!24 pesign：update version to 115

From: @jinlun123123 Reviewed-by: @HuaxinLuGitee, @zhuchunyi Signed-off-by: @zhuchunyi
2022-11-08 07:37:53 +00:00 · 2022-11-08 07:37:53 +00:00 · 99ffc255fc
commit 99ffc255fc
parent 1feb6d1bdf 032fdc480a
7 changed files with 71 additions and 75 deletions
--- a/113.tar.gz
+++ b/113.tar.gz
--- a/115.tar.gz
+++ b/115.tar.gz
--- a/Feature-pesign-support-SM2-signature-algorithm.patch
+++ b/Feature-pesign-support-SM2-signature-algorithm.patch
@ -21,8 +21,8 @@ index afa00e2..4aabf5d 100644
 +		SECItem *content, SECOidData *oid)
 +{
 +	int ret = -1;
-+	SECKEYPublicKey *pubkey;
-+	unsigned char *buf;
+	SECKEYPublicKey *pubkey = NULL;
+	unsigned char *buf = NULL;
 +	SECStatus status;
 +	SECItem sig_raw = { 0 };
 +
--- a/Fix-build-error-of-gcc-version-too-low.patch
+++ b/Fix-build-error-of-gcc-version-too-low.patch
@ -0,0 +1,53 @@
+From 3afba00007f294baca8c7cfbc20cec24899fe5f1 Mon Sep 17 00:00:00 2001
+From: jinlun <jinlun@huawei.com>
+Date: Mon, 7 Nov 2022 20:41:08 +0800
+Subject: [PATCH] fix build error of gcc version too low
+
+---
+ src/daemon.c   | 3 ---
+ src/password.c | 3 ---
+ 2 files changed, 6 deletions(-)
+
+diff --git a/src/daemon.c b/src/daemon.c
+index 0a66deb..c5061bd 100644
+--- a/src/daemon.c
+++ b/src/daemon.c
+@@ -920,8 +920,6 @@ do_shutdown(context *ctx, int nsockets, struct pollfd *pollfds)
+ 
+ /* GCC -fanalyzer has trouble with realloc
+  * https://bugzilla.redhat.com/show_bug.cgi?id=2047926 */
+-#pragma GCC diagnostic push
+-#pragma GCC diagnostic ignored "-Wanalyzer-use-of-uninitialized-value"
+ static int
+ handle_events(context *ctx)
+ {
+@@ -1000,7 +998,6 @@ shutdown:
+ 	}
+ 	return 0;
+ }
+-#pragma GCC diagnostic pop
+ 
+ static int
+ get_uid_and_gid(context *ctx, char **homedir)
+diff --git a/src/password.c b/src/password.c
+index 05add9a..0f359d2 100644
+--- a/src/password.c
+++ b/src/password.c
+@@ -304,14 +304,11 @@ SECU_FilePasswd(PK11SlotInfo *slot, PRBool retry, void *arg)
+ 
+ 		/* Workaround for -fanalzer/reallocarray() bug
+ 		 * https://bugzilla.redhat.com/show_bug.cgi?id=2047926 */
+-#pragma GCC diagnostic push
+-#pragma GCC diagnostic ignored "-Wanalyzer-mismatching-deallocation"
+ 		new_phrases = reallocarray(phrases, nphrases + 1, sizeof(struct token_pass));
+ 		if (!new_phrases)
+ 			goto err_phrases;
+ 		phrases = new_phrases;
+ 		memset(&new_phrases[nphrases], 0, sizeof(struct token_pass));
+-#pragma GCC diagnostic pop
+ 
+ 		span = strspn(start, whitespace_and_eol_chars);
+ 		dprintf("whitespace span is %zd", span);
+-- 
+2.27.0
+
--- a/Fix-the-build-with-nss-3.44.patch
+++ b/Fix-the-build-with-nss-3.44.patch
@ -1,42 +0,0 @@
-From b535d1ac5cbcdf18a97d97a92581e38080d9e521 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Tue, 14 May 2019 11:28:38 -0400
-Subject: [PATCH] efikeygen: Fix the build with nss 3.44
-
-NSS 3.44 adds some certificate types, which changes a type and makes
-some encoding stuff weird.  As a result, we get:
-
-gcc8 -I/wrkdirs/usr/ports/sysutils/pesign/work/pesign-0.110/include -O2 -pipe  -fstack-protector-strong -Wl,-rpath=/usr/local/lib/gcc8 -isystem /usr/local/include -fno-strict-aliasing  -g -O0 -g -O0  -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants --std=gnu99 -D_GNU_SOURCE -Wno-unused-result -Wno-unused-function -I../include/  -I/usr/local/include/nss -I/usr/local/include/nss/nss -I/usr/local/include/nspr  -Werror -fPIC -isystem /usr/local/include -DCONFIG_amd64 -DCONFIG_amd64 -c efikeygen.c -o efikeygen.o
-In file included from /usr/local/include/nss/nss/cert.h:22,
-                 from efikeygen.c:39:
-efikeygen.c: In function 'add_cert_type':
-/usr/local/include/nss/nss/certt.h:445:5: error: unsigned conversion from 'int' to 'unsigned char' changes value from '496' to '240' [-Werror=overflow]
-     (NS_CERT_TYPE_SSL_CLIENT | NS_CERT_TYPE_SSL_SERVER | NS_CERT_TYPE_EMAIL | \
-     ^
-efikeygen.c:208:23: note: in expansion of macro 'NS_CERT_TYPE_APP'
-  unsigned char type = NS_CERT_TYPE_APP;
-                       ^~~~~~~~~~~~~~~~
-cc1: all warnings being treated as errors
-
-This is fixed by just making it an int.
-
-Fixes github issue #48.
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
---
- src/efikeygen.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/efikeygen.c b/src/efikeygen.c
-index ede76ef..2cd953e 100644
--- a/src/efikeygen.c
-+++ b/src/efikeygen.c
-@@ -208,7 +208,7 @@ static int
- add_cert_type(cms_context *cms, void *extHandle, int is_ca)
- {
- 	SECItem bitStringValue;
-	unsigned char type = NS_CERT_TYPE_APP;
-+	int type = NS_CERT_TYPE_APP;
- 
- 	if (is_ca)
- 		type |= NS_CERT_TYPE_SSL_CA |
--- a/pesign.spec
+++ b/pesign.spec
@ -1,11 +1,11 @@
 %global macrosdir %(d=%{_rpmconfigdir}/macros.d; [ -d $d ] || d=%{_sysconfdir}/rpm; echo $d)
 Name:          pesign
 Summary:       Signing utility for UEFI binaries
-Version:       0.113
-Release:       7
+Version:       115
+Release:       1
 License:       GPLv2
-URL:           https://github.com/vathpela/pesign
-Source0:       https://github.com/rhboot/pesign/archive/113.tar.gz
+URL:           https://github.com/rhboot/pesign
+Source0:       https://github.com/rhboot/pesign/archive/refs/tags/115.tar.gz
 Source1:       certs.tar.xz
 Source2:       pesign.py
 Source3:       euleros-certs.tar.bz2
@ -14,14 +14,12 @@ Requires:      nspr nss nss-util popt rpm
 Requires(pre): shadow-utils
 BuildRequires: nspr nss nss-util popt-devel nss-tools nspr-devel >= 4.9.2-1
 BuildRequires: nss-devel >= 3.13.6-1 efivar-devel >= 31-1 libuuid-devel tar xz
-BuildRequires: python3-rpm-macros python3 systemd python3-devel gcc
-
-Patch0001:     Fix-the-build-with-nss-3.44.patch
-Patch0002:     remove-superfluous-type-settings.patch
+BuildRequires: python3-rpm-macros python3 systemd python3-devel gcc mandoc

 # Feature: support SM2 and SM3
 Patch9000:     Feature-pesign-support-SM3-digest-algorithm.patch
 Patch9001:     Feature-pesign-support-SM2-signature-algorithm.patch
+Patch9002:     Fix-build-error-of-gcc-version-too-low.patch

 %description
 pesign is a command line tool for manipulating signatures and
@ -35,7 +33,7 @@ Requires:       %{name} = %{version}-%{release}
 Files for help with pesign.

 %prep
-%autosetup -n %{name}-113 -p1 -T -b 0 -D -c -a 1
+%autosetup -n %{name}-%{version} -p1 -T -b 0 -D -c -a 1
 tar -jxf %{SOURCE3}

 %build
@ -49,7 +47,7 @@ install -D etc/pki/pesign/* %{buildroot}%{_sysconfdir}/pki/pesign/
 install -D etc/pki/pesign-rh-test/* %{buildroot}%{_sysconfdir}/pki/pesign-rh-test/
 mv euleros-certs/etc/pki/pesign/euleros-pesign-db %{buildroot}/etc/pki/pesign/
 install -D %{buildroot}%{_sysconfdir}/rpm/macros.pesign %{buildroot}%{macrosdir}/macros.pesign
-rm -vf %{buildroot}/usr/share/doc/pesign-113/COPYING
+rm -vf %{buildroot}/usr/share/doc/pesign-%{version}/COPYING
 install -d -m 0755 %{buildroot}%{python3_sitelib}/mockbuild/plugins/
 install -m 0755 %{SOURCE2} %{buildroot}%{python3_sitelib}/mockbuild/plugins/

@ -78,10 +76,10 @@ exit 0
 %dir %attr(0775,pesign,pesign) %{_sysconfdir}/pki/pesign-rh-test/
 %config(noreplace) %attr(0664,pesign,pesign) %{_sysconfdir}/pki/pesign-rh-test/*
 %{_libexecdir}/pesign/pesign-authorize
+%{_libexecdir}/pesign/pesign-rpmbuild-helper
 %config(noreplace)/%{_sysconfdir}/pesign/*
 %{_sysconfdir}/popt.d/pesign.popt
 %{macrosdir}/macros.pesign
-%dir %attr(0770, pesign, pesign) %{_localstatedir}/run/%{name}
 %dir %attr(0775,pesign,pesign) /etc/pki/pesign/euleros-pesign-db
 %attr(0644,pesign,pesign) /etc/pki/pesign/euleros-pesign-db/*
 %ghost %attr(0660, -, -) %{_localstatedir}/run/%{name}/socket
@ -98,13 +96,19 @@ exit 0
 %{_mandir}/man*/*

 %changelog
+* Mon Nov 7 2022 jinlun <jinlun@huawei.com> - 115-1
+- Type:bugfix
+- Id:NA
+- SUG:NA
+- DESC:update to 115
+
 * Mon Oct 31 2022 luhuaxin <luhuaxin1@huawei.com> - 0.113-7
 - fix the algorithm flag for sm2,sm3

 * Mon Oct 10 2022 godcansee <liu332084460@foxmail.com> - 0.113-6
 - add feature to support for sm2,sm3 

-* Sat July 31 2021 Shenmei Tu <tushenmei@huawei.com> - 0.113-5
+* Sat Jul 31 2021 Shenmei Tu <tushenmei@huawei.com> - 0.113-5
 - remove-superfluous-type-settings.patch

 * Mon May 31 2021 huanghaitao <huanghaitao8@huawei.com> - 0.113-4
--- a/remove-superfluous-type-settings.patch
+++ b/remove-superfluous-type-settings.patch
@ -1,19 +0,0 @@
-diff -Nur pesign-113/src/pesigcheck.c pesign-113-new/src/pesigcheck.c
--- pesign-113/src/pesigcheck.c	2019-05-11 02:53:51.000000000 +0800
-+++ pesign-113-new/src/pesigcheck.c	2021-07-30 11:25:25.000000000 +0800
-@@ -318,7 +318,6 @@
- 			reason->type = SIGNATURE;
- 			reason->sig.data = data;
- 			reason->sig.len = datalen;
-			reason->type = siBuffer;
- 			nreason += 1;
- 			is_invalid = true;
- 		}
-@@ -330,7 +329,6 @@
- 			reason->type = SIGNATURE;
- 			reason->sig.data = data;
- 			reason->sig.len = datalen;
-			reason->type = siBuffer;
- 			nreason += 1;
- 			has_valid_cert = true;
- 		}