213 lines
9 KiB
Text
213 lines
9 KiB
Text
* Thu May 5 2022 jlee@suse.com
|
|
- Add the following patches against bsc#1198458
|
|
mokutil-enable-setting-fallback-verbosity-and-norebo.patch
|
|
mokutil-SBAT-revocation-update-support.patch
|
|
* Thu Jul 15 2021 glin@suse.com
|
|
- Update to 0.5.0
|
|
+ mokutil: delete key/hash from the reverse request
|
|
+ efi_x509: fix an error handling in is_immediate_ca()
|
|
+ efi_x509: fix certificates fingerprint calculation
|
|
+ efi_x509: use EVP_Digest()* functions instead of the deprecated
|
|
SHA1_*()
|
|
+ src/util.c: fix NULL pointer dereference in mok_get_variable
|
|
+ mokutil: Read the SbatLevelRT variable to get the SBAT entries
|
|
+ mokutil: add mok-variables parsing support
|
|
+ mokutil: Add option to print the UEFI SBAT variable content
|
|
+ mokutil: only check for Secure Boot support in options that
|
|
need it
|
|
+ efi_x509: add the function to fetch SKID
|
|
+ keyring: add the function to check kernel keyring
|
|
+ mokutil: initialize data for efi_get_variable()
|
|
+ mokutil: correct the data for efi_set_variable() in
|
|
set_password()
|
|
+ mokutil: improve the readability of issue_mok_request()
|
|
+ mokutil: drop the checks for PK and KEK
|
|
+ mokutil: check the blocklists before enrolling a key
|
|
+ mokutil: adjust the command bits
|
|
+ mokutil: remove "--simple-hash"
|
|
+ make CA check non-fatal
|
|
+ mokutil: close file in the error path
|
|
+ mokutil: do the CA check
|
|
+ efi_x509: add the function to check immediate CA
|
|
+ efi_x509: use d2i_X509() to create X509 handling
|
|
+ mokutil: rename hash_file as pw_hash_file
|
|
+ password-crypt: update the function names
|
|
+ password-crypt: fix the types of several functions
|
|
+ mokutil: fix the error message in sb_state()
|
|
+ mokutil: move x509 functions to efi_x509.c
|
|
+ mokutil: move the hash functions to efi_hash.c
|
|
+ util: add functions for db_var_name and db_friendly_name
|
|
+ Remove the SHA1 code from identify_hash_type()
|
|
+ Map the UEFI variable names with a function
|
|
+ Fix -Wcast-align warnings
|
|
+ Fix 32 bit build
|
|
+ Add --timeout to manpage and other corrections.
|
|
+ mokutil.c: fix typo enrollement -> enrollment
|
|
+ Avoid taking pointer to packed struct
|
|
+ Fix name of --enable-validation in the description
|
|
+ Remove shebang from bash-completion/mokutil
|
|
- Add mokutil-fix-missing-header.patch to fix the compilation error
|
|
due to the missing header
|
|
- Refresh mokutil-remove-libkeyutils-check.patch and only apply
|
|
it to openSUSE Leap 15.*
|
|
- Drop upstreamed patches:
|
|
+ mokutil-remove-shebang-from-bash-completion-file.patch
|
|
+ mokutil-bsc1173115-add-ca-and-keyring-checks.patch
|
|
- Drop mokutil-support-revoke-builtin-cert.patch since we don't use
|
|
the builtin cert prompt patch in shim anymore.
|
|
* Tue May 4 2021 dmueller@suse.com
|
|
- spec file cleanup
|
|
* Wed Sep 16 2020 glin@suse.com
|
|
- Add mokutil-bsc1173115-add-ca-and-keyring-checks.patch to add
|
|
options for CA and kernel keyring checks (bsc#1173115)
|
|
+ Add new BuildRequires: keyutils-devel
|
|
+ Add mokutil-remove-libkeyutils-check.patch to disable the
|
|
version check of libkeyutils
|
|
- Refresh mokutil-support-revoke-builtin-cert.patch
|
|
* Fri Aug 14 2020 glin@suse.com
|
|
- Update mokutil-support-revoke-builtin-cert.patch
|
|
+ Add "--revoke-cert" to the man page
|
|
* Fri Dec 13 2019 normand@linux.vnet.ibm.com
|
|
- Add build for ppc64/ppc64le
|
|
* Tue May 28 2019 glin@suse.com
|
|
- Update to 0.4.0
|
|
+ Rename export_moks as export_db_keys
|
|
+ Add support for exporting other keys
|
|
+ add new --mok argument
|
|
+ set list-enrolled command as default for some arguments
|
|
+ Add more info to --sb-state: show when we're in SetupMode or
|
|
with shim validation disabled
|
|
+ Correct help: --set-timeout is really --timeout
|
|
+ generate_hash() / generate_pw_hash(): don't use strlen() for
|
|
strncpy bounds
|
|
+ Add the type casting to silence the warning
|
|
+ Add a way for mokutil to configure a timeout for MokManager's
|
|
prompt
|
|
+ list_keys_in_var(): check errno correctly, not ret twice
|
|
+ Fix typo in error message when the system lacks Secure Boot
|
|
support
|
|
+ Add bash completion file
|
|
+ mokutil: be explicit about file modes in all cases
|
|
+ Make all efi_guid_t const
|
|
+ Don't allow sha1 on the mokutil command line
|
|
+ Build with -fshort-wchar so toggle passwords work right
|
|
+ Fix the 32bit signedness comparison
|
|
+ Fix the potential buffer overflow
|
|
- Add mokutil-remove-shebang-from-bash-completion-file.patch to
|
|
remove shebang from bash-completion/mokutil
|
|
- Drop upstreamed patches
|
|
+ mokutil-constify-efi-guid.patch
|
|
+ mokutil-fix-overflow.patch
|
|
+ mokutil-fshort-wchar.patch
|
|
+ mokutil-set-efi-variable-file-mode.patch
|
|
- Refresh mokutil-support-revoke-builtin-cert.patch
|
|
- Install bash-completion/mokutil
|
|
* Thu Mar 21 2019 glin@suse.com
|
|
- Add modhash to calculate the hash of kernel module (SLE-5661)
|
|
+ Also add openssl to Requires since the script needs it
|
|
* Fri Nov 23 2018 glin@suse.com
|
|
- Enable AArch64 build (bsc#1119769, fate#326541)
|
|
* Tue Mar 27 2018 kukuk@suse.de
|
|
- Use %%license instead of %%doc [bsc#1082318]
|
|
* Wed Jul 13 2016 glin@suse.com
|
|
- Patches for efivar 0.24
|
|
+ Add mokutil-set-efi-variable-file-mode.patch to set the file
|
|
mode explicitly.
|
|
+ Add mokutil-constify-efi-guid.patch to make all efi_guild_t
|
|
variables const.
|
|
+ Refresh mokutil-support-revoke-builtin-cert.patch for the
|
|
change of efi_set_variable()
|
|
* Tue Jun 30 2015 glin@suse.com
|
|
- Add mokutil-fshort-wchar.patch to make sure the UEFI strings are
|
|
UCS-2 encoding.
|
|
* Tue Nov 4 2014 glin@suse.com
|
|
- Update to 0.3.0
|
|
- Add mokutil-fix-overflow.patch to fix the buffer overflow
|
|
- Drop upstreamed patches
|
|
+ mokutil-upstream-fixes.patch
|
|
+ mokutil-mokx-support.patch
|
|
+ mokutil-check-corrupted-key-list.patch
|
|
+ mokutil-check-secure-boot-support.patch
|
|
+ mokutil-clean-request.patch
|
|
+ mokutil-fix-hash-file-read.patch
|
|
+ mokutil-fix-hash-list-size.patch
|
|
+ mokutil-more-details-for-skipped-keys.patch
|
|
+ mokutil-no-invalid-x509.patch
|
|
- Refresh mokutil-support-revoke-builtin-cert.patch
|
|
* Wed Apr 16 2014 glin@suse.com
|
|
- Add mokutil-fix-hash-file-read.patch to fix the error handling of
|
|
reading a hash file
|
|
* Thu Apr 10 2014 glin@suse.com
|
|
- Add mokutil-check-corrupted-key-list.patch to check whether the
|
|
key list is corrupted or not
|
|
- Add mokutil-no-invalid-x509.patch to avoid importing an invalid
|
|
x509 certificate
|
|
* Mon Mar 24 2014 glin@suse.com
|
|
- Add mokutil-more-details-for-skipped-keys.patch to show the
|
|
reason to skip the key
|
|
- Add mokutil-check-secure-boot-support.patch to check whether the
|
|
system supports Secure Boot or not
|
|
* Fri Feb 21 2014 glin@suse.com
|
|
- Add mokutil-support-revoke-builtin-cert.patch to add an option to
|
|
revoke the built-in certificate in shim
|
|
* Wed Feb 12 2014 glin@suse.com
|
|
- Add mokutil-fix-hash-list-size.patch to update the list size
|
|
after merging or deleting a hash
|
|
- Add mokutil-clean-request.patch to clean the request if all keys
|
|
are removed
|
|
* Wed Jan 22 2014 glin@suse.com
|
|
- Update mokutil-mokx-support.patch to fix the test-key request
|
|
check
|
|
* Thu Dec 5 2013 glin@suse.com
|
|
- Add mokutil-upstream-fixes.patch to include upstream fixes for
|
|
db signature check, gcc warnings, and error handling
|
|
- Add mokutil-mokx-support.patch to support the MOK blacklist
|
|
(FATE#316531)
|
|
* Thu Jul 25 2013 glin@suse.com
|
|
- Update to 0.2.0
|
|
+ Generate the password hash with crypt() by default instead of
|
|
the original sha256 password hash
|
|
+ Add an option to import the root password hash
|
|
+ Amend error messages, help, and man page
|
|
- Drop upstreamed patches
|
|
+ mokutil-lcrypt-ldflag.patch
|
|
+ mokutil-probe-secure-boot-state.patch
|
|
+ mokutil-allow-password-from-pipe.patch
|
|
+ mokutil-bnc809703-check-pending-request.patch
|
|
+ mokutil-support-delete-keys.patch
|
|
+ mokutil-support-crypt-hash-methods.patch
|
|
+ mokutil-update-man-page.patch
|
|
+ mokutil-bnc809215-improve-wording.patch
|
|
+ mokutil-support-new-pw-hash.patch
|
|
+ mokutil-no-duplicate-keys-imported.patch
|
|
* Tue Apr 2 2013 glin@suse.com
|
|
- Add mokutil-bnc809215-improve-wording.patch to make the messages
|
|
understandable (bnc#809215)
|
|
- Add mokutil-bnc809703-check-pending-request.patch to remove the
|
|
key from the pending request if necessary (bnc#809703)
|
|
* Wed Jan 30 2013 glin@suse.com
|
|
- Merge patches for FATE#314506
|
|
+ Add mokutil-support-crypt-hash-methods.patch to support the
|
|
password hashes from /etc/shadow
|
|
+ Add mokutil-update-man-page.patch to update man page for the
|
|
new added options
|
|
- Add mokutil-lcrypt-ldflag.patch to correct LDFLAGS
|
|
* Fri Jan 18 2013 glin@suse.com
|
|
- Update mokutil-support-new-pw-hash.patch to extend the password
|
|
hash format
|
|
* Wed Jan 16 2013 glin@suse.com
|
|
- Merge patches for FATE#314506
|
|
+ Add mokutil-support-delete-keys.patch to delete specific keys
|
|
+ Add mokutil-support-new-pw-hash.patch to support the new
|
|
password format
|
|
+ Add mokutil-allow-password-from-pipe.patch to allow the
|
|
password to be generated in a script and be sent through
|
|
pipeline
|
|
- Install COPYING
|
|
* Tue Dec 11 2012 glin@suse.com
|
|
- Add mokutil-probe-secure-boot-state.patch to probe the state of
|
|
secure boot
|
|
- Add mokutil-no-duplicate-keys-imported.patch to avoid importing
|
|
duplicate keys
|
|
* Wed Nov 7 2012 glin@suse.com
|
|
- Add new package mokutil-0.1.0 (FATE#314510)
|