commit pesign for openSUSE:Factory
Hello community,
here is the log from the commit of package pesign for openSUSE:Factory checked
in at 2020-05-08 23:00:47
Comparing /work/SRC/openSUSE:Factory/pesign (Old)
and /work/SRC/openSUSE:Factory/.pesign.new.2738 (New)
Package is "pesign"
Fri May 8 23:00:47 2020 rev:36 rq:800528 version:113
Changes:
--- /work/SRC/openSUSE:Factory/pesign/pesign.changes2019-12-11
11:58:34.976899974 +0100
+++ /work/SRC/openSUSE:Factory/.pesign.new.2738/pesign.changes 2020-05-08
23:00:53.681315954 +0200
@@ -1,0 +2,5 @@
+Tue May 5 12:42:15 UTC 2020 - Dominique Leuenberger
+
+- Use %_tmpfilesdir instead of %{_libexecdir}/tmpfiles.d.
+
+---
Other differences:
--
++ pesign.spec ++
--- /var/tmp/diff_new_pack.CQBUGo/_old 2020-05-08 23:00:55.709320097 +0200
+++ /var/tmp/diff_new_pack.CQBUGo/_new 2020-05-08 23:00:55.709320097 +0200
@@ -1,7 +1,7 @@
#
# spec file for package pesign
#
-# Copyright (c) 2019 SUSE LLC
+# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -89,7 +89,7 @@
%post
%service_add_post pesign.service
-systemd-tmpfiles --create %{_libexecdir}/tmpfiles.d/pesign.conf || :
+systemd-tmpfiles --create %{_tmpfilesdir}/pesign.conf || :
%postun
%service_del_postun pesign.service
@@ -113,7 +113,7 @@
%{_mandir}/man?/*
%{_localstatedir}/lib/pesign
%{_unitdir}/pesign.service
-%{_libexecdir}/tmpfiles.d/pesign.conf
+%{_tmpfilesdir}/pesign.conf
%dir %{_libexecdir}/pesign
%{_libexecdir}/pesign/pesign-authorize
%dir %attr(0775,pesign,pesign) %{_sysconfdir}/pki/pesign
commit pesign for openSUSE:Factory
Hello community,
here is the log from the commit of package pesign for openSUSE:Factory checked
in at 2019-12-11 11:58:33
Comparing /work/SRC/openSUSE:Factory/pesign (Old)
and /work/SRC/openSUSE:Factory/.pesign.new.4691 (New)
Package is "pesign"
Wed Dec 11 11:58:33 2019 rev:35 rq:753851 version:113
Changes:
--- /work/SRC/openSUSE:Factory/pesign/pesign.changes2019-08-05
10:34:30.487385455 +0200
+++ /work/SRC/openSUSE:Factory/.pesign.new.4691/pesign.changes 2019-12-11
11:58:34.976899974 +0100
@@ -1,0 +2,7 @@
+Wed Dec 4 02:38:05 UTC 2019 - Gary Ching-Pang Lin
+
+- Add pesign-boo1158197-fix-pesigncheck-gcc10.patch to remove the
+ superfluous type settings in pesigcheck to fix the gcc10 errors
+ (boo#1158197)
+
+---
New:
pesign-boo1158197-fix-pesigncheck-gcc10.patch
Other differences:
--
++ pesign.spec ++
--- /var/tmp/diff_new_pack.Z4L9o4/_old 2019-12-11 11:58:36.036899687 +0100
+++ /var/tmp/diff_new_pack.Z4L9o4/_new 2019-12-11 11:58:36.040899686 +0100
@@ -1,7 +1,7 @@
#
# spec file for package pesign
#
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -22,7 +22,7 @@
Summary:Signing tool for PE-COFF binaries
License:GPL-3.0-or-later
Group: Productivity/Security
-Url:https://github.com/rhinstaller/pesign
+URL:https://github.com/rhinstaller/pesign
Source:
https://github.com/rhinstaller/pesign/releases/download/%{version}/%{name}-%{version}.tar.bz2
# PATCH-FIX-SUSE pesign-suse-build.patch g...@suse.com -- Adjust Makefile for
the build service
Patch1: pesign-suse-build.patch
@@ -36,6 +36,8 @@
Patch5: pesign-efikeygen-Fix-the-build-with-nss-3.44.patch
# PATCH-FIX-SUSE pesign-boo1143063-remove-var-tracking.patch -- boo#1143063
Remove var-tracking from default CFLAGS
Patch6: pesign-boo1143063-remove-var-tracking.patch
+# PATCH-FIX-UPSTREAM pesign-boo1158197-fix-pesigncheck-gcc10.patch
g...@suse.com -- boo#1158197 Fix the gcc10 errors
+Patch7: pesign-boo1158197-fix-pesigncheck-gcc10.patch
BuildRequires: efivar-devel
BuildRequires: libuuid-devel
BuildRequires: mozilla-nss-devel
@@ -58,6 +60,7 @@
%patch4 -p1
%patch5 -p1
%patch6 -p1
+%patch7 -p1
%build
make %{?_smp_mflags} CFLAGS="%{optflags}"
++ pesign-boo1158197-fix-pesigncheck-gcc10.patch ++
>From b0b740f38da6d4584417d65a7c97fd4faf982cf6 Mon Sep 17 00:00:00 2001
From: Gary Lin
Date: Wed, 4 Dec 2019 10:28:28 +0800
Subject: [PATCH] pesigcheck: remove superfluous type settings
When setting the type of reason in check_signature(), the type was
accidentally set as "siBuffer". Since the type is already set as
"SIGNATURE", we only need to remove those two lines of code.
Fixes: https://github.com/rhboot/pesign/issues/55
Signed-off-by: Gary Lin
---
src/pesigcheck.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/src/pesigcheck.c b/src/pesigcheck.c
index 524cce3..d197c30 100644
--- a/src/pesigcheck.c
+++ b/src/pesigcheck.c
@@ -318,7 +318,6 @@ check_signature(pesigcheck_context *ctx, int *nreasons,
reason->type = SIGNATURE;
reason->sig.data = data;
reason->sig.len = datalen;
- reason->type = siBuffer;
nreason += 1;
is_invalid = true;
}
@@ -330,7 +329,6 @@ check_signature(pesigcheck_context *ctx, int *nreasons,
reason->type = SIGNATURE;
reason->sig.data = data;
reason->sig.len = datalen;
- reason->type = siBuffer;
nreason += 1;
has_valid_cert = true;
}
--
2.24.0
commit pesign for openSUSE:Factory
Hello community,
here is the log from the commit of package pesign for openSUSE:Factory checked
in at 2019-08-05 10:34:29
Comparing /work/SRC/openSUSE:Factory/pesign (Old)
and /work/SRC/openSUSE:Factory/.pesign.new.4126 (New)
Package is "pesign"
Mon Aug 5 10:34:29 2019 rev:34 rq:719977 version:113
Changes:
--- /work/SRC/openSUSE:Factory/pesign/pesign.changes2019-07-22
12:17:50.211704569 +0200
+++ /work/SRC/openSUSE:Factory/.pesign.new.4126/pesign.changes 2019-08-05
10:34:30.487385455 +0200
@@ -1,0 +2,6 @@
+Wed Jul 31 03:26:37 UTC 2019 - Gary Ching-Pang Lin
+
+- Add pesign-boo1143063-remove-var-tracking.patch to remove
+ var-tracking from the default CFLAGS (boo#1143063)
+
+---
New:
pesign-boo1143063-remove-var-tracking.patch
Other differences:
--
++ pesign.spec ++
--- /var/tmp/diff_new_pack.0GBvmv/_old 2019-08-05 10:34:30.939385413 +0200
+++ /var/tmp/diff_new_pack.0GBvmv/_new 2019-08-05 10:34:30.939385413 +0200
@@ -34,6 +34,8 @@
Patch4: pesign-fix-authvar-write-loop.patch
# PATCH-FIX-UPSTREAM pesign-efikeygen-Fix-the-build-with-nss-3.44.patch
g...@suse.com -- Fix the NSS 3.44 compilation error
Patch5: pesign-efikeygen-Fix-the-build-with-nss-3.44.patch
+# PATCH-FIX-SUSE pesign-boo1143063-remove-var-tracking.patch -- boo#1143063
Remove var-tracking from default CFLAGS
+Patch6: pesign-boo1143063-remove-var-tracking.patch
BuildRequires: efivar-devel
BuildRequires: libuuid-devel
BuildRequires: mozilla-nss-devel
@@ -55,6 +57,7 @@
%patch3 -p1
%patch4 -p1
%patch5 -p1
+%patch6 -p1
%build
make %{?_smp_mflags} CFLAGS="%{optflags}"
++ pesign-boo1143063-remove-var-tracking.patch ++
diff --git a/Make.defaults b/Make.defaults
index 7892d73..2d18005 100644
--- a/Make.defaults
+++ b/Make.defaults
@@ -47,7 +47,7 @@ cflags= $(CFLAGS) $(ARCH3264) \
$(call pkg-config-cflags)
clang_ccldflags =
gcc_ccldflags = -fno-merge-constants \
- -fvar-tracking -fvar-tracking-assignments -fkeep-inline-functions \
+ -fvar-tracking-assignments -fkeep-inline-functions \
-Wl,--fatal-warnings,--no-allow-shlib-undefined,--default-symver \
-Wl,-O2 -Wl,--no-undefined-version -Wl,-z,relro,-z,now \
-Wl,--no-add-needed,--no-copy-dt-needed-entries,--as-needed
commit pesign for openSUSE:Factory
Hello community,
here is the log from the commit of package pesign for openSUSE:Factory checked
in at 2019-07-22 12:17:48
Comparing /work/SRC/openSUSE:Factory/pesign (Old)
and /work/SRC/openSUSE:Factory/.pesign.new.4126 (New)
Package is "pesign"
Mon Jul 22 12:17:48 2019 rev:33 rq:714600 version:113
Changes:
--- /work/SRC/openSUSE:Factory/pesign/pesign.changes2019-06-05
11:37:46.399089103 +0200
+++ /work/SRC/openSUSE:Factory/.pesign.new.4126/pesign.changes 2019-07-22
12:17:50.211704569 +0200
@@ -1,0 +2,6 @@
+Thu Jul 11 09:00:21 UTC 2019 - Gary Ching-Pang Lin
+
+- Add pesign-efikeygen-Fix-the-build-with-nss-3.44.patch to fix
+ the compilation error when building with NSS 3.44
+
+---
New:
pesign-efikeygen-Fix-the-build-with-nss-3.44.patch
Other differences:
--
++ pesign.spec ++
--- /var/tmp/diff_new_pack.RVNfpL/_old 2019-07-22 12:17:51.087704339 +0200
+++ /var/tmp/diff_new_pack.RVNfpL/_new 2019-07-22 12:17:51.091704338 +0200
@@ -32,6 +32,8 @@
Patch3: pesign-run.patch
# PATCH-FIX-UPSTREAM pesign-fix-authvar-write-loop.patch g...@suse.com -- Fix
the write loop in authvar
Patch4: pesign-fix-authvar-write-loop.patch
+# PATCH-FIX-UPSTREAM pesign-efikeygen-Fix-the-build-with-nss-3.44.patch
g...@suse.com -- Fix the NSS 3.44 compilation error
+Patch5: pesign-efikeygen-Fix-the-build-with-nss-3.44.patch
BuildRequires: efivar-devel
BuildRequires: libuuid-devel
BuildRequires: mozilla-nss-devel
@@ -52,6 +54,7 @@
%patch2 -p1
%patch3 -p1
%patch4 -p1
+%patch5 -p1
%build
make %{?_smp_mflags} CFLAGS="%{optflags}"
++ pesign-efikeygen-Fix-the-build-with-nss-3.44.patch ++
>From b535d1ac5cbcdf18a97d97a92581e38080d9e521 Mon Sep 17 00:00:00 2001
From: Peter Jones
Date: Tue, 14 May 2019 11:28:38 -0400
Subject: [PATCH] efikeygen: Fix the build with nss 3.44
NSS 3.44 adds some certificate types, which changes a type and makes
some encoding stuff weird. As a result, we get:
gcc8 -I/wrkdirs/usr/ports/sysutils/pesign/work/pesign-0.110/include -O2 -pipe
-fstack-protector-strong -Wl,-rpath=/usr/local/lib/gcc8 -isystem
/usr/local/include -fno-strict-aliasing -g -O0 -g -O0 -Wall -fshort-wchar
-fno-strict-aliasing -fno-merge-constants --std=gnu99 -D_GNU_SOURCE
-Wno-unused-result -Wno-unused-function -I../include/ -I/usr/local/include/nss
-I/usr/local/include/nss/nss -I/usr/local/include/nspr -Werror -fPIC -isystem
/usr/local/include -DCONFIG_amd64 -DCONFIG_amd64 -c efikeygen.c -o efikeygen.o
In file included from /usr/local/include/nss/nss/cert.h:22,
from efikeygen.c:39:
efikeygen.c: In function 'add_cert_type':
/usr/local/include/nss/nss/certt.h:445:5: error: unsigned conversion from 'int'
to 'unsigned char' changes value from '496' to '240' [-Werror=overflow]
(NS_CERT_TYPE_SSL_CLIENT | NS_CERT_TYPE_SSL_SERVER | NS_CERT_TYPE_EMAIL | \
^
efikeygen.c:208:23: note: in expansion of macro 'NS_CERT_TYPE_APP'
unsigned char type = NS_CERT_TYPE_APP;
^~~~
cc1: all warnings being treated as errors
This is fixed by just making it an int.
Fixes github issue #48.
Signed-off-by: Peter Jones
---
src/efikeygen.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/efikeygen.c b/src/efikeygen.c
index ede76ef..2cd953e 100644
--- a/src/efikeygen.c
+++ b/src/efikeygen.c
@@ -208,7 +208,7 @@ static int
add_cert_type(cms_context *cms, void *extHandle, int is_ca)
{
SECItem bitStringValue;
- unsigned char type = NS_CERT_TYPE_APP;
+ int type = NS_CERT_TYPE_APP;
if (is_ca)
type |= NS_CERT_TYPE_SSL_CA |
--
2.22.0
commit pesign for openSUSE:Factory
Hello community,
here is the log from the commit of package pesign for openSUSE:Factory checked
in at 2019-06-05 11:37:43
Comparing /work/SRC/openSUSE:Factory/pesign (Old)
and /work/SRC/openSUSE:Factory/.pesign.new.5148 (New)
Package is "pesign"
Wed Jun 5 11:37:43 2019 rev:32 rq:707028 version:113
Changes:
--- /work/SRC/openSUSE:Factory/pesign/pesign.changes2019-05-14
13:13:43.920850486 +0200
+++ /work/SRC/openSUSE:Factory/.pesign.new.5148/pesign.changes 2019-06-05
11:37:46.399089103 +0200
@@ -1,0 +2,5 @@
+Sun Jun 2 07:01:51 UTC 2019 - Jan Engelhardt
+
+- Trim conjecture from description.
+
+---
Other differences:
--
++ pesign.spec ++
--- /var/tmp/diff_new_pack.AqITS8/_old 2019-06-05 11:37:47.211088999 +0200
+++ /var/tmp/diff_new_pack.AqITS8/_new 2019-06-05 11:37:47.215088998 +0200
@@ -43,7 +43,7 @@
ExclusiveArch: ia64 %ix86 x86_64 aarch64 %arm
%description
-Signing tool for PE-COFF binaries, hopefully at least vaguely compliant
+Signing tool for PE-COFF binaries. It is vaguely compliant
with the PE and Authenticode specifications.
%prep
@@ -54,7 +54,7 @@
%patch4 -p1
%build
-make %{?_smp_mflags} CFLAGS="$RPM_OPT_FLAGS"
+make %{?_smp_mflags} CFLAGS="%{optflags}"
%install
make INSTALLROOT=%{buildroot} libexecdir=%{_libexecdir} install
commit pesign for openSUSE:Factory
Hello community,
here is the log from the commit of package pesign for openSUSE:Factory checked
in at 2019-05-14 13:13:42
Comparing /work/SRC/openSUSE:Factory/pesign (Old)
and /work/SRC/openSUSE:Factory/.pesign.new.5148 (New)
Package is "pesign"
Tue May 14 13:13:42 2019 rev:31 rq:702581 version:113
Changes:
--- /work/SRC/openSUSE:Factory/pesign/pesign.changes2019-05-10
09:20:35.240583180 +0200
+++ /work/SRC/openSUSE:Factory/.pesign.new.5148/pesign.changes 2019-05-14
13:13:43.920850486 +0200
@@ -1,0 +2,24 @@
+Mon May 13 03:57:30 UTC 2019 - Gary Ching-Pang Lin
+
+- Update to 113
+ + Get rid of the 0.Y versioning
+ + Make --padding the default
+ + Add kmod signing (drake)
+ + efisiglist format fixes
+ + enforce the use of --kernel or --module in efikeygen
+ + RPM macro updates
+ + Move the license to GPLv3+
+ + Use sql-type NSS database by default
+ + Various documentation improvements.
+ + Improve /etc/pki/pesign authorization scripts
+ + Various pesigcheck improvements
+- Refresh patches
+ + pesign-suse-build.patch
+ + pesign-privkey_unneeded.diff
+ + pesign-fix-authvar-write-loop.patch
+- Drop upstreamed patches
+ + pesign-fix-argument-list.patch
+ + pesign-bsc1087742-fix-efisiglist.patch
+- Drop pesign-fix-build-errors.patch since those warnings are gone
+
+---
@@ -4 +28 @@
-- Enable build on %arm as we can sign kernel on %arm
+- Enable build on %arm as we can sign kernel on %arm (boo#1134670)
Old:
pesign-0.112.tar.bz2
pesign-bsc1087742-fix-efisiglist.patch
pesign-fix-argument-list.patch
pesign-fix-build-errors.patch
New:
pesign-113.tar.bz2
Other differences:
--
++ pesign.spec ++
--- /var/tmp/diff_new_pack.jCR3r5/_old 2019-05-14 13:13:44.468851862 +0200
+++ /var/tmp/diff_new_pack.jCR3r5/_new 2019-05-14 13:13:44.472851872 +0200
@@ -17,27 +17,21 @@
Name: pesign
-Version:0.112
+Version:113
Release:0
Summary:Signing tool for PE-COFF binaries
-License:GPL-2.0-only
+License:GPL-3.0-or-later
Group: Productivity/Security
Url:https://github.com/rhinstaller/pesign
Source:
https://github.com/rhinstaller/pesign/releases/download/%{version}/%{name}-%{version}.tar.bz2
# PATCH-FIX-SUSE pesign-suse-build.patch g...@suse.com -- Adjust Makefile for
the build service
Patch1: pesign-suse-build.patch
-# PATCH-FIX-UPSTREAM pesign-fix-build-errors.patch g...@suse.com -- Fix gcc
warnings
-Patch2: pesign-fix-build-errors.patch
# PATCH-FIX-UPSTREAM pesign-privkey_unneeded.diff g...@suse.com -- Don't check
the private key when importing the raw signature
-Patch3: pesign-privkey_unneeded.diff
+Patch2: pesign-privkey_unneeded.diff
# PATCH-FIX-SUSE pesign-run.patch a...@suse.com - Use /run instead of /var/run
-Patch5: pesign-run.patch
+Patch3: pesign-run.patch
# PATCH-FIX-UPSTREAM pesign-fix-authvar-write-loop.patch g...@suse.com -- Fix
the write loop in authvar
-Patch6: pesign-fix-authvar-write-loop.patch
-# PATCH-FIX-UPSTREAM pesign-fix-argument-list.patch g...@suse.com -- Fix the
argument list parsing
-Patch7: pesign-fix-argument-list.patch
-# PATCH-FIX-UPSTREAM bsc#1087742 pesign-bsc1087742-fix-efisiglist.patch
g...@suse.com -- Fix efi signature list generation
-Patch8: pesign-bsc1087742-fix-efisiglist.patch
+Patch4: pesign-fix-authvar-write-loop.patch
BuildRequires: efivar-devel
BuildRequires: libuuid-devel
BuildRequires: mozilla-nss-devel
@@ -57,10 +51,7 @@
%patch1 -p1
%patch2 -p1
%patch3 -p1
-%patch5 -p1
-%patch6 -p1
-%patch7 -p1
-%patch8 -p1
+%patch4 -p1
%build
make %{?_smp_mflags} CFLAGS="$RPM_OPT_FLAGS"
@@ -96,7 +87,7 @@
%files
%defattr(-,root,root)
-%doc COPYING
+%license COPYING
%{_bindir}/pesign
%{_bindir}/pesign-client
%{_bindir}/efikeygen
@@ -115,7 +106,7 @@
%{_unitdir}/pesign.service
%{_libexecdir}/tmpfiles.d/pesign.conf
%dir %{_libexecdir}/pesign
-%{_libexecdir}/pesign/pesign-authorize-*
+%{_libexecdir}/pesign/pesign-authorize
%dir %attr(0775,pesign,pesign) %{_sysconfdir}/pki/pesign
%ghost %dir %attr(0770,pesign,pesign) /run/%{name}
%dir %attr(0770,pesign,pesign) %{_localstatedir}/lib/%{name}
++ pesign-0.112.tar.bz2 -> pesign-113.tar.bz2 ++
7030 lines of diff (skipped)
++ pesign-fix-authvar-write-loop.patch ++
--- /var/tmp/diff_new_pack.jCR3r5/_old 2019-05-14 13:13:44.664852354 +0200
+++ /var/tmp/diff_new_pack.jCR3r5/_new 2019-05-14 13:13:44.664852354 +0200
@@ -1,4 +1,4 @@
-From e3aee739b92c4124fc1207fb06a7dd1cd89d03ae Mon Sep 17 00:00:00 2001
+From b3c58e3b9237f90e865723837a9389fcb25f6945 Mon Sep 17 00:00:00 200
commit pesign for openSUSE:Factory
Hello community,
here is the log from the commit of package pesign for openSUSE:Factory checked
in at 2019-05-10 09:20:23
Comparing /work/SRC/openSUSE:Factory/pesign (Old)
and /work/SRC/openSUSE:Factory/.pesign.new.5148 (New)
Package is "pesign"
Fri May 10 09:20:23 2019 rev:30 rq:701925 version:0.112
Changes:
--- /work/SRC/openSUSE:Factory/pesign/pesign.changes2019-05-02
19:13:32.628894617 +0200
+++ /work/SRC/openSUSE:Factory/.pesign.new.5148/pesign.changes 2019-05-10
09:20:35.240583180 +0200
@@ -1,0 +2,5 @@
+Thu May 9 12:25:31 UTC 2019 - Guillaume GARDET
+
+- Enable build on %arm as we can sign kernel on %arm
+
+---
Other differences:
--
++ pesign.spec ++
--- /var/tmp/diff_new_pack.2QAR8k/_old 2019-05-10 09:20:35.652583717 +0200
+++ /var/tmp/diff_new_pack.2QAR8k/_new 2019-05-10 09:20:35.656583723 +0200
@@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
@@ -46,7 +46,7 @@
BuildRequires: pkgconfig(systemd)
Requires(pre): shadow
%{?systemd_requires}
-ExclusiveArch: ia64 %ix86 x86_64 aarch64
+ExclusiveArch: ia64 %ix86 x86_64 aarch64 %arm
%description
Signing tool for PE-COFF binaries, hopefully at least vaguely compliant
commit pesign for openSUSE:Factory
Hello community,
here is the log from the commit of package pesign for openSUSE:Factory checked
in at 2019-05-02 19:13:28
Comparing /work/SRC/openSUSE:Factory/pesign (Old)
and /work/SRC/openSUSE:Factory/.pesign.new.5148 (New)
Package is "pesign"
Thu May 2 19:13:28 2019 rev:29 rq:699086 version:0.112
Changes:
--- /work/SRC/openSUSE:Factory/pesign/pesign.changes2018-04-10
09:48:33.992734745 +0200
+++ /work/SRC/openSUSE:Factory/.pesign.new.5148/pesign.changes 2019-05-02
19:13:32.628894617 +0200
@@ -1,0 +2,5 @@
+Fri Apr 26 11:12:46 UTC 2019 - mvet...@suse.com
+
+- bsc#1130588: Require shadow instead of old pwdutils
+
+---
Other differences:
--
++ pesign.spec ++
--- /var/tmp/diff_new_pack.foMyqt/_old 2019-05-02 19:13:33.172896001 +0200
+++ /var/tmp/diff_new_pack.foMyqt/_new 2019-05-02 19:13:33.176896011 +0200
@@ -1,7 +1,7 @@
#
# spec file for package pesign
#
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -44,7 +44,7 @@
BuildRequires: pkg-config
BuildRequires: popt-devel
BuildRequires: pkgconfig(systemd)
-Requires(pre): pwdutils
+Requires(pre): shadow
%{?systemd_requires}
ExclusiveArch: ia64 %ix86 x86_64 aarch64
commit pesign for openSUSE:Factory
Hello community,
here is the log from the commit of package pesign for openSUSE:Factory checked
in at 2018-04-10 09:48:30
Comparing /work/SRC/openSUSE:Factory/pesign (Old)
and /work/SRC/openSUSE:Factory/.pesign.new (New)
Package is "pesign"
Tue Apr 10 09:48:30 2018 rev:28 rq:592978 version:0.112
Changes:
--- /work/SRC/openSUSE:Factory/pesign/pesign.changes2016-08-18
09:15:40.0 +0200
+++ /work/SRC/openSUSE:Factory/.pesign.new/pesign.changes 2018-04-10
09:48:33.992734745 +0200
@@ -1,0 +2,6 @@
+Mon Apr 2 09:37:36 UTC 2018 - g...@suse.com
+
+- Add pesign-bsc1087742-fix-efisiglist.patch to fix the generation
+ of efi signature list. (bsc#1087742)
+
+---
New:
pesign-bsc1087742-fix-efisiglist.patch
Other differences:
--
++ pesign.spec ++
--- /var/tmp/diff_new_pack.b9xm3h/_old 2018-04-10 09:48:34.928700836 +0200
+++ /var/tmp/diff_new_pack.b9xm3h/_new 2018-04-10 09:48:34.928700836 +0200
@@ -1,7 +1,7 @@
#
# spec file for package pesign
#
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -20,7 +20,7 @@
Version:0.112
Release:0
Summary:Signing tool for PE-COFF binaries
-License:GPL-2.0
+License:GPL-2.0-only
Group: Productivity/Security
Url:https://github.com/rhinstaller/pesign
Source:
https://github.com/rhinstaller/pesign/releases/download/%{version}/%{name}-%{version}.tar.bz2
@@ -36,6 +36,8 @@
Patch6: pesign-fix-authvar-write-loop.patch
# PATCH-FIX-UPSTREAM pesign-fix-argument-list.patch g...@suse.com -- Fix the
argument list parsing
Patch7: pesign-fix-argument-list.patch
+# PATCH-FIX-UPSTREAM bsc#1087742 pesign-bsc1087742-fix-efisiglist.patch
g...@suse.com -- Fix efi signature list generation
+Patch8: pesign-bsc1087742-fix-efisiglist.patch
BuildRequires: efivar-devel
BuildRequires: libuuid-devel
BuildRequires: mozilla-nss-devel
@@ -58,6 +60,7 @@
%patch5 -p1
%patch6 -p1
%patch7 -p1
+%patch8 -p1
%build
make %{?_smp_mflags} CFLAGS="$RPM_OPT_FLAGS"
++ pesign-bsc1087742-fix-efisiglist.patch ++
>From 4279d9a36d6c0d09295a76160e26cbe1bbf37591 Mon Sep 17 00:00:00 2001
From: Gary Lin
Date: Fri, 30 Mar 2018 12:25:34 +0800
Subject: [PATCH] efisiglist: Copy the header correctly
signature_list wasn't copied corretly to efi_signature_list because
SignatureType in signature_list is a pointer while that in
efi_signature_list is not.
Signed-off-by: Gary Lin
---
src/siglist.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/siglist.c b/src/siglist.c
index 6e59164..e74eb10 100644
--- a/src/siglist.c
+++ b/src/siglist.c
@@ -217,7 +217,10 @@ signature_list_realize(signature_list *sl, void **out,
size_t *outsize)
return -1;
esl = ret;
- memcpy(esl, sl, sizeof (*esl));
+ memcpy(&esl->SignatureType, sl->SignatureType, sizeof(efi_guid_t));
+ esl->SignatureListSize = sl->SignatureListSize;
+ esl->SignatureHeaderSize = sl->SignatureHeaderSize;
+ esl->SignatureSize = sl->SignatureSize;
uint8_t *pos = ret + sizeof (*esl);
for (int i = 0; i < count; i++) {
--
2.16.2
commit pesign for openSUSE:Factory
Hello community,
here is the log from the commit of package pesign for openSUSE:Factory checked
in at 2016-08-18 09:15:39
Comparing /work/SRC/openSUSE:Factory/pesign (Old)
and /work/SRC/openSUSE:Factory/.pesign.new (New)
Package is "pesign"
Changes:
--- /work/SRC/openSUSE:Factory/pesign/pesign.changes2016-05-04
08:17:20.0 +0200
+++ /work/SRC/openSUSE:Factory/.pesign.new/pesign.changes 2016-08-18
09:15:40.0 +0200
@@ -1,0 +2,6 @@
+Thu Aug 11 03:22:18 UTC 2016 - g...@suse.com
+
+- Add pesign-fix-argument-list.patch to fix the argument list
+ parsing
+
+---
New:
pesign-fix-argument-list.patch
Other differences:
--
++ pesign.spec ++
--- /var/tmp/diff_new_pack.KzR7CC/_old 2016-08-18 09:15:41.0 +0200
+++ /var/tmp/diff_new_pack.KzR7CC/_new 2016-08-18 09:15:41.0 +0200
@@ -34,6 +34,8 @@
Patch5: pesign-run.patch
# PATCH-FIX-UPSTREAM pesign-fix-authvar-write-loop.patch g...@suse.com -- Fix
the write loop in authvar
Patch6: pesign-fix-authvar-write-loop.patch
+# PATCH-FIX-UPSTREAM pesign-fix-argument-list.patch g...@suse.com -- Fix the
argument list parsing
+Patch7: pesign-fix-argument-list.patch
BuildRequires: efivar-devel
BuildRequires: libuuid-devel
BuildRequires: mozilla-nss-devel
@@ -55,6 +57,7 @@
%patch3 -p1
%patch5 -p1
%patch6 -p1
+%patch7 -p1
%build
make %{?_smp_mflags} CFLAGS="$RPM_OPT_FLAGS"
++ pesign-fix-argument-list.patch ++
commit 5be0515dee24308fd7e270bf2e0fb5e5a7a78f32
Author: Julien Cristau
Date: Thu Jun 9 14:30:37 2016 +0200
Fix command line parsing
The gettext translation domain should be passed as .arg, not .descrip,
otherwise popt won't process any of the command line options (it stops
looping over the struct poptOption array when an entry has unset
longName, shortName and arg).
Signed-off-by: Julien Cristau
diff --git a/src/client.c b/src/client.c
index 028419f..575c873 100644
--- a/src/client.c
+++ b/src/client.c
@@ -555,7 +555,7 @@ main(int argc, char *argv[])
struct poptOption options[] = {
{.argInfo = POPT_ARG_INTL_DOMAIN,
-.descrip = "pesign" },
+.arg = "pesign" },
{.longName = "token",
.shortName = 't',
.argInfo = POPT_ARG_STRING|POPT_ARGFLAG_SHOW_DEFAULT,
diff --git a/src/efikeygen.c b/src/efikeygen.c
index 6278849..8a515a5 100644
--- a/src/efikeygen.c
+++ b/src/efikeygen.c
@@ -486,7 +486,7 @@ int main(int argc, char *argv[])
poptContext optCon;
struct poptOption options[] = {
{.argInfo = POPT_ARG_INTL_DOMAIN,
-.descrip = "pesign" },
+.arg = "pesign" },
/* global nss-ish things */
{.longName = "dbdir",
.shortName = 'd',
diff --git a/src/efisiglist.c b/src/efisiglist.c
index cd3f1ae..40d6a93 100644
--- a/src/efisiglist.c
+++ b/src/efisiglist.c
@@ -126,7 +126,7 @@ main(int argc, char *argv[])
struct poptOption options[] = {
{.argInfo = POPT_ARG_INTL_DOMAIN,
-.descrip = "pesign" },
+.arg = "pesign" },
{.longName = "infile",
.shortName = 'i',
.argInfo = POPT_ARG_STRING,
diff --git a/src/pesigcheck.c b/src/pesigcheck.c
index 1328fe9..0d49c1a 100644
--- a/src/pesigcheck.c
+++ b/src/pesigcheck.c
@@ -214,7 +214,7 @@ main(int argc, char *argv[])
poptContext optCon;
struct poptOption options[] = {
{.argInfo = POPT_ARG_INTL_DOMAIN,
-.descrip = "pesign" },
+.arg = "pesign" },
{.longName = "dbfile",
.shortName = 'D',
.argInfo = POPT_ARG_CALLBACK|POPT_CBFLAG_POST,
commit pesign for openSUSE:Factory
Hello community,
here is the log from the commit of package pesign for openSUSE:Factory checked
in at 2016-05-04 08:17:18
Comparing /work/SRC/openSUSE:Factory/pesign (Old)
and /work/SRC/openSUSE:Factory/.pesign.new (New)
Package is "pesign"
Changes:
--- /work/SRC/openSUSE:Factory/pesign/pesign.changes2015-12-23
08:48:14.0 +0100
+++ /work/SRC/openSUSE:Factory/.pesign.new/pesign.changes 2016-05-04
08:17:20.0 +0200
@@ -1,0 +2,7 @@
+Thu Apr 21 09:36:23 UTC 2016 - g...@suse.com
+
+- Update to 0.112
+- Refresh patches: pesign-suse-build.patch and pesign-run.patch
+- Drop upstreamed pesign-fix-signness.patch
+
+---
Old:
pesign-0.111.tar.bz2
pesign-fix-signness.patch
New:
pesign-0.112.tar.bz2
Other differences:
--
++ pesign.spec ++
--- /var/tmp/diff_new_pack.ZBNTCd/_old 2016-05-04 08:17:21.0 +0200
+++ /var/tmp/diff_new_pack.ZBNTCd/_new 2016-05-04 08:17:21.0 +0200
@@ -1,7 +1,7 @@
#
# spec file for package pesign
#
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
Name: pesign
-Version:0.111
+Version:0.112
Release:0
Summary:Signing tool for PE-COFF binaries
License:GPL-2.0
@@ -34,8 +34,6 @@
Patch5: pesign-run.patch
# PATCH-FIX-UPSTREAM pesign-fix-authvar-write-loop.patch g...@suse.com -- Fix
the write loop in authvar
Patch6: pesign-fix-authvar-write-loop.patch
-# PATCH-FIX-UPSTREAM pesign-fix-signness.patch g...@suse.com -- Fix the
signness comparison
-Patch7: pesign-fix-signness.patch
BuildRequires: efivar-devel
BuildRequires: libuuid-devel
BuildRequires: mozilla-nss-devel
@@ -57,7 +55,6 @@
%patch3 -p1
%patch5 -p1
%patch6 -p1
-%patch7 -p1
%build
make %{?_smp_mflags} CFLAGS="$RPM_OPT_FLAGS"
++ pesign-0.111.tar.bz2 -> pesign-0.112.tar.bz2 ++
2482 lines of diff (skipped)
++ pesign-run.patch ++
--- /var/tmp/diff_new_pack.ZBNTCd/_old 2016-05-04 08:17:21.0 +0200
+++ /var/tmp/diff_new_pack.ZBNTCd/_new 2016-05-04 08:17:21.0 +0200
@@ -6,23 +6,23 @@
src/tmpfiles.conf |2 +-
5 files changed, 12 insertions(+), 12 deletions(-)
-Index: pesign-0.111/src/Makefile
+Index: pesign-0.112/src/Makefile
===
pesign-0.111.orig/src/Makefile
-+++ pesign-0.111/src/Makefile
-@@ -65,7 +65,7 @@ install_sysvinit: pesign.sysvinit
-
+--- pesign-0.112.orig/src/Makefile
pesign-0.112/src/Makefile
+@@ -68,7 +68,7 @@ install_sysvinit: pesign.sysvinit
install :
$(INSTALL) -d -m 700 $(INSTALLROOT)/etc/pki/pesign/
+ $(INSTALL) -d -m 700 $(INSTALLROOT)/etc/pki/pesign-rh-test/
- $(INSTALL) -d -m 770 $(INSTALLROOT)/var/run/pesign/
+ $(INSTALL) -d -m 770 $(INSTALLROOT)/run/pesign/
$(INSTALL) -d -m 755 $(INSTALLROOT)$(bindir)
$(INSTALL) -m 755 authvar $(INSTALLROOT)$(bindir)
$(INSTALL) -m 755 pesign $(INSTALLROOT)$(bindir)
-Index: pesign-0.111/src/daemon.h
+Index: pesign-0.112/src/daemon.h
===
pesign-0.111.orig/src/daemon.h
-+++ pesign-0.111/src/daemon.h
+--- pesign-0.112.orig/src/daemon.h
pesign-0.112/src/daemon.h
@@ -49,7 +49,7 @@ typedef enum {
} pesignd_cmd;
@@ -33,11 +33,11 @@
+#define PIDFILE "/run/pesign.pid"
#endif /* DAEMON_H */
-Index: pesign-0.111/src/macros.pesign
+Index: pesign-0.112/src/macros.pesign
===
pesign-0.111.orig/src/macros.pesign
-+++ pesign-0.111/src/macros.pesign
-@@ -36,7 +36,7 @@
+--- pesign-0.112.orig/src/macros.pesign
pesign-0.112/src/macros.pesign
+@@ -40,7 +40,7 @@
%{_pesign} -R ${sattrs}.sig -I ${sattrs} %{-i} \\\
--certdir ${nss} -c signer %{-o} \
rm -rf ${sattrs} ${sattrs}.sig ${nss} \
@@ -46,17 +46,17 @@
%{_pesign_client} -t "OpenSC Card (Fedora Signer)" \\\
-c "/CN=Fedora Secure Boot Signer"\\\
%{-i} %{-o} %{-e} %{-s} %{-C} \
-Index: pesign-0.111/src/tmpfiles.conf
+Index: pesign-0.112/src/tmpfiles.conf
===
pesign-0.111.orig/src/tmpfiles.conf
-+++ pesign-0.111/src/tmpfiles.conf
+--- pesign-0.1
commit pesign for openSUSE:Factory
Hello community,
here is the log from the commit of package pesign for openSUSE:Factory checked
in at 2015-12-23 08:48:12
Comparing /work/SRC/openSUSE:Factory/pesign (Old)
and /work/SRC/openSUSE:Factory/.pesign.new (New)
Package is "pesign"
Changes:
--- /work/SRC/openSUSE:Factory/pesign/pesign.changes2015-09-03
18:07:01.0 +0200
+++ /work/SRC/openSUSE:Factory/.pesign.new/pesign.changes 2015-12-23
08:48:14.0 +0100
@@ -1,0 +2,15 @@
+Tue Nov 10 07:59:48 UTC 2015 - g...@suse.com
+
+- Update to 0.111
+- Add pesign-fix-signness.patch to fix the signness comparison
+- Drop upstreamed patches
+ + pesign-efivar-pkgconfig.patch
+ + pesign-make-efi_guid_t-const.patch
+ + pesign-fix-import-sig-check.patch
+ + pesign-install-supplementary-programs.patch
+- Refresh pesign-suse-build.patch, pesign-privkey_unneeded.diff,
+ and pesign-run.patch
+- Update pesign-fix-build-errors.patch
+- Merge use-standard-pid-location.patch into pesign-run.patch
+
+---
Old:
pesign-0.110.tar.bz2
pesign-efivar-pkgconfig.patch
pesign-fix-import-sig-check.patch
pesign-install-supplementary-programs.patch
pesign-make-efi_guid_t-const.patch
use-standard-pid-location.patch
New:
pesign-0.111.tar.bz2
pesign-fix-signness.patch
Other differences:
--
++ pesign.spec ++
--- /var/tmp/diff_new_pack.yiEmUX/_old 2015-12-23 08:48:15.0 +0100
+++ /var/tmp/diff_new_pack.yiEmUX/_new 2015-12-23 08:48:15.0 +0100
@@ -17,7 +17,7 @@
Name: pesign
-Version:0.110
+Version:0.111
Release:0
Summary:Signing tool for PE-COFF binaries
License:GPL-2.0
@@ -30,20 +30,12 @@
Patch2: pesign-fix-build-errors.patch
# PATCH-FIX-UPSTREAM pesign-privkey_unneeded.diff g...@suse.com -- Don't check
the private key when importing the raw signature
Patch3: pesign-privkey_unneeded.diff
-# PATCH-FIX-SUSE use-standard-pid-location.patch p.drou...@gmail.com --Use
standard /run instead of /var/run for pidfile
-Patch4: use-standard-pid-location.patch
# PATCH-FIX-SUSE pesign-run.patch a...@suse.com - Use /run instead of /var/run
Patch5: pesign-run.patch
# PATCH-FIX-UPSTREAM pesign-fix-authvar-write-loop.patch g...@suse.com -- Fix
the write loop in authvar
Patch6: pesign-fix-authvar-write-loop.patch
-# PATCH-FIX-SUSE pesign-install-supplementary-programs.patch g...@suse.com --
Install the supplementary programs
-Patch7: pesign-install-supplementary-programs.patch
-# PATCH-FIX-UPSTREAM pesign-fix-import-sig-check.patch g...@suse.com -- Fix
the signature size check while importing a signature
-Patch8: pesign-fix-import-sig-check.patch
-# PATCH-FIX-UPSTREAM pesign-efivar-pkgconfig.patch g...@suse.com -- Make
efivar compiler parameters come from pkg-config
-Patch9: pesign-efivar-pkgconfig.patch
-# PATCH-FIX-UPSTREAM pesign-make-efi_guid_t-const.patch g...@suse.com -- make
efi_guid_t's const
-Patch10:pesign-make-efi_guid_t-const.patch
+# PATCH-FIX-UPSTREAM pesign-fix-signness.patch g...@suse.com -- Fix the
signness comparison
+Patch7: pesign-fix-signness.patch
BuildRequires: efivar-devel
BuildRequires: libuuid-devel
BuildRequires: mozilla-nss-devel
@@ -63,23 +55,19 @@
%patch1 -p1
%patch2 -p1
%patch3 -p1
-%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
-%patch8 -p1
-%patch9 -p1
-%patch10 -p1
%build
-make %{?_smp_mflags} OPTFLAGS="%{optflags}"
+make %{?_smp_mflags} CFLAGS="$RPM_OPT_FLAGS"
%install
-make INSTALLROOT=%{buildroot} PREFIX=%{_prefix} DOCDIR=/share/doc/packages
install
+make INSTALLROOT=%{buildroot} libexecdir=%{_libexecdir} install
mkdir -p %{buildroot}%{_localstatedir}/lib/pesign
mkdir -p %{buildroot}%{_sbindir}
-make INSTALLROOT=%{buildroot} UNITDIR=%{_unitdir} install_systemd
+make INSTALLROOT=%{buildroot} UNITDIR=%{_unitdir} libexecdir=%{_libexecdir}
install_systemd
# create rcsymlink
ln -sv %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
@@ -113,6 +101,8 @@
%{_bindir}/efisiglist
%{_bindir}/authvar
%{_sbindir}/rcpesign
+%dir %{_sysconfdir}/pesign
+%{_sysconfdir}/pesign/*
%dir %{_sysconfdir}/popt.d
%config %{_sysconfdir}/popt.d/pesign.popt
%{_sysconfdir}/pki/
@@ -121,6 +111,8 @@
%{_localstatedir}/lib/pesign
%{_unitdir}/pesign.service
%{_libexecdir}/tmpfiles.d/pesign.conf
+%dir %{_libexecdir}/pesign
+%{_libexecdir}/pesign/pesign-authorize-*
%dir %attr(0775,pesign,pesign) %{_sysconfdir}/pki/pesign
%ghost %dir %attr(0770,pesign,pesign) /run/%{name}
%dir %attr(0770,pesign,pesign) %{_localstatedir}/lib/%{name}
++ pesign-0.110.tar.bz2 -> pesign-0.111.tar.bz2 ++
diff -urN '--exclude=CVS' '--excl
commit pesign for openSUSE:Factory
Hello community,
here is the log from the commit of package pesign for openSUSE:Factory checked
in at 2015-09-03 18:00:55
Comparing /work/SRC/openSUSE:Factory/pesign (Old)
and /work/SRC/openSUSE:Factory/.pesign.new (New)
Package is "pesign"
Changes:
--- /work/SRC/openSUSE:Factory/pesign/pesign.changes2015-08-21
07:38:33.0 +0200
+++ /work/SRC/openSUSE:Factory/.pesign.new/pesign.changes 2015-09-03
18:07:01.0 +0200
@@ -1,0 +2,9 @@
+Tue Sep 1 06:11:06 UTC 2015 - dims...@opensuse.org
+
+- Do not buildrequire systemd: it conflicts with systemd-mini,
+ which is pulled in by systemd-mini-devel (due to BuildRequires:
+ pkgconfig(systemd).
+- As we lack systemd-tmpfiles in the build env, we ignore the
+ errors cast in the %post scriptlet.
+
+---
Other differences:
--
++ pesign.spec ++
--- /var/tmp/diff_new_pack.tOhcUH/_old 2015-09-03 18:07:03.0 +0200
+++ /var/tmp/diff_new_pack.tOhcUH/_new 2015-09-03 18:07:03.0 +0200
@@ -49,7 +49,6 @@
BuildRequires: mozilla-nss-devel
BuildRequires: pkg-config
BuildRequires: popt-devel
-BuildRequires: systemd
BuildRequires: pkgconfig(systemd)
Requires(pre): pwdutils
%{?systemd_requires}
@@ -99,7 +98,7 @@
%post
%service_add_post pesign.service
-systemd-tmpfiles --create %{_libexecdir}/tmpfiles.d/pesign.conf
+systemd-tmpfiles --create %{_libexecdir}/tmpfiles.d/pesign.conf || :
%postun
%service_del_postun pesign.service
commit pesign for openSUSE:Factory
Hello community,
here is the log from the commit of package pesign for openSUSE:Factory checked
in at 2015-08-21 07:38:31
Comparing /work/SRC/openSUSE:Factory/pesign (Old)
and /work/SRC/openSUSE:Factory/.pesign.new (New)
Package is "pesign"
Changes:
--- /work/SRC/openSUSE:Factory/pesign/pesign.changes2015-06-30
10:13:57.0 +0200
+++ /work/SRC/openSUSE:Factory/.pesign.new/pesign.changes 2015-08-21
07:38:33.0 +0200
@@ -1,0 +2,13 @@
+Fri Aug 14 07:45:31 UTC 2015 - mplus...@suse.com
+
+- Update project url
+- Use url for download
+- Add rcpesign symlink
+- Tiny spec file cleanup with spec-cleaner
+
+---
+Mon Jul 13 11:07:10 UTC 2015 - wer...@suse.de
+
+- Make it build, tool systemd-tmpfiles is part of systemd
+
+---
Other differences:
--
++ pesign.spec ++
--- /var/tmp/diff_new_pack.69AT2p/_old 2015-08-21 07:38:34.0 +0200
+++ /var/tmp/diff_new_pack.69AT2p/_new 2015-08-21 07:38:34.0 +0200
@@ -22,8 +22,8 @@
Summary:Signing tool for PE-COFF binaries
License:GPL-2.0
Group: Productivity/Security
-Url:https://github.com/vathpela/pesign
-Source: %{name}-%{version}.tar.bz2
+Url:https://github.com/rhinstaller/pesign
+Source:
https://github.com/rhinstaller/pesign/releases/download/%{version}/%{name}-%{version}.tar.bz2
# PATCH-FIX-SUSE pesign-suse-build.patch g...@suse.com -- Adjust Makefile for
the build service
Patch1: pesign-suse-build.patch
# PATCH-FIX-UPSTREAM pesign-fix-build-errors.patch g...@suse.com -- Fix gcc
warnings
@@ -49,6 +49,7 @@
BuildRequires: mozilla-nss-devel
BuildRequires: pkg-config
BuildRequires: popt-devel
+BuildRequires: systemd
BuildRequires: pkgconfig(systemd)
Requires(pre): pwdutils
%{?systemd_requires}
@@ -58,12 +59,6 @@
Signing tool for PE-COFF binaries, hopefully at least vaguely compliant
with the PE and Authenticode specifications.
-
-
-Authors:
-
-Peter Jones
-
%prep
%setup -q
%patch1 -p1
@@ -81,12 +76,15 @@
make %{?_smp_mflags} OPTFLAGS="%{optflags}"
%install
-make INSTALLROOT=%{buildroot} PREFIX=/usr DOCDIR=/share/doc/packages install
+make INSTALLROOT=%{buildroot} PREFIX=%{_prefix} DOCDIR=/share/doc/packages
install
mkdir -p %{buildroot}%{_localstatedir}/lib/pesign
mkdir -p %{buildroot}%{_sbindir}
make INSTALLROOT=%{buildroot} UNITDIR=%{_unitdir} install_systemd
+# create rcsymlink
+ln -sv %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
+
# there's some stuff that's not really meant to be shipped yet
rm -rf %{buildroot}/boot %{buildroot}%{_prefix}/include
rm -rf %{buildroot}%{_libdir}/libdpe*
@@ -104,7 +102,7 @@
systemd-tmpfiles --create %{_libexecdir}/tmpfiles.d/pesign.conf
%postun
-%service_del_preun pesign.service
+%service_del_postun pesign.service
%files
%defattr(-,root,root)
@@ -115,6 +113,7 @@
%{_bindir}/pesigcheck
%{_bindir}/efisiglist
%{_bindir}/authvar
+%{_sbindir}/rcpesign
%dir %{_sysconfdir}/popt.d
%config %{_sysconfdir}/popt.d/pesign.popt
%{_sysconfdir}/pki/
commit pesign for openSUSE:Factory
Hello community,
here is the log from the commit of package pesign for openSUSE:Factory checked
in at 2015-06-30 10:13:56
Comparing /work/SRC/openSUSE:Factory/pesign (Old)
and /work/SRC/openSUSE:Factory/.pesign.new (New)
Package is "pesign"
Changes:
--- /work/SRC/openSUSE:Factory/pesign/pesign.changes2014-11-28
08:44:30.0 +0100
+++ /work/SRC/openSUSE:Factory/.pesign.new/pesign.changes 2015-06-30
10:13:57.0 +0200
@@ -1,0 +2,8 @@
+Tue Jun 16 06:52:21 UTC 2015 - g...@suse.com
+
+- Add pesign-efivar-pkgconfig.patch to get the efivar compiler
+ parameters from pkg-confg
+- Add pesign-make-efi_guid_t-const.patch to avoid the error from
+ gcc
+
+---
New:
pesign-efivar-pkgconfig.patch
pesign-make-efi_guid_t-const.patch
Other differences:
--
++ pesign.spec ++
--- /var/tmp/diff_new_pack.rnyFR3/_old 2015-06-30 10:13:58.0 +0200
+++ /var/tmp/diff_new_pack.rnyFR3/_new 2015-06-30 10:13:58.0 +0200
@@ -1,7 +1,7 @@
#
# spec file for package pesign
#
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -40,6 +40,10 @@
Patch7: pesign-install-supplementary-programs.patch
# PATCH-FIX-UPSTREAM pesign-fix-import-sig-check.patch g...@suse.com -- Fix
the signature size check while importing a signature
Patch8: pesign-fix-import-sig-check.patch
+# PATCH-FIX-UPSTREAM pesign-efivar-pkgconfig.patch g...@suse.com -- Make
efivar compiler parameters come from pkg-config
+Patch9: pesign-efivar-pkgconfig.patch
+# PATCH-FIX-UPSTREAM pesign-make-efi_guid_t-const.patch g...@suse.com -- make
efi_guid_t's const
+Patch10:pesign-make-efi_guid_t-const.patch
BuildRequires: efivar-devel
BuildRequires: libuuid-devel
BuildRequires: mozilla-nss-devel
@@ -70,6 +74,8 @@
%patch6 -p1
%patch7 -p1
%patch8 -p1
+%patch9 -p1
+%patch10 -p1
%build
make %{?_smp_mflags} OPTFLAGS="%{optflags}"
++ pesign-efivar-pkgconfig.patch ++
>From 2a1de2b6535161b1bd600ec2262e81e9f7aeffcc Mon Sep 17 00:00:00 2001
From: Peter Jones
Date: Tue, 26 May 2015 09:43:10 -0400
Subject: [PATCH] Make efivar compiler parameters come from pkg-config.
Signed-off-by: Peter Jones
---
src/Makefile | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/Makefile b/src/Makefile
index 007505c..dd69425 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -3,8 +3,8 @@ TOPDIR = $(SRCDIR)/..
include $(TOPDIR)/Make.defaults
-PKLIBS = nss
-LIBS = popt uuid efivar
+PKLIBS = nss efivar
+LIBS = popt uuid
STATIC_LIBS = $(TOPDIR)/libdpe/libdpe.a
LDFLAGS =
CCLDFLAGS = -L../libdpe $(foreach pklib,$(PKLIBS), $(shell pkg-config
--libs-only-L $(pklib))) -pie -fPIE -Wl,-z,relro,-z,now
--
2.1.4
++ pesign-make-efi_guid_t-const.patch ++
>From 727f93f8ea3dc467694d541d28ba4f1ed0e0a671 Mon Sep 17 00:00:00 2001
From: Peter Jones
Date: Fri, 7 Nov 2014 14:09:41 -0500
Subject: [PATCH] make efi_guid_t's const.
Signed-off-by: Peter Jones
---
src/cms_common.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/cms_common.c b/src/cms_common.c
index a360961..7e032c8 100644
--- a/src/cms_common.c
+++ b/src/cms_common.c
@@ -45,7 +45,7 @@ struct digest_param {
SECOidTag digest_tag;
SECOidTag signature_tag;
SECOidTag digest_encryption_tag;
- efi_guid_t *efi_guid;
+ const efi_guid_t *efi_guid;
int size;
};
--
2.1.4
>From ac9de615112114e222527b2eabc9b7f2642f01fe Mon Sep 17 00:00:00 2001
From: Peter Jones
Date: Tue, 26 May 2015 09:42:32 -0400
Subject: [PATCH] Propogate some "const" declarations better.
Signed-off-by: Peter Jones
---
src/efisiglist.c | 2 +-
src/siglist.c| 8
src/siglist.h| 2 +-
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/efisiglist.c b/src/efisiglist.c
index aedfc4c..a078640 100644
--- a/src/efisiglist.c
+++ b/src/efisiglist.c
@@ -32,7 +32,7 @@
struct hash_param {
char *name;
- efi_guid_t *guid;
+ const efi_guid_t *guid;
int size;
};
diff --git a/src/siglist.c b/src/siglist.c
index 38a9a2a..a7154aa 100644
--- a/src/siglist.c
+++ b/src/siglist.c
@@ -51,7 +51,7 @@ struct efi_signature_list {
};
struct signature_list {
- efi_guid_t *SignatureType;
+ const efi_guid_t*SignatureType;
uint32_tSignatureListSize;
uint32_tSignatureHeaderSize;
uint32_t
commit pesign for openSUSE:Factory
Hello community,
here is the log from the commit of package pesign for openSUSE:Factory checked
in at 2014-11-28 08:44:27
Comparing /work/SRC/openSUSE:Factory/pesign (Old)
and /work/SRC/openSUSE:Factory/.pesign.new (New)
Package is "pesign"
Changes:
--- /work/SRC/openSUSE:Factory/pesign/pesign.changes2014-11-12
00:20:54.0 +0100
+++ /work/SRC/openSUSE:Factory/.pesign.new/pesign.changes 2014-11-28
08:44:30.0 +0100
@@ -1,0 +2,7 @@
+Wed Nov 26 09:46:50 UTC 2014 - g...@suse.com
+
+- Add pesign-fix-import-sig-check.patch to fix the signature size
+ check while importing a signature
+- Amend the spec file with spec-cleaner
+
+---
New:
pesign-fix-import-sig-check.patch
Other differences:
--
++ pesign.spec ++
--- /var/tmp/diff_new_pack.dQVlea/_old 2014-11-28 08:44:31.0 +0100
+++ /var/tmp/diff_new_pack.dQVlea/_new 2014-11-28 08:44:31.0 +0100
@@ -38,14 +38,16 @@
Patch6: pesign-fix-authvar-write-loop.patch
# PATCH-FIX-SUSE pesign-install-supplementary-programs.patch g...@suse.com --
Install the supplementary programs
Patch7: pesign-install-supplementary-programs.patch
+# PATCH-FIX-UPSTREAM pesign-fix-import-sig-check.patch g...@suse.com -- Fix
the signature size check while importing a signature
+Patch8: pesign-fix-import-sig-check.patch
BuildRequires: efivar-devel
BuildRequires: libuuid-devel
BuildRequires: mozilla-nss-devel
BuildRequires: pkg-config
BuildRequires: popt-devel
BuildRequires: pkgconfig(systemd)
+Requires(pre): pwdutils
%{?systemd_requires}
-PreReq: pwdutils
ExclusiveArch: ia64 %ix86 x86_64 aarch64
%description
@@ -67,24 +69,25 @@
%patch5 -p1
%patch6 -p1
%patch7 -p1
+%patch8 -p1
%build
-make OPTFLAGS="$RPM_OPT_FLAGS"
+make %{?_smp_mflags} OPTFLAGS="%{optflags}"
%install
make INSTALLROOT=%{buildroot} PREFIX=/usr DOCDIR=/share/doc/packages install
-mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/pesign
+mkdir -p %{buildroot}%{_localstatedir}/lib/pesign
-mkdir -p $RPM_BUILD_ROOT%{_sbindir}
+mkdir -p %{buildroot}%{_sbindir}
make INSTALLROOT=%{buildroot} UNITDIR=%{_unitdir} install_systemd
# there's some stuff that's not really meant to be shipped yet
-rm -rf %{buildroot}/boot %{buildroot}/usr/include
+rm -rf %{buildroot}/boot %{buildroot}%{_prefix}/include
rm -rf %{buildroot}%{_libdir}/libdpe*
%pre
getent group pesign >/dev/null || groupadd -r pesign
-getent passwd pesign >/dev/null || useradd -r -g pesign -d /var/lib/pesign -s
/bin/false -c "PE-COFF signing daemon" pesign
+getent passwd pesign >/dev/null || useradd -r -g pesign -d
%{_localstatedir}/lib/pesign -s /bin/false -c "PE-COFF signing daemon" pesign
%service_add_pre pesign.service
%preun
@@ -92,7 +95,7 @@
%post
%service_add_post pesign.service
-systemd-tmpfiles --create /usr/lib/tmpfiles.d/pesign.conf
+systemd-tmpfiles --create %{_libexecdir}/tmpfiles.d/pesign.conf
%postun
%service_del_preun pesign.service
@@ -111,9 +114,9 @@
%{_sysconfdir}/pki/
%config %{_sysconfdir}/rpm/macros.pesign
%{_mandir}/man?/*
-/var/lib/pesign
+%{_localstatedir}/lib/pesign
%{_unitdir}/pesign.service
-/usr/lib/tmpfiles.d/pesign.conf
+%{_libexecdir}/tmpfiles.d/pesign.conf
%dir %attr(0775,pesign,pesign) %{_sysconfdir}/pki/pesign
%ghost %dir %attr(0770,pesign,pesign) /run/%{name}
%dir %attr(0770,pesign,pesign) %{_localstatedir}/lib/%{name}
++ pesign-fix-import-sig-check.patch ++
>From b5f822be1da9c8e4f6e04286b4b7ab73165478ab Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin
Date: Tue, 25 Nov 2014 15:28:40 +0800
Subject: [PATCH] Correct the signature size check
Signed-off-by: Gary Ching-Pang Lin
---
src/actions.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/src/actions.c b/src/actions.c
index 74a34e3..44c9675 100644
--- a/src/actions.c
+++ b/src/actions.c
@@ -416,10 +416,9 @@ check_signature_space(pesign_context *ctx)
ssize_t available = available_cert_space(ctx->outpe);
ssize_t target = ctx->cms_ctx->newsig.len + sizeof (win_certificate);
- if (available == target)
- return;
+ target += ALIGNMENT_PADDING(target, 8);
- if (target + 8 > available)
+ if (available >= target)
return;
fprintf(stderr, "Could not add new signature: insufficient space.\n");
--
2.1.2
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit pesign for openSUSE:Factory
Hello community,
here is the log from the commit of package pesign for openSUSE:Factory checked
in at 2014-11-12 00:20:49
Comparing /work/SRC/openSUSE:Factory/pesign (Old)
and /work/SRC/openSUSE:Factory/.pesign.new (New)
Package is "pesign"
Changes:
--- /work/SRC/openSUSE:Factory/pesign/pesign.changes2014-07-02
15:04:14.0 +0200
+++ /work/SRC/openSUSE:Factory/.pesign.new/pesign.changes 2014-11-12
00:20:54.0 +0100
@@ -1,0 +2,23 @@
+Fri Oct 31 07:16:40 UTC 2014 - g...@suse.com
+
+- Update pesign-suse-build.patch to set LIBDIR for AArch64
+
+---
+Tue Oct 28 08:47:34 UTC 2014 - g...@suse.com
+
+- Update to version 0.110
+- Add pesign-fix-authvar-write-loop.patch to fix the write loop in
+ authvar
+- Add pesign-install-supplementary-programs.patch to install the
+ supplementary programs
+- Refresh patches
+ + pesign-fix-build-errors.patch
+ + pesign-run.patch
+ + pesign-suse-build.patch
+- Drop upstreamed patches
+ + pesign-clear-padding-bits.patch
+ + pesign-enable-supplementary-programs.patch
+ + pesign-no-db.patch
+- Enable aarch64
+
+---
Old:
pesign-0.109.tar.gz
pesign-clear-padding-bits.patch
pesign-enable-supplementary-programs.patch
pesign-no-db.patch
New:
pesign-0.110.tar.bz2
pesign-fix-authvar-write-loop.patch
pesign-install-supplementary-programs.patch
Other differences:
--
++ pesign.spec ++
--- /var/tmp/diff_new_pack.EFnpTH/_old 2014-11-12 00:20:55.0 +0100
+++ /var/tmp/diff_new_pack.EFnpTH/_new 2014-11-12 00:20:55.0 +0100
@@ -17,36 +17,36 @@
Name: pesign
-Version:0.109
+Version:0.110
Release:0
Summary:Signing tool for PE-COFF binaries
License:GPL-2.0
Group: Productivity/Security
Url:https://github.com/vathpela/pesign
-Source: %{name}-%{version}.tar.gz
+Source: %{name}-%{version}.tar.bz2
# PATCH-FIX-SUSE pesign-suse-build.patch g...@suse.com -- Adjust Makefile for
the build service
Patch1: pesign-suse-build.patch
# PATCH-FIX-UPSTREAM pesign-fix-build-errors.patch g...@suse.com -- Fix gcc
warnings
Patch2: pesign-fix-build-errors.patch
# PATCH-FIX-UPSTREAM pesign-privkey_unneeded.diff g...@suse.com -- Don't check
the private key when importing the raw signature
Patch3: pesign-privkey_unneeded.diff
-# PATCH-FIX-UPSTREAM pesign-clear-padding-bits.patch g...@suse.com -- Clear
the allocated space before inserting the certificate list
-Patch4: pesign-clear-padding-bits.patch
# PATCH-FIX-SUSE use-standard-pid-location.patch p.drou...@gmail.com --Use
standard /run instead of /var/run for pidfile
-Patch6: use-standard-pid-location.patch
-# PATCH-FIX-UPSTREAM pesign-no-db.patch g...@suse.com -- Allow some commands
to proceed without a NSS database
-Patch7: pesign-no-db.patch
+Patch4: use-standard-pid-location.patch
# PATCH-FIX-SUSE pesign-run.patch a...@suse.com - Use /run instead of /var/run
-Patch8: pesign-run.patch
-# PATCH-FIX-UPSTREAM pesign-enable-supplementary-programs.patch g...@suse.com
-- Fix and enable the supplementary programs
-Patch9: pesign-enable-supplementary-programs.patch
+Patch5: pesign-run.patch
+# PATCH-FIX-UPSTREAM pesign-fix-authvar-write-loop.patch g...@suse.com -- Fix
the write loop in authvar
+Patch6: pesign-fix-authvar-write-loop.patch
+# PATCH-FIX-SUSE pesign-install-supplementary-programs.patch g...@suse.com --
Install the supplementary programs
+Patch7: pesign-install-supplementary-programs.patch
+BuildRequires: efivar-devel
+BuildRequires: libuuid-devel
BuildRequires: mozilla-nss-devel
BuildRequires: pkg-config
BuildRequires: popt-devel
BuildRequires: pkgconfig(systemd)
%{?systemd_requires}
PreReq: pwdutils
-ExclusiveArch: ia64 %ix86 x86_64
+ExclusiveArch: ia64 %ix86 x86_64 aarch64
%description
Signing tool for PE-COFF binaries, hopefully at least vaguely compliant
@@ -64,10 +64,9 @@
%patch2 -p1
%patch3 -p1
%patch4 -p1
+%patch5 -p1
%patch6 -p1
%patch7 -p1
-%patch8 -p1
-%patch9 -p1
%build
make OPTFLAGS="$RPM_OPT_FLAGS"
++ pesign-0.109.tar.gz -> pesign-0.110.tar.bz2 ++
4964 lines of diff (skipped)
++ pesign-fix-authvar-write-loop.patch ++
>From e3aee739b92c4124fc1207fb06a7dd1cd89d03ae Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin
Date: Tue, 1 Jul 2014 14:43:35 +0800
Subject: [PATCH] authvar: fix the write loop
I forgot to move the pointer...
Also use offsetof() instead of the wordsize check.
Signed-off-by: Gary Ching-Pang Lin
---
src/authvar_conte
commit pesign for openSUSE:Factory
Hello community, here is the log from the commit of package pesign for openSUSE:Factory checked in at 2014-07-02 15:04:08 Comparing /work/SRC/openSUSE:Factory/pesign (Old) and /work/SRC/openSUSE:Factory/.pesign.new (New) Package is "pesign" Changes: --- /work/SRC/openSUSE:Factory/pesign/pesign.changes2014-06-18 22:04:45.0 +0200 +++ /work/SRC/openSUSE:Factory/.pesign.new/pesign.changes 2014-07-02 15:04:14.0 +0200 @@ -1,0 +2,6 @@ +Tue Jul 1 06:46:13 UTC 2014 - g...@suse.com + +- Update pesign-enable-supplementary-programs.patch to fix write + loop + +--- Other differences: -- ++ pesign-enable-supplementary-programs.patch ++ --- /var/tmp/diff_new_pack.Sr1wWe/_old 2014-07-02 15:04:15.0 +0200 +++ /var/tmp/diff_new_pack.Sr1wWe/_new 2014-07-02 15:04:15.0 +0200 @@ -1,7 +1,7 @@ From 4d80fec4a38b5cb1a63262a323353c23b0172b77 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Tue, 24 Dec 2013 11:33:26 +0800 -Subject: [PATCH 01/30] Allocate cms_context for peverify_context +Subject: [PATCH 01/31] Allocate cms_context for peverify_context This avoids the crash while freeing cms_context. @@ -78,7 +78,7 @@ From b6e40af634aa0b10f59b5936727ccfc260f3dcf0 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Tue, 24 Dec 2013 11:48:08 +0800 -Subject: [PATCH 02/30] Calculate the dbsize to avoid the infinite loop +Subject: [PATCH 02/31] Calculate the dbsize to avoid the infinite loop Signed-off-by: Gary Ching-Pang Lin --- @@ -107,7 +107,7 @@ From cab9f9ff4737be3e3607caa6dd7f945c50fe64fa Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Tue, 24 Dec 2013 12:35:02 +0800 -Subject: [PATCH 03/30] Update the pathes of db, MokListRT, and dbx +Subject: [PATCH 03/31] Update the pathes of db, MokListRT, and dbx Signed-off-by: Gary Ching-Pang Lin --- @@ -147,7 +147,7 @@ From 200bff332ee34de2e2679cf8d09a78b536f7 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Tue, 24 Dec 2013 14:53:58 +0800 -Subject: [PATCH 04/30] Skip the first 4 bytes in the efi variables +Subject: [PATCH 04/31] Skip the first 4 bytes in the efi variables The first 4 bytes store the attributes of the efi variable. @@ -261,7 +261,7 @@ From 237e983fe11800e36074c2a50d6468b7ac45ef12 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Wed, 25 Dec 2013 14:14:48 +0800 -Subject: [PATCH 05/30] Match the hashes in the db list +Subject: [PATCH 05/31] Match the hashes in the db list Signed-off-by: Gary Ching-Pang Lin --- @@ -319,7 +319,7 @@ From 135a083d0e648255096128a67463bc2191f4ac4a Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Tue, 24 Dec 2013 11:47:14 +0800 -Subject: [PATCH 06/30] Verify the signature with the certs in the dblist +Subject: [PATCH 06/31] Verify the signature with the certs in the dblist Signed-off-by: Gary Ching-Pang Lin --- @@ -639,7 +639,7 @@ From 35746653e0af5b129dfdfd33e9954ff5c47062aa Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Fri, 27 Dec 2013 17:42:19 +0800 -Subject: [PATCH 07/30] Verify the PE image with a certificate +Subject: [PATCH 07/31] Verify the PE image with a certificate Signed-off-by: Gary Ching-Pang Lin --- @@ -861,7 +861,7 @@ From 23295225a732058edabc58ede7e863d347d2ac47 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Fri, 27 Dec 2013 17:43:32 +0800 -Subject: [PATCH 08/30] It's peverify, not pesign :) +Subject: [PATCH 08/31] It's peverify, not pesign :) Signed-off-by: Gary Ching-Pang Lin --- @@ -913,7 +913,7 @@ From b431e22f0e02e282ece114e1829575e7eedfcfb5 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Mon, 6 Jan 2014 14:11:34 -0500 -Subject: [PATCH 09/30] Rename peverify to pesigcheck +Subject: [PATCH 09/31] Rename peverify to pesigcheck Signed-off-by: Peter Jones --- @@ -2364,7 +2364,7 @@ From 4191f24b18f1bf2a7be5da498b36f016bf115919 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Tue, 7 Jan 2014 12:02:47 +0800 -Subject: [PATCH 10/30] Drop the temporary nss dir in pesigcheck +Subject: [PATCH 10/31] Drop the temporary nss dir in pesigcheck I thought we need a "physical" database for the certificates but it's actually not necessary. Drop the nss dir creation/deletion @@ -2445,7 +2445,7 @@ From c61386706b169ec02f55880a11dd8097b68d6180 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Wed, 8 Jan 2014 14:17:30 +0800 -Subject: [PATCH 11/30] efisiglist: convert the hex array properly +Subject: [PATCH 11/31] efisiglist: convert the hex array properly Signed-off-by: Gary Ching-Pang Lin --- @@ -2493,7 +2493,7 @@ From 65b8b80de336920cb464d5b5881a66bbeebaa343 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pan
commit pesign for openSUSE:Factory
Hello community,
here is the log from the commit of package pesign for openSUSE:Factory checked
in at 2014-06-18 22:04:38
Comparing /work/SRC/openSUSE:Factory/pesign (Old)
and /work/SRC/openSUSE:Factory/.pesign.new (New)
Package is "pesign"
Changes:
--- /work/SRC/openSUSE:Factory/pesign/pesign.changes2014-04-17
14:44:04.0 +0200
+++ /work/SRC/openSUSE:Factory/.pesign.new/pesign.changes 2014-06-18
22:04:45.0 +0200
@@ -1,0 +2,6 @@
+Thu Jun 12 02:47:55 UTC 2014 - g...@suse.com
+
+- Add pesign-enable-supplementary-programs.patch to fix and enable
+ the supplementary programs: pesigcheck, authvar, efisiglist
+
+---
New:
pesign-enable-supplementary-programs.patch
Other differences:
--
++ pesign.spec ++
--- /var/tmp/diff_new_pack.YYfUfa/_old 2014-06-18 22:04:47.0 +0200
+++ /var/tmp/diff_new_pack.YYfUfa/_new 2014-06-18 22:04:47.0 +0200
@@ -38,6 +38,8 @@
Patch7: pesign-no-db.patch
# PATCH-FIX-SUSE pesign-run.patch a...@suse.com - Use /run instead of /var/run
Patch8: pesign-run.patch
+# PATCH-FIX-UPSTREAM pesign-enable-supplementary-programs.patch g...@suse.com
-- Fix and enable the supplementary programs
+Patch9: pesign-enable-supplementary-programs.patch
BuildRequires: mozilla-nss-devel
BuildRequires: pkg-config
BuildRequires: popt-devel
@@ -65,6 +67,7 @@
%patch6 -p1
%patch7 -p1
%patch8 -p1
+%patch9 -p1
%build
make OPTFLAGS="$RPM_OPT_FLAGS"
@@ -101,6 +104,9 @@
%{_bindir}/pesign
%{_bindir}/pesign-client
%{_bindir}/efikeygen
+%{_bindir}/pesigcheck
+%{_bindir}/efisiglist
+%{_bindir}/authvar
%dir %{_sysconfdir}/popt.d
%config %{_sysconfdir}/popt.d/pesign.popt
%{_sysconfdir}/pki/
++ pesign-enable-supplementary-programs.patch ++
4704 lines (skipped)
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit pesign for openSUSE:Factory
Hello community,
here is the log from the commit of package pesign for openSUSE:Factory checked
in at 2014-04-17 14:44:03
Comparing /work/SRC/openSUSE:Factory/pesign (Old)
and /work/SRC/openSUSE:Factory/.pesign.new (New)
Package is "pesign"
Changes:
--- /work/SRC/openSUSE:Factory/pesign/pesign.changes2014-02-02
07:36:58.0 +0100
+++ /work/SRC/openSUSE:Factory/.pesign.new/pesign.changes 2014-04-17
14:44:04.0 +0200
@@ -1,0 +2,5 @@
+Wed Apr 16 07:12:05 UTC 2014 - a...@suse.com
+
+- Add pesign-run.patch: Use /run instead of /var/run (bnc#873857).
+
+---
New:
pesign-run.patch
Other differences:
--
++ pesign.spec ++
--- /var/tmp/diff_new_pack.HYkK9s/_old 2014-04-17 14:44:05.0 +0200
+++ /var/tmp/diff_new_pack.HYkK9s/_new 2014-04-17 14:44:05.0 +0200
@@ -36,6 +36,8 @@
Patch6: use-standard-pid-location.patch
# PATCH-FIX-UPSTREAM pesign-no-db.patch g...@suse.com -- Allow some commands
to proceed without a NSS database
Patch7: pesign-no-db.patch
+# PATCH-FIX-SUSE pesign-run.patch a...@suse.com - Use /run instead of /var/run
+Patch8: pesign-run.patch
BuildRequires: mozilla-nss-devel
BuildRequires: pkg-config
BuildRequires: popt-devel
@@ -62,6 +64,7 @@
%patch4 -p1
%patch6 -p1
%patch7 -p1
+%patch8 -p1
%build
make OPTFLAGS="$RPM_OPT_FLAGS"
@@ -107,7 +110,7 @@
%{_unitdir}/pesign.service
/usr/lib/tmpfiles.d/pesign.conf
%dir %attr(0775,pesign,pesign) %{_sysconfdir}/pki/pesign
-%ghost %dir %attr(0770,pesign,pesign) %{_localstatedir}/run/%{name}
+%ghost %dir %attr(0770,pesign,pesign) /run/%{name}
%dir %attr(0770,pesign,pesign) %{_localstatedir}/lib/%{name}
%changelog
++ pesign-run.patch ++
Index: pesign-0.109/src/Makefile
===
--- pesign-0.109.orig/src/Makefile
+++ pesign-0.109/src/Makefile
@@ -79,7 +79,7 @@ install_sysvinit:
install :
$(INSTALL) -d -m 700 $(INSTALLROOT)/etc/pki/pesign/
- $(INSTALL) -d -m 770 $(INSTALLROOT)/var/run/pesign/
+ $(INSTALL) -d -m 770 $(INSTALLROOT)/run/pesign/
$(INSTALL) -d -m 755 $(INSTALLROOT)$(PREFIX)/bin/
$(INSTALL) -m 755 pesign $(INSTALLROOT)$(PREFIX)/bin/
$(INSTALL) -m 755 client $(INSTALLROOT)$(PREFIX)/bin/pesign-client
Index: pesign-0.109/src/daemon.h
===
--- pesign-0.109.orig/src/daemon.h
+++ pesign-0.109/src/daemon.h
@@ -47,7 +47,7 @@ typedef enum {
} pesignd_cmd;
#define PESIGND_VERSION 0xa3cf41cb
-#define SOCKPATH "/var/run/pesign/socket"
-#define PIDFILE"/var/run/pesign.pid"
+#define SOCKPATH "/run/pesign/socket"
+#define PIDFILE"/run/pesign.pid"
#endif /* DAEMON_H */
Index: pesign-0.109/src/macros.pesign
===
--- pesign-0.109.orig/src/macros.pesign
+++ pesign-0.109/src/macros.pesign
@@ -34,7 +34,7 @@
%{_pesign} -R ${sattrs}.sig -I ${sattrs} %{-i} \\\
--certdir ${nss} -c signer %{-o} \
rm -rf ${sattrs} ${sattrs}.sig ${nss}\
-elif [ -S /var/run/pesign/socket ]; then \
+elif [ -S /run/pesign/socket ]; then \
%{_pesign_client} -t "OpenSC Card (Fedora Signer)" \\\
-c "/CN=Fedora Secure Boot Signer" \\\
%{-i} %{-o} %{-e} %{-s} %{-C} \
Index: pesign-0.109/src/pesign.sysvinit
===
--- pesign-0.109.orig/src/pesign.sysvinit
+++ pesign-0.109/src/pesign.sysvinit
@@ -4,7 +4,7 @@
#
# chkconfig: - 50 50
# processname: /usr/bin/pesign
-# pidfile: /var/run/pesign.pid
+# pidfile: /run/pesign.pid
### BEGIN INIT INFO
# Provides: pesign
# Should-Start: $remote_fs
@@ -19,7 +19,7 @@
[ -f /usr/bin/pesign ] || exit 1
-PESIGN_PIDFILE=/var/run/pesign.pid
+PESIGN_PIDFILE=/run/pesign.pid
RETVAL=0
start(){
@@ -28,15 +28,15 @@ start(){
RETVAL=$?
echo
touch /var/lock/subsys/pesign
-setfacl -m u:kojibuilder:x /var/run/pesign
-setfacl -m u:kojibuilder:rw /var/run/pesign/socket
-setfacl -m g:kojibuilder:x /var/run/pesign
-setfacl -m g:kojibuilder:rw /var/run/pesign/socket
+setfacl -m u:kojibuilder:x /run/pesign
+setfacl -m u:kojibuilder:rw /run/pesign/socket
+setfacl -m g:kojibuilder:x /run/pesign
+setfacl -m g:kojibuilder:rw /run/pesign/socket
}
stop(){
echo -n "Stopping pesign: "
-killproc -p /va
commit pesign for openSUSE:Factory
Hello community,
here is the log from the commit of package pesign for openSUSE:Factory checked
in at 2014-02-02 07:36:56
Comparing /work/SRC/openSUSE:Factory/pesign (Old)
and /work/SRC/openSUSE:Factory/.pesign.new (New)
Package is "pesign"
Changes:
--- /work/SRC/openSUSE:Factory/pesign/pesign.changes2013-12-03
14:27:10.0 +0100
+++ /work/SRC/openSUSE:Factory/.pesign.new/pesign.changes 2014-02-02
07:36:58.0 +0100
@@ -1,0 +2,5 @@
+Fri Jan 31 08:49:12 UTC 2014 - lnus...@suse.de
+
+- mark dir in /var/run as %ghost
+
+---
Other differences:
--
++ pesign.spec ++
--- /var/tmp/diff_new_pack.e5iopv/_old 2014-02-02 07:36:58.0 +0100
+++ /var/tmp/diff_new_pack.e5iopv/_new 2014-02-02 07:36:58.0 +0100
@@ -1,7 +1,7 @@
#
# spec file for package pesign
#
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -107,7 +107,7 @@
%{_unitdir}/pesign.service
/usr/lib/tmpfiles.d/pesign.conf
%dir %attr(0775,pesign,pesign) %{_sysconfdir}/pki/pesign
-%dir %attr(0770,pesign,pesign) %{_localstatedir}/run/%{name}
+%ghost %dir %attr(0770,pesign,pesign) %{_localstatedir}/run/%{name}
%dir %attr(0770,pesign,pesign) %{_localstatedir}/lib/%{name}
%changelog
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit pesign for openSUSE:Factory
Hello community,
here is the log from the commit of package pesign for openSUSE:Factory checked
in at 2013-12-03 14:27:09
Comparing /work/SRC/openSUSE:Factory/pesign (Old)
and /work/SRC/openSUSE:Factory/.pesign.new (New)
Package is "pesign"
Changes:
--- /work/SRC/openSUSE:Factory/pesign/pesign.changes2013-10-24
14:11:08.0 +0200
+++ /work/SRC/openSUSE:Factory/.pesign.new/pesign.changes 2013-12-03
14:27:10.0 +0100
@@ -1,0 +2,6 @@
+Thu Nov 7 09:17:04 UTC 2013 - g...@suse.com
+
+- Add pesign-no-db.patch to allow some commands to proceed without
+ a NSS database.
+
+---
New:
pesign-no-db.patch
Other differences:
--
++ pesign.spec ++
--- /var/tmp/diff_new_pack.a4NV6K/_old 2013-12-03 14:27:10.0 +0100
+++ /var/tmp/diff_new_pack.a4NV6K/_new 2013-12-03 14:27:10.0 +0100
@@ -34,6 +34,8 @@
Patch4: pesign-clear-padding-bits.patch
# PATCH-FIX-SUSE use-standard-pid-location.patch p.drou...@gmail.com --Use
standard /run instead of /var/run for pidfile
Patch6: use-standard-pid-location.patch
+# PATCH-FIX-UPSTREAM pesign-no-db.patch g...@suse.com -- Allow some commands
to proceed without a NSS database
+Patch7: pesign-no-db.patch
BuildRequires: mozilla-nss-devel
BuildRequires: pkg-config
BuildRequires: popt-devel
@@ -59,6 +61,7 @@
%patch3 -p1
%patch4 -p1
%patch6 -p1
+%patch7 -p1
%build
make OPTFLAGS="$RPM_OPT_FLAGS"
++ pesign-no-db.patch ++
>From b55ecad4b6ec280d7d17caa5e02c20a7391b8a05 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin
Date: Thu, 7 Nov 2013 16:58:04 +0800
Subject: [PATCH] Allow some commands to proceed without a NSS db
The NSS db is not necessary to calculate the hash, to show the
signature or to export the signed attributes.
Signed-off-by: Gary Ching-Pang Lin
---
src/pesign.c | 91 +++-
1 file changed, 53 insertions(+), 38 deletions(-)
diff --git a/src/pesign.c b/src/pesign.c
index c7313a6..0cd47a8 100644
--- a/src/pesign.c
+++ b/src/pesign.c
@@ -405,6 +405,7 @@ main(int argc, char *argv[])
int daemon = 0;
int fork = 1;
int padding = 0;
+ int need_db = 0;
char *digest_name = "sha256";
char *tokenname = "NSS Certificate DB";
@@ -526,8 +527,59 @@ main(int argc, char *argv[])
}
}
+ int action = 0;
+ if (daemon)
+ action |= DAEMONIZE;
+
+ if (ctxp->rawsig) {
+ action |= IMPORT_RAW_SIGNATURE;
+ need_db = 1;
+ }
+
+ if (ctxp->insattrs)
+ action |= IMPORT_SATTRS;
+
+ if (ctxp->outsattrs)
+ action |= EXPORT_SATTRS;
+
+ if (ctxp->insig)
+ action |= IMPORT_SIGNATURE;
+
+ if (ctxp->outkey) {
+ action |= EXPORT_PUBKEY;
+ need_db = 1;
+ }
+
+ if (ctxp->outcert) {
+ action |= EXPORT_CERT;
+ need_db = 1;
+ }
+
+ if (ctxp->outsig)
+ action |= EXPORT_SIGNATURE;
+
+ if (remove != 0)
+ action |= REMOVE_SIGNATURE;
+
+ if (list != 0)
+ action |= LIST_SIGNATURES;
+
+ if (ctxp->sign) {
+ action |= GENERATE_SIGNATURE;
+ if (!(action & EXPORT_SIGNATURE))
+ action |= IMPORT_SIGNATURE;
+ need_db = 1;
+ }
+
+ if (ctxp->hash)
+ action |= GENERATE_DIGEST|PRINT_DIGEST;
+
if (!daemon) {
- SECStatus status = NSS_Init(certdir);
+ SECStatus status;
+ if (need_db)
+ status = NSS_Init(certdir);
+ else
+ status = NSS_NoDB_Init(NULL);
if (status != SECSuccess) {
fprintf(stderr, "Could not initialize nss: %s\n",
PORT_ErrorToString(PORT_GetError()));
@@ -571,42 +623,8 @@ main(int argc, char *argv[])
if (certname)
free(certname);
- int action = 0;
- if (daemon)
- action |= DAEMONIZE;
-
- if (ctxp->rawsig)
- action |= IMPORT_RAW_SIGNATURE;
-
- if (ctxp->insattrs)
- action |= IMPORT_SATTRS;
-
- if (ctxp->outsattrs)
- action |= EXPORT_SATTRS;
-
- if (ctxp->insig)
- action |= IMPORT_SIGNATURE;
-
- if (ctxp->outkey)
- action |= EXPORT_PUBKEY;
-
- if (ctxp->outcert)
- action |= EXPORT_CERT;
-
- if (ctxp->outsig)
- action |= EXPORT_SIGNATURE;
-
- if (remove != 0)
-
commit pesign for openSUSE:Factory
Hello community,
here is the log from the commit of package pesign for openSUSE:Factory checked
in at 2013-10-24 14:11:06
Comparing /work/SRC/openSUSE:Factory/pesign (Old)
and /work/SRC/openSUSE:Factory/.pesign.new (New)
Package is "pesign"
Changes:
--- /work/SRC/openSUSE:Factory/pesign/pesign.changes2013-07-18
17:33:05.0 +0200
+++ /work/SRC/openSUSE:Factory/.pesign.new/pesign.changes 2013-10-24
14:11:08.0 +0200
@@ -1,0 +2,18 @@
+Thu Oct 24 03:14:05 UTC 2013 - g...@suse.com
+
+- Revert the dowload Url since it's not valid
+
+---
+Tue Oct 22 11:18:39 UTC 2013 - p.drou...@gmail.com
+
+- Update to version 0.109
+- Remove sysvinit related old stuff
+- Remove redundant %clean section
+- Add use-standard-pid-location.patch
+ Use the good location to stock pidfile
+- Use download Url as source
+- Rebase pesign-suse-build.patch to upstream changes as it has been
+ partially merged on upstream
+- Remove pesign-allow-no-issuer-cert.patch; fixed on upstream
+
+---
Old:
pesign-0.106.tar.bz2
pesign-allow-no-issuer-cert.patch
New:
pesign-0.109.tar.gz
use-standard-pid-location.patch
Other differences:
--
++ pesign.spec ++
--- /var/tmp/diff_new_pack.RDloDb/_old 2013-10-24 14:11:12.0 +0200
+++ /var/tmp/diff_new_pack.RDloDb/_new 2013-10-24 14:11:12.0 +0200
@@ -17,13 +17,13 @@
Name: pesign
-Version:0.106
+Version:0.109
Release:0
Summary:Signing tool for PE-COFF binaries
License:GPL-2.0
Group: Productivity/Security
Url:https://github.com/vathpela/pesign
-Source: %{name}-%{version}.tar.bz2
+Source: %{name}-%{version}.tar.gz
# PATCH-FIX-SUSE pesign-suse-build.patch g...@suse.com -- Adjust Makefile for
the build service
Patch1: pesign-suse-build.patch
# PATCH-FIX-UPSTREAM pesign-fix-build-errors.patch g...@suse.com -- Fix gcc
warnings
@@ -32,18 +32,14 @@
Patch3: pesign-privkey_unneeded.diff
# PATCH-FIX-UPSTREAM pesign-clear-padding-bits.patch g...@suse.com -- Clear
the allocated space before inserting the certificate list
Patch4: pesign-clear-padding-bits.patch
-# PATCH-FIX-UPSTREAM pesign-allow-no-issuer-cert.patch g...@suse.com -- Don't
crash if the issuer's certificate is not available
-Patch5: pesign-allow-no-issuer-cert.patch
+# PATCH-FIX-SUSE use-standard-pid-location.patch p.drou...@gmail.com --Use
standard /run instead of /var/run for pidfile
+Patch6: use-standard-pid-location.patch
BuildRequires: mozilla-nss-devel
BuildRequires: pkg-config
BuildRequires: popt-devel
-%if 0%{?suse_version} > 1140
BuildRequires: pkgconfig(systemd)
%{?systemd_requires}
-%define has_systemd 1
-%endif
PreReq: pwdutils
-BuildRoot: %{_tmppath}/%{name}-%{version}-build
ExclusiveArch: ia64 %ix86 x86_64
%description
@@ -62,7 +58,7 @@
%patch2 -p1
%patch3 -p1
%patch4 -p1
-%patch5 -p1
+%patch6 -p1
%build
make OPTFLAGS="$RPM_OPT_FLAGS"
@@ -72,48 +68,26 @@
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/pesign
mkdir -p $RPM_BUILD_ROOT%{_sbindir}
-%if 0%{?has_systemd}
make INSTALLROOT=%{buildroot} UNITDIR=%{_unitdir} install_systemd
-ln -sf /sbin/service $RPM_BUILD_ROOT/%{_sbindir}/rcpesign
-%else
-make INSTALLROOT=%{buildroot} install_sysvinit
-ln -sf %{_sysconfdir}/init.d/pesign $RPM_BUILD_ROOT/%{_sbindir}/rcpesign
-%endif
# there's some stuff that's not really meant to be shipped yet
rm -rf %{buildroot}/boot %{buildroot}/usr/include
rm -rf %{buildroot}%{_libdir}/libdpe*
-%clean
-%{?buildroot:%__rm -rf "%{buildroot}"}
-
%pre
getent group pesign >/dev/null || groupadd -r pesign
getent passwd pesign >/dev/null || useradd -r -g pesign -d /var/lib/pesign -s
/bin/false -c "PE-COFF signing daemon" pesign
-%if 0%{?has_systemd}
%service_add_pre pesign.service
-%endif
%preun
-%if 0%{?has_systemd}
%service_del_preun pesign.service
-%else
-%stop_on_removal pesign
-%endif
%post
-%if 0%{?has_systemd}
%service_add_post pesign.service
systemd-tmpfiles --create /usr/lib/tmpfiles.d/pesign.conf
-%endif
%postun
-%if 0%{?has_systemd}
%service_del_preun pesign.service
-%else
-%restart_on_update pesign
-%insserv_cleanup
-%endif
%files
%defattr(-,root,root)
@@ -127,13 +101,8 @@
%config %{_sysconfdir}/rpm/macros.pesign
%{_mandir}/man?/*
/var/lib/pesign
-%if 0%{?has_systemd}
%{_unitdir}/pesign.service
/usr/lib/tmpfiles.d/pesign.conf
-%else
-%{_sysconfdir}/init.d/pesign
-%endif
-%{_sbindir}/rcpesign
%dir %attr(0775,pesign,pesign) %{_sysconfdir}/pki/pesign
%dir %attr(0770,pesign,pesign) %{_localstatedir}/run/
commit pesign for openSUSE:Factory
Hello community,
here is the log from the commit of package pesign for openSUSE:Factory checked
in at 2013-07-18 17:33:03
Comparing /work/SRC/openSUSE:Factory/pesign (Old)
and /work/SRC/openSUSE:Factory/.pesign.new (New)
Package is "pesign"
Changes:
--- /work/SRC/openSUSE:Factory/pesign/pesign.changes2013-07-16
15:58:24.0 +0200
+++ /work/SRC/openSUSE:Factory/.pesign.new/pesign.changes 2013-07-18
17:33:05.0 +0200
@@ -1,0 +2,6 @@
+Thu Jul 18 06:54:19 UTC 2013 - g...@suse.com
+
+- Add pesign-allow-no-issuer-cert.patch to avoid crash when the
+ issuer's certificate is not available
+
+---
New:
pesign-allow-no-issuer-cert.patch
Other differences:
--
++ pesign.spec ++
--- /var/tmp/diff_new_pack.q4dsSI/_old 2013-07-18 17:33:05.0 +0200
+++ /var/tmp/diff_new_pack.q4dsSI/_new 2013-07-18 17:33:05.0 +0200
@@ -32,6 +32,8 @@
Patch3: pesign-privkey_unneeded.diff
# PATCH-FIX-UPSTREAM pesign-clear-padding-bits.patch g...@suse.com -- Clear
the allocated space before inserting the certificate list
Patch4: pesign-clear-padding-bits.patch
+# PATCH-FIX-UPSTREAM pesign-allow-no-issuer-cert.patch g...@suse.com -- Don't
crash if the issuer's certificate is not available
+Patch5: pesign-allow-no-issuer-cert.patch
BuildRequires: mozilla-nss-devel
BuildRequires: pkg-config
BuildRequires: popt-devel
@@ -60,6 +62,7 @@
%patch2 -p1
%patch3 -p1
%patch4 -p1
+%patch5 -p1
%build
make OPTFLAGS="$RPM_OPT_FLAGS"
++ pesign-allow-no-issuer-cert.patch ++
>From be564827927e9845b61807b1355467df9d8115e6 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin
Date: Mon, 4 Mar 2013 16:25:08 +0800
Subject: [PATCH] Include the issuer's certificate only when available
---
src/cms_common.c |2 +-
src/signed_data.c |7 +--
2 files changed, 2 insertions(+), 7 deletions(-)
diff --git a/src/cms_common.c b/src/cms_common.c
index 7cca21b..755dd31 100644
--- a/src/cms_common.c
+++ b/src/cms_common.c
@@ -588,7 +588,7 @@ find_named_certificate(cms_context *cms, char *name,
CERTCertificate **cert)
if (!strcmp(node->cert->subjectName, name))
break;
}
- if (!node) {
+ if (CERT_LIST_END(node,certlist)) {
PK11_DestroySlotListElement(slots, &psle);
PK11_FreeSlotList(slots);
CERT_DestroyCertList(certlist);
diff --git a/src/signed_data.c b/src/signed_data.c
index fc1d137..97bf8b5 100644
--- a/src/signed_data.c
+++ b/src/signed_data.c
@@ -96,12 +96,7 @@ generate_certificate_list(cms_context *cms, SECItem
***certificate_list_p)
CERTCertificate *signer = NULL;
int rc = find_named_certificate(cms, cms->cert->issuerName,
&signer);
- if (rc < 0) {
- PORT_ArenaRelease(cms->arena, mark);
- return -1;
- }
-
- if (signer) {
+ if (rc == 0 && signer) {
if (signer->derCert.len != cms->cert->derCert.len ||
memcmp(signer->derCert.data,
cms->cert->derCert.data,
--
1.7.10.4
++ pesign-privkey_unneeded.diff ++
--- /var/tmp/diff_new_pack.q4dsSI/_old 2013-07-18 17:33:05.0 +0200
+++ /var/tmp/diff_new_pack.q4dsSI/_new 2013-07-18 17:33:05.0 +0200
@@ -1,8 +1,8 @@
---
- src/cms_common.c | 10 +-
+ src/cms_common.c | 12 ++--
src/cms_common.h |1 +
src/pesign.c |1 +
- 3 files changed, 11 insertions(+), 1 deletion(-)
+ 3 files changed, 12 insertions(+), 2 deletions(-)
--- a/src/cms_common.c
+++ b/src/cms_common.c
@@ -44,6 +44,15 @@
};
if (needs_private_key) {
+@@ -562,7 +570,7 @@ find_named_certificate(cms_context *cms,
+ }
+
+ SECStatus status;
+- if (PK11_NeedLogin(psle->slot) && !PK11_IsLoggedIn(psle->slot, pwdata))
{
++ if (!cms->privkey_unneeded && PK11_NeedLogin(psle->slot) &&
!PK11_IsLoggedIn(psle->slot, pwdata)) {
+ status = PK11_Authenticate(psle->slot, PR_TRUE, pwdata);
+ if (status != SECSuccess) {
+ PK11_DestroySlotListElement(slots, &psle);
--- a/src/cms_common.h
+++ b/src/cms_common.h
@@ -63,6 +63,7 @@ typedef int (*cms_common_logger)(struct
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit pesign for openSUSE:Factory
Hello community,
here is the log from the commit of package pesign for openSUSE:Factory checked
in at 2013-07-16 15:58:23
Comparing /work/SRC/openSUSE:Factory/pesign (Old)
and /work/SRC/openSUSE:Factory/.pesign.new (New)
Package is "pesign"
Changes:
--- /work/SRC/openSUSE:Factory/pesign/pesign.changes2013-04-02
12:37:18.0 +0200
+++ /work/SRC/openSUSE:Factory/.pesign.new/pesign.changes 2013-07-16
15:58:24.0 +0200
@@ -1,0 +2,20 @@
+Tue Jul 9 04:44:44 UTC 2013 - g...@suse.com
+
+- Update to 0.106
+- Add pesign-clear-padding-bits.patch to clear the padding bits
+- Rebase patches:
+ + pesign-suse-build.patch
+ + pesign-fix-build-errors.patch
+ + pesign-privkey_unneeded.diff
+- Drop upstreamed patches
+ + pesign-client-initialize-action.patch
+ + pesign-bnc808594-align-signatures.patch
+ + pesign-upstream-fixes.patch
+ + pesign-fix-export-attributes.patch
+ + pesign-no-set-image-size.patch
+ + pesign-client-read-pin-file.patch
+ + pesign-local-database.patch
+ + pesign-bnc801653-teardown-segfault.patch
+ + pesign-bnc805166-fix-signature-list.patch
+
+---
Old:
pesign-0.99.tar.bz2
pesign-bnc801653-teardown-segfault.patch
pesign-bnc805166-fix-signature-list.patch
pesign-bnc808594-align-signatures.patch
pesign-client-initialize-action.patch
pesign-client-read-pin-file.patch
pesign-fix-export-attributes.patch
pesign-local-database.patch
pesign-no-set-image-size.patch
pesign-upstream-fixes.patch
New:
pesign-0.106.tar.bz2
pesign-clear-padding-bits.patch
Other differences:
--
++ pesign.spec ++
--- /var/tmp/diff_new_pack.TuAzkZ/_old 2013-07-16 15:58:25.0 +0200
+++ /var/tmp/diff_new_pack.TuAzkZ/_new 2013-07-16 15:58:25.0 +0200
@@ -17,36 +17,21 @@
Name: pesign
-Version:0.99
+Version:0.106
Release:0
Summary:Signing tool for PE-COFF binaries
License:GPL-2.0
Group: Productivity/Security
Url:https://github.com/vathpela/pesign
Source: %{name}-%{version}.tar.bz2
-# PATCH-FIX-UPSTREAM pesign-upstream-fixes.patch g...@suse.com -- fixes from
upstream
-Patch0: pesign-upstream-fixes.patch
# PATCH-FIX-SUSE pesign-suse-build.patch g...@suse.com -- Adjust Makefile for
the build service
Patch1: pesign-suse-build.patch
# PATCH-FIX-UPSTREAM pesign-fix-build-errors.patch g...@suse.com -- Fix gcc
warnings
Patch2: pesign-fix-build-errors.patch
-# PATCH-FIX-UPSTREAM pesign-client-initialize-action.patch g...@suse.com --
Initialize the actions variable
-Patch3: pesign-client-initialize-action.patch
-# PATCH-FIX-UPSTREAM pesign-client-read-pin-file.patch g...@suse.com -- Fix
pin file reading error
-Patch4: pesign-client-read-pin-file.patch
-# PATCH-FIX-UPSTREAM pesign-local-database.patch g...@suse.com -- Support
local certificate database
-Patch5: pesign-local-database.patch
-# PATCH-FIX-UPSTREAM pesign-bnc801653-teardown-segfault.patch g...@suse.com --
Fix crash when freeing digests
-Patch7: pesign-bnc801653-teardown-segfault.patch
-# PATCH-FIX-UPSTREAM pesign-fix-export-attributes.patch g...@suse.com -- Fix
crash when exporting attributes
-Patch9: pesign-fix-export-attributes.patch
# PATCH-FIX-UPSTREAM pesign-privkey_unneeded.diff g...@suse.com -- Don't check
the private key when importing the raw signature
-Patch10:pesign-privkey_unneeded.diff
-Patch11:pesign-no-set-image-size.patch
-# PATCH-FIX-UPSTREAM pesign-bnc805166-fix-signature-list.patch bnc#805166
g...@suse.com -- Fix the broken signature list when inserting a new signature
into a signed EFI binary.
-Patch12:pesign-bnc805166-fix-signature-list.patch
-# PATCH-FIX-UPSTREAM pesign-bnc808594-align-signatures.patch
bnc#808594,bnc#811325 g...@suse.com -- Align the signatures to 8-bytes
-Patch13:pesign-bnc808594-align-signatures.patch
+Patch3: pesign-privkey_unneeded.diff
+# PATCH-FIX-UPSTREAM pesign-clear-padding-bits.patch g...@suse.com -- Clear
the allocated space before inserting the certificate list
+Patch4: pesign-clear-padding-bits.patch
BuildRequires: mozilla-nss-devel
BuildRequires: pkg-config
BuildRequires: popt-devel
@@ -71,18 +56,10 @@
%prep
%setup -q
-%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
-%patch5 -p1
-%patch7 -p1
-%patch9 -p1
-%patch10 -p1
-%patch11 -p1
-%patch12 -p1
-%patch13 -p1
%build
make OPTFLAGS="$RPM_OPT_FLAGS"
@@ -140,6 +117,7 @@
%doc COPYING
%{_bindir}/pesign
%{_bindir}/pesign-client
+%{_bindir}/efikeygen
%dir %{_sysconfdir}/popt.d
%config %{_sysconfdir}/popt.d/pesign.popt
%{_sysconfdir}/pki
commit pesign for openSUSE:Factory
Hello community,
here is the log from the commit of package pesign for openSUSE:Factory checked
in at 2013-04-02 12:37:17
Comparing /work/SRC/openSUSE:Factory/pesign (Old)
and /work/SRC/openSUSE:Factory/.pesign.new (New)
Package is "pesign", Maintainer is "g...@suse.com"
Changes:
--- /work/SRC/openSUSE:Factory/pesign/pesign.changes2013-03-01
10:53:48.0 +0100
+++ /work/SRC/openSUSE:Factory/.pesign.new/pesign.changes 2013-04-02
12:37:18.0 +0200
@@ -1,0 +2,6 @@
+Tue Mar 26 06:21:15 UTC 2013 - g...@suse.com
+
+- Add pesign-bnc808594-align-signatures.patch to align signatures
+ (bnc#808594, bnc#811325)
+
+---
New:
pesign-bnc808594-align-signatures.patch
Other differences:
--
++ pesign.spec ++
--- /var/tmp/diff_new_pack.NRSNbX/_old 2013-04-02 12:37:19.0 +0200
+++ /var/tmp/diff_new_pack.NRSNbX/_new 2013-04-02 12:37:19.0 +0200
@@ -45,6 +45,8 @@
Patch11:pesign-no-set-image-size.patch
# PATCH-FIX-UPSTREAM pesign-bnc805166-fix-signature-list.patch bnc#805166
g...@suse.com -- Fix the broken signature list when inserting a new signature
into a signed EFI binary.
Patch12:pesign-bnc805166-fix-signature-list.patch
+# PATCH-FIX-UPSTREAM pesign-bnc808594-align-signatures.patch
bnc#808594,bnc#811325 g...@suse.com -- Align the signatures to 8-bytes
+Patch13:pesign-bnc808594-align-signatures.patch
BuildRequires: mozilla-nss-devel
BuildRequires: pkg-config
BuildRequires: popt-devel
@@ -80,6 +82,7 @@
%patch10 -p1
%patch11 -p1
%patch12 -p1
+%patch13 -p1
%build
make OPTFLAGS="$RPM_OPT_FLAGS"
++ pesign-bnc808594-align-signatures.patch ++
>From 21cec8feac92a8cda788eaf3f9e9aee9d1b92672 Mon Sep 17 00:00:00 2001
From: Peter Jones
Date: Mon, 25 Mar 2013 11:34:45 -0400
Subject: [PATCH 1/8] If the last hunk of the file isn't 16-byte aligned, pad
before digesting.
When we (or MS) create a data directory section, we pad it to 16-bytes.
This means that when you add that and then hash, you'll have that
0-extension before the data directory (in this case, the cert list) in
the checksum.
If we do -h without embedding the signature in the binary, we still need
to take that into account.
Signed-off-by: Peter Jones
---
src/cms_common.c | 24 +++-
1 file changed, 23 insertions(+), 1 deletion(-)
diff --git a/src/cms_common.c b/src/cms_common.c
index 9ab2021..306d53e 100644
--- a/src/cms_common.c
+++ b/src/cms_common.c
@@ -795,6 +795,12 @@ err:
return -1;
}
+#if 1
+#define dprintf(fmt, ...)
+#else
+#define dprintf(fmt, args...) printf(fmt, ## args)
+#endif
+
int
generate_digest(cms_context *cms, Pe *pe)
{
@@ -860,6 +866,8 @@ generate_digest(cms_context *cms, Pe *pe)
cms->log(cms, LOG_ERR, "Pe header is invalid");
goto error;
}
+ dprintf("beginning of hash\n");
+ dprintf("digesting %lx + %lx\n", hash_base - map, hash_size);
generate_digest_step(cms, hash_base, hash_size);
/* 5. Skip over the image checksum
@@ -882,6 +890,7 @@ generate_digest(cms_context *cms, Pe *pe)
goto error;
}
generate_digest_step(cms, hash_base, hash_size);
+ dprintf("digesting %lx + %lx\n", hash_base - map, hash_size);
/* 8. Skip over the crt dir
* 9. Hash everything up to the end of the image header. */
@@ -895,6 +904,7 @@ generate_digest(cms_context *cms, Pe *pe)
goto error;
}
generate_digest_step(cms, hash_base, hash_size);
+ dprintf("digesting %lx + %lx\n", hash_base - map, hash_size);
/* 10. Set SUM_OF_BYTES_HASHED to the size of the header. */
hashed_bytes = pe32opthdr ? pe32opthdr->header_size
@@ -926,6 +936,7 @@ generate_digest(cms_context *cms, Pe *pe)
}
generate_digest_step(cms, hash_base, hash_size);
+ dprintf("digesting %lx + %lx\n", hash_base - map, hash_size);
hashed_bytes += hash_size;
}
@@ -938,8 +949,19 @@ generate_digest(cms_context *cms, Pe *pe)
cms->log(cms, LOG_ERR, "Pe has invalid trailing data");
goto error_shdrs;
}
- generate_digest_step(cms, hash_base, hash_size);
+ if (hash_size % 16 != 0) {
+ size_t tmp_size = hash_size + (16 - (hash_size % 16));
+ uint8_t tmp_array[tmp_size];
+ memset(tmp_array, '\0', tmp_size);
+ memcpy(tmp_array, hash_base, hash_size);
+ generate_digest_step(cms, tmp_array, tmp_size);
+ dpri
commit pesign for openSUSE:Factory
Hello community,
here is the log from the commit of package pesign for openSUSE:Factory checked
in at 2013-03-01 10:53:47
Comparing /work/SRC/openSUSE:Factory/pesign (Old)
and /work/SRC/openSUSE:Factory/.pesign.new (New)
Package is "pesign", Maintainer is "g...@suse.com"
Changes:
--- /work/SRC/openSUSE:Factory/pesign/pesign.changes2013-02-25
21:41:15.0 +0100
+++ /work/SRC/openSUSE:Factory/.pesign.new/pesign.changes 2013-03-01
10:53:48.0 +0100
@@ -1,0 +2,7 @@
+Fri Mar 1 03:04:35 UTC 2013 - g...@suse.com
+
+- Update pesign-bnc805166-fix-signature-list.patch to avoid the
+ potential crash when inserting a signature (bnc#805166)
+- Add pwdutils to PreReq
+
+---
Other differences:
--
++ pesign.spec ++
--- /var/tmp/diff_new_pack.vXQnDE/_old 2013-03-01 10:53:49.0 +0100
+++ /var/tmp/diff_new_pack.vXQnDE/_new 2013-03-01 10:53:49.0 +0100
@@ -53,8 +53,7 @@
%{?systemd_requires}
%define has_systemd 1
%endif
-BuildRequires: pwdutils
-Requires: pwdutils
+PreReq: pwdutils
BuildRoot: %{_tmppath}/%{name}-%{version}-build
ExclusiveArch: ia64 %ix86 x86_64
++ pesign-bnc805166-fix-signature-list.patch ++
--- /var/tmp/diff_new_pack.vXQnDE/_old 2013-03-01 10:53:49.0 +0100
+++ /var/tmp/diff_new_pack.vXQnDE/_new 2013-03-01 10:53:49.0 +0100
@@ -1,7 +1,7 @@
-From 4956251d79904be08c4012fa06c14434f8e706ed Mon Sep 17 00:00:00 2001
+From ee3ab396e8bc167d3b63f475c463cd4103b1ca6e Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin
-Date: Fri, 22 Feb 2013 15:13:08 +0800
-Subject: [PATCH 1/2] Backport patches to fix signature list
+Date: Wed, 27 Feb 2013 15:48:06 +0800
+Subject: [PATCH] Backport patches to fix signature list
Get cms_context out of wincert functions.
ee357451be9968cedda57ce13b103eb82c590e67
@@ -18,36 +18,21 @@
Make implanting extracted certificates work again.
5ceddd2f80dfea70d211236190943746c2d2f77b
-Add error handling macros to make code simpler.
-0bafa814b49a9556550cfbc373e0ea5b9edb929e
-
-Add is_issuer_of(cert, cert) helper function.
-7750aaeceb2655807788f8e45417e84cb5404a8e
-
-Add "find_named_certificate()" helper function.
-c89c8dbf7929f8f8f36bc1c4045fcc17d5ce7e5c
-
-Make generate_certificate_list include the issuing certificate.
-8c3d82ceb5029bedfee1577682fec5ff3669ff3c
-
Fix a casting problem on 32-bit.
9eb2814858270af2d7ecfbfa5ca131e7be2f9f53
---
libdpe/pe_addcert.c|2 +-
- libdpe/pe_updatefile.c | 13 ++-
- src/actions.c | 12 +--
+ libdpe/pe_updatefile.c | 13 +-
+ src/actions.c | 12 +
src/actions.h |2 +-
- src/cms_common.c | 93
- src/cms_common.h | 32 -
- src/daemon.c |6 ++--
- src/pesign.c | 35 +++---
- src/peverify.c |7 ++--
- src/siglist.c | 46 +++-
- src/siglist.h |3 +-
- src/signed_data.c | 53 +--
- src/wincert.c | 65 +++--
- src/wincert.h |8 +++--
- 14 files changed, 312 insertions(+), 65 deletions(-)
+ src/daemon.c |6 +++--
+ src/pesign.c | 35 ++
+ src/peverify.c |7 --
+ src/siglist.c | 46 --
+ src/siglist.h |3 ++-
+ src/wincert.c | 65 ++--
+ src/wincert.h |8 +++---
+ 11 files changed, 146 insertions(+), 53 deletions(-)
diff --git a/libdpe/pe_addcert.c b/libdpe/pe_addcert.c
index e391242..b6ba969 100644
@@ -155,169 +140,6 @@
extern void insert_signature(cms_context *cms, int signum);
#endif /* PESIGN_CRYPTO_H */
-diff --git a/src/cms_common.c b/src/cms_common.c
-index 9ab2021..3b2e71a 100644
a/src/cms_common.c
-+++ b/src/cms_common.c
-@@ -304,6 +304,17 @@ is_valid_cert(CERTCertificate *cert, void *data)
- return SECFailure;
- }
-
-+int
-+is_issuer_of(CERTCertificate *c0, CERTCertificate *c1)
-+{
-+ if (c0->derSubject.len != c1->derIssuer.len)
-+ return 0;
-+
-+ if (memcmp(c0->derSubject.data, c1->derIssuer.data, c0->derSubject.len))
-+ return 0;
-+ return 1;
-+}
-+
- /* This is the dumbest function ever, but we need it anyway, because nss
- * is garbage. */
- static void
-@@ -448,6 +459,88 @@ err_slots:
- return 0;
- }
-
-+int
-+find_named_certificate(cms_context *cms, char *name, CERTCertificate **cert)
-+{
-+ if (!name) {
-+ cms->log(cms, LOG_ERR, "no certificate name speci
commit pesign for openSUSE:Factory
Hello community, here is the log from the commit of package pesign for openSUSE:Factory checked in at 2013-02-25 21:41:14 Comparing /work/SRC/openSUSE:Factory/pesign (Old) and /work/SRC/openSUSE:Factory/.pesign.new (New) Package is "pesign", Maintainer is "g...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/pesign/pesign.changes2013-02-22 16:57:11.0 +0100 +++ /work/SRC/openSUSE:Factory/.pesign.new/pesign.changes 2013-02-25 21:41:15.0 +0100 @@ -1,0 +2,13 @@ +Mon Feb 25 07:35:59 UTC 2013 - g...@suse.com + +- Update pesign-bnc805166-fix-signature-list.patch to skip the + unneeded private key request. (bnc#805166c#17) + +--- +Sat Feb 23 04:47:48 UTC 2013 - j...@suse.com + +- Modified pesign-bnc805166-fix-signature-list.patch, block out the + source code for find/attach Issuer certificate + (bnc#805166 comment#13) + +--- Other differences: -- ++ pesign-bnc805166-fix-signature-list.patch ++ --- /var/tmp/diff_new_pack.3LK5SK/_old 2013-02-25 21:41:17.0 +0100 +++ /var/tmp/diff_new_pack.3LK5SK/_new 2013-02-25 21:41:17.0 +0100 @@ -1,39 +1,53 @@ -commit 63c6ad572b3c1a7041dc581072421c2c94ff5d35 -Author: Gary Ching-Pang Lin -Date: Fri Feb 22 15:13:08 2013 +0800 - -Backport patches to fix signature list - -Get cms_context out of wincert functions. -ee357451be9968cedda57ce13b103eb82c590e67 - -Rework siglist to be somewhat more useful. -a5ec0d2cd06dec0961fc3fed680e7e385dc5bec8 - -Don't allow our signature list iterator to walk off the end of the file. -18980866e7952100d98510297c0e1cc25fca8fc8 - -Include old signatures in new space calculations. -77d334d77435d64e88fcc772b5b58440b394584a - -Make implanting extracted certificates work again. -5ceddd2f80dfea70d211236190943746c2d2f77b - -Add error handling macros to make code simpler. -0bafa814b49a9556550cfbc373e0ea5b9edb929e - -Add is_issuer_of(cert, cert) helper function. -7750aaeceb2655807788f8e45417e84cb5404a8e - -Add "find_named_certificate()" helper function. -c89c8dbf7929f8f8f36bc1c4045fcc17d5ce7e5c - -Make generate_certificate_list include the issuing certificate. -8c3d82ceb5029bedfee1577682fec5ff3669ff3c - -Fix a casting problem on 32-bit. - -9eb2814858270af2d7ecfbfa5ca131e7be2f9f53 +From 4956251d79904be08c4012fa06c14434f8e706ed Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Fri, 22 Feb 2013 15:13:08 +0800 +Subject: [PATCH 1/2] Backport patches to fix signature list + +Get cms_context out of wincert functions. +ee357451be9968cedda57ce13b103eb82c590e67 + +Rework siglist to be somewhat more useful. +a5ec0d2cd06dec0961fc3fed680e7e385dc5bec8 + +Don't allow our signature list iterator to walk off the end of the file. +18980866e7952100d98510297c0e1cc25fca8fc8 + +Include old signatures in new space calculations. +77d334d77435d64e88fcc772b5b58440b394584a + +Make implanting extracted certificates work again. +5ceddd2f80dfea70d211236190943746c2d2f77b + +Add error handling macros to make code simpler. +0bafa814b49a9556550cfbc373e0ea5b9edb929e + +Add is_issuer_of(cert, cert) helper function. +7750aaeceb2655807788f8e45417e84cb5404a8e + +Add "find_named_certificate()" helper function. +c89c8dbf7929f8f8f36bc1c4045fcc17d5ce7e5c + +Make generate_certificate_list include the issuing certificate. +8c3d82ceb5029bedfee1577682fec5ff3669ff3c + +Fix a casting problem on 32-bit. +9eb2814858270af2d7ecfbfa5ca131e7be2f9f53 +--- + libdpe/pe_addcert.c|2 +- + libdpe/pe_updatefile.c | 13 ++- + src/actions.c | 12 +-- + src/actions.h |2 +- + src/cms_common.c | 93 + src/cms_common.h | 32 - + src/daemon.c |6 ++-- + src/pesign.c | 35 +++--- + src/peverify.c |7 ++-- + src/siglist.c | 46 +++- + src/siglist.h |3 +- + src/signed_data.c | 53 +-- + src/wincert.c | 65 +++-- + src/wincert.h |8 +++-- + 14 files changed, 312 insertions(+), 65 deletions(-) diff --git a/libdpe/pe_addcert.c b/libdpe/pe_addcert.c index e391242..b6ba969 100644 @@ -779,3 +793,33 @@ + #endif /* PESIGN_WINCERT_H */ +-- +1.7.10.4 + + +From 8d86f6db19be98538fd5397a9de5f7d06733746e Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Mon, 25 Feb 2013 10:43:09 +0800 +Subject: [PATCH 2/2] Don't request the private key in + find_named_certificate() when imp
commit pesign for openSUSE:Factory
Hello community, here is the log from the commit of package pesign for openSUSE:Factory checked in at 2013-02-22 16:57:10 Comparing /work/SRC/openSUSE:Factory/pesign (Old) and /work/SRC/openSUSE:Factory/.pesign.new (New) Package is "pesign", Maintainer is "g...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/pesign/pesign.changes2013-02-13 12:09:52.0 +0100 +++ /work/SRC/openSUSE:Factory/.pesign.new/pesign.changes 2013-02-22 16:57:11.0 +0100 @@ -1,0 +2,7 @@ +Fri Feb 22 08:44:43 UTC 2013 - g...@suse.com + +- Add pesign-bnc805166-fix-signature-list.patch to fix the broken + signature list when inserting signature into a signed EFI binary + (bnc#805166) + +--- New: pesign-bnc805166-fix-signature-list.patch Other differences: -- ++ pesign.spec ++ --- /var/tmp/diff_new_pack.1ncOKm/_old 2013-02-22 16:57:13.0 +0100 +++ /var/tmp/diff_new_pack.1ncOKm/_new 2013-02-22 16:57:13.0 +0100 @@ -43,6 +43,8 @@ # PATCH-FIX-UPSTREAM pesign-privkey_unneeded.diff g...@suse.com -- Don't check the private key when importing the raw signature Patch10:pesign-privkey_unneeded.diff Patch11:pesign-no-set-image-size.patch +# PATCH-FIX-UPSTREAM pesign-bnc805166-fix-signature-list.patch bnc#805166 g...@suse.com -- Fix the broken signature list when inserting a new signature into a signed EFI binary. +Patch12:pesign-bnc805166-fix-signature-list.patch BuildRequires: mozilla-nss-devel BuildRequires: pkg-config BuildRequires: popt-devel @@ -78,6 +80,7 @@ %patch9 -p1 %patch10 -p1 %patch11 -p1 +%patch12 -p1 %build make OPTFLAGS="$RPM_OPT_FLAGS" ++ pesign-bnc805166-fix-signature-list.patch ++ 781 lines (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit pesign for openSUSE:Factory
Hello community, here is the log from the commit of package pesign for openSUSE:Factory checked in at 2013-02-13 12:09:50 Comparing /work/SRC/openSUSE:Factory/pesign (Old) and /work/SRC/openSUSE:Factory/.pesign.new (New) Package is "pesign", Maintainer is "g...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/pesign/pesign.changes2013-02-07 14:27:43.0 +0100 +++ /work/SRC/openSUSE:Factory/.pesign.new/pesign.changes 2013-02-13 12:09:52.0 +0100 @@ -1,0 +2,6 @@ +Tue Feb 12 15:32:11 CET 2013 - m...@suse.de + +- do not try to recalculate the image size, it is included in the + hash and therefore must not change. + +--- New: pesign-no-set-image-size.patch Other differences: -- ++ pesign.spec ++ --- /var/tmp/diff_new_pack.5d0dsV/_old 2013-02-13 12:09:53.0 +0100 +++ /var/tmp/diff_new_pack.5d0dsV/_new 2013-02-13 12:09:53.0 +0100 @@ -42,6 +42,7 @@ Patch9: pesign-fix-export-attributes.patch # PATCH-FIX-UPSTREAM pesign-privkey_unneeded.diff g...@suse.com -- Don't check the private key when importing the raw signature Patch10:pesign-privkey_unneeded.diff +Patch11:pesign-no-set-image-size.patch BuildRequires: mozilla-nss-devel BuildRequires: pkg-config BuildRequires: popt-devel @@ -76,6 +77,7 @@ %patch7 -p1 %patch9 -p1 %patch10 -p1 +%patch11 -p1 %build make OPTFLAGS="$RPM_OPT_FLAGS" ++ pesign-no-set-image-size.patch ++ --- a/libdpe/pe_addcert.c 2013-02-12 14:30:49.0 + +++ b/libdpe/pe_addcert.c 2013-02-12 14:30:55.0 + @@ -61,7 +61,9 @@ pe_alloccert(Pe *pe, size_t size) dd->certs.virtual_address = compute_file_addr(pe, addr); dd->certs.size = size; +#if 0 pe_set_image_size(pe); +#endif return 0; } -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit pesign for openSUSE:Factory
Hello community,
here is the log from the commit of package pesign for openSUSE:Factory checked
in at 2013-02-07 14:27:41
Comparing /work/SRC/openSUSE:Factory/pesign (Old)
and /work/SRC/openSUSE:Factory/.pesign.new (New)
Package is "pesign", Maintainer is "g...@suse.com"
Changes:
--- /work/SRC/openSUSE:Factory/pesign/pesign.changes2013-01-22
17:46:48.0 +0100
+++ /work/SRC/openSUSE:Factory/.pesign.new/pesign.changes 2013-02-07
14:27:43.0 +0100
@@ -1,0 +2,12 @@
+Wed Feb 6 10:44:48 UTC 2013 - g...@suse.com
+
+- Merge patches for FATE#314552
+ + pesign-fix-export-attributes.patch: fix crash when exporting
+the signed attributes
+ + pesign-privkey_unneeded.diff: Don't check the private key when
+importing the raw signature
+- Add pesign-bnc801653-teardown-segfault.patch to fix crash when
+ freeing digests (bnc801653)
+- Drop pesign-digestdata.diff which is no longer needed.
+
+---
Old:
pesign-digestdata.diff
New:
pesign-bnc801653-teardown-segfault.patch
pesign-fix-export-attributes.patch
pesign-privkey_unneeded.diff
Other differences:
--
++ pesign.spec ++
--- /var/tmp/diff_new_pack.sLgA9P/_old 2013-02-07 14:27:44.0 +0100
+++ /var/tmp/diff_new_pack.sLgA9P/_new 2013-02-07 14:27:44.0 +0100
@@ -36,8 +36,12 @@
Patch4: pesign-client-read-pin-file.patch
# PATCH-FIX-UPSTREAM pesign-local-database.patch g...@suse.com -- Support
local certificate database
Patch5: pesign-local-database.patch
-# PATCH-FIX-UPSTREAM pesign-digestdata.diff g...@suse.com -- Generate
digestdata
-Patch6: pesign-digestdata.diff
+# PATCH-FIX-UPSTREAM pesign-bnc801653-teardown-segfault.patch g...@suse.com --
Fix crash when freeing digests
+Patch7: pesign-bnc801653-teardown-segfault.patch
+# PATCH-FIX-UPSTREAM pesign-fix-export-attributes.patch g...@suse.com -- Fix
crash when exporting attributes
+Patch9: pesign-fix-export-attributes.patch
+# PATCH-FIX-UPSTREAM pesign-privkey_unneeded.diff g...@suse.com -- Don't check
the private key when importing the raw signature
+Patch10:pesign-privkey_unneeded.diff
BuildRequires: mozilla-nss-devel
BuildRequires: pkg-config
BuildRequires: popt-devel
@@ -69,7 +73,9 @@
%patch3 -p1
%patch4 -p1
%patch5 -p1
-%patch6 -p0
+%patch7 -p1
+%patch9 -p1
+%patch10 -p1
%build
make OPTFLAGS="$RPM_OPT_FLAGS"
++ pesign-bnc801653-teardown-segfault.patch ++
commit ed689613e93f3121048d6c922c90aafd6bf10880
Author: Peter Jones
Date: Tue Nov 27 11:37:05 2012 -0500
Hopefully make teardown_digests() work better...
Freeing nss constructs continues to be weird.
Signed-off-by: Peter Jones
---
src/cms_common.c |7 ++-
1 file changed, 2 insertions(+), 5 deletions(-)
--- a/src/cms_common.c
+++ b/src/cms_common.c
@@ -110,8 +110,6 @@ teardown_digests(cms_context *ctx)
PK11_DestroyContext(digests[i].pk11ctx, PR_TRUE);
}
if (digests[i].pe_digest) {
- free_poison(digests[i].pe_digest->data,
- digests[i].pe_digest->len);
/* XXX sure seems like we should be freeing it here,
* but that's segfaulting, and we know it'll get
* cleaned up with PORT_FreeArena a couple of lines
@@ -120,7 +118,7 @@ teardown_digests(cms_context *ctx)
digests[i].pe_digest = NULL;
}
}
- free(digests);
+ PORT_Free(digests);
ctx->digests = NULL;
}
@@ -184,7 +182,6 @@ cms_context_fini(cms_context *cms)
memset(&cms->newsig, '\0', sizeof (cms->newsig));
}
- teardown_digests(cms);
cms->selected_digest = -1;
if (cms->ci_digest) {
@@ -708,7 +705,7 @@ generate_digest_begin(cms_context *cms)
if (cms->digests) {
digests = cms->digests;
} else {
- digests = calloc(n_digest_params, sizeof (*digests));
+ digests = PORT_ZAlloc(n_digest_params * sizeof (*digests));
if (!digests) {
cms->log(cms, LOG_ERR, "cannot allocate memory: %m");
return -1;
++ pesign-fix-export-attributes.patch ++
>From 8376d873bf72c06b5efaa9dad812eb783cda5d41 Mon Sep 17 00:00:00 2001
From: Peter Jones
Date: Fri, 25 Jan 2013 10:34:55 -0500
Subject: [PATCH] Fix up "-E", which apparently broke during some refactoring.
Signed-off-by: Peter Jones
---
src/actions.c |9 +
1 file changed, 9 insertions(+)
diff --git a/src/actions.c b/src/actions.c
index 6c32819..5c5dd89 1
commit pesign for openSUSE:Factory
Hello community,
here is the log from the commit of package pesign for openSUSE:Factory checked
in at 2013-01-22 17:46:46
Comparing /work/SRC/openSUSE:Factory/pesign (Old)
and /work/SRC/openSUSE:Factory/.pesign.new (New)
Package is "pesign", Maintainer is "g...@suse.com"
Changes:
--- /work/SRC/openSUSE:Factory/pesign/pesign.changes2013-01-17
09:54:41.0 +0100
+++ /work/SRC/openSUSE:Factory/.pesign.new/pesign.changes 2013-01-22
17:46:48.0 +0100
@@ -1,0 +2,5 @@
+Mon Jan 21 10:17:28 UTC 2013 - g...@suse.com
+
+- Add pesign-digestdata.diff to generate digestdata (FATE#314552)
+
+---
New:
pesign-digestdata.diff
Other differences:
--
++ pesign.spec ++
--- /var/tmp/diff_new_pack.nHqa53/_old 2013-01-22 17:46:50.0 +0100
+++ /var/tmp/diff_new_pack.nHqa53/_new 2013-01-22 17:46:50.0 +0100
@@ -1,7 +1,7 @@
#
# spec file for package pesign
#
-# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -16,14 +16,13 @@
#
-
Name: pesign
Version:0.99
-Release:1
-License:GPL-2.0
+Release:0
Summary:Signing tool for PE-COFF binaries
-Url:https://github.com/vathpela/pesign
+License:GPL-2.0
Group: Productivity/Security
+Url:https://github.com/vathpela/pesign
Source: %{name}-%{version}.tar.bz2
# PATCH-FIX-UPSTREAM pesign-upstream-fixes.patch g...@suse.com -- fixes from
upstream
Patch0: pesign-upstream-fixes.patch
@@ -37,9 +36,11 @@
Patch4: pesign-client-read-pin-file.patch
# PATCH-FIX-UPSTREAM pesign-local-database.patch g...@suse.com -- Support
local certificate database
Patch5: pesign-local-database.patch
+# PATCH-FIX-UPSTREAM pesign-digestdata.diff g...@suse.com -- Generate
digestdata
+Patch6: pesign-digestdata.diff
BuildRequires: mozilla-nss-devel
-BuildRequires: popt-devel
BuildRequires: pkg-config
+BuildRequires: popt-devel
%if 0%{?suse_version} > 1140
BuildRequires: pkgconfig(systemd)
%{?systemd_requires}
@@ -68,6 +69,7 @@
%patch3 -p1
%patch4 -p1
%patch5 -p1
+%patch6 -p0
%build
make OPTFLAGS="$RPM_OPT_FLAGS"
++ pesign-digestdata.diff ++
--- src/cms_common.c.orig 2013-01-18 14:32:01.0 +
+++ src/cms_common.c2013-01-18 14:34:25.0 +
@@ -155,6 +155,7 @@ cms_context_init(cms_context *cms)
}
cms->selected_digest = -1;
+ cms->digestdatafd = -1;
return 0;
}
@@ -746,6 +747,11 @@ generate_digest_step(cms_context *cms, v
{
for (int i = 0; i < n_digest_params; i++)
PK11_DigestOp(cms->digests[i].pk11ctx, data, len);
+ if (cms->digestdatafd >= 0 && len != 0) {
+ if (write(cms->digestdatafd, data, len) != len) {
+ cms->log(cms, LOG_ERR, "digestdata write: %m");
+ }
+ }
}
int
--- src/cms_common.h.orig 2013-01-18 14:31:32.0 +
+++ src/cms_common.h2013-01-18 14:31:54.0 +
@@ -59,6 +59,8 @@ typedef struct cms_context {
cms_common_logger log;
void *log_priv;
+
+ int digestdatafd;
} cms_context;
typedef struct {
--- src/pesign.c.orig 2013-01-18 14:20:47.0 +
+++ src/pesign.c2013-01-18 14:35:03.0 +
@@ -177,6 +177,24 @@ open_output(pesign_context *ctx)
}
static void
+open_digestdata(pesign_context *ctx)
+{
+ ctx->digestdatafd = open(ctx->digestdatafile,
O_RDWR|O_CREAT|O_TRUNC|O_CLOEXEC,
+ 0666);
+ if (ctx->digestdatafd < 0) {
+ fprintf(stderr, "pesign: Error opening digest data file: %m\n");
+ exit(1);
+ }
+}
+
+static void
+close_digestdata(pesign_context *ctx)
+{
+ close(ctx->digestdatafd);
+ ctx->digestdatafd = -1;
+}
+
+static void
open_rawsig_input(pesign_context *ctx)
{
if (!ctx->rawsig) {
@@ -461,6 +479,7 @@ main(int argc, char *argv[])
{"sign", 's', POPT_ARG_VAL, &ctxp->sign, 1,
"create a new signature", NULL },
{"hash", 'h', POPT_ARG_VAL, &ctxp->hash, 1, "hash binary", NULL
},
+ {"digestdata", 'H', POPT_ARG_STRING, &ctxp->digestdatafile, 0,
"write digest data in file", ""},
{"digest_type", 'd', POPT_ARG_STRING|POPT_ARGFLAG_SHOW_DEFAULT,
&digest_name, 0, "digest type to use for pe hash" },
{"impor
commit pesign for openSUSE:Factory
Hello community, here is the log from the commit of package pesign for openSUSE:Factory checked in at 2013-01-17 09:54:39 Comparing /work/SRC/openSUSE:Factory/pesign (Old) and /work/SRC/openSUSE:Factory/.pesign.new (New) Package is "pesign", Maintainer is "g...@suse.com" Changes: New Changes file: --- /dev/null 2013-01-09 19:40:42.352580873 +0100 +++ /work/SRC/openSUSE:Factory/.pesign.new/pesign.changes 2013-01-17 09:54:41.0 +0100 @@ -0,0 +1,155 @@ +--- +Wed Dec 12 13:18:40 UTC 2012 - fcro...@suse.com + +- Don't call sysv RPM post/pre macros when building for systemd +- Ship rcpesign for systemd, link to /sbin/service +- Update pesign-suse-build.patch to allow change systemd unit + install directory. +- Don't hardcode systemd unit directory, since it changed in + Factory. + +--- +Tue Dec 11 07:10:04 UTC 2012 - g...@suse.com + +- Add Requires: pwdutils + +--- +Wed Nov 28 07:42:09 UTC 2012 - g...@suse.com + +- Add pesign-local-database.patch to support the local certificate + database +- Amend the spec file to build on openSUSE:Factory + +--- +Thu Nov 8 06:32:32 UTC 2012 - g...@suse.com + +- Version bump to 0.99 (FATE#314484) + + Add documentation for --daemonize and --nofork + + Make popt aliases work + + Add documentation for pesign-client + + Add --pinfd and --pinfile to the client +- Update pesign-suse-build.patch and pesign-fix-build-errors.patch +- Add pesign-upstream-fixes.patch to backport fixes from git head + and add sysvinit script +- Add pesign-client-initialize-action.patch to initialize client + action to avoid undetermined flags. +- Add pesign-client-read-pin-file.patch to fix pin file reading + +--- +Mon Oct 15 09:33:19 UTC 2012 - g...@suse.com + +- Version bump to 0.98 + + close the socket immediately on invalid input + + Slightly better error messages + + Log an error if digest initialization fails + + Add systemd bits for pesignd + + Add actual signing code to the daemon + + Add input and output setup for sign functionality in the daemon + + Audit allocation of CERTCertificateList/PK11SlotList and +friends + + Fix memory leaks +- Refresh pesign-suse-build.patch and pesign-fix-build-errors.patch + +--- +Mon Aug 13 06:50:35 UTC 2012 - g...@suse.com + +- Version bump to 0.9 + + Add NSS "token" support for smartcards. + + Allocate space for the section header variable +- Refresh pesign-fix-build-errors.patch to fix the warning +- Drop upstreamed pesign-allocate-shdr.patch + +--- +Fri Aug 10 10:12:53 UTC 2012 - g...@suse.com + +- Add pesign-allocate-shdr.patch to allocate space for the section + header variable + +--- +Thu Aug 9 03:53:45 UTC 2012 - g...@suse.com + +- Version bump to 0.8 + + Don't open the DB r/w, read-only is fine. + + Attempt to do a better job setting the image size. + + Emit correct OID for encryption type. +- Drop pesign-fix-image-size.patch which is already in 0.8 + +--- +Tue Aug 7 03:03:17 UTC 2012 - g...@suse.com + +- Add upstream patch pesign-fix-image-size.patch to set the image + size correctly. +- Drop pesign-elilo-workaround.patch + +--- +Mon Aug 6 08:03:05 UTC 2012 - g...@suse.com + +- Version bump to 0.7 + + Fix incorrect initialization error in (undocumented) -e option. + + Use SEC_OID_PKCS1_RSA_ENCRYPTION like MS + + Initialize the index variable of loop + + Adjust the buffer size to avoid overflow + + Make sure pe_populatecert() always returns a value + +--- +Mon Jul 23 08:49:13 UTC 2012 - g...@suse.com + +- Add pesign-elilo-workaround.patch to workaround the section + header corruption in some EFI image (elilo for example) + +--- +Mon Jul 23 03:32:18 UTC 2012 - g...@suse.com + +- Add pesign-fix-build-errors.patch to fix build error/warning +- Don't install the util efi images +- Fix the RPM_OPT_FLAGS warning + +--- +Thu Jul 12 09:37:55 UTC 2012 - g...@suse.com + +- Version bump to 0.5 + + Handle and report mremap() failure + + Man page should be in section 1. + + Add some basic signature list management. + + Add some more e
