pesign/pesign.changes

322 lines
11 KiB
Plaintext

-------------------------------------------------------------------
Tue Jun 16 06:52:21 UTC 2015 - glin@suse.com
- Add pesign-efivar-pkgconfig.patch to get the efivar compiler
parameters from pkg-confg
- Add pesign-make-efi_guid_t-const.patch to avoid the error from
gcc
-------------------------------------------------------------------
Wed Nov 26 09:46:50 UTC 2014 - glin@suse.com
- Add pesign-fix-import-sig-check.patch to fix the signature size
check while importing a signature
- Amend the spec file with spec-cleaner
-------------------------------------------------------------------
Fri Oct 31 07:16:40 UTC 2014 - glin@suse.com
- Update pesign-suse-build.patch to set LIBDIR for AArch64
-------------------------------------------------------------------
Tue Oct 28 08:47:34 UTC 2014 - glin@suse.com
- Update to version 0.110
- Add pesign-fix-authvar-write-loop.patch to fix the write loop in
authvar
- Add pesign-install-supplementary-programs.patch to install the
supplementary programs
- Refresh patches
+ pesign-fix-build-errors.patch
+ pesign-run.patch
+ pesign-suse-build.patch
- Drop upstreamed patches
+ pesign-clear-padding-bits.patch
+ pesign-enable-supplementary-programs.patch
+ pesign-no-db.patch
- Enable aarch64
-------------------------------------------------------------------
Tue Jul 1 06:46:13 UTC 2014 - glin@suse.com
- Update pesign-enable-supplementary-programs.patch to fix write
loop
-------------------------------------------------------------------
Thu Jun 12 02:47:55 UTC 2014 - glin@suse.com
- Add pesign-enable-supplementary-programs.patch to fix and enable
the supplementary programs: pesigcheck, authvar, efisiglist
-------------------------------------------------------------------
Wed Apr 16 07:12:05 UTC 2014 - aj@suse.com
- Add pesign-run.patch: Use /run instead of /var/run (bnc#873857).
-------------------------------------------------------------------
Fri Jan 31 08:49:12 UTC 2014 - lnussel@suse.de
- mark dir in /var/run as %ghost
-------------------------------------------------------------------
Thu Nov 7 09:17:04 UTC 2013 - glin@suse.com
- Add pesign-no-db.patch to allow some commands to proceed without
a NSS database.
-------------------------------------------------------------------
Thu Oct 24 03:14:05 UTC 2013 - glin@suse.com
- Revert the dowload Url since it's not valid
-------------------------------------------------------------------
Tue Oct 22 11:18:39 UTC 2013 - p.drouand@gmail.com
- Update to version 0.109
- Remove sysvinit related old stuff
- Remove redundant %clean section
- Add use-standard-pid-location.patch
Use the good location to stock pidfile
- Use download Url as source
- Rebase pesign-suse-build.patch to upstream changes as it has been
partially merged on upstream
- Remove pesign-allow-no-issuer-cert.patch; fixed on upstream
-------------------------------------------------------------------
Thu Jul 18 06:54:19 UTC 2013 - glin@suse.com
- Add pesign-allow-no-issuer-cert.patch to avoid crash when the
issuer's certificate is not available
-------------------------------------------------------------------
Tue Jul 9 04:44:44 UTC 2013 - glin@suse.com
- Update to 0.106
- Add pesign-clear-padding-bits.patch to clear the padding bits
- Rebase patches:
+ pesign-suse-build.patch
+ pesign-fix-build-errors.patch
+ pesign-privkey_unneeded.diff
- Drop upstreamed patches
+ pesign-client-initialize-action.patch
+ pesign-bnc808594-align-signatures.patch
+ pesign-upstream-fixes.patch
+ pesign-fix-export-attributes.patch
+ pesign-no-set-image-size.patch
+ pesign-client-read-pin-file.patch
+ pesign-local-database.patch
+ pesign-bnc801653-teardown-segfault.patch
+ pesign-bnc805166-fix-signature-list.patch
-------------------------------------------------------------------
Tue Mar 26 06:21:15 UTC 2013 - glin@suse.com
- Add pesign-bnc808594-align-signatures.patch to align signatures
(bnc#808594, bnc#811325)
-------------------------------------------------------------------
Fri Mar 1 03:04:35 UTC 2013 - glin@suse.com
- Update pesign-bnc805166-fix-signature-list.patch to avoid the
potential crash when inserting a signature (bnc#805166)
- Add pwdutils to PreReq
-------------------------------------------------------------------
Mon Feb 25 07:35:59 UTC 2013 - glin@suse.com
- Update pesign-bnc805166-fix-signature-list.patch to skip the
unneeded private key request. (bnc#805166c#17)
-------------------------------------------------------------------
Sat Feb 23 04:47:48 UTC 2013 - jlee@suse.com
- Modified pesign-bnc805166-fix-signature-list.patch, block out the
source code for find/attach Issuer certificate
(bnc#805166 comment#13)
-------------------------------------------------------------------
Fri Feb 22 08:44:43 UTC 2013 - glin@suse.com
- Add pesign-bnc805166-fix-signature-list.patch to fix the broken
signature list when inserting signature into a signed EFI binary
(bnc#805166)
-------------------------------------------------------------------
Tue Feb 12 15:32:11 CET 2013 - mls@suse.de
- do not try to recalculate the image size, it is included in the
hash and therefore must not change.
-------------------------------------------------------------------
Wed Feb 6 10:44:48 UTC 2013 - glin@suse.com
- Merge patches for FATE#314552
+ pesign-fix-export-attributes.patch: fix crash when exporting
the signed attributes
+ pesign-privkey_unneeded.diff: Don't check the private key when
importing the raw signature
- Add pesign-bnc801653-teardown-segfault.patch to fix crash when
freeing digests (bnc801653)
- Drop pesign-digestdata.diff which is no longer needed.
-------------------------------------------------------------------
Mon Jan 21 10:17:28 UTC 2013 - glin@suse.com
- Add pesign-digestdata.diff to generate digestdata (FATE#314552)
-------------------------------------------------------------------
Wed Dec 12 13:18:40 UTC 2012 - fcrozat@suse.com
- Don't call sysv RPM post/pre macros when building for systemd
- Ship rcpesign for systemd, link to /sbin/service
- Update pesign-suse-build.patch to allow change systemd unit
install directory.
- Don't hardcode systemd unit directory, since it changed in
Factory.
-------------------------------------------------------------------
Tue Dec 11 07:10:04 UTC 2012 - glin@suse.com
- Add Requires: pwdutils
-------------------------------------------------------------------
Wed Nov 28 07:42:09 UTC 2012 - glin@suse.com
- Add pesign-local-database.patch to support the local certificate
database
- Amend the spec file to build on openSUSE:Factory
-------------------------------------------------------------------
Thu Nov 8 06:32:32 UTC 2012 - glin@suse.com
- Version bump to 0.99 (FATE#314484)
+ Add documentation for --daemonize and --nofork
+ Make popt aliases work
+ Add documentation for pesign-client
+ Add --pinfd and --pinfile to the client
- Update pesign-suse-build.patch and pesign-fix-build-errors.patch
- Add pesign-upstream-fixes.patch to backport fixes from git head
and add sysvinit script
- Add pesign-client-initialize-action.patch to initialize client
action to avoid undetermined flags.
- Add pesign-client-read-pin-file.patch to fix pin file reading
-------------------------------------------------------------------
Mon Oct 15 09:33:19 UTC 2012 - glin@suse.com
- Version bump to 0.98
+ close the socket immediately on invalid input
+ Slightly better error messages
+ Log an error if digest initialization fails
+ Add systemd bits for pesignd
+ Add actual signing code to the daemon
+ Add input and output setup for sign functionality in the daemon
+ Audit allocation of CERTCertificateList/PK11SlotList and
friends
+ Fix memory leaks
- Refresh pesign-suse-build.patch and pesign-fix-build-errors.patch
-------------------------------------------------------------------
Mon Aug 13 06:50:35 UTC 2012 - glin@suse.com
- Version bump to 0.9
+ Add NSS "token" support for smartcards.
+ Allocate space for the section header variable
- Refresh pesign-fix-build-errors.patch to fix the warning
- Drop upstreamed pesign-allocate-shdr.patch
-------------------------------------------------------------------
Fri Aug 10 10:12:53 UTC 2012 - glin@suse.com
- Add pesign-allocate-shdr.patch to allocate space for the section
header variable
-------------------------------------------------------------------
Thu Aug 9 03:53:45 UTC 2012 - glin@suse.com
- Version bump to 0.8
+ Don't open the DB r/w, read-only is fine.
+ Attempt to do a better job setting the image size.
+ Emit correct OID for encryption type.
- Drop pesign-fix-image-size.patch which is already in 0.8
-------------------------------------------------------------------
Tue Aug 7 03:03:17 UTC 2012 - glin@suse.com
- Add upstream patch pesign-fix-image-size.patch to set the image
size correctly.
- Drop pesign-elilo-workaround.patch
-------------------------------------------------------------------
Mon Aug 6 08:03:05 UTC 2012 - glin@suse.com
- Version bump to 0.7
+ Fix incorrect initialization error in (undocumented) -e option.
+ Use SEC_OID_PKCS1_RSA_ENCRYPTION like MS
+ Initialize the index variable of loop
+ Adjust the buffer size to avoid overflow
+ Make sure pe_populatecert() always returns a value
-------------------------------------------------------------------
Mon Jul 23 08:49:13 UTC 2012 - glin@suse.com
- Add pesign-elilo-workaround.patch to workaround the section
header corruption in some EFI image (elilo for example)
-------------------------------------------------------------------
Mon Jul 23 03:32:18 UTC 2012 - glin@suse.com
- Add pesign-fix-build-errors.patch to fix build error/warning
- Don't install the util efi images
- Fix the RPM_OPT_FLAGS warning
-------------------------------------------------------------------
Thu Jul 12 09:37:55 UTC 2012 - glin@suse.com
- Version bump to 0.5
+ Handle and report mremap() failure
+ Man page should be in section 1.
+ Add some basic signature list management.
+ Add some more efi-defined constants, flesh out efi_guid_t.
+ authver: Find a guid for 'namespace'.
+ Add some basic ucs2 functions :(
+ Support multiple signatures correctly.
+ Add ascii_to_ucs2()
+ Add file formats and some code for variables-on-disk.
+ Allow the memory map to move when we're allocating space in the
binary.
+ Remove extra call to ftruncate()
+ Adjust section addresses when we remap the pecoff binary.
+ Correctly set win_certificate.length to /include/
win_certificate.
+ Move certificate space iterator to wincert.c so other stuff can
get it.
+ Split allocating space for certs and filling it in.
+ Put the new signature into the cms ctx instead of keeping it
locally.
+ Actually calculate space and extend the file before hashing the
binary.
+ Bounds-check everything we're hashing so we don't segfault on a
bad bin.
- Add pesign-always-return-value.patch to fix
no-return-in-nonvoid-function
- Drop upsreamed patch pesign-mem-reallocation.patch
-------------------------------------------------------------------
Fri Jun 29 07:08:11 UTC 2012 - glin@suse.com
- Add pesign-mem-reallocation.patch to fix crash when writing
signature
-------------------------------------------------------------------
Tue Jun 26 07:02:49 UTC 2012 - glin@suse.com
- Version bump to 0.3
+ it seems to generate working signatures
-------------------------------------------------------------------
Thu Jun 21 08:31:42 UTC 2012 - glin@suse.com
- New package pesign 0.2