From bdccb8412c5020d7e3ca4c3ad598d7dcfcce8bea Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 8 Mar 2022 17:54:45 +0000 Subject: [PATCH] New upstream version (115) Signed-off-by: Robbie Harwood --- 0001-Revert-Move-license-to-GPLv3.patch | 969 ------------------ ...daemon-remove-always-true-comparison.patch | 24 + ...Fix-format-strings-for-32-bit-arches.patch | 112 -- 0003-macros-drop-_pesign_args.patch | 47 - ...andle-NULL-pwdata-in-cms_set_pw_data.patch | 55 - 0005-fcf-protection-is-arch-specific.patch | 46 - 0006-Disable-analyzer-until-it-works.patch | 26 - pesign.spec | 13 +- sources | 2 +- 9 files changed, 31 insertions(+), 1263 deletions(-) delete mode 100644 0001-Revert-Move-license-to-GPLv3.patch create mode 100644 0001-daemon-remove-always-true-comparison.patch delete mode 100644 0002-Fix-format-strings-for-32-bit-arches.patch delete mode 100644 0003-macros-drop-_pesign_args.patch delete mode 100644 0004-Handle-NULL-pwdata-in-cms_set_pw_data.patch delete mode 100644 0005-fcf-protection-is-arch-specific.patch delete mode 100644 0006-Disable-analyzer-until-it-works.patch diff --git a/0001-Revert-Move-license-to-GPLv3.patch b/0001-Revert-Move-license-to-GPLv3.patch deleted file mode 100644 index 4e4bec5..0000000 --- a/0001-Revert-Move-license-to-GPLv3.patch +++ /dev/null @@ -1,969 +0,0 @@ -From fc20530a0ef666b49e6276c983d2d16517d3839b Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Tue, 1 Feb 2022 15:04:30 -0500 -Subject: [PATCH 1/5] Revert "Move license to GPLv3+" - -This was done too soon. It's missing some pieces and we need buy-in on -a couple of source files. - -This reverts commit 735650258c7956525b7ecf4b67483d025f0500e8. ---- - COPYING | 881 +++++++++++++++++--------------------------------------- - 1 file changed, 272 insertions(+), 609 deletions(-) - -diff --git a/COPYING b/COPYING -index 4432540..d159169 100644 ---- a/COPYING -+++ b/COPYING -@@ -1,627 +1,285 @@ -+ GNU GENERAL PUBLIC LICENSE -+ Version 2, June 1991 - -- GNU GENERAL PUBLIC LICENSE -- Version 3, 29 June 2007 -- -- Copyright (C) 2007 Free Software Foundation, Inc. -+ Copyright (C) 1989, 1991 Free Software Foundation, Inc., -+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - -- Preamble -+ Preamble - -- The GNU General Public License is a free, copyleft license for --software and other kinds of works. -- -- The licenses for most software and other practical works are designed --to take away your freedom to share and change the works. By contrast, --the GNU General Public License is intended to guarantee your freedom to --share and change all versions of a program--to make sure it remains free --software for all its users. We, the Free Software Foundation, use the --GNU General Public License for most of our software; it applies also to --any other work released this way by its authors. You can apply it to -+ The licenses for most software are designed to take away your -+freedom to share and change it. By contrast, the GNU General Public -+License is intended to guarantee your freedom to share and change free -+software--to make sure the software is free for all its users. This -+General Public License applies to most of the Free Software -+Foundation's software and to any other program whose authors commit to -+using it. (Some other Free Software Foundation software is covered by -+the GNU Lesser General Public License instead.) You can apply it to - your programs, too. - - When we speak of free software, we are referring to freedom, not - price. Our General Public Licenses are designed to make sure that you - have the freedom to distribute copies of free software (and charge for --them if you wish), that you receive source code or can get it if you --want it, that you can change the software or use pieces of it in new --free programs, and that you know you can do these things. -+this service if you wish), that you receive source code or can get it -+if you want it, that you can change the software or use pieces of it -+in new free programs; and that you know you can do these things. - -- To protect your rights, we need to prevent others from denying you --these rights or asking you to surrender the rights. Therefore, you have --certain responsibilities if you distribute copies of the software, or if --you modify it: responsibilities to respect the freedom of others. -+ To protect your rights, we need to make restrictions that forbid -+anyone to deny you these rights or to ask you to surrender the rights. -+These restrictions translate to certain responsibilities for you if you -+distribute copies of the software, or if you modify it. - - For example, if you distribute copies of such a program, whether --gratis or for a fee, you must pass on to the recipients the same --freedoms that you received. You must make sure that they, too, receive --or can get the source code. And you must show them these terms so they --know their rights. -+gratis or for a fee, you must give the recipients all the rights that -+you have. You must make sure that they, too, receive or can get the -+source code. And you must show them these terms so they know their -+rights. - -- Developers that use the GNU GPL protect your rights with two steps: --(1) assert copyright on the software, and (2) offer you this License --giving you legal permission to copy, distribute and/or modify it. -+ We protect your rights with two steps: (1) copyright the software, and -+(2) offer you this license which gives you legal permission to copy, -+distribute and/or modify the software. - -- For the developers' and authors' protection, the GPL clearly explains --that there is no warranty for this free software. For both users' and --authors' sake, the GPL requires that modified versions be marked as --changed, so that their problems will not be attributed erroneously to --authors of previous versions. -+ Also, for each author's protection and ours, we want to make certain -+that everyone understands that there is no warranty for this free -+software. If the software is modified by someone else and passed on, we -+want its recipients to know that what they have is not the original, so -+that any problems introduced by others will not reflect on the original -+authors' reputations. - -- Some devices are designed to deny users access to install or run --modified versions of the software inside them, although the manufacturer --can do so. This is fundamentally incompatible with the aim of --protecting users' freedom to change the software. The systematic --pattern of such abuse occurs in the area of products for individuals to --use, which is precisely where it is most unacceptable. Therefore, we --have designed this version of the GPL to prohibit the practice for those --products. If such problems arise substantially in other domains, we --stand ready to extend this provision to those domains in future versions --of the GPL, as needed to protect the freedom of users. -- -- Finally, every program is threatened constantly by software patents. --States should not allow patents to restrict development and use of --software on general-purpose computers, but in those that do, we wish to --avoid the special danger that patents applied to a free program could --make it effectively proprietary. To prevent this, the GPL assures that --patents cannot be used to render the program non-free. -+ Finally, any free program is threatened constantly by software -+patents. We wish to avoid the danger that redistributors of a free -+program will individually obtain patent licenses, in effect making the -+program proprietary. To prevent this, we have made it clear that any -+patent must be licensed for everyone's free use or not licensed at all. - - The precise terms and conditions for copying, distribution and - modification follow. - -- TERMS AND CONDITIONS -- -- 0. Definitions. -- -- "This License" refers to version 3 of the GNU General Public License. -- -- "Copyright" also means copyright-like laws that apply to other kinds of --works, such as semiconductor masks. -- -- "The Program" refers to any copyrightable work licensed under this --License. Each licensee is addressed as "you". "Licensees" and --"recipients" may be individuals or organizations. -- -- To "modify" a work means to copy from or adapt all or part of the work --in a fashion requiring copyright permission, other than the making of an --exact copy. The resulting work is called a "modified version" of the --earlier work or a work "based on" the earlier work. -- -- A "covered work" means either the unmodified Program or a work based --on the Program. -- -- To "propagate" a work means to do anything with it that, without --permission, would make you directly or secondarily liable for --infringement under applicable copyright law, except executing it on a --computer or modifying a private copy. Propagation includes copying, --distribution (with or without modification), making available to the --public, and in some countries other activities as well. -- -- To "convey" a work means any kind of propagation that enables other --parties to make or receive copies. Mere interaction with a user through --a computer network, with no transfer of a copy, is not conveying. -- -- An interactive user interface displays "Appropriate Legal Notices" --to the extent that it includes a convenient and prominently visible --feature that (1) displays an appropriate copyright notice, and (2) --tells the user that there is no warranty for the work (except to the --extent that warranties are provided), that licensees may convey the --work under this License, and how to view a copy of this License. If --the interface presents a list of user commands or options, such as a --menu, a prominent item in the list meets this criterion. -- -- 1. Source Code. -- -- The "source code" for a work means the preferred form of the work --for making modifications to it. "Object code" means any non-source --form of a work. -- -- A "Standard Interface" means an interface that either is an official --standard defined by a recognized standards body, or, in the case of --interfaces specified for a particular programming language, one that --is widely used among developers working in that language. -- -- The "System Libraries" of an executable work include anything, other --than the work as a whole, that (a) is included in the normal form of --packaging a Major Component, but which is not part of that Major --Component, and (b) serves only to enable use of the work with that --Major Component, or to implement a Standard Interface for which an --implementation is available to the public in source code form. A --"Major Component", in this context, means a major essential component --(kernel, window system, and so on) of the specific operating system --(if any) on which the executable work runs, or a compiler used to --produce the work, or an object code interpreter used to run it. -- -- The "Corresponding Source" for a work in object code form means all --the source code needed to generate, install, and (for an executable --work) run the object code and to modify the work, including scripts to --control those activities. However, it does not include the work's --System Libraries, or general-purpose tools or generally available free --programs which are used unmodified in performing those activities but --which are not part of the work. For example, Corresponding Source --includes interface definition files associated with source files for --the work, and the source code for shared libraries and dynamically --linked subprograms that the work is specifically designed to require, --such as by intimate data communication or control flow between those --subprograms and other parts of the work. -- -- The Corresponding Source need not include anything that users --can regenerate automatically from other parts of the Corresponding --Source. -- -- The Corresponding Source for a work in source code form is that --same work. -- -- 2. Basic Permissions. -- -- All rights granted under this License are granted for the term of --copyright on the Program, and are irrevocable provided the stated --conditions are met. This License explicitly affirms your unlimited --permission to run the unmodified Program. The output from running a --covered work is covered by this License only if the output, given its --content, constitutes a covered work. This License acknowledges your --rights of fair use or other equivalent, as provided by copyright law. -- -- You may make, run and propagate covered works that you do not --convey, without conditions so long as your license otherwise remains --in force. You may convey covered works to others for the sole purpose --of having them make modifications exclusively for you, or provide you --with facilities for running those works, provided that you comply with --the terms of this License in conveying all material for which you do --not control copyright. Those thus making or running the covered works --for you must do so exclusively on your behalf, under your direction --and control, on terms that prohibit them from making any copies of --your copyrighted material outside their relationship with you. -- -- Conveying under any other circumstances is permitted solely under --the conditions stated below. Sublicensing is not allowed; section 10 --makes it unnecessary. -- -- 3. Protecting Users' Legal Rights From Anti-Circumvention Law. -- -- No covered work shall be deemed part of an effective technological --measure under any applicable law fulfilling obligations under article --11 of the WIPO copyright treaty adopted on 20 December 1996, or --similar laws prohibiting or restricting circumvention of such --measures. -- -- When you convey a covered work, you waive any legal power to forbid --circumvention of technological measures to the extent such circumvention --is effected by exercising rights under this License with respect to --the covered work, and you disclaim any intention to limit operation or --modification of the work as a means of enforcing, against the work's --users, your or third parties' legal rights to forbid circumvention of --technological measures. -- -- 4. Conveying Verbatim Copies. -- -- You may convey verbatim copies of the Program's source code as you --receive it, in any medium, provided that you conspicuously and --appropriately publish on each copy an appropriate copyright notice; --keep intact all notices stating that this License and any --non-permissive terms added in accord with section 7 apply to the code; --keep intact all notices of the absence of any warranty; and give all --recipients a copy of this License along with the Program. -- -- You may charge any price or no price for each copy that you convey, --and you may offer support or warranty protection for a fee. -- -- 5. Conveying Modified Source Versions. -- -- You may convey a work based on the Program, or the modifications to --produce it from the Program, in the form of source code under the --terms of section 4, provided that you also meet all of these conditions: -- -- a) The work must carry prominent notices stating that you modified -- it, and giving a relevant date. -- -- b) The work must carry prominent notices stating that it is -- released under this License and any conditions added under section -- 7. This requirement modifies the requirement in section 4 to -- "keep intact all notices". -- -- c) You must license the entire work, as a whole, under this -- License to anyone who comes into possession of a copy. This -- License will therefore apply, along with any applicable section 7 -- additional terms, to the whole of the work, and all its parts, -- regardless of how they are packaged. This License gives no -- permission to license the work in any other way, but it does not -- invalidate such permission if you have separately received it. -- -- d) If the work has interactive user interfaces, each must display -- Appropriate Legal Notices; however, if the Program has interactive -- interfaces that do not display Appropriate Legal Notices, your -- work need not make them do so. -- -- A compilation of a covered work with other separate and independent --works, which are not by their nature extensions of the covered work, --and which are not combined with it such as to form a larger program, --in or on a volume of a storage or distribution medium, is called an --"aggregate" if the compilation and its resulting copyright are not --used to limit the access or legal rights of the compilation's users --beyond what the individual works permit. Inclusion of a covered work --in an aggregate does not cause this License to apply to the other --parts of the aggregate. -- -- 6. Conveying Non-Source Forms. -- -- You may convey a covered work in object code form under the terms --of sections 4 and 5, provided that you also convey the --machine-readable Corresponding Source under the terms of this License, --in one of these ways: -- -- a) Convey the object code in, or embodied in, a physical product -- (including a physical distribution medium), accompanied by the -- Corresponding Source fixed on a durable physical medium -- customarily used for software interchange. -- -- b) Convey the object code in, or embodied in, a physical product -- (including a physical distribution medium), accompanied by a -- written offer, valid for at least three years and valid for as -- long as you offer spare parts or customer support for that product -- model, to give anyone who possesses the object code either (1) a -- copy of the Corresponding Source for all the software in the -- product that is covered by this License, on a durable physical -- medium customarily used for software interchange, for a price no -- more than your reasonable cost of physically performing this -- conveying of source, or (2) access to copy the -- Corresponding Source from a network server at no charge. -- -- c) Convey individual copies of the object code with a copy of the -- written offer to provide the Corresponding Source. This -- alternative is allowed only occasionally and noncommercially, and -- only if you received the object code with such an offer, in accord -- with subsection 6b. -- -- d) Convey the object code by offering access from a designated -- place (gratis or for a charge), and offer equivalent access to the -- Corresponding Source in the same way through the same place at no -- further charge. You need not require recipients to copy the -- Corresponding Source along with the object code. If the place to -- copy the object code is a network server, the Corresponding Source -- may be on a different server (operated by you or a third party) -- that supports equivalent copying facilities, provided you maintain -- clear directions next to the object code saying where to find the -- Corresponding Source. Regardless of what server hosts the -- Corresponding Source, you remain obligated to ensure that it is -- available for as long as needed to satisfy these requirements. -- -- e) Convey the object code using peer-to-peer transmission, provided -- you inform other peers where the object code and Corresponding -- Source of the work are being offered to the general public at no -- charge under subsection 6d. -- -- A separable portion of the object code, whose source code is excluded --from the Corresponding Source as a System Library, need not be --included in conveying the object code work. -- -- A "User Product" is either (1) a "consumer product", which means any --tangible personal property which is normally used for personal, family, --or household purposes, or (2) anything designed or sold for incorporation --into a dwelling. In determining whether a product is a consumer product, --doubtful cases shall be resolved in favor of coverage. For a particular --product received by a particular user, "normally used" refers to a --typical or common use of that class of product, regardless of the status --of the particular user or of the way in which the particular user --actually uses, or expects or is expected to use, the product. A product --is a consumer product regardless of whether the product has substantial --commercial, industrial or non-consumer uses, unless such uses represent --the only significant mode of use of the product. -- -- "Installation Information" for a User Product means any methods, --procedures, authorization keys, or other information required to install --and execute modified versions of a covered work in that User Product from --a modified version of its Corresponding Source. The information must --suffice to ensure that the continued functioning of the modified object --code is in no case prevented or interfered with solely because --modification has been made. -- -- If you convey an object code work under this section in, or with, or --specifically for use in, a User Product, and the conveying occurs as --part of a transaction in which the right of possession and use of the --User Product is transferred to the recipient in perpetuity or for a --fixed term (regardless of how the transaction is characterized), the --Corresponding Source conveyed under this section must be accompanied --by the Installation Information. But this requirement does not apply --if neither you nor any third party retains the ability to install --modified object code on the User Product (for example, the work has --been installed in ROM). -- -- The requirement to provide Installation Information does not include a --requirement to continue to provide support service, warranty, or updates --for a work that has been modified or installed by the recipient, or for --the User Product in which it has been modified or installed. Access to a --network may be denied when the modification itself materially and --adversely affects the operation of the network or violates the rules and --protocols for communication across the network. -- -- Corresponding Source conveyed, and Installation Information provided, --in accord with this section must be in a format that is publicly --documented (and with an implementation available to the public in --source code form), and must require no special password or key for --unpacking, reading or copying. -- -- 7. Additional Terms. -- -- "Additional permissions" are terms that supplement the terms of this --License by making exceptions from one or more of its conditions. --Additional permissions that are applicable to the entire Program shall --be treated as though they were included in this License, to the extent --that they are valid under applicable law. If additional permissions --apply only to part of the Program, that part may be used separately --under those permissions, but the entire Program remains governed by --this License without regard to the additional permissions. -- -- When you convey a copy of a covered work, you may at your option --remove any additional permissions from that copy, or from any part of --it. (Additional permissions may be written to require their own --removal in certain cases when you modify the work.) You may place --additional permissions on material, added by you to a covered work, --for which you have or can give appropriate copyright permission. -- -- Notwithstanding any other provision of this License, for material you --add to a covered work, you may (if authorized by the copyright holders of --that material) supplement the terms of this License with terms: -- -- a) Disclaiming warranty or limiting liability differently from the -- terms of sections 15 and 16 of this License; or -- -- b) Requiring preservation of specified reasonable legal notices or -- author attributions in that material or in the Appropriate Legal -- Notices displayed by works containing it; or -- -- c) Prohibiting misrepresentation of the origin of that material, or -- requiring that modified versions of such material be marked in -- reasonable ways as different from the original version; or -- -- d) Limiting the use for publicity purposes of names of licensors or -- authors of the material; or -- -- e) Declining to grant rights under trademark law for use of some -- trade names, trademarks, or service marks; or -- -- f) Requiring indemnification of licensors and authors of that -- material by anyone who conveys the material (or modified versions of -- it) with contractual assumptions of liability to the recipient, for -- any liability that these contractual assumptions directly impose on -- those licensors and authors. -- -- All other non-permissive additional terms are considered "further --restrictions" within the meaning of section 10. If the Program as you --received it, or any part of it, contains a notice stating that it is --governed by this License along with a term that is a further --restriction, you may remove that term. If a license document contains --a further restriction but permits relicensing or conveying under this --License, you may add to a covered work material governed by the terms --of that license document, provided that the further restriction does --not survive such relicensing or conveying. -- -- If you add terms to a covered work in accord with this section, you --must place, in the relevant source files, a statement of the --additional terms that apply to those files, or a notice indicating --where to find the applicable terms. -- -- Additional terms, permissive or non-permissive, may be stated in the --form of a separately written license, or stated as exceptions; --the above requirements apply either way. -- -- 8. Termination. -- -- You may not propagate or modify a covered work except as expressly --provided under this License. Any attempt otherwise to propagate or --modify it is void, and will automatically terminate your rights under --this License (including any patent licenses granted under the third --paragraph of section 11). -- -- However, if you cease all violation of this License, then your --license from a particular copyright holder is reinstated (a) --provisionally, unless and until the copyright holder explicitly and --finally terminates your license, and (b) permanently, if the copyright --holder fails to notify you of the violation by some reasonable means --prior to 60 days after the cessation. -- -- Moreover, your license from a particular copyright holder is --reinstated permanently if the copyright holder notifies you of the --violation by some reasonable means, this is the first time you have --received notice of violation of this License (for any work) from that --copyright holder, and you cure the violation prior to 30 days after --your receipt of the notice. -- -- Termination of your rights under this section does not terminate the --licenses of parties who have received copies or rights from you under --this License. If your rights have been terminated and not permanently --reinstated, you do not qualify to receive new licenses for the same --material under section 10. -- -- 9. Acceptance Not Required for Having Copies. -- -- You are not required to accept this License in order to receive or --run a copy of the Program. Ancillary propagation of a covered work --occurring solely as a consequence of using peer-to-peer transmission --to receive a copy likewise does not require acceptance. However, --nothing other than this License grants you permission to propagate or --modify any covered work. These actions infringe copyright if you do --not accept this License. Therefore, by modifying or propagating a --covered work, you indicate your acceptance of this License to do so. -- -- 10. Automatic Licensing of Downstream Recipients. -- -- Each time you convey a covered work, the recipient automatically --receives a license from the original licensors, to run, modify and --propagate that work, subject to this License. You are not responsible --for enforcing compliance by third parties with this License. -- -- An "entity transaction" is a transaction transferring control of an --organization, or substantially all assets of one, or subdividing an --organization, or merging organizations. If propagation of a covered --work results from an entity transaction, each party to that --transaction who receives a copy of the work also receives whatever --licenses to the work the party's predecessor in interest had or could --give under the previous paragraph, plus a right to possession of the --Corresponding Source of the work from the predecessor in interest, if --the predecessor has it or can get it with reasonable efforts. -- -- You may not impose any further restrictions on the exercise of the --rights granted or affirmed under this License. For example, you may --not impose a license fee, royalty, or other charge for exercise of --rights granted under this License, and you may not initiate litigation --(including a cross-claim or counterclaim in a lawsuit) alleging that --any patent claim is infringed by making, using, selling, offering for --sale, or importing the Program or any portion of it. -- -- 11. Patents. -- -- A "contributor" is a copyright holder who authorizes use under this --License of the Program or a work on which the Program is based. The --work thus licensed is called the contributor's "contributor version". -- -- A contributor's "essential patent claims" are all patent claims --owned or controlled by the contributor, whether already acquired or --hereafter acquired, that would be infringed by some manner, permitted --by this License, of making, using, or selling its contributor version, --but do not include claims that would be infringed only as a --consequence of further modification of the contributor version. For --purposes of this definition, "control" includes the right to grant --patent sublicenses in a manner consistent with the requirements of -+ GNU GENERAL PUBLIC LICENSE -+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION -+ -+ 0. This License applies to any program or other work which contains -+a notice placed by the copyright holder saying it may be distributed -+under the terms of this General Public License. The "Program", below, -+refers to any such program or work, and a "work based on the Program" -+means either the Program or any derivative work under copyright law: -+that is to say, a work containing the Program or a portion of it, -+either verbatim or with modifications and/or translated into another -+language. (Hereinafter, translation is included without limitation in -+the term "modification".) Each licensee is addressed as "you". -+ -+Activities other than copying, distribution and modification are not -+covered by this License; they are outside its scope. The act of -+running the Program is not restricted, and the output from the Program -+is covered only if its contents constitute a work based on the -+Program (independent of having been made by running the Program). -+Whether that is true depends on what the Program does. -+ -+ 1. You may copy and distribute verbatim copies of the Program's -+source code as you receive it, in any medium, provided that you -+conspicuously and appropriately publish on each copy an appropriate -+copyright notice and disclaimer of warranty; keep intact all the -+notices that refer to this License and to the absence of any warranty; -+and give any other recipients of the Program a copy of this License -+along with the Program. -+ -+You may charge a fee for the physical act of transferring a copy, and -+you may at your option offer warranty protection in exchange for a fee. -+ -+ 2. You may modify your copy or copies of the Program or any portion -+of it, thus forming a work based on the Program, and copy and -+distribute such modifications or work under the terms of Section 1 -+above, provided that you also meet all of these conditions: -+ -+ a) You must cause the modified files to carry prominent notices -+ stating that you changed the files and the date of any change. -+ -+ b) You must cause any work that you distribute or publish, that in -+ whole or in part contains or is derived from the Program or any -+ part thereof, to be licensed as a whole at no charge to all third -+ parties under the terms of this License. -+ -+ c) If the modified program normally reads commands interactively -+ when run, you must cause it, when started running for such -+ interactive use in the most ordinary way, to print or display an -+ announcement including an appropriate copyright notice and a -+ notice that there is no warranty (or else, saying that you provide -+ a warranty) and that users may redistribute the program under -+ these conditions, and telling the user how to view a copy of this -+ License. (Exception: if the Program itself is interactive but -+ does not normally print such an announcement, your work based on -+ the Program is not required to print an announcement.) -+ -+These requirements apply to the modified work as a whole. If -+identifiable sections of that work are not derived from the Program, -+and can be reasonably considered independent and separate works in -+themselves, then this License, and its terms, do not apply to those -+sections when you distribute them as separate works. But when you -+distribute the same sections as part of a whole which is a work based -+on the Program, the distribution of the whole must be on the terms of -+this License, whose permissions for other licensees extend to the -+entire whole, and thus to each and every part regardless of who wrote it. -+ -+Thus, it is not the intent of this section to claim rights or contest -+your rights to work written entirely by you; rather, the intent is to -+exercise the right to control the distribution of derivative or -+collective works based on the Program. -+ -+In addition, mere aggregation of another work not based on the Program -+with the Program (or with a work based on the Program) on a volume of -+a storage or distribution medium does not bring the other work under -+the scope of this License. -+ -+ 3. You may copy and distribute the Program (or a work based on it, -+under Section 2) in object code or executable form under the terms of -+Sections 1 and 2 above provided that you also do one of the following: -+ -+ a) Accompany it with the complete corresponding machine-readable -+ source code, which must be distributed under the terms of Sections -+ 1 and 2 above on a medium customarily used for software interchange; or, -+ -+ b) Accompany it with a written offer, valid for at least three -+ years, to give any third party, for a charge no more than your -+ cost of physically performing source distribution, a complete -+ machine-readable copy of the corresponding source code, to be -+ distributed under the terms of Sections 1 and 2 above on a medium -+ customarily used for software interchange; or, -+ -+ c) Accompany it with the information you received as to the offer -+ to distribute corresponding source code. (This alternative is -+ allowed only for noncommercial distribution and only if you -+ received the program in object code or executable form with such -+ an offer, in accord with Subsection b above.) -+ -+The source code for a work means the preferred form of the work for -+making modifications to it. For an executable work, complete source -+code means all the source code for all modules it contains, plus any -+associated interface definition files, plus the scripts used to -+control compilation and installation of the executable. However, as a -+special exception, the source code distributed need not include -+anything that is normally distributed (in either source or binary -+form) with the major components (compiler, kernel, and so on) of the -+operating system on which the executable runs, unless that component -+itself accompanies the executable. -+ -+If distribution of executable or object code is made by offering -+access to copy from a designated place, then offering equivalent -+access to copy the source code from the same place counts as -+distribution of the source code, even though third parties are not -+compelled to copy the source along with the object code. -+ -+ 4. You may not copy, modify, sublicense, or distribute the Program -+except as expressly provided under this License. Any attempt -+otherwise to copy, modify, sublicense or distribute the Program is -+void, and will automatically terminate your rights under this License. -+However, parties who have received copies, or rights, from you under -+this License will not have their licenses terminated so long as such -+parties remain in full compliance. -+ -+ 5. You are not required to accept this License, since you have not -+signed it. However, nothing else grants you permission to modify or -+distribute the Program or its derivative works. These actions are -+prohibited by law if you do not accept this License. Therefore, by -+modifying or distributing the Program (or any work based on the -+Program), you indicate your acceptance of this License to do so, and -+all its terms and conditions for copying, distributing or modifying -+the Program or works based on it. -+ -+ 6. Each time you redistribute the Program (or any work based on the -+Program), the recipient automatically receives a license from the -+original licensor to copy, distribute or modify the Program subject to -+these terms and conditions. You may not impose any further -+restrictions on the recipients' exercise of the rights granted herein. -+You are not responsible for enforcing compliance by third parties to - this License. - -- Each contributor grants you a non-exclusive, worldwide, royalty-free --patent license under the contributor's essential patent claims, to --make, use, sell, offer for sale, import and otherwise run, modify and --propagate the contents of its contributor version. -- -- In the following three paragraphs, a "patent license" is any express --agreement or commitment, however denominated, not to enforce a patent --(such as an express permission to practice a patent or covenant not to --sue for patent infringement). To "grant" such a patent license to a --party means to make such an agreement or commitment not to enforce a --patent against the party. -- -- If you convey a covered work, knowingly relying on a patent license, --and the Corresponding Source of the work is not available for anyone --to copy, free of charge and under the terms of this License, through a --publicly available network server or other readily accessible means, --then you must either (1) cause the Corresponding Source to be so --available, or (2) arrange to deprive yourself of the benefit of the --patent license for this particular work, or (3) arrange, in a manner --consistent with the requirements of this License, to extend the patent --license to downstream recipients. "Knowingly relying" means you have --actual knowledge that, but for the patent license, your conveying the --covered work in a country, or your recipient's use of the covered work --in a country, would infringe one or more identifiable patents in that --country that you have reason to believe are valid. -- -- If, pursuant to or in connection with a single transaction or --arrangement, you convey, or propagate by procuring conveyance of, a --covered work, and grant a patent license to some of the parties --receiving the covered work authorizing them to use, propagate, modify --or convey a specific copy of the covered work, then the patent license --you grant is automatically extended to all recipients of the covered --work and works based on it. -- -- A patent license is "discriminatory" if it does not include within --the scope of its coverage, prohibits the exercise of, or is --conditioned on the non-exercise of one or more of the rights that are --specifically granted under this License. You may not convey a covered --work if you are a party to an arrangement with a third party that is --in the business of distributing software, under which you make payment --to the third party based on the extent of your activity of conveying --the work, and under which the third party grants, to any of the --parties who would receive the covered work from you, a discriminatory --patent license (a) in connection with copies of the covered work --conveyed by you (or copies made from those copies), or (b) primarily --for and in connection with specific products or compilations that --contain the covered work, unless you entered into that arrangement, --or that patent license was granted, prior to 28 March 2007. -- -- Nothing in this License shall be construed as excluding or limiting --any implied license or other defenses to infringement that may --otherwise be available to you under applicable patent law. -- -- 12. No Surrender of Others' Freedom. -- -- If conditions are imposed on you (whether by court order, agreement or -+ 7. If, as a consequence of a court judgment or allegation of patent -+infringement or for any other reason (not limited to patent issues), -+conditions are imposed on you (whether by court order, agreement or - otherwise) that contradict the conditions of this License, they do not --excuse you from the conditions of this License. If you cannot convey a --covered work so as to satisfy simultaneously your obligations under this --License and any other pertinent obligations, then as a consequence you may --not convey it at all. For example, if you agree to terms that obligate you --to collect a royalty for further conveying from those to whom you convey --the Program, the only way you could satisfy both those terms and this --License would be to refrain entirely from conveying the Program. -+excuse you from the conditions of this License. If you cannot -+distribute so as to satisfy simultaneously your obligations under this -+License and any other pertinent obligations, then as a consequence you -+may not distribute the Program at all. For example, if a patent -+license would not permit royalty-free redistribution of the Program by -+all those who receive copies directly or indirectly through you, then -+the only way you could satisfy both it and this License would be to -+refrain entirely from distribution of the Program. - -- 13. Use with the GNU Affero General Public License. -+If any portion of this section is held invalid or unenforceable under -+any particular circumstance, the balance of the section is intended to -+apply and the section as a whole is intended to apply in other -+circumstances. - -- Notwithstanding any other provision of this License, you have --permission to link or combine any covered work with a work licensed --under version 3 of the GNU Affero General Public License into a single --combined work, and to convey the resulting work. The terms of this --License will continue to apply to the part which is the covered work, --but the special requirements of the GNU Affero General Public License, --section 13, concerning interaction through a network will apply to the --combination as such. -+It is not the purpose of this section to induce you to infringe any -+patents or other property right claims or to contest validity of any -+such claims; this section has the sole purpose of protecting the -+integrity of the free software distribution system, which is -+implemented by public license practices. Many people have made -+generous contributions to the wide range of software distributed -+through that system in reliance on consistent application of that -+system; it is up to the author/donor to decide if he or she is willing -+to distribute software through any other system and a licensee cannot -+impose that choice. - -- 14. Revised Versions of this License. -+This section is intended to make thoroughly clear what is believed to -+be a consequence of the rest of this License. - -- The Free Software Foundation may publish revised and/or new versions of --the GNU General Public License from time to time. Such new versions will -+ 8. If the distribution and/or use of the Program is restricted in -+certain countries either by patents or by copyrighted interfaces, the -+original copyright holder who places the Program under this License -+may add an explicit geographical distribution limitation excluding -+those countries, so that distribution is permitted only in or among -+countries not thus excluded. In such case, this License incorporates -+the limitation as if written in the body of this License. -+ -+ 9. The Free Software Foundation may publish revised and/or new versions -+of the General Public License from time to time. Such new versions will - be similar in spirit to the present version, but may differ in detail to - address new problems or concerns. - -- Each version is given a distinguishing version number. If the --Program specifies that a certain numbered version of the GNU General --Public License "or any later version" applies to it, you have the --option of following the terms and conditions either of that numbered --version or of any later version published by the Free Software --Foundation. If the Program does not specify a version number of the --GNU General Public License, you may choose any version ever published --by the Free Software Foundation. -+Each version is given a distinguishing version number. If the Program -+specifies a version number of this License which applies to it and "any -+later version", you have the option of following the terms and conditions -+either of that version or of any later version published by the Free -+Software Foundation. If the Program does not specify a version number of -+this License, you may choose any version ever published by the Free Software -+Foundation. - -- If the Program specifies that a proxy can decide which future --versions of the GNU General Public License can be used, that proxy's --public statement of acceptance of a version permanently authorizes you --to choose that version for the Program. -+ 10. If you wish to incorporate parts of the Program into other free -+programs whose distribution conditions are different, write to the author -+to ask for permission. For software which is copyrighted by the Free -+Software Foundation, write to the Free Software Foundation; we sometimes -+make exceptions for this. Our decision will be guided by the two goals -+of preserving the free status of all derivatives of our free software and -+of promoting the sharing and reuse of software generally. - -- Later license versions may give you additional or different --permissions. However, no additional obligations are imposed on any --author or copyright holder as a result of your choosing to follow a --later version. -+ NO WARRANTY - -- 15. Disclaimer of Warranty. -+ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY -+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN -+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES -+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED -+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS -+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE -+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, -+REPAIR OR CORRECTION. - -- THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY --APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT --HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY --OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, --THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR --PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM --IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF --ALL NECESSARY SERVICING, REPAIR OR CORRECTION. -+ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR -+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, -+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING -+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED -+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY -+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER -+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE -+POSSIBILITY OF SUCH DAMAGES. - -- 16. Limitation of Liability. -+ END OF TERMS AND CONDITIONS - -- IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING --WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS --THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY --GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE --USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF --DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD --PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), --EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF --SUCH DAMAGES. -- -- 17. Interpretation of Sections 15 and 16. -- -- If the disclaimer of warranty and limitation of liability provided --above cannot be given local legal effect according to their terms, --reviewing courts shall apply local law that most closely approximates --an absolute waiver of all civil liability in connection with the --Program, unless a warranty or assumption of liability accompanies a --copy of the Program in return for a fee. -- -- END OF TERMS AND CONDITIONS -- -- How to Apply These Terms to Your New Programs -+ How to Apply These Terms to Your New Programs - - If you develop a new program, and you want it to be of the greatest - possible use to the public, the best way to achieve this is to make it -@@ -629,15 +287,15 @@ free software which everyone can redistribute and change under these terms. - - To do so, attach the following notices to the program. It is safest - to attach them to the start of each source file to most effectively --state the exclusion of warranty; and each file should have at least -+convey the exclusion of warranty; and each file should have at least - the "copyright" line and a pointer to where the full notice is found. - - - Copyright (C) - -- This program is free software: you can redistribute it and/or modify -+ This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by -- the Free Software Foundation, either version 3 of the License, or -+ the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, -@@ -645,32 +303,37 @@ the "copyright" line and a pointer to where the full notice is found. - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - -- You should have received a copy of the GNU General Public License -- along with this program. If not, see . -+ You should have received a copy of the GNU General Public License along -+ with this program; if not, write to the Free Software Foundation, Inc., -+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Also add information on how to contact you by electronic and paper mail. - -- If the program does terminal interaction, make it output a short --notice like this when it starts in an interactive mode: -+If the program is interactive, make it output a short notice like this -+when it starts in an interactive mode: - -- Copyright (C) -- This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. -+ Gnomovision version 69, Copyright (C) year name of author -+ Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. - This is free software, and you are welcome to redistribute it - under certain conditions; type `show c' for details. - - The hypothetical commands `show w' and `show c' should show the appropriate --parts of the General Public License. Of course, your program's commands --might be different; for a GUI interface, you would use an "about box". -+parts of the General Public License. Of course, the commands you use may -+be called something other than `show w' and `show c'; they could even be -+mouse-clicks or menu items--whatever suits your program. - -- You should also get your employer (if you work as a programmer) or school, --if any, to sign a "copyright disclaimer" for the program, if necessary. --For more information on this, and how to apply and follow the GNU GPL, see --. -+You should also get your employer (if you work as a programmer) or your -+school, if any, to sign a "copyright disclaimer" for the program, if -+necessary. Here is a sample; alter the names: - -- The GNU General Public License does not permit incorporating your program --into proprietary programs. If your program is a subroutine library, you --may consider it more useful to permit linking proprietary applications with --the library. If this is what you want to do, use the GNU Lesser General --Public License instead of this License. But first, please read --. -+ Yoyodyne, Inc., hereby disclaims all copyright interest in the program -+ `Gnomovision' (which makes passes at compilers) written by James Hacker. - -+ , 1 April 1989 -+ Ty Coon, President of Vice -+ -+This General Public License does not permit incorporating your program into -+proprietary programs. If your program is a subroutine library, you may -+consider it more useful to permit linking proprietary applications with the -+library. If this is what you want to do, use the GNU Lesser General -+Public License instead of this License. --- -2.34.1 - diff --git a/0001-daemon-remove-always-true-comparison.patch b/0001-daemon-remove-always-true-comparison.patch new file mode 100644 index 0000000..cbb5d32 --- /dev/null +++ b/0001-daemon-remove-always-true-comparison.patch @@ -0,0 +1,24 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Tue, 8 Mar 2022 12:59:34 -0500 +Subject: [PATCH] daemon: remove always-true comparison + +Signed-off-by: Robbie Harwood +--- + src/daemon.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/src/daemon.c b/src/daemon.c +index 0a66deb..ff88210 100644 +--- a/src/daemon.c ++++ b/src/daemon.c +@@ -221,8 +221,7 @@ malformed: + if (!ctx->cms->tokenname) + goto oom; + +- if (!tp->value) +- pin = strndup((char *)tp->value, tp->size); ++ pin = strndup((char *)tp->value, tp->size); + if (!pin) + goto oom; + diff --git a/0002-Fix-format-strings-for-32-bit-arches.patch b/0002-Fix-format-strings-for-32-bit-arches.patch deleted file mode 100644 index 1aaab2d..0000000 --- a/0002-Fix-format-strings-for-32-bit-arches.patch +++ /dev/null @@ -1,112 +0,0 @@ -From df8783ed4ed87fef850268098690985049916ee9 Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Tue, 1 Feb 2022 17:37:14 -0500 -Subject: [PATCH 2/5] Fix format strings for 32-bit arches - -Sadly, in 2022, this remains a thing. - -Signed-off-by: Robbie Harwood ---- - src/cms_pe_common.c | 16 +++++++++------- - src/password.c | 7 ++++--- - 2 files changed, 13 insertions(+), 10 deletions(-) - -diff --git a/src/cms_pe_common.c b/src/cms_pe_common.c -index 964f0d9..3a3921b 100644 ---- a/src/cms_pe_common.c -+++ b/src/cms_pe_common.c -@@ -49,7 +49,7 @@ check_pointer_and_size(cms_context *cms, Pe *pe, void *ptr, size_t size) - - if (p + size > m + map_size) - cmsreterr(0, cms, -- "pointer %p is above mmap end at %p (%lu is %lu bytes past EOF at %lu)", -+ "pointer %p is above mmap end at %p (%lu is %lu bytes past EOF at %zu)", - (void *)((uintptr_t)p + size), - (void *)((uintptr_t)m + map_size), - p + size - m, -@@ -189,7 +189,7 @@ generate_digest(cms_context *cms, Pe *pe, int padded) - if (!check_pointer_and_size(cms, pe, hash_base, hash_size)) - cmsgotoerr(error, cms, "PE header is invalid"); - dprintf("beginning of hash"); -- dprintf("digesting %lx + %lx", hash_base - map, hash_size); -+ dprintf("digesting %tx + %zx", hash_base - map, hash_size); - generate_digest_step(cms, hash_base, hash_size); - - /* 5. Skip over the image checksum -@@ -209,7 +209,7 @@ generate_digest(cms_context *cms, Pe *pe, int padded) - cmsgotoerr(error, cms, "PE data directory is invalid"); - - generate_digest_step(cms, hash_base, hash_size); -- dprintf("digesting %lx + %lx", hash_base - map, hash_size); -+ dprintf("digesting %tx + %zx", hash_base - map, hash_size); - - /* 8. Skip over the crt dir - * 9. Hash everything up to the end of the image header. */ -@@ -222,7 +222,7 @@ generate_digest(cms_context *cms, Pe *pe, int padded) - cmsgotoerr(error, cms, "PE relocations table is invalid"); - - generate_digest_step(cms, hash_base, hash_size); -- dprintf("digesting %lx + %lx", hash_base - map, hash_size); -+ dprintf("digesting %tx + %zx", hash_base - map, hash_size); - - /* 10. Set SUM_OF_BYTES_HASHED to the size of the header. */ - hashed_bytes = pe32opthdr ? pe32opthdr->header_size -@@ -265,7 +265,7 @@ generate_digest(cms_context *cms, Pe *pe, int padded) - } - - generate_digest_step(cms, hash_base, hash_size); -- dprintf("digesting %lx + %lx", hash_base - map, hash_size); -+ dprintf("digesting %tx + %zx", hash_base - map, hash_size); - - hashed_bytes += hash_size; - } -@@ -285,10 +285,12 @@ generate_digest(cms_context *cms, Pe *pe, int padded) - memset(tmp_array, '\0', tmp_size); - memcpy(tmp_array, hash_base, hash_size); - generate_digest_step(cms, tmp_array, tmp_size); -- dprintf("digesting %lx + %lx", (unsigned long)tmp_array, tmp_size); -+ dprintf("digesting %tx + %zx", (ptrdiff_t)tmp_array, -+ tmp_size); - } else { - generate_digest_step(cms, hash_base, hash_size); -- dprintf("digesting %lx + %lx", hash_base - map, hash_size); -+ dprintf("digesting %tx + %zx", hash_base - map, -+ hash_size); - } - } - dprintf("end of hash"); -diff --git a/src/password.c b/src/password.c -index 644f362..05add9a 100644 ---- a/src/password.c -+++ b/src/password.c -@@ -213,7 +213,7 @@ parse_pwfile_line(char *start, struct token_pass *tp) - dprintf("non-whitespace span is %zd", span); - - if (line[span] == '\0') { -- dprintf("returning %ld", (line + span) - start); -+ dprintf("returning %td", (line + span) - start); - return (line + span) - start; - } - line[span] = '\0'; -@@ -241,7 +241,7 @@ parse_pwfile_line(char *start, struct token_pass *tp) - dprintf("Setting token pass %p to { %p, %p }", tp, tp->token, tp->pass); - dprintf("token:\"%s\"", tp->token); - dprintf("pass:\"%s\"", tp->pass); -- dprintf("returning %ld", (line + span) - start); -+ dprintf("returning %td", (line + span) - start); - return (line + span) - start; - } - -@@ -330,7 +330,8 @@ SECU_FilePasswd(PK11SlotInfo *slot, PRBool retry, void *arg) - if (c != '\0') - span++; - start += span; -- dprintf("start is file[%ld] == '\\x%02hhx'", start - file, start[0]); -+ dprintf("start is file[%td] == '\\x%02hhx'", start - file, -+ start[0]); - } - - qsort(phrases, nphrases, sizeof(struct token_pass), token_pass_cmp); --- -2.34.1 - diff --git a/0003-macros-drop-_pesign_args.patch b/0003-macros-drop-_pesign_args.patch deleted file mode 100644 index 40a7bf5..0000000 --- a/0003-macros-drop-_pesign_args.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 389decab7b9bcba307e52709b00741a19405f02b Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Wed, 2 Feb 2022 16:07:46 -0500 -Subject: [PATCH 3/5] macros: drop %{_pesign_args} - -Effectively reverts 30b488682a92c524bb9c0d450c34e9abc0b56de9 - -Also, make our argument parser fail on extra arguments to make it easier -to debug when this kind of thing happens again. - -Signed-off-by: Robbie Harwood ---- - src/macros.pesign | 1 - - src/pesign-rpmbuild-helper.in | 5 +++++ - 2 files changed, 5 insertions(+), 1 deletion(-) - -diff --git a/src/macros.pesign b/src/macros.pesign -index 519a8a3..34af57c 100644 ---- a/src/macros.pesign -+++ b/src/macros.pesign -@@ -27,7 +27,6 @@ - %{_libexecdir}/pesign/pesign-rpmbuild-helper \\\ - "%{_target_cpu}" \\\ - "%{_pesign}" \\\ -- "%{_pesign_args}" \\\ - "%{_pesign_client}" \\\ - %{?__pesign_client_token:--client-token %{__pesign_client_token}} \\\ - %{?__pesign_client_cert:--client-cert %{__pesign_client_cert}} \\\ -diff --git a/src/pesign-rpmbuild-helper.in b/src/pesign-rpmbuild-helper.in -index 27b8261..0a845d2 100644 ---- a/src/pesign-rpmbuild-helper.in -+++ b/src/pesign-rpmbuild-helper.in -@@ -133,6 +133,11 @@ main() { - sign=-s - shift - fi -+ if [[ $# -ge 1 ]] ; then -+ echo "$# extra unparsed arguments!">>/dev/stderr -+ echo "Cowardly refusing to run">>/dev/stderr -+ exit 1 -+ fi - - if [[ -z "${target_cpu}" ]] ; then - target_cpu="$(uname -m)" --- -2.34.1 - diff --git a/0004-Handle-NULL-pwdata-in-cms_set_pw_data.patch b/0004-Handle-NULL-pwdata-in-cms_set_pw_data.patch deleted file mode 100644 index f36d1e0..0000000 --- a/0004-Handle-NULL-pwdata-in-cms_set_pw_data.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 4d1ead068248b56ecaeb437f0c0b59f9d89b9748 Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Mon, 14 Feb 2022 15:46:25 -0500 -Subject: [PATCH 4/5] Handle NULL pwdata in cms_set_pw_data() - -When 12f16710ee44ef64ddb044a3523c3c4c4d90039a rewrote this function, it -didn't handle the NULL pwdata invocation from daemon.c. This leads to a -explicit NULL dereference and crash on all attempts to daemonize pesign. - -Signed-off-by: Robbie Harwood -(cherry picked from commit b879dda52f8122de697d145977c285fb0a022d76) ---- - src/cms_common.c | 18 ++++++++++++------ - 1 file changed, 12 insertions(+), 6 deletions(-) - -diff --git a/src/cms_common.c b/src/cms_common.c -index 332999e..ca37e6a 100644 ---- a/src/cms_common.c -+++ b/src/cms_common.c -@@ -313,7 +313,7 @@ void cms_set_pw_data(cms_context *cms, secuPWData *pwdata) - - case PW_FROMFD: - if (cms->pwdata.intdata >= 0 && -- !(pwdata->source == PW_FROMFD && -+ !(pwdata && pwdata->source == PW_FROMFD && - cms->pwdata.intdata == pwdata->intdata)) - close(cms->pwdata.intdata); - break; -@@ -330,12 +330,18 @@ void cms_set_pw_data(cms_context *cms, secuPWData *pwdata) - xfree(cms->pwdata.data); - break; - } -- memmove(&cms->pwdata, pwdata, sizeof(*pwdata)); - -- dprintf("pwdata:%p", pwdata); -- dprintf("pwdata->source:%d", pwdata->source); -- dprintf("pwdata->data:%p (\"%s\")", pwdata->data, -- pwdata->data ? pwdata->data : "(null)"); -+ if (!pwdata) { -+ cms->pwdata.source = PW_SOURCE_INVALID; -+ dprintf("pwdata:NULL"); -+ } else { -+ memmove(&cms->pwdata, pwdata, sizeof(*pwdata)); -+ dprintf("pwdata:%p", pwdata); -+ dprintf("pwdata->source:%d", pwdata->source); -+ dprintf("pwdata->data:%p (\"%s\")", pwdata->data, -+ pwdata->data ? pwdata->data : "(null)"); -+ } -+ - egress(); - } - --- -2.34.1 - diff --git a/0005-fcf-protection-is-arch-specific.patch b/0005-fcf-protection-is-arch-specific.patch deleted file mode 100644 index 84093bf..0000000 --- a/0005-fcf-protection-is-arch-specific.patch +++ /dev/null @@ -1,46 +0,0 @@ -From f03c5fbe6b4327b9ecd781bfdf64147e1b68e6c1 Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Wed, 9 Feb 2022 15:23:27 -0500 -Subject: [PATCH 5/5] -fcf-protection is arch-specific - -Signed-off-by: Robbie Harwood -(cherry picked from commit c48df510144de3b1187001bc3b5491509da1c58f) ---- - Make.defaults | 10 ++++++---- - 1 file changed, 6 insertions(+), 4 deletions(-) - -diff --git a/Make.defaults b/Make.defaults -index fdb961a..130c1ee 100644 ---- a/Make.defaults -+++ b/Make.defaults -@@ -22,11 +22,16 @@ EFI_ARCHES ?= aa64 ia32 x64 - - enabled = $(if $(filter undefined,$(origin $(1))),$(3),$(2)) - -+HOSTARCH = $(shell uname -m | sed s,i[3456789]86,ia32,) -+ARCH := $(shell uname -m | sed s,i[3456789]86,ia32,) -+ -+ - PKG_CONFIG ?= $(CROSS_COMPILE)pkg-config - CC := $(if $(filter default,$(origin CC)),$(CROSS_COMPILE)gcc,$(CC)) - CCLD := $(if $(filter undefined,$(origin CCLD)),$(CC),$(CCLD)) - CFLAGS ?= -O2 -g3 -pipe -fPIE -fstack-protector-all \ -- -fstack-clash-protection -fcf-protection=full -+ -fstack-clash-protection \ -+ $(if $(filter x86_64 ia32,$(ARCH)),-fcf-protection=full,) - DIAGFLAGS ?= -fmessage-length=0 \ - -fdiagnostics-color=always \ - -fdiagnostics-format=text \ -@@ -42,9 +47,6 @@ INSTALL ?= $(CROSS_COMPILE)install - - PKGS = efivar nspr nss nss-util uuid - --HOSTARCH = $(shell uname -m | sed s,i[3456789]86,ia32,) --ARCH := $(shell uname -m | sed s,i[3456789]86,ia32,) -- - SOFLAGS ?= -shared - clang_cflags = - gcc_cflags = -Wmaybe-uninitialized -grecord-gcc-switches \ --- -2.34.1 - diff --git a/0006-Disable-analyzer-until-it-works.patch b/0006-Disable-analyzer-until-it-works.patch deleted file mode 100644 index 4ed8cbf..0000000 --- a/0006-Disable-analyzer-until-it-works.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 288b05dcd5a3b48836c4904e38b14e38a0cdfa07 Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Mon, 14 Feb 2022 17:26:19 -0500 -Subject: [PATCH] Disable analyzer until it works - -See-also: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104370 -Signed-off-by: Robbie Harwood ---- - Make.defaults | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/Make.defaults b/Make.defaults -index 130c1ee..5e56a76 100644 ---- a/Make.defaults -+++ b/Make.defaults -@@ -36,7 +36,6 @@ DIAGFLAGS ?= -fmessage-length=0 \ - -fdiagnostics-color=always \ - -fdiagnostics-format=text \ - -fdiagnostics-show-cwe \ -- -fanalyzer \ - $(call enabled,ENABLE_LEAK_CHECKER,-Wno-analyzer-malloc-leak,) - AS ?= $(CROSS_COMPILE)as - AR ?= $(CROSS_COMPILE)$(if $(filter $(CC),clang),llvm-ar,$(notdir $(CC))-ar) --- -2.34.1 - diff --git a/pesign.spec b/pesign.spec index d534229..764f6a6 100644 --- a/pesign.spec +++ b/pesign.spec @@ -5,8 +5,8 @@ Name: pesign Summary: Signing utility for UEFI binaries -Version: 114 -Release: 4%{?dist} +Version: 115 +Release: 1%{?dist} License: GPL-2.0-only URL: https://github.com/rhboot/pesign @@ -47,11 +47,7 @@ Source0: https://github.com/rhboot/pesign/releases/download/%{version}/pesign-%{ Source1: certs.tar.xz Source2: pesign.py -Patch0001: 0001-Revert-Move-license-to-GPLv3.patch -Patch0002: 0002-Fix-format-strings-for-32-bit-arches.patch -Patch0003: 0003-macros-drop-_pesign_args.patch -Patch0004: 0004-Handle-NULL-pwdata-in-cms_set_pw_data.patch -Patch0005: 0005-fcf-protection-is-arch-specific.patch +Patch0001: 0001-daemon-remove-always-true-comparison.patch %description This package contains the pesign utility for signing UEFI binaries as @@ -163,6 +159,9 @@ certutil -d %{_sysconfdir}/pki/pesign/ -X -L > /dev/null %{python3_sitelib}/mockbuild/plugins/pesign.* %changelog +* Tue Mar 08 2022 Robbie Harwood - 115-1 +- New upstream version (115) + * Mon Feb 14 2022 Robbie Harwood - 114-4 - Disable -fanalyzer since it's broken and pragmas don't work - See-also: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104370 diff --git a/sources b/sources index 3522848..b6ddc75 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ SHA512 (certs.tar.xz) = ddac535c786d1a23074534323c4ce89f907d4f82b19c5d3a9c814b145fbac1599cd2386cf20c28d22aee7d5c4db441f052bab9ee655de756117a0a0bc99b525f -SHA512 (pesign-114.tar.bz2) = 5465c002db6f59ab59799ec79504ed96662bc5da2310282d2e85fc1f03c938343d88927e764e595bf21c3501e599e529a4752281349097cdc74e616535179b3c +SHA512 (pesign-115.tar.bz2) = 0091d70e286326b1ed74418ca8c5a2a63d42e6aa3eccdfc4f09a34241b2addfe878af17d1d74648b7da79d6cd7158fcca0f3a52f4a82a57cacae4617b42b1faa