Accepting request 156305 from Base:System

Update pesign-bnc805166-fix-signature-list.patch to skip the unneeded private key request. (bnc#805166c#17) (forwarded request 156290 from gary_lin)

OBS-URL: https://build.opensuse.org/request/show/156305
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pesign?expand=0&rev=7

pesign-bnc805166-fix-signature-list.patch

@@ -1,8 +1,7 @@
-commit 63c6ad572b3c1a7041dc581072421c2c94ff5d35
-Author: Gary Ching-Pang Lin <chingpang@gmail.com>
-Date:   Fri Feb 22 15:13:08 2013 +0800
-
-    Backport patches to fix signature list
+From 4956251d79904be08c4012fa06c14434f8e706ed Mon Sep 17 00:00:00 2001
+From: Gary Ching-Pang Lin <chingpang@gmail.com>
+Date: Fri, 22 Feb 2013 15:13:08 +0800
+Subject: [PATCH 1/2] Backport patches to fix signature list
 
 Get cms_context out of wincert functions.
 ee357451be9968cedda57ce13b103eb82c590e67
@@ -32,8 +31,23 @@ Date:   Fri Feb 22 15:13:08 2013 +0800
 8c3d82ceb5029bedfee1577682fec5ff3669ff3c
 
 Fix a casting problem on 32-bit.
-    
 9eb2814858270af2d7ecfbfa5ca131e7be2f9f53
+---
+ libdpe/pe_addcert.c    |    2 +-
+ libdpe/pe_updatefile.c |   13 ++++++-
+ src/actions.c          |   12 +------
+ src/actions.h          |    2 +-
+ src/cms_common.c       |   93 ++++++++++++++++++++++++++++++++++++++++++++++++
+ src/cms_common.h       |   32 ++++++++++++++++-
+ src/daemon.c           |    6 ++--
+ src/pesign.c           |   35 +++++++++++++++---
+ src/peverify.c         |    7 ++--
+ src/siglist.c          |   46 +++++++++++++++++++-----
+ src/siglist.h          |    3 +-
+ src/signed_data.c      |   53 +++++++++++++++++++++------
+ src/wincert.c          |   65 +++++++++++++++++++++++----------
+ src/wincert.h          |    8 +++--
+ 14 files changed, 312 insertions(+), 65 deletions(-)
 
 diff --git a/libdpe/pe_addcert.c b/libdpe/pe_addcert.c
 index e391242..b6ba969 100644
@@ -779,3 +793,33 @@ index 4309915..ed7e15c 100644
 +
  
  #endif /* PESIGN_WINCERT_H */
+-- 
+1.7.10.4
+
+
+From 8d86f6db19be98538fd5397a9de5f7d06733746e Mon Sep 17 00:00:00 2001
+From: Gary Ching-Pang Lin <chingpang@gmail.com>
+Date: Mon, 25 Feb 2013 10:43:09 +0800
+Subject: [PATCH 2/2] Don't request the private key in
+ find_named_certificate() when importing a raw signature
+
+---
+ src/cms_common.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/cms_common.c b/src/cms_common.c
+index 3b2e71a..642cc86 100644
+--- a/src/cms_common.c
++++ b/src/cms_common.c
+@@ -498,7 +498,7 @@ find_named_certificate(cms_context *cms, char *name, CERTCertificate **cert)
+ 	}
+ 
+ 	SECStatus status;
+-	if (PK11_NeedLogin(psle->slot) && !PK11_IsLoggedIn(psle->slot, pwdata)) {
++	if (!cms->privkey_unneeded && PK11_NeedLogin(psle->slot) && !PK11_IsLoggedIn(psle->slot, pwdata)) {
+ 		status = PK11_Authenticate(psle->slot, PR_TRUE, pwdata);
+ 		if (status != SECSuccess) {
+ 			PK11_DestroySlotListElement(slots, &psle);
+-- 
+1.7.10.4
+

pesign.changes

@@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Mon Feb 25 07:35:59 UTC 2013 - glin@suse.com
+
+- Update pesign-bnc805166-fix-signature-list.patch to skip the
+  unneeded private key request. (bnc#805166c#17)
+
+-------------------------------------------------------------------
+Sat Feb 23 04:47:48 UTC 2013 - jlee@suse.com
+
+- Modified pesign-bnc805166-fix-signature-list.patch, block out the
+  source code for find/attach Issuer certificate
+  (bnc#805166 comment#13)
+
 -------------------------------------------------------------------
 Fri Feb 22 08:44:43 UTC 2013 - glin@suse.com