From e1263ae2d9f10c303a8f9f7e9efacf64d5eb4886 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Feb 16 2021 07:42:34 +0000 Subject: import dbxtool-8-5.el8_3.2 --- diff --git a/SOURCES/0003-fix-relop-in-esl_iter_next.patch b/SOURCES/0003-fix-relop-in-esl_iter_next.patch new file mode 100644 index 0000000..90c47b3 --- /dev/null +++ b/SOURCES/0003-fix-relop-in-esl_iter_next.patch @@ -0,0 +1,70 @@ +From 50b302ea7b6bd41c38d50b2af9d89af5f715068a Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Wed, 16 May 2018 14:06:48 +0200 +Subject: [PATCH] fix relop in esl_iter_next() + +esl_iter_next() seeks to the next EFI_SIGNATURE_LIST object in the +signature database that's being processed. + +- The position of the current (just processed) EFI_SIGNATURE_LIST object + in the signature database is "iter->offset". + +- The size of the same is in "iter->esl->SignatureListSize". + +- The size of the whole signature dabatase (containing the current + EFI_SIGNATURE_LIST) is in "iter->len". + +Thus, we need to advance "iter->offset" by "iter->esl->SignatureListSize", +to reach the next EFI_SIGNATURE_LIST object. + +While advancing, we must not exceed the whole signature database. In other +words, the (exclusive) end of the just processed EFI_SIGNATURE_LIST object +is required to precede, or equal, the (exclusive) end of the signature +database. Hence the "good" condition is: + + iter->offset + iter->esl->SignatureListSize <= iter->len + +The "bad" condition is the negation of the above: + + iter->offset + iter->esl->SignatureListSize > iter->len + +Because we don't trust "iter->esl->SignatureListSize" (since that was +simply read from the binary blob, not computed by ourselves), we don't +want to add to it or subtract from it (integer overflow!), we just want to +use it naked for comparison. So we subtract "iter->offset" from both +sides: "iter->offset" and "iter->len" are known-good because we've checked +and computed them all along, so we can perform integer operations on them. +After the subtraction, we have the following condition for *bad*: + + iter->esl->SignatureListSize > iter->len - iter->offset + +Another way to put the same condition, for *bad*, is to swing the sides +around the relop (giving a spin to the relop as well): + + iter->len - iter->offset < iter->esl->SignatureListSize + +The controlling expression in esl_iter_next() is just this, except for the +typo in the relational operator. Fix it. + +Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1508808 +Signed-off-by: Laszlo Ersek +--- + src/iter.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/iter.c b/src/iter.c +index 45ee059e74c..f19166ab276 100644 +--- a/src/iter.c ++++ b/src/iter.c +@@ -222,7 +222,7 @@ esl_iter_next(esl_iter *iter, efi_guid_t *type, + vprintf("Getting next EFI_SIGNATURE_LIST\n"); + efi_guid_t type; + esl_get_type(iter, &type); +- if (iter->len - iter->offset > iter->esl->SignatureListSize) { ++ if (iter->len - iter->offset < iter->esl->SignatureListSize) { + warnx("EFI Signature List is malformed"); + errx(1, "list has %zd bytes left, element is %"PRIu32" bytes", + iter->len - iter->offset, +-- +2.29.2 + diff --git a/SPECS/dbxtool.spec b/SPECS/dbxtool.spec index 8991426..00edfc4 100644 --- a/SPECS/dbxtool.spec +++ b/SPECS/dbxtool.spec @@ -1,6 +1,6 @@ Name: dbxtool Version: 8 -Release: 5%{?dist} +Release: 5%{?dist}.2 Summary: Secure Boot DBX updater License: GPLv2 URL: https://github.com/vathpela/dbxtool @@ -14,6 +14,7 @@ Source0: https://github.com/vathpela/dbxtool/releases/download/dbxtool-%{ Patch0000: %{name}-8-ccldflags.patch Patch0001: 0001-don-t-use-f-in-dbxtool.service.patch Patch0002: 0002-Make-quiet-exit-on-missing-PK-KEK-not-return-error-s.patch +Patch0003: 0003-fix-relop-in-esl_iter_next.patch %description This package contains DBX updates for UEFI Secure Boot. @@ -55,6 +56,15 @@ rm -f %{buildroot}/%{_docdir}/%{name}/COPYING %{_unitdir}/dbxtool.service %changelog +* Wed Jan 20 2021 Jan Hlavac - 8-5.el8_3.2 +- Enable manual gating + Related: rhbz#1681753 + Related: rhbz#1912474 + +* Fri Jan 15 2021 Javier Martinez Canillas - 8-5.el8_3.1 +- Fix 'EFI Signature List is malformed' error (lersek) + Resolves: rhbz#1912474 + * Thu Apr 12 2018 Petr Ĺ abata - 8-5 - Fix build flags injection (rhbz#1548123)