forked from pool/pesign
562df69a6c
- Add pesign-bsc1221694-fix-reversed-calloc-arguments.patch to fix the parameters for calloc() (bsc#1221694) OBS-URL: https://build.opensuse.org/request/show/1159787 OBS-URL: https://build.opensuse.org/package/show/Base:System/pesign?expand=0&rev=81
567 lines
21 KiB
Plaintext
567 lines
21 KiB
Plaintext
-------------------------------------------------------------------
|
|
Wed Mar 20 08:44:54 UTC 2024 - Gary Ching-Pang Lin <glin@suse.com>
|
|
|
|
- Add pesign-bsc1221694-fix-reversed-calloc-arguments.patch to
|
|
fix the parameters for calloc() (bsc#1221694)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 2 03:20:49 UTC 2023 - Gary Ching-Pang Lin <glin@suse.com>
|
|
|
|
- Add the Provides tag for the files moved to pesign-systemd
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Nov 1 08:27:33 UTC 2023 - Gary Ching-Pang Lin <glin@suse.com>
|
|
|
|
- Move rcpesign and %{_tmpfilesdir}/pesign.conf to pesign-systemd
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Oct 6 13:13:09 UTC 2023 - Dan Čermák <dcermak@suse.com>
|
|
|
|
- Create pesign-systemd subpackage to remove systemd dependency
|
|
(jsc#PED-7256)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Feb 22 08:05:20 UTC 2023 - Gary Ching-Pang Lin <glin@suse.com>
|
|
|
|
- Update to 116
|
|
+ daemon: remove always-true comparison
|
|
+ pesum - add a new tool to the shed
|
|
+ Fix building signed kernels on setups other than koji
|
|
+ Add -D_GLIBCXX_ASSERTIONS to CPPFLAGS
|
|
+ macros.pesign: handle centos like rhel with --rhelver
|
|
+ Detect the presence of rpm-sign when checking for "rhel"-ness
|
|
+ Fix typo in efikeygen command
|
|
+ pesigcheck: Fix crash on digest match
|
|
+ cms: store digest as pointer instead of index
|
|
+ Fix mandoc invocation to not produce garbage
|
|
+ Password fixes
|
|
+ Re-work CMS's selected_digest again...
|
|
+ src/certs/make-certs: delete the duplicate codes
|
|
+ Free resources if certification cannot be found
|
|
+ macros: drop %{_pesign_args}
|
|
+ Fix two bugs from package building
|
|
+ Fix bad free of cms data (DoS only)
|
|
+ Send pesign stdout/err to systemd journal
|
|
+ Add missing Install section
|
|
+ Add default packages for pkg-config
|
|
+ Short delay to ensure /run/pesign/socket exists
|
|
+ Resolve crash when signature that is removed is not the end of
|
|
the list
|
|
+ Enhance error diagnostics about version mismatch
|
|
+ Upstream all Fedora changes
|
|
+ Add some hardening options to build
|
|
+ Add code of conduct
|
|
+ Fix build on gcc 12 and non-Fedora
|
|
- Add BuildRequires efivar-devel >= 38 for efisec.h
|
|
+ efisiglist is replaced by efisecdb in efivar 38
|
|
- Add BuildRequires mandoc to generate the manpages
|
|
- Replace pesign-privkey_unneeded.diff with
|
|
pesign-skip-auth-on-friendly-slot.patch to avoid the unnecessary
|
|
authentication
|
|
- Add pesign-fix-cert-match-check.patch to fix the subject name
|
|
matching
|
|
- Add pesign-fix-efikeygen-segfault.patch to fix the potential
|
|
crash when executing efikeygen
|
|
- Add pesign-bsc1202933-Remove-pesign-authorize.patch to remove
|
|
pesign-authorize completely (bsc#1202933)
|
|
- Refresh patches
|
|
+ harden_pesign.service.patch
|
|
+ pesign-boo1143063-remove-var-tracking.patch
|
|
+ pesign-boo1185663-set-rpmmacrodir.patch
|
|
+ pesign-fix-authvar-write-loop.patch
|
|
+ pesign-suse-build.patch
|
|
+ pesign-bsc1202933-Make-etc-pki-pesign-writeable.patch
|
|
- Remove upstreamed/unnecessary patches
|
|
+ pesign-boo1158197-fix-pesigncheck-gcc10.patch
|
|
+ pesign-efikeygen-Fix-the-build-with-nss-3.44.patch
|
|
+ pesign-run.patch
|
|
+ pesign-bsc1202933-Use-normal-file-permissions-instead-of-ACLs.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 7 07:37:20 UTC 2023 - Gary Ching-Pang Lin <glin@suse.com>
|
|
|
|
- Add pesign-bsc1202933-Use-normal-file-permissions-instead-of-ACLs.patch
|
|
to use the normal file permissions in pesign-authorize to avoid
|
|
the potential security issue (bsc#1202933, CVE-2022-3560)
|
|
- Set the libexecdir path for "make" to fix the path to
|
|
pesign-authorize in pesign.service (bsc#1202933)
|
|
- Add pesign-bsc1202933-Make-etc-pki-pesign-writeable.patch to make
|
|
the default NSS datebase writeable (bsc#1202933)
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Nov 11 10:54:08 UTC 2021 - Andreas Schwab <schwab@suse.de>
|
|
|
|
- Enable build on riscv64
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 9 15:01:59 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
|
|
|
|
- Change to systemd-sysusers
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Oct 19 05:58:37 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
|
|
|
|
- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
|
|
* harden_pesign.service.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 8 15:55:09 UTC 2021 - Wolfgang Frisch <wolfgang.frisch@suse.com>
|
|
|
|
- Link as Position Independent Executable (bsc#1184124).
|
|
|
|
-------------------------------------------------------------------
|
|
Fri May 7 01:38:34 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
|
|
|
|
- Stop marking macros.pesign as %config
|
|
|
|
-------------------------------------------------------------------
|
|
Thu May 6 09:22:38 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
|
|
|
|
- Add pesign-boo1185663-set-rpmmacrodir.patch to set the rpm macro
|
|
directory at build time (boo#1185663)
|
|
+ Also set rpmmacrodir when installing files
|
|
- Remove "make install" since "make install_systemd" invokes
|
|
"make install" automatically
|
|
|
|
-------------------------------------------------------------------
|
|
Tue May 5 12:42:15 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
|
|
|
|
- Use %_tmpfilesdir instead of %{_libexecdir}/tmpfiles.d.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Dec 4 02:38:05 UTC 2019 - Gary Ching-Pang Lin <glin@suse.com>
|
|
|
|
- Add pesign-boo1158197-fix-pesigncheck-gcc10.patch to remove the
|
|
superfluous type settings in pesigcheck to fix the gcc10 errors
|
|
(boo#1158197)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jul 31 03:26:37 UTC 2019 - Gary Ching-Pang Lin <glin@suse.com>
|
|
|
|
- Add pesign-boo1143063-remove-var-tracking.patch to remove
|
|
var-tracking from the default CFLAGS (boo#1143063)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jul 11 09:00:21 UTC 2019 - Gary Ching-Pang Lin <glin@suse.com>
|
|
|
|
- Add pesign-efikeygen-Fix-the-build-with-nss-3.44.patch to fix
|
|
the compilation error when building with NSS 3.44
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Jun 2 07:01:51 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
|
|
|
|
- Trim conjecture from description.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon May 13 03:57:30 UTC 2019 - Gary Ching-Pang Lin <glin@suse.com>
|
|
|
|
- Update to 113
|
|
+ Get rid of the 0.Y versioning
|
|
+ Make --padding the default
|
|
+ Add kmod signing (drake)
|
|
+ efisiglist format fixes
|
|
+ enforce the use of --kernel or --module in efikeygen
|
|
+ RPM macro updates
|
|
+ Move the license to GPLv3+
|
|
+ Use sql-type NSS database by default
|
|
+ Various documentation improvements.
|
|
+ Improve /etc/pki/pesign authorization scripts
|
|
+ Various pesigcheck improvements
|
|
+ Fix wrong oid offsets (bsc#1205323)
|
|
- Refresh patches
|
|
+ pesign-suse-build.patch
|
|
+ pesign-privkey_unneeded.diff
|
|
+ pesign-fix-authvar-write-loop.patch
|
|
- Drop upstreamed patches
|
|
+ pesign-fix-argument-list.patch
|
|
+ pesign-bsc1087742-fix-efisiglist.patch
|
|
- Drop pesign-fix-build-errors.patch since those warnings are gone
|
|
|
|
-------------------------------------------------------------------
|
|
Thu May 9 12:25:31 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org>
|
|
|
|
- Enable build on %arm as we can sign kernel on %arm (boo#1134670)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Apr 26 11:12:46 UTC 2019 - mvetter@suse.com
|
|
|
|
- bsc#1130588: Require shadow instead of old pwdutils
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Apr 2 09:37:36 UTC 2018 - glin@suse.com
|
|
|
|
- Add pesign-bsc1087742-fix-efisiglist.patch to fix the generation
|
|
of efi signature list. (bsc#1087742)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 11 03:22:18 UTC 2016 - glin@suse.com
|
|
|
|
- Add pesign-fix-argument-list.patch to fix the argument list
|
|
parsing
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Apr 21 09:36:23 UTC 2016 - glin@suse.com
|
|
|
|
- Update to 0.112
|
|
- Refresh patches: pesign-suse-build.patch and pesign-run.patch
|
|
- Drop upstreamed pesign-fix-signness.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 10 07:59:48 UTC 2015 - glin@suse.com
|
|
|
|
- Update to 0.111
|
|
- Add pesign-fix-signness.patch to fix the signness comparison
|
|
- Drop upstreamed patches
|
|
+ pesign-efivar-pkgconfig.patch
|
|
+ pesign-make-efi_guid_t-const.patch
|
|
+ pesign-fix-import-sig-check.patch
|
|
+ pesign-install-supplementary-programs.patch
|
|
- Refresh pesign-suse-build.patch, pesign-privkey_unneeded.diff,
|
|
and pesign-run.patch
|
|
- Update pesign-fix-build-errors.patch
|
|
- Merge use-standard-pid-location.patch into pesign-run.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 1 06:11:06 UTC 2015 - dimstar@opensuse.org
|
|
|
|
- Do not buildrequire systemd: it conflicts with systemd-mini,
|
|
which is pulled in by systemd-mini-devel (due to BuildRequires:
|
|
pkgconfig(systemd).
|
|
- As we lack systemd-tmpfiles in the build env, we ignore the
|
|
errors cast in the %post scriptlet.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 14 07:45:31 UTC 2015 - mpluskal@suse.com
|
|
|
|
- Update project url
|
|
- Use url for download
|
|
- Add rcpesign symlink
|
|
- Tiny spec file cleanup with spec-cleaner
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jul 13 11:07:10 UTC 2015 - werner@suse.de
|
|
|
|
- Make it build, tool systemd-tmpfiles is part of systemd
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 16 06:52:21 UTC 2015 - glin@suse.com
|
|
|
|
- Add pesign-efivar-pkgconfig.patch to get the efivar compiler
|
|
parameters from pkg-confg
|
|
- Add pesign-make-efi_guid_t-const.patch to avoid the error from
|
|
gcc
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Nov 26 09:46:50 UTC 2014 - glin@suse.com
|
|
|
|
- Add pesign-fix-import-sig-check.patch to fix the signature size
|
|
check while importing a signature
|
|
- Amend the spec file with spec-cleaner
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Oct 31 07:16:40 UTC 2014 - glin@suse.com
|
|
|
|
- Update pesign-suse-build.patch to set LIBDIR for AArch64
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Oct 28 08:47:34 UTC 2014 - glin@suse.com
|
|
|
|
- Update to version 0.110
|
|
- Add pesign-fix-authvar-write-loop.patch to fix the write loop in
|
|
authvar
|
|
- Add pesign-install-supplementary-programs.patch to install the
|
|
supplementary programs
|
|
- Refresh patches
|
|
+ pesign-fix-build-errors.patch
|
|
+ pesign-run.patch
|
|
+ pesign-suse-build.patch
|
|
- Drop upstreamed patches
|
|
+ pesign-clear-padding-bits.patch
|
|
+ pesign-enable-supplementary-programs.patch
|
|
+ pesign-no-db.patch
|
|
- Enable aarch64
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jul 1 06:46:13 UTC 2014 - glin@suse.com
|
|
|
|
- Update pesign-enable-supplementary-programs.patch to fix write
|
|
loop
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jun 12 02:47:55 UTC 2014 - glin@suse.com
|
|
|
|
- Add pesign-enable-supplementary-programs.patch to fix and enable
|
|
the supplementary programs: pesigcheck, authvar, efisiglist
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Apr 16 07:12:05 UTC 2014 - aj@suse.com
|
|
|
|
- Add pesign-run.patch: Use /run instead of /var/run (bnc#873857).
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jan 31 08:49:12 UTC 2014 - lnussel@suse.de
|
|
|
|
- mark dir in /var/run as %ghost
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 7 09:17:04 UTC 2013 - glin@suse.com
|
|
|
|
- Add pesign-no-db.patch to allow some commands to proceed without
|
|
a NSS database.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 24 03:14:05 UTC 2013 - glin@suse.com
|
|
|
|
- Revert the dowload Url since it's not valid
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Oct 22 11:18:39 UTC 2013 - p.drouand@gmail.com
|
|
|
|
- Update to version 0.109
|
|
- Remove sysvinit related old stuff
|
|
- Remove redundant %clean section
|
|
- Add use-standard-pid-location.patch
|
|
Use the good location to stock pidfile
|
|
- Use download Url as source
|
|
- Rebase pesign-suse-build.patch to upstream changes as it has been
|
|
partially merged on upstream
|
|
- Remove pesign-allow-no-issuer-cert.patch; fixed on upstream
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jul 18 06:54:19 UTC 2013 - glin@suse.com
|
|
|
|
- Add pesign-allow-no-issuer-cert.patch to avoid crash when the
|
|
issuer's certificate is not available
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jul 9 04:44:44 UTC 2013 - glin@suse.com
|
|
|
|
- Update to 0.106
|
|
- Add pesign-clear-padding-bits.patch to clear the padding bits
|
|
- Rebase patches:
|
|
+ pesign-suse-build.patch
|
|
+ pesign-fix-build-errors.patch
|
|
+ pesign-privkey_unneeded.diff
|
|
- Drop upstreamed patches
|
|
+ pesign-client-initialize-action.patch
|
|
+ pesign-bnc808594-align-signatures.patch
|
|
+ pesign-upstream-fixes.patch
|
|
+ pesign-fix-export-attributes.patch
|
|
+ pesign-no-set-image-size.patch
|
|
+ pesign-client-read-pin-file.patch
|
|
+ pesign-local-database.patch
|
|
+ pesign-bnc801653-teardown-segfault.patch
|
|
+ pesign-bnc805166-fix-signature-list.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 26 06:21:15 UTC 2013 - glin@suse.com
|
|
|
|
- Add pesign-bnc808594-align-signatures.patch to align signatures
|
|
(bnc#808594, bnc#811325)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Mar 1 03:04:35 UTC 2013 - glin@suse.com
|
|
|
|
- Update pesign-bnc805166-fix-signature-list.patch to avoid the
|
|
potential crash when inserting a signature (bnc#805166)
|
|
- Add pwdutils to PreReq
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Feb 25 07:35:59 UTC 2013 - glin@suse.com
|
|
|
|
- Update pesign-bnc805166-fix-signature-list.patch to skip the
|
|
unneeded private key request. (bnc#805166c#17)
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Feb 23 04:47:48 UTC 2013 - jlee@suse.com
|
|
|
|
- Modified pesign-bnc805166-fix-signature-list.patch, block out the
|
|
source code for find/attach Issuer certificate
|
|
(bnc#805166 comment#13)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 22 08:44:43 UTC 2013 - glin@suse.com
|
|
|
|
- Add pesign-bnc805166-fix-signature-list.patch to fix the broken
|
|
signature list when inserting signature into a signed EFI binary
|
|
(bnc#805166)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 12 15:32:11 CET 2013 - mls@suse.de
|
|
|
|
- do not try to recalculate the image size, it is included in the
|
|
hash and therefore must not change.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Feb 6 10:44:48 UTC 2013 - glin@suse.com
|
|
|
|
- Merge patches for FATE#314552
|
|
+ pesign-fix-export-attributes.patch: fix crash when exporting
|
|
the signed attributes
|
|
+ pesign-privkey_unneeded.diff: Don't check the private key when
|
|
importing the raw signature
|
|
- Add pesign-bnc801653-teardown-segfault.patch to fix crash when
|
|
freeing digests (bnc801653)
|
|
- Drop pesign-digestdata.diff which is no longer needed.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 21 10:17:28 UTC 2013 - glin@suse.com
|
|
|
|
- Add pesign-digestdata.diff to generate digestdata (FATE#314552)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Dec 12 13:18:40 UTC 2012 - fcrozat@suse.com
|
|
|
|
- Don't call sysv RPM post/pre macros when building for systemd
|
|
- Ship rcpesign for systemd, link to /sbin/service
|
|
- Update pesign-suse-build.patch to allow change systemd unit
|
|
install directory.
|
|
- Don't hardcode systemd unit directory, since it changed in
|
|
Factory.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Dec 11 07:10:04 UTC 2012 - glin@suse.com
|
|
|
|
- Add Requires: pwdutils
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Nov 28 07:42:09 UTC 2012 - glin@suse.com
|
|
|
|
- Add pesign-local-database.patch to support the local certificate
|
|
database
|
|
- Amend the spec file to build on openSUSE:Factory
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 8 06:32:32 UTC 2012 - glin@suse.com
|
|
|
|
- Version bump to 0.99 (FATE#314484)
|
|
+ Add documentation for --daemonize and --nofork
|
|
+ Make popt aliases work
|
|
+ Add documentation for pesign-client
|
|
+ Add --pinfd and --pinfile to the client
|
|
- Update pesign-suse-build.patch and pesign-fix-build-errors.patch
|
|
- Add pesign-upstream-fixes.patch to backport fixes from git head
|
|
and add sysvinit script
|
|
- Add pesign-client-initialize-action.patch to initialize client
|
|
action to avoid undetermined flags.
|
|
- Add pesign-client-read-pin-file.patch to fix pin file reading
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Oct 15 09:33:19 UTC 2012 - glin@suse.com
|
|
|
|
- Version bump to 0.98
|
|
+ close the socket immediately on invalid input
|
|
+ Slightly better error messages
|
|
+ Log an error if digest initialization fails
|
|
+ Add systemd bits for pesignd
|
|
+ Add actual signing code to the daemon
|
|
+ Add input and output setup for sign functionality in the daemon
|
|
+ Audit allocation of CERTCertificateList/PK11SlotList and
|
|
friends
|
|
+ Fix memory leaks
|
|
- Refresh pesign-suse-build.patch and pesign-fix-build-errors.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Aug 13 06:50:35 UTC 2012 - glin@suse.com
|
|
|
|
- Version bump to 0.9
|
|
+ Add NSS "token" support for smartcards.
|
|
+ Allocate space for the section header variable
|
|
- Refresh pesign-fix-build-errors.patch to fix the warning
|
|
- Drop upstreamed pesign-allocate-shdr.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 10 10:12:53 UTC 2012 - glin@suse.com
|
|
|
|
- Add pesign-allocate-shdr.patch to allocate space for the section
|
|
header variable
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 9 03:53:45 UTC 2012 - glin@suse.com
|
|
|
|
- Version bump to 0.8
|
|
+ Don't open the DB r/w, read-only is fine.
|
|
+ Attempt to do a better job setting the image size.
|
|
+ Emit correct OID for encryption type.
|
|
- Drop pesign-fix-image-size.patch which is already in 0.8
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 7 03:03:17 UTC 2012 - glin@suse.com
|
|
|
|
- Add upstream patch pesign-fix-image-size.patch to set the image
|
|
size correctly.
|
|
- Drop pesign-elilo-workaround.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Aug 6 08:03:05 UTC 2012 - glin@suse.com
|
|
|
|
- Version bump to 0.7
|
|
+ Fix incorrect initialization error in (undocumented) -e option.
|
|
+ Use SEC_OID_PKCS1_RSA_ENCRYPTION like MS
|
|
+ Initialize the index variable of loop
|
|
+ Adjust the buffer size to avoid overflow
|
|
+ Make sure pe_populatecert() always returns a value
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jul 23 08:49:13 UTC 2012 - glin@suse.com
|
|
|
|
- Add pesign-elilo-workaround.patch to workaround the section
|
|
header corruption in some EFI image (elilo for example)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jul 23 03:32:18 UTC 2012 - glin@suse.com
|
|
|
|
- Add pesign-fix-build-errors.patch to fix build error/warning
|
|
- Don't install the util efi images
|
|
- Fix the RPM_OPT_FLAGS warning
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jul 12 09:37:55 UTC 2012 - glin@suse.com
|
|
|
|
- Version bump to 0.5
|
|
+ Handle and report mremap() failure
|
|
+ Man page should be in section 1.
|
|
+ Add some basic signature list management.
|
|
+ Add some more efi-defined constants, flesh out efi_guid_t.
|
|
+ authver: Find a guid for 'namespace'.
|
|
+ Add some basic ucs2 functions :(
|
|
+ Support multiple signatures correctly.
|
|
+ Add ascii_to_ucs2()
|
|
+ Add file formats and some code for variables-on-disk.
|
|
+ Allow the memory map to move when we're allocating space in the
|
|
binary.
|
|
+ Remove extra call to ftruncate()
|
|
+ Adjust section addresses when we remap the pecoff binary.
|
|
+ Correctly set win_certificate.length to /include/
|
|
win_certificate.
|
|
+ Move certificate space iterator to wincert.c so other stuff can
|
|
get it.
|
|
+ Split allocating space for certs and filling it in.
|
|
+ Put the new signature into the cms ctx instead of keeping it
|
|
locally.
|
|
+ Actually calculate space and extend the file before hashing the
|
|
binary.
|
|
+ Bounds-check everything we're hashing so we don't segfault on a
|
|
bad bin.
|
|
- Add pesign-always-return-value.patch to fix
|
|
no-return-in-nonvoid-function
|
|
- Drop upsreamed patch pesign-mem-reallocation.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jun 29 07:08:11 UTC 2012 - glin@suse.com
|
|
|
|
- Add pesign-mem-reallocation.patch to fix crash when writing
|
|
signature
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 26 07:02:49 UTC 2012 - glin@suse.com
|
|
|
|
- Version bump to 0.3
|
|
+ it seems to generate working signatures
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jun 21 08:31:42 UTC 2012 - glin@suse.com
|
|
|
|
- New package pesign 0.2
|
|
|