-------------------------------------------------------------------
Fri Feb 22 08:44:43 UTC 2013 - glin@suse.com

- Add pesign-bnc805166-fix-signature-list.patch to fix the broken
  signature list when inserting signature into a signed EFI binary
  (bnc#805166)

-------------------------------------------------------------------
Tue Feb 12 15:32:11 CET 2013 - mls@suse.de

- do not try to recalculate the image size, it is included in the
  hash and therefore must not change.

-------------------------------------------------------------------
Wed Feb  6 10:44:48 UTC 2013 - glin@suse.com

- Merge patches for FATE#314552
  + pesign-fix-export-attributes.patch: fix crash when exporting
    the signed attributes
  + pesign-privkey_unneeded.diff: Don't check the private key when
    importing the raw signature
- Add pesign-bnc801653-teardown-segfault.patch to fix crash when
  freeing digests (bnc801653)
- Drop pesign-digestdata.diff which is no longer needed.

-------------------------------------------------------------------
Mon Jan 21 10:17:28 UTC 2013 - glin@suse.com

- Add pesign-digestdata.diff to generate digestdata (FATE#314552)

-------------------------------------------------------------------
Wed Dec 12 13:18:40 UTC 2012 - fcrozat@suse.com

- Don't call sysv RPM post/pre macros when building for systemd
- Ship rcpesign for systemd, link to /sbin/service
- Update pesign-suse-build.patch to allow change systemd unit
  install directory.
- Don't hardcode systemd unit directory, since it changed in
  Factory.

-------------------------------------------------------------------
Tue Dec 11 07:10:04 UTC 2012 - glin@suse.com

- Add Requires: pwdutils

-------------------------------------------------------------------
Wed Nov 28 07:42:09 UTC 2012 - glin@suse.com

- Add pesign-local-database.patch to support the local certificate
  database
- Amend the spec file to build on openSUSE:Factory

-------------------------------------------------------------------
Thu Nov  8 06:32:32 UTC 2012 - glin@suse.com

- Version bump to 0.99 (FATE#314484)
  + Add documentation for --daemonize and --nofork
  + Make popt aliases work
  + Add documentation for pesign-client
  + Add --pinfd and --pinfile to the client
- Update pesign-suse-build.patch and pesign-fix-build-errors.patch
- Add pesign-upstream-fixes.patch to backport fixes from git head
  and add sysvinit script
- Add pesign-client-initialize-action.patch to initialize client
  action to avoid undetermined flags.
- Add pesign-client-read-pin-file.patch to fix pin file reading

-------------------------------------------------------------------
Mon Oct 15 09:33:19 UTC 2012 - glin@suse.com

- Version bump to 0.98
  + close the socket immediately on invalid input
  + Slightly better error messages
  + Log an error if digest initialization fails
  + Add systemd bits for pesignd
  + Add actual signing code to the daemon
  + Add input and output setup for sign functionality in the daemon
  + Audit allocation of CERTCertificateList/PK11SlotList and
    friends
  + Fix memory leaks
- Refresh pesign-suse-build.patch and pesign-fix-build-errors.patch

-------------------------------------------------------------------
Mon Aug 13 06:50:35 UTC 2012 - glin@suse.com

- Version bump to 0.9
  + Add NSS "token" support for smartcards.
  + Allocate space for the section header variable
- Refresh pesign-fix-build-errors.patch to fix the warning
- Drop upstreamed pesign-allocate-shdr.patch

-------------------------------------------------------------------
Fri Aug 10 10:12:53 UTC 2012 - glin@suse.com

- Add pesign-allocate-shdr.patch to allocate space for the section
  header variable

-------------------------------------------------------------------
Thu Aug  9 03:53:45 UTC 2012 - glin@suse.com

- Version bump to 0.8
  + Don't open the DB r/w, read-only is fine.
  + Attempt to do a better job setting the image size.
  + Emit correct OID for encryption type.
- Drop pesign-fix-image-size.patch which is already in 0.8

-------------------------------------------------------------------
Tue Aug  7 03:03:17 UTC 2012 - glin@suse.com

- Add upstream patch pesign-fix-image-size.patch to set the image
  size correctly.
- Drop pesign-elilo-workaround.patch

-------------------------------------------------------------------
Mon Aug  6 08:03:05 UTC 2012 - glin@suse.com

- Version bump to 0.7
  + Fix incorrect initialization error in (undocumented) -e option.
  + Use SEC_OID_PKCS1_RSA_ENCRYPTION like MS
  + Initialize the index variable of loop
  + Adjust the buffer size to avoid overflow
  + Make sure pe_populatecert() always returns a value

-------------------------------------------------------------------
Mon Jul 23 08:49:13 UTC 2012 - glin@suse.com

- Add pesign-elilo-workaround.patch to workaround the section
  header corruption in some EFI image (elilo for example)

-------------------------------------------------------------------
Mon Jul 23 03:32:18 UTC 2012 - glin@suse.com

- Add pesign-fix-build-errors.patch to fix build error/warning
- Don't install the util efi images
- Fix the RPM_OPT_FLAGS warning

-------------------------------------------------------------------
Thu Jul 12 09:37:55 UTC 2012 - glin@suse.com

- Version bump to 0.5
  + Handle and report mremap() failure
  + Man page should be in section 1.
  + Add some basic signature list management.
  + Add some more efi-defined constants, flesh out efi_guid_t.
  + authver: Find a guid for 'namespace'.
  + Add some basic ucs2 functions :(
  + Support multiple signatures correctly.
  + Add ascii_to_ucs2()
  + Add file formats and some code for variables-on-disk.
  + Allow the memory map to move when we're allocating space in the
    binary.
  + Remove extra call to ftruncate()
  + Adjust section addresses when we remap the pecoff binary.
  + Correctly set win_certificate.length to /include/
    win_certificate.
  + Move certificate space iterator to wincert.c so other stuff can
    get it.
  + Split allocating space for certs and filling it in.
  + Put the new signature into the cms ctx instead of keeping it
    locally.
  + Actually calculate space and extend the file before hashing the
    binary.
  + Bounds-check everything we're hashing so we don't segfault on a
    bad bin.
- Add pesign-always-return-value.patch to fix
  no-return-in-nonvoid-function
- Drop upsreamed patch pesign-mem-reallocation.patch

-------------------------------------------------------------------
Fri Jun 29 07:08:11 UTC 2012 - glin@suse.com

- Add pesign-mem-reallocation.patch to fix crash when writing
  signature

-------------------------------------------------------------------
Tue Jun 26 07:02:49 UTC 2012 - glin@suse.com

- Version bump to 0.3
  + it seems to generate working signatures 

-------------------------------------------------------------------
Thu Jun 21 08:31:42 UTC 2012 - glin@suse.com

- New package pesign 0.2