Compare commits

...

No commits in common. 'c9' and 'cs10' have entirely different histories.
c9 ... cs10

2
.gitignore vendored

@ -1,2 +1,2 @@
SOURCES/certs.tar.xz
SOURCES/pesign-115.tar.bz2
SOURCES/pesign-116.tar.bz2

@ -1,2 +1,2 @@
b6777cc78ca2d2f250f3142e97e17dd855bc9b88 SOURCES/certs.tar.xz
849099b74a8c54f3fe5090605d2a71c0511acd1a SOURCES/pesign-115.tar.bz2
f11d00d08b55d0e6ca209c81adabad799832cd00 SOURCES/pesign-116.tar.bz2

@ -0,0 +1,27 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Nicolas Frayer <nfrayer@redhat.com>
Date: Mon, 20 Feb 2023 15:26:20 +0100
Subject: [PATCH] cms_common: Fixed Segmentation fault
When running efikeygen, the binary crashes with a segfault due
to dereferencing a **ptr instead of a *ptr.
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
(cherry picked from commit 227435af461f38fc4abeafe02884675ad4b1feb4)
---
src/cms_common.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/cms_common.c b/src/cms_common.c
index 24576f2..89d946a 100644
--- a/src/cms_common.c
+++ b/src/cms_common.c
@@ -956,7 +956,7 @@ find_certificate_by_issuer_and_sn(cms_context *cms,
if (!ias)
cnreterr(-1, cms, "invalid issuer and serial number");
- return find_certificate_by_callback(cms, match_issuer_and_serial, &ias, cert);
+ return find_certificate_by_callback(cms, match_issuer_and_serial, ias, cert);
}
int

@ -1,24 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Tue, 8 Mar 2022 12:59:34 -0500
Subject: [PATCH] daemon: remove always-true comparison
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
---
src/daemon.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/daemon.c b/src/daemon.c
index 0a66deb..ff88210 100644
--- a/src/daemon.c
+++ b/src/daemon.c
@@ -221,8 +221,7 @@ malformed:
if (!ctx->cms->tokenname)
goto oom;
- if (!tp->value)
- pin = strndup((char *)tp->value, tp->size);
+ pin = strndup((char *)tp->value, tp->size);
if (!pin)
goto oom;

@ -1,33 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Wed, 9 Feb 2022 14:42:24 -0500
Subject: [PATCH] Disable pragmas for warnings that are too old
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
---
src/daemon.c | 5 -----
1 file changed, 5 deletions(-)
diff --git a/src/daemon.c b/src/daemon.c
index ff88210..d66dd50 100644
--- a/src/daemon.c
+++ b/src/daemon.c
@@ -917,10 +917,6 @@ do_shutdown(context *ctx, int nsockets, struct pollfd *pollfds)
free(pollfds);
}
-/* GCC -fanalyzer has trouble with realloc
- * https://bugzilla.redhat.com/show_bug.cgi?id=2047926 */
-#pragma GCC diagnostic push
-#pragma GCC diagnostic ignored "-Wanalyzer-use-of-uninitialized-value"
static int
handle_events(context *ctx)
{
@@ -999,7 +995,6 @@ shutdown:
}
return 0;
}
-#pragma GCC diagnostic pop
static int
get_uid_and_gid(context *ctx, char **homedir)

@ -0,0 +1,41 @@
From 1f9e2fa0b4d872fdd01ca3ba81b04dfb1211a187 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Fri, 2 Feb 2024 09:32:48 -0500
Subject: [PATCH] Fix reversed calloc() arguments
The prototype is "void *calloc(size_t nelem, size_t elsize);"
These two instances had them reversed, almost certainly leading to
buffer overflow issues. This was detected by
-Werror=calloc-transposed-args on gcc.
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
---
src/pesigcheck.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/pesigcheck.c b/src/pesigcheck.c
index 6dc67f76a81..8119cf10a7b 100644
--- a/src/pesigcheck.c
+++ b/src/pesigcheck.c
@@ -240,7 +240,7 @@ check_signature(pesigcheck_context *ctx, int *nreasons,
cert_iter iter;
- reasonps = calloc(sizeof(struct reason), 512);
+ reasonps = calloc(512, sizeof(struct reason));
if (!reasonps)
err(1, "check_signature");
@@ -281,7 +281,7 @@ check_signature(pesigcheck_context *ctx, int *nreasons,
num_reasons += 16;
- new_reasons = calloc(sizeof(struct reason), num_reasons);
+ new_reasons = calloc(num_reasons, sizeof(struct reason));
if (!new_reasons)
err(1, "check_signature");
reasonps = new_reasons;
--
2.41.0

@ -1,23 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Fri, 25 Mar 2022 15:01:54 -0400
Subject: [PATCH] Add -D_GLIBCXX_ASSERTIONS to CPPFLAGS
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
---
Make.defaults | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Make.defaults b/Make.defaults
index 130c1ee..4b0e77c 100644
--- a/Make.defaults
+++ b/Make.defaults
@@ -79,7 +79,7 @@ ccldflags = $(cflags) $(CCLDFLAGS) $(LDFLAGS) \
$(call pkg-config-ccldflags)
efi_cflags = $(cflags)
ASFLAGS ?= $(ARCH3264)
-CPPFLAGS ?= -D_FORTIFY_SOURCE=2
+CPPFLAGS ?= -D_FORTIFY_SOURCE=2 -D_GLIBCXX_ASSERTIONS
RANLIBFLAGS ?= $(if $(filter $(CC),gcc),-D)
ARFLAGS ?= $(if $(filter $(CC),gcc),-Dcvqs)$(if $(filter $(CC),clang),-cqvs)

@ -1,26 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 10 Aug 2021 12:39:08 -0400
Subject: [PATCH] macros.pesign: handle centos like rhel with --rhelver
Signed-off-by: Peter Jones <pjones@redhat.com>
(cherry picked from commit a1bc65c8b0fc20dbe9c9714ee3a31937184ba7f6)
(cherry picked from commit 83190f50505a0744dfb70d3b549914ae713e6713)
---
src/macros.pesign | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/macros.pesign b/src/macros.pesign
index 34af57c..b7d6af1 100644
--- a/src/macros.pesign
+++ b/src/macros.pesign
@@ -34,7 +34,8 @@
%{?__pesign_cert:--cert %{__pesign_cert}} \\\
%{?_buildhost:--hostname "%{_buildhost}"} \\\
%{?vendor:--vendor "%{vendor}"} \\\
- %{?_rhel:--rhelver "%{_rhel}"} \\\
+ %{?rhel:--rhelver "%{rhel}"} \\\
+ %{?centos:--rhelver "%{centos}"} \\\
%{?-n:--rhelcert %{-n*}}%{?!-n:--rhelcert %{__pesign_cert}} \\\
%{?-a:--rhelcafile "%{-a*}"} \\\
%{?-c:--rhelcertfile "%{-c*}"} \\\

@ -1,27 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 4 Apr 2022 14:45:29 -0400
Subject: [PATCH] Detect the presence of rpm-sign when checking for "rhel"-ness
Signed-off-by: Peter Jones <pjones@redhat.com>
[rharwood: manually reapply to main]
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
(cherry picked from commit 17e5878cb087e0a766722d3c487f87c41b318f9a)
(cherry picked from commit a1cfd0b6ddb423571d430f3df46af7761c0797e3)
---
src/pesign-rpmbuild-helper.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/pesign-rpmbuild-helper.in b/src/pesign-rpmbuild-helper.in
index 0a845d2..239605a 100644
--- a/src/pesign-rpmbuild-helper.in
+++ b/src/pesign-rpmbuild-helper.in
@@ -192,7 +192,7 @@ main() {
fi
fi
- if [[ "${rhelver}" -ge 7 ]] ; then
+ if [[ "${rhelver}" -ge 7 ]] && which rpm-sign >&/dev/null ; then
nssdir="$(mktemp -p "${PWD}" -d)"
echo > "${nssdir}/pwfile"
certutil -N -d "${nssdir}" -f "${nssdir}/pwfile"

@ -1,80 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Wed, 18 Jan 2023 14:00:22 -0500
Subject: [PATCH] Use normal file permissions instead of ACLs
Fixes a symlink attack that can't be mitigated using getfacl/setfacl.
pesign-authorize is now deprecated and will be removed in a future
release.
Resolves: CVE-2022-3560
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
---
src/pesign-authorize.in | 50 +++----------------------------------------------
1 file changed, 3 insertions(+), 47 deletions(-)
diff --git a/src/pesign-authorize.in b/src/pesign-authorize.in
index 69797d5..b4e89e0 100644
--- a/src/pesign-authorize.in
+++ b/src/pesign-authorize.in
@@ -2,56 +2,12 @@
set -e
set -u
-#
-# With /run/pesign/socket on tmpfs, a simple way of restoring the
-# acls for specific users is useful
-#
-# Compare to: http://infrastructure.fedoraproject.org/cgit/ansible.git/tree/roles/bkernel/tasks/main.yml?id=17198dadebf59d8090b7ed621bc8ab22152d2eb6
-#
-
# License: GPLv2
-declare -a fileusers=()
-declare -a dirusers=()
-while read -r user ; do
- dirusers[${#dirusers[@]}]=-m
- dirusers[${#dirusers[@]}]="u:$user:rwx"
- fileusers[${#fileusers[@]}]=-m
- fileusers[${#fileusers[@]}]="u:$user:rw"
-done </etc/pesign/users
-declare -a filegroups=()
-declare -a dirgroups=()
-while read -r group ; do
- dirgroups[${#dirgroups[@]}]=-m
- dirgroups[${#dirgroups[@]}]="g:$group:rwx"
- filegroups[${#filegroups[@]}]=-m
- filegroups[${#filegroups[@]}]="g:$group:rw"
-done </etc/pesign/groups
-
-update_subdir() {
- subdir=$1 && shift
-
- setfacl -bk "${subdir}"
- setfacl "${dirusers[@]}" "${dirgroups[@]}" "${subdir}"
- for x in "${subdir}"* ; do
- if [ -d "${x}" ]; then
- setfacl -bk "${x}"
- setfacl "${dirusers[@]}" "${dirgroups[@]}" "${x}"
- update_subdir "${x}/"
- elif [ -e "${x}" ]; then
- setfacl -bk "${x}"
- setfacl "${fileusers[@]}" "${filegroups[@]}" "${x}"
- else
- :;
- fi
- done
-}
+# This script is deprecated and will be removed in a future release.
sleep 3
for x in @@RUNDIR@@pesign/ /etc/pki/pesign/ ; do
- if [ -d "${x}" ]; then
- update_subdir "${x}"
- else
- :;
- fi
+ chown -R pesign:pesign "${x}" || true
+ chmod -R ug+rwX "${x}" || true
done

@ -1,6 +1,2 @@
Patch0001: 0001-daemon-remove-always-true-comparison.patch
Patch0002: 0002-Disable-pragmas-for-warnings-that-are-too-old.patch
Patch0003: 0003-Add-D_GLIBCXX_ASSERTIONS-to-CPPFLAGS.patch
Patch0004: 0004-macros.pesign-handle-centos-like-rhel-with-rhelver.patch
Patch0005: 0005-Detect-the-presence-of-rpm-sign-when-checking-for-rh.patch
Patch0006: 0006-Use-normal-file-permissions-instead-of-ACLs.patch
Patch0001: 0001-cms_common-Fixed-Segmentation-fault.patch
Patch0002: 0002-Fix-reversed-calloc-arguments.patch

@ -1,8 +1,11 @@
%global macrosdir %(d=%{_rpmconfigdir}/macros.d; [ -d $d ] || d=%{_sysconfdir}/rpm; echo $d)
# No. I have enough trouble already.
%undefine _auto_set_build_flags
Name: pesign
Summary: Signing utility for UEFI binaries
Version: 115
Version: 116
Release: 6%{?dist}
License: GPL-2.0-only
URL: https://github.com/rhboot/pesign
@ -13,7 +16,7 @@ BuildRequires: gcc
BuildRequires: git
BuildRequires: libuuid-devel
BuildRequires: make
#BuildRequires: mandoc
BuildRequires: mandoc
BuildRequires: nspr
BuildRequires: nspr-devel >= 4.9.2-1
BuildRequires: nss
@ -35,7 +38,7 @@ Requires: nss-util
Requires: popt
Requires: rpm
Requires(pre): shadow-utils
ExclusiveArch: %{ix86} x86_64 ia64 aarch64 %{arm}
ExclusiveArch: %{ix86} x86_64 ia64 aarch64 %{arm} riscv64
%if 0%{?rhel} == 7
BuildRequires: rh-signing-tools >= 1.20-2
%endif
@ -45,6 +48,7 @@ Source1: certs.tar.xz
Source2: pesign.py
Source3: pesign.patches
# generate with tool
%include %{SOURCE3}
%description
@ -64,11 +68,6 @@ git config --unset user.email
git config --unset user.name
%build
# Workaround for mandoc not being packaged
for f in authvar.1 efikeygen.1 pesigcheck.1 pesign-client.1 pesign.1; do
cp src/"$f".mdoc src/"$f"
done
make PREFIX=%{_prefix} LIBDIR=%{_libdir}
%install
@ -133,12 +132,13 @@ certutil -d %{_sysconfdir}/pki/pesign/ -X -L > /dev/null
%files
%{!?_licensedir:%global license %%doc}
%license COPYING
%doc README TODO
%doc README.md TODO
%{_bindir}/authvar
%{_bindir}/efikeygen
%{_bindir}/pesigcheck
%{_bindir}/pesign
%{_bindir}/pesign-client
%{_bindir}/pesum
%dir %{_libexecdir}/pesign/
%dir %attr(0770,pesign,pesign) %{_sysconfdir}/pki/pesign/
%config(noreplace) %attr(0660,pesign,pesign) %{_sysconfdir}/pki/pesign/*
@ -162,45 +162,65 @@ certutil -d %{_sysconfdir}/pki/pesign/ -X -L > /dev/null
%{python3_sitelib}/mockbuild/plugins/pesign.*
%changelog
* Wed Jan 18 2023 Robbie Harwood <rharwood@redhat.com> - 115-6
- Fix chmod invocation
- Resolves: CVE-2022-3560
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com>
- Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com>
- Bump release for June 2024 mass rebuild
* Tue Mar 05 2024 Liu Yang <Yang.Liu.sn@gmail.com> - 116-4
- Add riscv64.
* Fri Feb 02 2024 Peter Jones <pjones@redhat.com> - 116-3
- Fix incorrect calloc() invocations caught by -Wcalloc-transposed-args
* Mon Feb 20 2023 Nicolas Frayer <nfrayer@redhat.com> - 116-2
- cms_common: Fixed Segmentation fault
* Wed Jan 18 2023 Robbie Harwood <rharwood@redhat.com> - 115-5
- Deprecate pesign-authorize and drop ACL use
* Tue Jan 31 2023 Robbie Harwood <rharwood@redhat.com> - 116-1
- New upstream release (116)
- Resolves: CVE-2022-3560
* Mon Apr 04 2022 Robbie Harwood <rharwood@redhat.com>
* Wed Aug 31 2022 Robbie Harwood <rharwood@redhat.com> - 115-9
- Roll up to pjones's smartcard/cms fixes
* Tue Aug 02 2022 Robbie Harwood <rharwood@redhat.com> - 115-8
- Rebuild for python bytecode change
- See-also: #2107826
* Thu Jul 07 2022 Robbie Harwood <rharwood@redhat.com> - 115-6
- Fix formatting of man pages
- Resolves: #2104778
* Mon Apr 04 2022 Robbie Harwood <rharwood@redhat.com> - 115-5
- Detect presence of rpm-sign when checking for rhel-ness
- Resolves: #2044886
* Fri Apr 01 2022 Robbie Harwood <rharwood@redhat.com> - 115-3
- Correct handling of rhel and centos macros
- Resolves: #2044886
* Fri Apr 01 2022 Robbie Harwood <rharwood@redhat.com> - 115-4
- Correctly handle rhel and centos macros
* Fri Mar 25 2022 Robbie Harwood <rharwood@redhat.com> - 115-2
- Add -D_GLIBCXX_ASSERTIONS
- Resolves: #2044886
* Fri Mar 25 2022 Robbie Harwood <rharwood@redhat.com> - 115-3
- Add -D_GLIBCXX_ASSERTIONS to CPPFLAGS
* Thu Mar 24 2022 Robbie Harwood <rharwood@redhat.com> - 115-2
- Add support for non-koji signing in macros
- Resolves: #1880858
* Tue Mar 08 2022 Robbie Harwood <rharwood@redhat.com> - 115-1
- New upstream version (115)
- Resolves: #2044886
* Mon Feb 14 2022 Robbie Harwood <rharwood@redhat.com> - 114-4
- Fix explicit NULL deref when daemonizing
- Resolves: #2049320
- Disable -fanalyzer since it's broken and pragmas don't work
- See-also: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104370
* Wed Feb 09 2022 Robbie Harwood <rharwood@redhat.com> - 114-3
- Rebuild; no code changes
- Resolves: #2049320
* Mon Feb 14 2022 Robbie Harwood <rharwood@redhat.com> - 114-3
- Fix explicit NULL deref when daemonizing
* Wed Feb 09 2022 Robbie Harwood <rharwood@redhat.com> - 114-2
- Fix build on aarch64
- Resolves: #2049320
* Wed Feb 02 2022 Robbie Harwood <rharwood@redhat.com> - 114-2
- Attempt to fix signing parsing by dropping pesign_args
* Tue Feb 08 2022 Robbie Harwood <rharwood@redhat.com> - 114-1
* Tue Feb 01 2022 Robbie Harwood <rharwood@redhat.com> - 114-1
- New upstream version (114)
- Resolves: #2049320
* Fri Jan 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 113-18
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild

Loading…
Cancel
Save