diff options
Diffstat (limited to 'app-crypt/pesign/files')
-rw-r--r-- | app-crypt/pesign/files/pesign-113-enum-conversion.patch | 46 | ||||
-rw-r--r-- | app-crypt/pesign/files/pesign-113-nss.patch | 47 | ||||
-rw-r--r-- | app-crypt/pesign/files/pesign-114-format-string.patch | 111 | ||||
-rw-r--r-- | app-crypt/pesign/files/pesign-114-no-werror.patch | 13 | ||||
-rw-r--r-- | app-crypt/pesign/files/pesign-114-wanalyzer-diagnostic.patch | 19 | ||||
-rw-r--r-- | app-crypt/pesign/files/pesign-116-no-werror.patch | 11 |
6 files changed, 154 insertions, 93 deletions
diff --git a/app-crypt/pesign/files/pesign-113-enum-conversion.patch b/app-crypt/pesign/files/pesign-113-enum-conversion.patch deleted file mode 100644 index 89a57e460fbe..000000000000 --- a/app-crypt/pesign/files/pesign-113-enum-conversion.patch +++ /dev/null @@ -1,46 +0,0 @@ -From c555fd74c009242c3864576bd5f17a1f8f4fdffd Mon Sep 17 00:00:00 2001 -From: Peter Jones <pjones@redhat.com> -Date: Tue, 18 Feb 2020 16:28:56 -0500 -Subject: [PATCH] pesigcheck: Fix a wrong assignment - -gcc says: - - pesigcheck.c: In function 'check_signature': - pesigcheck.c:321:17: error: implicit conversion from 'enum <anonymous>' to 'enum <anonymous>' [-Werror=enum-conversion] - 321 | reason->type = siBuffer; - | ^ - pesigcheck.c:333:17: error: implicit conversion from 'enum <anonymous>' to 'enum <anonymous>' [-Werror=enum-conversion] - 333 | reason->type = siBuffer; - | ^ - cc1: all warnings being treated as errors - -And indeed, that line of code makes no sense at all - it was supposed to -be reason->sig.type. - -Signed-off-by: Peter Jones <pjones@redhat.com> ---- - src/pesigcheck.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/pesigcheck.c b/src/pesigcheck.c -index 524cce3..8fa0f1a 100644 ---- a/src/pesigcheck.c -+++ b/src/pesigcheck.c -@@ -318,7 +318,7 @@ check_signature(pesigcheck_context *ctx, int *nreasons, - reason->type = SIGNATURE; - reason->sig.data = data; - reason->sig.len = datalen; -- reason->type = siBuffer; -+ reason->sig.type = siBuffer; - nreason += 1; - is_invalid = true; - } -@@ -330,7 +330,7 @@ check_signature(pesigcheck_context *ctx, int *nreasons, - reason->type = SIGNATURE; - reason->sig.data = data; - reason->sig.len = datalen; -- reason->type = siBuffer; -+ reason->sig.type = siBuffer; - nreason += 1; - has_valid_cert = true; - } diff --git a/app-crypt/pesign/files/pesign-113-nss.patch b/app-crypt/pesign/files/pesign-113-nss.patch deleted file mode 100644 index 5a227a87268b..000000000000 --- a/app-crypt/pesign/files/pesign-113-nss.patch +++ /dev/null @@ -1,47 +0,0 @@ -From b535d1ac5cbcdf18a97d97a92581e38080d9e521 Mon Sep 17 00:00:00 2001 -From: Peter Jones <pjones@redhat.com> -Date: Tue, 14 May 2019 11:28:38 -0400 -Subject: [PATCH] efikeygen: Fix the build with nss 3.44 - -NSS 3.44 adds some certificate types, which changes a type and makes -some encoding stuff weird. As a result, we get: - -gcc8 -I/wrkdirs/usr/ports/sysutils/pesign/work/pesign-0.110/include -O2 -pipe -fstack-protector-strong -Wl,-rpath=/usr/local/lib/gcc8 -isystem /usr/local/include -fno-strict-aliasing -g -O0 -g -O0 -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants --std=gnu99 -D_GNU_SOURCE -Wno-unused-result -Wno-unused-function -I../include/ -I/usr/local/include/nss -I/usr/local/include/nss/nss -I/usr/local/include/nspr -Werror -fPIC -isystem /usr/local/include -DCONFIG_amd64 -DCONFIG_amd64 -c efikeygen.c -o efikeygen.o -In file included from /usr/local/include/nss/nss/cert.h:22, - from efikeygen.c:39: -efikeygen.c: In function 'add_cert_type': -/usr/local/include/nss/nss/certt.h:445:5: error: unsigned conversion from 'int' to 'unsigned char' changes value from '496' to '240' [-Werror=overflow] - (NS_CERT_TYPE_SSL_CLIENT | NS_CERT_TYPE_SSL_SERVER | NS_CERT_TYPE_EMAIL | \ - ^ -efikeygen.c:208:23: note: in expansion of macro 'NS_CERT_TYPE_APP' - unsigned char type = NS_CERT_TYPE_APP; - ^~~~~~~~~~~~~~~~ -cc1: all warnings being treated as errors - -This is fixed by just making it an int. - -Fixes github issue #48. - -Signed-off-by: Peter Jones <pjones@redhat.com> -Upstream-Status: Accepted -[https://github.com/rhboot/pesign/commit/b535d1ac5cbcdf18a97d97a92581e38080d9e521] ---- - src/efikeygen.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/efikeygen.c b/src/efikeygen.c -index ede76ef..2cd953e 100644 ---- a/src/efikeygen.c -+++ b/src/efikeygen.c -@@ -208,7 +208,7 @@ static int - add_cert_type(cms_context *cms, void *extHandle, int is_ca) - { - SECItem bitStringValue; -- unsigned char type = NS_CERT_TYPE_APP; -+ int type = NS_CERT_TYPE_APP; - - if (is_ca) - type |= NS_CERT_TYPE_SSL_CA | --- -2.22.0 - diff --git a/app-crypt/pesign/files/pesign-114-format-string.patch b/app-crypt/pesign/files/pesign-114-format-string.patch new file mode 100644 index 000000000000..2361cb4a2660 --- /dev/null +++ b/app-crypt/pesign/files/pesign-114-format-string.patch @@ -0,0 +1,111 @@ +https://github.com/rhboot/pesign/commit/df8783ed4ed87fef850268098690985049916ee9.patch + +From df8783ed4ed87fef850268098690985049916ee9 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood <rharwood@redhat.com> +Date: Tue, 1 Feb 2022 17:37:14 -0500 +Subject: [PATCH] Fix format strings for 32-bit arches + +Sadly, in 2022, this remains a thing. + +Signed-off-by: Robbie Harwood <rharwood@redhat.com> +--- + src/cms_pe_common.c | 16 +++++++++------- + src/password.c | 7 ++++--- + 2 files changed, 13 insertions(+), 10 deletions(-) + +diff --git a/src/cms_pe_common.c b/src/cms_pe_common.c +index 964f0d9..3a3921b 100644 +--- a/src/cms_pe_common.c ++++ b/src/cms_pe_common.c +@@ -49,7 +49,7 @@ check_pointer_and_size(cms_context *cms, Pe *pe, void *ptr, size_t size) + + if (p + size > m + map_size) + cmsreterr(0, cms, +- "pointer %p is above mmap end at %p (%lu is %lu bytes past EOF at %lu)", ++ "pointer %p is above mmap end at %p (%lu is %lu bytes past EOF at %zu)", + (void *)((uintptr_t)p + size), + (void *)((uintptr_t)m + map_size), + p + size - m, +@@ -189,7 +189,7 @@ generate_digest(cms_context *cms, Pe *pe, int padded) + if (!check_pointer_and_size(cms, pe, hash_base, hash_size)) + cmsgotoerr(error, cms, "PE header is invalid"); + dprintf("beginning of hash"); +- dprintf("digesting %lx + %lx", hash_base - map, hash_size); ++ dprintf("digesting %tx + %zx", hash_base - map, hash_size); + generate_digest_step(cms, hash_base, hash_size); + + /* 5. Skip over the image checksum +@@ -209,7 +209,7 @@ generate_digest(cms_context *cms, Pe *pe, int padded) + cmsgotoerr(error, cms, "PE data directory is invalid"); + + generate_digest_step(cms, hash_base, hash_size); +- dprintf("digesting %lx + %lx", hash_base - map, hash_size); ++ dprintf("digesting %tx + %zx", hash_base - map, hash_size); + + /* 8. Skip over the crt dir + * 9. Hash everything up to the end of the image header. */ +@@ -222,7 +222,7 @@ generate_digest(cms_context *cms, Pe *pe, int padded) + cmsgotoerr(error, cms, "PE relocations table is invalid"); + + generate_digest_step(cms, hash_base, hash_size); +- dprintf("digesting %lx + %lx", hash_base - map, hash_size); ++ dprintf("digesting %tx + %zx", hash_base - map, hash_size); + + /* 10. Set SUM_OF_BYTES_HASHED to the size of the header. */ + hashed_bytes = pe32opthdr ? pe32opthdr->header_size +@@ -265,7 +265,7 @@ generate_digest(cms_context *cms, Pe *pe, int padded) + } + + generate_digest_step(cms, hash_base, hash_size); +- dprintf("digesting %lx + %lx", hash_base - map, hash_size); ++ dprintf("digesting %tx + %zx", hash_base - map, hash_size); + + hashed_bytes += hash_size; + } +@@ -285,10 +285,12 @@ generate_digest(cms_context *cms, Pe *pe, int padded) + memset(tmp_array, '\0', tmp_size); + memcpy(tmp_array, hash_base, hash_size); + generate_digest_step(cms, tmp_array, tmp_size); +- dprintf("digesting %lx + %lx", (unsigned long)tmp_array, tmp_size); ++ dprintf("digesting %tx + %zx", (ptrdiff_t)tmp_array, ++ tmp_size); + } else { + generate_digest_step(cms, hash_base, hash_size); +- dprintf("digesting %lx + %lx", hash_base - map, hash_size); ++ dprintf("digesting %tx + %zx", hash_base - map, ++ hash_size); + } + } + dprintf("end of hash"); +diff --git a/src/password.c b/src/password.c +index 644f362..05add9a 100644 +--- a/src/password.c ++++ b/src/password.c +@@ -213,7 +213,7 @@ parse_pwfile_line(char *start, struct token_pass *tp) + dprintf("non-whitespace span is %zd", span); + + if (line[span] == '\0') { +- dprintf("returning %ld", (line + span) - start); ++ dprintf("returning %td", (line + span) - start); + return (line + span) - start; + } + line[span] = '\0'; +@@ -241,7 +241,7 @@ parse_pwfile_line(char *start, struct token_pass *tp) + dprintf("Setting token pass %p to { %p, %p }", tp, tp->token, tp->pass); + dprintf("token:\"%s\"", tp->token); + dprintf("pass:\"%s\"", tp->pass); +- dprintf("returning %ld", (line + span) - start); ++ dprintf("returning %td", (line + span) - start); + return (line + span) - start; + } + +@@ -330,7 +330,8 @@ SECU_FilePasswd(PK11SlotInfo *slot, PRBool retry, void *arg) + if (c != '\0') + span++; + start += span; +- dprintf("start is file[%ld] == '\\x%02hhx'", start - file, start[0]); ++ dprintf("start is file[%td] == '\\x%02hhx'", start - file, ++ start[0]); + } + + qsort(phrases, nphrases, sizeof(struct token_pass), token_pass_cmp); diff --git a/app-crypt/pesign/files/pesign-114-no-werror.patch b/app-crypt/pesign/files/pesign-114-no-werror.patch new file mode 100644 index 000000000000..3937873e80bd --- /dev/null +++ b/app-crypt/pesign/files/pesign-114-no-werror.patch @@ -0,0 +1,13 @@ +diff --git a/Make.defaults b/Make.defaults +index fdb961a..cdbb064 100644 +--- a/Make.defaults ++++ b/Make.defaults +@@ -58,7 +58,7 @@ cflags = $(CFLAGS) $(ARCH3264) \ + -Wall -Wextra -Wsign-compare -Wno-unused-result \ + -Wno-unused-function -Wno-missing-field-initializers \ + -Wno-analyzer-malloc-leak \ +- -Werror -Wno-error=cpp -Wno-free-nonheap-object \ ++ -Wno-error=cpp -Wno-free-nonheap-object \ + -std=gnu11 -fshort-wchar -fPIC -fno-strict-aliasing \ + -D_GNU_SOURCE -DCONFIG_$(ARCH) -I${TOPDIR}/include \ + '-DRUNDIR="$(rundir)"' \ diff --git a/app-crypt/pesign/files/pesign-114-wanalyzer-diagnostic.patch b/app-crypt/pesign/files/pesign-114-wanalyzer-diagnostic.patch new file mode 100644 index 000000000000..43bc0d84c44c --- /dev/null +++ b/app-crypt/pesign/files/pesign-114-wanalyzer-diagnostic.patch @@ -0,0 +1,19 @@ +https://github.com/rhboot/pesign/issues/78 + +daemon.c:922:32: error: unknown option after ‘#pragma GCC diagnostic’ kind [-Werror=pragmas] + 922 | #pragma GCC diagnostic ignored "-Wanalyzer-use-of-uninitialized-value" + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +cc1: all warnings being treated as errors +--- a/src/daemon.c ++++ b/src/daemon.c +@@ -916,10 +916,6 @@ do_shutdown(context *ctx, int nsockets, struct pollfd *pollfds) + free(pollfds); + } + +-/* GCC -fanalyzer has trouble with realloc +- * https://bugzilla.redhat.com/show_bug.cgi?id=2047926 */ +-#pragma GCC diagnostic push +-#pragma GCC diagnostic ignored "-Wanalyzer-use-of-uninitialized-value" + static int + handle_events(context *ctx) + { diff --git a/app-crypt/pesign/files/pesign-116-no-werror.patch b/app-crypt/pesign/files/pesign-116-no-werror.patch new file mode 100644 index 000000000000..0563a749baf6 --- /dev/null +++ b/app-crypt/pesign/files/pesign-116-no-werror.patch @@ -0,0 +1,11 @@ +--- a/Make.defaults ++++ b/Make.defaults +@@ -60,7 +60,7 @@ cflags = $(CFLAGS) $(ARCH3264) \ + -Wall -Wextra -Wsign-compare -Wno-unused-result \ + -Wno-unused-function -Wno-missing-field-initializers \ + $(call enabled,ENABLE_LEAK_CHECKER,-Wno-analyzer-malloc-leak,) \ +- -Werror -Wno-error=cpp -Wno-free-nonheap-object \ ++ -Wno-error=cpp -Wno-free-nonheap-object \ + -std=gnu11 -fshort-wchar -fPIC -fno-strict-aliasing \ + -D_GNU_SOURCE -DCONFIG_$(ARCH) -I${TOPDIR}/include \ + '-DRUNDIR="$(rundir)"' \ |