Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package shim for openSUSE:Factory checked in at 2021-07-04 22:09:58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/shim (Old) and /work/SRC/openSUSE:Factory/.shim.new.2625 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "shim" Sun Jul 4 22:09:58 2021 rev:99 rq:903340 version:15.4 Changes: -------- --- /work/SRC/openSUSE:Factory/shim/shim.changes 2021-06-25 15:00:51.492116465 +0200 +++ /work/SRC/openSUSE:Factory/.shim.new.2625/shim.changes 2021-07-04 22:09:59.417578323 +0200 @@ -1,0 +2,6 @@ +Thu Jul 1 04:07:03 UTC 2021 - Gary Ching-Pang Lin <g...@suse.com> + +- Add shim-bsc1187696-avoid-deleting-rt-variables.patch to avoid + deleting the mirrored RT variables (bsc#1187696) + +------------------------------------------------------------------- New: ---- shim-bsc1187696-avoid-deleting-rt-variables.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ shim.spec ++++++ --- /var/tmp/diff_new_pack.2EWFDC/_old 2021-07-04 22:10:00.157572600 +0200 +++ /var/tmp/diff_new_pack.2EWFDC/_new 2021-07-04 22:10:00.161572569 +0200 @@ -93,6 +93,8 @@ Patch13: shim-bsc1187260-fix-efi-1.10-machines.patch # PATCH-FIX-UPSTREAM shim-bsc1185232-fix-config-table-copying.patch bsc#1185232 g...@suse.com -- Avoid buffer overflow when copying the MOK config table Patch14: shim-bsc1185232-fix-config-table-copying.patch +# PATCH-FIX-UPSTREAM shim-bsc1187696-avoid-deleting-rt-variables.patch bsc#1187696 g...@suse.com -- Avoid deleting the mirrored RT variables +Patch15: shim-bsc1187696-avoid-deleting-rt-variables.patch BuildRequires: dos2unix BuildRequires: mozilla-nss-tools BuildRequires: openssl >= 0.9.8 @@ -145,6 +147,7 @@ %patch12 -p1 %patch13 -p1 %patch14 -p1 +%patch15 -p1 %build # generate the vendor SBAT metadata ++++++ shim-bsc1187696-avoid-deleting-rt-variables.patch ++++++ >From 14f6e10b8272ce34d3c373e000c583e5345b526b Mon Sep 17 00:00:00 2001 From: Gary Lin <g...@suse.com> Date: Wed, 30 Jun 2021 16:34:51 +0800 Subject: [PATCH] mok: delete the existing RT variables only when only_first=TRUE For the firmware without the variable writing issues, MOK variables are mirrored when only_first=TRUE. However, LibDeleteVariable() was called in maybe_mirror_one_mok_variable() when only_first=FALSE, and this could delete MOK variables that were just mirrored in the first round. This bug was hidden since LibDeleteVariable() deletes BS+RT+NV variables while we mirror MOK variables as BS+RT, and the firmware refused to delete the mirrored MOK variable due to mismatching attributes. However, some firmwares, such as VMWare, didn't enforce the attribute check and just deleted the variables with matched name and GUID. In such system, MokListRT was always removed before it reached OS. Fixes: https://github.com/rhboot/shim/issues/386 Signed-off-by: Gary Lin <g...@suse.com> --- mok.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mok.c b/mok.c index beac0ff6..5ea39d54 100644 --- a/mok.c +++ b/mok.c @@ -863,7 +863,7 @@ maybe_mirror_one_mok_variable(struct mok_state_variable *v, BOOLEAN present = FALSE; if (v->rtname) { - if (!only_first && (v->flags & MOK_MIRROR_DELETE_FIRST)) { + if (only_first && (v->flags & MOK_MIRROR_DELETE_FIRST)) { dprint(L"deleting \"%s\"\n", v->rtname); efi_status = LibDeleteVariable(v->rtname, v->guid); dprint(L"LibDeleteVariable(\"%s\",...) => %r\n", v->rtname, efi_status); -- 2.31.1
