From 588150712bebb551ecc66d0a03f6ccc12013f098 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 2 Oct 2013 19:17:05 -0700
Subject: [PATCH] feat(app-crypt/sbsigntool) update to latest upstream patches

This fixes a bug in sbsigntool that would cause newer UEFI firmware
images to fail the signature check of the booting binary.  This would
always show up on any firmware that supported multi-key signatures of
binaries.
---
 .../app-crypt/sbsigntool/ChangeLog            | 14 ++++++-
 .../app-crypt/sbsigntool/Manifest             | 27 +++----------
 .../0002-image.c-clear-image-variable.patch   | 29 ++++++++++++++
 .../files/0003-Fix-for-multi-sign.patch       | 39 +++++++++++++++++++
 .../sbsigntool/sbsigntool-0.6-r1.ebuild       | 38 ++++++++++++++++++
 .../sbsigntool/sbsigntool-0.6.ebuild          |  7 +++-
 6 files changed, 129 insertions(+), 25 deletions(-)
 create mode 100644 sdk_container/src/third_party/portage-stable/app-crypt/sbsigntool/files/0002-image.c-clear-image-variable.patch
 create mode 100644 sdk_container/src/third_party/portage-stable/app-crypt/sbsigntool/files/0003-Fix-for-multi-sign.patch
 create mode 100644 sdk_container/src/third_party/portage-stable/app-crypt/sbsigntool/sbsigntool-0.6-r1.ebuild

diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntool/ChangeLog b/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntool/ChangeLog
index 71e20ee4d2..f94fd48e12 100644
--- a/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntool/ChangeLog
+++ b/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntool/ChangeLog
@@ -1,6 +1,18 @@
 # ChangeLog for app-crypt/sbsigntool
 # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-crypt/sbsigntool/ChangeLog,v 1.3 2013/08/28 11:17:16 ago Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-crypt/sbsigntool/ChangeLog,v 1.5 2013/10/03 02:09:21 gregkh Exp $
+
+*sbsigntool-0.6-r1 (03 Oct 2013)
+
+  03 Oct 2013; Greg Kroah-Hartman <gregkh@gentoo.org>
+  +files/0002-image.c-clear-image-variable.patch,
+  +files/0003-Fix-for-multi-sign.patch, +sbsigntool-0.6-r1.ebuild:
+  patches to fix multi-key signing, fixing bugs with new versions of UEFI
+  firmware. Taken from the openSUSE packages as the upstream Launchpad project
+  is now dead.
+
+  05 Sep 2013; Mike Frysinger <vapier@gentoo.org> sbsigntool-0.6.ebuild:
+  Fix $AR handling #481480 by Agostino Sarubbo.
 
   28 Aug 2013; Agostino Sarubbo <ago@gentoo.org> sbsigntool-0.6.ebuild:
   Stable for x86, wrt bug #481396
diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntool/Manifest b/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntool/Manifest
index 5b10f736d8..29d18bb96b 100644
--- a/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntool/Manifest
+++ b/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntool/Manifest
@@ -1,24 +1,7 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA512
-
+AUX 0002-image.c-clear-image-variable.patch 822 SHA256 7877d69c0a6d014f43e1dc922db3fb503c1c3176dd2665a96f85ddfd73ed7e12 SHA512 004ba118cbe8fe5cc291888966e5994373c0b9d8149bc5c652a72971138fab5e64d721061c69e8b864d6ca5cdb4ffa193520156941b6bd9c998b256f8d72697b WHIRLPOOL 3872d97cde83e9423622f348dc50eb414f8512f95673cbf7e4b908f699455003d57711bda6bd0893f3a21b876a66ec480416bed5df52e5ecb33c00b21cbbb6c9
+AUX 0003-Fix-for-multi-sign.patch 1452 SHA256 803f97f6c01a573367371f9ffd4c53aab5916ea3218fdc515429ca559f5dad31 SHA512 2aba55a116536e7f41e4aac2fd33eeb92cf89b14bcdd8b93b6e9dc9bdaf2f0162134e56f7d365640445bf801ad8590f6d49f14cdf80b791324647067d52ae435 WHIRLPOOL a83c8dde50cf82559408be58482f73aa1c3460a63424578decfc36033b5c368f8ad219b1412a7eb0a478e91b8654e7a7392dc886a496f9efea6f12dcd2f0e379
 DIST sbsigntool_0.6.orig.tar.gz 212375 SHA256 84fb0c8f6fb1e79aa418a4f70a3139b38d5630043b28291c875f383e9b4294b8 SHA512 ed314d1cb7278cf5f27d4c3cd17f2195678419a7f9e47770429b6f95df35f7df035331e60c45970183ddd9b150a9b752f876c777929598b0525872b3255af95c WHIRLPOOL 3b86b9861f5e26586e8a9eb9bbf48adf1a12714b294f0acd605d53e37c27192006c6ecc81d31bf4f200f8e88508f38a52ef93e9e01e301c4245a11894227cecc
-EBUILD sbsigntool-0.6.ebuild 927 SHA256 4b265394fb3a83c49489cc0001bcd65716a00c1f95bd11c978ada2f64a3ef683 SHA512 2b3ba8533ddc1445ae93fe1cc3775255d9e8fb12375b4d1cced4431d5a516cf11a5f762916cfc47202e290665430e8788e455d5aa836581050c873e0a043810a WHIRLPOOL ec501b6ce4ce5f59fe47c3436315932c08b586c11f114bd768928520372179912f14d295df737ff3a68c22203c909263cc9e1d0110a7d8190cd8ecccc0d30b5a
-MISC ChangeLog 589 SHA256 b209e9aef39923d0c4d11563b6568e42eabb4ea59f64b5a63fb4649bb9ea6ab7 SHA512 f346aa5c9e045d945b1921bd5039c554e5b6164179ba4877bca6c522f9c2a6f59d28a674e13792f58d4897189dd94c77a30232cf09bccebe17fb7a2545713d88 WHIRLPOOL c8286d1507c2b58c162627e2033f8f48ed04033c3ade807e6d0e2d15a6efb06f0a882ea76c308fb439722d6daf3cae5f5720b8cbb51cfb148fedfa061924b6a4
+EBUILD sbsigntool-0.6-r1.ebuild 1156 SHA256 efb231e59814ccb124ef80de7458267dd393ce482bbcf93fd1b8d0bfb09df42e SHA512 bb9e4b56c0b9cc11f126bd9b3b304745253259122665527cabe0646cd6ff92afde33698ee6e658098b72c4e4eac1985fa42f5ee3f3e602e974bcf627e4074947 WHIRLPOOL c84bc235184215eeacf9511f3d24225dae07c9b05432c41b55a0726ee1a879bb42e7b07f0d67deac088113b43c3de6163d6aac727cce55c5d10fd6f786ad44db
+EBUILD sbsigntool-0.6.ebuild 1030 SHA256 8bc44c1f02f282908aa16e638f3d950a270b3997906055bb4d5b24b1f249bace SHA512 40f1746f5e87f8f5fda0fccd3907ee62aab3f6c0268c9cc474b2182f367cf0d28d05bfec7569a73c72c71dc7071e942a3841cac2f4dde671664cef72053ab2ff WHIRLPOOL e25a70fbadd8cded0c5daa1a28a0518bd3c13d4f182498a7c784fed88bc0972dd54a03fe4fe243eef4fdd9a1f21d3f66a9f93597a097a224f1d00ecde938cc1c
+MISC ChangeLog 1088 SHA256 f6330d40480ce3a4c864e50d5f486890dd2815ce7b9ae10177e4771ceebccb7a SHA512 744e16add502ea2b5bb165372d6f22767ca1ce0d117fac749a9f14e5f75463b68a2d4394e4a24ed42c88a1c40292854f8425f2d90043639c606b203e031e639b WHIRLPOOL 518bbffb52258512217b189e31edc33a9a9df6dbb202077ab8d65f0b85ab0efde4fa0b773a386b3c03600ce9ca5d41334d51129efb525899cbc0f8ef7fcfe1d1
 MISC metadata.xml 240 SHA256 060d4d570194ff567e10d66246f85d4b9fee1efb17d111aeb9f03345f6e20efd SHA512 41a5c4b9e67d814937a0524714617a059c1351a00ac12d9344373f43b41d074e24fab5598e44c8a22f1848bfa12b8fc76cd5674ca62cd1f917b3235c77721971 WHIRLPOOL da0b560d9528cfe4fcff409de2d9749cf9ae8b7a04468b42463e8097b89e152a67a0da0ea7e6db1186f852687979c2e843e487a5eb76e663717148a796aa093d
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.20 (GNU/Linux)
-
-iQIcBAEBCgAGBQJSHdw9AAoJELp701BxlEWfUCEP/2usWaSIi1CTQRu+4g2VARYh
-k54qcQMC/o3k8my/pSUSSjw5ORkCxA4k1bwzIyMeEcOOzJJFuIOIZR3njmPzE+sy
-IY3PaMCVcn6OT4gHUw03SUl/IV0/SdrFv39LeLW8S4MyhbPsu4h5m2G64HmR0JwI
-LPOhmHNfNLfMWoljn0auU4bPF0Y7gab2zmc68ElewdLmMS9ubxgfipqmZuzvJaub
-FiiDx7QkVHkZNc2/wkZhVml4+T3kej2GiLVBE4o6C6pfAjzxl+D6AFbmRO6ewwbX
-PayhgUE6S3iZ5na9zS6iR3G36EeLStmELUb0L2HK5yAGlwk0YLRWL8XZvJhkYhya
-QedP9TQES9A7EyssQSmtl9q6DpSdIme/5evkul+CuYVLyOicWztOuDKQqaiv0anU
-K5YvWw6eH81d1SBG1BzKae2ZtoYA9Mvfwq7DJ+W1wTm95bzeeoKztQtOvm9PwTTi
-oO9dAue0Lgb1TgVlTAJ099MztVCgozKFz3gIN3z15qGpOus67WqUUEV/J1dmrs7d
-kD4S/6XNyy4yvhggzlve7MHb9JtK3Xf5rLttJaBQ9WIQM/MlYbMSXP2+aZ4gO5T4
-q6ZyjQv9Ju8I2KWhMVitRyhPOs3aJ1VrkGcjLNElJCeyIBgtQjlMztrKrAMFwQVl
-7vT3Cy78pqIW3KbPFSVV
-=ciag
------END PGP SIGNATURE-----
diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntool/files/0002-image.c-clear-image-variable.patch b/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntool/files/0002-image.c-clear-image-variable.patch
new file mode 100644
index 0000000000..dfe183e66c
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntool/files/0002-image.c-clear-image-variable.patch
@@ -0,0 +1,29 @@
+From 21e984fa9d93a760cc03f5d9d13d023809227df2 Mon Sep 17 00:00:00 2001
+From: James Bottomley <JBottomley@Parallels.com>
+Date: Thu, 11 Apr 2013 21:12:17 -0700
+Subject: image.c: clear image variable
+
+Not zeroing the image after talloc occasionally leads to a segfault because
+the programme thinks it has a signature when in reality it just has a junk
+pointer and segfaults.
+
+Signed-off-by: James Bottomley <JBottomley@Parallels.com>
+---
+ src/image.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/image.c b/src/image.c
+index cc55791..10eba0e 100644
+--- a/src/image.c
++++ b/src/image.c
+@@ -401,6 +401,7 @@ struct image *image_load(const char *filename)
+ 		return NULL;
+ 	}
+ 
++	memset(image, 0, sizeof(*image));
+ 	rc = fileio_read_file(image, filename, &image->buf, &image->size);
+ 	if (rc)
+ 		goto err;
+-- 
+1.8.2.1
+
diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntool/files/0003-Fix-for-multi-sign.patch b/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntool/files/0003-Fix-for-multi-sign.patch
new file mode 100644
index 0000000000..f42c69616d
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntool/files/0003-Fix-for-multi-sign.patch
@@ -0,0 +1,39 @@
+From e58a528ef57e53008222f238cce7c326a14572e2 Mon Sep 17 00:00:00 2001
+From: James Bottomley <JBottomley@Parallels.com>
+Date: Mon, 30 Sep 2013 19:25:37 -0700
+Subject: [PATCH 4/4] Fix for multi-sign
+
+The new Tianocore multi-sign code fails now for images signed with
+sbsigntools.  The reason is that we don't actually align the signature table,
+we just slap it straight after the binary data.  Unfortunately, the new
+multi-signature code checks that our alignment offsets are correct and fails
+the signature for this reason.  Fix by adding junk to the end of the image to
+align the signature section.
+
+Signed-off-by: James Bottomley <JBottomley@Parallels.com>
+---
+ src/image.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/src/image.c b/src/image.c
+index 10eba0e..519e288 100644
+--- a/src/image.c
++++ b/src/image.c
+@@ -385,7 +385,13 @@ static int image_find_regions(struct image *image)
+ 
+ 	/* record the size of non-signature data */
+ 	r = &image->checksum_regions[image->n_checksum_regions - 1];
+-	image->data_size = (r->data - (void *)image->buf) + r->size;
++	/*
++	 * The new Tianocore multisign does a stricter check of the signatures
++	 * in particular, the signature table must start at an aligned offset
++	 * fix this by adding bytes to the end of the text section (which must
++	 * be included in the hash)
++	 */
++	image->data_size = align_up((r->data - (void *)image->buf) + r->size, 8);
+ 
+ 	return 0;
+ }
+-- 
+1.8.4
+
diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntool/sbsigntool-0.6-r1.ebuild b/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntool/sbsigntool-0.6-r1.ebuild
new file mode 100644
index 0000000000..fbdf2a7c13
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntool/sbsigntool-0.6-r1.ebuild
@@ -0,0 +1,38 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-crypt/sbsigntool/sbsigntool-0.6-r1.ebuild,v 1.1 2013/10/03 02:09:21 gregkh Exp $
+
+EAPI="4"
+
+inherit eutils toolchain-funcs
+
+DESCRIPTION="Utilities for signing and verifying files for UEFI Secure Boot"
+HOMEPAGE="https://launchpad.net/ubuntu/+source/sbsigntool"
+SRC_URI="https://launchpad.net/ubuntu/+archive/primary/+files/${PN}_${PV}.orig.tar.gz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE=""
+
+RDEPEND="dev-libs/openssl
+	sys-apps/util-linux"
+DEPEND="${RDEPEND}
+	sys-apps/help2man
+	sys-boot/gnu-efi
+	virtual/pkgconfig"
+
+src_prepare() {
+	local iarch
+	case ${ARCH} in
+		ia64)  iarch=ia64 ;;
+		x86)   iarch=ia32 ;;
+		amd64) iarch=x86_64 ;;
+		*)     die "unsupported architecture: ${ARCH}" ;;
+	esac
+	sed -i "/^EFI_ARCH=/s:=.*:=${iarch}:" configure || die
+	sed -i 's/-m64$/& -march=x86-64/' tests/Makefile.in || die
+	sed -i "/^AR /s:=.*:= $(tc-getAR):" lib/ccan/Makefile.in || die #481480
+	epatch "${FILESDIR}"/0002-image.c-clear-image-variable.patch
+	epatch "${FILESDIR}"/0003-Fix-for-multi-sign.patch
+}
diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntool/sbsigntool-0.6.ebuild b/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntool/sbsigntool-0.6.ebuild
index 27c9779de5..b55c6e5bb2 100644
--- a/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntool/sbsigntool-0.6.ebuild
+++ b/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntool/sbsigntool-0.6.ebuild
@@ -1,11 +1,13 @@
 # Copyright 1999-2013 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-crypt/sbsigntool/sbsigntool-0.6.ebuild,v 1.3 2013/08/28 11:17:16 ago Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-crypt/sbsigntool/sbsigntool-0.6.ebuild,v 1.4 2013/09/05 07:31:21 vapier Exp $
 
 EAPI="4"
 
+inherit toolchain-funcs
+
 DESCRIPTION="Utilities for signing and verifying files for UEFI Secure Boot"
-HOMEPAGE="http://packages.ubuntu.com/quantal/sbsigntool"
+HOMEPAGE="https://launchpad.net/ubuntu/+source/sbsigntool"
 SRC_URI="https://launchpad.net/ubuntu/+archive/primary/+files/${PN}_${PV}.orig.tar.gz"
 
 LICENSE="GPL-3"
@@ -30,4 +32,5 @@ src_prepare() {
 	esac
 	sed -i "/^EFI_ARCH=/s:=.*:=${iarch}:" configure || die
 	sed -i 's/-m64$/& -march=x86-64/' tests/Makefile.in || die
+	sed -i "/^AR /s:=.*:= $(tc-getAR):" lib/ccan/Makefile.in || die #481480
 }