Makefile | 21 12 + 9 - 0 !
1 file changed, 12 insertions(+), 9 deletions(-)

---

Make.rules | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix a typo in the %-blacklist.esl rule
 This sometimes resulted in FTBFS.

Make.rules | 7 7 + 0 - 0 !
1 file changed, 7 insertions(+)

---

Make.rules | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 add build support for loongarch64

include/pecoff.h | 3 2 + 1 - 0 !
lib/pecoff.c | 6 3 + 3 - 0 !
lib/pkcs7verify.c | 2 1 + 1 - 0 !
lib/sha256.c | 2 1 + 1 - 0 !
lib/shim_protocol.c | 2 1 + 1 - 0 !
5 files changed, 8 insertions(+), 7 deletions(-)

---

Make.rules | 2 1 + 1 - 0 !
cert-to-efi-sig-list.c | 1 0 + 1 - 0 !
efi-keytool.c | 1 0 + 1 - 0 !
efi-readvar.c | 1 0 + 1 - 0 !
efi-updatevar.c | 2 1 + 1 - 0 !
flash-var.c | 1 0 + 1 - 0 !
hash-to-efi-sig-list.c | 1 0 + 1 - 0 !
lib/asn1/oid.h | 10 5 + 5 - 0 !
lib/kernel_efivars.c | 68 26 + 42 - 0 !
sig-list-to-certs.c | 1 0 + 1 - 0 !
sign-efi-sig-list.c | 1 0 + 1 - 0 !
11 files changed, 33 insertions(+), 56 deletions(-)

 fix ftbfs
 - Remove redefintions of __STDC_VERSION__
 - Add _XOPEN_SOURCE=700 to expose some APIs being used
 - Remove dangerous usage of mktemp and sscanf
 - Use standard C types over non-standard aliases
 - Remove CFLAGS disabling mitigations
 - Stop building EFI binaries

Make.rules | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 make sure stack-protector is disabled, it breaks builds

cc  -o cert-to-efi-sig-list cert-to-efi-sig-list.o -g -O3 -Werror=implicit-function-declaration -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -ffile-prefix-map=/efitools-1.9.2=. -flto=auto -ffat-lto-objects -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -fdebug-prefix-map=/efitools-1.9.2=/usr/src/efitools-1.9.2-3.3ubuntu5 -Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -Wl,-z,relro -Wl,-z,now lib/lib.a -lcrypto
# check we have no undefined symbols
nm -D HelloWorld.so | grep ' U ' && exit 1 || exit 0
                 U __stack_chk_fail
make[1]: *** [Make.rules:79: HelloWorld.so] Error 1
rm KeyTool.o DB1.crt ShimReplace.o ReadVars.o SetNull.o HelloWorld.o UpdateVars.o HashTool.o Loader.o DB2.crt
make[1]: Leaving directory '/efitools-1.9.2'
dh_auto_build: error: make -j4 "INSTALL=install --strip-program=true" returned exit code 2
make: *** [debian/rules:13: binary] Error 2
dpkg-buildpackage: error: debian/rules binary subprocess returned exit status 2
root@Unimatrix04-Noble:/efitools-1.9.2# nm -D HelloWorld.so | grep ' U ' 
                 U __stack_chk_fail

Makefile | 8 7 + 1 - 0 !
1 file changed, 7 insertions(+), 1 deletion(-)

 efi binaries building fails on aarch64, for unknown reasons.
Disabling it is the fastest way to make the package build there and migrate to testing

Timestamp is 0-0-0 00:00:00
Authentication Payload size 134
Signature of size 1151
Signature at: 40
Invalid DOS header magic
make[1]: *** [Make.rules:136: HelloWorld-signed.efi] Error 1
rm KEK-blacklist.esl SetNull.so KeyTool.o ms-kek.esl DB1.crt DB1.esl PK-hash-blacklist.esl ShimReplace.o ReadVars.o DB2-blacklist.esl ms-kek-blacklist.esl SetNull.o ms-uefi-hash-blacklist.esl HelloWorld.o ms-uefi-blacklist.esl UpdateVars.o KEK-hash-blacklist.esl DB-blacklist.esl HashTool.o DB1-hash-blacklist.esl ms-uefi.esl DB2.esl Loader.o DB2.crt ms-kek-hash-blacklist.esl PK-blacklist.esl DB2-hash-blacklist.esl DB-hash-blacklist.esl DB1-blacklist.esl