Accepting request 156305 from Base:System

Update pesign-bnc805166-fix-signature-list.patch to skip the unneeded private key request. (bnc#805166c#17) (forwarded request 156290 from gary_lin) OBS-URL: https://build.opensuse.org/request/show/156305 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pesign?expand=0&rev=7
2013-02-25 20:41:14 +00:00 · 2013-02-25 20:41:14 +00:00 · 133eb201e2
commit 133eb201e2
parent 3634789a87 ed0b396886
2 changed files with 92 additions and 35 deletions
--- a/pesign-bnc805166-fix-signature-list.patch
+++ b/pesign-bnc805166-fix-signature-list.patch
@ -1,39 +1,53 @@
-commit 63c6ad572b3c1a7041dc581072421c2c94ff5d35
-Author: Gary Ching-Pang Lin <chingpang@gmail.com>
-Date:   Fri Feb 22 15:13:08 2013 +0800
+From 4956251d79904be08c4012fa06c14434f8e706ed Mon Sep 17 00:00:00 2001
+From: Gary Ching-Pang Lin <chingpang@gmail.com>
+Date: Fri, 22 Feb 2013 15:13:08 +0800
+Subject: [PATCH 1/2] Backport patches to fix signature list

-    Backport patches to fix signature list
+Get cms_context out of wincert functions.
+ee357451be9968cedda57ce13b103eb82c590e67

-    Get cms_context out of wincert functions.
-    ee357451be9968cedda57ce13b103eb82c590e67
+Rework siglist to be somewhat more useful.
+a5ec0d2cd06dec0961fc3fed680e7e385dc5bec8

-    Rework siglist to be somewhat more useful.
-    a5ec0d2cd06dec0961fc3fed680e7e385dc5bec8
+Don't allow our signature list iterator to walk off the end of the file.
+18980866e7952100d98510297c0e1cc25fca8fc8

-    Don't allow our signature list iterator to walk off the end of the file.
-    18980866e7952100d98510297c0e1cc25fca8fc8
+Include old signatures in new space calculations.
+77d334d77435d64e88fcc772b5b58440b394584a

-    Include old signatures in new space calculations.
-    77d334d77435d64e88fcc772b5b58440b394584a
+Make implanting extracted certificates work again.
+5ceddd2f80dfea70d211236190943746c2d2f77b

-    Make implanting extracted certificates work again.
-    5ceddd2f80dfea70d211236190943746c2d2f77b
+Add error handling macros to make code simpler.
+0bafa814b49a9556550cfbc373e0ea5b9edb929e

-    Add error handling macros to make code simpler.
-    0bafa814b49a9556550cfbc373e0ea5b9edb929e
+Add is_issuer_of(cert, cert) helper function.
+7750aaeceb2655807788f8e45417e84cb5404a8e

-    Add is_issuer_of(cert, cert) helper function.
-    7750aaeceb2655807788f8e45417e84cb5404a8e
+Add "find_named_certificate()" helper function.
+c89c8dbf7929f8f8f36bc1c4045fcc17d5ce7e5c

-    Add "find_named_certificate()" helper function.
-    c89c8dbf7929f8f8f36bc1c4045fcc17d5ce7e5c
+Make generate_certificate_list include the issuing certificate.
+8c3d82ceb5029bedfee1577682fec5ff3669ff3c

-    Make generate_certificate_list include the issuing certificate.
-    8c3d82ceb5029bedfee1577682fec5ff3669ff3c
-    
-    Fix a casting problem on 32-bit.
-    
-    9eb2814858270af2d7ecfbfa5ca131e7be2f9f53
+Fix a casting problem on 32-bit.
+9eb2814858270af2d7ecfbfa5ca131e7be2f9f53
+---
+ libdpe/pe_addcert.c    |    2 +-
+ libdpe/pe_updatefile.c |   13 ++++++-
+ src/actions.c          |   12 +------
+ src/actions.h          |    2 +-
+ src/cms_common.c       |   93 ++++++++++++++++++++++++++++++++++++++++++++++++
+ src/cms_common.h       |   32 ++++++++++++++++-
+ src/daemon.c           |    6 ++--
+ src/pesign.c           |   35 +++++++++++++++---
+ src/peverify.c         |    7 ++--
+ src/siglist.c          |   46 +++++++++++++++++++-----
+ src/siglist.h          |    3 +-
+ src/signed_data.c      |   53 +++++++++++++++++++++------
+ src/wincert.c          |   65 +++++++++++++++++++++++----------
+ src/wincert.h          |    8 +++--
+ 14 files changed, 312 insertions(+), 65 deletions(-)

 diff --git a/libdpe/pe_addcert.c b/libdpe/pe_addcert.c
 index e391242..b6ba969 100644
@ -779,3 +793,33 @@ index 4309915..ed7e15c 100644
 +
 
 #endif /* PESIGN_WINCERT_H */
+-- 
+1.7.10.4
+
+
+From 8d86f6db19be98538fd5397a9de5f7d06733746e Mon Sep 17 00:00:00 2001
+From: Gary Ching-Pang Lin <chingpang@gmail.com>
+Date: Mon, 25 Feb 2013 10:43:09 +0800
+Subject: [PATCH 2/2] Don't request the private key in
+ find_named_certificate() when importing a raw signature
+
+---
+ src/cms_common.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/cms_common.c b/src/cms_common.c
+index 3b2e71a..642cc86 100644
+--- a/src/cms_common.c
+++ b/src/cms_common.c
+@@ -498,7 +498,7 @@ find_named_certificate(cms_context *cms, char *name, CERTCertificate **cert)
+ 	}
+ 
+ 	SECStatus status;
+-	if (PK11_NeedLogin(psle->slot) && !PK11_IsLoggedIn(psle->slot, pwdata)) {
+	if (!cms->privkey_unneeded && PK11_NeedLogin(psle->slot) && !PK11_IsLoggedIn(psle->slot, pwdata)) {
+ 		status = PK11_Authenticate(psle->slot, PR_TRUE, pwdata);
+ 		if (status != SECSuccess) {
+ 			PK11_DestroySlotListElement(slots, &psle);
+-- 
+1.7.10.4
+
--- a/pesign.changes
+++ b/pesign.changes
@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Mon Feb 25 07:35:59 UTC 2013 - glin@suse.com
+
+- Update pesign-bnc805166-fix-signature-list.patch to skip the
+  unneeded private key request. (bnc#805166c#17)
+
+-------------------------------------------------------------------
+Sat Feb 23 04:47:48 UTC 2013 - jlee@suse.com
+
+- Modified pesign-bnc805166-fix-signature-list.patch, block out the
+  source code for find/attach Issuer certificate
+  (bnc#805166 comment#13)
+
 -------------------------------------------------------------------
 Fri Feb 22 08:44:43 UTC 2013 - glin@suse.com