diff --git a/pesign-digestdata.diff b/pesign-digestdata.diff new file mode 100644 index 0000000..be7b1f8 --- /dev/null +++ b/pesign-digestdata.diff @@ -0,0 +1,128 @@ +--- src/cms_common.c.orig 2013-01-18 14:32:01.000000000 +0000 ++++ src/cms_common.c 2013-01-18 14:34:25.000000000 +0000 +@@ -155,6 +155,7 @@ cms_context_init(cms_context *cms) + } + + cms->selected_digest = -1; ++ cms->digestdatafd = -1; + + return 0; + } +@@ -746,6 +747,11 @@ generate_digest_step(cms_context *cms, v + { + for (int i = 0; i < n_digest_params; i++) + PK11_DigestOp(cms->digests[i].pk11ctx, data, len); ++ if (cms->digestdatafd >= 0 && len != 0) { ++ if (write(cms->digestdatafd, data, len) != len) { ++ cms->log(cms, LOG_ERR, "digestdata write: %m"); ++ } ++ } + } + + int +--- src/cms_common.h.orig 2013-01-18 14:31:32.000000000 +0000 ++++ src/cms_common.h 2013-01-18 14:31:54.000000000 +0000 +@@ -59,6 +59,8 @@ typedef struct cms_context { + + cms_common_logger log; + void *log_priv; ++ ++ int digestdatafd; + } cms_context; + + typedef struct { +--- src/pesign.c.orig 2013-01-18 14:20:47.000000000 +0000 ++++ src/pesign.c 2013-01-18 14:35:03.000000000 +0000 +@@ -177,6 +177,24 @@ open_output(pesign_context *ctx) + } + + static void ++open_digestdata(pesign_context *ctx) ++{ ++ ctx->digestdatafd = open(ctx->digestdatafile, O_RDWR|O_CREAT|O_TRUNC|O_CLOEXEC, ++ 0666); ++ if (ctx->digestdatafd < 0) { ++ fprintf(stderr, "pesign: Error opening digest data file: %m\n"); ++ exit(1); ++ } ++} ++ ++static void ++close_digestdata(pesign_context *ctx) ++{ ++ close(ctx->digestdatafd); ++ ctx->digestdatafd = -1; ++} ++ ++static void + open_rawsig_input(pesign_context *ctx) + { + if (!ctx->rawsig) { +@@ -461,6 +479,7 @@ main(int argc, char *argv[]) + {"sign", 's', POPT_ARG_VAL, &ctxp->sign, 1, + "create a new signature", NULL }, + {"hash", 'h', POPT_ARG_VAL, &ctxp->hash, 1, "hash binary", NULL }, ++ {"digestdata", 'H', POPT_ARG_STRING, &ctxp->digestdatafile, 0, "write digest data in file", ""}, + {"digest_type", 'd', POPT_ARG_STRING|POPT_ARGFLAG_SHOW_DEFAULT, + &digest_name, 0, "digest type to use for pe hash" }, + {"import-signed-certificate", 'm', +@@ -623,7 +642,7 @@ main(int argc, char *argv[]) + } + } + +- if (ctxp->hash) ++ if (ctxp->hash || ctxp->digestdatafile) + action |= GENERATE_DIGEST|PRINT_DIGEST; + + ssize_t sigspace = 0; +@@ -748,7 +767,15 @@ main(int argc, char *argv[]) + break; + case GENERATE_DIGEST|PRINT_DIGEST: + open_input(ctxp); ++ if (ctxp->digestdatafile) { ++ open_digestdata(ctxp); ++ ctxp->cms_ctx->digestdatafd = ctxp->digestdatafd; ++ } + generate_digest(ctxp->cms_ctx, ctxp->inpe); ++ if (ctxp->digestdatafile) { ++ close_digestdata(ctxp); ++ ctxp->cms_ctx->digestdatafd = -1; ++ } + print_digest(ctxp); + break; + /* generate a signature and save it in a separate file */ +--- src/pesign_context.c.orig 2013-01-18 14:30:08.000000000 +0000 ++++ src/pesign_context.c 2013-01-18 14:30:55.000000000 +0000 +@@ -68,6 +68,8 @@ pesign_context_init(pesign_context *ctx) + ctx->outkeyfd = -1; + ctx->outcertfd = -1; + ++ ctx->digestdatafd = -1; ++ + ctx->signum = -1; + + ctx->ascii = 0; +@@ -165,6 +167,11 @@ pesign_context_fini(pesign_context *ctx) + ctx->infd = -1; + } + ++ if (ctx->digestdatafd >= 0) { ++ close(ctx->digestdatafd); ++ ctx->digestdatafd = -1; ++ } ++ + ctx->signum = -1; + + if (!(ctx->flags & PESIGN_C_ALLOCATED)) +--- src/pesign_context.h.orig 2013-01-18 14:23:14.000000000 +0000 ++++ src/pesign_context.h 2013-01-18 14:29:52.000000000 +0000 +@@ -67,6 +67,9 @@ typedef struct { + int ascii; + int sign; + int hash; ++ ++ int digestdatafd; ++ char *digestdatafile; + } pesign_context; + + extern int pesign_context_new(pesign_context **ctx); diff --git a/pesign.changes b/pesign.changes index 50e173e..2532fda 100644 --- a/pesign.changes +++ b/pesign.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon Jan 21 10:17:28 UTC 2013 - glin@suse.com + +- Add pesign-digestdata.diff to generate digestdata (FATE#314552) + ------------------------------------------------------------------- Wed Dec 12 13:18:40 UTC 2012 - fcrozat@suse.com diff --git a/pesign.spec b/pesign.spec index 4c1001b..abd5276 100644 --- a/pesign.spec +++ b/pesign.spec @@ -1,7 +1,7 @@ # # spec file for package pesign # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,14 +16,13 @@ # - Name: pesign Version: 0.99 -Release: 1 -License: GPL-2.0 +Release: 0 Summary: Signing tool for PE-COFF binaries -Url: https://github.com/vathpela/pesign +License: GPL-2.0 Group: Productivity/Security +Url: https://github.com/vathpela/pesign Source: %{name}-%{version}.tar.bz2 # PATCH-FIX-UPSTREAM pesign-upstream-fixes.patch glin@suse.com -- fixes from upstream Patch0: pesign-upstream-fixes.patch @@ -37,9 +36,11 @@ Patch3: pesign-client-initialize-action.patch Patch4: pesign-client-read-pin-file.patch # PATCH-FIX-UPSTREAM pesign-local-database.patch glin@suse.com -- Support local certificate database Patch5: pesign-local-database.patch +# PATCH-FIX-UPSTREAM pesign-digestdata.diff glin@suse.com -- Generate digestdata +Patch6: pesign-digestdata.diff BuildRequires: mozilla-nss-devel -BuildRequires: popt-devel BuildRequires: pkg-config +BuildRequires: popt-devel %if 0%{?suse_version} > 1140 BuildRequires: pkgconfig(systemd) %{?systemd_requires} @@ -68,6 +69,7 @@ Authors: %patch3 -p1 %patch4 -p1 %patch5 -p1 +%patch6 -p0 %build make OPTFLAGS="$RPM_OPT_FLAGS"