Release pesign 114

- Remove warning in __pe_updatemap()
- CI: update to rawhide for new efivar
- pragma around gcc -fanalyzer / realloc()
- Handle realloc() failure in read_file()
- Fix compilation of compile_assert
- Enable build on systems without annobin
- Update milestones link in TODO
- cms_pe_common: better messages from check_pointer_and_size
- file_pe: handle generate_digest failures
- Fix our error message line numbers, hopefully.
- Make cms_pe_common bounds check errors more verbose
- Rename some cms error functions
- efikeygen: return error on AKID encoding failures
- Make /var/run vs /run configurable with RUNDIR
- efikeygen: add trust when adding certs
- efikeygen: clean up some memory leaks
- cms_common: add some more ways to find a cert
- fix a couple of minor nits scan-build found.
- authvar: Fix a bug I introduced in d1765be76296
- add _pesign_args in rpm
- support uri token names
- Improve debug output
- efikeygen: add specific settings for KEK certs (hidden)
- Add more ways to use a password with the token
- Fix some memory leaks
- libdpe: make the initial read buffer always big enough for the opt header
- Some gcc malloc leak analyzer workarounds.
- Get rid of efisiglist
- OID: add the info about the UEFI SB CA OID
- efikeygen: update our key usages to match what the auditors like.
- Substantially update the documentation, and use mdoc.
- move a pile of signature list types to efivar.
- authvar: Fix an unlikely memory leak.
- Use page size, not hard coded values, in read_file()
- efikeygen: allow setting validity windows explicitly.
- Minor whitespace housekeeping
- Add the beginnings of pk12 bag support in efikeygen.
- Rework the wildly undocumented NSS password file goo.
- Work around some NSS SECOID_AddEntry() bugs
- Minor make cleanups
- Clean up .gitignore a bit
- Make --verbose and --debug more similar across tools
- share input/output checker macros between pesign_kmod and file_pe
- pesign_kmod: user err() errx() etc.
- file_pe: user err() errx() etc.
- file_pe: make most of our input and output checkers be generated
- authvar: user err() errx() etc.
- Make for_each_cert(cl, iter) for certificate list traversal.
- Make save_port_err() { } saner to read.
- Add super convenient errno-guard implementation.
- Don't allow (or require) --module or --kernel with --ca.
- Turn on gcc -O2
- Better diagnostic defaults from gcc
- Fix some missed OOM error path -fanalyzer found.
- Fix a missing malloc() return value check.
- wincert: try to convince the gcc analyzer of the painfully obvious.
- wincert: check for NULL pe at more places here, too.
- libdpe: check for NULL pe at more places.
- libdpe: fix some minor analyzer discoveries.
- Add some text parsing helpers
- Add hex utilities.
- Add some more utility functions, and fix a typo in ALIGNED()
- Remove a lot of decls that are in efisec.h now.
- efikeygen: add YubiKey examples to the man page.
- Move my syntastic config out of the tree.
- SPDXify pesign
- SPDXify libdpe
- Add code of conduct
- Add hardening options used by Fedora
- Paper over spurious gcc maybe-unitialized warning
- CI: port to Github Actions from Travis
- Turn off -Wfree-nonheap-object
- Use /run not /var/run
- kernel building hack
- pesign-authorize: don't setfacl /etc/pki/pesign-foo/
- pesign-authorize: shellcheck
- Move most of macros.pesign to pesign-rpmbuild-helper
- client: remove an extra debug print
- client: try /run and /var/run for the socket path.
- Rename /var/run/ to /run/
- Make 0.112 client and server work with the 113 protocol and vise versa
- Enhance error diagnostics about version mismatch
- Resolve crash when signature that is removed is not at the end of the list. Also manipulate ptr level list rather than the items themselves.
- pesigcheck: remove superfluous type settings
- Short delay to ensure /run/pesign/socket exists
- Add default packages for pkg-config
- Add missing Install section
- Send pesign stdout/err to systemd journal
- Apparently opensc got updated and the token name changed
- Make travis use a newer distro
- pesigcheck: Fix a wrong assignment
- efikeygen: Fix the build with nss 3.44
- efikeygen: Get rid of an extraneous debug printf.
- Be less dumb about '?=' ...
- Make.defaults: make some more things be '?=' for weird compiler platforms.

Signed-off-by: Robbie Harwood <[email protected]>

Make.version

@@ -1,2 +1,2 @@
-MAJOR_VERSION = 113
+MAJOR_VERSION = 114
 VERSION = $(MAJOR_VERSION)

Makefile

@@ -46,7 +46,7 @@ test-archive:
 	@echo "The archive is in pesign-$(VERSION).tar.bz2"
 
 tag:
-	git tag -s $(GITTAG) refs/heads/master
+	git tag -s $(GITTAG) refs/heads/main
 
 archive: tag
 	@rm -rf /tmp/pesign-$(VERSION) /tmp/pesign-$(VERSION)-tmp