diff options
Diffstat (limited to 'app-crypt/pesign')
-rw-r--r-- | app-crypt/pesign/Manifest | 3 | ||||
-rw-r--r-- | app-crypt/pesign/files/pesign-113-nss.patch | 47 | ||||
-rw-r--r-- | app-crypt/pesign/files/pesign-114-format-string.patch | 111 | ||||
-rw-r--r-- | app-crypt/pesign/files/pesign-114-no-werror.patch | 13 | ||||
-rw-r--r-- | app-crypt/pesign/files/pesign-114-wanalyzer-diagnostic.patch | 19 | ||||
-rw-r--r-- | app-crypt/pesign/files/pesign-116-no-werror.patch | 11 | ||||
-rw-r--r-- | app-crypt/pesign/metadata.xml | 2 | ||||
-rw-r--r-- | app-crypt/pesign/pesign-114.ebuild (renamed from app-crypt/pesign/pesign-113.ebuild) | 34 | ||||
-rw-r--r-- | app-crypt/pesign/pesign-116.ebuild | 58 |
9 files changed, 235 insertions, 63 deletions
diff --git a/app-crypt/pesign/Manifest b/app-crypt/pesign/Manifest index a80770139a3c..aaf05c8e4530 100644 --- a/app-crypt/pesign/Manifest +++ b/app-crypt/pesign/Manifest @@ -1 +1,2 @@ -DIST pesign-113.tar.gz 124618 BLAKE2B 36cdface6ecdf9003251da3058b21b2ee8e94eb655e47a8668b38c4ea576d990a71860952eea277d5e029bb007039c8e3ded9918e89d47f6db404423acbd1cc7 SHA512 e71dc90c2ab8085d1b000c0d2cf9cb00ddaed1ea1393db75c2d19a96f1b1c188a26b76850533ba97ec254a3b48db6b07a69b597c329ac891e64422780a358c24 +DIST pesign-114.tar.gz 148898 BLAKE2B 0dae3b4e17c61bcea02a6f81f6a62f8d526e83954bf95d0de24726daa81e45a3b42b6867f2d64decd69f421a14f5e2ff6ff1ec26246f44d68b242b452e60d9a1 SHA512 567176718e098c3494e27ce29b61ef396ca2503137260fc36c784951f0bd2130c9f61c655461d6091e9bdb0df77c9e00cf2fde8fb1b1c5ab83e4b9c57d65fdab +DIST pesign-116.tar.bz2 120424 BLAKE2B a1bce804c13a0aba1eb5fdf0b3963d658011484d4708d58bd9265b6ad8a3d2d3e3156a49736e6fb029bd5d8cc175f6440e62dbc34722357888a239e4d7e7d9e2 SHA512 be3e1083f5e9f889cb8f7c50a8ebe723542fb2f6d1de8de9b04a9f21526ebaa8ab1efc7d4be11bcb0bc9862fa4bc6f78ee35e4d3496dd3b8927170b97795d25c diff --git a/app-crypt/pesign/files/pesign-113-nss.patch b/app-crypt/pesign/files/pesign-113-nss.patch deleted file mode 100644 index 5a227a87268b..000000000000 --- a/app-crypt/pesign/files/pesign-113-nss.patch +++ /dev/null @@ -1,47 +0,0 @@ -From b535d1ac5cbcdf18a97d97a92581e38080d9e521 Mon Sep 17 00:00:00 2001 -From: Peter Jones <pjones@redhat.com> -Date: Tue, 14 May 2019 11:28:38 -0400 -Subject: [PATCH] efikeygen: Fix the build with nss 3.44 - -NSS 3.44 adds some certificate types, which changes a type and makes -some encoding stuff weird. As a result, we get: - -gcc8 -I/wrkdirs/usr/ports/sysutils/pesign/work/pesign-0.110/include -O2 -pipe -fstack-protector-strong -Wl,-rpath=/usr/local/lib/gcc8 -isystem /usr/local/include -fno-strict-aliasing -g -O0 -g -O0 -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants --std=gnu99 -D_GNU_SOURCE -Wno-unused-result -Wno-unused-function -I../include/ -I/usr/local/include/nss -I/usr/local/include/nss/nss -I/usr/local/include/nspr -Werror -fPIC -isystem /usr/local/include -DCONFIG_amd64 -DCONFIG_amd64 -c efikeygen.c -o efikeygen.o -In file included from /usr/local/include/nss/nss/cert.h:22, - from efikeygen.c:39: -efikeygen.c: In function 'add_cert_type': -/usr/local/include/nss/nss/certt.h:445:5: error: unsigned conversion from 'int' to 'unsigned char' changes value from '496' to '240' [-Werror=overflow] - (NS_CERT_TYPE_SSL_CLIENT | NS_CERT_TYPE_SSL_SERVER | NS_CERT_TYPE_EMAIL | \ - ^ -efikeygen.c:208:23: note: in expansion of macro 'NS_CERT_TYPE_APP' - unsigned char type = NS_CERT_TYPE_APP; - ^~~~~~~~~~~~~~~~ -cc1: all warnings being treated as errors - -This is fixed by just making it an int. - -Fixes github issue #48. - -Signed-off-by: Peter Jones <pjones@redhat.com> -Upstream-Status: Accepted -[https://github.com/rhboot/pesign/commit/b535d1ac5cbcdf18a97d97a92581e38080d9e521] ---- - src/efikeygen.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/efikeygen.c b/src/efikeygen.c -index ede76ef..2cd953e 100644 ---- a/src/efikeygen.c -+++ b/src/efikeygen.c -@@ -208,7 +208,7 @@ static int - add_cert_type(cms_context *cms, void *extHandle, int is_ca) - { - SECItem bitStringValue; -- unsigned char type = NS_CERT_TYPE_APP; -+ int type = NS_CERT_TYPE_APP; - - if (is_ca) - type |= NS_CERT_TYPE_SSL_CA | --- -2.22.0 - diff --git a/app-crypt/pesign/files/pesign-114-format-string.patch b/app-crypt/pesign/files/pesign-114-format-string.patch new file mode 100644 index 000000000000..2361cb4a2660 --- /dev/null +++ b/app-crypt/pesign/files/pesign-114-format-string.patch @@ -0,0 +1,111 @@ +https://github.com/rhboot/pesign/commit/df8783ed4ed87fef850268098690985049916ee9.patch + +From df8783ed4ed87fef850268098690985049916ee9 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood <rharwood@redhat.com> +Date: Tue, 1 Feb 2022 17:37:14 -0500 +Subject: [PATCH] Fix format strings for 32-bit arches + +Sadly, in 2022, this remains a thing. + +Signed-off-by: Robbie Harwood <rharwood@redhat.com> +--- + src/cms_pe_common.c | 16 +++++++++------- + src/password.c | 7 ++++--- + 2 files changed, 13 insertions(+), 10 deletions(-) + +diff --git a/src/cms_pe_common.c b/src/cms_pe_common.c +index 964f0d9..3a3921b 100644 +--- a/src/cms_pe_common.c ++++ b/src/cms_pe_common.c +@@ -49,7 +49,7 @@ check_pointer_and_size(cms_context *cms, Pe *pe, void *ptr, size_t size) + + if (p + size > m + map_size) + cmsreterr(0, cms, +- "pointer %p is above mmap end at %p (%lu is %lu bytes past EOF at %lu)", ++ "pointer %p is above mmap end at %p (%lu is %lu bytes past EOF at %zu)", + (void *)((uintptr_t)p + size), + (void *)((uintptr_t)m + map_size), + p + size - m, +@@ -189,7 +189,7 @@ generate_digest(cms_context *cms, Pe *pe, int padded) + if (!check_pointer_and_size(cms, pe, hash_base, hash_size)) + cmsgotoerr(error, cms, "PE header is invalid"); + dprintf("beginning of hash"); +- dprintf("digesting %lx + %lx", hash_base - map, hash_size); ++ dprintf("digesting %tx + %zx", hash_base - map, hash_size); + generate_digest_step(cms, hash_base, hash_size); + + /* 5. Skip over the image checksum +@@ -209,7 +209,7 @@ generate_digest(cms_context *cms, Pe *pe, int padded) + cmsgotoerr(error, cms, "PE data directory is invalid"); + + generate_digest_step(cms, hash_base, hash_size); +- dprintf("digesting %lx + %lx", hash_base - map, hash_size); ++ dprintf("digesting %tx + %zx", hash_base - map, hash_size); + + /* 8. Skip over the crt dir + * 9. Hash everything up to the end of the image header. */ +@@ -222,7 +222,7 @@ generate_digest(cms_context *cms, Pe *pe, int padded) + cmsgotoerr(error, cms, "PE relocations table is invalid"); + + generate_digest_step(cms, hash_base, hash_size); +- dprintf("digesting %lx + %lx", hash_base - map, hash_size); ++ dprintf("digesting %tx + %zx", hash_base - map, hash_size); + + /* 10. Set SUM_OF_BYTES_HASHED to the size of the header. */ + hashed_bytes = pe32opthdr ? pe32opthdr->header_size +@@ -265,7 +265,7 @@ generate_digest(cms_context *cms, Pe *pe, int padded) + } + + generate_digest_step(cms, hash_base, hash_size); +- dprintf("digesting %lx + %lx", hash_base - map, hash_size); ++ dprintf("digesting %tx + %zx", hash_base - map, hash_size); + + hashed_bytes += hash_size; + } +@@ -285,10 +285,12 @@ generate_digest(cms_context *cms, Pe *pe, int padded) + memset(tmp_array, '\0', tmp_size); + memcpy(tmp_array, hash_base, hash_size); + generate_digest_step(cms, tmp_array, tmp_size); +- dprintf("digesting %lx + %lx", (unsigned long)tmp_array, tmp_size); ++ dprintf("digesting %tx + %zx", (ptrdiff_t)tmp_array, ++ tmp_size); + } else { + generate_digest_step(cms, hash_base, hash_size); +- dprintf("digesting %lx + %lx", hash_base - map, hash_size); ++ dprintf("digesting %tx + %zx", hash_base - map, ++ hash_size); + } + } + dprintf("end of hash"); +diff --git a/src/password.c b/src/password.c +index 644f362..05add9a 100644 +--- a/src/password.c ++++ b/src/password.c +@@ -213,7 +213,7 @@ parse_pwfile_line(char *start, struct token_pass *tp) + dprintf("non-whitespace span is %zd", span); + + if (line[span] == '\0') { +- dprintf("returning %ld", (line + span) - start); ++ dprintf("returning %td", (line + span) - start); + return (line + span) - start; + } + line[span] = '\0'; +@@ -241,7 +241,7 @@ parse_pwfile_line(char *start, struct token_pass *tp) + dprintf("Setting token pass %p to { %p, %p }", tp, tp->token, tp->pass); + dprintf("token:\"%s\"", tp->token); + dprintf("pass:\"%s\"", tp->pass); +- dprintf("returning %ld", (line + span) - start); ++ dprintf("returning %td", (line + span) - start); + return (line + span) - start; + } + +@@ -330,7 +330,8 @@ SECU_FilePasswd(PK11SlotInfo *slot, PRBool retry, void *arg) + if (c != '\0') + span++; + start += span; +- dprintf("start is file[%ld] == '\\x%02hhx'", start - file, start[0]); ++ dprintf("start is file[%td] == '\\x%02hhx'", start - file, ++ start[0]); + } + + qsort(phrases, nphrases, sizeof(struct token_pass), token_pass_cmp); diff --git a/app-crypt/pesign/files/pesign-114-no-werror.patch b/app-crypt/pesign/files/pesign-114-no-werror.patch new file mode 100644 index 000000000000..3937873e80bd --- /dev/null +++ b/app-crypt/pesign/files/pesign-114-no-werror.patch @@ -0,0 +1,13 @@ +diff --git a/Make.defaults b/Make.defaults +index fdb961a..cdbb064 100644 +--- a/Make.defaults ++++ b/Make.defaults +@@ -58,7 +58,7 @@ cflags = $(CFLAGS) $(ARCH3264) \ + -Wall -Wextra -Wsign-compare -Wno-unused-result \ + -Wno-unused-function -Wno-missing-field-initializers \ + -Wno-analyzer-malloc-leak \ +- -Werror -Wno-error=cpp -Wno-free-nonheap-object \ ++ -Wno-error=cpp -Wno-free-nonheap-object \ + -std=gnu11 -fshort-wchar -fPIC -fno-strict-aliasing \ + -D_GNU_SOURCE -DCONFIG_$(ARCH) -I${TOPDIR}/include \ + '-DRUNDIR="$(rundir)"' \ diff --git a/app-crypt/pesign/files/pesign-114-wanalyzer-diagnostic.patch b/app-crypt/pesign/files/pesign-114-wanalyzer-diagnostic.patch new file mode 100644 index 000000000000..43bc0d84c44c --- /dev/null +++ b/app-crypt/pesign/files/pesign-114-wanalyzer-diagnostic.patch @@ -0,0 +1,19 @@ +https://github.com/rhboot/pesign/issues/78 + +daemon.c:922:32: error: unknown option after ‘#pragma GCC diagnostic’ kind [-Werror=pragmas] + 922 | #pragma GCC diagnostic ignored "-Wanalyzer-use-of-uninitialized-value" + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +cc1: all warnings being treated as errors +--- a/src/daemon.c ++++ b/src/daemon.c +@@ -916,10 +916,6 @@ do_shutdown(context *ctx, int nsockets, struct pollfd *pollfds) + free(pollfds); + } + +-/* GCC -fanalyzer has trouble with realloc +- * https://bugzilla.redhat.com/show_bug.cgi?id=2047926 */ +-#pragma GCC diagnostic push +-#pragma GCC diagnostic ignored "-Wanalyzer-use-of-uninitialized-value" + static int + handle_events(context *ctx) + { diff --git a/app-crypt/pesign/files/pesign-116-no-werror.patch b/app-crypt/pesign/files/pesign-116-no-werror.patch new file mode 100644 index 000000000000..0563a749baf6 --- /dev/null +++ b/app-crypt/pesign/files/pesign-116-no-werror.patch @@ -0,0 +1,11 @@ +--- a/Make.defaults ++++ b/Make.defaults +@@ -60,7 +60,7 @@ cflags = $(CFLAGS) $(ARCH3264) \ + -Wall -Wextra -Wsign-compare -Wno-unused-result \ + -Wno-unused-function -Wno-missing-field-initializers \ + $(call enabled,ENABLE_LEAK_CHECKER,-Wno-analyzer-malloc-leak,) \ +- -Werror -Wno-error=cpp -Wno-free-nonheap-object \ ++ -Wno-error=cpp -Wno-free-nonheap-object \ + -std=gnu11 -fshort-wchar -fPIC -fno-strict-aliasing \ + -D_GNU_SOURCE -DCONFIG_$(ARCH) -I${TOPDIR}/include \ + '-DRUNDIR="$(rundir)"' \ diff --git a/app-crypt/pesign/metadata.xml b/app-crypt/pesign/metadata.xml index 05b4bfdb6570..a064daa3f950 100644 --- a/app-crypt/pesign/metadata.xml +++ b/app-crypt/pesign/metadata.xml @@ -1,5 +1,5 @@ <?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd"> <pkgmetadata> <!--maintainer-needed--> <upstream> diff --git a/app-crypt/pesign/pesign-113.ebuild b/app-crypt/pesign/pesign-114.ebuild index fcb4a4ab3809..bd65febf96c3 100644 --- a/app-crypt/pesign/pesign-113.ebuild +++ b/app-crypt/pesign/pesign-114.ebuild @@ -1,9 +1,9 @@ -# Copyright 1999-2019 Gentoo Authors +# Copyright 1999-2022 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI=6 +EAPI=8 -inherit eutils toolchain-funcs +inherit toolchain-funcs DESCRIPTION="Tools for manipulating signed PE-COFF binaries" HOMEPAGE="https://github.com/rhboot/pesign" @@ -12,41 +12,47 @@ SRC_URI="https://github.com/rhboot/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz" LICENSE="GPL-2" SLOT="0" KEYWORDS="~amd64 ~x86" -IUSE="libressl" RDEPEND=" dev-libs/nspr dev-libs/nss + dev-libs/openssl:= dev-libs/popt - !libressl? ( dev-libs/openssl:0= ) - libressl? ( dev-libs/libressl:0= ) sys-apps/util-linux - sys-libs/efivar + >=sys-libs/efivar-38 " DEPEND="${RDEPEND} - sys-apps/help2man sys-boot/gnu-efi +" +BDEPEND=" + sys-apps/help2man virtual/pkgconfig " -PATCHES=( "${FILESDIR}"/${PN}-113-nss.patch ) +PATCHES=( + "${FILESDIR}"/${PN}-114-wanalyzer-diagnostic.patch + "${FILESDIR}"/${PN}-114-no-werror.patch + + "${FILESDIR}"/${P}-format-string.patch +) src_compile() { - emake AR="$(tc-getAR)" \ + emake \ + AR="$(tc-getAR)" \ ARFLAGS="-cvqs" \ AS="$(tc-getAS)" \ CC="$(tc-getCC)" \ LD="$(tc-getLD)" \ OBJCOPY="$(tc-getOBJCOPY)" \ PKG_CONFIG="$(tc-getPKG_CONFIG)" \ - RANLIB="$(tc-getRANLIB)" + RANLIB="$(tc-getRANLIB)" \ + rundir="${EPREFIX}/var/run" } src_install() { - emake DESTDIR="${ED}" VERSION="${PVR}" install + emake DESTDIR="${ED}" VERSION="${PVR}" rundir="${EPREFIX}/var/run" install einstalldocs # remove some files that don't make sense for Gentoo installs - rm -rf "${ED%/}/etc/" "${ED%/}/var/" \ - "${ED%/}/usr/share/doc/${PF}/COPYING" || die + rm -rf "${ED}/etc" "${ED}/var" "${ED}/usr/share/doc/${PF}/COPYING" || die } diff --git a/app-crypt/pesign/pesign-116.ebuild b/app-crypt/pesign/pesign-116.ebuild new file mode 100644 index 000000000000..0d1550f8649f --- /dev/null +++ b/app-crypt/pesign/pesign-116.ebuild @@ -0,0 +1,58 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit toolchain-funcs + +DESCRIPTION="Tools for manipulating signed PE-COFF binaries" +HOMEPAGE="https://github.com/rhboot/pesign" +SRC_URI="https://github.com/rhboot/pesign/releases/download/${PV}/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" + +RDEPEND=" + dev-libs/nspr + dev-libs/nss + dev-libs/openssl:= + dev-libs/popt + sys-apps/util-linux + >=sys-libs/efivar-38 +" +DEPEND=" + ${RDEPEND} + sys-boot/gnu-efi +" +BDEPEND=" + app-text/mandoc + sys-apps/help2man + virtual/pkgconfig +" + +PATCHES=( + "${FILESDIR}"/${PN}-116-no-werror.patch +) + +src_compile() { + emake \ + AR="$(tc-getAR)" \ + ARFLAGS="-cvqs" \ + AS="$(tc-getAS)" \ + CC="$(tc-getCC)" \ + CPPFLAGS="${CPPFLAGS}" \ + LD="$(tc-getLD)" \ + OBJCOPY="$(tc-getOBJCOPY)" \ + PKG_CONFIG="$(tc-getPKG_CONFIG)" \ + RANLIB="$(tc-getRANLIB)" \ + rundir="${EPREFIX}/var/run" +} + +src_install() { + emake DESTDIR="${ED}" VERSION="${PVR}" rundir="${EPREFIX}/var/run" install + einstalldocs + + # remove some files that don't make sense for Gentoo installs + rm -rf "${ED}/etc" "${ED}/var" "${ED}/usr/share/doc/${PF}/COPYING" || die +} |