import p11-kit-0.23.14-4.el8
This commit is contained in:
commit
73ad82a74a
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
SOURCES/p11-kit-0.23.14.tar.gz
|
1
.p11-kit.metadata
Normal file
1
.p11-kit.metadata
Normal file
@ -0,0 +1 @@
|
|||||||
|
30cab1d4b716022e6918f9a49976609c425f9cfc SOURCES/p11-kit-0.23.14.tar.gz
|
11
SOURCES/p11-kit-client.service
Normal file
11
SOURCES/p11-kit-client.service
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=p11-kit client
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
RemainAfterExit=true
|
||||||
|
RuntimeDirectory=p11-kit
|
||||||
|
ExecStart=/usr/bin/true
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=default.target
|
623
SOURCES/p11-kit-coverity.patch
Normal file
623
SOURCES/p11-kit-coverity.patch
Normal file
@ -0,0 +1,623 @@
|
|||||||
|
From 8a8db182af533a43b4d478d28af8623035475d68 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daiki Ueno <dueno@redhat.com>
|
||||||
|
Date: Tue, 16 Oct 2018 18:05:10 +0200
|
||||||
|
Subject: [PATCH 01/10] debug: Work around cppcheck false-positives
|
||||||
|
|
||||||
|
https://trac.cppcheck.net/ticket/8794
|
||||||
|
---
|
||||||
|
common/debug.h | 6 +++---
|
||||||
|
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/common/debug.h b/common/debug.h
|
||||||
|
index 255c62c..7ea36f3 100644
|
||||||
|
--- a/common/debug.h
|
||||||
|
+++ b/common/debug.h
|
||||||
|
@@ -71,13 +71,13 @@ void p11_debug_precond (const char *format,
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#define return_val_if_fail(x, v) \
|
||||||
|
- do { if (!(x)) { \
|
||||||
|
+ do { if (x) { } else { \
|
||||||
|
p11_debug_precond ("p11-kit: '%s' not true at %s\n", #x, __func__); \
|
||||||
|
return v; \
|
||||||
|
} } while (false)
|
||||||
|
|
||||||
|
#define return_if_fail(x) \
|
||||||
|
- do { if (!(x)) { \
|
||||||
|
+ do { if (x) { } else { \
|
||||||
|
p11_debug_precond ("p11-kit: '%s' not true at %s\n", #x, __func__); \
|
||||||
|
return; \
|
||||||
|
} } while (false)
|
||||||
|
@@ -100,7 +100,7 @@ void p11_debug_precond (const char *format,
|
||||||
|
} while (false)
|
||||||
|
|
||||||
|
#define warn_if_fail(x) \
|
||||||
|
- do { if (!(x)) { \
|
||||||
|
+ do { if (x) { } else { \
|
||||||
|
p11_debug_precond ("p11-kit: '%s' not true at %s\n", #x, __func__); \
|
||||||
|
} } while (false)
|
||||||
|
|
||||||
|
--
|
||||||
|
2.17.2
|
||||||
|
|
||||||
|
|
||||||
|
From c76197ddbbd0c29adc2bceff2ee9f740f71d134d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daiki Ueno <dueno@redhat.com>
|
||||||
|
Date: Tue, 16 Oct 2018 18:06:56 +0200
|
||||||
|
Subject: [PATCH 02/10] build: Call va_end() always when leaving the function
|
||||||
|
|
||||||
|
---
|
||||||
|
common/attrs.c | 4 +++-
|
||||||
|
common/compat.c | 5 ++++-
|
||||||
|
common/path.c | 5 ++++-
|
||||||
|
trust/parser.c | 4 +++-
|
||||||
|
4 files changed, 14 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/common/attrs.c b/common/attrs.c
|
||||||
|
index aa91891..a387a66 100644
|
||||||
|
--- a/common/attrs.c
|
||||||
|
+++ b/common/attrs.c
|
||||||
|
@@ -538,8 +538,10 @@ buffer_append_printf (p11_buffer *buffer,
|
||||||
|
va_list va;
|
||||||
|
|
||||||
|
va_start (va, format);
|
||||||
|
- if (vasprintf (&string, format, va) < 0)
|
||||||
|
+ if (vasprintf (&string, format, va) < 0) {
|
||||||
|
+ va_end (va);
|
||||||
|
return_if_reached ();
|
||||||
|
+ }
|
||||||
|
va_end (va);
|
||||||
|
|
||||||
|
p11_buffer_add (buffer, string, -1);
|
||||||
|
diff --git a/common/compat.c b/common/compat.c
|
||||||
|
index 5a9702d..48614fa 100644
|
||||||
|
--- a/common/compat.c
|
||||||
|
+++ b/common/compat.c
|
||||||
|
@@ -525,7 +525,10 @@ strconcat (const char *first,
|
||||||
|
for (arg = first; arg; arg = va_arg (va, const char*)) {
|
||||||
|
size_t old_length = length;
|
||||||
|
length += strlen (arg);
|
||||||
|
- return_val_if_fail (length >= old_length, NULL);
|
||||||
|
+ if (length < old_length) {
|
||||||
|
+ va_end (va);
|
||||||
|
+ return_val_if_reached (NULL);
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
va_end (va);
|
||||||
|
diff --git a/common/path.c b/common/path.c
|
||||||
|
index 5cf0e1a..17a6230 100644
|
||||||
|
--- a/common/path.c
|
||||||
|
+++ b/common/path.c
|
||||||
|
@@ -218,7 +218,10 @@ p11_path_build (const char *path,
|
||||||
|
while (path != NULL) {
|
||||||
|
size_t old_len = len;
|
||||||
|
len += strlen (path) + 1;
|
||||||
|
- return_val_if_fail (len >= old_len, NULL);
|
||||||
|
+ if (len < old_len) {
|
||||||
|
+ va_end (va);
|
||||||
|
+ return_val_if_reached (NULL);
|
||||||
|
+ }
|
||||||
|
path = va_arg (va, const char *);
|
||||||
|
}
|
||||||
|
va_end (va);
|
||||||
|
diff --git a/trust/parser.c b/trust/parser.c
|
||||||
|
index f92cdc9..e912c3a 100644
|
||||||
|
--- a/trust/parser.c
|
||||||
|
+++ b/trust/parser.c
|
||||||
|
@@ -697,8 +697,10 @@ p11_parser_formats (p11_parser *parser,
|
||||||
|
func = va_arg (va, parser_func);
|
||||||
|
if (func == NULL)
|
||||||
|
break;
|
||||||
|
- if (!p11_array_push (formats, func))
|
||||||
|
+ if (!p11_array_push (formats, func)) {
|
||||||
|
+ va_end (va);
|
||||||
|
return_if_reached ();
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
va_end (va);
|
||||||
|
|
||||||
|
--
|
||||||
|
2.17.2
|
||||||
|
|
||||||
|
|
||||||
|
From b10dadce5a3c921149b2c9fe0dec614f8076ebda Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daiki Ueno <dueno@redhat.com>
|
||||||
|
Date: Tue, 16 Oct 2018 18:10:05 +0200
|
||||||
|
Subject: [PATCH 03/10] build: Free memory before return{,_val}_if_* macros
|
||||||
|
|
||||||
|
---
|
||||||
|
p11-kit/iter.c | 5 ++++-
|
||||||
|
p11-kit/proxy.c | 10 ++++++++--
|
||||||
|
trust/asn1.c | 15 ++++++++++++---
|
||||||
|
trust/builder.c | 5 ++++-
|
||||||
|
trust/index.c | 10 ++++++++--
|
||||||
|
trust/persist.c | 5 ++++-
|
||||||
|
trust/save.c | 29 +++++++++++++++++++++++++----
|
||||||
|
trust/session.c | 10 ++++++++--
|
||||||
|
trust/token.c | 5 ++++-
|
||||||
|
9 files changed, 77 insertions(+), 17 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/p11-kit/iter.c b/p11-kit/iter.c
|
||||||
|
index 0e4ca6e..d1ffd91 100644
|
||||||
|
--- a/p11-kit/iter.c
|
||||||
|
+++ b/p11-kit/iter.c
|
||||||
|
@@ -157,7 +157,10 @@ p11_kit_iter_new (P11KitUri *uri,
|
||||||
|
return_val_if_fail (iter != NULL, NULL);
|
||||||
|
|
||||||
|
iter->modules = p11_array_new (NULL);
|
||||||
|
- return_val_if_fail (iter->modules != NULL, NULL);
|
||||||
|
+ if (iter->modules == NULL) {
|
||||||
|
+ p11_kit_iter_free (iter);
|
||||||
|
+ return_val_if_reached (NULL);
|
||||||
|
+ }
|
||||||
|
|
||||||
|
iter->want_writable = !!(behavior & P11_KIT_ITER_WANT_WRITABLE);
|
||||||
|
iter->preload_results = !(behavior & P11_KIT_ITER_BUSY_SESSIONS);
|
||||||
|
diff --git a/p11-kit/proxy.c b/p11-kit/proxy.c
|
||||||
|
index b7fb63d..abe7935 100644
|
||||||
|
--- a/p11-kit/proxy.c
|
||||||
|
+++ b/p11-kit/proxy.c
|
||||||
|
@@ -267,7 +267,10 @@ proxy_create (Proxy **res, CK_FUNCTION_LIST **loaded,
|
||||||
|
py->forkid = p11_forkid;
|
||||||
|
|
||||||
|
py->inited = modules_dup (loaded);
|
||||||
|
- return_val_if_fail (py->inited != NULL, CKR_HOST_MEMORY);
|
||||||
|
+ if (py->inited == NULL) {
|
||||||
|
+ proxy_free (py, 0);
|
||||||
|
+ return_val_if_reached (CKR_HOST_MEMORY);
|
||||||
|
+ }
|
||||||
|
|
||||||
|
rv = p11_kit_modules_initialize (py->inited, NULL);
|
||||||
|
|
||||||
|
@@ -320,7 +323,10 @@ proxy_create (Proxy **res, CK_FUNCTION_LIST **loaded,
|
||||||
|
}
|
||||||
|
|
||||||
|
py->sessions = p11_dict_new (p11_dict_ulongptr_hash, p11_dict_ulongptr_equal, NULL, free);
|
||||||
|
- return_val_if_fail (py->sessions != NULL, CKR_HOST_MEMORY);
|
||||||
|
+ if (py->sessions == NULL) {
|
||||||
|
+ proxy_free (py, 1);
|
||||||
|
+ return_val_if_reached (CKR_HOST_MEMORY);
|
||||||
|
+ }
|
||||||
|
py->refs = 1;
|
||||||
|
|
||||||
|
*res = py;
|
||||||
|
diff --git a/trust/asn1.c b/trust/asn1.c
|
||||||
|
index dd1812d..5ce682d 100644
|
||||||
|
--- a/trust/asn1.c
|
||||||
|
+++ b/trust/asn1.c
|
||||||
|
@@ -285,11 +285,17 @@ p11_asn1_cache_new (void)
|
||||||
|
return_val_if_fail (cache != NULL, NULL);
|
||||||
|
|
||||||
|
cache->defs = p11_asn1_defs_load ();
|
||||||
|
- return_val_if_fail (cache->defs != NULL, NULL);
|
||||||
|
+ if (cache->defs == NULL) {
|
||||||
|
+ p11_asn1_cache_free (cache);
|
||||||
|
+ return_val_if_reached (NULL);
|
||||||
|
+ }
|
||||||
|
|
||||||
|
cache->items = p11_dict_new (p11_dict_direct_hash, p11_dict_direct_equal,
|
||||||
|
NULL, free_asn1_item);
|
||||||
|
- return_val_if_fail (cache->items != NULL, NULL);
|
||||||
|
+ if (cache->items == NULL) {
|
||||||
|
+ p11_asn1_cache_free (cache);
|
||||||
|
+ return_val_if_reached (NULL);
|
||||||
|
+ }
|
||||||
|
|
||||||
|
return cache;
|
||||||
|
}
|
||||||
|
@@ -342,7 +348,10 @@ p11_asn1_cache_take (p11_asn1_cache *cache,
|
||||||
|
item->length = der_len;
|
||||||
|
item->node = node;
|
||||||
|
item->struct_name = strdup (struct_name);
|
||||||
|
- return_if_fail (item->struct_name != NULL);
|
||||||
|
+ if (item->struct_name == NULL) {
|
||||||
|
+ free_asn1_item (item);
|
||||||
|
+ return_if_reached ();
|
||||||
|
+ }
|
||||||
|
|
||||||
|
if (!p11_dict_set (cache->items, (void *)der, item))
|
||||||
|
return_if_reached ();
|
||||||
|
diff --git a/trust/builder.c b/trust/builder.c
|
||||||
|
index 742c544..d819dc8 100644
|
||||||
|
--- a/trust/builder.c
|
||||||
|
+++ b/trust/builder.c
|
||||||
|
@@ -187,7 +187,10 @@ p11_builder_new (int flags)
|
||||||
|
return_val_if_fail (builder != NULL, NULL);
|
||||||
|
|
||||||
|
builder->asn1_cache = p11_asn1_cache_new ();
|
||||||
|
- return_val_if_fail (builder->asn1_cache, NULL);
|
||||||
|
+ if (builder->asn1_cache == NULL) {
|
||||||
|
+ p11_builder_free (builder);
|
||||||
|
+ return_val_if_reached (NULL);
|
||||||
|
+ }
|
||||||
|
builder->asn1_defs = p11_asn1_cache_defs (builder->asn1_cache);
|
||||||
|
|
||||||
|
builder->flags = flags;
|
||||||
|
diff --git a/trust/index.c b/trust/index.c
|
||||||
|
index f4b6b4b..6a8e535 100644
|
||||||
|
--- a/trust/index.c
|
||||||
|
+++ b/trust/index.c
|
||||||
|
@@ -170,10 +170,16 @@ p11_index_new (p11_index_build_cb build,
|
||||||
|
index->objects = p11_dict_new (p11_dict_ulongptr_hash,
|
||||||
|
p11_dict_ulongptr_equal,
|
||||||
|
NULL, free_object);
|
||||||
|
- return_val_if_fail (index->objects != NULL, NULL);
|
||||||
|
+ if (index->objects == NULL) {
|
||||||
|
+ p11_index_free (index);
|
||||||
|
+ return_val_if_reached (NULL);
|
||||||
|
+ }
|
||||||
|
|
||||||
|
index->buckets = calloc (NUM_BUCKETS, sizeof (index_bucket));
|
||||||
|
- return_val_if_fail (index->buckets != NULL, NULL);
|
||||||
|
+ if (index->buckets == NULL) {
|
||||||
|
+ p11_index_free (index);
|
||||||
|
+ return_val_if_reached (NULL);
|
||||||
|
+ }
|
||||||
|
|
||||||
|
return index;
|
||||||
|
}
|
||||||
|
diff --git a/trust/persist.c b/trust/persist.c
|
||||||
|
index 887b316..569cea1 100644
|
||||||
|
--- a/trust/persist.c
|
||||||
|
+++ b/trust/persist.c
|
||||||
|
@@ -89,7 +89,10 @@ p11_persist_new (void)
|
||||||
|
return_val_if_fail (persist != NULL, NULL);
|
||||||
|
|
||||||
|
persist->constants = p11_constant_reverse (true);
|
||||||
|
- return_val_if_fail (persist->constants != NULL, NULL);
|
||||||
|
+ if (persist->constants == NULL) {
|
||||||
|
+ free (persist);
|
||||||
|
+ return_val_if_reached (NULL);
|
||||||
|
+ }
|
||||||
|
|
||||||
|
return persist;
|
||||||
|
}
|
||||||
|
diff --git a/trust/save.c b/trust/save.c
|
||||||
|
index abff864..8184e13 100644
|
||||||
|
--- a/trust/save.c
|
||||||
|
+++ b/trust/save.c
|
||||||
|
@@ -68,6 +68,8 @@ static char * make_unique_name (const char *bare,
|
||||||
|
const char *extension,
|
||||||
|
int (*check) (void *, char *),
|
||||||
|
void *data);
|
||||||
|
+static void filo_free (p11_save_file *file);
|
||||||
|
+static void dir_free (p11_save_dir *dir);
|
||||||
|
|
||||||
|
bool
|
||||||
|
p11_save_write_and_finish (p11_save_file *file,
|
||||||
|
@@ -114,9 +116,15 @@ p11_save_open_file (const char *path,
|
||||||
|
return_val_if_fail (file != NULL, NULL);
|
||||||
|
file->temp = temp;
|
||||||
|
file->bare = strdup (path);
|
||||||
|
- return_val_if_fail (file->bare != NULL, NULL);
|
||||||
|
+ if (file->bare == NULL) {
|
||||||
|
+ filo_free (file);
|
||||||
|
+ return_val_if_reached (NULL);
|
||||||
|
+ }
|
||||||
|
file->extension = strdup (extension);
|
||||||
|
- return_val_if_fail (file->extension != NULL, NULL);
|
||||||
|
+ if (file->extension == NULL) {
|
||||||
|
+ filo_free (file);
|
||||||
|
+ return_val_if_reached (NULL);
|
||||||
|
+ }
|
||||||
|
file->flags = flags;
|
||||||
|
file->fd = fd;
|
||||||
|
|
||||||
|
@@ -166,6 +174,13 @@ filo_free (p11_save_file *file)
|
||||||
|
free (file);
|
||||||
|
}
|
||||||
|
|
||||||
|
+static void
|
||||||
|
+dir_free (p11_save_dir *dir) {
|
||||||
|
+ p11_dict_free (dir->cache);
|
||||||
|
+ free (dir->path);
|
||||||
|
+ free (dir);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
#ifdef OS_UNIX
|
||||||
|
|
||||||
|
static int
|
||||||
|
@@ -349,10 +364,16 @@ p11_save_open_directory (const char *path,
|
||||||
|
return_val_if_fail (dir != NULL, NULL);
|
||||||
|
|
||||||
|
dir->path = strdup (path);
|
||||||
|
- return_val_if_fail (dir->path != NULL, NULL);
|
||||||
|
+ if (dir->path == NULL) {
|
||||||
|
+ dir_free (dir);
|
||||||
|
+ return_val_if_reached (NULL);
|
||||||
|
+ }
|
||||||
|
|
||||||
|
dir->cache = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, NULL);
|
||||||
|
- return_val_if_fail (dir->cache != NULL, NULL);
|
||||||
|
+ if (dir->cache == NULL) {
|
||||||
|
+ dir_free (dir);
|
||||||
|
+ return_val_if_reached (NULL);
|
||||||
|
+ }
|
||||||
|
|
||||||
|
dir->flags = flags;
|
||||||
|
return dir;
|
||||||
|
diff --git a/trust/session.c b/trust/session.c
|
||||||
|
index b93a5c3..d464394 100644
|
||||||
|
--- a/trust/session.c
|
||||||
|
+++ b/trust/session.c
|
||||||
|
@@ -59,12 +59,18 @@ p11_session_new (p11_token *token)
|
||||||
|
session->handle = p11_module_next_id ();
|
||||||
|
|
||||||
|
session->builder = p11_builder_new (P11_BUILDER_FLAG_NONE);
|
||||||
|
- return_val_if_fail (session->builder, NULL);
|
||||||
|
+ if (session->builder == NULL) {
|
||||||
|
+ p11_session_free (session);
|
||||||
|
+ return_val_if_reached (NULL);
|
||||||
|
+ }
|
||||||
|
|
||||||
|
session->index = p11_index_new (p11_builder_build, NULL, NULL,
|
||||||
|
p11_builder_changed,
|
||||||
|
session->builder);
|
||||||
|
- return_val_if_fail (session->index != NULL, NULL);
|
||||||
|
+ if (session->index == NULL) {
|
||||||
|
+ p11_session_free (session);
|
||||||
|
+ return_val_if_reached (NULL);
|
||||||
|
+ }
|
||||||
|
|
||||||
|
session->token = token;
|
||||||
|
|
||||||
|
diff --git a/trust/token.c b/trust/token.c
|
||||||
|
index 4cbcc77..fd3b043 100644
|
||||||
|
--- a/trust/token.c
|
||||||
|
+++ b/trust/token.c
|
||||||
|
@@ -829,7 +829,10 @@ p11_token_new (CK_SLOT_ID slot,
|
||||||
|
return_val_if_fail (token != NULL, NULL);
|
||||||
|
|
||||||
|
token->builder = p11_builder_new (P11_BUILDER_FLAG_TOKEN);
|
||||||
|
- return_val_if_fail (token->builder != NULL, NULL);
|
||||||
|
+ if (token->builder == NULL) {
|
||||||
|
+ p11_token_free (token);
|
||||||
|
+ return_val_if_reached (NULL);
|
||||||
|
+ }
|
||||||
|
|
||||||
|
token->index = p11_index_new (on_index_build,
|
||||||
|
on_index_store,
|
||||||
|
--
|
||||||
|
2.17.2
|
||||||
|
|
||||||
|
|
||||||
|
From 06323aed926ddc67bd18ed98e5af92035a8e3d39 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daiki Ueno <dueno@redhat.com>
|
||||||
|
Date: Tue, 16 Oct 2018 18:14:46 +0200
|
||||||
|
Subject: [PATCH 04/10] build: Check return value of p11_dict_set
|
||||||
|
|
||||||
|
---
|
||||||
|
p11-kit/proxy.c | 3 ++-
|
||||||
|
p11-kit/rpc-server.c | 6 +++++-
|
||||||
|
trust/module.c | 3 ++-
|
||||||
|
3 files changed, 9 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/p11-kit/proxy.c b/p11-kit/proxy.c
|
||||||
|
index abe7935..11e6165 100644
|
||||||
|
--- a/p11-kit/proxy.c
|
||||||
|
+++ b/p11-kit/proxy.c
|
||||||
|
@@ -612,7 +612,8 @@ proxy_C_OpenSession (CK_X_FUNCTION_LIST *self,
|
||||||
|
sess->wrap_slot = map.wrap_slot;
|
||||||
|
sess->real_session = *handle;
|
||||||
|
sess->wrap_session = ++state->last_handle; /* TODO: Handle wrapping, and then collisions */
|
||||||
|
- p11_dict_set (state->px->sessions, &sess->wrap_session, sess);
|
||||||
|
+ if (!p11_dict_set (state->px->sessions, &sess->wrap_session, sess))
|
||||||
|
+ warn_if_reached ();
|
||||||
|
*handle = sess->wrap_session;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/p11-kit/rpc-server.c b/p11-kit/rpc-server.c
|
||||||
|
index 2db3524..3a8991d 100644
|
||||||
|
--- a/p11-kit/rpc-server.c
|
||||||
|
+++ b/p11-kit/rpc-server.c
|
||||||
|
@@ -2226,7 +2226,11 @@ p11_kit_remote_serve_tokens (const char **tokens,
|
||||||
|
p11_message_err (error, "couldn't subclass filter");
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
- p11_dict_set (filters, module, filter);
|
||||||
|
+ if (!p11_dict_set (filters, module, filter)) {
|
||||||
|
+ error = EINVAL;
|
||||||
|
+ p11_message_err (error, "couldn't register filter");
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
for (i = 0; i < n_tokens; i++) {
|
||||||
|
diff --git a/trust/module.c b/trust/module.c
|
||||||
|
index e09113b..24cda87 100644
|
||||||
|
--- a/trust/module.c
|
||||||
|
+++ b/trust/module.c
|
||||||
|
@@ -1321,7 +1321,8 @@ find_objects_match (CK_ATTRIBUTE *attrs,
|
||||||
|
}
|
||||||
|
value = memdup (oid->pValue, oid->ulValueLen);
|
||||||
|
return_val_if_fail (value != NULL, false);
|
||||||
|
- p11_dict_set (find->extensions, value, value);
|
||||||
|
+ if (!p11_dict_set (find->extensions, value, value))
|
||||||
|
+ warn_if_reached ();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.17.2
|
||||||
|
|
||||||
|
|
||||||
|
From 213ea0815ef45411bf6c134918b79d2aad69c1dc Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daiki Ueno <dueno@redhat.com>
|
||||||
|
Date: Tue, 16 Oct 2018 18:16:12 +0200
|
||||||
|
Subject: [PATCH 05/10] build: Check return value of p11_rpc_buffer_get_uint64
|
||||||
|
|
||||||
|
---
|
||||||
|
p11-kit/rpc-client.c | 3 ++-
|
||||||
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/p11-kit/rpc-client.c b/p11-kit/rpc-client.c
|
||||||
|
index 0dd4525..e202e37 100644
|
||||||
|
--- a/p11-kit/rpc-client.c
|
||||||
|
+++ b/p11-kit/rpc-client.c
|
||||||
|
@@ -371,7 +371,8 @@ proto_read_ulong_array (p11_rpc_message *msg, CK_ULONG_PTR arr,
|
||||||
|
|
||||||
|
/* We need to go ahead and read everything in all cases */
|
||||||
|
for (i = 0; i < num; ++i) {
|
||||||
|
- p11_rpc_buffer_get_uint64 (msg->input, &msg->parsed, &val);
|
||||||
|
+ if (!p11_rpc_buffer_get_uint64 (msg->input, &msg->parsed, &val))
|
||||||
|
+ return PARSE_ERROR;
|
||||||
|
if (arr)
|
||||||
|
arr[i] = (CK_ULONG)val;
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.17.2
|
||||||
|
|
||||||
|
|
||||||
|
From 1f78cb0b4dd193ec1f1b2b424a497a6c2edec043 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daiki Ueno <dueno@redhat.com>
|
||||||
|
Date: Tue, 16 Oct 2018 18:16:51 +0200
|
||||||
|
Subject: [PATCH 06/10] rpc-server: p11_kit_remote_serve_tokens: Fix memleak
|
||||||
|
|
||||||
|
---
|
||||||
|
p11-kit/rpc-server.c | 5 +++++
|
||||||
|
1 file changed, 5 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/p11-kit/rpc-server.c b/p11-kit/rpc-server.c
|
||||||
|
index 3a8991d..5b3dbf0 100644
|
||||||
|
--- a/p11-kit/rpc-server.c
|
||||||
|
+++ b/p11-kit/rpc-server.c
|
||||||
|
@@ -2285,6 +2285,11 @@ p11_kit_remote_serve_tokens (const char **tokens,
|
||||||
|
p11_kit_modules_release (modules);
|
||||||
|
if (error != 0)
|
||||||
|
errno = error;
|
||||||
|
+ if (uris) {
|
||||||
|
+ for (i = 0; i < n_tokens; i++)
|
||||||
|
+ p11_kit_uri_free (uris[i]);
|
||||||
|
+ free (uris);
|
||||||
|
+ }
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.17.2
|
||||||
|
|
||||||
|
|
||||||
|
From 033cd90806cb1e2eab7e799703757abc2f07052e Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daiki Ueno <dueno@redhat.com>
|
||||||
|
Date: Tue, 16 Oct 2018 18:18:05 +0200
|
||||||
|
Subject: [PATCH 07/10] proxy: Fix null dereference when reusing slots
|
||||||
|
|
||||||
|
---
|
||||||
|
p11-kit/proxy.c | 5 ++++-
|
||||||
|
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/p11-kit/proxy.c b/p11-kit/proxy.c
|
||||||
|
index 11e6165..8eaf205 100644
|
||||||
|
--- a/p11-kit/proxy.c
|
||||||
|
+++ b/p11-kit/proxy.c
|
||||||
|
@@ -307,7 +307,10 @@ proxy_create (Proxy **res, CK_FUNCTION_LIST **loaded,
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
py->mappings[py->n_mappings].funcs = funcs;
|
||||||
|
- py->mappings[py->n_mappings].wrap_slot = j == n_mappings ? py->n_mappings + MAPPING_OFFSET : mappings[j].wrap_slot;
|
||||||
|
+ py->mappings[py->n_mappings].wrap_slot =
|
||||||
|
+ (n_mappings == 0 || j == n_mappings) ?
|
||||||
|
+ py->n_mappings + MAPPING_OFFSET :
|
||||||
|
+ mappings[j].wrap_slot;
|
||||||
|
py->mappings[py->n_mappings].real_slot = slots[i];
|
||||||
|
++py->n_mappings;
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.17.2
|
||||||
|
|
||||||
|
|
||||||
|
From da73c2804b3ca962fa51473bb4c303a5ed32d4a1 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daiki Ueno <dueno@redhat.com>
|
||||||
|
Date: Tue, 16 Oct 2018 18:20:12 +0200
|
||||||
|
Subject: [PATCH 08/10] trust: Set umask before calling mkstemp
|
||||||
|
|
||||||
|
---
|
||||||
|
trust/save.c | 3 +++
|
||||||
|
1 file changed, 3 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/trust/save.c b/trust/save.c
|
||||||
|
index 8184e13..bb77348 100644
|
||||||
|
--- a/trust/save.c
|
||||||
|
+++ b/trust/save.c
|
||||||
|
@@ -95,6 +95,7 @@ p11_save_open_file (const char *path,
|
||||||
|
{
|
||||||
|
p11_save_file *file;
|
||||||
|
char *temp;
|
||||||
|
+ mode_t mode;
|
||||||
|
int fd;
|
||||||
|
|
||||||
|
return_val_if_fail (path != NULL, NULL);
|
||||||
|
@@ -105,7 +106,9 @@ p11_save_open_file (const char *path,
|
||||||
|
if (asprintf (&temp, "%s%s.XXXXXX", path, extension) < 0)
|
||||||
|
return_val_if_reached (NULL);
|
||||||
|
|
||||||
|
+ mode = umask (0077);
|
||||||
|
fd = mkstemp (temp);
|
||||||
|
+ umask (mode);
|
||||||
|
if (fd < 0) {
|
||||||
|
p11_message_err (errno, "couldn't create file: %s%s", path, extension);
|
||||||
|
free (temp);
|
||||||
|
--
|
||||||
|
2.17.2
|
||||||
|
|
||||||
|
|
||||||
|
From 6417780ebbbbb0f01ddb001b239347655fb98578 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daiki Ueno <dueno@redhat.com>
|
||||||
|
Date: Wed, 17 Oct 2018 09:53:27 +0200
|
||||||
|
Subject: [PATCH 09/10] rpc-server: Check calloc failure
|
||||||
|
|
||||||
|
---
|
||||||
|
p11-kit/rpc-server.c | 4 ++++
|
||||||
|
1 file changed, 4 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/p11-kit/rpc-server.c b/p11-kit/rpc-server.c
|
||||||
|
index 5b3dbf0..3216742 100644
|
||||||
|
--- a/p11-kit/rpc-server.c
|
||||||
|
+++ b/p11-kit/rpc-server.c
|
||||||
|
@@ -2219,6 +2219,10 @@ p11_kit_remote_serve_tokens (const char **tokens,
|
||||||
|
filter = p11_dict_get (filters, module);
|
||||||
|
if (filter == NULL) {
|
||||||
|
lower = calloc (1, sizeof (p11_virtual));
|
||||||
|
+ if (lower == NULL) {
|
||||||
|
+ error = ENOMEM;
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
p11_virtual_init (lower, &p11_virtual_base, module, NULL);
|
||||||
|
filter = p11_filter_subclass (lower, NULL);
|
||||||
|
if (filter == NULL) {
|
||||||
|
--
|
||||||
|
2.17.2
|
||||||
|
|
||||||
|
|
||||||
|
From 83e92c2f9575707083d8b0c70ef330e285d70836 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daiki Ueno <dueno@redhat.com>
|
||||||
|
Date: Wed, 17 Oct 2018 09:53:46 +0200
|
||||||
|
Subject: [PATCH 10/10] trust: Check index->buckets is allocated on cleanup
|
||||||
|
|
||||||
|
---
|
||||||
|
trust/index.c | 8 +++++---
|
||||||
|
1 file changed, 5 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/trust/index.c b/trust/index.c
|
||||||
|
index 6a8e535..2d1da29 100644
|
||||||
|
--- a/trust/index.c
|
||||||
|
+++ b/trust/index.c
|
||||||
|
@@ -193,9 +193,11 @@ p11_index_free (p11_index *index)
|
||||||
|
|
||||||
|
p11_dict_free (index->objects);
|
||||||
|
p11_dict_free (index->changes);
|
||||||
|
- for (i = 0; i < NUM_BUCKETS; i++)
|
||||||
|
- free (index->buckets[i].elem);
|
||||||
|
- free (index->buckets);
|
||||||
|
+ if (index->buckets) {
|
||||||
|
+ for (i = 0; i < NUM_BUCKETS; i++)
|
||||||
|
+ free (index->buckets[i].elem);
|
||||||
|
+ free (index->buckets);
|
||||||
|
+ }
|
||||||
|
free (index);
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.17.2
|
||||||
|
|
71
SOURCES/p11-kit-lower-libffi-priority.patch
Normal file
71
SOURCES/p11-kit-lower-libffi-priority.patch
Normal file
@ -0,0 +1,71 @@
|
|||||||
|
From 6e1046de2233fba7875d3d6a1b260192678dd0ad Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daiki Ueno <dueno@redhat.com>
|
||||||
|
Date: Fri, 19 Oct 2018 10:21:36 +0200
|
||||||
|
Subject: [PATCH] virtual: Prefer fixed closures to libffi closures
|
||||||
|
|
||||||
|
On some circumstances (such as when loading p11-kit-proxy from httpd),
|
||||||
|
it is known that creation of libffi closure always fails, due to
|
||||||
|
SELinux policy. Although this is harmless, it pollutes the journal
|
||||||
|
and gives wrong hints when troubleshooting. This patch changes the
|
||||||
|
order of preference of libffi vs pre-compiled closures to avoid that.
|
||||||
|
---
|
||||||
|
p11-kit/virtual.c | 19 ++++++++++++++-----
|
||||||
|
1 file changed, 14 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/p11-kit/virtual.c b/p11-kit/virtual.c
|
||||||
|
index 6abfe7a..338239f 100644
|
||||||
|
--- a/p11-kit/virtual.c
|
||||||
|
+++ b/p11-kit/virtual.c
|
||||||
|
@@ -2832,9 +2832,14 @@ p11_virtual_wrap (p11_virtual *virt,
|
||||||
|
p11_destroyer destroyer)
|
||||||
|
{
|
||||||
|
Wrapper *wrapper;
|
||||||
|
+ CK_FUNCTION_LIST *result;
|
||||||
|
|
||||||
|
return_val_if_fail (virt != NULL, NULL);
|
||||||
|
|
||||||
|
+ result = p11_virtual_wrap_fixed (virt, destroyer);
|
||||||
|
+ if (result)
|
||||||
|
+ return result;
|
||||||
|
+
|
||||||
|
wrapper = calloc (1, sizeof (Wrapper));
|
||||||
|
return_val_if_fail (wrapper != NULL, NULL);
|
||||||
|
|
||||||
|
@@ -2844,8 +2849,10 @@ p11_virtual_wrap (p11_virtual *virt,
|
||||||
|
wrapper->bound.version.minor = CRYPTOKI_VERSION_MINOR;
|
||||||
|
wrapper->fixed_index = -1;
|
||||||
|
|
||||||
|
- if (!init_wrapper_funcs (wrapper))
|
||||||
|
- return p11_virtual_wrap_fixed (virt, destroyer);
|
||||||
|
+ if (!init_wrapper_funcs (wrapper)) {
|
||||||
|
+ free (wrapper);
|
||||||
|
+ return_val_if_reached (NULL);
|
||||||
|
+ }
|
||||||
|
|
||||||
|
assert ((void *)wrapper == (void *)&wrapper->bound);
|
||||||
|
assert (p11_virtual_is_wrapper (&wrapper->bound));
|
||||||
|
@@ -2859,7 +2866,11 @@ CK_FUNCTION_LIST *
|
||||||
|
p11_virtual_wrap (p11_virtual *virt,
|
||||||
|
p11_destroyer destroyer)
|
||||||
|
{
|
||||||
|
- return p11_virtual_wrap_fixed (virt, destroyer);
|
||||||
|
+ CK_FUNCTION_LIST *result;
|
||||||
|
+
|
||||||
|
+ result = p11_virtual_wrap_fixed (virt, destroyer);
|
||||||
|
+ return_val_if_fail (result != NULL, NULL);
|
||||||
|
+ return result;
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif /* !FFI_CLOSURES */
|
||||||
|
@@ -3068,8 +3079,6 @@ p11_virtual_wrap_fixed (p11_virtual *virt,
|
||||||
|
}
|
||||||
|
p11_mutex_unlock (&p11_virtual_mutex);
|
||||||
|
|
||||||
|
- return_val_if_fail (result != NULL, NULL);
|
||||||
|
-
|
||||||
|
return result;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.17.2
|
||||||
|
|
15
SOURCES/trust-extract-compat
Executable file
15
SOURCES/trust-extract-compat
Executable file
@ -0,0 +1,15 @@
|
|||||||
|
#!/usr/bin/bash
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
if test "$UID" != "0"; then
|
||||||
|
echo "p11-kit: the 'extract-trust' command must be run as root" >&2
|
||||||
|
exit 2
|
||||||
|
fi
|
||||||
|
|
||||||
|
if test $# -gt 1; then
|
||||||
|
echo "p11-kit: no additional arguments are supported for this command" >&2
|
||||||
|
exit 2
|
||||||
|
fi
|
||||||
|
|
||||||
|
exec /usr/bin/update-ca-trust
|
392
SPECS/p11-kit.spec
Normal file
392
SPECS/p11-kit.spec
Normal file
@ -0,0 +1,392 @@
|
|||||||
|
# This spec file has been automatically updated
|
||||||
|
Version: 0.23.14
|
||||||
|
Release: 4%{?dist}
|
||||||
|
Name: p11-kit
|
||||||
|
Summary: Library for loading and sharing PKCS#11 modules
|
||||||
|
|
||||||
|
License: BSD
|
||||||
|
URL: http://p11-glue.freedesktop.org/p11-kit.html
|
||||||
|
Source0: https://github.com/p11-glue/p11-kit/releases/download/%{version}/p11-kit-%{version}.tar.gz
|
||||||
|
Source1: trust-extract-compat
|
||||||
|
Source2: p11-kit-client.service
|
||||||
|
Patch1: p11-kit-coverity.patch
|
||||||
|
Patch2: p11-kit-lower-libffi-priority.patch
|
||||||
|
|
||||||
|
BuildRequires: gcc
|
||||||
|
BuildRequires: libtasn1-devel >= 2.3
|
||||||
|
BuildRequires: libffi-devel
|
||||||
|
BuildRequires: gtk-doc
|
||||||
|
BuildRequires: systemd-devel
|
||||||
|
# Work around for https://bugzilla.redhat.com/show_bug.cgi?id=1497147
|
||||||
|
# Remove this once it is fixed
|
||||||
|
BuildRequires: pkgconfig(glib-2.0)
|
||||||
|
|
||||||
|
%description
|
||||||
|
p11-kit provides a way to load and enumerate PKCS#11 modules, as well
|
||||||
|
as a standard configuration setup for installing PKCS#11 modules in
|
||||||
|
such a way that they're discoverable.
|
||||||
|
|
||||||
|
|
||||||
|
%package devel
|
||||||
|
Summary: Development files for %{name}
|
||||||
|
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||||
|
|
||||||
|
%description devel
|
||||||
|
The %{name}-devel package contains libraries and header files for
|
||||||
|
developing applications that use %{name}.
|
||||||
|
|
||||||
|
|
||||||
|
%package trust
|
||||||
|
Summary: System trust module from %{name}
|
||||||
|
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||||
|
Requires(post): %{_sbindir}/update-alternatives
|
||||||
|
Requires(postun): %{_sbindir}/update-alternatives
|
||||||
|
Conflicts: nss < 3.14.3-9
|
||||||
|
|
||||||
|
%description trust
|
||||||
|
The %{name}-trust package contains a system trust PKCS#11 module which
|
||||||
|
contains certificate anchors and black lists.
|
||||||
|
|
||||||
|
|
||||||
|
%package server
|
||||||
|
Summary: Server and client commands for %{name}
|
||||||
|
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||||
|
|
||||||
|
%description server
|
||||||
|
The %{name}-server package contains command line tools that enable to
|
||||||
|
export PKCS#11 modules through a Unix domain socket. Note that this
|
||||||
|
feature is still experimental.
|
||||||
|
|
||||||
|
|
||||||
|
# solution taken from icedtea-web.spec
|
||||||
|
%define multilib_arches ppc64 sparc64 x86_64 ppc64le
|
||||||
|
%ifarch %{multilib_arches}
|
||||||
|
%define alt_ckbi libnssckbi.so.%{_arch}
|
||||||
|
%else
|
||||||
|
%define alt_ckbi libnssckbi.so
|
||||||
|
%endif
|
||||||
|
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%autosetup -p1
|
||||||
|
|
||||||
|
%build
|
||||||
|
# These paths are the source paths that come from the plan here:
|
||||||
|
# https://fedoraproject.org/wiki/Features/SharedSystemCertificates:SubTasks
|
||||||
|
%configure --disable-static --enable-doc --with-trust-paths=%{_sysconfdir}/pki/ca-trust/source:%{_datadir}/pki/ca-trust-source --disable-silent-rules
|
||||||
|
make %{?_smp_mflags} V=1
|
||||||
|
|
||||||
|
%install
|
||||||
|
make install DESTDIR=$RPM_BUILD_ROOT
|
||||||
|
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pkcs11/modules
|
||||||
|
rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
|
||||||
|
rm -f $RPM_BUILD_ROOT%{_libdir}/pkcs11/*.la
|
||||||
|
install -p -m 755 %{SOURCE1} $RPM_BUILD_ROOT%{_libexecdir}/p11-kit/
|
||||||
|
# Install the example conf with %%doc instead
|
||||||
|
rm $RPM_BUILD_ROOT%{_sysconfdir}/pkcs11/pkcs11.conf.example
|
||||||
|
mkdir -p $RPM_BUILD_ROOT%{_userunitdir}
|
||||||
|
install -p -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_userunitdir}
|
||||||
|
|
||||||
|
%check
|
||||||
|
make check
|
||||||
|
|
||||||
|
|
||||||
|
%post -p /sbin/ldconfig
|
||||||
|
|
||||||
|
%post trust
|
||||||
|
%{_sbindir}/update-alternatives --install %{_libdir}/libnssckbi.so \
|
||||||
|
%{alt_ckbi} %{_libdir}/pkcs11/p11-kit-trust.so 30
|
||||||
|
|
||||||
|
%postun -p /sbin/ldconfig
|
||||||
|
|
||||||
|
%postun trust
|
||||||
|
if [ $1 -eq 0 ] ; then
|
||||||
|
# package removal
|
||||||
|
%{_sbindir}/update-alternatives --remove %{alt_ckbi} %{_libdir}/pkcs11/p11-kit-trust.so
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
%files
|
||||||
|
%{!?_licensedir:%global license %%doc}
|
||||||
|
%license COPYING
|
||||||
|
%doc AUTHORS NEWS README
|
||||||
|
%doc p11-kit/pkcs11.conf.example
|
||||||
|
%dir %{_sysconfdir}/pkcs11
|
||||||
|
%dir %{_sysconfdir}/pkcs11/modules
|
||||||
|
%dir %{_datadir}/p11-kit
|
||||||
|
%dir %{_datadir}/p11-kit/modules
|
||||||
|
%dir %{_libexecdir}/p11-kit
|
||||||
|
%{_bindir}/p11-kit
|
||||||
|
%{_libdir}/libp11-kit.so.*
|
||||||
|
%{_libdir}/p11-kit-proxy.so
|
||||||
|
%{_libexecdir}/p11-kit/p11-kit-remote
|
||||||
|
%{_mandir}/man1/trust.1.gz
|
||||||
|
%{_mandir}/man8/p11-kit.8.gz
|
||||||
|
%{_mandir}/man5/pkcs11.conf.5.gz
|
||||||
|
|
||||||
|
%files devel
|
||||||
|
%{_includedir}/p11-kit-1/
|
||||||
|
%{_libdir}/libp11-kit.so
|
||||||
|
%{_libdir}/pkgconfig/p11-kit-1.pc
|
||||||
|
%doc %{_datadir}/gtk-doc/
|
||||||
|
|
||||||
|
%files trust
|
||||||
|
%{_bindir}/trust
|
||||||
|
%dir %{_libdir}/pkcs11
|
||||||
|
%ghost %{_libdir}/libnssckbi.so
|
||||||
|
%{_libdir}/pkcs11/p11-kit-trust.so
|
||||||
|
%{_datadir}/p11-kit/modules/p11-kit-trust.module
|
||||||
|
%{_libexecdir}/p11-kit/trust-extract-compat
|
||||||
|
|
||||||
|
%files server
|
||||||
|
%{_libdir}/pkcs11/p11-kit-client.so
|
||||||
|
%{_userunitdir}/p11-kit-client.service
|
||||||
|
%{_libexecdir}/p11-kit/p11-kit-server
|
||||||
|
%{_userunitdir}/p11-kit-server.service
|
||||||
|
%{_userunitdir}/p11-kit-server.socket
|
||||||
|
|
||||||
|
|
||||||
|
%changelog
|
||||||
|
* Mon Oct 29 2018 Daiki Ueno <dueno@redhat.com> - 0.23.14-4
|
||||||
|
- Prefer fixed closures to libffi closures
|
||||||
|
|
||||||
|
* Wed Oct 17 2018 Daiki Ueno <dueno@redhat.com> - 0.23.14-3
|
||||||
|
- Update p11-kit-coverity.patch
|
||||||
|
|
||||||
|
* Tue Oct 16 2018 Daiki Ueno <dueno@redhat.com> - 0.23.14-2
|
||||||
|
- Fix issues spotted by coverity
|
||||||
|
|
||||||
|
* Wed Oct 10 2018 Daiki Ueno <dueno@redhat.com> - 0.23.14-1
|
||||||
|
- Update to upstream 0.23.14 release
|
||||||
|
|
||||||
|
* Wed May 30 2018 Daiki Ueno <dueno@redhat.com> - 0.23.12-1
|
||||||
|
- Update to upstream 0.23.11 release
|
||||||
|
|
||||||
|
* Wed Feb 28 2018 Daiki Ueno <dueno@redhat.com> - 0.23.10-1
|
||||||
|
- Update to upstream 0.23.10 release
|
||||||
|
|
||||||
|
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.23.9-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Oct 05 2017 Daiki Ueno <dueno@redhat.com> - 0.23.9-2
|
||||||
|
- server: Make it possible to eval envvar settings
|
||||||
|
|
||||||
|
* Wed Oct 04 2017 Daiki Ueno <dueno@redhat.com> - 0.23.9-1
|
||||||
|
- Update to upstream 0.23.9
|
||||||
|
|
||||||
|
* Fri Aug 25 2017 Kai Engert <kaie@redhat.com> - 0.23.8-2
|
||||||
|
- Fix a regression caused by a recent nss.rpm change, add a %%ghost file
|
||||||
|
for %%{_libdir}/libnssckbi.so that p11-kit-trust scripts install.
|
||||||
|
|
||||||
|
* Tue Aug 15 2017 Daiki Ueno <dueno@redhat.com> - 0.23.8-1
|
||||||
|
- Update to 0.23.8 release
|
||||||
|
|
||||||
|
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.23.7-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.23.7-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Jun 2 2017 Daiki Ueno <dueno@redhat.com> - 0.23.7-1
|
||||||
|
- Update to 0.23.7 release
|
||||||
|
|
||||||
|
* Thu May 18 2017 Daiki Ueno <dueno@redhat.com> - 0.23.5-3
|
||||||
|
- Update p11-kit-modifiable.patch to simplify the logic
|
||||||
|
|
||||||
|
* Thu May 18 2017 Daiki Ueno <dueno@redhat.com> - 0.23.5-2
|
||||||
|
- Make "trust anchor --remove" work again
|
||||||
|
|
||||||
|
* Thu Mar 2 2017 Daiki Ueno <dueno@redhat.com> - 0.23.5-1
|
||||||
|
- Update to 0.23.5 release
|
||||||
|
- Rename -tools subpackage to -server and remove systemd unit files
|
||||||
|
|
||||||
|
* Fri Feb 24 2017 Daiki Ueno <dueno@redhat.com> - 0.23.4-3
|
||||||
|
- Move p11-kit command back to main package
|
||||||
|
|
||||||
|
* Fri Feb 24 2017 Daiki Ueno <dueno@redhat.com> - 0.23.4-2
|
||||||
|
- Split out command line tools to -tools subpackage, to avoid a
|
||||||
|
multilib issue with the main package. Suggested by Yanko Kaneti.
|
||||||
|
|
||||||
|
* Wed Feb 22 2017 Daiki Ueno <dueno@redhat.com> - 0.23.4-1
|
||||||
|
- Update to 0.23.4 release
|
||||||
|
|
||||||
|
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.23.3-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Jan 6 2017 Daiki Ueno <dueno@redhat.com> - 0.23.3-2
|
||||||
|
- Use internal hash implementation instead of NSS (#1390598)
|
||||||
|
|
||||||
|
* Tue Dec 20 2016 Daiki Ueno <dueno@redhat.com> - 0.23.3-1
|
||||||
|
- Update to 0.23.3 release
|
||||||
|
- Adjust executables location from %%libdir to %%libexecdir
|
||||||
|
|
||||||
|
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.23.2-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Jan 12 2016 Martin Preisler <mpreisle@redhat.com> - 0.23.2-1
|
||||||
|
- Update to stable 0.23.2 release
|
||||||
|
|
||||||
|
* Tue Jun 30 2015 Martin Preisler <mpreisle@redhat.com> - 0.23.1-4
|
||||||
|
- In proxy module don't call C_Finalize on a forked process [#1217915]
|
||||||
|
- Do not deinitialize libffi's wrapper functions [#1217915]
|
||||||
|
|
||||||
|
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.23.1-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sat Feb 21 2015 Till Maas <opensource@till.name> - 0.23.1-2
|
||||||
|
- Rebuilt for Fedora 23 Change
|
||||||
|
https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code
|
||||||
|
|
||||||
|
* Fri Feb 20 2015 Stef Walter <stefw@redhat.com> - 0.23.1-1
|
||||||
|
- Update to 0.23.1 release
|
||||||
|
|
||||||
|
* Thu Oct 09 2014 Stef Walter <stefw@redhat.com> - 0.22.1-1
|
||||||
|
- Update to 0.22.1 release
|
||||||
|
- Use SubjectKeyIdentifier as a CKA_ID if possible rhbz#1148895
|
||||||
|
|
||||||
|
* Sat Oct 04 2014 Stef Walter <stefw@redhat.com> 0.22.0-1
|
||||||
|
- Update to 0.22.0 release
|
||||||
|
|
||||||
|
* Wed Sep 17 2014 Stef Walter <stefw@redhat.com> 0.21.3-1
|
||||||
|
- Update to 0.21.3 release
|
||||||
|
- Includes definitions for trust extensions rhbz#1136817
|
||||||
|
|
||||||
|
* Fri Sep 05 2014 Stef Walter <stefw@redhat.com> 0.21.2-1
|
||||||
|
- Update to 0.21.2 release
|
||||||
|
- Fix problems with erroneous messages printed rhbz#1133857
|
||||||
|
|
||||||
|
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.21.1-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Aug 07 2014 Stef Walter <stefw@redhat.com> - 0.21.1-1
|
||||||
|
- Update to 0.21.1 release
|
||||||
|
|
||||||
|
* Wed Jul 30 2014 Tom Callaway <spot@fedoraproject.org> - 0.20.3-3
|
||||||
|
- fix license handling
|
||||||
|
|
||||||
|
* Fri Jul 04 2014 Stef Walter <stefw@redhat.com> - 0.20.3-2
|
||||||
|
- Update to stable 0.20.3 release
|
||||||
|
|
||||||
|
* Fri Jun 06 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.20.2-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sat Jan 25 2014 Ville Skyttä <ville.skytta@iki.fi> - 0.20.2-2
|
||||||
|
- Own the %%{_libdir}/pkcs11 dir in -trust.
|
||||||
|
|
||||||
|
* Tue Jan 14 2014 Stef Walter <stefw@redhat.com> - 0.20.2-1
|
||||||
|
- Update to upstream stable 0.20.2 release
|
||||||
|
- Fix regression involving blacklisted anchors [#1041328]
|
||||||
|
- Support ppc64le in build [#1052707]
|
||||||
|
|
||||||
|
* Mon Sep 09 2013 Stef Walter <stefw@redhat.com> - 0.20.1-1
|
||||||
|
- Update to upstream stable 0.20.1 release
|
||||||
|
- Extract compat trust data after we've changes
|
||||||
|
- Skip compat extraction if running as non-root
|
||||||
|
- Better failure messages when removing anchors
|
||||||
|
|
||||||
|
* Thu Aug 29 2013 Stef Walter <stefw@redhat.com> - 0.19.4-1
|
||||||
|
- Update to new upstream 0.19.4 release
|
||||||
|
|
||||||
|
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.19.3-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Jul 24 2013 Stef Walter <stefw@redhat.com> - 0.19.3-1
|
||||||
|
- Update to new upstream 0.19.3 release (#967822)
|
||||||
|
|
||||||
|
* Wed Jun 05 2013 Stef Walter <stefw@redhat.com> - 0.18.3-1
|
||||||
|
- Update to new upstream stable release
|
||||||
|
- Fix intermittent firefox cert validation issues (#960230)
|
||||||
|
- Include the manual pages in the package
|
||||||
|
|
||||||
|
* Tue May 14 2013 Stef Walter <stefw@redhat.com> - 0.18.2-1
|
||||||
|
- Update to new upstream stable release
|
||||||
|
- Reduce the libtasn1 dependency minimum version
|
||||||
|
|
||||||
|
* Thu May 02 2013 Stef Walter <stefw@redhat.com> - 0.18.1-1
|
||||||
|
- Update to new upstream stable release
|
||||||
|
- 'p11-kit extract-trust' lives in libdir
|
||||||
|
|
||||||
|
* Thu Apr 04 2013 Stef Walter <stefw@redhat.com> - 0.18.0-1
|
||||||
|
- Update to new upstream stable release
|
||||||
|
- Various logging tweaks (#928914, #928750)
|
||||||
|
- Make the 'p11-kit extract-trust' explicitly reject
|
||||||
|
additional arguments
|
||||||
|
|
||||||
|
* Thu Mar 28 2013 Stef Walter <stefw@redhat.com> - 0.17.5-1
|
||||||
|
- Make 'p11-kit extract-trust' call update-ca-trust
|
||||||
|
- Work around 32-bit oveflow of certificate dates
|
||||||
|
- Build fixes
|
||||||
|
|
||||||
|
* Tue Mar 26 2013 Stef Walter <stefw@redhat.com> - 0.17.4-2
|
||||||
|
- Pull in patch from upstream to fix build on ppc (#927394)
|
||||||
|
|
||||||
|
* Wed Mar 20 2013 Stef Walter <stefw@redhat.com> - 0.17.4-1
|
||||||
|
- Update to upstream version 0.17.4
|
||||||
|
|
||||||
|
* Mon Mar 18 2013 Stef Walter <stefw@redhat.com> - 0.17.3-1
|
||||||
|
- Update to upstream version 0.17.3
|
||||||
|
- Put the trust input paths in the right order
|
||||||
|
|
||||||
|
* Tue Mar 12 2013 Stef Walter <stefw@redhat.com> - 0.16.4-1
|
||||||
|
- Update to upstream version 0.16.4
|
||||||
|
|
||||||
|
* Fri Mar 08 2013 Stef Walter <stefw@redhat.com> - 0.16.3-1
|
||||||
|
- Update to upstream version 0.16.3
|
||||||
|
- Split out system trust module into its own package.
|
||||||
|
- p11-kit-trust provides an alternative to an nss module
|
||||||
|
|
||||||
|
* Tue Mar 05 2013 Stef Walter <stefw@redhat.com> - 0.16.1-1
|
||||||
|
- Update to upstream version 0.16.1
|
||||||
|
- Setup source directories as appropriate for Shared System Certificates feature
|
||||||
|
|
||||||
|
* Tue Mar 05 2013 Stef Walter <stefw@redhat.com> - 0.16.0-1
|
||||||
|
- Update to upstream version 0.16.0
|
||||||
|
|
||||||
|
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.14-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon Sep 17 2012 Kalev Lember <kalevlember@gmail.com> - 0.14-1
|
||||||
|
- Update to 0.14
|
||||||
|
|
||||||
|
* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.13-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon Jul 16 2012 Kalev Lember <kalevlember@gmail.com> - 0.13-1
|
||||||
|
- Update to 0.13
|
||||||
|
|
||||||
|
* Tue Mar 27 2012 Kalev Lember <kalevlember@gmail.com> - 0.12-1
|
||||||
|
- Update to 0.12
|
||||||
|
- Run self tests in %%check
|
||||||
|
|
||||||
|
* Sat Feb 11 2012 Kalev Lember <kalevlember@gmail.com> - 0.11-1
|
||||||
|
- Update to 0.11
|
||||||
|
|
||||||
|
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Dec 20 2011 Matthias Clasen <mclasen@redhat.com> - 0.9-1
|
||||||
|
- Update to 0.9
|
||||||
|
|
||||||
|
* Wed Oct 26 2011 Kalev Lember <kalevlember@gmail.com> - 0.8-1
|
||||||
|
- Update to 0.8
|
||||||
|
|
||||||
|
* Mon Sep 19 2011 Matthias Clasen <mclasen@redhat.com> - 0.6-1
|
||||||
|
- Update to 0.6
|
||||||
|
|
||||||
|
* Sun Sep 04 2011 Kalev Lember <kalevlember@gmail.com> - 0.5-1
|
||||||
|
- Update to 0.5
|
||||||
|
|
||||||
|
* Sun Aug 21 2011 Kalev Lember <kalevlember@gmail.com> - 0.4-1
|
||||||
|
- Update to 0.4
|
||||||
|
- Install the example config file to documentation directory
|
||||||
|
|
||||||
|
* Wed Aug 17 2011 Kalev Lember <kalevlember@gmail.com> - 0.3-2
|
||||||
|
- Tighten -devel subpackage deps (#725905)
|
||||||
|
|
||||||
|
* Fri Jul 29 2011 Kalev Lember <kalevlember@gmail.com> - 0.3-1
|
||||||
|
- Update to 0.3
|
||||||
|
- Upstream rewrote the ASL 2.0 bits, which makes the whole package
|
||||||
|
BSD-licensed
|
||||||
|
|
||||||
|
* Tue Jul 12 2011 Kalev Lember <kalevlember@gmail.com> - 0.2-1
|
||||||
|
- Initial RPM release
|
Loading…
Reference in New Issue
Block a user