Hello community, here is the log from the commit of package pesign for openSUSE:Factory checked in at 2013-07-16 15:58:23 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/pesign (Old) and /work/SRC/openSUSE:Factory/.pesign.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pesign" Changes: -------- --- /work/SRC/openSUSE:Factory/pesign/pesign.changes 2013-04-02 12:37:18.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.pesign.new/pesign.changes 2013-07-16 15:58:24.000000000 +0200 @@ -1,0 +2,20 @@ +Tue Jul 9 04:44:44 UTC 2013 - g...@suse.com + +- Update to 0.106 +- Add pesign-clear-padding-bits.patch to clear the padding bits +- Rebase patches: + + pesign-suse-build.patch + + pesign-fix-build-errors.patch + + pesign-privkey_unneeded.diff +- Drop upstreamed patches + + pesign-client-initialize-action.patch + + pesign-bnc808594-align-signatures.patch + + pesign-upstream-fixes.patch + + pesign-fix-export-attributes.patch + + pesign-no-set-image-size.patch + + pesign-client-read-pin-file.patch + + pesign-local-database.patch + + pesign-bnc801653-teardown-segfault.patch + + pesign-bnc805166-fix-signature-list.patch + +------------------------------------------------------------------- Old: ---- pesign-0.99.tar.bz2 pesign-bnc801653-teardown-segfault.patch pesign-bnc805166-fix-signature-list.patch pesign-bnc808594-align-signatures.patch pesign-client-initialize-action.patch pesign-client-read-pin-file.patch pesign-fix-export-attributes.patch pesign-local-database.patch pesign-no-set-image-size.patch pesign-upstream-fixes.patch New: ---- pesign-0.106.tar.bz2 pesign-clear-padding-bits.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pesign.spec ++++++ --- /var/tmp/diff_new_pack.TuAzkZ/_old 2013-07-16 15:58:25.000000000 +0200 +++ /var/tmp/diff_new_pack.TuAzkZ/_new 2013-07-16 15:58:25.000000000 +0200 @@ -17,36 +17,21 @@ Name: pesign -Version: 0.99 +Version: 0.106 Release: 0 Summary: Signing tool for PE-COFF binaries License: GPL-2.0 Group: Productivity/Security Url: https://github.com/vathpela/pesign Source: %{name}-%{version}.tar.bz2 -# PATCH-FIX-UPSTREAM pesign-upstream-fixes.patch g...@suse.com -- fixes from upstream -Patch0: pesign-upstream-fixes.patch # PATCH-FIX-SUSE pesign-suse-build.patch g...@suse.com -- Adjust Makefile for the build service Patch1: pesign-suse-build.patch # PATCH-FIX-UPSTREAM pesign-fix-build-errors.patch g...@suse.com -- Fix gcc warnings Patch2: pesign-fix-build-errors.patch -# PATCH-FIX-UPSTREAM pesign-client-initialize-action.patch g...@suse.com -- Initialize the actions variable -Patch3: pesign-client-initialize-action.patch -# PATCH-FIX-UPSTREAM pesign-client-read-pin-file.patch g...@suse.com -- Fix pin file reading error -Patch4: pesign-client-read-pin-file.patch -# PATCH-FIX-UPSTREAM pesign-local-database.patch g...@suse.com -- Support local certificate database -Patch5: pesign-local-database.patch -# PATCH-FIX-UPSTREAM pesign-bnc801653-teardown-segfault.patch g...@suse.com -- Fix crash when freeing digests -Patch7: pesign-bnc801653-teardown-segfault.patch -# PATCH-FIX-UPSTREAM pesign-fix-export-attributes.patch g...@suse.com -- Fix crash when exporting attributes -Patch9: pesign-fix-export-attributes.patch # PATCH-FIX-UPSTREAM pesign-privkey_unneeded.diff g...@suse.com -- Don't check the private key when importing the raw signature -Patch10: pesign-privkey_unneeded.diff -Patch11: pesign-no-set-image-size.patch -# PATCH-FIX-UPSTREAM pesign-bnc805166-fix-signature-list.patch bnc#805166 g...@suse.com -- Fix the broken signature list when inserting a new signature into a signed EFI binary. -Patch12: pesign-bnc805166-fix-signature-list.patch -# PATCH-FIX-UPSTREAM pesign-bnc808594-align-signatures.patch bnc#808594,bnc#811325 g...@suse.com -- Align the signatures to 8-bytes -Patch13: pesign-bnc808594-align-signatures.patch +Patch3: pesign-privkey_unneeded.diff +# PATCH-FIX-UPSTREAM pesign-clear-padding-bits.patch g...@suse.com -- Clear the allocated space before inserting the certificate list +Patch4: pesign-clear-padding-bits.patch BuildRequires: mozilla-nss-devel BuildRequires: pkg-config BuildRequires: popt-devel @@ -71,18 +56,10 @@ %prep %setup -q -%patch0 -p1 %patch1 -p1 %patch2 -p1 %patch3 -p1 %patch4 -p1 -%patch5 -p1 -%patch7 -p1 -%patch9 -p1 -%patch10 -p1 -%patch11 -p1 -%patch12 -p1 -%patch13 -p1 %build make OPTFLAGS="$RPM_OPT_FLAGS" @@ -140,6 +117,7 @@ %doc COPYING %{_bindir}/pesign %{_bindir}/pesign-client +%{_bindir}/efikeygen %dir %{_sysconfdir}/popt.d %config %{_sysconfdir}/popt.d/pesign.popt %{_sysconfdir}/pki/ ++++++ pesign-0.99.tar.bz2 -> pesign-0.106.tar.bz2 ++++++ ++++ 6575 lines of diff (skipped) ++++++ pesign-clear-padding-bits.patch ++++++ >From edd9cc0e677b35498e974d9a4137feac5bd4b323 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin <g...@suse.com> Date: Tue, 26 Mar 2013 18:30:58 +0800 Subject: [PATCH] Clear the space for the certificate list Make sure the aligned bytes are '\0' Signed-off-by: Gary Ching-Pang Lin <g...@suse.com> --- src/wincert.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/wincert.c b/src/wincert.c index 942fa26..5e23b04 100644 --- a/src/wincert.c +++ b/src/wincert.c @@ -37,7 +37,7 @@ generate_cert_list(SECItem **signatures, int num_signatures, cl_size += ALIGNMENT_PADDING(cl_size, 8); } - uint8_t *data = malloc(cl_size); + uint8_t *data = calloc(1, cl_size); if (!data) return -1; -- 1.8.1.4 ++++++ pesign-fix-build-errors.patch ++++++ --- /var/tmp/diff_new_pack.TuAzkZ/_old 2013-07-16 15:58:25.000000000 +0200 +++ /var/tmp/diff_new_pack.TuAzkZ/_new 2013-07-16 15:58:25.000000000 +0200 @@ -1,12 +1,20 @@ +From 4e03c90bb48e6f9c9d9c9aed491fbcc5be684e7b Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin <g...@suse.com> +Date: Tue, 9 Jul 2013 12:17:31 +0800 +Subject: [PATCH] Fix build errors + --- - src/daemon.c | 35 ++++++++++++++++++++++++++++------- - src/password.c | 3 ++- - src/pesign.c | 10 ++++++++-- - 3 files changed, 38 insertions(+), 10 deletions(-) + src/daemon.c | 36 +++++++++++++++++++++++++++++------- + src/efikeygen.c | 3 ++- + src/password.c | 3 ++- + src/pesign.c | 10 ++++++++-- + 4 files changed, 41 insertions(+), 11 deletions(-) +diff --git a/src/daemon.c b/src/daemon.c +index b2801b9..832a0ea 100644 --- a/src/daemon.c +++ b/src/daemon.c -@@ -436,7 +436,11 @@ malformed: +@@ -432,7 +432,11 @@ malformed: if (rc < 0) { err_attached: pe_end(outpe); @@ -19,16 +27,17 @@ goto finish; } ssize_t sigspace = calculate_signature_space(ctx->cms, outpe); -@@ -453,21 +457,33 @@ err_attached: - finalize_signatures(ctx->cms, outpe); +@@ -450,21 +454,34 @@ err_attached: + ctx->cms->num_signatures, outpe); pe_end(outpe); } else { - ftruncate(outfd, 0); + if (ftruncate(outfd, 0) != 0) { + ctx->cms->log(ctx->cms, ctx->priority|LOG_ERR, -+ "pesignd: could not truncate output file: %m"); ++ "pesignd: could not truncate output " ++ "file: %m"); + } - rc = generate_digest(ctx->cms, inpe); + rc = generate_digest(ctx->cms, inpe, 1); if (rc < 0) { err_detached: - ftruncate(outfd, 0); @@ -58,7 +67,7 @@ } finish: -@@ -979,7 +995,12 @@ daemonize(cms_context *cms_ctx, int do_f +@@ -996,7 +1013,12 @@ daemonize(cms_context *cms_ctx, char *certdir, int do_fork) exit(1); } @@ -72,9 +81,28 @@ if (getuid() == 0) { /* process is running as root, drop privileges */ +diff --git a/src/efikeygen.c b/src/efikeygen.c +index ac27acc..8c3e814 100644 +--- a/src/efikeygen.c ++++ b/src/efikeygen.c +@@ -330,10 +330,11 @@ populate_extensions(cms_context *cms, CERTCertificate *cert, + { + CERTAttribute *attr = NULL; + SECOidData *oid; ++ int i; + + oid = SECOID_FindOIDByTag(SEC_OID_PKCS9_EXTENSION_REQUEST); + +- for (int i; crq->attributes[i]; i++) { ++ for (i = 0; crq->attributes[i]; i++) { + attr = crq->attributes[i]; + if (attr->attrType.len != oid->oid.len) + continue; +diff --git a/src/password.c b/src/password.c +index 43186df..9a9c911 100644 --- a/src/password.c +++ b/src/password.c -@@ -76,7 +76,8 @@ static char *SEC_GetPassword(FILE *input +@@ -76,7 +76,8 @@ static char *SEC_GetPassword(FILE *input, FILE *output, char *prompt, echoOff(infd); } @@ -84,9 +112,11 @@ if (isTTY) { fprintf(output, "\n"); +diff --git a/src/pesign.c b/src/pesign.c +index 890ebfc..fe77c9d 100644 --- a/src/pesign.c +++ b/src/pesign.c -@@ -161,9 +161,15 @@ open_output(pesign_context *ctx) +@@ -164,9 +164,15 @@ open_output(pesign_context *ctx) addr = pe_rawfile(ctx->inpe, &size); @@ -104,3 +134,6 @@ Pe_Cmd cmd = ctx->outfd == STDOUT_FILENO ? PE_C_RDWR : PE_C_RDWR_MMAP; ctx->outpe = pe_begin(ctx->outfd, cmd, NULL); +-- +1.8.1.4 + ++++++ pesign-privkey_unneeded.diff ++++++ --- /var/tmp/diff_new_pack.TuAzkZ/_old 2013-07-16 15:58:25.000000000 +0200 +++ /var/tmp/diff_new_pack.TuAzkZ/_new 2013-07-16 15:58:25.000000000 +0200 @@ -1,12 +1,12 @@ --- - src/cms_common.c | 9 ++++++++- + src/cms_common.c | 10 +++++++++- src/cms_common.h | 1 + src/pesign.c | 1 + - 3 files changed, 10 insertions(+), 1 deletion(-) + 3 files changed, 11 insertions(+), 1 deletion(-) --- a/src/cms_common.c +++ b/src/cms_common.c -@@ -276,6 +276,7 @@ struct cbdata { +@@ -272,6 +272,7 @@ struct cbdata { CERTCertificate *cert; PK11SlotListElement *psle; secuPWData *pwdata; @@ -14,10 +14,11 @@ }; static SECStatus -@@ -288,6 +289,11 @@ is_valid_cert(CERTCertificate *cert, voi +@@ -283,6 +284,12 @@ is_valid_cert(CERTCertificate *cert, voi + void *pwdata = cbdata->pwdata; SECKEYPrivateKey *privkey = NULL; - ++ + if (cbdata->privkey_unneeded) { + cbdata->cert = cert; + return SECSuccess; @@ -26,26 +27,26 @@ privkey = PK11_FindPrivateKeyFromCert(slot, cert, pwdata); if (privkey != NULL) { cbdata->cert = cert; -@@ -398,7 +404,7 @@ err_slots: - goto err_slots_errmsg; +@@ -413,7 +420,7 @@ find_certificate(cms_context *cms, int n + } SECStatus status; - if (PK11_NeedLogin(psle->slot) && !PK11_IsLoggedIn(psle->slot, pwdata)) { + if (!cms->privkey_unneeded && PK11_NeedLogin(psle->slot) && !PK11_IsLoggedIn(psle->slot, pwdata)) { status = PK11_Authenticate(psle->slot, PR_TRUE, pwdata); if (status != SECSuccess) { - cms->log(cms, LOG_ERR, "Authentication failed on " -@@ -425,6 +431,7 @@ err_slots: + PK11_DestroySlotListElement(slots, &psle); +@@ -442,6 +449,7 @@ find_certificate(cms_context *cms, int n .cert = NULL, .psle = psle, .pwdata = pwdata, + .privkey_unneeded = cms->privkey_unneeded, }; - status = PK11_TraverseCertsForNicknameInSlot(&nickname, psle->slot, + if (needs_private_key) { --- a/src/cms_common.h +++ b/src/cms_common.h -@@ -37,6 +37,7 @@ typedef int (*cms_common_logger)(struct +@@ -63,6 +63,7 @@ typedef int (*cms_common_logger)(struct typedef struct cms_context { PRArenaPool *arena; void *privkey; @@ -55,11 +56,11 @@ char *certname; --- a/src/pesign.c +++ b/src/pesign.c -@@ -650,6 +650,7 @@ main(int argc, char *argv[]) +@@ -626,6 +626,7 @@ main(int argc, char *argv[]) */ case IMPORT_RAW_SIGNATURE|IMPORT_SATTRS: check_inputs(ctxp); + ctxp->cms_ctx->privkey_unneeded = 1; - rc = find_certificate(ctxp->cms_ctx); + rc = find_certificate(ctxp->cms_ctx, 0); if (rc < 0) { fprintf(stderr, "pesign: Could not find " ++++++ pesign-suse-build.patch ++++++ --- /var/tmp/diff_new_pack.TuAzkZ/_old 2013-07-16 15:58:25.000000000 +0200 +++ /var/tmp/diff_new_pack.TuAzkZ/_new 2013-07-16 15:58:25.000000000 +0200 @@ -1,16 +1,14 @@ --- Make.defaults | 5 +++-- Make.rules | 4 ++-- - Makefile | 6 +++--- - src/Makefile | 10 +++++----- + Makefile | 4 ++-- + src/Makefile | 9 +++++---- src/pesign.sysvinit | 12 ++++++++---- util/Makefile | 6 +++--- - 6 files changed, 24 insertions(+), 19 deletions(-) + 6 files changed, 23 insertions(+), 17 deletions(-) -Index: pesign-0.99/Make.defaults -=================================================================== ---- pesign-0.99.orig/Make.defaults -+++ pesign-0.99/Make.defaults +--- a/Make.defaults ++++ b/Make.defaults @@ -5,7 +5,8 @@ HOSTARCH = $(shell uname -m | sed s,i[ ARCH := $(shell uname -m | sed s,i[3456789]86,ia32,) INCDIR = -I$(TOPDIR)/include @@ -30,16 +28,14 @@ endif ifeq ($(ARCH), ia32) -Index: pesign-0.99/Make.rules -=================================================================== ---- pesign-0.99.orig/Make.rules -+++ pesign-0.99/Make.rules +--- a/Make.rules ++++ b/Make.rules @@ -2,10 +2,10 @@ $(AR) -cvqs $@ $^ % : %.o -- $(CC) $(CCLDFLAGS) -o $@ $^ $(foreach lib,$(LIBS),-l$(lib)) -+ $(CC) -o $@ $^ $(foreach lib,$(LIBS),-l$(lib)) $(CCLDFLAGS) +- $(CC) $(CCLDFLAGS) -o $@ $^ $(foreach lib,$(LIBS),-l$(lib)) $(foreach pklib,$(PKLIBS), $(shell pkg-config --libs-only-l --libs-only-other $(pklib))) -lpthread ++ $(CC) -o $@ $^ $(foreach lib,$(LIBS),-l$(lib)) $(CCLDFLAGS) $(foreach pklib,$(PKLIBS), $(shell pkg-config --libs-only-l --libs-only-other $(pklib))) -lpthread %.so : - $(CC) $(INCDIR) $(CFLAGS) -Wl,-soname,$(SONAME) $(CCLDFLAGS) $^ -o $@ @@ -47,46 +43,17 @@ %.o: %.c $(CC) $(INCDIR) $(CFLAGS) $(CPPFLAGS) -c $< -o $@ -Index: pesign-0.99/Makefile -=================================================================== ---- pesign-0.99.orig/Makefile -+++ pesign-0.99/Makefile -@@ -2,7 +2,7 @@ TOPDIR = $(shell echo $$PWD) - - include $(TOPDIR)/Make.defaults - --SUBDIRS := include libdpe src util -+SUBDIRS := include libdpe src - DOCDIR := /share/doc/ - VERSION = 0.99 - -@@ -16,8 +16,8 @@ clean : - - install : - @for x in $(SUBDIRS) ; do $(MAKE) -C $${x} TOPDIR=$(TOPDIR) SRCDIR=$(TOPDIR)/$@/ ARCH=$(ARCH) $@ ; done -- $(INSTALL) -d -m 755 $(INSTALLROOT)$(PREFIX)$(DOCDIR)/pesign-$(VERSION)/ -- $(INSTALL) -m 644 COPYING $(INSTALLROOT)$(PREFIX)$(DOCDIR)/pesign-$(VERSION)/ -+ $(INSTALL) -d -m 755 $(INSTALLROOT)$(PREFIX)$(DOCDIR)/pesign/ -+ $(INSTALL) -m 644 COPYING $(INSTALLROOT)$(PREFIX)$(DOCDIR)/pesign/ - - install_systemd: - @for x in $(SUBDIRS) ; do $(MAKE) -C $${x} TOPDIR=$(TOPDIR) SRCDIR=$(TOPDIR)/$@/ ARCH=$(ARCH) $@ ; done -Index: pesign-0.99/src/Makefile -=================================================================== ---- pesign-0.99.orig/src/Makefile -+++ pesign-0.99/src/Makefile -@@ -7,8 +7,9 @@ LIBS = popt - STATIC_LIBS = $(TOPDIR)/libdpe/libdpe.a - PKLIBS = nss +--- a/src/Makefile ++++ b/src/Makefile +@@ -9,6 +9,7 @@ STATIC_LIBS = $(TOPDIR)/libdpe/libdpe.a LDFLAGS = --CCLDFLAGS = -L../libdpe $(foreach pklib,$(PKLIBS), $(shell pkg-config --cflags --libs $(pklib))) -+CCLDFLAGS = -L../libdpe $(foreach pklib,$(PKLIBS), $(shell pkg-config --cflags --libs $(pklib))) -lpthread + CCLDFLAGS = -L../libdpe $(foreach pklib,$(PKLIBS), $(shell pkg-config --libs-only-L $(pklib))) CFLAGS += -I../include/ $(foreach pklib,$(PKLIBS), $(shell pkg-config --cflags $(pklib))) -Werror +UNITDIR = /lib/systemd/system - TARGETS = pesign authvar client + TARGETS = pesign authvar client efisiglist efikeygen -@@ -60,12 +61,12 @@ clean : depclean +@@ -70,12 +71,12 @@ clean : depclean install_systemd: $(INSTALL) -d -m 755 $(INSTALLROOT)/usr/lib/tmpfiles.d/ $(INSTALL) -m 644 tmpfiles.conf $(INSTALLROOT)/usr/lib/tmpfiles.d/pesign.conf @@ -103,10 +70,8 @@ install : $(INSTALL) -d -m 700 $(INSTALLROOT)/etc/pki/pesign/ -Index: pesign-0.99/util/Makefile -=================================================================== ---- pesign-0.99.orig/util/Makefile -+++ pesign-0.99/util/Makefile +--- a/util/Makefile ++++ b/util/Makefile @@ -4,7 +4,7 @@ TOPDIR = $(SRCDIR)/.. include $(TOPDIR)/Make.defaults @@ -127,10 +92,8 @@ .PHONY: all clean install -Index: pesign-0.99/src/pesign.sysvinit -=================================================================== ---- pesign-0.99.orig/src/pesign.sysvinit -+++ pesign-0.99/src/pesign.sysvinit +--- a/src/pesign.sysvinit ++++ b/src/pesign.sysvinit @@ -6,21 +6,25 @@ # processname: /usr/bin/pesign # pidfile: /var/run/pesign.pid @@ -161,3 +124,16 @@ RETVAL=$? echo touch /var/lock/subsys/pesign +--- a/Makefile ++++ b/Makefile +@@ -16,8 +16,8 @@ clean : + + install : + @for x in $(SUBDIRS) ; do $(MAKE) -C $${x} TOPDIR=$(TOPDIR) SRCDIR=$(TOPDIR)/$@/ ARCH=$(ARCH) $@ ; done +- $(INSTALL) -d -m 755 $(INSTALLROOT)$(PREFIX)$(DOCDIR)/pesign-$(VERSION)/ +- $(INSTALL) -m 644 COPYING $(INSTALLROOT)$(PREFIX)$(DOCDIR)/pesign-$(VERSION)/ ++ $(INSTALL) -d -m 755 $(INSTALLROOT)$(PREFIX)$(DOCDIR)/pesign/ ++ $(INSTALL) -m 644 COPYING $(INSTALLROOT)$(PREFIX)$(DOCDIR)/pesign/ + + install_systemd: + @for x in $(SUBDIRS) ; do $(MAKE) -C $${x} TOPDIR=$(TOPDIR) SRCDIR=$(TOPDIR)/$@/ ARCH=$(ARCH) $@ ; done -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org