| Age | Commit message (Collapse) | Author |
|---|
|
required by efibind.h, and not found with -nostdinc. (LP: #1429978)
|
|
The wildcard support was introduced in objcopy since binutils 2.24.
However, objcopy < 2.24 never issues any warning message with the
wildcard and a faulty binary will be generated. This commit makes
the build failed as a notification for the usage of binutils < 2.24.
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
|
|
Update Cryptlib to r16559 and openssl to 0.9.8zf
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
|
|
|
|
- Clarify meaning of insecure_mode. (LP: #1384973)
* debian/patches/CVE-2014-3675.patch, debian/patches/CVE-2014-3677.patch,
debian/patches/0001-Update-openssl-to-0.9.8za.patch: dropped, included
in the upstream release.
* debian/patches/sbsigntool-not-pesign,debian/patches/second-stage-path:
refreshed.
|
|
|
|
|
|
refreshed.
|
|
debian/patches/0001-Update-openssl-to-0.9.8za.patch: dropped, included
in the upstream release.
|
|
|
|
|
|
|
|
|
|
-0ubuntu3.
|
|
We depend on there being a .hash section in the binary, and that's not
the case on distributions that default to building with gnu-style ELF
hashes. Explicitly request sysv-style hashes in order to avoid building
broken binaries.
Signed-off-by: Matthew Garrett <mjg59@coreos.com>
|
|
Basically they messed around with stdarg some and now we need to do it
the other way.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
... but isn't.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
The following commit:
commit 4aac8a1179e160397d7ef8f1e3232cfb4f3373d6
Author: Gary Ching-Pang Lin <glin@suse.com>
Date: Thu Mar 6 10:57:02 2014 +0800
[fallback] Fix the data size for boot option comparison
corrected the data size used for comparison, but also reduced the
allocation so it doesn't include the trailing UTF16LE '\0\0' at the
end of the string, with the result that the trailer of the buffer
containing the string is overwritten, which OVMF detects as memory
corruption.
Increase the size of the storage buffer in a few places to correct
this problem.
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Gary Ching-Pang Lin <glin@suse.com>
|
|
fallback.c: In function ‘update_boot_order’:
fallback.c:334:17: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
for (j = 0 ; j < size / sizeof (CHAR16); j++)
^
fallback.c: In function ‘add_to_boot_list’:
fallback.c:402:16: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
for (i = 0; i < s; i++) {
^
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
|
|
System services haven't been hooked if we're not in secure mode, so
do_exit() will never be called. In this case shim never gets control
once grub exits, which means if booting fails and the firmware tries
another boot option, it'll attempt to talk to the shim protocol we
installed.
This is wrong, because it is allowed to have been cleared from ram at
this time, since the task it's under has exited.
So just don't install the protocols when we're not enforcing.
This version also has a message and a 2-second stall after calling
start_image(), so that we can tell if we are on the expected return path
of our execution flow.
|
|
Turns out a) the codegen on aarch64 generates code that has real
alignment needs, and b) if we check the length of discardable sections
before discarding them, we error for no reason.
So do the error checking in the right order, and always enforce some
alignment because we know we have to.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
We don't need the headers from the standard include path.
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
|
|
|
|
|
|
parsing DHCPv6 information
- debian/patches/CVE-2014-3675.patch: apply proper bounds checking
when parsing data provided in DHCPv6 packets.
- CVE-2014-3675
- CVE-2014-3676
* SECURITY UPDATE: memory corruption when processing user-provided key
lists
- debian/patches/CVE-2014-3677.patch: detect malformed machine owner
key (MOK) lists and ignore them, avoiding possible memory corruption.
- CVE-2014-3677
|
|
|
|
openssl 0.9.8za update.
|
|
but only detected on the buildds.
|
|
|
|
openssl 0.9.8za in via upstream.
|
|
|
|
|
|
|
|
|
|
This check is for end == NULL but was meant to be *end == '\0'. Without
this change, we'll pass a plausibly bad address (i.e. one with no ']' at
the end) to Mtftp(... READ_FILE ...), which should fail correctly, but
our error messaging will be inconsistent.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
I'm going to have to fix any errors that have this anyway, so may as
well do it here properly.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
|
|
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
I mistakenly added CryptPkcs7VerifyNull.c which may make Pkcs7Verify
always return FALSE. Besides CryptPkcs7VerifyNull.c, there are some
functions we would never use. This commit removes those files to
avoid any potential trouble.
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
|
|
We replaced the build key with an empty file while compiling shim
for our distro. Skip the verification with the empty build key
since this makes no sense.
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Find the relocations based on the *file* address in the old binary,
because it's only the same as the virtual address some of the time.
Also perform some extra validation before processing it, and don't bail
out in /error/ if both ReloceBase and RelocEnd are null - that condition
is fine.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Revert "Do the same for ia32..."
and "Generate a sane PE header on shim, fallback, and MokManager."
This reverts commit 6744a7ef8eca44948565c3d1244ec931ed3f6fee.
and commit 0e7ba5947eb38b79de2051ecf3b95055e620475c.
These are premature and I can do this without such drastic measures.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
We build with -Werror=signed-compare in fedora/rhel rpms, and this
showed up.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Once again, on ia32 this time, we see:
00000120 47 84 00 00 0a 00 00 00 00 00 00 00 00 00 00 00 |G...............|
Which is where the pointer on ia32 for the Base Relocation Table should
be. It points to 0x8447, which isn't a particularly reasonable address as
numbers go, and happens to have this data there:
00008440 6f 00 6e 00 66 00 69 00 67 00 75 00 72 00 65 00 |o.n.f.i.g.u.r.e.|
00008450 00 00 49 00 50 00 76 00 36 00 28 00 00 00 2c 00 |..I.P.v.6.(...,.|
00008460 25 00 73 00 2c 00 00 00 29 00 00 00 25 00 64 00 |%.s.,...)...%.d.|
00008470 2e 00 25 00 64 00 2e 00 25 00 64 00 2e 00 25 00 |..%.d...%.d...%.|
00008480 64 00 00 00 44 00 48 00 43 00 50 00 00 00 49 00 |d...D.H.C.P...I.|
00008490 50 00 76 00 34 00 28 00 00 00 2c 00 25 00 73 00 |P.v.4.(...,.%.s.|
And so that table is, in theory, this part:
00008447 00 67 00 75 00 72 00 65 00 | .g.u.r.e.|
00008450 00 |. |
Which is pretty clearly not a pointer table of any kind.
So give ia32 the same treatment as x86_64, and now all arches work basically
the same.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
It turns out a7249a65 was masking a second problem - on some binaries,
when we actually don't have any base relocations at all, binutils'
"objcopy --target efi-app-x86_64" is generating a PE header with a base
relocations pointer that happily points into the middle of our text
section. So with shim processing base relocations correctly, it refuses
to load those binaries.
For example, on one binary I just built:
00000130 00 a0 00 00 0a 00 00 00 00 00 00 00 00 00 00 00 |................|
which says there's a Base Relocation Table at 0xa000 that's 0xa bytes long.
That's here:
0000a000 58 00 29 00 00 00 00 00 48 00 44 00 28 00 50 00 |X.).....H.D.(.P.|
0000a010 61 00 72 00 74 00 25 00 64 00 2c 00 53 00 69 00 |a.r.t.%.d.,.S.i.|
0000a020 67 00 25 00 67 00 29 00 00 00 00 00 00 00 00 00 |g.%.g.).........|
0000a030 48 00 44 00 28 00 50 00 61 00 72 00 74 00 25 00 |H.D.(.P.a.r.t.%.|
So the table is:
0000a000 58 00 29 00 00 00 00 00 48 00 |X.).....H. |
That wouldn't be so bad, except those binaries are MokManager.efi,
fallback.efi, and shim.efi, and sometimes they're .reloc, which we're
actually trying to handle correctly now because grub builds with a real
and valid .reloc table. So though I didn't think there was any hair
left on this yak, more shaving ensues.
With this change, instead of letting objcopy do whatever it likes, we
switch to "-O binary" and merely link in a header that's appropriate for
our binaries. This is the same method Ard wrote for aarch64, and it
seems to work fine in either place (modulo some minor changes.)
At some point this should be merged into gnu-efi instead of carrying our
own crt0-efi-x86_64.S, but that's a less immediate problem.
I did not need this problem.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
