-sPedXK17iCelw70BRY7EqWxwVwSbTxKcnw14y2qejS923MlnEEraeOll2HbCqOmL
-+O3coVJsTc9GAMrQLyip8sHCwb4SSCWmwRqQZbTdNRrZOWfCPRLsbVccEabdwTNC
-7YDyDc+3FQhHIszNI0zkJ1H3G7280euwIrMIhnCbwH1PC/hqAwdlhf1+nc4BiIMg
-dz/Bg65abruY/6LM0btMP72avHrM0BRiRs5kOYn7+xgh1cqnI64RHROgrymK7JkT
-LxoZDhWvDv68IvyNWEuLU4yDXnv/3ZglhwUA8q+leMqtURwBWs8UMnLhHhR52kie
-okrK6eBkYeHls3vMGOTKxe7nJHhfEjl6V9XJShIdU1ir+/iCeaRMzYjpr4H5591H
-TMs8Hgm27Wt7U/OT5EsF+vIpLaAR9AnZfNfB1eYU34BUAloZSQCxz+Y65LCN5wKk
-jfaG7phOiO33NJMUxhfemjwJIJymw7uZnuRQJ8KUMbr9Q/iCVWsMG+QXhJs96KRO
-y1SYVgPgU5Jll9VN/H2WJCj9I1YOVZPDVAbMcB+hKklw6ZhZx2fxgxLO/3/REQJs
-iBJ1ETPdCHct5HJyAoBD++NCeioUKd5pXxqMvtuNH7winRC9NMGw4XX1CbpBBB+1
-y1mkGxw+QvBh4rivA6TSQQwTDQXAnoT7ida+Ye2FVw==
-=GcbG
+iQHhBAEBCABLFiEE6xs4DYrFLQArrNMyOVWxmFHqlu8FAmayI3UtHDQyMjk2NTY2
+K3NhcmFoYm95Y2VAdXNlcnMubm9yZXBseS5naXRodWIuY29tAAoJEDlVsZhR6pbv
+msAL/1MlnPMdwmWoHKujgAsF0amxYRQ6dZ9HJLukm7YLGbXDJxTWK8uzRm8bNYqF
+PAVAd/N+x7es7d9lhd7XnA9r3npHj03IfvO9Q7f2qMD0YLdUDWD/0ALMhs62VBoc
+8eE6npty+t9SS+p0JaqdRmzB95EDIY52ql9Z62fBcYyCQqAQYTQRydgYM57h23ha
+G6zNQRTbkaCj9nK/ZyahfrmYsyOWkPWb4LBFJFOV3gbPVHNLPnGjYbcQ8Fh8qMF+
+9eGXHETm5bQRsXsaXgIrCCCfyB5Z7f/Ksd3Pkm9uYB1iTkyhxFPYzcHm4vNPpnx7
+85Yzm5E/VXsScN8XuwdwPbGDqwtRG7Ena3XdSvZdur0NwS+A/qVoG0fKPr3avx8k
+28/hpV5nBQaeA6L7VvzRanAtlEHqzh1T+zjfIatAhRL5QE7I4EcEQQIObdvKtAUq
+ff5ZFJOdeLTYfF7Gx2zm85hJQR9RO+iB92oUqCZmWy5YQU5KVDRq9Rdv+HEFJB9C
+oqY5TQ==
+=O103
-----END PGP SIGNATURE-----
++++++ Django-5.0.7.tar.gz -> Django-5.0.8.tar.gz ++++++
/work/SRC/openSUSE:Factory/python-Django/Django-5.0.7.tar.gz /work/SRC/openSUSE:Factory/.python-Django.new.7232/Django-5.0.8.tar.gz differ: char 5, line 1
++++++ python-Django.keyring ++++++
--- /var/tmp/diff_new_pack.wkLkZB/_old 2024-08-08 10:57:22.357089985 +0200
+++ /var/tmp/diff_new_pack.wkLkZB/_new 2024-08-08 10:57:22.361090149 +0200
@@ -1,92 +1,44 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
-mQGiBErcoVkRBACt1HBsLQQ9HeRHrqMbYfWEW3d0KoWzjKU9ZW59oq8ceVCYfhyT
-ZKxyLobyed+NhL3SJCE5e4hs5UfyBdS4c8I97MFDKCA5TBu3pMnYGxWje3fSwP6o
-RGcP8Ji4/tISclyGrkMruDNzpT93R8H/SixPGFcH7kCp4xQxPBc0esdU4wCg1azF
-kUuFijNryusT+i58hVE3dMkD/iAfCh4bcLyZ8aygLZxg3bn3YauJASEjuqVXUgTB
-diBdhXnldq0xs2IwQJY1paAajXf5FsjlTVQrQWMtTQ5qWKpQr0lAanufnEDNu6GW
-orWBzLaSWQWEkcRALmZS6MBkmVCx/JiIvt0sUxrG4boQ6qYlQYZsaHaAMUZT997v
-1ktqA/4kPUfV2gqJuVzWwbhrKhAyhSivmhhe+1lUFa7phRmoMNw7/jXi9OV1lmL2
-ty+0LkeCXUChrXarey4AnPI58aR0xshiAxGEI2jPi+vWkgGblOG3TBoZBH5jV+d2
-/5mmlCs/KkJkdsN+LXR3m5o/oFs7MgGD8pxa1jwK9xcu1xKIqrQyTmF0YWxpYSBC
-aWRhcnQgKG5lc3NpdGEpIDxuYXRhbGlhYmlkYXJ0QGdtYWlsLmNvbT6IYgQTEQIA
-IgUCTG1snwIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQrlwdYDo57Zf7
-lQCeIHmWQQek0zboTqMuy60phrUIzowAn0ONlnzzL0oWiNUpbY8nDsernILWiGAE
-ExECACAFAkrcoVkCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRCuXB1gOjnt
-l5FdAKCSLwUJNZXs3WXqKabi2adRcdqZ8gCeLgbbqJ2Dqqaeb3tXK6zWC7ZO9CK0
-NE5hdGFsaWEgQmlkYXJ0IChuZXNzaXRhKSA8bmF0YWxpYS5iaWRhcnRAdWJ1bnR1
-LmNvbT6IZQQTEQIAJQIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AFAk8oONcC
-GQEACgkQrlwdYDo57ZejrgCdFyBg4VipDYmoQ5eOpXe4Vegiwl4AoK00YytEeMvO
-EFqZY+qVvqaV3It6iGIEExECACIFAkvrLFwCGwMGCwkIBwMCBhUIAgkKCwQWAgMB
-Ah4BAheAAAoJEK5cHWA6Oe2XD+QAoK02osWaLzROXg54drLpJMNLs/DGAJ9XlSak
-dQv6uX5QFT1QZCp/WwozIrQzTmF0YWxpYSBCaWRhcnQgKG5lc3NpdGEpIDxuYXRh
-bGlhLmJpZGFydEBnbWFpbC5jb20+iGIEExECACIFAkvrLBMCGwMGCwkIBwMCBhUI
-AgkKCwQWAgMBAh4BAheAAAoJEK5cHWA6Oe2XrQoAoIpzDPsuwhwuVcelVh3F8q3w
-qhk2AKCj6rF6x+kzUwtT6lM8wkUj4x+CgLQ3TmF0YWxpYSBCaWRhcnQgKG5lc3Np
-dGEpIDxuYXRhbGlhLmJpZGFydEBjYW5vbmljYWwuY29tPohgBBMRAgAgBQJK3gu6
-AhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4AACgkQrlwdYDo57ZfaNgCfXhjx28H4
-WQ8CjWsdyJU2Kmh44qoAn0zp3TeEFuSPCEBZ0jAR4dwuSrpguQINBErcoVkQCACX
-mxZ+acE5irfOe09OclJ+vKxqrnaEpveyLJZzKiWz5GlZLV3gPEMs3Pu0tGtTjadG
-CRck2xIYArDz1aPwvM4dHswIy3TyzoSTgW1ybz5TXzkxWDcdwukYm1gKlWMb8JQW
-v76KtoiNuY/EIUAaO9M7ZyUPSWunh5CK+ttYKs+KrD8wt8Te7PdsrstUMP2uplOt
-I0zKK8P+gcCNZQTZh71Z8WAhZF/tn9LpkE9p0Au3pVEVk7Z8492TO4DySFhBNVEM
-IY9KVNiZoEMAaiRUFgG3gPj3MD4wDyaiWp+5b8XQylXcfWsPx3nujLJNUiaJlV4u
-Wjv0ZgwMHHLgORAlOJ2rAAMFB/94QWkhOmIzzx0iCob4fILZ2lqTt1fAAbaQxyq/
-LIaI6iSHqebEVVR9OUVTzqNtc0yDifxsbDZXEHmU2qx+aARoYmonxNmNoUS/U6Io
-2iPgP1Jwt13dbd284xlgDTx8QO/TjX9lFyvt7AEHIrcHaomwVS0Il7wIfzG24kqX
-j17VhD2j/2V6uA7ADAh8u0WFO93i30qNSCaCRphCU4K7gLdHLIp8TsGLdx/gf2mB
-5SyhNOkHwEx80kSiFt+H5fER7XQep/w51XybqAt7SsWaIjYLsyMYXyiVdQChwzBd
-vusRKv9qjg9eiyHI6aOw6foOUFlpfMx1oeknFDJrjJ3PKUPyiEkEGBECAAkFAkrc
-oVkCGwwACgkQrlwdYDo57ZffZACfS9pUk1P5poP86jh8K2K6jpjU0y0AoNQ4ejtn
-mpJC4x7FruZyi1wVdkMxmQINBGQu6XIBEADAnmu8HNENZh7UTuu5GfTeFhpmyj5K
-yz//txfrm0/b6uTW5TXPgLjuvMzGG8PtaZHRIgZ0gzA+x7T5zKMTaoKs3EvgR5D3
-Y9NjteUWpf8FjvPhN01HZfaZ7yChwHwKobW0JYinNpBh0Cz51unGdLIDtELMaEFO
-D8qdcpe63qG111S4G+4hcJUkXt4ALBpSnY9GOhlYQDn+ZDRGk1M9rjeMo+QsIJns
-UZRlvBroJyg0toUXclw5QXFGp1+mrjOzKqdD0DmSN7LWlU0yCJB8H5bWZTiPAPOE
-SW1Kb3kEW+Qy8YkcH7SkQ7N72wsuIwKJNiddMLZnXeR0Lcvt0t7ftUfs44VEZSwm
-V0I7lyZZWr+Pei8nGaLxxCI4OtASXcQ+VVKF/HoR/necD1QmqmuCeiMLmYT5jEPZ
-oovOri5onkWIQfjfWeUVErxNi9Uz18mi9P7PfAWOzNCmdkuVqsPtpymyDcKYYh9u
-D/CTH9w1B69CRjld6NOfal05fIrfKuVgPvmQnPeCn+KgTBwv8T+mgGVjkBlDGpYy
-6Y24s13R6WoawJnjIEjA/Q5QOSDXYtpgF8D3cMW+LUlD9lu2A6OO64H33rInIaut
-8IFgKcTf3pXbzh1J6Zs+fcjOryitM7t4Fo1ClJ+DSn4yoUHxP2UEZL6LL0DF6LrE
-kJjKxwRp20lPwwARAQABtDFOYXRhbGlhIDwxMjQzMDQrbmVzc2l0YUB1c2Vycy5u
-b3JlcGx5LmdpdGh1Yi5jb20+iQJOBBMBCAA4FiEEW1sboQ2FrHxcduOPLugqjZRw
-mD4FAmQu6XICGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQLugqjZRwmD56
-rQ//UvzX9/4Eo3HPBMDEIwExjmYGyTqiQQm2KW9Z4U0zQVdeLVF8ZOdaIKn1RBUw
-M02RJWI2HjovdLN3LbXpTtQtamSvvU6fv7vy5zLBJdVL9eKXXG+3MPCWDHOqwp/u
-L/4lq0pUy5ejb4AnIQw1RIQiz6/pprDzgF0celWLhL3krxEqts76X1Jv9wCIYMXV
-3reCBqpcfIqWQETLP/NdPVcOIRv0al1qcBw2hUOvEyx72n+17Hb30rFQp+35BaZZ
-IjnL3H6pATgjk52EiDdRkyWL9CFrbJ/wkbAvEO29GcUPg1+bT6UZq8LKXyDs/WSL
-UkxQ/6w8DzicBiFj/oT7GSMr8KfO4YUMzh/kAFA4v8Q+a53Dq1Icbk9LqkWpu1pA
-Hopw3lpGdADuC0z/iYO/U04uUSN5YGyUUOgk5w+CkV8NuL/g2yniNf9AXrbt4ByI
-V7cqBt9qdS6z6leuW1M8yrPhX1IcKKqj25sPKAgzp3A6Bt7orr1NZGOVJ4alR4ff
-pYvq+wfmIPKf0AbzHGOkYjF4BMvkLRchhi28q+qX5cCuMr+aoqKUtJ2IFiXsvbFN
-k0aYWUr5y5qSJoAVf0GMkByQW6+F6bXRRdCpS/JX5JA8qrYp+oV8VhveOOslHVqj
-ILAlkMMXoTx6G79DdvQ87fdb4+aIQ96U4T8B6zMxazvmU1i5Ag0EZC7pcgEQAL9n
-X/eaWY+v4GgeGjRIWmmrjMBYyeeyJIyL9Mk3iyH/gIOnTDmlX+njjyvyWKfMYIl1
-HmMtzlF3OgsuLeekwbDrXA8xvslp1xmiKLOamPvXwPG/XqkJrYtzVUDEFCtRpEJ0
-c38d+P8WEMjbviyIwJ9PxLllamEK61dRtj1NCMc/Ix4+b54UHxi44Jz1bqQxfgjj
-u2o8sPnyZio+DRFWVE3Eocp0rdZ3rlKjUsBXKEElTuIScoKjGwKwaMfxoBgwRhzx
-oESwk8CqlH7WzNookx1M1/JjKYdrwln2aNuChtlKLRmUqT7qqTNtett2vy73VM3b
-zfXdor94S3q+YtMEvNbo9QCzn6La7HOx+PMm8XM2d9aC7Hz4FBK0xIQB+HLZEIhP
-7KQ7GJ2Xn3LStyoO5K64uqi2X2YjsYUcPzvI3uUK+gtH3H1SSIazh7UAUbcEuo7N
-K8vF9Vtqp6S2qkjoeV6Dnvy+6735b1WIBZieAmbKaz74IW1IP0lZn3pXeRFo2Wjq
-Ojf8zkNacf61exysAkGU2fubsXSZxuxc8DVXKbkpK69tXDSOUmSKTBPVzzmIM79S
-yYH1MMRZqQ52Y471qiEZxEPasJXIEVcWbdJxEC/eEiuptPAtojRQH6kJ/AF3Z9Xd
-eBaxyuMQ249jqTYwjCehfumTbhP5VhO3QOxs31G/ABEBAAGJAjYEGAEIACAWIQRb
-WxuhDYWsfFx2448u6CqNlHCYPgUCZC7pcgIbDAAKCRAu6CqNlHCYPhz3EACx3Hqf
-KUMeqUTVOiDyHguBr1FrhMtU5m/nkjdbLWlBHOGHkM4RNDNQTPyQb/C8vcuHYv5l
-DPFrzOawdjTyFCuo6f0TMIx38Bbjxo9C8XTnvKbUpyTEQ3dJm67ppF4n6cui+0IC
-UefzPkkCbdIPzt2pYopMDB4Hv4Yv6hqeq987Iz1erh7dQe1TDTxIv9PXLYZT60Ro
-K0+g+caU9LwVjYiLoeCM1Zhndy6fDV5mu3ctEzcqr/YVH9kDZAuF0O1SX9y42neJ
-7hictnE0KrRymVL5d9pp2WKtPny+itSax/a///Q43m1gA9KFuKHtOuGUpYzf76FS
-Ld0cC4xjDpPcVTGc8To4+CjNTIrjzbBYa3JU/3J2kwyEw/k1EucRb/RFPbklUSph
-Kmd2ewcDLUvcasTwoR/0uplA8gAuV1x7wPBgAW7kmpjiQevl1KLj08HA/jTdfrdx
-Yd1GGiNjBmHGu9C8YZ/7fJU50dhv4jWF4dw8OyXtAI4wk5aoJHsJ5iGIMVOVzNLe
-mF4yM4XSBBno1mWgaSb42LInsYv/ti1VrOrBVzmAYAoUTZL0tfEXeyzHEmWGWVHe
-SQMBvCqUmh/EcQDzPtkqjQQ1LyE5s2fyt5u+jE9JdK/61yKzbKI2UbpPtAaKSlDv
-eAgTzM5bOOqtGR7VR2hlCM4I4k2D0Y/snh2HzA==
-=ul9f
+mQGNBGYTwrUBDADP52ov7O0jqH+QWStcbCwwedsV2syCQXxfhnydhkNvdCILBJ0k
+cQdc4E7Q8wGmch9a3bCLR4HIUlv1MMWk+Ty0YY71wczqIPedgM1dBZEtSH6fDOwW
+qFcYieCcmsP+FwBk8WWOKnMydEXoXCp6djSru6YOuQH2CZ+EerKjnDaXAj35dloR
+vbJ14k7Ghn9UCLDXiNOjn2N8eLe6aeoEQt7iiqStdeFuUGR/pLHHEX4sch4y9uBa
+bhC/Ce93VWK8nVna7qWX/cIjZNG6rTo79W7+IiOC5+6r7bLff5qw4BgUX2JPm5Sz
+mhPUlsJZGGXPPaTo+WZQOe5P3Fw7RpuURa+MVoih2H/i2Ur51pDEngB64YwBU1mB
+a+xwm6GHgD28JUwllHJbUl9/UJTbntS7k/k2uuMkok8jHfYb+rqkfCWqOlmuYTG3
+okseReh2TSkGpWyyaSbCihgm80RE5O6jrEDXJiZOsLIuOlVoErfxEZHpOqw43axl
+EXX0VkjFz2IBNPMAEQEAAbROU2FyYWggQm95Y2UgKEdQRyBEamFuZ28gRmVsbG93
+KSA8NDIyOTY1NjYrc2FyYWhib3ljZUB1c2Vycy5ub3JlcGx5LmdpdGh1Yi5jb20+
+iQHOBBMBCAA4FiEE6xs4DYrFLQArrNMyOVWxmFHqlu8FAmYTwrUCGwMFCwkIBwIG
+FQoJCAsCBBYCAwECHgECF4AACgkQOVWxmFHqlu8t+wv9HitJmG5iPs45Qo0nGwGm
+j1X6rP6SQENl+jqtjZU6YaxvNqWculCFl0Wa/xODhxM9HNMs3qREc+R4SqPx4epu
+NaUERN91gZoO4Ms80uqllPzdCsX5hrFblg+LqqznZWAYi94NMTm3Ft4/+I7780ev
+BhxHFBTlqwxZ0eeyaB/qAyb6K9X0cUUFExjYrP3+HAgmrOHK9PUb7vNNKUYMerOK
+waFrpPP5oDBn0p2ZunYAcJt7o2DjBOwy5iw5I2Qs50ZLt9EU0DY8Rf5nF2mKNki1
+CAD8ksNo/ohrNuGyi0r2cvVfx52izPd6PxlKf7xfL2lW16nflK/lNbZtCioDA1FC
+1dCPGD5rvOUXFASc+FZY4tJ6LbIpzg9llgcb6fSi2joT2bm9BbGrHybrIWd3BF/5
+AnrlsSwDCWtYXkdNr/eNEHNgG+aOAH2vSzue3NbCJsXkK69SzlKKOiD2ZUjJ6tKi
+IwcTkotyBaX/FLGhTKLEQE7aztsOpnfJlLU9Zx5IPxJAuQGNBGYTwrUBDACp1f7H
+MpzHvAAy7dD1Ow0pgT3NBFFiEk4jKccz9sAHPT7QQbMeIdL5uQ80lNp6Sw+IyptW
+4cytl6ovRdRyv3XetSp+KJeaqvWvGkz3L+GUoE8ezxgQXLlVcw7IzkhBNMGi+K3C
+aK6ZlZZQG8587dLF9Gbz3Vioc9hyQ/4BOr8pPaAWlSfWQVEGHPSVLh7LToGjrLlS
+h1AzVABNXtJbAt/+O7H5mkMopoPKrqgHTzOLGCd0/Tq3z5d+wqVl7JKk6yHxRr5i
+SXDqPQPmObUhPH1addNzIe+GRVW1ZbbT6l9VDiC4Lj+BJsLafubMB3rlI2T2mQCU
+PTQO0fz5y6oW0HxRtTidoxhvmC72YDFBwvsUTPQ5nt8bcSQprJMLLNL1C5M2LjPu
+tf/Csl02Fcwe/RnW2yjeb6qNCDcLpM9wpMMOdZQCRdRIkWQTcLZPQ2+SR3Ih8rAb
+pzATjFvif/4zpFlDZ9KFevCqf1M2v32sr/dDgcA3nWJ4CFrBQMhBVTcr7rcAEQEA
+AYkBtgQYAQgAIBYhBOsbOA2KxS0AK6zTMjlVsZhR6pbvBQJmE8K1AhsMAAoJEDlV
+sZhR6pbvizgL/34++v0b080pCr/0rWspcuTtD91GwQPs0HgrrfMOV2BXoXucTXj7
+G4xFq9yYO8QALrrtz40S/NeGz09hhFHo08phLAYjLZt8xD7i0uXuV8ZouDUHT0bk
+334RlKHu9kq3si0lyzu1dkGZgIBXsAURrMOyVKVySZGzsa/dpy/EDardWkTKHedf
+07K+KQgomMpVGk4EtKHpfqU9VNN8fdYD4UYtwuegz1nsg28Fa8xkK2ammWncgpVj
++4cJwzFPg11AhhTWs/Ec068ojj70cLD2CodJVAch9RTIOcQ5yKGc483u3bagNqTK
+qZYoLWI6NjxrNZQpwha3pO2ueBDOo/fZXUMgPPqyfdmBZvz6DQM85JfULALxKbkL
+5dQguy8K8SBcrCnv6iT0FjaWlrqnU0IJDZfi2r6eDlXhYjLSwGq8RHkAYXvsCNm8
+BzeRu0mAvjLkLNegQIvfdVXfYIcwUQQB8OAzoz3qzi8vji82MBQO+gkYrlteivoF
+z+gZLcBuv/NdNg==
+=B8gH
-----END PGP PUBLIC KEY BLOCK-----
(No newline at EOF)
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package pcr-oracle for openSUSE:Factory checked in at 2024-08-08 10:57:03
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/pcr-oracle (Old)
and /work/SRC/openSUSE:Factory/.pcr-oracle.new.7232 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pcr-oracle"
Thu Aug 8 10:57:03 2024 rev:14 rq:1192055 version:0.5.4
Changes:
--------
--- /work/SRC/openSUSE:Factory/pcr-oracle/pcr-oracle.changes 2024-03-26 19:27:48.490143709 +0100
+++ /work/SRC/openSUSE:Factory/.pcr-oracle.new.7232/pcr-oracle.changes 2024-08-08 10:57:20.717022562 +0200
@@ -1,0 +2,7 @@
+Mon Aug 5 06:11:52 UTC 2024 - Gary Ching-Pang Lin <glin(a)suse.com>
+
+- Add support-ecc-srk.patch to support ECC SRK
+- Add fix-testcase-empty-efi-variables.patch to fix the testcase
+ playback on empty EFI variables
+
+-------------------------------------------------------------------
New:
----
fix-testcase-empty-efi-variables.patch
support-ecc-srk.patch
BETA DEBUG BEGIN:
New:- Add support-ecc-srk.patch to support ECC SRK
- Add fix-testcase-empty-efi-variables.patch to fix the testcase
playback on empty EFI variables
New:
- Add support-ecc-srk.patch to support ECC SRK
- Add fix-testcase-empty-efi-variables.patch to fix the testcase
BETA DEBUG END:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ pcr-oracle.spec ++++++
--- /var/tmp/diff_new_pack.d2s5o3/_old 2024-08-08 10:57:21.225043446 +0200
+++ /var/tmp/diff_new_pack.d2s5o3/_new 2024-08-08 10:57:21.225043446 +0200
@@ -34,6 +34,10 @@
Patch2: fix_grub_bls_entry.patch
# PATCH-FIX-UPSTREAM fix_grub_bls_cmdline.patch gh#okirch/pcr-oracle!52 (cont)
Patch3: fix_grub_bls_cmdline.patch
+# PATCH-FIX-UPSTREAM support-ecc-srk.patch gh#okirch/pcr-oracle!56
+Patch4: support-ecc-srk.patch
+# PATCH-FIX-UPSTREAM fix-testcase-empty-efi-variables.patch gh#okirch/pcr-oracle!58
+Patch5: fix-testcase-empty-efi-variables.patch
BuildRequires: libopenssl-devel >= 0.9.8
BuildRequires: tpm2-0-tss-devel >= 2.4.0
Requires: libtss2-tcti-device0
++++++ fix-testcase-empty-efi-variables.patch ++++++
From 61f9b77634578c0bf0c3bf6c4b386057e8661a1c Mon Sep 17 00:00:00 2001
From: Gary Lin <glin(a)suse.com>
Date: Wed, 12 Jun 2024 14:41:38 +0800
Subject: [PATCH] testcase: fix playback on empty EFI variables
For systems in UEFI Setup mode, there is no PK, KEK, or db. However,
those variables are still recorded in the TPM event log with zero
length. To avoid failing on reading those files, this commit changes the
file reading flag so that testcase playback won't stop on those EFI
variables.
Signed-off-by: Gary Lin <glin(a)suse.com>
---
src/testcase.c | 17 ++++++++++++++---
1 file changed, 14 insertions(+), 3 deletions(-)
diff --git a/src/testcase.c b/src/testcase.c
index f74238b..998aedd 100644
--- a/src/testcase.c
+++ b/src/testcase.c
@@ -224,12 +224,18 @@ testcase_write_file(const char *directory, const char *name, const buffer_t *bp)
}
static buffer_t *
-testcase_read_file(const char *directory, const char *name)
+__testcase_read_file(const char *directory, const char *name, int flags)
{
char path[PATH_MAX];
snprintf(path, sizeof(path), "%s/%s", directory, name);
- return runtime_read_file(path, 0);
+ return runtime_read_file(path, flags);
+}
+
+static buffer_t *
+testcase_read_file(const char *directory, const char *name)
+{
+ return __testcase_read_file(directory, name, 0);
}
testcase_t *
@@ -314,7 +320,12 @@ testcase_record_efi_variable(testcase_t *tc, const char *name, const buffer_t *d
buffer_t *
testcase_playback_efi_variable(testcase_t *tc, const char *name)
{
- return testcase_read_file(tc->efi_directory, name);
+ /* For systems in UEFI Setup mode, there is no PK, KEK, or db, but those
+ * variables are still recorded in the TPM event log with zero length.
+ * Set the file reading flag to skip those EFI variable files.
+ */
+ return __testcase_read_file(tc->efi_directory, name,
+ RUNTIME_MISSING_FILE_OKAY);
}
void
--
2.35.3
++++++ support-ecc-srk.patch ++++++
From 60ce42dbf61ce89012d9bc71c92c5cc92759b02c Mon Sep 17 00:00:00 2001
From: Gary Lin <glin(a)suse.com>
Date: Wed, 3 Apr 2024 14:41:49 +0800
Subject: [PATCH 1/3] Update the comment for SRK template
USERWITHAUTH and NODA are set according to "TCG TPM v2.0 Provisioning
Guidance". This commit updates the comment to add the reference.
Signed-off-by: Gary Lin <glin(a)suse.com>
---
src/pcr-policy.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/pcr-policy.c b/src/pcr-policy.c
index 8f2c42c..f03b6e0 100644
--- a/src/pcr-policy.c
+++ b/src/pcr-policy.c
@@ -67,8 +67,9 @@ static TPM2B_PUBLIC SRK_template = {
.publicArea = {
.type = TPM2_ALG_RSA,
.nameAlg = TPM2_ALG_SHA256,
- /* For reasons not clear to me, grub2 derives the SRK using the NODA attribute,
- * which means it is not subject to dictionary attack protections. */
+ /* Per "Storage Primary Key (SRK) Templates" in section 7.5.1 of
+ * TCG TPM v2.0 Provisioning Guidance 1.0 Revision 1.0, the
+ * template for shared SRKs sets USERWITHAUTH and NODA. */
.objectAttributes = TPMA_OBJECT_RESTRICTED|TPMA_OBJECT_DECRYPT \
|TPMA_OBJECT_FIXEDTPM|TPMA_OBJECT_FIXEDPARENT \
|TPMA_OBJECT_SENSITIVEDATAORIGIN|TPMA_OBJECT_USERWITHAUTH \
--
2.35.3
From 0085c5a6a47f433dc69739c54b9db11796aff62e Mon Sep 17 00:00:00 2001
From: Gary Lin <glin(a)suse.com>
Date: Wed, 10 Apr 2024 16:20:44 +0800
Subject: [PATCH 2/3] Support SRK template with ECC_NIST_P256
When sealing data with SRK, the data is actually encrypted with the
symmetric key, and the selection of the asymmetric algorithm is only
a parameter for KDF to derive the symmetric key. Compared with RSA,
ECC NIST-P256 provides the faster key generation, so it's a better
choice for the SRK template in general.
This commit adds a new option, '--ecc-srk', to switch the default SRK
template from the RSA one to the ECC one, so that the user can specify
the SRK template when sealing/unsealing data.
Signed-off-by: Gary Lin <glin(a)suse.com>
---
src/oracle.c | 7 +++++++
src/pcr-policy.c | 44 +++++++++++++++++++++++++++++++++++++++++---
src/pcr.h | 1 +
3 files changed, 49 insertions(+), 3 deletions(-)
diff --git a/src/oracle.c b/src/oracle.c
index 1cafafc..f391430 100644
--- a/src/oracle.c
+++ b/src/oracle.c
@@ -92,6 +92,7 @@ enum {
OPT_RSA_PUBLIC_KEY,
OPT_RSA_GENERATE_KEY,
OPT_RSA_BITS,
+ OPT_ECC_SRK,
OPT_INPUT,
OPT_OUTPUT,
OPT_AUTHORIZED_POLICY,
@@ -125,6 +126,7 @@ static struct option options[] = {
{ "public-key", required_argument, 0, OPT_RSA_PUBLIC_KEY },
{ "rsa-generate-key", no_argument, 0, OPT_RSA_GENERATE_KEY },
{ "rsa-bits", required_argument, 0, OPT_RSA_BITS },
+ { "ecc-srk", no_argument, 0, OPT_ECC_SRK },
{ "input", required_argument, 0, OPT_INPUT },
{ "output", required_argument, 0, OPT_OUTPUT },
{ "authorized-policy", required_argument, 0, OPT_AUTHORIZED_POLICY },
@@ -1042,6 +1044,8 @@ main(int argc, char **argv)
unsigned int rsa_bits = 2048;
int c, exit_code = 0;
+ set_srk_alg("RSA");
+
while ((c = getopt_long(argc, argv, "dhA:CF:LSZ", options, NULL)) != EOF) {
switch (c) {
case 'A':
@@ -1109,6 +1113,9 @@ main(int argc, char **argv)
case OPT_RSA_BITS:
opt_rsa_bits = optarg;
break;
+ case OPT_ECC_SRK:
+ set_srk_alg("ECC");
+ break;
case OPT_INPUT:
opt_input = optarg;
break;
diff --git a/src/pcr-policy.c b/src/pcr-policy.c
index f03b6e0..f65becf 100644
--- a/src/pcr-policy.c
+++ b/src/pcr-policy.c
@@ -62,7 +62,7 @@ struct target_platform {
const stored_key_t *public_key_file);
};
-static TPM2B_PUBLIC SRK_template = {
+static TPM2B_PUBLIC RSA_SRK_template = {
.size = sizeof(TPMT_PUBLIC),
.publicArea = {
.type = TPM2_ALG_RSA,
@@ -88,6 +88,35 @@ static TPM2B_PUBLIC SRK_template = {
}
};
+static TPM2B_PUBLIC ECC_SRK_template = {
+ .size = sizeof(TPMT_PUBLIC),
+ .publicArea = {
+ .type = TPM2_ALG_ECC,
+ .nameAlg = TPM2_ALG_SHA256,
+ /* Per "Storage Primary Key (SRK) Templates" in section 7.5.1 of
+ * TCG TPM v2.0 Provisioning Guidance 1.0 Revision 1.0, the
+ * template for shared SRKs sets USERWITHAUTH and NODA. */
+ .objectAttributes = TPMA_OBJECT_RESTRICTED|TPMA_OBJECT_DECRYPT \
+ |TPMA_OBJECT_FIXEDTPM|TPMA_OBJECT_FIXEDPARENT \
+ |TPMA_OBJECT_SENSITIVEDATAORIGIN|TPMA_OBJECT_USERWITHAUTH \
+ |TPMA_OBJECT_NODA,
+ .parameters = {
+ .eccDetail = {
+ .symmetric = {
+ .algorithm = TPM2_ALG_AES,
+ .keyBits = { .sym = 128 },
+ .mode = { .sym = TPM2_ALG_CFB },
+ },
+ .scheme = { TPM2_ALG_NULL },
+ .curveID = TPM2_ECC_NIST_P256,
+ .kdf.scheme = TPM2_ALG_NULL
+ }
+ }
+ }
+};
+
+static const TPM2B_PUBLIC *SRK_template;
+
static const TPM2B_PUBLIC seal_public_template = {
.size = sizeof(TPMT_PUBLIC),
.publicArea = {
@@ -107,10 +136,19 @@ static const TPM2B_PUBLIC seal_public_template = {
}
};
+void
+set_srk_alg (const char *alg)
+{
+ if (strcmp(alg, "RSA") == 0)
+ SRK_template = &RSA_SRK_template;
+ else
+ SRK_template = &ECC_SRK_template;
+}
+
void
set_srk_rsa_bits (const unsigned int rsa_bits)
{
- SRK_template.publicArea.parameters.rsaDetail.keyBits = rsa_bits;
+ RSA_SRK_template.publicArea.parameters.rsaDetail.keyBits = rsa_bits;
}
static inline const tpm_evdigest_t *
@@ -609,7 +647,7 @@ esys_create_primary(ESYS_CONTEXT *esys_context, ESYS_TR *handle_ret)
t0 = timing_begin();
rc = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER,
ESYS_TR_PASSWORD,
- ESYS_TR_NONE, ESYS_TR_NONE, &in_sensitive, &SRK_template,
+ ESYS_TR_NONE, ESYS_TR_NONE, &in_sensitive, SRK_template,
NULL, &creation_pcr, handle_ret,
NULL, NULL,
NULL, NULL);
diff --git a/src/pcr.h b/src/pcr.h
index 4d8f816..f1dc9af 100644
--- a/src/pcr.h
+++ b/src/pcr.h
@@ -39,6 +39,7 @@ typedef struct tpm_pcr_selection {
const tpm_algo_info_t * algo_info;
} tpm_pcr_selection_t;
+extern void set_srk_alg (const char *alg);
extern void set_srk_rsa_bits (const unsigned int rsa_bits);
extern void pcr_bank_initialize(tpm_pcr_bank_t *bank, unsigned int pcr_mask, const tpm_algo_info_t *algo);
extern bool pcr_bank_wants_pcr(tpm_pcr_bank_t *bank, unsigned int index);
--
2.35.3
From 207bd496868d65455e63aa9586bfc6e02900a4a1 Mon Sep 17 00:00:00 2001
From: Gary Lin <glin(a)suse.com>
Date: Wed, 24 Apr 2024 14:53:25 +0800
Subject: [PATCH 3/3] Update to conform the latest TPM 2.0 Key File
For TPM 2.0 Key File, the default asymmetric algorithm of SRK is ECC
NIST-P256, not RSA 2048. A new field 'rsaParent' is introduced to note
the key is sealed with RSA SRK.
This commit implements two new fields: description and rsaParent in
tpm2key.c/tpm2key-asn.h and sets rsaParent when RSA SRK is used to seal
the key. When unsealing a tpm2key, the SRK template is set to the RSA
template if rsaParent is TRUE. Otherwise, the SRK template is switched
to the ECC SRK template.
A new testing script, test-tpm2key-ecc.sh, is also added to test the
tpm2key file sealed with ECC SRK.
Signed-off-by: Gary Lin <glin(a)suse.com>
---
src/pcr-policy.c | 8 +++
src/tpm2key-asn.h | 4 ++
src/tpm2key.c | 2 +
test-tpm2key-ecc.sh | 127 ++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 141 insertions(+)
create mode 100755 test-tpm2key-ecc.sh
diff --git a/src/pcr-policy.c b/src/pcr-policy.c
index f65becf..90f60ff 100644
--- a/src/pcr-policy.c
+++ b/src/pcr-policy.c
@@ -1505,6 +1505,11 @@ tpm2key_unseal_secret(const char *input_path, const char *output_path,
if (!tpm2key_read_file(input_path, &tpm2key))
return false;
+ if (tpm2key->rsaParent == 1)
+ SRK_template = &RSA_SRK_template;
+ else
+ SRK_template = &ECC_SRK_template;
+
buffer_init_read(&buf, tpm2key->pubkey->data, tpm2key->pubkey->length);
rc = Tss2_MU_TPM2B_PUBLIC_Unmarshal(buf.data, buf.size, &buf.rpos, &pub);
if (rc != TSS2_RC_SUCCESS)
@@ -1634,6 +1639,9 @@ tpm2key_write_sealed_secret(const char *pathname,
if (!tpm2key_basekey(&tpm2key, TPM2_RH_OWNER, sealed_public, sealed_private))
goto cleanup;
+ if (SRK_template->publicArea.type == TPM2_ALG_RSA)
+ tpm2key->rsaParent = 1;
+
if (pcr_sel && !tpm2key_add_policy_policypcr(tpm2key, pcr_sel))
goto cleanup;
diff --git a/src/tpm2key-asn.h b/src/tpm2key-asn.h
index 3f1c0d7..d0cdfaa 100644
--- a/src/tpm2key-asn.h
+++ b/src/tpm2key-asn.h
@@ -77,6 +77,8 @@ DEFINE_STACK_OF(TSSAUTHPOLICY);
* policy [1] EXPLICIT SEQUENCE OF TPMPolicy OPTIONAL
* secret [2] EXPLICIT OCTET STRING OPTIONAL
* authPolicy [3] EXPLICIT SEQUENCE OF TPMAuthPolicy OPTIONAL
+ * description [4] EXPLICIT UTF8String OPTIONAL
+ * rsaParent [5] EXPLICIT BOOLEAN OPTIONAL
* parent INTEGER
* pubkey OCTET STRING
* privkey OCTET STRING
@@ -89,6 +91,8 @@ typedef struct {
STACK_OF(TSSOPTPOLICY) *policy;
ASN1_OCTET_STRING *secret;
STACK_OF(TSSAUTHPOLICY) *authPolicy;
+ ASN1_UTF8STRING description;
+ ASN1_BOOLEAN rsaParent;
ASN1_INTEGER *parent;
ASN1_OCTET_STRING *pubkey;
ASN1_OCTET_STRING *privkey;
diff --git a/src/tpm2key.c b/src/tpm2key.c
index cabd791..af4c984 100644
--- a/src/tpm2key.c
+++ b/src/tpm2key.c
@@ -278,6 +278,8 @@ ASN1_SEQUENCE(TSSPRIVKEY) = {
ASN1_EXP_SEQUENCE_OF_OPT(TSSPRIVKEY, policy, TSSOPTPOLICY, 1),
ASN1_EXP_OPT(TSSPRIVKEY, secret, ASN1_OCTET_STRING, 2),
ASN1_EXP_SEQUENCE_OF_OPT(TSSPRIVKEY, authPolicy, TSSAUTHPOLICY, 3),
+ ASN1_EXP_OPT(TSSPRIVKEY, description, ASN1_UTF8STRING, 4),
+ ASN1_EXP_OPT(TSSPRIVKEY, rsaParent, ASN1_BOOLEAN, 5),
ASN1_SIMPLE(TSSPRIVKEY, parent, ASN1_INTEGER),
ASN1_SIMPLE(TSSPRIVKEY, pubkey, ASN1_OCTET_STRING),
ASN1_SIMPLE(TSSPRIVKEY, privkey, ASN1_OCTET_STRING)
diff --git a/test-tpm2key-ecc.sh b/test-tpm2key-ecc.sh
new file mode 100755
index 0000000..d87acff
--- /dev/null
+++ b/test-tpm2key-ecc.sh
@@ -0,0 +1,127 @@
+#!/bin/bash
+#
+# This script needs to be run with root privilege
+#
+
+# TESTDIR=policy.test
+PCR_MASK=0,2,4,12
+
+pcr_oracle=pcr-oracle
+if [ -x pcr-oracle ]; then
+ pcr_oracle=$PWD/pcr-oracle
+fi
+
+function call_oracle {
+
+ echo "****************"
+ echo "pcr-oracle $*"
+ $pcr_oracle --target-platform tpm2.0 -d "$@"
+}
+
+if [ -z "$TESTDIR" ]; then
+ tmpdir=$(mktemp -d /tmp/pcrtestXXXXXX)
+ trap "cd / && rm -rf $tmpdir" 0 1 2 10 11 15
+
+ TESTDIR=$tmpdir
+fi
+
+trap "echo 'FAIL: command exited with error'; exit 1" ERR
+
+echo "This is super secret" >$TESTDIR/secret
+
+set -e
+cd $TESTDIR
+
+echo "Seal the secret with PCR policy"
+call_oracle \
+ --from current \
+ --input secret \
+ --output sealed \
+ --ecc-srk \
+ seal-secret $PCR_MASK
+
+echo "Unseal the sealed with PCR policy"
+call_oracle \
+ --input sealed \
+ --output recovered \
+ unseal-secret
+
+if ! cmp secret recovered; then
+ echo "BAD: Unable to recover original secret"
+ echo "Secret:"
+ od -tx1c secret
+ echo "Recovered:"
+ od -tx1c recovered
+ exit 1
+else
+ echo "NICE: we were able to recover the original secret"
+fi
+
+rm -f sealed recovered
+
+call_oracle \
+ --rsa-generate-key \
+ --private-key policy-key.pem \
+ --auth authorized.policy \
+ create-authorized-policy $PCR_MASK
+
+call_oracle \
+ --private-key policy-key.pem \
+ --public-key policy-pubkey \
+ store-public-key
+
+call_oracle \
+ --auth authorized.policy \
+ --input secret \
+ --output sealed \
+ --ecc-srk \
+ seal-secret
+
+for attempt in first second; do
+ echo "Sign the set of PCRs we want to authorize"
+ call_oracle \
+ --policy-name "authorized-policy-test" \
+ --private-key policy-key.pem \
+ --from current \
+ --input sealed \
+ --output sealed-signed \
+ sign $PCR_MASK
+
+ echo "$attempt attempt to unseal the secret"
+ call_oracle \
+ --input sealed-signed \
+ --output recovered \
+ unseal-secret
+
+ if ! cmp secret recovered; then
+ echo "BAD: Unable to recover original secret"
+ echo "Secret:"
+ od -tx1c secret
+ echo "Recovered:"
+ od -tx1c recovered
+ exit 1
+ else
+ echo "NICE: we were able to recover the original secret"
+ fi
+
+ if [ "$attempt" = "second" ]; then
+ break
+ fi
+
+ echo "Extend PCR 12. Unsealing should fail afterwards"
+ tpm2_pcrextend 12:sha256=21d2013e3081f1e455fdd5ba6230a8620c3cfc9a9c31981d857fe3891f79449e
+ rm -f recovered
+ call_oracle \
+ --input sealed-signed \
+ --output recovered \
+ unseal-secret || true
+
+ if [ -s recovered ] && ! cmp secret recovered; then
+ echo "BAD: We were still able to recover the original secret. Something stinks"
+ exit 1
+ else
+ echo "GOOD: After changing a PCR, the secret can no longer be unsealed"
+ fi
+
+ echo "Now recreate the signed PCR policy"
+done
--
2.35.3
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package podman for openSUSE:Factory checked in at 2024-08-08 10:57:02
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/podman (Old)
and /work/SRC/openSUSE:Factory/.podman.new.7232 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "podman"
Thu Aug 8 10:57:02 2024 rev:138 rq:1192031 version:5.2.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/podman/podman.changes 2024-07-14 08:49:32.970354595 +0200
+++ /work/SRC/openSUSE:Factory/.podman.new.7232/podman.changes 2024-08-08 10:57:17.476889361 +0200
@@ -1,0 +2,159 @@
+Fri Aug 02 12:32:21 UTC 2024 - dcermak(a)suse.com
+
+- Update to version 5.2.0:
+
+### Features
+- Podman now supports `libkrun` as a backend for creating virtual machines on
+ MacOS. The `libkrun` backend has the advantage of allowing GPUs to be mounted
+ into the virtual machine to accelerate tasks. The default backend remains
+ `applehv`.
+- Quadlet now has support for `.build` files, which allows images to be built by
+ Quadlet and then used by Quadlet containers.
+- Quadlet `.container` files now support two new fields, `LogOpt` to specify
+ container logging configuration and `StopSignal` to specify container stop
+ signal ([#23050](https://github.com/containers/podman/issues/23050)).
+- Quadlet `.container` and `.pod` files now support a new field, `NetworkAlias`,
+ to add network aliases.
+- Quadlet drop-in search paths have been expanded to include top-level type
+ drop-ins (`container.d`, `pod.d`) and truncated unit drop-ins
+ (`unit-.container.d`)
+ ([#23158](https://github.com/containers/podman/issues/23158)).
+- Podman now supports a new command, `podman system check`, which will identify
+ (and, if possible, correct) corruption within local container storage.
+- The `podman machine reset` command will now reset all providers available on
+ the current operating system (e.g. ensuring that both HyperV and WSL `podman
+ machine` VMs will be removed on Windows).
+
+### Changes
+- Podman now requires the new kernel mount API, introducing a dependency on
+ Linux Kernel v5.2 or higher.
+- Quadlet `.image` units now have a dependency on `network-online.target`
+ ([#21873](https://github.com/containers/podman/issues/21873)).
+- The `--device` option to `podman create` and `podman run` is no longer ignored
+ when `--privileged` is also specified
+ ([#23132](https://github.com/containers/podman/issues/23132)).
+- The `podman start` and `podman stop` commands no longer print the full ID of
+ the pod started/stopped, but instead the user's input used to specify the pod
+ (e.g. `podman pod start b` will print `b` instead of the pod's full ID)
+ ([#22590](https://github.com/containers/podman/issues/22590)).
+- Virtual machines created by `podman machine` on Linux now use `virtiofs`
+ instead of `9p` for mounting host filesystems. Existing mounts will be
+ transparently changed on machine restart or recreation. This should improve
+ performance and reliability of host mounts. This requires the installation of
+ `virtiofsd` on the host system to function.
+- Using both the `--squash` and `--layers=false` options to `podman build` at
+ the same time is now allowed.
+- Podman now passes container's stop timeout to systemd when creating cgroups,
+ causing it to be honored when systemd stops the scope. This should prevent
+ hangs on system shutdown due to running Podman containers.
+- The `--volume-driver` option to `podman machine init` is now deprecated.
+
+### Bugfixes
+- Fixed a bug where rootless containers created with the `--sdnotify=healthy`
+ option could panic when started
+ ([#22651](https://github.com/containers/podman/issues/22651)).
+- Fixed a bug where containers created with the `--sdnotify=healthy` option that
+ exited quickly would sometimes return an error instead of notifying that the
+ container was ready
+ ([#22760](https://github.com/containers/podman/issues/22760)).
+- Fixed a bug where the `podman system reset` command did not remove the
+ containers/image blob cache
+ ([#22825](https://github.com/containers/podman/issues/22825)).
+- Fixed a bug where Podman would sometimes create a cgroup for itself even when
+ the `--cgroups=disabled` option was specified at container creation time
+ ([#20910](https://github.com/containers/podman/issues/20910)).
+- Fixed a bug where the `/etc/hosts` file in a container was not created with a
+ newline at the end of the file
+ ([#22729](https://github.com/containers/podman/issues/22729)).
+- Fixed a bug where the `podman start` command could sometimes panic when
+ starting a container in the stopped state.
+- Fixed a bug where the `podman system renumber` command would fail if volumes
+ existed when using the `sqlite` database backend
+ ([#23052](https://github.com/containers/podman/issues/23052)).
+- Fixed a bug where the `podman container restore` command could not
+ successfully restore a container in a pod.
+- Fixed a bug where an error message from `podman diff` would suggest using the
+ `--latest` option when using the remote Podman client
+ ([#23038](https://github.com/containers/podman/issues/23038)).
+- Fixed a bug where user could assign more memory to a Podman machine than
+ existed on the host
+ ([#18206](https://github.com/containers/podman/issues/18206)).
+- Fixed a bug where the `podman events` command was rarely unable to report
+ errors that occurred
+ ([#23165](https://github.com/containers/podman/issues/23165)).
+- Fixed a bug where containers run in systemd units would sometimes not be
+ removed correctly on exit when using the `--cidfile` option.
+- Fixed a bug where the first Podman command run after a reboot could cause hang
+ when using transient mode
+ ([#22984](https://github.com/containers/podman/issues/22984)).
+- Fixed a bug where Podman could throw errors about a database configuration
+ mismatch if certain paths did not exist on the host.
+- Fixed a bug where the `podman run` and `podman start` commands could throw
+ strange errors if another Podman process stopped the container at a midpoint
+ in the process of starting
+ ([#23246](https://github.com/containers/podman/issues/23246)).
+- Fixed a bug where the `podman system service` command could leak a mount on
+ termination.
+- Fixed a bug where the Podman remote client would panic if an invalid image
+ filter was passed to `podman images`
+ ([#23120](https://github.com/containers/podman/issues/23120)).
+- Fixed a bug where the `podman auto-update` and `podman system df` commands
+ could fail when a container was removed while the command was running
+ ([#23279](https://github.com/containers/podman/issues/23279)).
+- Fixed a bug where the `podman machine init` command could panic when trying to
+ decompress an empty file when preparing the VM image
+ ([#23281](https://github.com/containers/podman/issues/23281)).
+- Fixed a bug where the `podman ps --pod` and `podman pod stats` commands could
+ sometimes fail when a pod was removed while the command was running
+ ([#23282](https://github.com/containers/podman/issues/23282)).
+- Fixed a bug where the `podman stats` and `podman pod stats` commands would
+ sometimes exit with a `container is stopped` error when showing all containers
+ (or pod containers, for `pod stats`) if a container stopped while the command
+ was running ([#23334](https://github.com/containers/podman/issues/23334)).
+- Fixed a bug where the output of container healthchecks was not properly logged
+ if it did not include a final newline
+ ([#23332](https://github.com/containers/podman/issues/23332)).
+- Fixed a bug where the port forwarding firewall rules of an existing container
+ could be be overwritten when starting a second container which forwarded the
+ same port on the host even if the second container failed to start as the
+ port was already bound.
+- Fixed a bug where the containers created by the `podman play kube` command
+ could sometimes not properly clean up their network stacks
+ ([#21569](https://github.com/containers/podman/issues/21569)).
+
+### API
+- The Build API for Images now accepts a comma-separated list in the Platform
+ query parameter, allowing a single API call to built an image for multiple
+ architectures ([#22071](https://github.com/containers/podman/issues/22071)).
+- Fixed a bug where the Remove endpoint for Volumes would return an incorrectly
+ formatted error when called with an ambiguous volume name
+ ([#22616](https://github.com/containers/podman/issues/22616)).
+- Fixed a bug where the Stats endpoint for Containers would return an
+ incorrectly formatted error when called on a container that did not exist
+ ([#22612](https://github.com/containers/podman/issues/22612)).
+- Fixed a bug where the Start endpoint for Pods would return a 409 error code in
+ cases where a 500 error code should have been returned
+ ([#22989](https://github.com/containers/podman/issues/22989)).
+- Fixed a bug where the Top endpoint for Pods would return a 200 status code and
+ then subsequently an error
+ ([#22986](https://github.com/containers/podman/issues/22986)).
+
+### Misc
+- Podman no longer requires all parent directories of its root and runroot to be
+ world-executable
+ ([#23028](https://github.com/containers/podman/issues/23028)).
+- Error messages from the `podman build` command when the `-f` option is given,
+ but points to a file that does not exist, have been improved
+ ([#22940](https://github.com/containers/podman/issues/22940)).
+- The Podman windows installer is now built using WiX 5.
+- Updated the gvisor-tap-vsock library to v0.7.4. This release contains a fix
+ for a gvproxy crash on macOS when there is heavy network traffic on a fast
+ link.
+- Updated Buildah to v1.37.0
+- Updated the containers/image library to v5.32.0
+- Updated the containers/storage library to v1.55.0
+- Updated the containers/common library to v0.60.0
+
+- Remove patch: 0001-Backport-fix-for-CVE-2024-6104.patch (merged upstream)
+
+-------------------------------------------------------------------
Old:
----
0001-Backport-fix-for-CVE-2024-6104.patch
podman-5.1.2.obscpio
New:
----
podman-5.2.0.obscpio
BETA DEBUG BEGIN:
Old:
- Remove patch: 0001-Backport-fix-for-CVE-2024-6104.patch (merged upstream)
BETA DEBUG END:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ podman.spec ++++++
--- /var/tmp/diff_new_pack.bzrShV/_old 2024-08-08 10:57:20.493013353 +0200
+++ /var/tmp/diff_new_pack.bzrShV/_new 2024-08-08 10:57:20.497013517 +0200
@@ -22,7 +22,7 @@
%bcond_without apparmor
Name: podman
-Version: 5.1.2
+Version: 5.2.0
Release: 0
Summary: Daemon-less container engine for managing containers, pods and images
License: Apache-2.0
@@ -30,7 +30,6 @@
URL: https://%{project}
Source0: %{name}-%{version}.tar.gz
Source1: podman.conf
-Patch0: 0001-Backport-fix-for-CVE-2024-6104.patch
BuildRequires: man
BuildRequires: bash-completion
BuildRequires: device-mapper-devel
@@ -222,6 +221,7 @@
%{_userunitdir}/podman-kube@.service
%{_userunitdir}/podman-restart.service
%{_userunitdir}/podman-auto-update.timer
+%{_userunitdir}/podman-clean-transient.service
%{_systemdusergeneratordir}/podman-user-generator
%{_systemdgeneratordir}/podman-system-generator
%ghost /run/podman
@@ -263,9 +263,9 @@
%preun
%service_del_preun podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer podman-clean-transient.service
-%systemd_user_preun podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer
+%systemd_user_preun podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer podman-clean-transient.service
%postun
%service_del_postun podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer podman-clean-transient.service
-%systemd_user_postun podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer
+%systemd_user_postun podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer podman-clean-transient.service
++++++ _service ++++++
--- /var/tmp/diff_new_pack.bzrShV/_old 2024-08-08 10:57:20.525014668 +0200
+++ /var/tmp/diff_new_pack.bzrShV/_new 2024-08-08 10:57:20.529014833 +0200
@@ -2,7 +2,7 @@
<service name="obs_scm" mode="manual">
<param name="url">https://github.com/containers/podman.git</param>
<param name="scm">git</param>
- <param name="revision">v5.1.2</param>
+ <param name="revision">v5.2.0</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
<param name="versionrewrite-pattern">v(.*)</param>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.bzrShV/_old 2024-08-08 10:57:20.549015655 +0200
+++ /var/tmp/diff_new_pack.bzrShV/_new 2024-08-08 10:57:20.553015820 +0200
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/containers/podman.git</param>
- <param name="changesrevision">94a24974ab345324db1a1489c924af4b89d2d0e9</param></service></servicedata>
+ <param name="changesrevision">b22d5c61eef93475413724f49fd6a32980d2c746</param></service></servicedata>
(No newline at EOF)
++++++ podman-5.1.2.obscpio -> podman-5.2.0.obscpio ++++++
/work/SRC/openSUSE:Factory/podman/podman-5.1.2.obscpio /work/SRC/openSUSE:Factory/.podman.new.7232/podman-5.2.0.obscpio differ: char 49, line 1
++++++ podman.obsinfo ++++++
--- /var/tmp/diff_new_pack.bzrShV/_old 2024-08-08 10:57:20.609018122 +0200
+++ /var/tmp/diff_new_pack.bzrShV/_new 2024-08-08 10:57:20.613018286 +0200
@@ -1,5 +1,5 @@
name: podman
-version: 5.1.2
-mtime: 1720614055
-commit: 94a24974ab345324db1a1489c924af4b89d2d0e9
+version: 5.2.0
+mtime: 1722533522
+commit: b22d5c61eef93475413724f49fd6a32980d2c746
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package exfatprogs for openSUSE:Factory checked in at 2024-08-08 10:57:02
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/exfatprogs (Old)
and /work/SRC/openSUSE:Factory/.exfatprogs.new.7232 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "exfatprogs"
Thu Aug 8 10:57:02 2024 rev:16 rq:1192018 version:1.2.5
Changes:
--------
--- /work/SRC/openSUSE:Factory/exfatprogs/exfatprogs.changes 2024-06-18 22:51:53.898866320 +0200
+++ /work/SRC/openSUSE:Factory/.exfatprogs.new.7232/exfatprogs.changes 2024-08-08 10:57:15.616812894 +0200
@@ -1,0 +2,20 @@
+Wed Aug 7 05:39:31 UTC 2024 - Michael Vetter <mvetter(a)suse.com>
+
+- Update to 1.2.5:
+ CHANGES :
+ * exfatprogs: remove the limitation that the device
+ path length cannot exceed 254 bytes.
+ * exfatprogs: include the test images in the release
+ package.
+ NEW FEATURES :
+ * fsck.exfat: check and repair the filename which has
+ invalid characters.
+ BUG FIXES :
+ * tune.exfat: check whether the volume has invalid
+ characters correctly.
+ * fsck.exfat: check whether the filename and volume
+ has invalid characters correctly.
+ * fsck.exfat: fix endianess issues which happen
+ in the big-endian system.
+
+-------------------------------------------------------------------
Old:
----
1.2.4.tar.gz
New:
----
1.2.5.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ exfatprogs.spec ++++++
--- /var/tmp/diff_new_pack.YFKPVj/_old 2024-08-08 10:57:16.032829996 +0200
+++ /var/tmp/diff_new_pack.YFKPVj/_new 2024-08-08 10:57:16.032829996 +0200
@@ -17,7 +17,7 @@
Name: exfatprogs
-Version: 1.2.4
+Version: 1.2.5
Release: 0
Summary: Utilities for exFAT file system maintenance
License: GPL-2.0-or-later
++++++ 1.2.4.tar.gz -> 1.2.5.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/exfatprogs-1.2.4/.github/workflows/c-cpp.yml new/exfatprogs-1.2.5/.github/workflows/c-cpp.yml
--- old/exfatprogs-1.2.4/.github/workflows/c-cpp.yml 2024-06-17 08:36:06.000000000 +0200
+++ new/exfatprogs-1.2.5/.github/workflows/c-cpp.yml 2024-08-06 16:34:23.000000000 +0200
@@ -16,11 +16,12 @@
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: before test
run: |
- sudo apt-get install linux-headers-$(uname -r)
- sudo apt-get install xz-utils
+ sudo apt-get install linux-headers-$(uname -r) xz-utils \
+ gcc-mips-linux-gnu qemu-system-mips \
+ qemu-user
git clone https://github.com/namjaejeon/linux-exfat-oot
export LD_LIBRARY_PATH=/usr/local/lib:$LD_LIBRARY_PATH
export PATH=/usr/local/lib:$PATH
@@ -30,10 +31,18 @@
./configure > /dev/null
make -j$((`nproc`+1)) > /dev/null
sudo make install > /dev/null
+ make distclean > /dev/null
+ ./configure --host=mips-linux-gnu CFLAGS=--static > /dev/null
+ make -j$((`nproc`+1)) > /dev/null
- name: run fsck repair testcases
run: |
cd tests
- sudo ./test_fsck.sh
+ export FSCK1="qemu-mips ../fsck/fsck.exfat"
+ export FSCK2="fsck.exfat"
+ sudo -E ./test_fsck.sh
+ export FSCK1="fsck.exfat"
+ export FSCK2="qemu-mips ../fsck/fsck.exfat"
+ sudo -E ./test_fsck.sh
- name: create file/director test
run: |
cd linux-exfat-oot
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/exfatprogs-1.2.4/.travis.yml new/exfatprogs-1.2.5/.travis.yml
--- old/exfatprogs-1.2.4/.travis.yml 2024-06-17 08:36:06.000000000 +0200
+++ new/exfatprogs-1.2.5/.travis.yml 2024-08-06 16:34:23.000000000 +0200
@@ -6,8 +6,7 @@
- email: true
before_script:
- - sudo apt-get install linux-headers-$(uname -r)
- - sudo apt-get install xz-utils
+ - sudo apt-get install linux-headers-$(uname -r) xz-utils
- git clone --branch=exfat-next https://github.com/namjaejeon/exfat_oot
- ./.travis_get_mainline_kernel
- export LD_LIBRARY_PATH=/usr/local/lib:$LD_LIBRARY_PATH
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/exfatprogs-1.2.4/Makefile.am new/exfatprogs-1.2.5/Makefile.am
--- old/exfatprogs-1.2.4/Makefile.am 2024-06-17 08:36:06.000000000 +0200
+++ new/exfatprogs-1.2.5/Makefile.am 2024-08-06 16:34:23.000000000 +0200
@@ -16,6 +16,7 @@
# other stuff
EXTRA_DIST = \
include \
+ tests \
Android.bp \
lib/Android.bp \
mkfs/Android.bp \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/exfatprogs-1.2.4/NEWS new/exfatprogs-1.2.5/NEWS
--- old/exfatprogs-1.2.4/NEWS 2024-06-17 08:36:06.000000000 +0200
+++ new/exfatprogs-1.2.5/NEWS 2024-08-06 16:34:23.000000000 +0200
@@ -1,3 +1,24 @@
+exfatprogs 1.2.5 - released 2024-08-06
+======================================
+
+CHANGES :
+ * exfatprogs: remove the limitation that the device
+ path length cannot exceed 254 bytes.
+ * exfatprogs: include the test images in the release
+ package.
+
+NEW FEATURES :
+ * fsck.exfat: check and repair the filename which has
+ invalid characters.
+
+BUG FIXES :
+ * tune.exfat: check whether the volume has invalid
+ characters correctly.
+ * fsck.exfat: check whether the filename and volume
+ has invalid characters correctly.
+ * fsck.exfat: fix endianess issues which happen
+ in the big-endian system.
+
exfatprogs 1.2.4 - released 2024-06-17
======================================
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/exfatprogs-1.2.4/dump/dump.c new/exfatprogs-1.2.5/dump/dump.c
--- old/exfatprogs-1.2.4/dump/dump.c 2024-06-17 08:36:06.000000000 +0200
+++ new/exfatprogs-1.2.5/dump/dump.c 2024-08-06 16:34:23.000000000 +0200
@@ -244,11 +244,10 @@
if (version_only)
exit(EXIT_FAILURE);
- if (argc < 2)
+ if (argc - optind != 1)
usage();
- memset(ui.dev_name, 0, sizeof(ui.dev_name));
- snprintf(ui.dev_name, sizeof(ui.dev_name), "%s", argv[1]);
+ ui.dev_name = argv[1];
ret = exfat_get_blk_dev_info(&ui, &bd);
if (ret < 0)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/exfatprogs-1.2.4/exfat2img/exfat2img.c new/exfatprogs-1.2.5/exfat2img/exfat2img.c
--- old/exfatprogs-1.2.4/exfat2img/exfat2img.c 2024-06-17 08:36:06.000000000 +0200
+++ new/exfatprogs-1.2.5/exfat2img/exfat2img.c 2024-08-06 16:34:23.000000000 +0200
@@ -926,7 +926,7 @@
}
memset(&ui, 0, sizeof(ui));
- snprintf(ui.dev_name, sizeof(ui.dev_name), "%s", blkdev_path);
+ ui.dev_name = blkdev_path;
if (restore)
ui.writeable = true;
else
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/exfatprogs-1.2.4/fsck/fsck.c new/exfatprogs-1.2.5/fsck/fsck.c
--- old/exfatprogs-1.2.4/fsck/fsck.c 2024-06-17 08:36:06.000000000 +0200
+++ new/exfatprogs-1.2.5/fsck/fsck.c 2024-08-06 16:34:23.000000000 +0200
@@ -647,7 +647,6 @@
{
int ret;
struct exfat_lookup_filter filter;
- char filename[PATH_MAX + 1] = {0};
ret = exfat_lookup_file_by_utf16name(iter->exfat, iter->parent,
inode->name, &filter);
@@ -660,14 +659,7 @@
if (exfat_de_iter_device_offset(iter) == filter.out.dev_offset)
return 0;
- ret = exfat_utf16_dec(inode->name, NAME_BUFFER_SIZE, filename,
- PATH_MAX);
- if (ret < 0) {
- exfat_err("failed to decode filename\n");
- return ret;
- }
-
- return exfat_repair_rename_ask(&exfat_fsck, iter, filename,
+ return exfat_repair_rename_ask(&exfat_fsck, iter, inode->name,
ER_DE_DUPLICATED_NAME, "filename is duplicated");
}
@@ -682,7 +674,7 @@
exfat_de_iter_get(iter, 1, &stream_de);
name_len = exfat_utf16_len(inode->name, NAME_BUFFER_SIZE);
- if (stream_de->stream_name_len != name_len) {
+ if (name_len && stream_de->stream_name_len != name_len) {
if (repair_file_ask(iter, NULL, ER_DE_NAME_LEN,
"the name length of a file is wrong")) {
exfat_de_iter_get_dirty(iter, 1, &stream_de);
@@ -693,6 +685,18 @@
}
}
+ ret = exfat_check_name(inode->name, stream_de->stream_name_len);
+ if (ret != stream_de->stream_name_len) {
+ char err_msg[36];
+
+ snprintf(err_msg, sizeof(err_msg),
+ "filename has invalid character '%c'",
+ le16_to_cpu(inode->name[ret]));
+
+ return exfat_repair_rename_ask(&exfat_fsck, iter, inode->name,
+ ER_DE_INVALID_NAME, err_msg);
+ }
+
hash = exfat_calc_name_hash(iter->exfat, inode->name, (int)name_len);
if (cpu_to_le16(hash) != stream_de->stream_name_hash) {
if (repair_file_ask(iter, NULL, ER_DE_NAME_HASH,
@@ -713,21 +717,18 @@
return ret;
}
-const __le16 MSDOS_DOT[ENTRY_NAME_MAX] = {cpu_to_le16(46), 0, };
-const __le16 MSDOS_DOTDOT[ENTRY_NAME_MAX] = {cpu_to_le16(46), cpu_to_le16(46), 0, };
-
static int handle_dot_dotdot_filename(struct exfat_de_iter *iter,
- struct exfat_dentry *dentry,
+ __le16 *filename,
int strm_name_len)
{
- char *filename;
+ int i;
- if (!memcmp(dentry->name_unicode, MSDOS_DOT, strm_name_len * 2))
- filename = ".";
- else if (!memcmp(dentry->name_unicode, MSDOS_DOTDOT,
- strm_name_len * 2))
- filename = "..";
- else
+ for (i = 0; i < strm_name_len; i++) {
+ if (filename[i] != UTF16_DOT)
+ return 0;
+ }
+
+ if (filename[i])
return 0;
return exfat_repair_rename_ask(&exfat_fsck, iter, filename,
@@ -817,7 +818,7 @@
}
if (file_de->file_num_ext == 2 && stream_de->stream_name_len <= 2) {
- ret = handle_dot_dotdot_filename(iter, dentry,
+ ret = handle_dot_dotdot_filename(iter, node->name,
stream_de->stream_name_len);
if (ret < 0) {
*skip_dentries = file_de->file_num_ext + 1;
@@ -1005,7 +1006,7 @@
exfat->disk_bitmap_size = DIV_ROUND_UP(exfat->clus_count, 8);
exfat_bitmap_set_range(exfat, exfat->alloc_bitmap,
- le64_to_cpu(dentry->bitmap_start_clu),
+ le32_to_cpu(dentry->bitmap_start_clu),
DIV_ROUND_UP(exfat->disk_bitmap_size,
exfat->clus_size));
free(filter.out.dentry_set);
@@ -1034,9 +1035,8 @@
ch = le16_to_cpu(in_table[i]);
if (ch == 0xFFFF && i + 1 < in_len) {
- uint16_t len = le16_to_cpu(in_table[++i]);
-
- k += len;
+ ++i;
+ k += le16_to_cpu(in_table[i]);
} else {
out_table[k++] = ch;
}
@@ -1616,7 +1616,7 @@
exfat_fsck.options = ui.options;
- snprintf(ui.ei.dev_name, sizeof(ui.ei.dev_name), "%s", argv[optind]);
+ ui.ei.dev_name = argv[optind];
ret = exfat_get_blk_dev_info(&ui.ei, &bd);
if (ret < 0) {
exfat_err("failed to open %s. %d\n", ui.ei.dev_name, ret);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/exfatprogs-1.2.4/fsck/repair.c new/exfatprogs-1.2.5/fsck/repair.c
--- old/exfatprogs-1.2.4/fsck/repair.c 2024-06-17 08:36:06.000000000 +0200
+++ new/exfatprogs-1.2.5/fsck/repair.c 2024-08-06 16:34:23.000000000 +0200
@@ -55,6 +55,7 @@
{ER_DE_NAME_LEN, ERF_PREEN_YES, ERP_FIX, 0, 0, 0},
{ER_DE_DOT_NAME, ERF_PREEN_YES, ERP_RENAME, 2, 3, 4},
{ER_DE_DUPLICATED_NAME, ERF_PREEN_YES, ERP_RENAME, 2, 3, 4},
+ {ER_DE_INVALID_NAME, ERF_PREEN_YES, ERP_RENAME, 2, 3, 4},
{ER_FILE_VALID_SIZE, ERF_PREEN_YES, ERP_FIX, 0, 0, 0},
{ER_FILE_INVALID_CLUS, ERF_PREEN_YES, ERP_TRUNCATE, 0, 0, 0},
{ER_FILE_FIRST_CLUS, ERF_PREEN_YES, ERP_TRUNCATE, 0, 0, 0},
@@ -160,36 +161,37 @@
return repair;
}
-static int check_bad_char(char w)
-{
- return (w < 0x0020) || (w == '*') || (w == '?') || (w == '<') ||
- (w == '>') || (w == '|') || (w == '"') || (w == ':') ||
- (w == '/') || (w == '\\');
-}
-
-static char *get_rename_from_user(struct exfat_de_iter *iter)
+static int get_rename_from_user(struct exfat_de_iter *iter,
+ __le16 *utf16_name, int name_size)
{
+ int len = 0;
char *rename = malloc(ENTRY_NAME_MAX + 2);
if (!rename)
- return NULL;
+ return -ENOMEM;
retry:
/* +2 means LF(Line Feed) and NULL terminator */
memset(rename, 0x1, ENTRY_NAME_MAX + 2);
printf("New name: ");
if (fgets(rename, ENTRY_NAME_MAX + 2, stdin)) {
- int i, len, err;
+ int err;
struct exfat_lookup_filter filter;
len = strlen(rename);
/* Remove LF in filename */
rename[len - 1] = '\0';
- for (i = 0; i < len - 1; i++) {
- if (check_bad_char(rename[i])) {
- printf("filename contain invalid character(%c)\n", rename[i]);
- goto retry;
- }
+
+ memset(utf16_name, 0, name_size);
+ len = exfat_utf16_enc(rename, utf16_name, name_size);
+ if (len < 0)
+ goto out;
+
+ err = exfat_check_name(utf16_name, len >> 1);
+ if (err != len >> 1) {
+ printf("filename contain invalid character(%c)\n",
+ le16_to_cpu(utf16_name[err]));
+ goto retry;
}
exfat_de_iter_flush(iter);
@@ -200,23 +202,27 @@
}
}
- return rename;
+out:
+ free(rename);
+
+ return len;
}
-static char *generate_rename(struct exfat_de_iter *iter)
+static int generate_rename(struct exfat_de_iter *iter, __le16 *utf16_name,
+ int name_size)
{
+ int err;
char *rename;
if (iter->invalid_name_num > INVALID_NAME_NUM_MAX)
- return NULL;
+ return -ERANGE;
rename = malloc(ENTRY_NAME_MAX + 1);
if (!rename)
- return NULL;
+ return -ENOMEM;
while (1) {
struct exfat_lookup_filter filter;
- int err;
snprintf(rename, ENTRY_NAME_MAX + 1, "FILE%07d.CHK",
iter->invalid_name_num++);
@@ -227,13 +233,23 @@
break;
}
- return rename;
+ memset(utf16_name, 0, name_size);
+ err = exfat_utf16_enc(rename, utf16_name, name_size);
+ free(rename);
+
+ return err;
}
int exfat_repair_rename_ask(struct exfat_fsck *fsck, struct exfat_de_iter *iter,
- char *old_name, er_problem_code_t prcode, char *error_msg)
+ __le16 *uname, er_problem_code_t prcode, char *error_msg)
{
int num;
+ char old_name[PATH_MAX + 1] = {0};
+
+ if (exfat_utf16_dec(uname, NAME_BUFFER_SIZE, old_name, PATH_MAX) <= 0) {
+ exfat_err("failed to decode filename\n");
+ return -EINVAL;
+ }
ask_again:
num = exfat_repair_ask(fsck, prcode, "ERROR: '%s' %s.\n%s",
@@ -243,38 +259,31 @@
" [3] Bypass this check(No repair)\n");
if (num) {
__le16 utf16_name[ENTRY_NAME_MAX];
- char *rename = NULL;
__u16 hash;
struct exfat_dentry *dentry;
int ret;
switch (num) {
case 1:
- rename = get_rename_from_user(iter);
+ ret = get_rename_from_user(iter, utf16_name,
+ sizeof(utf16_name));
break;
case 2:
- rename = generate_rename(iter);
+ ret = generate_rename(iter, utf16_name,
+ sizeof(utf16_name));
break;
case 3:
- break;
+ return -EINVAL;
default:
exfat_info("select 1 or 2 number instead of %d\n", num);
goto ask_again;
}
- if (!rename)
+ if (ret < 0)
return -EINVAL;
- exfat_info("%s filename is renamed to %s\n", old_name, rename);
-
exfat_de_iter_get_dirty(iter, 2, &dentry);
- memset(utf16_name, 0, sizeof(utf16_name));
- ret = exfat_utf16_enc(rename, utf16_name, sizeof(utf16_name));
- free(rename);
- if (ret < 0)
- return ret;
-
ret >>= 1;
memcpy(dentry->name_unicode, utf16_name, ENTRY_NAME_MAX * 2);
hash = exfat_calc_name_hash(iter->exfat, utf16_name, ret);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/exfatprogs-1.2.4/fsck/repair.h new/exfatprogs-1.2.5/fsck/repair.h
--- old/exfatprogs-1.2.4/fsck/repair.h 2024-06-17 08:36:06.000000000 +0200
+++ new/exfatprogs-1.2.5/fsck/repair.h 2024-08-06 16:34:23.000000000 +0200
@@ -19,6 +19,7 @@
#define ER_DE_NAME_LEN 0x00001032
#define ER_DE_DOT_NAME 0x00001033
#define ER_DE_DUPLICATED_NAME 0x00001034
+#define ER_DE_INVALID_NAME 0x00001035
#define ER_FILE_VALID_SIZE 0x00002001
#define ER_FILE_INVALID_CLUS 0x00002002
#define ER_FILE_FIRST_CLUS 0x00002003
@@ -35,5 +36,5 @@
const char *fmt, ...);
int exfat_repair_rename_ask(struct exfat_fsck *fsck, struct exfat_de_iter *iter,
- char *old_name, er_problem_code_t prcode, char *error_msg);
+ __le16 *uname, er_problem_code_t prcode, char *error_msg);
#endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/exfatprogs-1.2.4/include/exfat_ondisk.h new/exfatprogs-1.2.5/include/exfat_ondisk.h
--- old/exfatprogs-1.2.4/include/exfat_ondisk.h 2024-06-17 08:36:06.000000000 +0200
+++ new/exfatprogs-1.2.5/include/exfat_ondisk.h 2024-08-06 16:34:23.000000000 +0200
@@ -7,23 +7,29 @@
#define _EXFAT_H
#include <stdint.h>
+#include <byteswap.h>
#include <linux/fs.h>
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
+#define UTF16_NULL 0x0000
+
#ifdef WORDS_BIGENDIAN
-#define cpu_to_le16(x) ((((x) >> 8) & 0xffu) | (((x) & 0xffu) << 8))
-#define cpu_to_le32(x) \
- ((((x) & 0xff000000u) >> 24) | (((x) & 0x00ff0000u) >> 8) | \
- (((x) & 0x0000ff00u) << 8) | (((x) & 0x000000ffu) << 24))
-#define cpu_to_le64(x) (cpu_to_le32((uint64_t)(x)) << 32 | \
- cpu_to_le32((uint64_t)(x) >> 32))
+#define cpu_to_le16(x) bswap_16(x)
+#define cpu_to_le32(x) bswap_32(x)
+#define cpu_to_le64(x) bswap_64(x)
+
+#define UTF16_DOT 0x2E00 /* . */
+#define UTF16_SLASH 0x2F00 /* / */
#else
#define cpu_to_le16(x) (x)
#define cpu_to_le32(x) (x)
#define cpu_to_le64(x) (x)
+
+#define UTF16_DOT 0x002E /* . */
+#define UTF16_SLASH 0x002F /* / */
#endif
#define le64_to_cpu(x) ((uint64_t)cpu_to_le64(x))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/exfatprogs-1.2.4/include/libexfat.h new/exfatprogs-1.2.5/include/libexfat.h
--- old/exfatprogs-1.2.4/include/libexfat.h 2024-06-17 08:36:06.000000000 +0200
+++ new/exfatprogs-1.2.5/include/libexfat.h 2024-08-06 16:34:23.000000000 +0200
@@ -78,7 +78,7 @@
};
struct exfat_user_input {
- char dev_name[255];
+ const char *dev_name;
bool writeable;
unsigned int sector_size;
unsigned int cluster_size;
@@ -190,6 +190,7 @@
int exfat_root_clus_count(struct exfat *exfat);
int read_boot_sect(struct exfat_blk_dev *bdev, struct pbr **bs);
int exfat_parse_ulong(const char *s, unsigned long *out);
+int exfat_check_name(__le16 *utf16_name, int len);
/*
* Exfat Print
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/exfatprogs-1.2.4/include/version.h new/exfatprogs-1.2.5/include/version.h
--- old/exfatprogs-1.2.4/include/version.h 2024-06-17 08:36:06.000000000 +0200
+++ new/exfatprogs-1.2.5/include/version.h 2024-08-06 16:34:23.000000000 +0200
@@ -5,6 +5,6 @@
#ifndef _VERSION_H
-#define EXFAT_PROGS_VERSION "1.2.4"
+#define EXFAT_PROGS_VERSION "1.2.5"
#endif /* !_VERSION_H */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/exfatprogs-1.2.4/label/label.c new/exfatprogs-1.2.5/label/label.c
--- old/exfatprogs-1.2.4/label/label.c 2024-06-17 08:36:06.000000000 +0200
+++ new/exfatprogs-1.2.5/label/label.c 2024-08-06 16:34:23.000000000 +0200
@@ -78,11 +78,10 @@
if (version_only)
exit(EXIT_FAILURE);
- if (argc < 2)
+ if (argc - optind != 1)
usage();
- memset(ui.dev_name, 0, sizeof(ui.dev_name));
- snprintf(ui.dev_name, sizeof(ui.dev_name), "%s", argv[serial_mode + 1]);
+ ui.dev_name = argv[serial_mode + 1];
ret = exfat_get_blk_dev_info(&ui, &bd);
if (ret < 0)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/exfatprogs-1.2.4/lib/exfat_dir.c new/exfatprogs-1.2.5/lib/exfat_dir.c
--- old/exfatprogs-1.2.4/lib/exfat_dir.c 2024-06-17 08:36:06.000000000 +0200
+++ new/exfatprogs-1.2.5/lib/exfat_dir.c 2024-08-06 16:34:23.000000000 +0200
@@ -577,7 +577,6 @@
for (i = 0; i < len; i++) {
ch = exfat->upcase_table[le16_to_cpu(name[i])];
- ch = cpu_to_le16(ch);
/* use += to avoid promotion to int; UBSan complaints about signed overflow */
chksum = (chksum << 15) | (chksum >> 1);
@@ -692,7 +691,7 @@
dset[1].dentry.stream.name_len = (__u8)name_len;
dset[1].dentry.stream.name_hash =
- exfat_calc_name_hash(exfat, utf16_name, name_len);
+ cpu_to_le16(exfat_calc_name_hash(exfat, utf16_name, name_len));
for (i = 2; i < dcount; i++) {
dset[i].type = EXFAT_NAME;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/exfatprogs-1.2.4/lib/exfat_fs.c new/exfatprogs-1.2.5/lib/exfat_fs.c
--- old/exfatprogs-1.2.4/lib/exfat_fs.c 2024-06-17 08:36:06.000000000 +0200
+++ new/exfatprogs-1.2.5/lib/exfat_fs.c 2024-08-06 16:34:23.000000000 +0200
@@ -249,8 +249,6 @@
int depth, i;
int name_len;
__le16 *utf16_path;
- static const __le16 utf16_slash = cpu_to_le16(0x002F);
- static const __le16 utf16_null = cpu_to_le16(0x0000);
size_t in_size;
ctx->local_path[0] = '\0';
@@ -268,13 +266,13 @@
memcpy((char *)utf16_path, (char *)ctx->ancestors[i]->name,
name_len * 2);
utf16_path += name_len;
- memcpy((char *)utf16_path, &utf16_slash, sizeof(utf16_slash));
+ *utf16_path = UTF16_SLASH;
utf16_path++;
}
if (depth > 1)
utf16_path--;
- memcpy((char *)utf16_path, &utf16_null, sizeof(utf16_null));
+ *utf16_path = UTF16_NULL;
utf16_path++;
in_size = (utf16_path - ctx->utf16_path) * sizeof(__le16);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/exfatprogs-1.2.4/lib/libexfat.c new/exfatprogs-1.2.5/lib/libexfat.c
--- old/exfatprogs-1.2.4/lib/libexfat.c 2024-06-17 08:36:06.000000000 +0200
+++ new/exfatprogs-1.2.5/lib/libexfat.c 2024-08-06 16:34:23.000000000 +0200
@@ -496,12 +496,20 @@
volume_label, sizeof(volume_label));
if (volume_label_len < 0) {
exfat_err("failed to encode volume label\n");
- free(pvol);
- return -1;
+ err = -1;
+ goto out;
}
- memcpy(pvol->vol_label, volume_label, volume_label_len);
pvol->vol_char_cnt = volume_label_len/2;
+ err = exfat_check_name(volume_label, pvol->vol_char_cnt);
+ if (err != pvol->vol_char_cnt) {
+ exfat_err("volume label contain invalid character(%c)\n",
+ le16_to_cpu(label_input[err]));
+ err = -1;
+ goto out;
+ }
+
+ memcpy(pvol->vol_label, volume_label, volume_label_len);
loc.parent = exfat->root;
loc.file_offset = filter.out.file_offset;
@@ -509,6 +517,7 @@
err = exfat_add_dentry_set(exfat, &loc, pvol, dcount, false);
exfat_info("new label: %s\n", label_input);
+out:
free(pvol);
return err;
@@ -759,7 +768,7 @@
goto free_ppbr;
}
- exfat_info("volume serial : 0x%x\n", ppbr->bsx.vol_serial);
+ exfat_info("volume serial : 0x%x\n", le32_to_cpu(ppbr->bsx.vol_serial));
free_ppbr:
free(ppbr);
@@ -919,6 +928,8 @@
exfat->bs->bsx.sect_size_bits;
offset += sizeof(clus_t) * clus;
+ next_clus = cpu_to_le32(next_clus);
+
if (exfat_write(exfat->blk_dev->dev_fd, &next_clus, sizeof(next_clus),
offset) != sizeof(next_clus))
return -EIO;
@@ -1058,3 +1069,22 @@
return 0;
}
+
+static inline int check_bad_utf16_char(unsigned short w)
+{
+ return (w < 0x0020) || (w == '*') || (w == '?') || (w == '<') ||
+ (w == '>') || (w == '|') || (w == '"') || (w == ':') ||
+ (w == '/') || (w == '\\');
+}
+
+int exfat_check_name(__le16 *utf16_name, int len)
+{
+ int i;
+
+ for (i = 0; i < len; i++) {
+ if (check_bad_utf16_char(le16_to_cpu(utf16_name[i])))
+ break;
+ }
+
+ return i;
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/exfatprogs-1.2.4/mkfs/mkfs.c new/exfatprogs-1.2.5/mkfs/mkfs.c
--- old/exfatprogs-1.2.4/mkfs/mkfs.c 2024-06-17 08:36:06.000000000 +0200
+++ new/exfatprogs-1.2.5/mkfs/mkfs.c 2024-08-06 16:34:23.000000000 +0200
@@ -737,8 +737,7 @@
goto out;
}
- memset(ui.dev_name, 0, sizeof(ui.dev_name));
- snprintf(ui.dev_name, sizeof(ui.dev_name), "%s", argv[optind]);
+ ui.dev_name = argv[optind];
ret = exfat_get_blk_dev_info(&ui, &bd);
if (ret < 0)
Binary files old/exfatprogs-1.2.4/tests/invalid_name/exfat.img.tar.xz and new/exfatprogs-1.2.5/tests/invalid_name/exfat.img.tar.xz differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/exfatprogs-1.2.4/tests/test_fsck.sh new/exfatprogs-1.2.5/tests/test_fsck.sh
--- old/exfatprogs-1.2.4/tests/test_fsck.sh 2024-06-17 08:36:06.000000000 +0200
+++ new/exfatprogs-1.2.5/tests/test_fsck.sh 2024-08-06 16:34:23.000000000 +0200
@@ -3,8 +3,8 @@
TESTCASE_DIR=$1
NEED_LOOPDEV=$2
IMAGE_FILE=exfat.img
-FSCK_PROG=fsck.exfat
-FSCK_PROG_2=fsck.exfat
+FSCK_PROG=${FSCK1:-"fsck.exfat"}
+FSCK_PROG_2=${FSCK2:-"fsck.exfat"}
FSCK_OPTS="-y -s"
PASS_COUNT=0
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/exfatprogs-1.2.4/tune/tune.c new/exfatprogs-1.2.5/tune/tune.c
--- old/exfatprogs-1.2.4/tune/tune.c 2024-06-17 08:36:06.000000000 +0200
+++ new/exfatprogs-1.2.5/tune/tune.c 2024-08-06 16:34:23.000000000 +0200
@@ -115,11 +115,10 @@
if (version_only)
exit(EXIT_FAILURE);
- if (argc < 3)
+ if (argc < 3 || argc - optind != 1)
usage();
- memset(ui.dev_name, 0, sizeof(ui.dev_name));
- snprintf(ui.dev_name, sizeof(ui.dev_name), "%s", argv[argc - 1]);
+ ui.dev_name = argv[argc - 1];
ret = exfat_get_blk_dev_info(&ui, &bd);
if (ret < 0)
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package sddm-kcm6 for openSUSE:Factory checked in at 2024-08-08 10:56:55
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/sddm-kcm6 (Old)
and /work/SRC/openSUSE:Factory/.sddm-kcm6.new.7232 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sddm-kcm6"
Thu Aug 8 10:56:55 2024 rev:10 rq:1191975 version:6.1.4
Changes:
--------
--- /work/SRC/openSUSE:Factory/sddm-kcm6/sddm-kcm6.changes 2024-07-17 15:14:03.947695037 +0200
+++ /work/SRC/openSUSE:Factory/.sddm-kcm6.new.7232/sddm-kcm6.changes 2024-08-08 10:57:04.792367905 +0200
@@ -1,0 +2,10 @@
+Tue Aug 6 13:29:11 UTC 2024 - Fabian Vogt <fabian(a)ritter-vogt.de>
+
+- Update to 6.1.4:
+ * New bugfix release
+ * For more details see https://kde.org/announcements/plasma/6/6.1.4
+- Changes since 6.1.3:
+ * update version for new release
+ * Fix visual window artifact
+
+-------------------------------------------------------------------
Old:
----
sddm-kcm-6.1.3.tar.xz
sddm-kcm-6.1.3.tar.xz.sig
New:
----
sddm-kcm-6.1.4.tar.xz
sddm-kcm-6.1.4.tar.xz.sig
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ sddm-kcm6.spec ++++++
--- /var/tmp/diff_new_pack.yiu131/_old 2024-08-08 10:57:06.572441083 +0200
+++ /var/tmp/diff_new_pack.yiu131/_new 2024-08-08 10:57:06.592441905 +0200
@@ -23,7 +23,7 @@
%bcond_without released
Name: sddm-kcm6
-Version: 6.1.3
+Version: 6.1.4
Release: 0
Summary: A sddm control module for KDE
License: GPL-2.0-only
++++++ sddm-kcm-6.1.3.tar.xz -> sddm-kcm-6.1.4.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sddm-kcm-6.1.3/CMakeLists.txt new/sddm-kcm-6.1.4/CMakeLists.txt
--- old/sddm-kcm-6.1.3/CMakeLists.txt 2024-07-16 13:11:20.000000000 +0200
+++ new/sddm-kcm-6.1.4/CMakeLists.txt 2024-08-06 14:36:47.000000000 +0200
@@ -1,6 +1,6 @@
cmake_minimum_required(VERSION 3.16)
project(sddm-kcm)
-set(PROJECT_VERSION "6.1.3")
+set(PROJECT_VERSION "6.1.4")
set(QT_MIN_VERSION "6.6.0")
set(KF6_MIN_VERSION "6.2.0")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sddm-kcm-6.1.3/src/ui/main.qml new/sddm-kcm-6.1.4/src/ui/main.qml
--- old/sddm-kcm-6.1.3/src/ui/main.qml 2024-07-16 13:11:20.000000000 +0200
+++ new/sddm-kcm-6.1.4/src/ui/main.qml 2024-08-06 14:36:47.000000000 +0200
@@ -132,7 +132,7 @@
id: syncSheet
title: i18nc("@title:window", "Apply Plasma Settings")
Kirigami.InlineMessage {
- implicitWidth: Kirigami.Units.gridUnit * 22
+ implicitWidth: Math.max(footer.implicitWidth, Kirigami.Units.gridUnit * 22)
visible: true
type: Kirigami.MessageType.Information
font: Kirigami.Theme.smallFont
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package powerdevil6 for openSUSE:Factory checked in at 2024-08-08 10:56:53
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/powerdevil6 (Old)
and /work/SRC/openSUSE:Factory/.powerdevil6.new.7232 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "powerdevil6"
Thu Aug 8 10:56:53 2024 rev:12 rq:1191973 version:6.1.4
Changes:
--------
--- /work/SRC/openSUSE:Factory/powerdevil6/powerdevil6.changes 2024-07-26 16:15:01.768567868 +0200
+++ /work/SRC/openSUSE:Factory/.powerdevil6.new.7232/powerdevil6.changes 2024-08-08 10:56:59.820163499 +0200
@@ -1,0 +2,12 @@
+Tue Aug 6 13:29:05 UTC 2024 - Fabian Vogt <fabian(a)ritter-vogt.de>
+
+- Update to 6.1.4:
+ * New bugfix release
+ * For more details see https://kde.org/announcements/plasma/6/6.1.4
+- Changes since 6.1.3:
+ * update version for new release
+ * daemon: Don't leave dangling Action pointers in idle-time containers (kde#490356,kde#490421)
+- Drop patches, now upstream:
+ * 0001-daemon-Don-t-leave-dangling-Action-pointers-in-idle-.patch
+
+-------------------------------------------------------------------
Old:
----
0001-daemon-Don-t-leave-dangling-Action-pointers-in-idle-.patch
powerdevil-6.1.3.tar.xz
powerdevil-6.1.3.tar.xz.sig
New:
----
powerdevil-6.1.4.tar.xz
powerdevil-6.1.4.tar.xz.sig
BETA DEBUG BEGIN:
Old:- Drop patches, now upstream:
* 0001-daemon-Don-t-leave-dangling-Action-pointers-in-idle-.patch
BETA DEBUG END:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ powerdevil6.spec ++++++
--- /var/tmp/diff_new_pack.yCBd4u/_old 2024-08-08 10:57:00.412187837 +0200
+++ /var/tmp/diff_new_pack.yCBd4u/_new 2024-08-08 10:57:00.412187837 +0200
@@ -22,7 +22,7 @@
%define rname powerdevil
%bcond_without released
Name: powerdevil6
-Version: 6.1.3
+Version: 6.1.4
Release: 0
# Full Plasma 6 version (e.g. 6.0.0)
%{!?_plasma6_bugfix: %define _plasma6_bugfix %{version}}
@@ -36,8 +36,6 @@
Source1: https://download.kde.org/stable/plasma/%{version}/%{rname}-%{version}.tar.x…
Source2: plasma.keyring
%endif
-# PATCH-FIX-UPSTREAM
-Patch1: 0001-daemon-Don-t-leave-dangling-Action-pointers-in-idle-.patch
BuildRequires: kf6-extra-cmake-modules >= %{kf6_version}
# Needed by FindLibcap.cmake
BuildRequires: libcap-progs
++++++ powerdevil-6.1.3.tar.xz -> powerdevil-6.1.4.tar.xz ++++++
++++ 19604 lines of diff (skipped)
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package plasma6-workspace for openSUSE:Factory checked in at 2024-08-08 10:56:52
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/plasma6-workspace (Old)
and /work/SRC/openSUSE:Factory/.plasma6-workspace.new.7232 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "plasma6-workspace"
Thu Aug 8 10:56:52 2024 rev:13 rq:1191969 version:6.1.4
Changes:
--------
--- /work/SRC/openSUSE:Factory/plasma6-workspace/plasma6-workspace.changes 2024-07-17 15:13:58.643500717 +0200
+++ /work/SRC/openSUSE:Factory/.plasma6-workspace.new.7232/plasma6-workspace.changes 2024-08-08 10:56:55.932003659 +0200
@@ -1,0 +2,20 @@
+Tue Aug 6 13:28:34 UTC 2024 - Fabian Vogt <fabian(a)ritter-vogt.de>
+
+- Update to 6.1.4:
+ * New bugfix release
+ * For more details see https://kde.org/announcements/plasma/6/6.1.4
+- Changes since 6.1.3:
+ * update version for new release
+ * Watch for Look and Feel changed
+ * applets/batterymonitor: Fix property names to show the right tool-tip text
+ * applets/mediacontroller: Fix label width overflow in horizontal panel
+ * Track screen change
+ * Respect centered images size (kde#490425,kde#489250)
+ * xembed-sni-proxy: Check if descendant windows want button events
+ * freespacenotifier: Rework to not warn for read only partitions
+ * startplasma: Also set environment variable when it is not currently set (kde#490432)
+ * notifications: When doing a drag and drop, set the supported action to cpoy (kde#469644)
+ * krunner: Fix icon property name for additionalActions list
+ * kastatsfavoritesmodel: Fix a crash
+
+-------------------------------------------------------------------
Old:
----
plasma-workspace-6.1.3.tar.xz
plasma-workspace-6.1.3.tar.xz.sig
New:
----
plasma-workspace-6.1.4.tar.xz
plasma-workspace-6.1.4.tar.xz.sig
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ plasma6-workspace.spec ++++++
--- /var/tmp/diff_new_pack.qNLS7V/_old 2024-08-08 10:56:57.268058583 +0200
+++ /var/tmp/diff_new_pack.qNLS7V/_new 2024-08-08 10:56:57.268058583 +0200
@@ -30,7 +30,7 @@
%{!?_plasma6_version: %define _plasma6_version %(echo %{_plasma6_bugfix} | awk -F. '{print $1"."$2}')}
%bcond_without released
Name: plasma6-workspace
-Version: 6.1.3
+Version: 6.1.4
Release: 0
Summary: The KDE Plasma Workspace Components
License: GPL-2.0-or-later
++++++ plasma-workspace-6.1.3.tar.xz -> plasma-workspace-6.1.4.tar.xz ++++++
/work/SRC/openSUSE:Factory/plasma6-workspace/plasma-workspace-6.1.3.tar.xz /work/SRC/openSUSE:Factory/.plasma6-workspace.new.7232/plasma-workspace-6.1.4.tar.xz differ: char 27, line 1
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package plasma6-pa for openSUSE:Factory checked in at 2024-08-08 10:56:50
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/plasma6-pa (Old)
and /work/SRC/openSUSE:Factory/.plasma6-pa.new.7232 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "plasma6-pa"
Thu Aug 8 10:56:50 2024 rev:10 rq:1191962 version:6.1.4
Changes:
--------
--- /work/SRC/openSUSE:Factory/plasma6-pa/plasma6-pa.changes 2024-07-17 15:13:53.971329551 +0200
+++ /work/SRC/openSUSE:Factory/.plasma6-pa.new.7232/plasma6-pa.changes 2024-08-08 10:56:51.311813769 +0200
@@ -1,0 +2,11 @@
+Tue Aug 6 13:28:09 UTC 2024 - Fabian Vogt <fabian(a)ritter-vogt.de>
+
+- Update to 6.1.4:
+ * New bugfix release
+ * For more details see https://kde.org/announcements/plasma/6/6.1.4
+- Changes since 6.1.3:
+ * update version for new release
+ * volumemonitor: don't crash when there is no pa_context
+ * kcm/SpeakerTest: Fix the minimum layout for Mono channel (kde#476096)
+
+-------------------------------------------------------------------
Old:
----
plasma-pa-6.1.3.tar.xz
plasma-pa-6.1.3.tar.xz.sig
New:
----
plasma-pa-6.1.4.tar.xz
plasma-pa-6.1.4.tar.xz.sig
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ plasma6-pa.spec ++++++
--- /var/tmp/diff_new_pack.C95evs/_old 2024-08-08 10:56:51.895837748 +0200
+++ /var/tmp/diff_new_pack.C95evs/_new 2024-08-08 10:56:51.895837748 +0200
@@ -26,7 +26,7 @@
%{!?_plasma6_version: %define _plasma6_version %(echo %{_plasma6_bugfix} | awk -F. '{print $1"."$2}')}
%bcond_without released
Name: plasma6-pa
-Version: 6.1.3
+Version: 6.1.4
Release: 0
Summary: The Plasma6 Volume Manager
License: GPL-2.0-or-later
++++++ plasma-pa-6.1.3.tar.xz -> plasma-pa-6.1.4.tar.xz ++++++
++++ 4012 lines of diff (skipped)
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package plasma6-openSUSE for openSUSE:Factory checked in at 2024-08-08 10:56:48
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/plasma6-openSUSE (Old)
and /work/SRC/openSUSE:Factory/.plasma6-openSUSE.new.7232 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "plasma6-openSUSE"
Thu Aug 8 10:56:48 2024 rev:11 rq:1191961 version:84.87~git20240313T170730~9c664b7
Changes:
--------
--- /work/SRC/openSUSE:Factory/plasma6-openSUSE/plasma6-openSUSE.changes 2024-07-17 15:13:53.119298337 +0200
+++ /work/SRC/openSUSE:Factory/.plasma6-openSUSE.new.7232/plasma6-openSUSE.changes 2024-08-08 10:56:50.347774188 +0200
@@ -1,0 +2,5 @@
+Tue Aug 6 13:28:07 UTC 2024 - Fabian Vogt <fabian(a)ritter-vogt.de>
+
+- Update to 6.1.4
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ plasma6-openSUSE.spec ++++++
--- /var/tmp/diff_new_pack.8aORbm/_old 2024-08-08 10:56:50.939798495 +0200
+++ /var/tmp/diff_new_pack.8aORbm/_new 2024-08-08 10:56:50.943798660 +0200
@@ -20,7 +20,7 @@
# Plasma 6 pulls in Qt 5 as well, tell qml-autoreqprov what to use
%global __qml_requires_opts --qtver 6
-%global plasma_version 6.1.3
+%global plasma_version 6.1.4
Name: plasma6-openSUSE
Version: 84.87~git20240313T170730~9c664b7
Release: 0
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package plasma6-desktop for openSUSE:Factory checked in at 2024-08-08 10:56:28
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/plasma6-desktop (Old)
and /work/SRC/openSUSE:Factory/.plasma6-desktop.new.7232 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "plasma6-desktop"
Thu Aug 8 10:56:28 2024 rev:11 rq:1191954 version:6.1.4
Changes:
--------
--- /work/SRC/openSUSE:Factory/plasma6-desktop/plasma6-desktop.changes 2024-07-17 15:13:44.446980626 +0200
+++ /work/SRC/openSUSE:Factory/.plasma6-desktop.new.7232/plasma6-desktop.changes 2024-08-08 10:56:45.079557887 +0200
@@ -1,0 +2,17 @@
+Tue Aug 6 13:27:53 UTC 2024 - Fabian Vogt <fabian(a)ritter-vogt.de>
+
+- Update to 6.1.4:
+ * New bugfix release
+ * For more details see https://kde.org/announcements/plasma/6/6.1.4
+- Changes since 6.1.3:
+ * update version for new release
+ * Make X-KDE-Init-Phase a proper in in JSON and remove obsolete X-KDE-Init-Symbol values
+ * Folder View: hide existing label while renaming (kde#482802)
+ * Folder View: re-transfer focus to grid view after rename (kde#491088)
+ * Use bindings for anchors (kde#489492)
+ * Restore the folderview title config
+ * applets/taskmanager: fix size of textual list popup
+ * applets/taskmanager: Fix applet's layout size with multiple rows (kde#490319)
+ * [kcms/access] Set range for visual bell duration selector
+
+-------------------------------------------------------------------
Old:
----
plasma-desktop-6.1.3.tar.xz
plasma-desktop-6.1.3.tar.xz.sig
New:
----
plasma-desktop-6.1.4.tar.xz
plasma-desktop-6.1.4.tar.xz.sig
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ plasma6-desktop.spec ++++++
--- /var/tmp/diff_new_pack.d1hQi5/_old 2024-08-08 10:56:45.863590078 +0200
+++ /var/tmp/diff_new_pack.d1hQi5/_new 2024-08-08 10:56:45.867590242 +0200
@@ -31,7 +31,7 @@
%{!?_plasma6_version: %define _plasma6_version %(echo %{_plasma6_bugfix} | awk -F. '{print $1"."$2}')}
%bcond_without released
Name: plasma6-desktop
-Version: 6.1.3
+Version: 6.1.4
Release: 0
Summary: The KDE Plasma Workspace Components
License: GPL-2.0-only
++++++ plasma-desktop-6.1.3.tar.xz -> plasma-desktop-6.1.4.tar.xz ++++++
/work/SRC/openSUSE:Factory/plasma6-desktop/plasma-desktop-6.1.3.tar.xz /work/SRC/openSUSE:Factory/.plasma6-desktop.new.7232/plasma-desktop-6.1.4.tar.xz differ: char 27, line 1
1
0