pool/pesign
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 239077 from home:gary_lin:branches:Base:System

Browse Source 
Update pesign-enable-supplementary-programs.patch to fix write loop

OBS-URL: https://build.opensuse.org/request/show/239077
OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=28
This commit is contained in:
Gary Ching-Pang Lin 2014-07-01 08:00:22 +00:00 committed by Git OBS Bridge
parent 391395f6e3
commit 4c96fbc74b
2 changed files with 108 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

132
pesign-enable-supplementary-programs.patch
View File

@ -1,7 +1,7 @@
From 4d80fec4a38b5cb1a63262a323353c23b0172b77 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Tue, 24 Dec 2013 11:33:26 +0800
Subject: [PATCH 01/30] Allocate cms_context for peverify_context
Subject: [PATCH 01/31] Allocate cms_context for peverify_context
This avoids the crash while freeing cms_context.
@ -78,7 +78,7 @@ index f9b0083..8599357 100644
From b6e40af634aa0b10f59b5936727ccfc260f3dcf0 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Tue, 24 Dec 2013 11:48:08 +0800
Subject: [PATCH 02/30] Calculate the dbsize to avoid the infinite loop
Subject: [PATCH 02/31] Calculate the dbsize to avoid the infinite loop
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
@ -107,7 +107,7 @@ index 5ef3ffe..b6e7c20 100644
From cab9f9ff4737be3e3607caa6dd7f945c50fe64fa Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Tue, 24 Dec 2013 12:35:02 +0800
Subject: [PATCH 03/30] Update the pathes of db, MokListRT, and dbx
Subject: [PATCH 03/31] Update the pathes of db, MokListRT, and dbx
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
@ -147,7 +147,7 @@ index b6e7c20..f6f52bc 100644
From 200bff332ee34de2e2679cfdddd8d09a78b536f7 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Tue, 24 Dec 2013 14:53:58 +0800
Subject: [PATCH 04/30] Skip the first 4 bytes in the efi variables
Subject: [PATCH 04/31] Skip the first 4 bytes in the efi variables
The first 4 bytes store the attributes of the efi variable.
@ -261,7 +261,7 @@ index 8599357..37f415b 100644
From 237e983fe11800e36074c2a50d6468b7ac45ef12 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Wed, 25 Dec 2013 14:14:48 +0800
Subject: [PATCH 05/30] Match the hashes in the db list
Subject: [PATCH 05/31] Match the hashes in the db list
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
@ -319,7 +319,7 @@ index d9d4dea..470f7f3 100644
From 135a083d0e648255096128a67463bc2191f4ac4a Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Tue, 24 Dec 2013 11:47:14 +0800
Subject: [PATCH 06/30] Verify the signature with the certs in the dblist
Subject: [PATCH 06/31] Verify the signature with the certs in the dblist
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
@ -639,7 +639,7 @@ index 62e9995..47d7ee1 100644
From 35746653e0af5b129dfdfd33e9954ff5c47062aa Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Fri, 27 Dec 2013 17:42:19 +0800
Subject: [PATCH 07/30] Verify the PE image with a certificate
Subject: [PATCH 07/31] Verify the PE image with a certificate
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
@ -861,7 +861,7 @@ index 37f415b..7e26d06 100644
From 23295225a732058edabc58ede7e863d347d2ac47 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Fri, 27 Dec 2013 17:43:32 +0800
Subject: [PATCH 08/30] It's peverify, not pesign :)
Subject: [PATCH 08/31] It's peverify, not pesign :)
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
@ -913,7 +913,7 @@ index e4c3e13..ebd7ee7 100644
From b431e22f0e02e282ece114e1829575e7eedfcfb5 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 6 Jan 2014 14:11:34 -0500
Subject: [PATCH 09/30] Rename peverify to pesigcheck
Subject: [PATCH 09/31] Rename peverify to pesigcheck
Signed-off-by: Peter Jones <pjones@redhat.com>
---
@ -2364,7 +2364,7 @@ index 7e26d06..0000000
From 4191f24b18f1bf2a7be5da498b36f016bf115919 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Tue, 7 Jan 2014 12:02:47 +0800
Subject: [PATCH 10/30] Drop the temporary nss dir in pesigcheck
Subject: [PATCH 10/31] Drop the temporary nss dir in pesigcheck
I thought we need a "physical" database for the certificates but
it's actually not necessary. Drop the nss dir creation/deletion
@ -2445,7 +2445,7 @@ index 7cd98c9..9cf33be 100644
From c61386706b169ec02f55880a11dd8097b68d6180 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Wed, 8 Jan 2014 14:17:30 +0800
Subject: [PATCH 11/30] efisiglist: convert the hex array properly
Subject: [PATCH 11/31] efisiglist: convert the hex array properly
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
@ -2493,7 +2493,7 @@ index b7190cb..e01ab73 100644
From 65b8b80de336920cb464d5b5881a66bbeebaa343 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Wed, 8 Jan 2014 14:20:38 +0800
Subject: [PATCH 12/30] efisiglist: Correct the calulation of SignatureListSize
Subject: [PATCH 12/31] efisiglist: Correct the calulation of SignatureListSize
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
@ -2593,7 +2593,7 @@ index ca097e6..0457208 100644
From b51e250f52fe599cf1713c3c91a4b29f0b73fc4c Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Wed, 8 Jan 2014 15:10:18 +0800
Subject: [PATCH 13/30] efisiglist: support adding a certificate in DER form
Subject: [PATCH 13/31] efisiglist: support adding a certificate in DER form
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
@ -2730,7 +2730,7 @@ index e01ab73..b96553b 100644
From a2a7e57e1786a65bac95d1ce03ceda0487c9c2bf Mon Sep 17 00:00:00 2001
From: Michael Scherer <misc@zarb.org>
Date: Mon, 6 Jan 2014 00:48:54 +0100
Subject: [PATCH 14/30] Fix incorrect assignation, and fix memleak ( since
Subject: [PATCH 14/31] Fix incorrect assignation, and fix memleak ( since
new_sd is allocated and never used )
---
@ -2757,7 +2757,7 @@ index 0457208..e001493 100644
From 3e3f152387dfc54598c29b5db7540fad9a9043d8 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Fri, 30 May 2014 18:16:53 +0800
Subject: [PATCH 15/30] authvar: fill some baisc functions
Subject: [PATCH 15/31] authvar: fill some baisc functions
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
@ -3369,7 +3369,7 @@ index 77e94b4..bd822d4 100644
From 1a349b52fd37e71226fd01a75298c9b6f3e25277 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Tue, 3 Jun 2014 16:38:43 +0800
Subject: [PATCH 16/30] authvar: generate and write the EFI AUTH variable
Subject: [PATCH 16/31] authvar: generate and write the EFI AUTH variable
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
@ -3609,7 +3609,7 @@ index 9647849..7e3c696 100644
From 6a5b541d6fc333aa30ec9e80ff82ea4df318e136 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Tue, 3 Jun 2014 17:56:57 +0800
Subject: [PATCH 17/30] authvar: collect everything in buffer and write it
Subject: [PATCH 17/31] authvar: collect everything in buffer and write it
later
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
@ -3684,7 +3684,7 @@ index fdc6d7e..7bfb0d1 100644
From b522876182bf87220da5e40c53e0b38c0f5f14d4 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Tue, 3 Jun 2014 18:23:09 +0800
Subject: [PATCH 18/30] authvar: parse the timestamp string
Subject: [PATCH 18/31] authvar: parse the timestamp string
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
@ -3735,7 +3735,7 @@ index 4fb3145..5923e86 100644
From f376705cefa78845f55d070cf3ac060567636576 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Tue, 3 Jun 2014 18:25:22 +0800
Subject: [PATCH 19/30] authvar: adjust timestamp for append
Subject: [PATCH 19/31] authvar: adjust timestamp for append
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
@ -3763,7 +3763,7 @@ index 5923e86..b333139 100644
From 9ef7442bbe8f520b61c2397cdabd577401130fbb Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Thu, 5 Jun 2014 14:50:20 +0800
Subject: [PATCH 20/30] authvar: modify the content of SignedData for authvar
Subject: [PATCH 20/31] authvar: modify the content of SignedData for authvar
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
@ -4046,7 +4046,7 @@ index f1c9828..724aa7d 100644
From 7064f04c884fc62bf85b0a03fbc86a078037f03a Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Mon, 9 Jun 2014 10:30:00 +0800
Subject: [PATCH 21/30] authvar: fix USC2 conversion and the length of the
Subject: [PATCH 21/31] authvar: fix USC2 conversion and the length of the
header
Also truncate the export file.
@ -4128,7 +4128,7 @@ index 95d684c..8344e82 100644
From 9906a3cc8efd133edcc57aeb582b22c92011d7f1 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Tue, 10 Jun 2014 12:13:04 +0800
Subject: [PATCH 22/30] authvar: sign the right content
Subject: [PATCH 22/31] authvar: sign the right content
We don't have to calculate the digest first.
@ -4304,7 +4304,7 @@ index ef05b7c..afa00e2 100644
From d69d64cc43c630446eed0e851cf22a4b512780fb Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Tue, 10 Jun 2014 12:25:07 +0800
Subject: [PATCH 23/30] authvar: don't exit if no value for CLEAR
Subject: [PATCH 23/31] authvar: don't exit if no value for CLEAR
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
@ -4332,7 +4332,7 @@ index b333139..4a9fcac 100644
From 301e729061406bd4388febc9737c475f2ff873dc Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Tue, 10 Jun 2014 12:32:05 +0800
Subject: [PATCH 24/30] authvar: mark "import" as unimplemented
Subject: [PATCH 24/31] authvar: mark "import" as unimplemented
Will do it later...
@ -4370,7 +4370,7 @@ index 4a9fcac..dfd40f2 100644
From c756c108fce07576a67fc4a2719cad7639566604 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Tue, 10 Jun 2014 12:48:43 +0800
Subject: [PATCH 25/30] authvar: check the export file
Subject: [PATCH 25/31] authvar: check the export file
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
@ -4431,7 +4431,7 @@ index 7e3c696..e9250dd 100644
From 6ec83a5cb8710082b9761e46e54f52c07edff6a5 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Wed, 11 Jun 2014 15:45:03 +0800
Subject: [PATCH 26/30] efisiglist: adjust the signature size
Subject: [PATCH 26/31] efisiglist: adjust the signature size
I forgot the size of the owner GUID.
@ -4460,7 +4460,7 @@ index e001493..e6a9817 100644
From 6e284c09d1c84900cfcbb237e467544667568a87 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Thu, 12 Jun 2014 10:41:50 +0800
Subject: [PATCH 27/30] Install pesigcheck, authvar, and efisiglist
Subject: [PATCH 27/31] Install pesigcheck, authvar, and efisiglist
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
@ -4489,7 +4489,7 @@ index 0aa13a1..9d14d81 100644
From afe4aa85503eae83c073c11f8b2fbcb266093726 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Wed, 8 Jan 2014 17:41:20 +0800
Subject: [PATCH 28/30] pesigcheck: choose the proper digest algorithm
Subject: [PATCH 28/31] pesigcheck: choose the proper digest algorithm
Check the digest algorithm in SignerInfo before calculate/compare
the digest
@ -4635,7 +4635,7 @@ index 9cf33be..f173121 100644
From ef7b38cdb8a1f23cd3cfcbe19835677a9eec2a03 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Thu, 12 Jun 2014 11:07:24 +0800
Subject: [PATCH 29/30] make gcc happy
Subject: [PATCH 29/31] make gcc happy
---
src/authvar_context.c | 3 ++-
@ -4676,7 +4676,7 @@ index 2fa1cdd..5371a9c 100644
From 741515622a6864668db35318bcb2703d1a8d3883 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Thu, 12 Jun 2014 11:20:24 +0800
Subject: [PATCH 30/30] authvar: fix the type cast for 32bit systems
Subject: [PATCH 30/31] authvar: fix the type cast for 32bit systems
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
@ -4702,3 +4702,75 @@ index 5444d3a..22e28ce 100644
--
1.8.4.5
From c72d3e454c8cd5ed4290d7c16027e74f5df3cfe8 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Tue, 1 Jul 2014 14:43:35 +0800
Subject: [PATCH 31/31] authvar: fix the write loop
I forgot to move the pointer...
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
src/authvar_context.c | 17 +++++++----------
1 file changed, 7 insertions(+), 10 deletions(-)
diff --git a/src/authvar_context.c b/src/authvar_context.c
index 22e28ce..53855f2 100644
--- a/src/authvar_context.c
+++ b/src/authvar_context.c
@@ -18,6 +18,7 @@
*/
#include <unistd.h>
+#include <stddef.h>
#include <sys/mman.h>
#include <prerror.h>
@@ -133,11 +134,7 @@ generate_descriptor(authvar_context *ctx)
if (rc < 0)
cmsreterr(-1, ctx->cms_ctx, "could not create signed data");
-#if __WORDSIZE == 64
- offset = (uint64_t) &((win_cert_uefi_guid_t *)0)->data;
-#else
- offset = (uint32_t) &((win_cert_uefi_guid_t *)0)->data;
-#endif
+ offset = offsetof(win_cert_uefi_guid_t, data);
authinfo = calloc(offset + sd_der.len, 1);
if (!authinfo)
cmsreterr(-1, ctx->cms_ctx, "could not allocate authinfo");
@@ -160,6 +157,7 @@ write_authvar(authvar_context *ctx)
void *buffer, *ptr;
size_t buf_len, des_len, remain;
ssize_t wlen;
+ off_t offset;
if (!ctx->authinfo)
cmsreterr(-1, ctx->cms_ctx, "Not a valid authvar");
@@ -187,18 +185,17 @@ write_authvar(authvar_context *ctx)
if (ctx->value_size > 0)
memcpy(ptr, ctx->value, ctx->value_size);
- if (!ctx->to_firmware) {
- if (ftruncate(ctx->exportfd, buf_len) < 0)
- return -1;
+ if (!ctx->to_firmware)
lseek(ctx->exportfd, 0, SEEK_SET);
- }
remain = buf_len;
+ offset = 0;
do {
- wlen = write(ctx->exportfd, buffer, remain);
+ wlen = write(ctx->exportfd, buffer + offset, remain);
if (wlen < 0)
cmsreterr(-1, ctx->cms_ctx, "failed to write authvar");
remain -= wlen;
+ offset += wlen;
} while (remain > 0);
return 0;
--
1.8.4.5

6
pesign.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Tue Jul 1 06:46:13 UTC 2014 - glin@suse.com
- Update pesign-enable-supplementary-programs.patch to fix write
loop
-------------------------------------------------------------------
Thu Jun 12 02:47:55 UTC 2014 - glin@suse.com