Package: sbsigntool / 0.6-3.2

Metadata

Package Version Patches format
sbsigntool 0.6-3.2 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
01 efi arch ia32.patch | (download)

configure.ac | 5 5 + 0 - 0 !
1 file changed, 5 insertions(+)

 fix ftbfs on i386 by defining efi_arch to ia32 instead of uname.
10 tests use env.patch | (download)

tests/Makefile.am | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
Align signature data to 8 bytes.patch | (download)

src/image.c | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 [patch] align signature data to 8 bytes

Before appending the signature data to our binary, pad the file out to
8-byte alignment.  This matches the Microsoft signing implementation, which
enables us to use sbattach to verify the integrity of the binaries returned
by the SysDev signing service.

update_checksums.patch | (download)

lib/ccan/ccan/endian/endian.h | 227 227 + 0 - 0 !
src/image.c | 59 59 + 0 - 0 !
2 files changed, 286 insertions(+)

---
fix signature padding.patch | (download)

src/image.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix calculation of the size of our signature data
 The 'size' field of the certificate table header includes the size of the
 header itself.  When parsing a signed file, we should therefore subtract the
 size of this header from the field representing the size of the pkcs7 data
 packet; otherwise when we detach (and subsequently reattach) a signature,
 we wind up with 8 extra bytes of zeroes at the end each time.  Fixing this
 ensures that detaching and signature and then reattaching it to the file
 gives us back the original file.
ignore certificate expiries.patch | (download)

src/sbverify.c | 7 7 + 0 - 0 !
1 file changed, 7 insertions(+)

 ignore certificate expiries when verifying signatures
 The UEFI implementation explicitly ignores all errors due to expired (or
 not yet valid) signatures.  Ensure that sbverify behaves compatibly.
add_corrected_efivars_magic.patch | (download)

src/sbkeysync.c | 5 3 + 2 - 0 !
1 file changed, 3 insertions(+), 2 deletions(-)

---
del duplicate define.patch | (download)

src/coff/pe.h | 1 0 + 1 - 0 !
1 file changed, 1 deletion(-)

---
zero sized sections.patch | (download)

src/image.c | 35 18 + 17 - 0 !
1 file changed, 18 insertions(+), 17 deletions(-)

---
arm arm64 support.patch | (download)

src/coff/pe.h | 1 1 + 0 - 0 !
src/image.c | 13 8 + 5 - 0 !
2 files changed, 9 insertions(+), 5 deletions(-)

---
0001 Support openssl 1.0.2b and above.patch | (download)

src/sbverify.c | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 [patch] support openssl 1.0.2b and above

sbverify_clear_out_cert_content.patch | (download)

src/sbverify.c | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 clear out content for the signature we're building
Bug-Ubuntu: https://launchpad.net/bugs/1526959
sbsign_check_write_return.patch | (download)

src/fileio.c | 4 2 + 2 - 0 !
src/image.c | 2 1 + 1 - 0 !
src/sbsign.c | 6 3 + 3 - 0 !
3 files changed, 6 insertions(+), 6 deletions(-)

---
update openssl api usage to support openssl 1.1.patch | (download)

src/sbkeysync.c | 7 3 + 4 - 0 !
src/sbverify.c | 52 38 + 14 - 0 !
2 files changed, 41 insertions(+), 18 deletions(-)

 update openssl api usage to support openssl 1.1
 Most structure definitions in OpenSSL are now opaque and we must call
 the appropriate accessor functions to get information from them.
 Not all the accessors are available in older versions, so define the
 missing accessors as macros.
 .
 The X509_retrieve_match() function is no longer usable, as we cannot
 initialise an X509_OBJECT ourselves.  Instead, iterate over the
 certificate store and use X509_OBJECT_get_type and X509_cmp to
 compare certificates.


fix efi arch detection.patch | (download)

configure.ac | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 fix efi architecture detection
 Currently we use 'uname -m', which tells us the build architecture.
 In a cross-building environment or compat environment, this is not the
 same as the host architecture.  Use  AC_CANONICAL_HOST instead.


fix linker flags for test cases.patch | (download)

tests/Makefile.am | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix linker flags for test cases
 We need to explicitly disable use of a dynamic linker.  When using
 Debian's binutils 2.27-9, ld succeeds but appears to generate broken
 headers that cause the tests to fail.  When using binutils 2.28, ld
 fails, reporting "Not enough room for program headers, try linking
 with -N".
Bug-Debian: https://bugs.debian.org/842446