diff -Nru fwupdate-0.5/debian/changelog fwupdate-0.5/debian/changelog --- fwupdate-0.5/debian/changelog 2017-07-10 08:34:46.000000000 +0000 +++ fwupdate-0.5/debian/changelog 2018-01-16 05:02:09.000000000 +0000 @@ -1,3 +1,27 @@ +fwupdate (0.5-2ubuntu7) xenial; urgency=medium + + * Redo patch series. (LP: #1730343) + - Backport ALL patches to EFI application up through the "9" release. + - The last two attempts have introduced unobvious bugs due to nature + of cherry picking. + - The "9" release of the EFI application however has been stable in + future releases of Ubuntu. + + -- Mario Limonciello Mon, 15 Jan 2018 22:59:48 -0600 + +fwupdate (0.5-2ubuntu6) xenial; urgency=medium + + * Backport patches to disable "Linux Firmware Updater" boot entry after + installation (LP: #1730343): + - 0001-efi-audit-for-overflow-in-find_updates. + - 0001-efi-check-for-size-overflow-in-read_file. + - 0001-efi-fwupdate-make-our-mult-wrapper-get-the-type-of-U. + - 0001-Fix-the-return-code-checking-in-uintn_mult.patch + - 0001-efi-delete-boot-entry-before-apply-capsule. + - 0002-efi-delete-the-boot-path-from-the-BootOrder-list. + + -- Mario Limonciello Tue, 05 Dec 2017 17:13:11 -0600 + fwupdate (0.5-2ubuntu5) xenial; urgency=medium [Ivan Hu] diff -Nru fwupdate-0.5/debian/patches/0001-efi-delete-boot-entry-before-apply-capsule.patch fwupdate-0.5/debian/patches/0001-efi-delete-boot-entry-before-apply-capsule.patch --- fwupdate-0.5/debian/patches/0001-efi-delete-boot-entry-before-apply-capsule.patch 1970-01-01 00:00:00.000000000 +0000 +++ fwupdate-0.5/debian/patches/0001-efi-delete-boot-entry-before-apply-capsule.patch 2017-12-05 23:11:24.000000000 +0000 @@ -0,0 +1,156 @@ +From 9bebde2c8b8960d86326f805743edb9293a6d173 Mon Sep 17 00:00:00 2001 +From: Ivan Hu +Date: Thu, 22 Jun 2017 17:06:41 +0800 +Subject: [PATCH 1/2] efi: delete boot entry before apply capsule + +Some buggy firmwares were found that if apply capsule fail will keep boot to +Linux-Firmware-Updater boot entry that created by fwupdate. This patch will +check the boot entry and delete it before the capsules was applied, since it has +been no use after Linux-Firmware-Updater was booted from it. + +Signed-off-by: Ivan Hu +--- + efi/fwupdate.c | 123 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 123 insertions(+) + +Index: fwupdate-0.5/efi/fwupdate.c +=================================================================== +--- fwupdate-0.5.orig/efi/fwupdate.c ++++ fwupdate-0.5/efi/fwupdate.c +@@ -585,6 +585,119 @@ open_file(EFI_DEVICE_PATH *dp, EFI_FILE_ + } + + static EFI_STATUS ++delete_boot_entry(void) ++{ ++ EFI_STATUS rc; ++ ++ UINTN variable_name_allocation = GNVN_BUF_SIZE; ++ UINTN variable_name_size = 0; ++ CHAR16 *variable_name; ++ EFI_GUID vendor_guid = empty_guid; ++ UINTN mult_res; ++ EFI_STATUS ret = EFI_OUT_OF_RESOURCES; ++ ++ variable_name = AllocateZeroPool(GNVN_BUF_SIZE * 2); ++ if (!variable_name) { ++ Print(L"%a:%a():%d: Tried to allocate %d\n", ++ __FILE__, __func__, __LINE__, ++ GNVN_BUF_SIZE * 2); ++ Print(L"Could not allocate memory.\n"); ++ return EFI_OUT_OF_RESOURCES; ++ } ++ ++ while (1) { ++ variable_name_size = variable_name_allocation; ++ rc = uefi_call_wrapper(RT->GetNextVariableName, 3, ++ &variable_name_size, variable_name, ++ &vendor_guid); ++ if (rc == EFI_BUFFER_TOO_SMALL) { ++ ++ UINTN new_allocation; ++ CHAR16 *new_name; ++ ++ new_allocation = variable_name_size; ++ if (uintn_mult(new_allocation, 2, &mult_res)) { ++ Print(L"%a:%a():%d: %d * 2 would overflow size\n", ++ __FILE__, __func__, __LINE__, ++ new_allocation); ++ ret = EFI_OUT_OF_RESOURCES; ++ goto err; ++ } ++ new_name = AllocatePool(new_allocation * 2); ++ if (!new_name) { ++ Print(L"%a:%a():%d: Tried to allocate %d\n", ++ __FILE__, __func__, __LINE__, ++ new_allocation * 2); ++ Print(L"Could not allocate memory.\n"); ++ ret = EFI_OUT_OF_RESOURCES; ++ goto err; ++ } ++ CopyMem(new_name, variable_name, ++ variable_name_allocation); ++ variable_name_allocation = new_allocation; ++ FreePool(variable_name); ++ variable_name = new_name; ++ continue; ++ } else if (rc == EFI_NOT_FOUND) { ++ break; ++ } else if (EFI_ERROR(rc)) { ++ Print(L"%a:%a():%d: " ++ L"Could not get variable name: %r\n", ++ __FILE__, __func__, __LINE__, rc); ++ ret = rc; ++ goto err; ++ } ++ ++ /* check if the variable name is Boot#### */ ++ UINTN vns = StrLen(variable_name); ++ if (vns == 8 && CompareMem(variable_name, L"Boot", 8) == 0) { ++ UINTN info_size = 0; ++ UINT32 attributes = 0; ++ void *info_ptr = NULL; ++ CHAR16 *load_op_description = NULL; ++ ++ rc = read_variable(variable_name, vendor_guid, &info_ptr, ++ &info_size, &attributes); ++ if (EFI_ERROR(rc)) { ++ ret = rc; ++ goto err; ++ } ++ ++ /* ++ * check if the boot path created by fwupdate, ++ * check with EFI_LOAD_OPTION decription ++ */ ++ load_op_description = (CHAR16 *)((UINT8 *)info_ptr + ++ sizeof(UINT32) + sizeof(UINT16)); ++ ++ if (CompareMem(load_op_description, ++ L"Linux-Firmware-Updater", ++ sizeof (L"Linux-Firmware-Updater") - 2) ++ == 0) { ++ delete_variable(variable_name, vendor_guid, ++ attributes); ++ ++ FreePool(info_ptr); ++ goto out; ++ ++ } ++ ++ FreePool(info_ptr); ++ } ++ } ++ ++out: ++ FreePool(variable_name); ++ return EFI_SUCCESS; ++ ++err: ++ FreePool(variable_name); ++ ++ return ret; ++} ++ ++ ++static EFI_STATUS + add_capsule(update_table *update, EFI_CAPSULE_HEADER **capsule_out, + EFI_CAPSULE_BLOCK_DESCRIPTOR *cbd_out) + { +@@ -672,6 +785,16 @@ apply_capsules(EFI_CAPSULE_HEADER **caps + UINT64 max_capsule_size; + EFI_STATUS rc; + ++ rc = delete_boot_entry(); ++ if (EFI_ERROR(rc)) { ++ /* ++ * Print out deleting boot entry error, but still try to apply ++ * capsule. ++ */ ++ Print(L"%a:%a():%d: Could not delete boot entry: %r\n", ++ __FILE__, __func__, __LINE__, rc); ++ } ++ + rc = uefi_call_wrapper(RT->QueryCapsuleCapabilities, 4, capsules, + num_updates, &max_capsule_size, reset); + if (debugging) { diff -Nru fwupdate-0.5/debian/patches/0001-fwupdate-use-FWUPDATE_GUID-as-the-owner-of-FWUPDATE_.patch fwupdate-0.5/debian/patches/0001-fwupdate-use-FWUPDATE_GUID-as-the-owner-of-FWUPDATE_.patch --- fwupdate-0.5/debian/patches/0001-fwupdate-use-FWUPDATE_GUID-as-the-owner-of-FWUPDATE_.patch 1970-01-01 00:00:00.000000000 +0000 +++ fwupdate-0.5/debian/patches/0001-fwupdate-use-FWUPDATE_GUID-as-the-owner-of-FWUPDATE_.patch 2018-01-16 04:58:52.000000000 +0000 @@ -0,0 +1,32 @@ +From b114085707f7a271002fdbe13c99b8f074072a35 Mon Sep 17 00:00:00 2001 +From: Lans Zhang +Date: Sun, 22 Nov 2015 14:29:51 +0800 +Subject: [PATCH 01/20] fwupdate: use FWUPDATE_GUID as the owner of + FWUPDATE_VERBOSE + +It looks more reasonable for FWUPDATE_VERBOSE owned by FWUPDATE_GUID. + +Signed-off-by: Lans Zhang +--- + efi/fwupdate.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/efi/fwupdate.c b/efi/fwupdate.c +index a2b6816..6025cfa 100644 +--- a/efi/fwupdate.c ++++ b/efi/fwupdate.c +@@ -675,8 +675,9 @@ debug_hook(void) + &guid, &attributes, &data_size, &data); + if (EFI_ERROR(efi_status) || data != 1) { + efi_status = uefi_call_wrapper(RT->GetVariable, 5, +- L"FWUPDATE_VERBOSE", &guid, +- &attributes, &data_size, &data); ++ L"FWUPDATE_VERBOSE", ++ &fwupdate_guid, &attributes, ++ &data_size, &data); + if (EFI_ERROR(efi_status) || data != 1) { + return; + } +-- +2.7.4 + diff -Nru fwupdate-0.5/debian/patches/0002-efi-delete-the-boot-path-from-the-BootOrder-list.patch fwupdate-0.5/debian/patches/0002-efi-delete-the-boot-path-from-the-BootOrder-list.patch --- fwupdate-0.5/debian/patches/0002-efi-delete-the-boot-path-from-the-BootOrder-list.patch 1970-01-01 00:00:00.000000000 +0000 +++ fwupdate-0.5/debian/patches/0002-efi-delete-the-boot-path-from-the-BootOrder-list.patch 2017-12-05 23:11:18.000000000 +0000 @@ -0,0 +1,124 @@ +From cd9ea4cbdc93da922ce9abc45c7de63fe252ecc8 Mon Sep 17 00:00:00 2001 +From: Ivan Hu +Date: Fri, 30 Jun 2017 16:04:24 +0800 +Subject: [PATCH 2/2] efi: delete the boot path from the BootOrder list + +The patch needs to follow the patch 49a5df9845b5b9739f1355580cd65ba57d5b85fe +efi: delete boot entry before apply capsule, which will delete the boot patch +created by fwupdate before applying capsule. This patch alse deletes the end +BootOrder. + +Signed-off-by: Ivan Hu +--- + efi/fwupdate.c | 89 +++++++++++++++++++++++++++++++++++++++++++++++++++++++--- + 1 file changed, 85 insertions(+), 4 deletions(-) + +Index: fwupdate-0.5/efi/fwupdate.c +=================================================================== +--- fwupdate-0.5.orig/efi/fwupdate.c ++++ fwupdate-0.5/efi/fwupdate.c +@@ -585,6 +585,71 @@ open_file(EFI_DEVICE_PATH *dp, EFI_FILE_ + } + + static EFI_STATUS ++delete_boot_order(CHAR16 *name, EFI_GUID guid) ++{ ++ ++ UINTN i; ++ UINT16 boot_num; ++ EFI_STATUS rc; ++ UINTN info_size = 0; ++ UINT32 attributes = 0; ++ void *info_ptr = NULL; ++ UINT16 *new_info_ptr = NULL; ++ BOOLEAN num_found = FALSE; ++ UINTN new_list_num = 0; ++ ++ /* get boot hex number */ ++ boot_num = xtoi((CHAR16 *)((UINT8 *)name + sizeof(L"Boot"))); ++ ++ rc = read_variable(L"BootOrder", guid, &info_ptr, &info_size, ++ &attributes); ++ if (EFI_ERROR(rc)) ++ return rc; ++ ++ new_info_ptr = AllocatePool(info_size); ++ if (!new_info_ptr) { ++ Print(L"%a:%a():%d: Tried to allocate %d\n", ++ __FILE__, __func__, __LINE__, info_size); ++ Print(L"Could not allocate memory.\n"); ++ FreePool(info_ptr); ++ return EFI_OUT_OF_RESOURCES; ++ } ++ ++ for (i = 0; i < (info_size / sizeof(UINT16)) ; i++) { ++ if (((UINT16 *)info_ptr)[i] != boot_num) { ++ new_info_ptr[i] = ((UINT16 *)info_ptr)[i]; ++ new_list_num++; ++ ++ } else { ++ num_found = TRUE; ++ } ++ } ++ ++ /* if not in the BootOrder list, do not update BootOrder */ ++ if (!num_found) { ++ rc = EFI_SUCCESS; ++ goto out; ++ } ++ ++ rc = uefi_call_wrapper(RT->SetVariable, 5, L"BootOrder", &guid, ++ attributes, new_list_num * sizeof(UINT16), ++ new_info_ptr); ++ if (EFI_ERROR(rc)) { ++ Print(L"%a:%a():%d: Could not update variable " ++ L"status for \"%s\": %r\n", ++ __FILE__, __func__, __LINE__, name, rc); ++ goto out; ++ } ++ ++out: ++ ++ FreePool(info_ptr); ++ FreePool(new_info_ptr); ++ ++ return rc; ++} ++ ++static EFI_STATUS + delete_boot_entry(void) + { + EFI_STATUS rc; +@@ -674,12 +739,28 @@ delete_boot_entry(void) + L"Linux-Firmware-Updater", + sizeof (L"Linux-Firmware-Updater") - 2) + == 0) { +- delete_variable(variable_name, vendor_guid, ++ rc = delete_variable(variable_name, vendor_guid, + attributes); + +- FreePool(info_ptr); +- goto out; +- ++ if (EFI_ERROR(rc)) { ++ Print(L"fail to delete Linux-Firmware-" ++ L"Updater boot path.\n"); ++ FreePool(info_ptr); ++ ret = rc; ++ goto out; ++ } ++ ++ /* delete the boot path from BootOrder list */ ++ rc = delete_boot_order(variable_name, ++ vendor_guid); ++ ++ if (EFI_ERROR(rc)) { ++ Print(L"fail to delete the boot path " ++ L"from BootOrder boot path.\n"); ++ FreePool(info_ptr); ++ ret = rc; ++ goto out; ++ } + } + + FreePool(info_ptr); diff -Nru fwupdate-0.5/debian/patches/0002-fwupdate-fix-memory-leaks-and-storing-update_table-t.patch fwupdate-0.5/debian/patches/0002-fwupdate-fix-memory-leaks-and-storing-update_table-t.patch --- fwupdate-0.5/debian/patches/0002-fwupdate-fix-memory-leaks-and-storing-update_table-t.patch 2017-07-07 10:47:34.000000000 +0000 +++ fwupdate-0.5/debian/patches/0002-fwupdate-fix-memory-leaks-and-storing-update_table-t.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,109 +0,0 @@ -From 5662cbdbef86d7c01f0050012ece271ff8e4ed92 Mon Sep 17 00:00:00 2001 -From: Lans Zhang -Date: Mon, 23 Nov 2015 13:28:49 +0800 -Subject: [PATCH 1/4] fwupdate: fix memory leaks and storing update_table to - NULL pointer - -Each update_table is not allocated and the pointers in updates are all -NULL pointers. Unfortunatelly, UEFI BIOS doesn't help us to capture the -violation caused by accessing NULL pointer. - -Signed-off-by: Lans Zhang ---- - efi/fwupdate.c | 51 +++++++++++++++++++++++++++++++-------------------- - 1 file changed, 31 insertions(+), 20 deletions(-) - -Index: fwupdate-0.5/efi/fwupdate.c -=================================================================== ---- fwupdate-0.5.orig/efi/fwupdate.c -+++ fwupdate-0.5/efi/fwupdate.c -@@ -228,8 +228,7 @@ find_updates(UINTN *n_updates_out, updat - CHAR16 *variable_name; - EFI_GUID vendor_guid = empty_guid; - -- updates = AllocateZeroPool(sizeof (update_table *) -- * n_updates_allocated); -+ updates = AllocatePool(sizeof (update_table *) * n_updates_allocated); - if (!updates) { - Print(L"%a:%a():%d: Tried to allocate %d\n", - __FILE__, __func__, __LINE__, -@@ -303,8 +302,8 @@ find_updates(UINTN *n_updates_out, updat - if (n_updates == n_updates_allocated) { - update_table **new_ups; - -- new_ups = AllocateZeroPool(sizeof (update_table *) * -- n_updates_allocated * 2); -+ new_ups = AllocatePool(sizeof (update_table *) * -+ n_updates_allocated * 2); - if (!new_ups) { - Print(L"%a:%a():%d: Tried to allocate %d\n", - __FILE__, __func__, __LINE__, -@@ -321,40 +320,52 @@ find_updates(UINTN *n_updates_out, updat - updates = new_ups; - } - -- updates[n_updates]->name = StrDuplicate(vn); -- rc = get_info(vn, updates[n_updates]); -+ update_table *update = AllocatePool(sizeof (update_table)); -+ if (!update) { -+ Print(L"%a:%a():%d: Tried to allocate %d\n", -+ __FILE__, __func__, __LINE__, -+ sizeof (update_table)); -+ ret = EFI_OUT_OF_RESOURCES; -+ goto err; -+ } -+ -+ update->name = StrDuplicate(vn); -+ rc = get_info(vn, update); - if (EFI_ERROR(rc)) { - Print(L"Could not get update info for \"%s\", " - L"aborting.\n", vn); - ret = rc; -+ FreePool(update->name); -+ FreePool(update); - goto err; - } -- if (updates[n_updates]->info->status & -- FWUPDATE_ATTEMPT_UPDATE) { -+ if (update->info->status & FWUPDATE_ATTEMPT_UPDATE) { - EFI_TIME_CAPABILITIES timecaps = { 0, }; -+ - uefi_call_wrapper(RT->GetTime, 2, -- &updates[n_updates]->info->time_attempted, -- &timecaps); -- updates[n_updates]->info->status = FWUPDATE_ATTEMPTED; -- n_updates++; -+ &update->info->time_attempted, -+ &timecaps); -+ update->info->status = FWUPDATE_ATTEMPTED; -+ updates[n_updates++] = update; - } else { -- FreePool(updates[n_updates]->info); -- FreePool(updates[n_updates]); -- updates[n_updates] = NULL; -+ FreePool(update->info); -+ FreePool(update->name); -+ FreePool(update); - } - } - -+ FreePool(variable_name); -+ - *n_updates_out = n_updates; - *updates_out = updates; - - return EFI_SUCCESS; - err: -- if (variable_name) -- FreePool(variable_name); -+ FreePool(variable_name); - -- for (int i = 0; i < n_updates && updates[i]; i++) { -- if (updates[i]->name) -- FreePool(updates[i]->name); -+ for (int i = 0; i < n_updates; i++) { -+ FreePool(updates[i]->name); -+ FreePool(updates[i]->info); - FreePool(updates[i]); - } - diff -Nru fwupdate-0.5/debian/patches/0002-fwupdate-fix-missing-free-on-error-path.patch fwupdate-0.5/debian/patches/0002-fwupdate-fix-missing-free-on-error-path.patch --- fwupdate-0.5/debian/patches/0002-fwupdate-fix-missing-free-on-error-path.patch 1970-01-01 00:00:00.000000000 +0000 +++ fwupdate-0.5/debian/patches/0002-fwupdate-fix-missing-free-on-error-path.patch 2018-01-16 04:58:52.000000000 +0000 @@ -0,0 +1,25 @@ +From 8b1e78da568a2f7f257998ebecfc3009b6b4c7fe Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 4 Dec 2015 08:47:52 -0500 +Subject: [PATCH 02/20] fwupdate: fix missing free on error path + +Signed-off-by: Peter Jones +--- + efi/fwupdate.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/efi/fwupdate.c b/efi/fwupdate.c +index 6025cfa..19755b3 100644 +--- a/efi/fwupdate.c ++++ b/efi/fwupdate.c +@@ -246,6 +246,7 @@ find_updates(UINTN *n_updates_out, update_table ***updates_out) + __FILE__, __func__, __LINE__, + GNVN_BUF_SIZE * 2); + Print(L"Could not allocate memory.\n"); ++ FreePool(updates); + return EFI_OUT_OF_RESOURCES; + } + +-- +2.7.4 + diff -Nru fwupdate-0.5/debian/patches/0003-fwupdate.efi-use-the-reset-type-from-some-querycapsu.patch fwupdate-0.5/debian/patches/0003-fwupdate.efi-use-the-reset-type-from-some-querycapsu.patch --- fwupdate-0.5/debian/patches/0003-fwupdate.efi-use-the-reset-type-from-some-querycapsu.patch 2017-07-07 10:48:00.000000000 +0000 +++ fwupdate-0.5/debian/patches/0003-fwupdate.efi-use-the-reset-type-from-some-querycapsu.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,76 +0,0 @@ -From b3a79313c2d00d1e1533492b5fe1e3413d89dbff Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Fri, 29 Apr 2016 11:41:45 -0400 -Subject: [PATCH 2/4] fwupdate.efi: use the reset type from some - querycapsuleinfo call. - -Signed-off-by: Peter Jones ---- - efi/fwupdate.c | 19 +++++++++++++------ - 1 file changed, 13 insertions(+), 6 deletions(-) - -Index: fwupdate-0.5/efi/fwupdate.c -=================================================================== ---- fwupdate-0.5.orig/efi/fwupdate.c -+++ fwupdate-0.5/efi/fwupdate.c -@@ -616,17 +616,16 @@ add_capsule(update_table *update, EFI_CA - static EFI_STATUS - apply_capsules(EFI_CAPSULE_HEADER **capsules, - EFI_CAPSULE_BLOCK_DESCRIPTOR *cbd, -- UINTN num_updates) -+ UINTN num_updates, EFI_RESET_TYPE *reset) - { -- EFI_RESET_TYPE reset; - UINT64 max_capsule_size; - EFI_STATUS rc; - - rc = uefi_call_wrapper(RT->QueryCapsuleCapabilities, 4, capsules, -- num_updates, &max_capsule_size, &reset); -+ num_updates, &max_capsule_size, reset); - if (debugging) { - Print(L"QueryCapsuleCapabilities: %r max: %ld reset:%d\n", -- rc, max_capsule_size, reset); -+ rc, max_capsule_size, *reset); - Print(L"Capsules: %d\n", num_updates); - } - -@@ -711,6 +710,7 @@ efi_main(EFI_HANDLE image, EFI_SYSTEM_TA - EFI_STATUS rc; - update_table **updates = NULL; - UINTN n_updates = 0; -+ EFI_RESET_TYPE reset_type = EfiResetWarm; - - InitializeLib(image, systab); - -@@ -732,6 +732,13 @@ efi_main(EFI_HANDLE image, EFI_SYSTEM_TA - /* - * Step 1: find and validate update state variables - */ -+ /* XXX TODO: -+ * 1) survey the reset types first, and separate into groups -+ * according to them -+ * 2) if there's more than one, mirror BootCurrent back into BootNext -+ * so we can do multiple runs -+ * 3) only select the ones from one type for the first go -+ */ - rc = find_updates(&n_updates, &updates); - if (EFI_ERROR(rc)) { - Print(L"fwupdate: Could not find updates: %r\n", rc); -@@ -781,7 +788,7 @@ efi_main(EFI_HANDLE image, EFI_SYSTEM_TA - /* - * Step 4: apply the capsules. - */ -- rc = apply_capsules(capsules, cbd_data, n_updates); -+ rc = apply_capsules(capsules, cbd_data, n_updates, &reset_type); - if (EFI_ERROR(rc)) { - Print(L"fwupdate: Could not apply capsules: %r\n", rc); - return rc; -@@ -794,7 +801,7 @@ efi_main(EFI_HANDLE image, EFI_SYSTEM_TA - Print(L"Reset System\n"); - uefi_call_wrapper(BS->Stall, 1, 10000000); - } -- uefi_call_wrapper(RT->ResetSystem, 4, EfiResetWarm, EFI_SUCCESS, -+ uefi_call_wrapper(RT->ResetSystem, 4, reset_type, EFI_SUCCESS, - 0, NULL); - - return EFI_SUCCESS; diff -Nru fwupdate-0.5/debian/patches/0003-fwupdate-fix-memory-leaks-and-storing-update_table-t.patch fwupdate-0.5/debian/patches/0003-fwupdate-fix-memory-leaks-and-storing-update_table-t.patch --- fwupdate-0.5/debian/patches/0003-fwupdate-fix-memory-leaks-and-storing-update_table-t.patch 1970-01-01 00:00:00.000000000 +0000 +++ fwupdate-0.5/debian/patches/0003-fwupdate-fix-memory-leaks-and-storing-update_table-t.patch 2018-01-16 04:58:52.000000000 +0000 @@ -0,0 +1,112 @@ +From 765bb7221af37ac56b11ef2253bf1bb3230ef589 Mon Sep 17 00:00:00 2001 +From: Lans Zhang +Date: Mon, 23 Nov 2015 13:28:49 +0800 +Subject: [PATCH 03/20] fwupdate: fix memory leaks and storing update_table to + NULL pointer + +Each update_table is not allocated and the pointers in updates are all +NULL pointers. Unfortunatelly, UEFI BIOS doesn't help us to capture the +violation caused by accessing NULL pointer. + +Signed-off-by: Lans Zhang +--- + efi/fwupdate.c | 51 +++++++++++++++++++++++++++++++-------------------- + 1 file changed, 31 insertions(+), 20 deletions(-) + +diff --git a/efi/fwupdate.c b/efi/fwupdate.c +index 19755b3..3e61d16 100644 +--- a/efi/fwupdate.c ++++ b/efi/fwupdate.c +@@ -228,8 +228,7 @@ find_updates(UINTN *n_updates_out, update_table ***updates_out) + CHAR16 *variable_name; + EFI_GUID vendor_guid = empty_guid; + +- updates = AllocateZeroPool(sizeof (update_table *) +- * n_updates_allocated); ++ updates = AllocatePool(sizeof (update_table *) * n_updates_allocated); + if (!updates) { + Print(L"%a:%a():%d: Tried to allocate %d\n", + __FILE__, __func__, __LINE__, +@@ -304,8 +303,8 @@ find_updates(UINTN *n_updates_out, update_table ***updates_out) + if (n_updates == n_updates_allocated) { + update_table **new_ups; + +- new_ups = AllocateZeroPool(sizeof (update_table *) * +- n_updates_allocated * 2); ++ new_ups = AllocatePool(sizeof (update_table *) * ++ n_updates_allocated * 2); + if (!new_ups) { + Print(L"%a:%a():%d: Tried to allocate %d\n", + __FILE__, __func__, __LINE__, +@@ -322,40 +321,52 @@ find_updates(UINTN *n_updates_out, update_table ***updates_out) + updates = new_ups; + } + +- updates[n_updates]->name = StrDuplicate(vn); +- rc = get_info(vn, updates[n_updates]); ++ update_table *update = AllocatePool(sizeof (update_table)); ++ if (!update) { ++ Print(L"%a:%a():%d: Tried to allocate %d\n", ++ __FILE__, __func__, __LINE__, ++ sizeof (update_table)); ++ ret = EFI_OUT_OF_RESOURCES; ++ goto err; ++ } ++ ++ update->name = StrDuplicate(vn); ++ rc = get_info(vn, update); + if (EFI_ERROR(rc)) { + Print(L"Could not get update info for \"%s\", " + L"aborting.\n", vn); + ret = rc; ++ FreePool(update->name); ++ FreePool(update); + goto err; + } +- if (updates[n_updates]->info->status & +- FWUPDATE_ATTEMPT_UPDATE) { ++ if (update->info->status & FWUPDATE_ATTEMPT_UPDATE) { + EFI_TIME_CAPABILITIES timecaps = { 0, }; ++ + uefi_call_wrapper(RT->GetTime, 2, +- &updates[n_updates]->info->time_attempted, +- &timecaps); +- updates[n_updates]->info->status = FWUPDATE_ATTEMPTED; +- n_updates++; ++ &update->info->time_attempted, ++ &timecaps); ++ update->info->status = FWUPDATE_ATTEMPTED; ++ updates[n_updates++] = update; + } else { +- FreePool(updates[n_updates]->info); +- FreePool(updates[n_updates]); +- updates[n_updates] = NULL; ++ FreePool(update->info); ++ FreePool(update->name); ++ FreePool(update); + } + } + ++ FreePool(variable_name); ++ + *n_updates_out = n_updates; + *updates_out = updates; + + return EFI_SUCCESS; + err: +- if (variable_name) +- FreePool(variable_name); ++ FreePool(variable_name); + +- for (int i = 0; i < n_updates && updates[i]; i++) { +- if (updates[i]->name) +- FreePool(updates[i]->name); ++ for (int i = 0; i < n_updates; i++) { ++ FreePool(updates[i]->name); ++ FreePool(updates[i]->info); + FreePool(updates[i]); + } + +-- +2.7.4 + diff -Nru fwupdate-0.5/debian/patches/0004-fwupdate.efi-add-one-missing-allocation-error-check.patch fwupdate-0.5/debian/patches/0004-fwupdate.efi-add-one-missing-allocation-error-check.patch --- fwupdate-0.5/debian/patches/0004-fwupdate.efi-add-one-missing-allocation-error-check.patch 1970-01-01 00:00:00.000000000 +0000 +++ fwupdate-0.5/debian/patches/0004-fwupdate.efi-add-one-missing-allocation-error-check.patch 2018-01-16 04:58:52.000000000 +0000 @@ -0,0 +1,33 @@ +From 5ed15743d1fae9aa2223c14bd6b4e972d9d7f17e Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 4 Dec 2015 09:04:21 -0500 +Subject: [PATCH 04/20] fwupdate.efi: add one missing allocation error check + +Signed-off-by: Peter Jones +--- + efi/fwupdate.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/efi/fwupdate.c b/efi/fwupdate.c +index 3e61d16..eff4348 100644 +--- a/efi/fwupdate.c ++++ b/efi/fwupdate.c +@@ -331,6 +331,15 @@ find_updates(UINTN *n_updates_out, update_table ***updates_out) + } + + update->name = StrDuplicate(vn); ++ if (!update->name) { ++ Print(L"%a:%a():%d: Tried to allocate %d\n", ++ __FILE__, __func__, __LINE__, ++ StrSize(vn)); ++ ret = EFI_OUT_OF_RESOURCES; ++ FreePool(update); ++ goto err; ++ } ++ + rc = get_info(vn, update); + if (EFI_ERROR(rc)) { + Print(L"Could not get update info for \"%s\", " +-- +2.7.4 + diff -Nru fwupdate-0.5/debian/patches/0005-efi-Get-rid-of-fno-strict-aliasing.patch fwupdate-0.5/debian/patches/0005-efi-Get-rid-of-fno-strict-aliasing.patch --- fwupdate-0.5/debian/patches/0005-efi-Get-rid-of-fno-strict-aliasing.patch 1970-01-01 00:00:00.000000000 +0000 +++ fwupdate-0.5/debian/patches/0005-efi-Get-rid-of-fno-strict-aliasing.patch 2018-01-16 04:58:52.000000000 +0000 @@ -0,0 +1,34 @@ +From 172f8b3d5d3a2b103b5dc9bd502ade6296e3294d Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 12 Feb 2016 11:37:04 -0500 +Subject: [PATCH 05/20] efi: Get rid of -fno-strict-aliasing + +We only had one aliasing violation anyway. + +Signed-off-by: Peter Jones +--- + efi/fwupdate.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/efi/fwupdate.c b/efi/fwupdate.c +index eff4348..cb0edd3 100644 +--- a/efi/fwupdate.c ++++ b/efi/fwupdate.c +@@ -174,11 +174,13 @@ get_info(CHAR16 *name, update_table *info_out) + update_info *info = NULL; + UINTN info_size = 0; + UINT32 attributes = 0; ++ void *info_ptr = NULL; + +- rc = read_variable(name, fwupdate_guid, (void **)&info, &info_size, ++ rc = read_variable(name, fwupdate_guid, &info_ptr, &info_size, + &attributes); + if (EFI_ERROR(rc)) + return rc; ++ info = (update_info *)info_ptr; + + if (info_size < sizeof (*info)) { + Print(L"Update \"%s\" is is too small.\n", name); +-- +2.7.4 + diff -Nru fwupdate-0.5/debian/patches/0006-efi-check-for-size-overflow-in-read_file.patch fwupdate-0.5/debian/patches/0006-efi-check-for-size-overflow-in-read_file.patch --- fwupdate-0.5/debian/patches/0006-efi-check-for-size-overflow-in-read_file.patch 1970-01-01 00:00:00.000000000 +0000 +++ fwupdate-0.5/debian/patches/0006-efi-check-for-size-overflow-in-read_file.patch 2018-01-16 04:58:52.000000000 +0000 @@ -0,0 +1,71 @@ +From 47f65e83dda4ea558b13d6bd3eb0fab7e5005a93 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 12 Feb 2016 11:37:48 -0500 +Subject: [PATCH 06/20] efi: check for size overflow in read_file() + +Signed-off-by: Peter Jones +--- + efi/fwupdate.c | 34 ++++++++++++++++++++++++++++++++-- + 1 file changed, 32 insertions(+), 2 deletions(-) + +diff --git a/efi/fwupdate.c b/efi/fwupdate.c +index cb0edd3..e06c13e 100644 +--- a/efi/fwupdate.c ++++ b/efi/fwupdate.c +@@ -32,6 +32,28 @@ typedef struct update_table_s { + static int debugging; + + /* ++ * I'm not actually sure when these appear, but they're present in the ++ * version in front of me. ++ */ ++#if defined(__GNUC__) && defined(__GNUC_MINOR__) ++#if __GNUC__ >= 5 && __GNUC_MINOR__ >= 1 ++#define uintn_mult(a, b, c) __builtin_mul_overflow(a, b, c) ++#endif ++#endif ++#ifndef uintn_mult ++#define uintn_mult(a, b, c) ({ \ ++ const UINTN _limit = ~0ULL; \ ++ int _ret = 1; \ ++ if ((a) != 0 && (b) != 0) { \ ++ _ret = _limit / (a) < (b); \ ++ } \ ++ if (_ret) \ ++ *(c) = ((a) * (b)); \ ++ _ret; \ ++ }) ++#endif ++ ++/* + * Allocate some raw pages that aren't part of the pool allocator. + */ + static EFI_STATUS +@@ -69,14 +91,22 @@ EFI_STATUS + read_file(EFI_FILE_HANDLE fh, UINT8 **buf_out, UINTN *buf_size_out) + { + UINT8 *b = NULL; +- UINTN bs = 512; ++ const UINTN bs = 512; + UINTN n_blocks = 4096; + UINTN i = 0; + EFI_STATUS rc; + + while (1) { + void *newb = NULL; +- rc = allocate(&newb, bs * n_blocks * 2); ++ UINTN news = 0; ++ if (!uintn_mult(bs * 2, n_blocks, &news)) { ++ if (b) ++ free(b, bs * n_blocks); ++ Print(L"%a:%a():%d: allocation would overflow size\n", ++ __FILE__, __func__, __LINE__); ++ return EFI_OUT_OF_RESOURCES; ++ } ++ rc = allocate(&newb, news); + if (EFI_ERROR(rc)) { + Print(L"%a:%a():%d: Tried to allocate %d\n", + __FILE__, __func__, __LINE__, +-- +2.7.4 + diff -Nru fwupdate-0.5/debian/patches/0007-efi-document-our-use-of-UINTN-vs-INTN-comparison-in-.patch fwupdate-0.5/debian/patches/0007-efi-document-our-use-of-UINTN-vs-INTN-comparison-in-.patch --- fwupdate-0.5/debian/patches/0007-efi-document-our-use-of-UINTN-vs-INTN-comparison-in-.patch 1970-01-01 00:00:00.000000000 +0000 +++ fwupdate-0.5/debian/patches/0007-efi-document-our-use-of-UINTN-vs-INTN-comparison-in-.patch 2018-01-16 04:58:52.000000000 +0000 @@ -0,0 +1,31 @@ +From 3674fec025e5be54e91ff14c26c67f5c1293da9f Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 12 Feb 2016 12:03:50 -0500 +Subject: [PATCH 07/20] efi: document our use of UINTN vs INTN comparison in + get_info() + +Signed-off-by: Peter Jones +--- + efi/fwupdate.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/efi/fwupdate.c b/efi/fwupdate.c +index e06c13e..407bf66 100644 +--- a/efi/fwupdate.c ++++ b/efi/fwupdate.c +@@ -227,6 +227,12 @@ get_info(CHAR16 *name, update_table *info_out) + + UINTN is = info_size - EFI_FIELD_OFFSET(update_info, dp); + EFI_DEVICE_PATH *hdr = (EFI_DEVICE_PATH *)&info->dp; ++ /* ++ * "sz" is INTN not UINTN on purpose: ++ * a) that size would be much to big anyway, but also ++ * b) it makes the sz < 4 comparison later give us a free overflow ++ * check. ++ */ + INTN sz = sizeof (EFI_DEVICE_PATH) - is; + if (is >= sizeof (EFI_DEVICE_PATH)) + sz = DevicePathSize(hdr); +-- +2.7.4 + diff -Nru fwupdate-0.5/debian/patches/0008-efi-audit-for-overflow-in-find_updates.patch fwupdate-0.5/debian/patches/0008-efi-audit-for-overflow-in-find_updates.patch --- fwupdate-0.5/debian/patches/0008-efi-audit-for-overflow-in-find_updates.patch 1970-01-01 00:00:00.000000000 +0000 +++ fwupdate-0.5/debian/patches/0008-efi-audit-for-overflow-in-find_updates.patch 2018-01-16 04:58:52.000000000 +0000 @@ -0,0 +1,89 @@ +From a49f4ff7278626c666e8c30ab93b1730b4dd2f29 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 12 Feb 2016 12:04:28 -0500 +Subject: [PATCH 08/20] efi: audit for overflow in find_updates() + +Signed-off-by: Peter Jones +--- + efi/fwupdate.c | 41 +++++++++++++++++++++++++++++++---------- + 1 file changed, 31 insertions(+), 10 deletions(-) + +diff --git a/efi/fwupdate.c b/efi/fwupdate.c +index 407bf66..b3174b2 100644 +--- a/efi/fwupdate.c ++++ b/efi/fwupdate.c +@@ -265,12 +265,19 @@ find_updates(UINTN *n_updates_out, update_table ***updates_out) + UINTN variable_name_size = 0; + CHAR16 *variable_name; + EFI_GUID vendor_guid = empty_guid; ++ UINTN mult_res; + +- updates = AllocatePool(sizeof (update_table *) * n_updates_allocated); ++ if (!uintn_mult(sizeof (update_table *), n_updates_allocated, ++ &mult_res)) { ++ Print(L"%a:%a():%d: would overflow size\n", ++ __FILE__, __func__, __LINE__); ++ return EFI_OUT_OF_RESOURCES; ++ } ++ ++ updates = AllocateZeroPool(mult_res); + if (!updates) { + Print(L"%a:%a():%d: Tried to allocate %d\n", +- __FILE__, __func__, __LINE__, +- sizeof (update_table *) * n_updates_allocated); ++ __FILE__, __func__, __LINE__, mult_res); + Print(L"Could not allocate memory.\n"); + return EFI_OUT_OF_RESOURCES; + } +@@ -299,6 +306,13 @@ find_updates(UINTN *n_updates_out, update_table ***updates_out) + CHAR16 *new_name; + + new_allocation = variable_name_size; ++ if (!uintn_mult(new_allocation, 2, &mult_res)) { ++ Print(L"%a:%a():%d: %d * 2 would overflow size\n", ++ __FILE__, __func__, __LINE__, ++ new_allocation); ++ ret = EFI_OUT_OF_RESOURCES; ++ goto err; ++ } + new_name = AllocatePool(new_allocation * 2); + if (!new_name) { + Print(L"%a:%a():%d: Tried to allocate %d\n", +@@ -340,20 +354,27 @@ find_updates(UINTN *n_updates_out, update_table ***updates_out) + + if (n_updates == n_updates_allocated) { + update_table **new_ups; ++ if (!uintn_mult(n_updates_allocated, 2, &mult_res)) { ++mult_err: ++ Print(L"%a:%a():%d: " ++ L"allocation would overflow size\n", ++ __FILE__, __func__, __LINE__); ++ ret = EFI_OUT_OF_RESOURCES; ++ goto err; ++ } ++ if (!uintn_mult(mult_res, sizeof (update_table *), ++ &mult_res)) ++ goto mult_err; + +- new_ups = AllocatePool(sizeof (update_table *) * +- n_updates_allocated * 2); ++ new_ups = AllocateZeroPool(mult_res); + if (!new_ups) { + Print(L"%a:%a():%d: Tried to allocate %d\n", +- __FILE__, __func__, __LINE__, +- sizeof (update_table *) +- * n_updates_allocated * 2); ++ __FILE__, __func__, __LINE__, mult_res); + Print(L"Could not allocate memory.\n"); + ret = EFI_OUT_OF_RESOURCES; + goto err; + } +- CopyMem(new_ups, updates, sizeof (update_table *) * +- n_updates_allocated); ++ CopyMem(new_ups, updates, mult_res); + n_updates_allocated *= 2; + FreePool(updates); + updates = new_ups; +-- +2.7.4 + diff -Nru fwupdate-0.5/debian/patches/0009-efi-check-for-overflow-in-open_file.patch fwupdate-0.5/debian/patches/0009-efi-check-for-overflow-in-open_file.patch --- fwupdate-0.5/debian/patches/0009-efi-check-for-overflow-in-open_file.patch 1970-01-01 00:00:00.000000000 +0000 +++ fwupdate-0.5/debian/patches/0009-efi-check-for-overflow-in-open_file.patch 2018-01-16 04:58:52.000000000 +0000 @@ -0,0 +1,33 @@ +From ac403eec003267f1cffa6b28354437ab36514268 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 12 Feb 2016 12:04:51 -0500 +Subject: [PATCH 09/20] efi: check for overflow in open_file() + +Signed-off-by: Peter Jones +--- + efi/fwupdate.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/efi/fwupdate.c b/efi/fwupdate.c +index b3174b2..39dfa1c 100644 +--- a/efi/fwupdate.c ++++ b/efi/fwupdate.c +@@ -572,6 +572,15 @@ open_file(EFI_DEVICE_PATH *dp, EFI_FILE_HANDLE *fh) + } + + sz /= sizeof (CHAR16); ++ /* ++ * check against some arbitrary limit to avoid having a stack ++ * overflow here. ++ */ ++ if (sz > 1024) { ++ Print(L"%a:%a():%d: Invalid file device path.\n", ++ __FILE__, __func__, __LINE__); ++ return EFI_INVALID_PARAMETER; ++ } + CHAR16 filename[sz+1]; + CopyMem(filename, (UINT8 *)file_dp + 4, sz * sizeof (CHAR16)); + filename[sz] = L'\0'; +-- +2.7.4 + diff -Nru fwupdate-0.5/debian/patches/0010-efi-force-flags-in-add_capsule.patch fwupdate-0.5/debian/patches/0010-efi-force-flags-in-add_capsule.patch --- fwupdate-0.5/debian/patches/0010-efi-force-flags-in-add_capsule.patch 1970-01-01 00:00:00.000000000 +0000 +++ fwupdate-0.5/debian/patches/0010-efi-force-flags-in-add_capsule.patch 2018-01-16 04:58:52.000000000 +0000 @@ -0,0 +1,42 @@ +From 8a09011d4141a0bc6f025da7c733cea4bdc54a90 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 12 Feb 2016 12:05:12 -0500 +Subject: [PATCH 10/20] efi: force flags in add_capsule + +Force CAPSULE_FLAGS_PERSIST_ACROSS_RESET | CAPSULE_FLAGS_INITIATE_RESET +always in add_capsule() + +Signed-off-by: Peter Jones +--- + efi/fwupdate.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/efi/fwupdate.c b/efi/fwupdate.c +index 39dfa1c..2da536e 100644 +--- a/efi/fwupdate.c ++++ b/efi/fwupdate.c +@@ -658,7 +658,9 @@ add_capsule(update_table *update, EFI_CAPSULE_HEADER **capsule_out, + cbd_out->Union.DataBlock = + (EFI_PHYSICAL_ADDRESS)(UINTN)fbuf; + *capsule_out = (EFI_CAPSULE_HEADER *)fbuf; +- (*capsule_out)->Flags |= update->info->capsule_flags; ++ (*capsule_out)->Flags |= update->info->capsule_flags | ++ CAPSULE_FLAGS_PERSIST_ACROSS_RESET | ++ CAPSULE_FLAGS_INITIATE_RESET; + } else { + if (debugging) { + Print(L"Image does not have embedded header\n"); +@@ -675,7 +677,9 @@ add_capsule(update_table *update, EFI_CAPSULE_HEADER **capsule_out, + } + capsule->CapsuleGuid = update->info->guid; + capsule->HeaderSize = sizeof (*capsule); +- capsule->Flags = update->info->capsule_flags; ++ capsule->Flags = update->info->capsule_flags | ++ CAPSULE_FLAGS_PERSIST_ACROSS_RESET | ++ CAPSULE_FLAGS_INITIATE_RESET; + capsule->CapsuleImageSize = fsize + sizeof (*capsule); + + UINT8 *buffer = (UINT8 *)capsule + capsule->HeaderSize; +-- +2.7.4 + diff -Nru fwupdate-0.5/debian/patches/0011-efi-make-get_info-bounds-check-better.patch fwupdate-0.5/debian/patches/0011-efi-make-get_info-bounds-check-better.patch --- fwupdate-0.5/debian/patches/0011-efi-make-get_info-bounds-check-better.patch 1970-01-01 00:00:00.000000000 +0000 +++ fwupdate-0.5/debian/patches/0011-efi-make-get_info-bounds-check-better.patch 2018-01-16 04:58:52.000000000 +0000 @@ -0,0 +1,77 @@ +From bc3f523d810d27f90c64328a033f67b2bccf7cef Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 25 Feb 2016 14:58:45 -0500 +Subject: [PATCH 11/20] efi: make get_info() bounds check better. + +Signed-off-by: Peter Jones +--- + efi/fwupdate.c | 39 ++++++++++++++++++++++++++++----------- + 1 file changed, 28 insertions(+), 11 deletions(-) + +diff --git a/efi/fwupdate.c b/efi/fwupdate.c +index 2da536e..98e5a60 100644 +--- a/efi/fwupdate.c ++++ b/efi/fwupdate.c +@@ -197,6 +197,26 @@ read_variable(CHAR16 *name, EFI_GUID guid, void **buf_out, UINTN *buf_size_out, + return EFI_SUCCESS; + } + ++static INTN ++dp_size(EFI_DEVICE_PATH *dp, INTN limit) ++{ ++ INTN ret = 0; ++ while (1) { ++ if (limit < 4) ++ break; ++ INTN nodelen = DevicePathNodeLength(dp); ++ if (nodelen > limit) ++ break; ++ limit -= nodelen; ++ ret += nodelen; ++ ++ if (IsDevicePathEnd(dp)) ++ return ret; ++ dp = NextDevicePathNode(dp); ++ } ++ return -1; ++} ++ + static EFI_STATUS + get_info(CHAR16 *name, update_table *info_out) + { +@@ -225,24 +245,21 @@ get_info(CHAR16 *name, update_table *info_out) + return EFI_INVALID_PARAMETER; + } + +- UINTN is = info_size - EFI_FIELD_OFFSET(update_info, dp); + EFI_DEVICE_PATH *hdr = (EFI_DEVICE_PATH *)&info->dp; +- /* +- * "sz" is INTN not UINTN on purpose: +- * a) that size would be much to big anyway, but also +- * b) it makes the sz < 4 comparison later give us a free overflow +- * check. +- */ +- INTN sz = sizeof (EFI_DEVICE_PATH) - is; +- if (is >= sizeof (EFI_DEVICE_PATH)) +- sz = DevicePathSize(hdr); +- if (is != sz || sz < 4) { ++ INTN is = EFI_FIELD_OFFSET(update_info, dp); ++ INTN sz = dp_size(hdr, info_size); ++ if (sz < 0 || is < 0) { ++invalid_size: + Print(L"Update \"%s\" has an invalid file path.\n" + L"update info size: %d dp size: %d size for dp: %d\n", + name, info_size, sz, is); + delete_variable(name, fwupdate_guid, attributes); + return EFI_INVALID_PARAMETER; + } ++ if (is > (INTN)info_size) ++ goto invalid_size; ++ if (is != sz) ++ goto invalid_size; + + info_out->info = info; + info_out->size = info_size; +-- +2.7.4 + diff -Nru fwupdate-0.5/debian/patches/0012-efi-Fix-minor-C-snafus.patch fwupdate-0.5/debian/patches/0012-efi-Fix-minor-C-snafus.patch --- fwupdate-0.5/debian/patches/0012-efi-Fix-minor-C-snafus.patch 1970-01-01 00:00:00.000000000 +0000 +++ fwupdate-0.5/debian/patches/0012-efi-Fix-minor-C-snafus.patch 2018-01-16 04:58:52.000000000 +0000 @@ -0,0 +1,35 @@ +From 0cec8f941580cb776e806add46c9997a52863130 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 25 Feb 2016 14:59:08 -0500 +Subject: [PATCH 12/20] efi: Fix minor C snafus + +Signed-off-by: Peter Jones +--- + efi/fwupdate.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/efi/fwupdate.c b/efi/fwupdate.c +index 98e5a60..98b9b34 100644 +--- a/efi/fwupdate.c ++++ b/efi/fwupdate.c +@@ -449,7 +449,7 @@ mult_err: + err: + FreePool(variable_name); + +- for (int i = 0; i < n_updates; i++) { ++ for (unsigned int i = 0; i < n_updates; i++) { + FreePool(updates[i]->name); + FreePool(updates[i]->info); + FreePool(updates[i]); +@@ -773,7 +773,7 @@ debug_hook(void) + UINTN data_size = 1; + EFI_STATUS efi_status; + UINT32 attributes; +- volatile register int x = 0; ++ register volatile int x = 0; + extern char _text, _data; + + /* +-- +2.7.4 + diff -Nru fwupdate-0.5/debian/patches/0013-Fix-the-return-code-checking-in-uintn_mult.patch fwupdate-0.5/debian/patches/0013-Fix-the-return-code-checking-in-uintn_mult.patch --- fwupdate-0.5/debian/patches/0013-Fix-the-return-code-checking-in-uintn_mult.patch 1970-01-01 00:00:00.000000000 +0000 +++ fwupdate-0.5/debian/patches/0013-Fix-the-return-code-checking-in-uintn_mult.patch 2018-01-16 04:58:52.000000000 +0000 @@ -0,0 +1,98 @@ +From c856eee9d497948d4816987649f77a2a4248310d Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 9 Mar 2016 10:37:43 -0500 +Subject: [PATCH 13/20] Fix the return code checking in uintn_mult(). + +We accidentally had the =gcc5 +version, so on one compiler it worked and the other it failed. + +Signed-off-by: Peter Jones +--- + efi/fwupdate.c | 35 +++++++++++++++++++++-------------- + 1 file changed, 21 insertions(+), 14 deletions(-) + +diff --git a/efi/fwupdate.c b/efi/fwupdate.c +index 98b9b34..3bafdcf 100644 +--- a/efi/fwupdate.c ++++ b/efi/fwupdate.c +@@ -47,7 +47,7 @@ static int debugging; + if ((a) != 0 && (b) != 0) { \ + _ret = _limit / (a) < (b); \ + } \ +- if (_ret) \ ++ if (!_ret) \ + *(c) = ((a) * (b)); \ + _ret; \ + }) +@@ -99,11 +99,11 @@ read_file(EFI_FILE_HANDLE fh, UINT8 **buf_out, UINTN *buf_size_out) + while (1) { + void *newb = NULL; + UINTN news = 0; +- if (!uintn_mult(bs * 2, n_blocks, &news)) { ++ if (uintn_mult(bs * 2, n_blocks, &news)) { + if (b) + free(b, bs * n_blocks); +- Print(L"%a:%a():%d: allocation would overflow size\n", +- __FILE__, __func__, __LINE__); ++ Print(L"%a:%a():%d: allocation %d * %d would overflow size\n", ++ __FILE__, __func__, __LINE__, bs * 2, n_blocks); + return EFI_OUT_OF_RESOURCES; + } + rc = allocate(&newb, news); +@@ -284,10 +284,11 @@ find_updates(UINTN *n_updates_out, update_table ***updates_out) + EFI_GUID vendor_guid = empty_guid; + UINTN mult_res; + +- if (!uintn_mult(sizeof (update_table *), n_updates_allocated, ++ if (uintn_mult(sizeof (update_table *), n_updates_allocated, + &mult_res)) { +- Print(L"%a:%a():%d: would overflow size\n", +- __FILE__, __func__, __LINE__); ++ Print(L"%a:%a():%d: allocation %d * %d would overflow size\n", ++ __FILE__, __func__, __LINE__, ++ sizeof (update_table *), n_updates_allocated); + return EFI_OUT_OF_RESOURCES; + } + +@@ -323,7 +324,7 @@ find_updates(UINTN *n_updates_out, update_table ***updates_out) + CHAR16 *new_name; + + new_allocation = variable_name_size; +- if (!uintn_mult(new_allocation, 2, &mult_res)) { ++ if (uintn_mult(new_allocation, 2, &mult_res)) { + Print(L"%a:%a():%d: %d * 2 would overflow size\n", + __FILE__, __func__, __LINE__, + new_allocation); +@@ -371,17 +372,23 @@ find_updates(UINTN *n_updates_out, update_table ***updates_out) + + if (n_updates == n_updates_allocated) { + update_table **new_ups; +- if (!uintn_mult(n_updates_allocated, 2, &mult_res)) { ++ UINTN mul_a, mul_b; ++ if (uintn_mult(n_updates_allocated, 2, &mult_res)) { ++ mul_a = n_updates_allocated; ++ mul_b = 2; + mult_err: +- Print(L"%a:%a():%d: " +- L"allocation would overflow size\n", +- __FILE__, __func__, __LINE__); ++ Print(L"%a:%a():%d: allocation %d * %d would overflow size\n", ++ __FILE__, __func__, __LINE__, ++ mul_a, mul_b); + ret = EFI_OUT_OF_RESOURCES; + goto err; + } +- if (!uintn_mult(mult_res, sizeof (update_table *), +- &mult_res)) ++ if (uintn_mult(mult_res, sizeof (update_table *), ++ &mult_res)) { ++ mul_a = mult_res; ++ mul_b = sizeof (update_table *); + goto mult_err; ++ } + + new_ups = AllocateZeroPool(mult_res); + if (!new_ups) { +-- +2.7.4 + diff -Nru fwupdate-0.5/debian/patches/0014-Correct-get_info-bounds-checking-that-was-broken-in-.patch fwupdate-0.5/debian/patches/0014-Correct-get_info-bounds-checking-that-was-broken-in-.patch --- fwupdate-0.5/debian/patches/0014-Correct-get_info-bounds-checking-that-was-broken-in-.patch 1970-01-01 00:00:00.000000000 +0000 +++ fwupdate-0.5/debian/patches/0014-Correct-get_info-bounds-checking-that-was-broken-in-.patch 2018-01-16 04:58:52.000000000 +0000 @@ -0,0 +1,26 @@ +From 6a387e56a54671f126b59e49775efc1dcf528215 Mon Sep 17 00:00:00 2001 +From: Mario L +Date: Thu, 10 Mar 2016 10:44:00 +0800 +Subject: [PATCH 14/20] Correct get_info bounds checking that was broken in + bc3f523d810 + +--- + efi/fwupdate.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/efi/fwupdate.c b/efi/fwupdate.c +index 3bafdcf..7a06afe 100644 +--- a/efi/fwupdate.c ++++ b/efi/fwupdate.c +@@ -246,7 +246,7 @@ get_info(CHAR16 *name, update_table *info_out) + } + + EFI_DEVICE_PATH *hdr = (EFI_DEVICE_PATH *)&info->dp; +- INTN is = EFI_FIELD_OFFSET(update_info, dp); ++ INTN is = info_size - EFI_FIELD_OFFSET(update_info, dp); + INTN sz = dp_size(hdr, info_size); + if (sz < 0 || is < 0) { + invalid_size: +-- +2.7.4 + diff -Nru fwupdate-0.5/debian/patches/0015-Test-the-offset-of-the-device-path-before-using-it.patch fwupdate-0.5/debian/patches/0015-Test-the-offset-of-the-device-path-before-using-it.patch --- fwupdate-0.5/debian/patches/0015-Test-the-offset-of-the-device-path-before-using-it.patch 1970-01-01 00:00:00.000000000 +0000 +++ fwupdate-0.5/debian/patches/0015-Test-the-offset-of-the-device-path-before-using-it.patch 2018-01-16 04:58:52.000000000 +0000 @@ -0,0 +1,38 @@ +From 01a80b6ddf561ce09a7fd139daaf72a95e8df789 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 10 Mar 2016 11:17:27 -0500 +Subject: [PATCH 15/20] Test the offset of the device path /before/ using it. + +a7c802e is right that we need to subtract there, but we need to test +that the value is in bounds before we do so. + +Signed-off-by: Peter Jones +--- + efi/fwupdate.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +diff --git a/efi/fwupdate.c b/efi/fwupdate.c +index 7a06afe..73bae5c 100644 +--- a/efi/fwupdate.c ++++ b/efi/fwupdate.c +@@ -246,7 +246,16 @@ get_info(CHAR16 *name, update_table *info_out) + } + + EFI_DEVICE_PATH *hdr = (EFI_DEVICE_PATH *)&info->dp; +- INTN is = info_size - EFI_FIELD_OFFSET(update_info, dp); ++ INTN is = EFI_FIELD_OFFSET(update_info, dp); ++ if (is > (INTN)info_size) { ++ Print(L"Update \"%s\" has an invalid file path.\n" ++ L"Device path offset is %d, but total size is %d\n", ++ name, is, info_size); ++ delete_variable(name, fwupdate_guid, attributes); ++ return EFI_INVALID_PARAMETER; ++ } ++ ++ is = info_size - is; + INTN sz = dp_size(hdr, info_size); + if (sz < 0 || is < 0) { + invalid_size: +-- +2.7.4 + diff -Nru fwupdate-0.5/debian/patches/0016-fwupdate.efi-use-the-reset-type-from-some-querycapsu.patch fwupdate-0.5/debian/patches/0016-fwupdate.efi-use-the-reset-type-from-some-querycapsu.patch --- fwupdate-0.5/debian/patches/0016-fwupdate.efi-use-the-reset-type-from-some-querycapsu.patch 1970-01-01 00:00:00.000000000 +0000 +++ fwupdate-0.5/debian/patches/0016-fwupdate.efi-use-the-reset-type-from-some-querycapsu.patch 2018-01-16 04:58:52.000000000 +0000 @@ -0,0 +1,79 @@ +From f1cc489783d2054e90fa6bebc3732e7ea8bb3722 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 29 Apr 2016 11:41:45 -0400 +Subject: [PATCH 16/20] fwupdate.efi: use the reset type from some + querycapsuleinfo call. + +Signed-off-by: Peter Jones +--- + efi/fwupdate.c | 19 +++++++++++++------ + 1 file changed, 13 insertions(+), 6 deletions(-) + +diff --git a/efi/fwupdate.c b/efi/fwupdate.c +index 73bae5c..632219e 100644 +--- a/efi/fwupdate.c ++++ b/efi/fwupdate.c +@@ -731,17 +731,16 @@ add_capsule(update_table *update, EFI_CAPSULE_HEADER **capsule_out, + static EFI_STATUS + apply_capsules(EFI_CAPSULE_HEADER **capsules, + EFI_CAPSULE_BLOCK_DESCRIPTOR *cbd, +- UINTN num_updates) ++ UINTN num_updates, EFI_RESET_TYPE *reset) + { +- EFI_RESET_TYPE reset; + UINT64 max_capsule_size; + EFI_STATUS rc; + + rc = uefi_call_wrapper(RT->QueryCapsuleCapabilities, 4, capsules, +- num_updates, &max_capsule_size, &reset); ++ num_updates, &max_capsule_size, reset); + if (debugging) { + Print(L"QueryCapsuleCapabilities: %r max: %ld reset:%d\n", +- rc, max_capsule_size, reset); ++ rc, max_capsule_size, *reset); + Print(L"Capsules: %d\n", num_updates); + } + +@@ -827,6 +826,7 @@ efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *systab) + EFI_STATUS rc; + update_table **updates = NULL; + UINTN n_updates = 0; ++ EFI_RESET_TYPE reset_type = EfiResetWarm; + + InitializeLib(image, systab); + +@@ -848,6 +848,13 @@ efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *systab) + /* + * Step 1: find and validate update state variables + */ ++ /* XXX TODO: ++ * 1) survey the reset types first, and separate into groups ++ * according to them ++ * 2) if there's more than one, mirror BootCurrent back into BootNext ++ * so we can do multiple runs ++ * 3) only select the ones from one type for the first go ++ */ + rc = find_updates(&n_updates, &updates); + if (EFI_ERROR(rc)) { + Print(L"fwupdate: Could not find updates: %r\n", rc); +@@ -897,7 +904,7 @@ efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *systab) + /* + * Step 4: apply the capsules. + */ +- rc = apply_capsules(capsules, cbd_data, n_updates); ++ rc = apply_capsules(capsules, cbd_data, n_updates, &reset_type); + if (EFI_ERROR(rc)) { + Print(L"fwupdate: Could not apply capsules: %r\n", rc); + return rc; +@@ -910,7 +917,7 @@ efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *systab) + Print(L"Reset System\n"); + uefi_call_wrapper(BS->Stall, 1, 10000000); + } +- uefi_call_wrapper(RT->ResetSystem, 4, EfiResetWarm, EFI_SUCCESS, ++ uefi_call_wrapper(RT->ResetSystem, 4, reset_type, EFI_SUCCESS, + 0, NULL); + + return EFI_SUCCESS; +-- +2.7.4 + diff -Nru fwupdate-0.5/debian/patches/0017-fix-type-punning-aliasing-violation.patch fwupdate-0.5/debian/patches/0017-fix-type-punning-aliasing-violation.patch --- fwupdate-0.5/debian/patches/0017-fix-type-punning-aliasing-violation.patch 1970-01-01 00:00:00.000000000 +0000 +++ fwupdate-0.5/debian/patches/0017-fix-type-punning-aliasing-violation.patch 2018-01-16 04:58:52.000000000 +0000 @@ -0,0 +1,30 @@ +From ae7b85840d278d0704aa92a2ea44816064346197 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 11 Aug 2016 15:26:47 -0400 +Subject: [PATCH 17/20] fix type-punning aliasing violation + +This fixes github issue #41. + +Signed-off-by: Peter Jones +--- + efi/fwupdate.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/efi/fwupdate.c b/efi/fwupdate.c +index 632219e..13d78f9 100644 +--- a/efi/fwupdate.c ++++ b/efi/fwupdate.c +@@ -597,7 +597,9 @@ open_file(EFI_DEVICE_PATH *dp, EFI_FILE_HANDLE *fh) + return EFI_UNSUPPORTED; + } + +- UINTN sz = *(UINT16 *)file_dp->Length - 4; ++ UINTN sz; ++ CopyMem(&sz, &file_dp->Length[0], 2); ++ sz -= 4; + if (sz <= 6 || sz % 2 != 0) { + Print(L"%a:%a():%d: Invalid file device path.\n", + __FILE__, __func__, __LINE__); +-- +2.7.4 + diff -Nru fwupdate-0.5/debian/patches/0018-Stall-before-rebooting-after-applying-a-capsule-upda.patch fwupdate-0.5/debian/patches/0018-Stall-before-rebooting-after-applying-a-capsule-upda.patch --- fwupdate-0.5/debian/patches/0018-Stall-before-rebooting-after-applying-a-capsule-upda.patch 1970-01-01 00:00:00.000000000 +0000 +++ fwupdate-0.5/debian/patches/0018-Stall-before-rebooting-after-applying-a-capsule-upda.patch 2018-01-16 04:58:52.000000000 +0000 @@ -0,0 +1,48 @@ +From 5765420d99507857c8f0698dfbff50b2a4ca1cdb Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 11 Aug 2016 15:30:36 -0400 +Subject: [PATCH 18/20] Stall before rebooting after applying a capsule update. + +This fixes github issue #51. + +Signed-off-by: Peter Jones +--- + efi/fwupdate.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/efi/fwupdate.c b/efi/fwupdate.c +index 13d78f9..387130b 100644 +--- a/efi/fwupdate.c ++++ b/efi/fwupdate.c +@@ -31,6 +31,8 @@ typedef struct update_table_s { + + static int debugging; + ++#define SECONDS 1000000 ++ + /* + * I'm not actually sure when these appear, but they're present in the + * version in front of me. +@@ -746,7 +748,7 @@ apply_capsules(EFI_CAPSULE_HEADER **capsules, + Print(L"Capsules: %d\n", num_updates); + } + +- uefi_call_wrapper(BS->Stall, 1, 1000000); ++ uefi_call_wrapper(BS->Stall, 1, 1 * SECONDS); + rc = uefi_call_wrapper(RT->UpdateCapsule, 3, capsules, num_updates, + (EFI_PHYSICAL_ADDRESS)(VOID *)cbd); + if (EFI_ERROR(rc)) { +@@ -917,8 +919,9 @@ efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *systab) + */ + if (debugging) { + Print(L"Reset System\n"); +- uefi_call_wrapper(BS->Stall, 1, 10000000); ++ uefi_call_wrapper(BS->Stall, 1, 5 * SECONDS); + } ++ uefi_call_wrapper(BS->Stall, 1, 5 * SECONDS); + uefi_call_wrapper(RT->ResetSystem, 4, reset_type, EFI_SUCCESS, + 0, NULL); + +-- +2.7.4 + diff -Nru fwupdate-0.5/debian/patches/0019-Really-fix-ae7b85.patch fwupdate-0.5/debian/patches/0019-Really-fix-ae7b85.patch --- fwupdate-0.5/debian/patches/0019-Really-fix-ae7b85.patch 1970-01-01 00:00:00.000000000 +0000 +++ fwupdate-0.5/debian/patches/0019-Really-fix-ae7b85.patch 2018-01-16 04:58:52.000000000 +0000 @@ -0,0 +1,33 @@ +From fcc2249f6bf552a67dc73d04d0b5b13f2771a8da Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 16 Aug 2016 16:58:26 -0400 +Subject: [PATCH 19/20] Really fix ae7b85 + +The previous fix leaves /half/ or /one quarter/ of the UINTN +uninitialized, which has hilarious and unfortunate results. Instead, +copy the value to an intermediate UINT16. + +Signed-off-by: Peter Jones +--- + efi/fwupdate.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/efi/fwupdate.c b/efi/fwupdate.c +index 387130b..152a29a 100644 +--- a/efi/fwupdate.c ++++ b/efi/fwupdate.c +@@ -599,8 +599,10 @@ open_file(EFI_DEVICE_PATH *dp, EFI_FILE_HANDLE *fh) + return EFI_UNSUPPORTED; + } + ++ UINT16 sz16; + UINTN sz; +- CopyMem(&sz, &file_dp->Length[0], 2); ++ CopyMem(&sz16, &file_dp->Length[0], sizeof(sz16)); ++ sz = sz16; + sz -= 4; + if (sz <= 6 || sz % 2 != 0) { + Print(L"%a:%a():%d: Invalid file device path.\n", +-- +2.7.4 + diff -Nru fwupdate-0.5/debian/patches/0020-fwupdate-fakeesrt-fix-some-typecasting-errors-on-i68.patch fwupdate-0.5/debian/patches/0020-fwupdate-fakeesrt-fix-some-typecasting-errors-on-i68.patch --- fwupdate-0.5/debian/patches/0020-fwupdate-fakeesrt-fix-some-typecasting-errors-on-i68.patch 1970-01-01 00:00:00.000000000 +0000 +++ fwupdate-0.5/debian/patches/0020-fwupdate-fakeesrt-fix-some-typecasting-errors-on-i68.patch 2018-01-16 04:58:52.000000000 +0000 @@ -0,0 +1,65 @@ +From 7a4c51774738844581c5072e84a9f3ba78028fc9 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 17 Aug 2016 13:05:27 -0400 +Subject: [PATCH 20/20] fwupdate+fakeesrt: fix some typecasting errors on i686 + +Fixes github issue #54. + +Signed-off-by: Peter Jones +--- + efi/fwupdate.c | 22 ++++++++++++++++++---- + 1 file changed, 18 insertions(+), 4 deletions(-) + +diff --git a/efi/fwupdate.c b/efi/fwupdate.c +index 152a29a..b82e24e 100644 +--- a/efi/fwupdate.c ++++ b/efi/fwupdate.c +@@ -67,11 +67,24 @@ allocate(void **addr, UINTN size) + UINTN pages = size / 4096 + ((size % 4096) ? 1 : 0); + EFI_STATUS rc; + EFI_PHYSICAL_ADDRESS pageaddr = 0; ++ EFI_ALLOCATE_TYPE type = AllocateAnyPages; + +- rc = uefi_call_wrapper(BS->AllocatePages, 4, AllocateAnyPages, ++ if (sizeof (VOID *) == 4) { ++ pageaddr = 0xffffffffULL - 8192; ++ type = AllocateMaxAddress; ++ } ++ ++ rc = uefi_call_wrapper(BS->AllocatePages, 4, type, + EfiLoaderData, pages, + &pageaddr); +- *addr = (void *)pageaddr; ++ if (EFI_ERROR(rc)) ++ return rc; ++ if (sizeof (VOID *) == 4 && pageaddr > 0xffffffffULL) { ++ uefi_call_wrapper(BS->FreePages, 2, pageaddr, pages); ++ Print(L"Got bad allocation at 0x%016x\n", (UINT64)pageaddr); ++ return EFI_OUT_OF_RESOURCES; ++ } ++ *addr = (void *)(UINTN)pageaddr; + return rc; + } + +@@ -84,7 +97,8 @@ free(void *addr, UINTN size) + UINTN pages = size / 4096 + ((size % 4096) ? 1 : 0); + EFI_STATUS rc; + +- rc = uefi_call_wrapper(BS->FreePages, 2, (EFI_PHYSICAL_ADDRESS)addr, ++ rc = uefi_call_wrapper(BS->FreePages, 2, ++ (EFI_PHYSICAL_ADDRESS)(UINTN)addr, + pages); + return rc; + } +@@ -752,7 +766,7 @@ apply_capsules(EFI_CAPSULE_HEADER **capsules, + + uefi_call_wrapper(BS->Stall, 1, 1 * SECONDS); + rc = uefi_call_wrapper(RT->UpdateCapsule, 3, capsules, num_updates, +- (EFI_PHYSICAL_ADDRESS)(VOID *)cbd); ++ (EFI_PHYSICAL_ADDRESS)(UINTN)cbd); + if (EFI_ERROR(rc)) { + Print(L"%a:%a():%d: Could not apply capsule update: %r\n", + __FILE__, __func__, __LINE__, rc); +-- +2.7.4 + diff -Nru fwupdate-0.5/debian/patches/series fwupdate-0.5/debian/patches/series --- fwupdate-0.5/debian/patches/series 2017-07-07 10:49:37.000000000 +0000 +++ fwupdate-0.5/debian/patches/series 2018-01-16 04:59:42.000000000 +0000 @@ -1,6 +1,31 @@ +#applies to pieces other than efi/fwupdate.c 0001-Clear-immuatable-bit-on-efivar-before-trying-to-remo.patch 0001-Run-efibootmgr-q-before-running-cleanup-script.patch -0002-fwupdate-fix-memory-leaks-and-storing-update_table-t.patch -0003-fwupdate.efi-use-the-reset-type-from-some-querycapsu.patch 0004-Add-a-flag-to-Allow-flashing-GUID-s-that-don-t-match.patch 0005-Make-sure-our-BootNext-entry-is-always-in-BootOrder.patch + +#brings EFI application up to the "9" release +0001-fwupdate-use-FWUPDATE_GUID-as-the-owner-of-FWUPDATE_.patch +0002-fwupdate-fix-missing-free-on-error-path.patch +0003-fwupdate-fix-memory-leaks-and-storing-update_table-t.patch +0004-fwupdate.efi-add-one-missing-allocation-error-check.patch +0005-efi-Get-rid-of-fno-strict-aliasing.patch +0006-efi-check-for-size-overflow-in-read_file.patch +0007-efi-document-our-use-of-UINTN-vs-INTN-comparison-in-.patch +0008-efi-audit-for-overflow-in-find_updates.patch +0009-efi-check-for-overflow-in-open_file.patch +0010-efi-force-flags-in-add_capsule.patch +0011-efi-make-get_info-bounds-check-better.patch +0012-efi-Fix-minor-C-snafus.patch +0013-Fix-the-return-code-checking-in-uintn_mult.patch +0014-Correct-get_info-bounds-checking-that-was-broken-in-.patch +0015-Test-the-offset-of-the-device-path-before-using-it.patch +0016-fwupdate.efi-use-the-reset-type-from-some-querycapsu.patch +0017-fix-type-punning-aliasing-violation.patch +0018-Stall-before-rebooting-after-applying-a-capsule-upda.patch +0019-Really-fix-ae7b85.patch +0020-fwupdate-fakeesrt-fix-some-typecasting-errors-on-i68.patch + +#newer than 9 release - patches to delete boot order +0001-efi-delete-boot-entry-before-apply-capsule.patch +0002-efi-delete-the-boot-path-from-the-BootOrder-list.patch