File pesign.changes of Package pesign.27679
-------------------------------------------------------------------
Tue Feb 7 03:07:20 UTC 2023 - Gary Ching-Pang Lin <glin@suse.com>
- Add pesign-bsc1202933-Use-normal-file-permissions-instead-of-ACLs.patch
to use the normal file permissions in pesign-authorize to avoid
the potential security issue (bsc#1202933, CVE-2022-3560)
- Set the libexecdir path for "make" to fix the path to
pesign-authorize in pesign.service (bsc#1202933)
-------------------------------------------------------------------
Mon Nov 14 06:34:14 UTC 2022 - Gary Ching-Pang Lin <glin@suse.com>
- Add pesign-bsc1205323-add-shim-eku-oid-and-fix-array-indices.patch
to add shim EKU OID and fix OID array indices (bsc#1205323)
-------------------------------------------------------------------
Tue Jun 8 16:03:02 UTC 2021 - Wolfgang Frisch <wolfgang.frisch@suse.com>
- Link as Position Independent Executable (bsc#1184124).
-------------------------------------------------------------------
Tue Aug 6 09:04:07 UTC 2019 - Gary Ching-Pang Lin <glin@suse.com>
- Add pesign-bsc1144441-efikeygen-Fix-the-build-with-nss-3.44.patch
to fix the build failure with nss 3.44 (bsc#1144441)
-------------------------------------------------------------------
Thu May 9 12:25:31 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org>
- Enable build on %arm as we can sign kernel on %arm (boo#1134670)
-------------------------------------------------------------------
Fri Apr 26 11:12:46 UTC 2019 - mvetter@suse.com
- bsc#1130588: Require shadow instead of old pwdutils
-------------------------------------------------------------------
Mon Apr 2 09:37:36 UTC 2018 - glin@suse.com
- Add pesign-bsc1087742-fix-efisiglist.patch to fix the generation
of efi signature list. (bsc#1087742)
-------------------------------------------------------------------
Thu Aug 11 03:22:18 UTC 2016 - glin@suse.com
- Add pesign-fix-argument-list.patch to fix the argument list
parsing
-------------------------------------------------------------------
Thu Apr 21 09:36:23 UTC 2016 - glin@suse.com
- Update to 0.112
- Refresh patches: pesign-suse-build.patch and pesign-run.patch
- Drop upstreamed pesign-fix-signness.patch
-------------------------------------------------------------------
Tue Nov 10 07:59:48 UTC 2015 - glin@suse.com
- Update to 0.111
- Add pesign-fix-signness.patch to fix the signness comparison
- Drop upstreamed patches
+ pesign-efivar-pkgconfig.patch
+ pesign-make-efi_guid_t-const.patch
+ pesign-fix-import-sig-check.patch
+ pesign-install-supplementary-programs.patch
- Refresh pesign-suse-build.patch, pesign-privkey_unneeded.diff,
and pesign-run.patch
- Update pesign-fix-build-errors.patch
- Merge use-standard-pid-location.patch into pesign-run.patch
-------------------------------------------------------------------
Tue Sep 1 06:11:06 UTC 2015 - dimstar@opensuse.org
- Do not buildrequire systemd: it conflicts with systemd-mini,
which is pulled in by systemd-mini-devel (due to BuildRequires:
pkgconfig(systemd).
- As we lack systemd-tmpfiles in the build env, we ignore the
errors cast in the %post scriptlet.
-------------------------------------------------------------------
Fri Aug 14 07:45:31 UTC 2015 - mpluskal@suse.com
- Update project url
- Use url for download
- Add rcpesign symlink
- Tiny spec file cleanup with spec-cleaner
-------------------------------------------------------------------
Mon Jul 13 11:07:10 UTC 2015 - werner@suse.de
- Make it build, tool systemd-tmpfiles is part of systemd
-------------------------------------------------------------------
Tue Jun 16 06:52:21 UTC 2015 - glin@suse.com
- Add pesign-efivar-pkgconfig.patch to get the efivar compiler
parameters from pkg-confg
- Add pesign-make-efi_guid_t-const.patch to avoid the error from
gcc
-------------------------------------------------------------------
Wed Nov 26 09:46:50 UTC 2014 - glin@suse.com
- Add pesign-fix-import-sig-check.patch to fix the signature size
check while importing a signature
- Amend the spec file with spec-cleaner
-------------------------------------------------------------------
Fri Oct 31 07:16:40 UTC 2014 - glin@suse.com
- Update pesign-suse-build.patch to set LIBDIR for AArch64
-------------------------------------------------------------------
Tue Oct 28 08:47:34 UTC 2014 - glin@suse.com
- Update to version 0.110
- Add pesign-fix-authvar-write-loop.patch to fix the write loop in
authvar
- Add pesign-install-supplementary-programs.patch to install the
supplementary programs
- Refresh patches
+ pesign-fix-build-errors.patch
+ pesign-run.patch
+ pesign-suse-build.patch
- Drop upstreamed patches
+ pesign-clear-padding-bits.patch
+ pesign-enable-supplementary-programs.patch
+ pesign-no-db.patch
- Enable aarch64
-------------------------------------------------------------------
Tue Jul 1 06:46:13 UTC 2014 - glin@suse.com
- Update pesign-enable-supplementary-programs.patch to fix write
loop
-------------------------------------------------------------------
Thu Jun 12 02:47:55 UTC 2014 - glin@suse.com
- Add pesign-enable-supplementary-programs.patch to fix and enable
the supplementary programs: pesigcheck, authvar, efisiglist
-------------------------------------------------------------------
Wed Apr 16 07:12:05 UTC 2014 - aj@suse.com
- Add pesign-run.patch: Use /run instead of /var/run (bnc#873857).
-------------------------------------------------------------------
Fri Jan 31 08:49:12 UTC 2014 - lnussel@suse.de
- mark dir in /var/run as %ghost
-------------------------------------------------------------------
Thu Nov 7 09:17:04 UTC 2013 - glin@suse.com
- Add pesign-no-db.patch to allow some commands to proceed without
a NSS database.
-------------------------------------------------------------------
Thu Oct 24 03:14:05 UTC 2013 - glin@suse.com
- Revert the dowload Url since it's not valid
-------------------------------------------------------------------
Tue Oct 22 11:18:39 UTC 2013 - p.drouand@gmail.com
- Update to version 0.109
- Remove sysvinit related old stuff
- Remove redundant %clean section
- Add use-standard-pid-location.patch
Use the good location to stock pidfile
- Use download Url as source
- Rebase pesign-suse-build.patch to upstream changes as it has been
partially merged on upstream
- Remove pesign-allow-no-issuer-cert.patch; fixed on upstream
-------------------------------------------------------------------
Thu Jul 18 06:54:19 UTC 2013 - glin@suse.com
- Add pesign-allow-no-issuer-cert.patch to avoid crash when the
issuer's certificate is not available
-------------------------------------------------------------------
Tue Jul 9 04:44:44 UTC 2013 - glin@suse.com
- Update to 0.106
- Add pesign-clear-padding-bits.patch to clear the padding bits
- Rebase patches:
+ pesign-suse-build.patch
+ pesign-fix-build-errors.patch
+ pesign-privkey_unneeded.diff
- Drop upstreamed patches
+ pesign-client-initialize-action.patch
+ pesign-bnc808594-align-signatures.patch
+ pesign-upstream-fixes.patch
+ pesign-fix-export-attributes.patch
+ pesign-no-set-image-size.patch
+ pesign-client-read-pin-file.patch
+ pesign-local-database.patch
+ pesign-bnc801653-teardown-segfault.patch
+ pesign-bnc805166-fix-signature-list.patch
-------------------------------------------------------------------
Tue Mar 26 06:21:15 UTC 2013 - glin@suse.com
- Add pesign-bnc808594-align-signatures.patch to align signatures
(bnc#808594, bnc#811325)
-------------------------------------------------------------------
Fri Mar 1 03:04:35 UTC 2013 - glin@suse.com
- Update pesign-bnc805166-fix-signature-list.patch to avoid the
potential crash when inserting a signature (bnc#805166)
- Add pwdutils to PreReq
-------------------------------------------------------------------
Mon Feb 25 07:35:59 UTC 2013 - glin@suse.com
- Update pesign-bnc805166-fix-signature-list.patch to skip the
unneeded private key request. (bnc#805166c#17)
-------------------------------------------------------------------
Sat Feb 23 04:47:48 UTC 2013 - jlee@suse.com
- Modified pesign-bnc805166-fix-signature-list.patch, block out the
source code for find/attach Issuer certificate
(bnc#805166 comment#13)
-------------------------------------------------------------------
Fri Feb 22 08:44:43 UTC 2013 - glin@suse.com
- Add pesign-bnc805166-fix-signature-list.patch to fix the broken
signature list when inserting signature into a signed EFI binary
(bnc#805166)
-------------------------------------------------------------------
Tue Feb 12 15:32:11 CET 2013 - mls@suse.de
- do not try to recalculate the image size, it is included in the
hash and therefore must not change.
-------------------------------------------------------------------
Wed Feb 6 10:44:48 UTC 2013 - glin@suse.com
- Merge patches for FATE#314552
+ pesign-fix-export-attributes.patch: fix crash when exporting
the signed attributes
+ pesign-privkey_unneeded.diff: Don't check the private key when
importing the raw signature
- Add pesign-bnc801653-teardown-segfault.patch to fix crash when
freeing digests (bnc801653)
- Drop pesign-digestdata.diff which is no longer needed.
-------------------------------------------------------------------
Mon Jan 21 10:17:28 UTC 2013 - glin@suse.com
- Add pesign-digestdata.diff to generate digestdata (FATE#314552)
-------------------------------------------------------------------
Wed Dec 12 13:18:40 UTC 2012 - fcrozat@suse.com
- Don't call sysv RPM post/pre macros when building for systemd
- Ship rcpesign for systemd, link to /sbin/service
- Update pesign-suse-build.patch to allow change systemd unit
install directory.
- Don't hardcode systemd unit directory, since it changed in
Factory.
-------------------------------------------------------------------
Tue Dec 11 07:10:04 UTC 2012 - glin@suse.com
- Add Requires: pwdutils
-------------------------------------------------------------------
Wed Nov 28 07:42:09 UTC 2012 - glin@suse.com
- Add pesign-local-database.patch to support the local certificate
database
- Amend the spec file to build on openSUSE:Factory
-------------------------------------------------------------------
Thu Nov 8 06:32:32 UTC 2012 - glin@suse.com
- Version bump to 0.99 (FATE#314484)
+ Add documentation for --daemonize and --nofork
+ Make popt aliases work
+ Add documentation for pesign-client
+ Add --pinfd and --pinfile to the client
- Update pesign-suse-build.patch and pesign-fix-build-errors.patch
- Add pesign-upstream-fixes.patch to backport fixes from git head
and add sysvinit script
- Add pesign-client-initialize-action.patch to initialize client
action to avoid undetermined flags.
- Add pesign-client-read-pin-file.patch to fix pin file reading
-------------------------------------------------------------------
Mon Oct 15 09:33:19 UTC 2012 - glin@suse.com
- Version bump to 0.98
+ close the socket immediately on invalid input
+ Slightly better error messages
+ Log an error if digest initialization fails
+ Add systemd bits for pesignd
+ Add actual signing code to the daemon
+ Add input and output setup for sign functionality in the daemon
+ Audit allocation of CERTCertificateList/PK11SlotList and
friends
+ Fix memory leaks
- Refresh pesign-suse-build.patch and pesign-fix-build-errors.patch
-------------------------------------------------------------------
Mon Aug 13 06:50:35 UTC 2012 - glin@suse.com
- Version bump to 0.9
+ Add NSS "token" support for smartcards.
+ Allocate space for the section header variable
- Refresh pesign-fix-build-errors.patch to fix the warning
- Drop upstreamed pesign-allocate-shdr.patch
-------------------------------------------------------------------
Fri Aug 10 10:12:53 UTC 2012 - glin@suse.com
- Add pesign-allocate-shdr.patch to allocate space for the section
header variable
-------------------------------------------------------------------
Thu Aug 9 03:53:45 UTC 2012 - glin@suse.com
- Version bump to 0.8
+ Don't open the DB r/w, read-only is fine.
+ Attempt to do a better job setting the image size.
+ Emit correct OID for encryption type.
- Drop pesign-fix-image-size.patch which is already in 0.8
-------------------------------------------------------------------
Tue Aug 7 03:03:17 UTC 2012 - glin@suse.com
- Add upstream patch pesign-fix-image-size.patch to set the image
size correctly.
- Drop pesign-elilo-workaround.patch
-------------------------------------------------------------------
Mon Aug 6 08:03:05 UTC 2012 - glin@suse.com
- Version bump to 0.7
+ Fix incorrect initialization error in (undocumented) -e option.
+ Use SEC_OID_PKCS1_RSA_ENCRYPTION like MS
+ Initialize the index variable of loop
+ Adjust the buffer size to avoid overflow
+ Make sure pe_populatecert() always returns a value
-------------------------------------------------------------------
Mon Jul 23 08:49:13 UTC 2012 - glin@suse.com
- Add pesign-elilo-workaround.patch to workaround the section
header corruption in some EFI image (elilo for example)
-------------------------------------------------------------------
Mon Jul 23 03:32:18 UTC 2012 - glin@suse.com
- Add pesign-fix-build-errors.patch to fix build error/warning
- Don't install the util efi images
- Fix the RPM_OPT_FLAGS warning
-------------------------------------------------------------------
Thu Jul 12 09:37:55 UTC 2012 - glin@suse.com
- Version bump to 0.5
+ Handle and report mremap() failure
+ Man page should be in section 1.
+ Add some basic signature list management.
+ Add some more efi-defined constants, flesh out efi_guid_t.
+ authver: Find a guid for 'namespace'.
+ Add some basic ucs2 functions :(
+ Support multiple signatures correctly.
+ Add ascii_to_ucs2()
+ Add file formats and some code for variables-on-disk.
+ Allow the memory map to move when we're allocating space in the
binary.
+ Remove extra call to ftruncate()
+ Adjust section addresses when we remap the pecoff binary.
+ Correctly set win_certificate.length to /include/
win_certificate.
+ Move certificate space iterator to wincert.c so other stuff can
get it.
+ Split allocating space for certs and filling it in.
+ Put the new signature into the cms ctx instead of keeping it
locally.
+ Actually calculate space and extend the file before hashing the
binary.
+ Bounds-check everything we're hashing so we don't segfault on a
bad bin.
- Add pesign-always-return-value.patch to fix
no-return-in-nonvoid-function
- Drop upsreamed patch pesign-mem-reallocation.patch
-------------------------------------------------------------------
Fri Jun 29 07:08:11 UTC 2012 - glin@suse.com
- Add pesign-mem-reallocation.patch to fix crash when writing
signature
-------------------------------------------------------------------
Tue Jun 26 07:02:49 UTC 2012 - glin@suse.com
- Version bump to 0.3
+ it seems to generate working signatures
-------------------------------------------------------------------
Thu Jun 21 08:31:42 UTC 2012 - glin@suse.com
- New package pesign 0.2
