commit pesign for openSUSE:Factory

Thu, 18 Jul 2013 08:34:22 -0700 

Hello community,

here is the log from the commit of package pesign for openSUSE:Factory checked 
in at 2013-07-18 17:33:03
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/pesign (Old)
 and      /work/SRC/openSUSE:Factory/.pesign.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "pesign"

Changes:
--------
--- /work/SRC/openSUSE:Factory/pesign/pesign.changes    2013-07-16 
15:58:24.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.pesign.new/pesign.changes       2013-07-18 
17:33:05.000000000 +0200
@@ -1,0 +2,6 @@
+Thu Jul 18 06:54:19 UTC 2013 - [email protected]
+
+- Add pesign-allow-no-issuer-cert.patch to avoid crash when the
+  issuer's certificate is not available
+
+-------------------------------------------------------------------

New:
----
  pesign-allow-no-issuer-cert.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ pesign.spec ++++++
--- /var/tmp/diff_new_pack.q4dsSI/_old  2013-07-18 17:33:05.000000000 +0200
+++ /var/tmp/diff_new_pack.q4dsSI/_new  2013-07-18 17:33:05.000000000 +0200
@@ -32,6 +32,8 @@
 Patch3:         pesign-privkey_unneeded.diff
 # PATCH-FIX-UPSTREAM pesign-clear-padding-bits.patch [email protected] -- Clear 
the allocated space before inserting the certificate list
 Patch4:         pesign-clear-padding-bits.patch
+# PATCH-FIX-UPSTREAM pesign-allow-no-issuer-cert.patch [email protected] -- Don't 
crash if the issuer's certificate is not available
+Patch5:         pesign-allow-no-issuer-cert.patch
 BuildRequires:  mozilla-nss-devel
 BuildRequires:  pkg-config
 BuildRequires:  popt-devel
@@ -60,6 +62,7 @@
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
+%patch5 -p1
 
 %build
 make OPTFLAGS="$RPM_OPT_FLAGS"

++++++ pesign-allow-no-issuer-cert.patch ++++++
>From be564827927e9845b61807b1355467df9d8115e6 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <[email protected]>
Date: Mon, 4 Mar 2013 16:25:08 +0800
Subject: [PATCH] Include the issuer's certificate only when available

---
 src/cms_common.c  |    2 +-
 src/signed_data.c |    7 +------
 2 files changed, 2 insertions(+), 7 deletions(-)

diff --git a/src/cms_common.c b/src/cms_common.c
index 7cca21b..755dd31 100644
--- a/src/cms_common.c
+++ b/src/cms_common.c
@@ -588,7 +588,7 @@ find_named_certificate(cms_context *cms, char *name, 
CERTCertificate **cert)
                if (!strcmp(node->cert->subjectName, name))
                        break;
        }
-       if (!node) {
+       if (CERT_LIST_END(node,certlist)) {
                PK11_DestroySlotListElement(slots, &psle);
                PK11_FreeSlotList(slots);
                CERT_DestroyCertList(certlist);
diff --git a/src/signed_data.c b/src/signed_data.c
index fc1d137..97bf8b5 100644
--- a/src/signed_data.c
+++ b/src/signed_data.c
@@ -96,12 +96,7 @@ generate_certificate_list(cms_context *cms, SECItem 
***certificate_list_p)
                CERTCertificate *signer = NULL;
                int rc = find_named_certificate(cms, cms->cert->issuerName,
                                                &signer);
-               if (rc < 0) {
-                       PORT_ArenaRelease(cms->arena, mark);
-                       return -1;
-               }
-
-               if (signer) {
+               if (rc == 0 && signer) {
                        if (signer->derCert.len != cms->cert->derCert.len ||
                                        memcmp(signer->derCert.data,
                                                cms->cert->derCert.data,
-- 
1.7.10.4

++++++ pesign-privkey_unneeded.diff ++++++
--- /var/tmp/diff_new_pack.q4dsSI/_old  2013-07-18 17:33:05.000000000 +0200
+++ /var/tmp/diff_new_pack.q4dsSI/_new  2013-07-18 17:33:05.000000000 +0200
@@ -1,8 +1,8 @@
 ---
- src/cms_common.c |   10 +++++++++-
+ src/cms_common.c |   12 ++++++++++--
  src/cms_common.h |    1 +
  src/pesign.c     |    1 +
- 3 files changed, 11 insertions(+), 1 deletion(-)
+ 3 files changed, 12 insertions(+), 2 deletions(-)
 
 --- a/src/cms_common.c
 +++ b/src/cms_common.c
@@ -44,6 +44,15 @@
        };
  
        if (needs_private_key) {
+@@ -562,7 +570,7 @@ find_named_certificate(cms_context *cms,
+       }
+ 
+       SECStatus status;
+-      if (PK11_NeedLogin(psle->slot) && !PK11_IsLoggedIn(psle->slot, pwdata)) 
{
++      if (!cms->privkey_unneeded && PK11_NeedLogin(psle->slot) && 
!PK11_IsLoggedIn(psle->slot, pwdata)) {
+               status = PK11_Authenticate(psle->slot, PR_TRUE, pwdata);
+               if (status != SECSuccess) {
+                       PK11_DestroySlotListElement(slots, &psle);
 --- a/src/cms_common.h
 +++ b/src/cms_common.h
 @@ -63,6 +63,7 @@ typedef int (*cms_common_logger)(struct

-- 
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to