Suppress intentional memleak in getprogname emulation (#1905581)

Upstream tag: 0.23.22
Upstream commit: bd97afbf

Signed-off-by: Packit Service <user-cont-team+packit-service@redhat.com>

.gitignore

@@ -32,3 +32,5 @@
 /p11-kit-0.23.19.tar.xz
 /p11-kit-0.23.19.tar.xz.sig
 /p11-kit-0.23.20.tar.xz
+/p11-kit-0.23.21.tar.xz
+/p11-kit-0.23.22.tar.xz

.packit.yaml

@@ -0,0 +1,24 @@
+specfile_path: p11-kit.spec
+synced_files:
+  - p11-kit.spec
+  - .packit.yaml
+upstream_package_name: p11-kit
+downstream_package_name: p11-kit
+
+# Use only populated spec files and upstream sources.
+actions:
+  post-upstream-clone:
+    - wget https://src.fedoraproject.org/rpms/p11-kit/raw/master/f/p11-kit.spec
+    - wget https://src.fedoraproject.org/rpms/p11-kit/raw/master/f/p11-kit-client.service
+    - wget https://src.fedoraproject.org/rpms/p11-kit/raw/master/f/trust-extract-compat
+  get-current-version:
+    - "git describe --abbrev=0"
+  create-archive:
+    - "wget https://github.com/p11-glue/p11-kit/releases/download/$PACKIT_PROJECT_VERSION/p11-kit-$PACKIT_PROJECT_VERSION.tar.xz"
+    - "wget https://github.com/p11-glue/p11-kit/releases/download/$PACKIT_PROJECT_VERSION/p11-kit-$PACKIT_PROJECT_VERSION.tar.xz.sig"
+
+jobs:
+  - job: propose_downstream
+    trigger: release
+    metadata:
+      dist_git_branches: fedora-all

README.packit

@@ -0,0 +1,3 @@
+This repository is maintained by packit.
+https://packit.dev/
+The file was generated using packit 0.21.1.dev11+g485bd88.

p11-kit-0.23.22-progname-leak.patch

@@ -0,0 +1,87 @@
+From 40fbf74b02b8ad6625e3aa49d2cdef2b52e47a04 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Mon, 25 Jan 2021 18:24:01 +0100
+Subject: [PATCH] compat: Pacify ASan complaints on intentionally leaked buffer
+
+Reported by Viktor Ashirov in:
+https://bugzilla.redhat.com/show_bug.cgi?id=1905581
+---
+ common/compat.c  | 25 +++++++++++++++++++------
+ common/library.c |  9 +++++++++
+ 2 files changed, 28 insertions(+), 6 deletions(-)
+
+diff --git a/common/compat.c b/common/compat.c
+index 4390cef..d6c5af6 100644
+--- a/common/compat.c
++++ b/common/compat.c
+@@ -100,6 +100,19 @@ extern char *program_invocation_short_name;
+ extern char *__progname;
+ #endif
+ 
++#ifdef __linux__
++/* This symbol is also defined in library.c so as to be freed by the library
++ * destructor.  If weak symbols are not supported nor library.c is not linked we
++ * simply leak the memory allocated with realpath().  */
++#ifdef __GNUC__
++extern char *p11_program_realpath;
++
++char *p11_program_realpath __attribute__((weak));
++#else
++static char *p11_program_realpath;
++#endif
++#endif
++
+ const char *
+ getprogname (void)
+ {
+@@ -124,14 +137,14 @@ getprogname (void)
+ 		 * Logic borrowed from:
+ 		 * <https://github.com/mesa3d/mesa/commit/759b94038987bb983398cd4b1d2cb1c8f79817a9>.
+ 		 */
+-		static char *buf;
+-
+-		if (!buf)
+-			buf = realpath ("/proc/self/exe", NULL);
++		if (!p11_program_realpath)
++			p11_program_realpath = realpath ("/proc/self/exe", NULL);
+ 
+-		if (buf && strncmp (buf, name, strlen (buf)) == 0)
++		if (p11_program_realpath &&
++		    strncmp (p11_program_realpath, name,
++			     strlen (p11_program_realpath)) == 0)
+ 			/* Use the executable path if the prefix matches. */
+-			name = strrchr (buf, '/') + 1;
++			name = strrchr (p11_program_realpath, '/') + 1;
+ 		else
+ 			/* Otherwise fall back to
+ 			 * program_invocation_short_name. */
+diff --git a/common/library.c b/common/library.c
+index 891344a..1581702 100644
+--- a/common/library.c
++++ b/common/library.c
+@@ -82,6 +82,11 @@ unsigned int p11_forkid = 1;
+ extern locale_t p11_message_locale;
+ #endif
+ 
++#ifdef __linux__
++/* used only under __linux__ in the getprogname() emulation in compat.c. */
++char *p11_program_realpath;
++#endif
++
+ static char *
+ thread_local_message (void)
+ {
+@@ -190,6 +195,10 @@ p11_library_uninit (void)
+ #endif
+ 	p11_mutex_uninit (&p11_virtual_mutex);
+ 	p11_mutex_uninit (&p11_library_mutex);
++
++#ifdef __linux__
++	free (p11_program_realpath);
++#endif
+ }
+ 
+ #endif /* OS_UNIX */
+-- 
+2.29.2
+

p11-kit.spec

@@ -1,6 +1,6 @@
 # This spec file has been automatically updated
-Version:	0.23.20
-Release: 1%{?dist}
+Version:	0.23.22
+Release: 2%{?dist}
 Name:           p11-kit
 Summary:        Library for loading and sharing PKCS#11 modules
 
@@ -11,6 +11,7 @@ Source1:        https://github.com/p11-glue/p11-kit/releases/download/%{version}
 Source2:        gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg
 Source3:        trust-extract-compat
 Source4:        p11-kit-client.service
+Patch0:         p11-kit-0.23.22-progname-leak.patch
 
 BuildRequires:  gcc
 BuildRequires:  libtasn1-devel >= 2.3
@@ -24,6 +25,7 @@ BuildRequires:  bash-completion
 # Remove this once it is fixed
 BuildRequires:  pkgconfig(glib-2.0)
 BuildRequires:  gnupg2
+BuildRequires:  /usr/bin/xsltproc
 
 %description
 p11-kit provides a way to load and enumerate PKCS#11 modules, as well
@@ -151,6 +153,47 @@ fi
 
 
 %changelog
+* Tue Jan 26 2021 Daiki Ueno <dueno@redhat.com> - 0.23.22-2
+- Suppress intentional memleak in getprogname emulation (#1905581)
+
+* Fri Dec 11 2020 Packit Service <user-cont-team+packit-service@redhat.com> - 0.23.22-1
+- Release 0.23.22 (Daiki Ueno)
+- Follow-up to arithmetic overflow fix (David Cook)
+- Check for arithmetic overflows before allocating (David Cook)
+- Check attribute length against buffer size (David Cook)
+- Fix bounds check in p11_rpc_buffer_get_byte_array (David Cook)
+- Fix buffer overflow in log_token_info (David Cook)
+- common: Don't assume __STDC_VERSION__ is always defined (Daiki Ueno)
+- compat: getauxval: correct compiler macro for FreeBSD (Daiki Ueno)
+- compat: fdwalk: add guard for Linux specific local variables (Daiki Ueno)
+- meson: Add missing libtasn1 dependency (Daiki Ueno)
+- travis: Add freebsd build (Daiki Ueno)
+- anchor: Prefer persistent format when storing anchor (Daiki Ueno)
+- travis: Run "make check" along with "make distcheck" for coverage (Daiki Ueno)
+- travis: Use python3 as the default Python interpreter (Daiki Ueno)
+- travis: Route to Ubuntu 20.04 base image (Daiki Ueno)
+- meson: Set -fstack-protector for MinGW64 cross build (Daiki Ueno)
+- meson: expand ternary operator in function call for compatibility (Daiki Ueno)
+- meson: Use custom_target for generating external XML entities (Daiki Ueno)
+- meson: Allow building manpages without gtk-doc (Jan Alexander Steffens (heftig))
+- Rename is_path_component to is_path_separator (Alexander Sosedkin)
+- Use is_path_component in one more place (Alexander Sosedkin)
+- Remove more duplicate separators in p11_path_build (Alexander Sosedkin)
+- common: Fix infloop in p11_path_build (Daiki Ueno)
+- proxy: C_CloseAllSessions: Make sure that calloc args are non-zero (Daiki Ueno)
+- build: Use calloc in a consistent manner (Daiki Ueno)
+- meson: Allow override of default bashcompdir. Fixes meson regression (issue #322).  Pass -Dbashcompdir=/xxx to meson. (John Hein)
+- common: Check for a NULL locale before freeing it (Tavian Barnes)
+- p11_test_copy_setgid: Skip setgid tests on nosuid filesystems (Anders Kaseorg)
+- unix-peer: replace incorrect include1 (Rosen Penev)
+- test-compat: Skip getprogname test if BUILDDIR contains a symlink (Daiki Ueno)
+- add trust-extract-compat into EXTRA-DIST (Xℹ Ruoyao)
+- meson: install trust-extract-compat (Xℹ Ruoyao)
+- rename trust-extract-compat.in to trust-extract-compat (Xℹ Ruoyao)
+
+* Tue Aug 18 2020 Packit Service <user-cont-team+packit-service@redhat.com> - 0.23.21-2
+- new upstream release: 0.23.21
+
 * Wed Jan 29 2020 Daiki Ueno <dueno@redhat.com> - 0.23.20-1
 - Update to upstream 0.23.20 release
 

sources

@@ -1 +1 @@
-SHA512 (p11-kit-0.23.20.tar.xz) = 1eb88773fdd49dd48c7e089744e9dbbf6c1033a4863f3bfe75a68d842804baa3c373cb1b28ee625dd69a6e16c89df4ac755e0928495dccf38c007c530f6cfa57
+SHA512 (p11-kit-0.23.22.tar.xz) = 098819e6ca4ad9cc2a0bc2e478aea67354d051a4f03e6c7d75d13d2469b6dc7654f26b15530052f6ed51acb35531c2539e0f971b31e29e6673e857c903afb080