Hello community, here is the log from the commit of package pesign for openSUSE:Factory checked in at 2013-02-25 21:41:14 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/pesign (Old) and /work/SRC/openSUSE:Factory/.pesign.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "pesign", Maintainer is "GLin@suse.com" Changes: -------- --- /work/SRC/openSUSE:Factory/pesign/pesign.changes 2013-02-22 16:57:11.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.pesign.new/pesign.changes 2013-02-25 21:41:15.000000000 +0100 @@ -1,0 +2,13 @@ +Mon Feb 25 07:35:59 UTC 2013 - glin@suse.com + +- Update pesign-bnc805166-fix-signature-list.patch to skip the + unneeded private key request. (bnc#805166c#17) + +------------------------------------------------------------------- +Sat Feb 23 04:47:48 UTC 2013 - jlee@suse.com + +- Modified pesign-bnc805166-fix-signature-list.patch, block out the + source code for find/attach Issuer certificate + (bnc#805166 comment#13) + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pesign-bnc805166-fix-signature-list.patch ++++++ --- /var/tmp/diff_new_pack.3LK5SK/_old 2013-02-25 21:41:17.000000000 +0100 +++ /var/tmp/diff_new_pack.3LK5SK/_new 2013-02-25 21:41:17.000000000 +0100 @@ -1,39 +1,53 @@ -commit 63c6ad572b3c1a7041dc581072421c2c94ff5d35 -Author: Gary Ching-Pang Lin <chingpang@gmail.com> -Date: Fri Feb 22 15:13:08 2013 +0800 - - Backport patches to fix signature list - - Get cms_context out of wincert functions. - ee357451be9968cedda57ce13b103eb82c590e67 - - Rework siglist to be somewhat more useful. - a5ec0d2cd06dec0961fc3fed680e7e385dc5bec8 - - Don't allow our signature list iterator to walk off the end of the file. - 18980866e7952100d98510297c0e1cc25fca8fc8 - - Include old signatures in new space calculations. - 77d334d77435d64e88fcc772b5b58440b394584a - - Make implanting extracted certificates work again. - 5ceddd2f80dfea70d211236190943746c2d2f77b - - Add error handling macros to make code simpler. - 0bafa814b49a9556550cfbc373e0ea5b9edb929e - - Add is_issuer_of(cert, cert) helper function. - 7750aaeceb2655807788f8e45417e84cb5404a8e - - Add "find_named_certificate()" helper function. - c89c8dbf7929f8f8f36bc1c4045fcc17d5ce7e5c - - Make generate_certificate_list include the issuing certificate. - 8c3d82ceb5029bedfee1577682fec5ff3669ff3c - - Fix a casting problem on 32-bit. - - 9eb2814858270af2d7ecfbfa5ca131e7be2f9f53 +From 4956251d79904be08c4012fa06c14434f8e706ed Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin <chingpang@gmail.com> +Date: Fri, 22 Feb 2013 15:13:08 +0800 +Subject: [PATCH 1/2] Backport patches to fix signature list + +Get cms_context out of wincert functions. +ee357451be9968cedda57ce13b103eb82c590e67 + +Rework siglist to be somewhat more useful. +a5ec0d2cd06dec0961fc3fed680e7e385dc5bec8 + +Don't allow our signature list iterator to walk off the end of the file. +18980866e7952100d98510297c0e1cc25fca8fc8 + +Include old signatures in new space calculations. +77d334d77435d64e88fcc772b5b58440b394584a + +Make implanting extracted certificates work again. +5ceddd2f80dfea70d211236190943746c2d2f77b + +Add error handling macros to make code simpler. +0bafa814b49a9556550cfbc373e0ea5b9edb929e + +Add is_issuer_of(cert, cert) helper function. +7750aaeceb2655807788f8e45417e84cb5404a8e + +Add "find_named_certificate()" helper function. +c89c8dbf7929f8f8f36bc1c4045fcc17d5ce7e5c + +Make generate_certificate_list include the issuing certificate. +8c3d82ceb5029bedfee1577682fec5ff3669ff3c + +Fix a casting problem on 32-bit. +9eb2814858270af2d7ecfbfa5ca131e7be2f9f53 +--- + libdpe/pe_addcert.c | 2 +- + libdpe/pe_updatefile.c | 13 ++++++- + src/actions.c | 12 +------ + src/actions.h | 2 +- + src/cms_common.c | 93 ++++++++++++++++++++++++++++++++++++++++++++++++ + src/cms_common.h | 32 ++++++++++++++++- + src/daemon.c | 6 ++-- + src/pesign.c | 35 +++++++++++++++--- + src/peverify.c | 7 ++-- + src/siglist.c | 46 +++++++++++++++++++----- + src/siglist.h | 3 +- + src/signed_data.c | 53 +++++++++++++++++++++------ + src/wincert.c | 65 +++++++++++++++++++++++---------- + src/wincert.h | 8 +++-- + 14 files changed, 312 insertions(+), 65 deletions(-) diff --git a/libdpe/pe_addcert.c b/libdpe/pe_addcert.c index e391242..b6ba969 100644 @@ -779,3 +793,33 @@ + #endif /* PESIGN_WINCERT_H */ +-- +1.7.10.4 + + +From 8d86f6db19be98538fd5397a9de5f7d06733746e Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin <chingpang@gmail.com> +Date: Mon, 25 Feb 2013 10:43:09 +0800 +Subject: [PATCH 2/2] Don't request the private key in + find_named_certificate() when importing a raw signature + +--- + src/cms_common.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/cms_common.c b/src/cms_common.c +index 3b2e71a..642cc86 100644 +--- a/src/cms_common.c ++++ b/src/cms_common.c +@@ -498,7 +498,7 @@ find_named_certificate(cms_context *cms, char *name, CERTCertificate **cert) + } + + SECStatus status; +- if (PK11_NeedLogin(psle->slot) && !PK11_IsLoggedIn(psle->slot, pwdata)) { ++ if (!cms->privkey_unneeded && PK11_NeedLogin(psle->slot) && !PK11_IsLoggedIn(psle->slot, pwdata)) { + status = PK11_Authenticate(psle->slot, PR_TRUE, pwdata); + if (status != SECSuccess) { + PK11_DestroySlotListElement(slots, &psle); +-- +1.7.10.4 + -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org