From 453bef46fdc995cf1d4672259858b359943de055 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Aug 01 2017 03:30:16 +0000 Subject: import fwupdate-9-8.el7 --- diff --git a/.fwupdate.metadata b/.fwupdate.metadata new file mode 100644 index 0000000..351343c --- /dev/null +++ b/.fwupdate.metadata @@ -0,0 +1 @@ +01e66fe30c9b15b017c6111a7962c4a50374ae22 SOURCES/fwupdate-9.tar.bz2 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..358fe8c --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/fwupdate-9.tar.bz2 diff --git a/README.md b/README.md deleted file mode 100644 index 98f42b4..0000000 --- a/README.md +++ /dev/null @@ -1,4 +0,0 @@ -The master branch has no content - -Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6 -If you find this file in a distro specific branch, it means that no content has been checked in yet diff --git a/SOURCES/0001-Make-SUBDIRS-overrideable.patch b/SOURCES/0001-Make-SUBDIRS-overrideable.patch new file mode 100644 index 0000000..4e4ba86 --- /dev/null +++ b/SOURCES/0001-Make-SUBDIRS-overrideable.patch @@ -0,0 +1,26 @@ +From 1efba61b47670f3dc39bb6c2749283e435bcdc77 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 6 Mar 2017 16:46:01 -0500 +Subject: [PATCH 1/3] Make SUBDIRS overrideable + +Signed-off-by: Peter Jones +--- + Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile b/Makefile +index 6585149..6d6511b 100644 +--- a/Makefile ++++ b/Makefile +@@ -3,7 +3,7 @@ default : all + TOPDIR=$(shell pwd) + include $(TOPDIR)/Make.version + include $(TOPDIR)/Make.defaults +-SUBDIRS = efi linux docs include ++SUBDIRS ?= efi linux docs include + + all clean install : | check_efidir_error + @set -e ; for x in $(SUBDIRS) ; do \ +-- +2.9.3 + diff --git a/SOURCES/0002-efi-fwupdate-make-our-mult-wrapper-get-the-type-of-U.patch b/SOURCES/0002-efi-fwupdate-make-our-mult-wrapper-get-the-type-of-U.patch new file mode 100644 index 0000000..ba8e1a3 --- /dev/null +++ b/SOURCES/0002-efi-fwupdate-make-our-mult-wrapper-get-the-type-of-U.patch @@ -0,0 +1,27 @@ +From cc98981427a6cc19e6612a22528cf7ff6f3ad0f0 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 6 Mar 2017 16:52:29 -0500 +Subject: [PATCH 2/3] efi/fwupdate: make our mult wrapper get the type of UINTN + right. + +Signed-off-by: Peter Jones +--- + efi/fwupdate.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/efi/fwupdate.c b/efi/fwupdate.c +index b82e24e..942d347 100644 +--- a/efi/fwupdate.c ++++ b/efi/fwupdate.c +@@ -44,7 +44,7 @@ static int debugging; + #endif + #ifndef uintn_mult + #define uintn_mult(a, b, c) ({ \ +- const UINTN _limit = ~0ULL; \ ++ const UINTN _limit = ~0UL; \ + int _ret = 1; \ + if ((a) != 0 && (b) != 0) { \ + _ret = _limit / (a) < (b); \ +-- +2.9.3 + diff --git a/SOURCES/0003-Nerf-SMBIOS-functions-out-of-fwupdate.patch b/SOURCES/0003-Nerf-SMBIOS-functions-out-of-fwupdate.patch new file mode 100644 index 0000000..4d3cfc5 --- /dev/null +++ b/SOURCES/0003-Nerf-SMBIOS-functions-out-of-fwupdate.patch @@ -0,0 +1,33 @@ +From c4acdf165ac61bce88cd4264897c8783665b0799 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 13 Mar 2017 16:50:47 -0400 +Subject: [PATCH 3/3] Nerf SMBIOS functions out of fwupdate + +RHEL 7.4 doesn't have libsmbios, so we can't actually use it to do +anything. + +Signed-off-by: Peter Jones +--- + linux/Makefile | 6 ------ + 1 file changed, 6 deletions(-) + +diff --git a/linux/Makefile b/linux/Makefile +index 5122e48..45bd156 100644 +--- a/linux/Makefile ++++ b/linux/Makefile +@@ -8,12 +8,6 @@ LIB_LIBS= pthread + BIN_LIBS= popt pthread + PKLIBS = efivar efiboot + HAVE_LIBSMBIOS=no +-ifeq ($(ARCH),x86_64) +- HAVE_LIBSMBIOS=yes +-endif +-ifeq ($(ARCH),ia32) +- HAVE_LIBSMBIOS=yes +-endif + CFLAGS ?= -g -O0 + PJONES = + BIN_CCLDFLAGS = $(foreach lib,$(BIN_LIBS),-l$(lib)) \ +-- +2.9.3 + diff --git a/SOURCES/0004-libfwup-get_info-return-whatever-a-second-call-to-ge.patch b/SOURCES/0004-libfwup-get_info-return-whatever-a-second-call-to-ge.patch new file mode 100644 index 0000000..cf7a310 --- /dev/null +++ b/SOURCES/0004-libfwup-get_info-return-whatever-a-second-call-to-ge.patch @@ -0,0 +1,36 @@ +From eb99a8ffba4963482b3bda2b37266734a1f6ad78 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 28 Mar 2017 13:17:42 -0400 +Subject: [PATCH 04/11] libfwup: get_info: return whatever a second call to + get_info() gave us + +When we recurse and try to get a new variable, just exit with the status +code get_info() gave us on the second pass. + +Caught by coverity. + +Signed-off-by: Peter Jones +--- + linux/libfwup.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/linux/libfwup.c b/linux/libfwup.c +index fe4ece4..bdb8708 100644 +--- a/linux/libfwup.c ++++ b/linux/libfwup.c +@@ -310,10 +310,9 @@ get_err: + return -1; + } + rc = get_info(guid, hw_inst, info); +- if (rc < 0) { ++ if (rc < 0) + efi_error("get_info() failed"); +- return rc; +- } ++ return rc; + } + local = (update_info *)data; + +-- +2.12.2 + diff --git a/SOURCES/0005-read_file_at-don-t-initialize-saved_errno-if-we-re-n.patch b/SOURCES/0005-read_file_at-don-t-initialize-saved_errno-if-we-re-n.patch new file mode 100644 index 0000000..c910ab5 --- /dev/null +++ b/SOURCES/0005-read_file_at-don-t-initialize-saved_errno-if-we-re-n.patch @@ -0,0 +1,29 @@ +From fd5458603dbd6309e2cc3eba6a1ed0c9c389836e Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 28 Mar 2017 13:19:10 -0400 +Subject: [PATCH 05/11] read_file_at(): don't initialize saved_errno if we're + not using it. + +Coverity caught this completelty insignificant bug. + +Signed-off-by: Peter Jones +--- + linux/util.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/linux/util.h b/linux/util.h +index d8dcf3b..23fd7cd 100644 +--- a/linux/util.h ++++ b/linux/util.h +@@ -35,7 +35,7 @@ static inline int + __attribute__((unused)) + read_file_at(int dfd, char *name, uint8_t **buf, size_t *bufsize) + { +- int saved_errno = errno; ++ int saved_errno; + uint8_t *p; + size_t size = 4096; + size_t filesize = 0; +-- +2.12.2 + diff --git a/SOURCES/0006-fwup_set_up_update-don-t-lseek-on-our-error-path.patch b/SOURCES/0006-fwup_set_up_update-don-t-lseek-on-our-error-path.patch new file mode 100644 index 0000000..7d328d9 --- /dev/null +++ b/SOURCES/0006-fwup_set_up_update-don-t-lseek-on-our-error-path.patch @@ -0,0 +1,30 @@ +From 0b8ddf8fa6d8e2c86b5f3f1f16d87bcd0a921eae Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 28 Mar 2017 13:21:44 -0400 +Subject: [PATCH 06/11] fwup_set_up_update(): don't lseek() on our error path. + +We were doing this as a courtesy to the caller, but all checkers will (I +guess rightly) complain that we're not handling lseek()'s error case. +Since there's no obvious way *to* handle the error case, may as well +not. + +Signed-off-by: Peter Jones +--- + linux/libfwup.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/linux/libfwup.c b/linux/libfwup.c +index bdb8708..d82700f 100644 +--- a/linux/libfwup.c ++++ b/linux/libfwup.c +@@ -1373,7 +1373,6 @@ fwup_set_up_update(fwup_resource *re, + goto out; + out: + error = errno; +- lseek(infd, offset, SEEK_SET); + if (path) + free(path); + if (fin) +-- +2.12.2 + diff --git a/SOURCES/0007-add_to_boot_order-actually-always-pass-in-attributes.patch b/SOURCES/0007-add_to_boot_order-actually-always-pass-in-attributes.patch new file mode 100644 index 0000000..e9a2f39 --- /dev/null +++ b/SOURCES/0007-add_to_boot_order-actually-always-pass-in-attributes.patch @@ -0,0 +1,32 @@ +From 59e5faa7f29cb4296308720fab36f4f9d1f45ab7 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 28 Mar 2017 13:24:44 -0400 +Subject: [PATCH 07/11] add_to_boot_order(): actually always pass in attributes + for BootOrder. + +Normally BootOrder is set, and we don't hit the uninitialized path, +but... yeah. + +Signed-off-by: Peter Jones +--- + linux/libfwup.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/linux/libfwup.c b/linux/libfwup.c +index d82700f..28a4417 100644 +--- a/linux/libfwup.c ++++ b/linux/libfwup.c +@@ -774,7 +774,9 @@ add_to_boot_order(uint16_t boot_entry) + { + uint16_t *boot_order = NULL, *new_boot_order = NULL; + size_t boot_order_size = 0; +- uint32_t attr; ++ uint32_t attr = EFI_VARIABLE_NON_VOLATILE | ++ EFI_VARIABLE_BOOTSERVICE_ACCESS | ++ EFI_VARIABLE_RUNTIME_ACCESS; + int rc; + unsigned int i; + +-- +2.12.2 + diff --git a/SOURCES/0008-fwup_resource_iter_create-make-the-error-path-actual.patch b/SOURCES/0008-fwup_resource_iter_create-make-the-error-path-actual.patch new file mode 100644 index 0000000..1e4c929 --- /dev/null +++ b/SOURCES/0008-fwup_resource_iter_create-make-the-error-path-actual.patch @@ -0,0 +1,68 @@ +From f350c8f7f91a17039cabd7b1650609e154a85ccd Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 28 Mar 2017 13:32:17 -0400 +Subject: [PATCH 08/11] fwup_resource_iter_create(): make the error path + actually work... + +coverity noticed that this was horrible. + +Signed-off-by: Peter Jones +--- + linux/libfwup.c | 23 ++++++++++++++++------- + 1 file changed, 16 insertions(+), 7 deletions(-) + +diff --git a/linux/libfwup.c b/linux/libfwup.c +index 28a4417..3bf2659 100644 +--- a/linux/libfwup.c ++++ b/linux/libfwup.c +@@ -422,7 +422,8 @@ int + fwup_resource_iter_create(fwup_resource_iter **iter) + { + int error; +- const char *path; ++ char *path; ++ + if (!iter) { + efi_error("invalid iter"); + errno = EINVAL; +@@ -438,16 +439,13 @@ fwup_resource_iter_create(fwup_resource_iter **iter) + path = get_esrt_dir(1); + if (!path) { + efi_error("get_esrt_dir(1) failed"); +- return -1; ++ goto err; + } ++ + new->dir = opendir(path); + if (!new->dir) { + efi_error("opendir(path) failed"); +-err: +- error = errno; +- free(new); +- errno = error; +- return -1; ++ goto err; + } + + new->dirfd = dirfd(new->dir); +@@ -458,6 +456,17 @@ err: + + *iter = new; + return 0; ++err: ++ error = errno; ++ if (new) { ++ if (new->dir) ++ closedir(new->dir); ++ free(new); ++ } ++ if (path) ++ free(path); ++ errno = error; ++ return -1; + } + + static void +-- +2.12.2 + diff --git a/SOURCES/0009-add_to_boot_order-set-the-new-BootOrder-entry-at-the.patch b/SOURCES/0009-add_to_boot_order-set-the-new-BootOrder-entry-at-the.patch new file mode 100644 index 0000000..62abf67 --- /dev/null +++ b/SOURCES/0009-add_to_boot_order-set-the-new-BootOrder-entry-at-the.patch @@ -0,0 +1,28 @@ +From 2931d55f8b547663eee88be432e89d2c18506761 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 28 Mar 2017 13:32:39 -0400 +Subject: [PATCH 09/11] add_to_boot_order(): set the new BootOrder entry at the + right place + +Coverity noticed that this was setting just anything really. + +Signed-off-by: Peter Jones +--- + linux/libfwup.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/linux/libfwup.c b/linux/libfwup.c +index 3bf2659..8fb4e2e 100644 +--- a/linux/libfwup.c ++++ b/linux/libfwup.c +@@ -825,6 +825,7 @@ add_to_boot_order(uint16_t boot_entry) + } + memcpy(new_boot_order, boot_order, boot_order_size); + ++ i = boot_order_size / sizeof (uint16_t); + new_boot_order[i] = boot_entry; + boot_order_size += sizeof (uint16_t); + +-- +2.12.2 + diff --git a/SOURCES/0010-fwup_set_up_update-check-lseek-s-return-value.patch b/SOURCES/0010-fwup_set_up_update-check-lseek-s-return-value.patch new file mode 100644 index 0000000..8be9255 --- /dev/null +++ b/SOURCES/0010-fwup_set_up_update-check-lseek-s-return-value.patch @@ -0,0 +1,30 @@ +From 544b5623f3eadc16840e3e205ce93528b9a987b2 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 28 Mar 2017 13:33:20 -0400 +Subject: [PATCH 10/11] fwup_set_up_update(): check lseek()'s return value. + +Coverity noticed this wasn't getting done. + +Signed-off-by: Peter Jones +--- + linux/libfwup.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/linux/libfwup.c b/linux/libfwup.c +index 8fb4e2e..c14a996 100644 +--- a/linux/libfwup.c ++++ b/linux/libfwup.c +@@ -1303,6 +1303,10 @@ fwup_set_up_update(fwup_resource *re, + } + + offset = lseek(infd, 0, SEEK_CUR); ++ if (offset < 0) { ++ efi_error("lseek failed"); ++ return -1; ++ } + + /* get device */ + rc = get_info(&re->esre.guid, 0, &info); +-- +2.12.2 + diff --git a/SOURCES/0011-put_info-try-to-limit-bounds-of-our-duplicated-devic.patch b/SOURCES/0011-put_info-try-to-limit-bounds-of-our-duplicated-devic.patch new file mode 100644 index 0000000..40c0dc3 --- /dev/null +++ b/SOURCES/0011-put_info-try-to-limit-bounds-of-our-duplicated-devic.patch @@ -0,0 +1,30 @@ +From 2192afd376759f9b0e3720692046baccabf114e9 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 8 May 2017 15:55:59 -0400 +Subject: [PATCH 11/11] put_info(): try to limit bounds of our duplicated + device path more... + +Signed-off-by: Peter Jones +--- + linux/libfwup.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/linux/libfwup.c b/linux/libfwup.c +index c14a996..b29a0e5 100644 +--- a/linux/libfwup.c ++++ b/linux/libfwup.c +@@ -377,7 +377,10 @@ err: + return -1; + } + /* Make sure sizeof(*info) + dps won't integer overflow */ +- if ((size_t)dps > SSIZE_MAX - sizeof(*info)) { ++ if (((size_t)dps >= SSIZE_MAX - sizeof(*info)) || ++ /* Make sure extra hard by just picking an astonishingly large ++ * value that's merely very very unlikely... */ ++ ((ssize_t)dps > sysconf(_SC_PAGESIZE) * 100)) { + efi_error("device path size (%zd) would overflow", dps); + errno = EOVERFLOW; + return -1; +-- +2.12.2 + diff --git a/SOURCES/0012-Try-harder-to-satisfy-coverity-about-the-structure-o.patch b/SOURCES/0012-Try-harder-to-satisfy-coverity-about-the-structure-o.patch new file mode 100644 index 0000000..f54da9f --- /dev/null +++ b/SOURCES/0012-Try-harder-to-satisfy-coverity-about-the-structure-o.patch @@ -0,0 +1,88 @@ +From 2ca5e334bbc5309fc6329b1263bd8d3d85712d03 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 9 May 2017 09:43:29 -0400 +Subject: [PATCH 12/13] Try harder to satisfy coverity about the structure of + update_info. + +Signed-off-by: Peter Jones +--- + efi/fwupdate.c | 2 +- + efi/mkvar2.c | 2 +- + include/fwup-efi.h | 3 ++- + linux/libfwup.c | 6 +++--- + 4 files changed, 7 insertions(+), 6 deletions(-) + +diff --git a/efi/fwupdate.c b/efi/fwupdate.c +index 942d347..d009267 100644 +--- a/efi/fwupdate.c ++++ b/efi/fwupdate.c +@@ -674,7 +674,7 @@ add_capsule(update_table *update, EFI_CAPSULE_HEADER **capsule_out, + UINTN fsize = 0; + EFI_CAPSULE_HEADER *capsule; + +- rc = open_file((EFI_DEVICE_PATH *)update->info->dp, &fh); ++ rc = open_file((EFI_DEVICE_PATH *)update->info->dp_buf, &fh); + if (EFI_ERROR(rc)) + return rc; + +diff --git a/efi/mkvar2.c b/efi/mkvar2.c +index 0c60a5a..a02a912 100644 +--- a/efi/mkvar2.c ++++ b/efi/mkvar2.c +@@ -44,7 +44,7 @@ efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *systab) + InitializeLib(image, systab); + + ZeroMem(&info->time_attempted, sizeof (info->time_attempted)); +- CopyMem(info->dp, devicepath, sizeof (devicepath)-1); ++ CopyMem(info->dp_buf, devicepath, sizeof (devicepath)-1); + CopyMem(&info->guid, &guid, sizeof (guid)); + + EFI_STATUS rc = uefi_call_wrapper(RT->SetVariable, 5, L"FwUpdates", +diff --git a/include/fwup-efi.h b/include/fwup-efi.h +index fe1ec90..37f3459 100644 +--- a/include/fwup-efi.h ++++ b/include/fwup-efi.h +@@ -31,7 +31,8 @@ typedef struct update_info_s { + /* variadic device path */ + union { + efidp_header *dp_ptr; +- uint8_t dp[sizeof(efidp_header)]; ++ efidp_header dp; ++ uint8_t dp_buf[0]; + }; + } __attribute__((__packed__)) update_info; + +diff --git a/linux/libfwup.c b/linux/libfwup.c +index b29a0e5..232eb77 100644 +--- a/linux/libfwup.c ++++ b/linux/libfwup.c +@@ -321,7 +321,7 @@ get_err: + goto get_err; + } + +- ssize_t sz = efidp_size((efidp)local->dp); ++ ssize_t sz = efidp_size((efidp)local->dp_buf); + if (sz < 0) { + efi_error("efidp_size() failed"); + free(data); +@@ -337,7 +337,7 @@ get_err: + return -1; + } + +- memcpy(dp, local->dp, (size_t)sz); ++ memcpy(dp, local->dp_buf, (size_t)sz); + local->dp_ptr = dp; + + *info = local; +@@ -394,7 +394,7 @@ err: + return -1; + + memcpy(info2, info, sizeof(*info)); +- memcpy(info2->dp, info->dp_ptr, dps); ++ memcpy(info2->dp_buf, info->dp_ptr, dps); + + uint32_t attributes = EFI_VARIABLE_NON_VOLATILE + | EFI_VARIABLE_BOOTSERVICE_ACCESS +-- +2.12.2 + diff --git a/SOURCES/0013-Add-coverity-makefile-bits.patch b/SOURCES/0013-Add-coverity-makefile-bits.patch new file mode 100644 index 0000000..dd531c1 --- /dev/null +++ b/SOURCES/0013-Add-coverity-makefile-bits.patch @@ -0,0 +1,103 @@ +From d27930abbc6af501d8375b1a28001691b91fc952 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 9 May 2017 11:35:17 -0400 +Subject: [PATCH 13/13] Add coverity makefile bits + +This lets us do semi-automated coverity uploads directly from the repo +checkout. + +Signed-off-by: Peter Jones +--- + .gitignore | 1 + + Make.rules | 6 ++++++ + Makefile | 38 +++++++++++++++++++++++++++++++++++++- + 3 files changed, 44 insertions(+), 1 deletion(-) + create mode 100644 Make.rules + +diff --git a/.gitignore b/.gitignore +index 25be91f..91c3ae6 100644 +--- a/.gitignore ++++ b/.gitignore +@@ -10,3 +10,4 @@ + *.tar.* + .*.sw? + linux/include/fwup-version.h ++cov-int +diff --git a/Make.rules b/Make.rules +new file mode 100644 +index 0000000..b7cd9e8 +--- /dev/null ++++ b/Make.rules +@@ -0,0 +1,6 @@ ++ ++include $(TOPDIR)/Make.version ++ ++define get-config ++$(shell git config --local --get "fwupdate.$(1)") ++endef +diff --git a/Makefile b/Makefile +index 6d6511b..14c3ad6 100644 +--- a/Makefile ++++ b/Makefile +@@ -2,10 +2,11 @@ default : all + + TOPDIR=$(shell pwd) + include $(TOPDIR)/Make.version ++include $(TOPDIR)/Make.rules + include $(TOPDIR)/Make.defaults + SUBDIRS ?= efi linux docs include + +-all clean install : | check_efidir_error ++all install : | check_efidir_error + @set -e ; for x in $(SUBDIRS) ; do \ + $(MAKE) DESTDIR=$(DESTDIR) TOPDIR=$(TOPDIR) VERSION=$(VERSION) \ + LIBDIR=$(LIBDIR) bindir=$(bindir) mandir=$(mandir) \ +@@ -15,6 +16,39 @@ all clean install : | check_efidir_error + fwupdate.spec : fwupdate.spec.in Makefile + @sed -e "s,@@VERSION@@,$(VERSION),g" $< > $@ + ++COV_EMAIL=$(call get-config,coverity.email) ++COV_TOKEN=$(call get-config,coverity.token) ++COV_URL=$(call get-config,coverity.url) ++COV_FILE=fwupdate-coverity-$(VERSION)-$(COMMIT_ID).tar.bz2 ++COMMIT_ID=$(shell git log -1 --pretty=%H 2>/dev/null || echo master) ++ ++clean : ++ @set -e ; for x in $(SUBDIRS) ; do \ ++ $(MAKE) DESTDIR=$(DESTDIR) TOPDIR=$(TOPDIR) VERSION=$(VERSION) \ ++ LIBDIR=$(LIBDIR) bindir=$(bindir) mandir=$(mandir) \ ++ -C $$x $@ ; \ ++ done ++ @rm -vrf cov-int fwupdate-coverity-*.tar.* ++ ++cov-int : clean ++ cov-build --dir cov-int make all ++ ++$(COV_FILE) : cov-int ++ tar caf $@ cov-int ++ ++cov-upload : ++ @if [[ -n "$(COV_URL)" ]] && \ ++ [[ -n "$(COV_TOKEN)" ]] && \ ++ [[ -n "$(COV_EMAIL)" ]] ; \ ++ then \ ++ echo curl --form token=$(COV_TOKEN) --form email="$(COV_EMAIL)" --form file=@"$(COV_FILE)" --form version=$(VERSION).1 --form description="$(COMMIT_ID)" "$(COV_URL)" ; \ ++ curl --form token=$(COV_TOKEN) --form email="$(COV_EMAIL)" --form file=@"$(COV_FILE)" --form version=$(VERSION).1 --form description="$(COMMIT_ID)" "$(COV_URL)" ; \ ++ else \ ++ echo Coverity output is in $(COV_FILE) ; \ ++ fi ++ ++coverity : $(COV_FILE) cov-upload ++ + GITTAG = $(VERSION) + + test-archive: fwupdate.spec +@@ -40,3 +74,5 @@ archive: tag fwupdate.spec + @dir=$$PWD; cd /tmp; tar -c --bzip2 -f $$dir/fwupdate-$(VERSION).tar.bz2 fwupdate-$(VERSION) + @rm -rf /tmp/fwupdate-$(VERSION) + @echo "The archive is in fwupdate-$(VERSION).tar.bz2" ++ ++.PHONY: $(SUBDIRS) coverity cov-upload +-- +2.12.2 + diff --git a/SOURCES/0014-Don-t-free-alloca-d-memory.patch b/SOURCES/0014-Don-t-free-alloca-d-memory.patch new file mode 100644 index 0000000..5d051c5 --- /dev/null +++ b/SOURCES/0014-Don-t-free-alloca-d-memory.patch @@ -0,0 +1,32 @@ +From b0340e15ffde4c508d753cb610166bd7124ecdb1 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 19 May 2017 15:35:17 -0400 +Subject: [PATCH] Don't free() alloca()'d memory. + +get_esrt_dir() returns a value on the caller's local stack, so don't +free it on the error path in fwup_resource_iter_create(). + +This fixes a SIGABRT from free() on the case where the machine doesn't +have an ESRT. + +Signed-off-by: Peter Jones +--- + linux/libfwup.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/linux/libfwup.c b/linux/libfwup.c +index 4c9b7c8..929c106 100644 +--- a/linux/libfwup.c ++++ b/linux/libfwup.c +@@ -466,8 +466,6 @@ err: + closedir(new->dir); + free(new); + } +- if (path) +- free(path); + errno = error; + return -1; + } +-- +2.12.2 + diff --git a/SOURCES/0015-Fix-uninitialized-variable.patch b/SOURCES/0015-Fix-uninitialized-variable.patch new file mode 100644 index 0000000..406cd40 --- /dev/null +++ b/SOURCES/0015-Fix-uninitialized-variable.patch @@ -0,0 +1,37 @@ +From 2fe9e690e019d2e25db3be22b57623c0618148d7 Mon Sep 17 00:00:00 2001 +From: Mirco Tischler +Date: Mon, 6 Mar 2017 23:45:46 +0100 +Subject: [PATCH] Fix uninitialized variable. + +If boot_order_size is 0, i was never set. On gcc-6.3.1, this broke the +build if compiled with -O2 (-Werror=maybe_uninitialized). This is the +error: + +libfwup.c: In function 'set_up_boot_next': +libfwup.c:818:16: error: 'i' may be used uninitialized in this function [-Werror=maybe-uninitialized] + new_boot_order[i] = boot_entry; + ^ +libfwup.c:780:15: note: 'i' was declared here + unsigned int i; + ^ +cc1: all warnings being treated as errors +--- + linux/libfwup.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/linux/libfwup.c b/linux/libfwup.c +index 232eb77..30cf56a 100644 +--- a/linux/libfwup.c ++++ b/linux/libfwup.c +@@ -790,7 +790,7 @@ add_to_boot_order(uint16_t boot_entry) + EFI_VARIABLE_BOOTSERVICE_ACCESS | + EFI_VARIABLE_RUNTIME_ACCESS; + int rc; +- unsigned int i; ++ unsigned int i = 0; + + rc = efi_get_variable_size(efi_guid_global, "BootOrder", + &boot_order_size); +-- +2.12.2 + diff --git a/SOURCES/secureboot.cer b/SOURCES/secureboot.cer new file mode 100644 index 0000000..4ff8b79 Binary files /dev/null and b/SOURCES/secureboot.cer differ diff --git a/SOURCES/securebootca.cer b/SOURCES/securebootca.cer new file mode 100644 index 0000000..b235400 Binary files /dev/null and b/SOURCES/securebootca.cer differ diff --git a/SPECS/fwupdate.spec b/SPECS/fwupdate.spec new file mode 100644 index 0000000..2b91625 --- /dev/null +++ b/SPECS/fwupdate.spec @@ -0,0 +1,191 @@ +%global efivar_version 31-1 +%global efibootmgr_version 15-1 +%global gnu_efi_version 1:3.0.5-9 +%global pesign_version 0.109-10 + +Name: fwupdate +Version: 9 +Release: 8%{?dist} +Summary: Tools to manage UEFI firmware updates +License: GPLv2+ +URL: https://github.com/rhinstaller/fwupdate +Requires: %{name}-libs%{?_isa} = %{version}-%{release} +BuildRequires: efivar-devel >= %{efivar_version} +BuildRequires: gnu-efi >= %{gnu_efi_version} +BuildRequires: gnu-efi-devel >= %{gnu_efi_version} +BuildRequires: pesign >= %{pesign_version} +BuildRequires: elfutils popt-devel git gettext pkgconfig +BuildRequires: systemd +ExclusiveArch: x86_64 aarch64 +Source0: https://github.com/rhinstaller/fwupdate/releases/download/%{name}-%{version}/%{name}-%{version}.tar.bz2 +Source1: securebootca.cer +Source2: secureboot.cer +Patch0001: 0001-Make-SUBDIRS-overrideable.patch +Patch0002: 0002-efi-fwupdate-make-our-mult-wrapper-get-the-type-of-U.patch +Patch0003: 0003-Nerf-SMBIOS-functions-out-of-fwupdate.patch +Patch0004: 0004-libfwup-get_info-return-whatever-a-second-call-to-ge.patch +Patch0005: 0005-read_file_at-don-t-initialize-saved_errno-if-we-re-n.patch +Patch0006: 0006-fwup_set_up_update-don-t-lseek-on-our-error-path.patch +Patch0007: 0007-add_to_boot_order-actually-always-pass-in-attributes.patch +Patch0008: 0008-fwup_resource_iter_create-make-the-error-path-actual.patch +Patch0009: 0009-add_to_boot_order-set-the-new-BootOrder-entry-at-the.patch +Patch0010: 0010-fwup_set_up_update-check-lseek-s-return-value.patch +Patch0011: 0011-put_info-try-to-limit-bounds-of-our-duplicated-devic.patch +Patch0012: 0012-Try-harder-to-satisfy-coverity-about-the-structure-o.patch +Patch0013: 0013-Add-coverity-makefile-bits.patch +Patch0014: 0014-Don-t-free-alloca-d-memory.patch +Patch0015: 0015-Fix-uninitialized-variable.patch + +%ifarch x86_64 +%global efiarch x64 +%endif +%ifarch aarch64 +%global efiarch aa64 +%endif + +# Figure out the right file path to use +%global efidir %(eval echo $(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/')) + +%description +fwupdate provides a simple command line interface to the UEFI firmware updates. + +%package libs +Summary: Library to manage UEFI firmware updates +Requires: %{name}-efi = %{version}-%{release} + +%description libs +Library to allow for the simple manipulation of UEFI firmware updates. + +%package devel +Summary: Development headers for libfwup +Requires: %{name}-libs%{?_isa} = %{version}-%{release} +Requires: efivar-devel >= %{efivar_version} + +%description devel +development headers required to use libfwup. + +%package efi +Summary: UEFI binaries used by libfwup +Requires: shim + +%description efi +UEFI binaries used by libfwup. + +%prep +%setup -q -n %{name}-%{version} +git init +git config user.email "%{name}-owner@fedoraproject.org" +git config user.name "Fedora Ninjas" +git add . +git commit -a -q -m "%{version} baseline." +git am %{patches} - 9-8 +- Hopefully the last TPS related rebuild. + Related: rhbz#1380825 + +* Fri May 19 2017 Peter Jones - 9-7 +- One more TPS related rebuild... + Related: rhbz#1380825 + +* Wed May 17 2017 Peter Jones - 9-6 +- Rebuild to make some dependencies versioned, in order to make TPS's really + broken builder setup work. + Related: rhbz#1380825 + +* Tue May 09 2017 Peter Jones - 9-5 +- Fix some more coverity issues + Related: rhbz#1380825 + +* Mon May 08 2017 Peter Jones - 9-4 +- Fix some more coverity issues + Related: rhbz#1380825 + +* Mon Apr 03 2017 Peter Jones - 9-3 +- Fix CFLAGS on make invocation + Related: rhbz#1380825 + +* Tue Mar 28 2017 Peter Jones - 9-2 +- Fix a pile of coverity issues. + Related: rhbz#1380825 + +* Mon Mar 13 2017 Peter Jones - 9-1 +- First build in RHEL 7 + Resolves: rhbz#1380825