Debian Patches
Status for sbsigntool/0.9.5-1
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| ubuntu/force-inline-talloc-chunk-from-ptr.patch | Force GCC to inline talloc_chunk_from_ptr to avoid LTO errors | Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> | no | 2026-06-24 | ||
| ubuntu/zero-checksum-unsigned.patch | Zero unsigned image checksum Unsigned binaries are typically produced with CheckSum zero, thus reset CheckSum to zero, if all signatures are removed. |
Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> | no | 2026-06-24 | ||
| upstream/sbverify-fix-intermediate-validation.patch | sbverify: fix intermediate certificate verification Openssl verification of partial chains cannot be fixed by checking error codes in the verify callback (because the errors for intermediate verified OK and failed are identical). Instead they must be fixed by setting the verification flag X509_V_FLAG_PARTIAL_CHAIN which treats any intermediate cert found as a CA. |
James Bottomley <James.Bottomley@HansenPartnership.com> | no | 2026-04-15 | ||
| fileio-write-errors.patch | Propagate errors from fileio_write_file | Debian EFI Team <debian-efi@lists.debian.org> | no | 2026-06-24 | ||
| fix-efi-arch-detection.patch | Fix EFI architecture detection Currently we use 'uname -m', which tells us the build architecture. In a cross-building environment or compat environment, this is not the same as the host architecture. Use AC_CANONICAL_HOST instead. |
Ben Hutchings <ben@decadent.org.uk> | no | 2016-06-26 | ||
| add-support-for-LoongArch-images.patch | Add support for LoongArch images | Dandan Zhang <zhangdandan@loongson.cn> | no | 2026-06-24 | ||
| objcopy-target.patch | Use --output-target instead of --target for objcopy | Mate Kukri <mate.kukri@canonical.com> | no | 2026-06-24 | ||
| gnu-efi-multiarch-lib-dir.patch | Add gnu-efi multiarch library directory | Debian EFI Team <debian-efi@lists.debian.org> | no | 2026-06-24 | ||
| fix-ftbfs-with-gcc-16.patch | Fix FTBFS with GCC 16 | Sergio Durigan Junior <sergiodj@debian.org> | no | 2026-04-21 | ||
| ubuntu/kernel-module-signing.patch | Ubuntu kernel module signing Add the kmodsign (sign-file from the upstream linux kernel) so that we can use it for external module signing. |
Andy Whitcroft <apw@ubuntu.com> | no | 2026-06-24 | ||
| ubuntu/kernel-module-signing-fixes.patch | Ubuntu kernel module signing fixes Separate out any local fixes we need to kmodsign.c to allow us to update it more easily from mainline when necessary. |
Andy Whitcroft <apw@ubuntu.com> | no | 2026-06-24 | ||
| ubuntu/clear-image-before-use.patch | Clear image before use We rely on the image being clear as we will attempt to free cirtain elements before reuse. Switch to a zeroing allocate. |
Andy Whitcroft <apw@ubuntu.com> | no | 2026-06-24 | ||
| ubuntu/sbverify-support-certificate-bundle.patch | sbverify: support certificate bundle It is often convenient to have a single cert bundle, and verify binaries against it. For example, a cert bundle of all the certificates in shim+db+mok, and then verify if a binary passes verification and thus will boot. Or a cert bundle of all the dbx+mokx certs and check if a given binary will not boot, if verification passes. This is similar to some of the openssl commands that also support loading cert-bundles for verification. |
Dimitri John Ledkov <dimitri.ledkov@canonical.com> | no | 2022-11-21 |