From 4c96fbc74b8e0286e8b8ee9971e33b531c289703cf3d668f52977c8088d1eda1 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Tue, 1 Jul 2014 08:00:22 +0000 Subject: [PATCH] Accepting request 239077 from home:gary_lin:branches:Base:System Update pesign-enable-supplementary-programs.patch to fix write loop OBS-URL: https://build.opensuse.org/request/show/239077 OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=28 --- pesign-enable-supplementary-programs.patch | 132 ++++++++++++++++----- pesign.changes | 6 + 2 files changed, 108 insertions(+), 30 deletions(-) diff --git a/pesign-enable-supplementary-programs.patch b/pesign-enable-supplementary-programs.patch index 0f64d02..fa807da 100644 --- a/pesign-enable-supplementary-programs.patch +++ b/pesign-enable-supplementary-programs.patch @@ -1,7 +1,7 @@ From 4d80fec4a38b5cb1a63262a323353c23b0172b77 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Tue, 24 Dec 2013 11:33:26 +0800 -Subject: [PATCH 01/30] Allocate cms_context for peverify_context +Subject: [PATCH 01/31] Allocate cms_context for peverify_context This avoids the crash while freeing cms_context. @@ -78,7 +78,7 @@ index f9b0083..8599357 100644 From b6e40af634aa0b10f59b5936727ccfc260f3dcf0 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Tue, 24 Dec 2013 11:48:08 +0800 -Subject: [PATCH 02/30] Calculate the dbsize to avoid the infinite loop +Subject: [PATCH 02/31] Calculate the dbsize to avoid the infinite loop Signed-off-by: Gary Ching-Pang Lin --- @@ -107,7 +107,7 @@ index 5ef3ffe..b6e7c20 100644 From cab9f9ff4737be3e3607caa6dd7f945c50fe64fa Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Tue, 24 Dec 2013 12:35:02 +0800 -Subject: [PATCH 03/30] Update the pathes of db, MokListRT, and dbx +Subject: [PATCH 03/31] Update the pathes of db, MokListRT, and dbx Signed-off-by: Gary Ching-Pang Lin --- @@ -147,7 +147,7 @@ index b6e7c20..f6f52bc 100644 From 200bff332ee34de2e2679cfdddd8d09a78b536f7 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Tue, 24 Dec 2013 14:53:58 +0800 -Subject: [PATCH 04/30] Skip the first 4 bytes in the efi variables +Subject: [PATCH 04/31] Skip the first 4 bytes in the efi variables The first 4 bytes store the attributes of the efi variable. @@ -261,7 +261,7 @@ index 8599357..37f415b 100644 From 237e983fe11800e36074c2a50d6468b7ac45ef12 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Wed, 25 Dec 2013 14:14:48 +0800 -Subject: [PATCH 05/30] Match the hashes in the db list +Subject: [PATCH 05/31] Match the hashes in the db list Signed-off-by: Gary Ching-Pang Lin --- @@ -319,7 +319,7 @@ index d9d4dea..470f7f3 100644 From 135a083d0e648255096128a67463bc2191f4ac4a Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Tue, 24 Dec 2013 11:47:14 +0800 -Subject: [PATCH 06/30] Verify the signature with the certs in the dblist +Subject: [PATCH 06/31] Verify the signature with the certs in the dblist Signed-off-by: Gary Ching-Pang Lin --- @@ -639,7 +639,7 @@ index 62e9995..47d7ee1 100644 From 35746653e0af5b129dfdfd33e9954ff5c47062aa Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Fri, 27 Dec 2013 17:42:19 +0800 -Subject: [PATCH 07/30] Verify the PE image with a certificate +Subject: [PATCH 07/31] Verify the PE image with a certificate Signed-off-by: Gary Ching-Pang Lin --- @@ -861,7 +861,7 @@ index 37f415b..7e26d06 100644 From 23295225a732058edabc58ede7e863d347d2ac47 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Fri, 27 Dec 2013 17:43:32 +0800 -Subject: [PATCH 08/30] It's peverify, not pesign :) +Subject: [PATCH 08/31] It's peverify, not pesign :) Signed-off-by: Gary Ching-Pang Lin --- @@ -913,7 +913,7 @@ index e4c3e13..ebd7ee7 100644 From b431e22f0e02e282ece114e1829575e7eedfcfb5 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Mon, 6 Jan 2014 14:11:34 -0500 -Subject: [PATCH 09/30] Rename peverify to pesigcheck +Subject: [PATCH 09/31] Rename peverify to pesigcheck Signed-off-by: Peter Jones --- @@ -2364,7 +2364,7 @@ index 7e26d06..0000000 From 4191f24b18f1bf2a7be5da498b36f016bf115919 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Tue, 7 Jan 2014 12:02:47 +0800 -Subject: [PATCH 10/30] Drop the temporary nss dir in pesigcheck +Subject: [PATCH 10/31] Drop the temporary nss dir in pesigcheck I thought we need a "physical" database for the certificates but it's actually not necessary. Drop the nss dir creation/deletion @@ -2445,7 +2445,7 @@ index 7cd98c9..9cf33be 100644 From c61386706b169ec02f55880a11dd8097b68d6180 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Wed, 8 Jan 2014 14:17:30 +0800 -Subject: [PATCH 11/30] efisiglist: convert the hex array properly +Subject: [PATCH 11/31] efisiglist: convert the hex array properly Signed-off-by: Gary Ching-Pang Lin --- @@ -2493,7 +2493,7 @@ index b7190cb..e01ab73 100644 From 65b8b80de336920cb464d5b5881a66bbeebaa343 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Wed, 8 Jan 2014 14:20:38 +0800 -Subject: [PATCH 12/30] efisiglist: Correct the calulation of SignatureListSize +Subject: [PATCH 12/31] efisiglist: Correct the calulation of SignatureListSize Signed-off-by: Gary Ching-Pang Lin --- @@ -2593,7 +2593,7 @@ index ca097e6..0457208 100644 From b51e250f52fe599cf1713c3c91a4b29f0b73fc4c Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Wed, 8 Jan 2014 15:10:18 +0800 -Subject: [PATCH 13/30] efisiglist: support adding a certificate in DER form +Subject: [PATCH 13/31] efisiglist: support adding a certificate in DER form Signed-off-by: Gary Ching-Pang Lin --- @@ -2730,7 +2730,7 @@ index e01ab73..b96553b 100644 From a2a7e57e1786a65bac95d1ce03ceda0487c9c2bf Mon Sep 17 00:00:00 2001 From: Michael Scherer Date: Mon, 6 Jan 2014 00:48:54 +0100 -Subject: [PATCH 14/30] Fix incorrect assignation, and fix memleak ( since +Subject: [PATCH 14/31] Fix incorrect assignation, and fix memleak ( since new_sd is allocated and never used ) --- @@ -2757,7 +2757,7 @@ index 0457208..e001493 100644 From 3e3f152387dfc54598c29b5db7540fad9a9043d8 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Fri, 30 May 2014 18:16:53 +0800 -Subject: [PATCH 15/30] authvar: fill some baisc functions +Subject: [PATCH 15/31] authvar: fill some baisc functions Signed-off-by: Gary Ching-Pang Lin --- @@ -3369,7 +3369,7 @@ index 77e94b4..bd822d4 100644 From 1a349b52fd37e71226fd01a75298c9b6f3e25277 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Tue, 3 Jun 2014 16:38:43 +0800 -Subject: [PATCH 16/30] authvar: generate and write the EFI AUTH variable +Subject: [PATCH 16/31] authvar: generate and write the EFI AUTH variable Signed-off-by: Gary Ching-Pang Lin --- @@ -3609,7 +3609,7 @@ index 9647849..7e3c696 100644 From 6a5b541d6fc333aa30ec9e80ff82ea4df318e136 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Tue, 3 Jun 2014 17:56:57 +0800 -Subject: [PATCH 17/30] authvar: collect everything in buffer and write it +Subject: [PATCH 17/31] authvar: collect everything in buffer and write it later Signed-off-by: Gary Ching-Pang Lin @@ -3684,7 +3684,7 @@ index fdc6d7e..7bfb0d1 100644 From b522876182bf87220da5e40c53e0b38c0f5f14d4 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Tue, 3 Jun 2014 18:23:09 +0800 -Subject: [PATCH 18/30] authvar: parse the timestamp string +Subject: [PATCH 18/31] authvar: parse the timestamp string Signed-off-by: Gary Ching-Pang Lin --- @@ -3735,7 +3735,7 @@ index 4fb3145..5923e86 100644 From f376705cefa78845f55d070cf3ac060567636576 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Tue, 3 Jun 2014 18:25:22 +0800 -Subject: [PATCH 19/30] authvar: adjust timestamp for append +Subject: [PATCH 19/31] authvar: adjust timestamp for append Signed-off-by: Gary Ching-Pang Lin --- @@ -3763,7 +3763,7 @@ index 5923e86..b333139 100644 From 9ef7442bbe8f520b61c2397cdabd577401130fbb Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Thu, 5 Jun 2014 14:50:20 +0800 -Subject: [PATCH 20/30] authvar: modify the content of SignedData for authvar +Subject: [PATCH 20/31] authvar: modify the content of SignedData for authvar Signed-off-by: Gary Ching-Pang Lin --- @@ -4046,7 +4046,7 @@ index f1c9828..724aa7d 100644 From 7064f04c884fc62bf85b0a03fbc86a078037f03a Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Mon, 9 Jun 2014 10:30:00 +0800 -Subject: [PATCH 21/30] authvar: fix USC2 conversion and the length of the +Subject: [PATCH 21/31] authvar: fix USC2 conversion and the length of the header Also truncate the export file. @@ -4128,7 +4128,7 @@ index 95d684c..8344e82 100644 From 9906a3cc8efd133edcc57aeb582b22c92011d7f1 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Tue, 10 Jun 2014 12:13:04 +0800 -Subject: [PATCH 22/30] authvar: sign the right content +Subject: [PATCH 22/31] authvar: sign the right content We don't have to calculate the digest first. @@ -4304,7 +4304,7 @@ index ef05b7c..afa00e2 100644 From d69d64cc43c630446eed0e851cf22a4b512780fb Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Tue, 10 Jun 2014 12:25:07 +0800 -Subject: [PATCH 23/30] authvar: don't exit if no value for CLEAR +Subject: [PATCH 23/31] authvar: don't exit if no value for CLEAR Signed-off-by: Gary Ching-Pang Lin --- @@ -4332,7 +4332,7 @@ index b333139..4a9fcac 100644 From 301e729061406bd4388febc9737c475f2ff873dc Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Tue, 10 Jun 2014 12:32:05 +0800 -Subject: [PATCH 24/30] authvar: mark "import" as unimplemented +Subject: [PATCH 24/31] authvar: mark "import" as unimplemented Will do it later... @@ -4370,7 +4370,7 @@ index 4a9fcac..dfd40f2 100644 From c756c108fce07576a67fc4a2719cad7639566604 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Tue, 10 Jun 2014 12:48:43 +0800 -Subject: [PATCH 25/30] authvar: check the export file +Subject: [PATCH 25/31] authvar: check the export file Signed-off-by: Gary Ching-Pang Lin --- @@ -4431,7 +4431,7 @@ index 7e3c696..e9250dd 100644 From 6ec83a5cb8710082b9761e46e54f52c07edff6a5 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Wed, 11 Jun 2014 15:45:03 +0800 -Subject: [PATCH 26/30] efisiglist: adjust the signature size +Subject: [PATCH 26/31] efisiglist: adjust the signature size I forgot the size of the owner GUID. @@ -4460,7 +4460,7 @@ index e001493..e6a9817 100644 From 6e284c09d1c84900cfcbb237e467544667568a87 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Thu, 12 Jun 2014 10:41:50 +0800 -Subject: [PATCH 27/30] Install pesigcheck, authvar, and efisiglist +Subject: [PATCH 27/31] Install pesigcheck, authvar, and efisiglist Signed-off-by: Gary Ching-Pang Lin --- @@ -4489,7 +4489,7 @@ index 0aa13a1..9d14d81 100644 From afe4aa85503eae83c073c11f8b2fbcb266093726 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Wed, 8 Jan 2014 17:41:20 +0800 -Subject: [PATCH 28/30] pesigcheck: choose the proper digest algorithm +Subject: [PATCH 28/31] pesigcheck: choose the proper digest algorithm Check the digest algorithm in SignerInfo before calculate/compare the digest @@ -4635,7 +4635,7 @@ index 9cf33be..f173121 100644 From ef7b38cdb8a1f23cd3cfcbe19835677a9eec2a03 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Thu, 12 Jun 2014 11:07:24 +0800 -Subject: [PATCH 29/30] make gcc happy +Subject: [PATCH 29/31] make gcc happy --- src/authvar_context.c | 3 ++- @@ -4676,7 +4676,7 @@ index 2fa1cdd..5371a9c 100644 From 741515622a6864668db35318bcb2703d1a8d3883 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Thu, 12 Jun 2014 11:20:24 +0800 -Subject: [PATCH 30/30] authvar: fix the type cast for 32bit systems +Subject: [PATCH 30/31] authvar: fix the type cast for 32bit systems Signed-off-by: Gary Ching-Pang Lin --- @@ -4702,3 +4702,75 @@ index 5444d3a..22e28ce 100644 -- 1.8.4.5 + +From c72d3e454c8cd5ed4290d7c16027e74f5df3cfe8 Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Tue, 1 Jul 2014 14:43:35 +0800 +Subject: [PATCH 31/31] authvar: fix the write loop + +I forgot to move the pointer... + +Signed-off-by: Gary Ching-Pang Lin +--- + src/authvar_context.c | 17 +++++++---------- + 1 file changed, 7 insertions(+), 10 deletions(-) + +diff --git a/src/authvar_context.c b/src/authvar_context.c +index 22e28ce..53855f2 100644 +--- a/src/authvar_context.c ++++ b/src/authvar_context.c +@@ -18,6 +18,7 @@ + */ + + #include ++#include + #include + + #include +@@ -133,11 +134,7 @@ generate_descriptor(authvar_context *ctx) + if (rc < 0) + cmsreterr(-1, ctx->cms_ctx, "could not create signed data"); + +-#if __WORDSIZE == 64 +- offset = (uint64_t) &((win_cert_uefi_guid_t *)0)->data; +-#else +- offset = (uint32_t) &((win_cert_uefi_guid_t *)0)->data; +-#endif ++ offset = offsetof(win_cert_uefi_guid_t, data); + authinfo = calloc(offset + sd_der.len, 1); + if (!authinfo) + cmsreterr(-1, ctx->cms_ctx, "could not allocate authinfo"); +@@ -160,6 +157,7 @@ write_authvar(authvar_context *ctx) + void *buffer, *ptr; + size_t buf_len, des_len, remain; + ssize_t wlen; ++ off_t offset; + + if (!ctx->authinfo) + cmsreterr(-1, ctx->cms_ctx, "Not a valid authvar"); +@@ -187,18 +185,17 @@ write_authvar(authvar_context *ctx) + if (ctx->value_size > 0) + memcpy(ptr, ctx->value, ctx->value_size); + +- if (!ctx->to_firmware) { +- if (ftruncate(ctx->exportfd, buf_len) < 0) +- return -1; ++ if (!ctx->to_firmware) + lseek(ctx->exportfd, 0, SEEK_SET); +- } + + remain = buf_len; ++ offset = 0; + do { +- wlen = write(ctx->exportfd, buffer, remain); ++ wlen = write(ctx->exportfd, buffer + offset, remain); + if (wlen < 0) + cmsreterr(-1, ctx->cms_ctx, "failed to write authvar"); + remain -= wlen; ++ offset += wlen; + } while (remain > 0); + + return 0; +-- +1.8.4.5 + diff --git a/pesign.changes b/pesign.changes index 078719e..78010a7 100644 --- a/pesign.changes +++ b/pesign.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Jul 1 06:46:13 UTC 2014 - glin@suse.com + +- Update pesign-enable-supplementary-programs.patch to fix write + loop + ------------------------------------------------------------------- Thu Jun 12 02:47:55 UTC 2014 - glin@suse.com