[arch-commits] Commit in sbsigntools/trunk (0.9.4-fix-pe-coff-checksum.patch PKGBUILD)

Tobias Powalowski tpowa at gemini.archlinux.org
Tue May 10 08:11:04 UTC 2022 

    Date: Tuesday, May 10, 2022 @ 08:11:04
  Author: tpowa
Revision: 444926

upgpkg: sbsigntools 0.9.4-2: fix #71822

Added:
  sbsigntools/trunk/0.9.4-fix-pe-coff-checksum.patch
Modified:
  sbsigntools/trunk/PKGBUILD

----------------------------------+
 0.9.4-fix-pe-coff-checksum.patch |   43 +++++++++++++++++++++++++++++++++++++
 PKGBUILD                         |   12 +++++++---
 2 files changed, 52 insertions(+), 3 deletions(-)

Added: 0.9.4-fix-pe-coff-checksum.patch
===================================================================
--- 0.9.4-fix-pe-coff-checksum.patch	                        (rev 0)
+++ 0.9.4-fix-pe-coff-checksum.patch	2022-05-10 08:11:04 UTC (rev 444926)
@@ -0,0 +1,43 @@
+From e9f13a7c4c19ed4ef12f226821bbcd2295d1af73 Mon Sep 17 00:00:00 2001
+From: Heinrich Schuchardt <heinrich.schuchardt at canonical.com>
+Date: Thu, 10 Mar 2022 20:41:04 +0100
+Subject: Fix PE/COFF checksum calculation
+
+Gbp-Pq: fix_checksum_calc.patch.
+---
+ src/image.c | 6 +-----
+ 1 file changed, 1 insertion(+), 5 deletions(-)
+
+diff --git a/src/image.c b/src/image.c
+index 5697296..8ac79dd 100644
+--- a/src/image.c
++++ b/src/image.c
+@@ -162,7 +162,6 @@ static void image_pecoff_update_checksum(struct image *image)
+ {
+ 	bool is_signed = image->sigsize && image->sigbuf;
+ 	uint32_t checksum;
+-	struct cert_table_header *cert_table = image->cert_table;
+ 
+ 	/* We carefully only include the signature data in the checksum (and
+ 	 * in the file length) if we're outputting the signature.  Otherwise,
+@@ -180,16 +179,13 @@ static void image_pecoff_update_checksum(struct image *image)
+ 			(void *)(image->checksum + 1));
+ 
+ 	if (is_signed) {
+-		checksum = csum_bytes(checksum,
+-				cert_table, sizeof(*cert_table));
+-
+ 		checksum = csum_bytes(checksum, image->sigbuf, image->sigsize);
+ 	}
+ 
+ 	checksum += image->data_size;
+ 
+ 	if (is_signed)
+-		checksum += sizeof(*cert_table) + image->sigsize;
++		checksum += image->sigsize;
+ 
+ 	*(image->checksum) = cpu_to_le32(checksum);
+ }
+-- 
+cgit v1.1
+

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2022-05-10 07:59:07 UTC (rev 444925)
+++ PKGBUILD	2022-05-10 08:11:04 UTC (rev 444926)
@@ -5,7 +5,7 @@
 
 pkgname=sbsigntools
 pkgver=0.9.4
-pkgrel=1
+pkgrel=2
 pkgdesc="Tools to add signatures to EFI binaries and Drivers"
 arch=('x86_64')
 url="https://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git/about"
@@ -13,9 +13,12 @@
 depends=('glibc' 'openssl')
 makedepends=('git' 'gnu-efi' 'help2man' 'util-linux-libs')
 source=("git+https://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git#tag=v${pkgver}?signed"
-        "git+https://git.ozlabs.org/ccan")
+        "git+https://git.ozlabs.org/ccan"
+        "0.9.4-fix-pe-coff-checksum.patch"
+        )
 sha256sums=('SKIP'
-            'SKIP')
+            'SKIP'
+            'b6b56c5568bcc51ae3c0dea9af02bc840241d2405c300c5b7adcb61962dadf01')
 validpgpkeys=('D5606E73C8B46271BEAD9ADF814AE47C214854D6') # James Bottomley <jejb at kernel.org>
 
 prepare() {
@@ -24,6 +27,9 @@
   git config submodule."lib/ccan.git".url "${srcdir}/ccan"
   git submodule update
   ./autogen.sh
+  # fix #FS#71822
+  # https://git.launchpad.net/ubuntu/+source/sbsigntool/patch/?id=e9f13a7c4c19ed4ef12f226821bbcd2295d1af73
+  patch -Np1 -i "${srcdir}"/0.9.4-fix-pe-coff-checksum.patch
 }
 
 build() {

More information about the arch-commits mailing list