[El-errata] ELBA-2020-5863 Oracle Linux 7 pesign bug fix update (aarch64)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Tue Sep 29 20:49:33 PDT 2020 

Oracle Linux Bug Fix Advisory ELBA-2020-5863

http://linux.oracle.com/errata/ELBA-2020-5863.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

aarch64:
pesign-0.109-10.0.5.el7.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/pesign-0.109-10.0.5.el7.src.rpm



Description of changes:

[0.109-10.0.5]
- Certs update is for both x86_64 and aarch64; Bump version to 0.5

[0.109-10.0.4]
- Update Oracle Linux test certificates [Orabug: 31928052]

[0.109-10.0.3]
- Bump version as 0.3 since fix for 27859953 both for x86_64 and aarch64

[0.109-10.0.2]
- RPM macro fix (Petr Benes)

[0.109-10.0.1]
- updates for Oracle Linux test certificate (Alexey Petrenko)
- update Oracle Linux certificates (Alexey Petrenko)

[- 0.109-10]
- Add support for /etc/pesign/users and /etc/pesign/groups
Resolves: rhbz#1141263

[0.109-9]
- Fix man page errors.
Resolves: rhbz#948850

[0.109-9]
- Build as PIE+RELRO binaries.
Resolves: rhbz#1092542

[0.109-8]
- Include aarch64 in the rpm macro
Related: rhbz#1100042

[0.109-7]
- Add aarch64.
Resolves: rhbz#1100042

[0.109-6]
- Make sure CFLAGS is inherited properly for -fstack-protector-strong.
Resolves: rhbz#1070782

[0.109-5]
- Mass rebuild 2013-12-27

[0.109-4]
- Tweak the signing rules just a bit more.
Related: rhbz1017857

[0.109-3]
- Update to fix a bug coverity found.
Related: rhbz1017857

[0.109-2]
- Fix the pesign macro for RHEL packages.
Related: rhbz1017857

[0.109-1]
- Update to 0.109
Related: rhbz#893260

[0.106-6]
- Don't create a new certificate database when signing on RHEL.

[0.106-5]
- Use --force with sattrs blob from mktemp()
- Error if we get a zero-sized signed file result

[0.106-4]
- Don't require ascii mode for RHEL CA/signer cert import.

[0.106-3]
- More work on the RHEL %pesign macro

[0.106-2]
- Add rhel %pesign macro definitions.

[0.106-1]
- Update to 0.106
- Hopefully fix the segfault dgilmore was seeing.

[0.105-1]
- Various bug fixes.

[0.104-1]
- Make sure alignment is correct on signature list entries
Resolves: rhbz#963361
- Make sure section alignment is correct if we have to extend the file

[0.103-2]
- Conditionalize systemd bits so they don't show up in RHEL 6 builds

[0.103-1]
- One more compiler problem. Let's expect a few more, shall we?

[0.102-1]
- Don't use --std=gnu11 because we have to work on RHEL 6 builders.

[0.101-1]
- Update to 0.101 to fix more "pesign -E" issues.

[0.100-1]
- Fix insertion of signatures from a file.

[0.99-9]
- Add a patch needed for new shim builds

[0.99-8]
- Get the Fedora signing token name right.

* Fri Oct 19 2012 Peter Jones <pjones at redhat.com>
- Add coolkey and opensc modules to pki database during %install.

[0.99-7]
- setfacl u:kojibuilder:rw /var/run/pesign/socket
- Fix command line checking in client
- Add client stdin pin reading.

[0.99-6]
- Automatically select daemon as signer when using rpm macros.

[0.99-5]
- Make it work on the -el6 branch as well.

[0.99-4]
- Fix some more bugs found by valgrind and coverity.
- Don't build utils/ ; we're not using them and they're not ready anyway.

[0.99-3]
- Fix daemon startup bug from 0.99-2

[0.99-2]
- Fix various bugs from 0.99-1
- Don't make the database unreadable just yet.

[0.99-1]
- Update to 0.99
- Add documentation for client/server mode.
- Add --pinfd and --pinfile to server mode.

[0.98-1]
- Update to 0.98
- Add client/server mode.

[0.10-5]
- Fix missing section address fixup.

[0.10-4]
- Make macros.pesign even better (and make it work right for i686 packages)

[0.10-3]
- Only sign things on x86_64; all else ignore gracefully.

[0.10-2]
- Make macros.pesign more reliable

[0.10-1]
- Update to 0.10
- Include rpm macros to support easy custom signing of signed packages.

[0.9-1]
- Update to 0.9
- Bug fix from Gary Ching-Pang Lin
- Support NSS Token selection for use with smart cards.

[0.8-1]
- Update to 0.8
- Don't open the db read-write
- Fix permissions on keystore (everybody can sign with test keys)

[0.7-2]
- Include test keys.

[0.7-1]
- Update to 0.7
- Better fix for MS compatibility.

[0.6-1]
- Update to 0.6
- Bug-for-bug compatibility with signtool.exe .

[0.5-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

[0.5-1]
- Rebase to 0.5
- Do more rigorous bounds checking when hashing a new binary.

[0.3-2]
- Rebase to 0.4

[0.3-2]
- Move man page to a more reasonable place.

[0.3-1]
- Update to upstream's 0.3 .

[0.2-4]
- Do not build with smp flags.

[0.2-3]
- Make it build on i686, though it's unclear it'll ever be necessary.

[0.2-2]
- Fix compile problem with f18's compiler.

[0.2-1]
- Fix some rpmlint complaints nirik pointed out
- Add popt-devel build dep

[0.1-1]
- First version of SRPM.

More information about the El-errata mailing list