Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package shim for openSUSE:Factory checked in at 2021-06-25 15:00:33 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/shim (Old) and /work/SRC/openSUSE:Factory/.shim.new.2625 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "shim" Fri Jun 25 15:00:33 2021 rev:98 rq:901237 version:15.4 Changes: -------- --- /work/SRC/openSUSE:Factory/shim/shim.changes 2021-06-15 16:37:12.693680451 +0200 +++ /work/SRC/openSUSE:Factory/.shim.new.2625/shim.changes 2021-06-25 15:00:51.492116465 +0200 @@ -1,0 +2,24 @@ +Mon Jun 21 08:51:37 UTC 2021 - Gary Ching-Pang Lin <g...@suse.com> + +- Add shim-bsc1185232-fix-config-table-copying.patch to avoid + buffer overflow when copying data to the MOK config table + (bsc#1185232) + +------------------------------------------------------------------- +Mon Jun 21 01:58:00 UTC 2021 - Gary Ching-Pang Lin <g...@suse.com> + +- Add shim-disable-export-vendor-dbx.patch to disable exporting + vendor-dbx to MokListXRT since writing a large RT variable + could crash some machines (bsc#1185261) +- Add shim-bsc1187260-fix-efi-1.10-machines.patch to avoid the + potential crash when calling QueryVariableInfo in EFI 1.10 + machines (bsc#1187260) + +------------------------------------------------------------------- +Thu Jun 17 03:03:37 UTC 2021 - Gary Ching-Pang Lin <g...@suse.com> + +- Add shim-fix-aa64-relsz.patch to fix the size of rela sections + for AArch64 + Fix: https://github.com/rhboot/shim/issues/371 + +------------------------------------------------------------------- New: ---- shim-bsc1185232-fix-config-table-copying.patch shim-bsc1187260-fix-efi-1.10-machines.patch shim-disable-export-vendor-dbx.patch shim-fix-aa64-relsz.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ shim.spec ++++++ --- /var/tmp/diff_new_pack.23NATu/_old 2021-06-25 15:00:52.612117831 +0200 +++ /var/tmp/diff_new_pack.23NATu/_new 2021-06-25 15:00:52.612117831 +0200 @@ -85,6 +85,14 @@ Patch9: shim-bsc1185261-relax-import_mok_state-check.patch # PATCH-FIX-UPSTREAM shim-bsc1185232-relax-loadoptions-length-check.patch bsc#1185232 g...@suse.com -- Relax the check for the LoadOptions length Patch10: shim-bsc1185232-relax-loadoptions-length-check.patch +# PATCH-FIX-UPSTREAM shim-fix-aa64-relsz.patch g...@suse.com -- Fix the size of rela* sections for AArch64 +Patch11: shim-fix-aa64-relsz.patch +# PATCH-FIX-SUSE shim-disable-export-vendor-dbx.patch bsc#1185261 g...@suse.com -- Disable exporting vendor-dbx to MokListXRT +Patch12: shim-disable-export-vendor-dbx.patch +# PATCH-FIX-UPSTREAM shim-bsc1187260-fix-efi-1.10-machines.patch bsc#1187260 g...@suse.com -- Don't call QueryVariableInfo() on EFI 1.10 machines +Patch13: shim-bsc1187260-fix-efi-1.10-machines.patch +# PATCH-FIX-UPSTREAM shim-bsc1185232-fix-config-table-copying.patch bsc#1185232 g...@suse.com -- Avoid buffer overflow when copying the MOK config table +Patch14: shim-bsc1185232-fix-config-table-copying.patch BuildRequires: dos2unix BuildRequires: mozilla-nss-tools BuildRequires: openssl >= 0.9.8 @@ -133,6 +141,10 @@ %patch8 -p1 %patch9 -p1 %patch10 -p1 +%patch11 -p1 +%patch12 -p1 +%patch13 -p1 +%patch14 -p1 %build # generate the vendor SBAT metadata ++++++ shim-bsc1185232-fix-config-table-copying.patch ++++++ >From 42c6148c7ebd026862ab96405e78191ff8ebf298 Mon Sep 17 00:00:00 2001 From: Gary Lin <g...@suse.com> Date: Mon, 21 Jun 2021 16:38:02 +0800 Subject: [PATCH] mok: skip the empty variables when copying the data to MOK config table When calculating the size of the MOK config table, we skip the empty variables. However, when copying the data, we copied the zeroed config templates for those empty variables, and this could cause crash since we may write more data than the allocated pages. This commit skips the empty variables when copying the data so that the size of copied data matches config_sz. Signed-off-by: Gary Lin <g...@suse.com> --- mok.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/mok.c b/mok.c index beac0ff6..add21223 100644 --- a/mok.c +++ b/mok.c @@ -1028,16 +1028,18 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle) for (i = 0; p && mok_state_variables[i].name != NULL; i++) { struct mok_state_variable *v = &mok_state_variables[i]; - ZeroMem(&config_template, sizeof(config_template)); - strncpy(config_template.name, (CHAR8 *)v->rtname8, 255); - config_template.name[255] = '\0'; + if (v->data && v->data_size) { + ZeroMem(&config_template, sizeof(config_template)); + strncpy(config_template.name, (CHAR8 *)v->rtname8, 255); + config_template.name[255] = '\0'; - config_template.data_size = v->data_size; + config_template.data_size = v->data_size; - CopyMem(p, &config_template, sizeof(config_template)); - p += sizeof(config_template); - CopyMem(p, v->data, v->data_size); - p += v->data_size; + CopyMem(p, &config_template, sizeof(config_template)); + p += sizeof(config_template); + CopyMem(p, v->data, v->data_size); + p += v->data_size; + } } if (p) { ZeroMem(&config_template, sizeof(config_template)); -- 2.31.1 ++++++ shim-bsc1187260-fix-efi-1.10-machines.patch ++++++ >From 493bd940e5c6e28e673034687de7adef9529efff Mon Sep 17 00:00:00 2001 From: Peter Jones <pjo...@redhat.com> Date: Sat, 10 Apr 2021 16:05:23 -0400 Subject: [PATCH] Don't call QueryVariableInfo() on EFI 1.10 machines The EFI 1.10 spec (and presumably earlier revisions as well) didn't have RT->QueryVariableInfo(), and on Chris Murphy's MacBookPro8,2 , that memory appears to be initialized randomly. This patch changes it to not call RT->QueryVariableInfo() if the EFI_RUNTIME_SERVICES table's major revision is less than two, and assumes our maximum variable size is 1024 in that case. Signed-off-by: Peter Jones <pjo...@redhat.com> --- mok.c | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/mok.c b/mok.c index 9b8fc2bc..beac0ff6 100644 --- a/mok.c +++ b/mok.c @@ -261,6 +261,9 @@ static const uint8_t null_sha256[32] = { 0, }; typedef UINTN SIZE_T; +#define EFI_MAJOR_VERSION(tablep) ((UINT16)((((tablep)->Hdr.Revision) >> 16) & 0xfffful)) +#define EFI_MINOR_VERSION(tablep) ((UINT16)(((tablep)->Hdr.Revision) & 0xfffful)) + static EFI_STATUS get_max_var_sz(UINT32 attrs, SIZE_T *max_var_szp) { @@ -270,11 +273,21 @@ get_max_var_sz(UINT32 attrs, SIZE_T *max_var_szp) uint64_t max_var_sz = 0; *max_var_szp = 0; - efi_status = gRT->QueryVariableInfo(attrs, &max_storage_sz, - &remaining_sz, &max_var_sz); - if (EFI_ERROR(efi_status)) { - perror(L"Could not get variable storage info: %r\n", efi_status); - return efi_status; + if (EFI_MAJOR_VERSION(gRT) < 2) { + dprint(L"EFI %d.%d; no RT->QueryVariableInfo(). Using 1024!\n", + EFI_MAJOR_VERSION(gRT), EFI_MINOR_VERSION(gRT)); + max_var_sz = remaining_sz = max_storage_sz = 1024; + efi_status = EFI_SUCCESS; + } else { + dprint(L"calling RT->QueryVariableInfo() at 0x%lx\n", + gRT->QueryVariableInfo); + efi_status = gRT->QueryVariableInfo(attrs, &max_storage_sz, + &remaining_sz, &max_var_sz); + if (EFI_ERROR(efi_status)) { + perror(L"Could not get variable storage info: %r\n", + efi_status); + return efi_status; + } } /* -- 2.31.1 ++++++ shim-disable-export-vendor-dbx.patch ++++++ >From 41da21f1f9d4af213f9f235a864772b99ce85fc7 Mon Sep 17 00:00:00 2001 From: Gary Lin <g...@suse.com> Date: Fri, 18 Jun 2021 17:54:46 +0800 Subject: [PATCH] Disable exporting vendor-dbx to MokListXRT As the vendor-dbx grows, it caused some problems when writing such a large variable. Some firmwares lie the avaiable space(*1) , and some even crash(*2) for no good reason after the writing of MokListXRT. Both shim and kernel don't rely on MokListXRT to block anything, so we just stop exporting vendor-dbx to MokListXRT to avoid the potential hassles. (*1) https://bugzilla.suse.com/show_bug.cgi?id=1185261 (*2) https://github.com/rhboot/shim/pull/369#issuecomment-855275115 Signed-off-by: Gary Lin <g...@suse.com> --- mok.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/mok.c b/mok.c index beac0ff6..a687a92b 100644 --- a/mok.c +++ b/mok.c @@ -194,8 +194,6 @@ struct mok_state_variable mok_state_variables[] = { EFI_VARIABLE_NON_VOLATILE, .no_attr = EFI_VARIABLE_RUNTIME_ACCESS, .categorize_addend = categorize_deauthorized, - .addend = &vendor_deauthorized, - .addend_size = &vendor_deauthorized_size, .flags = MOK_MIRROR_KEYDB | MOK_MIRROR_DELETE_FIRST | MOK_VARIABLE_LOG, -- 2.31.1 ++++++ shim-fix-aa64-relsz.patch ++++++ >From 9828f65f3e9de29da7bc70cb71069cc1d7ca1b4a Mon Sep 17 00:00:00 2001 From: Gary Lin <g...@suse.com> Date: Wed, 16 Jun 2021 16:13:32 +0800 Subject: [PATCH] arm/aa64: fix the size of .rela* sections The previous commit(*) merged .rel* and .dyn* into .rodata, and this made ld to generate the wrong size for .rela* sections that covered other unrelated sections. When the EFI image was loaded, _relocate() went through the unexpected data and may cause unexpected crash. This commit moves .rel* and .dyn* out of .rodata in the ld script but also moves the related variables, such as _evrodata, _rodata_size, and _rodata_vsize, to the end of the new .dyn section, so that the crafted pe-coff section header for .rodata still covers our new .rela and .dyn sections. (*) 212ba30544f ("arm/aa64 targets: put .rel* and .dyn* in .rodata") Fix issue: https://github.com/rhboot/shim/issues/371 Signed-off-by: Gary Lin <g...@suse.com> --- Makefile | 4 ++-- elf_aarch64_efi.lds | 24 ++++++++++++++++-------- elf_arm_efi.lds | 24 ++++++++++++++++-------- 3 files changed, 34 insertions(+), 18 deletions(-) Index: shim-15.4/Makefile =================================================================== --- shim-15.4.orig/Makefile +++ shim-15.4/Makefile @@ -243,7 +243,7 @@ ifneq ($(OBJCOPY_GTE224),1) endif $(OBJCOPY) -D -j .text -j .sdata -j .data -j .data.ident \ -j .dynamic -j .rodata -j .rel* \ - -j .rela* -j .reloc -j .eh_frame \ + -j .rela* -j .dyn -j .reloc -j .eh_frame \ -j .vendor_cert -j .sbat \ $(FORMAT) $< $@ # I am tired of wasting my time fighting binutils timestamp code. @@ -260,7 +260,7 @@ ifneq ($(OBJCOPY_GTE224),1) endif $(OBJCOPY) -D -j .text -j .sdata -j .data \ -j .dynamic -j .rodata -j .rel* \ - -j .rela* -j .reloc -j .eh_frame -j .sbat \ + -j .rela* -j .dyn -j .reloc -j .eh_frame -j .sbat \ -j .debug_info -j .debug_abbrev -j .debug_aranges \ -j .debug_line -j .debug_str -j .debug_ranges \ -j .note.gnu.build-id \ Index: shim-15.4/elf_aarch64_efi.lds =================================================================== --- shim-15.4.orig/elf_aarch64_efi.lds +++ shim-15.4/elf_aarch64_efi.lds @@ -70,21 +70,29 @@ SECTIONS .rodata : { _rodata = .; - *(.rela.dyn) - *(.rela.plt) - *(.rela.got) - *(.rela.data) - *(.rela.data*) - *(.rodata*) *(.srodata) - *(.dynsym) - *(.dynstr) . = ALIGN(16); *(.note.gnu.build-id) . = ALIGN(4096); *(.vendor_cert) *(.data.ident) + . = ALIGN(4096); + } + . = ALIGN(4096); + .rela : + { + *(.rela.dyn) + *(.rela.plt) + *(.rela.got) + *(.rela.data) + *(.rela.data*) + } + . = ALIGN(4096); + .dyn : + { + *(.dynsym) + *(.dynstr) _evrodata = .; . = ALIGN(4096); } Index: shim-15.4/elf_arm_efi.lds =================================================================== --- shim-15.4.orig/elf_arm_efi.lds +++ shim-15.4/elf_arm_efi.lds @@ -70,21 +70,29 @@ SECTIONS .rodata : { _rodata = .; - *(.rel.dyn) - *(.rel.plt) - *(.rel.got) - *(.rel.data) - *(.rel.data*) - *(.rodata*) *(.srodata) - *(.dynsym) - *(.dynstr) . = ALIGN(16); *(.note.gnu.build-id) . = ALIGN(4096); *(.vendor_cert) *(.data.ident) + . = ALIGN(4096); + } + . = ALIGN(4096); + .rela : + { + *(.rela.dyn) + *(.rela.plt) + *(.rela.got) + *(.rela.data) + *(.rela.data*) + } + . = ALIGN(4096); + .dyn : + { + *(.dynsym) + *(.dynstr) _evrodata = .; . = ALIGN(4096); }
