Compare commits

...

No commits in common. 'c8' and 'c9' have entirely different histories.
c8 ... c9

5
.gitignore vendored

@ -1,2 +1,3 @@
SOURCES/gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg SOURCES/p11-kit-0.25.3.tar.xz
SOURCES/p11-kit-0.23.22.tar.xz SOURCES/p11-kit-0.25.3.tar.xz.sig
SOURCES/p11-kit-release-keyring.gpg

@ -1,2 +1,3 @@
526f07b62624739ba318a171bab3352af91d0134 SOURCES/gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg 796f3b69cad054a52e04f520459beaaab936b99f SOURCES/p11-kit-0.25.3.tar.xz
339e5163ed50a9984a74739b9207ea8cd77fa7e2 SOURCES/p11-kit-0.23.22.tar.xz 4133131840ef3f9609403fe391ce414878bcb9f1 SOURCES/p11-kit-0.25.3.tar.xz.sig
6fecd5be3ee12d07f6f61a65e18523ee03e0f925 SOURCES/p11-kit-release-keyring.gpg

@ -0,0 +1,298 @@
From 58cd1c05e001a4fe250c15f3599e79974bc509e3 Mon Sep 17 00:00:00 2001
From: Zoltan Fridrich <zfridric@redhat.com>
Date: Thu, 16 Nov 2023 10:12:14 +0100
Subject: [PATCH] Fix issues found by static analysis
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
---
common/frob-getprogname.c | 4 ++--
common/test.c | 4 +---
p11-kit/generate-keypair.c | 25 +++++++++----------------
p11-kit/import-object.c | 22 +++++-----------------
p11-kit/lists.c | 1 +
p11-kit/print-config.c | 4 +++-
p11-kit/rpc-client.c | 6 ++++--
p11-kit/test-uri.c | 4 ++--
trust/test-trust.c | 2 +-
9 files changed, 28 insertions(+), 44 deletions(-)
diff --git a/common/frob-getprogname.c b/common/frob-getprogname.c
index ead658cc8..46e3b7fd3 100644
--- a/common/frob-getprogname.c
+++ b/common/frob-getprogname.c
@@ -76,14 +76,14 @@ main (int argc,
execv (BUILDDIR "/common/frob-getprogname" EXEEXT, args);
} else {
int status;
- char buffer[1024];
+ char buffer[1024] = { 0 };
size_t offset = 0;
ssize_t nread;
char *p;
close (pfds[1]);
while (1) {
- nread = read (pfds[0], buffer + offset, sizeof(buffer) - offset);
+ nread = read (pfds[0], buffer + offset, sizeof(buffer) - offset - 1);
if (nread < 0) {
perror ("read");
exit (EXIT_FAILURE);
diff --git a/common/test.c b/common/test.c
index 3ed98da01..6cdbd1fa2 100644
--- a/common/test.c
+++ b/common/test.c
@@ -272,7 +272,6 @@ p11_testx (void (* function) (void *),
test_item item = { TEST, };
va_list va;
- item.type = TEST;
item.x.test.func = function;
item.x.test.argument = argument;
@@ -287,9 +286,8 @@ void
p11_fixture (void (* setup) (void *),
void (* teardown) (void *))
{
- test_item item;
+ test_item item = { FIXTURE, };
- item.type = FIXTURE;
item.x.fix.setup = setup;
item.x.fix.teardown = teardown;
diff --git a/p11-kit/generate-keypair.c b/p11-kit/generate-keypair.c
index 49dc11830..695103d1d 100644
--- a/p11-kit/generate-keypair.c
+++ b/p11-kit/generate-keypair.c
@@ -351,7 +351,7 @@ int
p11_kit_generate_keypair (int argc,
char *argv[])
{
- int opt, ret = 2;
+ int opt, ret;
char *label = NULL;
CK_ULONG bits = 0;
const uint8_t *ec_params = NULL;
@@ -396,31 +396,27 @@ p11_kit_generate_keypair (int argc,
while ((opt = p11_tool_getopt (argc, argv, options)) != -1) {
switch (opt) {
case opt_label:
- label = strdup (optarg);
- if (label == NULL) {
- p11_message (_("failed to allocate memory"));
- goto cleanup;
- }
+ label = optarg;
break;
case opt_type:
mechanism = get_mechanism (optarg);
if (mechanism.mechanism == CKA_INVALID) {
p11_message (_("unknown mechanism type: %s"), optarg);
- goto cleanup;
+ return 2;
}
break;
case opt_bits:
bits = strtol (optarg, NULL, 10);
if (bits == 0) {
p11_message (_("failed to parse bits value: %s"), optarg);
- goto cleanup;
+ return 2;
}
break;
case opt_curve:
ec_params = get_ec_params (optarg, &ec_params_len);
if (ec_params == NULL) {
p11_message (_("unknown curve name: %s"), optarg);
- goto cleanup;
+ return 2;
}
break;
case opt_login:
@@ -434,10 +430,9 @@ p11_kit_generate_keypair (int argc,
break;
case opt_help:
p11_tool_usage (usages, options);
- ret = 0;
- goto cleanup;
+ return 0;
case '?':
- goto cleanup;
+ return 2;
default:
assert_not_reached ();
break;
@@ -449,11 +444,11 @@ p11_kit_generate_keypair (int argc,
if (argc != 1) {
p11_tool_usage (usages, options);
- goto cleanup;
+ return 2;
}
if (!check_args (mechanism.mechanism, bits, ec_params))
- goto cleanup;
+ return 2;
#ifdef OS_UNIX
/* Register a fallback PIN callback that reads from terminal.
@@ -464,11 +459,9 @@ p11_kit_generate_keypair (int argc,
ret = generate_keypair (*argv, label, mechanism, bits, ec_params, ec_params_len, login);
-cleanup:
#ifdef OS_UNIX
p11_kit_pin_unregister_callback ("tty", p11_pin_tty_callback, NULL);
#endif
- free (label);
return ret;
}
diff --git a/p11-kit/import-object.c b/p11-kit/import-object.c
index 270a0e027..feee07659 100644
--- a/p11-kit/import-object.c
+++ b/p11-kit/import-object.c
@@ -500,7 +500,7 @@ int
p11_kit_import_object (int argc,
char *argv[])
{
- int opt, ret = 2;
+ int opt, ret;
char *label = NULL;
char *file = NULL;
bool login = false;
@@ -536,18 +536,10 @@ p11_kit_import_object (int argc,
while ((opt = p11_tool_getopt (argc, argv, options)) != -1) {
switch (opt) {
case opt_label:
- label = strdup (optarg);
- if (label == NULL) {
- p11_message (_("failed to allocate memory"));
- goto cleanup;
- }
+ label = optarg;
break;
case opt_file:
- file = strdup (optarg);
- if (file == NULL) {
- p11_message (_("failed to allocate memory"));
- goto cleanup;
- }
+ file = optarg;
break;
case opt_login:
login = true;
@@ -574,12 +566,12 @@ p11_kit_import_object (int argc,
if (argc != 1) {
p11_tool_usage (usages, options);
- goto cleanup;
+ return 2;
}
if (file == NULL) {
p11_message (_("no file specified"));
- goto cleanup;
+ return 2;
}
#ifdef OS_UNIX
@@ -595,10 +587,6 @@ p11_kit_import_object (int argc,
p11_kit_pin_unregister_callback ("tty", p11_pin_tty_callback, NULL);
#endif
-cleanup:
- free (label);
- free (file);
-
return ret;
}
diff --git a/p11-kit/lists.c b/p11-kit/lists.c
index df58beb3f..007bb0f12 100644
--- a/p11-kit/lists.c
+++ b/p11-kit/lists.c
@@ -295,6 +295,7 @@ print_modules (void)
if (rv != CKR_OK) {
p11_message (_("couldn't load module info: %s"),
p11_kit_strerror (rv));
+ p11_kit_modules_finalize_and_release (module_list);
return 1;
}
diff --git a/p11-kit/print-config.c b/p11-kit/print-config.c
index 173b55feb..29daf3871 100644
--- a/p11-kit/print-config.c
+++ b/p11-kit/print-config.c
@@ -74,8 +74,10 @@ print_config (void)
P11_PACKAGE_CONFIG_MODULES,
P11_SYSTEM_CONFIG_MODULES,
P11_USER_CONFIG_MODULES);
- if (modules_conf == NULL)
+ if (modules_conf == NULL) {
+ p11_dict_free (global_conf);
return 1;
+ }
printf ("[global]\n");
p11_dict_iterate (global_conf, &i);
diff --git a/p11-kit/rpc-client.c b/p11-kit/rpc-client.c
index fb39103eb..19b628b1a 100644
--- a/p11-kit/rpc-client.c
+++ b/p11-kit/rpc-client.c
@@ -173,6 +173,8 @@ call_done (rpc_client *module,
p11_rpc_message *msg,
CK_RV ret)
{
+ p11_buffer *buf;
+
assert (module != NULL);
assert (msg != NULL);
@@ -189,9 +191,9 @@ call_done (rpc_client *module,
/* We used the same buffer for input/output, so this frees both */
assert (msg->input == msg->output);
- p11_rpc_buffer_free (msg->input);
-
+ buf = msg->input;
p11_rpc_message_clear (msg);
+ p11_rpc_buffer_free (buf);
return ret;
}
diff --git a/p11-kit/test-uri.c b/p11-kit/test-uri.c
index 32e8da703..18b7a108a 100644
--- a/p11-kit/test-uri.c
+++ b/p11-kit/test-uri.c
@@ -1019,7 +1019,7 @@ test_uri_get_set_unrecognized (void)
static void
test_uri_match_token (void)
{
- CK_TOKEN_INFO token;
+ CK_TOKEN_INFO token = { 0 };
P11KitUri *uri;
int ret;
@@ -1056,7 +1056,7 @@ test_uri_match_token (void)
static void
test_uri_match_module (void)
{
- CK_INFO info;
+ CK_INFO info = { 0 };
P11KitUri *uri;
int ret;
diff --git a/trust/test-trust.c b/trust/test-trust.c
index 29b2797b5..3b27a1f31 100644
--- a/trust/test-trust.c
+++ b/trust/test-trust.c
@@ -258,7 +258,7 @@ test_check_symlink_msg (const char *file,
if (asprintf (&filename, "%s/%s", directory, name) < 0)
assert_not_reached ();
- if (readlink (filename, buf, sizeof (buf)) < 0)
+ if (readlink (filename, buf, sizeof (buf) - 1) < 0)
p11_test_fail (file, line, function, "Couldn't read symlink: %s", filename);
if (strcmp (destination, buf) != 0)

@ -0,0 +1,73 @@
From a8b94642dbe6d52aa7a7805fbb60b64c4cfd7245 Mon Sep 17 00:00:00 2001
From: Zoltan Fridrich <zfridric@redhat.com>
Date: Thu, 3 Oct 2024 11:34:14 +0200
Subject: [PATCH] trust: don't create file names longer then 255
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
---
trust/save.c | 19 ++++++++++++++++---
1 file changed, 16 insertions(+), 3 deletions(-)
diff --git a/trust/save.c b/trust/save.c
index 057a9c5e3..acabcbf6d 100644
--- a/trust/save.c
+++ b/trust/save.c
@@ -61,6 +61,8 @@
#define O_DIRECTORY 0
#endif
+#define MAX_FILE_NAME 255
+
struct _p11_save_file {
char *bare;
char *extension;
@@ -414,12 +416,23 @@ make_unique_name (const char *bare,
p11_buffer buf;
int ret;
int i;
+ int bare_len, ext_len, diff;
assert (bare != NULL);
assert (check != NULL);
p11_buffer_init_null (&buf, 0);
+ /*
+ * Make sure the name will not be longer then MAX_FILE_NAME
+ */
+ bare_len = strlen (bare);
+ ext_len = extension ? strlen (extension) : 0;
+ diff = bare_len + ext_len + sizeof (unique) - MAX_FILE_NAME;
+ if (diff > 0)
+ bare_len -= diff;
+ return_val_if_fail (bare_len > 0, NULL);
+
for (i = 0; true; i++) {
p11_buffer_reset (&buf, 64);
@@ -431,7 +444,7 @@ make_unique_name (const char *bare,
* provided by the caller.
*/
case 0:
- p11_buffer_add (&buf, bare, -1);
+ p11_buffer_add (&buf, bare, bare_len);
break;
/*
@@ -448,14 +461,14 @@ make_unique_name (const char *bare,
/* fall through */
default:
- p11_buffer_add (&buf, bare, -1);
+ p11_buffer_add (&buf, bare, bare_len);
snprintf (unique, sizeof (unique), ".%d", i);
p11_buffer_add (&buf, unique, -1);
break;
}
if (extension)
- p11_buffer_add (&buf, extension, -1);
+ p11_buffer_add (&buf, extension, ext_len);
return_val_if_fail (p11_buffer_ok (&buf), NULL);

@ -1,42 +0,0 @@
From a91266ef087532e2332c75c4fd9244df66f30b64 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Fri, 18 Dec 2020 13:37:10 +0100
Subject: [PATCH] meson: Link trust/client modules explicitly to -ldl
This adds the -ldl link flag missing in the meson build, but present
in the autotools build. Although the use-case is unlikely, this
allows those modules to be linked as a normal shared library to a
program.
---
p11-kit/meson.build | 1 +
trust/meson.build | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/p11-kit/meson.build b/p11-kit/meson.build
index 7d57cd7..02147a9 100644
--- a/p11-kit/meson.build
+++ b/p11-kit/meson.build
@@ -92,6 +92,7 @@ if host_system != 'windows'
'client.c', 'client-init.c',
name_prefix: '',
include_directories: [configinc, commoninc],
+ dependencies: dlopen_deps,
link_args: p11_module_ldflags,
link_depends: [p11_module_symbol_map,
p11_module_symbol_def],
diff --git a/trust/meson.build b/trust/meson.build
index 482a3c1..d4a8e15 100644
--- a/trust/meson.build
+++ b/trust/meson.build
@@ -56,7 +56,7 @@ shared_module('p11-kit-trust',
'module-init.c',
name_prefix: '',
c_args: p11_kit_trust_c_args,
- dependencies: [asn_h_dep, libp11_library_dep] + libtasn1_deps,
+ dependencies: [asn_h_dep, libp11_library_dep] + dlopen_deps + libtasn1_deps,
link_args: p11_module_ldflags,
link_depends: [p11_module_symbol_map,
p11_module_symbol_def],
--
2.29.2

@ -1,22 +1,22 @@
# This spec file has been automatically updated # This spec file has been automatically updated
Version: 0.23.22 Version: 0.25.3
Release: 1%{?dist} Release: 3%{?dist}
Name: p11-kit Name: p11-kit
Summary: Library for loading and sharing PKCS#11 modules Summary: Library for loading and sharing PKCS#11 modules
License: BSD License: BSD-3-Clause
URL: http://p11-glue.freedesktop.org/p11-kit.html URL: http://p11-glue.freedesktop.org/p11-kit.html
Source0: https://github.com/p11-glue/p11-kit/releases/download/%{version}/p11-kit-%{version}.tar.xz Source0: https://github.com/p11-glue/p11-kit/releases/download/%{version}/p11-kit-%{version}.tar.xz
Source1: https://github.com/p11-glue/p11-kit/releases/download/%{version}/p11-kit-%{version}.tar.xz.sig Source1: https://github.com/p11-glue/p11-kit/releases/download/%{version}/p11-kit-%{version}.tar.xz.sig
Source2: gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg Source2: https://p11-glue.github.io/p11-glue/p11-kit/p11-kit-release-keyring.gpg
Source3: trust-extract-compat Source3: trust-extract-compat
Source4: p11-kit-client.service Source4: p11-kit-client.service
Patch1: p11-kit-dt-needed.patch Patch: 001-static-analysis.patch
Patch: p11-kit-0.25.5-trust-file-length.patch
BuildRequires: gcc BuildRequires: gcc
BuildRequires: libtasn1-devel >= 2.3 BuildRequires: libtasn1-devel >= 2.3
BuildRequires: libtasn1-tools
BuildRequires: libffi-devel BuildRequires: libffi-devel
BuildRequires: gettext BuildRequires: gettext
BuildRequires: gtk-doc BuildRequires: gtk-doc
@ -26,6 +26,7 @@ BuildRequires: bash-completion
# Work around for https://bugzilla.redhat.com/show_bug.cgi?id=1497147 # Work around for https://bugzilla.redhat.com/show_bug.cgi?id=1497147
# Remove this once it is fixed # Remove this once it is fixed
BuildRequires: pkgconfig(glib-2.0) BuildRequires: pkgconfig(glib-2.0)
BuildRequires: pkgconfig(systemd)
BuildRequires: gnupg2 BuildRequires: gnupg2
BuildRequires: /usr/bin/xsltproc BuildRequires: /usr/bin/xsltproc
@ -47,13 +48,13 @@ developing applications that use %{name}.
%package trust %package trust
Summary: System trust module from %{name} Summary: System trust module from %{name}
Requires: %{name}%{?_isa} = %{version}-%{release} Requires: %{name}%{?_isa} = %{version}-%{release}
Requires(post): %{_sbindir}/update-alternatives Requires(post): %{_sbindir}/alternatives
Requires(postun): %{_sbindir}/update-alternatives Requires(postun): %{_sbindir}/alternatives
Conflicts: nss < 3.14.3-9 Conflicts: nss < 3.14.3-9
%description trust %description trust
The %{name}-trust package contains a system trust PKCS#11 module which The %{name}-trust package contains a system trust PKCS#11 module which
contains certificate anchors and black lists. contains certificate anchors and blocklists.
%package server %package server
@ -102,13 +103,12 @@ install -p -m 644 %{SOURCE4} $RPM_BUILD_ROOT%{_userunitdir}
%post trust %post trust
%{_sbindir}/update-alternatives --install %{_libdir}/libnssckbi.so \ %{_sbindir}/alternatives --install %{_libdir}/libnssckbi.so %{alt_ckbi} %{_libdir}/pkcs11/p11-kit-trust.so 30
%{alt_ckbi} %{_libdir}/pkcs11/p11-kit-trust.so 30
%postun trust %postun trust
if [ $1 -eq 0 ] ; then if [ $1 -eq 0 ] ; then
# package removal # package removal
%{_sbindir}/update-alternatives --remove %{alt_ckbi} %{_libdir}/pkcs11/p11-kit-trust.so %{_sbindir}/alternatives --remove %{alt_ckbi} %{_libdir}/pkcs11/p11-kit-trust.so
fi fi
@ -155,39 +155,242 @@ fi
%changelog %changelog
* Mon Jan 11 2021 Daiki Ueno <dueno@redhat.com> - 0.23.22-1 * Fri Oct 25 2024 Zoltan Fridrich <zfridric@redhat.com> - 0.25.3-3
- Rebase to 0.23.22 to fix memory safety issues (CVE-2020-29361, CVE-2020-29362, and CVE-2020-29363) - Fix regression in trust where file creation fails for long cert labels
- Preserve DT_NEEDED information from the previous version, flagged by rpmdiff Resolves: RHEL-64917
- Add xsltproc to BR
* Thu Nov 23 2023 Zoltan Fridrich <zfridric@redhat.com> - 0.25.3-2
* Tue Nov 10 2020 Daiki Ueno <dueno@redhat.com> - 0.23.21-4 - Fix issues found by static analysis
- Fix realloc usage on proxy cleanup (#1894979) Related: RHEL-14834
- Make 'trust anchor --store' preserve all attributes from .p11-kit files
* Wed Nov 15 2023 Zoltan Fridrich <zfridric@redhat.com> - 0.25.3-1
* Tue Nov 3 2020 Daiki Ueno <dueno@redhat.com> - 0.23.21-3 - Update to new upstream release 0.25.3
- Restore clobbered changelog entry Resolves: RHEL-14834
* Mon Nov 2 2020 Daiki Ueno <dueno@redhat.com> - 0.23.21-2 * Wed Nov 8 2023 Zoltan Fridrich <zfridric@redhat.com> - 0.25.2-1
- Update p11-kit-invalid-config.patch to be more thorough (thanks to - Update to new upstream release 0.25.2
Alexander Sosedkin) Resolves: RHEL-14834
- Add IBM specific mechanisms and attributes
* Tue Oct 20 2020 Daiki Ueno <dueno@redhat.com> - 0.23.21-1 Resolves: RHEL-10570
- Update to upstream 0.23.21 release
* Tue Feb 1 2022 Daiki Ueno <dueno@redhat.com> - 0.24.1-2
* Fri Mar 29 2019 Daiki Ueno <dueno@redhat.com> - 0.23.14-5 - Replace "black list" with "blocklist" in -trust subpackage description (#2026457)
- Fix crash on unloading the library, when it is both linked and dlopen'ed
* Mon Jan 17 2022 Packit Service <user-cont-team+packit-service@redhat.com> - 0.24.1-1
- Release 0.24.1 (Daiki Ueno)
- common: Support copying attribute array recursively (Daiki Ueno)
- common: Add assert_ptr_cmp (Daiki Ueno)
- gtkdoc: remove dependencies on custom target files (Eli Schwartz)
- doc: Replace occurrence of black list with blocklist (Daiki Ueno)
- build: Suppress cppcheck false-positive on array bounds (Daiki Ueno)
- ci: Use Docker image from the same repository (Daiki Ueno)
- ci: Integrate Docker image building to GitHub workflow (Daiki Ueno)
- rpc: Fallback to version 0 if server does not support negotiation (Daiki Ueno)
- build: Port e850e03be65ed573d0b69ee0408e776c08fad8a3 to meson (Daiki Ueno)
- Link libp11-kit so that it cannot unload (Emmanuel Dreyfus)
- trust: Use dngettext for plurals (Daiki Ueno)
- rpc: Support protocol version negotiation (Daiki Ueno)
- rpc: Separate authentication step from transaction (Daiki Ueno)
- Meson: p11_system_config_modules instead of p11_package_config_modules (Issam E. Maghni)
- shell: test -a|o is not POSIX (Issam E. Maghni)
- Meson: Add libtasn1 to trust programs (Issam E. Maghni)
- meson: optionalise glib's development files for gtk_doc (Đoàn Trần Công Danh)
* Wed Aug 18 2021 DJ Delorie <dj@redhat.com> - 0.24.0-4
- Rebuilt for libffi 3.4.2 SONAME transition.
Related: rhbz#1891914
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.24.0-3
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Tue Jul 13 2021 Daiki Ueno <dueno@redhat.com> - 0.24.0-2
- Rebuild with newer GCC to fix annocheck failures
* Thu Jun 03 2021 Packit Service <user-cont-team+packit-service@redhat.com> - 0.24.0-1
- common: Only check strndup behavior when replacement is used (Daiki Ueno)
- Release 0.24.0 (Daiki Ueno)
- Release 0.23.22 (Daiki Ueno)
- rpc: Tighten attribute array check with manual enumeration (Daiki Ueno)
- Check for SUN_LEN and provide fallback (Claes Nästén)
- Do not define _XOPEN_SOURCE in compat.c on Solaris (Claes Nästén)
- make autogen.sh a bit more portable (Claes Nästén)
- rpc-server: Disable parsing CKF_ARRAY_ATTRIBUTE (Daiki Ueno)
- Update README.md (Daiki Ueno)
- README.md: Suggest using only meson sub-commands instead of ninja (Daiki Ueno)
- p11-kit: Add missing <limits.h> include for SIZE_MAX (Daiki Ueno)
- packit: drop synced_files (Tomas Tomecek)
- packit: fedora renamed master branch to rawhide (Tomas Tomecek)
- Fix minor typo (Yuri Chornoivan)
- po: Add trust/trust.c to POTFILES.in (Daiki Ueno)
- po: Update POTFILES.in (Daiki Ueno)
- trust: Make more strings translatable (Daiki Ueno)
- p11-kit: Make more strings translatable (Daiki Ueno)
- common: Enable message translation in p11_tool_main (Daiki Ueno)
- meson: Make sure to set PROJECT_NAME and ENABLE_NLS for 'nls' option (Daiki Ueno)
- build: Add fuzz/meson.build in the distribution (Daiki Ueno)
- fuzz: Move the directory out of build/ (Daiki Ueno)
- Release all library/mock resources before exit (David Cook)
- Add separate oss-fuzz Makefile target (David Cook)
- Add build targets for future additional fuzzers (David Cook)
- Build fuzzer target from meson/ninja (David Cook)
- Explicit dependency for virtual-fixed-generated.h (David Cook)
- Build fuzzer target from automake (David Cook)
- rpc_fuzzer: Clean up buffer before exit (David Cook)
- New set of fuzzer seeds (David Cook)
- github: Remove unnecessary SRCDIR envvar (Daiki Ueno)
- github: Use runuser instead of su for building and testing (Daiki Ueno)
- github: Use composite action to simplify the main recipe (Daiki Ueno)
- github: Use pre-built container image for building (Daiki Ueno)
- README.md: Add GitHub workflow status (Daiki Ueno)
- travis: Remove configurations other than FreeBSD (Daiki Ueno)
- autotools: Fix for VPATH build (Daiki Ueno)
- github actions: Initial CI setup (Anderson Toshiyuki Sasaki)
- modules: p11_kit_initialize_module: Remove redundant module unref (Daiki Ueno)
- server: Account for NUL byte at the end of Unix domain socket path (Daiki Ueno)
- compat: Expose FreeBSD specific issetugid, getresuid, and getresgid (Daiki Ueno)
- compat: Remove <unistd.h> inclusion from compat.h (Daiki Ueno)
- compat: Avoid unused variables warning in fdwalk emulation (Daiki Ueno)
- compat: Pacify ASan complaints on intentionally leaked buffer (Daiki Ueno)
- meson: Link trust/client modules explicitly to -ldl (Daiki Ueno)
- p11-kit/lists.c: Add stdint.h to fix compilation (Daniel Engberg)
- Follow-up to arithmetic overflow fix (David Cook)
- Check for arithmetic overflows before allocating (David Cook)
- Check attribute length against buffer size (David Cook)
- Fix bounds check in p11_rpc_buffer_get_byte_array (David Cook)
- Fix buffer overflow in log_token_info (David Cook)
- common: Don't assume __STDC_VERSION__ is always defined (Daiki Ueno)
- compat: getauxval: correct compiler macro for FreeBSD (Daiki Ueno)
- compat: fdwalk: add guard for Linux specific local variables (Daiki Ueno)
- meson: Add missing libtasn1 dependency (Daiki Ueno)
- travis: Add freebsd build (Daiki Ueno)
- anchor: Prefer persistent format when storing anchor (Daiki Ueno)
- travis: Run "make check" along with "make distcheck" for coverage (Daiki Ueno)
- travis: Use python3 as the default Python interpreter (Daiki Ueno)
- travis: Route to Ubuntu 20.04 base image (Daiki Ueno)
- meson: Set -fstack-protector for MinGW64 cross build (Daiki Ueno)
- meson: expand ternary operator in function call for compatibility (Daiki Ueno)
- meson: Use custom_target for generating external XML entities (Daiki Ueno)
- meson: Allow building manpages without gtk-doc (Jan Alexander Steffens (heftig))
- Rename is_path_component to is_path_separator (Alexander Sosedkin)
- Use is_path_component in one more place (Alexander Sosedkin)
- Remove more duplicate separators in p11_path_build (Alexander Sosedkin)
- common: Fix infloop in p11_path_build (Daiki Ueno)
- Use inclusive language on certificate distrust (Daiki Ueno)
- proxy: C_CloseAllSessions: Make sure that calloc args are non-zero (Daiki Ueno)
- build: Use calloc in a consistent manner (Daiki Ueno)
- meson: Allow override of default bashcompdir. Fixes meson regression (issue #322). Pass -Dbashcompdir=/xxx to meson. (John Hein)
- common: Check for a NULL locale before freeing it (Tavian Barnes)
- p11_test_copy_setgid: Skip setgid tests on nosuid filesystems (Anders Kaseorg)
- unix-peer: replace incorrect include1 (Rosen Penev)
- test-compat: Skip getprogname test if BUILDDIR contains a symlink (Daiki Ueno)
- add trust-extract-compat into EXTRA-DIST (X Ruoyao)
- meson: install trust-extract-compat (X Ruoyao)
- rename trust-extract-compat.in to trust-extract-compat (X Ruoyao)
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.23.22-4
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Tue Jan 26 2021 Daiki Ueno <dueno@redhat.com> - 0.23.22-3
- Suppress intentional memleak in getprogname emulation (#1905581)
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.23.22-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Fri Dec 11 2020 Packit Service <user-cont-team+packit-service@redhat.com> - 0.23.22-1
- Release 0.23.22 (Daiki Ueno)
- Follow-up to arithmetic overflow fix (David Cook)
- Check for arithmetic overflows before allocating (David Cook)
- Check attribute length against buffer size (David Cook)
- Fix bounds check in p11_rpc_buffer_get_byte_array (David Cook)
- Fix buffer overflow in log_token_info (David Cook)
- common: Don't assume __STDC_VERSION__ is always defined (Daiki Ueno)
- compat: getauxval: correct compiler macro for FreeBSD (Daiki Ueno)
- compat: fdwalk: add guard for Linux specific local variables (Daiki Ueno)
- meson: Add missing libtasn1 dependency (Daiki Ueno)
- travis: Add freebsd build (Daiki Ueno)
- anchor: Prefer persistent format when storing anchor (Daiki Ueno)
- travis: Run "make check" along with "make distcheck" for coverage (Daiki Ueno)
- travis: Use python3 as the default Python interpreter (Daiki Ueno)
- travis: Route to Ubuntu 20.04 base image (Daiki Ueno)
- meson: Set -fstack-protector for MinGW64 cross build (Daiki Ueno)
- meson: expand ternary operator in function call for compatibility (Daiki Ueno)
- meson: Use custom_target for generating external XML entities (Daiki Ueno)
- meson: Allow building manpages without gtk-doc (Jan Alexander Steffens (heftig))
- Rename is_path_component to is_path_separator (Alexander Sosedkin)
- Use is_path_component in one more place (Alexander Sosedkin)
- Remove more duplicate separators in p11_path_build (Alexander Sosedkin)
- common: Fix infloop in p11_path_build (Daiki Ueno)
- proxy: C_CloseAllSessions: Make sure that calloc args are non-zero (Daiki Ueno)
- build: Use calloc in a consistent manner (Daiki Ueno)
- meson: Allow override of default bashcompdir. Fixes meson regression (issue #322). Pass -Dbashcompdir=/xxx to meson. (John Hein)
- common: Check for a NULL locale before freeing it (Tavian Barnes)
- p11_test_copy_setgid: Skip setgid tests on nosuid filesystems (Anders Kaseorg)
- unix-peer: replace incorrect include1 (Rosen Penev)
- test-compat: Skip getprogname test if BUILDDIR contains a symlink (Daiki Ueno)
- add trust-extract-compat into EXTRA-DIST (X Ruoyao)
- meson: install trust-extract-compat (X Ruoyao)
- rename trust-extract-compat.in to trust-extract-compat (X Ruoyao)
* Thu Nov 12 2020 Alexander Sosedkin <asosedkin@redhat.com> - 0.23.21-3
- Add an explicit build dependency on xsltproc
* Tue Aug 18 2020 Packit Service <user-cont-team+packit-service@redhat.com> - 0.23.21-2
- new upstream release: 0.23.21
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.23.20-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jan 29 2020 Daiki Ueno <dueno@redhat.com> - 0.23.20-1
- Update to upstream 0.23.20 release
* Wed Jan 22 2020 Daiki Ueno <dueno@redhat.com> - 0.23.19-1
- Update to upstream 0.23.19 release
- Check archive signature in %%prep
- Switch to using Meson as the build system
* Mon Sep 30 2019 Daiki Ueno <dueno@redhat.com> - 0.23.18.1-1
- Update to upstream 0.23.18.1 release
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.23.16.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Thu May 23 2019 Daiki Ueno <dueno@redhat.com> - 0.23.16.1-1
- Update to upstream 0.23.16.1 release
* Thu May 23 2019 Daiki Ueno <dueno@redhat.com> - 0.23.16-1
- Update to upstream 0.23.16 release
* Mon Feb 18 2019 Daiki Ueno <dueno@redhat.com> - 0.23.15-3
- trust: Ignore unreadable content in anchors
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.23.15-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Jan 21 2019 Daiki Ueno <dueno@redhat.com> - 0.23.15-1
- Update to upstream 0.23.15 release
* Fri Jan 11 2019 Nils Philippsen <nils@tiptoe.de> - 0.23.14-3
- use spaces instead of tabs consistently
- prefer fixed closures to libffi closures (#1656245, patch by Daiki Ueno)
* Mon Oct 29 2018 James Antill <james.antill@redhat.com> - 0.23.14-2
- Remove ldconfig scriptlet, now done via. transfiletrigger in glibc.
* Fri Sep 07 2018 Daiki Ueno <dueno@redhat.com> - 0.23.14-1
- Update to upstream 0.23.14 release
* Mon Oct 29 2018 Daiki Ueno <dueno@redhat.com> - 0.23.14-4 * Wed Aug 15 2018 Daiki Ueno <dueno@redhat.com> - 0.23.13-3
- Prefer fixed closures to libffi closures - Forcibly link with libpthread to avoid regressions (rhbz#1615038)
* Wed Oct 17 2018 Daiki Ueno <dueno@redhat.com> - 0.23.14-3 * Wed Aug 15 2018 Daiki Ueno <dueno@redhat.com> - 0.23.13-2
- Update p11-kit-coverity.patch - Fix invalid memory access on proxy cleanup
* Tue Oct 16 2018 Daiki Ueno <dueno@redhat.com> - 0.23.14-2 * Fri Aug 10 2018 Daiki Ueno <dueno@redhat.com> - 0.23.13-1
- Fix issues spotted by coverity - Update to upstream 0.23.13 release
* Wed Oct 10 2018 Daiki Ueno <dueno@redhat.com> - 0.23.14-1 * Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.23.12-2
- Update to upstream 0.23.14 release - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed May 30 2018 Daiki Ueno <dueno@redhat.com> - 0.23.12-1 * Wed May 30 2018 Daiki Ueno <dueno@redhat.com> - 0.23.12-1
- Update to upstream 0.23.11 release - Update to upstream 0.23.11 release

Loading…
Cancel
Save