app-crypt/pesign: add 114

Closes: https://bugs.gentoo.org/831328
Signed-off-by: Sam James <sam@gentoo.org>

5 files changed, 200 insertions, 0 deletions

diff --git a/app-crypt/pesign/Manifest b/app-crypt/pesign/Manifest
index a80770139a3c..cb3b8faf21c7 100644
--- a/app-crypt/pesign/Manifest
+++ b/app-crypt/pesign/Manifest
@@ -1 +1,2 @@
 DIST pesign-113.tar.gz 124618 BLAKE2B 36cdface6ecdf9003251da3058b21b2ee8e94eb655e47a8668b38c4ea576d990a71860952eea277d5e029bb007039c8e3ded9918e89d47f6db404423acbd1cc7 SHA512 e71dc90c2ab8085d1b000c0d2cf9cb00ddaed1ea1393db75c2d19a96f1b1c188a26b76850533ba97ec254a3b48db6b07a69b597c329ac891e64422780a358c24
+DIST pesign-114.tar.gz 148898 BLAKE2B 0dae3b4e17c61bcea02a6f81f6a62f8d526e83954bf95d0de24726daa81e45a3b42b6867f2d64decd69f421a14f5e2ff6ff1ec26246f44d68b242b452e60d9a1 SHA512 567176718e098c3494e27ce29b61ef396ca2503137260fc36c784951f0bd2130c9f61c655461d6091e9bdb0df77c9e00cf2fde8fb1b1c5ab83e4b9c57d65fdab
diff --git a/app-crypt/pesign/files/pesign-114-format-string.patch b/app-crypt/pesign/files/pesign-114-format-string.patch
new file mode 100644
index 000000000000..2361cb4a2660
--- /dev/null
+++ b/app-crypt/pesign/files/pesign-114-format-string.patch
@@ -0,0 +1,111 @@
+https://github.com/rhboot/pesign/commit/df8783ed4ed87fef850268098690985049916ee9.patch
+
+From df8783ed4ed87fef850268098690985049916ee9 Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Tue, 1 Feb 2022 17:37:14 -0500
+Subject: [PATCH] Fix format strings for 32-bit arches
+
+Sadly, in 2022, this remains a thing.
+
+Signed-off-by: Robbie Harwood <rharwood@redhat.com>
+---
+ src/cms_pe_common.c | 16 +++++++++-------
+ src/password.c      |  7 ++++---
+ 2 files changed, 13 insertions(+), 10 deletions(-)
+
+diff --git a/src/cms_pe_common.c b/src/cms_pe_common.c
+index 964f0d9..3a3921b 100644
+--- a/src/cms_pe_common.c
++++ b/src/cms_pe_common.c
+@@ -49,7 +49,7 @@ check_pointer_and_size(cms_context *cms, Pe *pe, void *ptr, size_t size)
+ 
+ 	if (p + size > m + map_size)
+ 		cmsreterr(0, cms,
+-			  "pointer %p is above mmap end at %p (%lu is %lu bytes past EOF at %lu)",
++			  "pointer %p is above mmap end at %p (%lu is %lu bytes past EOF at %zu)",
+ 			  (void *)((uintptr_t)p + size),
+ 			  (void *)((uintptr_t)m + map_size),
+ 			  p + size - m,
+@@ -189,7 +189,7 @@ generate_digest(cms_context *cms, Pe *pe, int padded)
+ 	if (!check_pointer_and_size(cms, pe, hash_base, hash_size))
+ 		cmsgotoerr(error, cms, "PE header is invalid");
+ 	dprintf("beginning of hash");
+-	dprintf("digesting %lx + %lx", hash_base - map, hash_size);
++	dprintf("digesting %tx + %zx", hash_base - map, hash_size);
+ 	generate_digest_step(cms, hash_base, hash_size);
+ 
+ 	/* 5. Skip over the image checksum
+@@ -209,7 +209,7 @@ generate_digest(cms_context *cms, Pe *pe, int padded)
+ 		cmsgotoerr(error, cms, "PE data directory is invalid");
+ 
+ 	generate_digest_step(cms, hash_base, hash_size);
+-	dprintf("digesting %lx + %lx", hash_base - map, hash_size);
++	dprintf("digesting %tx + %zx", hash_base - map, hash_size);
+ 
+ 	/* 8. Skip over the crt dir
+ 	 * 9. Hash everything up to the end of the image header. */
+@@ -222,7 +222,7 @@ generate_digest(cms_context *cms, Pe *pe, int padded)
+ 		cmsgotoerr(error, cms, "PE relocations table is invalid");
+ 
+ 	generate_digest_step(cms, hash_base, hash_size);
+-	dprintf("digesting %lx + %lx", hash_base - map, hash_size);
++	dprintf("digesting %tx + %zx", hash_base - map, hash_size);
+ 
+ 	/* 10. Set SUM_OF_BYTES_HASHED to the size of the header. */
+ 	hashed_bytes = pe32opthdr ? pe32opthdr->header_size
+@@ -265,7 +265,7 @@ generate_digest(cms_context *cms, Pe *pe, int padded)
+ 		}
+ 
+ 		generate_digest_step(cms, hash_base, hash_size);
+-		dprintf("digesting %lx + %lx", hash_base - map, hash_size);
++		dprintf("digesting %tx + %zx", hash_base - map, hash_size);
+ 
+ 		hashed_bytes += hash_size;
+ 	}
+@@ -285,10 +285,12 @@ generate_digest(cms_context *cms, Pe *pe, int padded)
+ 			memset(tmp_array, '\0', tmp_size);
+ 			memcpy(tmp_array, hash_base, hash_size);
+ 			generate_digest_step(cms, tmp_array, tmp_size);
+-			dprintf("digesting %lx + %lx", (unsigned long)tmp_array, tmp_size);
++			dprintf("digesting %tx + %zx", (ptrdiff_t)tmp_array,
++				tmp_size);
+ 		} else {
+ 			generate_digest_step(cms, hash_base, hash_size);
+-			dprintf("digesting %lx + %lx", hash_base - map, hash_size);
++			dprintf("digesting %tx + %zx", hash_base - map,
++				hash_size);
+ 		}
+ 	}
+ 	dprintf("end of hash");
+diff --git a/src/password.c b/src/password.c
+index 644f362..05add9a 100644
+--- a/src/password.c
++++ b/src/password.c
+@@ -213,7 +213,7 @@ parse_pwfile_line(char *start, struct token_pass *tp)
+ 	dprintf("non-whitespace span is %zd", span);
+ 
+ 	if (line[span] == '\0') {
+-		dprintf("returning %ld", (line + span) - start);
++		dprintf("returning %td", (line + span) - start);
+ 		return (line + span) - start;
+ 	}
+ 	line[span] = '\0';
+@@ -241,7 +241,7 @@ parse_pwfile_line(char *start, struct token_pass *tp)
+ 	dprintf("Setting token pass %p to { %p, %p }", tp, tp->token, tp->pass);
+ 	dprintf("token:\"%s\"", tp->token);
+ 	dprintf("pass:\"%s\"", tp->pass);
+-	dprintf("returning %ld", (line + span) - start);
++	dprintf("returning %td", (line + span) - start);
+ 	return (line + span) - start;
+ }
+ 
+@@ -330,7 +330,8 @@ SECU_FilePasswd(PK11SlotInfo *slot, PRBool retry, void *arg)
+ 		if (c != '\0')
+ 			span++;
+ 		start += span;
+-		dprintf("start is file[%ld] == '\\x%02hhx'", start - file, start[0]);
++		dprintf("start is file[%td] == '\\x%02hhx'", start - file,
++			start[0]);
+ 	}
+ 
+ 	qsort(phrases, nphrases, sizeof(struct token_pass), token_pass_cmp);
diff --git a/app-crypt/pesign/files/pesign-114-no-werror.patch b/app-crypt/pesign/files/pesign-114-no-werror.patch
new file mode 100644
index 000000000000..3937873e80bd
--- /dev/null
+++ b/app-crypt/pesign/files/pesign-114-no-werror.patch
@@ -0,0 +1,13 @@
+diff --git a/Make.defaults b/Make.defaults
+index fdb961a..cdbb064 100644
+--- a/Make.defaults
++++ b/Make.defaults
+@@ -58,7 +58,7 @@ cflags	= $(CFLAGS) $(ARCH3264) \
+ 	-Wall -Wextra -Wsign-compare -Wno-unused-result \
+ 	-Wno-unused-function -Wno-missing-field-initializers \
+ 	-Wno-analyzer-malloc-leak \
+-	-Werror -Wno-error=cpp -Wno-free-nonheap-object \
++	-Wno-error=cpp -Wno-free-nonheap-object \
+ 	-std=gnu11 -fshort-wchar -fPIC -fno-strict-aliasing \
+ 	-D_GNU_SOURCE -DCONFIG_$(ARCH) -I${TOPDIR}/include \
+ 	'-DRUNDIR="$(rundir)"' \
diff --git a/app-crypt/pesign/files/pesign-114-wanalyzer-diagnostic.patch b/app-crypt/pesign/files/pesign-114-wanalyzer-diagnostic.patch
new file mode 100644
index 000000000000..b76a7a7a296a
--- /dev/null
+++ b/app-crypt/pesign/files/pesign-114-wanalyzer-diagnostic.patch
@@ -0,0 +1,17 @@
+daemon.c:922:32: error: unknown option after ‘#pragma GCC diagnostic’ kind [-Werror=pragmas]
+  922 | #pragma GCC diagnostic ignored "-Wanalyzer-use-of-uninitialized-value"
+      |                                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+cc1: all warnings being treated as errors
+--- a/src/daemon.c
++++ b/src/daemon.c
+@@ -916,10 +916,6 @@ do_shutdown(context *ctx, int nsockets, struct pollfd *pollfds)
+ 	free(pollfds);
+ }
+ 
+-/* GCC -fanalyzer has trouble with realloc
+- * https://bugzilla.redhat.com/show_bug.cgi?id=2047926 */
+-#pragma GCC diagnostic push
+-#pragma GCC diagnostic ignored "-Wanalyzer-use-of-uninitialized-value"
+ static int
+ handle_events(context *ctx)
+ {
diff --git a/app-crypt/pesign/pesign-114.ebuild b/app-crypt/pesign/pesign-114.ebuild
new file mode 100644
index 000000000000..bd65febf96c3
--- /dev/null
+++ b/app-crypt/pesign/pesign-114.ebuild
@@ -0,0 +1,58 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit toolchain-funcs
+
+DESCRIPTION="Tools for manipulating signed PE-COFF binaries"
+HOMEPAGE="https://github.com/rhboot/pesign"
+SRC_URI="https://github.com/rhboot/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+
+RDEPEND="
+	dev-libs/nspr
+	dev-libs/nss
+	dev-libs/openssl:=
+	dev-libs/popt
+	sys-apps/util-linux
+	>=sys-libs/efivar-38
+"
+DEPEND="${RDEPEND}
+	sys-boot/gnu-efi
+"
+BDEPEND="
+	sys-apps/help2man
+	virtual/pkgconfig
+"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-114-wanalyzer-diagnostic.patch
+	"${FILESDIR}"/${PN}-114-no-werror.patch
+
+	"${FILESDIR}"/${P}-format-string.patch
+)
+
+src_compile() {
+	emake \
+		AR="$(tc-getAR)" \
+		ARFLAGS="-cvqs" \
+		AS="$(tc-getAS)" \
+		CC="$(tc-getCC)" \
+		LD="$(tc-getLD)" \
+		OBJCOPY="$(tc-getOBJCOPY)" \
+		PKG_CONFIG="$(tc-getPKG_CONFIG)" \
+		RANLIB="$(tc-getRANLIB)" \
+		rundir="${EPREFIX}/var/run"
+}
+
+src_install() {
+	emake DESTDIR="${ED}" VERSION="${PVR}" rundir="${EPREFIX}/var/run" install
+	einstalldocs
+
+	# remove some files that don't make sense for Gentoo installs
+	rm -rf "${ED}/etc" "${ED}/var" "${ED}/usr/share/doc/${PF}/COPYING" || die
+}