diff --git a/pesign-bnc805166-fix-signature-list.patch b/pesign-bnc805166-fix-signature-list.patch
index 133f59f..f8704d3 100644
--- a/pesign-bnc805166-fix-signature-list.patch
+++ b/pesign-bnc805166-fix-signature-list.patch
@@ -35,10 +35,10 @@ Date: Fri Feb 22 15:13:08 2013 +0800
9eb2814858270af2d7ecfbfa5ca131e7be2f9f53
-diff --git a/libdpe/pe_addcert.c b/libdpe/pe_addcert.c
-index e391242..b6ba969 100644
---- a/libdpe/pe_addcert.c
-+++ b/libdpe/pe_addcert.c
+Index: pesign-0.99/libdpe/pe_addcert.c
+===================================================================
+--- pesign-0.99.orig/libdpe/pe_addcert.c
++++ pesign-0.99/libdpe/pe_addcert.c
@@ -59,7 +59,7 @@ pe_alloccert(Pe *pe, size_t size)
memset(addr, '\0', size);
@@ -48,10 +48,10 @@ index e391242..b6ba969 100644
#if 0
pe_set_image_size(pe);
-diff --git a/libdpe/pe_updatefile.c b/libdpe/pe_updatefile.c
-index 7a29757..a8fe769 100644
---- a/libdpe/pe_updatefile.c
-+++ b/libdpe/pe_updatefile.c
+Index: pesign-0.99/libdpe/pe_updatefile.c
+===================================================================
+--- pesign-0.99.orig/libdpe/pe_updatefile.c
++++ pesign-0.99/libdpe/pe_updatefile.c
@@ -24,6 +24,7 @@
#include <sys/mman.h>
@@ -60,7 +60,7 @@ index 7a29757..a8fe769 100644
__get_last_section(Pe *pe)
{
Pe_Scn *scn = NULL;
-@@ -79,6 +80,7 @@ compare_sections (const void *a, const void *b)
+@@ -79,6 +80,7 @@ compare_sections (const void *a, const v
}
static void
@@ -86,10 +86,10 @@ index 7a29757..a8fe769 100644
return 0;
}
-diff --git a/src/actions.c b/src/actions.c
-index 9e4ac59..5c5dd89 100644
---- a/src/actions.c
-+++ b/src/actions.c
+Index: pesign-0.99/src/actions.c
+===================================================================
+--- pesign-0.99.orig/src/actions.c
++++ pesign-0.99/src/actions.c
@@ -268,7 +268,7 @@ failure:
return ret;
}
@@ -108,7 +108,7 @@ index 9e4ac59..5c5dd89 100644
ssize_t available = available_cert_space(ctx->outpe);
if (available < ctx->cms_ctx->newsig.len) {
-@@ -406,14 +404,6 @@ check_signature_space(pesign_context *ctx)
+@@ -406,14 +404,6 @@ check_signature_space(pesign_context *ct
}
}
@@ -123,11 +123,11 @@ index 9e4ac59..5c5dd89 100644
void
allocate_signature_space(Pe *pe, ssize_t sigspace)
{
-diff --git a/src/actions.h b/src/actions.h
-index 400876f..4ecaad8 100644
---- a/src/actions.h
-+++ b/src/actions.h
-@@ -28,12 +28,12 @@ extern int list_signatures(pesign_context *ctx);
+Index: pesign-0.99/src/actions.h
+===================================================================
+--- pesign-0.99.orig/src/actions.h
++++ pesign-0.99/src/actions.h
+@@ -28,12 +28,12 @@ extern int list_signatures(pesign_contex
extern void check_signature_space(pesign_context *ctx);
extern void allocate_signature_space(Pe *pe, ssize_t sigspace);
extern off_t export_signature(cms_context *cms, int fd, int ascii_armor);
@@ -141,11 +141,11 @@ index 400876f..4ecaad8 100644
extern void insert_signature(cms_context *cms, int signum);
#endif /* PESIGN_CRYPTO_H */
-diff --git a/src/cms_common.c b/src/cms_common.c
-index 9ab2021..3b2e71a 100644
---- a/src/cms_common.c
-+++ b/src/cms_common.c
-@@ -304,6 +304,17 @@ is_valid_cert(CERTCertificate *cert, void *data)
+Index: pesign-0.99/src/cms_common.c
+===================================================================
+--- pesign-0.99.orig/src/cms_common.c
++++ pesign-0.99/src/cms_common.c
+@@ -304,6 +304,17 @@ is_valid_cert(CERTCertificate *cert, voi
return SECFailure;
}
@@ -163,10 +163,15 @@ index 9ab2021..3b2e71a 100644
/* This is the dumbest function ever, but we need it anyway, because nss
* is garbage. */
static void
-@@ -448,6 +459,88 @@ err_slots:
- return 0;
- }
+@@ -443,6 +454,88 @@ err_slots:
+ PK11_DestroySlotListElement(slots, &psle);
+ PK11_FreeSlotList(slots);
++ CERT_DestroyCertList(certlist);
++
++ return 0;
++}
++
+int
+find_named_certificate(cms_context *cms, char *name, CERTCertificate **cert)
+{
@@ -244,18 +249,13 @@ index 9ab2021..3b2e71a 100644
+
+ PK11_DestroySlotListElement(slots, &psle);
+ PK11_FreeSlotList(slots);
-+ CERT_DestroyCertList(certlist);
-+
-+ return 0;
-+}
-+
- static SEC_ASN1Template EmptySequenceTemplate[] = {
- {
- .kind = SEC_ASN1_SEQUENCE,
-diff --git a/src/cms_common.h b/src/cms_common.h
-index a3848cd..2b2d619 100644
---- a/src/cms_common.h
-+++ b/src/cms_common.h
+ CERT_DestroyCertList(certlist);
+
+ return 0;
+Index: pesign-0.99/src/cms_common.h
+===================================================================
+--- pesign-0.99.orig/src/cms_common.h
++++ pesign-0.99/src/cms_common.h
@@ -19,9 +19,35 @@
#ifndef CMS_COMMON_H
#define CMS_COMMON_H 1
@@ -293,7 +293,7 @@ index a3848cd..2b2d619 100644
struct digest {
PK11Context *pk11ctx;
-@@ -109,6 +135,10 @@ extern int generate_digest(cms_context *cms, Pe *pe);
+@@ -109,6 +135,10 @@ extern int generate_digest(cms_context *
extern int generate_signature(cms_context *ctx);
extern int unlock_nss_token(cms_context *ctx);
extern int find_certificate(cms_context *ctx);
@@ -304,11 +304,11 @@ index a3848cd..2b2d619 100644
extern SECOidTag digest_get_digest_oid(cms_context *cms);
extern SECOidTag digest_get_encryption_oid(cms_context *cms);
-diff --git a/src/daemon.c b/src/daemon.c
-index 4a9af87..92ae856 100644
---- a/src/daemon.c
-+++ b/src/daemon.c
-@@ -288,7 +288,8 @@ set_up_inpe(context *ctx, int fd, Pe **pe)
+Index: pesign-0.99/src/daemon.c
+===================================================================
+--- pesign-0.99.orig/src/daemon.c
++++ pesign-0.99/src/daemon.c
+@@ -288,7 +288,8 @@ set_up_inpe(context *ctx, int fd, Pe **p
return -1;
}
@@ -328,10 +328,10 @@ index 4a9af87..92ae856 100644
pe_end(outpe);
} else {
if (ftruncate(outfd, 0) != 0) {
-diff --git a/src/pesign.c b/src/pesign.c
-index bfda33b..fcb2dca 100644
---- a/src/pesign.c
-+++ b/src/pesign.c
+Index: pesign-0.99/src/pesign.c
+===================================================================
+--- pesign-0.99.orig/src/pesign.c
++++ pesign-0.99/src/pesign.c
@@ -104,7 +104,8 @@ open_input(pesign_context *ctx)
exit(1);
}
@@ -414,10 +414,10 @@ index bfda33b..fcb2dca 100644
close_output(ctxp);
break;
case DAEMONIZE:
-diff --git a/src/peverify.c b/src/peverify.c
-index 08aad27..e010d87 100644
---- a/src/peverify.c
-+++ b/src/peverify.c
+Index: pesign-0.99/src/peverify.c
+===================================================================
+--- pesign-0.99.orig/src/peverify.c
++++ pesign-0.99/src/peverify.c
@@ -55,9 +55,12 @@ open_input(peverify_context *ctx)
exit(1);
}
@@ -433,10 +433,10 @@ index 08aad27..e010d87 100644
exit(1);
}
}
-diff --git a/src/siglist.c b/src/siglist.c
-index 1a933e7..ca097e6 100644
---- a/src/siglist.c
-+++ b/src/siglist.c
+Index: pesign-0.99/src/siglist.c
+===================================================================
+--- pesign-0.99.orig/src/siglist.c
++++ pesign-0.99/src/siglist.c
@@ -17,11 +17,15 @@
* Author(s): Peter Jones <pjones@redhat.com>
*/
@@ -454,7 +454,7 @@ index 1a933e7..ca097e6 100644
struct efi_signature_data {
efi_guid_t SignatureOwner;
-@@ -135,7 +139,10 @@ signature_list_add_sig(signature_list *sl, efi_guid_t owner,
+@@ -135,7 +139,10 @@ signature_list_add_sig(signature_list *s
if (memcmp(&sl->SignatureType, &x509_guid, sizeof (efi_guid_t)) == 0) {
if (sigsize > sl->SignatureSize)
resize_entries(sl, sigsize);
@@ -466,7 +466,7 @@ index 1a933e7..ca097e6 100644
return -1;
}
-@@ -162,11 +169,31 @@ signature_list_add_sig(signature_list *sl, efi_guid_t owner,
+@@ -162,11 +169,31 @@ signature_list_add_sig(signature_list *s
return 0;
}
@@ -475,9 +475,7 @@ index 1a933e7..ca097e6 100644
+#if 0
+int
+signature_list_parse(signature_list *sl, uint8_t *data, size_t len)
- {
-- if (sl->realized)
-- return sl->realized;
++{
+ if (!sl)
+ return -1;
+
@@ -494,7 +492,9 @@ index 1a933e7..ca097e6 100644
+
+int
+signature_list_realize(signature_list *sl, void **out, size_t *outsize)
-+{
+ {
+- if (sl->realized)
+- return sl->realized;
+ if (sl->realized) {
+ free(sl->realized);
+ sl->realized = NULL;
@@ -502,7 +502,7 @@ index 1a933e7..ca097e6 100644
struct efi_signature_list *esl = NULL;
uint32_t size = sizeof (*esl) +
-@@ -174,7 +201,7 @@ signature_list_realize(signature_list *sl)
+@@ -174,7 +201,7 @@ signature_list_realize(signature_list *s
void *ret = calloc(1, size);
if (!ret)
@@ -511,7 +511,7 @@ index 1a933e7..ca097e6 100644
esl = ret;
memcpy(esl, sl, sizeof (*esl));
-@@ -186,7 +213,10 @@ signature_list_realize(signature_list *sl)
+@@ -186,7 +213,10 @@ signature_list_realize(signature_list *s
}
sl->realized = ret;
@@ -523,11 +523,11 @@ index 1a933e7..ca097e6 100644
}
void
-diff --git a/src/siglist.h b/src/siglist.h
-index 2961a39..a576ffd 100644
---- a/src/siglist.h
-+++ b/src/siglist.h
-@@ -24,7 +24,8 @@ typedef struct signature_list signature_list;
+Index: pesign-0.99/src/siglist.h
+===================================================================
+--- pesign-0.99.orig/src/siglist.h
++++ pesign-0.99/src/siglist.h
+@@ -24,7 +24,8 @@ typedef struct signature_list signature_
extern signature_list *signature_list_new(efi_guid_t SignatureType);
extern int signature_list_add_sig(signature_list *sl, efi_guid_t owner,
uint8_t *sig, uint32_t sigsize);
@@ -537,11 +537,11 @@ index 2961a39..a576ffd 100644
extern void signature_list_free(signature_list *sl);
#endif /* SIGLIST_H */
-diff --git a/src/signed_data.c b/src/signed_data.c
-index e676cb3..83957d6 100644
---- a/src/signed_data.c
-+++ b/src/signed_data.c
-@@ -76,20 +76,51 @@ static int
+Index: pesign-0.99/src/signed_data.c
+===================================================================
+--- pesign-0.99.orig/src/signed_data.c
++++ pesign-0.99/src/signed_data.c
+@@ -76,20 +76,53 @@ static int
generate_certificate_list(cms_context *cms, SECItem ***certificate_list_p)
{
SECItem **certificates = NULL;
@@ -561,7 +561,7 @@ index e676cb3..83957d6 100644
+ if (!certificates) {
+ save_port_err(PORT_ArenaRelease(cms->arena, mark));
+ cmsreterr(-1, cms, "could not allocate certificate list");
-+ }
+ }
+ int i = 0;
+
+ certificates[i] = PORT_ArenaZAlloc(cms->arena, sizeof (SECItem));
@@ -571,6 +571,7 @@ index e676cb3..83957d6 100644
+ }
+ SECITEM_CopyItem(cms->arena, certificates[i++], &cms->cert->derCert);
+
++#if 0
+ if (!is_issuer_of(cms->cert, cms->cert)) {
+ CERTCertificate *signer = NULL;
+ int rc = find_named_certificate(cms, cms->cert->issuerName,
@@ -598,16 +599,17 @@ index e676cb3..83957d6 100644
+ }
+ CERT_DestroyCertificate(signer);
+ }
- }
++ }
++#endif
- SECITEM_CopyItem(cms->arena, certificates[0], &cms->cert->derCert);
*certificate_list_p = certificates;
return 0;
}
-diff --git a/src/wincert.c b/src/wincert.c
-index 4b5ba45..4197a87 100644
---- a/src/wincert.c
-+++ b/src/wincert.c
+Index: pesign-0.99/src/wincert.c
+===================================================================
+--- pesign-0.99.orig/src/wincert.c
++++ pesign-0.99/src/wincert.c
@@ -25,13 +25,13 @@ struct cert_list_entry {
};
@@ -626,7 +628,7 @@ index 4b5ba45..4197a87 100644
}
uint8_t *data = malloc(cl_size);
-@@ -41,15 +41,15 @@ generate_cert_list(cms_context *cms, void **cert_list,
+@@ -41,15 +41,15 @@ generate_cert_list(cms_context *cms, voi
*cert_list = (void *)data;
*cert_list_size = cl_size;
@@ -647,7 +649,7 @@ index 4b5ba45..4197a87 100644
}
return 0;
-@@ -62,12 +62,13 @@ implant_cert_list(Pe *pe, void *cert_list, size_t cert_list_size)
+@@ -62,12 +62,13 @@ implant_cert_list(Pe *pe, void *cert_lis
}
int
@@ -732,7 +734,7 @@ index 4b5ba45..4197a87 100644
{
cert_iter iter;
int rc = cert_iter_init(&iter, pe);
-@@ -238,8 +267,8 @@ parse_signatures(cms_context *cms, Pe *pe)
+@@ -238,8 +267,8 @@ parse_signatures(cms_context *cms, Pe *p
}
if (nsigs == 0) {
@@ -743,7 +745,7 @@ index 4b5ba45..4197a87 100644
return 0;
}
-@@ -271,8 +300,8 @@ parse_signatures(cms_context *cms, Pe *pe)
+@@ -271,8 +300,8 @@ parse_signatures(cms_context *cms, Pe *p
i++;
}
@@ -754,10 +756,10 @@ index 4b5ba45..4197a87 100644
return 0;
err:
-diff --git a/src/wincert.h b/src/wincert.h
-index 4309915..ed7e15c 100644
---- a/src/wincert.h
-+++ b/src/wincert.h
+Index: pesign-0.99/src/wincert.h
+===================================================================
+--- pesign-0.99.orig/src/wincert.h
++++ pesign-0.99/src/wincert.h
@@ -32,8 +32,6 @@ typedef struct win_certificate {
uint16_t cert_type;
} win_certificate;
@@ -767,7 +769,7 @@ index 4309915..ed7e15c 100644
typedef struct cert_iter {
Pe *pe;
off_t n;
-@@ -45,6 +43,10 @@ extern int cert_iter_init(cert_iter *iter, Pe *pe);
+@@ -45,6 +43,10 @@ extern int cert_iter_init(cert_iter *ite
extern int next_cert(cert_iter *iter, void **cert, ssize_t *cert_size);
extern ssize_t available_cert_space(Pe *pe);
extern ssize_t calculate_signature_space(cms_context *cms, Pe *pe);
diff --git a/pesign.changes b/pesign.changes
index f94f955..d028f15 100644
--- a/pesign.changes
+++ b/pesign.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Sat Feb 23 04:47:48 UTC 2013 - jlee@suse.com
+
+- Modified pesign-bnc805166-fix-signature-list.patch, block out the
+ source code for find/attach Issuer certificate
+ (bnc#805166 comment#13)
+
-------------------------------------------------------------------
Fri Feb 22 08:44:43 UTC 2013 - glin@suse.com
diff --git a/pesign.spec b/pesign.spec
index b02c2f6..76fe4b5 100644
--- a/pesign.spec
+++ b/pesign.spec
@@ -16,6 +16,7 @@
#
+
Name: pesign
Version: 0.99
Release: 0