Hello community,
here is the log from the commit of package pesign for openSUSE:12.3 checked in at 2013-02-07 14:27:45
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.3/pesign (Old)
and /work/SRC/openSUSE:12.3/.pesign.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pesign", Maintainer is "GLin@suse.com"
Changes:
--------
--- /work/SRC/openSUSE:12.3/pesign/pesign.changes 2013-01-31 01:32:54.000000000 +0100
+++ /work/SRC/openSUSE:12.3/.pesign.new/pesign.changes 2013-02-07 14:27:52.000000000 +0100
@@ -1,0 +2,12 @@
+Wed Feb 6 10:44:48 UTC 2013 - glin@suse.com
+
+- Merge patches for FATE#314552
+ + pesign-fix-export-attributes.patch: fix crash when exporting
+ the signed attributes
+ + pesign-privkey_unneeded.diff: Don't check the private key when
+ importing the raw signature
+- Add pesign-bnc801653-teardown-segfault.patch to fix crash when
+ freeing digests (bnc801653)
+- Drop pesign-digestdata.diff which is no longer needed.
+
+-------------------------------------------------------------------
Old:
----
pesign-digestdata.diff
New:
----
pesign-bnc801653-teardown-segfault.patch
pesign-fix-export-attributes.patch
pesign-privkey_unneeded.diff
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ pesign.spec ++++++
--- /var/tmp/diff_new_pack.WQ9cG4/_old 2013-02-07 14:27:52.000000000 +0100
+++ /var/tmp/diff_new_pack.WQ9cG4/_new 2013-02-07 14:27:52.000000000 +0100
@@ -36,8 +36,12 @@
Patch4: pesign-client-read-pin-file.patch
# PATCH-FIX-UPSTREAM pesign-local-database.patch glin@suse.com -- Support local certificate database
Patch5: pesign-local-database.patch
-# PATCH-FIX-UPSTREAM pesign-digestdata.diff glin@suse.com -- Generate digestdata
-Patch6: pesign-digestdata.diff
+# PATCH-FIX-UPSTREAM pesign-bnc801653-teardown-segfault.patch glin@suse.com -- Fix crash when freeing digests
+Patch7: pesign-bnc801653-teardown-segfault.patch
+# PATCH-FIX-UPSTREAM pesign-fix-export-attributes.patch glin@suse.com -- Fix crash when exporting attributes
+Patch9: pesign-fix-export-attributes.patch
+# PATCH-FIX-UPSTREAM pesign-privkey_unneeded.diff glin@suse.com -- Don't check the private key when importing the raw signature
+Patch10: pesign-privkey_unneeded.diff
BuildRequires: mozilla-nss-devel
BuildRequires: pkg-config
BuildRequires: popt-devel
@@ -69,7 +73,9 @@
%patch3 -p1
%patch4 -p1
%patch5 -p1
-%patch6 -p0
+%patch7 -p1
+%patch9 -p1
+%patch10 -p1
%build
make OPTFLAGS="$RPM_OPT_FLAGS"
++++++ pesign-bnc801653-teardown-segfault.patch ++++++
commit ed689613e93f3121048d6c922c90aafd6bf10880
Author: Peter Jones
Date: Tue Nov 27 11:37:05 2012 -0500
Hopefully make teardown_digests() work better...
Freeing nss constructs continues to be weird.
Signed-off-by: Peter Jones
---
src/cms_common.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
--- a/src/cms_common.c
+++ b/src/cms_common.c
@@ -110,8 +110,6 @@ teardown_digests(cms_context *ctx)
PK11_DestroyContext(digests[i].pk11ctx, PR_TRUE);
}
if (digests[i].pe_digest) {
- free_poison(digests[i].pe_digest->data,
- digests[i].pe_digest->len);
/* XXX sure seems like we should be freeing it here,
* but that's segfaulting, and we know it'll get
* cleaned up with PORT_FreeArena a couple of lines
@@ -120,7 +118,7 @@ teardown_digests(cms_context *ctx)
digests[i].pe_digest = NULL;
}
}
- free(digests);
+ PORT_Free(digests);
ctx->digests = NULL;
}
@@ -184,7 +182,6 @@ cms_context_fini(cms_context *cms)
memset(&cms->newsig, '\0', sizeof (cms->newsig));
}
- teardown_digests(cms);
cms->selected_digest = -1;
if (cms->ci_digest) {
@@ -708,7 +705,7 @@ generate_digest_begin(cms_context *cms)
if (cms->digests) {
digests = cms->digests;
} else {
- digests = calloc(n_digest_params, sizeof (*digests));
+ digests = PORT_ZAlloc(n_digest_params * sizeof (*digests));
if (!digests) {
cms->log(cms, LOG_ERR, "cannot allocate memory: %m");
return -1;
++++++ pesign-fix-export-attributes.patch ++++++
From 8376d873bf72c06b5efaa9dad812eb783cda5d41 Mon Sep 17 00:00:00 2001
From: Peter Jones
Date: Fri, 25 Jan 2013 10:34:55 -0500
Subject: [PATCH] Fix up "-E", which apparently broke during some refactoring.
Signed-off-by: Peter Jones
---
src/actions.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/src/actions.c b/src/actions.c
index 6c32819..5c5dd89 100644
--- a/src/actions.c
+++ b/src/actions.c
@@ -373,6 +373,15 @@ generate_sattr_blob(pesign_context *ctx)
{
int rc;
SECItem sa;
+ SpcContentInfo ci;
+
+ memset(&ci, '\0', sizeof (ci));
+ rc = generate_spc_content_info(ctx->cms_ctx, &ci);
+ if (rc < 0) {
+ fprintf(stderr, "Could not generate content info: %s\n",
+ PORT_ErrorToString(PORT_GetError()));
+ exit(1);
+ }
rc = generate_signed_attributes(ctx->cms_ctx, &sa);
if (rc < 0) {
--
1.7.10.4
++++++ pesign-privkey_unneeded.diff ++++++
---
src/cms_common.c | 9 ++++++++-
src/cms_common.h | 1 +
src/pesign.c | 1 +
3 files changed, 10 insertions(+), 1 deletion(-)
--- a/src/cms_common.c
+++ b/src/cms_common.c
@@ -276,6 +276,7 @@ struct cbdata {
CERTCertificate *cert;
PK11SlotListElement *psle;
secuPWData *pwdata;
+ int privkey_unneeded;
};
static SECStatus
@@ -288,6 +289,11 @@ is_valid_cert(CERTCertificate *cert, voi
SECKEYPrivateKey *privkey = NULL;
+ if (cbdata->privkey_unneeded) {
+ cbdata->cert = cert;
+ return SECSuccess;
+ }
+
privkey = PK11_FindPrivateKeyFromCert(slot, cert, pwdata);
if (privkey != NULL) {
cbdata->cert = cert;
@@ -398,7 +404,7 @@ err_slots:
goto err_slots_errmsg;
SECStatus status;
- if (PK11_NeedLogin(psle->slot) && !PK11_IsLoggedIn(psle->slot, pwdata)) {
+ if (!cms->privkey_unneeded && PK11_NeedLogin(psle->slot) && !PK11_IsLoggedIn(psle->slot, pwdata)) {
status = PK11_Authenticate(psle->slot, PR_TRUE, pwdata);
if (status != SECSuccess) {
cms->log(cms, LOG_ERR, "Authentication failed on "
@@ -425,6 +431,7 @@ err_slots:
.cert = NULL,
.psle = psle,
.pwdata = pwdata,
+ .privkey_unneeded = cms->privkey_unneeded,
};
status = PK11_TraverseCertsForNicknameInSlot(&nickname, psle->slot,
--- a/src/cms_common.h
+++ b/src/cms_common.h
@@ -37,6 +37,7 @@ typedef int (*cms_common_logger)(struct
typedef struct cms_context {
PRArenaPool *arena;
void *privkey;
+ int privkey_unneeded;
char *tokenname;
char *certname;
--- a/src/pesign.c
+++ b/src/pesign.c
@@ -650,6 +650,7 @@ main(int argc, char *argv[])
*/
case IMPORT_RAW_SIGNATURE|IMPORT_SATTRS:
check_inputs(ctxp);
+ ctxp->cms_ctx->privkey_unneeded = 1;
rc = find_certificate(ctxp->cms_ctx);
if (rc < 0) {
fprintf(stderr, "pesign: Could not find "
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org