Compare commits
3 Commits
Author | SHA1 | Date |
---|---|---|
Daiki Ueno | ba7dba9815 | |
Packit Service | 801310be24 | |
Packit Service | bd233f523c |
|
@ -32,3 +32,5 @@
|
|||
/p11-kit-0.23.19.tar.xz
|
||||
/p11-kit-0.23.19.tar.xz.sig
|
||||
/p11-kit-0.23.20.tar.xz
|
||||
/p11-kit-0.23.21.tar.xz
|
||||
/p11-kit-0.23.22.tar.xz
|
||||
|
|
|
@ -0,0 +1,24 @@
|
|||
specfile_path: p11-kit.spec
|
||||
synced_files:
|
||||
- p11-kit.spec
|
||||
- .packit.yaml
|
||||
upstream_package_name: p11-kit
|
||||
downstream_package_name: p11-kit
|
||||
|
||||
# Use only populated spec files and upstream sources.
|
||||
actions:
|
||||
post-upstream-clone:
|
||||
- wget https://src.fedoraproject.org/rpms/p11-kit/raw/master/f/p11-kit.spec
|
||||
- wget https://src.fedoraproject.org/rpms/p11-kit/raw/master/f/p11-kit-client.service
|
||||
- wget https://src.fedoraproject.org/rpms/p11-kit/raw/master/f/trust-extract-compat
|
||||
get-current-version:
|
||||
- "git describe --abbrev=0"
|
||||
create-archive:
|
||||
- "wget https://github.com/p11-glue/p11-kit/releases/download/$PACKIT_PROJECT_VERSION/p11-kit-$PACKIT_PROJECT_VERSION.tar.xz"
|
||||
- "wget https://github.com/p11-glue/p11-kit/releases/download/$PACKIT_PROJECT_VERSION/p11-kit-$PACKIT_PROJECT_VERSION.tar.xz.sig"
|
||||
|
||||
jobs:
|
||||
- job: propose_downstream
|
||||
trigger: release
|
||||
metadata:
|
||||
dist_git_branches: fedora-all
|
|
@ -0,0 +1,3 @@
|
|||
This repository is maintained by packit.
|
||||
https://packit.dev/
|
||||
The file was generated using packit 0.21.1.dev11+g485bd88.
|
Binary file not shown.
|
@ -0,0 +1,87 @@
|
|||
From 40fbf74b02b8ad6625e3aa49d2cdef2b52e47a04 Mon Sep 17 00:00:00 2001
|
||||
From: Daiki Ueno <ueno@gnu.org>
|
||||
Date: Mon, 25 Jan 2021 18:24:01 +0100
|
||||
Subject: [PATCH] compat: Pacify ASan complaints on intentionally leaked buffer
|
||||
|
||||
Reported by Viktor Ashirov in:
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1905581
|
||||
---
|
||||
common/compat.c | 25 +++++++++++++++++++------
|
||||
common/library.c | 9 +++++++++
|
||||
2 files changed, 28 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/common/compat.c b/common/compat.c
|
||||
index 4390cef..d6c5af6 100644
|
||||
--- a/common/compat.c
|
||||
+++ b/common/compat.c
|
||||
@@ -100,6 +100,19 @@ extern char *program_invocation_short_name;
|
||||
extern char *__progname;
|
||||
#endif
|
||||
|
||||
+#ifdef __linux__
|
||||
+/* This symbol is also defined in library.c so as to be freed by the library
|
||||
+ * destructor. If weak symbols are not supported nor library.c is not linked we
|
||||
+ * simply leak the memory allocated with realpath(). */
|
||||
+#ifdef __GNUC__
|
||||
+extern char *p11_program_realpath;
|
||||
+
|
||||
+char *p11_program_realpath __attribute__((weak));
|
||||
+#else
|
||||
+static char *p11_program_realpath;
|
||||
+#endif
|
||||
+#endif
|
||||
+
|
||||
const char *
|
||||
getprogname (void)
|
||||
{
|
||||
@@ -124,14 +137,14 @@ getprogname (void)
|
||||
* Logic borrowed from:
|
||||
* <https://github.com/mesa3d/mesa/commit/759b94038987bb983398cd4b1d2cb1c8f79817a9>.
|
||||
*/
|
||||
- static char *buf;
|
||||
-
|
||||
- if (!buf)
|
||||
- buf = realpath ("/proc/self/exe", NULL);
|
||||
+ if (!p11_program_realpath)
|
||||
+ p11_program_realpath = realpath ("/proc/self/exe", NULL);
|
||||
|
||||
- if (buf && strncmp (buf, name, strlen (buf)) == 0)
|
||||
+ if (p11_program_realpath &&
|
||||
+ strncmp (p11_program_realpath, name,
|
||||
+ strlen (p11_program_realpath)) == 0)
|
||||
/* Use the executable path if the prefix matches. */
|
||||
- name = strrchr (buf, '/') + 1;
|
||||
+ name = strrchr (p11_program_realpath, '/') + 1;
|
||||
else
|
||||
/* Otherwise fall back to
|
||||
* program_invocation_short_name. */
|
||||
diff --git a/common/library.c b/common/library.c
|
||||
index 891344a..1581702 100644
|
||||
--- a/common/library.c
|
||||
+++ b/common/library.c
|
||||
@@ -82,6 +82,11 @@ unsigned int p11_forkid = 1;
|
||||
extern locale_t p11_message_locale;
|
||||
#endif
|
||||
|
||||
+#ifdef __linux__
|
||||
+/* used only under __linux__ in the getprogname() emulation in compat.c. */
|
||||
+char *p11_program_realpath;
|
||||
+#endif
|
||||
+
|
||||
static char *
|
||||
thread_local_message (void)
|
||||
{
|
||||
@@ -190,6 +195,10 @@ p11_library_uninit (void)
|
||||
#endif
|
||||
p11_mutex_uninit (&p11_virtual_mutex);
|
||||
p11_mutex_uninit (&p11_library_mutex);
|
||||
+
|
||||
+#ifdef __linux__
|
||||
+ free (p11_program_realpath);
|
||||
+#endif
|
||||
}
|
||||
|
||||
#endif /* OS_UNIX */
|
||||
--
|
||||
2.29.2
|
||||
|
Binary file not shown.
45
p11-kit.spec
45
p11-kit.spec
|
@ -1,5 +1,5 @@
|
|||
# This spec file has been automatically updated
|
||||
Version: 0.23.20
|
||||
Version: 0.23.22
|
||||
Release: 2%{?dist}
|
||||
Name: p11-kit
|
||||
Summary: Library for loading and sharing PKCS#11 modules
|
||||
|
@ -11,6 +11,7 @@ Source1: https://github.com/p11-glue/p11-kit/releases/download/%{version}
|
|||
Source2: gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg
|
||||
Source3: trust-extract-compat
|
||||
Source4: p11-kit-client.service
|
||||
Patch0: p11-kit-0.23.22-progname-leak.patch
|
||||
|
||||
BuildRequires: gcc
|
||||
BuildRequires: libtasn1-devel >= 2.3
|
||||
|
@ -24,6 +25,7 @@ BuildRequires: bash-completion
|
|||
# Remove this once it is fixed
|
||||
BuildRequires: pkgconfig(glib-2.0)
|
||||
BuildRequires: gnupg2
|
||||
BuildRequires: /usr/bin/xsltproc
|
||||
|
||||
%description
|
||||
p11-kit provides a way to load and enumerate PKCS#11 modules, as well
|
||||
|
@ -151,6 +153,47 @@ fi
|
|||
|
||||
|
||||
%changelog
|
||||
* Tue Jan 26 2021 Daiki Ueno <dueno@redhat.com> - 0.23.22-2
|
||||
- Suppress intentional memleak in getprogname emulation (#1905581)
|
||||
|
||||
* Fri Dec 11 2020 Packit Service <user-cont-team+packit-service@redhat.com> - 0.23.22-1
|
||||
- Release 0.23.22 (Daiki Ueno)
|
||||
- Follow-up to arithmetic overflow fix (David Cook)
|
||||
- Check for arithmetic overflows before allocating (David Cook)
|
||||
- Check attribute length against buffer size (David Cook)
|
||||
- Fix bounds check in p11_rpc_buffer_get_byte_array (David Cook)
|
||||
- Fix buffer overflow in log_token_info (David Cook)
|
||||
- common: Don't assume __STDC_VERSION__ is always defined (Daiki Ueno)
|
||||
- compat: getauxval: correct compiler macro for FreeBSD (Daiki Ueno)
|
||||
- compat: fdwalk: add guard for Linux specific local variables (Daiki Ueno)
|
||||
- meson: Add missing libtasn1 dependency (Daiki Ueno)
|
||||
- travis: Add freebsd build (Daiki Ueno)
|
||||
- anchor: Prefer persistent format when storing anchor (Daiki Ueno)
|
||||
- travis: Run "make check" along with "make distcheck" for coverage (Daiki Ueno)
|
||||
- travis: Use python3 as the default Python interpreter (Daiki Ueno)
|
||||
- travis: Route to Ubuntu 20.04 base image (Daiki Ueno)
|
||||
- meson: Set -fstack-protector for MinGW64 cross build (Daiki Ueno)
|
||||
- meson: expand ternary operator in function call for compatibility (Daiki Ueno)
|
||||
- meson: Use custom_target for generating external XML entities (Daiki Ueno)
|
||||
- meson: Allow building manpages without gtk-doc (Jan Alexander Steffens (heftig))
|
||||
- Rename is_path_component to is_path_separator (Alexander Sosedkin)
|
||||
- Use is_path_component in one more place (Alexander Sosedkin)
|
||||
- Remove more duplicate separators in p11_path_build (Alexander Sosedkin)
|
||||
- common: Fix infloop in p11_path_build (Daiki Ueno)
|
||||
- proxy: C_CloseAllSessions: Make sure that calloc args are non-zero (Daiki Ueno)
|
||||
- build: Use calloc in a consistent manner (Daiki Ueno)
|
||||
- meson: Allow override of default bashcompdir. Fixes meson regression (issue #322). Pass -Dbashcompdir=/xxx to meson. (John Hein)
|
||||
- common: Check for a NULL locale before freeing it (Tavian Barnes)
|
||||
- p11_test_copy_setgid: Skip setgid tests on nosuid filesystems (Anders Kaseorg)
|
||||
- unix-peer: replace incorrect include1 (Rosen Penev)
|
||||
- test-compat: Skip getprogname test if BUILDDIR contains a symlink (Daiki Ueno)
|
||||
- add trust-extract-compat into EXTRA-DIST (Xℹ Ruoyao)
|
||||
- meson: install trust-extract-compat (Xℹ Ruoyao)
|
||||
- rename trust-extract-compat.in to trust-extract-compat (Xℹ Ruoyao)
|
||||
|
||||
* Tue Aug 18 2020 Packit Service <user-cont-team+packit-service@redhat.com> - 0.23.21-2
|
||||
- new upstream release: 0.23.21
|
||||
|
||||
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.23.20-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
|
|
2
sources
2
sources
|
@ -1 +1 @@
|
|||
SHA512 (p11-kit-0.23.20.tar.xz) = 1eb88773fdd49dd48c7e089744e9dbbf6c1033a4863f3bfe75a68d842804baa3c373cb1b28ee625dd69a6e16c89df4ac755e0928495dccf38c007c530f6cfa57
|
||||
SHA512 (p11-kit-0.23.22.tar.xz) = 098819e6ca4ad9cc2a0bc2e478aea67354d051a4f03e6c7d75d13d2469b6dc7654f26b15530052f6ed51acb35531c2539e0f971b31e29e6673e857c903afb080
|
||||
|
|
Loading…
Reference in New Issue