diff --git a/SOURCES/0032-fix-the-build-with-nss-3.44.patch b/SOURCES/0032-fix-the-build-with-nss-3.44.patch new file mode 100644 index 0000000..da60669 --- /dev/null +++ b/SOURCES/0032-fix-the-build-with-nss-3.44.patch @@ -0,0 +1,45 @@ +From b535d1ac5cbcdf18a97d97a92581e38080d9e521 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 14 May 2019 11:28:38 -0400 +Subject: [PATCH] efikeygen: Fix the build with nss 3.44 + +NSS 3.44 adds some certificate types, which changes a type and makes +some encoding stuff weird. As a result, we get: + +gcc8 -I/wrkdirs/usr/ports/sysutils/pesign/work/pesign-0.110/include -O2 -pipe -fstack-protector-strong -Wl,-rpath=/usr/local/lib/gcc8 -isystem /usr/local/include -fno-strict-aliasing -g -O0 -g -O0 -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants --std=gnu99 -D_GNU_SOURCE -Wno-unused-result -Wno-unused-function -I../include/ -I/usr/local/include/nss -I/usr/local/include/nss/nss -I/usr/local/include/nspr -Werror -fPIC -isystem /usr/local/include -DCONFIG_amd64 -DCONFIG_amd64 -c efikeygen.c -o efikeygen.o +In file included from /usr/local/include/nss/nss/cert.h:22, + from efikeygen.c:39: +efikeygen.c: In function 'add_cert_type': +/usr/local/include/nss/nss/certt.h:445:5: error: unsigned conversion from 'int' to 'unsigned char' changes value from '496' to '240' [-Werror=overflow] + (NS_CERT_TYPE_SSL_CLIENT | NS_CERT_TYPE_SSL_SERVER | NS_CERT_TYPE_EMAIL | \ + ^ +efikeygen.c:208:23: note: in expansion of macro 'NS_CERT_TYPE_APP' + unsigned char type = NS_CERT_TYPE_APP; + ^~~~~~~~~~~~~~~~ +cc1: all warnings being treated as errors + +This is fixed by just making it an int. + +Fixes github issue #48. + +Signed-off-by: Peter Jones +--- + src/efikeygen.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/efikeygen.c b/src/efikeygen.c +index ede76ef..2cd953e 100644 +--- a/src/efikeygen.c ++++ b/src/efikeygen.c +@@ -208,7 +208,7 @@ static int + add_cert_type(cms_context *cms, void *extHandle, int is_ca) + { + SECItem bitStringValue; +- unsigned char type = NS_CERT_TYPE_APP; ++ int type = NS_CERT_TYPE_APP; + + if (is_ca) + type |= NS_CERT_TYPE_SSL_CA | +-- +2.21.0 + diff --git a/SPECS/pesign.spec b/SPECS/pesign.spec index eb1de3c..6471b00 100644 --- a/SPECS/pesign.spec +++ b/SPECS/pesign.spec @@ -3,7 +3,7 @@ Name: pesign Summary: Signing utility for UEFI binaries Version: 0.112 -Release: 26%{?dist} +Release: 26%{?dist}.alma License: GPLv2 URL: https://github.com/vathpela/pesign @@ -61,6 +61,7 @@ Patch0028: 0028-rpm-Make-the-client-signer-use-the-fedora-values-unl.patch Patch0029: 0029-Make-macros.pesign-error-in-kojibuilder-if-we-don-t-.patch Patch0030: 0030-Replace-var-run-with-run.patch Patch0031: 0031-efikeygen-Fix-the-build-with-nss-3.44.patch +Patch0032: 0032-fix-the-build-with-nss-3.44.patch %description This package contains the pesign utility for signing UEFI binaries as @@ -165,6 +166,9 @@ exit 0 %{python3_sitelib}/mockbuild/plugins/pesign.* %changelog +* Fri Apr 01 2022 Eduard Abdullin - 0.112-26.alma +- AlmaLinux changes + * Mon Nov 08 2021 Robbie Harwood - 0.112-26 - Perform the /var/run to /run "migration" stupidity - Resolves: rhbz#1801976