From 70aa4bb9a801a02391b02d6649a0ff3f41014d8bd90c3d8ef0b9c215e8e26e4f Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Thu, 2 Jul 2015 08:16:12 +0000 Subject: [PATCH] Accepting request 314813 from home:gary_lin:branches:Base:System - make sure the UEFI strings are UCS-2 encoding OBS-URL: https://build.opensuse.org/request/show/314813 OBS-URL: https://build.opensuse.org/package/show/Base:System/mokutil?expand=0&rev=28 --- mokutil-fshort-wchar.patch | 42 ++++++++++++++++++++++++++++++++++++++ mokutil.changes | 6 ++++++ mokutil.spec | 6 +++++- 3 files changed, 53 insertions(+), 1 deletion(-) create mode 100644 mokutil-fshort-wchar.patch diff --git a/mokutil-fshort-wchar.patch b/mokutil-fshort-wchar.patch new file mode 100644 index 0000000..75ab6e6 --- /dev/null +++ b/mokutil-fshort-wchar.patch @@ -0,0 +1,42 @@ +From 9eb111a7f7b897ba4ae19a68708e010a5c384260 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 19 Jun 2015 16:53:36 -0400 +Subject: [PATCH] Build with -fshort-wchar so toggle passwords work right. + +This source tree uses: + +typedef wchar_t efi_char16_t; + +to define UEFI's UCS-2 character type. On many platforms, wchar_t is +32-bits by default. As a result, efichar_from_char winds up writing +4-byte characters instead of 2-byte characters. In the case where we +hash the password in mokutil, this works fine, because the same datatype +is used, and the values are the same. But for our feature toggles, +where we store the raw data and shim is interpretting the character +array, every other character winds up being L'\0', and verification +fails. + +So always build with -fshort-wchar to ensure we get 2-byte character +storage. + +Signed-off-by: Peter Jones +--- + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index fe28fb9..69d412a 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -37,7 +37,7 @@ else + default_strict=no + fi + +-WARNINGFLAGS_C="$WARNINGFLAGS_C -std=gnu11" ++WARNINGFLAGS_C="$WARNINGFLAGS_C -std=gnu11 -fshort-wchar" + + AC_ARG_ENABLE(strict, AS_HELP_STRING([--enable-strict],[Enable strict compilation options]), enable_strict=$enableval, + enable_strict=$default_strict) +-- +2.1.4 + diff --git a/mokutil.changes b/mokutil.changes index 6b95986..9133d9c 100644 --- a/mokutil.changes +++ b/mokutil.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Jun 30 08:43:45 UTC 2015 - glin@suse.com + +- Add mokutil-fshort-wchar.patch to make sure the UEFI strings are + UCS-2 encoding. + ------------------------------------------------------------------- Tue Nov 4 07:52:54 UTC 2014 - glin@suse.com diff --git a/mokutil.spec b/mokutil.spec index 1d8e16f..cec577d 100644 --- a/mokutil.spec +++ b/mokutil.spec @@ -1,7 +1,7 @@ # # spec file for package mokutil # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,6 +26,8 @@ Url: https://github.com/lcp/mokutil Source: %{name}-%{version}.tar.bz2 # PATCH-FIX-UPSTREAM mokutil-fix-overflow.patch glin@suse.com -- Fix the potential buffer overflow Patch1: mokutil-fix-overflow.patch +# PATCH-FIX-UPSTREAM mokutil-fshort-wchar.patch glin@suse.com -- Add "-fshort-wchar" to make sure the UEFI strings are UCS-2 encoding +Patch2: mokutil-fshort-wchar.patch # OPENSUSE ONLY # PATCH-FIX-OPENSUSE mokutil-support-revoke-builtin-cert.patch glin@suse.com -- Add an option to revoke the built-in certificate Patch100: mokutil-support-revoke-builtin-cert.patch @@ -50,9 +52,11 @@ Authors: %prep %setup -q %patch1 -p1 +%patch2 -p1 %patch100 -p1 %build +autoreconf %configure make