rpms
/
p11-kit
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import p11-kit-0.23.21-4.el8

This commit is contained in:
CentOS Sources 2020-11-11 08:10:34 +00:00 committed by Andrew Lukoshko
parent d532be13f1
commit 33d1549ffc
3 changed files with 148 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
SOURCES/p11-kit-anchor-persist.patch Normal file
View File

@ -0,0 +1,34 @@
From 1d79c02be61874cd4598d60c18331e2d70228a40 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Fri, 6 Nov 2020 17:46:28 +0100
Subject: [PATCH] anchor: Prefer persistent format when storing anchor
When a new certificate is stored with "trust anchor --store" from a
.p11-kit file, the command treated it as a PEM file, while it should
preserve extra fields in the file.
---
trust/anchor.c | 7 ++++---
trust/test-extract.sh | 27 ++++++++++++++++++++++++---
2 files changed, 28 insertions(+), 6 deletions(-)
diff --git a/trust/anchor.c b/trust/anchor.c
index fab9cf6..5ba5065 100644
--- a/trust/anchor.c
+++ b/trust/anchor.c
@@ -64,9 +64,10 @@ create_arg_file_parser (void)
return_val_if_fail (parser != NULL, NULL);
p11_parser_formats (parser,
- p11_parser_format_x509,
- p11_parser_format_pem,
- NULL);
+ p11_parser_format_persist,
+ p11_parser_format_x509,
+ p11_parser_format_pem,
+ NULL);
return parser;
}
--
2.26.2

107
SOURCES/p11-kit-realloc-zero.patch Normal file
View File

@ -0,0 +1,107 @@
From 08fcec713c1d3038f706d049910bd13a8c811fb5 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Mon, 5 Oct 2020 08:49:48 +0200
Subject: [PATCH 1/2] build: Use calloc in a consistent manner
---
common/dict.c | 6 +++---
p11-kit/proxy.c | 4 ++--
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/common/dict.c b/common/dict.c
index b7ab00d..62a7816 100644
--- a/common/dict.c
+++ b/common/dict.c
@@ -122,7 +122,7 @@ lookup_or_create_bucket (p11_dict *dict,
return bucketp;
/* add a new entry for non-NULL val */
- (*bucketp) = calloc (sizeof (dictbucket), 1);
+ (*bucketp) = calloc (1, sizeof (dictbucket));
if (*bucketp != NULL) {
(*bucketp)->key = (void*)key;
@@ -175,7 +175,7 @@ p11_dict_set (p11_dict *dict,
/* check that the collision rate isn't too high */
if (dict->num_items > dict->num_buckets) {
num_buckets = dict->num_buckets * 2 + 1;
- new_buckets = (dictbucket **)calloc (sizeof (dictbucket *), num_buckets);
+ new_buckets = (dictbucket **)calloc (num_buckets, sizeof (dictbucket *));
/* Ignore failures, maybe we can expand later */
if(new_buckets) {
@@ -283,7 +283,7 @@ p11_dict_new (p11_dict_hasher hash_func,
dict->value_destroy_func = value_destroy_func;
dict->num_buckets = 9;
- dict->buckets = (dictbucket **)calloc (sizeof (dictbucket *), dict->num_buckets);
+ dict->buckets = (dictbucket **)calloc (dict->num_buckets, sizeof (dictbucket *));
if (!dict->buckets) {
free (dict);
return NULL;
diff --git a/p11-kit/proxy.c b/p11-kit/proxy.c
index 97c9b09..d70462a 100644
--- a/p11-kit/proxy.c
+++ b/p11-kit/proxy.c
@@ -265,7 +265,7 @@ proxy_list_slots (Proxy *py, Mapping *mappings, unsigned int n_mappings)
/* Ask module for its slots */
rv = (funcs->C_GetSlotList) (FALSE, NULL, &count);
if (rv == CKR_OK && count) {
- slots = calloc (sizeof (CK_SLOT_ID), count);
+ slots = calloc (count, sizeof (CK_SLOT_ID));
rv = (funcs->C_GetSlotList) (FALSE, slots, &count);
}
@@ -756,7 +756,7 @@ proxy_C_CloseAllSessions (CK_X_FUNCTION_LIST *self,
rv = CKR_CRYPTOKI_NOT_INITIALIZED;
} else {
assert (state->px->sessions != NULL);
- to_close = calloc (sizeof (CK_SESSION_HANDLE), p11_dict_size (state->px->sessions));
+ to_close = calloc (p11_dict_size (state->px->sessions), sizeof (CK_SESSION_HANDLE));
if (!to_close) {
rv = CKR_HOST_MEMORY;
} else {
--
2.26.2
From 0a1263a41d4c482f50aa5c4643f9de38fda44bbd Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Mon, 5 Oct 2020 08:52:52 +0200
Subject: [PATCH 2/2] proxy: C_CloseAllSessions: Make sure that calloc args are
non-zero
This prevents efence warning if either of the calloc arguments is
zero. While it is is safe on glibc systems, POSIX says the behavior
is implementation-defined.
Reported by Paul Wouters.
---
p11-kit/proxy.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/p11-kit/proxy.c b/p11-kit/proxy.c
index d70462a..df18ac0 100644
--- a/p11-kit/proxy.c
+++ b/p11-kit/proxy.c
@@ -744,7 +744,7 @@ proxy_C_CloseAllSessions (CK_X_FUNCTION_LIST *self,
CK_SLOT_ID id)
{
State *state = (State *)self;
- CK_SESSION_HANDLE_PTR to_close;
+ CK_SESSION_HANDLE_PTR to_close = NULL;
CK_RV rv = CKR_OK;
Session *sess;
CK_ULONG i, count = 0;
@@ -756,7 +756,7 @@ proxy_C_CloseAllSessions (CK_X_FUNCTION_LIST *self,
rv = CKR_CRYPTOKI_NOT_INITIALIZED;
} else {
assert (state->px->sessions != NULL);
- to_close = calloc (p11_dict_size (state->px->sessions), sizeof (CK_SESSION_HANDLE));
+ to_close = calloc (p11_dict_size (state->px->sessions) + 1, sizeof (CK_SESSION_HANDLE));
if (!to_close) {
rv = CKR_HOST_MEMORY;
} else {
--
2.26.2

8
SPECS/p11-kit.spec
View File

@ -1,6 +1,6 @@
# This spec file has been automatically updated
Version: 0.23.21
Release: 3%{?dist}
Release: 4%{?dist}
Name: p11-kit
Summary: Library for loading and sharing PKCS#11 modules
@ -13,6 +13,8 @@ Source3: trust-extract-compat
Source4: p11-kit-client.service
Patch1: p11-kit-invalid-config.patch
Patch2: p11-kit-realloc-zero.patch
Patch3: p11-kit-anchor-persist.patch
BuildRequires: gcc
BuildRequires: libtasn1-devel >= 2.3
@ -154,6 +156,10 @@ fi
%changelog
* Tue Nov 10 2020 Daiki Ueno <dueno@redhat.com> - 0.23.21-4
- Fix realloc usage on proxy cleanup (#1894979)
- Make 'trust anchor --store' preserve all attributes from .p11-kit files
* Tue Nov 3 2020 Daiki Ueno <dueno@redhat.com> - 0.23.21-3
- Restore clobbered changelog entry