Debian

Available patches from Ubuntu

To see Ubuntu differences wrt. to Debian, write down a grep-dctrl query identifying the packages you're interested in:
grep-dctrl -n -sPackage Sources.Debian
(e.g. -FPackage linux-ntfs or linux-ntfs)

Modified packages are listed below:

Debian ( Changelog | PTS | Bugs ) Ubuntu ( Changelog | txt | LP | Bugs ) | Diff from Ubuntu

Source: sbsigntool

sbsigntool (0.9.2-2ubuntu1) eoan; urgency=low * Merge from Debian unstable. Remaining changes: - d/p/ubuntu-kernel-module-signing.patch and d/p/ubuntu-kernel-module-signing-fixes.patch: add the kernel module signing tool to the package. - d/p/ubuntu-clear-image-before-use.patch: avoid use of uninitialised data causing a startup crash. * Dropped changes, included upstream: - d/p/ubuntu-handle-odd-buffer-lengths-in-checksum.patch: correctly handle odd byte length buffers. * Dropped changes, obsoleted upstream: - d/p/ubuntu-tests-disable-pie.patch: disable PIE -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 03 May 2019 16:12:28 -0700

Modifications :
  1. Download patch debian/patches/ubuntu-kernel-module-signing-fixes.patch

    --- 0.9.2-2/debian/patches/ubuntu-kernel-module-signing-fixes.patch 1970-01-01 00:00:00.000000000 +0000 +++ 0.9.2-2ubuntu1/debian/patches/ubuntu-kernel-module-signing-fixes.patch 2017-04-28 07:31:37.000000000 +0000 @@ -0,0 +1,110 @@ +Description: Ubunty kernel module signing fixes + Separate out any local fixes we need to kmodsign.c to allow us to update + it more easily from mainline when necessary. +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1526959 +Forwarded: not-needed +Author: Andy Whitcroft <apw@ubuntu.com> +Last-Update: 2016-05-17 + +Index: sbsigntool-0.6/src/kmodsign.c +=================================================================== +--- sbsigntool-0.6.orig/src/kmodsign.c ++++ sbsigntool-0.6/src/kmodsign.c +@@ -62,11 +62,26 @@ struct module_signature { + + static char magic_number[] = "~Module signature appended~\n"; + ++static void usage(void) ++{ ++ printf("Usage: kmodsign [-dpkD] <hash algo> <key> <x509> <module> [<dest>]\n" ++ "Sign a kernel module image for use with an enforcing kernel.\n\n" ++ "Options:\n" ++ "\t-p save a copy of the p7s signature (.p7s)\n" ++ "\t-d produce a detached signature file (.p7s) only\n" ++ "\t-D produce a full detached signature block\n" ++ "\t (may be cat'd onto the end of a module)\n" ++ "\t-k switch to using keyid for identification\n"); ++} ++static void version(void) ++{ ++ printf("kmodsign 4.4\n"); ++} ++ + static __attribute__((noreturn)) + void format(void) + { +- fprintf(stderr, +- "Usage: scripts/sign-file [-dp] <hash algo> <key> <x509> <module> [<dest>]\n"); ++ usage(); + exit(2); + } + +@@ -126,6 +141,12 @@ static int pem_pw_cb(char *buf, int len, + return pwlen; + } + ++static struct option options[] = { ++ { "version", no_argument, NULL, 'V' }, ++ { "help", no_argument, NULL, 'h' }, ++ { NULL, 0, NULL, 0 }, ++}; ++ + int main(int argc, char **argv) + { + struct module_signature sig_info = { .id_type = PKEY_ID_PKCS7 }; +@@ -133,6 +154,7 @@ int main(int argc, char **argv) + char *private_key_name, *x509_name, *module_name, *dest_name; + bool save_sig = false, replace_orig; + bool sign_only = false; ++ bool detached = false; + unsigned char buf[4096]; + unsigned long module_size, sig_size; + unsigned int use_signed_attrs; +@@ -160,13 +182,17 @@ int main(int argc, char **argv) + #endif + + do { +- opt = getopt(argc, argv, "dpk"); ++ int idx; ++ opt = getopt_long(argc, argv, "dpkDhV", options, &idx); + switch (opt) { + case 'p': save_sig = true; break; + case 'd': sign_only = true; save_sig = true; break; ++ case 'D': detached = true; break; + #ifndef USE_PKCS7 + case 'k': use_keyid = CMS_USE_KEYID; break; + #endif ++ case 'V': version(); exit(0); break; ++ case 'h': usage(); exit(0); break; + case -1: break; + default: format(); + } +@@ -192,7 +218,7 @@ int main(int argc, char **argv) + + #ifdef USE_PKCS7 + if (strcmp(hash_algo, "sha1") != 0) { +- fprintf(stderr, "sign-file: %s only supports SHA1 signing\n", ++ fprintf(stderr, "kmodsign %s only supports SHA1 signing\n", + OPENSSL_VERSION_TEXT); + exit(3); + } +@@ -295,12 +321,14 @@ int main(int argc, char **argv) + return 0; + + /* Append the marker and the PKCS#7 message to the destination file */ +- ERR(BIO_reset(bm) < 0, "%s", module_name); +- while ((n = BIO_read(bm, buf, sizeof(buf))), +- n > 0) { +- ERR(BIO_write(bd, buf, n) < 0, "%s", dest_name); ++ if (!detached) { ++ ERR(BIO_reset(bm) < 0, "%s", module_name); ++ while ((n = BIO_read(bm, buf, sizeof(buf))), ++ n > 0) { ++ ERR(BIO_write(bd, buf, n) < 0, "%s", dest_name); ++ } ++ ERR(n < 0, "%s", module_name); + } +- ERR(n < 0, "%s", module_name); + module_size = BIO_number_written(bd); + + #ifndef USE_PKCS7
  2. Download patch debian/control

    --- 0.9.2-2/debian/control 2019-04-19 14:54:34.000000000 +0000 +++ 0.9.2-2ubuntu1/debian/control 2019-05-03 23:12:28.000000000 +0000 @@ -1,7 +1,8 @@ Source: sbsigntool Section: utils Priority: optional -Maintainer: Debian EFI Team <debian-efi@lists.debian.org> +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> +XSBC-Original-Maintainer: Debian EFI Team <debian-efi@lists.debian.org> Uploaders: Pierre Chifflier <pollux@debian.org>, Steve McIntyre <93sam@debian.org> Build-Depends: debhelper (>= 9.0.0),
  3. Download patch debian/patches/ubuntu-clear-image-before-use.patch

    --- 0.9.2-2/debian/patches/ubuntu-clear-image-before-use.patch 1970-01-01 00:00:00.000000000 +0000 +++ 0.9.2-2ubuntu1/debian/patches/ubuntu-clear-image-before-use.patch 2017-04-28 07:38:40.000000000 +0000 @@ -0,0 +1,17 @@ +Description: clear image before use + We rely on the image being clear as we will attempt to free + cirtain elements before reuse. Switch to a zeroing allocate. +Author: Andy Whitcroft <apw@ubuntu.com> +Last-Update: 2016-05-09 + +--- sbsigntool-0.6.orig/src/image.c ++++ sbsigntool-0.6/src/image.c +@@ -459,7 +459,7 @@ struct image *image_load(const char *fil + struct image *image; + int rc; + +- image = talloc(NULL, struct image); ++ image = talloc_zero(NULL, struct image); + if (!image) { + perror("talloc(image)"); + return NULL;
  4. Download patch debian/patches/series

    --- 0.9.2-2/debian/patches/series 2019-04-19 21:34:17.000000000 +0000 +++ 0.9.2-2ubuntu1/debian/patches/series 2019-05-03 23:12:28.000000000 +0000 @@ -1,3 +1,6 @@ sbsign_check_write_return.patch fix-efi-arch-detection.patch +ubuntu-kernel-module-signing.patch +ubuntu-kernel-module-signing-fixes.patch +ubuntu-clear-image-before-use.patch fix_checksum_calc.patch
  5. Download patch debian/patches/ubuntu-kernel-module-signing.patch
  1. sbsigntool