Accepting request 314813 from home:gary_lin:branches:Base:System

- make sure the UEFI strings are UCS-2 encoding

OBS-URL: https://build.opensuse.org/request/show/314813
OBS-URL: https://build.opensuse.org/package/show/Base:System/mokutil?expand=0&rev=28

mokutil-fshort-wchar.patch

@@ -0,0 +1,42 @@
+From 9eb111a7f7b897ba4ae19a68708e010a5c384260 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Fri, 19 Jun 2015 16:53:36 -0400
+Subject: [PATCH] Build with -fshort-wchar so toggle passwords work right.
+
+This source tree uses:
+
+typedef wchar_t efi_char16_t;
+
+to define UEFI's UCS-2 character type.  On many platforms, wchar_t is
+32-bits by default.  As a result, efichar_from_char winds up writing
+4-byte characters instead of 2-byte characters.  In the case where we
+hash the password in mokutil, this works fine, because the same datatype
+is used, and the values are the same.  But for our feature toggles,
+where we store the raw data and shim is interpretting the character
+array, every other character winds up being L'\0', and verification
+fails.
+
+So always build with -fshort-wchar to ensure we get 2-byte character
+storage.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index fe28fb9..69d412a 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -37,7 +37,7 @@ else
+ 	default_strict=no
+ fi
+ 
+-WARNINGFLAGS_C="$WARNINGFLAGS_C -std=gnu11"
++WARNINGFLAGS_C="$WARNINGFLAGS_C -std=gnu11 -fshort-wchar"
+ 
+ AC_ARG_ENABLE(strict, AS_HELP_STRING([--enable-strict],[Enable strict compilation options]), enable_strict=$enableval,
+ 		enable_strict=$default_strict)
+-- 
+2.1.4
+

mokutil.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Jun 30 08:43:45 UTC 2015 - glin@suse.com
+
+- Add mokutil-fshort-wchar.patch to make sure the UEFI strings are
+  UCS-2 encoding.
+
 -------------------------------------------------------------------
 Tue Nov  4 07:52:54 UTC 2014 - glin@suse.com
 

mokutil.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package mokutil
 #
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -26,6 +26,8 @@ Url:            https://github.com/lcp/mokutil
 Source:         %{name}-%{version}.tar.bz2
 # PATCH-FIX-UPSTREAM mokutil-fix-overflow.patch glin@suse.com -- Fix the potential buffer overflow
 Patch1:         mokutil-fix-overflow.patch
+# PATCH-FIX-UPSTREAM mokutil-fshort-wchar.patch glin@suse.com -- Add "-fshort-wchar" to make sure the UEFI strings are UCS-2 encoding
+Patch2:         mokutil-fshort-wchar.patch
 # OPENSUSE ONLY
 # PATCH-FIX-OPENSUSE mokutil-support-revoke-builtin-cert.patch glin@suse.com -- Add an option to revoke the built-in certificate
 Patch100:       mokutil-support-revoke-builtin-cert.patch
@@ -50,9 +52,11 @@ Authors:
 %prep
 %setup -q
 %patch1 -p1
+%patch2 -p1
 %patch100 -p1
 
 %build
+autoreconf
 %configure
 make