Hello community,
here is the log from the commit of package mokutil for openSUSE:Factory checked
in at 2014-04-11 13:39:58
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/mokutil (Old)
and /work/SRC/openSUSE:Factory/.mokutil.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mokutil"
Changes:
--------
--- /work/SRC/openSUSE:Factory/mokutil/mokutil.changes 2014-03-25
13:23:54.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.mokutil.new/mokutil.changes 2014-04-11
13:39:59.000000000 +0200
@@ -1,0 +2,8 @@
+Thu Apr 10 04:44:22 UTC 2014 - g...@suse.com
+
+- Add mokutil-check-corrupted-key-list.patch to check whether the
+ key list is corrupted or not
+- Add mokutil-no-invalid-x509.patch to avoid importing an invalid
+ x509 certificate
+
+-------------------------------------------------------------------
New:
----
mokutil-check-corrupted-key-list.patch
mokutil-no-invalid-x509.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ mokutil.spec ++++++
--- /var/tmp/diff_new_pack.ROQ1Q0/_old 2014-04-11 13:40:00.000000000 +0200
+++ /var/tmp/diff_new_pack.ROQ1Q0/_new 2014-04-11 13:40:00.000000000 +0200
@@ -36,6 +36,10 @@
Patch5: mokutil-more-details-for-skipped-keys.patch
# PATCH-FIX-UPSTREAM mokutil-check-secure-boot-support.patch g...@suse.com --
Check whether the system supports secure boot or not
Patch6: mokutil-check-secure-boot-support.patch
+# PATCH-FIX-UPSTREAM mokutil-check-corrupted-key-list.patch g...@suse.com --
Add a check for corrupted list
+Patch7: mokutil-check-corrupted-key-list.patch
+# PATCH-FIX-UPSTREAM mokutil-no-invalid-x509.patch g...@suse.com -- Don't
import an invalid x509 certificate
+Patch8: mokutil-no-invalid-x509.patch
# PATCH-FIX-OPENSUSE mokutil-support-revoke-builtin-cert.patch g...@suse.com
-- Add an option to revoke the built-in certificate
Patch100: mokutil-support-revoke-builtin-cert.patch
BuildRequires: autoconf
@@ -63,6 +67,8 @@
%patch4 -p1
%patch5 -p1
%patch6 -p1
+%patch7 -p1
+%patch8 -p1
%patch100 -p1
%build
++++++ mokutil-check-corrupted-key-list.patch ++++++
>From e2e549583543bb0d607670b25af75821f55d5538 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <g...@suse.com>
Date: Thu, 10 Apr 2014 12:36:29 +0800
Subject: [PATCH] Check corrupted key list
Signed-off-by: Gary Ching-Pang Lin <g...@suse.com>
---
src/mokutil.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/mokutil.c b/src/mokutil.c
index eb563ca..6792823 100644
--- a/src/mokutil.c
+++ b/src/mokutil.c
@@ -237,6 +237,14 @@ build_mok_list (void *data, unsigned long data_size,
uint32_t *mok_num)
unsigned long count = 0;
while ((dbsize > 0) && (dbsize >= CertList->SignatureListSize)) {
+ if (CertList->SignatureListSize == 0 ||
+ CertList->SignatureListSize <= CertList->SignatureSize) {
+ fprintf (stderr, "Corrupted signature list\n");
+ if (list)
+ free (list);
+ return NULL;
+ }
+
if ((efi_guidcmp (CertList->SignatureType, EfiCertX509Guid) !=
0) &&
(efi_guidcmp (CertList->SignatureType, EfiHashSha1Guid) !=
0) &&
(efi_guidcmp (CertList->SignatureType, EfiHashSha224Guid)
!= 0) &&
--
1.8.4.5
++++++ mokutil-no-invalid-x509.patch ++++++
>From 0806111a850304a0490376d568ea5bf74fcdbd04 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <g...@suse.com>
Date: Thu, 10 Apr 2014 12:37:54 +0800
Subject: [PATCH] Don't import an invalid x509 cert
Signed-off-by: Gary Ching-Pang Lin <g...@suse.com>
---
src/mokutil.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/mokutil.c b/src/mokutil.c
index 6792823..cdb5739 100644
--- a/src/mokutil.c
+++ b/src/mokutil.c
@@ -1265,8 +1265,9 @@ issue_mok_request (char **files, uint32_t total,
MokRequest req,
goto error;
}
if (!is_valid_cert (ptr, read_size)) {
- fprintf (stderr, "Warning!!! %s is not a valid x509
certificate in DER format\n",
+ fprintf (stderr, "Abort!!! %s is not a valid x509
certificate in DER format\n",
files[i]);
+ goto error;
}
if (is_valid_request (EfiCertX509Guid, ptr, sizes[i], req)) {
--
1.8.4.5
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
