[arch-commits] Commit in sbsigntools/trunk (0.9.4-fix-pe-coff-checksum.patch PKGBUILD)
Tobias Powalowski
tpowa at gemini.archlinux.org
Tue May 10 08:11:04 UTC 2022
Date: Tuesday, May 10, 2022 @ 08:11:04
Author: tpowa
Revision: 444926
upgpkg: sbsigntools 0.9.4-2: fix #71822
Added:
sbsigntools/trunk/0.9.4-fix-pe-coff-checksum.patch
Modified:
sbsigntools/trunk/PKGBUILD
----------------------------------+
0.9.4-fix-pe-coff-checksum.patch | 43 +++++++++++++++++++++++++++++++++++++
PKGBUILD | 12 +++++++---
2 files changed, 52 insertions(+), 3 deletions(-)
Added: 0.9.4-fix-pe-coff-checksum.patch
===================================================================
--- 0.9.4-fix-pe-coff-checksum.patch (rev 0)
+++ 0.9.4-fix-pe-coff-checksum.patch 2022-05-10 08:11:04 UTC (rev 444926)
@@ -0,0 +1,43 @@
+From e9f13a7c4c19ed4ef12f226821bbcd2295d1af73 Mon Sep 17 00:00:00 2001
+From: Heinrich Schuchardt <heinrich.schuchardt at canonical.com>
+Date: Thu, 10 Mar 2022 20:41:04 +0100
+Subject: Fix PE/COFF checksum calculation
+
+Gbp-Pq: fix_checksum_calc.patch.
+---
+ src/image.c | 6 +-----
+ 1 file changed, 1 insertion(+), 5 deletions(-)
+
+diff --git a/src/image.c b/src/image.c
+index 5697296..8ac79dd 100644
+--- a/src/image.c
++++ b/src/image.c
+@@ -162,7 +162,6 @@ static void image_pecoff_update_checksum(struct image *image)
+ {
+ bool is_signed = image->sigsize && image->sigbuf;
+ uint32_t checksum;
+- struct cert_table_header *cert_table = image->cert_table;
+
+ /* We carefully only include the signature data in the checksum (and
+ * in the file length) if we're outputting the signature. Otherwise,
+@@ -180,16 +179,13 @@ static void image_pecoff_update_checksum(struct image *image)
+ (void *)(image->checksum + 1));
+
+ if (is_signed) {
+- checksum = csum_bytes(checksum,
+- cert_table, sizeof(*cert_table));
+-
+ checksum = csum_bytes(checksum, image->sigbuf, image->sigsize);
+ }
+
+ checksum += image->data_size;
+
+ if (is_signed)
+- checksum += sizeof(*cert_table) + image->sigsize;
++ checksum += image->sigsize;
+
+ *(image->checksum) = cpu_to_le32(checksum);
+ }
+--
+cgit v1.1
+
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2022-05-10 07:59:07 UTC (rev 444925)
+++ PKGBUILD 2022-05-10 08:11:04 UTC (rev 444926)
@@ -5,7 +5,7 @@
pkgname=sbsigntools
pkgver=0.9.4
-pkgrel=1
+pkgrel=2
pkgdesc="Tools to add signatures to EFI binaries and Drivers"
arch=('x86_64')
url="https://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git/about"
@@ -13,9 +13,12 @@
depends=('glibc' 'openssl')
makedepends=('git' 'gnu-efi' 'help2man' 'util-linux-libs')
source=("git+https://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git#tag=v${pkgver}?signed"
- "git+https://git.ozlabs.org/ccan")
+ "git+https://git.ozlabs.org/ccan"
+ "0.9.4-fix-pe-coff-checksum.patch"
+ )
sha256sums=('SKIP'
- 'SKIP')
+ 'SKIP'
+ 'b6b56c5568bcc51ae3c0dea9af02bc840241d2405c300c5b7adcb61962dadf01')
validpgpkeys=('D5606E73C8B46271BEAD9ADF814AE47C214854D6') # James Bottomley <jejb at kernel.org>
prepare() {
@@ -24,6 +27,9 @@
git config submodule."lib/ccan.git".url "${srcdir}/ccan"
git submodule update
./autogen.sh
+ # fix #FS#71822
+ # https://git.launchpad.net/ubuntu/+source/sbsigntool/patch/?id=e9f13a7c4c19ed4ef12f226821bbcd2295d1af73
+ patch -Np1 -i "${srcdir}"/0.9.4-fix-pe-coff-checksum.patch
}
build() {
More information about the arch-commits
mailing list