Sync from SUSE:SLFO:Main pesign revision c08237b4c62ebc3e0b31dbf55d68c8d1

2024-10-01 08:50:48 +02:00 · 2024-10-01 08:50:48 +02:00 · 6af33ad111
commit 6af33ad111
parent 60c5328ea8
3 changed files with 89 additions and 19 deletions
--- a/pesign-bsc1221694-fix-reversed-calloc-arguments.patch
+++ b/pesign-bsc1221694-fix-reversed-calloc-arguments.patch
@ -0,0 +1,41 @@
 From 1f9e2fa0b4d872fdd01ca3ba81b04dfb1211a187 Mon Sep 17 00:00:00 2001
 From: Stephen Gallagher <sgallagh@redhat.com>
 Date: Fri, 2 Feb 2024 09:32:48 -0500
 Subject: [PATCH] Fix reversed calloc() arguments
 The prototype is "void *calloc(size_t nelem, size_t elsize);"
 These two instances had them reversed, almost certainly leading to
 buffer overflow issues. This was detected by
 -Werror=calloc-transposed-args on gcc.
 Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
 ---
 src/pesigcheck.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 diff --git a/src/pesigcheck.c b/src/pesigcheck.c
 index 6dc67f7..8119cf1 100644
 --- a/src/pesigcheck.c
 +++ b/src/pesigcheck.c
@@ -240,7 +240,7 @@ check_signature(pesigcheck_context *ctx, int *nreasons,
 	cert_iter iter;
 -	reasonps = calloc(sizeof(struct reason), 512);
 +	reasonps = calloc(512, sizeof(struct reason));
 	if (!reasonps)
 		err(1, "check_signature");
@@ -281,7 +281,7 @@ check_signature(pesigcheck_context *ctx, int *nreasons,
 			num_reasons += 16;
 -			new_reasons = calloc(sizeof(struct reason), num_reasons);
 +			new_reasons = calloc(num_reasons, sizeof(struct reason));
 			if (!new_reasons)
 				err(1, "check_signature");
 			reasonps = new_reasons;
 -- 
 2.35.3
--- a/pesign.changes
+++ b/pesign.changes
@ -1,3 +1,25 @@
 -------------------------------------------------------------------
 Wed Mar 20 08:44:54 UTC 2024 - Gary Ching-Pang Lin <glin@suse.com>
 - Add pesign-bsc1221694-fix-reversed-calloc-arguments.patch to
  fix the parameters for calloc() (bsc#1221694)
 -------------------------------------------------------------------
 Thu Nov  2 03:20:49 UTC 2023 - Gary Ching-Pang Lin <glin@suse.com>
 - Add the Provides tag for the files moved to pesign-systemd 
 -------------------------------------------------------------------
 Wed Nov  1 08:27:33 UTC 2023 - Gary Ching-Pang Lin <glin@suse.com>
 - Move rcpesign and %{_tmpfilesdir}/pesign.conf to pesign-systemd
 -------------------------------------------------------------------
 Fri Oct  6 13:13:09 UTC 2023 - Dan Čermák <dcermak@suse.com>
 - Create pesign-systemd subpackage to remove systemd dependency
  (jsc#PED-7256)
 -------------------------------------------------------------------
 Wed Feb 22 08:05:20 UTC 2023 - Gary Ching-Pang Lin <glin@suse.com>
--- a/pesign.spec
+++ b/pesign.spec
@ -1,7 +1,7 @@
 #
 # spec file for package pesign
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -39,6 +39,7 @@ Patch7:         pesign-bsc1202933-Remove-pesign-authorize.patch
 Patch8:         pesign-bsc1202933-Make-etc-pki-pesign-writeable.patch
 Patch9:         pesign-fix-cert-match-check.patch
 Patch10:        pesign-fix-efikeygen-segfault.patch
 Patch11:        pesign-bsc1221694-fix-reversed-calloc-arguments.patch
 BuildRequires:  efivar-devel >= 38
 BuildRequires:  libuuid-devel
 BuildRequires:  mandoc
@ -48,25 +49,27 @@ BuildRequires:  popt-devel
 BuildRequires:  sysuser-tools
 BuildRequires:  pkgconfig(systemd)
 %sysusers_requires
 %{?systemd_requires}
 ExclusiveArch:  ia64 %ix86 x86_64 aarch64 %arm riscv64
 Recommends:     %{name}-systemd
 %description
 Signing tool for PE-COFF binaries. It is vaguely compliant
 with the PE and Authenticode specifications.
 %package systemd
 Summary:        Systemd units for pesign
 Requires:       %{name} = %{version}
 %{?systemd_requires}
 BuildArch:      noarch
 Provides:       pesign:%{_sbindir}/rcpesign
 Provides:       pesign:%{_tmpfilesdir}/pesign.conf
 Provides:       pesign:%{_unitdir}/pesign.service
 %description systemd
 Systemd units for the pesign package.
 %prep
-%setup -q
+%autosetup -p1
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
 %patch7 -p1
 %patch8 -p1
 %patch9 -p1
 %patch10 -p1
 %build
 %sysusers_generate_pre %{SOURCE1} %{name} %{name}.conf
@ -92,16 +95,18 @@ rm -rf %{buildroot}%{_libdir}/libdpe*
 install -Dm0644 %{SOURCE1} %{buildroot}%{_sysusersdir}/%{name}.conf
 %pre -f %{name}.pre
 %pre systemd
 %service_add_pre pesign.service
-%preun
+%preun systemd
 %service_del_preun pesign.service
-%post
+%post systemd
 %service_add_post pesign.service
 systemd-tmpfiles --create %{_tmpfilesdir}/pesign.conf || :
-%postun
+%postun systemd
 %service_del_postun pesign.service
 %files
@ -113,16 +118,13 @@ systemd-tmpfiles --create %{_tmpfilesdir}/pesign.conf || :
 %{_bindir}/pesigcheck
 %{_bindir}/authvar
 %{_bindir}/pesum
 %{_sbindir}/rcpesign
 %dir %{_sysconfdir}/pesign
 %{_sysconfdir}/pesign/*
 %dir %{_sysconfdir}/popt.d
 %config %{_sysconfdir}/popt.d/pesign.popt
 %{_rpmmacrodir}/macros.pesign
 %{_mandir}/man?/*
 %{_unitdir}/pesign.service
 %{_sysusersdir}/pesign.conf
 %{_tmpfilesdir}/pesign.conf
 %dir %{_libexecdir}/pesign
 %{_libexecdir}/pesign/pesign-rpmbuild-helper
 %dir %{_sysconfdir}/pki/
@ -130,4 +132,9 @@ systemd-tmpfiles --create %{_tmpfilesdir}/pesign.conf || :
 %ghost %dir %attr(0770,pesign,pesign) /run/%{name}
 %dir %attr(0770,pesign,pesign) %{_localstatedir}/lib/%{name}
 %files systemd
 %{_sbindir}/rcpesign
 %{_unitdir}/pesign.service
 %{_tmpfilesdir}/pesign.conf
 %changelog