rpm/p11-kit
SHA256
1
0
Fork 0
forked from pool/p11-kit
Code Pull Requests Activity

Compare commits

merge into: rpm:factory
Branches Tags
rpm:factory
rpm:devel
pool:factory
pool:devel
...
pull from: pool:factory
Branches Tags
pool:factory
pool:devel
rpm:factory
rpm:devel

2 Commits
factory ... factory

Author SHA256 Message Date
Ana Guerrero
0ee2c8780f Accepting request 1201323 from Base:System 
OBS-URL: https://build.opensuse.org/request/show/1201323
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/p11-kit?expand=0&rev=48
 2024-09-16 15:40:18 +00:00
Angel Yankov
73bccc0745 - Update to 0.25.5: 
* iter: fix recursive attribute loading
  * fix building on FreeBSD 14.0 (amd64)
  * Remove p11-kit-d938f4a8a3a2.patch upstream

- Update to 0.25.4:
  * rpc: add support for recursive attributes
  * p11-kit: add function to check run-time version of the library
  * p11-kit: expose version information through macros
  * p11-kit: add option to specify CKA_ID in generate-keypair and
    import-object commands
  * p11-kit: add --provider option to specify PKCS#11 module when
    using p11-kit commands
  * p11-kit: fix a bug where eddsa mechanism isn't recognized in
    generate-keypair
  * p11-kit: fallback to C_GetFunctionList when C_GetInterface
    returns CKR_FUNCTION_NOT_SUPPORTED
  * bug and build fixes

OBS-URL: https://build.opensuse.org/package/show/Base:System/p11-kit?expand=0&rev=64
 2024-09-16 05:15:41 +00:00
7 changed files with 29 additions and 111 deletions
Show Stats Expand all files Collapse all files

BIN
p11-kit-0.25.3.tar.xz (Stored with Git LFS)
View File

Binary file not shown.

BIN
p11-kit-0.25.3.tar.xz.sig
View File

Binary file not shown.

3
p11-kit-0.25.5.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:04d0a86450cdb1be018f26af6699857171a188ac6d5b8c90786a60854e1198e5
size 1002056

BIN
p11-kit-0.25.5.tar.xz.sig Normal file
View File

Binary file not shown.

106
p11-kit-d938f4a8a3a2.patch
View File

@ -1,106 +0,0 @@
From d938f4a8a3a2f371e0a3bc1404a384b4b1f61020 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Sat, 2 Dec 2023 09:24:01 +0900
Subject: [PATCH] import-object: Avoid integer truncation on 32-bit platforms
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The build fails when compiling for 32-bit platforms with
-Werror=incompatible-pointer-types:
CFLAGS="-m32 -march=i686 -Werror=incompatible-pointer-types -Werror=implicit -Werror=int-conversion" setarch i686 -- meson setup _build
setarch i686 -- meson compile -C _build -v
...
../p11-kit/import-object.c: In function add_attrs_pubkey_rsa:
../p11-kit/import-object.c:223:62: error: passing argument 3 of p11_asn1_read from incompatible pointer type [-Werror=incompatible-pointer-types]
223 | attr_modulus.pValue = p11_asn1_read (asn, "modulus", &attr_modulus.ulValueLen);
| ^~~~~~~~~~~~~~~~~~~~~~~~
| |
| long unsigned int *
Reported by Sam James in:
https://github.com/p11-glue/p11-kit/issues/608
Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
p11-kit/import-object.c | 30 +++++++++++++++++++++++++++---
1 file changed, 27 insertions(+), 3 deletions(-)
diff --git a/p11-kit/import-object.c b/p11-kit/import-object.c
index feee0765..fb47b964 100644
--- a/p11-kit/import-object.c
+++ b/p11-kit/import-object.c
@@ -55,6 +55,7 @@
#endif
#include <assert.h>
+#include <limits.h>
#include <stdbool.h>
#include <stdlib.h>
#include <string.h>
@@ -201,6 +202,7 @@ add_attrs_pubkey_rsa (CK_ATTRIBUTE *attrs,
CK_ATTRIBUTE attr_encrypt = { CKA_ENCRYPT, &tval, sizeof (tval) };
CK_ATTRIBUTE attr_modulus = { CKA_MODULUS, };
CK_ATTRIBUTE attr_exponent = { CKA_PUBLIC_EXPONENT, };
+ size_t len = 0;
pubkey = p11_asn1_read (info, "subjectPublicKey", &pubkey_len);
if (pubkey == NULL) {
@@ -220,17 +222,31 @@ add_attrs_pubkey_rsa (CK_ATTRIBUTE *attrs,
goto cleanup;
}
- attr_modulus.pValue = p11_asn1_read (asn, "modulus", &attr_modulus.ulValueLen);
+ attr_modulus.pValue = p11_asn1_read (asn, "modulus", &len);
if (attr_modulus.pValue == NULL) {
p11_message (_("failed to obtain modulus"));
goto cleanup;
}
+#if ULONG_MAX < SIZE_MAX
+ if (len > ULONG_MAX) {
+ p11_message (_("failed to obtain modulus"));
+ goto cleanup;
+ }
+#endif
+ attr_modulus.ulValueLen = len;
- attr_exponent.pValue = p11_asn1_read (asn, "publicExponent", &attr_exponent.ulValueLen);
+ attr_exponent.pValue = p11_asn1_read (asn, "publicExponent", &len);
if (attr_exponent.pValue == NULL) {
p11_message (_("failed to obtain exponent"));
goto cleanup;
}
+#if ULONG_MAX < SIZE_MAX
+ if (len > ULONG_MAX) {
+ p11_message (_("failed to obtain exponent"));
+ goto cleanup;
+ }
+#endif
+ attr_exponent.ulValueLen = len;
result = p11_attrs_build (attrs, &attr_key_type, &attr_encrypt, &attr_modulus, &attr_exponent, NULL);
if (result == NULL) {
@@ -260,12 +276,20 @@ add_attrs_pubkey_ec (CK_ATTRIBUTE *attrs,
CK_ATTRIBUTE attr_key_type = { CKA_KEY_TYPE, &key_type, sizeof (key_type) };
CK_ATTRIBUTE attr_ec_params = { CKA_EC_PARAMS, };
CK_ATTRIBUTE attr_ec_point = { CKA_EC_POINT, };
+ size_t len = 0;
- attr_ec_params.pValue = p11_asn1_read (info, "algorithm.parameters", &attr_ec_params.ulValueLen);
+ attr_ec_params.pValue = p11_asn1_read (info, "algorithm.parameters", &len);
if (attr_ec_params.pValue == NULL) {
p11_message (_("failed to obtain EC parameters"));
goto cleanup;
}
+#if ULONG_MAX < SIZE_MAX
+ if (len > ULONG_MAX) {
+ p11_message (_("failed to obtain EC parameters"));
+ goto cleanup;
+ }
+#endif
+ attr_ec_params.ulValueLen = len;
/* subjectPublicKey is read as BIT STRING value which contains
* EC point data. We need to DER encode this data as OCTET STRING.

25
p11-kit.changes
View File

@ -1,3 +1,28 @@
-------------------------------------------------------------------
Fri Sep 13 07:50:13 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
- Update to 0.25.5:
* iter: fix recursive attribute loading
* fix building on FreeBSD 14.0 (amd64)
* Remove p11-kit-d938f4a8a3a2.patch upstream
-------------------------------------------------------------------
Fri Sep 13 07:47:42 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
- Update to 0.25.4:
* rpc: add support for recursive attributes
* p11-kit: add function to check run-time version of the library
* p11-kit: expose version information through macros
* p11-kit: add option to specify CKA_ID in generate-keypair and
import-object commands
* p11-kit: add --provider option to specify PKCS#11 module when
using p11-kit commands
* p11-kit: fix a bug where eddsa mechanism isn't recognized in
generate-keypair
* p11-kit: fallback to C_GetFunctionList when C_GetInterface
returns CKR_FUNCTION_NOT_SUPPORTED
* bug and build fixes
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Jul 26 15:15:20 UTC 2024 - Martin Jambor <mjambor@suse.com> Fri Jul 26 15:15:20 UTC 2024 - Martin Jambor <mjambor@suse.com>

3
p11-kit.spec
View File

@ -21,7 +21,7 @@
%define trustdir_cfg %{pkidir_cfg}/trust %define trustdir_cfg %{pkidir_cfg}/trust
%define trustdir_static %{pkidir_static}/trust %define trustdir_static %{pkidir_static}/trust
Name: p11-kit Name: p11-kit
Version: 0.25.3 Version: 0.25.5
Release: 0 Release: 0
Summary: Library to work with PKCS#11 modules Summary: Library to work with PKCS#11 modules
License: BSD-3-Clause License: BSD-3-Clause
@ -31,7 +31,6 @@ Source0: https://github.com/p11-glue/%{name}/releases/download/%{version}
Source1: https://github.com/p11-glue/%{name}/releases/download/%{version}/p11-kit-%{version}.tar.xz.sig Source1: https://github.com/p11-glue/%{name}/releases/download/%{version}/p11-kit-%{version}.tar.xz.sig
Source98: https://p11-glue.github.io/p11-glue/%{name}/%{name}-release-keyring.gpg#/%{name}.keyring Source98: https://p11-glue.github.io/p11-glue/%{name}/%{name}-release-keyring.gpg#/%{name}.keyring
Source99: baselibs.conf Source99: baselibs.conf
Patch1: p11-kit-d938f4a8a3a2.patch
BuildRequires: gtk-doc BuildRequires: gtk-doc
%if 0%{?suse_version} >= 1600 %if 0%{?suse_version} >= 1600
BuildRequires: libtasn1-tools BuildRequires: libtasn1-tools