Hello community,
here is the log from the commit of package pesign for openSUSE:Factory checked in at 2019-05-14 13:13:42
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/pesign (Old)
and /work/SRC/openSUSE:Factory/.pesign.new.5148 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pesign"
Tue May 14 13:13:42 2019 rev:31 rq:702581 version:113
Changes:
--------
--- /work/SRC/openSUSE:Factory/pesign/pesign.changes 2019-05-10 09:20:35.240583180 +0200
+++ /work/SRC/openSUSE:Factory/.pesign.new.5148/pesign.changes 2019-05-14 13:13:43.920850486 +0200
@@ -1,0 +2,24 @@
+Mon May 13 03:57:30 UTC 2019 - Gary Ching-Pang Lin
+
+- Update to 113
+ + Get rid of the 0.Y versioning
+ + Make --padding the default
+ + Add kmod signing (drake)
+ + efisiglist format fixes
+ + enforce the use of --kernel or --module in efikeygen
+ + RPM macro updates
+ + Move the license to GPLv3+
+ + Use sql-type NSS database by default
+ + Various documentation improvements.
+ + Improve /etc/pki/pesign authorization scripts
+ + Various pesigcheck improvements
+- Refresh patches
+ + pesign-suse-build.patch
+ + pesign-privkey_unneeded.diff
+ + pesign-fix-authvar-write-loop.patch
+- Drop upstreamed patches
+ + pesign-fix-argument-list.patch
+ + pesign-bsc1087742-fix-efisiglist.patch
+- Drop pesign-fix-build-errors.patch since those warnings are gone
+
+-------------------------------------------------------------------
@@ -4 +28 @@
-- Enable build on %arm as we can sign kernel on %arm
+- Enable build on %arm as we can sign kernel on %arm (boo#1134670)
Old:
----
pesign-0.112.tar.bz2
pesign-bsc1087742-fix-efisiglist.patch
pesign-fix-argument-list.patch
pesign-fix-build-errors.patch
New:
----
pesign-113.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ pesign.spec ++++++
--- /var/tmp/diff_new_pack.jCR3r5/_old 2019-05-14 13:13:44.468851862 +0200
+++ /var/tmp/diff_new_pack.jCR3r5/_new 2019-05-14 13:13:44.472851872 +0200
@@ -17,27 +17,21 @@
Name: pesign
-Version: 0.112
+Version: 113
Release: 0
Summary: Signing tool for PE-COFF binaries
-License: GPL-2.0-only
+License: GPL-3.0-or-later
Group: Productivity/Security
Url: https://github.com/rhinstaller/pesign
Source: https://github.com/rhinstaller/pesign/releases/download/%{version}/%{name}-%{version}.tar.bz2
# PATCH-FIX-SUSE pesign-suse-build.patch glin@suse.com -- Adjust Makefile for the build service
Patch1: pesign-suse-build.patch
-# PATCH-FIX-UPSTREAM pesign-fix-build-errors.patch glin@suse.com -- Fix gcc warnings
-Patch2: pesign-fix-build-errors.patch
# PATCH-FIX-UPSTREAM pesign-privkey_unneeded.diff glin@suse.com -- Don't check the private key when importing the raw signature
-Patch3: pesign-privkey_unneeded.diff
+Patch2: pesign-privkey_unneeded.diff
# PATCH-FIX-SUSE pesign-run.patch aj@suse.com - Use /run instead of /var/run
-Patch5: pesign-run.patch
+Patch3: pesign-run.patch
# PATCH-FIX-UPSTREAM pesign-fix-authvar-write-loop.patch glin@suse.com -- Fix the write loop in authvar
-Patch6: pesign-fix-authvar-write-loop.patch
-# PATCH-FIX-UPSTREAM pesign-fix-argument-list.patch glin@suse.com -- Fix the argument list parsing
-Patch7: pesign-fix-argument-list.patch
-# PATCH-FIX-UPSTREAM bsc#1087742 pesign-bsc1087742-fix-efisiglist.patch glin@suse.com -- Fix efi signature list generation
-Patch8: pesign-bsc1087742-fix-efisiglist.patch
+Patch4: pesign-fix-authvar-write-loop.patch
BuildRequires: efivar-devel
BuildRequires: libuuid-devel
BuildRequires: mozilla-nss-devel
@@ -57,10 +51,7 @@
%patch1 -p1
%patch2 -p1
%patch3 -p1
-%patch5 -p1
-%patch6 -p1
-%patch7 -p1
-%patch8 -p1
+%patch4 -p1
%build
make %{?_smp_mflags} CFLAGS="$RPM_OPT_FLAGS"
@@ -96,7 +87,7 @@
%files
%defattr(-,root,root)
-%doc COPYING
+%license COPYING
%{_bindir}/pesign
%{_bindir}/pesign-client
%{_bindir}/efikeygen
@@ -115,7 +106,7 @@
%{_unitdir}/pesign.service
%{_libexecdir}/tmpfiles.d/pesign.conf
%dir %{_libexecdir}/pesign
-%{_libexecdir}/pesign/pesign-authorize-*
+%{_libexecdir}/pesign/pesign-authorize
%dir %attr(0775,pesign,pesign) %{_sysconfdir}/pki/pesign
%ghost %dir %attr(0770,pesign,pesign) /run/%{name}
%dir %attr(0770,pesign,pesign) %{_localstatedir}/lib/%{name}
++++++ pesign-0.112.tar.bz2 -> pesign-113.tar.bz2 ++++++
++++ 7030 lines of diff (skipped)
++++++ pesign-fix-authvar-write-loop.patch ++++++
--- /var/tmp/diff_new_pack.jCR3r5/_old 2019-05-14 13:13:44.664852354 +0200
+++ /var/tmp/diff_new_pack.jCR3r5/_new 2019-05-14 13:13:44.664852354 +0200
@@ -1,4 +1,4 @@
-From e3aee739b92c4124fc1207fb06a7dd1cd89d03ae Mon Sep 17 00:00:00 2001
+From b3c58e3b9237f90e865723837a9389fcb25f6945 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin
Date: Tue, 1 Jul 2014 14:43:35 +0800
Subject: [PATCH] authvar: fix the write loop
@@ -13,18 +13,18 @@
1 file changed, 7 insertions(+), 9 deletions(-)
diff --git a/src/authvar_context.c b/src/authvar_context.c
-index c988e96..675967c 100644
+index 7a753fc..c51c666 100644
--- a/src/authvar_context.c
+++ b/src/authvar_context.c
-@@ -18,6 +18,7 @@
- */
+@@ -20,6 +20,7 @@
+ #include "fix_coverity.h"
#include
+#include
#include
#include
-@@ -133,11 +134,7 @@ generate_descriptor(authvar_context *ctx)
+@@ -135,11 +136,7 @@ generate_descriptor(authvar_context *ctx)
if (rc < 0)
cmsreterr(-1, ctx->cms_ctx, "could not create signed data");
@@ -37,7 +37,7 @@
authinfo = calloc(offset + sd_der.len, 1);
if (!authinfo)
cmsreterr(-1, ctx->cms_ctx, "could not allocate authinfo");
-@@ -160,6 +157,7 @@ write_authvar(authvar_context *ctx)
+@@ -162,6 +159,7 @@ write_authvar(authvar_context *ctx)
void *buffer, *ptr;
size_t buf_len, des_len, remain;
ssize_t wlen;
@@ -45,7 +45,7 @@
if (!ctx->authinfo)
cmsreterr(-1, ctx->cms_ctx, "Not a valid authvar");
-@@ -187,17 +185,17 @@ write_authvar(authvar_context *ctx)
+@@ -189,19 +187,19 @@ write_authvar(authvar_context *ctx)
if (ctx->value_size > 0)
memcpy(ptr, ctx->value, ctx->value_size);
@@ -60,13 +60,15 @@
do {
- wlen = write(ctx->exportfd, buffer, remain);
+ wlen = write(ctx->exportfd, buffer + offset, remain);
- if (wlen < 0)
+ if (wlen < 0) {
+ free(buffer);
cmsreterr(-1, ctx->cms_ctx, "failed to write authvar");
+ }
remain -= wlen;
+ offset += wlen;
} while (remain > 0);
- return 0;
+ free(buffer);
--
-1.8.4.5
+2.21.0
++++++ pesign-privkey_unneeded.diff ++++++
--- /var/tmp/diff_new_pack.jCR3r5/_old 2019-05-14 13:13:44.672852374 +0200
+++ /var/tmp/diff_new_pack.jCR3r5/_new 2019-05-14 13:13:44.672852374 +0200
@@ -4,11 +4,11 @@
src/pesign.c | 1 +
3 files changed, 12 insertions(+), 2 deletions(-)
-Index: pesign-0.111/src/cms_common.c
+Index: pesign-113/src/cms_common.c
===================================================================
---- pesign-0.111.orig/src/cms_common.c
-+++ pesign-0.111/src/cms_common.c
-@@ -280,6 +280,7 @@ struct cbdata {
+--- pesign-113.orig/src/cms_common.c
++++ pesign-113/src/cms_common.c
+@@ -282,6 +282,7 @@ struct cbdata {
CERTCertificate *cert;
PK11SlotListElement *psle;
secuPWData *pwdata;
@@ -16,7 +16,7 @@
};
static SECStatus
-@@ -291,6 +292,12 @@ is_valid_cert(CERTCertificate *cert, voi
+@@ -293,6 +294,12 @@ is_valid_cert(CERTCertificate *cert, voi
void *pwdata = cbdata->pwdata;
SECKEYPrivateKey *privkey = NULL;
@@ -29,7 +29,7 @@
privkey = PK11_FindPrivateKeyFromCert(slot, cert, pwdata);
if (privkey != NULL) {
cbdata->cert = cert;
-@@ -421,7 +428,7 @@ find_certificate(cms_context *cms, int n
+@@ -423,7 +430,7 @@ find_certificate(cms_context *cms, int n
}
SECStatus status;
@@ -38,7 +38,7 @@
status = PK11_Authenticate(psle->slot, PR_TRUE, pwdata);
if (status != SECSuccess) {
PK11_DestroySlotListElement(slots, &psle);
-@@ -450,6 +457,7 @@ find_certificate(cms_context *cms, int n
+@@ -452,6 +459,7 @@ find_certificate(cms_context *cms, int n
.cert = NULL,
.psle = psle,
.pwdata = pwdata,
@@ -46,7 +46,7 @@
};
if (needs_private_key) {
-@@ -570,7 +578,7 @@ find_named_certificate(cms_context *cms,
+@@ -572,7 +580,7 @@ find_named_certificate(cms_context *cms,
}
SECStatus status;
@@ -55,11 +55,11 @@
status = PK11_Authenticate(psle->slot, PR_TRUE, pwdata);
if (status != SECSuccess) {
PK11_DestroySlotListElement(slots, &psle);
-Index: pesign-0.111/src/cms_common.h
+Index: pesign-113/src/cms_common.h
===================================================================
---- pesign-0.111.orig/src/cms_common.h
-+++ pesign-0.111/src/cms_common.h
-@@ -63,6 +63,7 @@ typedef int (*cms_common_logger)(struct
+--- pesign-113.orig/src/cms_common.h
++++ pesign-113/src/cms_common.h
+@@ -62,6 +62,7 @@ typedef int (*cms_common_logger)(struct
typedef struct cms_context {
PRArenaPool *arena;
void *privkey;
@@ -67,11 +67,11 @@
char *tokenname;
char *certname;
-Index: pesign-0.111/src/pesign.c
+Index: pesign-113/src/file_pe.c
===================================================================
---- pesign-0.111.orig/src/pesign.c
-+++ pesign-0.111/src/pesign.c
-@@ -651,6 +651,7 @@ main(int argc, char *argv[])
+--- pesign-113.orig/src/file_pe.c
++++ pesign-113/src/file_pe.c
+@@ -354,6 +354,7 @@ pe_handle_action(pesign_context *ctxp, i
*/
case IMPORT_RAW_SIGNATURE|IMPORT_SATTRS:
check_inputs(ctxp);
++++++ pesign-run.patch ++++++
--- /var/tmp/diff_new_pack.jCR3r5/_old 2019-05-14 13:13:44.688852414 +0200
+++ /var/tmp/diff_new_pack.jCR3r5/_new 2019-05-14 13:13:44.688852414 +0200
@@ -6,11 +6,11 @@
src/tmpfiles.conf | 2 +-
5 files changed, 12 insertions(+), 12 deletions(-)
-Index: pesign-0.112/src/Makefile
+Index: pesign-113/src/Makefile
===================================================================
---- pesign-0.112.orig/src/Makefile
-+++ pesign-0.112/src/Makefile
-@@ -68,7 +68,7 @@ install_sysvinit: pesign.sysvinit
+--- pesign-113.orig/src/Makefile
++++ pesign-113/src/Makefile
+@@ -73,7 +73,7 @@ install_sysvinit: pesign.sysvinit
install :
$(INSTALL) -d -m 700 $(INSTALLROOT)/etc/pki/pesign/
$(INSTALL) -d -m 700 $(INSTALLROOT)/etc/pki/pesign-rh-test/
@@ -19,11 +19,11 @@
$(INSTALL) -d -m 755 $(INSTALLROOT)$(bindir)
$(INSTALL) -m 755 authvar $(INSTALLROOT)$(bindir)
$(INSTALL) -m 755 pesign $(INSTALLROOT)$(bindir)
-Index: pesign-0.112/src/daemon.h
+Index: pesign-113/src/daemon.h
===================================================================
---- pesign-0.112.orig/src/daemon.h
-+++ pesign-0.112/src/daemon.h
-@@ -49,7 +49,7 @@ typedef enum {
+--- pesign-113.orig/src/daemon.h
++++ pesign-113/src/daemon.h
+@@ -49,8 +49,8 @@ typedef enum {
} pesignd_cmd;
#define PESIGND_VERSION 0x2a9edaf0
@@ -32,31 +32,32 @@
+#define SOCKPATH "/run/pesign/socket"
+#define PIDFILE "/run/pesign.pid"
- #endif /* DAEMON_H */
-Index: pesign-0.112/src/macros.pesign
-===================================================================
---- pesign-0.112.orig/src/macros.pesign
-+++ pesign-0.112/src/macros.pesign
-@@ -40,7 +40,7 @@
- %{_pesign} -R ${sattrs}.sig -I ${sattrs} %{-i} \\\
- --certdir ${nss} -c signer %{-o} \
- rm -rf ${sattrs} ${sattrs}.sig ${nss} \
+ static inline uint32_t UNUSED
+ pesignd_string_size(char *buffer)
+Index: pesign-113/src/macros.pesign
+===================================================================
+--- pesign-113.orig/src/macros.pesign
++++ pesign-113/src/macros.pesign
+@@ -52,7 +52,7 @@
+ getfacl /var/run/pesign 1>&2 \
+ getfacl /var/run/pesign/socket 1>&2 \
+ exit 1 \
- elif [ -S /var/run/pesign/socket ]; then \
+ elif [ -S /run/pesign/socket ]; then \
- %{_pesign_client} -t "OpenSC Card (Fedora Signer)" \\\
- -c "/CN=Fedora Secure Boot Signer" \\\
+ %{_pesign_client} -t %{__pesign_client_token} \\\
+ -c %{__pesign_client_cert} \\\
%{-i} %{-o} %{-e} %{-s} %{-C} \
-Index: pesign-0.112/src/tmpfiles.conf
+Index: pesign-113/src/tmpfiles.conf
===================================================================
---- pesign-0.112.orig/src/tmpfiles.conf
-+++ pesign-0.112/src/tmpfiles.conf
+--- pesign-113.orig/src/tmpfiles.conf
++++ pesign-113/src/tmpfiles.conf
@@ -1 +1 @@
-D /var/run/pesign 0770 pesign pesign -
+D /run/pesign 0770 pesign pesign -
-Index: pesign-0.112/src/pesign.sysvinit.in
+Index: pesign-113/src/pesign.sysvinit.in
===================================================================
---- pesign-0.112.orig/src/pesign.sysvinit.in
-+++ pesign-0.112/src/pesign.sysvinit.in
+--- pesign-113.orig/src/pesign.sysvinit.in
++++ pesign-113/src/pesign.sysvinit.in
@@ -4,7 +4,7 @@
#
# chkconfig: - 50 50
@@ -66,54 +67,28 @@
### BEGIN INIT INFO
# Provides: pesign
# Should-Start: $remote_fs
-Index: pesign-0.112/src/pesign.service.in
+Index: pesign-113/src/pesign.service.in
===================================================================
---- pesign-0.112.orig/src/pesign.service.in
-+++ pesign-0.112/src/pesign.service.in
-@@ -4,7 +4,7 @@ Description=Pesign signing daemon
+--- pesign-113.orig/src/pesign.service.in
++++ pesign-113/src/pesign.service.in
+@@ -4,6 +4,6 @@ Description=Pesign signing daemon
[Service]
PrivateTmp=true
Type=forking
-PIDFile=/var/run/pesign.pid
+PIDFile=/run/pesign.pid
ExecStart=/usr/bin/pesign --daemonize
- ExecStartPost=@@LIBEXECDIR@@/pesign/pesign-authorize-users
- ExecStartPost=@@LIBEXECDIR@@/pesign/pesign-authorize-groups
-Index: pesign-0.112/src/pesign-authorize-groups
-===================================================================
---- pesign-0.112.orig/src/pesign-authorize-groups
-+++ pesign-0.112/src/pesign-authorize-groups
-@@ -12,10 +12,10 @@ set -e
-
- if [ -r /etc/pesign/groups ]; then
- for group in $(cat /etc/pesign/groups); do
-- if [ -d /var/run/pesign ]; then
-- setfacl -m g:${group}:rx /var/run/pesign
-- if [ -e /var/run/pesign/socket ]; then
-- setfacl -m g:${group}:rw /var/run/pesign/socket
-+ if [ -d /run/pesign ]; then
-+ setfacl -m g:${group}:rx /run/pesign
-+ if [ -e /run/pesign/socket ]; then
-+ setfacl -m g:${group}:rw /run/pesign/socket
- fi
- fi
- for x in /etc/pki/pesign* ; do
-Index: pesign-0.112/src/pesign-authorize-users
-===================================================================
---- pesign-0.112.orig/src/pesign-authorize-users
-+++ pesign-0.112/src/pesign-authorize-users
-@@ -12,10 +12,10 @@ set -e
+ ExecStartPost=@@LIBEXECDIR@@/pesign/pesign-authorize
+Index: pesign-113/src/pesign-authorize
+===================================================================
+--- pesign-113.orig/src/pesign-authorize
++++ pesign-113/src/pesign-authorize
+@@ -47,7 +47,7 @@ update_subdir() {
+ done
+ }
- if [ -r /etc/pesign/users ]; then
- for username in $(cat /etc/pesign/users); do
-- if [ -d /var/run/pesign ]; then
-- setfacl -m g:${username}:rx /var/run/pesign
-- if [ -e /var/run/pesign/socket ]; then
-- setfacl -m g:${username}:rw /var/run/pesign/socket
-+ if [ -d /run/pesign ]; then
-+ setfacl -m g:${username}:rx /run/pesign
-+ if [ -e /run/pesign/socket ]; then
-+ setfacl -m g:${username}:rw /run/pesign/socket
- fi
- fi
- for x in /etc/pki/pesign* ; do
+-for x in /var/run/pesign/ /etc/pki/pesign*/ ; do
++for x in /run/pesign/ /etc/pki/pesign*/ ; do
+ if [ -d "${x}" ]; then
+ update_subdir "${x}"
+ else
++++++ pesign-suse-build.patch ++++++
--- /var/tmp/diff_new_pack.jCR3r5/_old 2019-05-14 13:13:44.700852445 +0200
+++ /var/tmp/diff_new_pack.jCR3r5/_new 2019-05-14 13:13:44.704852455 +0200
@@ -1,7 +1,7 @@
-Index: pesign-0.112/util/Makefile
+Index: pesign-113/util/Makefile
===================================================================
---- pesign-0.112.orig/util/Makefile
-+++ pesign-0.112/util/Makefile
+--- pesign-113.orig/util/Makefile
++++ pesign-113/util/Makefile
@@ -7,7 +7,7 @@ include $(TOPDIR)/Make.efirules
include $(TOPDIR)/Make.defaults
@@ -22,11 +22,11 @@
install_systemd:
-Index: pesign-0.112/src/pesign.sysvinit.in
+Index: pesign-113/src/pesign.sysvinit.in
===================================================================
---- pesign-0.112.orig/src/pesign.sysvinit.in
-+++ pesign-0.112/src/pesign.sysvinit.in
-@@ -6,21 +6,24 @@
+--- pesign-113.orig/src/pesign.sysvinit.in
++++ pesign-113/src/pesign.sysvinit.in
+@@ -6,16 +6,19 @@
# processname: /usr/bin/pesign
# pidfile: /var/run/pesign.pid
### BEGIN INIT INFO
@@ -50,13 +50,16 @@
RETVAL=0
start(){
- echo -n "Starting pesign: "
+@@ -23,7 +26,7 @@ start(){
+ mkdir /var/run/pesign 2>/dev/null &&
+ chown pesign:pesign /var/run/pesign &&
+ chmod 0770 /var/run/pesign
- daemon /usr/bin/pesign --daemonize
+ startproc -f -p "$PESIGN_PIDFILE" /usr/bin/pesign --daemonize
RETVAL=$?
echo
touch /var/lock/subsys/pesign
-@@ -30,7 +33,7 @@ start(){
+@@ -32,7 +35,7 @@ start(){
stop(){
echo -n "Stopping pesign: "
@@ -65,24 +68,24 @@
RETVAL=$?
echo
rm -f /var/lock/subsys/pesign
-Index: pesign-0.112/Make.defaults
+Index: pesign-113/Make.defaults
===================================================================
---- pesign-0.112.orig/Make.defaults
-+++ pesign-0.112/Make.defaults
-@@ -57,7 +57,7 @@ efi_cflags = $(cflags)
- ASFLAGS = $(ARCH3264)
- CPPFLAGS ?=
+--- pesign-113.orig/Make.defaults
++++ pesign-113/Make.defaults
+@@ -61,7 +61,7 @@ CPPFLAGS ?=
+ RANLIBFLAGS := $(if $(filter $(CC),gcc),-D)
+ ARFLAGS := $(if $(filter $(CC),gcc),-Dcvqs)$(if $(filter $(CC),clang),-cqvs)
-LDLIBS = $(foreach lib,$(LIBS),-l$(lib)) $(call pkg-config-ldlibs)
+LDLIBS = -lpthread $(foreach lib,$(LIBS),-l$(lib)) $(call pkg-config-ldlibs)
ifeq ($(ARCH),ia64)
efi_cflags += -mfixed-range=f32-f127
-Index: pesign-0.112/Makefile
+Index: pesign-113/Makefile
===================================================================
---- pesign-0.112.orig/Makefile
-+++ pesign-0.112/Makefile
-@@ -9,7 +9,6 @@ SUBDIRS := include libdpe src
+--- pesign-113.orig/Makefile
++++ pesign-113/Makefile
+@@ -11,7 +11,6 @@ SUBDIRS := include libdpe src
install :
$(INSTALL) -d -m 755 $(INSTALLROOT)$(docdir)/pesign-$(VERSION)/