Accepting request 1288446 from security:chipcard

OBS-URL: https://build.opensuse.org/request/show/1288446
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libp11?expand=0&rev=42

libp11-0.4.12.tar.gz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEK8fk5n48wMG+py+MLvx/8NQW4BQFAmLs03oACgkQLvx/8NQW
-4BRLfw//RpRc/93cRtlekgf7VwwtO+5MaO3/4umfpkb5jRXq5zOYPGjIBzzZibRS
-pX1y9nnG7pDx65EdyEOM/kI8HcZp4Jkn8PQ0UqT0Ozwm1JrMfGCeRadrYvg2mQY6
-5fHQ7SCub/eofeB9NNN0nHkW28B2r1Y/x728BSbuBixqq9+ZzKPzzah+VgDp+NQ1
-SZ8ummmeZ+kyp3o5FOtrKjBPqo5VzWzucTiq5dH/QYeHl7YcuL/QSgpR0r+G9ei5
-3tirwtxstWHMNFChquI+OLqe2++I+Cq5/Gcz9C/BKKHd00CWWRH4rZrStl8q8kM8
-tIVTIH7Rcf4h4isGBl70TIOIGtxY/9IYLRhoL4aCwy0DtNKYWF5G7zSN5JN/2xvC
-4CFe3Th7sEY65Z8aimwi6/wRi6lQ/sUWcQ/wUJLWL6XepMcgFLogZYgC67sidvyV
-GFlZt4w8PvclfLw4wMZB6u4TkWIKu1uMl00d0rWXNaQWeYgF9aQqHMWMzi0FQzpf
-J4rOcR+knBP1XvtbaAfFdm5q+HFy3HWXNsftMEGbehxy2M1sRBT9tOQv/R4pNtkP
-7oWD7bKHa1kvy5qqiCB9zNQpN2LJKM/kCANQAqmQno1S8ktDYqqd08+U5966Qgis
-UOs/+sOXykEMW+0NmNCA3rQ1ZZ3F9doSsaWBqzZVaEeE6WBEeWk=
-=WqLA
------END PGP SIGNATURE-----

libp11-0.4.16.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:97777640492fa9e5831497e5892e291dfbf39a7b119d9cb6abb3ec8c56d17553
+size 561088

libp11-0.4.16.tar.gz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEK8fk5n48wMG+py+MLvx/8NQW4BQFAmhZkcEACgkQLvx/8NQW
+4BRQlA//bDw/CHSDZpl+HCGDuHB4Yf/j0Ii3oBz4DHWUr2Dmp9Ah/LIoox8i5JCV
+KcaHV6zfJiLCTibRS45ERZvjY2qRDma2Eyc+/xBJBPs4CFFNeWWnre9CpaM72ig4
+lXlzyEJxBLwEI9heZdIpkDd9NkWW0g2YdPEAJmKoYyenzb6lSscecfHpNzyqoWYX
+6DDGFWlRlTINSfjouhHbfslvVgjEJRnQXY39TBSokB2t3+rlqOTqQgDOQFUbuywt
+A6lYPHWiZ7zhUavykAJf9ELBIZ5ne7wIlgQ2R8WM9i9Lr5gVDvccGgd9t2X4GNnV
+qB7tfXqkF/nt+RZ7owfHCS1l2309K+ZfrSsu9LyzNYThlvYQKJ7SXG+/6tqekqxm
+YYbVRzgfATLI8ET7IIVCLBv6hZ4K4PQTHP3Mhbxn0NQM9ys+scaCzgsKj8Y2vAH+
+2M+nIzBWzG0iJWXYsIxMA7MxitJcMMkJkTEFkWmGuANW926hJu+sZJXRDPJKkF0+
+nAM1fvpUQKKWy6ttTW9EaqyvaaxDLZnFGOzhb2oKxcYpfA3W5BL8vwYvJhg0T81w
+bkdTcrqk0UeIbiZ4o8BtQ3ryACBNRA3iJi+2riecCP+OkqIP/9ROC2r2NIv9L8OA
+Qexq9G8jZR4TvV72ZYFDuRrA4kz8xSDqdz6q3kgBxRA8/aWsFcI=
+=sRbA
+-----END PGP SIGNATURE-----

libp11-configure-treat-all-openssl-3.x-releases-the-same.patch

@@ -1,25 +0,0 @@
-From 74497e0fa5b69b15790d6697e1ebce13af842d4c Mon Sep 17 00:00:00 2001
-From: Mike Gilbert <floppym@gentoo.org>
-Date: Thu, 13 Jul 2023 13:52:54 -0400
-Subject: [PATCH] configure: treat all openssl-3.x releases the same
-
-OpenSSL's soversion will not change for any 3.x minor release.
-
-https://www.openssl.org/policies/general/versioning-policy.html
----
- configure.ac | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index b96979d9..c344e84a 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -33,7 +33,7 @@ AC_C_BIGENDIAN
- # issues with applications linking to new openssl, old libp11, and vice versa
- case "`$PKG_CONFIG --modversion --silence-errors libcrypto || \
- 	$PKG_CONFIG --modversion openssl`" in
--	3.1.*|3.0.*) # Predicted engines directory prefix for OpenSSL 3.x
-+	3.*) # Predicted engines directory prefix for OpenSSL 3.x
- 	    LIBP11_LT_OLDEST="3"
- 	    debian_ssl_prefix="openssl-3.0.0";;
- 	1.1.*) # Predicted engines directory prefix for OpenSSL 1.1.x

libp11-openssl-3.1.patch

@@ -1,13 +0,0 @@
-Index: libp11-0.4.12/configure.ac
-===================================================================
---- libp11-0.4.12.orig/configure.ac
-+++ libp11-0.4.12/configure.ac
-@@ -33,7 +33,7 @@ AC_C_BIGENDIAN
- # issues with applications linking to new openssl, old libp11, and vice versa
- case "`$PKG_CONFIG --modversion --silence-errors libcrypto || \
- 	$PKG_CONFIG --modversion openssl`" in
--	3.0.*) # Predicted engines directory prefix for OpenSSL 3.x
-+	3.1.*|3.0.*) # Predicted engines directory prefix for OpenSSL 3.x
- 	    LIBP11_LT_OLDEST="3"
- 	    debian_ssl_prefix="openssl-3.0.0";;
- 	1.1.*) # Predicted engines directory prefix for OpenSSL 1.1.x

libp11.changes

@@ -1,3 +1,68 @@
+-------------------------------------------------------------------
+Tue Jun 24 17:42:52 UTC 2025 - Lucas Mulling <lucas.mulling@suse.com>
+
+- Update to 0.4.16:
+  * Fixed PKCS#11 module synchronization setup that was broken in libp11 0.4.14 (nojocodex)
+
+-------------------------------------------------------------------
+Mon Jun  9 17:30:27 UTC 2025 - Lucas Mulling <lucas.mulling@suse.com>
+
+- Update to 0.4.15:
+  * Fixed incorrectly installing an internal header file (Alex Dupre)
+  * Fixed handling URI schemes of other providers (Małgorzata Olszówka)
+
+-------------------------------------------------------------------
+Mon May 26 12:26:54 UTC 2025 - Lucas Mulling <lucas.mulling@suse.com>
+
+- Update to 0.4.14:
+  * Added the "pkcs11prov" provider for OpenSSL 3.x (Małgorzata Olszówka)
+  * Added generic keypair generation interface and engine ctrl command (Rafael Junio da Cruz)
+  * Added static engine support (Lucas Mülling)
+  * Added PKCS11_FORCE_CLEANUP env variable to force cleanup on exit and stop memory leaks with certain PKCS#11 modules (Małgorzata Olszówka)
+  * Fixed a number of resource leaks (Małgorzata Olszówka, Hazem Zaghloul, Michał Trojnara)
+  * Fixed C_OpenSession error handling (Rafael Junio da Cruz)
+  * Fixed handling of uninitialized tokens (Michał Trojnara)
+  * Removed support for OpenSSL older than 1.0.2 (Michał Trojnara)
+- Create new subpackage openssl-provider-libp11
+- Removed patch fix-wrong-non-static-lib.patch
+
+-------------------------------------------------------------------
+Tue Apr  1 13:15:35 UTC 2025 - Lucas Mulling <lucas.mulling@suse.com>
+
+- Add Provides: openssl-pkcs11:
+  * RH has renamed libp11 to openssl-pkcs11 since 0.4.7-4, in order to keep
+    compatibility we need to provide openssl-pkcs11 (jsc#PED-12017)
+
+-------------------------------------------------------------------
+Fri Dec 20 17:51:35 UTC 2024 - Lucas Mulling <lucas.mulling@suse.com>
+
+- Add patch to fix upstream
+  * fix-wrong-non-static-lib.patch
+
+-------------------------------------------------------------------
+Thu Dec 19 17:26:52 UTC 2024 - Lucas Mulling <lucas.mulling@suse.com>
+
+- Update to 0.4.13:
+  * Increased maximum PIN length (Michał Trojnara)
+  * Fixed several memory leaks (Michał Trojnara, Małgorzata Olszówka)
+  * Don't include libp11.rc VERSIONINFO into pkcs11 (Mikhail Titov)
+  * Improved tests (Małgorzata Olszówka)
+  * Added static ENGINE (libpkcas11.a) build (Marouene Boubakri)
+  * Added a workaround broken foreign key handling in OpenSSL
+  * 3.0.12-3.0.13, 3.1.4-3.1.5, 3.2.0-3.2.1 (Małgorzata Olszówka)
+  * Added a workaround for conflicting atexit() callbacks (Michał Trojnara)
+  * Always login with PIN If FORCE_LOGIN is specified in openssl config
+    (Plamen Todorov)
+  * Added OAEP support to RSA_private_decrypt (Peter Popovec)
+  * Added PKCS11_enumerate_*_ext functions (Harshal Gohel)
+  * Fixed non-null-terminated label padding (Jorge Ramirez-Ortiz)
+  * Fixed several object management issues (Jakub Jelen)
+  * Deferred libp11 initialization until needed (Doug Engert)
+- Removed patches:
+  * libp11-openssl-3.1.patch
+  * libp11-configure-treat-all-openssl-3.x-releases-the-same.patch
+- Enable unit tests
+
 -------------------------------------------------------------------
 Fri Jan 19 10:43:16 UTC 2024 - Otto Hollmann <otto.hollmann@suse.com>
 

libp11.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package libp11
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -25,7 +25,7 @@
 %define libname libp11-3
 %endif
 Name:           libp11
-Version:        0.4.12
+Version:        0.4.16
 Release:        0
 Summary:        Library Implementing a Small Layer on Top of PKCS#11 API
 License:        LGPL-2.1-or-later
@@ -36,16 +36,17 @@ Source1:        https://github.com/OpenSC/libp11/releases/download/%{name}-%{ver
 Source2:        %{name}.keyring
 Source3:        %{name}-rpmlintrc
 Source4:        baselibs.conf
-# PATCH-FIX-UPSTREAM
-Patch0:         libp11-openssl-3.1.patch
-# PATCH-FIX-UPSTREAM
-Patch1:         libp11-configure-treat-all-openssl-3.x-releases-the-same.patch
 BuildRequires:  fdupes
 BuildRequires:  libtool
 BuildRequires:  p11-kit-devel
 BuildRequires:  pkgconfig
 BuildRequires:  pkgconfig(openssl)
 BuildRequires:  pkgconfig(zlib)
+# Required for testing
+BuildRequires:  opensc
+# For pgrep
+BuildRequires:  procps
+BuildRequires:  softhsm
 # The engine_pkcs11 library has been merged into version 0.4.0 and later.
 # (It existed only in security:chipcard OBS repository.
 Obsoletes:      engine_pkcs11 <= 0.2.2
@@ -64,6 +65,9 @@ Token Interface (Cryptoki)".
 %package -n %{libname}
 Summary:        Library Implementing a Small Layer on Top of PKCS#11 API
 Group:          Productivity/Security
+# RH has renamed libp11 to openssl-pkcs11 since 0.4.7-4, in order to keep
+# compatibility we need to provide openssl-pkcs11 (jsc#PED-12017)
+Provides:       openssl-pkcs11 = %{version}-%{release}
 
 %description -n %{libname}
 Libp11 is a library implementing a small layer on top of PKCS#11 API to
@@ -95,6 +99,21 @@ Libp11 source code includes the official header files (version 2.20)
 and thus is "derived from the RSA Security Inc. PKCS #11 Cryptographic
 Token Interface (Cryptoki)".
 
+%package -n openssl-provider-%{name}
+Summary:        Library Implementing a Small Layer on Top of PKCS#11 API
+Group:          Productivity/Security
+
+%description -n openssl-provider-%{name}
+Libp11 is a library implementing a small layer on top of PKCS#11 API to
+make using PKCS#11 implementations easier.
+
+The official name for PKCS#11 is "RSA Security Inc. PKCS #11
+Cryptographic Token Interface (Cryptoki)".
+
+Libp11 source code includes the official header files (version 2.20)
+and thus is "derived from the RSA Security Inc. PKCS #11 Cryptographic
+Token Interface (Cryptoki)".
+
 %package devel
 Summary:        Library Implementing a Small Layer on Top of PKCS#11 API
 Group:          Development/Libraries/C and C++
@@ -120,10 +139,9 @@ echo %{libname} > %{_sourcedir}/baselibs.conf
 %build
 autoreconf -fiv
 %configure \
-  --disable-static \
-  --disable-silent-rules \
-	--enable-doc\
-	--docdir=%{_docdir}/%{libname}
+    --disable-static \
+    --disable-silent-rules \
+    --docdir=%{_docdir}/%{libname}
 %make_build
 
 %install
@@ -132,12 +150,15 @@ mkdir -p %{buildroot}%{_docdir}/%{name} %{buildroot}%{_docdir}/%{libname}
 find %{buildroot} -type f -name "*.la" -delete -print
 %fdupes %{buildroot}%{_docdir}
 
+%check
+%make_build check
+
 %post -n %{libname} -p /sbin/ldconfig
 %postun -n %{libname} -p /sbin/ldconfig
 
 %files -n %{libname}
 %doc %{_docdir}/%{libname}
-%{_libdir}/*.so.*
+%{_libdir}/libp11.so.*
 
 %files -n openssl-engine-%{name}
 %if 0%{?suse_version} > 1325
@@ -146,6 +167,9 @@ find %{buildroot} -type f -name "*.la" -delete -print
 %{_libdir}/engines
 %endif
 
+%files -n openssl-provider-%{name}
+%{_libdir}/ossl-modules
+
 %files devel
 %{_includedir}/*.h
 %{_libdir}/*.so