diff --git a/d1d4b0a.patch b/d1d4b0a.patch new file mode 100644 index 0000000..8bcd231 --- /dev/null +++ b/d1d4b0a.patch @@ -0,0 +1,42 @@ +From d1d4b0ac316a27c739ff91e6c4153f1154e96e5a Mon Sep 17 00:00:00 2001 +From: Xi Ruoyao +Date: Thu, 27 Jul 2023 12:18:15 +0800 +Subject: [PATCH] Fix probing of C_GetInterface + +`p11_dl_symbol (dl, "C_GetInterface")` uses dlsym() to find +C_GetInterface in the loaded pkcs11 module. For legacy (pre-3.0) pkcs11 +modules, C_GetInterface is not defined in the module. But according to +the documentation of dlsym(): + + The search performed by dlsym() is breadth first through the + dependency tree of these shared objects. + +So if a pkcs11 module links to libp11-kit.so, the C_GetInterface +implementation in libp11-kit.so itself will be found. This +C_GetInterface will return the metadata of p11-kit-proxy.so, causing +"Refuse to load the p11-kit-proxy.so as a registered module". + +To solve the issue, if p11_dl_symbol() returns the C_GetInterface in +libp11-kit.so itself, we should ignore it and continue trying +C_GetFunctionList. +--- + p11-kit/modules.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/p11-kit/modules.c b/p11-kit/modules.c +index 8ad88ae0..da0a7f04 100644 +--- a/p11-kit/modules.c ++++ b/p11-kit/modules.c +@@ -383,6 +383,12 @@ dlopen_and_get_function_list (Module *mod, + mod->loaded_module = dl; + + gi = p11_dl_symbol (dl, "C_GetInterface"); ++ ++#ifndef OS_WIN32 ++ if (gi == C_GetInterface) ++ gi = NULL; ++#endif ++ + if (gi) { + /* Get the default standard interface */ + rv = gi ((unsigned char *)"PKCS 11", NULL, &interface, 0); diff --git a/p11-kit.changes b/p11-kit.changes index fae835d..e1208c7 100644 --- a/p11-kit.changes +++ b/p11-kit.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Sep 20 21:26:03 UTC 2023 - Bjørn Lie + +- Add d1d4b0a.patch: Fix probing of C_GetInterface. + ------------------------------------------------------------------- Wed Sep 20 08:49:47 UTC 2023 - Pedro Monreal diff --git a/p11-kit.spec b/p11-kit.spec index a215b9a..e0654bf 100644 --- a/p11-kit.spec +++ b/p11-kit.spec @@ -31,6 +31,8 @@ Source0: https://github.com/p11-glue/%{name}/releases/download/%{version} Source1: https://github.com/p11-glue/%{name}/releases/download/%{version}/p11-kit-%{version}.tar.xz.sig Source98: https://p11-glue.github.io/p11-glue/%{name}/%{name}-release-keyring.gpg#/%{name}.keyring Source99: baselibs.conf +# PATCH-FIX-UPSTREAM d1d4b0a.patch -- Fix probing of C_GetInterface +Patch0: https://github.com/p11-glue/p11-kit/commit/d1d4b0a.patch BuildRequires: gtk-doc %if 0%{?suse_version} >= 1600 BuildRequires: libtasn1-tools @@ -104,7 +106,7 @@ Command line tools that enable to export PKCS#11 modules through a Unix domain socket. Note that this feature is still experimental. %prep -%autosetup +%autosetup -p1 %build %meson -Dtrust_paths=%{trustdir_cfg}:%{trustdir_static} \