From 2ce0b769d558f02eb918781fd3651ffc99270907 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 12 Jan 2021 08:11:51 +0000 Subject: [PATCH] import p11-kit-0.23.22-1.el8 --- .gitignore | 2 +- .p11-kit.metadata | 2 +- SOURCES/p11-kit-0.23.21.tar.xz.sig | Bin 580 -> 0 bytes SOURCES/p11-kit-0.23.22.tar.xz.sig | Bin 0 -> 580 bytes SOURCES/p11-kit-anchor-persist.patch | 34 --- SOURCES/p11-kit-dt-needed.patch | 42 ++++ SOURCES/p11-kit-invalid-config.patch | 331 --------------------------- SOURCES/p11-kit-realloc-zero.patch | 107 --------- SPECS/p11-kit.spec | 14 +- 9 files changed, 53 insertions(+), 479 deletions(-) delete mode 100644 SOURCES/p11-kit-0.23.21.tar.xz.sig create mode 100644 SOURCES/p11-kit-0.23.22.tar.xz.sig delete mode 100644 SOURCES/p11-kit-anchor-persist.patch create mode 100644 SOURCES/p11-kit-dt-needed.patch delete mode 100644 SOURCES/p11-kit-invalid-config.patch delete mode 100644 SOURCES/p11-kit-realloc-zero.patch diff --git a/.gitignore b/.gitignore index f395ec7..f181ddb 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ SOURCES/gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg -SOURCES/p11-kit-0.23.21.tar.xz +SOURCES/p11-kit-0.23.22.tar.xz diff --git a/.p11-kit.metadata b/.p11-kit.metadata index 48f5635..4e41b67 100644 --- a/.p11-kit.metadata +++ b/.p11-kit.metadata @@ -1,2 +1,2 @@ 526f07b62624739ba318a171bab3352af91d0134 SOURCES/gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg -5c550cc2a192d5a3ede74862b22ef0b139c911a4 SOURCES/p11-kit-0.23.21.tar.xz +339e5163ed50a9984a74739b9207ea8cd77fa7e2 SOURCES/p11-kit-0.23.22.tar.xz diff --git a/SOURCES/p11-kit-0.23.21.tar.xz.sig b/SOURCES/p11-kit-0.23.21.tar.xz.sig deleted file mode 100644 index 599cbcaa3741c94c3a9d29bc587112fd8766580a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 580 zcmV-K0=xZ*0zm`-0SEvq79j*iA|=DLZ#0LW$VqJ01%!^*=9qB>0$)4lW(^#5Wo~ak zXKr;aZ*pe<3JDO_1%!^*=9qCQI1m7hc(H3e;!Y_DBJY%${o|@-V0{K>DH!U>SvW3k zmY;{Me^f&~pb=8EC--wOvv7gJQrl$FjZ6##)UWg8dz2C=84YYr{TR*-^-*=KJO#)J z`ja@4Sl97t5}CeXWJ3HdUj`jtrUnvLO&_mqj>J(s9)V0V34mP;t}GlTEe#cYb*p8Q zJ-{IZqpC|1lj`ZGqhD}a{;jX-fA1Lwc@A}N1QIM}HSTDVdb$pTKGj))8Lro3A^d3y z+VPkjrXqITVuy#RZM0Xsv})hcs*7c;X6m5`83CoVK7)JL+{>L`0_RlQ_Dbw}(NC}4 zeNPQYf!!cD_rlF2g~Vlq^7(PUT#0?BjVDz5&{dwpt--VB!}d{Dk5bSHS}Kx%Ve_7$ z*8%xi2?WKAj&Ae^8P~TIC$!{Bzp{^^C|A-pucX%B^zDsQBQ<0kaXH3o zvj>3xHp3I1OLTJ-3>BNsnVS~ru?NI_A~IW9Vtk6_X8@Y(r>!`p!bO4zk=0H1ZiK0$%}}C%`sX#k z@+EO&X5M!|dst(0s5|j5m1?1%0~dJ`75%cn3J#s=x=}o1hsqG&!AGl(hlLx07ZB6p zX^{axJG#awb}+EUx;PXz?{6idTYHZLv}TmG@> z(W`r-gPNK=pF4l})bSf{<_QJQ+Q7p*#q+fCSP@s5EeuqXn|x)J5PcnZ^V8NQCUC}z zckYB6Rl!(biwMPzMwFZ~^=L&`-(f7ZxY_<trH*LCoj-nr+1ROgzJI_YQg+o#?FtlO@J#aWiAT9>PZ29zN7%qwJ8eV+g%FOc0@ zT9W8O6&5X5wDgoxl*+tugScihD|p#TPFd)hKrqgA=O0ZE(`hlkT_mj7a!0wWfMdI literal 0 HcmV?d00001 diff --git a/SOURCES/p11-kit-anchor-persist.patch b/SOURCES/p11-kit-anchor-persist.patch deleted file mode 100644 index e99e974..0000000 --- a/SOURCES/p11-kit-anchor-persist.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 1d79c02be61874cd4598d60c18331e2d70228a40 Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Fri, 6 Nov 2020 17:46:28 +0100 -Subject: [PATCH] anchor: Prefer persistent format when storing anchor - -When a new certificate is stored with "trust anchor --store" from a -.p11-kit file, the command treated it as a PEM file, while it should -preserve extra fields in the file. ---- - trust/anchor.c | 7 ++++--- - trust/test-extract.sh | 27 ++++++++++++++++++++++++--- - 2 files changed, 28 insertions(+), 6 deletions(-) - -diff --git a/trust/anchor.c b/trust/anchor.c -index fab9cf6..5ba5065 100644 ---- a/trust/anchor.c -+++ b/trust/anchor.c -@@ -64,9 +64,10 @@ create_arg_file_parser (void) - return_val_if_fail (parser != NULL, NULL); - - p11_parser_formats (parser, -- p11_parser_format_x509, -- p11_parser_format_pem, -- NULL); -+ p11_parser_format_persist, -+ p11_parser_format_x509, -+ p11_parser_format_pem, -+ NULL); - - return parser; - } --- -2.26.2 - diff --git a/SOURCES/p11-kit-dt-needed.patch b/SOURCES/p11-kit-dt-needed.patch new file mode 100644 index 0000000..9c07b87 --- /dev/null +++ b/SOURCES/p11-kit-dt-needed.patch @@ -0,0 +1,42 @@ +From a91266ef087532e2332c75c4fd9244df66f30b64 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Fri, 18 Dec 2020 13:37:10 +0100 +Subject: [PATCH] meson: Link trust/client modules explicitly to -ldl + +This adds the -ldl link flag missing in the meson build, but present +in the autotools build. Although the use-case is unlikely, this +allows those modules to be linked as a normal shared library to a +program. +--- + p11-kit/meson.build | 1 + + trust/meson.build | 2 +- + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/p11-kit/meson.build b/p11-kit/meson.build +index 7d57cd7..02147a9 100644 +--- a/p11-kit/meson.build ++++ b/p11-kit/meson.build +@@ -92,6 +92,7 @@ if host_system != 'windows' + 'client.c', 'client-init.c', + name_prefix: '', + include_directories: [configinc, commoninc], ++ dependencies: dlopen_deps, + link_args: p11_module_ldflags, + link_depends: [p11_module_symbol_map, + p11_module_symbol_def], +diff --git a/trust/meson.build b/trust/meson.build +index 482a3c1..d4a8e15 100644 +--- a/trust/meson.build ++++ b/trust/meson.build +@@ -56,7 +56,7 @@ shared_module('p11-kit-trust', + 'module-init.c', + name_prefix: '', + c_args: p11_kit_trust_c_args, +- dependencies: [asn_h_dep, libp11_library_dep] + libtasn1_deps, ++ dependencies: [asn_h_dep, libp11_library_dep] + dlopen_deps + libtasn1_deps, + link_args: p11_module_ldflags, + link_depends: [p11_module_symbol_map, + p11_module_symbol_def], +-- +2.29.2 + diff --git a/SOURCES/p11-kit-invalid-config.patch b/SOURCES/p11-kit-invalid-config.patch deleted file mode 100644 index d0f84df..0000000 --- a/SOURCES/p11-kit-invalid-config.patch +++ /dev/null @@ -1,331 +0,0 @@ -From de661c41a1e7e52296c91b9caa0bff8e4885c751 Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Thu, 22 Oct 2020 14:06:53 +0200 -Subject: [PATCH 1/4] common: Fix infloop in p11_path_build - -If p11_path_build is called with 2 or more arguments and the non-first -argument is an empty string (""), it previously fell into an infloop. - -Reported by Karel Srot. ---- - common/path.c | 4 +++- - common/test-path.c | 4 ++++ - 2 files changed, 7 insertions(+), 1 deletion(-) - -diff --git a/common/path.c b/common/path.c -index 17a6230..53d394f 100644 ---- a/common/path.c -+++ b/common/path.c -@@ -241,8 +241,10 @@ p11_path_build (const char *path, - num--; - - if (at != 0) { -- if (num == 0) -+ if (num == 0) { -+ path = va_arg (va, const char *); - continue; -+ } - built[at++] = delim; - } - -diff --git a/common/test-path.c b/common/test-path.c -index 2eb5444..f137a0c 100644 ---- a/common/test-path.c -+++ b/common/test-path.c -@@ -88,6 +88,8 @@ static void - test_build (void) - { - #ifdef OS_UNIX -+ assert_str_eq_free ("/root", -+ p11_path_build ("/root", "", NULL)); - assert_str_eq_free ("/root/second", - p11_path_build ("/root", "second", NULL)); - assert_str_eq_free ("/root/second", -@@ -99,6 +101,8 @@ test_build (void) - assert_str_eq_free ("/root/second/third", - p11_path_build ("/root", "/second/third", NULL)); - #else /* OS_WIN32 */ -+ assert_str_eq_free ("C:\\root", -+ p11_path_build ("C:\\root", "", NULL)); - assert_str_eq_free ("C:\\root\\second", - p11_path_build ("C:\\root", "second", NULL)); - assert_str_eq_free ("C:\\root\\second", --- -2.26.2 - - -From 1eac9a1c41828d5da4b640746e0002c7ab964e8e Mon Sep 17 00:00:00 2001 -From: Alexander Sosedkin -Date: Tue, 27 Oct 2020 11:08:53 +0100 -Subject: [PATCH 2/4] Remove more duplicate separators in p11_path_build - -Makes p11_path_build remove duplicate separators more thoroughly, -e.g., after a "" or in the first argument. ---- - common/path.c | 26 +++++++++++++++++++------- - common/test-path.c | 22 ++++++++++++++++++++++ - 2 files changed, 41 insertions(+), 7 deletions(-) - -diff --git a/common/path.c b/common/path.c -index 53d394f..0ad176c 100644 ---- a/common/path.c -+++ b/common/path.c -@@ -94,15 +94,21 @@ p11_path_base (const char *path) - } - - static inline bool --is_path_component_or_null (char ch) -+is_path_component (char ch) - { -- return (ch == '\0' || ch == '/' -+ return (ch == '/' - #ifdef OS_WIN32 - || ch == '\\' - #endif - ); - } - -+static inline bool -+is_path_component_or_null (char ch) -+{ -+ return is_path_component (ch) || ch == '\0'; -+} -+ - static char * - expand_homedir (const char *remainder) - { -@@ -235,6 +241,15 @@ p11_path_build (const char *path, - while (path != NULL) { - num = strlen (path); - -+ /* Trim beginning of path */ -+ while (is_path_component (path[0])) { -+ /* But preserve the leading path component */ -+ if (!at && !is_path_component (path[1])) -+ break; -+ path++; -+ num--; -+ } -+ - /* Trim end of the path */ - until = (at > 0) ? 0 : 1; - while (num > until && is_path_component_or_null (path[num - 1])) -@@ -245,7 +260,8 @@ p11_path_build (const char *path, - path = va_arg (va, const char *); - continue; - } -- built[at++] = delim; -+ if (built[at - 1] != delim) -+ built[at++] = delim; - } - - assert (at + num < len); -@@ -253,10 +269,6 @@ p11_path_build (const char *path, - at += num; - - path = va_arg (va, const char *); -- -- /* Trim beginning of path */ -- while (path && path[0] && is_path_component_or_null (path[0])) -- path++; - } - va_end (va); - -diff --git a/common/test-path.c b/common/test-path.c -index f137a0c..cf4a8e3 100644 ---- a/common/test-path.c -+++ b/common/test-path.c -@@ -88,6 +88,16 @@ static void - test_build (void) - { - #ifdef OS_UNIX -+ assert_str_eq_free ("/", -+ p11_path_build ("/", NULL)); -+ assert_str_eq_free ("/", -+ p11_path_build ("", "//", NULL)); -+ assert_str_eq_free ("/root", -+ p11_path_build ("///root///", NULL)); -+ assert_str_eq_free ("/root", -+ p11_path_build ("/", "root", NULL)); -+ assert_str_eq_free ("/root", -+ p11_path_build ("", "/root", NULL)); - assert_str_eq_free ("/root", - p11_path_build ("/root", "", NULL)); - assert_str_eq_free ("/root/second", -@@ -96,11 +106,19 @@ test_build (void) - p11_path_build ("/root", "/second", NULL)); - assert_str_eq_free ("/root/second", - p11_path_build ("/root/", "second", NULL)); -+ assert_str_eq_free ("/root/second", -+ p11_path_build ("/root//", "//second/", NULL)); -+ assert_str_eq_free ("/root/second", -+ p11_path_build ("/root//", "", "//second/", NULL)); - assert_str_eq_free ("/root/second/third", - p11_path_build ("/root", "second", "third", NULL)); - assert_str_eq_free ("/root/second/third", - p11_path_build ("/root", "/second/third", NULL)); - #else /* OS_WIN32 */ -+ assert_str_eq_free ("C:\\root", -+ p11_path_build ("C:\\", "root", NULL)); -+ assert_str_eq_free ("C:\\root", -+ p11_path_build ("", "C:\\root", NULL)); - assert_str_eq_free ("C:\\root", - p11_path_build ("C:\\root", "", NULL)); - assert_str_eq_free ("C:\\root\\second", -@@ -109,6 +127,10 @@ test_build (void) - p11_path_build ("C:\\root", "\\second", NULL)); - assert_str_eq_free ("C:\\root\\second", - p11_path_build ("C:\\root\\", "second", NULL)); -+ assert_str_eq_free ("C:\\root\\second", -+ p11_path_build ("C:\\root\\\\", "\\\\second", NULL)); -+ assert_str_eq_free ("C:\\root\\second", -+ p11_path_build ("C:\\root\\\\", "", "\\\\second", NULL)); - assert_str_eq_free ("C:\\root\\second\\third", - p11_path_build ("C:\\root", "second", "third", NULL)); - assert_str_eq_free ("C:\\root\\second/third", --- -2.26.2 - - -From e5a1f444b7d299e77dd57862f3cc5783e697a10e Mon Sep 17 00:00:00 2001 -From: Alexander Sosedkin -Date: Tue, 27 Oct 2020 13:33:34 +0100 -Subject: [PATCH 3/4] Use is_path_component in one more place - ---- - common/path.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/common/path.c b/common/path.c -index 0ad176c..8f57ec6 100644 ---- a/common/path.c -+++ b/common/path.c -@@ -119,7 +119,7 @@ expand_homedir (const char *remainder) - return NULL; - } - -- while (remainder[0] && is_path_component_or_null (remainder[0])) -+ while (is_path_component (remainder[0])) - remainder++; - if (remainder[0] == '\0') - remainder = NULL; --- -2.26.2 - - -From ce66cf00b6b207c1d452af23cb062ca0adf57dac Mon Sep 17 00:00:00 2001 -From: Alexander Sosedkin -Date: Tue, 27 Oct 2020 16:01:32 +0100 -Subject: [PATCH 4/4] Rename is_path_component to is_path_separator - -Thanks to Daiki Ueno for noticing the misnaming. ---- - common/path.c | 26 +++++++++++++------------- - 1 file changed, 13 insertions(+), 13 deletions(-) - -diff --git a/common/path.c b/common/path.c -index 8f57ec6..d0d1893 100644 ---- a/common/path.c -+++ b/common/path.c -@@ -94,7 +94,7 @@ p11_path_base (const char *path) - } - - static inline bool --is_path_component (char ch) -+is_path_separator (char ch) - { - return (ch == '/' - #ifdef OS_WIN32 -@@ -104,9 +104,9 @@ is_path_component (char ch) - } - - static inline bool --is_path_component_or_null (char ch) -+is_path_separator_or_null (char ch) - { -- return is_path_component (ch) || ch == '\0'; -+ return is_path_separator (ch) || ch == '\0'; - } - - static char * -@@ -119,7 +119,7 @@ expand_homedir (const char *remainder) - return NULL; - } - -- while (is_path_component (remainder[0])) -+ while (is_path_separator (remainder[0])) - remainder++; - if (remainder[0] == '\0') - remainder = NULL; -@@ -127,7 +127,7 @@ expand_homedir (const char *remainder) - /* Expand $XDG_CONFIG_HOME */ - if (remainder != NULL && - strncmp (remainder, ".config", 7) == 0 && -- is_path_component_or_null (remainder[7])) { -+ is_path_separator_or_null (remainder[7])) { - env = getenv ("XDG_CONFIG_HOME"); - if (env && env[0]) - return p11_path_build (env, remainder + 8, NULL); -@@ -180,7 +180,7 @@ p11_path_expand (const char *path) - return_val_if_fail (path != NULL, NULL); - - if (strncmp (path, "~", 1) == 0 && -- is_path_component_or_null (path[1])) { -+ is_path_separator_or_null (path[1])) { - return expand_homedir (path + 1); - - } else { -@@ -242,9 +242,9 @@ p11_path_build (const char *path, - num = strlen (path); - - /* Trim beginning of path */ -- while (is_path_component (path[0])) { -+ while (is_path_separator (path[0])) { - /* But preserve the leading path component */ -- if (!at && !is_path_component (path[1])) -+ if (!at && !is_path_separator (path[1])) - break; - path++; - num--; -@@ -252,7 +252,7 @@ p11_path_build (const char *path, - - /* Trim end of the path */ - until = (at > 0) ? 0 : 1; -- while (num > until && is_path_component_or_null (path[num - 1])) -+ while (num > until && is_path_separator_or_null (path[num - 1])) - num--; - - if (at != 0) { -@@ -288,17 +288,17 @@ p11_path_parent (const char *path) - - /* Find the end of the last component */ - e = path + strlen (path); -- while (e != path && is_path_component_or_null (*e)) -+ while (e != path && is_path_separator_or_null (*e)) - e--; - - /* Find the beginning of the last component */ -- while (e != path && !is_path_component_or_null (*e)) { -+ while (e != path && !is_path_separator_or_null (*e)) { - had = true; - e--; - } - - /* Find the end of the last component */ -- while (e != path && is_path_component_or_null (*e)) -+ while (e != path && is_path_separator_or_null (*e)) - e--; - - if (e == path) { -@@ -327,7 +327,7 @@ p11_path_prefix (const char *string, - - return a > b && - strncmp (string, prefix, b) == 0 && -- is_path_component_or_null (string[b]); -+ is_path_separator_or_null (string[b]); - } - - void --- -2.26.2 - diff --git a/SOURCES/p11-kit-realloc-zero.patch b/SOURCES/p11-kit-realloc-zero.patch deleted file mode 100644 index ad0fa42..0000000 --- a/SOURCES/p11-kit-realloc-zero.patch +++ /dev/null @@ -1,107 +0,0 @@ -From 08fcec713c1d3038f706d049910bd13a8c811fb5 Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Mon, 5 Oct 2020 08:49:48 +0200 -Subject: [PATCH 1/2] build: Use calloc in a consistent manner - ---- - common/dict.c | 6 +++--- - p11-kit/proxy.c | 4 ++-- - 2 files changed, 5 insertions(+), 5 deletions(-) - -diff --git a/common/dict.c b/common/dict.c -index b7ab00d..62a7816 100644 ---- a/common/dict.c -+++ b/common/dict.c -@@ -122,7 +122,7 @@ lookup_or_create_bucket (p11_dict *dict, - return bucketp; - - /* add a new entry for non-NULL val */ -- (*bucketp) = calloc (sizeof (dictbucket), 1); -+ (*bucketp) = calloc (1, sizeof (dictbucket)); - - if (*bucketp != NULL) { - (*bucketp)->key = (void*)key; -@@ -175,7 +175,7 @@ p11_dict_set (p11_dict *dict, - /* check that the collision rate isn't too high */ - if (dict->num_items > dict->num_buckets) { - num_buckets = dict->num_buckets * 2 + 1; -- new_buckets = (dictbucket **)calloc (sizeof (dictbucket *), num_buckets); -+ new_buckets = (dictbucket **)calloc (num_buckets, sizeof (dictbucket *)); - - /* Ignore failures, maybe we can expand later */ - if(new_buckets) { -@@ -283,7 +283,7 @@ p11_dict_new (p11_dict_hasher hash_func, - dict->value_destroy_func = value_destroy_func; - - dict->num_buckets = 9; -- dict->buckets = (dictbucket **)calloc (sizeof (dictbucket *), dict->num_buckets); -+ dict->buckets = (dictbucket **)calloc (dict->num_buckets, sizeof (dictbucket *)); - if (!dict->buckets) { - free (dict); - return NULL; -diff --git a/p11-kit/proxy.c b/p11-kit/proxy.c -index 97c9b09..d70462a 100644 ---- a/p11-kit/proxy.c -+++ b/p11-kit/proxy.c -@@ -265,7 +265,7 @@ proxy_list_slots (Proxy *py, Mapping *mappings, unsigned int n_mappings) - /* Ask module for its slots */ - rv = (funcs->C_GetSlotList) (FALSE, NULL, &count); - if (rv == CKR_OK && count) { -- slots = calloc (sizeof (CK_SLOT_ID), count); -+ slots = calloc (count, sizeof (CK_SLOT_ID)); - rv = (funcs->C_GetSlotList) (FALSE, slots, &count); - } - -@@ -756,7 +756,7 @@ proxy_C_CloseAllSessions (CK_X_FUNCTION_LIST *self, - rv = CKR_CRYPTOKI_NOT_INITIALIZED; - } else { - assert (state->px->sessions != NULL); -- to_close = calloc (sizeof (CK_SESSION_HANDLE), p11_dict_size (state->px->sessions)); -+ to_close = calloc (p11_dict_size (state->px->sessions), sizeof (CK_SESSION_HANDLE)); - if (!to_close) { - rv = CKR_HOST_MEMORY; - } else { --- -2.26.2 - - -From 0a1263a41d4c482f50aa5c4643f9de38fda44bbd Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Mon, 5 Oct 2020 08:52:52 +0200 -Subject: [PATCH 2/2] proxy: C_CloseAllSessions: Make sure that calloc args are - non-zero - -This prevents efence warning if either of the calloc arguments is -zero. While it is is safe on glibc systems, POSIX says the behavior -is implementation-defined. - -Reported by Paul Wouters. ---- - p11-kit/proxy.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/p11-kit/proxy.c b/p11-kit/proxy.c -index d70462a..df18ac0 100644 ---- a/p11-kit/proxy.c -+++ b/p11-kit/proxy.c -@@ -744,7 +744,7 @@ proxy_C_CloseAllSessions (CK_X_FUNCTION_LIST *self, - CK_SLOT_ID id) - { - State *state = (State *)self; -- CK_SESSION_HANDLE_PTR to_close; -+ CK_SESSION_HANDLE_PTR to_close = NULL; - CK_RV rv = CKR_OK; - Session *sess; - CK_ULONG i, count = 0; -@@ -756,7 +756,7 @@ proxy_C_CloseAllSessions (CK_X_FUNCTION_LIST *self, - rv = CKR_CRYPTOKI_NOT_INITIALIZED; - } else { - assert (state->px->sessions != NULL); -- to_close = calloc (p11_dict_size (state->px->sessions), sizeof (CK_SESSION_HANDLE)); -+ to_close = calloc (p11_dict_size (state->px->sessions) + 1, sizeof (CK_SESSION_HANDLE)); - if (!to_close) { - rv = CKR_HOST_MEMORY; - } else { --- -2.26.2 - diff --git a/SPECS/p11-kit.spec b/SPECS/p11-kit.spec index a396d35..7d0e73b 100644 --- a/SPECS/p11-kit.spec +++ b/SPECS/p11-kit.spec @@ -1,6 +1,6 @@ # This spec file has been automatically updated -Version: 0.23.21 -Release: 4%{?dist} +Version: 0.23.22 +Release: 1%{?dist} Name: p11-kit Summary: Library for loading and sharing PKCS#11 modules @@ -12,9 +12,7 @@ Source2: gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg Source3: trust-extract-compat Source4: p11-kit-client.service -Patch1: p11-kit-invalid-config.patch -Patch2: p11-kit-realloc-zero.patch -Patch3: p11-kit-anchor-persist.patch +Patch1: p11-kit-dt-needed.patch BuildRequires: gcc BuildRequires: libtasn1-devel >= 2.3 @@ -29,6 +27,7 @@ BuildRequires: bash-completion # Remove this once it is fixed BuildRequires: pkgconfig(glib-2.0) BuildRequires: gnupg2 +BuildRequires: /usr/bin/xsltproc %description p11-kit provides a way to load and enumerate PKCS#11 modules, as well @@ -156,6 +155,11 @@ fi %changelog +* Mon Jan 11 2021 Daiki Ueno - 0.23.22-1 +- Rebase to 0.23.22 to fix memory safety issues (CVE-2020-29361, CVE-2020-29362, and CVE-2020-29363) +- Preserve DT_NEEDED information from the previous version, flagged by rpmdiff +- Add xsltproc to BR + * Tue Nov 10 2020 Daiki Ueno - 0.23.21-4 - Fix realloc usage on proxy cleanup (#1894979) - Make 'trust anchor --store' preserve all attributes from .p11-kit files