Releases: rhboot/pesign
Releases · rhboot/pesign
116
116
This tag was signed with the committer’s verified signature.
frozencemetery
Robbie Harwood
What's Changed
- daemon: remove always-true comparison by @frozencemetery in #80
- Minor cleanups 20220311 by @vathpela in #82
- pesum - add a new tool to the shed by @vathpela in #83
- Fix building signed kernels on setups other than koji by @belegdol in #84
- Add -D_GLIBCXX_ASSERTIONS to CPPFLAGS by @frozencemetery in #85
- macros.pesign: handle centos like rhel with --rhelver by @frozencemetery in #86
- Detect the presence of rpm-sign when checking for "rhel"-ness by @frozencemetery in #87
- Say more in our readme by @frozencemetery in #88
- Fix typo in efikeygen command by @umbernhard in #89
- pesigcheck: Fix crash on digest match by @vhankala in #90
- cms: store digest as pointer instead of index by @frozencemetery in #91
- Fix mandoc invocation to not produce garbage by @frozencemetery in #92
- Password fixes by @vathpela in #94
- Re-work CMS's selected_digest again... by @vathpela in #95
- src/certs/make-certs: delete the duplicate codes by @hustliyilin in #97
- Free resources if certification cannot be found by @parheliamm in #100
New Contributors
- @vathpela made their first contribution in #82
- @belegdol made their first contribution in #84
- @umbernhard made their first contribution in #89
- @vhankala made their first contribution in #90
- @hustliyilin made their first contribution in #97
- @parheliamm made their first contribution in #100
Full Changelog: 115...116
Contributors
frozencemetery, vathpela, and 5 other contributors
Assets 3
115
115
This tag was signed with the committer’s verified signature.
frozencemetery
Robbie Harwood
What's Changed
- macros: drop %{_pesign_args} by @frozencemetery in #76
- Fix two bugs from package building by @frozencemetery in #79
-
- Fix bad free of cms data (DoS only) by @frozencemetery
Full Changelog: 114...115
Contributors
frozencemetery
Assets 3
114
114
This tag was signed with the committer’s verified signature.
frozencemetery
Robbie Harwood
What's Changed
- Send pesign stdout/err to systemd journal by @jcpunk in #49
- Add missing Install section by @jcpunk in #50
- Add default packages for pkg-config by @jcpunk in #51
- Short delay to ensure /run/pesign/socket exists by @jcpunk in #52
- Resolve crash when signature that is removed is not the end of the list by @AnthonySquires in #58
- Enhance error diagnostics about version mismatch by @ldv-alt in #60
- Upstream all Fedora changes by @frozencemetery in #65
- Add some hardening options to build by @frozencemetery in #67
- Add code of conduct by @frozencemetery in #68
- Fix build on gcc 12 and non-Fedora by @frozencemetery in #73
New Contributors
- @jcpunk made their first contribution in #49
- @AnthonySquires made their first contribution in #58
- @ldv-alt made their first contribution in #60
- @frozencemetery made their first contribution in #65
Full Changelog: 113...114
Contributors
frozencemetery, jcpunk, and 2 other contributors
Assets 3
pesign 113
- Get rid of the 0.Y versioning
- Make --padding the default
- Various build bugfixes
- Add kmod signing (drake)
- efisiglist format fixes
- enforce the use of --kernel or --module in efikeygen
- RPM macro updates
- Move the license to GPLv3+
- Use sql-type NSS database by default
- Various documentation improvements.
- Improve /etc/pki/pesign authorization scripts
- Various pesigcheck improvements
- Make --certfile work
- Try even harder to make pesigcheck ignore validation windows
- I still don't think it works right.
- Add coverity and clang-verifier support.
- Lots of minor bug fixes due to making clang-verifier work.
pesign 0.112
- Fix some -Wsign-cmopare problems
- Work around nss DBs telling us the format is wrong when we get -EPERM
or -ENOENT - Do a better job of setfacl on our sockets and databases
- Get rid of some unused stuff
- Fix some wrong install paths
- better makefiles
- Lots of cleanups for new gcc -Wextra things.
- Even more "ignore the time" checks in pesigcheck (still needs work.)
pesign 0.111
pesign-0.110
- RPM signing macros for RHEL and related distros
- new pesigcheck tool (formerly the mostly unimplemented peverify)
- new efisiglist tool to manipulate EFI_SIGNATURE_LIST structures in files
- More examples in the man page
- No longer emit the deprecated L"<<<Obsolete>>>" SpcLink data in signatures
- Don't set SO_PASSCRED in pesign-daemon - on newer kernels it interferes with SCM_RIGHTS
- Use uuid_generate_random by default in efikeygen when generating serial numbers for certificates
- Add the ability to ask the daemon if a named key is locked or unlocked.
- new authvar tool for managing authenticated variables
- Clarify behaviour regarding signature padding rules
- Work around a Linux VFS bug where file data gets filled wrong with our pattern of mremap/ftruncate/fault/close on 1024-byte block filesystems (i.e. /boot)