Accepting request 772273 from home:markkp:branches:Base:System

- Added s390-tools-sles15sp1-zdev-Also-include-the-ctc-driver-in-the-initrd.patch (bsc#1160373). - Added s390-tools-sles15sp1-11-zdev-Do-not-call-zipl-on-initrd-update.patch (bsc#1162840). - Added s390-tools-sles15sp2-zkey-Fix-listing-of-keys-on-file-systems-reporting-D.patch (bsc#1162996). - Added s390-tools-sles15sp2-zkey-Fix-display-of-clear-key-size-for-XTS-keys.patch (bsc#1163002). OBS-URL: https://build.opensuse.org/request/show/772273 OBS-URL: https://build.opensuse.org/package/show/Base:System/s390-tools?expand=0&rev=85
2020-02-08 03:21:31 +00:00 · 2020-02-08 03:21:31 +00:00 · fae628f0c4
commit fae628f0c4
parent 50eb270fbf
6 changed files with 200 additions and 1 deletions
--- a/s390-tools-sles15sp1-11-zdev-Do-not-call-zipl-on-initrd-update.patch
+++ b/s390-tools-sles15sp1-11-zdev-Do-not-call-zipl-on-initrd-update.patch
@ -0,0 +1,50 @@
 Subject: zdev: Add support for handling I/O configuration data
 From: Peter Oberparleiter <oberpar@linux.ibm.com>
 Summary:     zdev: Add support for handling I/O configuration data
 Description: LPARs that are running in IBM Dynamic Partition Manager (DPM) mode
             can access a firmware-generated I/O configuration data file that
             contains s390-specific information about available I/O devices
             such as qeth device numbers and parameters, and FCP device IDs.
             This data file is intended to remove the need for users to
             manually enter the corresponding device data during installation.
             Linux kernels with the corresponding support make the I/O
             configuration data available at the following location:
               /sys/firmware/sclp_sd/config/data
             This patch set adds support for handling this data file using the
             chzdev and lszdev tools:
               - I/O configuration data can be applied using chzdev's --import
                 option
               - Initial RAM-Disk scripts automatically apply the
                 I/O configuration data to the system configuration
               - lszdev can be used to display the applied auto-configuration
                 data
               - chzdev can be used to manually override the
                 auto-configuration data
 Upstream-ID: -
 Problem-ID:  LS1604
 Signed-off-by: Peter Oberparleiter <oberpar@linux.ibm.com>
 ---
 zdev/src/zdev-root-update.dracut |    6 ------
 1 file changed, 6 deletions(-)
 --- a/zdev/src/zdev-root-update.dracut
 +++ b/zdev/src/zdev-root-update.dracut
@@ -20,10 +20,4 @@ dracut -f || {
 	exit 1
 }
 -echo "Installing IPL record"
 -zipl --noninteractive || {
 -	echo "${TOOLNAME}: Error: Could not install IPL record" >&2
 -	exit 1
 -}
 -
 exit 0
--- a/s390-tools-sles15sp1-zdev-Also-include-the-ctc-driver-in-the-initrd.patch
+++ b/s390-tools-sles15sp1-zdev-Also-include-the-ctc-driver-in-the-initrd.patch
@ -0,0 +1,11 @@
 --- a/zdev/dracut/95zdev/module-setup.sh	2019-01-10 11:39:08.000000000 -0500
 +++ b/zdev/dracut/95zdev/module-setup.sh	2019-01-14 13:28:33.983461097 -0500
@@ -32,7 +32,7 @@
 installkernel() {
     # Add modules for all device types supported by chzdev (required for
     # auto-configuration)
 -    instmods lcs qeth qeth_l2 qeth_l3 dasd_mod dasd_eckd_mod dasd_fba_mod \
 +    instmods ctcm lcs qeth qeth_l2 qeth_l3 dasd_mod dasd_eckd_mod dasd_fba_mod \
 	     dasd_diag_mod zfcp
 }
--- a/s390-tools-sles15sp2-zkey-Fix-display-of-clear-key-size-for-XTS-keys.patch
+++ b/s390-tools-sles15sp2-zkey-Fix-display-of-clear-key-size-for-XTS-keys.patch
@ -0,0 +1,60 @@
 Subject: [PATCH] [BZ 183401] zkey: Fix display of clear key size for XTS keys
 From: Ingo Franzki <ifranzki@linux.ibm.com>
 Description:   zkey: Fix display of clear key size for XTS keys
 Symptom:       The 'zkey list' command shows bogus values for the
               keys 'Clear key size' for XTS keys of type CCA-AESDATA
               or CCA-AESCIPHER.
 Problem:       XTS keys consist of 2 keys concatenated to each other.
               To calculate the clear key size, the clear key size of
               both keys must be added. The code does not address the
               second key correctly, and thus reads the clear key size
               of the second key from an invalid memory location. This
               results in bogus values reported as clear key size.
               This bug has been introduced with feature SEC1717 "Cipher
               key support" with commit 298fab68fee8 "zkey: Preparations 
               for introducing a new key type".
 Solution:      Correct the addressing of the second key.
 Reproduction:  Generate an XTS key of type CCA-AESDATA or CCA-AESCIPHER
               and then run 'zkey list'.
 Upstream-ID:   e7f446432b92b293e758099842843cfb1f18fa97
 Problem-ID:    183401
 Upstream-Description:
              zkey: Fix display of clear key size for XTS keys
              Fixes: 298fab68fee8 ("zkey: Preparations for introducing a new key type")
              Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
              Signed-off-by: Jan Hoeppner <hoeppner@linux.ibm.com>
 Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
 ---
 zkey/pkey.c |    8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)
 --- a/zkey/pkey.c
 +++ b/zkey/pkey.c
@@ -1591,8 +1591,8 @@ int get_key_bit_size(const u8 *key, size
 	if (is_cca_aes_data_key(key, key_size)) {
 		*bitsize = datakey->bitsize;
 		if (key_size == 2 * AESDATA_KEY_SIZE) {
 -			datakey = (struct aesdatakeytoken *)key +
 -					AESDATA_KEY_SIZE;
 +			datakey = (struct aesdatakeytoken *)(key +
 +					AESDATA_KEY_SIZE);
 			*bitsize += datakey->bitsize;
 		}
 	} else if (is_cca_aes_cipher_key(key, key_size)) {
@@ -1601,8 +1601,8 @@ int get_key_bit_size(const u8 *key, size
 		else
 			*bitsize = 0; /* Unknown */
 		if (key_size > cipherkey->length) {
 -			cipherkey = (struct aescipherkeytoken *)key +
 -					cipherkey->length;
 +			cipherkey = (struct aescipherkeytoken *)(key +
 +					cipherkey->length);
 			if (cipherkey->pfv == 0x00) /* V0 payload */
 				*bitsize += cipherkey->pl - 384;
 		}
--- a/s390-tools-sles15sp2-zkey-Fix-listing-of-keys-on-file-systems-reporting-D.patch
+++ b/s390-tools-sles15sp2-zkey-Fix-listing-of-keys-on-file-systems-reporting-D.patch
@ -0,0 +1,62 @@
 Subject: [PATCH] [BZ 183125] zkey: Fix listing of keys on file systems reporting DT_UNKNOWN.
 From: Ingo Franzki <ifranzki@linux.ibm.com>
 Description:   zkey: Fix listing of keys on file systems reporting DT_UNKNOWN.
 Symptom:       When the zkey key repository is located in a file system that
               does not have full support for report the file type, such as
               XFS, the 'zkey list' command does not show any keys, although
               keys exist in the repository.
 Problem:       The zkey list function uses scandir() to look for files in the
               zkey key repository directory. It checks the dirent.d_type field
               to consider only regular files, but skips all others. File
               systems that do not have full support for returning the file
               type in d_type will return DT_UNKNOWN instead. zkey skips
               those directory entries and thus does not show any keys.
 Solution:      Also consider directory entries with d_type = DT_UNKNOWN.
 Reproduction:  Use zkey with a zkey repository directory located in a file
               system that does not have full support for returning the file
               type, such as XFS. Generate a key in the repository and then
               list the key s with 'zkey list'.
               Note: Newly created XFS file systems usually support returning
               the file type, but existing XFS file systems might not. To
               create an XFS file system that does not support returning the
               file type, use 'mkfs.xfs -f -m crc=0 -n ftype=0' to create
               the file system.
 Upstream-ID:   0de533aef9def920fed751c6025e4f19c4cba763~
 Problem-ID:    183125
 Upstream-Description:
               zkey: Fix listing of keys on file systems reporting DT_UNKNOWN
               The zkey list function uses scandir() to look for files in the
               zkey key repository directory. It checks the dirent.d_type field
               to consider only regular files, but skip all others.
               Unfortunately, not all file systems have full support for returning
               the file type in d_type. When the zkey repository is located in a file
               system that does not support d_type, such as xfs, zkey list shows no
               keys, although the key repository contains keys.
               Fix this by also considering directory entries with d_type = DT_UNKNOWN.
               Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
               Signed-off-by: Jan Hoeppner <hoeppner@linux.ibm.com>
 Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
 ---
 zkey/keystore.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 --- a/zkey/keystore.c
 +++ b/zkey/keystore.c
@@ -906,7 +906,7 @@ static int _keystore_info_file_filter(co
 {
 	size_t len;
 -	if (dirent->d_type != DT_REG)
 +	if (dirent->d_type != DT_REG && dirent->d_type != DT_UNKNOWN)
 		return 0;
 	len = strlen(dirent->d_name);
--- a/s390-tools.changes
+++ b/s390-tools.changes
@ -1,3 +1,15 @@
 -------------------------------------------------------------------
 Sat Feb  8 02:25:58 UTC 2020 - Mark Post <mpost@suse.com>
 - Added s390-tools-sles15sp1-zdev-Also-include-the-ctc-driver-in-the-initrd.patch
  (bsc#1160373).
 - Added s390-tools-sles15sp1-11-zdev-Do-not-call-zipl-on-initrd-update.patch
  (bsc#1162840).
 - Added s390-tools-sles15sp2-zkey-Fix-listing-of-keys-on-file-systems-reporting-D.patch
  (bsc#1162996).
 - Added s390-tools-sles15sp2-zkey-Fix-display-of-clear-key-size-for-XTS-keys.patch
  (bsc#1163002).
 -------------------------------------------------------------------
 Fri Oct 11 15:30:19 UTC 2019 - Mark Post <mpost@suse.com>
--- a/s390-tools.spec
+++ b/s390-tools.spec
@ -1,7 +1,7 @@
 #
 # spec file for package s390-tools
 #
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019-2020 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -123,6 +123,9 @@ Patch34:        s390-tools-sles15sp2-34-zkey-Add-convert-command-to-convert-keys
 Patch35:        s390-tools-sles15sp2-35-zkey-Allow-zkey-cryptsetup-setkey-to-set-different-k.patch
 Patch36:        s390-tools-sles15sp2-zcrypt-CEX7S-exploitation-support.patch
 Patch37:        s390-tools-sles15sp2-zcryptstats-Add-support-for-CEX7.patch
 Patch38:        s390-tools-sles15sp1-11-zdev-Do-not-call-zipl-on-initrd-update.patch
 Patch39:        s390-tools-sles15sp2-zkey-Fix-listing-of-keys-on-file-systems-reporting-D.patch
 Patch40:        s390-tools-sles15sp2-zkey-Fix-display-of-clear-key-size-for-XTS-keys.patch
 # SUSE patches
 Patch900:       s390-tools-sles12-zipl_boot_msg.patch
@ -137,6 +140,7 @@ Patch908:       dasdfmt-retry-BIODASDINFO-if-device-is-busy.patch
 Patch909:       59-dasd.rules-wait_for.patch
 Patch910:       s390-tools-sles12-fdasd-skip-partition-check-and-BLKRRPART-ioctl.patch
 Patch911:       s390-tools-sles15sp2-Close-file-descriptor-when-checking-for-read-only.patch
 Patch912:       s390-tools-sles15sp1-zdev-Also-include-the-ctc-driver-in-the-initrd.patch
 BuildRequires:  dracut
 BuildRequires:  fuse-devel