Update to 0.23.20-1

- Update to upstream 0.23.16.1 release

.gitignore

@@ -20,3 +20,12 @@
 /p11-kit-client.service
 /trust-extract-compat
 /p11-kit-0.23.15.tar.gz
+/p11-kit-client.service
+/trust-extract-compat
+/p11-kit-0.23.16.1.tar.gz
+/p11-kit-client.service
+/trust-extract-compat
+/p11-kit-0.23.18.1.tar.gz
+/p11-kit-0.23.19.tar.xz
+/p11-kit-0.23.19.tar.xz.sig
+/p11-kit-0.23.20.tar.xz

0001-trust-Ignore-unreadable-content-in-anchors.patch

@@ -1,181 +0,0 @@
-From e2170b295992cb7fdf115227a78028ac3780619f Mon Sep 17 00:00:00 2001
-From: Daiki Ueno <dueno@redhat.com>
-Date: Mon, 18 Feb 2019 14:53:49 +0100
-Subject: [PATCH] trust: Ignore unreadable content in anchors
-
-This amends eb503f3a1467f21a5ecc9ae84ae23b216afc102f.  Instead of
-failing C_FindObjectsInit, treat any errors internally and accumulates
-the successfully loaded certificates.
-
-Reported by Andrej Kvasnica in:
-https://bugzilla.redhat.com/show_bug.cgi?id=1675441
----
- trust/module.c      |  3 +-
- trust/test-module.c | 77 +++++++++++++++++++++++++++++++++++++++++++++
- trust/token.c       | 23 ++++++--------
- 3 files changed, 88 insertions(+), 15 deletions(-)
-
-diff --git a/trust/module.c b/trust/module.c
-index 1722340..ec3333d 100644
---- a/trust/module.c
-+++ b/trust/module.c
-@@ -1198,8 +1198,7 @@ sys_C_FindObjectsInit (CK_SESSION_HANDLE handle,
- 				indices[n++] = session->index;
- 			if (want_token_objects) {
- 				if (!session->loaded)
--					if (p11_token_load (session->token) < 0)
--						rv = CKR_FUNCTION_FAILED;
-+					p11_token_load (session->token);
- 				if (rv == CKR_OK) {
- 					session->loaded = CK_TRUE;
- 					indices[n++] = p11_token_index (session->token);
-diff --git a/trust/test-module.c b/trust/test-module.c
-index 1e8d812..4024d81 100644
---- a/trust/test-module.c
-+++ b/trust/test-module.c
-@@ -163,6 +163,80 @@ setup_writable (void *unused)
- 	p11_parser_formats (test.parser, p11_parser_format_persist, NULL);
- }
- 
-+/* This is similar to setup(), but it adds an unreadable content in
-+ * the anchor directory. */
-+static void
-+setup_unreadable (void *unused)
-+{
-+	CK_C_INITIALIZE_ARGS args;
-+	const char *paths;
-+	char *p, *pp, *anchors;
-+	FILE *f, *ff;
-+	char buffer[4096];
-+	char *arguments;
-+	CK_ULONG count;
-+	CK_RV rv;
-+
-+	memset (&test, 0, sizeof (test));
-+
-+	/* This is the entry point of the trust module, linked to this test */
-+	rv = C_GetFunctionList (&test.module);
-+	assert (rv == CKR_OK);
-+
-+	test.directory = p11_test_directory ("test-module");
-+	anchors = p11_path_build (test.directory, "anchors", NULL);
-+#ifdef OS_UNIX
-+	if (mkdir (anchors, S_IRWXU) < 0)
-+#else
-+	if (mkdir (anchors) < 0)
-+#endif
-+		assert_fail ("mkdir()", anchors);
-+
-+	p = p11_path_build (anchors, "unreadable", NULL);
-+	f = fopen (p, "w");
-+	fwrite ("foo", 3, 1, f);
-+	fclose (f);
-+	chmod (p, 0);
-+	free (p);
-+
-+	pp = p11_path_build (anchors, "thawte", NULL);
-+	ff = fopen (pp, "w");
-+	f = fopen (SRCDIR "/trust/fixtures/thawte.pem", "r");
-+	while (!feof (f)) {
-+		size_t size;
-+		size = fread (buffer, 1, sizeof (buffer), f);
-+		if (ferror (f))
-+			assert_fail ("fread()",
-+				     SRCDIR "/trust/fixtures/thawte.pem");
-+		fwrite (buffer, 1, size, ff);
-+		if (ferror (ff))
-+			assert_fail ("write()", pp);
-+	}
-+	free (pp);
-+	fclose (ff);
-+	fclose (f);
-+	free (anchors);
-+
-+	memset (&args, 0, sizeof (args));
-+	paths = SRCDIR "/trust/input" P11_PATH_SEP \
-+		SRCDIR "/trust/fixtures/self-signed-with-ku.der";
-+	if (asprintf (&arguments, "paths='%s%c%s'",
-+		      paths, P11_PATH_SEP_C, test.directory) < 0)
-+		assert (false && "not reached");
-+	args.pReserved = arguments;
-+	args.flags = CKF_OS_LOCKING_OK;
-+
-+	rv = test.module->C_Initialize (&args);
-+	assert (rv == CKR_OK);
-+
-+	free (arguments);
-+
-+	count = NUM_SLOTS;
-+	rv = test.module->C_GetSlotList (CK_TRUE, test.slots, &count);
-+	assert (rv == CKR_OK);
-+	assert (count == NUM_SLOTS);
-+}
-+
- static void
- test_get_slot_list (void)
- {
-@@ -1324,5 +1398,8 @@ main (int argc,
- 	p11_fixture (NULL, NULL);
- 	p11_test (test_token_write_protected, "/module/token-write-protected");
- 
-+	p11_fixture (setup_unreadable, teardown);
-+	p11_test (test_find_certificates, "/module/unreadable");
-+
- 	return p11_test_run (argc, argv);
- }
-diff --git a/trust/token.c b/trust/token.c
-index b91a1d0..8c75d06 100644
---- a/trust/token.c
-+++ b/trust/token.c
-@@ -266,8 +266,8 @@ loader_load_directory (p11_token *token,
- 		return_val_if_fail (path != NULL, -1);
- 
- 		ret = loader_load_if_file (token, path);
--		return_val_if_fail (ret >=0, -1);
--		total += ret;
-+		if (ret >= 0)
-+			total += ret;
- 
- 		/* Make note that this file was seen */
- 		p11_dict_remove (present, path);
-@@ -328,8 +328,8 @@ loader_load_path (p11_token *token,
- 			p11_dict_iterate (present, &iter);
- 			while (p11_dict_next (&iter, (void **)&filename, NULL)) {
- 				ret = loader_load_if_file (token, filename);
--				return_val_if_fail (ret >= 0, ret);
--				total += ret;
-+				if (ret >= 0)
-+					total += ret;
- 			}
- 		}
- 
-@@ -377,20 +377,17 @@ p11_token_load (p11_token *token)
- 	int ret;
- 
- 	ret = loader_load_path (token, token->path, &is_dir);
--	if (ret < 0)
--		return -1;
--	total += ret;
-+	if (ret >= 0)
-+		total += ret;
- 
- 	if (is_dir) {
- 		ret = loader_load_path (token, token->anchors, &is_dir);
--		if (ret < 0)
--			return -1;
--		total += ret;
-+		if (ret >= 0)
-+			total += ret;
- 
- 		ret = loader_load_path (token, token->blacklist, &is_dir);
--		if (ret < 0)
--			return -1;
--		total += ret;
-+		if (ret >= 0)
-+			total += ret;
- 	}
- 
- 	return total;
--- 
-2.20.1
-

p11-kit.spec

@@ -1,24 +1,29 @@
 # This spec file has been automatically updated
-Version:	0.23.15
-Release: 3%{?dist}
+Version:	0.23.20
+Release: 1%{?dist}
 Name:           p11-kit
 Summary:        Library for loading and sharing PKCS#11 modules
 
 License:        BSD
 URL:            http://p11-glue.freedesktop.org/p11-kit.html
-Source0:        https://github.com/p11-glue/p11-kit/releases/download/%{version}/p11-kit-%{version}.tar.gz
-Source1:        trust-extract-compat
-Source2:        p11-kit-client.service
-Patch0:		0001-trust-Ignore-unreadable-content-in-anchors.patch
+Source0:        https://github.com/p11-glue/p11-kit/releases/download/%{version}/p11-kit-%{version}.tar.xz
+Source1:        https://github.com/p11-glue/p11-kit/releases/download/%{version}/p11-kit-%{version}.tar.xz.sig
+Source2:        gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg
+Source3:        trust-extract-compat
+Source4:        p11-kit-client.service
 
 BuildRequires:  gcc
 BuildRequires:  libtasn1-devel >= 2.3
 BuildRequires:  libffi-devel
+BuildRequires:  gettext
 BuildRequires:  gtk-doc
+BuildRequires:  meson
 BuildRequires:  systemd-devel
+BuildRequires:  bash-completion
 # Work around for https://bugzilla.redhat.com/show_bug.cgi?id=1497147
 # Remove this once it is fixed
 BuildRequires:  pkgconfig(glib-2.0)
+BuildRequires:  gnupg2
 
 %description
 p11-kit provides a way to load and enumerate PKCS#11 modules, as well
@@ -67,27 +72,29 @@ feature is still experimental.
 
 
 %prep
+gpgv2 --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
+
 %autosetup -p1
 
 %build
 # These paths are the source paths that  come from the plan here:
 # https://fedoraproject.org/wiki/Features/SharedSystemCertificates:SubTasks
-%configure --disable-static --enable-doc --with-trust-paths=%{_sysconfdir}/pki/ca-trust/source:%{_datadir}/pki/ca-trust-source --disable-silent-rules
-make %{?_smp_mflags} V=1
+%meson -Dgtk_doc=true -Dman=true -Dtrust_paths=%{_sysconfdir}/pki/ca-trust/source:%{_datadir}/pki/ca-trust-source
+%meson_build
 
 %install
-make install DESTDIR=$RPM_BUILD_ROOT
+%meson_install
 mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pkcs11/modules
-rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
-rm -f $RPM_BUILD_ROOT%{_libdir}/pkcs11/*.la
-install -p -m 755 %{SOURCE1} $RPM_BUILD_ROOT%{_libexecdir}/p11-kit/
+install -p -m 755 %{SOURCE3} $RPM_BUILD_ROOT%{_libexecdir}/p11-kit/
 # Install the example conf with %%doc instead
-rm $RPM_BUILD_ROOT%{_sysconfdir}/pkcs11/pkcs11.conf.example
+mkdir -p $RPM_BUILD_ROOT%{_docdir}/%{name}
+mv $RPM_BUILD_ROOT%{_sysconfdir}/pkcs11/pkcs11.conf.example $RPM_BUILD_ROOT%{_docdir}/%{name}/pkcs11.conf.example
 mkdir -p $RPM_BUILD_ROOT%{_userunitdir}
-install -p -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_userunitdir}
+install -p -m 644 %{SOURCE4} $RPM_BUILD_ROOT%{_userunitdir}
+%find_lang %{name}
 
 %check
-make check
+%meson_test
 
 
 %post trust
@@ -101,11 +108,11 @@ if [ $1 -eq 0 ] ; then
 fi
 
 
-%files
+%files -f %{name}.lang
 %{!?_licensedir:%global license %%doc}
 %license COPYING
 %doc AUTHORS NEWS README
-%doc p11-kit/pkcs11.conf.example
+%{_docdir}/%{name}/pkcs11.conf.example
 %dir %{_sysconfdir}/pkcs11
 %dir %{_sysconfdir}/pkcs11/modules
 %dir %{_datadir}/p11-kit
@@ -118,6 +125,7 @@ fi
 %{_mandir}/man1/trust.1.gz
 %{_mandir}/man8/p11-kit.8.gz
 %{_mandir}/man5/pkcs11.conf.5.gz
+%{_datadir}/bash-completion/completions/p11-kit
 
 %files devel
 %{_includedir}/p11-kit-1/
@@ -132,6 +140,7 @@ fi
 %{_libdir}/pkcs11/p11-kit-trust.so
 %{_datadir}/p11-kit/modules/p11-kit-trust.module
 %{_libexecdir}/p11-kit/trust-extract-compat
+%{_datadir}/bash-completion/completions/trust
 
 %files server
 %{_libdir}/pkcs11/p11-kit-client.so
@@ -142,6 +151,17 @@ fi
 
 
 %changelog
+* Wed Jan 29 2020 Daiki Ueno <dueno@redhat.com> - 0.23.20-1
+- Update to upstream 0.23.20 release
+
+* Wed Jan 22 2020 Daiki Ueno <dueno@redhat.com> - 0.23.19-1
+- Update to upstream 0.23.19 release
+- Check archive signature in %%prep
+- Switch to using Meson as the build system
+
+* Thu May 23 2019 Daiki Ueno <dueno@redhat.com> - 0.23.16.1-1
+- Update to upstream 0.23.16.1 release
+
 * Mon Feb 18 2019 Daiki Ueno <dueno@redhat.com> - 0.23.15-3
 - trust: Ignore unreadable content in anchors
 

sources

@@ -1,3 +1 @@
-SHA512 (p11-kit-client.service) = 0f08618851c6eafb35c630957044fc96324be4d3828cdd2aa9b5d6e1245549197ca5b969d6a2f735c893d73c02e885cdc3205bd43e37f6124ebc6cfa61970d3b
-SHA512 (trust-extract-compat) = 91210705f9bcf1a13c0de1ca9943e3ac68296bfcb7953fc59241de060247b470b39be6e914dd4d92e38a78d5df0962c83315ad78f8c0eade8e62d884b05fdd42
-SHA512 (p11-kit-0.23.15.tar.gz) = d703eec12626b79551ce337521f7ea7b1a0b64c211d7a93d831dd28ec1de77c7b58358c1588bf82d70f047c01ad9433fa8a286d1a25ae3f6b0ee6016b8c42950
+SHA512 (p11-kit-0.23.20.tar.xz) = 1eb88773fdd49dd48c7e089744e9dbbf6c1033a4863f3bfe75a68d842804baa3c373cb1b28ee625dd69a6e16c89df4ac755e0928495dccf38c007c530f6cfa57