import certmonger-0.79.7-3.el8
This commit is contained in:
parent
94b42d705f
commit
434855d374
@ -1 +1 @@
|
|||||||
7eac3ce49718df4be8f47ec92ae3a951eb4ac435 SOURCES/certmonger-0.79.6.tar.gz
|
f73818aec2b6e1d9765af188547e2c82e644209c SOURCES/certmonger-0.79.7.tar.gz
|
||||||
|
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
|||||||
SOURCES/certmonger-0.79.6.tar.gz
|
SOURCES/certmonger-0.79.7.tar.gz
|
||||||
|
File diff suppressed because it is too large
Load Diff
@ -1,49 +0,0 @@
|
|||||||
From c029b32c04a9a5993b9c8715fb82421fee613137 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Rob Crittenden <rcritten@redhat.com>
|
|
||||||
Date: Fri, 31 Aug 2018 10:37:12 -0400
|
|
||||||
Subject: [PATCH 2/7] Include the token name when a PIN is provided but is
|
|
||||||
unused
|
|
||||||
|
|
||||||
This improves the output so the user will know which token
|
|
||||||
the PIN is missing for. Theoretically it should be the token
|
|
||||||
they asked for but this will show certmogner's view of it.
|
|
||||||
---
|
|
||||||
src/certread-n.c | 6 +++---
|
|
||||||
src/keygen-n.c | 4 ++--
|
|
||||||
2 files changed, 5 insertions(+), 5 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/certread-n.c b/src/certread-n.c
|
|
||||||
index f2e78c07..57a38dcf 100644
|
|
||||||
--- a/src/certread-n.c
|
|
||||||
+++ b/src/certread-n.c
|
|
||||||
@@ -259,9 +259,9 @@ cm_certread_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
|
||||||
if ((pin != NULL) &&
|
|
||||||
(strlen(pin) > 0) &&
|
|
||||||
(cb_data.n_attempts == 0)) {
|
|
||||||
- cm_log(1, "PIN was not needed to auth to cert "
|
|
||||||
- "db, though one was provided. "
|
|
||||||
- "Treating this as an error.\n");
|
|
||||||
+ cm_log(1, "PIN was not needed to auth to token "
|
|
||||||
+ "%s, though one was provided. "
|
|
||||||
+ "Treating this as an error.\n", token);
|
|
||||||
goto next_slot;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
diff --git a/src/keygen-n.c b/src/keygen-n.c
|
|
||||||
index 8078a520..84b0bbd3 100644
|
|
||||||
--- a/src/keygen-n.c
|
|
||||||
+++ b/src/keygen-n.c
|
|
||||||
@@ -400,8 +400,8 @@ next_slot:
|
|
||||||
(strlen(pin) > 0) &&
|
|
||||||
(cb_data.n_attempts == 0)) {
|
|
||||||
cm_log(1, "PIN was not needed to auth to key "
|
|
||||||
- "store, though one was provided. "
|
|
||||||
- "Treating this as an error.\n");
|
|
||||||
+ "store token %s, though one was provided. "
|
|
||||||
+ "Treating this as an error.\n", token);
|
|
||||||
PK11_FreeSlotList(slotlist);
|
|
||||||
error = NSS_ShutdownContext(ctx);
|
|
||||||
if (error != SECSuccess) {
|
|
||||||
--
|
|
||||||
2.14.4
|
|
||||||
|
|
@ -1,134 +0,0 @@
|
|||||||
From f396b19b2c222fa0a50e9bb9704059af4578e678 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Rob Crittenden <rcritten@redhat.com>
|
|
||||||
Date: Fri, 31 Aug 2018 12:08:35 -0400
|
|
||||||
Subject: [PATCH 3/7] Add utility function to get the internal token name
|
|
||||||
|
|
||||||
The NSS internal token is the default if no token is specified for
|
|
||||||
the cert or the key.
|
|
||||||
---
|
|
||||||
src/certread-n.c | 6 +++++-
|
|
||||||
src/certsave-n.c | 3 +++
|
|
||||||
src/keygen-n.c | 3 +++
|
|
||||||
src/keyiread-n.c | 3 +++
|
|
||||||
src/submit-n.c | 5 ++++-
|
|
||||||
src/util-n.c | 6 ++++++
|
|
||||||
src/util-n.h | 1 +
|
|
||||||
7 files changed, 25 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/certread-n.c b/src/certread-n.c
|
|
||||||
index 57a38dcf..1d9217c6 100644
|
|
||||||
--- a/src/certread-n.c
|
|
||||||
+++ b/src/certread-n.c
|
|
||||||
@@ -190,6 +190,9 @@ cm_certread_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
|
||||||
cm_log(1, "Error reading PIN for cert db.\n");
|
|
||||||
_exit(CM_SUB_STATUS_ERROR_AUTH);
|
|
||||||
}
|
|
||||||
+ if (entry->cm_cert_token == NULL) {
|
|
||||||
+ entry->cm_cert_token = util_internal_token_name();
|
|
||||||
+ }
|
|
||||||
PK11_SetPasswordFunc(&cm_pin_read_for_cert_nss_cb);
|
|
||||||
for (sle = slotlist->head;
|
|
||||||
((sle != NULL) && (sle->slot != NULL));
|
|
||||||
@@ -253,7 +256,8 @@ cm_certread_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
|
||||||
}
|
|
||||||
error = PK11_Authenticate(sle->slot, PR_TRUE, &cb_data);
|
|
||||||
if (error != SECSuccess) {
|
|
||||||
- cm_log(1, "Error authenticating to cert db.\n");
|
|
||||||
+ cm_log(1, "certread-n: Error authenticating to cert db "
|
|
||||||
+ "slot %s.\n", PK11_GetTokenName(sle->slot));
|
|
||||||
goto next_slot;
|
|
||||||
}
|
|
||||||
if ((pin != NULL) &&
|
|
||||||
diff --git a/src/certsave-n.c b/src/certsave-n.c
|
|
||||||
index af176ce5..193309c5 100644
|
|
||||||
--- a/src/certsave-n.c
|
|
||||||
+++ b/src/certsave-n.c
|
|
||||||
@@ -214,6 +214,9 @@ cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
|
||||||
_exit(CM_SUB_STATUS_ERROR_AUTH);
|
|
||||||
}
|
|
||||||
PK11_SetPasswordFunc(&cm_pin_read_for_cert_nss_cb);
|
|
||||||
+ if (entry->cm_cert_token == NULL) {
|
|
||||||
+ entry->cm_cert_token = util_internal_token_name();
|
|
||||||
+ }
|
|
||||||
for (sle = slotlist->head;
|
|
||||||
((sle != NULL) && (sle->slot != NULL));
|
|
||||||
sle = sle->next)
|
|
||||||
diff --git a/src/keygen-n.c b/src/keygen-n.c
|
|
||||||
index 84b0bbd3..f7fdf6c0 100644
|
|
||||||
--- a/src/keygen-n.c
|
|
||||||
+++ b/src/keygen-n.c
|
|
||||||
@@ -272,6 +272,9 @@ cm_keygen_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
|
||||||
cm_log(1, "Error locating token for key generation.\n");
|
|
||||||
_exit(CM_SUB_STATUS_ERROR_NO_TOKEN);
|
|
||||||
}
|
|
||||||
+ if (entry->cm_cert_token == NULL) {
|
|
||||||
+ entry->cm_cert_token = util_internal_token_name();
|
|
||||||
+ }
|
|
||||||
/* Walk the list looking for the requested slot, or the first one if
|
|
||||||
* none was requested. */
|
|
||||||
slot = NULL;
|
|
||||||
diff --git a/src/keyiread-n.c b/src/keyiread-n.c
|
|
||||||
index 89913aa2..b8408bf1 100644
|
|
||||||
--- a/src/keyiread-n.c
|
|
||||||
+++ b/src/keyiread-n.c
|
|
||||||
@@ -152,6 +152,9 @@ cm_keyiread_n_get_keys(struct cm_store_entry *entry, int readwrite)
|
|
||||||
_exit(CM_SUB_STATUS_ERROR_AUTH);
|
|
||||||
}
|
|
||||||
PK11_SetPasswordFunc(&cm_pin_read_for_cert_nss_cb);
|
|
||||||
+ if (entry->cm_key_token == NULL) {
|
|
||||||
+ entry->cm_key_token = util_internal_token_name();
|
|
||||||
+ }
|
|
||||||
n_tokens = 0;
|
|
||||||
pubkey = NULL;
|
|
||||||
/* In practice, the internal slot is either a non-storage slot (in
|
|
||||||
diff --git a/src/submit-n.c b/src/submit-n.c
|
|
||||||
index 872153ea..da07d253 100644
|
|
||||||
--- a/src/submit-n.c
|
|
||||||
+++ b/src/submit-n.c
|
|
||||||
@@ -346,6 +346,9 @@ cm_submit_n_decrypt_envelope(const unsigned char *envelope,
|
|
||||||
cm_log(1, "Error reading PIN for key storage.\n");
|
|
||||||
goto done;
|
|
||||||
}
|
|
||||||
+ if (args->entry->cm_key_token == NULL) {
|
|
||||||
+ args->entry->cm_key_token = util_internal_token_name();
|
|
||||||
+ }
|
|
||||||
PK11_SetPasswordFunc(&cm_pin_read_for_cert_nss_cb);
|
|
||||||
n_tokens = 0;
|
|
||||||
/* In practice, the internal slot is either a non-storage slot (in
|
|
||||||
@@ -402,7 +405,7 @@ cm_submit_n_decrypt_envelope(const unsigned char *envelope,
|
|
||||||
}
|
|
||||||
error = PK11_Authenticate(slot, PR_TRUE, &cb_data);
|
|
||||||
if (error != SECSuccess) {
|
|
||||||
- cm_log(1, "Error authenticating to token "
|
|
||||||
+ cm_log(1, "submit-n: Error authenticating to token "
|
|
||||||
"\"%s\".\n", token);
|
|
||||||
goto done;
|
|
||||||
}
|
|
||||||
diff --git a/src/util-n.c b/src/util-n.c
|
|
||||||
index 7805e58e..293e2583 100644
|
|
||||||
--- a/src/util-n.c
|
|
||||||
+++ b/src/util-n.c
|
|
||||||
@@ -287,3 +287,9 @@ util_set_db_entry_cert_owner(const char *dbdir, struct cm_store_entry *entry)
|
|
||||||
util_set_db_owner_perms(dbdir, secmoddb, entry->cm_cert_owner,
|
|
||||||
entry->cm_cert_perms);
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+char *
|
|
||||||
+util_internal_token_name()
|
|
||||||
+{
|
|
||||||
+ return strdup(PK11_GetTokenName(PK11_GetInternalKeySlot()));
|
|
||||||
+}
|
|
||||||
diff --git a/src/util-n.h b/src/util-n.h
|
|
||||||
index 8a918d5c..637fd4b1 100644
|
|
||||||
--- a/src/util-n.h
|
|
||||||
+++ b/src/util-n.h
|
|
||||||
@@ -29,5 +29,6 @@ void util_set_db_entry_key_owner(const char *dbdir,
|
|
||||||
struct cm_store_entry *entry);
|
|
||||||
void util_set_db_entry_cert_owner(const char *dbdir,
|
|
||||||
struct cm_store_entry *entry);
|
|
||||||
+char * util_internal_token_name();
|
|
||||||
|
|
||||||
#endif
|
|
||||||
--
|
|
||||||
2.14.4
|
|
||||||
|
|
@ -1,41 +0,0 @@
|
|||||||
From 6ebe5695a626c6cd254b249bbebf9846bcb936c0 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Rob Crittenden <rcritten@redhat.com>
|
|
||||||
Date: Tue, 4 Sep 2018 11:06:13 -0400
|
|
||||||
Subject: [PATCH 4/7] Only de-duplicate certificates within the same token
|
|
||||||
|
|
||||||
certmonger may not have read/write access to tokens other than
|
|
||||||
the one it is examining so don't try to de-duplicate certificates
|
|
||||||
on other tokens.
|
|
||||||
---
|
|
||||||
src/certsave-n.c | 8 +++++---
|
|
||||||
1 file changed, 5 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/certsave-n.c b/src/certsave-n.c
|
|
||||||
index 193309c5..d0152cad 100644
|
|
||||||
--- a/src/certsave-n.c
|
|
||||||
+++ b/src/certsave-n.c
|
|
||||||
@@ -391,8 +391,9 @@ cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
|
||||||
!CERT_LIST_EMPTY(certlist) &&
|
|
||||||
!CERT_LIST_END(node, certlist);
|
|
||||||
node = CERT_LIST_NEXT(node)) {
|
|
||||||
- if (!SECITEM_ItemsAreEqual(&subject,
|
|
||||||
- &node->cert->derSubject)) {
|
|
||||||
+ if ((!SECITEM_ItemsAreEqual(&subject,
|
|
||||||
+ &node->cert->derSubject)) &&
|
|
||||||
+ (sle->slot == node->cert->slot)) {
|
|
||||||
cm_log(3, "Found a "
|
|
||||||
"certificate "
|
|
||||||
"with the same "
|
|
||||||
@@ -441,7 +442,8 @@ cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
|
||||||
node = CERT_LIST_NEXT(node)) {
|
|
||||||
if ((node->cert->nickname != NULL) &&
|
|
||||||
(strcmp(entry->cm_cert_nickname,
|
|
||||||
- node->cert->nickname) != 0))
|
|
||||||
+ node->cert->nickname) != 0) &&
|
|
||||||
+ (sle->slot == node->cert->slot))
|
|
||||||
{
|
|
||||||
i++;
|
|
||||||
cm_log(3, "Found a "
|
|
||||||
--
|
|
||||||
2.14.4
|
|
||||||
|
|
@ -1,30 +0,0 @@
|
|||||||
From 697dd085e7b2ce15eefc454509987270131d7f1e Mon Sep 17 00:00:00 2001
|
|
||||||
From: Rob Crittenden <rcritten@redhat.com>
|
|
||||||
Date: Tue, 4 Sep 2018 16:59:28 -0400
|
|
||||||
Subject: [PATCH 5/7] Ensure that an OpenSSL random seed file exists when
|
|
||||||
testing
|
|
||||||
|
|
||||||
Otherwise some openssl command-line invocations will fail and
|
|
||||||
because of the way the tests are done the error message is not
|
|
||||||
shown.
|
|
||||||
---
|
|
||||||
tests/Makefile.am | 3 +++
|
|
||||||
1 file changed, 3 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/tests/Makefile.am b/tests/Makefile.am
|
|
||||||
index 4e407434..fe368dc0 100644
|
|
||||||
--- a/tests/Makefile.am
|
|
||||||
+++ b/tests/Makefile.am
|
|
||||||
@@ -433,6 +433,9 @@ subdirs += \
|
|
||||||
endif
|
|
||||||
|
|
||||||
check: all
|
|
||||||
+ if [ ! -e $$HOME/.rnd ] ; then \
|
|
||||||
+ openssl rand -writerand $$HOME/.rnd; \
|
|
||||||
+ fi
|
|
||||||
for required in certutil cmsutil pk12util openssl diff cmp mktemp \
|
|
||||||
dos2unix unix2dos dbus-launch ; do \
|
|
||||||
which $$required || exit 1; \
|
|
||||||
--
|
|
||||||
2.14.4
|
|
||||||
|
|
@ -1,29 +0,0 @@
|
|||||||
From e93ecadec7c868f4227e084ffb65c70a6efd7314 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Rob Crittenden <rcritten@redhat.com>
|
|
||||||
Date: Tue, 4 Sep 2018 18:12:18 -0400
|
|
||||||
Subject: [PATCH 6/7] Log test failures of bad pin
|
|
||||||
|
|
||||||
Previously this would show a "don't know why" failure.
|
|
||||||
---
|
|
||||||
tests/tools/certsave.c | 5 +++++
|
|
||||||
1 file changed, 5 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/tests/tools/certsave.c b/tests/tools/certsave.c
|
|
||||||
index ac0f73ec..fd86a4c1 100644
|
|
||||||
--- a/tests/tools/certsave.c
|
|
||||||
+++ b/tests/tools/certsave.c
|
|
||||||
@@ -106,6 +106,11 @@ main(int argc, char **argv)
|
|
||||||
printf("Failed to save (%s:%s), "
|
|
||||||
"filesystem permissions error.\n",
|
|
||||||
ctype, entry->cm_cert_storage_location);
|
|
||||||
+ } else
|
|
||||||
+ if (cm_certsave_pin_error(state) == 0) {
|
|
||||||
+ printf("Failed to save (%s:%s), "
|
|
||||||
+ "pin error.\n",
|
|
||||||
+ ctype, entry->cm_cert_storage_location);
|
|
||||||
} else {
|
|
||||||
printf("Failed to save (%s:%s), "
|
|
||||||
"don't know why.\n",
|
|
||||||
--
|
|
||||||
2.14.4
|
|
||||||
|
|
@ -1,95 +0,0 @@
|
|||||||
From 15d406ee3afbb52832d5c61a1afb735724d109a2 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Rob Crittenden <rcritten@redhat.com>
|
|
||||||
Date: Tue, 18 Sep 2018 10:21:28 -0400
|
|
||||||
Subject: [PATCH 7/7] Use only PK11_ImportCert to import certs, not
|
|
||||||
CERT_ImportCerts
|
|
||||||
|
|
||||||
CERT_ImportCerts always imports a given certificate into the
|
|
||||||
certificate database, whether a token is requested or not.
|
|
||||||
|
|
||||||
Using PK11_ImportCert will import the cert, associate the key
|
|
||||||
properly and will only add the certificate to the appropriate
|
|
||||||
token.
|
|
||||||
---
|
|
||||||
src/certsave-n.c | 37 +++++++++++--------------------------
|
|
||||||
1 file changed, 11 insertions(+), 26 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/certsave-n.c b/src/certsave-n.c
|
|
||||||
index d0152cad..fcb43148 100644
|
|
||||||
--- a/src/certsave-n.c
|
|
||||||
+++ b/src/certsave-n.c
|
|
||||||
@@ -100,7 +100,7 @@ cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
|
||||||
NSSInitContext *ctx;
|
|
||||||
CERTCertDBHandle *certdb;
|
|
||||||
CERTCertList *certlist;
|
|
||||||
- CERTCertificate **returned, *oldcert, cert;
|
|
||||||
+ CERTCertificate *oldcert, *newcert, cert;
|
|
||||||
CERTCertTrust trust;
|
|
||||||
CERTSignedData csdata;
|
|
||||||
CERTCertListNode *node;
|
|
||||||
@@ -497,33 +497,18 @@ cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
/* Import the certificate. */
|
|
||||||
- returned = NULL;
|
|
||||||
- error = CERT_ImportCerts(certdb,
|
|
||||||
- certUsageUserCertImport,
|
|
||||||
- 1, &item, &returned,
|
|
||||||
- PR_TRUE,
|
|
||||||
- PR_FALSE,
|
|
||||||
- entry->cm_cert_nickname);
|
|
||||||
- ec = PORT_GetError();
|
|
||||||
- if (error == SECSuccess) {
|
|
||||||
- /* If NSS uses SQL DB storage, CERT_ImportCerts creates
|
|
||||||
- * an incomplete internal state (the cert isn't
|
|
||||||
- * associated with the private key, and calling
|
|
||||||
- * PK11_FindKeyByAnyCert returns no result).
|
|
||||||
- * As a workaround, we import the cert again using
|
|
||||||
- * PK11_ImportCert, which magically fixes the issue.
|
|
||||||
- * See rhbz#1532188 */
|
|
||||||
+ newcert = CERT_DecodeCertFromPackage((char *)item->data, item->len);
|
|
||||||
+ if (newcert != NULL) {
|
|
||||||
error = PK11_ImportCert(sle->slot,
|
|
||||||
- returned[0],
|
|
||||||
+ newcert,
|
|
||||||
CK_INVALID_HANDLE,
|
|
||||||
- returned[0]->nickname,
|
|
||||||
+ entry->cm_cert_nickname,
|
|
||||||
PR_FALSE);
|
|
||||||
}
|
|
||||||
if (error == SECSuccess) {
|
|
||||||
- cm_log(1, "Imported certificate \"%s\", got "
|
|
||||||
+ cm_log(1, "Imported certificate with "
|
|
||||||
"nickname \"%s\".\n",
|
|
||||||
- entry->cm_cert_nickname,
|
|
||||||
- returned[0]->nickname);
|
|
||||||
+ entry->cm_cert_nickname);
|
|
||||||
status = 0;
|
|
||||||
/* Set the trust on the new certificate,
|
|
||||||
* perhaps matching the trust on an
|
|
||||||
@@ -536,7 +521,7 @@ cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
|
||||||
trust.objectSigningFlags = CERTDB_USER;
|
|
||||||
}
|
|
||||||
error = CERT_ChangeCertTrust(certdb,
|
|
||||||
- returned[0],
|
|
||||||
+ newcert,
|
|
||||||
&trust);
|
|
||||||
ec = PORT_GetError();
|
|
||||||
if (error != SECSuccess) {
|
|
||||||
@@ -621,10 +606,10 @@ cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
|
||||||
}
|
|
||||||
/* If we managed to import the certificate, mark its
|
|
||||||
* key for having its nickname removed. */
|
|
||||||
- if ((returned != NULL) && (returned[0] != NULL)) {
|
|
||||||
- privkey = PK11_FindKeyByAnyCert(returned[0], NULL);
|
|
||||||
+ if (newcert != NULL) {
|
|
||||||
+ privkey = PK11_FindKeyByAnyCert(newcert, NULL);
|
|
||||||
privkeys = add_privkey_to_list(privkeys, privkey);
|
|
||||||
- CERT_DestroyCertArray(returned, 1);
|
|
||||||
+ CERT_DestroyCertificate(newcert);
|
|
||||||
}
|
|
||||||
/* In case we're rekeying, but failed, mark the
|
|
||||||
* candidate key for name-clearing or removal, too. */
|
|
||||||
--
|
|
||||||
2.14.4
|
|
||||||
|
|
@ -1,95 +0,0 @@
|
|||||||
From 5d2554ed31fa6bc121d94efe533f9e4fea3900aa Mon Sep 17 00:00:00 2001
|
|
||||||
From: Rob Crittenden <rcritten@redhat.com>
|
|
||||||
Date: Thu, 4 Oct 2018 08:21:35 -0400
|
|
||||||
Subject: [PATCH 10/17] Fix memory leak in util_internal_token_name()
|
|
||||||
|
|
||||||
Allocate memory using the talloc context instead of relying on
|
|
||||||
the caller to call free().
|
|
||||||
---
|
|
||||||
src/certread-n.c | 2 +-
|
|
||||||
src/certsave-n.c | 2 +-
|
|
||||||
src/keygen-n.c | 2 +-
|
|
||||||
src/keyiread-n.c | 2 +-
|
|
||||||
src/submit-n.c | 2 +-
|
|
||||||
src/util-n.c | 2 +-
|
|
||||||
6 files changed, 6 insertions(+), 6 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/certread-n.c b/src/certread-n.c
|
|
||||||
index 1d9217c6..d535030b 100644
|
|
||||||
--- a/src/certread-n.c
|
|
||||||
+++ b/src/certread-n.c
|
|
||||||
@@ -191,7 +191,7 @@ cm_certread_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
|
||||||
_exit(CM_SUB_STATUS_ERROR_AUTH);
|
|
||||||
}
|
|
||||||
if (entry->cm_cert_token == NULL) {
|
|
||||||
- entry->cm_cert_token = util_internal_token_name();
|
|
||||||
+ entry->cm_cert_token = talloc_strdup(entry, util_internal_token_name());
|
|
||||||
}
|
|
||||||
PK11_SetPasswordFunc(&cm_pin_read_for_cert_nss_cb);
|
|
||||||
for (sle = slotlist->head;
|
|
||||||
diff --git a/src/certsave-n.c b/src/certsave-n.c
|
|
||||||
index fcb43148..49b28324 100644
|
|
||||||
--- a/src/certsave-n.c
|
|
||||||
+++ b/src/certsave-n.c
|
|
||||||
@@ -215,7 +215,7 @@ cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
|
||||||
}
|
|
||||||
PK11_SetPasswordFunc(&cm_pin_read_for_cert_nss_cb);
|
|
||||||
if (entry->cm_cert_token == NULL) {
|
|
||||||
- entry->cm_cert_token = util_internal_token_name();
|
|
||||||
+ entry->cm_cert_token = talloc_strdup(entry, util_internal_token_name());
|
|
||||||
}
|
|
||||||
for (sle = slotlist->head;
|
|
||||||
((sle != NULL) && (sle->slot != NULL));
|
|
||||||
diff --git a/src/keygen-n.c b/src/keygen-n.c
|
|
||||||
index f7fdf6c0..76a5c1d3 100644
|
|
||||||
--- a/src/keygen-n.c
|
|
||||||
+++ b/src/keygen-n.c
|
|
||||||
@@ -273,7 +273,7 @@ cm_keygen_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
|
||||||
_exit(CM_SUB_STATUS_ERROR_NO_TOKEN);
|
|
||||||
}
|
|
||||||
if (entry->cm_cert_token == NULL) {
|
|
||||||
- entry->cm_cert_token = util_internal_token_name();
|
|
||||||
+ entry->cm_cert_token = talloc_strdup(entry, util_internal_token_name());
|
|
||||||
}
|
|
||||||
/* Walk the list looking for the requested slot, or the first one if
|
|
||||||
* none was requested. */
|
|
||||||
diff --git a/src/keyiread-n.c b/src/keyiread-n.c
|
|
||||||
index b8408bf1..8f46ec0f 100644
|
|
||||||
--- a/src/keyiread-n.c
|
|
||||||
+++ b/src/keyiread-n.c
|
|
||||||
@@ -153,7 +153,7 @@ cm_keyiread_n_get_keys(struct cm_store_entry *entry, int readwrite)
|
|
||||||
}
|
|
||||||
PK11_SetPasswordFunc(&cm_pin_read_for_cert_nss_cb);
|
|
||||||
if (entry->cm_key_token == NULL) {
|
|
||||||
- entry->cm_key_token = util_internal_token_name();
|
|
||||||
+ entry->cm_key_token = talloc_strdup(entry, util_internal_token_name());
|
|
||||||
}
|
|
||||||
n_tokens = 0;
|
|
||||||
pubkey = NULL;
|
|
||||||
diff --git a/src/submit-n.c b/src/submit-n.c
|
|
||||||
index da07d253..ee6f3105 100644
|
|
||||||
--- a/src/submit-n.c
|
|
||||||
+++ b/src/submit-n.c
|
|
||||||
@@ -347,7 +347,7 @@ cm_submit_n_decrypt_envelope(const unsigned char *envelope,
|
|
||||||
goto done;
|
|
||||||
}
|
|
||||||
if (args->entry->cm_key_token == NULL) {
|
|
||||||
- args->entry->cm_key_token = util_internal_token_name();
|
|
||||||
+ args->entry->cm_key_token = talloc_strdup(args->entry, util_internal_token_name());
|
|
||||||
}
|
|
||||||
PK11_SetPasswordFunc(&cm_pin_read_for_cert_nss_cb);
|
|
||||||
n_tokens = 0;
|
|
||||||
diff --git a/src/util-n.c b/src/util-n.c
|
|
||||||
index 293e2583..4ab3d47b 100644
|
|
||||||
--- a/src/util-n.c
|
|
||||||
+++ b/src/util-n.c
|
|
||||||
@@ -291,5 +291,5 @@ util_set_db_entry_cert_owner(const char *dbdir, struct cm_store_entry *entry)
|
|
||||||
char *
|
|
||||||
util_internal_token_name()
|
|
||||||
{
|
|
||||||
- return strdup(PK11_GetTokenName(PK11_GetInternalKeySlot()));
|
|
||||||
+ return PK11_GetTokenName(PK11_GetInternalKeySlot());
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.14.4
|
|
||||||
|
|
@ -1,266 +0,0 @@
|
|||||||
From 648fe74986f2a84416805cfd73206e9e67166ae2 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Rob Crittenden <rcritten@redhat.com>
|
|
||||||
Date: Thu, 13 Sep 2018 15:40:23 -0400
|
|
||||||
Subject: [PATCH 11/17] clang: Dead assignment
|
|
||||||
|
|
||||||
---
|
|
||||||
src/casave.c | 4 +++-
|
|
||||||
src/keygen-n.c | 1 -
|
|
||||||
src/keyiread-n.c | 1 -
|
|
||||||
src/store-files.c | 2 --
|
|
||||||
src/store-gen.c | 3 ---
|
|
||||||
src/submit-e.c | 54 ++++++++++++++++++++++++++------------------------
|
|
||||||
src/submit-u.c | 2 --
|
|
||||||
src/tdbush.c | 8 ++++++--
|
|
||||||
tests/tools/addcinfo.c | 1 -
|
|
||||||
tests/tools/certsave.c | 4 +++-
|
|
||||||
10 files changed, 40 insertions(+), 40 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/casave.c b/src/casave.c
|
|
||||||
index 5fb31b8d..bde63f99 100644
|
|
||||||
--- a/src/casave.c
|
|
||||||
+++ b/src/casave.c
|
|
||||||
@@ -163,7 +163,6 @@ cm_casave_main_n(int fd, struct cm_store_ca *ca, struct cm_store_entry *e,
|
|
||||||
decoded = CERT_DecodeCertFromPackage(package,
|
|
||||||
strlen(package));
|
|
||||||
p = state->certs[i]->nickname;
|
|
||||||
- ttrust = ",,";
|
|
||||||
switch (state->certs[i]->level) {
|
|
||||||
case root:
|
|
||||||
case other_root:
|
|
||||||
@@ -178,6 +177,9 @@ cm_casave_main_n(int fd, struct cm_store_ca *ca, struct cm_store_entry *e,
|
|
||||||
ttrust = ",,";
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
+ default:
|
|
||||||
+ ttrust = ",,";
|
|
||||||
+ break;
|
|
||||||
}
|
|
||||||
memset(&trust, 0, sizeof(trust));
|
|
||||||
CERT_DecodeTrustString(&trust, ttrust);
|
|
||||||
diff --git a/src/keygen-n.c b/src/keygen-n.c
|
|
||||||
index 76a5c1d3..061bd2af 100644
|
|
||||||
--- a/src/keygen-n.c
|
|
||||||
+++ b/src/keygen-n.c
|
|
||||||
@@ -591,7 +591,6 @@ retry_gen:
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
- generated_size = SECKEY_PublicKeyStrengthInBits(pubkey);
|
|
||||||
cm_log(1, "Ended up with %d bit public key.\n",
|
|
||||||
SECKEY_PublicKeyStrengthInBits(pubkey));
|
|
||||||
/* Check for keys with the desired name, selecting a new name if
|
|
||||||
diff --git a/src/keyiread-n.c b/src/keyiread-n.c
|
|
||||||
index 8f46ec0f..91b1be41 100644
|
|
||||||
--- a/src/keyiread-n.c
|
|
||||||
+++ b/src/keyiread-n.c
|
|
||||||
@@ -492,7 +492,6 @@ cm_keyiread_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
|
||||||
readwrite = settings->readwrite;
|
|
||||||
keys = cm_keyiread_n_get_keys(entry, readwrite);
|
|
||||||
alg = "";
|
|
||||||
- size = 0;
|
|
||||||
if (keys != NULL) {
|
|
||||||
switch (SECKEY_GetPrivateKeyType(keys->privkey)) {
|
|
||||||
case rsaKey:
|
|
||||||
diff --git a/src/store-files.c b/src/store-files.c
|
|
||||||
index 06a17485..df1fa336 100644
|
|
||||||
--- a/src/store-files.c
|
|
||||||
+++ b/src/store-files.c
|
|
||||||
@@ -2182,7 +2182,6 @@ cm_store_entry_delete(struct cm_store_entry *entry)
|
|
||||||
} else {
|
|
||||||
cm_log(3, "No file to remove for \"%s\".\n",
|
|
||||||
entry->cm_nickname);
|
|
||||||
- ret = 0;
|
|
||||||
}
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
@@ -2469,7 +2468,6 @@ cm_store_ca_delete(struct cm_store_ca *ca)
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
cm_log(3, "No file to remove for \"%s\".\n", ca->cm_nickname);
|
|
||||||
- ret = 0;
|
|
||||||
}
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
diff --git a/src/store-gen.c b/src/store-gen.c
|
|
||||||
index 5ce4ab84..da32afc8 100644
|
|
||||||
--- a/src/store-gen.c
|
|
||||||
+++ b/src/store-gen.c
|
|
||||||
@@ -530,8 +530,6 @@ cm_store_hex_to_bin(const char *serial, unsigned char *buf, int length)
|
|
||||||
const char *p, *q, *chars = "0123456789abcdef";
|
|
||||||
unsigned char *b, u;
|
|
||||||
|
|
||||||
- p = serial;
|
|
||||||
- b = buf;
|
|
||||||
u = 0;
|
|
||||||
for (p = serial, b = buf;
|
|
||||||
((*p != '\0') && ((b - buf) < length));
|
|
||||||
@@ -606,7 +604,6 @@ cm_store_canonicalize_path(void *parent, const char *path)
|
|
||||||
for (p = tmp; *p != '\0'; p++) {
|
|
||||||
if ((strncmp(p, "/.", 2) == 0) &&
|
|
||||||
((p[2] == '/') || (p[2] == '\0'))) {
|
|
||||||
- q = p - 1;
|
|
||||||
memmove(p, p + 2, strlen(p + 2) + 1);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
diff --git a/src/submit-e.c b/src/submit-e.c
|
|
||||||
index 8ba8e44c..d6158d7a 100644
|
|
||||||
--- a/src/submit-e.c
|
|
||||||
+++ b/src/submit-e.c
|
|
||||||
@@ -587,32 +587,34 @@ cm_submit_e_postprocess_main(int fd, struct cm_store_ca *ca,
|
|
||||||
estate->msg_length, NULL);
|
|
||||||
msg = cm_json_new_object(estate);
|
|
||||||
chain = cm_json_new_array(msg);
|
|
||||||
- if (leaf != NULL) {
|
|
||||||
- cert = cm_json_new_string(msg, leaf, -1);
|
|
||||||
- cm_json_set(msg, CM_SUBMIT_E_CERTIFICATE, cert);
|
|
||||||
- }
|
|
||||||
- for (i = 0;
|
|
||||||
- (others != NULL) && (others[i] != NULL);
|
|
||||||
- i++) {
|
|
||||||
- cert = cm_json_new_object(chain);
|
|
||||||
- val = cm_json_new_string(cert, others[i], -1);
|
|
||||||
- cm_json_set(cert, CM_SUBMIT_E_CERTIFICATE, val);
|
|
||||||
- nthnick = talloc_asprintf(cert, "chain #%d", i + 1);
|
|
||||||
- nick = cm_json_new_string(cert, nthnick, -1);
|
|
||||||
- cm_json_set(cert, CM_SUBMIT_E_NICKNAME, nick);
|
|
||||||
- cm_json_append(chain, cert);
|
|
||||||
- }
|
|
||||||
- if (top!= NULL) {
|
|
||||||
- cert = cm_json_new_object(chain);
|
|
||||||
- val = cm_json_new_string(cert, top, -1);
|
|
||||||
- cm_json_set(cert, CM_SUBMIT_E_CERTIFICATE, val);
|
|
||||||
- nthnick = talloc_asprintf(cert, "chain #%d", i + 1);
|
|
||||||
- nick = cm_json_new_string(cert, nthnick, -1);
|
|
||||||
- cm_json_set(cert, CM_SUBMIT_E_NICKNAME, nick);
|
|
||||||
- cm_json_append(chain, cert);
|
|
||||||
- }
|
|
||||||
- if (cm_json_array_size(chain) > 0) {
|
|
||||||
- cm_json_set(msg, CM_SUBMIT_E_CHAIN, chain);
|
|
||||||
+ if (i == 0) {
|
|
||||||
+ if (leaf != NULL) {
|
|
||||||
+ cert = cm_json_new_string(msg, leaf, -1);
|
|
||||||
+ cm_json_set(msg, CM_SUBMIT_E_CERTIFICATE, cert);
|
|
||||||
+ }
|
|
||||||
+ for (i = 0;
|
|
||||||
+ (others != NULL) && (others[i] != NULL);
|
|
||||||
+ i++) {
|
|
||||||
+ cert = cm_json_new_object(chain);
|
|
||||||
+ val = cm_json_new_string(cert, others[i], -1);
|
|
||||||
+ cm_json_set(cert, CM_SUBMIT_E_CERTIFICATE, val);
|
|
||||||
+ nthnick = talloc_asprintf(cert, "chain #%d", i + 1);
|
|
||||||
+ nick = cm_json_new_string(cert, nthnick, -1);
|
|
||||||
+ cm_json_set(cert, CM_SUBMIT_E_NICKNAME, nick);
|
|
||||||
+ cm_json_append(chain, cert);
|
|
||||||
+ }
|
|
||||||
+ if (top!= NULL) {
|
|
||||||
+ cert = cm_json_new_object(chain);
|
|
||||||
+ val = cm_json_new_string(cert, top, -1);
|
|
||||||
+ cm_json_set(cert, CM_SUBMIT_E_CERTIFICATE, val);
|
|
||||||
+ nthnick = talloc_asprintf(cert, "chain #%d", i + 1);
|
|
||||||
+ nick = cm_json_new_string(cert, nthnick, -1);
|
|
||||||
+ cm_json_set(cert, CM_SUBMIT_E_NICKNAME, nick);
|
|
||||||
+ cm_json_append(chain, cert);
|
|
||||||
+ }
|
|
||||||
+ if (cm_json_array_size(chain) > 0) {
|
|
||||||
+ cm_json_set(msg, CM_SUBMIT_E_CHAIN, chain);
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
}
|
|
||||||
/* Get ready to build an output message. */
|
|
||||||
diff --git a/src/submit-u.c b/src/submit-u.c
|
|
||||||
index dda2edbc..b0b45baf 100644
|
|
||||||
--- a/src/submit-u.c
|
|
||||||
+++ b/src/submit-u.c
|
|
||||||
@@ -120,14 +120,12 @@ cm_submit_u_from_file_single(const char *filename)
|
|
||||||
if (csr == NULL) {
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
- p = csr;
|
|
||||||
for (i = 0; i < sizeof(strip) / sizeof(strip[0]); i++) {
|
|
||||||
while ((p = strstr(csr, strip[i])) != NULL) {
|
|
||||||
q = p + strcspn(p, "\r\n");
|
|
||||||
memmove(p, q, strlen(q) + 1);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
- p = csr;
|
|
||||||
q = strdup(csr);
|
|
||||||
for (p = csr, i = 0; *p != '\0'; p++) {
|
|
||||||
if (strchr("\r\n\t ", *p) == NULL) {
|
|
||||||
diff --git a/src/tdbush.c b/src/tdbush.c
|
|
||||||
index 1d487222..3184e67a 100644
|
|
||||||
--- a/src/tdbush.c
|
|
||||||
+++ b/src/tdbush.c
|
|
||||||
@@ -2911,7 +2911,6 @@ request_get_key_type_and_size(DBusConnection *conn, DBusMessage *msg,
|
|
||||||
return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
|
|
||||||
}
|
|
||||||
rep = dbus_message_new_method_return(msg);
|
|
||||||
- type = "UNKNOWN";
|
|
||||||
switch (entry->cm_key_type.cm_key_algorithm) {
|
|
||||||
case cm_key_unspecified:
|
|
||||||
type = "UNKNOWN";
|
|
||||||
@@ -2929,6 +2928,9 @@ request_get_key_type_and_size(DBusConnection *conn, DBusMessage *msg,
|
|
||||||
type = "EC";
|
|
||||||
break;
|
|
||||||
#endif
|
|
||||||
+ default:
|
|
||||||
+ type = "UNKNOWN";
|
|
||||||
+ break;
|
|
||||||
}
|
|
||||||
if (rep != NULL) {
|
|
||||||
size = entry->cm_key_type.cm_key_size;
|
|
||||||
@@ -4790,7 +4792,6 @@ cm_tdbush_introspect_method(void *parent,
|
|
||||||
method->cm_name);
|
|
||||||
arg = method->cm_args;
|
|
||||||
while (arg != NULL) {
|
|
||||||
- direction = "unknown";
|
|
||||||
switch (arg->cm_direction) {
|
|
||||||
case cm_tdbush_method_arg_in:
|
|
||||||
direction = "in";
|
|
||||||
@@ -4798,6 +4799,9 @@ cm_tdbush_introspect_method(void *parent,
|
|
||||||
case cm_tdbush_method_arg_out:
|
|
||||||
direction = "out";
|
|
||||||
break;
|
|
||||||
+ default:
|
|
||||||
+ direction = "unknown";
|
|
||||||
+ break;
|
|
||||||
}
|
|
||||||
ret = talloc_asprintf(parent,
|
|
||||||
"%s\n <arg name=\"%s\" type=\"%s\" "
|
|
||||||
diff --git a/tests/tools/addcinfo.c b/tests/tools/addcinfo.c
|
|
||||||
index d3cea2ca..f016acb4 100644
|
|
||||||
--- a/tests/tools/addcinfo.c
|
|
||||||
+++ b/tests/tools/addcinfo.c
|
|
||||||
@@ -98,7 +98,6 @@ main(int argc, char **argv)
|
|
||||||
PR_ErrorToName(PORT_GetError()));
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
- n = encoded.len;
|
|
||||||
j = 0;
|
|
||||||
while ((i = write(STDOUT_FILENO, encoded.data + j, encoded.len - j)) > 0) {
|
|
||||||
j += i;
|
|
||||||
diff --git a/tests/tools/certsave.c b/tests/tools/certsave.c
|
|
||||||
index fd86a4c1..8ec60ddd 100644
|
|
||||||
--- a/tests/tools/certsave.c
|
|
||||||
+++ b/tests/tools/certsave.c
|
|
||||||
@@ -83,7 +83,6 @@ main(int argc, char **argv)
|
|
||||||
if (cm_certsave_saved(state) == 0) {
|
|
||||||
ret = 0;
|
|
||||||
} else {
|
|
||||||
- ctype = "unknown";
|
|
||||||
switch (entry->cm_cert_storage_type) {
|
|
||||||
case cm_cert_storage_file:
|
|
||||||
ctype = "FILE";
|
|
||||||
@@ -91,6 +90,9 @@ main(int argc, char **argv)
|
|
||||||
case cm_cert_storage_nssdb:
|
|
||||||
ctype = "NSS";
|
|
||||||
break;
|
|
||||||
+ default:
|
|
||||||
+ ctype = "unknown";
|
|
||||||
+ break;
|
|
||||||
}
|
|
||||||
if (cm_certsave_conflict_subject(state) == 0) {
|
|
||||||
printf("Failed to save (%s:%s), "
|
|
||||||
--
|
|
||||||
2.14.4
|
|
||||||
|
|
@ -1,437 +0,0 @@
|
|||||||
From 3310a25181e94f5e05e671acc12d008cbac339ab Mon Sep 17 00:00:00 2001
|
|
||||||
From: Rob Crittenden <rcritten@redhat.com>
|
|
||||||
Date: Thu, 13 Sep 2018 15:50:53 -0400
|
|
||||||
Subject: [PATCH 12/17] clang: Memory leak
|
|
||||||
|
|
||||||
---
|
|
||||||
src/certmaster.c | 3 +++
|
|
||||||
src/certsave-o.c | 1 +
|
|
||||||
src/dogtag.c | 3 +++
|
|
||||||
src/ipa.c | 9 ++++++++-
|
|
||||||
src/local.c | 5 +++++
|
|
||||||
src/scep.c | 5 +++++
|
|
||||||
src/srvloc.c | 1 +
|
|
||||||
src/store-files.c | 2 +-
|
|
||||||
src/submit-x.c | 22 ++++++++++++++++++++++
|
|
||||||
src/util.c | 8 +++++++-
|
|
||||||
tests/tools/addcinfo.c | 3 +++
|
|
||||||
tests/tools/base2pem.c | 1 +
|
|
||||||
tests/tools/pem2base.c | 1 +
|
|
||||||
13 files changed, 61 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/certmaster.c b/src/certmaster.c
|
|
||||||
index 7e0bed90..4a5cf6af 100644
|
|
||||||
--- a/src/certmaster.c
|
|
||||||
+++ b/src/certmaster.c
|
|
||||||
@@ -160,6 +160,7 @@ main(int argc, const char **argv)
|
|
||||||
CM_SUBMIT_CSR_ENV);
|
|
||||||
}
|
|
||||||
poptPrintUsage(pctx, stdout, 0);
|
|
||||||
+ free(csr);
|
|
||||||
return CM_SUBMIT_STATUS_UNCONFIGURED;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -185,11 +186,13 @@ main(int argc, const char **argv)
|
|
||||||
if (ctx == NULL) {
|
|
||||||
fprintf(stderr, "Error setting up for XMLRPC.\n");
|
|
||||||
printf(_("Error setting up for XMLRPC.\n"));
|
|
||||||
+ free(csr);
|
|
||||||
return CM_SUBMIT_STATUS_UNCONFIGURED;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Add the CSR as the sole argument. */
|
|
||||||
cm_submit_x_add_arg_s(ctx, csr);
|
|
||||||
+ free(csr);
|
|
||||||
|
|
||||||
/* Submit the request. */
|
|
||||||
fprintf(stderr, "Submitting request to \"%s\".\n", uri);
|
|
||||||
diff --git a/src/certsave-o.c b/src/certsave-o.c
|
|
||||||
index 77f54d7e..3d4018d8 100644
|
|
||||||
--- a/src/certsave-o.c
|
|
||||||
+++ b/src/certsave-o.c
|
|
||||||
@@ -258,6 +258,7 @@ cm_certsave_o_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
|
||||||
if (bin != NULL) {
|
|
||||||
BN_bn2bin(bn, bin);
|
|
||||||
serial = cm_store_hex_from_bin(NULL, bin, BN_num_bytes(bn));
|
|
||||||
+ free(bin);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (serial != NULL) {
|
|
||||||
diff --git a/src/dogtag.c b/src/dogtag.c
|
|
||||||
index cd0b38b7..55607f3d 100644
|
|
||||||
--- a/src/dogtag.c
|
|
||||||
+++ b/src/dogtag.c
|
|
||||||
@@ -536,6 +536,7 @@ main(int argc, const char **argv)
|
|
||||||
CM_SUBMIT_CSR_ENV);
|
|
||||||
}
|
|
||||||
poptPrintUsage(pctx, stdout, 0);
|
|
||||||
+ free(csr);
|
|
||||||
return CM_SUBMIT_STATUS_UNCONFIGURED;
|
|
||||||
}
|
|
||||||
csr = cm_submit_u_url_encode(csr);
|
|
||||||
@@ -588,6 +589,8 @@ main(int argc, const char **argv)
|
|
||||||
params = talloc_asprintf(ctx,
|
|
||||||
"%s&%s=%s",
|
|
||||||
params, p, q);
|
|
||||||
+ free(p);
|
|
||||||
+ free(q);
|
|
||||||
}
|
|
||||||
use_agent_approval = FALSE;
|
|
||||||
break;
|
|
||||||
diff --git a/src/ipa.c b/src/ipa.c
|
|
||||||
index 67a0c651..acd1a4e2 100644
|
|
||||||
--- a/src/ipa.c
|
|
||||||
+++ b/src/ipa.c
|
|
||||||
@@ -226,6 +226,7 @@ cm_locate_xmlrpc_service(const char *server,
|
|
||||||
if (basedn == NULL) {
|
|
||||||
i = cm_find_default_naming_context(ld, &basedn);
|
|
||||||
if (i != 0) {
|
|
||||||
+ free(basedn);
|
|
||||||
return i;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@@ -526,6 +527,7 @@ fetch_roots(const char *server, int ldap_uri_cmd, const char *ldap_uri,
|
|
||||||
if (basedn == NULL) {
|
|
||||||
i = cm_find_default_naming_context(ld, &basedn);
|
|
||||||
if (i != 0) {
|
|
||||||
+ free(basedn);
|
|
||||||
return i;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@@ -802,6 +804,7 @@ main(int argc, const char **argv)
|
|
||||||
printf(_("Unable to read signing request from environment variable \"%s\".\n"),
|
|
||||||
CM_SUBMIT_CSR_ENV);
|
|
||||||
}
|
|
||||||
+ free(csr);
|
|
||||||
poptPrintUsage(pctx, stdout, 0);
|
|
||||||
return CM_SUBMIT_STATUS_UNCONFIGURED;
|
|
||||||
}
|
|
||||||
@@ -903,12 +906,16 @@ main(int argc, const char **argv)
|
|
||||||
|
|
||||||
if ((strcasecmp(mode, CM_OP_SUBMIT) == 0) ||
|
|
||||||
(strcasecmp(mode, CM_OP_POLL) == 0)) {
|
|
||||||
- return submit_or_poll(uri, cainfo, capath, server,
|
|
||||||
+ int ret;
|
|
||||||
+ ret = submit_or_poll(uri, cainfo, capath, server,
|
|
||||||
ldap_uri_cmd, ldap_uri, host, domain,
|
|
||||||
basedn, uid, pwd, csr, reqprinc, profile,
|
|
||||||
issuer);
|
|
||||||
+ free(csr);
|
|
||||||
+ return ret;
|
|
||||||
} else
|
|
||||||
if (strcasecmp(mode, CM_OP_FETCH_ROOTS) == 0) {
|
|
||||||
+ free(csr);
|
|
||||||
return fetch_roots(server, ldap_uri_cmd, ldap_uri, host,
|
|
||||||
uid, pwd, domain, basedn);
|
|
||||||
}
|
|
||||||
diff --git a/src/local.c b/src/local.c
|
|
||||||
index f437d62e..92bea144 100644
|
|
||||||
--- a/src/local.c
|
|
||||||
+++ b/src/local.c
|
|
||||||
@@ -559,6 +559,7 @@ main(int argc, const char **argv)
|
|
||||||
printf(_("Unable to read signing request.\n"));
|
|
||||||
cm_log(1, "Unable to read signing request.\n");
|
|
||||||
poptPrintUsage(pctx, stdout, 0);
|
|
||||||
+ free(csr);
|
|
||||||
return CM_SUBMIT_STATUS_UNCONFIGURED;
|
|
||||||
}
|
|
||||||
/* Take the lock. */
|
|
||||||
@@ -568,6 +569,7 @@ main(int argc, const char **argv)
|
|
||||||
&signer, &key);
|
|
||||||
if ((i != 0) || (signer == NULL)) {
|
|
||||||
cm_log(1, "Error reading signer info.\n");
|
|
||||||
+ free(csr);
|
|
||||||
/* Try again sometime later. */
|
|
||||||
return CM_SUBMIT_STATUS_UNREACHABLE;
|
|
||||||
}
|
|
||||||
@@ -577,11 +579,13 @@ main(int argc, const char **argv)
|
|
||||||
if ((fp == NULL) && (errno != ENOENT)) {
|
|
||||||
cm_log(1, "Error reading '%s': %s.\n", serial,
|
|
||||||
strerror(errno));
|
|
||||||
+ free(csr);
|
|
||||||
return CM_SUBMIT_STATUS_UNREACHABLE;
|
|
||||||
}
|
|
||||||
if (fp != NULL) {
|
|
||||||
if (fgets(buf, sizeof(buf), fp) == NULL) {
|
|
||||||
fclose(fp);
|
|
||||||
+ free(csr);
|
|
||||||
return CM_SUBMIT_STATUS_UNREACHABLE;
|
|
||||||
}
|
|
||||||
buf[strcspn(buf, "\r\n")] = '\0';
|
|
||||||
@@ -601,6 +605,7 @@ main(int argc, const char **argv)
|
|
||||||
/* Actually sign the request. */
|
|
||||||
i = cm_submit_o_sign(parent, csr, signer, key, hexserial,
|
|
||||||
now, 0, &cert);
|
|
||||||
+ free(csr);
|
|
||||||
if ((i == 0) && (cert != NULL)) {
|
|
||||||
/* Roll the serial number up. */
|
|
||||||
hexserial = cm_store_increment_serial(parent,
|
|
||||||
diff --git a/src/scep.c b/src/scep.c
|
|
||||||
index 72dff3d5..68eae788 100644
|
|
||||||
--- a/src/scep.c
|
|
||||||
+++ b/src/scep.c
|
|
||||||
@@ -338,6 +338,7 @@ main(int argc, const char **argv)
|
|
||||||
}
|
|
||||||
if (c != -1) {
|
|
||||||
poptPrintUsage(pctx, stdout, 0);
|
|
||||||
+ free(cainfo);
|
|
||||||
return CM_SUBMIT_STATUS_UNCONFIGURED;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -386,6 +387,7 @@ main(int argc, const char **argv)
|
|
||||||
}
|
|
||||||
if ((message == NULL) || (strlen(message) == 0)) {
|
|
||||||
printf(_("Error reading request. Expected PKCS7 data containing a GetInitialCert pkiMessage, got nothing.\n"));
|
|
||||||
+ free(cainfo);
|
|
||||||
return CM_SUBMIT_STATUS_NEED_SCEP_MESSAGES;
|
|
||||||
}
|
|
||||||
/* First step: read capabilities for our use. */
|
|
||||||
@@ -405,6 +407,7 @@ main(int argc, const char **argv)
|
|
||||||
}
|
|
||||||
if ((message == NULL) || (strlen(message) == 0)) {
|
|
||||||
printf(_("Error reading request. Expected PKCS7 data containing a PKCSReq pkiMessage, got nothing.\n"));
|
|
||||||
+ free(cainfo);
|
|
||||||
return CM_SUBMIT_STATUS_NEED_SCEP_MESSAGES;
|
|
||||||
}
|
|
||||||
/* First step: read capabilities for our use. */
|
|
||||||
@@ -416,6 +419,7 @@ main(int argc, const char **argv)
|
|
||||||
/* Supply help output, if it's needed. */
|
|
||||||
if (missing_args) {
|
|
||||||
poptPrintUsage(pctx, stdout, 0);
|
|
||||||
+ free(cainfo);
|
|
||||||
return CM_SUBMIT_STATUS_UNCONFIGURED;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -492,6 +496,7 @@ main(int argc, const char **argv)
|
|
||||||
verbose > 1 ?
|
|
||||||
cm_submit_h_curl_verbose_on :
|
|
||||||
cm_submit_h_curl_verbose_off);
|
|
||||||
+ free(cainfo);
|
|
||||||
cm_submit_h_run(hctx);
|
|
||||||
content_type = cm_submit_h_result_type(hctx);
|
|
||||||
if (content_type == NULL) {
|
|
||||||
diff --git a/src/srvloc.c b/src/srvloc.c
|
|
||||||
index acab55bf..e8f3f5a5 100644
|
|
||||||
--- a/src/srvloc.c
|
|
||||||
+++ b/src/srvloc.c
|
|
||||||
@@ -189,6 +189,7 @@ cm_srvloc_resolve(void *parent, const char *name, const char *udomain,
|
|
||||||
domain = strdup(udomain);
|
|
||||||
#endif
|
|
||||||
i = res_querydomain(name, domain, C_IN, T_SRV, answer, answer_len);
|
|
||||||
+ free(domain);
|
|
||||||
if (i == -1) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
diff --git a/src/store-files.c b/src/store-files.c
|
|
||||||
index df1fa336..b97ba5ff 100644
|
|
||||||
--- a/src/store-files.c
|
|
||||||
+++ b/src/store-files.c
|
|
||||||
@@ -558,8 +558,8 @@ cm_store_file_read_lines(void *parent, FILE *fp)
|
|
||||||
case ';':
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
+ free(buf);
|
|
||||||
}
|
|
||||||
- free(buf);
|
|
||||||
/* If we were reading a line, append it to the list. */
|
|
||||||
if (s != NULL) {
|
|
||||||
tlines = talloc_realloc(parent, lines, char *, n_lines + 2);
|
|
||||||
diff --git a/src/submit-x.c b/src/submit-x.c
|
|
||||||
index 60bcf78a..fa81e9aa 100644
|
|
||||||
--- a/src/submit-x.c
|
|
||||||
+++ b/src/submit-x.c
|
|
||||||
@@ -75,6 +75,8 @@ cm_submit_x_ccache_realm(char **msg)
|
|
||||||
ret = get_error_message(ctx, kret));
|
|
||||||
if (msg != NULL) {
|
|
||||||
*msg = ret;
|
|
||||||
+ } else {
|
|
||||||
+ free(ret);
|
|
||||||
}
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
@@ -84,6 +86,8 @@ cm_submit_x_ccache_realm(char **msg)
|
|
||||||
ret = get_error_message(ctx, kret));
|
|
||||||
if (msg != NULL) {
|
|
||||||
*msg = ret;
|
|
||||||
+ } else {
|
|
||||||
+ free(ret);
|
|
||||||
}
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
@@ -93,6 +97,8 @@ cm_submit_x_ccache_realm(char **msg)
|
|
||||||
ret = get_error_message(ctx, kret));
|
|
||||||
if (msg != NULL) {
|
|
||||||
*msg = ret;
|
|
||||||
+ } else {
|
|
||||||
+ free(ret);
|
|
||||||
}
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
@@ -139,6 +145,8 @@ cm_submit_x_make_ccache(const char *ktname, const char *principal, char **msg)
|
|
||||||
fprintf(stderr, "Error initializing Kerberos: %s.\n", ret);
|
|
||||||
if (msg != NULL) {
|
|
||||||
*msg = ret;
|
|
||||||
+ } else {
|
|
||||||
+ free(ret);
|
|
||||||
}
|
|
||||||
return kret;
|
|
||||||
}
|
|
||||||
@@ -152,6 +160,8 @@ cm_submit_x_make_ccache(const char *ktname, const char *principal, char **msg)
|
|
||||||
ret = get_error_message(ctx, kret));
|
|
||||||
if (msg != NULL) {
|
|
||||||
*msg = ret;
|
|
||||||
+ } else {
|
|
||||||
+ free(ret);
|
|
||||||
}
|
|
||||||
return kret;
|
|
||||||
}
|
|
||||||
@@ -163,6 +173,8 @@ cm_submit_x_make_ccache(const char *ktname, const char *principal, char **msg)
|
|
||||||
principal, ret = get_error_message(ctx, kret));
|
|
||||||
if (msg != NULL) {
|
|
||||||
*msg = ret;
|
|
||||||
+ } else {
|
|
||||||
+ free(ret);
|
|
||||||
}
|
|
||||||
return kret;
|
|
||||||
}
|
|
||||||
@@ -174,6 +186,8 @@ cm_submit_x_make_ccache(const char *ktname, const char *principal, char **msg)
|
|
||||||
ret = get_error_message(ctx, kret));
|
|
||||||
if (msg != NULL) {
|
|
||||||
*msg = ret;
|
|
||||||
+ } else {
|
|
||||||
+ free(ret);
|
|
||||||
}
|
|
||||||
return kret;
|
|
||||||
}
|
|
||||||
@@ -195,6 +209,8 @@ cm_submit_x_make_ccache(const char *ktname, const char *principal, char **msg)
|
|
||||||
ret = get_error_message(ctx, kret));
|
|
||||||
if (msg != NULL) {
|
|
||||||
*msg = ret;
|
|
||||||
+ } else {
|
|
||||||
+ free(ret);
|
|
||||||
}
|
|
||||||
return kret;
|
|
||||||
}
|
|
||||||
@@ -213,6 +229,8 @@ cm_submit_x_make_ccache(const char *ktname, const char *principal, char **msg)
|
|
||||||
ret = get_error_message(ctx, kret));
|
|
||||||
if (msg != NULL) {
|
|
||||||
*msg = ret;
|
|
||||||
+ } else {
|
|
||||||
+ free(ret);
|
|
||||||
}
|
|
||||||
return kret;
|
|
||||||
}
|
|
||||||
@@ -227,6 +245,8 @@ cm_submit_x_make_ccache(const char *ktname, const char *principal, char **msg)
|
|
||||||
ret = get_error_message(ctx, kret));
|
|
||||||
if (msg != NULL) {
|
|
||||||
*msg = ret;
|
|
||||||
+ } else {
|
|
||||||
+ free(ret);
|
|
||||||
}
|
|
||||||
return kret;
|
|
||||||
}
|
|
||||||
@@ -237,6 +257,8 @@ cm_submit_x_make_ccache(const char *ktname, const char *principal, char **msg)
|
|
||||||
ret = get_error_message(ctx, kret));
|
|
||||||
if (msg != NULL) {
|
|
||||||
*msg = ret;
|
|
||||||
+ } else {
|
|
||||||
+ free(ret);
|
|
||||||
}
|
|
||||||
return kret;
|
|
||||||
}
|
|
||||||
diff --git a/src/util.c b/src/util.c
|
|
||||||
index 67143d52..373bb533 100644
|
|
||||||
--- a/src/util.c
|
|
||||||
+++ b/src/util.c
|
|
||||||
@@ -98,7 +98,7 @@ read_config_file(const char *filename)
|
|
||||||
char *
|
|
||||||
get_config_entry(char * in_data, const char *section, const char *key)
|
|
||||||
{
|
|
||||||
- char *ptr = NULL, *p, *tmp;
|
|
||||||
+ char *ptr = NULL, *p, *tmp = NULL;
|
|
||||||
char *line;
|
|
||||||
int in_section = 0;
|
|
||||||
char * data = strdup(in_data);
|
|
||||||
@@ -129,9 +129,12 @@ get_config_entry(char * in_data, const char *section, const char *key)
|
|
||||||
}
|
|
||||||
if (strcmp(section, tmp) == 0) {
|
|
||||||
free(tmp);
|
|
||||||
+ tmp = NULL;
|
|
||||||
in_section = 1;
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
+ free(tmp);
|
|
||||||
+ tmp = NULL;
|
|
||||||
}
|
|
||||||
} /* [ */
|
|
||||||
|
|
||||||
@@ -145,8 +148,10 @@ get_config_entry(char * in_data, const char *section, const char *key)
|
|
||||||
tmp = strndup(line, p - line);
|
|
||||||
if (strcmp(key, tmp) != 0) {
|
|
||||||
free(tmp);
|
|
||||||
+ tmp = NULL;
|
|
||||||
} else {
|
|
||||||
free(tmp);
|
|
||||||
+ tmp = NULL;
|
|
||||||
|
|
||||||
/* Skip over any whitespace after the equal sign. */
|
|
||||||
line = strchr(line, '=');
|
|
||||||
@@ -168,5 +173,6 @@ get_config_entry(char * in_data, const char *section, const char *key)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
free(data);
|
|
||||||
+ free(tmp);
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
diff --git a/tests/tools/addcinfo.c b/tests/tools/addcinfo.c
|
|
||||||
index f016acb4..939005c2 100644
|
|
||||||
--- a/tests/tools/addcinfo.c
|
|
||||||
+++ b/tests/tools/addcinfo.c
|
|
||||||
@@ -86,6 +86,7 @@ main(int argc, char **argv)
|
|
||||||
if (enveloped == NULL) {
|
|
||||||
cm_log(0, "Internal error: %s.\n",
|
|
||||||
PR_ErrorToName(PORT_GetError()));
|
|
||||||
+ free(buffer);
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
ci.content_type = enveloped->oid;
|
|
||||||
@@ -96,6 +97,7 @@ main(int argc, char **argv)
|
|
||||||
content_info_template) != &encoded) {
|
|
||||||
cm_log(0, "Encoding error: %s.\n",
|
|
||||||
PR_ErrorToName(PORT_GetError()));
|
|
||||||
+ free(buffer);
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
j = 0;
|
|
||||||
@@ -105,5 +107,6 @@ main(int argc, char **argv)
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
+ free(buffer);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
diff --git a/tests/tools/base2pem.c b/tests/tools/base2pem.c
|
|
||||||
index 40e74201..31359684 100644
|
|
||||||
--- a/tests/tools/base2pem.c
|
|
||||||
+++ b/tests/tools/base2pem.c
|
|
||||||
@@ -76,5 +76,6 @@ main(int argc, const char **argv)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
printf("%s", cm_submit_u_pem_from_base64(type, dos, p));
|
|
||||||
+ free(p);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
diff --git a/tests/tools/pem2base.c b/tests/tools/pem2base.c
|
|
||||||
index 0607c162..bb686c0e 100644
|
|
||||||
--- a/tests/tools/pem2base.c
|
|
||||||
+++ b/tests/tools/pem2base.c
|
|
||||||
@@ -46,5 +46,6 @@ main(int argc, char **argv)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
printf("%s\n", cm_submit_u_base64_from_text(p));
|
|
||||||
+ free(p);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.14.4
|
|
||||||
|
|
@ -1,25 +0,0 @@
|
|||||||
From db0f835829b739cf843d44b08c22407194aadd71 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Rob Crittenden <rcritten@redhat.com>
|
|
||||||
Date: Thu, 13 Sep 2018 17:57:21 -0400
|
|
||||||
Subject: [PATCH 13/17] clang: Uninitialized initial value
|
|
||||||
|
|
||||||
---
|
|
||||||
src/submit-n.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/src/submit-n.c b/src/submit-n.c
|
|
||||||
index ee6f3105..b07ea23a 100644
|
|
||||||
--- a/src/submit-n.c
|
|
||||||
+++ b/src/submit-n.c
|
|
||||||
@@ -281,7 +281,7 @@ cm_submit_n_decrypt_envelope(const unsigned char *envelope,
|
|
||||||
PLArenaPool *arena = NULL;
|
|
||||||
SECStatus error;
|
|
||||||
NSSInitContext *ctx = NULL;
|
|
||||||
- PK11SlotInfo *slot;
|
|
||||||
+ PK11SlotInfo *slot = NULL;
|
|
||||||
PK11SlotList *slotlist = NULL;
|
|
||||||
PK11SlotListElement *sle;
|
|
||||||
SECKEYPrivateKeyList *keylist = NULL;
|
|
||||||
--
|
|
||||||
2.14.4
|
|
||||||
|
|
@ -1,99 +0,0 @@
|
|||||||
From 753d98b3e70f34a52caabbe8db30bf06fc917f38 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Rob Crittenden <rcritten@redhat.com>
|
|
||||||
Date: Thu, 13 Sep 2018 11:46:51 -0400
|
|
||||||
Subject: [PATCH 14/17] clang: Null pointer passed as an argument to a
|
|
||||||
'nonnull' parameter
|
|
||||||
|
|
||||||
---
|
|
||||||
src/certsave-n.c | 3 ++-
|
|
||||||
src/getcert.c | 7 ++++---
|
|
||||||
src/scep.c | 8 ++++----
|
|
||||||
src/submit-sn.c | 7 +++++--
|
|
||||||
4 files changed, 15 insertions(+), 10 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/certsave-n.c b/src/certsave-n.c
|
|
||||||
index 49b28324..972a1dfa 100644
|
|
||||||
--- a/src/certsave-n.c
|
|
||||||
+++ b/src/certsave-n.c
|
|
||||||
@@ -72,7 +72,8 @@ add_privkey_to_list(SECKEYPrivateKey **list, SECKEYPrivateKey *key)
|
|
||||||
if ((list == NULL) || (list[i] == NULL)) {
|
|
||||||
newlist = malloc(sizeof(newlist[0]) * (i + 2));
|
|
||||||
if (newlist != NULL) {
|
|
||||||
- memcpy(newlist, list, sizeof(newlist[0]) * i);
|
|
||||||
+ if (list != NULL)
|
|
||||||
+ memcpy(newlist, list, sizeof(newlist[0]) * i);
|
|
||||||
newlist[i] = key;
|
|
||||||
newlist[i + 1] = NULL;
|
|
||||||
list = newlist;
|
|
||||||
diff --git a/src/getcert.c b/src/getcert.c
|
|
||||||
index 6417cd44..ddb28de2 100644
|
|
||||||
--- a/src/getcert.c
|
|
||||||
+++ b/src/getcert.c
|
|
||||||
@@ -291,7 +291,8 @@ add_string(void *parent, char ***dest, const char *value)
|
|
||||||
printf(_("Out of memory.\n"));
|
|
||||||
exit(1);
|
|
||||||
}
|
|
||||||
- memcpy(tmp, *dest, sizeof(tmp[0]) * i);
|
|
||||||
+ if (*dest)
|
|
||||||
+ memcpy(tmp, *dest, sizeof(tmp[0]) * i);
|
|
||||||
tmp[i] = talloc_strdup(tmp, value);
|
|
||||||
i++;
|
|
||||||
tmp[i] = NULL;
|
|
||||||
@@ -1582,8 +1583,8 @@ add_basic_request(enum cm_tdbus_type bus, char *id,
|
|
||||||
{
|
|
||||||
DBusMessage *req, *rep;
|
|
||||||
int i;
|
|
||||||
- struct cm_tdbusm_dict param[28];
|
|
||||||
- const struct cm_tdbusm_dict *params[29];
|
|
||||||
+ struct cm_tdbusm_dict param[30];
|
|
||||||
+ const struct cm_tdbusm_dict *params[30];
|
|
||||||
dbus_bool_t b;
|
|
||||||
const char *capath;
|
|
||||||
char *p;
|
|
||||||
diff --git a/src/scep.c b/src/scep.c
|
|
||||||
index 68eae788..b0bd214b 100644
|
|
||||||
--- a/src/scep.c
|
|
||||||
+++ b/src/scep.c
|
|
||||||
@@ -793,8 +793,8 @@ main(int argc, const char **argv)
|
|
||||||
fprintf(stderr, "code_text = \"%s\"\n", cm_submit_h_result_code_text(hctx));
|
|
||||||
syslog(LOG_DEBUG, "%s %s?%s\n", "GET", url, params2);
|
|
||||||
}
|
|
||||||
- if (strcasecmp(content_type2,
|
|
||||||
- "application/x-x509-ca-cert") != 0) {
|
|
||||||
+ if ((content_type2 != NULL) && (strcasecmp(content_type2,
|
|
||||||
+ "application/x-x509-ca-cert") != 0)) {
|
|
||||||
if (verbose > 0) {
|
|
||||||
fprintf(stderr, "Content is not "
|
|
||||||
"\"application/x-x509-ca-cert\""
|
|
||||||
@@ -882,8 +882,8 @@ main(int argc, const char **argv)
|
|
||||||
break;
|
|
||||||
case op_get_cert_initial:
|
|
||||||
case op_pkcsreq:
|
|
||||||
- if (strcasecmp(content_type2,
|
|
||||||
- "application/x-pki-message") == 0) {
|
|
||||||
+ if ((content_type2 != NULL) && (strcasecmp(content_type2,
|
|
||||||
+ "application/x-pki-message") == 0)) {
|
|
||||||
memset(&cacerts, 0, sizeof(cacerts));
|
|
||||||
cacerts[0] = cacert ? cacert : racert;
|
|
||||||
cacerts[1] = cacert ? racert : NULL;
|
|
||||||
diff --git a/src/submit-sn.c b/src/submit-sn.c
|
|
||||||
index e9c62b22..ecd78dc0 100644
|
|
||||||
--- a/src/submit-sn.c
|
|
||||||
+++ b/src/submit-sn.c
|
|
||||||
@@ -258,8 +258,11 @@ cm_submit_sn_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
|
||||||
/* Allocate space for one more extension. */
|
|
||||||
extensions = PORT_ArenaZAlloc(arena, (i + 2) * sizeof(extensions[0]));
|
|
||||||
if (extensions != NULL) {
|
|
||||||
- memcpy(extensions, ucert->extensions,
|
|
||||||
- i * sizeof(extensions[0]));
|
|
||||||
+ if (i != 0) {
|
|
||||||
+ /* Note that C99 says copy of 0 items is ok, quieting clang */
|
|
||||||
+ memcpy(extensions, ucert->extensions,
|
|
||||||
+ i * sizeof(extensions[0]));
|
|
||||||
+ }
|
|
||||||
if (found_basic) {
|
|
||||||
extensions[i] = NULL;
|
|
||||||
} else {
|
|
||||||
--
|
|
||||||
2.14.4
|
|
||||||
|
|
@ -1,24 +0,0 @@
|
|||||||
From 9e44680dbd207cef48beb7598114ea59aa457055 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Rob Crittenden <rcritten@redhat.com>
|
|
||||||
Date: Fri, 14 Sep 2018 16:15:23 -0400
|
|
||||||
Subject: [PATCH 15/17] clang: Dead increment
|
|
||||||
|
|
||||||
---
|
|
||||||
src/store-gen.c | 1 -
|
|
||||||
1 file changed, 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/src/store-gen.c b/src/store-gen.c
|
|
||||||
index da32afc8..653767a1 100644
|
|
||||||
--- a/src/store-gen.c
|
|
||||||
+++ b/src/store-gen.c
|
|
||||||
@@ -363,7 +363,6 @@ cm_store_time_from_timestamp(const char *timestamp)
|
|
||||||
buf[2] = '\0';
|
|
||||||
stamp.tm_min = atoi(buf);
|
|
||||||
memcpy(buf, timestamp + i, 2);
|
|
||||||
- i += 2;
|
|
||||||
buf[2] = '\0';
|
|
||||||
stamp.tm_sec = atoi(buf);
|
|
||||||
t = timegm(&stamp);
|
|
||||||
--
|
|
||||||
2.14.4
|
|
||||||
|
|
@ -1,83 +0,0 @@
|
|||||||
From 319858127df42c1a95b9b3282705c90ecd6754a5 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Rob Crittenden <rcritten@redhat.com>
|
|
||||||
Date: Fri, 14 Sep 2018 16:16:55 -0400
|
|
||||||
Subject: [PATCH 16/17] clang: Dereference of null pointer
|
|
||||||
|
|
||||||
---
|
|
||||||
src/tdbush.c | 56 +++++++++++++++++++++++++++++---------------------------
|
|
||||||
1 file changed, 29 insertions(+), 27 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/tdbush.c b/src/tdbush.c
|
|
||||||
index 3184e67a..d1bbe4da 100644
|
|
||||||
--- a/src/tdbush.c
|
|
||||||
+++ b/src/tdbush.c
|
|
||||||
@@ -3655,37 +3655,39 @@ request_modify(DBusConnection *conn, DBusMessage *msg,
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
- if (d[i] == NULL) {
|
|
||||||
- new_request_path = talloc_asprintf(parent, "%s/%s",
|
|
||||||
- CM_DBUS_REQUEST_PATH,
|
|
||||||
- entry->cm_busname);
|
|
||||||
- if ((n_propname > 0) &&
|
|
||||||
- (n_propname + 1 < sizeof(propname) / sizeof(propname[0]))) {
|
|
||||||
- propname[n_propname] = NULL;
|
|
||||||
- cm_tdbush_property_emit_changed(ctx, new_request_path,
|
|
||||||
- CM_DBUS_REQUEST_INTERFACE,
|
|
||||||
- propname);
|
|
||||||
- }
|
|
||||||
- cm_tdbusm_set_bp(rep,
|
|
||||||
- cm_restart_entry(ctx,
|
|
||||||
- entry->cm_nickname),
|
|
||||||
- new_request_path);
|
|
||||||
- dbus_connection_send(conn, rep, NULL);
|
|
||||||
- dbus_message_unref(rep);
|
|
||||||
- talloc_free(new_request_path);
|
|
||||||
- return DBUS_HANDLER_RESULT_HANDLED;
|
|
||||||
- } else {
|
|
||||||
- dbus_message_unref(rep);
|
|
||||||
- rep = dbus_message_new_error(msg,
|
|
||||||
- CM_DBUS_ERROR_REQUEST_BAD_ARG,
|
|
||||||
- _("Unrecognized parameter or wrong value type."));
|
|
||||||
- if (rep != NULL) {
|
|
||||||
- cm_tdbusm_set_s(rep, d[i]->key);
|
|
||||||
+ if (d != NULL) {
|
|
||||||
+ if (d[i] == NULL) {
|
|
||||||
+ new_request_path = talloc_asprintf(parent, "%s/%s",
|
|
||||||
+ CM_DBUS_REQUEST_PATH,
|
|
||||||
+ entry->cm_busname);
|
|
||||||
+ if ((n_propname > 0) &&
|
|
||||||
+ (n_propname + 1 < sizeof(propname) / sizeof(propname[0]))) {
|
|
||||||
+ propname[n_propname] = NULL;
|
|
||||||
+ cm_tdbush_property_emit_changed(ctx, new_request_path,
|
|
||||||
+ CM_DBUS_REQUEST_INTERFACE,
|
|
||||||
+ propname);
|
|
||||||
+ }
|
|
||||||
+ cm_tdbusm_set_bp(rep,
|
|
||||||
+ cm_restart_entry(ctx,
|
|
||||||
+ entry->cm_nickname),
|
|
||||||
+ new_request_path);
|
|
||||||
dbus_connection_send(conn, rep, NULL);
|
|
||||||
dbus_message_unref(rep);
|
|
||||||
+ talloc_free(new_request_path);
|
|
||||||
return DBUS_HANDLER_RESULT_HANDLED;
|
|
||||||
+ } else {
|
|
||||||
+ dbus_message_unref(rep);
|
|
||||||
+ rep = dbus_message_new_error(msg,
|
|
||||||
+ CM_DBUS_ERROR_REQUEST_BAD_ARG,
|
|
||||||
+ _("Unrecognized parameter or wrong value type."));
|
|
||||||
+ if (rep != NULL) {
|
|
||||||
+ cm_tdbusm_set_s(rep, d[i]->key);
|
|
||||||
+ dbus_connection_send(conn, rep, NULL);
|
|
||||||
+ dbus_message_unref(rep);
|
|
||||||
+ return DBUS_HANDLER_RESULT_HANDLED;
|
|
||||||
+ }
|
|
||||||
+ return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
|
|
||||||
}
|
|
||||||
- return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
|
|
||||||
--
|
|
||||||
2.14.4
|
|
||||||
|
|
@ -1,26 +0,0 @@
|
|||||||
From f17b7c0a22f4d49dca001d984673046e133577d1 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Rob Crittenden <rcritten@redhat.com>
|
|
||||||
Date: Fri, 14 Sep 2018 16:41:19 -0400
|
|
||||||
Subject: [PATCH 17/17] Add missing case for cm_prefs_aes192
|
|
||||||
|
|
||||||
---
|
|
||||||
src/prefs-o.c | 3 +++
|
|
||||||
1 file changed, 3 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/src/prefs-o.c b/src/prefs-o.c
|
|
||||||
index 64542f85..ac68164d 100644
|
|
||||||
--- a/src/prefs-o.c
|
|
||||||
+++ b/src/prefs-o.c
|
|
||||||
@@ -75,6 +75,9 @@ cm_prefs_ossl_cipher_by_pref(enum cm_prefs_cipher cipher)
|
|
||||||
case cm_prefs_aes128:
|
|
||||||
return EVP_aes_128_cbc();
|
|
||||||
break;
|
|
||||||
+ case cm_prefs_aes192:
|
|
||||||
+ return EVP_aes_192_cbc();
|
|
||||||
+ break;
|
|
||||||
case cm_prefs_aes256:
|
|
||||||
return EVP_aes_256_cbc();
|
|
||||||
break;
|
|
||||||
--
|
|
||||||
2.14.4
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
|||||||
From 20d569b57edf2f859aeb48d32bbb91801a45fb91 Mon Sep 17 00:00:00 2001
|
From 3dee8044adf134462fadb2b135cc965227f1fab9 Mon Sep 17 00:00:00 2001
|
||||||
From: Rob Crittenden <rcritten@redhat.com>
|
From: Rob Crittenden <rcritten@redhat.com>
|
||||||
Date: Mon, 8 Oct 2018 12:48:41 -0400
|
Date: Mon, 8 Oct 2018 12:48:41 -0400
|
||||||
Subject: [PATCH 18/26] clang: more Dead assignment
|
Subject: [PATCH 18/25] clang: more Dead assignment
|
||||||
|
|
||||||
---
|
---
|
||||||
src/submit-x.c | 5 ++---
|
src/submit-x.c | 5 ++---
|
||||||
@ -37,5 +37,5 @@ index cb0a8ad7..a81b5349 100644
|
|||||||
dbus_error_init(error);
|
dbus_error_init(error);
|
||||||
}
|
}
|
||||||
--
|
--
|
||||||
2.14.4
|
2.21.0
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
From 83a701de85a6b22cc5ad3cec8cb2ddb54d0b2aae Mon Sep 17 00:00:00 2001
|
From 0dc90f1783981ac11c3c067c40df88d6315911a6 Mon Sep 17 00:00:00 2001
|
||||||
From: Rob Crittenden <rcritten@redhat.com>
|
From: Rob Crittenden <rcritten@redhat.com>
|
||||||
Date: Mon, 8 Oct 2018 12:53:57 -0400
|
Date: Mon, 8 Oct 2018 12:53:57 -0400
|
||||||
Subject: [PATCH 19/26] clang: more Memory leaks
|
Subject: [PATCH 19/25] clang: more Memory leaks
|
||||||
|
|
||||||
Fix leaks in tests/tools/addcinfo.c, dogtag.c and submit-x.c
|
Fix leaks in tests/tools/addcinfo.c, dogtag.c and submit-x.c
|
||||||
---
|
---
|
||||||
@ -317,5 +317,5 @@ index 939005c2..e34612a5 100644
|
|||||||
n += i;
|
n += i;
|
||||||
}
|
}
|
||||||
--
|
--
|
||||||
2.14.4
|
2.21.0
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
From e9f16cf50ab3438a6e9ea50669854c93c8a399f2 Mon Sep 17 00:00:00 2001
|
From 6b14979cdb7a177e7c5567faa67449dd1365c1b9 Mon Sep 17 00:00:00 2001
|
||||||
From: Rob Crittenden <rcritten@redhat.com>
|
From: Rob Crittenden <rcritten@redhat.com>
|
||||||
Date: Mon, 8 Oct 2018 13:16:08 -0400
|
Date: Mon, 8 Oct 2018 13:16:08 -0400
|
||||||
Subject: [PATCH 20/26] clang: Avoid buffer overflow
|
Subject: [PATCH 20/25] clang: Avoid buffer overflow
|
||||||
|
|
||||||
This shouldn't be possible because the caller would never allow
|
This shouldn't be possible because the caller would never allow
|
||||||
it all to be passed in but quiet static analyzers.
|
it all to be passed in but quiet static analyzers.
|
||||||
@ -25,5 +25,5 @@ index 0d527ab0..bbc45479 100644
|
|||||||
char **anchor_dbs = NULL, **anchor_files = NULL;
|
char **anchor_dbs = NULL, **anchor_files = NULL;
|
||||||
char *id = NULL, *new_id = NULL, *new_request;
|
char *id = NULL, *new_id = NULL, *new_request;
|
||||||
--
|
--
|
||||||
2.14.4
|
2.21.0
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
From bfe2b956c1a9f83bd3d998924788942716767a65 Mon Sep 17 00:00:00 2001
|
From 3727376f8654f9e1dd88b1f9721124f9fc96ad0a Mon Sep 17 00:00:00 2001
|
||||||
From: Rob Crittenden <rcritten@redhat.com>
|
From: Rob Crittenden <rcritten@redhat.com>
|
||||||
Date: Mon, 8 Oct 2018 14:44:05 -0400
|
Date: Mon, 8 Oct 2018 14:44:05 -0400
|
||||||
Subject: [PATCH 21/26] clang: Garbage value possible
|
Subject: [PATCH 21/25] clang: Garbage value possible
|
||||||
|
|
||||||
Need to add guard so that error was only considered if the
|
Need to add guard so that error was only considered if the
|
||||||
certificate was decodable and an import was attempted.
|
certificate was decodable and an import was attempted.
|
||||||
@ -39,5 +39,5 @@ index 972a1dfa..30e242c1 100644
|
|||||||
es = PR_ErrorToName(ec);
|
es = PR_ErrorToName(ec);
|
||||||
} else {
|
} else {
|
||||||
--
|
--
|
||||||
2.14.4
|
2.21.0
|
||||||
|
|
||||||
|
@ -1,19 +1,19 @@
|
|||||||
From a5fef9f676334c6b373f9739a2687dc64ad2c0c0 Mon Sep 17 00:00:00 2001
|
From a5c7484a00b378290069ab57c1f2e52719cc91c0 Mon Sep 17 00:00:00 2001
|
||||||
From: Rob Crittenden <rcritten@redhat.com>
|
From: Rob Crittenden <rcritten@redhat.com>
|
||||||
Date: Mon, 8 Oct 2018 14:48:43 -0400
|
Date: Mon, 8 Oct 2018 14:48:43 -0400
|
||||||
Subject: [PATCH 22/26] Uninitialized variable
|
Subject: [PATCH 22/25] Uninitialized variable
|
||||||
|
|
||||||
---
|
---
|
||||||
src/csrgen-o.c | 2 +-
|
src/csrgen-o.c | 2 +-
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
diff --git a/src/csrgen-o.c b/src/csrgen-o.c
|
diff --git a/src/csrgen-o.c b/src/csrgen-o.c
|
||||||
index 55b0a598..7ca7065d 100644
|
index 402284ff..41b4f014 100644
|
||||||
--- a/src/csrgen-o.c
|
--- a/src/csrgen-o.c
|
||||||
+++ b/src/csrgen-o.c
|
+++ b/src/csrgen-o.c
|
||||||
@@ -94,7 +94,7 @@ cm_csrgen_o_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
@@ -181,7 +181,7 @@ cm_csrgen_o_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
|
||||||
BIGNUM *serialbn;
|
BIGNUM *serialbn;
|
||||||
char buf[LINE_MAX], *p, *q, *s, *nickname, *pin, *password, *filename;
|
char buf[LINE_MAX], *s, *nickname, *pin, *password, *filename;
|
||||||
unsigned char *extensions, *upassword, *bmp, *name, *up, *uq, md[CM_DIGEST_MAX];
|
unsigned char *extensions, *upassword, *bmp, *name, *up, *uq, md[CM_DIGEST_MAX];
|
||||||
- char *spkidec, *mcb64, *nows;
|
- char *spkidec, *mcb64, *nows;
|
||||||
+ char *spkidec = NULL, *mcb64, *nows;
|
+ char *spkidec = NULL, *mcb64, *nows;
|
||||||
@ -21,5 +21,5 @@ index 55b0a598..7ca7065d 100644
|
|||||||
const unsigned char *nametmp;
|
const unsigned char *nametmp;
|
||||||
struct tm *now;
|
struct tm *now;
|
||||||
--
|
--
|
||||||
2.14.4
|
2.21.0
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
From b0766cfdfd8bbac9109a2846c6ac3802e60cb56f Mon Sep 17 00:00:00 2001
|
From 432f843ffbc0bc0b14c0501b26a10e450c5b5fcc Mon Sep 17 00:00:00 2001
|
||||||
From: Rob Crittenden <rcritten@redhat.com>
|
From: Rob Crittenden <rcritten@redhat.com>
|
||||||
Date: Mon, 8 Oct 2018 15:43:02 -0400
|
Date: Mon, 8 Oct 2018 15:43:02 -0400
|
||||||
Subject: [PATCH 23/26] merge into clang: more Memory leaks
|
Subject: [PATCH 23/25] merge into clang: more Memory leaks
|
||||||
|
|
||||||
---
|
---
|
||||||
src/getcert.c | 2 +-
|
src/getcert.c | 2 +-
|
||||||
@ -35,5 +35,5 @@ index 58d007ef..467e67e4 100644
|
|||||||
if (ctx) {
|
if (ctx) {
|
||||||
const char *msg = krb5_get_error_message(ctx, kcode);
|
const char *msg = krb5_get_error_message(ctx, kcode);
|
||||||
--
|
--
|
||||||
2.14.4
|
2.21.0
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
From daaca020810962c568caa49514f5159e1592aaf0 Mon Sep 17 00:00:00 2001
|
From d610317f69687d0c6892209d3cb6e3c407af4d86 Mon Sep 17 00:00:00 2001
|
||||||
From: Rob Crittenden <rcritten@redhat.com>
|
From: Rob Crittenden <rcritten@redhat.com>
|
||||||
Date: Mon, 8 Oct 2018 15:44:07 -0400
|
Date: Mon, 8 Oct 2018 15:44:07 -0400
|
||||||
Subject: [PATCH 24/26] Add missing return type declaration
|
Subject: [PATCH 24/25] Add missing return type declaration
|
||||||
|
|
||||||
---
|
---
|
||||||
src/tdbush.c | 1 +
|
src/tdbush.c | 1 +
|
||||||
@ -20,5 +20,5 @@ index d1bbe4da..a10a1aff 100644
|
|||||||
struct cm_client_info *ci, struct cm_context *ctx)
|
struct cm_client_info *ci, struct cm_context *ctx)
|
||||||
{
|
{
|
||||||
--
|
--
|
||||||
2.14.4
|
2.21.0
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
From b12dfc9d43128f05b7e0b9e83c2a6100f808fe94 Mon Sep 17 00:00:00 2001
|
From c16545915ab280e40eefc6bfb4e86d081f20c758 Mon Sep 17 00:00:00 2001
|
||||||
From: Rob Crittenden <rcritten@redhat.com>
|
From: Rob Crittenden <rcritten@redhat.com>
|
||||||
Date: Mon, 8 Oct 2018 15:46:50 -0400
|
Date: Mon, 8 Oct 2018 15:46:50 -0400
|
||||||
Subject: [PATCH 25/26] Discards const qualifier
|
Subject: [PATCH 25/25] Discards const qualifier
|
||||||
|
|
||||||
---
|
---
|
||||||
src/dogtag.c | 3 ++-
|
src/dogtag.c | 3 ++-
|
||||||
@ -39,5 +39,5 @@ index b0bd214b..b37711cf 100644
|
|||||||
char *message = NULL, *rekey_message = NULL;
|
char *message = NULL, *rekey_message = NULL;
|
||||||
const char *mode = NULL, *content_type = NULL, *content_type2 = NULL;
|
const char *mode = NULL, *content_type = NULL, *content_type2 = NULL;
|
||||||
--
|
--
|
||||||
2.14.4
|
2.21.0
|
||||||
|
|
||||||
|
@ -1,28 +0,0 @@
|
|||||||
From f1a328159d46149513e32950284e5dd33525e8e1 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Rob Crittenden <rcritten@redhat.com>
|
|
||||||
Date: Mon, 8 Oct 2018 15:57:35 -0400
|
|
||||||
Subject: [PATCH 26/26] Add missing case for cm_prefs_aes192
|
|
||||||
|
|
||||||
---
|
|
||||||
src/prefs.c | 5 +++++
|
|
||||||
1 file changed, 5 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/src/prefs.c b/src/prefs.c
|
|
||||||
index ab363bbc..20e2ecf8 100644
|
|
||||||
--- a/src/prefs.c
|
|
||||||
+++ b/src/prefs.c
|
|
||||||
@@ -102,6 +102,11 @@ cm_prefs_preferred_cipher(void)
|
|
||||||
free(cipher);
|
|
||||||
return cm_prefs_aes128;
|
|
||||||
}
|
|
||||||
+ if ((strcasecmp(cipher, "aes192") == 0) ||
|
|
||||||
+ (strcasecmp(cipher, "aes-192") == 0)) {
|
|
||||||
+ free(cipher);
|
|
||||||
+ return cm_prefs_aes192;
|
|
||||||
+ }
|
|
||||||
if ((strcasecmp(cipher, "aes256") == 0) ||
|
|
||||||
(strcasecmp(cipher, "aes-256") == 0)) {
|
|
||||||
free(cipher);
|
|
||||||
--
|
|
||||||
2.14.4
|
|
||||||
|
|
@ -8,8 +8,8 @@
|
|||||||
%global sysvinitdir %{_initddir}
|
%global sysvinitdir %{_initddir}
|
||||||
|
|
||||||
Name: certmonger
|
Name: certmonger
|
||||||
Version: 0.79.6
|
Version: 0.79.7
|
||||||
Release: 5%{?dist}
|
Release: 3%{?dist}
|
||||||
Summary: Certificate status monitor and PKI enrollment client
|
Summary: Certificate status monitor and PKI enrollment client
|
||||||
|
|
||||||
Group: System Environment/Daemons
|
Group: System Environment/Daemons
|
||||||
@ -51,6 +51,7 @@ BuildRequires: /usr/bin/which
|
|||||||
BuildRequires: popt-devel
|
BuildRequires: popt-devel
|
||||||
# for make check
|
# for make check
|
||||||
BuildRequires: python3-devel
|
BuildRequires: python3-devel
|
||||||
|
BuildRequires: krb5-devel
|
||||||
|
|
||||||
# we need a running system bus
|
# we need a running system bus
|
||||||
Requires: dbus
|
Requires: dbus
|
||||||
@ -81,21 +82,6 @@ Requires(preun): /sbin/chkconfig, /sbin/service, dbus, sed
|
|||||||
|
|
||||||
Patch1: 0001-NSS-crypto-policy-sets-minimum-RSA-and-DSA-key-size-.patch
|
Patch1: 0001-NSS-crypto-policy-sets-minimum-RSA-and-DSA-key-size-.patch
|
||||||
Patch2: 0002-Convert-tests-to-use-python3.patch
|
Patch2: 0002-Convert-tests-to-use-python3.patch
|
||||||
Patch3: 0003-Use-the-correct-slot-when-saving-certificates-in-NSS.patch
|
|
||||||
Patch4: 0004-Include-the-token-name-when-a-PIN-is-provided-but-is.patch
|
|
||||||
Patch5: 0005-Add-utility-function-to-get-the-internal-token-name.patch
|
|
||||||
Patch6: 0006-Only-de-duplicate-certificates-within-the-same-token.patch
|
|
||||||
Patch7: 0007-Ensure-that-an-OpenSSL-random-seed-file-exists-when-.patch
|
|
||||||
Patch8: 0008-Log-test-failures-of-bad-pin.patch
|
|
||||||
Patch9: 0009-Use-only-PK11_ImportCert-to-import-certs-not-CERT_Im.patch
|
|
||||||
Patch10: 0010-Fix-memory-leak-in-util_internal_token_name.patch
|
|
||||||
Patch11: 0011-clang-Dead-assignment.patch
|
|
||||||
Patch12: 0012-clang-Memory-leak.patch
|
|
||||||
Patch13: 0013-clang-Uninitialized-initial-value.patch
|
|
||||||
Patch14: 0014-clang-Null-pointer-passed-as-an-argument-to-a-nonnul.patch
|
|
||||||
Patch15: 0015-clang-Dead-increment.patch
|
|
||||||
Patch16: 0016-clang-Dereference-of-null-pointer.patch
|
|
||||||
Patch17: 0017-Add-missing-case-for-cm_prefs_aes192.patch
|
|
||||||
Patch18: 0018-clang-more-Dead-assignment.patch
|
Patch18: 0018-clang-more-Dead-assignment.patch
|
||||||
Patch19: 0019-clang-more-Memory-leaks.patch
|
Patch19: 0019-clang-more-Memory-leaks.patch
|
||||||
Patch20: 0020-clang-Avoid-buffer-overflow.patch
|
Patch20: 0020-clang-Avoid-buffer-overflow.patch
|
||||||
@ -104,7 +90,6 @@ Patch22: 0022-Uninitialized-variable.patch
|
|||||||
Patch23: 0023-merge-into-clang-more-Memory-leaks.patch
|
Patch23: 0023-merge-into-clang-more-Memory-leaks.patch
|
||||||
Patch24: 0024-Add-missing-return-type-declaration.patch
|
Patch24: 0024-Add-missing-return-type-declaration.patch
|
||||||
Patch25: 0025-Discards-const-qualifier.patch
|
Patch25: 0025-Discards-const-qualifier.patch
|
||||||
Patch26: 0026-Add-missing-case-for-cm_prefs_aes192.patch
|
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Certmonger is a service which is primarily concerned with getting your
|
Certmonger is a service which is primarily concerned with getting your
|
||||||
@ -114,21 +99,6 @@ system enrolled with a certificate authority (CA) and keeping it enrolled.
|
|||||||
%setup -q
|
%setup -q
|
||||||
%patch1 -p1
|
%patch1 -p1
|
||||||
%patch2 -p1
|
%patch2 -p1
|
||||||
%patch3 -p1
|
|
||||||
%patch4 -p1
|
|
||||||
%patch5 -p1
|
|
||||||
%patch6 -p1
|
|
||||||
%patch7 -p1
|
|
||||||
%patch8 -p1
|
|
||||||
%patch9 -p1
|
|
||||||
%patch10 -p1
|
|
||||||
%patch11 -p1
|
|
||||||
%patch12 -p1
|
|
||||||
%patch13 -p1
|
|
||||||
%patch14 -p1
|
|
||||||
%patch15 -p1
|
|
||||||
%patch16 -p1
|
|
||||||
%patch17 -p1
|
|
||||||
%patch18 -p1
|
%patch18 -p1
|
||||||
%patch19 -p1
|
%patch19 -p1
|
||||||
%patch20 -p1
|
%patch20 -p1
|
||||||
@ -137,7 +107,6 @@ system enrolled with a certificate authority (CA) and keeping it enrolled.
|
|||||||
%patch23 -p1
|
%patch23 -p1
|
||||||
%patch24 -p1
|
%patch24 -p1
|
||||||
%patch25 -p1
|
%patch25 -p1
|
||||||
%patch26 -p1
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
autoreconf -i -f
|
autoreconf -i -f
|
||||||
@ -264,6 +233,15 @@ exit 0
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue May 14 2019 Rob Crittenden <rcritten@redhat.com> - 0.79.7-3
|
||||||
|
- Rebuild for new annobin (#1708095)
|
||||||
|
|
||||||
|
* Fri May 10 2019 Rob Crittenden <rcritten@redhat.com> - 0.79.7-2
|
||||||
|
- Rebuild for new annobin (#1708095)
|
||||||
|
|
||||||
|
* Thu May 9 2019 Alexander Bokovoy <abokovoy@redhat.com> - 0.79.7-1
|
||||||
|
- Rebase to 0.79.7 (#1708095)
|
||||||
|
|
||||||
* Mon Oct 8 2018 Rob Crittenden <rcritten@redhat.com> - 0.79.6-5
|
* Mon Oct 8 2018 Rob Crittenden <rcritten@redhat.com> - 0.79.6-5
|
||||||
- Address more issues uncovered by static analysis (#1632449)
|
- Address more issues uncovered by static analysis (#1632449)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user