diff --git a/pesign-bsc1221694-fix-reversed-calloc-arguments.patch b/pesign-bsc1221694-fix-reversed-calloc-arguments.patch new file mode 100644 index 0000000..c65a479 --- /dev/null +++ b/pesign-bsc1221694-fix-reversed-calloc-arguments.patch @@ -0,0 +1,41 @@ +From 1f9e2fa0b4d872fdd01ca3ba81b04dfb1211a187 Mon Sep 17 00:00:00 2001 +From: Stephen Gallagher +Date: Fri, 2 Feb 2024 09:32:48 -0500 +Subject: [PATCH] Fix reversed calloc() arguments + +The prototype is "void *calloc(size_t nelem, size_t elsize);" + +These two instances had them reversed, almost certainly leading to +buffer overflow issues. This was detected by +-Werror=calloc-transposed-args on gcc. + +Signed-off-by: Stephen Gallagher +--- + src/pesigcheck.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/pesigcheck.c b/src/pesigcheck.c +index 6dc67f7..8119cf1 100644 +--- a/src/pesigcheck.c ++++ b/src/pesigcheck.c +@@ -240,7 +240,7 @@ check_signature(pesigcheck_context *ctx, int *nreasons, + + cert_iter iter; + +- reasonps = calloc(sizeof(struct reason), 512); ++ reasonps = calloc(512, sizeof(struct reason)); + if (!reasonps) + err(1, "check_signature"); + +@@ -281,7 +281,7 @@ check_signature(pesigcheck_context *ctx, int *nreasons, + + num_reasons += 16; + +- new_reasons = calloc(sizeof(struct reason), num_reasons); ++ new_reasons = calloc(num_reasons, sizeof(struct reason)); + if (!new_reasons) + err(1, "check_signature"); + reasonps = new_reasons; +-- +2.35.3 + diff --git a/pesign.changes b/pesign.changes index 58c2a07..71bcd1f 100644 --- a/pesign.changes +++ b/pesign.changes @@ -1,3 +1,25 @@ +------------------------------------------------------------------- +Wed Mar 20 08:44:54 UTC 2024 - Gary Ching-Pang Lin + +- Add pesign-bsc1221694-fix-reversed-calloc-arguments.patch to + fix the parameters for calloc() (bsc#1221694) + +------------------------------------------------------------------- +Thu Nov 2 03:20:49 UTC 2023 - Gary Ching-Pang Lin + +- Add the Provides tag for the files moved to pesign-systemd + +------------------------------------------------------------------- +Wed Nov 1 08:27:33 UTC 2023 - Gary Ching-Pang Lin + +- Move rcpesign and %{_tmpfilesdir}/pesign.conf to pesign-systemd + +------------------------------------------------------------------- +Fri Oct 6 13:13:09 UTC 2023 - Dan Čermák + +- Create pesign-systemd subpackage to remove systemd dependency + (jsc#PED-7256) + ------------------------------------------------------------------- Wed Feb 22 08:05:20 UTC 2023 - Gary Ching-Pang Lin diff --git a/pesign.spec b/pesign.spec index cfabdaf..1f21516 100644 --- a/pesign.spec +++ b/pesign.spec @@ -1,7 +1,7 @@ # # spec file for package pesign # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -39,6 +39,7 @@ Patch7: pesign-bsc1202933-Remove-pesign-authorize.patch Patch8: pesign-bsc1202933-Make-etc-pki-pesign-writeable.patch Patch9: pesign-fix-cert-match-check.patch Patch10: pesign-fix-efikeygen-segfault.patch +Patch11: pesign-bsc1221694-fix-reversed-calloc-arguments.patch BuildRequires: efivar-devel >= 38 BuildRequires: libuuid-devel BuildRequires: mandoc @@ -48,25 +49,27 @@ BuildRequires: popt-devel BuildRequires: sysuser-tools BuildRequires: pkgconfig(systemd) %sysusers_requires -%{?systemd_requires} ExclusiveArch: ia64 %ix86 x86_64 aarch64 %arm riscv64 +Recommends: %{name}-systemd %description Signing tool for PE-COFF binaries. It is vaguely compliant with the PE and Authenticode specifications. +%package systemd +Summary: Systemd units for pesign +Requires: %{name} = %{version} +%{?systemd_requires} +BuildArch: noarch +Provides: pesign:%{_sbindir}/rcpesign +Provides: pesign:%{_tmpfilesdir}/pesign.conf +Provides: pesign:%{_unitdir}/pesign.service + +%description systemd +Systemd units for the pesign package. + %prep -%setup -q -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 -%patch9 -p1 -%patch10 -p1 +%autosetup -p1 %build %sysusers_generate_pre %{SOURCE1} %{name} %{name}.conf @@ -92,16 +95,18 @@ rm -rf %{buildroot}%{_libdir}/libdpe* install -Dm0644 %{SOURCE1} %{buildroot}%{_sysusersdir}/%{name}.conf %pre -f %{name}.pre + +%pre systemd %service_add_pre pesign.service -%preun +%preun systemd %service_del_preun pesign.service -%post +%post systemd %service_add_post pesign.service systemd-tmpfiles --create %{_tmpfilesdir}/pesign.conf || : -%postun +%postun systemd %service_del_postun pesign.service %files @@ -113,16 +118,13 @@ systemd-tmpfiles --create %{_tmpfilesdir}/pesign.conf || : %{_bindir}/pesigcheck %{_bindir}/authvar %{_bindir}/pesum -%{_sbindir}/rcpesign %dir %{_sysconfdir}/pesign %{_sysconfdir}/pesign/* %dir %{_sysconfdir}/popt.d %config %{_sysconfdir}/popt.d/pesign.popt %{_rpmmacrodir}/macros.pesign %{_mandir}/man?/* -%{_unitdir}/pesign.service %{_sysusersdir}/pesign.conf -%{_tmpfilesdir}/pesign.conf %dir %{_libexecdir}/pesign %{_libexecdir}/pesign/pesign-rpmbuild-helper %dir %{_sysconfdir}/pki/ @@ -130,4 +132,9 @@ systemd-tmpfiles --create %{_tmpfilesdir}/pesign.conf || : %ghost %dir %attr(0770,pesign,pesign) /run/%{name} %dir %attr(0770,pesign,pesign) %{_localstatedir}/lib/%{name} +%files systemd +%{_sbindir}/rcpesign +%{_unitdir}/pesign.service +%{_tmpfilesdir}/pesign.conf + %changelog