Debian Patches

Status for ukiboot/0.2.1+git20260604.ec869c7-4

Patch Description Author Forwarded Bugs Origin Last update
0001-pe_parser_posix-use-OpenSSL-ASN1_STRING-accessors.patch pe_parser_posix: use OpenSSL ASN1_STRING accessors
OpenSSL now treats ASN1_OCTET_STRING / struct asn1_string_st as
opaque and users can no longer access the data and length fields
directly.

Replace direct field access with ASN1_STRING_get0_data() and
ASN1_STRING_length() when reading PKCS#7 authenticated attributes,
encrypted digests and SpcIndirectDataContent.

Also make the PKCS7_digest_from_attributes() result const to match the
OpenSSL API return type and avoid the discarded-qualifier warning.
Christopher Obbard <obbardc@debian.org> yes 2026-06-21
0002-efi-link-against-gnu-efi-local-lds-crt0-for-objcopy-.patch efi: link against gnu-efi -local lds/crt0 for objcopy -O binary
On architectures where objcopy cannot emit PE/COFF directly (e.g.
RISC-V) the EFI binary is produced with 'objcopy -O binary'. That only
yields a valid image if the crt0 embeds the PE/COFF header. The regular
gnu-efi crt0-efi-riscv64.o carries no header (unlike crt0-efi-arm.o) so
the resultant file has no MZ/DOS magic and the subsequent pefile NX-flag
step in generate_binary.py fails with "DOS Header magic not found".

gnu-efi ships dedicated '-local' lds and crt0 variants
(elf_riscv64_efi_local.lds, crt0-efi-riscv64-local.o) that embed the
PE/COFF header for precisely this case. Select them whenever the
'-O binary' path is used and they are available; architectures without
'-local' variants (e.g. arm, whose regular crt0 already has the header)
keep using the regular files.
Christopher Obbard <obbardc@debian.org> yes 2026-06-28

All known versions for source package 'ukiboot'

Links