Hello community, here is the log from the commit of package p11-kit for openSUSE:Factory checked in at 2014-09-03 18:21:22 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/p11-kit (Old) and /work/SRC/openSUSE:Factory/.p11-kit.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "p11-kit" Changes: -------- --- /work/SRC/openSUSE:Factory/p11-kit/p11-kit.changes 2014-05-27 07:09:37.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.p11-kit.new/p11-kit.changes 2014-09-03 20:29:40.000000000 +0200 @@ -1,0 +2,17 @@ +Fri Aug 29 06:47:50 UTC 2014 - lnus...@suse.de + +- new version 0.20.3 + * Fix problems reinitializing managed modules after fork + * Fix bad bookeeping when fail initializing one of the modules + * Fix case where module would be unloaded while in use [#74919] + * Remove assertions when module used before initialized [#74919] + * Fix handling of mmap failure and mapping empty files [#74773] + * Stable p11_kit_be_quiet() and p11_kit_be_loud() functions + * Require automake 1.12 or later + * Build fixes for Windows [#76594 #74149] +- apply patches to avoid errors from certificates with invalid public key + (fdo#82328, bnc#890908, + trust-Dont-use-invalid-public-keys-for-looking-up-.patch, + trust-Print-label-of-certificate-when-complaining-.patch) + +------------------------------------------------------------------- Old: ---- p11-kit-0.20.2.tar.gz p11-kit-0.20.2.tar.gz.sig New: ---- p11-kit-0.20.3.tar.gz p11-kit-0.20.3.tar.gz.sig p11-kit.keyring trust-Dont-use-invalid-public-keys-for-looking-up-.patch trust-Print-label-of-certificate-when-complaining-.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ p11-kit.spec ++++++ --- /var/tmp/diff_new_pack.tUs1UI/_old 2014-09-03 20:29:42.000000000 +0200 +++ /var/tmp/diff_new_pack.tUs1UI/_new 2014-09-03 20:29:42.000000000 +0200 @@ -22,7 +22,7 @@ %define trustdir_static %{pkidir_static}/trust Name: p11-kit -Version: 0.20.2 +Version: 0.20.3 Release: 0 Summary: Library to work with PKCS#11 modules License: BSD-3-Clause @@ -30,10 +30,17 @@ Url: http://p11-glue.freedesktop.org/p11-kit.html Source0: http://p11-glue.freedesktop.org/releases/%{name}-%{version}.tar.gz Source1: http://p11-glue.freedesktop.org/releases/%{name}-%{version}.tar.gz.sig +Source98: p11-kit.keyring Source99: baselibs.conf # patch proposed upstream. If it gets rejected, need to implement # this in ca-certificates. Patch0: 0001-trust-allow-to-also-add-openssl-style-hashes-to-pem-d.diff +# PATCH-FIX-OPENSUSE +# trust-Print-label-of-certificate-when-complaining-.patch bnc#890908 lnus...@suse.de +Patch1: trust-Print-label-of-certificate-when-complaining-.patch +# PATCH-FIX-OPENSUSE +# trust-Dont-use-invalid-public-keys-for-looking-up-.patch bnc#890908 lnus...@suse.de +Patch2: trust-Dont-use-invalid-public-keys-for-looking-up-.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool @@ -93,6 +100,8 @@ %prep %setup -q %patch0 -p1 +%patch1 -p1 +%patch2 -p1 %build # just because of patch0 ++++++ p11-kit-0.20.2.tar.gz -> p11-kit-0.20.3.tar.gz ++++++ ++++ 66676 lines of diff (skipped) ++++++ trust-Dont-use-invalid-public-keys-for-looking-up-.patch ++++++ From 244e885d3e9aae7f7b286f1115a220eb16fa0530 Mon Sep 17 00:00:00 2001 From: Stef Walter <st...@redhat.com> Date: Fri, 8 Aug 2014 08:47:54 +0200 Subject: [PATCH] trust: Don't use invalid public keys for looking up stapled extensions https://bugs.freedesktop.org/show_bug.cgi?id=82328 --- trust/builder.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/trust/builder.c b/trust/builder.c index f7ea86a..fd7a662 100644 --- a/trust/builder.c +++ b/trust/builder.c @@ -125,7 +125,7 @@ lookup_extension (p11_builder *builder, { CKA_INVALID }, }; - if (public_key == NULL) + if (public_key == NULL || public_key->type == CKA_INVALID) public_key = p11_attrs_find_valid (cert, CKA_X_PUBLIC_KEY_INFO); /* Look for a stapled certificate extension */ -- 1.9.3++++++ trust-Print-label-of-certificate-when-complaining-.patch ++++++ From 70228770eb96e7121e12632a85e603727ed42431 Mon Sep 17 00:00:00 2001 From: Stef Walter <st...@redhat.com> Date: Fri, 8 Aug 2014 08:47:23 +0200 Subject: [PATCH] trust: Print label of certificate when complaining about basic constraints https://bugs.freedesktop.org/show_bug.cgi?id=82328 --- trust/builder.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/trust/builder.c b/trust/builder.c index 18c09ad..f7ea86a 100644 --- a/trust/builder.c +++ b/trust/builder.c @@ -551,6 +551,7 @@ calc_certificate_category (p11_builder *builder, CK_ATTRIBUTE *public_key, CK_ULONG *category) { + CK_ATTRIBUTE *label; unsigned char *ext; size_t ext_len; bool is_ca = 0; @@ -570,7 +571,10 @@ calc_certificate_category (p11_builder *builder, ret = p11_x509_parse_basic_constraints (builder->asn1_defs, ext, ext_len, &is_ca); free (ext); if (!ret) { - p11_message ("invalid basic constraints certificate extension"); + label = p11_attrs_find_valid (cert, CKA_LABEL); + p11_message ("%.*s: invalid basic constraints certificate extension", + label ? (int)label->ulValueLen : 7, + label ? (char *)label->pValue : "unknown"); return false; } -- 1.9.3-- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org