Fix unit test caused by expiring signing certificate

[micahsnyder]

The clamscan test "assorted_test.py::TC::test_pe_cert_trust" is about to fail because the "test.exe" test file was signed with a cert set to expire after only 2 years, and it has been 23 months.

While attempting to generate a new one that will last 73000 days (200 years), I discovered that any signing certificate set to expire after 2038 will fail the trust-check because the ca.not_after variable is maxed out time_t incapable of expressing a higher number. To fix this, I've upgraded the variables to uint64_t.

I also had to replace a bunch of generated signatures to match the new "test.exe".

Finally, I noticed that "ca.not_before" was being set to the token[8] instead of token[9], which presumably mean the "NotBefore" field for Trusted and Revoked Certificates was non-functional, as it was treating the "CertSign" boolean as the "NotBefore" value.

Fixes: https://github.com/Cisco-Talos/clamav/issues/1300

[bmwiedemann]

Hi, what is missing to get this merged?

[micahsnyder]

Hi, what is missing to get this merged?

We've had some issues with our internal Jenkins test pipelines that has slowed down some reviews on Github. I think this is good to go, though.

[micahsnyder]

Rebased with upstream main branch to get CI fixes.

[bmwiedemann]

Is there a plan to make a release with this? Patching binary files in not so easy with some build systems.

Edit: submitted to openSUSE in https://build.opensuse.org/request/show/1190176 using git apply

[peteanning]

@micahsnyder we are using 1.0.6 LTS building from source (now failing) will #1305 be released as a patch for 1.0.6

[micahsnyder]

@peteanning Sorry for the late response. We will publish 1.0.7 (and 1.3.2) with the fix soon, alongside or shortly after 1.4.0.