mokutil: Bring in upstream patches for build issues

Bring in two patches from upstream to resolve build issues with newer
compilers.

Signed-off-by: Chris Packham <[email protected]>

Author: cpackham-atlnz

patches/mokutil/0001-Avoid-taking-pointer-to-packed-struct.patch

@@ -0,0 +1,115 @@
+From 7e5d2180c09429955004f3dfd960293a39aaf731 Mon Sep 17 00:00:00 2001
+From: Harry Youd <[email protected]>
+Date: Wed, 31 Jul 2019 19:44:53 +0100
+Subject: [PATCH] Avoid taking pointer to packed struct
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fixes:
+error: taking address of packed member of ‘struct <anonymous>’ may result in an unaligned pointer value [-Werror=address-of-packed-member]
+(cherry picked from commit 19e8c9071b3d9306ca7b7329b313b31f86c2936d)
+---
+ src/mokutil.c | 38 ++++++++++++++++++++++----------------
+ 1 file changed, 22 insertions(+), 16 deletions(-)
+
+diff --git a/src/mokutil.c b/src/mokutil.c
+index e2d567d..8892613 100644
+--- a/src/mokutil.c
++++ b/src/mokutil.c
+@@ -270,20 +270,22 @@ build_mok_list (void *data, unsigned long data_size, uint32_t *mok_num)
+ 			return NULL;
+ 		}
+ 
+-		if ((efi_guid_cmp (&CertList->SignatureType, &efi_guid_x509_cert) != 0) &&
+-		    (efi_guid_cmp (&CertList->SignatureType, &efi_guid_sha1) != 0) &&
+-		    (efi_guid_cmp (&CertList->SignatureType, &efi_guid_sha224) != 0) &&
+-		    (efi_guid_cmp (&CertList->SignatureType, &efi_guid_sha256) != 0) &&
+-		    (efi_guid_cmp (&CertList->SignatureType, &efi_guid_sha384) != 0) &&
+-		    (efi_guid_cmp (&CertList->SignatureType, &efi_guid_sha512) != 0)) {
++		efi_guid_t sigtype = CertList->SignatureType;
++
++		if ((efi_guid_cmp (&sigtype, &efi_guid_x509_cert) != 0) &&
++		    (efi_guid_cmp (&sigtype, &efi_guid_sha1) != 0) &&
++		    (efi_guid_cmp (&sigtype, &efi_guid_sha224) != 0) &&
++		    (efi_guid_cmp (&sigtype, &efi_guid_sha256) != 0) &&
++		    (efi_guid_cmp (&sigtype, &efi_guid_sha384) != 0) &&
++		    (efi_guid_cmp (&sigtype, &efi_guid_sha512) != 0)) {
+ 			dbsize -= CertList->SignatureListSize;
+ 			CertList = (EFI_SIGNATURE_LIST *)((uint8_t *) CertList +
+ 						  CertList->SignatureListSize);
+ 			continue;
+ 		}
+ 
+-		if ((efi_guid_cmp (&CertList->SignatureType, &efi_guid_x509_cert) != 0) &&
+-		    (CertList->SignatureSize != signature_size (&CertList->SignatureType))) {
++		if ((efi_guid_cmp (&sigtype, &efi_guid_x509_cert) != 0) &&
++		    (CertList->SignatureSize != signature_size (&sigtype))) {
+ 			dbsize -= CertList->SignatureListSize;
+ 			CertList = (EFI_SIGNATURE_LIST *)((uint8_t *) CertList +
+ 						  CertList->SignatureListSize);
+@@ -312,7 +314,7 @@ build_mok_list (void *data, unsigned long data_size, uint32_t *mok_num)
+ 		}
+ 
+ 		list[count].header = CertList;
+-		if (efi_guid_cmp (&CertList->SignatureType, &efi_guid_x509_cert) == 0) {
++		if (efi_guid_cmp (&sigtype, &efi_guid_x509_cert) == 0) {
+ 			/* X509 certificate */
+ 			list[count].mok_size = CertList->SignatureSize -
+ 					       sizeof(efi_guid_t);
+@@ -442,10 +444,11 @@ list_keys (uint8_t *data, size_t data_size)
+ 
+ 	for (unsigned int i = 0; i < mok_num; i++) {
+ 		printf ("[key %d]\n", i+1);
+-		if (efi_guid_cmp (&list[i].header->SignatureType, &efi_guid_x509_cert) == 0) {
++		efi_guid_t sigtype = list[i].header->SignatureType;
++		if (efi_guid_cmp (&sigtype, &efi_guid_x509_cert) == 0) {
+ 			print_x509 ((char *)list[i].mok, list[i].mok_size);
+ 		} else {
+-			print_hash_array (&list[i].header->SignatureType,
++			print_hash_array (&sigtype,
+ 					  list[i].mok, list[i].mok_size);
+ 		}
+ 		if (i < mok_num - 1)
+@@ -523,7 +526,8 @@ delete_data_from_list (const efi_guid_t *var_guid, const char *var_name,
+ 	remain = total;
+ 	for (unsigned int i = 0; i < mok_num; i++) {
+ 		remain -= list[i].header->SignatureListSize;
+-		if (efi_guid_cmp (&list[i].header->SignatureType, type) != 0)
++		efi_guid_t sigtype = list[i].header->SignatureType;
++		if (efi_guid_cmp (&sigtype, type) != 0)
+ 			continue;
+ 
+ 		sig_list_size = list[i].header->SignatureListSize;
+@@ -1057,7 +1061,8 @@ is_duplicate (const efi_guid_t *type, const void *data, const uint32_t data_size
+ 	}
+ 
+ 	for (unsigned int i = 0; i < node_num; i++) {
+-		if (efi_guid_cmp (&list[i].header->SignatureType, type) != 0)
++		efi_guid_t sigtype = list[i].header->SignatureType;
++		if (efi_guid_cmp (&sigtype, type) != 0)
+ 			continue;
+ 
+ 		if (efi_guid_cmp (type, &efi_guid_x509_cert) == 0) {
+@@ -1510,8 +1515,8 @@ issue_hash_request (const char *hash_str, MokRequest req,
+ 			goto error;
+ 		/* Check if there is a signature list with the same type */
+ 		for (unsigned int i = 0; i < mok_num; i++) {
+-			if (efi_guid_cmp (&mok_list[i].header->SignatureType,
+-					 &hash_type) == 0) {
++			efi_guid_t sigtype = mok_list[i].header->SignatureType;
++			if (efi_guid_cmp (&sigtype, &hash_type) == 0) {
+ 				merge_ind = i;
+ 				list_size -= sizeof(EFI_SIGNATURE_LIST);
+ 				break;
+@@ -1678,8 +1683,9 @@ export_db_keys (const DBName db_name)
+ 	for (unsigned i = 0; i < mok_num; i++) {
+ 		off_t offset = 0;
+ 		ssize_t write_size;
++		efi_guid_t sigtype = list[i].header->SignatureType;
+ 
+-		if (efi_guid_cmp (&list[i].header->SignatureType, &efi_guid_x509_cert) != 0)
++		if (efi_guid_cmp (&sigtype, &efi_guid_x509_cert) != 0)
+ 			continue;
+ 
+ 		/* Dump X509 certificate to files */

patches/mokutil/0002-mokutil-remove-unused-int_to_b64.patch

@@ -0,0 +1,57 @@
+From 6b1d030983d012bfdc6e8b9269af4e4de21684cb Mon Sep 17 00:00:00 2001
+From: Nicolas Frayer <[email protected]>
+Date: Wed, 29 Jan 2025 17:37:36 +0100
+Subject: [PATCH] mokutil: remove unused int_to_b64()
+
+static const char b64t[64] triggers compiler warning
+which in turn makes the build fail with
+-Werror=unterminated-string-initialization, so removing
+this string with the the unused int_to_b64() function
+which is the only function using this array.
+
+Signed-off-by: Nicolas Frayer <[email protected]>
+(cherry picked from commit ea98ef56fa64e088d968a10c7bc751492abe672f)
+---
+ src/password-crypt.c | 9 ---------
+ src/password-crypt.h | 1 -
+ 2 files changed, 10 deletions(-)
+
+diff --git a/src/password-crypt.c b/src/password-crypt.c
+index 0b31d64..a4225f0 100644
+--- a/src/password-crypt.c
++++ b/src/password-crypt.c
+@@ -46,9 +46,6 @@
+ #define SHA256_DEFAULT_ROUNDS 5000
+ #define SHA512_DEFAULT_ROUNDS 5000
+ 
+-static const char b64t[64] =
+-"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+-
+ static const char md5_prefix[] = "$1$";
+ 
+ static const char sha256_prefix[] = "$5$";
+@@ -357,12 +354,6 @@ decode_pass (const char *crypt_pass, pw_crypt_t *pw_crypt)
+ 	return -1;
+ }
+ 
+-char
+-int_to_b64 (const int i)
+-{
+-	return b64t[i & 0x3f];
+-}
+-
+ int
+ b64_to_int (const char c)
+ {
+diff --git a/src/password-crypt.h b/src/password-crypt.h
+index 5487363..572f9ce 100644
+--- a/src/password-crypt.h
++++ b/src/password-crypt.h
+@@ -68,7 +68,6 @@ uint16_t get_salt_size (int method);
+ int get_hash_size (int method);
+ const char *get_crypt_prefix (int method);
+ int decode_pass (const char *crypt_pass, pw_crypt_t *pw_crypt);
+-char int_to_b64 (const int i);
+ int b64_to_int (const char c);
+ 
+ #endif /* __PASSWORD_CRYPT_H__ */

patches/mokutil/series

@@ -1 +1,2 @@
-# New version of mokutil has patches for 3.0 already, so nothing to do here yet...
+0001-Avoid-taking-pointer-to-packed-struct.patch
+0002-mokutil-remove-unused-int_to_b64.patch