rpms
/
p11-kit
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: rpms:imports/c8s/p11-kit-0.23.21-3.el8
Branches Tags
rpms:c8
rpms:c9
rpms:c9-beta
rpms:c8-beta
rpms:c9s
rpms:c8s
rpms:imports/c9/p11-kit-0.25.3-2.el9
rpms:imports/c9/p11-kit-0.24.1-2.el9
rpms:imports/c9-beta/p11-kit-0.24.1-2.el9
rpms:imports/c9-beta/p11-kit-0.24.0-4.el9
rpms:imports/c8-beta/p11-kit-0.23.22-1.el8
rpms:imports/c8-beta/p11-kit-0.23.14-5.el8_0
rpms:imports/c8s/p11-kit-0.23.22-1.el8
rpms:imports/c8s/p11-kit-0.23.21-4.el8
rpms:imports/c8s/p11-kit-0.23.21-3.el8
rpms:imports/c8/p11-kit-0.23.22-1.el8
rpms:imports/c8/p11-kit-0.23.14-5.el8_0
rpms:imports/c8/p11-kit-0.23.14-4.el8
...
compare: rpms:c8
Branches Tags
rpms:c9
rpms:c9-beta
rpms:c8-beta
rpms:c9s
rpms:c8s
rpms:c8
rpms:imports/c9/p11-kit-0.25.3-2.el9
rpms:imports/c9/p11-kit-0.24.1-2.el9
rpms:imports/c9-beta/p11-kit-0.24.1-2.el9
rpms:imports/c9-beta/p11-kit-0.24.0-4.el9
rpms:imports/c8-beta/p11-kit-0.23.22-1.el8
rpms:imports/c8-beta/p11-kit-0.23.14-5.el8_0
rpms:imports/c8s/p11-kit-0.23.22-1.el8
rpms:imports/c8s/p11-kit-0.23.21-4.el8
rpms:imports/c8s/p11-kit-0.23.21-3.el8
rpms:imports/c8/p11-kit-0.23.22-1.el8
rpms:imports/c8/p11-kit-0.23.14-5.el8_0
rpms:imports/c8/p11-kit-0.23.14-4.el8

No commits in common. "imports/c8s/p11-kit-0.23.21-3.el8" and "c8" have entirely different histories.
imports/c8 ... c8

7 changed files with 57 additions and 336 deletions
Show Stats Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg
SOURCES/p11-kit-0.23.21.tar.xz
SOURCES/p11-kit-0.23.22.tar.xz

2
.p11-kit.metadata
View File

@ -1,2 +1,2 @@
526f07b62624739ba318a171bab3352af91d0134 SOURCES/gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg
5c550cc2a192d5a3ede74862b22ef0b139c911a4 SOURCES/p11-kit-0.23.21.tar.xz
339e5163ed50a9984a74739b9207ea8cd77fa7e2 SOURCES/p11-kit-0.23.22.tar.xz

BIN
SOURCES/p11-kit-0.23.21.tar.xz.sig
View File

Binary file not shown.

BIN
SOURCES/p11-kit-0.23.22.tar.xz.sig Normal file
View File

Binary file not shown.

42
SOURCES/p11-kit-dt-needed.patch Normal file
View File

@ -0,0 +1,42 @@
From a91266ef087532e2332c75c4fd9244df66f30b64 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Fri, 18 Dec 2020 13:37:10 +0100
Subject: [PATCH] meson: Link trust/client modules explicitly to -ldl
This adds the -ldl link flag missing in the meson build, but present
in the autotools build. Although the use-case is unlikely, this
allows those modules to be linked as a normal shared library to a
program.
---
p11-kit/meson.build | 1 +
trust/meson.build | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/p11-kit/meson.build b/p11-kit/meson.build
index 7d57cd7..02147a9 100644
--- a/p11-kit/meson.build
+++ b/p11-kit/meson.build
@@ -92,6 +92,7 @@ if host_system != 'windows'
'client.c', 'client-init.c',
name_prefix: '',
include_directories: [configinc, commoninc],
+ dependencies: dlopen_deps,
link_args: p11_module_ldflags,
link_depends: [p11_module_symbol_map,
p11_module_symbol_def],
diff --git a/trust/meson.build b/trust/meson.build
index 482a3c1..d4a8e15 100644
--- a/trust/meson.build
+++ b/trust/meson.build
@@ -56,7 +56,7 @@ shared_module('p11-kit-trust',
'module-init.c',
name_prefix: '',
c_args: p11_kit_trust_c_args,
- dependencies: [asn_h_dep, libp11_library_dep] + libtasn1_deps,
+ dependencies: [asn_h_dep, libp11_library_dep] + dlopen_deps + libtasn1_deps,
link_args: p11_module_ldflags,
link_depends: [p11_module_symbol_map,
p11_module_symbol_def],
--
2.29.2

331
SOURCES/p11-kit-invalid-config.patch
View File

@ -1,331 +0,0 @@
From de661c41a1e7e52296c91b9caa0bff8e4885c751 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Thu, 22 Oct 2020 14:06:53 +0200
Subject: [PATCH 1/4] common: Fix infloop in p11_path_build
If p11_path_build is called with 2 or more arguments and the non-first
argument is an empty string (""), it previously fell into an infloop.
Reported by Karel Srot.
---
common/path.c | 4 +++-
common/test-path.c | 4 ++++
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/common/path.c b/common/path.c
index 17a6230..53d394f 100644
--- a/common/path.c
+++ b/common/path.c
@@ -241,8 +241,10 @@ p11_path_build (const char *path,
num--;
if (at != 0) {
- if (num == 0)
+ if (num == 0) {
+ path = va_arg (va, const char *);
continue;
+ }
built[at++] = delim;
}
diff --git a/common/test-path.c b/common/test-path.c
index 2eb5444..f137a0c 100644
--- a/common/test-path.c
+++ b/common/test-path.c
@@ -88,6 +88,8 @@ static void
test_build (void)
{
#ifdef OS_UNIX
+ assert_str_eq_free ("/root",
+ p11_path_build ("/root", "", NULL));
assert_str_eq_free ("/root/second",
p11_path_build ("/root", "second", NULL));
assert_str_eq_free ("/root/second",
@@ -99,6 +101,8 @@ test_build (void)
assert_str_eq_free ("/root/second/third",
p11_path_build ("/root", "/second/third", NULL));
#else /* OS_WIN32 */
+ assert_str_eq_free ("C:\\root",
+ p11_path_build ("C:\\root", "", NULL));
assert_str_eq_free ("C:\\root\\second",
p11_path_build ("C:\\root", "second", NULL));
assert_str_eq_free ("C:\\root\\second",
--
2.26.2
From 1eac9a1c41828d5da4b640746e0002c7ab964e8e Mon Sep 17 00:00:00 2001
From: Alexander Sosedkin <asosedkin@redhat.com>
Date: Tue, 27 Oct 2020 11:08:53 +0100
Subject: [PATCH 2/4] Remove more duplicate separators in p11_path_build
Makes p11_path_build remove duplicate separators more thoroughly,
e.g., after a "" or in the first argument.
---
common/path.c | 26 +++++++++++++++++++-------
common/test-path.c | 22 ++++++++++++++++++++++
2 files changed, 41 insertions(+), 7 deletions(-)
diff --git a/common/path.c b/common/path.c
index 53d394f..0ad176c 100644
--- a/common/path.c
+++ b/common/path.c
@@ -94,15 +94,21 @@ p11_path_base (const char *path)
}
static inline bool
-is_path_component_or_null (char ch)
+is_path_component (char ch)
{
- return (ch == '\0' || ch == '/'
+ return (ch == '/'
#ifdef OS_WIN32
|| ch == '\\'
#endif
);
}
+static inline bool
+is_path_component_or_null (char ch)
+{
+ return is_path_component (ch) || ch == '\0';
+}
+
static char *
expand_homedir (const char *remainder)
{
@@ -235,6 +241,15 @@ p11_path_build (const char *path,
while (path != NULL) {
num = strlen (path);
+ /* Trim beginning of path */
+ while (is_path_component (path[0])) {
+ /* But preserve the leading path component */
+ if (!at && !is_path_component (path[1]))
+ break;
+ path++;
+ num--;
+ }
+
/* Trim end of the path */
until = (at > 0) ? 0 : 1;
while (num > until && is_path_component_or_null (path[num - 1]))
@@ -245,7 +260,8 @@ p11_path_build (const char *path,
path = va_arg (va, const char *);
continue;
}
- built[at++] = delim;
+ if (built[at - 1] != delim)
+ built[at++] = delim;
}
assert (at + num < len);
@@ -253,10 +269,6 @@ p11_path_build (const char *path,
at += num;
path = va_arg (va, const char *);
-
- /* Trim beginning of path */
- while (path && path[0] && is_path_component_or_null (path[0]))
- path++;
}
va_end (va);
diff --git a/common/test-path.c b/common/test-path.c
index f137a0c..cf4a8e3 100644
--- a/common/test-path.c
+++ b/common/test-path.c
@@ -88,6 +88,16 @@ static void
test_build (void)
{
#ifdef OS_UNIX
+ assert_str_eq_free ("/",
+ p11_path_build ("/", NULL));
+ assert_str_eq_free ("/",
+ p11_path_build ("", "//", NULL));
+ assert_str_eq_free ("/root",
+ p11_path_build ("///root///", NULL));
+ assert_str_eq_free ("/root",
+ p11_path_build ("/", "root", NULL));
+ assert_str_eq_free ("/root",
+ p11_path_build ("", "/root", NULL));
assert_str_eq_free ("/root",
p11_path_build ("/root", "", NULL));
assert_str_eq_free ("/root/second",
@@ -96,11 +106,19 @@ test_build (void)
p11_path_build ("/root", "/second", NULL));
assert_str_eq_free ("/root/second",
p11_path_build ("/root/", "second", NULL));
+ assert_str_eq_free ("/root/second",
+ p11_path_build ("/root//", "//second/", NULL));
+ assert_str_eq_free ("/root/second",
+ p11_path_build ("/root//", "", "//second/", NULL));
assert_str_eq_free ("/root/second/third",
p11_path_build ("/root", "second", "third", NULL));
assert_str_eq_free ("/root/second/third",
p11_path_build ("/root", "/second/third", NULL));
#else /* OS_WIN32 */
+ assert_str_eq_free ("C:\\root",
+ p11_path_build ("C:\\", "root", NULL));
+ assert_str_eq_free ("C:\\root",
+ p11_path_build ("", "C:\\root", NULL));
assert_str_eq_free ("C:\\root",
p11_path_build ("C:\\root", "", NULL));
assert_str_eq_free ("C:\\root\\second",
@@ -109,6 +127,10 @@ test_build (void)
p11_path_build ("C:\\root", "\\second", NULL));
assert_str_eq_free ("C:\\root\\second",
p11_path_build ("C:\\root\\", "second", NULL));
+ assert_str_eq_free ("C:\\root\\second",
+ p11_path_build ("C:\\root\\\\", "\\\\second", NULL));
+ assert_str_eq_free ("C:\\root\\second",
+ p11_path_build ("C:\\root\\\\", "", "\\\\second", NULL));
assert_str_eq_free ("C:\\root\\second\\third",
p11_path_build ("C:\\root", "second", "third", NULL));
assert_str_eq_free ("C:\\root\\second/third",
--
2.26.2
From e5a1f444b7d299e77dd57862f3cc5783e697a10e Mon Sep 17 00:00:00 2001
From: Alexander Sosedkin <asosedkin@redhat.com>
Date: Tue, 27 Oct 2020 13:33:34 +0100
Subject: [PATCH 3/4] Use is_path_component in one more place
---
common/path.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/common/path.c b/common/path.c
index 0ad176c..8f57ec6 100644
--- a/common/path.c
+++ b/common/path.c
@@ -119,7 +119,7 @@ expand_homedir (const char *remainder)
return NULL;
}
- while (remainder[0] && is_path_component_or_null (remainder[0]))
+ while (is_path_component (remainder[0]))
remainder++;
if (remainder[0] == '\0')
remainder = NULL;
--
2.26.2
From ce66cf00b6b207c1d452af23cb062ca0adf57dac Mon Sep 17 00:00:00 2001
From: Alexander Sosedkin <asosedkin@redhat.com>
Date: Tue, 27 Oct 2020 16:01:32 +0100
Subject: [PATCH 4/4] Rename is_path_component to is_path_separator
Thanks to Daiki Ueno for noticing the misnaming.
---
common/path.c | 26 +++++++++++++-------------
1 file changed, 13 insertions(+), 13 deletions(-)
diff --git a/common/path.c b/common/path.c
index 8f57ec6..d0d1893 100644
--- a/common/path.c
+++ b/common/path.c
@@ -94,7 +94,7 @@ p11_path_base (const char *path)
}
static inline bool
-is_path_component (char ch)
+is_path_separator (char ch)
{
return (ch == '/'
#ifdef OS_WIN32
@@ -104,9 +104,9 @@ is_path_component (char ch)
}
static inline bool
-is_path_component_or_null (char ch)
+is_path_separator_or_null (char ch)
{
- return is_path_component (ch) || ch == '\0';
+ return is_path_separator (ch) || ch == '\0';
}
static char *
@@ -119,7 +119,7 @@ expand_homedir (const char *remainder)
return NULL;
}
- while (is_path_component (remainder[0]))
+ while (is_path_separator (remainder[0]))
remainder++;
if (remainder[0] == '\0')
remainder = NULL;
@@ -127,7 +127,7 @@ expand_homedir (const char *remainder)
/* Expand $XDG_CONFIG_HOME */
if (remainder != NULL &&
strncmp (remainder, ".config", 7) == 0 &&
- is_path_component_or_null (remainder[7])) {
+ is_path_separator_or_null (remainder[7])) {
env = getenv ("XDG_CONFIG_HOME");
if (env && env[0])
return p11_path_build (env, remainder + 8, NULL);
@@ -180,7 +180,7 @@ p11_path_expand (const char *path)
return_val_if_fail (path != NULL, NULL);
if (strncmp (path, "~", 1) == 0 &&
- is_path_component_or_null (path[1])) {
+ is_path_separator_or_null (path[1])) {
return expand_homedir (path + 1);
} else {
@@ -242,9 +242,9 @@ p11_path_build (const char *path,
num = strlen (path);
/* Trim beginning of path */
- while (is_path_component (path[0])) {
+ while (is_path_separator (path[0])) {
/* But preserve the leading path component */
- if (!at && !is_path_component (path[1]))
+ if (!at && !is_path_separator (path[1]))
break;
path++;
num--;
@@ -252,7 +252,7 @@ p11_path_build (const char *path,
/* Trim end of the path */
until = (at > 0) ? 0 : 1;
- while (num > until && is_path_component_or_null (path[num - 1]))
+ while (num > until && is_path_separator_or_null (path[num - 1]))
num--;
if (at != 0) {
@@ -288,17 +288,17 @@ p11_path_parent (const char *path)
/* Find the end of the last component */
e = path + strlen (path);
- while (e != path && is_path_component_or_null (*e))
+ while (e != path && is_path_separator_or_null (*e))
e--;
/* Find the beginning of the last component */
- while (e != path && !is_path_component_or_null (*e)) {
+ while (e != path && !is_path_separator_or_null (*e)) {
had = true;
e--;
}
/* Find the end of the last component */
- while (e != path && is_path_component_or_null (*e))
+ while (e != path && is_path_separator_or_null (*e))
e--;
if (e == path) {
@@ -327,7 +327,7 @@ p11_path_prefix (const char *string,
return a > b &&
strncmp (string, prefix, b) == 0 &&
- is_path_component_or_null (string[b]);
+ is_path_separator_or_null (string[b]);
}
void
--
2.26.2

16
SPECS/p11-kit.spec
View File

@ -1,6 +1,6 @@
# This spec file has been automatically updated
Version: 0.23.21
Release: 3%{?dist}
Version: 0.23.22
Release: 1%{?dist}
Name: p11-kit
Summary: Library for loading and sharing PKCS#11 modules
@ -12,7 +12,7 @@ Source2: gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg
Source3: trust-extract-compat
Source4: p11-kit-client.service
Patch1: p11-kit-invalid-config.patch
Patch1: p11-kit-dt-needed.patch
BuildRequires: gcc
BuildRequires: libtasn1-devel >= 2.3
@ -27,6 +27,7 @@ BuildRequires: bash-completion
# Remove this once it is fixed
BuildRequires: pkgconfig(glib-2.0)
BuildRequires: gnupg2
BuildRequires: /usr/bin/xsltproc
%description
p11-kit provides a way to load and enumerate PKCS#11 modules, as well
@ -154,6 +155,15 @@ fi
%changelog
* Mon Jan 11 2021 Daiki Ueno <dueno@redhat.com> - 0.23.22-1
- Rebase to 0.23.22 to fix memory safety issues (CVE-2020-29361, CVE-2020-29362, and CVE-2020-29363)
- Preserve DT_NEEDED information from the previous version, flagged by rpmdiff
- Add xsltproc to BR
* Tue Nov 10 2020 Daiki Ueno <dueno@redhat.com> - 0.23.21-4
- Fix realloc usage on proxy cleanup (#1894979)
- Make 'trust anchor --store' preserve all attributes from .p11-kit files
* Tue Nov 3 2020 Daiki Ueno <dueno@redhat.com> - 0.23.21-3
- Restore clobbered changelog entry