Backport DoS fix from 115
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
This commit is contained in:
parent
6816587aa8
commit
6d4888f795
@ -1,4 +1,4 @@
|
|||||||
From b535d1ac5cbcdf18a97d97a92581e38080d9e521 Mon Sep 17 00:00:00 2001
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
From: Peter Jones <pjones@redhat.com>
|
From: Peter Jones <pjones@redhat.com>
|
||||||
Date: Tue, 14 May 2019 11:28:38 -0400
|
Date: Tue, 14 May 2019 11:28:38 -0400
|
||||||
Subject: [PATCH] efikeygen: Fix the build with nss 3.44
|
Subject: [PATCH] efikeygen: Fix the build with nss 3.44
|
||||||
@ -28,7 +28,7 @@ Signed-off-by: Peter Jones <pjones@redhat.com>
|
|||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
diff --git a/src/efikeygen.c b/src/efikeygen.c
|
diff --git a/src/efikeygen.c b/src/efikeygen.c
|
||||||
index ede76ef0b48..2cd953e9781 100644
|
index 121a238..848480a 100644
|
||||||
--- a/src/efikeygen.c
|
--- a/src/efikeygen.c
|
||||||
+++ b/src/efikeygen.c
|
+++ b/src/efikeygen.c
|
||||||
@@ -208,7 +208,7 @@ static int
|
@@ -208,7 +208,7 @@ static int
|
||||||
@ -40,6 +40,3 @@ index ede76ef0b48..2cd953e9781 100644
|
|||||||
|
|
||||||
if (is_ca)
|
if (is_ca)
|
||||||
type |= NS_CERT_TYPE_SSL_CA |
|
type |= NS_CERT_TYPE_SSL_CA |
|
||||||
--
|
|
||||||
2.23.0
|
|
||||||
|
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From c555fd74c009242c3864576bd5f17a1f8f4fdffd Mon Sep 17 00:00:00 2001
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
From: Peter Jones <pjones@redhat.com>
|
From: Peter Jones <pjones@redhat.com>
|
||||||
Date: Tue, 18 Feb 2020 16:28:56 -0500
|
Date: Tue, 18 Feb 2020 16:28:56 -0500
|
||||||
Subject: [PATCH] pesigcheck: Fix a wrong assignment
|
Subject: [PATCH] pesigcheck: Fix a wrong assignment
|
||||||
@ -23,7 +23,7 @@ Signed-off-by: Peter Jones <pjones@redhat.com>
|
|||||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
diff --git a/src/pesigcheck.c b/src/pesigcheck.c
|
diff --git a/src/pesigcheck.c b/src/pesigcheck.c
|
||||||
index 524cce307bf..8fa0f1ad03d 100644
|
index 524cce3..8fa0f1a 100644
|
||||||
--- a/src/pesigcheck.c
|
--- a/src/pesigcheck.c
|
||||||
+++ b/src/pesigcheck.c
|
+++ b/src/pesigcheck.c
|
||||||
@@ -318,7 +318,7 @@ check_signature(pesigcheck_context *ctx, int *nreasons,
|
@@ -318,7 +318,7 @@ check_signature(pesigcheck_context *ctx, int *nreasons,
|
||||||
@ -44,6 +44,3 @@ index 524cce307bf..8fa0f1ad03d 100644
|
|||||||
nreason += 1;
|
nreason += 1;
|
||||||
has_valid_cert = true;
|
has_valid_cert = true;
|
||||||
}
|
}
|
||||||
--
|
|
||||||
2.24.1
|
|
||||||
|
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 84547e6b7173e4b10a1931fd25f329ea9a8f68b0 Mon Sep 17 00:00:00 2001
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
From: Peter Jones <pjones@redhat.com>
|
From: Peter Jones <pjones@redhat.com>
|
||||||
Date: Thu, 11 Jun 2020 16:23:14 -0400
|
Date: Thu, 11 Jun 2020 16:23:14 -0400
|
||||||
Subject: [PATCH] Make 0.112 client and server work with the 113 protocol and
|
Subject: [PATCH] Make 0.112 client and server work with the 113 protocol and
|
||||||
@ -11,16 +11,16 @@ the file type was added.
|
|||||||
|
|
||||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||||
---
|
---
|
||||||
src/client.c | 74 +++++++++++++++++++++++++++++++++++++---------------
|
src/client.c | 74 +++++++++++++++++++++++++++++++++++++++++++-----------------
|
||||||
src/daemon.c | 63 +++++++++++++++++++++++++++++---------------
|
src/daemon.c | 63 ++++++++++++++++++++++++++++++++++-----------------
|
||||||
src/daemon.h | 2 ++
|
src/daemon.h | 2 ++
|
||||||
3 files changed, 97 insertions(+), 42 deletions(-)
|
3 files changed, 97 insertions(+), 42 deletions(-)
|
||||||
|
|
||||||
diff --git a/src/client.c b/src/client.c
|
diff --git a/src/client.c b/src/client.c
|
||||||
index aa373abd981..57bcc09cbe8 100644
|
index 4a9a44e..a4f1d1d 100644
|
||||||
--- a/src/client.c
|
--- a/src/client.c
|
||||||
+++ b/src/client.c
|
+++ b/src/client.c
|
||||||
@@ -11,6 +11,7 @@
|
@@ -23,6 +23,7 @@
|
||||||
#include <fcntl.h>
|
#include <fcntl.h>
|
||||||
#include <popt.h>
|
#include <popt.h>
|
||||||
#include <pwd.h>
|
#include <pwd.h>
|
||||||
@ -28,7 +28,7 @@ index aa373abd981..57bcc09cbe8 100644
|
|||||||
#include <stddef.h>
|
#include <stddef.h>
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#include <sys/socket.h>
|
#include <sys/socket.h>
|
||||||
@@ -84,8 +85,8 @@ connect_to_server(void)
|
@@ -96,8 +97,8 @@ connect_to_server(void)
|
||||||
static int32_t
|
static int32_t
|
||||||
check_response(int sd, char **srvmsg);
|
check_response(int sd, char **srvmsg);
|
||||||
|
|
||||||
@ -39,7 +39,7 @@ index aa373abd981..57bcc09cbe8 100644
|
|||||||
{
|
{
|
||||||
struct msghdr msg;
|
struct msghdr msg;
|
||||||
struct iovec iov[1];
|
struct iovec iov[1];
|
||||||
@@ -104,7 +105,7 @@ check_cmd_version(int sd, uint32_t command, char *name, int32_t version)
|
@@ -116,7 +117,7 @@ check_cmd_version(int sd, uint32_t command, char *name, int32_t version)
|
||||||
ssize_t n;
|
ssize_t n;
|
||||||
n = sendmsg(sd, &msg, 0);
|
n = sendmsg(sd, &msg, 0);
|
||||||
if (n < 0) {
|
if (n < 0) {
|
||||||
@ -48,7 +48,7 @@ index aa373abd981..57bcc09cbe8 100644
|
|||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -120,11 +121,17 @@ check_cmd_version(int sd, uint32_t command, char *name, int32_t version)
|
@@ -132,11 +133,17 @@ check_cmd_version(int sd, uint32_t command, char *name, int32_t version)
|
||||||
|
|
||||||
char *srvmsg = NULL;
|
char *srvmsg = NULL;
|
||||||
int32_t rc = check_response(sd, &srvmsg);
|
int32_t rc = check_response(sd, &srvmsg);
|
||||||
@ -68,7 +68,7 @@ index aa373abd981..57bcc09cbe8 100644
|
|||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
@@ -134,7 +141,7 @@ send_kill_daemon(int sd)
|
@@ -146,7 +153,7 @@ send_kill_daemon(int sd)
|
||||||
struct iovec iov;
|
struct iovec iov;
|
||||||
pesignd_msghdr pm;
|
pesignd_msghdr pm;
|
||||||
|
|
||||||
@ -77,7 +77,7 @@ index aa373abd981..57bcc09cbe8 100644
|
|||||||
|
|
||||||
pm.version = PESIGND_VERSION;
|
pm.version = PESIGND_VERSION;
|
||||||
pm.command = CMD_KILL_DAEMON;
|
pm.command = CMD_KILL_DAEMON;
|
||||||
@@ -276,7 +283,7 @@ unlock_token(int sd, char *tokenname, char *pin)
|
@@ -288,7 +295,7 @@ unlock_token(int sd, char *tokenname, char *pin)
|
||||||
|
|
||||||
uint32_t size1 = pesignd_string_size(pin);
|
uint32_t size1 = pesignd_string_size(pin);
|
||||||
|
|
||||||
@ -86,7 +86,7 @@ index aa373abd981..57bcc09cbe8 100644
|
|||||||
|
|
||||||
pm.version = PESIGND_VERSION;
|
pm.version = PESIGND_VERSION;
|
||||||
pm.command = CMD_UNLOCK_TOKEN;
|
pm.command = CMD_UNLOCK_TOKEN;
|
||||||
@@ -353,7 +360,7 @@ is_token_unlocked(int sd, char *tokenname)
|
@@ -365,7 +372,7 @@ is_token_unlocked(int sd, char *tokenname)
|
||||||
|
|
||||||
uint32_t size0 = pesignd_string_size(tokenname);
|
uint32_t size0 = pesignd_string_size(tokenname);
|
||||||
|
|
||||||
@ -95,7 +95,7 @@ index aa373abd981..57bcc09cbe8 100644
|
|||||||
|
|
||||||
pm.version = PESIGND_VERSION;
|
pm.version = PESIGND_VERSION;
|
||||||
pm.command = CMD_IS_TOKEN_UNLOCKED;
|
pm.command = CMD_IS_TOKEN_UNLOCKED;
|
||||||
@@ -452,6 +459,9 @@ static void
|
@@ -464,6 +471,9 @@ static void
|
||||||
sign(int sd, char *infile, char *outfile, char *tokenname, char *certname,
|
sign(int sd, char *infile, char *outfile, char *tokenname, char *certname,
|
||||||
int attached, uint32_t format)
|
int attached, uint32_t format)
|
||||||
{
|
{
|
||||||
@ -105,7 +105,7 @@ index aa373abd981..57bcc09cbe8 100644
|
|||||||
int infd = open(infile, O_RDONLY);
|
int infd = open(infile, O_RDONLY);
|
||||||
if (infd < 0) {
|
if (infd < 0) {
|
||||||
fprintf(stderr, "pesign-client: could not open input file "
|
fprintf(stderr, "pesign-client: could not open input file "
|
||||||
@@ -481,12 +491,28 @@ oom:
|
@@ -493,12 +503,28 @@ oom:
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -138,7 +138,7 @@ index aa373abd981..57bcc09cbe8 100644
|
|||||||
iov[0].iov_base = pm;
|
iov[0].iov_base = pm;
|
||||||
iov[0].iov_len = sizeof (*pm);
|
iov[0].iov_len = sizeof (*pm);
|
||||||
|
|
||||||
@@ -503,25 +529,31 @@ oom:
|
@@ -515,25 +541,31 @@ oom:
|
||||||
}
|
}
|
||||||
|
|
||||||
char *buffer;
|
char *buffer;
|
||||||
@ -178,7 +178,7 @@ index aa373abd981..57bcc09cbe8 100644
|
|||||||
|
|
||||||
n = sendmsg(sd, &msg, 0);
|
n = sendmsg(sd, &msg, 0);
|
||||||
if (n < 0) {
|
if (n < 0) {
|
||||||
@@ -535,7 +567,7 @@ oom:
|
@@ -547,7 +579,7 @@ oom:
|
||||||
send_fd(sd, outfd);
|
send_fd(sd, outfd);
|
||||||
|
|
||||||
char *srvmsg = NULL;
|
char *srvmsg = NULL;
|
||||||
@ -188,10 +188,10 @@ index aa373abd981..57bcc09cbe8 100644
|
|||||||
fprintf(stderr, "pesign-client: signing failed: \"%s\"\n",
|
fprintf(stderr, "pesign-client: signing failed: \"%s\"\n",
|
||||||
srvmsg);
|
srvmsg);
|
||||||
diff --git a/src/daemon.c b/src/daemon.c
|
diff --git a/src/daemon.c b/src/daemon.c
|
||||||
index 9374d59be30..494beb9af72 100644
|
index 84b9ebc..8522250 100644
|
||||||
--- a/src/daemon.c
|
--- a/src/daemon.c
|
||||||
+++ b/src/daemon.c
|
+++ b/src/daemon.c
|
||||||
@@ -12,6 +12,7 @@
|
@@ -25,6 +25,7 @@
|
||||||
#include <poll.h>
|
#include <poll.h>
|
||||||
#include <pwd.h>
|
#include <pwd.h>
|
||||||
#include <signal.h>
|
#include <signal.h>
|
||||||
@ -199,7 +199,7 @@ index 9374d59be30..494beb9af72 100644
|
|||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
@@ -561,7 +562,7 @@ out:
|
@@ -569,7 +570,7 @@ out:
|
||||||
|
|
||||||
static void
|
static void
|
||||||
handle_signing(context *ctx, struct pollfd *pollfd, socklen_t size,
|
handle_signing(context *ctx, struct pollfd *pollfd, socklen_t size,
|
||||||
@ -208,7 +208,7 @@ index 9374d59be30..494beb9af72 100644
|
|||||||
{
|
{
|
||||||
struct msghdr msg;
|
struct msghdr msg;
|
||||||
struct iovec iov;
|
struct iovec iov;
|
||||||
@@ -585,8 +586,12 @@ oom:
|
@@ -593,8 +594,12 @@ oom:
|
||||||
|
|
||||||
n = recvmsg(pollfd->fd, &msg, MSG_WAITALL);
|
n = recvmsg(pollfd->fd, &msg, MSG_WAITALL);
|
||||||
|
|
||||||
@ -223,7 +223,7 @@ index 9374d59be30..494beb9af72 100644
|
|||||||
|
|
||||||
pesignd_string *tn = (pesignd_string *)(buffer + sizeof(uint32_t));
|
pesignd_string *tn = (pesignd_string *)(buffer + sizeof(uint32_t));
|
||||||
if (n < (long long)sizeof(tn->size)) {
|
if (n < (long long)sizeof(tn->size)) {
|
||||||
@@ -666,34 +671,44 @@ finish:
|
@@ -674,34 +679,44 @@ finish:
|
||||||
teardown_digests(ctx->cms);
|
teardown_digests(ctx->cms);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -286,7 +286,7 @@ index 9374d59be30..494beb9af72 100644
|
|||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
@@ -725,6 +740,12 @@ cmd_table_t cmd_table[] = {
|
@@ -733,6 +748,12 @@ cmd_table_t cmd_table[] = {
|
||||||
{ CMD_UNLOCK_TOKEN, handle_unlock_token, "unlock-token", 0 },
|
{ CMD_UNLOCK_TOKEN, handle_unlock_token, "unlock-token", 0 },
|
||||||
{ CMD_SIGN_ATTACHED, handle_sign_attached, "sign-attached", 0 },
|
{ CMD_SIGN_ATTACHED, handle_sign_attached, "sign-attached", 0 },
|
||||||
{ CMD_SIGN_DETACHED, handle_sign_detached, "sign-detached", 0 },
|
{ CMD_SIGN_DETACHED, handle_sign_detached, "sign-detached", 0 },
|
||||||
@ -300,10 +300,10 @@ index 9374d59be30..494beb9af72 100644
|
|||||||
{ CMD_IS_TOKEN_UNLOCKED, handle_is_token_unlocked,
|
{ CMD_IS_TOKEN_UNLOCKED, handle_is_token_unlocked,
|
||||||
"is-token-unlocked", 0 },
|
"is-token-unlocked", 0 },
|
||||||
diff --git a/src/daemon.h b/src/daemon.h
|
diff --git a/src/daemon.h b/src/daemon.h
|
||||||
index dd430512f1a..834d62c72d0 100644
|
index 69384ce..0368dc9 100644
|
||||||
--- a/src/daemon.h
|
--- a/src/daemon.h
|
||||||
+++ b/src/daemon.h
|
+++ b/src/daemon.h
|
||||||
@@ -33,6 +33,8 @@ typedef enum {
|
@@ -45,6 +45,8 @@ typedef enum {
|
||||||
CMD_RESPONSE,
|
CMD_RESPONSE,
|
||||||
CMD_IS_TOKEN_UNLOCKED,
|
CMD_IS_TOKEN_UNLOCKED,
|
||||||
CMD_GET_CMD_VERSION,
|
CMD_GET_CMD_VERSION,
|
||||||
@ -312,6 +312,3 @@ index dd430512f1a..834d62c72d0 100644
|
|||||||
CMD_LIST_END
|
CMD_LIST_END
|
||||||
} pesignd_cmd;
|
} pesignd_cmd;
|
||||||
|
|
||||||
--
|
|
||||||
2.26.2
|
|
||||||
|
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From f886b7088dfea224e28c03b097c85c9bc20f5441 Mon Sep 17 00:00:00 2001
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
From: Peter Jones <pjones@redhat.com>
|
From: Peter Jones <pjones@redhat.com>
|
||||||
Date: Fri, 12 Jun 2020 11:49:44 -0400
|
Date: Fri, 12 Jun 2020 11:49:44 -0400
|
||||||
Subject: [PATCH] Rename /var/run/ to /run/
|
Subject: [PATCH] Rename /var/run/ to /run/
|
||||||
@ -10,7 +10,7 @@ Signed-off-by: Peter Jones <pjones@redhat.com>
|
|||||||
2 files changed, 7 insertions(+), 7 deletions(-)
|
2 files changed, 7 insertions(+), 7 deletions(-)
|
||||||
|
|
||||||
diff --git a/src/macros.pesign b/src/macros.pesign
|
diff --git a/src/macros.pesign b/src/macros.pesign
|
||||||
index 56f75cafbc4..5a6da1c6809 100644
|
index 7c5cba1..21bf391 100644
|
||||||
--- a/src/macros.pesign
|
--- a/src/macros.pesign
|
||||||
+++ b/src/macros.pesign
|
+++ b/src/macros.pesign
|
||||||
@@ -45,14 +45,14 @@
|
@@ -45,14 +45,14 @@
|
||||||
@ -35,12 +35,9 @@ index 56f75cafbc4..5a6da1c6809 100644
|
|||||||
-c %{__pesign_client_cert} \\\
|
-c %{__pesign_client_cert} \\\
|
||||||
%{-i} %{-o} %{-e} %{-s} %{-C} \
|
%{-i} %{-o} %{-e} %{-s} %{-C} \
|
||||||
diff --git a/src/tmpfiles.conf b/src/tmpfiles.conf
|
diff --git a/src/tmpfiles.conf b/src/tmpfiles.conf
|
||||||
index c1cf35597d8..3375ad52a44 100644
|
index c1cf355..3375ad5 100644
|
||||||
--- a/src/tmpfiles.conf
|
--- a/src/tmpfiles.conf
|
||||||
+++ b/src/tmpfiles.conf
|
+++ b/src/tmpfiles.conf
|
||||||
@@ -1 +1 @@
|
@@ -1 +1 @@
|
||||||
-D /var/run/pesign 0770 pesign pesign -
|
-D /var/run/pesign 0770 pesign pesign -
|
||||||
+D /run/pesign 0770 pesign pesign -
|
+D /run/pesign 0770 pesign pesign -
|
||||||
--
|
|
||||||
2.26.2
|
|
||||||
|
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 56eaa15e986d808c670381ca375216eb3abd1588 Mon Sep 17 00:00:00 2001
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
From: Jeremy Cline <jcline@redhat.com>
|
From: Jeremy Cline <jcline@redhat.com>
|
||||||
Date: Tue, 18 Feb 2020 16:37:53 -0500
|
Date: Tue, 18 Feb 2020 16:37:53 -0500
|
||||||
Subject: [PATCH] Apparently opensc got updated and the token name changed
|
Subject: [PATCH] Apparently opensc got updated and the token name changed
|
||||||
@ -13,7 +13,7 @@ Signed-off-by: Peter Jones <pjones@redhat.com>
|
|||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
diff --git a/src/macros.pesign b/src/macros.pesign
|
diff --git a/src/macros.pesign b/src/macros.pesign
|
||||||
index 7c5cba170e9..56f75cafbc4 100644
|
index 21bf391..5a6da1c 100644
|
||||||
--- a/src/macros.pesign
|
--- a/src/macros.pesign
|
||||||
+++ b/src/macros.pesign
|
+++ b/src/macros.pesign
|
||||||
@@ -9,7 +9,7 @@
|
@@ -9,7 +9,7 @@
|
||||||
@ -25,6 +25,3 @@ index 7c5cba170e9..56f75cafbc4 100644
|
|||||||
%__pesign_client_cert %{!?pe_signing_cert:"/CN=Fedora Secure Boot Signer"}%{?pe_signing_cert:"%{pe_signing_cert}"}
|
%__pesign_client_cert %{!?pe_signing_cert:"/CN=Fedora Secure Boot Signer"}%{?pe_signing_cert:"%{pe_signing_cert}"}
|
||||||
|
|
||||||
%_pesign /usr/bin/pesign
|
%_pesign /usr/bin/pesign
|
||||||
--
|
|
||||||
2.26.2
|
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
From c662ad097eaa0d8c3691a22254f5d0e9622b26b7 Mon Sep 17 00:00:00 2001
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
From: Peter Jones <pjones@redhat.com>
|
From: Peter Jones <pjones@redhat.com>
|
||||||
Date: Mon, 6 Jul 2020 16:13:09 -0400
|
Date: Mon, 6 Jul 2020 16:13:09 -0400
|
||||||
Subject: [PATCH 6/7] client: try /run and /var/run for the socket path.
|
Subject: [PATCH] client: try /run and /var/run for the socket path.
|
||||||
|
|
||||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||||
---
|
---
|
||||||
@ -9,10 +9,10 @@ Signed-off-by: Peter Jones <pjones@redhat.com>
|
|||||||
1 file changed, 29 insertions(+), 11 deletions(-)
|
1 file changed, 29 insertions(+), 11 deletions(-)
|
||||||
|
|
||||||
diff --git a/src/client.c b/src/client.c
|
diff --git a/src/client.c b/src/client.c
|
||||||
index 2119ef33bf8..a38383415d5 100644
|
index a4f1d1d..0082be1 100644
|
||||||
--- a/src/client.c
|
--- a/src/client.c
|
||||||
+++ b/src/client.c
|
+++ b/src/client.c
|
||||||
@@ -49,24 +49,24 @@ print_flag_name(FILE *f, int flag)
|
@@ -61,24 +61,24 @@ print_flag_name(FILE *f, int flag)
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
@ -45,7 +45,7 @@ index 2119ef33bf8..a38383415d5 100644
|
|||||||
}
|
}
|
||||||
|
|
||||||
socklen_t len = strlen(addr_un.sun_path) +
|
socklen_t len = strlen(addr_un.sun_path) +
|
||||||
@@ -74,14 +74,32 @@ connect_to_server(void)
|
@@ -86,14 +86,32 @@ connect_to_server(void)
|
||||||
|
|
||||||
rc = connect(sd, (struct sockaddr *)&addr_un, len);
|
rc = connect(sd, (struct sockaddr *)&addr_un, len);
|
||||||
if (rc < 0) {
|
if (rc < 0) {
|
||||||
@ -81,6 +81,3 @@ index 2119ef33bf8..a38383415d5 100644
|
|||||||
static int32_t
|
static int32_t
|
||||||
check_response(int sd, char **srvmsg);
|
check_response(int sd, char **srvmsg);
|
||||||
|
|
||||||
--
|
|
||||||
2.26.2
|
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
From ea81cec14d31cd0b0dbde5b42414bfae9daec9b8 Mon Sep 17 00:00:00 2001
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
From: Peter Jones <pjones@redhat.com>
|
From: Peter Jones <pjones@redhat.com>
|
||||||
Date: Tue, 14 Jul 2020 16:44:09 -0400
|
Date: Tue, 14 Jul 2020 16:44:09 -0400
|
||||||
Subject: [PATCH 07/11] client: remove an extra debug print
|
Subject: [PATCH] client: remove an extra debug print
|
||||||
|
|
||||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||||
---
|
---
|
||||||
@ -9,7 +9,7 @@ Signed-off-by: Peter Jones <pjones@redhat.com>
|
|||||||
1 file changed, 1 deletion(-)
|
1 file changed, 1 deletion(-)
|
||||||
|
|
||||||
diff --git a/src/client.c b/src/client.c
|
diff --git a/src/client.c b/src/client.c
|
||||||
index 0082be1f597..c9966295e5f 100644
|
index 0082be1..c996629 100644
|
||||||
--- a/src/client.c
|
--- a/src/client.c
|
||||||
+++ b/src/client.c
|
+++ b/src/client.c
|
||||||
@@ -536,7 +536,6 @@ oom:
|
@@ -536,7 +536,6 @@ oom:
|
||||||
@ -20,6 +20,3 @@ index 0082be1f597..c9966295e5f 100644
|
|||||||
pm->version = PESIGND_VERSION;
|
pm->version = PESIGND_VERSION;
|
||||||
pm->command = attached ? (add_file_type ? CMD_SIGN_ATTACHED_WITH_FILE_TYPE
|
pm->command = attached ? (add_file_type ? CMD_SIGN_ATTACHED_WITH_FILE_TYPE
|
||||||
: CMD_SIGN_ATTACHED)
|
: CMD_SIGN_ATTACHED)
|
||||||
--
|
|
||||||
2.26.2
|
|
||||||
|
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 6c16b978fd33f3611e9f7aaf4f9c44bce1679485 Mon Sep 17 00:00:00 2001
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
From: Peter Jones <pjones@redhat.com>
|
From: Peter Jones <pjones@redhat.com>
|
||||||
Date: Mon, 6 Jul 2020 13:54:35 -0400
|
Date: Mon, 6 Jul 2020 13:54:35 -0400
|
||||||
Subject: [PATCH] Move most of macros.pesign to pesign-rpmbuild-helper
|
Subject: [PATCH] Move most of macros.pesign to pesign-rpmbuild-helper
|
||||||
@ -7,13 +7,13 @@ Signed-off-by: Peter Jones <pjones@redhat.com>
|
|||||||
---
|
---
|
||||||
Make.defaults | 1 +
|
Make.defaults | 1 +
|
||||||
src/Makefile | 8 +-
|
src/Makefile | 8 +-
|
||||||
src/macros.pesign | 74 ++++--------
|
src/macros.pesign | 74 +++++---------
|
||||||
src/pesign-rpmbuild-helper.in | 222 ++++++++++++++++++++++++++++++++++
|
src/pesign-rpmbuild-helper.in | 222 ++++++++++++++++++++++++++++++++++++++++++
|
||||||
4 files changed, 252 insertions(+), 53 deletions(-)
|
4 files changed, 252 insertions(+), 53 deletions(-)
|
||||||
create mode 100644 src/pesign-rpmbuild-helper.in
|
create mode 100644 src/pesign-rpmbuild-helper.in
|
||||||
|
|
||||||
diff --git a/Make.defaults b/Make.defaults
|
diff --git a/Make.defaults b/Make.defaults
|
||||||
index 0bacafe0d01..d4cd626c11e 100644
|
index 0bacafe..d4cd626 100644
|
||||||
--- a/Make.defaults
|
--- a/Make.defaults
|
||||||
+++ b/Make.defaults
|
+++ b/Make.defaults
|
||||||
@@ -16,6 +16,7 @@ INSTALLROOT = $(DESTDIR)
|
@@ -16,6 +16,7 @@ INSTALLROOT = $(DESTDIR)
|
||||||
@ -25,7 +25,7 @@ index 0bacafe0d01..d4cd626c11e 100644
|
|||||||
PKG_CONFIG = $(CROSS_COMPILE)pkg-config
|
PKG_CONFIG = $(CROSS_COMPILE)pkg-config
|
||||||
CC := $(if $(filter default,$(origin CC)),$(CROSS_COMPILE)gcc,$(CC))
|
CC := $(if $(filter default,$(origin CC)),$(CROSS_COMPILE)gcc,$(CC))
|
||||||
diff --git a/src/Makefile b/src/Makefile
|
diff --git a/src/Makefile b/src/Makefile
|
||||||
index 74327ba13f3..a7ca89159c6 100644
|
index 74327ba..a7ca891 100644
|
||||||
--- a/src/Makefile
|
--- a/src/Makefile
|
||||||
+++ b/src/Makefile
|
+++ b/src/Makefile
|
||||||
@@ -5,7 +5,7 @@ include $(TOPDIR)/Make.version
|
@@ -5,7 +5,7 @@ include $(TOPDIR)/Make.version
|
||||||
@ -58,7 +58,7 @@ index 74327ba13f3..a7ca89159c6 100644
|
|||||||
$(INSTALL) -m 600 pesign-users $(INSTALLROOT)/etc/pesign/users
|
$(INSTALL) -m 600 pesign-users $(INSTALLROOT)/etc/pesign/users
|
||||||
$(INSTALL) -m 600 pesign-groups $(INSTALLROOT)/etc/pesign/groups
|
$(INSTALL) -m 600 pesign-groups $(INSTALLROOT)/etc/pesign/groups
|
||||||
diff --git a/src/macros.pesign b/src/macros.pesign
|
diff --git a/src/macros.pesign b/src/macros.pesign
|
||||||
index 5a6da1c6809..2e984b4eeb3 100644
|
index 5a6da1c..34af57c 100644
|
||||||
--- a/src/macros.pesign
|
--- a/src/macros.pesign
|
||||||
+++ b/src/macros.pesign
|
+++ b/src/macros.pesign
|
||||||
@@ -6,7 +6,7 @@
|
@@ -6,7 +6,7 @@
|
||||||
@ -148,7 +148,7 @@ index 5a6da1c6809..2e984b4eeb3 100644
|
|||||||
+%{nil}
|
+%{nil}
|
||||||
diff --git a/src/pesign-rpmbuild-helper.in b/src/pesign-rpmbuild-helper.in
|
diff --git a/src/pesign-rpmbuild-helper.in b/src/pesign-rpmbuild-helper.in
|
||||||
new file mode 100644
|
new file mode 100644
|
||||||
index 00000000000..c5287c27e0c
|
index 0000000..c5287c2
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ b/src/pesign-rpmbuild-helper.in
|
+++ b/src/pesign-rpmbuild-helper.in
|
||||||
@@ -0,0 +1,222 @@
|
@@ -0,0 +1,222 @@
|
||||||
@ -374,6 +374,3 @@ index 00000000000..c5287c27e0c
|
|||||||
+main "${@}"
|
+main "${@}"
|
||||||
+
|
+
|
||||||
+# vim:filetype=sh:fenc=utf-8:tw=78:sts=4:sw=4
|
+# vim:filetype=sh:fenc=utf-8:tw=78:sts=4:sw=4
|
||||||
--
|
|
||||||
2.26.2
|
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
From 3107894285164a3d25ca215a76593ebb6d4bc84c Mon Sep 17 00:00:00 2001
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
From: Peter Jones <pjones@redhat.com>
|
From: Peter Jones <pjones@redhat.com>
|
||||||
Date: Tue, 14 Jul 2020 15:07:32 -0400
|
Date: Tue, 14 Jul 2020 15:07:32 -0400
|
||||||
Subject: [PATCH 09/11] pesign-authorize: shellcheck
|
Subject: [PATCH] pesign-authorize: shellcheck
|
||||||
|
|
||||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||||
---
|
---
|
||||||
@ -9,7 +9,7 @@ Signed-off-by: Peter Jones <pjones@redhat.com>
|
|||||||
1 file changed, 8 insertions(+), 8 deletions(-)
|
1 file changed, 8 insertions(+), 8 deletions(-)
|
||||||
|
|
||||||
diff --git a/src/pesign-authorize b/src/pesign-authorize
|
diff --git a/src/pesign-authorize b/src/pesign-authorize
|
||||||
index a496f601ab4..55cd5c4e55b 100755
|
index a496f60..55cd5c4 100755
|
||||||
--- a/src/pesign-authorize
|
--- a/src/pesign-authorize
|
||||||
+++ b/src/pesign-authorize
|
+++ b/src/pesign-authorize
|
||||||
@@ -12,21 +12,21 @@ set -u
|
@@ -12,21 +12,21 @@ set -u
|
||||||
@ -55,6 +55,3 @@ index a496f601ab4..55cd5c4e55b 100755
|
|||||||
else
|
else
|
||||||
:;
|
:;
|
||||||
fi
|
fi
|
||||||
--
|
|
||||||
2.26.2
|
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
From 24bb6e1471b16b6be82f13b5b5a302b4e98c1b4d Mon Sep 17 00:00:00 2001
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
From: Peter Jones <pjones@redhat.com>
|
From: Peter Jones <pjones@redhat.com>
|
||||||
Date: Tue, 14 Jul 2020 15:08:15 -0400
|
Date: Tue, 14 Jul 2020 15:08:15 -0400
|
||||||
Subject: [PATCH 10/11] pesign-authorize: don't setfacl /etc/pki/pesign-foo/
|
Subject: [PATCH] pesign-authorize: don't setfacl /etc/pki/pesign-foo/
|
||||||
|
|
||||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||||
---
|
---
|
||||||
@ -9,7 +9,7 @@ Signed-off-by: Peter Jones <pjones@redhat.com>
|
|||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
diff --git a/src/pesign-authorize b/src/pesign-authorize
|
diff --git a/src/pesign-authorize b/src/pesign-authorize
|
||||||
index 55cd5c4e55b..c5448329c2c 100755
|
index 55cd5c4..c544832 100755
|
||||||
--- a/src/pesign-authorize
|
--- a/src/pesign-authorize
|
||||||
+++ b/src/pesign-authorize
|
+++ b/src/pesign-authorize
|
||||||
@@ -47,7 +47,7 @@ update_subdir() {
|
@@ -47,7 +47,7 @@ update_subdir() {
|
||||||
@ -21,6 +21,3 @@ index 55cd5c4e55b..c5448329c2c 100755
|
|||||||
if [ -d "${x}" ]; then
|
if [ -d "${x}" ]; then
|
||||||
update_subdir "${x}"
|
update_subdir "${x}"
|
||||||
else
|
else
|
||||||
--
|
|
||||||
2.26.2
|
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
From 0b9048cbcc1cfc2afd9cbf781732882736cbe965 Mon Sep 17 00:00:00 2001
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
From: Peter Jones <pjones@redhat.com>
|
From: Peter Jones <pjones@redhat.com>
|
||||||
Date: Tue, 14 Jul 2020 16:42:39 -0400
|
Date: Tue, 14 Jul 2020 16:42:39 -0400
|
||||||
Subject: [PATCH 11/11] kernel building hack
|
Subject: [PATCH] kernel building hack
|
||||||
|
|
||||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||||
---
|
---
|
||||||
@ -9,7 +9,7 @@ Signed-off-by: Peter Jones <pjones@redhat.com>
|
|||||||
1 file changed, 17 insertions(+)
|
1 file changed, 17 insertions(+)
|
||||||
|
|
||||||
diff --git a/src/pesign-rpmbuild-helper.in b/src/pesign-rpmbuild-helper.in
|
diff --git a/src/pesign-rpmbuild-helper.in b/src/pesign-rpmbuild-helper.in
|
||||||
index c5287c27e0c..27b8261bc17 100644
|
index c5287c2..27b8261 100644
|
||||||
--- a/src/pesign-rpmbuild-helper.in
|
--- a/src/pesign-rpmbuild-helper.in
|
||||||
+++ b/src/pesign-rpmbuild-helper.in
|
+++ b/src/pesign-rpmbuild-helper.in
|
||||||
@@ -202,6 +202,23 @@ main() {
|
@@ -202,6 +202,23 @@ main() {
|
||||||
@ -36,6 +36,3 @@ index c5287c27e0c..27b8261bc17 100644
|
|||||||
"${client}" "${client_token[@]}" "${client_cert[@]}" \
|
"${client}" "${client_token[@]}" "${client_cert[@]}" \
|
||||||
"${sattrout[@]}" "${certout[@]}" \
|
"${sattrout[@]}" "${certout[@]}" \
|
||||||
${sign} "${input[@]}" "${output[@]}"
|
${sign} "${input[@]}" "${output[@]}"
|
||||||
--
|
|
||||||
2.26.2
|
|
||||||
|
|
||||||
|
@ -1,19 +1,32 @@
|
|||||||
From db4c6e8cc57271dce6d204a3144982e544e55025 Mon Sep 17 00:00:00 2001
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
From: Peter Jones <pjones@redhat.com>
|
From: Peter Jones <pjones@redhat.com>
|
||||||
Date: Thu, 16 Jul 2020 16:28:26 -0400
|
Date: Thu, 16 Jul 2020 16:28:26 -0400
|
||||||
Subject: [PATCH] Use /run not /var/run
|
Subject: [PATCH] Use /run not /var/run
|
||||||
|
|
||||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||||
---
|
---
|
||||||
src/daemon.h | 4 ++--
|
|
||||||
src/Makefile | 2 +-
|
src/Makefile | 2 +-
|
||||||
|
src/daemon.h | 4 ++--
|
||||||
src/pesign-authorize | 2 +-
|
src/pesign-authorize | 2 +-
|
||||||
src/pesign.service.in | 2 +-
|
src/pesign.service.in | 2 +-
|
||||||
src/pesign.sysvinit.in | 10 +++++-----
|
src/pesign.sysvinit.in | 10 +++++-----
|
||||||
5 files changed, 10 insertions(+), 10 deletions(-)
|
5 files changed, 10 insertions(+), 10 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/Makefile b/src/Makefile
|
||||||
|
index a7ca891..f7fb5fc 100644
|
||||||
|
--- a/src/Makefile
|
||||||
|
+++ b/src/Makefile
|
||||||
|
@@ -78,7 +78,7 @@ install_sysvinit: pesign.sysvinit
|
||||||
|
install :
|
||||||
|
$(INSTALL) -d -m 700 $(INSTALLROOT)/etc/pki/pesign/
|
||||||
|
$(INSTALL) -d -m 700 $(INSTALLROOT)/etc/pki/pesign-rh-test/
|
||||||
|
- $(INSTALL) -d -m 770 $(INSTALLROOT)/var/run/pesign/
|
||||||
|
+ $(INSTALL) -d -m 770 $(INSTALLROOT)/run/pesign/
|
||||||
|
$(INSTALL) -d -m 755 $(INSTALLROOT)$(bindir)
|
||||||
|
$(INSTALL) -m 755 authvar $(INSTALLROOT)$(bindir)
|
||||||
|
$(INSTALL) -m 755 pesign $(INSTALLROOT)$(bindir)
|
||||||
diff --git a/src/daemon.h b/src/daemon.h
|
diff --git a/src/daemon.h b/src/daemon.h
|
||||||
index 0368dc9256c..5fcd97ea717 100644
|
index 0368dc9..5fcd97e 100644
|
||||||
--- a/src/daemon.h
|
--- a/src/daemon.h
|
||||||
+++ b/src/daemon.h
|
+++ b/src/daemon.h
|
||||||
@@ -51,8 +51,8 @@ typedef enum {
|
@@ -51,8 +51,8 @@ typedef enum {
|
||||||
@ -27,21 +40,8 @@ index 0368dc9256c..5fcd97ea717 100644
|
|||||||
|
|
||||||
static inline uint32_t UNUSED
|
static inline uint32_t UNUSED
|
||||||
pesignd_string_size(char *buffer)
|
pesignd_string_size(char *buffer)
|
||||||
diff --git a/src/Makefile b/src/Makefile
|
|
||||||
index a7ca89159c6..f7fb5fc9ee5 100644
|
|
||||||
--- a/src/Makefile
|
|
||||||
+++ b/src/Makefile
|
|
||||||
@@ -78,7 +78,7 @@ install_sysvinit: pesign.sysvinit
|
|
||||||
install :
|
|
||||||
$(INSTALL) -d -m 700 $(INSTALLROOT)/etc/pki/pesign/
|
|
||||||
$(INSTALL) -d -m 700 $(INSTALLROOT)/etc/pki/pesign-rh-test/
|
|
||||||
- $(INSTALL) -d -m 770 $(INSTALLROOT)/var/run/pesign/
|
|
||||||
+ $(INSTALL) -d -m 770 $(INSTALLROOT)/run/pesign/
|
|
||||||
$(INSTALL) -d -m 755 $(INSTALLROOT)$(bindir)
|
|
||||||
$(INSTALL) -m 755 authvar $(INSTALLROOT)$(bindir)
|
|
||||||
$(INSTALL) -m 755 pesign $(INSTALLROOT)$(bindir)
|
|
||||||
diff --git a/src/pesign-authorize b/src/pesign-authorize
|
diff --git a/src/pesign-authorize b/src/pesign-authorize
|
||||||
index c5448329c2c..2381302440c 100755
|
index c544832..2381302 100755
|
||||||
--- a/src/pesign-authorize
|
--- a/src/pesign-authorize
|
||||||
+++ b/src/pesign-authorize
|
+++ b/src/pesign-authorize
|
||||||
@@ -47,7 +47,7 @@ update_subdir() {
|
@@ -47,7 +47,7 @@ update_subdir() {
|
||||||
@ -54,7 +54,7 @@ index c5448329c2c..2381302440c 100755
|
|||||||
update_subdir "${x}"
|
update_subdir "${x}"
|
||||||
else
|
else
|
||||||
diff --git a/src/pesign.service.in b/src/pesign.service.in
|
diff --git a/src/pesign.service.in b/src/pesign.service.in
|
||||||
index c75a000892a..4ac2199bce2 100644
|
index c75a000..4ac2199 100644
|
||||||
--- a/src/pesign.service.in
|
--- a/src/pesign.service.in
|
||||||
+++ b/src/pesign.service.in
|
+++ b/src/pesign.service.in
|
||||||
@@ -4,6 +4,6 @@ Description=Pesign signing daemon
|
@@ -4,6 +4,6 @@ Description=Pesign signing daemon
|
||||||
@ -66,7 +66,7 @@ index c75a000892a..4ac2199bce2 100644
|
|||||||
ExecStart=/usr/bin/pesign --daemonize
|
ExecStart=/usr/bin/pesign --daemonize
|
||||||
ExecStartPost=@@LIBEXECDIR@@/pesign/pesign-authorize
|
ExecStartPost=@@LIBEXECDIR@@/pesign/pesign-authorize
|
||||||
diff --git a/src/pesign.sysvinit.in b/src/pesign.sysvinit.in
|
diff --git a/src/pesign.sysvinit.in b/src/pesign.sysvinit.in
|
||||||
index b0e0f84ff0b..bf8edec8ff3 100644
|
index b0e0f84..bf8edec 100644
|
||||||
--- a/src/pesign.sysvinit.in
|
--- a/src/pesign.sysvinit.in
|
||||||
+++ b/src/pesign.sysvinit.in
|
+++ b/src/pesign.sysvinit.in
|
||||||
@@ -4,7 +4,7 @@
|
@@ -4,7 +4,7 @@
|
||||||
@ -100,6 +100,3 @@ index b0e0f84ff0b..bf8edec8ff3 100644
|
|||||||
RETVAL=$?
|
RETVAL=$?
|
||||||
echo
|
echo
|
||||||
rm -f /var/lock/subsys/pesign
|
rm -f /var/lock/subsys/pesign
|
||||||
--
|
|
||||||
2.26.2
|
|
||||||
|
|
||||||
|
32
0013-Turn-off-Wfree-nonheap-object.patch
Normal file
32
0013-Turn-off-Wfree-nonheap-object.patch
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jeff Law <law@redhat.com>
|
||||||
|
Date: Mon, 16 Nov 2020 12:07:59 -0700
|
||||||
|
Subject: [PATCH] Turn off -Wfree-nonheap-object
|
||||||
|
|
||||||
|
authvar.c has a call to free (tokenname) where tokenname is set to a string constant
|
||||||
|
and never changed. That triggers GCC to issue a diagnostic that the value should not
|
||||||
|
be passed to free.
|
||||||
|
|
||||||
|
This is a false positive from GCC as the call is guarded by a suitable condition that
|
||||||
|
always happens to be false. But pesign is being built without optimization and thus
|
||||||
|
the condition and free call are not optimized away.
|
||||||
|
|
||||||
|
This patch just disables the warning. A better solution would be to fix the sources
|
||||||
|
or build with the optimizer enabled.
|
||||||
|
---
|
||||||
|
Make.defaults | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/Make.defaults b/Make.defaults
|
||||||
|
index d4cd626..705cc3a 100644
|
||||||
|
--- a/Make.defaults
|
||||||
|
+++ b/Make.defaults
|
||||||
|
@@ -40,7 +40,7 @@ gcc_cflags = -Wmaybe-uninitialized -grecord-gcc-switches -flto
|
||||||
|
cflags = $(CFLAGS) $(ARCH3264) \
|
||||||
|
-Wall -Wextra -Wsign-compare -Wno-unused-result \
|
||||||
|
-Wno-unused-function -Wno-missing-field-initializers \
|
||||||
|
- -Werror -Wno-error=cpp \
|
||||||
|
+ -Werror -Wno-error=cpp -Wno-free-nonheap-object \
|
||||||
|
-std=gnu11 -fshort-wchar -fPIC -fno-strict-aliasing \
|
||||||
|
-D_GNU_SOURCE -DCONFIG_$(ARCH) -I${TOPDIR}/include \
|
||||||
|
$(if $(filter $(CC),clang),$(clang_cflags), ) \
|
39
0014-Fix-bad-free-of-cms-data-DoS-only.patch
Normal file
39
0014-Fix-bad-free-of-cms-data-DoS-only.patch
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
|
Date: Thu, 3 Mar 2022 15:37:02 -0500
|
||||||
|
Subject: [PATCH] Fix bad free of cms data (DoS only)
|
||||||
|
|
||||||
|
handle_unlock_token() set the CMS data to an offset of an allocated
|
||||||
|
buffer, rather than something allocated in its own right.
|
||||||
|
cms_set_pw_data() would then attempt to free this value. Additionally,
|
||||||
|
should pesignd not take SIGABRT at that point, handle_unlock_token()
|
||||||
|
would then also free buffer.
|
||||||
|
|
||||||
|
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
|
||||||
|
(cherry picked from commit 7b78af412dc0ca5db54c426a13550cf35caa9516)
|
||||||
|
---
|
||||||
|
src/daemon.c | 4 +++-
|
||||||
|
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/daemon.c b/src/daemon.c
|
||||||
|
index 8522250..3ae3c8d 100644
|
||||||
|
--- a/src/daemon.c
|
||||||
|
+++ b/src/daemon.c
|
||||||
|
@@ -166,6 +166,7 @@ handle_unlock_token(context *ctx, struct pollfd *pollfd, socklen_t size)
|
||||||
|
struct msghdr msg;
|
||||||
|
struct iovec iov;
|
||||||
|
ssize_t n;
|
||||||
|
+ char *pin = NULL;
|
||||||
|
|
||||||
|
int rc = cms_context_alloc(&ctx->cms);
|
||||||
|
if (rc < 0) {
|
||||||
|
@@ -233,7 +234,8 @@ malformed:
|
||||||
|
if (!ctx->cms->tokenname)
|
||||||
|
goto oom;
|
||||||
|
|
||||||
|
- char *pin = (char *)tp->value;
|
||||||
|
+ if (!tp->value)
|
||||||
|
+ pin = strndup((char *)tp->value, tp->size);
|
||||||
|
if (!pin)
|
||||||
|
goto oom;
|
||||||
|
|
25
0015-daemon-remove-always-true-comparison.patch
Normal file
25
0015-daemon-remove-always-true-comparison.patch
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
|
Date: Tue, 8 Mar 2022 12:59:34 -0500
|
||||||
|
Subject: [PATCH] daemon: remove always-true comparison
|
||||||
|
|
||||||
|
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
|
||||||
|
(cherry picked from commit 500ee15d26630066baaa48dea1dbfd614d8ea225)
|
||||||
|
---
|
||||||
|
src/daemon.c | 3 +--
|
||||||
|
1 file changed, 1 insertion(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/daemon.c b/src/daemon.c
|
||||||
|
index 3ae3c8d..1179cb3 100644
|
||||||
|
--- a/src/daemon.c
|
||||||
|
+++ b/src/daemon.c
|
||||||
|
@@ -234,8 +234,7 @@ malformed:
|
||||||
|
if (!ctx->cms->tokenname)
|
||||||
|
goto oom;
|
||||||
|
|
||||||
|
- if (!tp->value)
|
||||||
|
- pin = strndup((char *)tp->value, tp->size);
|
||||||
|
+ pin = strndup((char *)tp->value, tp->size);
|
||||||
|
if (!pin)
|
||||||
|
goto oom;
|
||||||
|
|
@ -3,7 +3,7 @@
|
|||||||
Name: pesign
|
Name: pesign
|
||||||
Summary: Signing utility for UEFI binaries
|
Summary: Signing utility for UEFI binaries
|
||||||
Version: 113
|
Version: 113
|
||||||
Release: 17%{?dist}
|
Release: 18%{?dist}
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
URL: https://github.com/vathpela/pesign
|
URL: https://github.com/vathpela/pesign
|
||||||
|
|
||||||
@ -56,6 +56,8 @@ Patch0010: 0010-pesign-authorize-don-t-setfacl-etc-pki-pesign-foo.patch
|
|||||||
Patch0011: 0011-kernel-building-hack.patch
|
Patch0011: 0011-kernel-building-hack.patch
|
||||||
Patch0012: 0012-Use-run-not-var-run.patch
|
Patch0012: 0012-Use-run-not-var-run.patch
|
||||||
Patch0013: 0013-Turn-off-free-nonheap-object.patch
|
Patch0013: 0013-Turn-off-free-nonheap-object.patch
|
||||||
|
Patch0014: 0014-Fix-bad-free-of-cms-data-DoS-only.patch
|
||||||
|
Patch0015: 0015-daemon-remove-always-true-comparison.patch
|
||||||
|
|
||||||
%description
|
%description
|
||||||
This package contains the pesign utility for signing UEFI binaries as
|
This package contains the pesign utility for signing UEFI binaries as
|
||||||
@ -168,6 +170,9 @@ certutil -d %{_sysconfdir}/pki/pesign/ -X -L > /dev/null
|
|||||||
%{python3_sitelib}/mockbuild/plugins/pesign.*
|
%{python3_sitelib}/mockbuild/plugins/pesign.*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Mar 08 2022 Robbie Harwood <rharwood@redhat.com> - 113-18
|
||||||
|
- Backport DoS fix from 115
|
||||||
|
|
||||||
* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 113-17
|
* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 113-17
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user