import p11-kit-0.23.22-1.el8
This commit is contained in:
parent
33d1549ffc
commit
2ce0b769d5
|
@ -1,2 +1,2 @@
|
||||||
SOURCES/gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg
|
SOURCES/gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg
|
||||||
SOURCES/p11-kit-0.23.21.tar.xz
|
SOURCES/p11-kit-0.23.22.tar.xz
|
||||||
|
|
|
@ -1,2 +1,2 @@
|
||||||
526f07b62624739ba318a171bab3352af91d0134 SOURCES/gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg
|
526f07b62624739ba318a171bab3352af91d0134 SOURCES/gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg
|
||||||
5c550cc2a192d5a3ede74862b22ef0b139c911a4 SOURCES/p11-kit-0.23.21.tar.xz
|
339e5163ed50a9984a74739b9207ea8cd77fa7e2 SOURCES/p11-kit-0.23.22.tar.xz
|
||||||
|
|
Binary file not shown.
Binary file not shown.
|
@ -1,34 +0,0 @@
|
||||||
From 1d79c02be61874cd4598d60c18331e2d70228a40 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Daiki Ueno <ueno@gnu.org>
|
|
||||||
Date: Fri, 6 Nov 2020 17:46:28 +0100
|
|
||||||
Subject: [PATCH] anchor: Prefer persistent format when storing anchor
|
|
||||||
|
|
||||||
When a new certificate is stored with "trust anchor --store" from a
|
|
||||||
.p11-kit file, the command treated it as a PEM file, while it should
|
|
||||||
preserve extra fields in the file.
|
|
||||||
---
|
|
||||||
trust/anchor.c | 7 ++++---
|
|
||||||
trust/test-extract.sh | 27 ++++++++++++++++++++++++---
|
|
||||||
2 files changed, 28 insertions(+), 6 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/trust/anchor.c b/trust/anchor.c
|
|
||||||
index fab9cf6..5ba5065 100644
|
|
||||||
--- a/trust/anchor.c
|
|
||||||
+++ b/trust/anchor.c
|
|
||||||
@@ -64,9 +64,10 @@ create_arg_file_parser (void)
|
|
||||||
return_val_if_fail (parser != NULL, NULL);
|
|
||||||
|
|
||||||
p11_parser_formats (parser,
|
|
||||||
- p11_parser_format_x509,
|
|
||||||
- p11_parser_format_pem,
|
|
||||||
- NULL);
|
|
||||||
+ p11_parser_format_persist,
|
|
||||||
+ p11_parser_format_x509,
|
|
||||||
+ p11_parser_format_pem,
|
|
||||||
+ NULL);
|
|
||||||
|
|
||||||
return parser;
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.26.2
|
|
||||||
|
|
|
@ -0,0 +1,42 @@
|
||||||
|
From a91266ef087532e2332c75c4fd9244df66f30b64 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daiki Ueno <ueno@gnu.org>
|
||||||
|
Date: Fri, 18 Dec 2020 13:37:10 +0100
|
||||||
|
Subject: [PATCH] meson: Link trust/client modules explicitly to -ldl
|
||||||
|
|
||||||
|
This adds the -ldl link flag missing in the meson build, but present
|
||||||
|
in the autotools build. Although the use-case is unlikely, this
|
||||||
|
allows those modules to be linked as a normal shared library to a
|
||||||
|
program.
|
||||||
|
---
|
||||||
|
p11-kit/meson.build | 1 +
|
||||||
|
trust/meson.build | 2 +-
|
||||||
|
2 files changed, 2 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/p11-kit/meson.build b/p11-kit/meson.build
|
||||||
|
index 7d57cd7..02147a9 100644
|
||||||
|
--- a/p11-kit/meson.build
|
||||||
|
+++ b/p11-kit/meson.build
|
||||||
|
@@ -92,6 +92,7 @@ if host_system != 'windows'
|
||||||
|
'client.c', 'client-init.c',
|
||||||
|
name_prefix: '',
|
||||||
|
include_directories: [configinc, commoninc],
|
||||||
|
+ dependencies: dlopen_deps,
|
||||||
|
link_args: p11_module_ldflags,
|
||||||
|
link_depends: [p11_module_symbol_map,
|
||||||
|
p11_module_symbol_def],
|
||||||
|
diff --git a/trust/meson.build b/trust/meson.build
|
||||||
|
index 482a3c1..d4a8e15 100644
|
||||||
|
--- a/trust/meson.build
|
||||||
|
+++ b/trust/meson.build
|
||||||
|
@@ -56,7 +56,7 @@ shared_module('p11-kit-trust',
|
||||||
|
'module-init.c',
|
||||||
|
name_prefix: '',
|
||||||
|
c_args: p11_kit_trust_c_args,
|
||||||
|
- dependencies: [asn_h_dep, libp11_library_dep] + libtasn1_deps,
|
||||||
|
+ dependencies: [asn_h_dep, libp11_library_dep] + dlopen_deps + libtasn1_deps,
|
||||||
|
link_args: p11_module_ldflags,
|
||||||
|
link_depends: [p11_module_symbol_map,
|
||||||
|
p11_module_symbol_def],
|
||||||
|
--
|
||||||
|
2.29.2
|
||||||
|
|
|
@ -1,331 +0,0 @@
|
||||||
From de661c41a1e7e52296c91b9caa0bff8e4885c751 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Daiki Ueno <ueno@gnu.org>
|
|
||||||
Date: Thu, 22 Oct 2020 14:06:53 +0200
|
|
||||||
Subject: [PATCH 1/4] common: Fix infloop in p11_path_build
|
|
||||||
|
|
||||||
If p11_path_build is called with 2 or more arguments and the non-first
|
|
||||||
argument is an empty string (""), it previously fell into an infloop.
|
|
||||||
|
|
||||||
Reported by Karel Srot.
|
|
||||||
---
|
|
||||||
common/path.c | 4 +++-
|
|
||||||
common/test-path.c | 4 ++++
|
|
||||||
2 files changed, 7 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/common/path.c b/common/path.c
|
|
||||||
index 17a6230..53d394f 100644
|
|
||||||
--- a/common/path.c
|
|
||||||
+++ b/common/path.c
|
|
||||||
@@ -241,8 +241,10 @@ p11_path_build (const char *path,
|
|
||||||
num--;
|
|
||||||
|
|
||||||
if (at != 0) {
|
|
||||||
- if (num == 0)
|
|
||||||
+ if (num == 0) {
|
|
||||||
+ path = va_arg (va, const char *);
|
|
||||||
continue;
|
|
||||||
+ }
|
|
||||||
built[at++] = delim;
|
|
||||||
}
|
|
||||||
|
|
||||||
diff --git a/common/test-path.c b/common/test-path.c
|
|
||||||
index 2eb5444..f137a0c 100644
|
|
||||||
--- a/common/test-path.c
|
|
||||||
+++ b/common/test-path.c
|
|
||||||
@@ -88,6 +88,8 @@ static void
|
|
||||||
test_build (void)
|
|
||||||
{
|
|
||||||
#ifdef OS_UNIX
|
|
||||||
+ assert_str_eq_free ("/root",
|
|
||||||
+ p11_path_build ("/root", "", NULL));
|
|
||||||
assert_str_eq_free ("/root/second",
|
|
||||||
p11_path_build ("/root", "second", NULL));
|
|
||||||
assert_str_eq_free ("/root/second",
|
|
||||||
@@ -99,6 +101,8 @@ test_build (void)
|
|
||||||
assert_str_eq_free ("/root/second/third",
|
|
||||||
p11_path_build ("/root", "/second/third", NULL));
|
|
||||||
#else /* OS_WIN32 */
|
|
||||||
+ assert_str_eq_free ("C:\\root",
|
|
||||||
+ p11_path_build ("C:\\root", "", NULL));
|
|
||||||
assert_str_eq_free ("C:\\root\\second",
|
|
||||||
p11_path_build ("C:\\root", "second", NULL));
|
|
||||||
assert_str_eq_free ("C:\\root\\second",
|
|
||||||
--
|
|
||||||
2.26.2
|
|
||||||
|
|
||||||
|
|
||||||
From 1eac9a1c41828d5da4b640746e0002c7ab964e8e Mon Sep 17 00:00:00 2001
|
|
||||||
From: Alexander Sosedkin <asosedkin@redhat.com>
|
|
||||||
Date: Tue, 27 Oct 2020 11:08:53 +0100
|
|
||||||
Subject: [PATCH 2/4] Remove more duplicate separators in p11_path_build
|
|
||||||
|
|
||||||
Makes p11_path_build remove duplicate separators more thoroughly,
|
|
||||||
e.g., after a "" or in the first argument.
|
|
||||||
---
|
|
||||||
common/path.c | 26 +++++++++++++++++++-------
|
|
||||||
common/test-path.c | 22 ++++++++++++++++++++++
|
|
||||||
2 files changed, 41 insertions(+), 7 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/common/path.c b/common/path.c
|
|
||||||
index 53d394f..0ad176c 100644
|
|
||||||
--- a/common/path.c
|
|
||||||
+++ b/common/path.c
|
|
||||||
@@ -94,15 +94,21 @@ p11_path_base (const char *path)
|
|
||||||
}
|
|
||||||
|
|
||||||
static inline bool
|
|
||||||
-is_path_component_or_null (char ch)
|
|
||||||
+is_path_component (char ch)
|
|
||||||
{
|
|
||||||
- return (ch == '\0' || ch == '/'
|
|
||||||
+ return (ch == '/'
|
|
||||||
#ifdef OS_WIN32
|
|
||||||
|| ch == '\\'
|
|
||||||
#endif
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
+static inline bool
|
|
||||||
+is_path_component_or_null (char ch)
|
|
||||||
+{
|
|
||||||
+ return is_path_component (ch) || ch == '\0';
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
static char *
|
|
||||||
expand_homedir (const char *remainder)
|
|
||||||
{
|
|
||||||
@@ -235,6 +241,15 @@ p11_path_build (const char *path,
|
|
||||||
while (path != NULL) {
|
|
||||||
num = strlen (path);
|
|
||||||
|
|
||||||
+ /* Trim beginning of path */
|
|
||||||
+ while (is_path_component (path[0])) {
|
|
||||||
+ /* But preserve the leading path component */
|
|
||||||
+ if (!at && !is_path_component (path[1]))
|
|
||||||
+ break;
|
|
||||||
+ path++;
|
|
||||||
+ num--;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
/* Trim end of the path */
|
|
||||||
until = (at > 0) ? 0 : 1;
|
|
||||||
while (num > until && is_path_component_or_null (path[num - 1]))
|
|
||||||
@@ -245,7 +260,8 @@ p11_path_build (const char *path,
|
|
||||||
path = va_arg (va, const char *);
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
- built[at++] = delim;
|
|
||||||
+ if (built[at - 1] != delim)
|
|
||||||
+ built[at++] = delim;
|
|
||||||
}
|
|
||||||
|
|
||||||
assert (at + num < len);
|
|
||||||
@@ -253,10 +269,6 @@ p11_path_build (const char *path,
|
|
||||||
at += num;
|
|
||||||
|
|
||||||
path = va_arg (va, const char *);
|
|
||||||
-
|
|
||||||
- /* Trim beginning of path */
|
|
||||||
- while (path && path[0] && is_path_component_or_null (path[0]))
|
|
||||||
- path++;
|
|
||||||
}
|
|
||||||
va_end (va);
|
|
||||||
|
|
||||||
diff --git a/common/test-path.c b/common/test-path.c
|
|
||||||
index f137a0c..cf4a8e3 100644
|
|
||||||
--- a/common/test-path.c
|
|
||||||
+++ b/common/test-path.c
|
|
||||||
@@ -88,6 +88,16 @@ static void
|
|
||||||
test_build (void)
|
|
||||||
{
|
|
||||||
#ifdef OS_UNIX
|
|
||||||
+ assert_str_eq_free ("/",
|
|
||||||
+ p11_path_build ("/", NULL));
|
|
||||||
+ assert_str_eq_free ("/",
|
|
||||||
+ p11_path_build ("", "//", NULL));
|
|
||||||
+ assert_str_eq_free ("/root",
|
|
||||||
+ p11_path_build ("///root///", NULL));
|
|
||||||
+ assert_str_eq_free ("/root",
|
|
||||||
+ p11_path_build ("/", "root", NULL));
|
|
||||||
+ assert_str_eq_free ("/root",
|
|
||||||
+ p11_path_build ("", "/root", NULL));
|
|
||||||
assert_str_eq_free ("/root",
|
|
||||||
p11_path_build ("/root", "", NULL));
|
|
||||||
assert_str_eq_free ("/root/second",
|
|
||||||
@@ -96,11 +106,19 @@ test_build (void)
|
|
||||||
p11_path_build ("/root", "/second", NULL));
|
|
||||||
assert_str_eq_free ("/root/second",
|
|
||||||
p11_path_build ("/root/", "second", NULL));
|
|
||||||
+ assert_str_eq_free ("/root/second",
|
|
||||||
+ p11_path_build ("/root//", "//second/", NULL));
|
|
||||||
+ assert_str_eq_free ("/root/second",
|
|
||||||
+ p11_path_build ("/root//", "", "//second/", NULL));
|
|
||||||
assert_str_eq_free ("/root/second/third",
|
|
||||||
p11_path_build ("/root", "second", "third", NULL));
|
|
||||||
assert_str_eq_free ("/root/second/third",
|
|
||||||
p11_path_build ("/root", "/second/third", NULL));
|
|
||||||
#else /* OS_WIN32 */
|
|
||||||
+ assert_str_eq_free ("C:\\root",
|
|
||||||
+ p11_path_build ("C:\\", "root", NULL));
|
|
||||||
+ assert_str_eq_free ("C:\\root",
|
|
||||||
+ p11_path_build ("", "C:\\root", NULL));
|
|
||||||
assert_str_eq_free ("C:\\root",
|
|
||||||
p11_path_build ("C:\\root", "", NULL));
|
|
||||||
assert_str_eq_free ("C:\\root\\second",
|
|
||||||
@@ -109,6 +127,10 @@ test_build (void)
|
|
||||||
p11_path_build ("C:\\root", "\\second", NULL));
|
|
||||||
assert_str_eq_free ("C:\\root\\second",
|
|
||||||
p11_path_build ("C:\\root\\", "second", NULL));
|
|
||||||
+ assert_str_eq_free ("C:\\root\\second",
|
|
||||||
+ p11_path_build ("C:\\root\\\\", "\\\\second", NULL));
|
|
||||||
+ assert_str_eq_free ("C:\\root\\second",
|
|
||||||
+ p11_path_build ("C:\\root\\\\", "", "\\\\second", NULL));
|
|
||||||
assert_str_eq_free ("C:\\root\\second\\third",
|
|
||||||
p11_path_build ("C:\\root", "second", "third", NULL));
|
|
||||||
assert_str_eq_free ("C:\\root\\second/third",
|
|
||||||
--
|
|
||||||
2.26.2
|
|
||||||
|
|
||||||
|
|
||||||
From e5a1f444b7d299e77dd57862f3cc5783e697a10e Mon Sep 17 00:00:00 2001
|
|
||||||
From: Alexander Sosedkin <asosedkin@redhat.com>
|
|
||||||
Date: Tue, 27 Oct 2020 13:33:34 +0100
|
|
||||||
Subject: [PATCH 3/4] Use is_path_component in one more place
|
|
||||||
|
|
||||||
---
|
|
||||||
common/path.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/common/path.c b/common/path.c
|
|
||||||
index 0ad176c..8f57ec6 100644
|
|
||||||
--- a/common/path.c
|
|
||||||
+++ b/common/path.c
|
|
||||||
@@ -119,7 +119,7 @@ expand_homedir (const char *remainder)
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
- while (remainder[0] && is_path_component_or_null (remainder[0]))
|
|
||||||
+ while (is_path_component (remainder[0]))
|
|
||||||
remainder++;
|
|
||||||
if (remainder[0] == '\0')
|
|
||||||
remainder = NULL;
|
|
||||||
--
|
|
||||||
2.26.2
|
|
||||||
|
|
||||||
|
|
||||||
From ce66cf00b6b207c1d452af23cb062ca0adf57dac Mon Sep 17 00:00:00 2001
|
|
||||||
From: Alexander Sosedkin <asosedkin@redhat.com>
|
|
||||||
Date: Tue, 27 Oct 2020 16:01:32 +0100
|
|
||||||
Subject: [PATCH 4/4] Rename is_path_component to is_path_separator
|
|
||||||
|
|
||||||
Thanks to Daiki Ueno for noticing the misnaming.
|
|
||||||
---
|
|
||||||
common/path.c | 26 +++++++++++++-------------
|
|
||||||
1 file changed, 13 insertions(+), 13 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/common/path.c b/common/path.c
|
|
||||||
index 8f57ec6..d0d1893 100644
|
|
||||||
--- a/common/path.c
|
|
||||||
+++ b/common/path.c
|
|
||||||
@@ -94,7 +94,7 @@ p11_path_base (const char *path)
|
|
||||||
}
|
|
||||||
|
|
||||||
static inline bool
|
|
||||||
-is_path_component (char ch)
|
|
||||||
+is_path_separator (char ch)
|
|
||||||
{
|
|
||||||
return (ch == '/'
|
|
||||||
#ifdef OS_WIN32
|
|
||||||
@@ -104,9 +104,9 @@ is_path_component (char ch)
|
|
||||||
}
|
|
||||||
|
|
||||||
static inline bool
|
|
||||||
-is_path_component_or_null (char ch)
|
|
||||||
+is_path_separator_or_null (char ch)
|
|
||||||
{
|
|
||||||
- return is_path_component (ch) || ch == '\0';
|
|
||||||
+ return is_path_separator (ch) || ch == '\0';
|
|
||||||
}
|
|
||||||
|
|
||||||
static char *
|
|
||||||
@@ -119,7 +119,7 @@ expand_homedir (const char *remainder)
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
- while (is_path_component (remainder[0]))
|
|
||||||
+ while (is_path_separator (remainder[0]))
|
|
||||||
remainder++;
|
|
||||||
if (remainder[0] == '\0')
|
|
||||||
remainder = NULL;
|
|
||||||
@@ -127,7 +127,7 @@ expand_homedir (const char *remainder)
|
|
||||||
/* Expand $XDG_CONFIG_HOME */
|
|
||||||
if (remainder != NULL &&
|
|
||||||
strncmp (remainder, ".config", 7) == 0 &&
|
|
||||||
- is_path_component_or_null (remainder[7])) {
|
|
||||||
+ is_path_separator_or_null (remainder[7])) {
|
|
||||||
env = getenv ("XDG_CONFIG_HOME");
|
|
||||||
if (env && env[0])
|
|
||||||
return p11_path_build (env, remainder + 8, NULL);
|
|
||||||
@@ -180,7 +180,7 @@ p11_path_expand (const char *path)
|
|
||||||
return_val_if_fail (path != NULL, NULL);
|
|
||||||
|
|
||||||
if (strncmp (path, "~", 1) == 0 &&
|
|
||||||
- is_path_component_or_null (path[1])) {
|
|
||||||
+ is_path_separator_or_null (path[1])) {
|
|
||||||
return expand_homedir (path + 1);
|
|
||||||
|
|
||||||
} else {
|
|
||||||
@@ -242,9 +242,9 @@ p11_path_build (const char *path,
|
|
||||||
num = strlen (path);
|
|
||||||
|
|
||||||
/* Trim beginning of path */
|
|
||||||
- while (is_path_component (path[0])) {
|
|
||||||
+ while (is_path_separator (path[0])) {
|
|
||||||
/* But preserve the leading path component */
|
|
||||||
- if (!at && !is_path_component (path[1]))
|
|
||||||
+ if (!at && !is_path_separator (path[1]))
|
|
||||||
break;
|
|
||||||
path++;
|
|
||||||
num--;
|
|
||||||
@@ -252,7 +252,7 @@ p11_path_build (const char *path,
|
|
||||||
|
|
||||||
/* Trim end of the path */
|
|
||||||
until = (at > 0) ? 0 : 1;
|
|
||||||
- while (num > until && is_path_component_or_null (path[num - 1]))
|
|
||||||
+ while (num > until && is_path_separator_or_null (path[num - 1]))
|
|
||||||
num--;
|
|
||||||
|
|
||||||
if (at != 0) {
|
|
||||||
@@ -288,17 +288,17 @@ p11_path_parent (const char *path)
|
|
||||||
|
|
||||||
/* Find the end of the last component */
|
|
||||||
e = path + strlen (path);
|
|
||||||
- while (e != path && is_path_component_or_null (*e))
|
|
||||||
+ while (e != path && is_path_separator_or_null (*e))
|
|
||||||
e--;
|
|
||||||
|
|
||||||
/* Find the beginning of the last component */
|
|
||||||
- while (e != path && !is_path_component_or_null (*e)) {
|
|
||||||
+ while (e != path && !is_path_separator_or_null (*e)) {
|
|
||||||
had = true;
|
|
||||||
e--;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Find the end of the last component */
|
|
||||||
- while (e != path && is_path_component_or_null (*e))
|
|
||||||
+ while (e != path && is_path_separator_or_null (*e))
|
|
||||||
e--;
|
|
||||||
|
|
||||||
if (e == path) {
|
|
||||||
@@ -327,7 +327,7 @@ p11_path_prefix (const char *string,
|
|
||||||
|
|
||||||
return a > b &&
|
|
||||||
strncmp (string, prefix, b) == 0 &&
|
|
||||||
- is_path_component_or_null (string[b]);
|
|
||||||
+ is_path_separator_or_null (string[b]);
|
|
||||||
}
|
|
||||||
|
|
||||||
void
|
|
||||||
--
|
|
||||||
2.26.2
|
|
||||||
|
|
|
@ -1,107 +0,0 @@
|
||||||
From 08fcec713c1d3038f706d049910bd13a8c811fb5 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Daiki Ueno <ueno@gnu.org>
|
|
||||||
Date: Mon, 5 Oct 2020 08:49:48 +0200
|
|
||||||
Subject: [PATCH 1/2] build: Use calloc in a consistent manner
|
|
||||||
|
|
||||||
---
|
|
||||||
common/dict.c | 6 +++---
|
|
||||||
p11-kit/proxy.c | 4 ++--
|
|
||||||
2 files changed, 5 insertions(+), 5 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/common/dict.c b/common/dict.c
|
|
||||||
index b7ab00d..62a7816 100644
|
|
||||||
--- a/common/dict.c
|
|
||||||
+++ b/common/dict.c
|
|
||||||
@@ -122,7 +122,7 @@ lookup_or_create_bucket (p11_dict *dict,
|
|
||||||
return bucketp;
|
|
||||||
|
|
||||||
/* add a new entry for non-NULL val */
|
|
||||||
- (*bucketp) = calloc (sizeof (dictbucket), 1);
|
|
||||||
+ (*bucketp) = calloc (1, sizeof (dictbucket));
|
|
||||||
|
|
||||||
if (*bucketp != NULL) {
|
|
||||||
(*bucketp)->key = (void*)key;
|
|
||||||
@@ -175,7 +175,7 @@ p11_dict_set (p11_dict *dict,
|
|
||||||
/* check that the collision rate isn't too high */
|
|
||||||
if (dict->num_items > dict->num_buckets) {
|
|
||||||
num_buckets = dict->num_buckets * 2 + 1;
|
|
||||||
- new_buckets = (dictbucket **)calloc (sizeof (dictbucket *), num_buckets);
|
|
||||||
+ new_buckets = (dictbucket **)calloc (num_buckets, sizeof (dictbucket *));
|
|
||||||
|
|
||||||
/* Ignore failures, maybe we can expand later */
|
|
||||||
if(new_buckets) {
|
|
||||||
@@ -283,7 +283,7 @@ p11_dict_new (p11_dict_hasher hash_func,
|
|
||||||
dict->value_destroy_func = value_destroy_func;
|
|
||||||
|
|
||||||
dict->num_buckets = 9;
|
|
||||||
- dict->buckets = (dictbucket **)calloc (sizeof (dictbucket *), dict->num_buckets);
|
|
||||||
+ dict->buckets = (dictbucket **)calloc (dict->num_buckets, sizeof (dictbucket *));
|
|
||||||
if (!dict->buckets) {
|
|
||||||
free (dict);
|
|
||||||
return NULL;
|
|
||||||
diff --git a/p11-kit/proxy.c b/p11-kit/proxy.c
|
|
||||||
index 97c9b09..d70462a 100644
|
|
||||||
--- a/p11-kit/proxy.c
|
|
||||||
+++ b/p11-kit/proxy.c
|
|
||||||
@@ -265,7 +265,7 @@ proxy_list_slots (Proxy *py, Mapping *mappings, unsigned int n_mappings)
|
|
||||||
/* Ask module for its slots */
|
|
||||||
rv = (funcs->C_GetSlotList) (FALSE, NULL, &count);
|
|
||||||
if (rv == CKR_OK && count) {
|
|
||||||
- slots = calloc (sizeof (CK_SLOT_ID), count);
|
|
||||||
+ slots = calloc (count, sizeof (CK_SLOT_ID));
|
|
||||||
rv = (funcs->C_GetSlotList) (FALSE, slots, &count);
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -756,7 +756,7 @@ proxy_C_CloseAllSessions (CK_X_FUNCTION_LIST *self,
|
|
||||||
rv = CKR_CRYPTOKI_NOT_INITIALIZED;
|
|
||||||
} else {
|
|
||||||
assert (state->px->sessions != NULL);
|
|
||||||
- to_close = calloc (sizeof (CK_SESSION_HANDLE), p11_dict_size (state->px->sessions));
|
|
||||||
+ to_close = calloc (p11_dict_size (state->px->sessions), sizeof (CK_SESSION_HANDLE));
|
|
||||||
if (!to_close) {
|
|
||||||
rv = CKR_HOST_MEMORY;
|
|
||||||
} else {
|
|
||||||
--
|
|
||||||
2.26.2
|
|
||||||
|
|
||||||
|
|
||||||
From 0a1263a41d4c482f50aa5c4643f9de38fda44bbd Mon Sep 17 00:00:00 2001
|
|
||||||
From: Daiki Ueno <ueno@gnu.org>
|
|
||||||
Date: Mon, 5 Oct 2020 08:52:52 +0200
|
|
||||||
Subject: [PATCH 2/2] proxy: C_CloseAllSessions: Make sure that calloc args are
|
|
||||||
non-zero
|
|
||||||
|
|
||||||
This prevents efence warning if either of the calloc arguments is
|
|
||||||
zero. While it is is safe on glibc systems, POSIX says the behavior
|
|
||||||
is implementation-defined.
|
|
||||||
|
|
||||||
Reported by Paul Wouters.
|
|
||||||
---
|
|
||||||
p11-kit/proxy.c | 4 ++--
|
|
||||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/p11-kit/proxy.c b/p11-kit/proxy.c
|
|
||||||
index d70462a..df18ac0 100644
|
|
||||||
--- a/p11-kit/proxy.c
|
|
||||||
+++ b/p11-kit/proxy.c
|
|
||||||
@@ -744,7 +744,7 @@ proxy_C_CloseAllSessions (CK_X_FUNCTION_LIST *self,
|
|
||||||
CK_SLOT_ID id)
|
|
||||||
{
|
|
||||||
State *state = (State *)self;
|
|
||||||
- CK_SESSION_HANDLE_PTR to_close;
|
|
||||||
+ CK_SESSION_HANDLE_PTR to_close = NULL;
|
|
||||||
CK_RV rv = CKR_OK;
|
|
||||||
Session *sess;
|
|
||||||
CK_ULONG i, count = 0;
|
|
||||||
@@ -756,7 +756,7 @@ proxy_C_CloseAllSessions (CK_X_FUNCTION_LIST *self,
|
|
||||||
rv = CKR_CRYPTOKI_NOT_INITIALIZED;
|
|
||||||
} else {
|
|
||||||
assert (state->px->sessions != NULL);
|
|
||||||
- to_close = calloc (p11_dict_size (state->px->sessions), sizeof (CK_SESSION_HANDLE));
|
|
||||||
+ to_close = calloc (p11_dict_size (state->px->sessions) + 1, sizeof (CK_SESSION_HANDLE));
|
|
||||||
if (!to_close) {
|
|
||||||
rv = CKR_HOST_MEMORY;
|
|
||||||
} else {
|
|
||||||
--
|
|
||||||
2.26.2
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# This spec file has been automatically updated
|
# This spec file has been automatically updated
|
||||||
Version: 0.23.21
|
Version: 0.23.22
|
||||||
Release: 4%{?dist}
|
Release: 1%{?dist}
|
||||||
Name: p11-kit
|
Name: p11-kit
|
||||||
Summary: Library for loading and sharing PKCS#11 modules
|
Summary: Library for loading and sharing PKCS#11 modules
|
||||||
|
|
||||||
|
@ -12,9 +12,7 @@ Source2: gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg
|
||||||
Source3: trust-extract-compat
|
Source3: trust-extract-compat
|
||||||
Source4: p11-kit-client.service
|
Source4: p11-kit-client.service
|
||||||
|
|
||||||
Patch1: p11-kit-invalid-config.patch
|
Patch1: p11-kit-dt-needed.patch
|
||||||
Patch2: p11-kit-realloc-zero.patch
|
|
||||||
Patch3: p11-kit-anchor-persist.patch
|
|
||||||
|
|
||||||
BuildRequires: gcc
|
BuildRequires: gcc
|
||||||
BuildRequires: libtasn1-devel >= 2.3
|
BuildRequires: libtasn1-devel >= 2.3
|
||||||
|
@ -29,6 +27,7 @@ BuildRequires: bash-completion
|
||||||
# Remove this once it is fixed
|
# Remove this once it is fixed
|
||||||
BuildRequires: pkgconfig(glib-2.0)
|
BuildRequires: pkgconfig(glib-2.0)
|
||||||
BuildRequires: gnupg2
|
BuildRequires: gnupg2
|
||||||
|
BuildRequires: /usr/bin/xsltproc
|
||||||
|
|
||||||
%description
|
%description
|
||||||
p11-kit provides a way to load and enumerate PKCS#11 modules, as well
|
p11-kit provides a way to load and enumerate PKCS#11 modules, as well
|
||||||
|
@ -156,6 +155,11 @@ fi
|
||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Jan 11 2021 Daiki Ueno <dueno@redhat.com> - 0.23.22-1
|
||||||
|
- Rebase to 0.23.22 to fix memory safety issues (CVE-2020-29361, CVE-2020-29362, and CVE-2020-29363)
|
||||||
|
- Preserve DT_NEEDED information from the previous version, flagged by rpmdiff
|
||||||
|
- Add xsltproc to BR
|
||||||
|
|
||||||
* Tue Nov 10 2020 Daiki Ueno <dueno@redhat.com> - 0.23.21-4
|
* Tue Nov 10 2020 Daiki Ueno <dueno@redhat.com> - 0.23.21-4
|
||||||
- Fix realloc usage on proxy cleanup (#1894979)
|
- Fix realloc usage on proxy cleanup (#1894979)
|
||||||
- Make 'trust anchor --store' preserve all attributes from .p11-kit files
|
- Make 'trust anchor --store' preserve all attributes from .p11-kit files
|
||||||
|
|
Loading…
Reference in New Issue