3e44889555
- Update to 0.111 - Add pesign-fix-signness.patch to fix the signness comparison - Drop upstreamed patches + pesign-efivar-pkgconfig.patch + pesign-make-efi_guid_t-const.patch + pesign-fix-import-sig-check.patch + pesign-install-supplementary-programs.patch - Refresh pesign-suse-build.patch, pesign-privkey_unneeded.diff, and pesign-run.patch - Update pesign-fix-build-errors.patch - Merge use-standard-pid-location.patch into pesign-run.patch OBS-URL: https://build.opensuse.org/request/show/346961 OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=36
120 lines
3.3 KiB
Diff
120 lines
3.3 KiB
Diff
Index: pesign-0.111/src/daemon.c
|
|
===================================================================
|
|
--- pesign-0.111.orig/src/daemon.c
|
|
+++ pesign-0.111/src/daemon.c
|
|
@@ -544,7 +544,11 @@ malformed:
|
|
if (rc < 0) {
|
|
err_attached:
|
|
pe_end(outpe);
|
|
- ftruncate(outfd, 0);
|
|
+ if (ftruncate(outfd, 0) != 0) {
|
|
+ ctx->cms->log(ctx->cms, ctx->priority|LOG_ERR,
|
|
+ "pesignd: could not truncate output "
|
|
+ "file: %m");
|
|
+ }
|
|
goto finish;
|
|
}
|
|
ssize_t sigspace = calculate_signature_space(ctx->cms, outpe);
|
|
@@ -562,21 +566,34 @@ err_attached:
|
|
ctx->cms->num_signatures, outpe);
|
|
pe_end(outpe);
|
|
} else {
|
|
- ftruncate(outfd, 0);
|
|
+ if (ftruncate(outfd, 0) != 0) {
|
|
+ ctx->cms->log(ctx->cms, ctx->priority|LOG_ERR,
|
|
+ "pesignd: could not truncate output "
|
|
+ "file: %m");
|
|
+ }
|
|
rc = generate_digest(ctx->cms, inpe, 1);
|
|
if (rc < 0) {
|
|
err_detached:
|
|
- ftruncate(outfd, 0);
|
|
+ if (ftruncate(outfd, 0) != 0) {
|
|
+ ctx->cms->log(ctx->cms, ctx->priority|LOG_ERR,
|
|
+ "pesignd: could not truncate output "
|
|
+ "file: %m");
|
|
+ }
|
|
goto finish;
|
|
}
|
|
rc = generate_signature(ctx->cms);
|
|
if (rc < 0)
|
|
goto err_detached;
|
|
rc = export_signature(ctx->cms, outfd, 0);
|
|
- if (rc >= 0)
|
|
- ftruncate(outfd, rc);
|
|
- else if (rc < 0)
|
|
+ if (rc >= 0) {
|
|
+ if (ftruncate(outfd, rc) != 0) {
|
|
+ ctx->cms->log(ctx->cms, ctx->priority|LOG_ERR,
|
|
+ "pesignd: could not truncate output "
|
|
+ "file: %m");
|
|
+ }
|
|
+ } else if (rc < 0) {
|
|
goto err_detached;
|
|
+ }
|
|
}
|
|
|
|
finish:
|
|
@@ -1182,7 +1199,12 @@ daemonize(cms_context *cms_ctx, char *ce
|
|
exit(1);
|
|
}
|
|
|
|
- chdir(homedir ? homedir : "/");
|
|
+ if (chdir(homedir ? homedir : "/") != 0) {
|
|
+ ctx.backup_cms->log(ctx.backup_cms, ctx.priority|LOG_ERR,
|
|
+ "pesignd: could not change working directory "
|
|
+ "for pesign: %m");
|
|
+ exit(1);
|
|
+ }
|
|
|
|
if (getuid() == 0) {
|
|
/* process is running as root, drop privileges */
|
|
Index: pesign-0.111/src/password.c
|
|
===================================================================
|
|
--- pesign-0.111.orig/src/password.c
|
|
+++ pesign-0.111/src/password.c
|
|
@@ -76,7 +76,8 @@ static char *SEC_GetPassword(FILE *input
|
|
echoOff(infd);
|
|
}
|
|
|
|
- fgets ( phrase, sizeof(phrase), input);
|
|
+ if (fgets(phrase, sizeof(phrase), input) == NULL)
|
|
+ phrase[0] = '\0';
|
|
|
|
if (isTTY) {
|
|
fprintf(output, "\n");
|
|
Index: pesign-0.111/src/pesign.c
|
|
===================================================================
|
|
--- pesign-0.111.orig/src/pesign.c
|
|
+++ pesign-0.111/src/pesign.c
|
|
@@ -164,9 +164,15 @@ open_output(pesign_context *ctx)
|
|
|
|
addr = pe_rawfile(ctx->inpe, &size);
|
|
|
|
- ftruncate(ctx->outfd, size);
|
|
+ if (ftruncate(ctx->outfd, size) != 0) {
|
|
+ fprintf(stderr, "pesign: could not truncate output file: %m\n");
|
|
+ exit(1);
|
|
+ }
|
|
lseek(ctx->outfd, 0, SEEK_SET);
|
|
- write(ctx->outfd, addr, size);
|
|
+ if ((size_t)write(ctx->outfd, addr, size) != size) {
|
|
+ fprintf(stderr, "pesign: could not write output file: %m\n");
|
|
+ exit(1);
|
|
+ }
|
|
|
|
Pe_Cmd cmd = ctx->outfd == STDOUT_FILENO ? PE_C_RDWR : PE_C_RDWR_MMAP;
|
|
ctx->outpe = pe_begin(ctx->outfd, cmd, NULL);
|
|
Index: pesign-0.111/src/signed_data.c
|
|
===================================================================
|
|
--- pesign-0.111.orig/src/signed_data.c
|
|
+++ pesign-0.111/src/signed_data.c
|
|
@@ -133,6 +133,7 @@ generate_signerInfo_list(cms_context *cm
|
|
SpcSignerInfo **signerInfo_list;
|
|
int err, rc;
|
|
|
|
+ err = 0;
|
|
if (!signerInfo_list_p)
|
|
return -1;
|
|
|