Hello community,
here is the log from the commit of package ovmf for openSUSE:Factory checked in at 2017-09-04 12:28:30
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
and /work/SRC/openSUSE:Factory/.ovmf.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ovmf"
Mon Sep 4 12:28:30 2017 rev:16 rq:519253 version:2017+git1502826981.a136bc3ccf
Changes:
--------
--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes 2017-08-22 11:05:20.536595743 +0200
+++ /work/SRC/openSUSE:Factory/.ovmf.new/ovmf.changes 2017-09-04 12:28:32.833106144 +0200
@@ -1,0 +2,6 @@
+Mon Aug 28 08:54:14 UTC 2017 - glin@suse.com
+
+- Update ovmf-embed-default-keys.patch to handle the empty
+ certificate files correctly
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ovmf-embed-default-keys.patch ++++++
--- /var/tmp/diff_new_pack.jQ0PSf/_old 2017-09-04 12:28:34.928811497 +0200
+++ /var/tmp/diff_new_pack.jQ0PSf/_new 2017-09-04 12:28:34.936810372 +0200
@@ -1,7 +1,7 @@
-From 6bf96df236dbe46c1e4591b6a59553928bfd603c Mon Sep 17 00:00:00 2001
+From b967e8dc2bea98736d8544d9ee2565f71ac06d08 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin
Date: Fri, 10 May 2013 10:27:51 +0800
-Subject: [PATCH 1/2] Add a stub to allow keys to be embedded at build time
+Subject: [PATCH 1/3] Add a stub to allow keys to be embedded at build time
Signed-off-by: Gary Ching-Pang Lin
---
@@ -18,7 +18,7 @@
create mode 100644 SecurityPkg/Library/AuthVariableLib/Default_PK.h
diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
-index c4fbb64..9e12588 100644
+index 792a1232ae..f5f954e534 100644
--- a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
+++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
@@ -23,6 +23,10 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
@@ -223,7 +223,7 @@
// Reserve runtime buffer for public key database. The size excludes variable header and name size.
//
diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
-index 572ba4e..1a46019 100644
+index 572ba4e120..1a46019a5f 100644
--- a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
@@ -33,6 +33,10 @@ [Sources]
@@ -239,7 +239,7 @@
MdePkg/MdePkg.dec
diff --git a/SecurityPkg/Library/AuthVariableLib/Default_DB.h b/SecurityPkg/Library/AuthVariableLib/Default_DB.h
new file mode 100644
-index 0000000..4d13894
+index 0000000000..4d13894216
--- /dev/null
+++ b/SecurityPkg/Library/AuthVariableLib/Default_DB.h
@@ -0,0 +1,2 @@
@@ -247,7 +247,7 @@
+unsigned int Default_DB_len = 0;
diff --git a/SecurityPkg/Library/AuthVariableLib/Default_DBX.h b/SecurityPkg/Library/AuthVariableLib/Default_DBX.h
new file mode 100644
-index 0000000..5fd3cdc
+index 0000000000..5fd3cdc0f4
--- /dev/null
+++ b/SecurityPkg/Library/AuthVariableLib/Default_DBX.h
@@ -0,0 +1,2 @@
@@ -255,7 +255,7 @@
+unsigned int Default_DBX_len = 0;
diff --git a/SecurityPkg/Library/AuthVariableLib/Default_KEK.h b/SecurityPkg/Library/AuthVariableLib/Default_KEK.h
new file mode 100644
-index 0000000..80883de
+index 0000000000..80883de1ae
--- /dev/null
+++ b/SecurityPkg/Library/AuthVariableLib/Default_KEK.h
@@ -0,0 +1,2 @@
@@ -263,20 +263,20 @@
+unsigned int Default_KEK_len = 0;
diff --git a/SecurityPkg/Library/AuthVariableLib/Default_PK.h b/SecurityPkg/Library/AuthVariableLib/Default_PK.h
new file mode 100644
-index 0000000..23b90e4
+index 0000000000..23b90e45f0
--- /dev/null
+++ b/SecurityPkg/Library/AuthVariableLib/Default_PK.h
@@ -0,0 +1,2 @@
+unsigned char *Default_PK = NULL;
+unsigned int Default_PK_len = 0;
--
-2.8.1
+2.14.1
-From a627dbe16f6ebe1a1f294c82c30f7ad9745baf04 Mon Sep 17 00:00:00 2001
+From 5e76fc193363471e9720005bdb8e4c62fb15de6b Mon Sep 17 00:00:00 2001
From: Gary Lin
Date: Tue, 15 Dec 2015 16:54:54 +0800
-Subject: [PATCH 2/2] Add DB_EX to include one more DB cert
+Subject: [PATCH 2/3] Add DB_EX to include one more DB cert
Signed-off-by: Gary Lin
---
@@ -286,7 +286,7 @@
create mode 100644 SecurityPkg/Library/AuthVariableLib/Default_DB_EX.h
diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
-index 9e12588..523b0e4 100644
+index f5f954e534..803b77d178 100644
--- a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
+++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
@@ -26,6 +26,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
@@ -353,12 +353,88 @@
FreePool(SignatureGUID);
diff --git a/SecurityPkg/Library/AuthVariableLib/Default_DB_EX.h b/SecurityPkg/Library/AuthVariableLib/Default_DB_EX.h
new file mode 100644
-index 0000000..001f125
+index 0000000000..001f125065
--- /dev/null
+++ b/SecurityPkg/Library/AuthVariableLib/Default_DB_EX.h
@@ -0,0 +1,2 @@
+unsigned char *Default_DB_EX = NULL;
+unsigned int Default_DB_EX_len = 0;
--
-2.8.1
+2.14.1
+
+
+From 72543f45511d32c784be63145ff6e9d8697d22c5 Mon Sep 17 00:00:00 2001
+From: Gary Lin
+Date: Mon, 28 Aug 2017 16:18:00 +0800
+Subject: [PATCH 3/3] Check the length of the certificate instead of the
+ pointer
+
+Since "xxd -i" may produce a valid pointer for an empty file, it's safer
+to check the length of the certificate instead of the pointer.
+
+Signed-off-by: Gary Lin
+---
+ SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
+index 803b77d178..9a4a7eda7b 100644
+--- a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
++++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
+@@ -180,7 +180,7 @@ AuthVariableLibInitialize (
+ EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
+
+ // PK
+- if (Default_PK == NULL)
++ if (Default_PK_len == 0)
+ goto SKIP_KEYS;
+
+ Status = AuthServiceInternalFindVariable (
+@@ -227,7 +227,7 @@ AuthVariableLibInitialize (
+ }
+
+ // KEK
+- if (Default_KEK == NULL)
++ if (Default_KEK_len == 0)
+ goto SKIP_KEYS;
+
+ Status = AuthServiceInternalFindVariable (
+@@ -274,7 +274,7 @@ AuthVariableLibInitialize (
+ }
+
+ // DB
+- if (Default_DB == NULL)
++ if (Default_DB_len == 0)
+ goto SKIP_KEYS;
+
+ Status = AuthServiceInternalFindVariable (
+@@ -293,7 +293,7 @@ AuthVariableLibInitialize (
+ }
+
+ SigSize_1 = sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_SIGNATURE_DATA) - 1 + Default_DB_len;
+- if (Default_DB_EX != NULL) {
++ if (Default_DB_EX_len != 0) {
+ SigSize_2 = sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_SIGNATURE_DATA) - 1 + Default_DB_EX_len;
+ }
+ Data = AllocateZeroPool (SigSize_1 + SigSize_2);
+@@ -311,7 +311,7 @@ AuthVariableLibInitialize (
+ CopyGuid (&SigCertData->SignatureOwner, SignatureGUID);
+ CopyMem ((UINT8* ) (SigCertData->SignatureData), Default_DB, Default_DB_len);
+
+- if (Default_DB_EX != NULL) {
++ if (Default_DB_EX_len != 0) {
+ SigCert = (EFI_SIGNATURE_LIST*) (Data + SigSize_1);
+ SigCert->SignatureListSize = (UINT32) SigSize_2;
+ SigCert->SignatureHeaderSize = 0;
+@@ -339,7 +339,7 @@ AuthVariableLibInitialize (
+ }
+
+ // DBX
+- if (Default_DBX == NULL)
++ if (Default_DBX_len == 0)
+ goto SKIP_KEYS;
+
+ Status = AuthServiceInternalFindVariable (
+--
+2.14.1