diff --git a/.gitignore b/.gitignore index 177599a..46beaf7 100644 --- a/.gitignore +++ b/.gitignore @@ -35,3 +35,6 @@ /p11-kit-0.23.21.tar.xz /p11-kit-0.23.22.tar.xz /p11-kit-0.24.1.tar.xz +/p11-kit-0.25.0.tar.xz +/p11-kit-0.25.0.tar.xz.sig +/p11-kit-release-keyring.gpg diff --git a/README.packit b/README.packit index 45640bd..101115f 100644 --- a/README.packit +++ b/README.packit @@ -1,3 +1,3 @@ This repository is maintained by packit. https://packit.dev/ -The file was generated using packit 0.43.1.dev8+ga0f2a9f. +The file was generated using packit 0.77.0.post2+g06f877b. diff --git a/gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg b/gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg deleted file mode 100644 index 30cd729..0000000 Binary files a/gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg and /dev/null differ diff --git a/p11-kit-0.23.20.tar.xz.sig b/p11-kit-0.23.20.tar.xz.sig deleted file mode 100644 index f1e2607..0000000 Binary files a/p11-kit-0.23.20.tar.xz.sig and /dev/null differ diff --git a/p11-kit-0.23.21.tar.xz.sig b/p11-kit-0.23.21.tar.xz.sig deleted file mode 100644 index 599cbca..0000000 Binary files a/p11-kit-0.23.21.tar.xz.sig and /dev/null differ diff --git a/p11-kit-0.23.22-progname-leak.patch b/p11-kit-0.23.22-progname-leak.patch deleted file mode 100644 index 0f1dd6e..0000000 --- a/p11-kit-0.23.22-progname-leak.patch +++ /dev/null @@ -1,87 +0,0 @@ -From 40fbf74b02b8ad6625e3aa49d2cdef2b52e47a04 Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Mon, 25 Jan 2021 18:24:01 +0100 -Subject: [PATCH] compat: Pacify ASan complaints on intentionally leaked buffer - -Reported by Viktor Ashirov in: -https://bugzilla.redhat.com/show_bug.cgi?id=1905581 ---- - common/compat.c | 25 +++++++++++++++++++------ - common/library.c | 9 +++++++++ - 2 files changed, 28 insertions(+), 6 deletions(-) - -diff --git a/common/compat.c b/common/compat.c -index 4390cef..d6c5af6 100644 ---- a/common/compat.c -+++ b/common/compat.c -@@ -100,6 +100,19 @@ extern char *program_invocation_short_name; - extern char *__progname; - #endif - -+#ifdef __linux__ -+/* This symbol is also defined in library.c so as to be freed by the library -+ * destructor. If weak symbols are not supported nor library.c is not linked we -+ * simply leak the memory allocated with realpath(). */ -+#ifdef __GNUC__ -+extern char *p11_program_realpath; -+ -+char *p11_program_realpath __attribute__((weak)); -+#else -+static char *p11_program_realpath; -+#endif -+#endif -+ - const char * - getprogname (void) - { -@@ -124,14 +137,14 @@ getprogname (void) - * Logic borrowed from: - * . - */ -- static char *buf; -- -- if (!buf) -- buf = realpath ("/proc/self/exe", NULL); -+ if (!p11_program_realpath) -+ p11_program_realpath = realpath ("/proc/self/exe", NULL); - -- if (buf && strncmp (buf, name, strlen (buf)) == 0) -+ if (p11_program_realpath && -+ strncmp (p11_program_realpath, name, -+ strlen (p11_program_realpath)) == 0) - /* Use the executable path if the prefix matches. */ -- name = strrchr (buf, '/') + 1; -+ name = strrchr (p11_program_realpath, '/') + 1; - else - /* Otherwise fall back to - * program_invocation_short_name. */ -diff --git a/common/library.c b/common/library.c -index 891344a..1581702 100644 ---- a/common/library.c -+++ b/common/library.c -@@ -82,6 +82,11 @@ unsigned int p11_forkid = 1; - extern locale_t p11_message_locale; - #endif - -+#ifdef __linux__ -+/* used only under __linux__ in the getprogname() emulation in compat.c. */ -+char *p11_program_realpath; -+#endif -+ - static char * - thread_local_message (void) - { -@@ -190,6 +195,10 @@ p11_library_uninit (void) - #endif - p11_mutex_uninit (&p11_virtual_mutex); - p11_mutex_uninit (&p11_library_mutex); -+ -+#ifdef __linux__ -+ free (p11_program_realpath); -+#endif - } - - #endif /* OS_UNIX */ --- -2.29.2 - diff --git a/p11-kit-0.23.22.tar.xz.sig b/p11-kit-0.23.22.tar.xz.sig deleted file mode 100644 index 6ef001e..0000000 Binary files a/p11-kit-0.23.22.tar.xz.sig and /dev/null differ diff --git a/p11-kit-0.24.1.tar.xz.sig b/p11-kit-0.24.1.tar.xz.sig deleted file mode 100644 index bfc093a..0000000 Binary files a/p11-kit-0.24.1.tar.xz.sig and /dev/null differ diff --git a/p11-kit-meson-c99.patch b/p11-kit-meson-c99.patch deleted file mode 100644 index 6df78fa..0000000 --- a/p11-kit-meson-c99.patch +++ /dev/null @@ -1,35 +0,0 @@ -Port meson build script to C99. The _Thread_local check used -an implicit int. Future compilers are likely to reject missing -int types by default. - -Patch configure.ac as well, although it is not used by the current -Fedora build. - -Submitted upstream: - -diff --git a/configure.ac b/configure.ac -index be3af55093874750..fc719c78c99c2ac3 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -148,7 +148,7 @@ if test "$os_unix" = "yes"; then - [ac_cv_tls_keyword= - for keyword in _Thread_local __thread; do - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]], -- [[static ]$keyword[ foo;]])], -+ [[static ]$keyword[ int foo;]])], - [ac_cv_tls_keyword=$keyword]) - done]) - if test -n "$ac_cv_tls_keyword"; then -diff --git a/meson.build b/meson.build -index 64bb3429aef1bb79..aaa3c1f50b5b943f 100644 ---- a/meson.build -+++ b/meson.build -@@ -200,7 +200,7 @@ if host_system != 'windows' - tls_test_code_template = ''' - #include - int main (void) { --static @0@ foo; -+static @0@ int foo; - return 0; - } - ''' diff --git a/p11-kit.spec b/p11-kit.spec index da38079..1ad9176 100644 --- a/p11-kit.spec +++ b/p11-kit.spec @@ -1,6 +1,6 @@ # This spec file has been automatically updated -Version: 0.24.1 -Release: %{?autorelease}%{!?autorelease:1%{?dist}} +Version: 0.25.0 +Release: %{?autorelease}%{!?autorelease:1%{?dist}} Name: p11-kit Summary: Library for loading and sharing PKCS#11 modules @@ -8,10 +8,9 @@ License: BSD URL: http://p11-glue.freedesktop.org/p11-kit.html Source0: https://github.com/p11-glue/p11-kit/releases/download/%{version}/p11-kit-%{version}.tar.xz Source1: https://github.com/p11-glue/p11-kit/releases/download/%{version}/p11-kit-%{version}.tar.xz.sig -Source2: gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg +Source2: https://p11-glue.github.io/p11-glue/p11-kit/p11-kit-release-keyring.gpg Source3: trust-extract-compat Source4: p11-kit-client.service -Patch0: p11-kit-meson-c99.patch BuildRequires: gcc BuildRequires: libtasn1-devel >= 2.3 @@ -46,8 +45,8 @@ developing applications that use %{name}. %package trust Summary: System trust module from %{name} Requires: %{name}%{?_isa} = %{version}-%{release} -Requires(post): %{_sbindir}/update-alternatives -Requires(postun): %{_sbindir}/update-alternatives +Requires(post): %{_sbindir}/alternatives +Requires(postun): %{_sbindir}/alternatives Conflicts: nss < 3.14.3-9 %description trust @@ -101,13 +100,12 @@ install -p -m 644 %{SOURCE4} $RPM_BUILD_ROOT%{_userunitdir} %post trust -%{_sbindir}/update-alternatives --install %{_libdir}/libnssckbi.so \ - %{alt_ckbi} %{_libdir}/pkcs11/p11-kit-trust.so 30 +%{_sbindir}/alternatives --install %{_libdir}/libnssckbi.so %{alt_ckbi} %{_libdir}/pkcs11/p11-kit-trust.so 30 %postun trust if [ $1 -eq 0 ] ; then # package removal - %{_sbindir}/update-alternatives --remove %{alt_ckbi} %{_libdir}/pkcs11/p11-kit-trust.so + %{_sbindir}/alternatives --remove %{alt_ckbi} %{_libdir}/pkcs11/p11-kit-trust.so fi diff --git a/sources b/sources index 1791414..9e7be52 100644 --- a/sources +++ b/sources @@ -1 +1,3 @@ -SHA512 (p11-kit-0.24.1.tar.xz) = 8cf170c714bb9e0cf3df93e8ec55b8e3c55cabf2c6a27f177ac6de8b8028985df2ca0216d3215d6828dc2ae3095c4e1a4febe8cb26b88ec321defc66bb011e81 +SHA512 (p11-kit-0.25.0.tar.xz) = e6df3cb224f6ff5671bd3c0557503b5f20bbfded1b6ec340b1dafcbd1b1725ea2d41d0e920756716e0fe9cb28270d115fe77b23ec876a15007b22e3f30d015fe +SHA512 (p11-kit-0.25.0.tar.xz.sig) = dc87fa4c94b723f74ed279d372c15dbafc87aba83539d05e20a528d035ec14e8c3814bb62f0582acdaa542a42a467d6a53b3197be93cb020b66ad9fe2cf26752 +SHA512 (p11-kit-release-keyring.gpg) = 9a832a8ac3a139cbbf1ecb66573f0709847ebfef4975777cf82b4dca09af1ad8e6400f0af0bcdb92860e7ed4fc05082ba1edda0238a21fe24d49555a1069e881