Accepting request 156163 from home:joeyli:branches:openSUSE:Factory:bnc805166

Modified pesign-bnc805166-fix-signature-list.patch, block out the source code for find/attach Issuer certificate (bnc#805166 comment#13) OBS-URL: https://build.opensuse.org/request/show/156163 OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=11
2013-02-24 11:07:40 +00:00 · 2013-02-24 11:07:40 +00:00 · 0b5d673ec8
commit 0b5d673ec8
parent 4e39e383dd
3 changed files with 100 additions and 90 deletions
--- a/pesign-bnc805166-fix-signature-list.patch
+++ b/pesign-bnc805166-fix-signature-list.patch
@ -35,10 +35,10 @@ Date:   Fri Feb 22 15:13:08 2013 +0800
    
    9eb2814858270af2d7ecfbfa5ca131e7be2f9f53

-diff --git a/libdpe/pe_addcert.c b/libdpe/pe_addcert.c
-index e391242..b6ba969 100644
--- a/libdpe/pe_addcert.c
-+++ b/libdpe/pe_addcert.c
+Index: pesign-0.99/libdpe/pe_addcert.c
+===================================================================
+--- pesign-0.99.orig/libdpe/pe_addcert.c
+++ pesign-0.99/libdpe/pe_addcert.c
@@ -59,7 +59,7 @@ pe_alloccert(Pe *pe, size_t size)
 	memset(addr, '\0', size);
 
@ -48,10 +48,10 @@ index e391242..b6ba969 100644
 
 #if 0
 	pe_set_image_size(pe);
-diff --git a/libdpe/pe_updatefile.c b/libdpe/pe_updatefile.c
-index 7a29757..a8fe769 100644
--- a/libdpe/pe_updatefile.c
-+++ b/libdpe/pe_updatefile.c
+Index: pesign-0.99/libdpe/pe_updatefile.c
+===================================================================
+--- pesign-0.99.orig/libdpe/pe_updatefile.c
+++ pesign-0.99/libdpe/pe_updatefile.c
@@ -24,6 +24,7 @@
 #include <sys/mman.h>
 
@ -60,7 +60,7 @@ index 7a29757..a8fe769 100644
 __get_last_section(Pe *pe)
 {
 	Pe_Scn *scn = NULL;
-@@ -79,6 +80,7 @@ compare_sections (const void *a, const void *b)
+@@ -79,6 +80,7 @@ compare_sections (const void *a, const v
 }
 
 static void
@ -86,10 +86,10 @@ index 7a29757..a8fe769 100644
 
 	return 0;
 }
-diff --git a/src/actions.c b/src/actions.c
-index 9e4ac59..5c5dd89 100644
--- a/src/actions.c
-+++ b/src/actions.c
+Index: pesign-0.99/src/actions.c
+===================================================================
+--- pesign-0.99.orig/src/actions.c
+++ pesign-0.99/src/actions.c
@@ -268,7 +268,7 @@ failure:
 	return ret;
 }
@ -108,7 +108,7 @@ index 9e4ac59..5c5dd89 100644
 	ssize_t available = available_cert_space(ctx->outpe);
 
 	if (available < ctx->cms_ctx->newsig.len) {
-@@ -406,14 +404,6 @@ check_signature_space(pesign_context *ctx)
+@@ -406,14 +404,6 @@ check_signature_space(pesign_context *ct
 	}
 }
 
@ -123,11 +123,11 @@ index 9e4ac59..5c5dd89 100644
 void
 allocate_signature_space(Pe *pe, ssize_t sigspace)
 {
-diff --git a/src/actions.h b/src/actions.h
-index 400876f..4ecaad8 100644
--- a/src/actions.h
-+++ b/src/actions.h
-@@ -28,12 +28,12 @@ extern int list_signatures(pesign_context *ctx);
+Index: pesign-0.99/src/actions.h
+===================================================================
+--- pesign-0.99.orig/src/actions.h
+++ pesign-0.99/src/actions.h
+@@ -28,12 +28,12 @@ extern int list_signatures(pesign_contex
 extern void check_signature_space(pesign_context *ctx);
 extern void allocate_signature_space(Pe *pe, ssize_t sigspace);
 extern off_t export_signature(cms_context *cms, int fd, int ascii_armor);
@ -141,11 +141,11 @@ index 400876f..4ecaad8 100644
 extern void insert_signature(cms_context *cms, int signum);
 
 #endif /* PESIGN_CRYPTO_H */
-diff --git a/src/cms_common.c b/src/cms_common.c
-index 9ab2021..3b2e71a 100644
--- a/src/cms_common.c
-+++ b/src/cms_common.c
-@@ -304,6 +304,17 @@ is_valid_cert(CERTCertificate *cert, void *data)
+Index: pesign-0.99/src/cms_common.c
+===================================================================
+--- pesign-0.99.orig/src/cms_common.c
+++ pesign-0.99/src/cms_common.c
+@@ -304,6 +304,17 @@ is_valid_cert(CERTCertificate *cert, voi
 	return SECFailure;
 }
 
@ -163,10 +163,15 @@ index 9ab2021..3b2e71a 100644
 /* This is the dumbest function ever, but we need it anyway, because nss
  * is garbage. */
 static void
-@@ -448,6 +459,88 @@ err_slots:
- 	return 0;
- }
+@@ -443,6 +454,88 @@ err_slots:
 
+ 	PK11_DestroySlotListElement(slots, &psle);
+ 	PK11_FreeSlotList(slots);
+	CERT_DestroyCertList(certlist);
+
+	return 0;
+}
+
 +int
 +find_named_certificate(cms_context *cms, char *name, CERTCertificate **cert)
 +{
@ -244,18 +249,13 @@ index 9ab2021..3b2e71a 100644
 +
 +	PK11_DestroySlotListElement(slots, &psle);
 +	PK11_FreeSlotList(slots);
-+	CERT_DestroyCertList(certlist);
-+
-+	return 0;
-+}
-+
- static SEC_ASN1Template EmptySequenceTemplate[] = {
- 	{
- 	.kind = SEC_ASN1_SEQUENCE,
-diff --git a/src/cms_common.h b/src/cms_common.h
-index a3848cd..2b2d619 100644
--- a/src/cms_common.h
-+++ b/src/cms_common.h
+ 	CERT_DestroyCertList(certlist);
+ 
+ 	return 0;
+Index: pesign-0.99/src/cms_common.h
+===================================================================
+--- pesign-0.99.orig/src/cms_common.h
+++ pesign-0.99/src/cms_common.h
@@ -19,9 +19,35 @@
 #ifndef CMS_COMMON_H
 #define CMS_COMMON_H 1
@ -293,7 +293,7 @@ index a3848cd..2b2d619 100644
 
 struct digest {
 	PK11Context *pk11ctx;
-@@ -109,6 +135,10 @@ extern int generate_digest(cms_context *cms, Pe *pe);
+@@ -109,6 +135,10 @@ extern int generate_digest(cms_context *
 extern int generate_signature(cms_context *ctx);
 extern int unlock_nss_token(cms_context *ctx);
 extern int find_certificate(cms_context *ctx);
@ -304,11 +304,11 @@ index a3848cd..2b2d619 100644
 
 extern SECOidTag digest_get_digest_oid(cms_context *cms);
 extern SECOidTag digest_get_encryption_oid(cms_context *cms);
-diff --git a/src/daemon.c b/src/daemon.c
-index 4a9af87..92ae856 100644
--- a/src/daemon.c
-+++ b/src/daemon.c
-@@ -288,7 +288,8 @@ set_up_inpe(context *ctx, int fd, Pe **pe)
+Index: pesign-0.99/src/daemon.c
+===================================================================
+--- pesign-0.99.orig/src/daemon.c
+++ pesign-0.99/src/daemon.c
+@@ -288,7 +288,8 @@ set_up_inpe(context *ctx, int fd, Pe **p
 		return -1;
 	}
 
@ -328,10 +328,10 @@ index 4a9af87..92ae856 100644
 		pe_end(outpe);
 	} else {
 		if (ftruncate(outfd, 0) != 0) {
-diff --git a/src/pesign.c b/src/pesign.c
-index bfda33b..fcb2dca 100644
--- a/src/pesign.c
-+++ b/src/pesign.c
+Index: pesign-0.99/src/pesign.c
+===================================================================
+--- pesign-0.99.orig/src/pesign.c
+++ pesign-0.99/src/pesign.c
@@ -104,7 +104,8 @@ open_input(pesign_context *ctx)
 		exit(1);
 	}
@ -414,10 +414,10 @@ index bfda33b..fcb2dca 100644
 			close_output(ctxp);
 			break;
 		case DAEMONIZE:
-diff --git a/src/peverify.c b/src/peverify.c
-index 08aad27..e010d87 100644
--- a/src/peverify.c
-+++ b/src/peverify.c
+Index: pesign-0.99/src/peverify.c
+===================================================================
+--- pesign-0.99.orig/src/peverify.c
+++ pesign-0.99/src/peverify.c
@@ -55,9 +55,12 @@ open_input(peverify_context *ctx)
 		exit(1);
 	}
@ -433,10 +433,10 @@ index 08aad27..e010d87 100644
 		exit(1);
 	}
 }
-diff --git a/src/siglist.c b/src/siglist.c
-index 1a933e7..ca097e6 100644
--- a/src/siglist.c
-+++ b/src/siglist.c
+Index: pesign-0.99/src/siglist.c
+===================================================================
+--- pesign-0.99.orig/src/siglist.c
+++ pesign-0.99/src/siglist.c
@@ -17,11 +17,15 @@
  * Author(s): Peter Jones <pjones@redhat.com>
  */
@ -454,7 +454,7 @@ index 1a933e7..ca097e6 100644
 
 struct efi_signature_data {
 	efi_guid_t		SignatureOwner;
-@@ -135,7 +139,10 @@ signature_list_add_sig(signature_list *sl, efi_guid_t owner,
+@@ -135,7 +139,10 @@ signature_list_add_sig(signature_list *s
 	if (memcmp(&sl->SignatureType, &x509_guid, sizeof (efi_guid_t)) == 0) {
 		if (sigsize > sl->SignatureSize)
 			resize_entries(sl, sigsize);
@ -466,7 +466,7 @@ index 1a933e7..ca097e6 100644
 		return -1;
 	}
 
-@@ -162,11 +169,31 @@ signature_list_add_sig(signature_list *sl, efi_guid_t owner,
+@@ -162,11 +169,31 @@ signature_list_add_sig(signature_list *s
 	return 0;
 }
 
@ -475,9 +475,7 @@ index 1a933e7..ca097e6 100644
 +#if 0
 +int
 +signature_list_parse(signature_list *sl, uint8_t *data, size_t len)
- {
-	if (sl->realized)
-		return sl->realized;
+{
 +	if (!sl)
 +		return -1;
 +
@ -494,7 +492,9 @@ index 1a933e7..ca097e6 100644
 +
 +int
 +signature_list_realize(signature_list *sl, void **out, size_t *outsize)
-+{
+ {
+-	if (sl->realized)
+-		return sl->realized;
 +	if (sl->realized) {
 +		free(sl->realized);
 +		sl->realized = NULL;
@ -502,7 +502,7 @@ index 1a933e7..ca097e6 100644
 
 	struct efi_signature_list *esl = NULL;
 	uint32_t size = sizeof (*esl) +
-@@ -174,7 +201,7 @@ signature_list_realize(signature_list *sl)
+@@ -174,7 +201,7 @@ signature_list_realize(signature_list *s
 
 	void *ret = calloc(1, size);
 	if (!ret)
@ -511,7 +511,7 @@ index 1a933e7..ca097e6 100644
 	esl = ret;
 
 	memcpy(esl, sl, sizeof (*esl));
-@@ -186,7 +213,10 @@ signature_list_realize(signature_list *sl)
+@@ -186,7 +213,10 @@ signature_list_realize(signature_list *s
 	}
 
 	sl->realized = ret;
@ -523,11 +523,11 @@ index 1a933e7..ca097e6 100644
 }
 
 void
-diff --git a/src/siglist.h b/src/siglist.h
-index 2961a39..a576ffd 100644
--- a/src/siglist.h
-+++ b/src/siglist.h
-@@ -24,7 +24,8 @@ typedef struct signature_list signature_list;
+Index: pesign-0.99/src/siglist.h
+===================================================================
+--- pesign-0.99.orig/src/siglist.h
+++ pesign-0.99/src/siglist.h
+@@ -24,7 +24,8 @@ typedef struct signature_list signature_
 extern signature_list *signature_list_new(efi_guid_t SignatureType);
 extern int signature_list_add_sig(signature_list *sl, efi_guid_t owner,
 			uint8_t *sig, uint32_t sigsize);
@ -537,11 +537,11 @@ index 2961a39..a576ffd 100644
 extern void signature_list_free(signature_list *sl);
 
 #endif /* SIGLIST_H */
-diff --git a/src/signed_data.c b/src/signed_data.c
-index e676cb3..83957d6 100644
--- a/src/signed_data.c
-+++ b/src/signed_data.c
-@@ -76,20 +76,51 @@ static int
+Index: pesign-0.99/src/signed_data.c
+===================================================================
+--- pesign-0.99.orig/src/signed_data.c
+++ pesign-0.99/src/signed_data.c
+@@ -76,20 +76,53 @@ static int
 generate_certificate_list(cms_context *cms, SECItem ***certificate_list_p)
 {
 	SECItem **certificates = NULL;
@ -561,7 +561,7 @@ index e676cb3..83957d6 100644
 +	if (!certificates) {
 +		save_port_err(PORT_ArenaRelease(cms->arena, mark));
 +		cmsreterr(-1, cms, "could not allocate certificate list");
-+	}
+ 	}
 +	int i = 0;
 +
 +	certificates[i] = PORT_ArenaZAlloc(cms->arena, sizeof (SECItem));
@ -571,6 +571,7 @@ index e676cb3..83957d6 100644
 +	}
 +	SECITEM_CopyItem(cms->arena, certificates[i++], &cms->cert->derCert);
 +
+#if 0
 +	if (!is_issuer_of(cms->cert, cms->cert)) {
 +		CERTCertificate *signer = NULL;
 +		int rc = find_named_certificate(cms, cms->cert->issuerName,
@ -598,16 +599,17 @@ index e676cb3..83957d6 100644
 +			}
 +			CERT_DestroyCertificate(signer);
 +		}
- 	}
+	}
+#endif
 
 -	SECITEM_CopyItem(cms->arena, certificates[0], &cms->cert->derCert);
 	*certificate_list_p = certificates;
 	return 0;
 }
-diff --git a/src/wincert.c b/src/wincert.c
-index 4b5ba45..4197a87 100644
--- a/src/wincert.c
-+++ b/src/wincert.c
+Index: pesign-0.99/src/wincert.c
+===================================================================
+--- pesign-0.99.orig/src/wincert.c
+++ pesign-0.99/src/wincert.c
@@ -25,13 +25,13 @@ struct cert_list_entry {
 };
 
@ -626,7 +628,7 @@ index 4b5ba45..4197a87 100644
 	}
 
 	uint8_t *data = malloc(cl_size);
-@@ -41,15 +41,15 @@ generate_cert_list(cms_context *cms, void **cert_list,
+@@ -41,15 +41,15 @@ generate_cert_list(cms_context *cms, voi
 	*cert_list = (void *)data;
 	*cert_list_size = cl_size;
 
@ -647,7 +649,7 @@ index 4b5ba45..4197a87 100644
 	}
 
 	return 0;
-@@ -62,12 +62,13 @@ implant_cert_list(Pe *pe, void *cert_list, size_t cert_list_size)
+@@ -62,12 +62,13 @@ implant_cert_list(Pe *pe, void *cert_lis
 }
 
 int
@ -732,7 +734,7 @@ index 4b5ba45..4197a87 100644
 {
 	cert_iter iter;
 	int rc = cert_iter_init(&iter, pe);
-@@ -238,8 +267,8 @@ parse_signatures(cms_context *cms, Pe *pe)
+@@ -238,8 +267,8 @@ parse_signatures(cms_context *cms, Pe *p
 	}
 
 	if (nsigs == 0) {
@ -743,7 +745,7 @@ index 4b5ba45..4197a87 100644
 		return 0;
 	}
 
-@@ -271,8 +300,8 @@ parse_signatures(cms_context *cms, Pe *pe)
+@@ -271,8 +300,8 @@ parse_signatures(cms_context *cms, Pe *p
 		i++;
 	}
 
@ -754,10 +756,10 @@ index 4b5ba45..4197a87 100644
 
 	return 0;
 err:
-diff --git a/src/wincert.h b/src/wincert.h
-index 4309915..ed7e15c 100644
--- a/src/wincert.h
-+++ b/src/wincert.h
+Index: pesign-0.99/src/wincert.h
+===================================================================
+--- pesign-0.99.orig/src/wincert.h
+++ pesign-0.99/src/wincert.h
@@ -32,8 +32,6 @@ typedef struct win_certificate {
 	uint16_t cert_type;
 } win_certificate;
@ -767,7 +769,7 @@ index 4309915..ed7e15c 100644
 typedef struct cert_iter {
 	Pe *pe;
 	off_t n;
-@@ -45,6 +43,10 @@ extern int cert_iter_init(cert_iter *iter, Pe *pe);
+@@ -45,6 +43,10 @@ extern int cert_iter_init(cert_iter *ite
 extern int next_cert(cert_iter *iter, void **cert, ssize_t *cert_size);
 extern ssize_t available_cert_space(Pe *pe);
 extern ssize_t calculate_signature_space(cms_context *cms, Pe *pe);
--- a/pesign.changes
+++ b/pesign.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Sat Feb 23 04:47:48 UTC 2013 - jlee@suse.com
+
+- Modified pesign-bnc805166-fix-signature-list.patch, block out the
+  source code for find/attach Issuer certificate
+  (bnc#805166 comment#13)
+
 -------------------------------------------------------------------
 Fri Feb 22 08:44:43 UTC 2013 - glin@suse.com

--- a/pesign.spec
+++ b/pesign.spec
@ -16,6 +16,7 @@
 #


+
 Name:           pesign
 Version:        0.99
 Release:        0