------------------------------------------------------------------- Thu Jun 12 02:47:55 UTC 2014 - glin@suse.com - Add pesign-enable-supplementary-programs.patch to fix and enable the supplementary programs: pesigcheck, authvar, efisiglist ------------------------------------------------------------------- Wed Apr 16 07:12:05 UTC 2014 - aj@suse.com - Add pesign-run.patch: Use /run instead of /var/run (bnc#873857). ------------------------------------------------------------------- Fri Jan 31 08:49:12 UTC 2014 - lnussel@suse.de - mark dir in /var/run as %ghost ------------------------------------------------------------------- Thu Nov 7 09:17:04 UTC 2013 - glin@suse.com - Add pesign-no-db.patch to allow some commands to proceed without a NSS database. ------------------------------------------------------------------- Thu Oct 24 03:14:05 UTC 2013 - glin@suse.com - Revert the dowload Url since it's not valid ------------------------------------------------------------------- Tue Oct 22 11:18:39 UTC 2013 - p.drouand@gmail.com - Update to version 0.109 - Remove sysvinit related old stuff - Remove redundant %clean section - Add use-standard-pid-location.patch Use the good location to stock pidfile - Use download Url as source - Rebase pesign-suse-build.patch to upstream changes as it has been partially merged on upstream - Remove pesign-allow-no-issuer-cert.patch; fixed on upstream ------------------------------------------------------------------- Thu Jul 18 06:54:19 UTC 2013 - glin@suse.com - Add pesign-allow-no-issuer-cert.patch to avoid crash when the issuer's certificate is not available ------------------------------------------------------------------- Tue Jul 9 04:44:44 UTC 2013 - glin@suse.com - Update to 0.106 - Add pesign-clear-padding-bits.patch to clear the padding bits - Rebase patches: + pesign-suse-build.patch + pesign-fix-build-errors.patch + pesign-privkey_unneeded.diff - Drop upstreamed patches + pesign-client-initialize-action.patch + pesign-bnc808594-align-signatures.patch + pesign-upstream-fixes.patch + pesign-fix-export-attributes.patch + pesign-no-set-image-size.patch + pesign-client-read-pin-file.patch + pesign-local-database.patch + pesign-bnc801653-teardown-segfault.patch + pesign-bnc805166-fix-signature-list.patch ------------------------------------------------------------------- Tue Mar 26 06:21:15 UTC 2013 - glin@suse.com - Add pesign-bnc808594-align-signatures.patch to align signatures (bnc#808594, bnc#811325) ------------------------------------------------------------------- Fri Mar 1 03:04:35 UTC 2013 - glin@suse.com - Update pesign-bnc805166-fix-signature-list.patch to avoid the potential crash when inserting a signature (bnc#805166) - Add pwdutils to PreReq ------------------------------------------------------------------- Mon Feb 25 07:35:59 UTC 2013 - glin@suse.com - Update pesign-bnc805166-fix-signature-list.patch to skip the unneeded private key request. (bnc#805166c#17) ------------------------------------------------------------------- Sat Feb 23 04:47:48 UTC 2013 - jlee@suse.com - Modified pesign-bnc805166-fix-signature-list.patch, block out the source code for find/attach Issuer certificate (bnc#805166 comment#13) ------------------------------------------------------------------- Fri Feb 22 08:44:43 UTC 2013 - glin@suse.com - Add pesign-bnc805166-fix-signature-list.patch to fix the broken signature list when inserting signature into a signed EFI binary (bnc#805166) ------------------------------------------------------------------- Tue Feb 12 15:32:11 CET 2013 - mls@suse.de - do not try to recalculate the image size, it is included in the hash and therefore must not change. ------------------------------------------------------------------- Wed Feb 6 10:44:48 UTC 2013 - glin@suse.com - Merge patches for FATE#314552 + pesign-fix-export-attributes.patch: fix crash when exporting the signed attributes + pesign-privkey_unneeded.diff: Don't check the private key when importing the raw signature - Add pesign-bnc801653-teardown-segfault.patch to fix crash when freeing digests (bnc801653) - Drop pesign-digestdata.diff which is no longer needed. ------------------------------------------------------------------- Mon Jan 21 10:17:28 UTC 2013 - glin@suse.com - Add pesign-digestdata.diff to generate digestdata (FATE#314552) ------------------------------------------------------------------- Wed Dec 12 13:18:40 UTC 2012 - fcrozat@suse.com - Don't call sysv RPM post/pre macros when building for systemd - Ship rcpesign for systemd, link to /sbin/service - Update pesign-suse-build.patch to allow change systemd unit install directory. - Don't hardcode systemd unit directory, since it changed in Factory. ------------------------------------------------------------------- Tue Dec 11 07:10:04 UTC 2012 - glin@suse.com - Add Requires: pwdutils ------------------------------------------------------------------- Wed Nov 28 07:42:09 UTC 2012 - glin@suse.com - Add pesign-local-database.patch to support the local certificate database - Amend the spec file to build on openSUSE:Factory ------------------------------------------------------------------- Thu Nov 8 06:32:32 UTC 2012 - glin@suse.com - Version bump to 0.99 (FATE#314484) + Add documentation for --daemonize and --nofork + Make popt aliases work + Add documentation for pesign-client + Add --pinfd and --pinfile to the client - Update pesign-suse-build.patch and pesign-fix-build-errors.patch - Add pesign-upstream-fixes.patch to backport fixes from git head and add sysvinit script - Add pesign-client-initialize-action.patch to initialize client action to avoid undetermined flags. - Add pesign-client-read-pin-file.patch to fix pin file reading ------------------------------------------------------------------- Mon Oct 15 09:33:19 UTC 2012 - glin@suse.com - Version bump to 0.98 + close the socket immediately on invalid input + Slightly better error messages + Log an error if digest initialization fails + Add systemd bits for pesignd + Add actual signing code to the daemon + Add input and output setup for sign functionality in the daemon + Audit allocation of CERTCertificateList/PK11SlotList and friends + Fix memory leaks - Refresh pesign-suse-build.patch and pesign-fix-build-errors.patch ------------------------------------------------------------------- Mon Aug 13 06:50:35 UTC 2012 - glin@suse.com - Version bump to 0.9 + Add NSS "token" support for smartcards. + Allocate space for the section header variable - Refresh pesign-fix-build-errors.patch to fix the warning - Drop upstreamed pesign-allocate-shdr.patch ------------------------------------------------------------------- Fri Aug 10 10:12:53 UTC 2012 - glin@suse.com - Add pesign-allocate-shdr.patch to allocate space for the section header variable ------------------------------------------------------------------- Thu Aug 9 03:53:45 UTC 2012 - glin@suse.com - Version bump to 0.8 + Don't open the DB r/w, read-only is fine. + Attempt to do a better job setting the image size. + Emit correct OID for encryption type. - Drop pesign-fix-image-size.patch which is already in 0.8 ------------------------------------------------------------------- Tue Aug 7 03:03:17 UTC 2012 - glin@suse.com - Add upstream patch pesign-fix-image-size.patch to set the image size correctly. - Drop pesign-elilo-workaround.patch ------------------------------------------------------------------- Mon Aug 6 08:03:05 UTC 2012 - glin@suse.com - Version bump to 0.7 + Fix incorrect initialization error in (undocumented) -e option. + Use SEC_OID_PKCS1_RSA_ENCRYPTION like MS + Initialize the index variable of loop + Adjust the buffer size to avoid overflow + Make sure pe_populatecert() always returns a value ------------------------------------------------------------------- Mon Jul 23 08:49:13 UTC 2012 - glin@suse.com - Add pesign-elilo-workaround.patch to workaround the section header corruption in some EFI image (elilo for example) ------------------------------------------------------------------- Mon Jul 23 03:32:18 UTC 2012 - glin@suse.com - Add pesign-fix-build-errors.patch to fix build error/warning - Don't install the util efi images - Fix the RPM_OPT_FLAGS warning ------------------------------------------------------------------- Thu Jul 12 09:37:55 UTC 2012 - glin@suse.com - Version bump to 0.5 + Handle and report mremap() failure + Man page should be in section 1. + Add some basic signature list management. + Add some more efi-defined constants, flesh out efi_guid_t. + authver: Find a guid for 'namespace'. + Add some basic ucs2 functions :( + Support multiple signatures correctly. + Add ascii_to_ucs2() + Add file formats and some code for variables-on-disk. + Allow the memory map to move when we're allocating space in the binary. + Remove extra call to ftruncate() + Adjust section addresses when we remap the pecoff binary. + Correctly set win_certificate.length to /include/ win_certificate. + Move certificate space iterator to wincert.c so other stuff can get it. + Split allocating space for certs and filling it in. + Put the new signature into the cms ctx instead of keeping it locally. + Actually calculate space and extend the file before hashing the binary. + Bounds-check everything we're hashing so we don't segfault on a bad bin. - Add pesign-always-return-value.patch to fix no-return-in-nonvoid-function - Drop upsreamed patch pesign-mem-reallocation.patch ------------------------------------------------------------------- Fri Jun 29 07:08:11 UTC 2012 - glin@suse.com - Add pesign-mem-reallocation.patch to fix crash when writing signature ------------------------------------------------------------------- Tue Jun 26 07:02:49 UTC 2012 - glin@suse.com - Version bump to 0.3 + it seems to generate working signatures ------------------------------------------------------------------- Thu Jun 21 08:31:42 UTC 2012 - glin@suse.com - New package pesign 0.2