From 4b1d230171f50567de5cc7686ee6921cac826da5 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: May 07 2019 19:23:51 +0000 Subject: import p11-kit-0.23.14-5.el8_0 --- diff --git a/SOURCES/p11-kit-unloading-fix.patch b/SOURCES/p11-kit-unloading-fix.patch new file mode 100644 index 0000000..189ef46 --- /dev/null +++ b/SOURCES/p11-kit-unloading-fix.patch @@ -0,0 +1,49 @@ +From 4a925177a81c2566d2a81a0a450607a5ff4d9048 Mon Sep 17 00:00:00 2001 +From: Stefano Garzarella +Date: Wed, 27 Feb 2019 12:25:20 +0100 +Subject: [PATCH] modules: check gl.modules before iterates on it when freeing + +In some circumstances, as described in the BZ, can happen that +free_modules_when_no_refs_unlocked() is called multiple times +when the module destructor is invoked. +We should check gl.modules before iterates on it in the +free_modules_when_no_refs_unlocked() functions, to avoid +a SIGSEGV. + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1680963 +--- + p11-kit/modules.c | 18 ++++++++++-------- + 1 file changed, 10 insertions(+), 8 deletions(-) + +diff --git a/p11-kit/modules.c b/p11-kit/modules.c +index 0299eda..891ce4c 100644 +--- a/p11-kit/modules.c ++++ b/p11-kit/modules.c +@@ -797,14 +797,16 @@ init_globals_unlocked (void) + static void + free_modules_when_no_refs_unlocked (void) + { +- Module *mod; +- p11_dictiter iter; +- +- /* Check if any modules have a ref count */ +- p11_dict_iterate (gl.modules, &iter); +- while (p11_dict_next (&iter, (void **)&mod, NULL)) { +- if (mod->ref_count) +- return; ++ if (gl.modules) { ++ Module *mod; ++ p11_dictiter iter; ++ ++ /* Check if any modules have a ref count */ ++ p11_dict_iterate (gl.modules, &iter); ++ while (p11_dict_next (&iter, (void **)&mod, NULL)) { ++ if (mod->ref_count) ++ return; ++ } + } + + p11_dict_free (gl.unmanaged_by_funcs); +-- +2.20.1 + diff --git a/SPECS/p11-kit.spec b/SPECS/p11-kit.spec index 571ca10..f8563fc 100644 --- a/SPECS/p11-kit.spec +++ b/SPECS/p11-kit.spec @@ -1,6 +1,6 @@ # This spec file has been automatically updated Version: 0.23.14 -Release: 4%{?dist} +Release: 5%{?dist} Name: p11-kit Summary: Library for loading and sharing PKCS#11 modules @@ -11,6 +11,7 @@ Source1: trust-extract-compat Source2: p11-kit-client.service Patch1: p11-kit-coverity.patch Patch2: p11-kit-lower-libffi-priority.patch +Patch3: p11-kit-unloading-fix.patch BuildRequires: gcc BuildRequires: libtasn1-devel >= 2.3 @@ -147,6 +148,9 @@ fi %changelog +* Fri Mar 29 2019 Daiki Ueno - 0.23.14-5 +- Fix crash on unloading the library, when it is both linked and dlopen'ed + * Mon Oct 29 2018 Daiki Ueno - 0.23.14-4 - Prefer fixed closures to libffi closures