* New upstream release.debian/15+1533136590.3beb971-1

  - debian/patches/second-stage-path: dropped; the default loader path now
    includes an arch suffix.
  - debian/patches/sbsigntool-no-pesign: dropped; no longer needed.
* Drop remaining patches that were not being applied.
* Sync packaging from Ubuntu:
  - debian/copyright: Update upstream source location.
  - debian/control: add a Build-Depends on libelf-dev.
  - Enable arm64 build.
  - debian/patches/fixup_git.patch: don't run git in clean; we're not
    really in a git tree.
  - debian/rules, debian/shim.install: use the upstream install target as
    intended, and move files to the target directory using dh_install.
  - define RELEASE and COMMIT_ID for the snapshot.
  - Set ENABLE_HTTPBOOT to enable the HTTP Boot feature.
  - Update dh_auto_build/dh_auto_clean/dh_auto_install for new upstream
    options: set MAKELEVEL.
  - Define an EFI_ARCH variable, and use that for paths to shim. This
    makes it possible to build a shim for other architectures than amd64.
  - Set EFIDIR=$distro for dh_auto_install; that will let files be installed
    in the "right" final directories, and makes boot.csv for us.
  - Set ENABLE_SHIM_CERT, to keep using ephemeral self-signed certs built
    at compile-time for MokManager and fallback.
  - Set ENABLE_SBSIGN, to use sbsign instead of pesign for signing fallback
    and MokManager.

5 files changed, 203 insertions, 97 deletions

diff --git a/Cryptlib/SysCall/BaseMemAllocation.c b/Cryptlib/SysCall/BaseMemAllocation.c
index 792b29e8..65e9938e 100644
--- a/Cryptlib/SysCall/BaseMemAllocation.c
+++ b/Cryptlib/SysCall/BaseMemAllocation.c
@@ -2,7 +2,7 @@
   Base Memory Allocation Routines Wrapper for Crypto library over OpenSSL

   during PEI & DXE phases.

 

-Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>

+Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>

 This program and the accompanying materials

 are licensed and made available under the terms and conditions of the BSD License

 which accompanies this distribution.  The full text of the license may be found at

@@ -13,7 +13,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 

 **/

 

-#include <OpenSslSupport.h>

+#include <CrtLibSupport.h>

+#include <Library/MemoryAllocationLib.h>

 

 //

 // -- Memory-Allocation Routines --

diff --git a/Cryptlib/SysCall/BaseStrings.c b/Cryptlib/SysCall/BaseStrings.c
index 43875712..5c86ff69 100644
--- a/Cryptlib/SysCall/BaseStrings.c
+++ b/Cryptlib/SysCall/BaseStrings.c
@@ -1,9 +1,9 @@
-#include <OpenSslSupport.h>
+#include <CrtLibSupport.h>
 
-CHAR8 *
-AsciiStrCat(CHAR8 *Destination, CHAR8 *Source)
+char *
+AsciiStrCat(char *Destination, char *Source)
 {
-	UINTN dest_len = strlena(Destination);
+	UINTN dest_len = strlena((CHAR8 *)Destination);
 	UINTN i;
 
 	for (i = 0; Source[i] != '\0'; i++)
@@ -25,8 +25,8 @@ AsciiStrCpy(CHAR8 *Destination, CHAR8 *Source)
 	return Destination;
 }
 
-CHAR8 *
-AsciiStrnCpy(CHAR8 *Destination, CHAR8 *Source, UINTN count)
+char *
+AsciiStrnCpy(char *Destination, char *Source, UINTN count)
 {
 	UINTN i;
 
@@ -64,4 +64,62 @@ AsciiStrSize(CHAR8 *string)
 	return strlena(string) + 1;
 }
 
+int
+strcmp (const char *str1, const char *str2)
+{
+	return strcmpa((CHAR8 *)str1,(CHAR8 *)str2);
+}
+
+inline static char
+toupper (char c)
+{
+	return ((c >= 'a' && c <= 'z') ? c - ('a' - 'A') : c);
+}
+
+/* Based on AsciiStriCmp() in edk2 MdePkg/Library/BaseLib/String.c */
+int
+strcasecmp (const char *str1, const char *str2)
+{
+	char c1, c2;
+
+	c1 = toupper (*str1);
+	c2 = toupper (*str2);
+	while ((*str1 != '\0') && (c1 == c2)) {
+		str1++;
+		str2++;
+		c1 = toupper (*str1);
+		c2 = toupper (*str2);
+	}
+
+	return c1 - c2;
+}
+
+/* Based on AsciiStrDecimalToUintnS() in edk2
+ * MdePkg/Library/BaseLib/SafeString.c */
+UINTN
+AsciiStrDecimalToUintn(const char *String)
+{
+	UINTN     Result;
+
+	if (String == NULL)
+		return 0;
+
+	/* Ignore the pad spaces (space or tab) */
+	while ((*String == ' ') || (*String == '\t')) {
+		String++;
+	}
+
+	/* Ignore leading Zeros after the spaces */
+	while (*String == '0') {
+		String++;
+	}
+
+	Result = 0;
 
+	while (*String >= '0' && *String <= '9') {
+		Result = Result * 10 + (*String - '0');
+		String++;
+	}
+
+	return Result;
+}
diff --git a/Cryptlib/SysCall/CrtWrapper.c b/Cryptlib/SysCall/CrtWrapper.c
index 3a852b9e..78789538 100644
--- a/Cryptlib/SysCall/CrtWrapper.c
+++ b/Cryptlib/SysCall/CrtWrapper.c
@@ -2,7 +2,7 @@
   C Run-Time Libraries (CRT) Wrapper Implementation for OpenSSL-based

   Cryptographic Library.

 

-Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>

+Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>

 This program and the accompanying materials

 are licensed and made available under the terms and conditions of the BSD License

 which accompanies this distribution.  The full text of the license may be found at

@@ -13,7 +13,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 

 **/

 

-#include <OpenSslSupport.h>

+#include <CrtLibSupport.h>

 

 int errno = 0;

 

@@ -136,6 +136,30 @@ char *strrchr (const char *str, int c)
   }

 }

 

+/* Compare first n bytes of string s1 with string s2, ignoring case */

+int strncasecmp (const char *s1, const char *s2, size_t n)

+{

+  int Val;

+

+  ASSERT(s1 != NULL);

+  ASSERT(s2 != NULL);

+

+  if (n != 0) {

+    do {

+      Val = tolower(*s1) - tolower(*s2);

+      if (Val != 0) {

+        return Val;

+      }

+      ++s1;

+      ++s2;

+      if (*s1 == '\0') {

+        break;

+      }

+    } while (--n != 0);

+  }

+  return 0;

+}

+

 /* Read formatted data from a string */

 int sscanf (const char *buffer, const char *format, ...)

 {

@@ -146,6 +170,70 @@ int sscanf (const char *buffer, const char *format, ...)
   return 0;

 }

 

+/* Maps errnum to an error-message string */

+char * strerror (int errnum)

+{

+  return NULL;

+}

+

+/* Computes the length of the maximum initial segment of the string pointed to by s1

+   which consists entirely of characters from the string pointed to by s2. */

+size_t strspn (const char *s1 , const char *s2)

+{

+  UINT8   Map[32];

+  UINT32  Index;

+  size_t  Count;

+

+  for (Index = 0; Index < 32; Index++) {

+    Map[Index] = 0;

+  }

+

+  while (*s2) {

+    Map[*s2 >> 3] |= (1 << (*s2 & 7));

+    s2++;

+  }

+

+  if (*s1) {

+    Count = 0;

+    while (Map[*s1 >> 3] & (1 << (*s1 & 7))) {

+      Count++;

+      s1++;

+    }

+

+    return Count;

+  }

+

+  return 0;

+}

+

+/* Computes the length of the maximum initial segment of the string pointed to by s1

+   which consists entirely of characters not from the string pointed to by s2. */

+size_t strcspn (const char *s1, const char *s2)

+{

+  UINT8  Map[32];

+  UINT32 Index;

+  size_t Count;

+

+  for (Index = 0; Index < 32; Index++) {

+    Map[Index] = 0;

+  }

+

+  while (*s2) {

+    Map[*s2 >> 3] |= (1 << (*s2 & 7));

+    s2++;

+  }

+

+  Map[0] |= 1;

+

+  Count   = 0;

+  while (!(Map[*s1 >> 3] & (1 << (*s1 & 7)))) {

+    Count ++;

+    s1++;

+  }

+

+  return Count;

+}

+

 //

 // -- Character Classification Routines --

 //

@@ -277,52 +365,12 @@ char *getenv (const char *varname)
 // -- Stream I/O Routines --

 //

 

-/* Write formatted output using a pointer to a list of arguments */

-int vfprintf (FILE *stream, const char *format, VA_LIST arg)

-{

-  return 0;

-}

-

 /* Write data to a stream */

 size_t fwrite (const void *buffer, size_t size, size_t count, FILE *stream)

 {

   return 0;

 }

 

-//

-//  -- Dummy OpenSSL Support Routines --

-//

-

-void *UI_OpenSSL(void)

-{

-  return NULL;

-}

-

-int X509_load_cert_file (VOID *ctx, const char *file, int type)

-{

-  return 0;

-}

-

-int X509_load_crl_file (VOID *ctx, const char *file, int type)

-{

-  return 0;

-}

-

-int chmod (const char *c, mode_t m)

-{

-  return -1;

-}

-

-int close (int f)

-{

-  return -1;

-}

-

-void closelog (void)

-{

-

-}

-

 #ifdef __GNUC__

 

 typedef

@@ -331,7 +379,6 @@ VOID
   VOID

   ) __attribute__((__noreturn__));

 

-

 STATIC

 VOID

 EFIAPI

@@ -341,8 +388,7 @@ NopFunction (
 {

 }

 

-

-void exit (int e)

+void abort (void)

 {

   NoReturnFuncPtr NoReturnFunc;

 

@@ -353,8 +399,9 @@ void exit (int e)
 

 #else

 

-void exit (int e)

+void abort (void)

 {

+  // Do nothing

 }

 

 #endif

@@ -374,11 +421,6 @@ size_t fread (void *b, size_t c, size_t i, FILE *f)
   return 0;

 }

 

-int fprintf (FILE *f, const char *s, ...)

-{

-  return 0;

-}

-

 uid_t getuid (void)

 {

   return 0;

@@ -399,42 +441,7 @@ gid_t getegid (void)
   return 0;

 }

 

-off_t lseek (int a, off_t o, int d)

-{

-  return 0;

-}

-

-void openlog (const char *c, int a, int b)

-{

-

-}

-

-ssize_t read (int f, void *b, size_t c)

-{

-  return 0;

-}

-

-int stat (const char *c, struct stat *s)

-{

-  return -1;

-}

-

-int strcasecmp (const char *c, const char *s)

-{

-  return 0;

-}

-

-int strncasecmp (const char *c, const char *s, size_t l)

-{

-  return 0;

-}

-

-void syslog (int a, const char *c, ...)

-{

-

-}

-

-ssize_t write (int f, const void *b, size_t l)

+int printf (char const *fmt, ...)

 {

   return 0;

 }

diff --git a/Cryptlib/SysCall/TimerWrapper.c b/Cryptlib/SysCall/TimerWrapper.c
index 27ac44a3..04fe4ef9 100644
--- a/Cryptlib/SysCall/TimerWrapper.c
+++ b/Cryptlib/SysCall/TimerWrapper.c
@@ -2,7 +2,7 @@
   C Run-Time Libraries (CRT) Time Management Routines Wrapper Implementation

   for OpenSSL-based Cryptographic Library (used in DXE & RUNTIME).

 

-Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>

+Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>

 This program and the accompanying materials

 are licensed and made available under the terms and conditions of the BSD License

 which accompanies this distribution.  The full text of the license may be found at

@@ -13,7 +13,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 

 **/

 

-#include <OpenSslSupport.h>

+#include <CrtLibSupport.h>

 

 //

 // -- Time Management Routines --

diff --git a/Cryptlib/SysCall/memset.c b/Cryptlib/SysCall/memset.c
new file mode 100644
index 00000000..76deed68
--- /dev/null
+++ b/Cryptlib/SysCall/memset.c
@@ -0,0 +1,40 @@
+/*
+ * Copyright 2016 SUSE LINUX GmbH <glin@suse.com>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <efi.h>
+#include <efilib.h>
+
+typedef UINTN size_t;
+
+void *
+memset (void *dest, int ch, size_t count)
+{
+  SetMem(dest, count, (UINT8)(ch));
+  return dest;
+}