From b9a2f50f9a1d7d73032aa5c3bbeb14ac68ef6121 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 1 Feb 2022 14:15:53 -0500 Subject: [PATCH] Release pesign 114 - Remove warning in __pe_updatemap() - CI: update to rawhide for new efivar - pragma around gcc -fanalyzer / realloc() - Handle realloc() failure in read_file() - Fix compilation of compile_assert - Enable build on systems without annobin - Update milestones link in TODO - cms_pe_common: better messages from check_pointer_and_size - file_pe: handle generate_digest failures - Fix our error message line numbers, hopefully. - Make cms_pe_common bounds check errors more verbose - Rename some cms error functions - efikeygen: return error on AKID encoding failures - Make /var/run vs /run configurable with RUNDIR - efikeygen: add trust when adding certs - efikeygen: clean up some memory leaks - cms_common: add some more ways to find a cert - fix a couple of minor nits scan-build found. - authvar: Fix a bug I introduced in d1765be76296 - add _pesign_args in rpm - support uri token names - Improve debug output - efikeygen: add specific settings for KEK certs (hidden) - Add more ways to use a password with the token - Fix some memory leaks - libdpe: make the initial read buffer always big enough for the opt header - Some gcc malloc leak analyzer workarounds. - Get rid of efisiglist - OID: add the info about the UEFI SB CA OID - efikeygen: update our key usages to match what the auditors like. - Substantially update the documentation, and use mdoc. - move a pile of signature list types to efivar. - authvar: Fix an unlikely memory leak. - Use page size, not hard coded values, in read_file() - efikeygen: allow setting validity windows explicitly. - Minor whitespace housekeeping - Add the beginnings of pk12 bag support in efikeygen. - Rework the wildly undocumented NSS password file goo. - Work around some NSS SECOID_AddEntry() bugs - Minor make cleanups - Clean up .gitignore a bit - Make --verbose and --debug more similar across tools - share input/output checker macros between pesign_kmod and file_pe - pesign_kmod: user err() errx() etc. - file_pe: user err() errx() etc. - file_pe: make most of our input and output checkers be generated - authvar: user err() errx() etc. - Make for_each_cert(cl, iter) for certificate list traversal. - Make save_port_err() { } saner to read. - Add super convenient errno-guard implementation. - Don't allow (or require) --module or --kernel with --ca. - Turn on gcc -O2 - Better diagnostic defaults from gcc - Fix some missed OOM error path -fanalyzer found. - Fix a missing malloc() return value check. - wincert: try to convince the gcc analyzer of the painfully obvious. - wincert: check for NULL pe at more places here, too. - libdpe: check for NULL pe at more places. - libdpe: fix some minor analyzer discoveries. - Add some text parsing helpers - Add hex utilities. - Add some more utility functions, and fix a typo in ALIGNED() - Remove a lot of decls that are in efisec.h now. - efikeygen: add YubiKey examples to the man page. - Move my syntastic config out of the tree. - SPDXify pesign - SPDXify libdpe - Add code of conduct - Add hardening options used by Fedora - Paper over spurious gcc maybe-unitialized warning - CI: port to Github Actions from Travis - Turn off -Wfree-nonheap-object - Use /run not /var/run - kernel building hack - pesign-authorize: don't setfacl /etc/pki/pesign-foo/ - pesign-authorize: shellcheck - Move most of macros.pesign to pesign-rpmbuild-helper - client: remove an extra debug print - client: try /run and /var/run for the socket path. - Rename /var/run/ to /run/ - Make 0.112 client and server work with the 113 protocol and vise versa - Enhance error diagnostics about version mismatch - Resolve crash when signature that is removed is not at the end of the list. Also manipulate ptr level list rather than the items themselves. - pesigcheck: remove superfluous type settings - Short delay to ensure /run/pesign/socket exists - Add default packages for pkg-config - Add missing Install section - Send pesign stdout/err to systemd journal - Apparently opensc got updated and the token name changed - Make travis use a newer distro - pesigcheck: Fix a wrong assignment - efikeygen: Fix the build with nss 3.44 - efikeygen: Get rid of an extraneous debug printf. - Be less dumb about '?=' ... - Make.defaults: make some more things be '?=' for weird compiler platforms. Signed-off-by: Robbie Harwood --- Make.version | 2 +- Makefile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Make.version b/Make.version index 7ccb4b26..fdf0ce71 100644 --- a/Make.version +++ b/Make.version @@ -1,2 +1,2 @@ -MAJOR_VERSION = 113 +MAJOR_VERSION = 114 VERSION = $(MAJOR_VERSION) diff --git a/Makefile b/Makefile index c53aaf48..a2e41f85 100644 --- a/Makefile +++ b/Makefile @@ -46,7 +46,7 @@ test-archive: @echo "The archive is in pesign-$(VERSION).tar.bz2" tag: - git tag -s $(GITTAG) refs/heads/master + git tag -s $(GITTAG) refs/heads/main archive: tag @rm -rf /tmp/pesign-$(VERSION) /tmp/pesign-$(VERSION)-tmp