fix certificate chain bug

Bugfix-cms_common-fix-cert-match-check.patch

@@ -0,0 +1,29 @@
+From c6a38cd80916e7a412227836b1865685e8d1ccfd Mon Sep 17 00:00:00 2001
+From: Huaxin Lu <luhuaxin1@huawei.com>
+Date: Fri, 11 Nov 2022 11:20:35 +0800
+Subject: [PATCH] cms_common: fix cert match check
+
+In find_certificate_by_callback(), the match() returns 1
+when cert subject is matched.
+
+Signed-off-by: Huaxin Lu <luhuaxin1@huawei.com>
+---
+ src/cms_common.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/cms_common.c b/src/cms_common.c
+index 1c54c90..d3e6dea 100644
+--- a/src/cms_common.c
++++ b/src/cms_common.c
+@@ -872,7 +872,7 @@ find_certificate_by_callback(cms_context *cms,
+ 			continue;
+ 
+ 		int rc = match(tmpnode->cert, cbdata);
+-		if (rc == 0) {
++		if (rc == 1) {
+ 			node = tmpnode;
+ 			break;
+ 		}
+-- 
+2.33.0
+

pesign.spec

@@ -2,7 +2,7 @@
 Name:          pesign
 Summary:       Signing utility for UEFI binaries
 Version:       115
-Release:       1
+Release:       2
 License:       GPLv2
 URL:           https://github.com/rhboot/pesign
 Source0:       https://github.com/rhboot/pesign/archive/refs/tags/115.tar.gz
@@ -16,6 +16,8 @@ BuildRequires: nspr nss nss-util popt-devel nss-tools nspr-devel >= 4.9.2-1
 BuildRequires: nss-devel >= 3.13.6-1 efivar-devel >= 31-1 libuuid-devel tar xz
 BuildRequires: python3-rpm-macros python3 systemd python3-devel gcc mandoc
 
+Patch0001:     Bugfix-cms_common-fix-cert-match-check.patch
+
 # Feature: support SM2 and SM3
 Patch9000:     Feature-pesign-support-SM3-digest-algorithm.patch
 Patch9001:     Feature-pesign-support-SM2-signature-algorithm.patch
@@ -96,6 +98,9 @@ exit 0
 %{_mandir}/man*/*
 
 %changelog
+* Sat Nov 12 2022 luhuaxin <luhuaxin1@huawei.com> - 115-2
+- fix certificate chain bug
+
 * Mon Nov 7 2022 jinlun <jinlun@huawei.com> - 115-1
 - Type:bugfix
 - Id:NA