From 7fdf2b121176d7a324708c40daa752a79247ca62 Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Tue, 26 Nov 2024 18:10:38 +0300 Subject: [PATCH] import pesign-116-5.el10 --- .gitignore | 2 + .pesign.metadata | 2 + ...-cms_common-Fixed-Segmentation-fault.patch | 27 + .../0002-Fix-reversed-calloc-arguments.patch | 41 ++ SOURCES/pesign.patches | 2 + SOURCES/pesign.py | 91 +++ SPECS/pesign.spec | 564 ++++++++++++++++++ 7 files changed, 729 insertions(+) create mode 100644 .gitignore create mode 100644 .pesign.metadata create mode 100644 SOURCES/0001-cms_common-Fixed-Segmentation-fault.patch create mode 100644 SOURCES/0002-Fix-reversed-calloc-arguments.patch create mode 100644 SOURCES/pesign.patches create mode 100644 SOURCES/pesign.py create mode 100644 SPECS/pesign.spec diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a9295ba --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +SOURCES/certs.tar.xz +SOURCES/pesign-116.tar.bz2 diff --git a/.pesign.metadata b/.pesign.metadata new file mode 100644 index 0000000..fc4ac65 --- /dev/null +++ b/.pesign.metadata @@ -0,0 +1,2 @@ +b6777cc78ca2d2f250f3142e97e17dd855bc9b88 SOURCES/certs.tar.xz +f11d00d08b55d0e6ca209c81adabad799832cd00 SOURCES/pesign-116.tar.bz2 diff --git a/SOURCES/0001-cms_common-Fixed-Segmentation-fault.patch b/SOURCES/0001-cms_common-Fixed-Segmentation-fault.patch new file mode 100644 index 0000000..4464ed0 --- /dev/null +++ b/SOURCES/0001-cms_common-Fixed-Segmentation-fault.patch @@ -0,0 +1,27 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Nicolas Frayer +Date: Mon, 20 Feb 2023 15:26:20 +0100 +Subject: [PATCH] cms_common: Fixed Segmentation fault + +When running efikeygen, the binary crashes with a segfault due +to dereferencing a **ptr instead of a *ptr. + +Signed-off-by: Nicolas Frayer +(cherry picked from commit 227435af461f38fc4abeafe02884675ad4b1feb4) +--- + src/cms_common.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/cms_common.c b/src/cms_common.c +index 24576f2..89d946a 100644 +--- a/src/cms_common.c ++++ b/src/cms_common.c +@@ -956,7 +956,7 @@ find_certificate_by_issuer_and_sn(cms_context *cms, + if (!ias) + cnreterr(-1, cms, "invalid issuer and serial number"); + +- return find_certificate_by_callback(cms, match_issuer_and_serial, &ias, cert); ++ return find_certificate_by_callback(cms, match_issuer_and_serial, ias, cert); + } + + int diff --git a/SOURCES/0002-Fix-reversed-calloc-arguments.patch b/SOURCES/0002-Fix-reversed-calloc-arguments.patch new file mode 100644 index 0000000..861993c --- /dev/null +++ b/SOURCES/0002-Fix-reversed-calloc-arguments.patch @@ -0,0 +1,41 @@ +From 1f9e2fa0b4d872fdd01ca3ba81b04dfb1211a187 Mon Sep 17 00:00:00 2001 +From: Stephen Gallagher +Date: Fri, 2 Feb 2024 09:32:48 -0500 +Subject: [PATCH] Fix reversed calloc() arguments + +The prototype is "void *calloc(size_t nelem, size_t elsize);" + +These two instances had them reversed, almost certainly leading to +buffer overflow issues. This was detected by +-Werror=calloc-transposed-args on gcc. + +Signed-off-by: Stephen Gallagher +--- + src/pesigcheck.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/pesigcheck.c b/src/pesigcheck.c +index 6dc67f76a81..8119cf10a7b 100644 +--- a/src/pesigcheck.c ++++ b/src/pesigcheck.c +@@ -240,7 +240,7 @@ check_signature(pesigcheck_context *ctx, int *nreasons, + + cert_iter iter; + +- reasonps = calloc(sizeof(struct reason), 512); ++ reasonps = calloc(512, sizeof(struct reason)); + if (!reasonps) + err(1, "check_signature"); + +@@ -281,7 +281,7 @@ check_signature(pesigcheck_context *ctx, int *nreasons, + + num_reasons += 16; + +- new_reasons = calloc(sizeof(struct reason), num_reasons); ++ new_reasons = calloc(num_reasons, sizeof(struct reason)); + if (!new_reasons) + err(1, "check_signature"); + reasonps = new_reasons; +-- +2.41.0 + diff --git a/SOURCES/pesign.patches b/SOURCES/pesign.patches new file mode 100644 index 0000000..fa7478f --- /dev/null +++ b/SOURCES/pesign.patches @@ -0,0 +1,2 @@ +Patch0001: 0001-cms_common-Fixed-Segmentation-fault.patch +Patch0002: 0002-Fix-reversed-calloc-arguments.patch diff --git a/SOURCES/pesign.py b/SOURCES/pesign.py new file mode 100644 index 0000000..4ee59f8 --- /dev/null +++ b/SOURCES/pesign.py @@ -0,0 +1,91 @@ +#!/usr/bin/python3 +# +# Copyright 2017 Peter Jones +# +# Distributed under terms of the GPLv3 license. + +""" +mock plugin to make sure pesign and mockbuild users have the right uid and +gid. +""" + +from mockbuild.trace_decorator import getLog, traceLog +import mockbuild.util + +requires_api_version = "1.1" + +@traceLog() +def init(plugins, conf, buildroot): + """ hello """ + Pesign(plugins, conf, buildroot) + +def getuid(name): + """ get a uid for a user name """ + output = mockbuild.util.do(["getent", "passwd", "%s" % (name,)], + returnOutput=1, printOutput=True) + output = output.split(':') + return output[2], output[3] + +def getgid(name): + """ get a gid for a group name """ + output = mockbuild.util.do(["getent", "group", "%s" % (name,)], + returnOutput=1, printOutput=True) + return output.split(':')[2] + +def newgroup(name, gid, rootdir): + """ create a group with a gid """ + getLog().info("creating group %s with gid %s" % (name, gid)) + mockbuild.util.do(["groupadd", + "-g", "%s" % (gid,), + "-R", "%s" % (rootdir,), + "%s" % (name,), + ]) + +def newuser(name, uid, gid, rootdir): + """ create a user with a uid """ + getLog().info("creating user %s with uid %s" % (name, uid)) + mockbuild.util.do(["useradd", + "-u", "%s" % (uid,), + "-g", "%s" % (gid,), + "-R", "%s" % (rootdir,), + "%s" % (name,)]) + +class Pesign(object): + """ Creates some stuff in our mock root """ + # pylint: disable=too-few-public-methods + @traceLog() + def __init__(self, plugins, conf, buildroot): + """ Effectively we're doing: + getent group pesign >/dev/null || groupadd -r pesign + getent passwd pesign >/dev/null || \ + useradd -r -g pesign -d /var/run/pesign -s /sbin/nologin \ + -c "Group for the pesign signing daemon" pesign + """ + + self.buildroot = buildroot + self.pesign_opts = conf + self.config = buildroot.config + self.state = buildroot.state + self.users = {} + self.groups = {} + plugins.add_hook("postinit", self._pesignPostInitHook) + + @traceLog() + def _pesignPostInitHook(self): + """ find our uid and gid lists """ + for user in self.pesign_opts['users']: + uid, gid = getuid(user) + self.users[user] = [user, uid, gid] + for group in self.pesign_opts['groups']: + gid = getgid(group) + self.groups[group] = [group, gid] + + # create our users + rootdir = self.buildroot.make_chroot_path() + for name, gid in self.groups.values(): + newgroup(name, gid, rootdir) + for name, uid, gid in self.users.values(): + newuser(name, uid, gid, rootdir) + +# -*- coding: utf-8 -*- +# vim:fenc=utf-8:tw=75 diff --git a/SPECS/pesign.spec b/SPECS/pesign.spec new file mode 100644 index 0000000..871debc --- /dev/null +++ b/SPECS/pesign.spec @@ -0,0 +1,564 @@ +%global macrosdir %(d=%{_rpmconfigdir}/macros.d; [ -d $d ] || d=%{_sysconfdir}/rpm; echo $d) + +# No. I have enough trouble already. +%undefine _auto_set_build_flags + +Name: pesign +Summary: Signing utility for UEFI binaries +Version: 116 +Release: 5%{?dist} +License: GPL-2.0-only +URL: https://github.com/rhboot/pesign + +Obsoletes: pesign-rh-test-certs <= 0.111-7 +BuildRequires: efivar-devel >= 38-1 +BuildRequires: gcc +BuildRequires: git +BuildRequires: libuuid-devel +BuildRequires: make +BuildRequires: mandoc +BuildRequires: nspr +BuildRequires: nspr-devel >= 4.9.2-1 +BuildRequires: nss +BuildRequires: nss-devel >= 3.13.6-1 +BuildRequires: nss-tools +BuildRequires: nss-util +BuildRequires: popt-devel +BuildRequires: python3 +BuildRequires: python3-rpm-macros +BuildRequires: tar +BuildRequires: xz +%if 0%{?rhel} >= 7 || 0%{?fedora} >= 17 +BuildRequires: systemd-rpm-macros +%endif +Requires: nspr +Requires: nss +Requires: nss-tools >= 3.53 +Requires: nss-util +Requires: popt +Requires: rpm +Requires(pre): shadow-utils +ExclusiveArch: %{ix86} x86_64 ia64 aarch64 %{arm} riscv64 +%if 0%{?rhel} == 7 +BuildRequires: rh-signing-tools >= 1.20-2 +%endif + +Source0: https://github.com/rhboot/pesign/releases/download/%{version}/pesign-%{version}.tar.bz2 +Source1: certs.tar.xz +Source2: pesign.py +Source3: pesign.patches + +# generate with tool +%include %{SOURCE3} + +%description +This package contains the pesign utility for signing UEFI binaries as +well as other associated tools. + +%prep +%setup -q -T -b 0 +%setup -q -T -D -c -n pesign-%{version}/ -a 1 +git init +git config user.email "pesign-owner@fedoraproject.org" +git config user.name "Fedora Ninjas" +git add . +git commit -a -q -m "%{version} baseline." +git am %{patches} = 7 || 0%{?fedora} >= 17 +make PREFIX=%{_prefix} LIBDIR=%{_libdir} INSTALLROOT=%{buildroot} \ + install_systemd +%endif + +# there's some stuff that's not really meant to be shipped yet +rm -rf %{buildroot}/boot %{buildroot}/usr/include +rm -rf %{buildroot}%{_libdir}/libdpe* +mkdir -p %{buildroot}%{_sysconfdir}/pki/pesign/ +mkdir -p %{buildroot}%{_sysconfdir}/pki/pesign-rh-test/ +cp -a etc/pki/pesign/* %{buildroot}%{_sysconfdir}/pki/pesign/ +cp -a etc/pki/pesign-rh-test/* %{buildroot}%{_sysconfdir}/pki/pesign-rh-test/ + +if [ %{macrosdir} != %{_sysconfdir}/rpm ]; then + mkdir -p %{buildroot}%{macrosdir} + mv %{buildroot}%{_sysconfdir}/rpm/macros.pesign \ + %{buildroot}%{macrosdir} + rmdir %{buildroot}%{_sysconfdir}/rpm +fi +rm -vf %{buildroot}/usr/share/doc/pesign-%{version}/COPYING + +# and find-debuginfo.sh has some pretty awful deficencies too... +cp -av libdpe/*.[ch] src/ + +install -d -m 0755 %{buildroot}%{python3_sitelib}/mockbuild/plugins/ +install -m 0755 %{SOURCE2} %{buildroot}%{python3_sitelib}/mockbuild/plugins/ + +%pre +getent group pesign >/dev/null || groupadd -r pesign +getent passwd pesign >/dev/null || \ + useradd -r -g pesign -d /run/pesign -s /sbin/nologin \ + -c "Group for the pesign signing daemon" pesign +exit 0 + +%if 0%{?rhel} >= 7 || 0%{?fedora} >= 17 +%post +%systemd_post pesign.service + +%preun +%systemd_preun pesign.service + +%postun +%systemd_postun_with_restart pesign.service + +%posttrans +certutil -d %{_sysconfdir}/pki/pesign/ -X -L > /dev/null + +# this is disabled currently because it breaks the fedora kernel build root +# generation - because we don't currently have a good way of populating +# /etc/pesign/{users,groups} before the buildroot is installed, or +# populating them and re-running pesign-authorize afterwards but before the +# package build of e.g. kernel +#%%{_libexecdir}/pesign/pesign-authorize +%endif + +%files +%{!?_licensedir:%global license %%doc} +%license COPYING +%doc README.md TODO +%{_bindir}/authvar +%{_bindir}/efikeygen +%{_bindir}/pesigcheck +%{_bindir}/pesign +%{_bindir}/pesign-client +%{_bindir}/pesum +%dir %{_libexecdir}/pesign/ +%dir %attr(0770,pesign,pesign) %{_sysconfdir}/pki/pesign/ +%config(noreplace) %attr(0660,pesign,pesign) %{_sysconfdir}/pki/pesign/* +%dir %attr(0775,pesign,pesign) %{_sysconfdir}/pki/pesign-rh-test/ +%config(noreplace) %attr(0664,pesign,pesign) %{_sysconfdir}/pki/pesign-rh-test/* +%{_libexecdir}/pesign/pesign-authorize +%{_libexecdir}/pesign/pesign-rpmbuild-helper +%config(noreplace)/%{_sysconfdir}/pesign/users +%config(noreplace)/%{_sysconfdir}/pesign/groups +%{_sysconfdir}/popt.d/pesign.popt +%{macrosdir}/macros.pesign +%{_mandir}/man*/* +%dir %attr(0770, pesign, pesign) %{_rundir}/%{name} +%ghost %attr(0660, -, -) %{_rundir}/%{name}/socket +%ghost %attr(0660, -, -) %{_rundir}/%{name}/pesign.pid +%if 0%{?rhel} >= 7 || 0%{?fedora} >= 17 +%{_tmpfilesdir}/pesign.conf +%{_unitdir}/pesign.service +%endif +%{python3_sitelib}/mockbuild/plugins/*/pesign.* +%{python3_sitelib}/mockbuild/plugins/pesign.* + +%changelog +* Mon Jun 24 2024 Troy Dawson +- Bump release for June 2024 mass rebuild + +* Tue Mar 05 2024 Liu Yang - 116-4 +- Add riscv64. + +* Fri Feb 02 2024 Peter Jones - 116-3 +- Fix incorrect calloc() invocations caught by -Wcalloc-transposed-args + +* Mon Feb 20 2023 Nicolas Frayer - 116-2 +- cms_common: Fixed Segmentation fault + +* Tue Jan 31 2023 Robbie Harwood - 116-1 +- New upstream release (116) +- Resolves: CVE-2022-3560 + +* Wed Aug 31 2022 Robbie Harwood - 115-9 +- Roll up to pjones's smartcard/cms fixes + +* Tue Aug 02 2022 Robbie Harwood - 115-8 +- Rebuild for python bytecode change +- See-also: #2107826 + +* Thu Jul 07 2022 Robbie Harwood - 115-6 +- Fix formatting of man pages +- Resolves: #2104778 + +* Mon Apr 04 2022 Robbie Harwood - 115-5 +- Detect presence of rpm-sign when checking for rhel-ness + +* Fri Apr 01 2022 Robbie Harwood - 115-4 +- Correctly handle rhel and centos macros + +* Fri Mar 25 2022 Robbie Harwood - 115-3 +- Add -D_GLIBCXX_ASSERTIONS to CPPFLAGS + +* Thu Mar 24 2022 Robbie Harwood - 115-2 +- Add support for non-koji signing in macros +- Resolves: #1880858 + +* Tue Mar 08 2022 Robbie Harwood - 115-1 +- New upstream version (115) + +* Mon Feb 14 2022 Robbie Harwood - 114-4 +- Disable -fanalyzer since it's broken and pragmas don't work +- See-also: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104370 + +* Mon Feb 14 2022 Robbie Harwood - 114-3 +- Fix explicit NULL deref when daemonizing + +* Wed Feb 02 2022 Robbie Harwood - 114-2 +- Attempt to fix signing parsing by dropping pesign_args + +* Tue Feb 01 2022 Robbie Harwood - 114-1 +- New upstream version (114) + +* Fri Jan 21 2022 Fedora Release Engineering - 113-18 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Fri Jul 23 2021 Fedora Release Engineering - 113-17 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek - 113-16 +- Rebuilt for updated systemd-rpm-macros + See https://pagure.io/fesco/issue/2583. + +* Wed Jan 27 2021 Fedora Release Engineering - 113-15 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Mon Nov 16 2020 Jeff Law - 113-14 +- Turn off -Wfree-nonheap-object + +* Mon Aug 03 2020 Peter Jones - 113-13 +- Add the rundir related stuff that was staged on my f32 checkout. + +* Mon Aug 03 2020 Peter Jones - 113-12 +- Try to make kernel and fwupd both work at the same time. + +* Tue Jul 28 2020 Fedora Release Engineering - 113-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Thu Jul 16 2020 Peter Jones - 113-10 +- I really cannot figure out why bkernel01 thinks the certificate nickname + starts with /CN=, but it does, so I'm gonna stop fighting with the sand. + +* Thu Jul 16 2020 Peter Jones - 113-9 +- Even more kernel build debugging... + +* Tue Jul 07 2020 Peter Jones - 113-8 +- More kernel build debugging... + +* Tue Jul 07 2020 Peter Jones - 113-6 +- Disable the pesign-authorize call in posttrans, until we can figure out a + better way to deal with that in the fedora kernel builder chroot setup + +* Tue Jul 07 2020 Peter Jones - 113-5 +- Make pesign require nss-tools for the posttrans scriptlet +- Move most of macros.pesign to /usr/libexec/pesign/pesign-rpmbuild-helper + +* Mon Jul 06 2020 Peter Jones - 113-4 +- Attempt to fix kernel signing failures caused by -3... + +* Fri Jun 12 2020 Peter Jones - 113-3 +- Fix the signer name for fedora and some other minor nits + Related: rhbz#1708773 + Related: rhbz#1678146 + +* Thu Jun 11 2020 Peter Jones - 113-2 +- Fix a signing protocol bug we introduced in 113 that makes the fedora + kernel builders fail. + Related: rhbz#1708773 + +* Thu Jun 11 2020 Javier Martinez Canillas - 113-1 +- Update to 113 release + Resolves: rhbz#1708773 + +* Mon Jun 08 2020 Javier Martinez Canillas - 0.112-31 +- Switch default NSS database to SQLite format (pjones) + Resolves: rhbz#1827902 + +* Mon Feb 24 2020 Peter Jones - 0.112-30 +- Make sure the patch for -29 is actually in the build in f32, and + synchronize with master. + +* Tue Feb 18 2020 Peter Jones - 0.112-29 +- Rebuild to match OpenSC's token name mangling change. + +* Thu Jan 30 2020 Fedora Release Engineering - 0.112-28 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Tue Nov 12 2019 Peter Jones - 0.112-27 +- Rebuild to fix an NSS API issue. + +* Fri Jul 26 2019 Fedora Release Engineering - 0.112-26 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Wed Mar 6 2019 Zbigniew Jędrzejewski-Szmek - 0.112-25 +- Fix build (#1675653) +- Add missing closing quote in macro (#1651020) +- Update obsolete /var/run/ path (#1678146) + +* Sat Feb 02 2019 Fedora Release Engineering - 0.112-25 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Fri Jul 13 2018 Fedora Release Engineering - 0.112-24 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Fri Feb 09 2018 Fedora Release Engineering - 0.112-23 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Mon Jan 22 2018 Peter Robinson 0.112-22 +- Minor spec cleanups, fix arm conditional + +* Fri Oct 06 2017 Troy Dawson - 0.112-21 +- Cleanup spec file conditionals + +* Tue Aug 15 2017 Peter Jones - 0.112-20 +- Maybe fewer typoes would be better. + +* Tue Aug 15 2017 Peter Jones - 0.112-19 +- Update to match f26's build so new kernel builds will work. + +* Thu Aug 10 2017 Peter Jones - 0.112-10 +- Try to fix the db problem nirik is seeing trying to upgrade the builders. + +* Thu Aug 03 2017 Fedora Release Engineering - 0.112-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 0.112-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Sat Jul 08 2017 Peter Jones - 0.112-7 +- Rebuild for efivar-31-1.fc26 + Related: rhbz#1468841 + +* Sat Feb 11 2017 Fedora Release Engineering - 0.112-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Fri Jan 06 2017 Peter Jones - 0.112-5 +- Don't Req: or BuildReq: coolkey or opensc; those belong in system deploy + scripts. + Related: rhbz#1349073 + +* Wed Aug 17 2016 Peter Jones - 0.112-4 +- Build as -4 to make bodhi happy. + +* Fri Aug 12 2016 Adam Williamson - 0.112-3 +- backport fix for command line parsing from upstream master + +* Wed Aug 10 2016 Peter Jones - 0.112-2 +- Build with newer efivar. + +* Wed Apr 20 2016 Peter Jones - 0.112-1 +- Update to 0.112 +- Also fix up some spec file woes: + - dumb things in %%setup + - find-debuginfo.sh not working right for some source files... + +* Thu Feb 04 2016 Fedora Release Engineering - 0.111-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Thu Dec 10 2015 Peter Jones - 0.111-7 +- Obsolete pesign-rh-test-certs, it was in -1's update. + Resolves: rhbz#1283475 + +* Wed Dec 02 2015 Peter Jones - 0.111-6 +- *Don't* use --certdir if we're using the socket. + Related: rhbz#1283475 + Related: rhbz#1284063 + Related: rhbz#1284561 + +* Tue Dec 01 2015 Peter Jones - 0.111-5 +- Actually do a better job of choosing which cert to use when, so people will + stop seeing any of this problem. (Thanks for the thought, jforbes.) + Resolves: rhbz#1283475 + Resolves: rhbz#1284063 + Resolves: rhbz#1284561 + +* Mon Nov 30 2015 Peter Jones - 0.111-5 +- setfacl even harder. + Related: rhbz#1283475 + Related: rhbz#1284063 + Related: rhbz#1284561 + +* Fri Nov 20 2015 Peter Jones - 0.111-3 +- Better ACL setting code. + Related: rhbz#1283475 + +* Thu Nov 19 2015 Peter Jones - 0.111-2 +- Allow the mockbuild user to read the nss database if the account exists. + +* Wed Oct 28 2015 Peter Jones - 0.111-1 +- Rebase to 0.111 +- Split test certs out into a "Recommends" subpackage. + +* Thu Jun 18 2015 Fedora Release Engineering - 0.110-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Wed Mar 4 2015 Ville Skyttä - 0.110-2 +- Install macros in %%{_rpmconfigdir}/macros.d where available (#1074281) + +* Fri Oct 24 2014 Peter Jones - 0.110-1 +- Update to pesign-0.110 + +* Sun Aug 17 2014 Fedora Release Engineering - 0.108-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Jun 07 2014 Fedora Release Engineering - 0.108-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Thu May 29 2014 Peter Jones - 0.108-2 +- Fix a networking problem nirik observed when reinstalling builders. + +* Sat Aug 10 2013 Peter Jones - 0.108-1 +- Remove errant result files and raise an error from %%pesign + +* Tue Aug 06 2013 Peter Jones - 0.106-3 +- Add code for signing in RHEL 7 + +* Mon Aug 05 2013 Peter Jones - 0.106-2 +- Fix for new %%doc rules. + +* Sun Aug 04 2013 Fedora Release Engineering - 0.106-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Tue May 21 2013 Peter Jones - 0.106-1 +- Update to 0.106 +- Hopefully fix the segfault dgilmore was seeing. + +* Mon May 20 2013 Peter Jones - 0.105-1 +- Various bug fixes. + +* Wed May 15 2013 Peter Jones - 0.104-1 +- Make sure alignment is correct on signature list entries + Resolves: rhbz#963361 +- Make sure section alignment is correct if we have to extend the file + +* Wed Feb 06 2013 Peter Jones - 0.103-2 +- Conditionalize systemd bits so they don't show up in RHEL 6 builds + +* Tue Feb 05 2013 Peter Jones - 0.103-1 +- One more compiler problem. Let's expect a few more, shall we? + +* Tue Feb 05 2013 Peter Jones - 0.102-1 +- Don't use --std=gnu11 because we have to work on RHEL 6 builders. + +* Mon Feb 04 2013 Peter Jones - 0.101-1 +- Update to 0.101 to fix more "pesign -E" issues. + +* Fri Nov 30 2012 Peter Jones - 0.100-1 +- Fix insertion of signatures from a file. + +* Mon Nov 26 2012 Matthew Garrett - 0.99-9 +- Add a patch needed for new shim builds + +* Fri Oct 19 2012 Peter Jones - 0.99-8 +- Get the Fedora signing token name right. + +* Fri Oct 19 2012 Peter Jones +- Add coolkey and opensc modules to pki database during %%install. + +* Fri Oct 19 2012 Peter Jones - 0.99-7 +- setfacl u:kojibuilder:rw /var/run/pesign/socket +- Fix command line checking in client +- Add client stdin pin reading. + +* Thu Oct 18 2012 Peter Jones - 0.99-6 +- Automatically select daemon as signer when using rpm macros. + +* Thu Oct 18 2012 Peter Jones - 0.99-5 +- Make it work on the -el6 branch as well. + +* Wed Oct 17 2012 Peter Jones - 0.99-4 +- Fix some more bugs found by valgrind and coverity. +- Don't build utils/ ; we're not using them and they're not ready anyway. + +* Wed Oct 17 2012 Peter Jones - 0.99-3 +- Fix daemon startup bug from 0.99-2 + +* Wed Oct 17 2012 Peter Jones - 0.99-2 +- Fix various bugs from 0.99-1 +- Don't make the database unreadable just yet. + +* Mon Oct 15 2012 Peter Jones - 0.99-1 +- Update to 0.99 +- Add documentation for client/server mode. +- Add --pinfd and --pinfile to server mode. + +* Fri Oct 12 2012 Peter Jones - 0.98-1 +- Update to 0.98 +- Add client/server mode. + +* Mon Oct 01 2012 Peter Jones - 0.10-5 +- Fix missing section address fixup. + +* Wed Aug 15 2012 Peter Jones - 0.10-4 +- Make macros.pesign even better (and make it work right for i686 packages) + +* Tue Aug 14 2012 Peter Jones - 0.10-3 +- Only sign things on x86_64; all else ignore gracefully. + +* Tue Aug 14 2012 Peter Jones - 0.10-2 +- Make macros.pesign more reliable + +* Mon Aug 13 2012 Peter Jones - 0.10-1 +- Update to 0.10 +- Include rpm macros to support easy custom signing of signed packages. + +* Fri Aug 10 2012 Peter Jones - 0.9-1 +- Update to 0.9 +- Bug fix from Gary Ching-Pang Lin +- Support NSS Token selection for use with smart cards. + +* Wed Aug 08 2012 Peter Jones - 0.8-1 +- Update to 0.8 +- Don't open the db read-write +- Fix permissions on keystore (everybody can sign with test keys) + +* Wed Aug 08 2012 Peter Jones - 0.7-2 +- Include test keys. + +* Mon Jul 30 2012 Peter Jones - 0.7-1 +- Update to 0.7 +- Better fix for MS compatibility. + +* Mon Jul 30 2012 Peter Jones - 0.6-1 +- Update to 0.6 +- Bug-for-bug compatibility with signtool.exe . + +* Fri Jul 20 2012 Fedora Release Engineering - 0.5-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Wed Jul 11 2012 Peter Jones - 0.5-1 +- Rebase to 0.5 +- Do more rigorous bounds checking when hashing a new binary. + +* Tue Jul 10 2012 Peter Jones - 0.3-2 +- Rebase to 0.4 + +* Fri Jun 22 2012 Peter Jones - 0.3-2 +- Move man page to a more reasonable place. + +* Fri Jun 22 2012 Peter Jones - 0.3-1 +- Update to upstream's 0.3 . + +* Thu Jun 21 2012 Peter Jones - 0.2-4 +- Do not build with smp flags. + +* Thu Jun 21 2012 Peter Jones - 0.2-3 +- Make it build on i686, though it's unclear it'll ever be necessary. + +* Thu Jun 21 2012 Peter Jones - 0.2-2 +- Fix compile problem with f18's compiler. + +* Thu Jun 21 2012 Peter Jones - 0.2-1 +- Fix some rpmlint complaints nirik pointed out +- Add popt-devel build dep + +* Fri Jun 15 2012 Peter Jones - 0.1-1 +- First version of SRPM.