diff --git a/shim-bnc807760-change-pxe-2nd-loader-name.patch b/shim-bnc807760-change-pxe-2nd-loader-name.patch new file mode 100644 index 0000000..b5ca9fb --- /dev/null +++ b/shim-bnc807760-change-pxe-2nd-loader-name.patch @@ -0,0 +1,58 @@ +From 8222b5f6dd8ff34368173b86ae6108cb792802a7 Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Thu, 7 Mar 2013 11:59:44 +0800 +Subject: [PATCH] Define the PXE 2nd stage loader in the beginning of the file + +Make it easier to change the PXE 2nd stage loader. +--- + netboot.c | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +diff --git a/netboot.c b/netboot.c +index 90fb9cb..ae723c7 100644 +--- a/netboot.c ++++ b/netboot.c +@@ -39,6 +39,7 @@ + #include "shim.h" + #include "netboot.h" + ++#define DEFAULT_LOADER "/grub.efi" + + static inline unsigned short int __swap16(unsigned short int x) + { +@@ -238,7 +239,7 @@ static BOOLEAN extract_tftp_info(char *url) + { + char *start, *end; + char ip6str[128]; +- char *template = "/grubx64.efi"; ++ char *template = DEFAULT_LOADER; + + if (strncmp((UINT8 *)url, (UINT8 *)"tftp://", 7)) { + Print(L"URLS MUST START WITH tftp://\n"); +@@ -294,9 +295,11 @@ static EFI_STATUS parseDhcp6() + + static EFI_STATUS parseDhcp4() + { +- char *template = "/grubx64.efi"; +- char *tmp = AllocatePool(16); ++ char *template = DEFAULT_LOADER; ++ char *tmp; ++ int len = strlen((CHAR8 *)template); + ++ tmp = AllocatePool(len+1); + + if (!tmp) + return EFI_OUT_OF_RESOURCES; +@@ -304,8 +307,7 @@ static EFI_STATUS parseDhcp4() + + memcpy(&tftp_addr.v4, pxe->Mode->DhcpAck.Dhcpv4.BootpSiAddr, 4); + +- memcpy(tmp, template, 12); +- tmp[13] = '\0'; ++ memcpy(tmp, template, len+1); + full_path = tmp; + + /* Note we don't capture the filename option here because we know its shim.efi +-- +1.7.10.4 + diff --git a/shim-bnc808106-correct-certcount.patch b/shim-bnc808106-correct-certcount.patch new file mode 100644 index 0000000..c8d5d47 --- /dev/null +++ b/shim-bnc808106-correct-certcount.patch @@ -0,0 +1,34 @@ +From 822b44b8d978449a43fb2cd7bcd1381d961d0b25 Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Fri, 8 Mar 2013 14:44:50 +0800 +Subject: [PATCH] Correct the certificate count of the signature list + +--- + shim.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/shim.c b/shim.c +index c36b641..1daa84b 100644 +--- a/shim.c ++++ b/shim.c +@@ -228,7 +228,7 @@ static CHECK_STATUS check_db_cert_in_ram(EFI_SIGNATURE_LIST *CertList, + + while ((dbsize > 0) && (dbsize >= CertList->SignatureListSize)) { + if (CompareGuid (&CertList->SignatureType, &CertType) == 0) { +- CertCount = (CertList->SignatureListSize - CertList->SignatureHeaderSize) / CertList->SignatureSize; ++ CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; + Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); + for (Index = 0; Index < CertCount; Index++) { + IsFound = AuthenticodeVerify (data->CertData, +@@ -293,7 +293,7 @@ static CHECK_STATUS check_db_hash_in_ram(EFI_SIGNATURE_LIST *CertList, + BOOLEAN IsFound = FALSE; + + while ((dbsize > 0) && (dbsize >= CertList->SignatureListSize)) { +- CertCount = (CertList->SignatureListSize - CertList->SignatureHeaderSize) / CertList->SignatureSize; ++ CertCount = (CertList->SignatureListSize -sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; + Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); + if (CompareGuid(&CertList->SignatureType, &CertType) == 0) { + for (Index = 0; Index < CertCount; Index++) { +-- +1.7.10.4 + diff --git a/shim.changes b/shim.changes index 5c21249..5ec6e92 100644 --- a/shim.changes +++ b/shim.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Fri Mar 8 06:53:47 UTC 2013 - glin@suse.com + +- Add shim-bnc807760-change-pxe-2nd-loader-name.patch to change the + PXE 2nd stage loader name (bnc#807760) +- Add shim-bnc808106-correct-certcount.patch to correct the + certificate count of the signature list (bnc#808106) + ------------------------------------------------------------------- Fri Mar 1 10:07:55 UTC 2013 - glin@suse.com diff --git a/shim.spec b/shim.spec index b48dd8b..3bfe856 100644 --- a/shim.spec +++ b/shim.spec @@ -57,6 +57,10 @@ Patch10: shim-keep-unsigned-mokmanager.patch Patch11: shim-bnc804631-fix-broken-bootpath.patch # PATCH-FIX-UPSTREAM shim-bnc798043-no-doulbe-separators.patch bnc#798043 glin@suse.com -- Remove all double-separators from the bootpath Patch12: shim-bnc798043-no-doulbe-separators.patch +# PATCH-FIX-UPSTREAM shim-bnc807760-change-pxe-2nd-loader-name.patch bnc#807760 glin@suse.com -- Change the PXE 2nd stage loader to match the filename we are using +Patch13: shim-bnc807760-change-pxe-2nd-loader-name.patch +# PATCH-FIX-UPSTREAM shim-bnc808106-correct-certcount.patch bnc#808106 glin@suse.com -- Correct the certifcate count of the signature list +Patch14: shim-bnc808106-correct-certcount.patch BuildRequires: gnu-efi >= 3.0q BuildRequires: mozilla-nss-tools BuildRequires: openssl >= 0.9.8 @@ -90,6 +94,8 @@ Authors: %patch10 -p1 %patch11 -p1 %patch12 -p1 +%patch13 -p1 +%patch14 -p1 %build chmod +x "make-certs"