From 85465dafdc3631dbc624a2ffd825d1442cc56bad Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Nov 11 2020 08:10:34 +0000 Subject: import p11-kit-0.23.21-4.el8 --- diff --git a/SOURCES/p11-kit-anchor-persist.patch b/SOURCES/p11-kit-anchor-persist.patch new file mode 100644 index 0000000..e99e974 --- /dev/null +++ b/SOURCES/p11-kit-anchor-persist.patch @@ -0,0 +1,34 @@ +From 1d79c02be61874cd4598d60c18331e2d70228a40 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Fri, 6 Nov 2020 17:46:28 +0100 +Subject: [PATCH] anchor: Prefer persistent format when storing anchor + +When a new certificate is stored with "trust anchor --store" from a +.p11-kit file, the command treated it as a PEM file, while it should +preserve extra fields in the file. +--- + trust/anchor.c | 7 ++++--- + trust/test-extract.sh | 27 ++++++++++++++++++++++++--- + 2 files changed, 28 insertions(+), 6 deletions(-) + +diff --git a/trust/anchor.c b/trust/anchor.c +index fab9cf6..5ba5065 100644 +--- a/trust/anchor.c ++++ b/trust/anchor.c +@@ -64,9 +64,10 @@ create_arg_file_parser (void) + return_val_if_fail (parser != NULL, NULL); + + p11_parser_formats (parser, +- p11_parser_format_x509, +- p11_parser_format_pem, +- NULL); ++ p11_parser_format_persist, ++ p11_parser_format_x509, ++ p11_parser_format_pem, ++ NULL); + + return parser; + } +-- +2.26.2 + diff --git a/SOURCES/p11-kit-realloc-zero.patch b/SOURCES/p11-kit-realloc-zero.patch new file mode 100644 index 0000000..ad0fa42 --- /dev/null +++ b/SOURCES/p11-kit-realloc-zero.patch @@ -0,0 +1,107 @@ +From 08fcec713c1d3038f706d049910bd13a8c811fb5 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Mon, 5 Oct 2020 08:49:48 +0200 +Subject: [PATCH 1/2] build: Use calloc in a consistent manner + +--- + common/dict.c | 6 +++--- + p11-kit/proxy.c | 4 ++-- + 2 files changed, 5 insertions(+), 5 deletions(-) + +diff --git a/common/dict.c b/common/dict.c +index b7ab00d..62a7816 100644 +--- a/common/dict.c ++++ b/common/dict.c +@@ -122,7 +122,7 @@ lookup_or_create_bucket (p11_dict *dict, + return bucketp; + + /* add a new entry for non-NULL val */ +- (*bucketp) = calloc (sizeof (dictbucket), 1); ++ (*bucketp) = calloc (1, sizeof (dictbucket)); + + if (*bucketp != NULL) { + (*bucketp)->key = (void*)key; +@@ -175,7 +175,7 @@ p11_dict_set (p11_dict *dict, + /* check that the collision rate isn't too high */ + if (dict->num_items > dict->num_buckets) { + num_buckets = dict->num_buckets * 2 + 1; +- new_buckets = (dictbucket **)calloc (sizeof (dictbucket *), num_buckets); ++ new_buckets = (dictbucket **)calloc (num_buckets, sizeof (dictbucket *)); + + /* Ignore failures, maybe we can expand later */ + if(new_buckets) { +@@ -283,7 +283,7 @@ p11_dict_new (p11_dict_hasher hash_func, + dict->value_destroy_func = value_destroy_func; + + dict->num_buckets = 9; +- dict->buckets = (dictbucket **)calloc (sizeof (dictbucket *), dict->num_buckets); ++ dict->buckets = (dictbucket **)calloc (dict->num_buckets, sizeof (dictbucket *)); + if (!dict->buckets) { + free (dict); + return NULL; +diff --git a/p11-kit/proxy.c b/p11-kit/proxy.c +index 97c9b09..d70462a 100644 +--- a/p11-kit/proxy.c ++++ b/p11-kit/proxy.c +@@ -265,7 +265,7 @@ proxy_list_slots (Proxy *py, Mapping *mappings, unsigned int n_mappings) + /* Ask module for its slots */ + rv = (funcs->C_GetSlotList) (FALSE, NULL, &count); + if (rv == CKR_OK && count) { +- slots = calloc (sizeof (CK_SLOT_ID), count); ++ slots = calloc (count, sizeof (CK_SLOT_ID)); + rv = (funcs->C_GetSlotList) (FALSE, slots, &count); + } + +@@ -756,7 +756,7 @@ proxy_C_CloseAllSessions (CK_X_FUNCTION_LIST *self, + rv = CKR_CRYPTOKI_NOT_INITIALIZED; + } else { + assert (state->px->sessions != NULL); +- to_close = calloc (sizeof (CK_SESSION_HANDLE), p11_dict_size (state->px->sessions)); ++ to_close = calloc (p11_dict_size (state->px->sessions), sizeof (CK_SESSION_HANDLE)); + if (!to_close) { + rv = CKR_HOST_MEMORY; + } else { +-- +2.26.2 + + +From 0a1263a41d4c482f50aa5c4643f9de38fda44bbd Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Mon, 5 Oct 2020 08:52:52 +0200 +Subject: [PATCH 2/2] proxy: C_CloseAllSessions: Make sure that calloc args are + non-zero + +This prevents efence warning if either of the calloc arguments is +zero. While it is is safe on glibc systems, POSIX says the behavior +is implementation-defined. + +Reported by Paul Wouters. +--- + p11-kit/proxy.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/p11-kit/proxy.c b/p11-kit/proxy.c +index d70462a..df18ac0 100644 +--- a/p11-kit/proxy.c ++++ b/p11-kit/proxy.c +@@ -744,7 +744,7 @@ proxy_C_CloseAllSessions (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID id) + { + State *state = (State *)self; +- CK_SESSION_HANDLE_PTR to_close; ++ CK_SESSION_HANDLE_PTR to_close = NULL; + CK_RV rv = CKR_OK; + Session *sess; + CK_ULONG i, count = 0; +@@ -756,7 +756,7 @@ proxy_C_CloseAllSessions (CK_X_FUNCTION_LIST *self, + rv = CKR_CRYPTOKI_NOT_INITIALIZED; + } else { + assert (state->px->sessions != NULL); +- to_close = calloc (p11_dict_size (state->px->sessions), sizeof (CK_SESSION_HANDLE)); ++ to_close = calloc (p11_dict_size (state->px->sessions) + 1, sizeof (CK_SESSION_HANDLE)); + if (!to_close) { + rv = CKR_HOST_MEMORY; + } else { +-- +2.26.2 + diff --git a/SPECS/p11-kit.spec b/SPECS/p11-kit.spec index e69b253..a396d35 100644 --- a/SPECS/p11-kit.spec +++ b/SPECS/p11-kit.spec @@ -1,6 +1,6 @@ # This spec file has been automatically updated Version: 0.23.21 -Release: 3%{?dist} +Release: 4%{?dist} Name: p11-kit Summary: Library for loading and sharing PKCS#11 modules @@ -13,6 +13,8 @@ Source3: trust-extract-compat Source4: p11-kit-client.service Patch1: p11-kit-invalid-config.patch +Patch2: p11-kit-realloc-zero.patch +Patch3: p11-kit-anchor-persist.patch BuildRequires: gcc BuildRequires: libtasn1-devel >= 2.3 @@ -154,6 +156,10 @@ fi %changelog +* Tue Nov 10 2020 Daiki Ueno - 0.23.21-4 +- Fix realloc usage on proxy cleanup (#1894979) +- Make 'trust anchor --store' preserve all attributes from .p11-kit files + * Tue Nov 3 2020 Daiki Ueno - 0.23.21-3 - Restore clobbered changelog entry