Rebase to 0.25.9
Resolves: RHEL-115454 Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
This commit is contained in:
Zoltan Fridrich
parent
f2b58a768c
commit
01aa4fd06f
2
.gitignore
vendored
2
.gitignore
vendored
@ -46,3 +46,5 @@
|
||||
/p11-kit-0.25.3.tar.xz.sig
|
||||
/p11-kit-0.25.5.tar.xz
|
||||
/p11-kit-0.25.5.tar.xz.sig
|
||||
/p11-kit-0.25.9.tar.xz
|
||||
/p11-kit-0.25.9.tar.xz.sig
|
||||
|
||||
@ -1,73 +0,0 @@
|
||||
From a8b94642dbe6d52aa7a7805fbb60b64c4cfd7245 Mon Sep 17 00:00:00 2001
|
||||
From: Zoltan Fridrich <zfridric@redhat.com>
|
||||
Date: Thu, 3 Oct 2024 11:34:14 +0200
|
||||
Subject: [PATCH] trust: don't create file names longer then 255
|
||||
|
||||
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
||||
---
|
||||
trust/save.c | 19 ++++++++++++++++---
|
||||
1 file changed, 16 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/trust/save.c b/trust/save.c
|
||||
index 057a9c5e3..acabcbf6d 100644
|
||||
--- a/trust/save.c
|
||||
+++ b/trust/save.c
|
||||
@@ -61,6 +61,8 @@
|
||||
#define O_DIRECTORY 0
|
||||
#endif
|
||||
|
||||
+#define MAX_FILE_NAME 255
|
||||
+
|
||||
struct _p11_save_file {
|
||||
char *bare;
|
||||
char *extension;
|
||||
@@ -414,12 +416,23 @@ make_unique_name (const char *bare,
|
||||
p11_buffer buf;
|
||||
int ret;
|
||||
int i;
|
||||
+ int bare_len, ext_len, diff;
|
||||
|
||||
assert (bare != NULL);
|
||||
assert (check != NULL);
|
||||
|
||||
p11_buffer_init_null (&buf, 0);
|
||||
|
||||
+ /*
|
||||
+ * Make sure the name will not be longer then MAX_FILE_NAME
|
||||
+ */
|
||||
+ bare_len = strlen (bare);
|
||||
+ ext_len = extension ? strlen (extension) : 0;
|
||||
+ diff = bare_len + ext_len + sizeof (unique) - MAX_FILE_NAME;
|
||||
+ if (diff > 0)
|
||||
+ bare_len -= diff;
|
||||
+ return_val_if_fail (bare_len > 0, NULL);
|
||||
+
|
||||
for (i = 0; true; i++) {
|
||||
|
||||
p11_buffer_reset (&buf, 64);
|
||||
@@ -431,7 +444,7 @@ make_unique_name (const char *bare,
|
||||
* provided by the caller.
|
||||
*/
|
||||
case 0:
|
||||
- p11_buffer_add (&buf, bare, -1);
|
||||
+ p11_buffer_add (&buf, bare, bare_len);
|
||||
break;
|
||||
|
||||
/*
|
||||
@@ -448,14 +461,14 @@ make_unique_name (const char *bare,
|
||||
/* fall through */
|
||||
|
||||
default:
|
||||
- p11_buffer_add (&buf, bare, -1);
|
||||
+ p11_buffer_add (&buf, bare, bare_len);
|
||||
snprintf (unique, sizeof (unique), ".%d", i);
|
||||
p11_buffer_add (&buf, unique, -1);
|
||||
break;
|
||||
}
|
||||
|
||||
if (extension)
|
||||
- p11_buffer_add (&buf, extension, -1);
|
||||
+ p11_buffer_add (&buf, extension, ext_len);
|
||||
|
||||
return_val_if_fail (p11_buffer_ok (&buf), NULL);
|
||||
|
||||
36
p11-kit.spec
36
p11-kit.spec
@ -1,5 +1,5 @@
|
||||
# This spec file has been automatically updated
|
||||
Version: 0.25.5
|
||||
Version: 0.25.9
|
||||
Release: %{?autorelease}%{!?autorelease:1%{?dist}}
|
||||
Name: p11-kit
|
||||
Summary: Library for loading and sharing PKCS#11 modules
|
||||
@ -12,8 +12,6 @@ Source2: https://p11-glue.github.io/p11-glue/p11-kit/p11-kit-release-keyr
|
||||
Source3: trust-extract-compat
|
||||
Source4: p11-kit-client.service
|
||||
|
||||
Patch: p11-kit-0.25.5-trust-file-length.patch
|
||||
|
||||
BuildRequires: gcc
|
||||
BuildRequires: libtasn1-devel >= 2.3
|
||||
BuildRequires: libffi-devel
|
||||
@ -21,7 +19,7 @@ BuildRequires: gettext
|
||||
BuildRequires: gtk-doc
|
||||
BuildRequires: meson
|
||||
BuildRequires: systemd-devel
|
||||
BuildRequires: bash-completion
|
||||
BuildRequires: pkgconfig(bash-completion)
|
||||
# Work around for https://bugzilla.redhat.com/show_bug.cgi?id=1497147
|
||||
# Remove this once it is fixed
|
||||
BuildRequires: pkgconfig(glib-2.0)
|
||||
@ -56,9 +54,21 @@ The %{name}-trust package contains a system trust PKCS#11 module which
|
||||
contains certificate anchors and blocklists.
|
||||
|
||||
|
||||
%package server
|
||||
Summary: Server and client commands for %{name}
|
||||
%package client
|
||||
Summary: Client module from %{name}
|
||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||
Obsoletes: %{name}-server < 0.25.5-8
|
||||
|
||||
%description client
|
||||
The %{name}-client package contains a PKCS#11 module that enables
|
||||
accessing other PKCS#11 modules over a Unix domain socket. Note that
|
||||
this feature is still experimental.
|
||||
|
||||
|
||||
%package server
|
||||
Summary: Server command for %{name}
|
||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||
Obsoletes: %{name}-server < 0.25.5-8
|
||||
|
||||
%description server
|
||||
The %{name}-server package contains command line tools that enable to
|
||||
@ -81,7 +91,7 @@ gpgv2 --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
|
||||
%autosetup -p1
|
||||
|
||||
%build
|
||||
# These paths are the source paths that come from the plan here:
|
||||
# These paths are the source paths that come from the plan here:
|
||||
# https://fedoraproject.org/wiki/Features/SharedSystemCertificates:SubTasks
|
||||
%meson -Dgtk_doc=true -Dman=true -Dtrust_paths=%{_sysconfdir}/pki/ca-trust/source:%{_datadir}/pki/ca-trust-source
|
||||
%meson_build
|
||||
@ -102,12 +112,12 @@ install -p -m 644 %{SOURCE4} $RPM_BUILD_ROOT%{_userunitdir}
|
||||
|
||||
|
||||
%post trust
|
||||
%{_sbindir}/alternatives --install %{_libdir}/libnssckbi.so %{alt_ckbi} %{_libdir}/pkcs11/p11-kit-trust.so 30
|
||||
alternatives --install %{_libdir}/libnssckbi.so %{alt_ckbi} %{_libdir}/pkcs11/p11-kit-trust.so 30
|
||||
|
||||
%postun trust
|
||||
if [ $1 -eq 0 ] ; then
|
||||
# package removal
|
||||
%{_sbindir}/alternatives --remove %{alt_ckbi} %{_libdir}/pkcs11/p11-kit-trust.so
|
||||
alternatives --remove %{alt_ckbi} %{_libdir}/pkcs11/p11-kit-trust.so
|
||||
fi
|
||||
|
||||
|
||||
@ -120,6 +130,7 @@ fi
|
||||
%dir %{_sysconfdir}/pkcs11/modules
|
||||
%dir %{_datadir}/p11-kit
|
||||
%dir %{_datadir}/p11-kit/modules
|
||||
%dir %{_libdir}/pkcs11
|
||||
%dir %{_libexecdir}/p11-kit
|
||||
%{_bindir}/p11-kit
|
||||
%{_libdir}/libp11-kit.so.*
|
||||
@ -129,6 +140,7 @@ fi
|
||||
%{_mandir}/man8/p11-kit.8.gz
|
||||
%{_mandir}/man5/pkcs11.conf.5.gz
|
||||
%{_datadir}/bash-completion/completions/p11-kit
|
||||
%{_datadir}/zsh/site-functions/_p11-kit
|
||||
|
||||
%files devel
|
||||
%{_includedir}/p11-kit-1/
|
||||
@ -138,16 +150,18 @@ fi
|
||||
|
||||
%files trust
|
||||
%{_bindir}/trust
|
||||
%dir %{_libdir}/pkcs11
|
||||
%ghost %{_libdir}/libnssckbi.so
|
||||
%{_libdir}/pkcs11/p11-kit-trust.so
|
||||
%{_datadir}/p11-kit/modules/p11-kit-trust.module
|
||||
%{_libexecdir}/p11-kit/trust-extract-compat
|
||||
%{_datadir}/bash-completion/completions/trust
|
||||
%{_datadir}/zsh/site-functions/_trust
|
||||
|
||||
%files server
|
||||
%files client
|
||||
%{_libdir}/pkcs11/p11-kit-client.so
|
||||
%{_userunitdir}/p11-kit-client.service
|
||||
|
||||
%files server
|
||||
%{_libexecdir}/p11-kit/p11-kit-server
|
||||
%{_userunitdir}/p11-kit-server.service
|
||||
%{_userunitdir}/p11-kit-server.socket
|
||||
|
||||
6
sources
6
sources
@ -1,3 +1,3 @@
|
||||
SHA512 (p11-kit-0.25.5.tar.xz) = 177ec6ff5eb891901078306dce2bf3f5c1a0e5c2a8c493bdf5a08ae1ff1240fdf6952961e973c373f80ac3d1d5a9927e07f4da49e4ff92269d992e744889fc94
|
||||
SHA512 (p11-kit-0.25.5.tar.xz.sig) = 2be5aa4ccbb889e32aed88fc1f7926c3ccaadc90cc6b15a187358c812eee4ce1712068d1f271766ac51366112c0619aad46cff345ed2edd009fb2fe7fb804493
|
||||
SHA512 (p11-kit-release-keyring.gpg) = 9a832a8ac3a139cbbf1ecb66573f0709847ebfef4975777cf82b4dca09af1ad8e6400f0af0bcdb92860e7ed4fc05082ba1edda0238a21fe24d49555a1069e881
|
||||
SHA512 (p11-kit-0.25.9.tar.xz) = 5a079c4d362af5b6f37ebf5e4bea56a44983976a311b82121fd2f3dac6efabe9df2f2b639327940dbb192dd136c866b5860781def5feca88fd467659143a1a3e
|
||||
SHA512 (p11-kit-0.25.9.tar.xz.sig) = 9d787aab01b3647d35d814cebd15ce790646ce58a15a2ac2def080d78dc91a011a53adaa37ceefe36fd45d5da35e7c5a2d206bd1a8e935e5f5437e10afec9a65
|
||||
SHA512 (p11-kit-release-keyring.gpg) = f7e0dc5147820100727f52b00aa863175449c5f370a24c83cda49a3a25b74ecf9913ff535bbb90d64b38512a51fadb6886ef0c18aa976c6aacb1385da3128d69
|
||||
|
||||
Loading…
Reference in New Issue
Block a user