packages/pesign
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!28 修复nss db不能正常shutdown的问题

Browse Source 
From: @chenxi-mao 
Reviewed-by: @HuaxinLuGitee, @caodongxia 
Signed-off-by: @caodongxia
This commit is contained in:
openeuler-ci-bot 2022-12-19 07:42:33 +00:00 committed by Gitee
commit cb2e1c01f3
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 44 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
Bugfix-Free-resources-if-certificate-cannot-be-found.patch Normal file
View File

@ -0,0 +1,39 @@
From d8ea40d773dc1bcd90d8fc3b1f71ce49044ccef0 Mon Sep 17 00:00:00 2001
From: Chenxi Mao <chenxi.mao@suse.com>
Date: Tue, 13 Dec 2022 22:12:29 +0800
Subject: [PATCH 1/1] Free resources if certificate cannot be found
In find_certificate_by_callback, function return -1 directly without
free resource if node is null, that will lead to nss shut down failed.
The error message as below:
could not shut down NSS: NSS could not shutdown. Objects are still in use.
To fix this issue, free all resources before function return -1.
Signed-off-by: Chenxi Mao <chenxi.mao@suse.com>
---
src/cms_common.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/cms_common.c b/src/cms_common.c
index 1c54c90..24576f2 100644
--- a/src/cms_common.c
+++ b/src/cms_common.c
@@ -878,8 +878,12 @@ find_certificate_by_callback(cms_context *cms,
}
}
- if (!node)
+ if (!node) {
+ PK11_DestroySlotListElement(slots, &psle);
+ PK11_FreeSlotList(slots);
+ CERT_DestroyCertList(certlist);
cnreterr(-1, cms, "Could not find certificate");
+ }
*cert = CERT_DupCertificate(node->cert);
--
2.33.0

6
pesign.spec
View File

@ -2,7 +2,7 @@
Name: pesign Name: pesign
Summary: Signing utility for UEFI binaries Summary: Signing utility for UEFI binaries
Version: 115 Version: 115
Release: 2 Release: 3
License: GPLv2 License: GPLv2
URL: https://github.com/rhboot/pesign URL: https://github.com/rhboot/pesign
Source0: https://github.com/rhboot/pesign/archive/refs/tags/115.tar.gz Source0: https://github.com/rhboot/pesign/archive/refs/tags/115.tar.gz
@ -17,6 +17,7 @@ BuildRequires: nss-devel >= 3.13.6-1 efivar-devel >= 31-1 libuuid-devel tar xz
BuildRequires: python3-rpm-macros python3 systemd python3-devel gcc mandoc BuildRequires: python3-rpm-macros python3 systemd python3-devel gcc mandoc
Patch0001: Bugfix-cms_common-fix-cert-match-check.patch Patch0001: Bugfix-cms_common-fix-cert-match-check.patch
Patch0002: Bugfix-Free-resources-if-certificate-cannot-be-found.patch
# Feature: support SM2 and SM3 # Feature: support SM2 and SM3
Patch9000: Feature-pesign-support-SM3-digest-algorithm.patch Patch9000: Feature-pesign-support-SM3-digest-algorithm.patch
@ -98,6 +99,9 @@ exit 0
%{_mandir}/man*/* %{_mandir}/man*/*
%changelog %changelog
* Mon Dec 19 2022 Chenxi Mao <chenxi.mao@suse.com> - 115-3
- Free resources if certification cannot be found.
* Sat Nov 12 2022 luhuaxin <luhuaxin1@huawei.com> - 115-2 * Sat Nov 12 2022 luhuaxin <luhuaxin1@huawei.com> - 115-2
- fix certificate chain bug - fix certificate chain bug