[El-errata] ELBA-2020-5863 Oracle Linux 7 pesign bug fix update (aarch64)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Tue Sep 29 20:49:33 PDT 2020
Oracle Linux Bug Fix Advisory ELBA-2020-5863
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
Description of changes:
- Certs update is for both x86_64 and aarch64; Bump version to 0.5
- Update Oracle Linux test certificates [Orabug: 31928052]
- Bump version as 0.3 since fix for 27859953 both for x86_64 and aarch64
- RPM macro fix (Petr Benes)
- updates for Oracle Linux test certificate (Alexey Petrenko)
- update Oracle Linux certificates (Alexey Petrenko)
- Add support for /etc/pesign/users and /etc/pesign/groups
- Fix man page errors.
- Build as PIE+RELRO binaries.
- Include aarch64 in the rpm macro
- Add aarch64.
- Make sure CFLAGS is inherited properly for -fstack-protector-strong.
- Mass rebuild 2013-12-27
- Tweak the signing rules just a bit more.
- Update to fix a bug coverity found.
- Fix the pesign macro for RHEL packages.
- Update to 0.109
- Don't create a new certificate database when signing on RHEL.
- Use --force with sattrs blob from mktemp()
- Error if we get a zero-sized signed file result
- Don't require ascii mode for RHEL CA/signer cert import.
- More work on the RHEL %pesign macro
- Add rhel %pesign macro definitions.
- Update to 0.106
- Hopefully fix the segfault dgilmore was seeing.
- Various bug fixes.
- Make sure alignment is correct on signature list entries
- Make sure section alignment is correct if we have to extend the file
- Conditionalize systemd bits so they don't show up in RHEL 6 builds
- One more compiler problem. Let's expect a few more, shall we?
- Don't use --std=gnu11 because we have to work on RHEL 6 builders.
- Update to 0.101 to fix more "pesign -E" issues.
- Fix insertion of signatures from a file.
- Add a patch needed for new shim builds
- Get the Fedora signing token name right.
* Fri Oct 19 2012 Peter Jones <pjones at redhat.com>
- Add coolkey and opensc modules to pki database during %install.
- setfacl u:kojibuilder:rw /var/run/pesign/socket
- Fix command line checking in client
- Add client stdin pin reading.
- Automatically select daemon as signer when using rpm macros.
- Make it work on the -el6 branch as well.
- Fix some more bugs found by valgrind and coverity.
- Don't build utils/ ; we're not using them and they're not ready anyway.
- Fix daemon startup bug from 0.99-2
- Fix various bugs from 0.99-1
- Don't make the database unreadable just yet.
- Update to 0.99
- Add documentation for client/server mode.
- Add --pinfd and --pinfile to server mode.
- Update to 0.98
- Add client/server mode.
- Fix missing section address fixup.
- Make macros.pesign even better (and make it work right for i686 packages)
- Only sign things on x86_64; all else ignore gracefully.
- Make macros.pesign more reliable
- Update to 0.10
- Include rpm macros to support easy custom signing of signed packages.
- Update to 0.9
- Bug fix from Gary Ching-Pang Lin
- Support NSS Token selection for use with smart cards.
- Update to 0.8
- Don't open the db read-write
- Fix permissions on keystore (everybody can sign with test keys)
- Include test keys.
- Update to 0.7
- Better fix for MS compatibility.
- Update to 0.6
- Bug-for-bug compatibility with signtool.exe .
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
- Rebase to 0.5
- Do more rigorous bounds checking when hashing a new binary.
- Rebase to 0.4
- Move man page to a more reasonable place.
- Update to upstream's 0.3 .
- Do not build with smp flags.
- Make it build on i686, though it's unclear it'll ever be necessary.
- Fix compile problem with f18's compiler.
- Fix some rpmlint complaints nirik pointed out
- Add popt-devel build dep
- First version of SRPM.
More information about the El-errata