Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE
mokutil
mokutil.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File mokutil.changes of Package mokutil
------------------------------------------------------------------- Fri Mar 1 08:23:24 UTC 2024 - Dennis Tseng <dennis.tseng@suse.com> - Update to 0.7.0 + 82694cb Show usage instead of aborting on bad flags + 04791c2 mokutil bugfix: del unused opt "-s" + d978c18 Fix leak of list in delete_data_from_req_var() + e498f64 Fix leak of fd in mok_get_variable() + 7b6258a Show the key owner GUID + 51b5e55 Use PKG_PROG_PKG_CONFIG macro from pkg.m4 to detect pkg-config + 1aefcdb mokutil: handle the parsing error from "mok-variables" + 71140ef mokutil: Fix memory leak in export_db_keys + 0011d52 mokutil:check the result of malloc() is necessary + a0d8702 Fix inconsistency in skip messages + ae59d89 man: add "--trust-mok" and "--untrust-mok" + dd55c28 Avoid conflicting efi_char16_t type definitions + 8b6d116 fix: typo "accesss" -> "access" + f68a4f4 Do not exit with non zero status for version query + 5f49730 Check for efi variabales support after processing commands + 2d6c409 Return 0 after printing help messages + c64741d Add support for SSPPolicy, depricate --set-sbat-policy delete + 48e3d2a Fix tab alignment for help (set-fallback-verbosity/set-fallback-noreboot) + c361087 (HEAD -> master, tag: 0.7.0, origin/ssppolicy-v2-fix, origin/master, origin/HEAD) Rename "previous" revocations to "automatic" ------------------------------------------------------------------- Fri Feb 23 09:19:54 UTC 2024 - pgajdos@suse.com - Use %patch -P N instead of deprecated %patchN. ------------------------------------------------------------------- Tue Sep 19 08:10:49 UTC 2023 - Joey Lee <jlee@suse.com> - Sync change log to prepare for sending mokutil 0.6.0 to SLE15-SP6 (jsc#PED-6528) - Removed the following backported patches because they are merged to 0.6.0: - mokutil-fix-missing-header.patch b15e7c4d7 util: add the missing stdio.h - mokutil-enable-setting-fallback-verbosity-and-norebo.patch (bsc#1198458) 57bc38582 mokutil: enable setting fallback verbosity and noreboot mode - mokutil-SBAT-revocation-update-support.patch (bsc#1198458) 6c9890730 SBAT revocation update support ------------------------------------------------------------------- Fri Aug 18 07:07:08 UTC 2023 - Gary Ching-Pang Lin <glin@suse.com> - Remove modhash (bsc#1214358) + The modhash script is rarely used and it's impractical to block a kernel module with the hash. ------------------------------------------------------------------- Mon Jun 27 05:00:25 UTC 2022 - Joey Lee <jlee@suse.com> - Update to 0.6.0 + 6c98907 SBAT revocation update support + 0276891 mokutil: Add trust_mok_keys and untrust_mok_keys + 57bc385 mokutil: enable setting fallback verbosity and noreboot mode + b15e7c4 util: add the missing stdio.h - Drop mokutil-fix-missing-header.patch (upstream) ------------------------------------------------------------------- Thu Jul 15 06:39:26 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com> - Update to 0.5.0 + mokutil: delete key/hash from the reverse request + efi_x509: fix an error handling in is_immediate_ca() + efi_x509: fix certificates fingerprint calculation + efi_x509: use EVP_Digest()* functions instead of the deprecated SHA1_*() + src/util.c: fix NULL pointer dereference in mok_get_variable + mokutil: Read the SbatLevelRT variable to get the SBAT entries + mokutil: add mok-variables parsing support + mokutil: Add option to print the UEFI SBAT variable content + mokutil: only check for Secure Boot support in options that need it + efi_x509: add the function to fetch SKID + keyring: add the function to check kernel keyring + mokutil: initialize data for efi_get_variable() + mokutil: correct the data for efi_set_variable() in set_password() + mokutil: improve the readability of issue_mok_request() + mokutil: drop the checks for PK and KEK + mokutil: check the blocklists before enrolling a key + mokutil: adjust the command bits + mokutil: remove "--simple-hash" + make CA check non-fatal + mokutil: close file in the error path + mokutil: do the CA check + efi_x509: add the function to check immediate CA + efi_x509: use d2i_X509() to create X509 handling + mokutil: rename hash_file as pw_hash_file + password-crypt: update the function names + password-crypt: fix the types of several functions + mokutil: fix the error message in sb_state() + mokutil: move x509 functions to efi_x509.c + mokutil: move the hash functions to efi_hash.c + util: add functions for db_var_name and db_friendly_name + Remove the SHA1 code from identify_hash_type() + Map the UEFI variable names with a function + Fix -Wcast-align warnings + Fix 32 bit build + Add --timeout to manpage and other corrections. + mokutil.c: fix typo enrollement -> enrollment + Avoid taking pointer to packed struct + Fix name of --enable-validation in the description + Remove shebang from bash-completion/mokutil - Add mokutil-fix-missing-header.patch to fix the compilation error due to the missing header - Refresh mokutil-remove-libkeyutils-check.patch and only apply it to openSUSE Leap 15.* - Drop upstreamed patches: + mokutil-remove-shebang-from-bash-completion-file.patch + mokutil-bsc1173115-add-ca-and-keyring-checks.patch - Drop mokutil-support-revoke-builtin-cert.patch since we don't use the builtin cert prompt patch in shim anymore. ------------------------------------------------------------------- Tue May 4 06:52:03 UTC 2021 - Dirk Müller <dmueller@suse.com> - spec file cleanup ------------------------------------------------------------------- Wed Sep 16 09:06:02 UTC 2020 - Gary Ching-Pang Lin <glin@suse.com> - Add mokutil-bsc1173115-add-ca-and-keyring-checks.patch to add options for CA and kernel keyring checks (bsc#1173115) + Add new BuildRequires: keyutils-devel + Add mokutil-remove-libkeyutils-check.patch to disable the version check of libkeyutils - Refresh mokutil-support-revoke-builtin-cert.patch ------------------------------------------------------------------- Fri Aug 14 06:59:46 UTC 2020 - Gary Ching-Pang Lin <glin@suse.com> - Update mokutil-support-revoke-builtin-cert.patch + Add "--revoke-cert" to the man page ------------------------------------------------------------------- Fri Dec 13 10:38:44 UTC 2019 - Michel Normand <normand@linux.vnet.ibm.com> - Add build for ppc64/ppc64le ------------------------------------------------------------------- Tue May 28 04:38:14 UTC 2019 - Gary Ching-Pang Lin <glin@suse.com> - Update to 0.4.0 + Rename export_moks as export_db_keys + Add support for exporting other keys + add new --mok argument + set list-enrolled command as default for some arguments + Add more info to --sb-state: show when we're in SetupMode or with shim validation disabled + Correct help: --set-timeout is really --timeout + generate_hash() / generate_pw_hash(): don't use strlen() for strncpy bounds + Add the type casting to silence the warning + Add a way for mokutil to configure a timeout for MokManager's prompt + list_keys_in_var(): check errno correctly, not ret twice + Fix typo in error message when the system lacks Secure Boot support + Add bash completion file + mokutil: be explicit about file modes in all cases + Make all efi_guid_t const + Don't allow sha1 on the mokutil command line + Build with -fshort-wchar so toggle passwords work right + Fix the 32bit signedness comparison + Fix the potential buffer overflow - Add mokutil-remove-shebang-from-bash-completion-file.patch to remove shebang from bash-completion/mokutil - Drop upstreamed patches + mokutil-constify-efi-guid.patch + mokutil-fix-overflow.patch + mokutil-fshort-wchar.patch + mokutil-set-efi-variable-file-mode.patch - Refresh mokutil-support-revoke-builtin-cert.patch - Install bash-completion/mokutil ------------------------------------------------------------------- Thu Mar 21 02:39:46 UTC 2019 - Gary Ching-Pang Lin <glin@suse.com> - Add modhash to calculate the hash of kernel module (SLE-5661) + Also add openssl to Requires since the script needs it ------------------------------------------------------------------- Fri Nov 23 08:58:24 UTC 2018 - glin@suse.com - Enable AArch64 build (bsc#1119769, fate#326541) ------------------------------------------------------------------- Tue Mar 27 09:54:10 CEST 2018 - kukuk@suse.de - Use %license instead of %doc [bsc#1082318] ------------------------------------------------------------------- Wed Jul 13 04:52:23 UTC 2016 - glin@suse.com - Patches for efivar 0.24 + Add mokutil-set-efi-variable-file-mode.patch to set the file mode explicitly. + Add mokutil-constify-efi-guid.patch to make all efi_guild_t variables const. + Refresh mokutil-support-revoke-builtin-cert.patch for the change of efi_set_variable() ------------------------------------------------------------------- Tue Jun 30 08:43:45 UTC 2015 - glin@suse.com - Add mokutil-fshort-wchar.patch to make sure the UEFI strings are UCS-2 encoding. ------------------------------------------------------------------- Tue Nov 4 07:52:54 UTC 2014 - glin@suse.com - Update to 0.3.0 - Add mokutil-fix-overflow.patch to fix the buffer overflow - Drop upstreamed patches + mokutil-upstream-fixes.patch + mokutil-mokx-support.patch + mokutil-check-corrupted-key-list.patch + mokutil-check-secure-boot-support.patch + mokutil-clean-request.patch + mokutil-fix-hash-file-read.patch + mokutil-fix-hash-list-size.patch + mokutil-more-details-for-skipped-keys.patch + mokutil-no-invalid-x509.patch - Refresh mokutil-support-revoke-builtin-cert.patch ------------------------------------------------------------------- Wed Apr 16 04:11:50 UTC 2014 - glin@suse.com - Add mokutil-fix-hash-file-read.patch to fix the error handling of reading a hash file ------------------------------------------------------------------- Thu Apr 10 04:44:22 UTC 2014 - glin@suse.com - Add mokutil-check-corrupted-key-list.patch to check whether the key list is corrupted or not - Add mokutil-no-invalid-x509.patch to avoid importing an invalid x509 certificate ------------------------------------------------------------------- Mon Mar 24 07:37:39 UTC 2014 - glin@suse.com - Add mokutil-more-details-for-skipped-keys.patch to show the reason to skip the key - Add mokutil-check-secure-boot-support.patch to check whether the system supports Secure Boot or not ------------------------------------------------------------------- Fri Feb 21 10:10:15 UTC 2014 - glin@suse.com - Add mokutil-support-revoke-builtin-cert.patch to add an option to revoke the built-in certificate in shim ------------------------------------------------------------------- Wed Feb 12 10:06:31 UTC 2014 - glin@suse.com - Add mokutil-fix-hash-list-size.patch to update the list size after merging or deleting a hash - Add mokutil-clean-request.patch to clean the request if all keys are removed ------------------------------------------------------------------- Wed Jan 22 05:55:45 UTC 2014 - glin@suse.com - Update mokutil-mokx-support.patch to fix the test-key request check ------------------------------------------------------------------- Thu Dec 5 02:11:40 UTC 2013 - glin@suse.com - Add mokutil-upstream-fixes.patch to include upstream fixes for db signature check, gcc warnings, and error handling - Add mokutil-mokx-support.patch to support the MOK blacklist (FATE#316531) ------------------------------------------------------------------- Thu Jul 25 09:13:44 UTC 2013 - glin@suse.com - Update to 0.2.0 + Generate the password hash with crypt() by default instead of the original sha256 password hash + Add an option to import the root password hash + Amend error messages, help, and man page - Drop upstreamed patches + mokutil-lcrypt-ldflag.patch + mokutil-probe-secure-boot-state.patch + mokutil-allow-password-from-pipe.patch + mokutil-bnc809703-check-pending-request.patch + mokutil-support-delete-keys.patch + mokutil-support-crypt-hash-methods.patch + mokutil-update-man-page.patch + mokutil-bnc809215-improve-wording.patch + mokutil-support-new-pw-hash.patch + mokutil-no-duplicate-keys-imported.patch ------------------------------------------------------------------- Tue Apr 2 04:43:59 UTC 2013 - glin@suse.com - Add mokutil-bnc809215-improve-wording.patch to make the messages understandable (bnc#809215) - Add mokutil-bnc809703-check-pending-request.patch to remove the key from the pending request if necessary (bnc#809703) ------------------------------------------------------------------- Wed Jan 30 08:00:22 UTC 2013 - glin@suse.com - Merge patches for FATE#314506 + Add mokutil-support-crypt-hash-methods.patch to support the password hashes from /etc/shadow + Add mokutil-update-man-page.patch to update man page for the new added options - Add mokutil-lcrypt-ldflag.patch to correct LDFLAGS ------------------------------------------------------------------- Fri Jan 18 10:05:27 UTC 2013 - glin@suse.com - Update mokutil-support-new-pw-hash.patch to extend the password hash format ------------------------------------------------------------------- Wed Jan 16 08:41:15 UTC 2013 - glin@suse.com - Merge patches for FATE#314506 + Add mokutil-support-delete-keys.patch to delete specific keys + Add mokutil-support-new-pw-hash.patch to support the new password format + Add mokutil-allow-password-from-pipe.patch to allow the password to be generated in a script and be sent through pipeline - Install COPYING ------------------------------------------------------------------- Tue Dec 11 08:07:32 UTC 2012 - glin@suse.com - Add mokutil-probe-secure-boot-state.patch to probe the state of secure boot - Add mokutil-no-duplicate-keys-imported.patch to avoid importing duplicate keys ------------------------------------------------------------------- Wed Nov 7 08:10:45 UTC 2012 - glin@suse.com - Add new package mokutil-0.1.0 (FATE#314510)
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor