update to new upstream version 1.9.6:

- removed following patches, because they're now included upstream:
	* tboot-grub2-fix-menu-in-xen-host-server.patch
	* tboot-grub2-fix-xen-submenu-name.patch
	* tboot-grub2-suse.patch
- Changes in this version:
	* GCC7 fix, adds generic FALLTHROUGH notations to avoid warnings appearing on GCC7
        * Ensure Tboot never overwrites modules in the process of moving them.
        * Add support to x2APIC, which uses 32 bit APIC ID.
        * Fix S3 secrets sealing/unsealing failures
        * Support OpenSSL 1.1.0+ for ECDSA signature verification.
        * Support OpenSSL 1.1.0+ for RSA key manipulation.
        * Adds additional checks to prevent the kernel image from being overwritten.
        * Added TCG TPM event log support.
        * Pass through the EFI memory map that's provided by grub2.
        * Fix a null pointer dereference bug when Intel TXT is disabled in BIOS.
        * Adjust KERNEL_CMDLINE_OFFSET from 0x9000 to 0x8D00.
        * Bounds checking on the kernel_cmdline string.

OBS-URL: https://build.opensuse.org/package/show/security/tboot?expand=0&rev=64

reproducible.patch

@@ -1,13 +0,0 @@
-Index: tboot-1.9.5/tboot/Makefile
-===================================================================
---- tboot-1.9.5.orig/tboot/Makefile
-+++ tboot-1.9.5/tboot/Makefile
-@@ -32,7 +32,7 @@ OBJS := $(obj-y)
- TARGET_LDS := $(CURDIR)/common/tboot.lds
- 
- $(TARGET).gz : $(TARGET)
--	gzip -f -9 < $< > $@
-+	gzip -n -f -9 < $< > $@
- 
- $(TARGET) : $(OBJS) $(TARGET_LDS)
- 	$(LD) $(LDFLAGS) -T $(TARGET_LDS) -N $(OBJS) -o $(@D)/.$(@F).0

tboot-1.9.5.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:c7032e367ac0129493c9bb1fcd1437f400ff5533c970119ddce281ff4d58a13f
-size 685460

tboot-1.9.6.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1b55eed6ca8196b2a003936594248a242888ac34ff970eda651e7660c4772a39
+size 693564

tboot-gcc7.patch

@@ -1,86 +0,0 @@
-Index: tboot-1.9.5/tboot/common/tboot.c
-===================================================================
---- tboot-1.9.5.orig/tboot/common/tboot.c
-+++ tboot-1.9.5/tboot/common/tboot.c
-@@ -501,11 +501,13 @@ static void shutdown_system(uint32_t shu
-             /* write our S3 resume vector to ACPI resume addr */
-             set_s3_resume_vector(&_tboot_shared.acpi_sinfo,  TBOOT_S3_WAKEUP_ADDR);
-             /* fall through for rest of Sx handling */
-+	    /* FALLTHROUGH */
-         case TB_SHUTDOWN_S4:
-         case TB_SHUTDOWN_S5:
-             machine_sleep(&_tboot_shared.acpi_sinfo);
-             /* if machine_sleep() fails, fall through to reset */
- 
-+	    /* FALLTHROUGH */
-         case TB_SHUTDOWN_REBOOT:
-             if ( txt_is_powercycle_required() ) {
-                 /* powercycle by writing 0x0a+0x0e to port 0xcf9 */
-@@ -524,6 +526,7 @@ static void shutdown_system(uint32_t shu
-                 outb(0xcf9, 0x06);
-             }
- 
-+	    /* FALLTHROUGH */
-         case TB_SHUTDOWN_HALT:
-         default:
-             while ( true )
-Index: tboot-1.9.5/tboot/common/vsprintf.c
-===================================================================
---- tboot-1.9.5.orig/tboot/common/vsprintf.c
-+++ tboot-1.9.5/tboot/common/vsprintf.c
-@@ -404,6 +404,7 @@ handle_width:
-         case 'p':
-             mods.flag |= PREFIX;    /* print prefix 0x for %p */
-             mods.flag_long = LONG;
-+	    /* FALLTHROUGH */
-         case 'x':
-             mods.base = 16;
-             buf_pos = write_number_to_buffer(buf, size, buf_pos, mods);
-Index: tboot-1.9.5/tboot/common/tpm.c
-===================================================================
---- tboot-1.9.5.orig/tboot/common/tpm.c
-+++ tboot-1.9.5/tboot/common/tpm.c
-@@ -117,14 +117,14 @@ static bool tpm_send_cmd_ready_status_cr
- #endif
- 
- 	if ( reg_ctrl_sts.tpmidle== 1) {
--           reg_ctrl_request._raw[0] = 0;
-+	   memset(&reg_ctrl_request,0,sizeof(reg_ctrl_request));
-            reg_ctrl_request.cmdReady = 1;
- 	    write_tpm_reg(locality, TPM_CRB_CTRL_REQ, &reg_ctrl_request);
- 
- 	    return true;
- 	}
- 
--      reg_ctrl_request._raw[0] = 0;
-+      memset(&reg_ctrl_request,0,sizeof(reg_ctrl_request));
-       reg_ctrl_request.goIdle = 1;
-       write_tpm_reg(locality, TPM_CRB_CTRL_REQ, &reg_ctrl_request);
- 	  
-@@ -158,7 +158,7 @@ static bool tpm_send_cmd_ready_status_cr
-        printk(TBOOT_INFO"2. reg_ctrl_sts.tpmsts: 0x%x\n", reg_ctrl_sts.tpmsts); 	
- #endif
- 
--       reg_ctrl_request._raw[0] = 0;
-+      memset(&reg_ctrl_request,0,sizeof(reg_ctrl_request));
-        reg_ctrl_request.cmdReady = 1;
- 	write_tpm_reg(locality, TPM_CRB_CTRL_REQ, &reg_ctrl_request);
- 
-@@ -724,7 +724,7 @@ bool tpm_relinquish_locality_crb(uint32_
-     if ( reg_loc_state.loc_assigned == 0 )    return true;
- 
-     /* make inactive by writing a 1 */
--    reg_loc_ctrl._raw[0] = 0;
-+    memset(&reg_loc_ctrl,0,sizeof(reg_loc_ctrl));
-     reg_loc_ctrl.relinquish = 1;
-     write_tpm_reg(locality, TPM_REG_LOC_CTRL, &reg_loc_ctrl);
- 
-@@ -778,7 +778,7 @@ bool tpm_request_locality_crb(uint32_t l
-     tpm_reg_loc_state_t  reg_loc_state;
-     tpm_reg_loc_ctrl_t    reg_loc_ctrl;
-     /* request access to the TPM from locality N */
--    reg_loc_ctrl._raw[0] = 0;
-+    memset(&reg_loc_ctrl,0,sizeof(reg_loc_ctrl));
-     reg_loc_ctrl.requestAccess = 1;
-     write_tpm_reg(locality, TPM_REG_LOC_CTRL, &reg_loc_ctrl);
- 

tboot-grub2-fix-menu-in-xen-host-server.patch

@@ -23,10 +23,10 @@ v3:
 References: bnc#865815
 Porting to tboot in order to fix duplicated xen entries
 
-Index: tboot-1.9.4/tboot/20_linux_tboot
+Index: tboot-1.9.6/tboot/20_linux_tboot
 ===================================================================
---- tboot-1.9.4.orig/tboot/20_linux_tboot
-+++ tboot-1.9.4/tboot/20_linux_tboot
+--- tboot-1.9.6.orig/tboot/20_linux_tboot
++++ tboot-1.9.6/tboot/20_linux_tboot
 @@ -225,6 +225,49 @@ while [ "x${tboot_list}" != "x" ] && [ "
  		break
  	    fi
@@ -77,10 +77,10 @@ Index: tboot-1.9.4/tboot/20_linux_tboot
  	if test -n "${initrd}" ; then
  	    echo "Found initrd image: ${dirname}/${initrd}" >&2
  	else
-Index: tboot-1.9.4/tboot/20_linux_xen_tboot
+Index: tboot-1.9.6/tboot/20_linux_xen_tboot
 ===================================================================
---- tboot-1.9.4.orig/tboot/20_linux_xen_tboot
-+++ tboot-1.9.4/tboot/20_linux_xen_tboot
+--- tboot-1.9.6.orig/tboot/20_linux_xen_tboot
++++ tboot-1.9.6/tboot/20_linux_xen_tboot
 @@ -52,6 +52,12 @@ fi
  export TEXTDOMAIN=grub
  export TEXTDOMAINDIR=${prefix}/share/locale

tboot-grub2-fix-xen-submenu-name.patch

@@ -4,13 +4,13 @@ Subject: fix xen submenu name to show tboot version
 References: bnc#865815
 Patch-Mainline: no
 
-Index: tboot-1.9.5/tboot/20_linux_xen_tboot
+Index: tboot-1.9.6/tboot/20_linux_xen_tboot
 ===================================================================
---- tboot-1.9.5.orig/tboot/20_linux_xen_tboot
-+++ tboot-1.9.5/tboot/20_linux_xen_tboot
+--- tboot-1.9.6.orig/tboot/20_linux_xen_tboot
++++ tboot-1.9.6/tboot/20_linux_xen_tboot
 @@ -232,7 +232,7 @@ while [ "x${xen_list}" != "x" ] ; do
          rel_tboot_dirname=`make_system_path_relative_to_its_root $tboot_dirname`
-         tboot_version="1.9.5"
+         tboot_version="1.9.6"
          list="${linux_list}"
 -        echo "submenu \"Xen ${xen_version}\" \"Tboot ${tboot_version}\"{"
 +        echo "submenu \"Xen ${xen_version} with Tboot ${tboot_version}\"{"

tboot-grub2-suse.patch

@@ -1,26 +0,0 @@
-Index: tboot-1.9.4/tboot/20_linux_tboot
-===================================================================
---- tboot-1.9.4.orig/tboot/20_linux_tboot
-+++ tboot-1.9.4/tboot/20_linux_tboot
-@@ -24,6 +24,8 @@ libdir=${exec_prefix}/lib
- sysconfdir=/etc
- if test -e /usr/share/grub/grub-mkconfig_lib; then
-   . /usr/share/grub/grub-mkconfig_lib
-+elif test -e /usr/share/grub2/grub-mkconfig_lib; then
-+  . /usr/share/grub2/grub-mkconfig_lib
- elif test -e ${libdir}/grub/grub-mkconfig_lib; then
-   . ${libdir}/grub/grub-mkconfig_lib
- fi
-Index: tboot-1.9.4/tboot/20_linux_xen_tboot
-===================================================================
---- tboot-1.9.4.orig/tboot/20_linux_xen_tboot
-+++ tboot-1.9.4/tboot/20_linux_xen_tboot
-@@ -24,6 +24,8 @@ libdir=${exec_prefix}/lib
- sysconfdir=/etc
- if test -e /usr/share/grub/grub-mkconfig_lib; then
-   . /usr/share/grub/grub-mkconfig_lib
-+elif test -e /usr/share/grub2/grub-mkconfig_lib; then
-+  . /usr/share/grub2/grub-mkconfig_lib
- elif test -e ${libdir}/grub/grub-mkconfig_lib; then
-   . ${libdir}/grub/grub-mkconfig_lib
- fi

tboot.changes

@@ -1,3 +1,27 @@
+-------------------------------------------------------------------
+Tue Jul 18 11:10:29 UTC 2017 - matthias.gerstner@suse.com
+
+update to new upstream version 1.9.6:
+
+- removed following patches, because they're now included upstream:
+	* tboot-grub2-fix-menu-in-xen-host-server.patch
+	* tboot-grub2-fix-xen-submenu-name.patch
+	* tboot-grub2-suse.patch
+
+- Changes in this version:
+	* GCC7 fix, adds generic FALLTHROUGH notations to avoid warnings appearing on GCC7
+        * Ensure Tboot never overwrites modules in the process of moving them.
+        * Add support to x2APIC, which uses 32 bit APIC ID.
+        * Fix S3 secrets sealing/unsealing failures
+        * Support OpenSSL 1.1.0+ for ECDSA signature verification.
+        * Support OpenSSL 1.1.0+ for RSA key manipulation.
+        * Adds additional checks to prevent the kernel image from being overwritten.
+        * Added TCG TPM event log support.
+        * Pass through the EFI memory map that's provided by grub2.
+        * Fix a null pointer dereference bug when Intel TXT is disabled in BIOS.
+        * Adjust KERNEL_CMDLINE_OFFSET from 0x9000 to 0x8D00.
+        * Bounds checking on the kernel_cmdline string.
+
 -------------------------------------------------------------------
 Sun Jun  4 08:43:14 UTC 2017 - meissner@suse.com
 

tboot.spec

@@ -17,20 +17,17 @@
 
 
 Name:           tboot
-%define ver 1.9.5
-Version:        20160518_1.9.4
+%define ver 1.9.6
+Version:        20170711_1.9.6
 Release:        0
 Summary:        Performs a verified launch using Intel(R) TXT
 License:        BSD-3-Clause
 Group:          Productivity/Security
 Url:            http://sourceforge.net/projects/tboot/
 Source0:        http://downloads.sourceforge.net/project/tboot/tboot/tboot-%{ver}.tar.gz
-Patch1:         tboot-grub2-suse.patch
 Patch3:         tboot-grub2-fix-menu-in-xen-host-server.patch
 Patch4:         tboot-grub2-fix-xen-submenu-name.patch
 # PATCH-FIX-UPSTREAM -- https://sourceforge.net/p/tboot/code/merge-requests/1/
-Patch5:         reproducible.patch
-Patch6:         tboot-gcc7.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  openssl-devel
 BuildRequires:  trousers-devel
@@ -43,11 +40,8 @@ verified launch of an OS kernel/VMM.
 
 %prep
 %setup -q -n %name-%ver
-%patch1 -p1
 %patch3 -p1
 %patch4 -p1
-%patch5 -p1
-%patch6 -p1
 
 %build
 export CFLAGS="%{optflags}"