From ac385cc549e34be3b7e6e34aa7d9e928aec68a24 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Aug 01 2017 03:29:56 +0000 Subject: import efivar-31-4.el7 --- diff --git a/.efivar.metadata b/.efivar.metadata index 3116e27..5e01996 100644 --- a/.efivar.metadata +++ b/.efivar.metadata @@ -1 +1 @@ -cf8563d5783fce87f331ae9eed531648e1aeb861 SOURCES/efivar-0.11.tar.bz2 +3f1e11c83b5edaafaa76cc5e2ac72921d2244876 SOURCES/efivar-31.tar.bz2 diff --git a/.gitignore b/.gitignore index 7eacbf4..005c3cf 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/efivar-0.11.tar.bz2 +SOURCES/efivar-31.tar.bz2 diff --git a/SOURCES/0001-Revert-Only-open-with-O_CREAT-if-we-re-not-using-EFI.patch b/SOURCES/0001-Revert-Only-open-with-O_CREAT-if-we-re-not-using-EFI.patch deleted file mode 100644 index a6702f0..0000000 --- a/SOURCES/0001-Revert-Only-open-with-O_CREAT-if-we-re-not-using-EFI.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 5a43dce1ef31d3d4927a4c67400a7e33ff8afe75 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Fri, 22 Aug 2014 12:23:28 -0400 -Subject: [PATCH] Revert "Only open with O_CREAT if we're not using - EFI_VARIABLE_APPEND_WRITE." - -This reverts commit 7153d0dbb7d1d36b1712dfa91e2e62043880fdfa. ---- - src/efivarfs.c | 5 +---- - 1 file changed, 1 insertion(+), 4 deletions(-) - -diff --git a/src/efivarfs.c b/src/efivarfs.c -index b918c67..9b77d4e 100644 ---- a/src/efivarfs.c -+++ b/src/efivarfs.c -@@ -209,10 +209,7 @@ efivarfs_set_variable(efi_guid_t guid, const char *name, uint8_t *data, - goto err; - } - -- int flags = O_WRONLY; -- if (!(attributes & EFI_VARIABLE_APPEND_WRITE)) -- flags |= O_CREAT|O_EXCL; -- fd = open(path, flags, 0600); -+ fd = open(path, O_WRONLY|O_CREAT, 0600); - if (fd < 0) - goto err; - --- -1.9.3 - diff --git a/SOURCES/0001-libabigail-isn-t-in-RHEL-yet-so-nerf-the-abi-check.patch b/SOURCES/0001-libabigail-isn-t-in-RHEL-yet-so-nerf-the-abi-check.patch new file mode 100644 index 0000000..43ed277 --- /dev/null +++ b/SOURCES/0001-libabigail-isn-t-in-RHEL-yet-so-nerf-the-abi-check.patch @@ -0,0 +1,82 @@ +From 78bda9cefdb5e29cedd379c1b9ea9fd8274d7c5d Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 13 Mar 2017 13:05:58 -0400 +Subject: [PATCH 1/3] libabigail isn't in RHEL yet, so nerf the abi check. + +Signed-off-by: Peter Jones +--- + Make.rules | 9 --------- + Makefile | 6 +++--- + src/Makefile | 5 ----- + 3 files changed, 3 insertions(+), 17 deletions(-) + +diff --git a/Make.rules b/Make.rules +index 88b9aa7..a7d6a23 100644 +--- a/Make.rules ++++ b/Make.rules +@@ -22,15 +22,6 @@ include $(TOPDIR)/Make.version + -Wl,--version-script=$(MAP) \ + -o $@ $^ $(LDLIBS) + +-%.abixml : %.so +- $(ABIDW) --headers-dir $(TOPDIR)/src/include/efivar/ --out-file $@ $^ +- +-%.abicheck : %.so +- $(ABIDIFF) --suppr \ +- $(patsubst %.so,%.abignore,$<) \ +- $(patsubst %.so,%.abixml,$<) \ +- $< +- + %.o : %.c + $(CC) $(cflags) -fPIC $(CPPFLAGS) -c -o $@ $(filter %.c %.o %.S,$^) + +diff --git a/Makefile b/Makefile +index 4d6d308..504a747 100644 +--- a/Makefile ++++ b/Makefile +@@ -17,7 +17,7 @@ install : + $(MAKE) -C $$x $@ ; \ + done + +-abidw abicheck efivar efivar-static static: ++efivar efivar-static static: + $(MAKE) -C src $@ + + $(SUBDIRS) : +@@ -44,7 +44,7 @@ clean : + + GITTAG = $(VERSION) + +-test-archive: abicheck efivar.spec ++test-archive: efivar.spec + @rm -rf /tmp/efivar-$(VERSION) /tmp/efivar-$(VERSION)-tmp + @mkdir -p /tmp/efivar-$(VERSION)-tmp + @git archive --format=tar $(shell git branch | awk '/^*/ { print $$2 }') | ( cd /tmp/efivar-$(VERSION)-tmp/ ; tar x ) +@@ -58,7 +58,7 @@ test-archive: abicheck efivar.spec + tag: + git tag -s $(GITTAG) refs/heads/master + +-archive: abicheck abidw tag efivar.spec ++archive: tag efivar.spec + @rm -rf /tmp/efivar-$(VERSION) /tmp/efivar-$(VERSION)-tmp + @mkdir -p /tmp/efivar-$(VERSION)-tmp + @git archive --format=tar $(GITTAG) | ( cd /tmp/efivar-$(VERSION)-tmp/ ; tar x ) +diff --git a/src/Makefile b/src/Makefile +index 0c16597..a5d98ec 100644 +--- a/src/Makefile ++++ b/src/Makefile +@@ -32,11 +32,6 @@ all : $(TARGETS) + + static : $(STATICTARGETS) + +-abidw : $(patsubst %.so,%.abixml,$(LIBTARGETS)) +- git commit -m "Update .abixml files" -s $^ +- +-abicheck : $(patsubst %.so,%.abicheck,$(LIBTARGETS)) +- + ./guid-symbols.c : include/efivar/efivar-guids.h + ./guids.bin : include/efivar/efivar-guids.h + ./names.bin : include/efivar/efivar-guids.h +-- +2.9.3 + diff --git a/SOURCES/0002-Don-t-use-_Generic-because-gcc-4.x-doesn-t-have-it.patch b/SOURCES/0002-Don-t-use-_Generic-because-gcc-4.x-doesn-t-have-it.patch new file mode 100644 index 0000000..fd34b85 --- /dev/null +++ b/SOURCES/0002-Don-t-use-_Generic-because-gcc-4.x-doesn-t-have-it.patch @@ -0,0 +1,48 @@ +From 1b74597f9327ae2d763ae8863ac784a5a0d6bb93 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 13 Mar 2017 13:36:55 -0400 +Subject: [PATCH 2/3] Don't use _Generic because gcc 4.x doesn't have it... + +Signed-off-by: Peter Jones +--- + src/util.h | 17 ++++++++++++++++- + 1 file changed, 16 insertions(+), 1 deletion(-) + +diff --git a/src/util.h b/src/util.h +index 0af7dbe..7ad6ce4 100644 +--- a/src/util.h ++++ b/src/util.h +@@ -105,14 +105,29 @@ + }) + #endif + ++#if defined(__GNUC__) && defined(__GNUC_MINOR__) ++#if __GNUC__ >= 5 && __GNUC_MINOR__ >= 1 + #define add(a, b, c) _Generic((c), \ + int *: int_add(a,b,c), \ + long *: long_add(a,b,c), \ + unsigned long *: ulong_add(a,b,c)) +- + #define mult(a, b, c) _Generic((c), \ + long *: long_mult(a,b,c), \ + unsigned long *: ulong_mult(a,b,c)) ++#endif ++#endif ++ ++#ifndef add ++#define add(a, b, c) ({ \ ++ (*(c)) = ((a) + (b)); \ ++ }) ++#endif ++#ifndef mult ++#define mult(a, b, c) ({ \ ++ (*(c)) = ((a) * (b)); \ ++ }) ++#endif ++ + + static inline int + __attribute__((unused)) +-- +2.9.3 + diff --git a/SOURCES/0003-popt-devel-in-RHEL-7.4-doesn-t-provide-popt.pc-so-in.patch b/SOURCES/0003-popt-devel-in-RHEL-7.4-doesn-t-provide-popt.pc-so-in.patch new file mode 100644 index 0000000..663746f --- /dev/null +++ b/SOURCES/0003-popt-devel-in-RHEL-7.4-doesn-t-provide-popt.pc-so-in.patch @@ -0,0 +1,34 @@ +From 262e2900dde1e03d499b3e06f389dcdd8f12f2fd Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 13 Mar 2017 14:03:55 -0400 +Subject: [PATCH 3/3] popt-devel in RHEL 7.4 doesn't provide popt.pc, so + include it the other way. + +Signed-off-by: Peter Jones +--- + src/Makefile | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/src/Makefile b/src/Makefile +index a5d98ec..c957d84 100644 +--- a/src/Makefile ++++ b/src/Makefile +@@ -56,13 +56,11 @@ libefivar.so : LIBS=dl + libefivar.so : MAP=libefivar.map + + efivar : efivar.c | libefivar.so +-efivar : LIBS=efivar dl +-efivar : PKGS=popt ++efivar : LIBS=efivar dl popt + + efivar-static : efivar.c $(patsubst %.o,%.static.o,$(LIBEFIVAR_OBJECTS)) + efivar-static : | $(GENERATED_SOURCES) +-efivar-static : LIBS=dl +-efivar-static : PKGS=popt ++efivar-static : LIBS=dl popt + + libefiboot.a : $(patsubst %.o,%.static.o,$(LIBEFIBOOT_OBJECTS)) + +-- +2.9.3 + diff --git a/SOURCES/0004-efi_loadopt_args_from_file-fix-leaked-file-descripto.patch b/SOURCES/0004-efi_loadopt_args_from_file-fix-leaked-file-descripto.patch new file mode 100644 index 0000000..af9fbf5 --- /dev/null +++ b/SOURCES/0004-efi_loadopt_args_from_file-fix-leaked-file-descripto.patch @@ -0,0 +1,35 @@ +From 0967cd89ae6c1e55c1d136669e2f426752f233f4 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 1 May 2017 14:40:26 -0400 +Subject: [PATCH 04/22] efi_loadopt_args_from_file(): fix leaked file + descriptor. + +In the case where we're just trying to figure out the file's size, we're +failing to close the file. So close it. + +Found by covscan. + +Signed-off-by: Peter Jones +--- + src/loadopt.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/loadopt.c b/src/loadopt.c +index ce88986..a3c1ba9 100644 +--- a/src/loadopt.c ++++ b/src/loadopt.c +@@ -275,8 +275,10 @@ efi_loadopt_args_from_file(uint8_t *buf, ssize_t size, char *filename) + if (rc < 0) + goto err; + +- if (size == 0) ++ if (size == 0) { ++ fclose(f); + return statbuf.st_size; ++ } + + if (size < statbuf.st_size) { + errno = ENOSPC; +-- +2.12.2 + diff --git a/SOURCES/0005-make_mac_path-fix-leaked-file-descriptor.patch b/SOURCES/0005-make_mac_path-fix-leaked-file-descriptor.patch new file mode 100644 index 0000000..85bf612 --- /dev/null +++ b/SOURCES/0005-make_mac_path-fix-leaked-file-descriptor.patch @@ -0,0 +1,41 @@ +From f3304710b72de55249ef461c544edffd5705bdc7 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 1 May 2017 14:42:25 -0400 +Subject: [PATCH 05/22] make_mac_path(): fix leaked file descriptor. + +When make_mac_path() gets an error from efidp_make_mac_addr(), it fails +to close the file descriptor to the network device. So close it. Also +ensure that the ifrn_name field is NUL terminated. + +Found by covscan. + +Signed-off-by: Peter Jones +--- + src/linux.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/linux.c b/src/linux.c +index 34ed479..3c77a93 100644 +--- a/src/linux.c ++++ b/src/linux.c +@@ -1035,6 +1035,7 @@ make_mac_path(uint8_t *buf, ssize_t size, const char * const ifname) + + memset(&ifr, 0, sizeof (ifr)); + strncpy(ifr.ifr_name, ifname, IF_NAMESIZE); ++ ifr.ifr_name[IF_NAMESIZE-1] = '\0'; + drvinfo.cmd = ETHTOOL_GDRVINFO; + ifr.ifr_data = (caddr_t)&drvinfo; + +@@ -1062,7 +1063,8 @@ make_mac_path(uint8_t *buf, ssize_t size, const char * const ifname) + (uint8_t *)ifr.ifr_ifru.ifru_hwaddr.sa_data, + sizeof(ifr.ifr_ifru.ifru_hwaddr.sa_data)); + if (sz < 0) +- return -1; ++ goto err; ++ + off += sz; + ret = off; + err: +-- +2.12.2 + diff --git a/SOURCES/0006-gpt_disk_get_partition_info-free-our-allocations-on-.patch b/SOURCES/0006-gpt_disk_get_partition_info-free-our-allocations-on-.patch new file mode 100644 index 0000000..aff5553 --- /dev/null +++ b/SOURCES/0006-gpt_disk_get_partition_info-free-our-allocations-on-.patch @@ -0,0 +1,48 @@ +From 939e4a8524821ccc30b34fec97416bc1b97b5455 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 1 May 2017 14:44:43 -0400 +Subject: [PATCH 06/22] gpt_disk_get_partition_info(): free our allocations on + the error path. + +When gpt_disk_get_partition_info() discovers that a partition is +invalid, it returns error, but it forgets to free its allocations. + +Found by covscan. + +Signed-off-by: Peter Jones +--- + src/gpt.c | 10 ++++------ + 1 file changed, 4 insertions(+), 6 deletions(-) + +diff --git a/src/gpt.c b/src/gpt.c +index 30cbdfd..e9c713b 100644 +--- a/src/gpt.c ++++ b/src/gpt.c +@@ -640,7 +640,7 @@ gpt_disk_get_partition_info(int fd, uint32_t num, uint64_t * start, + gpt_entry *ptes = NULL, *p; + int rc = 0; + +- char *report=getenv("LIBEFIBOOT_REPORT_GPT_ERRORS"); ++ char *report = getenv("LIBEFIBOOT_REPORT_GPT_ERRORS"); + if (report) + report_errors = 1; + +@@ -662,12 +662,10 @@ gpt_disk_get_partition_info(int fd, uint32_t num, uint64_t * start, + if (report_errors) + fprintf(stderr, "partition %d is not valid\n", num); + errno = EINVAL; +- return -1; ++ rc = -1; + } +- if (ptes) +- free(ptes); +- if (gpt) +- free(gpt); ++ free(ptes); ++ free(gpt); + + return rc; + } +-- +2.12.2 + diff --git a/SOURCES/0007-efi_generate_file_device_path-fix-one-error-case-s-f.patch b/SOURCES/0007-efi_generate_file_device_path-fix-one-error-case-s-f.patch new file mode 100644 index 0000000..868ca11 --- /dev/null +++ b/SOURCES/0007-efi_generate_file_device_path-fix-one-error-case-s-f.patch @@ -0,0 +1,42 @@ +From 1461dc3b17aa54377bbc461bf7d5a809322dae17 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 1 May 2017 14:46:37 -0400 +Subject: [PATCH 07/22] efi_generate_file_device_path(): fix one error case's + free path. + +When efi_generate_file_device_path() gets an error from +find_parent_devpath(), it currently just returns an error, rather than +freeing up its intermediate resources. So free them. + +Found by covscan. + +Signed-off-by: Peter Jones +--- + src/creator.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/creator.c b/src/creator.c +index ca01964..6d662b7 100644 +--- a/src/creator.c ++++ b/src/creator.c +@@ -345,7 +345,7 @@ efi_generate_file_device_path(uint8_t *buf, ssize_t size, + rc = find_parent_devpath(child_devpath, &parent_devpath); + if (rc < 0) { + efi_error("could not find parent device for file"); +- return -1; ++ goto err; + } + + rc = get_partition_number(child_devpath); +@@ -369,7 +369,7 @@ err: + if (child_devpath) + free(child_devpath); + if (parent_devpath) +- free(parent_devpath); ++ free(parent_devpath); + if (relpath) + free(relpath); + errno = saved_errno; +-- +2.12.2 + diff --git a/SOURCES/0008-efi_va_generate_file_device_path_from_esp-handle-err.patch b/SOURCES/0008-efi_va_generate_file_device_path_from_esp-handle-err.patch new file mode 100644 index 0000000..e54dff6 --- /dev/null +++ b/SOURCES/0008-efi_va_generate_file_device_path_from_esp-handle-err.patch @@ -0,0 +1,52 @@ +From 537d3d37d1091080362e11a6fa99b9f31cb48e53 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 1 May 2017 14:48:49 -0400 +Subject: [PATCH 08/22] efi_va_generate_file_device_path_from_esp(): handle + errors better. + +When efi_va_generate_file_device_path_from_esp() gets an error from +efidp_make_edd10() or make_blockdev_path(), it fails to close the file +descriptor it uses to do ioctl() against the disk. So make it use the +common error path for those as well. + +Found by covscan. + +Signed-off-by: Peter Jones +--- + src/creator.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/creator.c b/src/creator.c +index 6d662b7..ccd0faf 100644 +--- a/src/creator.c ++++ b/src/creator.c +@@ -180,7 +180,7 @@ efi_va_generate_file_device_path_from_esp(uint8_t *buf, ssize_t size, + uint32_t options, va_list ap) + { + int rc; +- ssize_t ret = -1, off=0, sz; ++ ssize_t ret = -1, off = 0, sz; + struct disk_info info = { 0, }; + int fd = -1; + int saved_errno; +@@ -215,7 +215,7 @@ efi_va_generate_file_device_path_from_esp(uint8_t *buf, ssize_t size, + sz = efidp_make_edd10(buf, size, info.edd10_devicenum); + if (sz < 0) { + efi_error("could not make EDD 1.0 device path"); +- return -1; ++ goto err; + } + off = sz; + } else if (!(options & EFIBOOT_ABBREV_FILE) +@@ -228,7 +228,7 @@ efi_va_generate_file_device_path_from_esp(uint8_t *buf, ssize_t size, + sz = make_blockdev_path(buf, size, &info); + if (sz < 0) { + efi_error("could not create device path"); +- return -1; ++ goto err; + } + off += sz; + } +-- +2.12.2 + diff --git a/SOURCES/0009-efi_variable_import-fix-memory-leak-on-failure-path.patch b/SOURCES/0009-efi_variable_import-fix-memory-leak-on-failure-path.patch new file mode 100644 index 0000000..5751166 --- /dev/null +++ b/SOURCES/0009-efi_variable_import-fix-memory-leak-on-failure-path.patch @@ -0,0 +1,40 @@ +From 1ae1196e74d5bac16e63a9c453f88da9c28b5c4a Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 1 May 2017 14:52:48 -0400 +Subject: [PATCH 09/22] efi_variable_import(): fix memory leak on failure path. + +When one of our allocations fails, we leak the other one. Woops. + +Found by covscan. + +Signed-off-by: Peter Jones +--- + src/export.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/src/export.c b/src/export.c +index 7f2d4dd..89af720 100644 +--- a/src/export.c ++++ b/src/export.c +@@ -96,11 +96,14 @@ efi_variable_import(uint8_t *data, size_t size, efi_variable_t **var_out) + ptr += sizeof (uint32_t); + + if (name_len < 1 || +- name_len != ((data + size) - ptr - data_len)) +- return -1; +- if (data_len < 1 || +- data_len != ((data + size) - ptr - name_len)) ++ name_len != ((data + size) - ptr - data_len) || ++ data_len < 1 || ++ data_len != ((data + size) - ptr - name_len)) { ++ int saved_errno = errno; ++ free(var.guid); ++ errno = saved_errno; + return -1; ++ } + + var.name = calloc(1, name_len + 1); + if (!var.name) { +-- +2.12.2 + diff --git a/SOURCES/0010-efidp_append_path-error-check-the-right-variable.patch b/SOURCES/0010-efidp_append_path-error-check-the-right-variable.patch new file mode 100644 index 0000000..5b8c630 --- /dev/null +++ b/SOURCES/0010-efidp_append_path-error-check-the-right-variable.patch @@ -0,0 +1,90 @@ +From 62e8de172dfa707990e3f2721954290499c0e14f Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 1 May 2017 14:54:15 -0400 +Subject: [PATCH 10/22] efidp_append_path(): error check the right variable. + +We do lsz=efidp_size(dp); rsz=efidp_size(dn); and then we error check +lsz twice. One should be rsz. + +We also actually do the whole thing with lsz twice anyway, and fail to +check that dp isn't NULL first. + +We're also not error checking that the buffer from our addition is +actually large enough to hold something meaningful. So do that too. + +None of that is right, so fix it. + +Covscan completely failed to notice this, but complained about something +irrelevant later on in the code that's a result. + +Signed-off-by: Peter Jones +--- + src/dp.c | 26 +++++++++++++++++++------- + 1 file changed, 19 insertions(+), 7 deletions(-) + +diff --git a/src/dp.c b/src/dp.c +index e9a257e..e700af9 100644 +--- a/src/dp.c ++++ b/src/dp.c +@@ -139,7 +139,7 @@ efidp_append_path(const_efidp dp0, const_efidp dp1, efidp *out) + } + + rsz = efidp_size(dp1); +- if (lsz < 0) { ++ if (rsz < 0) { + efi_error("efidp_size(dp1) returned error"); + return -1; + } +@@ -166,6 +166,13 @@ efidp_append_path(const_efidp dp0, const_efidp dp1, efidp *out) + efi_error("arithmetic overflow computing allocation size"); + return -1; + } ++ ++ if (newsz < (ssize_t)sizeof(efidp_header)) { ++ errno = EINVAL; ++ efi_error("allocation for new device path is smaller than device path header."); ++ return -1; ++ } ++ + new = malloc(newsz); + if (!new) { + efi_error("allocation failed"); +@@ -195,10 +202,11 @@ efidp_append_node(const_efidp dp, const_efidp dn, efidp *out) + return rc; + } + +- lsz = efidp_size(dp); +- if (lsz < 0) { +- efi_error("efidp_size(dp) returned error"); +- return -1; ++ if (!dp && dn) { ++ rc = efidp_duplicate_path(dn, out); ++ if (rc < 0) ++ efi_error("efidp_duplicate_path() failed"); ++ return rc; + } + + if (dp && !dn) { +@@ -209,13 +217,17 @@ efidp_append_node(const_efidp dp, const_efidp dn, efidp *out) + } + + lsz = efidp_size(dp); +- if (lsz < 0) ++ if (lsz < 0) { ++ efi_error("efidp_size(dp) returned error"); + return -1; ++ } + + + rsz = efidp_node_size(dn); +- if (rsz < 0) ++ if (rsz < 0) { ++ efi_error("efidp_size(dn) returned error"); + return -1; ++ } + + if (!dp && dn) { + if (add(rsz, sizeof(end_entire), &newsz)) { +-- +2.12.2 + diff --git a/SOURCES/0011-efi_variable_import-make-sure-var.data_size-is-set.patch b/SOURCES/0011-efi_variable_import-make-sure-var.data_size-is-set.patch new file mode 100644 index 0000000..c037b05 --- /dev/null +++ b/SOURCES/0011-efi_variable_import-make-sure-var.data_size-is-set.patch @@ -0,0 +1,28 @@ +From bc5f74e97ff48b89028a5f3cd0064401b37c0951 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 1 May 2017 14:56:53 -0400 +Subject: [PATCH 11/22] efi_variable_import(): make sure var.data_size is set. + +Covscan noticed that var.data_size isn't set when we memcpy the +structure. It should be set. + +Signed-off-by: Peter Jones +--- + src/export.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/export.c b/src/export.c +index 89af720..27ce501 100644 +--- a/src/export.c ++++ b/src/export.c +@@ -118,6 +118,7 @@ efi_variable_import(uint8_t *data, size_t size, efi_variable_t **var_out) + var.name[i] = wname[i] & 0xff; + ptr += name_len * 2; + ++ var.data_size = data_len; + var.data = malloc(data_len); + if (!var.data) { + int saved_errno = errno; +-- +2.12.2 + diff --git a/SOURCES/0012-makeguids-free-our-input-buffer.patch b/SOURCES/0012-makeguids-free-our-input-buffer.patch new file mode 100644 index 0000000..c3a6b24 --- /dev/null +++ b/SOURCES/0012-makeguids-free-our-input-buffer.patch @@ -0,0 +1,29 @@ +From a09b1f454d01799f4976cb1396348bd850e7223a Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 1 May 2017 14:59:57 -0400 +Subject: [PATCH 12/22] makeguids: free our input buffer. + +Covscan noticed this, but didn't notice that this is a short lived +program that just parses some tables during the build. It *sooo* +doesn't matter. + +Signed-off-by: Peter Jones +--- + src/makeguids.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/makeguids.c b/src/makeguids.c +index da2f5f7..6a76c46 100644 +--- a/src/makeguids.c ++++ b/src/makeguids.c +@@ -212,6 +212,7 @@ main(int argc, char *argv[]) + close(in); + close(guidout); + close(nameout); ++ free(inbuf); + + return 0; + } +-- +2.12.2 + diff --git a/SOURCES/0013-efi_variable_import-constrain-our-inputs-better.patch b/SOURCES/0013-efi_variable_import-constrain-our-inputs-better.patch new file mode 100644 index 0000000..d8b1f64 --- /dev/null +++ b/SOURCES/0013-efi_variable_import-constrain-our-inputs-better.patch @@ -0,0 +1,32 @@ +From f6dc880cb1684d1836ade34e44c7710029c174e2 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 1 May 2017 15:02:27 -0400 +Subject: [PATCH 13/22] efi_variable_import(): constrain our inputs better. + +efi_variable_import() could plausibly pass NULL to memcpy() if buf is 0 +and size is < 0, though that should never be the case. Make the input +checking return EINVAL if that's the case. + +Found by Covscan. + +Signed-off-by: Peter Jones +--- + src/loadopt.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/loadopt.c b/src/loadopt.c +index a3c1ba9..d4c2d46 100644 +--- a/src/loadopt.c ++++ b/src/loadopt.c +@@ -302,7 +302,7 @@ __attribute__((__visibility__ ("default"))) + efi_loadopt_args_as_utf8(uint8_t *buf, ssize_t size, uint8_t *utf8) + { + ssize_t req; +- if (!buf && size > 0) { ++ if (!buf && size != 0) { + errno = EINVAL; + return -1; + } +-- +2.12.2 + diff --git a/SOURCES/0014-efi_loadopt_create-check-buf-for-NULLness.patch b/SOURCES/0014-efi_loadopt_create-check-buf-for-NULLness.patch new file mode 100644 index 0000000..2a564e6 --- /dev/null +++ b/SOURCES/0014-efi_loadopt_create-check-buf-for-NULLness.patch @@ -0,0 +1,40 @@ +From 20e9ecb4a4b327a32dc639a7ff826af5089e3fbf Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 1 May 2017 15:04:24 -0400 +Subject: [PATCH 14/22] efi_loadopt_create(): check buf for NULLness. + +Found by covscan. + +Signed-off-by: Peter Jones +--- + src/loadopt.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/src/loadopt.c b/src/loadopt.c +index d4c2d46..8db8074 100644 +--- a/src/loadopt.c ++++ b/src/loadopt.c +@@ -46,13 +46,20 @@ efi_loadopt_create(uint8_t *buf, ssize_t size, uint32_t attributes, + ssize_t sz = sizeof (attributes) + + sizeof (uint16_t) + desc_len + + dp_size + optional_data_size; ++ + if (size == 0) + return sz; ++ + if (size < sz) { + errno = ENOSPC; + return -1; + } + ++ if (!buf) { ++ errno = EINVAL; ++ return -1; ++ } ++ + if (!optional_data && optional_data_size != 0) { + errno = EINVAL; + return -1; +-- +2.12.2 + diff --git a/SOURCES/0015-efidp_duplicate_extra-error-if-our-allocation-is-too.patch b/SOURCES/0015-efidp_duplicate_extra-error-if-our-allocation-is-too.patch new file mode 100644 index 0000000..c75750d --- /dev/null +++ b/SOURCES/0015-efidp_duplicate_extra-error-if-our-allocation-is-too.patch @@ -0,0 +1,34 @@ +From 32f6b0d5974e39dbcce89d9ab8551e35eb8fdaab Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 1 May 2017 15:14:33 -0400 +Subject: [PATCH 15/22] efidp_duplicate_extra(): error if our allocation is too + small. + +Covscan believes we might pass 0 to calloc(), though I suspect this is +because it doesn't fully grok add(). + +Signed-off-by: Peter Jones +--- + src/dp.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/dp.c b/src/dp.c +index e700af9..eadb397 100644 +--- a/src/dp.c ++++ b/src/dp.c +@@ -81,6 +81,12 @@ efidp_duplicate_extra(const_efidp dp, efidp *out, size_t extra) + return -1; + } + ++ if (plus < (ssize_t)sizeof(efidp_header)) { ++ errno = EINVAL; ++ efi_error("allocation for new device path is smaller than device path header."); ++ return -1; ++ } ++ + new = calloc(1, plus); + if (!new) { + efi_error("allocation failed"); +-- +2.12.2 + diff --git a/SOURCES/0016-show_errors-make-the-useful-part-here-not-be-dead-co.patch b/SOURCES/0016-show_errors-make-the-useful-part-here-not-be-dead-co.patch new file mode 100644 index 0000000..0b2b17a --- /dev/null +++ b/SOURCES/0016-show_errors-make-the-useful-part-here-not-be-dead-co.patch @@ -0,0 +1,29 @@ +From 878c81f02e9cabbc990028b2cf87442813eb39f5 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 1 May 2017 15:18:05 -0400 +Subject: [PATCH 16/22] show_errors(): make the useful part here not be dead + code. + +Woops. + +Signed-off-by: Peter Jones +--- + src/efivar.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/efivar.c b/src/efivar.c +index cbefe8b..38d19e1 100644 +--- a/src/efivar.c ++++ b/src/efivar.c +@@ -61,7 +61,7 @@ static int verbose_errors = 0; + static void + show_errors(void) + { +- int rc = 0; ++ int rc = 1; + + if (!verbose_errors) + return; +-- +2.12.2 + diff --git a/SOURCES/0017-efi_loadopt_args_from_file-make-sure-buf-is-only-NUL.patch b/SOURCES/0017-efi_loadopt_args_from_file-make-sure-buf-is-only-NUL.patch new file mode 100644 index 0000000..cfecd77 --- /dev/null +++ b/SOURCES/0017-efi_loadopt_args_from_file-make-sure-buf-is-only-NUL.patch @@ -0,0 +1,31 @@ +From d251242a71ef01626444180c630330bcfb0ca69e Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 1 May 2017 15:19:18 -0400 +Subject: [PATCH 17/22] efi_loadopt_args_from_file(): make sure buf is only + NULL if size is. + +This avoids passing NULL to fread(). + +Found by covscan. + +Signed-off-by: Peter Jones +--- + src/loadopt.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/loadopt.c b/src/loadopt.c +index 8db8074..5301f3d 100644 +--- a/src/loadopt.c ++++ b/src/loadopt.c +@@ -269,7 +269,7 @@ efi_loadopt_args_from_file(uint8_t *buf, ssize_t size, char *filename) + int saved_errno; + FILE *f; + +- if (!buf && size > 0) { ++ if (!buf && size != 0) { + errno = -EINVAL; + return -1; + } +-- +2.12.2 + diff --git a/SOURCES/0018-calls-to-sysfs_readlink-check-linkbuf-for-NULLness.patch b/SOURCES/0018-calls-to-sysfs_readlink-check-linkbuf-for-NULLness.patch new file mode 100644 index 0000000..a53c6b7 --- /dev/null +++ b/SOURCES/0018-calls-to-sysfs_readlink-check-linkbuf-for-NULLness.patch @@ -0,0 +1,91 @@ +From 38039634f722eb6e3ef4221e3f37c19a1bc96ae7 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 1 May 2017 15:21:13 -0400 +Subject: [PATCH 18/22] calls to sysfs_readlink(): check linkbuf for NULLness. + +If linkbuf were NULL, sysfs_readlink() would have returned an error, but +covscan can't figure that out, so it thinks linkbuf might be NULL. + +Signed-off-by: Peter Jones +--- + src/linux.c | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +diff --git a/src/linux.c b/src/linux.c +index 3c77a93..85b4ee3 100644 +--- a/src/linux.c ++++ b/src/linux.c +@@ -53,7 +53,7 @@ set_disk_and_part_name(struct disk_info *info) + + rc = sysfs_readlink(&linkbuf, "/sys/dev/block/%"PRIu64":%"PRIu32, + info->major, info->minor); +- if (rc < 0) ++ if (rc < 0 || !linkbuf) + return -1; + + char *ultimate; +@@ -141,7 +141,7 @@ get_partition_number(const char *devpath) + min = minor(statbuf.st_rdev); + + rc = sysfs_readlink(&linkbuf, "/sys/dev/block/%u:%u", maj, min); +- if (rc < 0) ++ if (rc < 0 || !linkbuf) + return -1; + + rc = read_sysfs_file(&partbuf, "/sys/dev/block/%s/partition", linkbuf); +@@ -170,7 +170,7 @@ find_parent_devpath(const char * const child, char **parent) + + /* look up full path symlink */ + ret = sysfs_readlink(&linkbuf, "/sys/class/block/%s", node); +- if (ret < 0) ++ if (ret < 0 || !linkbuf) + return ret; + + /* strip child */ +@@ -747,7 +747,7 @@ make_blockdev_path(uint8_t *buf, ssize_t size, struct disk_info *info) + + rc = sysfs_readlink(&linkbuf, "/sys/dev/block/%"PRIu64":%u", + info->major, info->minor); +- if (rc < 0) ++ if (rc < 0 || !linkbuf) + return -1; + + /* +@@ -771,7 +771,7 @@ make_blockdev_path(uint8_t *buf, ssize_t size, struct disk_info *info) + return -1; + tmppath[loff] = '\0'; + rc = sysfs_readlink(&driverbuf, "/sys/dev/block/%s/driver", tmppath); +- if (rc < 0) ++ if (rc < 0 || !driverbuf) + return -1; + + char *driver = strrchr(driverbuf, '/'); +@@ -867,7 +867,7 @@ make_blockdev_path(uint8_t *buf, ssize_t size, struct disk_info *info) + + rc = sysfs_readlink(&linkbuf, "/sys/class/block/%s/device", + info->disk_name); +- if (rc < 0) ++ if (rc < 0 || !linkbuf) + return 0; + + rc = sscanf(linkbuf, "../../../%d:%d:%d:%"PRIu64, +@@ -1001,14 +1001,14 @@ make_net_pci_path(uint8_t *buf, ssize_t size, const char * const ifname) + int rc; + + rc = sysfs_readlink(&linkbuf, "/sys/class/net/%s", ifname); +- if (rc < 0) ++ if (rc < 0 || !linkbuf) + return -1; + + /* + * the sysfs path basically looks like: + * ../../devices/$PCI_STUFF/net/$IFACE + */ +- rc = sscanf(linkbuf+loff, "../../devices/%n", &lsz); ++ rc = sscanf(linkbuf, "../../devices/%n", &lsz); + if (rc != 0) + return -1; + loff += lsz; +-- +2.12.2 + diff --git a/SOURCES/0019-efivar-main-explain-efi_well_known_guids-to-the-comp.patch b/SOURCES/0019-efivar-main-explain-efi_well_known_guids-to-the-comp.patch new file mode 100644 index 0000000..54386b1 --- /dev/null +++ b/SOURCES/0019-efivar-main-explain-efi_well_known_guids-to-the-comp.patch @@ -0,0 +1,38 @@ +From 089265335dfb746a77ec15a917c12e8c77a41240 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 1 May 2017 15:34:28 -0400 +Subject: [PATCH 19/22] efivar main(): explain efi_well_known_guids to the + compiler better. + +Covscan doesn't quite understand that this _is_ an array, so make it +look even more like one. + +Signed-off-by: Peter Jones +--- + src/efivar.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/efivar.c b/src/efivar.c +index 38d19e1..3ed9a84 100644 +--- a/src/efivar.c ++++ b/src/efivar.c +@@ -461,13 +461,13 @@ int main(int argc, char *argv[]) + case ACTION_LIST_GUIDS: { + efi_guid_t sentinal = {0xffffffff,0xffff,0xffff,0xffff, + {0xff,0xff,0xff,0xff,0xff,0xff}}; +- extern struct guidname efi_well_known_guids; +- extern struct guidname efi_well_known_guids_end; ++ extern struct guidname efi_well_known_guids[]; ++ extern struct guidname *efi_well_known_guids_end; + intptr_t start = (intptr_t)&efi_well_known_guids; + intptr_t end = (intptr_t)&efi_well_known_guids_end; + unsigned int i; + +- struct guidname *guid = &efi_well_known_guids; ++ struct guidname *guid = &efi_well_known_guids[0]; + for (i = 0; i < (end-start) / sizeof(*guid); i++) { + if (!efi_guid_cmp(&sentinal, &guid[i].guid)) + break; +-- +2.12.2 + diff --git a/SOURCES/0020-dp.h-Try-to-make-covscan-believe-format-is-checking-.patch b/SOURCES/0020-dp.h-Try-to-make-covscan-believe-format-is-checking-.patch new file mode 100644 index 0000000..3962f5f --- /dev/null +++ b/SOURCES/0020-dp.h-Try-to-make-covscan-believe-format-is-checking-.patch @@ -0,0 +1,44 @@ +From 9d74090cea256021e68b204c4770a5df28398cbd Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 1 May 2017 15:59:09 -0400 +Subject: [PATCH 20/22] dp.h: Try to make covscan believe format() is checking + its bounds. + +covscan doesn't grok that size and off wind up being proxies for buf's +NULL check. Hilarity ensues. + +Signed-off-by: Peter Jones +--- + src/dp.h | 16 +++++++++++----- + 1 file changed, 11 insertions(+), 5 deletions(-) + +diff --git a/src/dp.h b/src/dp.h +index d6775a6..c14a9ec 100644 +--- a/src/dp.h ++++ b/src/dp.h +@@ -28,11 +28,17 @@ + #include "ucs2.h" + + #define format(buf, size, off, dp_type, fmt, args...) ({ \ +- ssize_t _x = 0; \ +- if ((off) >= 0) { \ +- _x = snprintf(((buf)+(off)), \ +- ((size)?((size)-(off)):0), \ +- fmt, ## args); \ ++ ssize_t _insize = 0; \ ++ void *_inbuf = NULL; \ ++ if ((buf) != NULL && (size) > 0) { \ ++ _inbuf = (buf) + (off); \ ++ _insize = (size) - (off); \ ++ } \ ++ if ((off) >= 0 && \ ++ ((buf == NULL && _insize == 0) || \ ++ (buf != NULL && _insize >= 0))) { \ ++ ssize_t _x = 0; \ ++ _x = snprintf(_inbuf, _insize, fmt, ## args); \ + if (_x < 0) { \ + efi_error( \ + "could not build %s DP string", \ +-- +2.12.2 + diff --git a/SOURCES/0021-gpt-try-to-avoid-trusting-unverified-partition-table.patch b/SOURCES/0021-gpt-try-to-avoid-trusting-unverified-partition-table.patch new file mode 100644 index 0000000..af9704d --- /dev/null +++ b/SOURCES/0021-gpt-try-to-avoid-trusting-unverified-partition-table.patch @@ -0,0 +1,360 @@ +From 29a53c93ce063c8272e44f4981201a4752fc6ba1 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 9 May 2017 14:20:13 -0400 +Subject: [PATCH 21/24] gpt: try to avoid trusting unverified partition table + data. + +Covscan complains thusly: + 4. efivar-31/src/gpt.c:338: tainted_data_return: Function "alloc_read_gpt_header" returns tainted data. + 7. efivar-31/src/gpt.c:311:2: tainted_data_argument: Function "read_lba" taints argument "gpt". +12. efivar-31/src/gpt.c:245:2: tainted_data_argument: Calling function "read" taints parameter "*iobuf". [Note: The source code implementation of the function has been overridden by a builtin model.] +13. efivar-31/src/gpt.c:246:2: tainted_data_transitive: "memcpy" taints argument "buffer" because argument "iobuf" is tainted. [Note: The source code implementation of the function has been overridden by a builtin model.] +16. efivar-31/src/gpt.c:316:2: return_tainted_data: Returning tainted variable "gpt". +17. efivar-31/src/gpt.c:338: var_assign: Assigning: "*gpt" = "alloc_read_gpt_header", which taints "*gpt". +26. efivar-31/src/gpt.c:382: tainted_data: Passing tainted variable "(*gpt)->num_partition_entries" to a tainted sink. +27. efivar-31/src/gpt.c:272:15: var_assign_alias: Assigning: "count" = "(__u32)(__le32)gpt->num_partition_entries * (__u32)(__le32)gpt->sizeof_partition_entry". Both are now tainted. +30. efivar-31/src/gpt.c:278:2: tainted_data_sink_lv_call: Passing tainted variable "count" to tainted data sink "malloc". + +Hopefully this patch validates num_partition_entries and +sizeof_partition_entry well enough... + +Signed-off-by: Peter Jones +--- + src/disk.c | 3 +- + src/gpt.c | 190 ++++++++++++++++++++++++++++++++++++++++++++++++++++++------- + src/gpt.h | 3 +- + 3 files changed, 173 insertions(+), 23 deletions(-) + +diff --git a/src/disk.c b/src/disk.c +index 91d636d..0a7a769 100644 +--- a/src/disk.c ++++ b/src/disk.c +@@ -225,7 +225,8 @@ get_partition_info(int fd, uint32_t options, + signature, + mbr_type, + signature_type, +- (options & EFIBOOT_OPTIONS_IGNORE_PMBR_ERR)?1:0); ++ (options & EFIBOOT_OPTIONS_IGNORE_PMBR_ERR)?1:0, ++ sector_size); + if (gpt_invalid) { + mbr_invalid = msdos_disk_get_partition_info(fd, + (options & EFIBOOT_OPTIONS_WRITE_SIGNATURE)?1:0, +diff --git a/src/gpt.c b/src/gpt.c +index e9c713b..7baa992 100644 +--- a/src/gpt.c ++++ b/src/gpt.c +@@ -29,6 +29,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -266,11 +267,10 @@ read_lba(int fd, uint64_t lba, void *buffer, size_t bytes) + * Notes: remember to free pte when you're done! + */ + static gpt_entry * +-alloc_read_gpt_entries(int fd, gpt_header * gpt) ++alloc_read_gpt_entries(int fd, uint32_t nptes, uint32_t ptesz, uint64_t ptelba) + { + gpt_entry *pte; +- size_t count = __le32_to_cpu(gpt->num_partition_entries) * +- __le32_to_cpu(gpt->sizeof_partition_entry); ++ size_t count = nptes * ptesz; + + if (!count) + return NULL; +@@ -280,8 +280,7 @@ alloc_read_gpt_entries(int fd, gpt_header * gpt) + return NULL; + + memset(pte, 0, count); +- if (!read_lba(fd, __le64_to_cpu(gpt->partition_entry_lba), pte, +- count)) { ++ if (!read_lba(fd, ptelba, pte, count)) { + free(pte); + return NULL; + } +@@ -317,6 +316,65 @@ alloc_read_gpt_header(int fd, uint64_t lba) + } + + /** ++ * validate_nptes(): Tries to ensure that nptes is a reasonable value ++ * @first_block is the beginning LBA to bound the table ++ * @pte_start is the starting LBA of the partition table ++ * @last_block is the end LBA of to bound the table ++ * @ptesz is the size of a partition table entry ++ * @nptes is the number of entries we have. ++ * @blksz is the block size of the device. ++ * ++ * Description: returns 0 if the partition table doesn't fit, 1 if it does ++ */ ++static int ++validate_nptes(uint64_t first_block, uint64_t pte_start, uint64_t last_block, ++ uint32_t ptesz, uint32_t nptes, uint32_t blksz) ++{ ++ uint32_t min_entry_size = sizeof(gpt_entry); ++ uint32_t min_entry_size_mod = 128 - sizeof(gpt_entry) % 128; ++ uint64_t max_blocks, max_bytes; ++ ++ if (min_entry_size_mod == 128) ++ min_entry_size_mod = 0; ++ min_entry_size += min_entry_size_mod; ++ ++ if (ptesz < min_entry_size) ++ return 0; ++ ++ if (pte_start < first_block || pte_start > last_block) ++ return 0; ++ ++ max_blocks = last_block - pte_start; ++ if (UINT64_MAX / blksz < max_blocks) ++ return 0; ++ ++ max_bytes = max_blocks * blksz; ++ if (UINT64_MAX / ptesz < max_bytes) ++ return 0; ++ ++ if (ptesz > max_bytes / nptes) ++ return 0; ++ ++ if (max_bytes / ptesz < nptes) ++ return 0; ++ ++ return 1; ++} ++ ++static int ++check_lba(uint64_t lba, uint64_t lastlba, char *name) ++{ ++ if (lba > lastlba) { ++ if (report_errors) ++ fprintf(stderr, ++ "Invalid %s LBA %"PRIx64" max:%"PRIx64"\n", ++ name, lba, lastlba); ++ return 0; ++ } ++ return 1; ++} ++ ++/** + * is_gpt_valid() - tests one GPT header and PTEs for validity + * @fd is an open file descriptor to the whole disk + * @lba is the logical block address of the GPT header to test +@@ -328,10 +386,12 @@ alloc_read_gpt_header(int fd, uint64_t lba) + */ + static int + is_gpt_valid(int fd, uint64_t lba, +- gpt_header ** gpt, gpt_entry ** ptes) ++ gpt_header ** gpt, gpt_entry ** ptes, ++ uint32_t logical_block_size) + { + int rc = 0; /* default to not valid */ + uint32_t crc, origcrc; ++ uint64_t max_device_lba = last_lba(fd); + + if (!gpt || !ptes) + return 0; +@@ -343,7 +403,7 @@ is_gpt_valid(int fd, uint64_t lba, + if (report_errors) + fprintf(stderr, + "GUID Partition Table Header signature is wrong" +- ": %" PRIx64" != %" PRIx64 "\n", ++ ": %"PRIx64" != %"PRIx64"\n", + (uint64_t)__le64_to_cpu((*gpt)->signature), + GPT_HEADER_SIGNATURE); + free(*gpt); +@@ -351,6 +411,20 @@ is_gpt_valid(int fd, uint64_t lba, + return rc; + } + ++ uint32_t hdrsz = __le32_to_cpu((*gpt)->header_size); ++ uint32_t hdrmin = MAX(92, ++ sizeof(gpt_header) - sizeof((*gpt)->reserved2)); ++ if (hdrsz < hdrmin || hdrsz > logical_block_size) { ++ if (report_errors) ++ fprintf(stderr, ++ "GUID Partition Table Header size is invalid (%d < %d < %d)\n", ++ hdrmin, hdrsz, ++ logical_block_size); ++ free (*gpt); ++ *gpt = NULL; ++ return rc; ++ } ++ + /* Check the GUID Partition Table Header CRC */ + origcrc = __le32_to_cpu((*gpt)->header_crc32); + (*gpt)->header_crc32 = 0; +@@ -369,26 +443,97 @@ is_gpt_valid(int fd, uint64_t lba, + + /* Check that the my_lba entry points to the LBA + * that contains the GPT we read */ +- if (__le64_to_cpu((*gpt)->my_lba) != lba) { ++ uint64_t mylba = __le64_to_cpu((*gpt)->my_lba); ++ uint64_t altlba = __le64_to_cpu((*gpt)->alternate_lba); ++ if (mylba != lba && altlba != lba) { + if (report_errors) + fprintf(stderr, +- "my_lba %"PRIx64 "x != lba %"PRIx64 "x.\n", +- (uint64_t)__le64_to_cpu((*gpt)->my_lba), lba); ++ "lba %"PRIx64" != lba %"PRIx64".\n", ++ mylba, lba); ++err: + free(*gpt); + *gpt = NULL; + return 0; + } + +- if (!(*ptes = alloc_read_gpt_entries(fd, *gpt))) { ++ if (!check_lba(mylba, max_device_lba, "GPT")) ++ goto err; ++ ++ if (!check_lba(altlba, max_device_lba, "GPT Alt")) ++ goto err; ++ ++ uint64_t ptelba = __le64_to_cpu((*gpt)->partition_entry_lba); ++ uint64_t fulba = __le64_to_cpu((*gpt)->first_usable_lba); ++ uint64_t lulba = __le64_to_cpu((*gpt)->last_usable_lba); ++ uint32_t nptes = __le32_to_cpu((*gpt)->num_partition_entries); ++ uint32_t ptesz = __le32_to_cpu((*gpt)->sizeof_partition_entry); ++ ++ if (!check_lba(ptelba, max_device_lba, "PTE")) ++ goto err; ++ if (!check_lba(fulba, max_device_lba, "First Usable")) ++ goto err; ++ if (!check_lba(lulba, max_device_lba, "Last Usable")) ++ goto err; ++ ++ if (ptesz < sizeof(gpt_entry) || ptesz % 128 != 0) { ++ if (report_errors) ++ fprintf(stderr, ++ "Invalid GPT entry size is %d.\n", ++ ptesz); ++ goto err; ++ } ++ ++ /* There's really no good answer to maximum bounds, but this large ++ * would be completely absurd, so... */ ++ if (nptes > 1024) { ++ if (report_errors) ++ fprintf(stderr, ++ "Not honoring insane number of Partition Table Entries 0x%"PRIx32".\n", ++ nptes); ++ ++ goto err; ++ } ++ ++ if (ptesz > 4096) { ++ if (report_errors) ++ fprintf(stderr, ++ "Not honoring insane Partition Table Entry size 0x%"PRIx32".\n", ++ ptesz); ++ goto err; ++ } ++ ++ uint64_t pte_blocks; ++ uint64_t firstlba, lastlba; ++ ++ if (altlba > mylba) { ++ firstlba = mylba + 1; ++ lastlba = fulba; ++ pte_blocks = fulba - ptelba; ++ rc = validate_nptes(firstlba, ptelba, fulba, ++ ptesz, nptes, logical_block_size); ++ } else { ++ firstlba = lulba; ++ lastlba = mylba; ++ pte_blocks = mylba - ptelba; ++ rc = validate_nptes(lulba, ptelba, mylba, ++ ptesz, nptes, logical_block_size); ++ } ++ if (!rc) { ++ if (report_errors) ++ fprintf(stderr, ++ "%"PRIu32" partition table entries with size 0x%"PRIx32" doesn't fit in 0x%"PRIx64" blocks between 0x%"PRIx64" and 0x%"PRIx64".\n", ++ nptes, ptesz, pte_blocks, firstlba, lastlba); ++ goto err; ++ } ++ ++ if (!(*ptes = alloc_read_gpt_entries(fd, nptes, ptesz, ptelba))) { + free(*gpt); + *gpt = NULL; + return 0; + } + + /* Check the GUID Partition Entry Array CRC */ +- crc = efi_crc32(*ptes, +- __le32_to_cpu((*gpt)->num_partition_entries) * +- __le32_to_cpu((*gpt)->sizeof_partition_entry)); ++ crc = efi_crc32(*ptes, nptes * ptesz); + if (crc != __le32_to_cpu((*gpt)->partition_entry_array_crc32)) { + if (report_errors) + fprintf(stderr, +@@ -519,7 +664,7 @@ compare_gpts(gpt_header *pgpt, gpt_header *agpt, uint64_t lastlba) + */ + static int + find_valid_gpt(int fd, gpt_header ** gpt, gpt_entry ** ptes, +- int ignore_pmbr_err) ++ int ignore_pmbr_err, int logical_block_size) + { + int good_pgpt = 0, good_agpt = 0, good_pmbr = 0; + gpt_header *pgpt = NULL, *agpt = NULL; +@@ -535,16 +680,18 @@ find_valid_gpt(int fd, gpt_header ** gpt, gpt_entry ** ptes, + + lastlba = last_lba(fd); + good_pgpt = is_gpt_valid(fd, GPT_PRIMARY_PARTITION_TABLE_LBA, +- &pgpt, &pptes); ++ &pgpt, &pptes, logical_block_size); + if (good_pgpt) { + good_agpt = is_gpt_valid(fd, + __le64_to_cpu(pgpt->alternate_lba), +- &agpt, &aptes); ++ &agpt, &aptes, logical_block_size); + if (!good_agpt) { +- good_agpt = is_gpt_valid(fd, lastlba, &agpt, &aptes); ++ good_agpt = is_gpt_valid(fd, lastlba, &agpt, &aptes, ++ logical_block_size); + } + } else { +- good_agpt = is_gpt_valid(fd, lastlba, &agpt, &aptes); ++ good_agpt = is_gpt_valid(fd, lastlba, &agpt, &aptes, ++ logical_block_size); + } + + /* The obviously unsuccessful case */ +@@ -634,7 +781,7 @@ __attribute__((__visibility__ ("hidden"))) + gpt_disk_get_partition_info(int fd, uint32_t num, uint64_t * start, + uint64_t * size, uint8_t *signature, + uint8_t * mbr_type, uint8_t * signature_type, +- int ignore_pmbr_error) ++ int ignore_pmbr_error, int logical_block_size) + { + gpt_header *gpt = NULL; + gpt_entry *ptes = NULL, *p; +@@ -644,7 +791,8 @@ gpt_disk_get_partition_info(int fd, uint32_t num, uint64_t * start, + if (report) + report_errors = 1; + +- rc = find_valid_gpt(fd, &gpt, &ptes, ignore_pmbr_error); ++ rc = find_valid_gpt(fd, &gpt, &ptes, ignore_pmbr_error, ++ logical_block_size); + if (rc < 0) + return rc; + +diff --git a/src/gpt.h b/src/gpt.h +index 2249b59..678ee37 100644 +--- a/src/gpt.h ++++ b/src/gpt.h +@@ -147,7 +147,8 @@ extern int gpt_disk_get_partition_info (int fd, uint32_t num, uint64_t *start, + uint64_t *size, uint8_t *signature, + uint8_t *mbr_type, + uint8_t *signature_type, +- int ignore_pmbr_error) ++ int ignore_pmbr_error, ++ int logical_sector_size) + __attribute__((__nonnull__ (3, 4, 5, 6, 7))) + __attribute__((__visibility__ ("hidden"))); + +-- +2.12.2 + diff --git a/SOURCES/0022-Simplify-efidp_append_node-even-more.patch b/SOURCES/0022-Simplify-efidp_append_node-even-more.patch new file mode 100644 index 0000000..d9ff9db --- /dev/null +++ b/SOURCES/0022-Simplify-efidp_append_node-even-more.patch @@ -0,0 +1,138 @@ +From 6e59831ea44426736c2ac615c5145c427418086a Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 9 May 2017 15:15:55 -0400 +Subject: [PATCH 22/24] Simplify efidp_append_node() even more. + +Covscan rightly notices that now we've got enough tests on dp and dn +that some of them are provably dead code. + +So take a bunch out. + +Signed-off-by: Peter Jones +--- + src/dp.c | 94 +++++++++++++++++++--------------------------------------------- + 1 file changed, 28 insertions(+), 66 deletions(-) + +diff --git a/src/dp.c b/src/dp.c +index eadb397..14f4cfe 100644 +--- a/src/dp.c ++++ b/src/dp.c +@@ -196,78 +196,38 @@ int + __attribute__((__visibility__ ("default"))) + efidp_append_node(const_efidp dp, const_efidp dn, efidp *out) + { +- ssize_t lsz, rsz, newsz; ++ ssize_t lsz = 0, rsz = 0, newsz; + int rc; + +- if (!dp && !dn) { +- rc = efidp_duplicate_path( +- (const_efidp)(const efidp_header * const)&end_entire, +- out); +- if (rc < 0) +- efi_error("efidp_duplicate_path() failed"); +- return rc; +- } +- +- if (!dp && dn) { +- rc = efidp_duplicate_path(dn, out); +- if (rc < 0) +- efi_error("efidp_duplicate_path() failed"); +- return rc; +- } +- +- if (dp && !dn) { +- rc = efidp_duplicate_path(dp, out); +- if (rc < 0) +- efi_error("efidp_duplicate_path() failed"); +- return rc; +- } +- +- lsz = efidp_size(dp); +- if (lsz < 0) { +- efi_error("efidp_size(dp) returned error"); +- return -1; +- } +- +- +- rsz = efidp_node_size(dn); +- if (rsz < 0) { +- efi_error("efidp_size(dn) returned error"); +- return -1; +- } +- +- if (!dp && dn) { +- if (add(rsz, sizeof(end_entire), &newsz)) { +- errno = EOVERFLOW; +- efi_error( +- "arithmetic overflow computing allocation size"); +- return -1; +- } +- efidp new = malloc(rsz + sizeof (end_entire)); +- if (!new) { +- efi_error("allocation failed"); ++ if (dp) { ++ lsz = efidp_size(dp); ++ if (lsz < 0) { ++ efi_error("efidp_size(dp) returned error"); + return -1; + } + +- memcpy(new, dn, dn->length); +- memcpy((uint8_t *)new + dn->length, &end_entire, +- sizeof (end_entire)); +- *out = new; +- return 0; +- } ++ const_efidp le; ++ le = dp; ++ while (1) { ++ if (efidp_type(le) == EFIDP_END_TYPE && ++ efidp_subtype(le) == EFIDP_END_ENTIRE) { ++ ssize_t lesz = efidp_size(le); ++ lsz -= lesz; ++ break; ++ } + +- const_efidp le; +- le = dp; +- while (1) { +- if (efidp_type(le) == EFIDP_END_TYPE && +- efidp_subtype(le) == EFIDP_END_ENTIRE) { +- ssize_t lesz = efidp_size(le); +- lsz -= lesz; +- break; ++ rc = efidp_get_next_end(le, &le); ++ if (rc < 0) { ++ efi_error("efidp_get_next_end() returned error"); ++ return -1; ++ } + } ++ } + +- rc = efidp_get_next_end(le, &le); +- if (rc < 0) { +- efi_error("efidp_get_next_end() returned error"); ++ if (dn) { ++ rsz = efidp_node_size(dn); ++ if (rsz < 0) { ++ efi_error("efidp_size(dn) returned error"); + return -1; + } + } +@@ -285,8 +245,10 @@ efidp_append_node(const_efidp dp, const_efidp dn, efidp *out) + } + + *out = new; +- memcpy(new, dp, lsz); +- memcpy((uint8_t *)new + lsz, dn, rsz); ++ if (dp) ++ memcpy(new, dp, lsz); ++ if (dn) ++ memcpy((uint8_t *)new + lsz, dn, rsz); + memcpy((uint8_t *)new + lsz + rsz, &end_entire, sizeof (end_entire)); + + return 0; +-- +2.12.2 + diff --git a/SOURCES/0023-efi_loadopt_create-avoid-NULL-dereference.patch b/SOURCES/0023-efi_loadopt_create-avoid-NULL-dereference.patch new file mode 100644 index 0000000..db94606 --- /dev/null +++ b/SOURCES/0023-efi_loadopt_create-avoid-NULL-dereference.patch @@ -0,0 +1,86 @@ +From e9ce922ddf2ec6c1095f42ee9857f369084761c3 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 9 May 2017 15:34:08 -0400 +Subject: [PATCH 23/24] efi_loadopt_create(): avoid NULL dereference + +covscan rightly points out that dp is allowed to be NULL (and so is +buf), so we can't pass those in to memcpy() in those cases. + +So don't. + +Signed-off-by: Peter Jones +--- + src/loadopt.c | 46 +++++++++++++++++++++++++++------------------- + 1 file changed, 27 insertions(+), 19 deletions(-) + +diff --git a/src/loadopt.c b/src/loadopt.c +index 5301f3d..cf0886d 100644 +--- a/src/loadopt.c ++++ b/src/loadopt.c +@@ -56,36 +56,44 @@ efi_loadopt_create(uint8_t *buf, ssize_t size, uint32_t attributes, + } + + if (!buf) { ++invalid: + errno = EINVAL; + return -1; + } + +- if (!optional_data && optional_data_size != 0) { +- errno = EINVAL; +- return -1; +- } ++ if (!optional_data && optional_data_size != 0) ++ goto invalid; + +- if (!dp && dp_size == 0) { +- errno = EINVAL; +- return -1; +- } ++ if ((!dp && dp_size == 0) || dp_size < 0) ++ goto invalid; ++ ++ if (dp) { ++ if (!efidp_is_valid(dp, dp_size)) ++ goto invalid; + +- uint8_t *pos = buf; ++ if (efidp_size(dp) != dp_size) ++ goto invalid; ++ } + +- *(uint32_t *)pos = attributes; +- pos += sizeof (attributes); ++ if (buf) { ++ uint8_t *pos = buf; ++ *(uint32_t *)pos = attributes; ++ pos += sizeof (attributes); + +- *(uint16_t *)pos = dp_size; +- pos += sizeof (uint16_t); ++ *(uint16_t *)pos = dp_size; ++ pos += sizeof (uint16_t); + +- utf8_to_ucs2((uint16_t *)pos, desc_len, 1, (uint8_t *)description); +- pos += desc_len; ++ utf8_to_ucs2((uint16_t *)pos, desc_len, 1, ++ (uint8_t *)description); ++ pos += desc_len; + +- memcpy(pos, dp, dp_size); +- pos += dp_size; ++ if (dp) ++ memcpy(pos, dp, dp_size); ++ pos += dp_size; + +- if (optional_data && optional_data_size > 0) +- memcpy(pos, optional_data, optional_data_size); ++ if (optional_data && optional_data_size > 0) ++ memcpy(pos, optional_data, optional_data_size); ++ } + + return sz; + } +-- +2.12.2 + diff --git a/SOURCES/0024-efi_generate_file_device_path-make-all-error-paths-u.patch b/SOURCES/0024-efi_generate_file_device_path-make-all-error-paths-u.patch new file mode 100644 index 0000000..7c54866 --- /dev/null +++ b/SOURCES/0024-efi_generate_file_device_path-make-all-error-paths-u.patch @@ -0,0 +1,30 @@ +From 1995ef6d9459931170f5718221104d7eb8c35eba Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 9 May 2017 16:32:09 -0400 +Subject: [PATCH 24/26] efi_generate_file_device_path(): make all error paths + use "goto err;" + +Honestly I'm just trying to shut coverity up about checking +child_devpath for NULL-ness twice on the other two error paths. + +Signed-off-by: Peter Jones +--- + src/creator.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/creator.c b/src/creator.c +index ccd0faf..21fc6b0 100644 +--- a/src/creator.c ++++ b/src/creator.c +@@ -339,7 +339,7 @@ efi_generate_file_device_path(uint8_t *buf, ssize_t size, + rc = find_file(filepath, &child_devpath, &relpath); + if (rc < 0) { + efi_error("could not canonicalize fs path"); +- return -1; ++ goto err; + } + + rc = find_parent_devpath(child_devpath, &parent_devpath); +-- +2.12.2 + diff --git a/SOURCES/0025-linux.c-fix-a-pile-of-sscanf-NULL-.-possibilities.patch b/SOURCES/0025-linux.c-fix-a-pile-of-sscanf-NULL-.-possibilities.patch new file mode 100644 index 0000000..c8779eb --- /dev/null +++ b/SOURCES/0025-linux.c-fix-a-pile-of-sscanf-NULL-.-possibilities.patch @@ -0,0 +1,74 @@ +From d8cef3fe75ef8ca3e2622230c81caba06c3476bd Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 9 May 2017 16:33:27 -0400 +Subject: [PATCH 25/26] linux.c: fix a pile of sscanf(NULL, ...) possibilities. + +Covscan apparently can't figure out that rc!=error == buf!=NULL. + +None of these should ever actually happen, because we're checking for +the error cases from the functions that should fill them in, but hey, +belt and suspenders. + +Signed-off-by: Peter Jones +--- + src/linux.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/src/linux.c b/src/linux.c +index 85b4ee3..f419ad4 100644 +--- a/src/linux.c ++++ b/src/linux.c +@@ -297,7 +297,7 @@ sysfs_sata_get_port_info(uint32_t print_id, struct disk_info *info) + + rc = read_sysfs_file(&buf, "/sys/class/ata_port/ata%d/port_no", + print_id); +- if (rc <= 0) ++ if (rc <= 0 || buf == NULL) + return -1; + + rc = sscanf((char *)buf, "%d", &info->sata_info.ata_port); +@@ -361,12 +361,12 @@ sysfs_parse_nvme(uint8_t *buf, ssize_t size, ssize_t *off, + rc = read_sysfs_file(&filebuf, + "/sys/class/block/nvme%dn%d/eui", + ctrl_id, ns_id); +- if (rc < 0 && errno == ENOENT) { ++ if ((rc < 0 && errno == ENOENT) || filebuf == NULL) { + rc = read_sysfs_file(&filebuf, + "/sys/class/block/nvme%dn%d/device/eui", + ctrl_id, ns_id); + } +- if (rc >= 0) { ++ if (rc >= 0 && filebuf != NULL) { + uint8_t eui[8]; + if (rc < 23) { + errno = EINVAL; +@@ -606,7 +606,7 @@ sysfs_parse_sas(uint8_t *buf, ssize_t size, ssize_t *off, + rc = read_sysfs_file(&filebuf, + "/sys/class/block/%s/device/sas_address", + disk_name); +- if (rc < 0) ++ if (rc < 0 || filebuf == NULL) + return -1; + + rc = sscanf((char *)filebuf, "%"PRIx64, &sas_address); +@@ -656,7 +656,7 @@ make_pci_path(uint8_t *buf, ssize_t size, char *pathstr, ssize_t *pathoff) + rc = read_sysfs_file(&fbuf, + "/sys/devices/pci%04x:%02x/firmware_node/hid", + root_domain, root_bus); +- if (rc < 0) ++ if (rc < 0 || fbuf == NULL) + return -1; + + uint16_t tmp16 = 0; +@@ -679,7 +679,7 @@ make_pci_path(uint8_t *buf, ssize_t size, char *pathstr, ssize_t *pathoff) + rc = read_sysfs_file(&fbuf, + "/sys/devices/pci%4x:%02x/firmware_node/uid", + root_domain, root_bus); +- if (rc <= 0 && errno != ENOENT) ++ if ((rc <= 0 && errno != ENOENT) || fbuf == NULL) + return -1; + if (rc > 0) { + rc = sscanf((char *)fbuf, "%"PRIu64"\n", &acpi_uid_int); +-- +2.12.2 + diff --git a/SPECS/efivar.spec b/SPECS/efivar.spec index b8408b1..68243f5 100644 --- a/SPECS/efivar.spec +++ b/SPECS/efivar.spec @@ -1,15 +1,39 @@ Name: efivar -Version: 0.11 -Release: 1%{?dist} +Version: 31 +Release: 4%{?dist} Summary: Tools to manage UEFI variables License: LGPLv2.1 -URL: https://github.com/vathpela/efivar +URL: https://github.com/rhinstaller/efivar Requires: %{name}-libs = %{version}-%{release} -ExclusiveArch: i386 x86_64 aarch64 - -BuildRequires: popt-devel git -Source0: https://github.com/vathpela/%{name}/archive/efivar-%{version}.tar.bz2 -Patch0001: 0001-Revert-Only-open-with-O_CREAT-if-we-re-not-using-EFI.patch +ExclusiveArch: x86_64 aarch64 + +BuildRequires: popt popt-devel popt-static git glibc-static +Source0: https://github.com/rhinstaller/efivar/releases/download/efivar-%{version}/efivar-%{version}.tar.bz2 +Patch0001: 0001-libabigail-isn-t-in-RHEL-yet-so-nerf-the-abi-check.patch +Patch0002: 0002-Don-t-use-_Generic-because-gcc-4.x-doesn-t-have-it.patch +Patch0003: 0003-popt-devel-in-RHEL-7.4-doesn-t-provide-popt.pc-so-in.patch +Patch0004: 0004-efi_loadopt_args_from_file-fix-leaked-file-descripto.patch +Patch0005: 0005-make_mac_path-fix-leaked-file-descriptor.patch +Patch0006: 0006-gpt_disk_get_partition_info-free-our-allocations-on-.patch +Patch0007: 0007-efi_generate_file_device_path-fix-one-error-case-s-f.patch +Patch0008: 0008-efi_va_generate_file_device_path_from_esp-handle-err.patch +Patch0009: 0009-efi_variable_import-fix-memory-leak-on-failure-path.patch +Patch0010: 0010-efidp_append_path-error-check-the-right-variable.patch +Patch0011: 0011-efi_variable_import-make-sure-var.data_size-is-set.patch +Patch0012: 0012-makeguids-free-our-input-buffer.patch +Patch0013: 0013-efi_variable_import-constrain-our-inputs-better.patch +Patch0014: 0014-efi_loadopt_create-check-buf-for-NULLness.patch +Patch0015: 0015-efidp_duplicate_extra-error-if-our-allocation-is-too.patch +Patch0016: 0016-show_errors-make-the-useful-part-here-not-be-dead-co.patch +Patch0017: 0017-efi_loadopt_args_from_file-make-sure-buf-is-only-NUL.patch +Patch0018: 0018-calls-to-sysfs_readlink-check-linkbuf-for-NULLness.patch +Patch0019: 0019-efivar-main-explain-efi_well_known_guids-to-the-comp.patch +Patch0020: 0020-dp.h-Try-to-make-covscan-believe-format-is-checking-.patch +Patch0021: 0021-gpt-try-to-avoid-trusting-unverified-partition-table.patch +Patch0022: 0022-Simplify-efidp_append_node-even-more.patch +Patch0023: 0023-efi_loadopt_create-avoid-NULL-dereference.patch +Patch0024: 0024-efi_generate_file_device_path-make-all-error-paths-u.patch +Patch0025: 0025-linux.c-fix-a-pile-of-sscanf-NULL-.-possibilities.patch %description efivar provides a simple command line interface to the UEFI variable facility. @@ -35,9 +59,11 @@ git config user.name "RHEL Ninjas" git add . git commit -a -q -m "%{version} baseline." git am %{patches} - 31-4 +- Fix a bunch of coverity issues. + Related: rhbz#1380825 + Related: rhbz#1310779 + +* Tue May 09 2017 Peter Jones - 31-3 +- Fix a bunch of coverity issues. + Related: rhbz#1380825 + Related: rhbz#1310779 + +* Tue May 09 2017 Peter Jones - 31-2 +- Fix a bunch of coverity issues. + Related: rhbz#1380825 + Related: rhbz#1310779 + +* Mon Mar 13 2017 Peter Jones - 31-1 +- Update to efivar 31 + Related: rhbz#1380825 + Related: rhbz#1310779 + * Wed Aug 20 2014 Peter Jones - 0.11-1 - Update to 0.11