Accepting request 1113446 from Base:System

OBS-URL: https://build.opensuse.org/request/show/1113446
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/p11-kit?expand=0&rev=43

d1d4b0ac316a27c739ff91e6c4153f1154e96e5a.patch

@@ -0,0 +1,42 @@
+From d1d4b0ac316a27c739ff91e6c4153f1154e96e5a Mon Sep 17 00:00:00 2001
+From: Xi Ruoyao <xry111@xry111.site>
+Date: Thu, 27 Jul 2023 12:18:15 +0800
+Subject: [PATCH] Fix probing of C_GetInterface
+
+`p11_dl_symbol (dl, "C_GetInterface")` uses dlsym() to find
+C_GetInterface in the loaded pkcs11 module.  For legacy (pre-3.0) pkcs11
+modules, C_GetInterface is not defined in the module.  But according to
+the documentation of dlsym():
+
+    The search performed by dlsym() is breadth first through the
+    dependency tree of these shared objects.
+
+So if a pkcs11 module links to libp11-kit.so, the C_GetInterface
+implementation in libp11-kit.so itself will be found.  This
+C_GetInterface will return the metadata of p11-kit-proxy.so, causing
+"Refuse to load the p11-kit-proxy.so as a registered module".
+
+To solve the issue, if p11_dl_symbol() returns the C_GetInterface in
+libp11-kit.so itself, we should ignore it and continue trying
+C_GetFunctionList.
+---
+ p11-kit/modules.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/p11-kit/modules.c b/p11-kit/modules.c
+index 8ad88ae01..da0a7f04d 100644
+--- a/p11-kit/modules.c
++++ b/p11-kit/modules.c
+@@ -383,6 +383,12 @@ dlopen_and_get_function_list (Module *mod,
+ 	mod->loaded_module = dl;
+ 
+ 	gi = p11_dl_symbol (dl, "C_GetInterface");
++
++#ifndef OS_WIN32
++	if (gi == C_GetInterface)
++		gi = NULL;
++#endif
++
+ 	if (gi) {
+ 		/* Get the default standard interface */
+ 		rv = gi ((unsigned char *)"PKCS 11", NULL, &interface, 0);

p11-kit-0.24.1.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d8be783efd5cd4ae534cee4132338e3f40f182c3205d23b200094ec85faaaef8
-size 838304

p11-kit-0.25.0.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d55583bcdde83d86579cabe3a8f7f2638675fef01d23cace733ff748fc354706
+size 958940

p11-kit.changes

@@ -1,3 +1,36 @@
+-------------------------------------------------------------------
+Wed Sep 20 21:26:03 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>
+
+- Add d1d4b0ac316a27c739ff91e6c4153f1154e96e5a.patch: Fix probing
+  of C_GetInterface.
+
+-------------------------------------------------------------------
+Wed Sep 20 08:49:47 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 0.25.0:
+  * add PKCS#11 3.0 support
+  * add support for profile objects
+  * add ability to adjust module and config paths at run-time via
+    system environmental exports
+  * make terminal output nicer
+  * p11-kit: add command to print merged configuration
+  * p11-kit: add commands to list, add and delete profiles of a token
+  * trust: add command to check format of .p11-kit files
+  * virtual: fix libffi type signatures for PKCS#11 3.0 functions
+  * server: fix umask setting when --group is specified
+  * server: check SHELL only when neither --sh nor --csh is specified
+  * rpc: use space string in C_InitToken
+  * rpc: fix two off-by-one errors identified by asan
+  * modules: make logging message more translatable
+  * pkcs11.h: support CRYPTOKI_GNU for IBM vendor mechanisms
+  * pkcs11.h: add IBM specific mechanism and attributes
+  * pkcs11.h: add ChaCha20/Salsa20 and Poly1305 mechanisms
+  * pkcs11.h: add AES-GCM mechanism parameters for message-based encryption
+  * po: update translations from Transifex
+- Update upstream p11-kit.keyring file
+- Add missing lang files
+- Switch to using Meson as the build system
+
 -------------------------------------------------------------------
 Mon Aug  8 16:03:57 UTC 2022 - Dirk Müller <dmueller@suse.com>
 

p11-kit.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package p11-kit
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -21,17 +21,25 @@
 %define trustdir_cfg     %{pkidir_cfg}/trust
 %define trustdir_static  %{pkidir_static}/trust
 Name:           p11-kit
-Version:        0.24.1
+Version:        0.25.0
 Release:        0
 Summary:        Library to work with PKCS#11 modules
 License:        BSD-3-Clause
 Group:          Development/Libraries/C and C++
 URL:            https://p11-glue.freedesktop.org/p11-kit.html
-Source0:        https://github.com/p11-glue/p11-kit/releases/download/%{version}/p11-kit-%{version}.tar.xz
+Source0:        https://github.com/p11-glue/%{name}/releases/download/%{version}/%{name}-%{version}.tar.xz
-Source1:        https://github.com/p11-glue/p11-kit/releases/download/%{version}/p11-kit-%{version}.tar.xz.sig
+Source1:        https://github.com/p11-glue/%{name}/releases/download/%{version}/p11-kit-%{version}.tar.xz.sig
-Source98:       p11-kit.keyring
+Source98:       https://p11-glue.github.io/p11-glue/%{name}/%{name}-release-keyring.gpg#/%{name}.keyring
 Source99:       baselibs.conf
+# PATCH-FIX-UPSTREAM d1d4b0ac316a27c739ff91e6c4153f1154e96e5a.patch -- Fix probing of C_GetInterface
+Patch0:         https://github.com/p11-glue/p11-kit/commit/d1d4b0ac316a27c739ff91e6c4153f1154e96e5a.patch
 BuildRequires:  gtk-doc
+%if 0%{?suse_version} >= 1600
+BuildRequires:  libtasn1-tools
+%else
+BuildRequires:  libtasn1
+%endif
+BuildRequires:  meson >= 0.59.0
 BuildRequires:  pkgconfig
 BuildRequires:  pkgconfig(libffi) >= 3.0.0
 BuildRequires:  pkgconfig(libsystemd)
@@ -98,17 +106,16 @@ Command line tools that enable to export PKCS#11 modules through a
 Unix domain socket.  Note that this feature is still experimental.
 
 %prep
-%autosetup
+%autosetup -p1
 
 %build
-%configure \
+%meson -Dtrust_paths=%{trustdir_cfg}:%{trustdir_static} \
-  --with-trust-paths=%{trustdir_cfg}:%{trustdir_static} \
+       -Dbash_completion=disabled \
-  --with-systemd \
+       -Dgtk_doc=true -Dman=true
-  --enable-doc
+%meson_build
-%make_build
 
 %install
-%make_install
+%meson_install
 #
 install -d m 755 %{buildroot}%{trustdir_cfg}/{anchors,blocklist}
 install -d m 755 %{buildroot}%{trustdir_static}/{anchors,blocklist}
@@ -118,7 +125,8 @@ install -d %{buildroot}%{_sysconfdir}/pkcs11/modules
 # Remove sample config away to doc folder. Having the sample there would conflict
 # with future versions of the library on file level. As replacement, we package
 # the file as documentation file.
-rm %{buildroot}%{_sysconfdir}/pkcs11/pkcs11.conf.example
+install -d m 755 %{buildroot}%{_docdir}/libp11-kit0
+mv %{buildroot}%{_sysconfdir}/pkcs11/pkcs11.conf.example %{buildroot}%{_docdir}/libp11-kit0
 find %{buildroot} -type f -name "*.la" -delete -print
 #
 install -d -m 755 %{buildroot}%{_rpmmacrodir}
@@ -137,16 +145,17 @@ ln -s %{_libdir}/pkcs11/p11-kit-trust.so %{buildroot}%{_libdir}/libnssckbi.so
 rm %{buildroot}%{_libexecdir}/%{name}/trust-extract-compat
 ln -s ../../sbin/update-ca-certificates %{buildroot}%{_libexecdir}/%{name}/p11-kit-extract-trust
 export NO_BRP_STALE_LINK_ERROR=yes # *grr*
+%find_lang %{name}
 
 %if !0%{?qemu_user_space_build}
 %check
-%make_build check
+%meson_test
 %endif
 
 %post -n libp11-kit0 -p /sbin/ldconfig
 %postun -n libp11-kit0 -p /sbin/ldconfig
 
-%files
+%files -f %{name}.lang
 %dir %{_libdir}/pkcs11
 %dir %{_datadir}/%{name}
 %dir %{_datadir}/%{name}/modules
@@ -168,7 +177,7 @@ export NO_BRP_STALE_LINK_ERROR=yes # *grr*
 %license COPYING
 # Package the example conf file as documentation. Like this we're sure that we will
 # not introduce conflicts with this version of the library and future ones.
-%doc p11-kit/pkcs11.conf.example
+%doc pkcs11.conf.example
 %doc AUTHORS ChangeLog NEWS README
 %dir %{_sysconfdir}/pkcs11
 %dir %{_sysconfdir}/pkcs11/modules/