Date: Tuesday, May 10, 2022 @ 08:11:04 Author: tpowa Revision: 444926
upgpkg: sbsigntools 0.9.4-2: fix #71822 Added: sbsigntools/trunk/0.9.4-fix-pe-coff-checksum.patch Modified: sbsigntools/trunk/PKGBUILD ----------------------------------+ 0.9.4-fix-pe-coff-checksum.patch | 43 +++++++++++++++++++++++++++++++++++++ PKGBUILD | 12 +++++++--- 2 files changed, 52 insertions(+), 3 deletions(-) Added: 0.9.4-fix-pe-coff-checksum.patch =================================================================== --- 0.9.4-fix-pe-coff-checksum.patch (rev 0) +++ 0.9.4-fix-pe-coff-checksum.patch 2022-05-10 08:11:04 UTC (rev 444926) @@ -0,0 +1,43 @@ +From e9f13a7c4c19ed4ef12f226821bbcd2295d1af73 Mon Sep 17 00:00:00 2001 +From: Heinrich Schuchardt <[email protected]> +Date: Thu, 10 Mar 2022 20:41:04 +0100 +Subject: Fix PE/COFF checksum calculation + +Gbp-Pq: fix_checksum_calc.patch. +--- + src/image.c | 6 +----- + 1 file changed, 1 insertion(+), 5 deletions(-) + +diff --git a/src/image.c b/src/image.c +index 5697296..8ac79dd 100644 +--- a/src/image.c ++++ b/src/image.c +@@ -162,7 +162,6 @@ static void image_pecoff_update_checksum(struct image *image) + { + bool is_signed = image->sigsize && image->sigbuf; + uint32_t checksum; +- struct cert_table_header *cert_table = image->cert_table; + + /* We carefully only include the signature data in the checksum (and + * in the file length) if we're outputting the signature. Otherwise, +@@ -180,16 +179,13 @@ static void image_pecoff_update_checksum(struct image *image) + (void *)(image->checksum + 1)); + + if (is_signed) { +- checksum = csum_bytes(checksum, +- cert_table, sizeof(*cert_table)); +- + checksum = csum_bytes(checksum, image->sigbuf, image->sigsize); + } + + checksum += image->data_size; + + if (is_signed) +- checksum += sizeof(*cert_table) + image->sigsize; ++ checksum += image->sigsize; + + *(image->checksum) = cpu_to_le32(checksum); + } +-- +cgit v1.1 + Modified: PKGBUILD =================================================================== --- PKGBUILD 2022-05-10 07:59:07 UTC (rev 444925) +++ PKGBUILD 2022-05-10 08:11:04 UTC (rev 444926) @@ -5,7 +5,7 @@ pkgname=sbsigntools pkgver=0.9.4 -pkgrel=1 +pkgrel=2 pkgdesc="Tools to add signatures to EFI binaries and Drivers" arch=('x86_64') url="https://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git/about"; @@ -13,9 +13,12 @@ depends=('glibc' 'openssl') makedepends=('git' 'gnu-efi' 'help2man' 'util-linux-libs') source=("git+https://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git#tag=v${pkgver}?signed"; - "git+https://git.ozlabs.org/ccan";) + "git+https://git.ozlabs.org/ccan"; + "0.9.4-fix-pe-coff-checksum.patch" + ) sha256sums=('SKIP' - 'SKIP') + 'SKIP' + 'b6b56c5568bcc51ae3c0dea9af02bc840241d2405c300c5b7adcb61962dadf01') validpgpkeys=('D5606E73C8B46271BEAD9ADF814AE47C214854D6') # James Bottomley <[email protected]> prepare() { @@ -24,6 +27,9 @@ git config submodule."lib/ccan.git".url "${srcdir}/ccan" git submodule update ./autogen.sh + # fix #FS#71822 + # https://git.launchpad.net/ubuntu/+source/sbsigntool/patch/?id=e9f13a7c4c19ed4ef12f226821bbcd2295d1af73 + patch -Np1 -i "${srcdir}"/0.9.4-fix-pe-coff-checksum.patch } build() {
