From d99e036f26bc040c6e77f75e4e0a7a41369e1d79 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Oct 30 2018 05:54:59 +0000 Subject: import fwupdate-12-5.el7 --- diff --git a/.fwupdate.metadata b/.fwupdate.metadata new file mode 100644 index 0000000..80e7117 --- /dev/null +++ b/.fwupdate.metadata @@ -0,0 +1 @@ +46029fb9149fce5b26006e85e4e169366fc68a57 SOURCES/fwupdate-12.tar.bz2 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..15069d8 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/fwupdate-12.tar.bz2 diff --git a/README.md b/README.md deleted file mode 100644 index 98f42b4..0000000 --- a/README.md +++ /dev/null @@ -1,4 +0,0 @@ -The master branch has no content - -Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6 -If you find this file in a distro specific branch, it means that no content has been checked in yet diff --git a/SOURCES/0001-Make-some-compiler-versions-ignore-missing-field-ini.patch b/SOURCES/0001-Make-some-compiler-versions-ignore-missing-field-ini.patch new file mode 100644 index 0000000..954ac64 --- /dev/null +++ b/SOURCES/0001-Make-some-compiler-versions-ignore-missing-field-ini.patch @@ -0,0 +1,43 @@ +From dfe3645bb2535904f441d9031080dd4cd118688a Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 11 Jun 2018 13:04:43 -0400 +Subject: [PATCH 1/2] Make some compiler versions ignore missing field + initializers. + +There's literally no reason for -Wmissing-field-initializers to ever +trigger when you're using -std= /anything c99 or newer/, but some +compilers do, so nerf it out. + +Signed-off-by: Peter Jones +--- + efi/Makefile | 1 + + linux/Makefile | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/efi/Makefile b/efi/Makefile +index 6699af1d400..f4d079e8816 100644 +--- a/efi/Makefile ++++ b/efi/Makefile +@@ -13,6 +13,7 @@ CFLAGS ?= -Og -g3 -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 \ + -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 \ + -grecord-gcc-switches + BUILDFLAGS := $(CFLAGS) -fpic -Werror -Wall -Wextra -fshort-wchar \ ++ -Wno-error=missing-field-initializers -Wno-missing-field-initializers \ + -fno-merge-constants -ffreestanding \ + -fno-stack-protector -fno-stack-check --std=gnu11 -DCONFIG_$(ARCH) \ + -I/usr/include/efi/ -I/usr/include/efi/$(ARCH)/ \ +diff --git a/linux/Makefile b/linux/Makefile +index 6089b4758bb..7aed70495cb 100644 +--- a/linux/Makefile ++++ b/linux/Makefile +@@ -34,6 +34,7 @@ endif + BUILDFLAGS := $(CFLAGS) -Wall -Wextra -Werror -Wno-error=cpp \ + -Wno-unused-result -Wno-unused-function \ + -Wsign-compare -Werror=sign-compare \ ++ -Wno-error=missing-field-initializers -Wno-missing-field-initializers \ + -fshort-wchar --std=gnu11 \ + -DLOCALEDIR=\"$(localedir)\" -D_GNU_SOURCE \ + -DFWUP_EFI_DIR_NAME=\"$(EFIDIR)\" \ +-- +2.17.1 + diff --git a/SOURCES/0002-libfwup-set_up_boot_next-make-sure-we-check-if-our-f.patch b/SOURCES/0002-libfwup-set_up_boot_next-make-sure-we-check-if-our-f.patch new file mode 100644 index 0000000..a97fce4 --- /dev/null +++ b/SOURCES/0002-libfwup-set_up_boot_next-make-sure-we-check-if-our-f.patch @@ -0,0 +1,61 @@ +From a0c57f8759a0548aa7f0334f6839156b1456bb2a Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 13 Jun 2018 09:57:49 -0400 +Subject: [PATCH 2/2] libfwup: set_up_boot_next(): make sure we check if our + file paths are NULL. + +Coverity's clang scan believes we can sometimes alloca(0) if +fwup_esp_path is NULL, though I don't think this can happen because if +it is NULL get_paths() should have returned error. Nevertheless, just +check both things. + +Additionally, this adds a check to make sure utf8_to_ucs2() and +ucs2len() didn't fail. + +Signed-off-by: Peter Jones +--- + linux/libfwup.c | 19 +++++++++++++++---- + 1 file changed, 15 insertions(+), 4 deletions(-) + +diff --git a/linux/libfwup.c b/linux/libfwup.c +index abab18e96ac..61a9d280c32 100644 +--- a/linux/libfwup.c ++++ b/linux/libfwup.c +@@ -1215,9 +1215,9 @@ set_up_boot_next(void) + uint32_t attributes = LOAD_OPTION_ACTIVE; + + rc = get_paths(&shim_fs_path, &fwup_fs_path, &fwup_esp_path); +- if (rc < 0) { ++ if (rc < 0 || (!shim_fs_path && (!fwup_fs_path || !fwup_esp_path))) { + efi_error("could not find paths for shim and fwup"); +- return -1; ++ goto out; + } + + if (!shim_fs_path) +@@ -1242,9 +1242,20 @@ set_up_boot_next(void) + + if (!use_fwup_path) { + loader_str = utf8_to_ucs2((uint8_t *)fwup_esp_path, -1); ++ if (loader_str == NULL) { ++ efi_error("utf8_to_ucs2() failed"); ++ goto out; ++ } + loader_sz = ucs2len(loader_str, -1) * 2; +- if (loader_sz) +- loader_sz += 2; ++ if (loader_sz < 2) { ++ efi_error("ucs2len(fwup_esp_path) returned %zu", ++ loader_sz); ++ saved_errno = errno; ++ free(loader_str); ++ errno = saved_errno; ++ goto out; ++ } ++ loader_sz += 2; + loader_str = onstack(loader_str, loader_sz); + } + +-- +2.17.1 + diff --git a/SOURCES/0003-Actually-add-fwup_version-to-our-exposed-API-list.patch b/SOURCES/0003-Actually-add-fwup_version-to-our-exposed-API-list.patch new file mode 100644 index 0000000..3a7e766 --- /dev/null +++ b/SOURCES/0003-Actually-add-fwup_version-to-our-exposed-API-list.patch @@ -0,0 +1,25 @@ +From 6101b6b304da06644bd7a90444f729d0fc44940e Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 28 Jun 2018 14:00:19 -0400 +Subject: [PATCH] Actually add fwup_version to our exposed API list. + +Signed-off-by: Peter Jones +--- + linux/libfwup.map.in | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/linux/libfwup.map.in b/linux/libfwup.map.in +index 8746b7a46cc..df9395ce705 100644 +--- a/linux/libfwup.map.in ++++ b/linux/libfwup.map.in +@@ -30,3 +30,7 @@ LIBFWUP_1.11 { + global: fwup_set_guid_forced; + fwup_resource_free; + } libfwup.so.1; ++ ++LIBFWUP_1.12 { ++ global: fwup_version; ++} LIBFWUP_1.11; +-- +2.17.1 + diff --git a/SOURCES/secureboot.cer b/SOURCES/secureboot.cer new file mode 100644 index 0000000..4ff8b79 Binary files /dev/null and b/SOURCES/secureboot.cer differ diff --git a/SOURCES/securebootca.cer b/SOURCES/securebootca.cer new file mode 100644 index 0000000..b235400 Binary files /dev/null and b/SOURCES/securebootca.cer differ diff --git a/SPECS/fwupdate.spec b/SPECS/fwupdate.spec new file mode 100644 index 0000000..dda4373 --- /dev/null +++ b/SPECS/fwupdate.spec @@ -0,0 +1,199 @@ +%global efivar_version 36-1 +%global efibootmgr_version 17-1 +%global gnu_efi_version 1:3.0.8-1 +%global pesign_version 0.109-10 + +Name: fwupdate +Version: 12 +Release: 5%{?dist} +Summary: Tools to manage UEFI firmware updates +License: GPLv2+ +URL: https://github.com/rhinstaller/fwupdate +Requires: %{name}-libs%{?_isa} = %{version}-%{release} +BuildRequires: efivar-devel >= %{efivar_version} +BuildRequires: gnu-efi >= %{gnu_efi_version} +BuildRequires: gnu-efi-devel >= %{gnu_efi_version} +BuildRequires: pesign >= %{pesign_version} +BuildRequires: elfutils popt-devel git gettext pkgconfig +BuildRequires: systemd +ExclusiveArch: x86_64 aarch64 +Source0: https://github.com/rhinstaller/fwupdate/releases/download/%{name}-%{version}/%{name}-%{version}.tar.bz2 +Source1: securebootca.cer +Source2: secureboot.cer +Patch0001: 0001-Make-some-compiler-versions-ignore-missing-field-ini.patch +Patch0002: 0002-libfwup-set_up_boot_next-make-sure-we-check-if-our-f.patch +Patch0003: 0003-Actually-add-fwup_version-to-our-exposed-API-list.patch + +%ifarch x86_64 +%global efiarch x64 +%endif +%ifarch aarch64 +%global efiarch aa64 +%endif + +# Figure out the right file path to use +%global efidir %(eval echo $(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/')) + +%description +fwupdate provides a simple command line interface to the UEFI firmware updates. + +%package libs +Summary: Library to manage UEFI firmware updates +Requires: %{name}-efi = %{version}-%{release} + +%description libs +Library to allow for the simple manipulation of UEFI firmware updates. + +%package devel +Summary: Development headers for libfwup +Requires: %{name}-libs%{?_isa} = %{version}-%{release} +Requires: efivar-devel >= %{efivar_version} + +%description devel +development headers required to use libfwup. + +%package efi +Summary: UEFI binaries used by libfwup +Requires: shim + +%description efi +UEFI binaries used by libfwup. + +%prep +%setup -q -n %{name}-%{version} +git init +git config user.email "%{name}-owner@fedoraproject.org" +git config user.name "Fedora Ninjas" +git add . +git commit -a -q -m "%{version} baseline." +git am %{patches} - 12-5 +- Make sure fwup_version() gets exported correctly. + Related: rhbz#1570032 + +* Thu Jun 21 2018 Peter Jones - 12-4 +- Fix permissions on /boot/efi/... + Related: rhbz#1496952 + +* Thu Jun 14 2018 Peter Jones - 12-3 +- Fix some more covscan nits. + Related: rhbz#1570032 + +* Wed Jun 13 2018 Peter Jones - 12-2 +- Fix some covscan nits. + Related: rhbz#1570032 + +* Mon Jun 11 2018 Peter Jones - 12-1 +- Update to fwupdate-12 + Resolves: rhbz#1570032 + +* Fri May 19 2017 Peter Jones - 9-8 +- Hopefully the last TPS related rebuild. + Related: rhbz#1380825 + +* Fri May 19 2017 Peter Jones - 9-7 +- One more TPS related rebuild... + Related: rhbz#1380825 + +* Wed May 17 2017 Peter Jones - 9-6 +- Rebuild to make some dependencies versioned, in order to make TPS's really + broken builder setup work. + Related: rhbz#1380825 + +* Tue May 09 2017 Peter Jones - 9-5 +- Fix some more coverity issues + Related: rhbz#1380825 + +* Mon May 08 2017 Peter Jones - 9-4 +- Fix some more coverity issues + Related: rhbz#1380825 + +* Mon Apr 03 2017 Peter Jones - 9-3 +- Fix CFLAGS on make invocation + Related: rhbz#1380825 + +* Tue Mar 28 2017 Peter Jones - 9-2 +- Fix a pile of coverity issues. + Related: rhbz#1380825 + +* Mon Mar 13 2017 Peter Jones - 9-1 +- First build in RHEL 7 + Resolves: rhbz#1380825