Fedora has issued an advisory today (March 17): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/A4ROD5ZD5HMBROA3W3TU6T6O5TY64NN5/ The issue is fixed upstream in 115. Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOOStatus comment: (none) => Fixed upstream in 115
This pkg is scarcely touched, so need to assign this update also globally.
Assignee: bugsquad => pkg-bugs
Hi, For Mageia 8, pesign-0.112-9.1.mga8 solves the issue. For Cauldron, I tried to update to pesign-115 but the build fails because it requires the mandoc command which is not available in Mageia. Is there an alternative to mandoc, available in Mageia, which is able to convert .mdoc files into man pages or do we need to import the mandoc package? Best regards, Nico
CC: (none) => nicolas.salguero
Does "groff -mdoc" do what you need?
(In reply to David Walser from comment #3) > Does "groff -mdoc" do what you need? It was almost that. The good command was "groff -Tascii -man". Now, I face another problem: a GCC bug which cause the build to fail with "-fcf-protection is not compatible with this target". That bug was not present last Friday. I will retry when the latest snapshot (gcc-12.0.1-0.20220320.1.mga9) is uploaded to see if the bug is solved.
pesign fixed in Cauldron by Thierry. Mageia 8 update built by Nicolas in Comment 2 (advisory pending).
Whiteboard: MGA8TOO => (none)Status comment: Fixed upstream in 115 => (none)Version: Cauldron => 8Assignee: pkg-bugs => qa-bugs
MGA8-64 Plasma Vbox guest. Installed pesign, then updated using qarepo. No installation issues. From drakrpm: "This package contains the pesign utility for signing UEFI binaries as well as other associated tools." Sure sounds like developer stuff to me. $ pesign --help Usage: pesign [OPTION...] -i, --in=<infile> specify input file -o, --out=<outfile> specify output file -c, --certficate=<certificate nickname> specify certificate nickname -n, --certdir=<certificate directory path> specify nss certificate database directory (default: "/etc/pki/pesign") -f, --force force overwriting of output file -s, --sign create a new signature -h, --hash hash binary -d, --digest_type=STRING digest type to use for pe hash (default: "sha256") -u, --signature-number=<sig-number> specify which signature to operate on -t, --nss-token=STRING NSS token holding signing key (default: "NSS Certificate DB") -S, --show-signature show signature -r, --remove-signature remove signature -K, --export-pubkey=<outkey> export pubkey to file -C, --export-cert=<outcert> export signing cert to file -a, --ascii-armor use ascii armoring -D, --daemonize run as a daemon process -N, --nofork don't fork when daemonizing -v, --verbose be very verbose -P, --padding pad data section Options implemented via popt alias/exec: Help options: -?, --help Show this help message --usage Display brief usage message That's as far as I'm going to try to go with it. Giving it an OK on the basis of a clean install. Validating.
Whiteboard: (none) => MGA8-64-OKCC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0114.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
Updated Fedora advisory with an actual RHBZ bug reference: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YKN4UFGKZV4CJIL4XTPDJHOJ3WTJNDM5/ https://bugzilla.redhat.com/show_bug.cgi?id=2065771
Summary: pesign new DoS security issue fixed upstream in 115 => pesign new DoS security issue fixed upstream in 115 (rhbz#2065771)