Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package sbsigntools for openSUSE:Factory checked in at 2023-04-04 21:26:22 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/sbsigntools (Old) and /work/SRC/openSUSE:Factory/.sbsigntools.new.19717 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sbsigntools" Tue Apr 4 21:26:22 2023 rev:4 rq:1077149 version:0.9.5 Changes: -------- --- /work/SRC/openSUSE:Factory/sbsigntools/sbsigntools.changes 2023-02-04 14:31:26.255089264 +0100 +++ /work/SRC/openSUSE:Factory/.sbsigntools.new.19717/sbsigntools.changes 2023-04-04 21:26:38.619312683 +0200 @@ -1,0 +2,16 @@ +Sun Apr 02 14:29:25 UTC 2023 - [email protected] + +- Update to version 0.9.5: + * Fix openssl-3.0 issue involving ASN1 xxx_it + * Add support for openssl-3 + * sbsigntool: add support for RISC-V 64-bit PE/COFF images + * sbvarsign: do not include PKCS#7 attributes + * sbkeysync: Don't ignore errors from insert_new_keys() +- Drop OpenSSL3.patch: Fixed upstream. +- Drop -Wno-error=deprecated-declarations, no longer needed. +- Add -Wno-error=maybe-uninitialized, needed when compiling with + GCC 13. +- Use modern macros, list files explicitly, ensure we do not lose + any. + +------------------------------------------------------------------- Old: ---- OpenSSL3.patch sbsigntools-0.9.4.tar.gz New: ---- sbsigntools-0.9.5.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sbsigntools.spec ++++++ --- /var/tmp/diff_new_pack.7DKthF/_old 2023-04-04 21:26:39.247316248 +0200 +++ /var/tmp/diff_new_pack.7DKthF/_new 2023-04-04 21:26:39.255316293 +0200 @@ -19,11 +19,10 @@ Name: sbsigntools Summary: Canonical EFI binary signing tools License: GPL-3.0-only -Version: 0.9.4 +Version: 0.9.5 Release: 0 URL: http://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git Source: %{name}-%{version}.tar.gz -Patch0: OpenSSL3.patch BuildRequires: binutils-devel BuildRequires: libuuid-devel BuildRequires: openssl-devel @@ -43,24 +42,33 @@ binaries and drivers. %prep -%setup -q -%patch0 -p1 +%autosetup -p1 %build NOCONFIGURE=1 ./autogen.sh -CFLAGS="%optflags -Wno-error=deprecated-declarations" +CFLAGS="%optflags -Wno-error=maybe-uninitialized" %configure -make %{?jobs:-j%jobs} +%make_build %check -make check +%make_build check %install %make_install %files %license COPYING -%{_bindir}/* -%{_mandir}/man1/* +%{_bindir}/sbattach +%{_bindir}/sbkeysync +%{_bindir}/sbsiglist +%{_bindir}/sbsign +%{_bindir}/sbvarsign +%{_bindir}/sbverify +%{_mandir}/man1/sbattach.1%{?ext_man} +%{_mandir}/man1/sbkeysync.1%{?ext_man} +%{_mandir}/man1/sbsiglist.1%{?ext_man} +%{_mandir}/man1/sbsign.1%{?ext_man} +%{_mandir}/man1/sbvarsign.1%{?ext_man} +%{_mandir}/man1/sbverify.1%{?ext_man} %changelog ++++++ _service ++++++ --- /var/tmp/diff_new_pack.7DKthF/_old 2023-04-04 21:26:39.303316566 +0200 +++ /var/tmp/diff_new_pack.7DKthF/_new 2023-04-04 21:26:39.307316588 +0200 @@ -2,8 +2,8 @@ <service name="tar_scm" mode="disabled"> <param name="scm">git</param> <param name="url">git://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git</param> - <param name="revision">refs/tags/v0.9.4</param> - <param name="version">0.9.4</param> + <param name="revision">refs/tags/v0.9.5</param> + <param name="version">0.9.5</param> <param name="submodules">enable</param> <param name="changesgenerate">enable</param> </service> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.7DKthF/_old 2023-04-04 21:26:39.327316702 +0200 +++ /var/tmp/diff_new_pack.7DKthF/_new 2023-04-04 21:26:39.331316725 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">git://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git</param> - <param name="changesrevision">d52f7bbb73401aab8a1d59e8d0d686ad9641035e</param></service></servicedata> + <param name="changesrevision">9cfca9fe7aa7a8e29b92fe33ce8433e212c9a8ba</param></service></servicedata> (No newline at EOF) ++++++ sbsigntools-0.9.4.tar.gz -> sbsigntools-0.9.5.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sbsigntools-0.9.4/configure.ac new/sbsigntools-0.9.5/configure.ac --- old/sbsigntools-0.9.4/configure.ac 2020-06-12 01:32:13.000000000 +0200 +++ new/sbsigntools-0.9.5/configure.ac 2023-03-19 22:07:59.000000000 +0100 @@ -1,4 +1,4 @@ -AC_INIT([sbsigntool], [0.9.4], [[email protected]]) +AC_INIT([sbsigntool], [0.9.5], [[email protected]]) AM_INIT_AUTOMAKE() @@ -55,9 +55,12 @@ AC_DEFINE_UNQUOTED(HAVE_BIG_ENDIAN, $big_endian, [Big-endian system]) PKG_PROG_PKG_CONFIG() -PKG_CHECK_MODULES(libcrypto, libcrypto, - [], - AC_MSG_ERROR([libcrypto (from the OpenSSL package) is required])) +PKG_CHECK_MODULES(libcrypto, [libcrypto >= 3.0.0], + [ac_have_openssl3=1], + [PKG_CHECK_MODULES(libcrypto, libcrypto, + [], + AC_MSG_ERROR([libcrypto (from the OpenSSL package) is required]))]) +AM_CONDITIONAL(HAVE_OPENSSL3, test "$ac_have_openssl3" = "1") PKG_CHECK_MODULES(uuid, uuid, [], @@ -65,7 +68,7 @@ dnl gnu-efi headers require extra include dirs EFI_ARCH=$(uname -m | sed 's/i.86/ia32/;s/arm.*/arm/') -AM_CONDITIONAL(TEST_BINARY_FORMAT, [ test "$EFI_ARCH" = "arm" -o "$EFI_ARCH" = "aarch64" ]) +AM_CONDITIONAL(TEST_BINARY_FORMAT, [ test "$EFI_ARCH" = "arm" -o "$EFI_ARCH" = "aarch64" -o "$EFI_ARCH" = riscv64 ]) ## # no consistent view of where gnu-efi should dump the efi stuff, so find it diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sbsigntools-0.9.4/lib/ccan.git/.gitignore new/sbsigntools-0.9.5/lib/ccan.git/.gitignore --- old/sbsigntools-0.9.4/lib/ccan.git/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/sbsigntools-0.9.5/lib/ccan.git/.gitignore 2023-03-19 22:07:59.000000000 +0100 @@ -0,0 +1,20 @@ +.depends +*.d +*.o +libccan.a +config.h +ccan/*-Makefile +*~ +tools/ccan_depends +tools/doc_extract +tools/namespacize +tools/run_tests +tools/ccanlint/ccanlint +tools/ccanlint/generated-testlist +inter-depends +test-depends +lib-depends +tools/_infotojson/infotojson +tools/ccanlint/test/run-file_analysis +tools/configurator/configurator +scores/ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sbsigntools-0.9.4/src/Makefile.am new/sbsigntools-0.9.5/src/Makefile.am --- old/sbsigntools-0.9.4/src/Makefile.am 2020-06-12 01:32:13.000000000 +0200 +++ new/sbsigntools-0.9.5/src/Makefile.am 2023-03-19 22:07:59.000000000 +0100 @@ -4,6 +4,10 @@ coff_headers = coff/external.h coff/pe.h AM_CFLAGS = -Wall -Wextra --std=gnu99 +if HAVE_OPENSSL3 +AM_CFLAGS += -DOPENSSL_API_COMPAT=0x10100000L +endif + common_SOURCES = idc.c idc.h image.c image.h fileio.c fileio.h \ efivars.h $(coff_headers) common_LDADD = ../lib/ccan/libccan.a $(libcrypto_LIBS) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sbsigntools-0.9.4/src/coff/pe.h new/sbsigntools-0.9.5/src/coff/pe.h --- old/sbsigntools-0.9.4/src/coff/pe.h 2020-06-12 01:32:13.000000000 +0200 +++ new/sbsigntools-0.9.5/src/coff/pe.h 2023-03-19 22:07:59.000000000 +0100 @@ -152,6 +152,7 @@ #define IMAGE_FILE_MACHINE_TRICORE 0x0520 #define IMAGE_FILE_MACHINE_WCEMIPSV2 0x0169 #define IMAGE_FILE_MACHINE_AARCH64 0xaa64 +#define IMAGE_FILE_MACHINE_RISCV64 0x5064 #define IMAGE_SUBSYSTEM_UNKNOWN 0 #define IMAGE_SUBSYSTEM_NATIVE 1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sbsigntools-0.9.4/src/idc.c new/sbsigntools-0.9.5/src/idc.c --- old/sbsigntools-0.9.4/src/idc.c 2020-06-12 01:32:13.000000000 +0200 +++ new/sbsigntools-0.9.5/src/idc.c 2023-03-19 22:07:59.000000000 +0100 @@ -189,7 +189,7 @@ idc->data->type = OBJ_nid2obj(peid_nid); idc->data->value = ASN1_TYPE_new(); - type_set_sequence(image, idc->data->value, peid, &IDC_PEID_it); + type_set_sequence(image, idc->data->value, peid, ASN1_ITEM_rptr(IDC_PEID)); idc->digest->alg->parameter = ASN1_TYPE_new(); idc->digest->alg->algorithm = OBJ_nid2obj(NID_sha256); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sbsigntools-0.9.4/src/image.c new/sbsigntools-0.9.5/src/image.c --- old/sbsigntools-0.9.4/src/image.c 2020-06-12 01:32:13.000000000 +0200 +++ new/sbsigntools-0.9.5/src/image.c 2023-03-19 22:07:59.000000000 +0100 @@ -239,6 +239,7 @@ switch (magic) { case IMAGE_FILE_MACHINE_AMD64: case IMAGE_FILE_MACHINE_AARCH64: + case IMAGE_FILE_MACHINE_RISCV64: rc = image_pecoff_parse_64(image); break; case IMAGE_FILE_MACHINE_I386: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sbsigntools-0.9.4/src/sbkeysync.c new/sbsigntools-0.9.5/src/sbkeysync.c --- old/sbsigntools-0.9.4/src/sbkeysync.c 2020-06-12 01:32:13.000000000 +0200 +++ new/sbsigntools-0.9.5/src/sbkeysync.c 2023-03-19 22:07:59.000000000 +0100 @@ -889,10 +889,12 @@ { bool use_default_keystore_dirs; struct sync_context *ctx; + int rc; use_default_keystore_dirs = true; ctx = talloc_zero(NULL, struct sync_context); list_head_init(&ctx->new_keys); + rc = EXIT_SUCCESS; for (;;) { int idx, c; @@ -985,10 +987,10 @@ if (ctx->verbose) print_new_keys(ctx); - if (!ctx->dry_run) - insert_new_keys(ctx); + if (!ctx->dry_run && insert_new_keys(ctx)) + rc = EXIT_FAILURE; talloc_free(ctx); - return EXIT_SUCCESS; + return rc; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sbsigntools-0.9.4/src/sbvarsign.c new/sbsigntools-0.9.5/src/sbvarsign.c --- old/sbsigntools-0.9.4/src/sbvarsign.c 2020-06-12 01:32:13.000000000 +0200 +++ new/sbsigntools-0.9.5/src/sbvarsign.c 2023-03-19 22:07:59.000000000 +0100 @@ -251,7 +251,7 @@ md = EVP_get_digestbyname("SHA256"); p7 = PKCS7_new(); - flags = PKCS7_BINARY | PKCS7_DETACHED | PKCS7_NOSMIMECAP;; + flags = PKCS7_BINARY | PKCS7_DETACHED | PKCS7_NOSMIMECAP | PKCS7_NOATTR;; PKCS7_set_type(p7, NID_pkcs7_signed); PKCS7_content_new(p7, NID_pkcs7_data);
