diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntool/ChangeLog b/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntool/ChangeLog deleted file mode 100644 index d2e116e052..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntool/ChangeLog +++ /dev/null @@ -1,33 +0,0 @@ -# ChangeLog for app-crypt/sbsigntool -# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-crypt/sbsigntool/ChangeLog,v 1.7 2014/01/14 13:55:54 ago Exp $ - - 14 Jan 2014; Agostino Sarubbo sbsigntool-0.6-r1.ebuild: - Stable for x86, wrt bug #495328 - - 12 Jan 2014; Pacho Ramos sbsigntool-0.6-r1.ebuild: - amd64 stable, bug #495328 - -*sbsigntool-0.6-r1 (03 Oct 2013) - - 03 Oct 2013; Greg Kroah-Hartman - +files/0002-image.c-clear-image-variable.patch, - +files/0003-Fix-for-multi-sign.patch, +sbsigntool-0.6-r1.ebuild: - patches to fix multi-key signing, fixing bugs with new versions of UEFI - firmware. Taken from the openSUSE packages as the upstream Launchpad project - is now dead. - - 05 Sep 2013; Mike Frysinger sbsigntool-0.6.ebuild: - Fix $AR handling #481480 by Agostino Sarubbo. - - 28 Aug 2013; Agostino Sarubbo sbsigntool-0.6.ebuild: - Stable for x86, wrt bug #481396 - - 17 Aug 2013; Agostino Sarubbo sbsigntool-0.6.ebuild: - Stable for amd64, wrt bug #481396 - -*sbsigntool-0.6 (24 Dec 2012) - - 24 Dec 2012; Mike Frysinger +metadata.xml, - +sbsigntool-0.6.ebuild: - New package #444830 by Maxim Kammerer. diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntool/Manifest b/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntool/Manifest deleted file mode 100644 index 27e0890209..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntool/Manifest +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA256 - -AUX 0002-image.c-clear-image-variable.patch 822 SHA256 7877d69c0a6d014f43e1dc922db3fb503c1c3176dd2665a96f85ddfd73ed7e12 SHA512 004ba118cbe8fe5cc291888966e5994373c0b9d8149bc5c652a72971138fab5e64d721061c69e8b864d6ca5cdb4ffa193520156941b6bd9c998b256f8d72697b WHIRLPOOL 3872d97cde83e9423622f348dc50eb414f8512f95673cbf7e4b908f699455003d57711bda6bd0893f3a21b876a66ec480416bed5df52e5ecb33c00b21cbbb6c9 -AUX 0003-Fix-for-multi-sign.patch 1452 SHA256 803f97f6c01a573367371f9ffd4c53aab5916ea3218fdc515429ca559f5dad31 SHA512 2aba55a116536e7f41e4aac2fd33eeb92cf89b14bcdd8b93b6e9dc9bdaf2f0162134e56f7d365640445bf801ad8590f6d49f14cdf80b791324647067d52ae435 WHIRLPOOL a83c8dde50cf82559408be58482f73aa1c3460a63424578decfc36033b5c368f8ad219b1412a7eb0a478e91b8654e7a7392dc886a496f9efea6f12dcd2f0e379 -DIST sbsigntool_0.6.orig.tar.gz 212375 SHA256 84fb0c8f6fb1e79aa418a4f70a3139b38d5630043b28291c875f383e9b4294b8 SHA512 ed314d1cb7278cf5f27d4c3cd17f2195678419a7f9e47770429b6f95df35f7df035331e60c45970183ddd9b150a9b752f876c777929598b0525872b3255af95c WHIRLPOOL 3b86b9861f5e26586e8a9eb9bbf48adf1a12714b294f0acd605d53e37c27192006c6ecc81d31bf4f200f8e88508f38a52ef93e9e01e301c4245a11894227cecc -EBUILD sbsigntool-0.6-r1.ebuild 1151 SHA256 639b4edebf714b1c12eafce03c53961fda89e3488b3bcd0d483c100fb0459b70 SHA512 4ceb4e52b9bedbd1c8e548b3b27a7360f1ca8a0e4dda647897d0a7b19f475ccce696ca92db1bd34a9202af5b5b8091447bfcc1d8213849fdabaa1f13ed0c7bfd WHIRLPOOL 1cc2fd6a4eadc7c6de4d39115e7f5195302a78be3ab672e2b1895a93f91167a081f43aa74d0774328b334f21f119b556241eff449a823fa36a71f813fd408f8b -EBUILD sbsigntool-0.6.ebuild 1030 SHA256 8bc44c1f02f282908aa16e638f3d950a270b3997906055bb4d5b24b1f249bace SHA512 40f1746f5e87f8f5fda0fccd3907ee62aab3f6c0268c9cc474b2182f367cf0d28d05bfec7569a73c72c71dc7071e942a3841cac2f4dde671664cef72053ab2ff WHIRLPOOL e25a70fbadd8cded0c5daa1a28a0518bd3c13d4f182498a7c784fed88bc0972dd54a03fe4fe243eef4fdd9a1f21d3f66a9f93597a097a224f1d00ecde938cc1c -MISC ChangeLog 1296 SHA256 e43b8ad6d0b157b04ce9d2aedbc27ace4e2d7b1d74203e431700227e6301ea74 SHA512 8e365b7d6858a39baf2bfe5f4c5f8ed48587c004801e52c1406adaef0382de780008773538954f96033c8e4e3c77cccab970f6b3c3846f0fdc7f514dfa51529a WHIRLPOOL 7bdc2c38f447adef46eb0967fb264b067b8be8c1c2423807c0549cb5d796877998aff404afebb470dfa2dcfd2bec8a30f1d25f53fda9dd22c0f4d68e273f41e8 -MISC metadata.xml 240 SHA256 060d4d570194ff567e10d66246f85d4b9fee1efb17d111aeb9f03345f6e20efd SHA512 41a5c4b9e67d814937a0524714617a059c1351a00ac12d9344373f43b41d074e24fab5598e44c8a22f1848bfa12b8fc76cd5674ca62cd1f917b3235c77721971 WHIRLPOOL da0b560d9528cfe4fcff409de2d9749cf9ae8b7a04468b42463e8097b89e152a67a0da0ea7e6db1186f852687979c2e843e487a5eb76e663717148a796aa093d ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2.0.22 (GNU/Linux) - -iQIcBAEBCAAGBQJS1UHrAAoJELp701BxlEWfYJMP/25zmGEaSRVtpesZ2OhvUSfp -G+GlDZxKHCK6yq+/eOpRkm8zKnr3RomNiCN91RNYXmkmueO+FGt+Rs8r5GirVd03 -iraLslXIzlT79oft6OKdOPVKmWxtVBpdIyUJRR159J86hV5VLWHSeOLqOCN30Uhl -JBk85iim/3/cGoJhNGrPQG/2Uv+r+90sS/kzjrpWvM7WCeY3GvOF6b4asRQf1hqI -kbTpZtIN5t5eJb1wPXDq1MRL7upQutMCajZL5FYoYJvy5J693ZWLK2nV2ueipBAS -a0iPd8ZWxYuc8jQlYu/DyscD+wZeoQ56bhmRzwS/3ukipBrGgUuffAcehFumGOhG -MtZ4iCUpoBityyA/JqXmZGyLqF5JnvfGB1C7BmnW9HeMZkQ6PFFnZnft/q2c9S0x -cS9uzgUBOLBwfbvaqRPv5iiR7w4aXjDoMZvceSgUfFwxLG5puwb+cOTyK6EybNRB -hj+OcnqdYN9mVbNxkI4ynFcODXhtaD/di2zgG42G713iJzlXZa5DvfbaB/pRF+yy -hJ65o3njE+1mdlsq5zLAAfRBOM/PvtUz2X8gqKgyph5rqebeXxDbbn9dOb7WKFTW -7udikXc767F6QIEuM/1kd63q2pw1JbnbPN9mqEY8KqUcpsmPKdBeM4wzfaUuJ22D -O7CfSgXtIT0edtHNtU6L -=sTMV ------END PGP SIGNATURE----- diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntool/files/0001-Support-openssl-1.0.2b-and-above.patch b/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntool/files/0001-Support-openssl-1.0.2b-and-above.patch deleted file mode 100644 index ec75501948..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntool/files/0001-Support-openssl-1.0.2b-and-above.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 3186e24f5a46172cd771d61cdeec5e590f73743e Mon Sep 17 00:00:00 2001 -From: Steve Langasek -Date: Wed, 15 Jul 2015 08:48:25 -0700 -Subject: [PATCH] Support openssl 1.0.2b and above - -Newer versions of openssl return a different error with alternate -certificate chains; update for compatibility. - -Signed-off-by: Marc Deslauriers -Bug-Ubuntu: https://bugs.launchpad.net/bugs/1474541 ---- - src/sbverify.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/sbverify.c b/src/sbverify.c -index fb03d21..35890b9 100644 ---- a/src/sbverify.c -+++ b/src/sbverify.c -@@ -201,6 +201,7 @@ static int x509_verify_cb(int status, X509_STORE_CTX *ctx) - - /* all certs given with the --cert argument are trusted */ - else if (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY || -+ err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT || - err == X509_V_ERR_CERT_UNTRUSTED) { - - if (cert_in_store(ctx->current_cert, ctx)) --- -2.1.4 - diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntool/files/Align-signature-data-to-8-bytes.patch b/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntool/files/Align-signature-data-to-8-bytes.patch deleted file mode 100644 index accd832ce7..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntool/files/Align-signature-data-to-8-bytes.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 8b6b7a9904881757254b92a928b95dfb8634605b Mon Sep 17 00:00:00 2001 -From: Steve Langasek -Date: Fri, 12 Oct 2012 16:27:13 -0700 -Subject: [PATCH] Align signature data to 8 bytes - -Before appending the signature data to our binary, pad the file out to -8-byte alignment. This matches the Microsoft signing implementation, which -enables us to use sbattach to verify the integrity of the binaries returned -by the SysDev signing service. ---- - src/image.c | 2 ++ - 1 file changed, 2 insertions(+) - -Index: sbsigntool-0.6/src/image.c -=================================================================== ---- sbsigntool-0.6.orig/src/image.c -+++ sbsigntool-0.6/src/image.c -@@ -425,6 +425,8 @@ - * we've calculated during the pecoff parsing, so we need to redo that - * too. - */ -+ image->data_size = align_up(image->data_size, 8); -+ - if (image->data_size > image->size) { - image->buf = talloc_realloc(image, image->buf, uint8_t, - image->data_size); diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntool/files/add_corrected_efivars_magic.patch b/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntool/files/add_corrected_efivars_magic.patch deleted file mode 100644 index 8973227328..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntool/files/add_corrected_efivars_magic.patch +++ /dev/null @@ -1,23 +0,0 @@ -Index: sbsigntool/src/sbkeysync.c -=================================================================== ---- sbsigntool.orig/src/sbkeysync.c 2013-12-03 15:45:49.007312000 +0100 -+++ sbsigntool/src/sbkeysync.c 2013-12-03 15:47:47.396135699 +0100 -@@ -56,7 +56,8 @@ - #include "efivars.h" - - #define EFIVARS_MOUNTPOINT "/sys/firmware/efi/efivars" --#define EFIVARS_FSTYPE 0x6165676C -+#define PSTORE_FSTYPE 0x6165676C -+#define EFIVARS_FSTYPE 0xde5e81e4 - - #define EFI_IMAGE_SECURITY_DATABASE_GUID \ - { 0xd719b2cb, 0x3d3a, 0x4596, \ -@@ -533,7 +534,7 @@ - if (rc) - return -1; - -- if (statbuf.f_type != EFIVARS_FSTYPE) -+ if (statbuf.f_type != EFIVARS_FSTYPE && statbuf.f_type != PSTORE_FSTYPE) - return -1; - - return 0; diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntool/files/arm-arm64-support.patch b/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntool/files/arm-arm64-support.patch deleted file mode 100644 index 6a137c4f27..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntool/files/arm-arm64-support.patch +++ /dev/null @@ -1,50 +0,0 @@ -commit a3413e76f95472639d1b25f0564105d8bb4e2837 -Author: Ard Biesheuvel -Date: Tue Nov 19 09:25:32 2013 +0100 - - sbsigntool: add support for ARM and Aarch64 PE/COFF images - - Note that for the ARM case, we are using IMAGE_FILE_MACHINE_THUMB (0x1c2) - rather than IMAGE_FILE_MACHINE_ARM (0x1c0), as the latter refers to - an older calling convention that is incompatible with Tianocore UEFI. - - Signed-off-by: Ard Biesheuvel - -diff --git a/src/coff/pe.h b/src/coff/pe.h -index 3a43174..0d1036e 100644 ---- a/src/coff/pe.h -+++ b/src/coff/pe.h -@@ -151,6 +151,7 @@ - #define IMAGE_FILE_MACHINE_THUMB 0x01c2 - #define IMAGE_FILE_MACHINE_TRICORE 0x0520 - #define IMAGE_FILE_MACHINE_WCEMIPSV2 0x0169 -+#define IMAGE_FILE_MACHINE_AARCH64 0xaa64 - - #define IMAGE_SUBSYSTEM_UNKNOWN 0 - #define IMAGE_SUBSYSTEM_NATIVE 1 -diff --git a/src/image.c b/src/image.c -index c30d6e3..d6e3c48 100644 ---- a/src/image.c -+++ b/src/image.c -@@ -232,13 +232,16 @@ static int image_pecoff_parse(struct image *image) - image->opthdr.addr = image->pehdr + 1; - magic = pehdr_u16(image->pehdr->f_magic); - -- if (magic == IMAGE_FILE_MACHINE_AMD64) { -+ switch (magic) { -+ case IMAGE_FILE_MACHINE_AMD64: -+ case IMAGE_FILE_MACHINE_AARCH64: - rc = image_pecoff_parse_64(image); -- -- } else if (magic == IMAGE_FILE_MACHINE_I386) { -+ break; -+ case IMAGE_FILE_MACHINE_I386: -+ case IMAGE_FILE_MACHINE_THUMB: - rc = image_pecoff_parse_32(image); -- -- } else { -+ break; -+ default: - fprintf(stderr, "Invalid PE header magic\n"); - return -1; - } diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntool/files/del-duplicate-define.patch b/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntool/files/del-duplicate-define.patch deleted file mode 100644 index 23c8c0e312..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntool/files/del-duplicate-define.patch +++ /dev/null @@ -1,20 +0,0 @@ -commit f09bf94b29cf050e7c489d8bd771b4392b3111ea -Author: Ard Biesheuvel -Date: Tue Nov 19 09:23:31 2013 +0100 - - sbsigntool: remove doubly defined IMAGE_FILE_MACHINE_AMD64 - - Signed-off-by: Ard Biesheuvel - -diff --git a/src/coff/pe.h b/src/coff/pe.h -index 601a68e..3a43174 100644 ---- a/src/coff/pe.h -+++ b/src/coff/pe.h -@@ -151,7 +151,6 @@ - #define IMAGE_FILE_MACHINE_THUMB 0x01c2 - #define IMAGE_FILE_MACHINE_TRICORE 0x0520 - #define IMAGE_FILE_MACHINE_WCEMIPSV2 0x0169 --#define IMAGE_FILE_MACHINE_AMD64 0x8664 - - #define IMAGE_SUBSYSTEM_UNKNOWN 0 - #define IMAGE_SUBSYSTEM_NATIVE 1 diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntool/files/efi_arch_ia32.patch b/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntool/files/efi_arch_ia32.patch deleted file mode 100644 index e07f50d247..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntool/files/efi_arch_ia32.patch +++ /dev/null @@ -1,50 +0,0 @@ -From ffbf59032c9dff0afc19490f012066d4bbd5a0c3 Mon Sep 17 00:00:00 2001 -From: Steve Langasek -Date: Fri, 12 Oct 2012 16:48:53 -0700 -Subject: [PATCH] Use AC_CANONICAL_HOST, not uname -m, to determine target - -The EFI architecture should be set from the standard autoconf macros, not -from uname -m. Uname -m is wrong not just when cross-building, but also when -running 32-bit userspace on a 64-bit kernel. - -Ref: https://bugs.launchpad.net/bugs/1066038 ---- - configure.ac | 15 ++++++++++++++- - 1 file changed, 14 insertions(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index 0d8f0bb..a693d96 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -7,6 +7,8 @@ AC_PREREQ(2.60) - AC_CONFIG_HEADERS(config.h) - AC_CONFIG_SRCDIR(src/sbsign.c) - -+AC_CANONICAL_HOST -+ - AM_PROG_AS - AC_PROG_CC - AM_PROG_CC_C_O -@@ -64,7 +66,18 @@ PKG_CHECK_MODULES(uuid, uuid, - AC_MSG_ERROR([libuuid (from the uuid package) is required])) - - dnl gnu-efi headers require extra include dirs --EFI_ARCH=$(uname -m) -+case $host_cpu in -+ x86_64) -+ EFI_ARCH=$host_cpu -+ ;; -+ i*86) -+ EFI_ARCH=ia32 -+ ;; -+ *) -+ AC_MSG_ERROR([unsupported EFI architecture $host_cpu]) -+ ;; -+esac -+ - EFI_CPPFLAGS="-I/usr/include/efi -I/usr/include/efi/$EFI_ARCH \ - -DEFI_FUNCTION_WRAPPER" - CPPFLAGS_save="$CPPFLAGS" --- -1.7.10.4 - diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntool/files/fix-signature-padding.patch b/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntool/files/fix-signature-padding.patch deleted file mode 100644 index 5028cd4c86..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntool/files/fix-signature-padding.patch +++ /dev/null @@ -1,24 +0,0 @@ -Description: fix calculation of the size of our signature data - The 'size' field of the certificate table header includes the size of the - header itself. When parsing a signed file, we should therefore subtract the - size of this header from the field representing the size of the pkcs7 data - packet; otherwise when we detach (and subsequently reattach) a signature, - we wind up with 8 extra bytes of zeroes at the end each time. Fixing this - ensures that detaching and signature and then reattaching it to the file - gives us back the original file. -Author: Steve Langasek -Last-Update: 2013-09-07 - -Index: sbsigntool-0.6/src/image.c -=================================================================== ---- sbsigntool-0.6.orig/src/image.c -+++ sbsigntool-0.6/src/image.c -@@ -285,7 +285,7 @@ - if (cert_table && cert_table->revision == CERT_TABLE_REVISION && - cert_table->type == CERT_TABLE_TYPE_PKCS && - cert_table->size < size) { -- image->sigsize = cert_table->size; -+ image->sigsize = cert_table->size - sizeof(*cert_table); - image->sigbuf = talloc_memdup(image, cert_table + 1, - image->sigsize); - } diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntool/files/ignore-certificate-expiries.patch b/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntool/files/ignore-certificate-expiries.patch deleted file mode 100644 index b27e0cbeb4..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntool/files/ignore-certificate-expiries.patch +++ /dev/null @@ -1,25 +0,0 @@ -Description: ignore certificate expiries when verifying signatures - The UEFI implementation explicitly ignores all errors due to expired (or - not yet valid) signatures. Ensure that sbverify behaves compatibly. -Author: Steve Langasek -Bug-Ubuntu: https://bugs.launchpad.net/bugs/1234649. -Last-Update: 2013-10-03 - -Index: sbsigntool-0.6/src/sbverify.c -=================================================================== ---- sbsigntool-0.6.orig/src/sbverify.c -+++ sbsigntool-0.6/src/sbverify.c -@@ -206,6 +206,13 @@ - if (cert_in_store(ctx->current_cert, ctx)) - status = 1; - } -+ /* UEFI doesn't care about expired signatures, so we shouldn't either. */ -+ else if (err == X509_V_ERR_CERT_HAS_EXPIRED || -+ err == X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD || -+ err == X509_V_ERR_CERT_NOT_YET_VALID || -+ err == X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD) { -+ status = 1; -+ } - - return status; - } diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntool/files/update_checksums.patch b/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntool/files/update_checksums.patch deleted file mode 100644 index 3ffdd503b9..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntool/files/update_checksums.patch +++ /dev/null @@ -1,327 +0,0 @@ -From: Steve Langasek - -Update the PE checksum field using the somewhat-underdocumented -algorithm, so that we match the Microsoft implementation in our -signature generation. - -Signed-off-by: Jeremy Kerr - ---- - autogen.sh | 2 - - src/image.c | 59 ++++++++++++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 60 insertions(+), 1 deletion(-) - -Index: sbsigntool-0.6/src/image.c -=================================================================== ---- sbsigntool-0.6.orig/src/image.c -+++ sbsigntool-0.6/src/image.c -@@ -38,6 +38,7 @@ - #include - #include - -+#include - #include - #include - #include -@@ -129,6 +130,62 @@ - return 0; - } - -+static uint16_t csum_update_fold(uint16_t csum, uint16_t x) -+{ -+ uint32_t new = csum + x; -+ new = (new >> 16) + (new & 0xffff); -+ return new; -+} -+ -+static uint16_t csum_bytes(uint16_t checksum, void *buf, size_t len) -+{ -+ unsigned int i; -+ uint16_t *p; -+ -+ for (i = 0; i < len; i += sizeof(*p)) { -+ p = buf + i; -+ checksum = csum_update_fold(checksum, *p); -+ } -+ -+ return checksum; -+} -+ -+static void image_pecoff_update_checksum(struct image *image, -+ struct cert_table_header *cert_table) -+{ -+ bool is_signed = image->sigsize && image->sigbuf; -+ uint32_t checksum; -+ -+ /* We carefully only include the signature data in the checksum (and -+ * in the file length) if we're outputting the signature. Otherwise, -+ * in case of signature removal, the signature data is in the buffer -+ * we read in (as indicated by image->size), but we do *not* want to -+ * checksum it. -+ * -+ * We also skip the 32-bits of checksum data in the PE/COFF header. -+ */ -+ checksum = csum_bytes(0, image->buf, -+ (void *)image->checksum - (void *)image->buf); -+ checksum = csum_bytes(checksum, -+ image->checksum + 1, -+ (void *)(image->buf + image->data_size) - -+ (void *)(image->checksum + 1)); -+ -+ if (is_signed) { -+ checksum = csum_bytes(checksum, -+ cert_table, sizeof(*cert_table)); -+ -+ checksum = csum_bytes(checksum, image->sigbuf, image->sigsize); -+ } -+ -+ checksum += image->data_size; -+ -+ if (is_signed) -+ checksum += sizeof(*cert_table) + image->sigsize; -+ -+ *(image->checksum) = cpu_to_le32(checksum); -+} -+ - static int image_pecoff_parse(struct image *image) - { - struct cert_table_header *cert_table; -@@ -524,6 +581,8 @@ - image->data_dir_sigtable->size = 0; - } - -+ image_pecoff_update_checksum(image, &cert_table_header); -+ - fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0644); - if (fd < 0) { - perror("open"); ---- /dev/null -+++ sbsigntool-0.6/lib/ccan/ccan/endian/endian.h -@@ -0,0 +1,227 @@ -+/* Licensed under LGPLv2.1+ - see LICENSE file for details */ -+#ifndef CCAN_ENDIAN_H -+#define CCAN_ENDIAN_H -+#include -+#include "config.h" -+ -+#if HAVE_BYTESWAP_H -+#include -+#else -+/** -+ * bswap_16 - reverse bytes in a uint16_t value. -+ * @val: value whose bytes to swap. -+ * -+ * Example: -+ * // Output contains "1024 is 4 as two bytes reversed" -+ * printf("1024 is %u as two bytes reversed\n", bswap_16(1024)); -+ */ -+static inline uint16_t bswap_16(uint16_t val) -+{ -+ return ((val & (uint16_t)0x00ffU) << 8) -+ | ((val & (uint16_t)0xff00U) >> 8); -+} -+ -+/** -+ * bswap_32 - reverse bytes in a uint32_t value. -+ * @val: value whose bytes to swap. -+ * -+ * Example: -+ * // Output contains "1024 is 262144 as four bytes reversed" -+ * printf("1024 is %u as four bytes reversed\n", bswap_32(1024)); -+ */ -+static inline uint32_t bswap_32(uint32_t val) -+{ -+ return ((val & (uint32_t)0x000000ffUL) << 24) -+ | ((val & (uint32_t)0x0000ff00UL) << 8) -+ | ((val & (uint32_t)0x00ff0000UL) >> 8) -+ | ((val & (uint32_t)0xff000000UL) >> 24); -+} -+#endif /* !HAVE_BYTESWAP_H */ -+ -+#if !HAVE_BSWAP_64 -+/** -+ * bswap_64 - reverse bytes in a uint64_t value. -+ * @val: value whose bytes to swap. -+ * -+ * Example: -+ * // Output contains "1024 is 1125899906842624 as eight bytes reversed" -+ * printf("1024 is %llu as eight bytes reversed\n", -+ * (unsigned long long)bswap_64(1024)); -+ */ -+static inline uint64_t bswap_64(uint64_t val) -+{ -+ return ((val & (uint64_t)0x00000000000000ffULL) << 56) -+ | ((val & (uint64_t)0x000000000000ff00ULL) << 40) -+ | ((val & (uint64_t)0x0000000000ff0000ULL) << 24) -+ | ((val & (uint64_t)0x00000000ff000000ULL) << 8) -+ | ((val & (uint64_t)0x000000ff00000000ULL) >> 8) -+ | ((val & (uint64_t)0x0000ff0000000000ULL) >> 24) -+ | ((val & (uint64_t)0x00ff000000000000ULL) >> 40) -+ | ((val & (uint64_t)0xff00000000000000ULL) >> 56); -+} -+#endif -+ -+/* Sanity check the defines. We don't handle weird endianness. */ -+#if !HAVE_LITTLE_ENDIAN && !HAVE_BIG_ENDIAN -+#error "Unknown endian" -+#elif HAVE_LITTLE_ENDIAN && HAVE_BIG_ENDIAN -+#error "Can't compile for both big and little endian." -+#endif -+ -+/** -+ * cpu_to_le64 - convert a uint64_t value to little-endian -+ * @native: value to convert -+ */ -+static inline uint64_t cpu_to_le64(uint64_t native) -+{ -+#if HAVE_LITTLE_ENDIAN -+ return native; -+#else -+ return bswap_64(native); -+#endif -+} -+ -+/** -+ * cpu_to_le32 - convert a uint32_t value to little-endian -+ * @native: value to convert -+ */ -+static inline uint32_t cpu_to_le32(uint32_t native) -+{ -+#if HAVE_LITTLE_ENDIAN -+ return native; -+#else -+ return bswap_32(native); -+#endif -+} -+ -+/** -+ * cpu_to_le16 - convert a uint16_t value to little-endian -+ * @native: value to convert -+ */ -+static inline uint16_t cpu_to_le16(uint16_t native) -+{ -+#if HAVE_LITTLE_ENDIAN -+ return native; -+#else -+ return bswap_16(native); -+#endif -+} -+ -+/** -+ * le64_to_cpu - convert a little-endian uint64_t value -+ * @le_val: little-endian value to convert -+ */ -+static inline uint64_t le64_to_cpu(uint64_t le_val) -+{ -+#if HAVE_LITTLE_ENDIAN -+ return le_val; -+#else -+ return bswap_64(le_val); -+#endif -+} -+ -+/** -+ * le32_to_cpu - convert a little-endian uint32_t value -+ * @le_val: little-endian value to convert -+ */ -+static inline uint32_t le32_to_cpu(uint32_t le_val) -+{ -+#if HAVE_LITTLE_ENDIAN -+ return le_val; -+#else -+ return bswap_32(le_val); -+#endif -+} -+ -+/** -+ * le16_to_cpu - convert a little-endian uint16_t value -+ * @le_val: little-endian value to convert -+ */ -+static inline uint16_t le16_to_cpu(uint16_t le_val) -+{ -+#if HAVE_LITTLE_ENDIAN -+ return le_val; -+#else -+ return bswap_16(le_val); -+#endif -+} -+ -+/** -+ * cpu_to_be64 - convert a uint64_t value to big endian. -+ * @native: value to convert -+ */ -+static inline uint64_t cpu_to_be64(uint64_t native) -+{ -+#if HAVE_LITTLE_ENDIAN -+ return bswap_64(native); -+#else -+ return native; -+#endif -+} -+ -+/** -+ * cpu_to_be32 - convert a uint32_t value to big endian. -+ * @native: value to convert -+ */ -+static inline uint32_t cpu_to_be32(uint32_t native) -+{ -+#if HAVE_LITTLE_ENDIAN -+ return bswap_32(native); -+#else -+ return native; -+#endif -+} -+ -+/** -+ * cpu_to_be16 - convert a uint16_t value to big endian. -+ * @native: value to convert -+ */ -+static inline uint16_t cpu_to_be16(uint16_t native) -+{ -+#if HAVE_LITTLE_ENDIAN -+ return bswap_16(native); -+#else -+ return native; -+#endif -+} -+ -+/** -+ * be64_to_cpu - convert a big-endian uint64_t value -+ * @be_val: big-endian value to convert -+ */ -+static inline uint64_t be64_to_cpu(uint64_t be_val) -+{ -+#if HAVE_LITTLE_ENDIAN -+ return bswap_64(be_val); -+#else -+ return be_val; -+#endif -+} -+ -+/** -+ * be32_to_cpu - convert a big-endian uint32_t value -+ * @be_val: big-endian value to convert -+ */ -+static inline uint32_t be32_to_cpu(uint32_t be_val) -+{ -+#if HAVE_LITTLE_ENDIAN -+ return bswap_32(be_val); -+#else -+ return be_val; -+#endif -+} -+ -+/** -+ * be16_to_cpu - convert a big-endian uint16_t value -+ * @be_val: big-endian value to convert -+ */ -+static inline uint16_t be16_to_cpu(uint16_t be_val) -+{ -+#if HAVE_LITTLE_ENDIAN -+ return bswap_16(be_val); -+#else -+ return be_val; -+#endif -+} -+ -+#endif /* CCAN_ENDIAN_H */ diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntool/files/zero-sized-sections.patch b/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntool/files/zero-sized-sections.patch deleted file mode 100644 index c9e265b889..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntool/files/zero-sized-sections.patch +++ /dev/null @@ -1,81 +0,0 @@ -commit 8f596c238f36723c803e45dfb1f6f817e67bc51d -Author: Ard Biesheuvel -Date: Tue Nov 19 09:24:10 2013 +0100 - - sbsigntool: fix handling of zero sized sections - - The loop that iterates over the PE/COFF sections correctly skips zero - sized sections, but still increments the loop index 'i'. This results in - subsequent iterations poking into unallocated memory. - - Signed-off-by: Ard Biesheuvel - -diff --git a/src/image.c b/src/image.c -index a34f117..c30d6e3 100644 ---- a/src/image.c -+++ b/src/image.c -@@ -366,6 +366,7 @@ static int image_find_regions(struct image *image) - /* add COFF sections */ - for (i = 0; i < image->sections; i++) { - uint32_t file_offset, file_size; -+ int n; - - file_offset = pehdr_u32(image->scnhdr[i].s_scnptr); - file_size = pehdr_u32(image->scnhdr[i].s_size); -@@ -373,39 +374,39 @@ static int image_find_regions(struct image *image) - if (!file_size) - continue; - -- image->n_checksum_regions++; -+ n = image->n_checksum_regions++; - image->checksum_regions = talloc_realloc(image, - image->checksum_regions, - struct region, - image->n_checksum_regions); - regions = image->checksum_regions; - -- regions[i + 3].data = buf + file_offset; -- regions[i + 3].size = align_up(file_size, -+ regions[n].data = buf + file_offset; -+ regions[n].size = align_up(file_size, - image->file_alignment); -- regions[i + 3].name = talloc_strndup(image->checksum_regions, -+ regions[n].name = talloc_strndup(image->checksum_regions, - image->scnhdr[i].s_name, 8); -- bytes += regions[i + 3].size; -+ bytes += regions[n].size; - -- if (file_offset + regions[i+3].size > image->size) { -+ if (file_offset + regions[n].size > image->size) { - fprintf(stderr, "warning: file-aligned section %s " - "extends beyond end of file\n", -- regions[i+3].name); -+ regions[n].name); - } - -- if (regions[i+2].data + regions[i+2].size -- != regions[i+3].data) { -+ if (regions[n-1].data + regions[n-1].size -+ != regions[n].data) { - fprintf(stderr, "warning: gap in section table:\n"); - fprintf(stderr, " %-8s: 0x%08tx - 0x%08tx,\n", -- regions[i+2].name, -- regions[i+2].data - buf, -- regions[i+2].data + -- regions[i+2].size - buf); -+ regions[n-1].name, -+ regions[n-1].data - buf, -+ regions[n-1].data + -+ regions[n-1].size - buf); - fprintf(stderr, " %-8s: 0x%08tx - 0x%08tx,\n", -- regions[i+3].name, -- regions[i+3].data - buf, -- regions[i+3].data + -- regions[i+3].size - buf); -+ regions[n].name, -+ regions[n].data - buf, -+ regions[n].data + -+ regions[n].size - buf); - - - gap_warn = 1; diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntool/metadata.xml b/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntool/metadata.xml deleted file mode 100644 index 0947421cbd..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntool/metadata.xml +++ /dev/null @@ -1,8 +0,0 @@ - - - - - vapier@gentoo.org - do whatever - - diff --git a/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntool/sbsigntool-0.6-r3.ebuild b/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntool/sbsigntool-0.6-r3.ebuild deleted file mode 100644 index 2d567f927d..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-crypt/sbsigntool/sbsigntool-0.6-r3.ebuild +++ /dev/null @@ -1,46 +0,0 @@ -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-crypt/sbsigntool/sbsigntool-0.6-r1.ebuild,v 1.3 2014/01/14 13:55:54 ago Exp $ - -EAPI="4" - -inherit eutils toolchain-funcs - -DESCRIPTION="Utilities for signing and verifying files for UEFI Secure Boot" -HOMEPAGE="https://launchpad.net/ubuntu/+source/sbsigntool" -SRC_URI="https://launchpad.net/ubuntu/+archive/primary/+files/${PN}_${PV}.orig.tar.gz" - -LICENSE="GPL-3" -SLOT="0" -KEYWORDS="amd64 x86" -IUSE="" - -RDEPEND="dev-libs/openssl - sys-apps/util-linux" -DEPEND="${RDEPEND} - sys-apps/help2man - sys-boot/gnu-efi - sys-libs/binutils-libs - virtual/pkgconfig" - -src_prepare() { - local iarch - case ${ARCH} in - ia64) iarch=ia64 ;; - x86) iarch=ia32 ;; - amd64) iarch=x86_64 ;; - *) die "unsupported architecture: ${ARCH}" ;; - esac - sed -i "/^EFI_ARCH=/s:=.*:=${iarch}:" configure || die - sed -i 's/-m64$/& -march=x86-64/' tests/Makefile.in || die - sed -i "/^AR /s:=.*:= $(tc-getAR):" lib/ccan/Makefile.in || die #481480 - epatch "${FILESDIR}"/Align-signature-data-to-8-bytes.patch - epatch "${FILESDIR}"/update_checksums.patch - epatch "${FILESDIR}"/fix-signature-padding.patch - epatch "${FILESDIR}"/ignore-certificate-expiries.patch - epatch "${FILESDIR}"/add_corrected_efivars_magic.patch - epatch "${FILESDIR}"/del-duplicate-define.patch - epatch "${FILESDIR}"/zero-sized-sections.patch - epatch "${FILESDIR}"/arm-arm64-support.patch - epatch "${FILESDIR}"/0001-Support-openssl-1.0.2b-and-above.patch -} diff --git a/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/app-crypt/sbsigntool-0.6-r3 b/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/app-crypt/sbsigntool-0.6-r3 deleted file mode 100644 index c9782b52b0..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/app-crypt/sbsigntool-0.6-r3 +++ /dev/null @@ -1,12 +0,0 @@ -DEFINED_PHASES=prepare -DEPEND=dev-libs/openssl sys-apps/util-linux sys-apps/help2man sys-boot/gnu-efi sys-libs/binutils-libs virtual/pkgconfig -DESCRIPTION=Utilities for signing and verifying files for UEFI Secure Boot -EAPI=4 -HOMEPAGE=https://launchpad.net/ubuntu/+source/sbsigntool -KEYWORDS=amd64 x86 -LICENSE=GPL-3 -RDEPEND=dev-libs/openssl sys-apps/util-linux -SLOT=0 -SRC_URI=https://launchpad.net/ubuntu/+archive/primary/+files/sbsigntool_0.6.orig.tar.gz -_eclasses_=desktop b1d22ac8bdd4679ab79c71aca235009d epatch a1bf4756dba418a7238f3be0cb010c54 estack 43ddf5aaffa7a8d0482df54d25a66a1f eutils 6e6c2737b59a4b982de6fb3ecefd87f8 ltprune 08f9e1d9ee0af8f5d9a7854efbcd8c0e multilib b2f01ad412baf81650c23fcf0975fa33 preserve-libs ef207dc62baddfddfd39a164d9797648 toolchain-funcs f164325a2cdb5b3ea39311d483988861 vcs-clean 2a0f74a496fa2b1552c4f3398258b7bf -_md5_=29dbea59b5513ac7d26a7a79244fe42f