| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Remove all our patches, all upstream now.
|
|
|
|
Update to upstream version '15.5'
with Debian dir 3ac353daa3d32301e3b225b2b6f446200a2c682f
|
|
Not ideal behaviour either, but don't break upgrades. Copy the
behaviour from the grub packages here. Closes: #990966
|
|
|
|
Upstream issue #372. Closes: #989962, #990158
|
|
Upstream issue #371. Closes: #990082, #990190
|
|
Don't fail if they return errors.
|
|
if we're not running on an EFI system then exit cleanly
|
|
Manage installing and removing fbXXX.efi and mmXXX.efi when we
install/remove the shim-helpers-$arch-signed packages. Closes: #966845
|
|
|
|
New patch from upstream, don't break old Macs
|
|
Extra patch from upstream
|
|
We can grab it from the changelog already
|
|
|
|
|
|
Another patch from upstream, needed with newer kernels on x86
|
|
|
|
Make the output easier to find
|
|
|
|
|
|
Update to upstream version '15.4'
with Debian dir 93160080661283eee071d2c92a27ce9b39acb998
|
|
|
|
|
|
Only include the upstream version in the Debian SBAT metadata, so
we don't break reproducibility on every minor packaging change.
|
|
|
|
|
|
Update to upstream version '15.3'
with Debian dir 1b484f1c1ac270604a5a1451b34de4b0865c6211
|
|
|
|
* cast-CHAR8-string-handling.patch no longer needed
* fix-Make.coverity-bashisms.patch went upstream
|
|
Update a couple of top-level changes, copy in gnu-efi information from
the gnu-efi package
|
|
Definitely don't want to be setting EFI_PATH, as that over-rides the
vendored gnu-efi. Argh
|
|
Only include the hashes for the architecture we're building for - no
point in adding bloat and delay here.
Add a script "block_signed_deb" to scan a set of .deb files, extract
the hashes for .efi binaries and list them in the format wanted for
the dbx hashes file.
Split out the code to use that file from the rules file into a
separate helper.
|
|
|
|
Thanks to Dmitri John Ledkov for help
|
|
Add a Debian SBAT template, and rules to use it
Adds a build-dep on dos2unix
|
|
They're insecure, let's break the chainloading hole
|
|
|
|
... to keep debhelper from complaining
|
|
Cast CHAR8 strings to use (const char *) when using string functions
Looks like gnu-efi definitions of CHAR8 are problematic
|
|
|
|
- avoid_null_vsprint.patch
- check_null_sn_ln.patch
- fixup_git.patch
- uname.patch
- use_compare_mem_gcc9.patch
|
|
|
|
Many many updates, but caring mainly about SBAT support
|
|
Update to upstream version '15+1613861442.888f5b5'
with Debian dir 15b0853a73144b1f8571ce2bebc2eea68af4a8e3
|
|
|
|
At the default -Os optimization level, gcc emits ".text.startup"
and ".text.unlikely" sections for static initializers and noreturn
functions which end up in the intermediate ELF binary:
$ objdump -h build-x64/shimx64.efi.so
build-x64/shimx64.efi.so: file format elf64-x86-64
Sections:
Idx Name Size VMA LMA File off Algn
0 .text 00046e7b 0000000000001000 0000000000001000 00001000 2**10
CONTENTS, ALLOC, LOAD, READONLY, CODE
1 .text.startup 00000118 0000000000047e7b 0000000000047e7b 00047e7b 2**0
CONTENTS, ALLOC, LOAD, READONLY, CODE
2 .text.unlikely 00000046 0000000000047f93 0000000000047f93 00047f93 2**0
CONTENTS, ALLOC, LOAD, READONLY, CODE
3 .data 000315e8 0000000000048000 0000000000048000 00048000 2**9
These additional .text.* sections are omitted from the final PE/COFF
binary, resulting in a crash when processing the ctors. Taking a look at
_init_array in gdb:
(gdb) p/x &_init_array
$1 = 0x78510
(gdb) p/x &_init_array_end
$2 = 0x7851c
(gdb) x/x (void*)&_init_array
0x78510 <_init_array>: 0x00047e7b
(gdb) x/x (void*)(&_init_array)+8
0x78518 <_init_array+8>: 0x00000000
See that 0x00047e7b falls inside the padding between the .text and .data
sections:
$ objdump -h build-x64/shimx64.efi
build-x64/shimx64.efi: file format pei-x86-64
Sections:
Idx Name Size VMA LMA File off Algn
0 .text 00046e7b 0000000000001000 0000000000001000 00000400 2**10
CONTENTS, ALLOC, LOAD, READONLY, CODE
1 .data 000315e8 0000000000048000 0000000000048000 00047400 2**9
Adjust the linker script to merge the .text.startup and .text.unlikely
sections in to the .text section.
[edited by pjones to use .text.* instead of naming the sections
individually, and to sync up with what other arches have in .text]
|
|
Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
|
|
"gcc -fanalyzer" found two NULL pointer checks we're missing in sbat.c:
include/str.h: In function ‘get_sbat_field.part.0’:
sbat.c:20:14: error: dereference of NULL ‘offset’ [CWE-476] [-Werror=analyzer-null-dereference]
20 | if (!*offset)
and
include/str.h: In function ‘parse_sbat’:
sbat.c:140:27: error: dereference of NULL ‘current’ [CWE-476] [-Werror=analyzer-null-dereference]
140 | } while (entry && *current != '\0');
Both are simple, and this patch fixes them.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
