Accepting request 157970 from home:gary_lin:branches:devel:openSUSE:Factory

bnc#807760: change the PXE 2nd stage loader name bnc#808106: certificate count of the signature list OBS-URL: https://build.opensuse.org/request/show/157970 OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=22
2013-03-08 08:06:19 +00:00 · 2013-03-08 08:06:19 +00:00 · 6c21f45551
commit 6c21f45551
parent e356a6eeae
4 changed files with 106 additions and 0 deletions
--- a/shim-bnc807760-change-pxe-2nd-loader-name.patch
+++ b/shim-bnc807760-change-pxe-2nd-loader-name.patch
@ -0,0 +1,58 @@
+From 8222b5f6dd8ff34368173b86ae6108cb792802a7 Mon Sep 17 00:00:00 2001
+From: Gary Ching-Pang Lin <glin@suse.com>
+Date: Thu, 7 Mar 2013 11:59:44 +0800
+Subject: [PATCH] Define the PXE 2nd stage loader in the beginning of the file
+
+Make it easier to change the PXE 2nd stage loader.
+---
+ netboot.c |   12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+
+diff --git a/netboot.c b/netboot.c
+index 90fb9cb..ae723c7 100644
+--- a/netboot.c
+++ b/netboot.c
+@@ -39,6 +39,7 @@
+ #include "shim.h"
+ #include "netboot.h"
+ 
+#define DEFAULT_LOADER "/grub.efi"
+ 
+ static inline unsigned short int __swap16(unsigned short int x)
+ {
+@@ -238,7 +239,7 @@ static BOOLEAN extract_tftp_info(char *url)
+ {
+ 	char *start, *end;
+ 	char ip6str[128];
+-	char *template = "/grubx64.efi";
+	char *template = DEFAULT_LOADER;
+ 
+ 	if (strncmp((UINT8 *)url, (UINT8 *)"tftp://", 7)) {
+ 		Print(L"URLS MUST START WITH tftp://\n");
+@@ -294,9 +295,11 @@ static EFI_STATUS parseDhcp6()
+ 
+ static EFI_STATUS parseDhcp4()
+ {
+-	char *template = "/grubx64.efi";
+-	char *tmp = AllocatePool(16);
+	char *template = DEFAULT_LOADER;
+	char *tmp;
+	int len = strlen((CHAR8 *)template);
+ 
+	tmp = AllocatePool(len+1);
+ 
+ 	if (!tmp)
+ 		return EFI_OUT_OF_RESOURCES;
+@@ -304,8 +307,7 @@ static EFI_STATUS parseDhcp4()
+ 
+ 	memcpy(&tftp_addr.v4, pxe->Mode->DhcpAck.Dhcpv4.BootpSiAddr, 4);
+ 
+-	memcpy(tmp, template, 12);
+-	tmp[13] = '\0';
+	memcpy(tmp, template, len+1);
+ 	full_path = tmp;
+ 
+ 	/* Note we don't capture the filename option here because we know its shim.efi
+-- 
+1.7.10.4
+
--- a/shim-bnc808106-correct-certcount.patch
+++ b/shim-bnc808106-correct-certcount.patch
@ -0,0 +1,34 @@
+From 822b44b8d978449a43fb2cd7bcd1381d961d0b25 Mon Sep 17 00:00:00 2001
+From: Gary Ching-Pang Lin <glin@suse.com>
+Date: Fri, 8 Mar 2013 14:44:50 +0800
+Subject: [PATCH] Correct the certificate count of the signature list
+
+---
+ shim.c |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/shim.c b/shim.c
+index c36b641..1daa84b 100644
+--- a/shim.c
+++ b/shim.c
+@@ -228,7 +228,7 @@ static CHECK_STATUS check_db_cert_in_ram(EFI_SIGNATURE_LIST *CertList,
+ 
+ 	while ((dbsize > 0) && (dbsize >= CertList->SignatureListSize)) {
+ 		if (CompareGuid (&CertList->SignatureType, &CertType) == 0) {
+-			CertCount = (CertList->SignatureListSize - CertList->SignatureHeaderSize) / CertList->SignatureSize;
+			CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
+ 			Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
+ 			for (Index = 0; Index < CertCount; Index++) {
+ 				IsFound = AuthenticodeVerify (data->CertData,
+@@ -293,7 +293,7 @@ static CHECK_STATUS check_db_hash_in_ram(EFI_SIGNATURE_LIST *CertList,
+ 	BOOLEAN IsFound = FALSE;
+ 
+ 	while ((dbsize > 0) && (dbsize >= CertList->SignatureListSize)) {
+-		CertCount = (CertList->SignatureListSize - CertList->SignatureHeaderSize) / CertList->SignatureSize;
+		CertCount = (CertList->SignatureListSize -sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
+ 		Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
+ 		if (CompareGuid(&CertList->SignatureType, &CertType) == 0) {
+ 			for (Index = 0; Index < CertCount; Index++) {
+-- 
+1.7.10.4
+
--- a/shim.changes
+++ b/shim.changes
@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Fri Mar  8 06:53:47 UTC 2013 - glin@suse.com
+
+- Add shim-bnc807760-change-pxe-2nd-loader-name.patch to change the
+  PXE 2nd stage loader name (bnc#807760)
+- Add shim-bnc808106-correct-certcount.patch to correct the
+  certificate count of the signature list (bnc#808106)
+
 -------------------------------------------------------------------
 Fri Mar  1 10:07:55 UTC 2013 - glin@suse.com

--- a/shim.spec
+++ b/shim.spec
@ -57,6 +57,10 @@ Patch10:        shim-keep-unsigned-mokmanager.patch
 Patch11:        shim-bnc804631-fix-broken-bootpath.patch
 # PATCH-FIX-UPSTREAM shim-bnc798043-no-doulbe-separators.patch bnc#798043 glin@suse.com -- Remove all double-separators from the bootpath
 Patch12:        shim-bnc798043-no-doulbe-separators.patch
+# PATCH-FIX-UPSTREAM shim-bnc807760-change-pxe-2nd-loader-name.patch bnc#807760 glin@suse.com -- Change the PXE 2nd stage loader to match the filename we are using
+Patch13:        shim-bnc807760-change-pxe-2nd-loader-name.patch
+# PATCH-FIX-UPSTREAM shim-bnc808106-correct-certcount.patch bnc#808106 glin@suse.com -- Correct the certifcate count of the signature list
+Patch14:        shim-bnc808106-correct-certcount.patch
 BuildRequires:  gnu-efi >= 3.0q
 BuildRequires:  mozilla-nss-tools
 BuildRequires:  openssl >= 0.9.8
@ -90,6 +94,8 @@ Authors:
 %patch10 -p1
 %patch11 -p1
 %patch12 -p1
+%patch13 -p1
+%patch14 -p1

 %build
 chmod +x "make-certs"