diff --git a/debian/patches/fix-efi-arch-detection.patch b/debian/patches/fix-efi-arch-detection.patch index 3bdcdcd..3f1682d 100644 --- a/debian/patches/fix-efi-arch-detection.patch +++ b/debian/patches/fix-efi-arch-detection.patch @@ -1,14 +1,15 @@ -Author: Ben Hutchings -Date: Sun, 26 Jun 2016 22:56:18 +0200 -Description: Fix EFI architecture detection - Currently we use 'uname -m', which tells us the build architecture. - In a cross-building environment or compat environment, this is not the - same as the host architecture. Use AC_CANONICAL_HOST instead. +From: Ubuntu Developers +Date: Sat, 14 May 2022 02:51:24 +0800 +Subject: fix-efi-arch-detection -Index: sbsigntool/configure.ac -=================================================================== ---- sbsigntool.orig/configure.ac -+++ sbsigntool/configure.ac +--- + configure.ac | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index 1459e91..c161a0a 100644 +--- a/configure.ac ++++ b/configure.ac @@ -64,7 +64,8 @@ PKG_CHECK_MODULES(uuid, uuid, AC_MSG_ERROR([libuuid (from the uuid package) is required])) diff --git a/debian/patches/fix_checksum_calc.patch b/debian/patches/fix_checksum_calc.patch index cf3a558..0a809e0 100644 --- a/debian/patches/fix_checksum_calc.patch +++ b/debian/patches/fix_checksum_calc.patch @@ -1,12 +1,13 @@ -Author: Steve McIntyre <93sam@debian.org> -Date: Fri, 19 Jun 2019 23:35:44 +0200 -Description: Fix PE/COFF checksum calculation - Upstream reconfigured the code to allow for multiple checksums to be - included on a binary, but mis-handled the change to buffer and - checksum handling such that the cert_table header was now being - counted twice. Fix that. +From: Ubuntu Developers +Date: Sat, 14 May 2022 02:51:24 +0800 +Subject: fix_checksum_calc + +--- + src/image.c | 6 +----- + 1 file changed, 1 insertion(+), 5 deletions(-) + diff --git a/src/image.c b/src/image.c -index 745191f..3ada37b 100644 +index 5697296..8ac79dd 100644 --- a/src/image.c +++ b/src/image.c @@ -162,7 +162,6 @@ static void image_pecoff_update_checksum(struct image *image) diff --git a/debian/patches/sbsign_check_write_return.patch b/debian/patches/sbsign_check_write_return.patch index efe9a06..f175e70 100644 --- a/debian/patches/sbsign_check_write_return.patch +++ b/debian/patches/sbsign_check_write_return.patch @@ -1,7 +1,50 @@ -Index: sbsigntool/src/sbsign.c +From: Ubuntu Developers +Date: Sat, 14 May 2022 02:51:24 +0800 +Subject: sbsign_check_write_return + =================================================================== ---- sbsigntool.orig/src/sbsign.c -+++ sbsigntool/src/sbsign.c +--- + src/fileio.c | 4 ++-- + src/image.c | 2 +- + src/sbsign.c | 6 +++--- + 3 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/src/fileio.c b/src/fileio.c +index 032eb1e..26e335b 100644 +--- a/src/fileio.c ++++ b/src/fileio.c +@@ -201,12 +201,12 @@ int fileio_write_file(const char *filename, uint8_t *buf, size_t len) + + fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0644); + if (fd < 0) { +- perror("open"); ++ perror("fileio_write_file/open"); + return -1; + } + + if (!write_all(fd, buf, len)) { +- perror("write_all"); ++ perror("fileio_write_file/write_all"); + close(fd); + return -1; + } +diff --git a/src/image.c b/src/image.c +index 745191f..31c9a86 100644 +--- a/src/image.c ++++ b/src/image.c +@@ -656,7 +656,7 @@ int image_write(struct image *image, const char *filename) + + fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0644); + if (fd < 0) { +- perror("open"); ++ perror("image_write/open"); + return -1; + } + +diff --git a/src/sbsign.c b/src/sbsign.c +index ff1fdfd..32f7770 100644 +--- a/src/sbsign.c ++++ b/src/sbsign.c @@ -242,12 +242,12 @@ int main(int argc, char **argv) for (i = 0; !image_get_signature(ctx->image, i, &buf, &len); i++) @@ -18,35 +61,3 @@ Index: sbsigntool/src/sbsign.c + return (rc == 0) ? EXIT_SUCCESS : EXIT_FAILURE; } -Index: sbsigntool/src/fileio.c -=================================================================== ---- sbsigntool.orig/src/fileio.c -+++ sbsigntool/src/fileio.c -@@ -201,12 +201,12 @@ int fileio_write_file(const char *filena - - fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0644); - if (fd < 0) { -- perror("open"); -+ perror("fileio_write_file/open"); - return -1; - } - - if (!write_all(fd, buf, len)) { -- perror("write_all"); -+ perror("fileio_write_file/write_all"); - close(fd); - return -1; - } -Index: sbsigntool/src/image.c -=================================================================== ---- sbsigntool.orig/src/image.c -+++ sbsigntool/src/image.c -@@ -658,7 +658,7 @@ int image_write(struct image *image, con - - fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0644); - if (fd < 0) { -- perror("open"); -+ perror("image_write/open"); - return -1; - } - diff --git a/debian/patches/ubuntu-clear-image-before-use.patch b/debian/patches/ubuntu-clear-image-before-use.patch index 0051352..34e846f 100644 --- a/debian/patches/ubuntu-clear-image-before-use.patch +++ b/debian/patches/ubuntu-clear-image-before-use.patch @@ -1,12 +1,19 @@ -Description: clear image before use - We rely on the image being clear as we will attempt to free - cirtain elements before reuse. Switch to a zeroing allocate. -Author: Andy Whitcroft -Last-Update: 2016-05-09 +From: Andy Whitcroft +Date: Sat, 14 May 2022 02:51:24 +0800 +Subject: clear image before use ---- sbsigntool-0.6.orig/src/image.c -+++ sbsigntool-0.6/src/image.c -@@ -459,7 +459,7 @@ struct image *image_load(const char *fil +We rely on the image being clear as we will attempt to free +cirtain elements before reuse. Switch to a zeroing allocate. +Last-Update: 2016-05-09 +--- + src/image.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/image.c b/src/image.c +index 31c9a86..5697296 100644 +--- a/src/image.c ++++ b/src/image.c +@@ -464,7 +464,7 @@ struct image *image_load(const char *filename) struct image *image; int rc; diff --git a/debian/patches/ubuntu-kernel-module-signing-fixes.patch b/debian/patches/ubuntu-kernel-module-signing-fixes.patch index f226dd9..16a89f1 100644 --- a/debian/patches/ubuntu-kernel-module-signing-fixes.patch +++ b/debian/patches/ubuntu-kernel-module-signing-fixes.patch @@ -1,15 +1,20 @@ -Description: Ubunty kernel module signing fixes - Separate out any local fixes we need to kmodsign.c to allow us to update - it more easily from mainline when necessary. +From: Andy Whitcroft +Date: Sat, 14 May 2022 02:51:24 +0800 +Subject: Ubunty kernel module signing fixes + +Separate out any local fixes we need to kmodsign.c to allow us to update +it more easily from mainline when necessary. Bug-Ubuntu: https://bugs.launchpad.net/bugs/1526959 Forwarded: not-needed -Author: Andy Whitcroft Last-Update: 2016-05-17 +--- + src/kmodsign.c | 46 +++++++++++++++++++++++++++++++++++++--------- + 1 file changed, 37 insertions(+), 9 deletions(-) -Index: sbsigntool-0.6/src/kmodsign.c -=================================================================== ---- sbsigntool-0.6.orig/src/kmodsign.c -+++ sbsigntool-0.6/src/kmodsign.c +diff --git a/src/kmodsign.c b/src/kmodsign.c +index 250a7a6..2342b3c 100644 +--- a/src/kmodsign.c ++++ b/src/kmodsign.c @@ -62,11 +62,26 @@ struct module_signature { static char magic_number[] = "~Module signature appended~\n"; @@ -39,7 +44,7 @@ Index: sbsigntool-0.6/src/kmodsign.c exit(2); } -@@ -126,6 +141,12 @@ static int pem_pw_cb(char *buf, int len, +@@ -126,6 +141,12 @@ static int pem_pw_cb(char *buf, int len, int w, void *v) return pwlen; } diff --git a/debian/patches/ubuntu-kernel-module-signing.patch b/debian/patches/ubuntu-kernel-module-signing.patch index ad0312b..58a0f3a 100644 --- a/debian/patches/ubuntu-kernel-module-signing.patch +++ b/debian/patches/ubuntu-kernel-module-signing.patch @@ -1,15 +1,48 @@ -Description: Ubuntu kernel module signing - Add the kmodsign (sign-file from the upstream linux kernel) - so that we can use it for external module signing. +From: Andy Whitcroft +Date: Sat, 14 May 2022 02:51:24 +0800 +Subject: Ubuntu kernel module signing + +Add the kmodsign (sign-file from the upstream linux kernel) +so that we can use it for external module signing. Bug-Ubuntu: https://bugs.launchpad.net/bugs/1526959 Forwarded: not-needed -Author: Andy Whitcroft Last-Update: 2016-05-17 +--- + docs/Makefile.am | 4 +- + docs/kmodsign.1.in | 2 + + src/Makefile.am | 6 +- + src/kmodsign.c | 323 +++++++++++++++++++++++++++++++++++++++++++++++++++++ + 4 files changed, 332 insertions(+), 3 deletions(-) + create mode 100644 docs/kmodsign.1.in + create mode 100644 src/kmodsign.c -Index: sbsigntool-0.6/src/Makefile.am -=================================================================== ---- sbsigntool-0.6.orig/src/Makefile.am -+++ sbsigntool-0.6/src/Makefile.am +diff --git a/docs/Makefile.am b/docs/Makefile.am +index 1b5a588..53e8429 100644 +--- a/docs/Makefile.am ++++ b/docs/Makefile.am +@@ -1,8 +1,8 @@ + +-man1_MANS = sbsign.1 sbverify.1 sbattach.1 sbvarsign.1 sbsiglist.1 ++man1_MANS = sbsign.1 sbverify.1 sbattach.1 sbvarsign.1 sbsiglist.1 kmodsign.1 + + EXTRA_DIST = sbsign.1.in sbverify.1.in sbattach.1.in \ +- sbvarsign.1.in sbsiglist.1.in ++ sbvarsign.1.in sbsiglist.1.in kmodsign.1.in + CLEANFILES = $(man1_MANS) + + $(builddir)/%.1: $(srcdir)/%.1.in $(top_builddir)/src/% +diff --git a/docs/kmodsign.1.in b/docs/kmodsign.1.in +new file mode 100644 +index 0000000..a1a2ffa +--- /dev/null ++++ b/docs/kmodsign.1.in +@@ -0,0 +1,2 @@ ++[name] ++kmodsign - Kernel module signing tool +diff --git a/src/Makefile.am b/src/Makefile.am +index 19a7766..c918dcb 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am @@ -1,5 +1,5 @@ -bin_PROGRAMS = sbsign sbverify sbattach sbvarsign sbsiglist sbkeysync @@ -17,7 +50,7 @@ Index: sbsigntool-0.6/src/Makefile.am coff_headers = coff/external.h coff/pe.h AM_CFLAGS = -Wall -Wextra --std=gnu99 -@@ -35,3 +35,7 @@ sbkeysync_SOURCES = sbkeysync.c $(common +@@ -35,3 +35,7 @@ sbkeysync_SOURCES = sbkeysync.c $(common_SOURCES) sbkeysync_LDADD = $(common_LDADD) $(uuid_LIBS) sbkeysync_CPPFLAGS = $(EFI_CPPFLAGS) sbkeysync_CFLAGS = $(AM_CFLAGS) $(common_CFLAGS) @@ -25,10 +58,11 @@ Index: sbsigntool-0.6/src/Makefile.am +kmodsign_SOURCES = kmodsign.c +kmodsign_LDADD = -lcrypto +kmodsign_CFLAGS = $(AM_CFLAGS) $(common_CFLAGS) -Index: sbsigntool-0.6/src/kmodsign.c -=================================================================== +diff --git a/src/kmodsign.c b/src/kmodsign.c +new file mode 100644 +index 0000000..250a7a6 --- /dev/null -+++ sbsigntool-0.6/src/kmodsign.c ++++ b/src/kmodsign.c @@ -0,0 +1,323 @@ +/* Sign a module file using the given key. + * @@ -353,25 +387,3 @@ Index: sbsigntool-0.6/src/kmodsign.c + + return 0; +} -Index: sbsigntool-0.6/docs/Makefile.am -=================================================================== ---- sbsigntool-0.6.orig/docs/Makefile.am -+++ sbsigntool-0.6/docs/Makefile.am -@@ -1,8 +1,8 @@ - --man1_MANS = sbsign.1 sbverify.1 sbattach.1 sbvarsign.1 sbsiglist.1 -+man1_MANS = sbsign.1 sbverify.1 sbattach.1 sbvarsign.1 sbsiglist.1 kmodsign.1 - - EXTRA_DIST = sbsign.1.in sbverify.1.in sbattach.1.in \ -- sbvarsign.1.in sbsiglist.1.in -+ sbvarsign.1.in sbsiglist.1.in kmodsign.1.in - CLEANFILES = $(man1_MANS) - - $(builddir)/%.1: $(srcdir)/%.1.in $(top_builddir)/src/% -Index: sbsigntool-0.6/docs/kmodsign.1.in -=================================================================== ---- /dev/null -+++ sbsigntool-0.6/docs/kmodsign.1.in -@@ -0,0 +1,2 @@ -+[name] -+kmodsign - Kernel module signing tool