* New upstream release.debian/15+1533136590.3beb971-1

  - debian/patches/second-stage-path: dropped; the default loader path now
    includes an arch suffix.
  - debian/patches/sbsigntool-no-pesign: dropped; no longer needed.
* Drop remaining patches that were not being applied.
* Sync packaging from Ubuntu:
  - debian/copyright: Update upstream source location.
  - debian/control: add a Build-Depends on libelf-dev.
  - Enable arm64 build.
  - debian/patches/fixup_git.patch: don't run git in clean; we're not
    really in a git tree.
  - debian/rules, debian/shim.install: use the upstream install target as
    intended, and move files to the target directory using dh_install.
  - define RELEASE and COMMIT_ID for the snapshot.
  - Set ENABLE_HTTPBOOT to enable the HTTP Boot feature.
  - Update dh_auto_build/dh_auto_clean/dh_auto_install for new upstream
    options: set MAKELEVEL.
  - Define an EFI_ARCH variable, and use that for paths to shim. This
    makes it possible to build a shim for other architectures than amd64.
  - Set EFIDIR=$distro for dh_auto_install; that will let files be installed
    in the "right" final directories, and makes boot.csv for us.
  - Set ENABLE_SHIM_CERT, to keep using ephemeral self-signed certs built
    at compile-time for MokManager and fallback.
  - Set ENABLE_SBSIGN, to use sbsign instead of pesign for signing fallback
    and MokManager.

1 files changed, 136 insertions, 0 deletions

diff --git a/model.c b/model.c
new file mode 100644
index 00000000..d0bfa543
--- /dev/null
+++ b/model.c
@@ -0,0 +1,136 @@
+/*
+ * model.c - modeling file for coverity
+ * Copyright 2017 Peter Jones <pjones@redhat.com>
+ *
+ */
+
+#ifndef __COVERITY__
+/* This is so vim's Syntastic checker won't yell about all these. */
+extern void __coverity_string_size_sanitize__(int);
+extern void __coverity_negative_sink__(int);
+extern void __coverity_alloc_nosize__(void);
+extern void *__coverity_alloc__(int);
+extern void __coverity_sleep__();
+extern void __coverity_tainted_data_sanitize__(void *);
+#endif
+
+void *
+OBJ_dup(void *o)
+{
+	__coverity_alloc_nosize__();
+}
+
+int
+UTF8_getc(const unsigned char *str, int len, unsigned long *val)
+{
+	/* You can't quite express the right thing here, so instead we're
+	 * telling covscan that if len is a certain value, the string has
+	 * been checked for having a NUL at the right place.  Ideally what
+	 * we'd tell it is it's never allowed to give us a string shorter
+	 * than a certain length if certain bits (i.e. the UTF-8 surrogate
+	 * length bits) are set. */
+	if (len <= 0) {
+		__coverity_string_size_sanitize__(0);
+		return 0;
+	} else if (len <= 6) {
+		__coverity_string_size_sanitize__(0);
+		return len;
+	}
+	return -2;
+}
+
+typedef unsigned long long u64;
+typedef struct {
+	unsigned long long hi;
+	unsigned long long lo;
+} u128;
+
+void
+gcm_gmult_4bit(u64 Xi[2], u128 Htable[16])
+{
+	__coverity_tainted_data_sanitize__(Htable);
+}
+
+void
+msleep(int n)
+{
+	__coverity_sleep__();
+}
+
+/* From MdePkg/Include/Base.h or so */
+typedef unsigned long long UINT64;
+typedef unsigned long UINTN;
+typedef long INTN;
+typedef UINT64 EFI_PHYSICAL_ADDRESS;
+typedef UINTN RETURN_STATUS;
+typedef RETURN_STATUS EFI_STATUS;
+
+#define MAX_BIT     (1ULL << (sizeof (INTN) * 8 - 1))
+#define MAX_INTN   ((INTN)~MAX_BIT)
+
+#define ENCODE_ERROR(StatusCode)     ((RETURN_STATUS)(MAX_BIT | (StatusCode)))
+#define ENCODE_WARNING(StatusCode)   ((RETURN_STATUS)(StatusCode))
+#define RETURN_ERROR(StatusCode)     (((INTN)(RETURN_STATUS)(StatusCode)) < 0)
+#define RETURN_SUCCESS               0
+#define RETURN_INVALID_PARAMETER     ENCODE_ERROR (2)
+#define RETURN_OUT_OF_RESOURCES      ENCODE_ERROR (9)
+
+/* From MdePkg/Include/Uefi/UefiBaseType.h */
+#define EFI_SUCCESS               RETURN_SUCCESS
+#define EFI_INVALID_PARAMETER     RETURN_INVALID_PARAMETER
+#define EFI_OUT_OF_RESOURCES      RETURN_OUT_OF_RESOURCES
+
+#define EFI_PAGE_MASK 0xFFF
+#define EFI_PAGE_SHIFT 12
+#define EFI_SIZE_TO_PAGES(a) (((a) >> EFI_PAGE_SHIFT) + (((a) & EFI_PAGE_MASK) ? 1 : 0))
+#define EFI_PAGES_TO_SIZE(a) ((a) << EFI_PAGE_SHIFT)
+
+/* From MdePkg/Include/Uefi/UefiMultiPhase.h */
+typedef enum {
+  EfiReservedMemoryType,
+  EfiLoaderCode,
+  EfiLoaderData,
+  EfiBootServicesCode,
+  EfiBootServicesData,
+  EfiRuntimeServicesCode,
+  EfiRuntimeServicesData,
+  EfiConventionalMemory,
+  EfiUnusableMemory,
+  EfiACPIReclaimMemory,
+  EfiACPIMemoryNVS,
+  EfiMemoryMappedIO,
+  EfiMemoryMappedIOPortSpace,
+  EfiPalCode,
+  EfiPersistentMemory,
+  EfiMaxMemoryType
+} EFI_MEMORY_TYPE;
+
+/* From MdePkg/Include/Uefi/UefiSpec.h */
+typedef enum {
+	AllocateAnyPages,
+	AllocateMaxAddress,
+	AllocateAddress,
+	MaxAllocateType
+} EFI_ALLOCATE_TYPE;
+
+EFI_STATUS
+AllocatePages(EFI_ALLOCATE_TYPE Type,
+	      EFI_MEMORY_TYPE MemoryType,
+	      unsigned long Pages,
+	      EFI_PHYSICAL_ADDRESS *Memory)
+{
+	int has_memory;
+	unsigned long bytes = EFI_PAGES_TO_SIZE(Pages);
+
+	if (Pages >= (unsigned long)((-1L) >> EFI_PAGE_SHIFT))
+		return EFI_INVALID_PARAMETER;
+
+	__coverity_negative_sink__(bytes);
+	if (has_memory) {
+		*Memory = (EFI_PHYSICAL_ADDRESS)__coverity_alloc__(bytes);
+		return EFI_SUCCESS;
+	}
+	return EFI_OUT_OF_RESOURCES;
+}
+
+// vim:fenc=utf-8:tw=75