[gentoo-commits] repo/gentoo:master commit in: app-crypt/sbsigntools/files/

[gentoo-commits] repo/gentoo:master commit in: app-crypt/sbsigntools/files/

[Conrad Kostecki]

commit:     b0c21fbbcd45cea8afada073831869d39e152fa8
Author:     Michael Mair-Keimberger <m.mairkeimberger <AT> gmail <DOT> com>
AuthorDate: Thu Oct  1 18:23:49 2020 +0000
Commit:     Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Fri Oct  9 13:44:27 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b0c21fbb

app-crypt/sbsigntools: remove unused patches

Closes: https://github.com/gentoo/gentoo/pull/17740
Package-Manager: Portage-3.0.8, Repoman-3.0.1
Signed-off-by: Michael Mair-Keimberger <m.mairkeimberger <AT> gmail.com>
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>

 .../files/0002-image.c-clear-image-variable.patch  | 29 ----------------
 .../files/0003-Fix-for-multi-sign.patch            | 39 ----------------------
 2 files changed, 68 deletions(-)

diff --git a/app-crypt/sbsigntools/files/0002-image.c-clear-image-variable.patch b/app-crypt/sbsigntools/files/0002-image.c-clear-image-variable.patch
deleted file mode 100644
index dfe183e66cd..00000000000
--- a/app-crypt/sbsigntools/files/0002-image.c-clear-image-variable.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 21e984fa9d93a760cc03f5d9d13d023809227df2 Mon Sep 17 00:00:00 2001
-From: James Bottomley <JBottomley@Parallels.com>
-Date: Thu, 11 Apr 2013 21:12:17 -0700
-Subject: image.c: clear image variable
-
-Not zeroing the image after talloc occasionally leads to a segfault because
-the programme thinks it has a signature when in reality it just has a junk
-pointer and segfaults.
-
-Signed-off-by: James Bottomley <JBottomley@Parallels.com>
----
- src/image.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/image.c b/src/image.c
-index cc55791..10eba0e 100644
---- a/src/image.c
-+++ b/src/image.c
-@@ -401,6 +401,7 @@ struct image *image_load(const char *filename)
- 		return NULL;
- 	}
- 
-+	memset(image, 0, sizeof(*image));
- 	rc = fileio_read_file(image, filename, &image->buf, &image->size);
- 	if (rc)
- 		goto err;
--- 
-1.8.2.1
-

diff --git a/app-crypt/sbsigntools/files/0003-Fix-for-multi-sign.patch b/app-crypt/sbsigntools/files/0003-Fix-for-multi-sign.patch
deleted file mode 100644
index f42c69616d1..00000000000
--- a/app-crypt/sbsigntools/files/0003-Fix-for-multi-sign.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From e58a528ef57e53008222f238cce7c326a14572e2 Mon Sep 17 00:00:00 2001
-From: James Bottomley <JBottomley@Parallels.com>
-Date: Mon, 30 Sep 2013 19:25:37 -0700
-Subject: [PATCH 4/4] Fix for multi-sign
-
-The new Tianocore multi-sign code fails now for images signed with
-sbsigntools.  The reason is that we don't actually align the signature table,
-we just slap it straight after the binary data.  Unfortunately, the new
-multi-signature code checks that our alignment offsets are correct and fails
-the signature for this reason.  Fix by adding junk to the end of the image to
-align the signature section.
-
-Signed-off-by: James Bottomley <JBottomley@Parallels.com>
----
- src/image.c | 8 +++++++-
- 1 file changed, 7 insertions(+), 1 deletion(-)
-
-diff --git a/src/image.c b/src/image.c
-index 10eba0e..519e288 100644
---- a/src/image.c
-+++ b/src/image.c
-@@ -385,7 +385,13 @@ static int image_find_regions(struct image *image)
- 
- 	/* record the size of non-signature data */
- 	r = &image->checksum_regions[image->n_checksum_regions - 1];
--	image->data_size = (r->data - (void *)image->buf) + r->size;
-+	/*
-+	 * The new Tianocore multisign does a stricter check of the signatures
-+	 * in particular, the signature table must start at an aligned offset
-+	 * fix this by adding bytes to the end of the text section (which must
-+	 * be included in the hash)
-+	 */
-+	image->data_size = align_up((r->data - (void *)image->buf) + r->size, 8);
- 
- 	return 0;
- }
--- 
-1.8.4
-

[gentoo-commits] repo/gentoo:master commit in: app-crypt/sbsigntools/files/

[Conrad Kostecki]

commit:     303ab7ace0acadc65d7749fc441b35f76899639f
Author:     Michael Mair-Keimberger <mmk <AT> levelnine <DOT> at>
AuthorDate: Thu Nov 25 16:51:43 2021 +0000
Commit:     Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Sun Dec  5 21:45:13 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=303ab7ac

app-crypt/sbsigntools: remove unused patch(es)

Closes: https://github.com/gentoo/gentoo/pull/23081
Package-Manager: Portage-3.0.28, Repoman-3.0.3
Signed-off-by: Michael Mair-Keimberger <mmk <AT> levelnine.at>
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>

 .../sbsigntools-0.9.1-openssl-1.1.0-compat.patch   | 152 ---------------------
 1 file changed, 152 deletions(-)

diff --git a/app-crypt/sbsigntools/files/sbsigntools-0.9.1-openssl-1.1.0-compat.patch b/app-crypt/sbsigntools/files/sbsigntools-0.9.1-openssl-1.1.0-compat.patch
deleted file mode 100644
index 2f9364f246ee..000000000000
--- a/app-crypt/sbsigntools/files/sbsigntools-0.9.1-openssl-1.1.0-compat.patch
+++ /dev/null
@@ -1,152 +0,0 @@
-diff --git a/src/fileio.c b/src/fileio.c
-index 032eb1e..09bc3aa 100644
---- a/src/fileio.c
-+++ b/src/fileio.c
-@@ -40,6 +40,7 @@
- #include <openssl/pem.h>
- #include <openssl/err.h>
- #include <openssl/engine.h>
-+#include <openssl/ui.h>
- 
- #include <ccan/talloc/talloc.h>
- #include <ccan/read_write_all/read_write_all.h>
-diff --git a/src/idc.c b/src/idc.c
-index 236cefd..6d87bd4 100644
---- a/src/idc.c
-+++ b/src/idc.c
-@@ -238,7 +238,11 @@ struct idc *IDC_get(PKCS7 *p7, BIO *bio)
- 
- 	/* extract the idc from the signed PKCS7 'other' data */
- 	str = p7->d.sign->contents->d.other->value.asn1_string;
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
- 	idcbuf = buf = ASN1_STRING_data(str);
-+#else
-+	idcbuf = buf = ASN1_STRING_get0_data(str);
-+#endif
- 	idc = d2i_IDC(NULL, &buf, ASN1_STRING_length(str));
- 
- 	/* If we were passed a BIO, write the idc data, minus type and length,
-@@ -289,7 +293,11 @@ int IDC_check_hash(struct idc *idc, struct image *image)
- 	}
- 
- 	/* check hash against the one we calculated from the image */
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
- 	buf = ASN1_STRING_data(str);
-+#else
-+	buf = ASN1_STRING_get0_data(str);
-+#endif
- 	if (memcmp(buf, sha, sizeof(sha))) {
- 		fprintf(stderr, "Hash doesn't match image\n");
- 		fprintf(stderr, " got:       %s\n", sha256_str(buf));
-diff --git a/src/sbattach.c b/src/sbattach.c
-index a0c01b8..e89a23e 100644
---- a/src/sbattach.c
-+++ b/src/sbattach.c
-@@ -231,6 +231,7 @@ int main(int argc, char **argv)
- 		return EXIT_FAILURE;
- 	}
- 
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
- 	ERR_load_crypto_strings();
- 	OpenSSL_add_all_digests();
- 	OPENSSL_config(NULL);
-@@ -239,6 +240,7 @@ int main(int argc, char **argv)
- 	 * module isn't present).  In either case ignore the errors
- 	 * (malloc will cause other failures out lower down */
- 	ERR_clear_error();
-+#endif
- 
- 	image = image_load(image_filename);
- 	if (!image) {
-diff --git a/src/sbkeysync.c b/src/sbkeysync.c
-index 7b17f40..419b1e7 100644
---- a/src/sbkeysync.c
-+++ b/src/sbkeysync.c
-@@ -208,7 +208,11 @@ static int x509_key_parse(struct key *key, uint8_t *data, size_t len)
- 		goto out;
- 
- 	key->id_len = ASN1_STRING_length(serial);
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
- 	key->id = talloc_memdup(key, ASN1_STRING_data(serial), key->id_len);
-+#else
-+	key->id = talloc_memdup(key, ASN1_STRING_get0_data(serial), key->id_len);
-+#endif
- 
- 	key->description = talloc_array(key, char, description_len);
- 	X509_NAME_oneline(X509_get_subject_name(x509),
-@@ -927,6 +931,7 @@ int main(int argc, char **argv)
- 		return EXIT_FAILURE;
- 	}
- 
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
- 	ERR_load_crypto_strings();
- 	OpenSSL_add_all_digests();
- 	OpenSSL_add_all_ciphers();
-@@ -936,6 +941,7 @@ int main(int argc, char **argv)
- 	 * module isn't present).  In either case ignore the errors
- 	 * (malloc will cause other failures out lower down */
- 	ERR_clear_error();
-+#endif
- 
- 	ctx->filesystem_keys = init_keyset(ctx);
- 	ctx->firmware_keys = init_keyset(ctx);
-diff --git a/src/sbsign.c b/src/sbsign.c
-index ff1fdfd..78d8d64 100644
---- a/src/sbsign.c
-+++ b/src/sbsign.c
-@@ -188,6 +188,7 @@ int main(int argc, char **argv)
- 
- 	talloc_steal(ctx, ctx->image);
- 
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
- 	ERR_load_crypto_strings();
- 	OpenSSL_add_all_digests();
- 	OpenSSL_add_all_ciphers();
-@@ -197,6 +198,7 @@ int main(int argc, char **argv)
- 	 * module isn't present).  In either case ignore the errors
- 	 * (malloc will cause other failures out lower down */
- 	ERR_clear_error();
-+#endif
- 	if (engine)
- 		pkey = fileio_read_engine_key(engine, keyfilename);
- 	else
-diff --git a/src/sbvarsign.c b/src/sbvarsign.c
-index 7dcbe51..9319c8b 100644
---- a/src/sbvarsign.c
-+++ b/src/sbvarsign.c
-@@ -509,6 +509,7 @@ int main(int argc, char **argv)
- 		return EXIT_FAILURE;
- 	}
- 
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
- 	/* initialise openssl */
- 	OpenSSL_add_all_digests();
- 	OpenSSL_add_all_ciphers();
-@@ -519,6 +520,7 @@ int main(int argc, char **argv)
- 	 * module isn't present).  In either case ignore the errors
- 	 * (malloc will cause other failures out lower down */
- 	ERR_clear_error();
-+#endif
- 
- 	/* set up the variable signing context */
- 	varname = argv[optind];
-diff --git a/src/sbverify.c b/src/sbverify.c
-index 3920d91..d0b203a 100644
---- a/src/sbverify.c
-+++ b/src/sbverify.c
-@@ -250,6 +250,7 @@ int main(int argc, char **argv)
- 	verbose = false;
- 	detached_sig_filename = NULL;
- 
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
- 	OpenSSL_add_all_digests();
- 	ERR_load_crypto_strings();
- 	OPENSSL_config(NULL);
-@@ -258,6 +259,7 @@ int main(int argc, char **argv)
- 	 * module isn't present).  In either case ignore the errors
- 	 * (malloc will cause other failures out lower down */
- 	ERR_clear_error();
-+#endif
- 
- 	for (;;) {
- 		int idx;