Switch to new upstream (15.7)

Also import patch to deal with buggy binutils
author: Steve McIntyre <steve@einval.com> 2023-01-22 13:14:06 +0000
committer: Steve McIntyre <steve@einval.com> 2023-01-22 13:14:06 +0000
commit: b61b8af886e45e41b69b90cf04cece3449d7a889 (patch)
tree: 3d36e3123ac8b7c21d8aca526a8c46162b82cce1
parent: 621dd4fde16427484a3362b349544be57cc610b9 (diff)
download: efi-boot-shim-b61b8af886e45e41b69b90cf04cece3449d7a889.tar.gz
efi-boot-shim-b61b8af886e45e41b69b90cf04cece3449d7a889.zip
3 files changed, 113 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index 661dcafc..0f39a325 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+shim (15.7-1) UNRELEASED; urgency=medium
+
+  * New upstream release fixing more bugs
+  * Add a further patch from upstream:
+    + Make sbat_var.S parse right with buggy gcc/binutils
+
+ -- Steve McIntyre <93sam@debian.org>  Sun, 22 Jan 2023 13:12:14 +0000
+
 shim (15.6-1) unstable; urgency=medium
 
   * New upstream release fixing more bugs
diff --git a/debian/patches/Make-sbat_var.S-parse-right-with-buggy-gcc-binutils.patch b/debian/patches/Make-sbat_var.S-parse-right-with-buggy-gcc-binutils.patch
new file mode 100644
index 00000000..df272c08
--- /dev/null
+++ b/debian/patches/Make-sbat_var.S-parse-right-with-buggy-gcc-binutils.patch
@@ -0,0 +1,104 @@
+From 657b2483ca6e9fcf2ad8ac7ee577ff546d24c3aa Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Mon, 5 Dec 2022 17:57:36 -0500
+Subject: [PATCH] Make sbat_var.S parse right with buggy gcc/binutils
+
+In https://github.com/rhboot/shim/issues/533 , iokomin noticed that
+gas in binutils before 2.36 appears to be incorrectly concatenating
+string literals in '.asciz' directives, including an extra NUL character
+in between the strings, and this will cause us to incorrectly parse the
+.sbatlevel section in shim binaries.
+
+This patch adds test cases that will cause the build to fail if this has
+happened, as well as changing sbat_var.S to to use '.ascii' and '.byte'
+to construct the data, rather than using '.asciz'.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ include/test.mk |  2 +-
+ sbat_var.S      |  6 ++++--
+ test-sbat.c     | 32 ++++++++++++++++++++++++++++++++
+ 3 files changed, 37 insertions(+), 3 deletions(-)
+
+diff --git a/include/test.mk b/include/test.mk
+index c0e24095..c37b8446 100644
+--- a/include/test.mk
++++ b/include/test.mk
+@@ -92,7 +92,7 @@ test-mock-variables: CFLAGS+=-DHAVE_SHIM_LOCK_GUID
+ test-mok-mirror_FILES = mok.c globals.c tpm.c lib/guid.c lib/variables.c mock-variables.c
+ test-mok-mirror: CFLAGS+=-DHAVE_START_IMAGE -DHAVE_SHIM_LOCK_GUID
+ 
+-test-sbat_FILES = csv.c lib/variables.c lib/guid.c sbat_var.S
++test-sbat_FILES = csv.c lib/variables.c lib/guid.c sbat_var.S mock-variables.c
+ test-sbat :: CFLAGS+=-DHAVE_GET_VARIABLE -DHAVE_GET_VARIABLE_ATTR -DHAVE_SHIM_LOCK_GUID
+ 
+ test-str_FILES = lib/string.c
+diff --git a/sbat_var.S b/sbat_var.S
+index a115077a..2a813a40 100644
+--- a/sbat_var.S
++++ b/sbat_var.S
+@@ -14,7 +14,9 @@ sbat_var_payload_header:
+ .Lsbat_var_payload_header_end:
+ 	.balign	1, 0
+ .Lsbat_var_previous:
+-	.asciz SBAT_VAR_PREVIOUS
++	.ascii SBAT_VAR_PREVIOUS
++	.byte	0
+ 	.balign	1, 0
+ .Lsbat_var_latest:
+-	.asciz SBAT_VAR_LATEST
++	.ascii SBAT_VAR_LATEST
++	.byte 0
+diff --git a/test-sbat.c b/test-sbat.c
+index 72bebe7a..65bc6a84 100644
+--- a/test-sbat.c
++++ b/test-sbat.c
+@@ -1107,6 +1107,36 @@ test_preserve_sbat_uefi_variable_bad_short(void)
+ 		return 0;
+ }
+ 
++static int
++test_sbat_var_asciz(void)
++{
++	EFI_STATUS status;
++	char buf[1024] = "";
++	UINT32 attrs = 0;
++	UINTN size = sizeof(buf);
++	char expected[] = SBAT_VAR_PREVIOUS;
++
++	status = set_sbat_uefi_variable();
++	if (status != EFI_SUCCESS)
++		return -1;
++
++	status = RT->GetVariable(SBAT_VAR_NAME, &SHIM_LOCK_GUID, &attrs, &size, buf);
++	if (status != EFI_SUCCESS)
++		return -1;
++
++	/*
++	 * this should be enough to get past "sbat,", which handles the
++	 * first error.
++	 */
++	if (size < (strlen(SBAT_VAR_SIG) + 2) || size != strlen(expected))
++		return -1;
++
++	if (strncmp(expected, buf, size) != 0)
++		return -1;
++
++	return 0;
++}
++
+ int
+ main(void)
+ {
+@@ -1155,6 +1185,8 @@ main(void)
+ 	test(test_preserve_sbat_uefi_variable_version_older);
+ 	test(test_preserve_sbat_uefi_variable_version_olderlonger);
+ 
++	test(test_sbat_var_asciz);
++
+ 	return 0;
+ }
+ 
+-- 
+2.30.2
+
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 00000000..f57b1788
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+Make-sbat_var.S-parse-right-with-buggy-gcc-binutils.patch
author	Steve McIntyre <steve@einval.com>	2023-01-22 13:14:06 +0000
committer	Steve McIntyre <steve@einval.com>	2023-01-22 13:14:06 +0000
commit	b61b8af886e45e41b69b90cf04cece3449d7a889 (patch)
tree	3d36e3123ac8b7c21d8aca526a8c46162b82cce1
parent	621dd4fde16427484a3362b349544be57cc610b9 (diff)
download	efi-boot-shim-b61b8af886e45e41b69b90cf04cece3449d7a889.tar.gz efi-boot-shim-b61b8af886e45e41b69b90cf04cece3449d7a889.zip