Debian Patches
Status for imx-code-signing-tool/4.0.1+dfsg-1
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| unbreak-scripts.patch | Undo 3.3.1 changes which break the script for no good reason Fall back to the installed openssl configuration directory if none is given. Based on the original patch by Sean Anderson <seanga2@gmail.com> |
Andrej Shadura <andrew.shadura@collabora.co.uk> | no | 2025-06-02 | ||
| fix-shell-syntax.patch | Remove commented out lines resulting in incorrect shell syntax | Andrej Shadura <andrew.shadura@collabora.co.uk> | no | 2025-06-03 | ||
| be-compat.patch | Use ntohl instead of a custom macro for big-endian compat | Andrej Shadura <andrew.shadura@collabora.co.uk> | no | 2025-06-03 | ||
| fix_scripts_shebang.patch | Fix shebang in hab_srktool_scripts The shebang has to be the first line, *above* the copyrights. | Tobias Deiminger <tobias.deiminger@linutronix.de> | no | 2026-01-30 | ||
| openssl_engine_dynload.patch | Load pkcs11 engine dynamically Upstream links a static copy of OpenSSL. It also hardcodes to statically link the pkcs11 engine from libp11. We want to use system shared libraries instead and therefore adjust the following: - Don't call the bind_engine function from pkcs11 explicitly. It would require linking, which in turn would require rpath for engines-3/pkcs11.so since it's not in the system search path. Rather use OpenSSLs dynamic engine load feature. - Remove hardcoded static linking settings from CMakeLists.txt. |
Tobias Deiminger <tobias.deiminger@linutronix.de> | no | 2025-05-27 | ||
| hidapi_libusb_dynlink.patch | Link libhidapi-libusb as shared system library The hab_log_parser tool requires libhidapi-libusb. Upstream hardcodes static linking. We want to link the system shared library instead and must thus change the related cmake find function. |
Tobias Deiminger <tobias.deiminger@linutronix.de> | no | 2026-01-30 | ||
| libjson_c_dynlink.patch | Link libjson-c as shared system library The ahab_signed_message tool requires libjson-c. Upstream hardcodes static linking. We want to link the system shared library instead and must thus change the related cmake find function. |
Tobias Deiminger <tobias.deiminger@linutronix.de> | no | 2026-01-30 | ||
| formatstr-compat.patch | Fix -Wformat errors on i386 gcc -Wformat ahab_image_verifier.c fails on i386 with the following errors: "format '%zu' expects argument of type 'size_t', but argument has type 'long int'" "format '%ld' expects argument of type 'long int', but argument has type 'size_t' {aka 'unsigned int'}" 'printf("%zu", (long) 0);' and 'printf("%ld", (size_t) 0);' work by chance on architectures like amd64 where size_t expands to 'typedef long unsigned int size_t;'. However, on i386, size_t expands to 'typedef unsigned int size_t;' and thus -Wformat triggers an compilation error. To fix it, we replace the format specifier with the actual variable types. Upstream should have done this anyway, there is no obvious reason to use the conversion specifiers. |
Tobias Deiminger <tobias.deiminger@linutronix.de> | no | 2026-01-30 | ||
| fix_add_key_md.patch | Fix setting message digest in non-interactive mode for HABv4 add_key must hard code message digest to sha256 if HABv4 is selected. However, this was only done in interactive mode. In non-interactive mode, the variable remained uninitialized and OpenSSL then failed in EVP_DigestSignInit_ex. This patch moves hard coding to a place where it's effective for all modes. | Tobias Deiminger <tobias.deiminger@linutronix.de> | no | 2026-01-30 | ||
| check_return_values.patch | Check return value of fgets The cmake project has a reasonable default setting CMAKE_COMPILE_WARNING_AS_ERROR=ON in cmake/compiler_options.cmake. With this setting our build will fail on unchecked return values from fgets(). This patch fixes the issue by adding return value checks. This is not just to silence the errors. C99 defines for fgets: "If a read error occurs during the operation, the array contents are indeterminate and a null pointer is returned". We should actually check the return value to avoid undefined behavior from processing indeterminate data. Let get_passcode_to_key_file return -1 on error, since it is used as callback to OpenSSLs PEM_read_bio_PrivateKey_ex where documentation states "The callback must return the number of characters in the passphrase or -1 if an error occurred". |
Tobias Deiminger <tobias.deiminger@linutronix.de> | no | 2026-01-30 | ||
| libusb_dynlink.patch | Link libusb as shared system library The hab_log_parser tool requires libusb. Upstream hardcodes static linking. We want to link the system shared library instead and must thus change the related cmake find function. |
Tobias Deiminger <tobias.deiminger@linutronix.de> | no | 2026-01-30 |
All known versions for source package 'imx-code-signing-tool'
- 4.0.1+dfsg-1 (forky, sid)
- 3.4.1+dfsg-6 (trixie)
- 3.3.1+dfsg-2 (bookworm)