Hello community,
here is the log from the commit of package shim for openSUSE:Factory checked in at 2013-08-01 16:08:55
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/shim (Old)
and /work/SRC/openSUSE:Factory/.shim.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "shim"
Changes:
--------
--- /work/SRC/openSUSE:Factory/shim/shim.changes 2013-07-24 17:29:48.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.shim.new/shim.changes 2013-08-01 16:08:56.000000000 +0200
@@ -1,0 +2,9 @@
+Tue Jul 30 07:36:28 UTC 2013 - glin@suse.com
+
+- Update shim-mokmanager-ui-revamp.patch to include fixes for
+ MokManager
+ + reboot the system after clearing MOK password
+ + fetch more info from X509 name
+ + check the suffix of the key file
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ shim-mokmanager-ui-revamp.patch ++++++
--- /var/tmp/diff_new_pack.o1p9jg/_old 2013-08-01 16:08:57.000000000 +0200
+++ /var/tmp/diff_new_pack.o1p9jg/_new 2013-08-01 16:08:57.000000000 +0200
@@ -1,7 +1,7 @@
From a6436443a82b23de4c5dfe83f3c8389f8b554ad3 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin
Date: Thu, 30 May 2013 14:22:43 +0800
-Subject: [PATCH 1/8] MokManager: Remove the unnecessary string duplication
+Subject: [PATCH 01/11] MokManager: Remove the unnecessary string duplication
---
MokManager.c | 19 ++++++++-----------
@@ -82,7 +82,7 @@
From ef8fdc597fd532cc4c91c3d2ee638ef339002618 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin
Date: Thu, 18 Apr 2013 17:13:12 +0800
-Subject: [PATCH 2/8] MokManager: draw the countdown screen
+Subject: [PATCH 02/11] MokManager: draw the countdown screen
---
MokManager.c | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
@@ -173,7 +173,7 @@
From 9ff682d251b3d30fae63c026aa0105c49db7db16 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin
Date: Wed, 26 Jun 2013 12:23:26 +0800
-Subject: [PATCH 3/8] MokManager: remove the duplicate get_keystroke()
+Subject: [PATCH 03/11] MokManager: remove the duplicate get_keystroke()
---
MokManager.c | 14 +-------------
@@ -218,7 +218,7 @@
From 4c9f6b0b2100f5e878d8578db3ee232c20440735 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin
Date: Wed, 26 Jun 2013 15:21:35 +0800
-Subject: [PATCH 4/8] MokManager: enhance the password prompt
+Subject: [PATCH 04/11] MokManager: enhance the password prompt
---
MokManager.c | 106 +++++++++++++++++++++++++++++++++++++++++++++--------------
@@ -429,7 +429,7 @@
From 6e71cb7900b99482c7b51a6076f8392022ba15a6 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin
Date: Thu, 27 Jun 2013 11:59:09 +0800
-Subject: [PATCH 5/8] Enable openssl bio_printf()
+Subject: [PATCH 05/11] Enable openssl bio_printf()
bio_printf() was replaced with a dummy function and this made
several openssl functions useless. This commit adds the print
@@ -1330,7 +1330,7 @@
From 0b5a0362d6bd3fd1a0721e05353046e387ef2a22 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin
Date: Thu, 27 Jun 2013 12:03:14 +0800
-Subject: [PATCH 6/8] Disable floating points in b_print
+Subject: [PATCH 06/11] Disable floating points in b_print
The long double declaration will enable SSE and cause a compilation
error. Disabling everything related to floating points avoids the
@@ -1403,7 +1403,7 @@
From bb29385b30d6958fa99e43bfcf64815ca4bc4a53 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin
Date: Thu, 27 Jun 2013 12:28:08 +0800
-Subject: [PATCH 7/8] MokManager: rearrange the output of MOK info
+Subject: [PATCH 07/11] MokManager: rearrange the output of MOK info
---
MokManager.c | 239 ++++++++++++++++++++---------------------------------------
@@ -1758,7 +1758,7 @@
From 139e31d514772f7aa74cf130ac1e4f2d548734ca Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin
Date: Thu, 27 Jun 2013 15:04:07 +0800
-Subject: [PATCH 8/8] MokManager: enhance the password prompt for SB state
+Subject: [PATCH 08/11] MokManager: enhance the password prompt for SB state
---
MokManager.c | 62 +++++++++++++++++++++++++++++++++++++++++++++++++++++-------
@@ -1862,3 +1862,221 @@
--
1.8.1.4
+
+From f6102590b773cef0825eb707a793e70b54b882e9 Mon Sep 17 00:00:00 2001
+From: Gary Ching-Pang Lin
+Date: Wed, 24 Jul 2013 14:39:39 +0800
+Subject: [PATCH 09/11] MokManager: reboot the system after clearing MOK
+ password
+
+---
+ MokManager.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/MokManager.c b/MokManager.c
+index b832e40..bef4d8c 100644
+--- a/MokManager.c
++++ b/MokManager.c
+@@ -1107,7 +1107,11 @@ static INTN mok_pw_prompt (void *MokPW, UINTN MokPWSize) {
+
+ LibDeleteVariable(L"MokPWStore", &shim_lock_guid);
+ LibDeleteVariable(L"MokPW", &shim_lock_guid);
+- return 0;
++ console_notify(L"The system must now be rebooted");
++ uefi_call_wrapper(RT->ResetSystem, 4, EfiResetWarm, EFI_SUCCESS, 0,
++ NULL);
++ console_notify(L"Failed to reboot");
++ return -1;
+ }
+
+ if (MokPWSize == PASSWORD_CRYPT_SIZE) {
+--
+1.8.1.4
+
+
+From 05eeef80e4ae2bac8f0f27a8c1bc6c3869e030ce Mon Sep 17 00:00:00 2001
+From: Gary Ching-Pang Lin
+Date: Fri, 26 Jul 2013 12:44:42 +0800
+Subject: [PATCH 10/11] MokManager: fetch more info from X509 name
+
+---
+ MokManager.c | 63 +++++++++++++++++++++++++++++++++++++++++++++++++++++-------
+ 1 file changed, 56 insertions(+), 7 deletions(-)
+
+diff --git a/MokManager.c b/MokManager.c
+index bef4d8c..911c510 100644
+--- a/MokManager.c
++++ b/MokManager.c
+@@ -14,6 +14,8 @@
+ #define PASSWORD_MIN 1
+ #define SB_PASSWORD_LEN 16
+
++#define NAME_LINE_MAX 70
++
+ #ifndef SHIM_VENDOR
+ #define SHIM_VENDOR L"Shim"
+ #endif
+@@ -180,14 +182,61 @@ static MokListNode *build_mok_list(UINT32 num, void *Data, UINTN DataSize) {
+ return list;
+ }
+
+-static CHAR16* get_x509_common_name (X509_NAME *X509Name)
++typedef struct {
++ int nid;
++ CHAR16 *name;
++} NidName;
++
++static NidName nidname[] = {
++ {NID_commonName, L"CN"},
++ {NID_organizationName, L"O"},
++ {NID_countryName, L"C"},
++ {NID_stateOrProvinceName, L"ST"},
++ {NID_localityName, L"L"},
++ {-1, NULL}
++};
++
++static CHAR16* get_x509_name (X509_NAME *X509Name)
+ {
+- char str[80];
++ CHAR16 name[NAME_LINE_MAX+1];
++ CHAR16 part[NAME_LINE_MAX+1];
++ char str[NAME_LINE_MAX];
++ int i, len, rest, first;
++
++ name[0] = '\0';
++ rest = NAME_LINE_MAX;
++ first = 1;
++ for (i = 0; nidname[i].name != NULL; i++) {
++ int add;
++ len = X509_NAME_get_text_by_NID (X509Name, nidname[i].nid,
++ str, NAME_LINE_MAX);
++ if (len <= 0)
++ continue;
+
+- ZeroMem(str, 80);
+- X509_NAME_get_text_by_NID (X509Name, NID_commonName, str, 80);
++ if (first)
++ add = len + (int)StrLen(nidname[i].name) + 1;
++ else
++ add = len + (int)StrLen(nidname[i].name) + 3;
+
+- return PoolPrint(L"%a", str);
++ if (add > rest)
++ continue;
++
++ if (first) {
++ SPrint(part, NAME_LINE_MAX * sizeof(CHAR16), L"%s=%a",
++ nidname[i].name, str);
++ } else {
++ SPrint(part, NAME_LINE_MAX * sizeof(CHAR16), L", %s=%a",
++ nidname[i].name, str);
++ }
++ StrCat(name, part);
++ rest -= add;
++ first = 0;
++ }
++
++ if (rest >= 0 && rest < NAME_LINE_MAX)
++ return PoolPrint(L"%s", name);
++
++ return NULL;
+ }
+
+ static CHAR16* get_x509_time (ASN1_TIME *time)
+@@ -243,14 +292,14 @@ static void show_x509_info (X509 *X509Cert, UINT8 *hash)
+
+ X509Name = X509_get_issuer_name(X509Cert);
+ if (X509Name) {
+- issuer = get_x509_common_name(X509Name);
++ issuer = get_x509_name(X509Name);
+ if (issuer)
+ fields++;
+ }
+
+ X509Name = X509_get_subject_name(X509Cert);
+ if (X509Name) {
+- subject = get_x509_common_name(X509Name);
++ subject = get_x509_name(X509Name);
+ if (subject)
+ fields++;
+ }
+--
+1.8.1.4
+
+
+From 6d6df739005169333734ee04fc379a28d213ab8c Mon Sep 17 00:00:00 2001
+From: Gary Ching-Pang Lin
+Date: Fri, 26 Jul 2013 15:44:49 +0800
+Subject: [PATCH 11/11] MokManager: check the suffix of the key file
+
+---
+ MokManager.c | 39 ++++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 38 insertions(+), 1 deletion(-)
+
+diff --git a/MokManager.c b/MokManager.c
+index 911c510..604129f 100644
+--- a/MokManager.c
++++ b/MokManager.c
+@@ -1199,7 +1199,7 @@ static INTN mok_pw_prompt (void *MokPW, UINTN MokPWSize) {
+ return -1;
+ }
+
+-static UINTN verify_certificate(void *cert, UINTN size)
++static BOOLEAN verify_certificate(void *cert, UINTN size)
+ {
+ X509 *X509Cert;
+ if (!cert || size == 0)
+@@ -1341,6 +1341,34 @@ static void mok_hash_enroll(void)
+ FreePool(data);
+ }
+
++static CHAR16 *der_suffix[] = {
++ L".cer",
++ L".der",
++ L".crt",
++ NULL
++};
++
++static BOOLEAN check_der_suffix (CHAR16 *file_name)
++{
++ CHAR16 suffix[5];
++ int i;
++
++ if (!file_name || StrLen(file_name) <= 4)
++ return FALSE;
++
++ suffix[0] = '\0';
++ StrCat(suffix, file_name + StrLen(file_name) - 4);
++
++ StrLwr (suffix);
++ for (i = 0; der_suffix[i] != NULL; i++) {
++ if (StrCmp(suffix, der_suffix[i]) == 0) {
++ return TRUE;
++ }
++ }
++
++ return FALSE;
++}
++
+ static void mok_key_enroll(void)
+ {
+ EFI_STATUS efi_status;
+@@ -1362,6 +1390,15 @@ static void mok_key_enroll(void)
+ if (!file_name)
+ return;
+
++ if (!check_der_suffix(file_name)) {
++ console_alertbox((CHAR16 *[]){
++ L"Unsupported Format",
++ L"",
++ L"Only DER encoded certificate (*.cer/der/crt) is supported",
++ NULL});
++ return;
++ }
++
+ efi_status = simple_file_open(im, file_name, &file, EFI_FILE_MODE_READ);
+
+ if (efi_status != EFI_SUCCESS) {
+--
+1.8.1.4
+
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org