Hello community, here is the log from the commit of package pesign for openSUSE:Factory checked in at 2013-02-07 14:27:41 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/pesign (Old) and /work/SRC/openSUSE:Factory/.pesign.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pesign", Maintainer is "g...@suse.com" Changes: -------- --- /work/SRC/openSUSE:Factory/pesign/pesign.changes 2013-01-22 17:46:48.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.pesign.new/pesign.changes 2013-02-07 14:27:43.000000000 +0100 @@ -1,0 +2,12 @@ +Wed Feb 6 10:44:48 UTC 2013 - g...@suse.com + +- Merge patches for FATE#314552 + + pesign-fix-export-attributes.patch: fix crash when exporting + the signed attributes + + pesign-privkey_unneeded.diff: Don't check the private key when + importing the raw signature +- Add pesign-bnc801653-teardown-segfault.patch to fix crash when + freeing digests (bnc801653) +- Drop pesign-digestdata.diff which is no longer needed. + +------------------------------------------------------------------- Old: ---- pesign-digestdata.diff New: ---- pesign-bnc801653-teardown-segfault.patch pesign-fix-export-attributes.patch pesign-privkey_unneeded.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pesign.spec ++++++ --- /var/tmp/diff_new_pack.sLgA9P/_old 2013-02-07 14:27:44.000000000 +0100 +++ /var/tmp/diff_new_pack.sLgA9P/_new 2013-02-07 14:27:44.000000000 +0100 @@ -36,8 +36,12 @@ Patch4: pesign-client-read-pin-file.patch # PATCH-FIX-UPSTREAM pesign-local-database.patch g...@suse.com -- Support local certificate database Patch5: pesign-local-database.patch -# PATCH-FIX-UPSTREAM pesign-digestdata.diff g...@suse.com -- Generate digestdata -Patch6: pesign-digestdata.diff +# PATCH-FIX-UPSTREAM pesign-bnc801653-teardown-segfault.patch g...@suse.com -- Fix crash when freeing digests +Patch7: pesign-bnc801653-teardown-segfault.patch +# PATCH-FIX-UPSTREAM pesign-fix-export-attributes.patch g...@suse.com -- Fix crash when exporting attributes +Patch9: pesign-fix-export-attributes.patch +# PATCH-FIX-UPSTREAM pesign-privkey_unneeded.diff g...@suse.com -- Don't check the private key when importing the raw signature +Patch10: pesign-privkey_unneeded.diff BuildRequires: mozilla-nss-devel BuildRequires: pkg-config BuildRequires: popt-devel @@ -69,7 +73,9 @@ %patch3 -p1 %patch4 -p1 %patch5 -p1 -%patch6 -p0 +%patch7 -p1 +%patch9 -p1 +%patch10 -p1 %build make OPTFLAGS="$RPM_OPT_FLAGS" ++++++ pesign-bnc801653-teardown-segfault.patch ++++++ commit ed689613e93f3121048d6c922c90aafd6bf10880 Author: Peter Jones <pjo...@redhat.com> Date: Tue Nov 27 11:37:05 2012 -0500 Hopefully make teardown_digests() work better... Freeing nss constructs continues to be weird. Signed-off-by: Peter Jones <pjo...@redhat.com> --- src/cms_common.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) --- a/src/cms_common.c +++ b/src/cms_common.c @@ -110,8 +110,6 @@ teardown_digests(cms_context *ctx) PK11_DestroyContext(digests[i].pk11ctx, PR_TRUE); } if (digests[i].pe_digest) { - free_poison(digests[i].pe_digest->data, - digests[i].pe_digest->len); /* XXX sure seems like we should be freeing it here, * but that's segfaulting, and we know it'll get * cleaned up with PORT_FreeArena a couple of lines @@ -120,7 +118,7 @@ teardown_digests(cms_context *ctx) digests[i].pe_digest = NULL; } } - free(digests); + PORT_Free(digests); ctx->digests = NULL; } @@ -184,7 +182,6 @@ cms_context_fini(cms_context *cms) memset(&cms->newsig, '\0', sizeof (cms->newsig)); } - teardown_digests(cms); cms->selected_digest = -1; if (cms->ci_digest) { @@ -708,7 +705,7 @@ generate_digest_begin(cms_context *cms) if (cms->digests) { digests = cms->digests; } else { - digests = calloc(n_digest_params, sizeof (*digests)); + digests = PORT_ZAlloc(n_digest_params * sizeof (*digests)); if (!digests) { cms->log(cms, LOG_ERR, "cannot allocate memory: %m"); return -1; ++++++ pesign-fix-export-attributes.patch ++++++ >From 8376d873bf72c06b5efaa9dad812eb783cda5d41 Mon Sep 17 00:00:00 2001 From: Peter Jones <pjo...@redhat.com> Date: Fri, 25 Jan 2013 10:34:55 -0500 Subject: [PATCH] Fix up "-E", which apparently broke during some refactoring. Signed-off-by: Peter Jones <pjo...@redhat.com> --- src/actions.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/actions.c b/src/actions.c index 6c32819..5c5dd89 100644 --- a/src/actions.c +++ b/src/actions.c @@ -373,6 +373,15 @@ generate_sattr_blob(pesign_context *ctx) { int rc; SECItem sa; + SpcContentInfo ci; + + memset(&ci, '\0', sizeof (ci)); + rc = generate_spc_content_info(ctx->cms_ctx, &ci); + if (rc < 0) { + fprintf(stderr, "Could not generate content info: %s\n", + PORT_ErrorToString(PORT_GetError())); + exit(1); + } rc = generate_signed_attributes(ctx->cms_ctx, &sa); if (rc < 0) { -- 1.7.10.4 ++++++ pesign-privkey_unneeded.diff ++++++ --- src/cms_common.c | 9 ++++++++- src/cms_common.h | 1 + src/pesign.c | 1 + 3 files changed, 10 insertions(+), 1 deletion(-) --- a/src/cms_common.c +++ b/src/cms_common.c @@ -276,6 +276,7 @@ struct cbdata { CERTCertificate *cert; PK11SlotListElement *psle; secuPWData *pwdata; + int privkey_unneeded; }; static SECStatus @@ -288,6 +289,11 @@ is_valid_cert(CERTCertificate *cert, voi SECKEYPrivateKey *privkey = NULL; + if (cbdata->privkey_unneeded) { + cbdata->cert = cert; + return SECSuccess; + } + privkey = PK11_FindPrivateKeyFromCert(slot, cert, pwdata); if (privkey != NULL) { cbdata->cert = cert; @@ -398,7 +404,7 @@ err_slots: goto err_slots_errmsg; SECStatus status; - if (PK11_NeedLogin(psle->slot) && !PK11_IsLoggedIn(psle->slot, pwdata)) { + if (!cms->privkey_unneeded && PK11_NeedLogin(psle->slot) && !PK11_IsLoggedIn(psle->slot, pwdata)) { status = PK11_Authenticate(psle->slot, PR_TRUE, pwdata); if (status != SECSuccess) { cms->log(cms, LOG_ERR, "Authentication failed on " @@ -425,6 +431,7 @@ err_slots: .cert = NULL, .psle = psle, .pwdata = pwdata, + .privkey_unneeded = cms->privkey_unneeded, }; status = PK11_TraverseCertsForNicknameInSlot(&nickname, psle->slot, --- a/src/cms_common.h +++ b/src/cms_common.h @@ -37,6 +37,7 @@ typedef int (*cms_common_logger)(struct typedef struct cms_context { PRArenaPool *arena; void *privkey; + int privkey_unneeded; char *tokenname; char *certname; --- a/src/pesign.c +++ b/src/pesign.c @@ -650,6 +650,7 @@ main(int argc, char *argv[]) */ case IMPORT_RAW_SIGNATURE|IMPORT_SATTRS: check_inputs(ctxp); + ctxp->cms_ctx->privkey_unneeded = 1; rc = find_certificate(ctxp->cms_ctx); if (rc < 0) { fprintf(stderr, "pesign: Could not find " -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org