Hello community, here is the log from the commit of package tboot for openSUSE:Factory checked in at 2018-09-03 10:35:45 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tboot (Old) and /work/SRC/openSUSE:Factory/.tboot.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "tboot" Mon Sep 3 10:35:45 2018 rev:33 rq:632523 version:20170711_1.9.7 Changes: -------- --- /work/SRC/openSUSE:Factory/tboot/tboot.changes 2018-03-16 10:45:09.320570880 +0100 +++ /work/SRC/openSUSE:Factory/.tboot.new/tboot.changes 2018-09-03 10:35:47.164775305 +0200 @@ -1,0 +2,31 @@ +Fri Aug 31 14:23:48 UTC 2018 - matthias.gerstner@suse.com + +- update to upstream version 1.9.7. This in mainly a bugfix release: + Fix a lot of issues in tools reported by klocwork scan. + Fix a lot of issues in tboot module reported by klocwork scan. + Remove a redundant tboot option + Fix indent in heap.c + Fix 4 issues along with extpol=agile option + Mitigations for tpm interposer attacks + Add an option in tboot to force SINIT to use the legacy TPM2 log format. + Add support for appending to a TPM2 TCG style event log. + Ensure tboot log is available even when measured launch is skipped. + Add centos7 instructions for Use in EFI boot mode. + Fix memory leak and invalid reads and writes issues. + Fix TPM 1.2 locality selection issue. + Fix a null pointer dereference bug when Intel TXT is disabled. + Optimize tboot docs installation. + Fix security vulnerabilities rooted in tpm_if structure and g_tpm variable. + The size field of the MB2 tag is the size of the tag header + the size + Fix openssl-1.0.2 double frees + Make policy element stm_elt use unique type name + lcptools-v2 utilities fixes + port to openssl-1.1.0 + Reset debug PCR16 to zero. + Fix a logical error in function bool evtlog_append(...). +- removed tboot-CVE-2017-16837.patch: now contained in tarball +- removed tboot-openssl-1-1-0.patch: now contained in tarball +- removed tboot-signature-segfault.patch: now contained in tarball +- removed tboot-ssl-broken.patch: now contained in tarball + +------------------------------------------------------------------- Old: ---- tboot-1.9.6.tar.gz tboot-CVE-2017-16837.patch tboot-openssl-1-1-0.patch tboot-signature-segfault.patch tboot-ssl-broken.patch New: ---- tboot-1.9.7.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tboot.spec ++++++ --- /var/tmp/diff_new_pack.1AHo2A/_old 2018-09-03 10:35:47.684776649 +0200 +++ /var/tmp/diff_new_pack.1AHo2A/_new 2018-09-03 10:35:47.684776649 +0200 @@ -17,8 +17,8 @@ Name: tboot -%define ver 1.9.6 -Version: 20170711_1.9.6 +%define ver 1.9.7 +Version: 20170711_%{ver} Release: 0 Summary: Performs a verified launch using Intel(R) TXT License: BSD-3-Clause @@ -27,15 +27,7 @@ Source0: http://downloads.sourceforge.net/project/tboot/tboot/tboot-%{ver}.tar.gz Patch3: tboot-grub2-fix-menu-in-xen-host-server.patch Patch4: tboot-grub2-fix-xen-submenu-name.patch -Patch5: tboot-openssl-1-1-0.patch -Patch6: tboot-CVE-2017-16837.patch Patch7: tboot-distributor.patch -# a stark history regarding SSL: ssl functions never really worked in tboot, -# even the signature-segfault upstream fix didn't fix the root causes. -# ssl-broken.patch is my own patch that I have published on the tboot-devel -# mailing list, but no response so far. -Patch8: tboot-signature-segfault.patch -Patch9: tboot-ssl-broken.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build ExclusiveArch: %{ix86} x86_64 BuildRequires: openssl-devel @@ -60,11 +52,7 @@ %setup -q -n %name-%ver %patch3 -p1 %patch4 -p1 -%patch5 -p1 -%patch6 -p1 %patch7 -p1 -%patch8 -p1 -%patch9 -p1 %build export CFLAGS="%{optflags}" ++++++ tboot-1.9.6.tar.gz -> tboot-1.9.7.tar.gz ++++++ ++++ 3807 lines of diff (skipped)