Hello community,
here is the log from the commit of package p11-kit for openSUSE:Factory checked
in at 2014-09-03 18:21:22
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/p11-kit (Old)
and /work/SRC/openSUSE:Factory/.p11-kit.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "p11-kit"
Changes:
--------
--- /work/SRC/openSUSE:Factory/p11-kit/p11-kit.changes 2014-05-27
07:09:37.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.p11-kit.new/p11-kit.changes 2014-09-03
20:29:40.000000000 +0200
@@ -1,0 +2,17 @@
+Fri Aug 29 06:47:50 UTC 2014 - lnus...@suse.de
+
+- new version 0.20.3
+ * Fix problems reinitializing managed modules after fork
+ * Fix bad bookeeping when fail initializing one of the modules
+ * Fix case where module would be unloaded while in use [#74919]
+ * Remove assertions when module used before initialized [#74919]
+ * Fix handling of mmap failure and mapping empty files [#74773]
+ * Stable p11_kit_be_quiet() and p11_kit_be_loud() functions
+ * Require automake 1.12 or later
+ * Build fixes for Windows [#76594 #74149]
+- apply patches to avoid errors from certificates with invalid public key
+ (fdo#82328, bnc#890908,
+ trust-Dont-use-invalid-public-keys-for-looking-up-.patch,
+ trust-Print-label-of-certificate-when-complaining-.patch)
+
+-------------------------------------------------------------------
Old:
----
p11-kit-0.20.2.tar.gz
p11-kit-0.20.2.tar.gz.sig
New:
----
p11-kit-0.20.3.tar.gz
p11-kit-0.20.3.tar.gz.sig
p11-kit.keyring
trust-Dont-use-invalid-public-keys-for-looking-up-.patch
trust-Print-label-of-certificate-when-complaining-.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ p11-kit.spec ++++++
--- /var/tmp/diff_new_pack.tUs1UI/_old 2014-09-03 20:29:42.000000000 +0200
+++ /var/tmp/diff_new_pack.tUs1UI/_new 2014-09-03 20:29:42.000000000 +0200
@@ -22,7 +22,7 @@
%define trustdir_static %{pkidir_static}/trust
Name: p11-kit
-Version: 0.20.2
+Version: 0.20.3
Release: 0
Summary: Library to work with PKCS#11 modules
License: BSD-3-Clause
@@ -30,10 +30,17 @@
Url: http://p11-glue.freedesktop.org/p11-kit.html
Source0:
http://p11-glue.freedesktop.org/releases/%{name}-%{version}.tar.gz
Source1:
http://p11-glue.freedesktop.org/releases/%{name}-%{version}.tar.gz.sig
+Source98: p11-kit.keyring
Source99: baselibs.conf
# patch proposed upstream. If it gets rejected, need to implement
# this in ca-certificates.
Patch0: 0001-trust-allow-to-also-add-openssl-style-hashes-to-pem-d.diff
+# PATCH-FIX-OPENSUSE
+# trust-Print-label-of-certificate-when-complaining-.patch bnc#890908
lnus...@suse.de
+Patch1: trust-Print-label-of-certificate-when-complaining-.patch
+# PATCH-FIX-OPENSUSE
+# trust-Dont-use-invalid-public-keys-for-looking-up-.patch bnc#890908
lnus...@suse.de
+Patch2: trust-Dont-use-invalid-public-keys-for-looking-up-.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libtool
@@ -93,6 +100,8 @@
%prep
%setup -q
%patch0 -p1
+%patch1 -p1
+%patch2 -p1
%build
# just because of patch0
++++++ p11-kit-0.20.2.tar.gz -> p11-kit-0.20.3.tar.gz ++++++
++++ 66676 lines of diff (skipped)
++++++ trust-Dont-use-invalid-public-keys-for-looking-up-.patch ++++++
From 244e885d3e9aae7f7b286f1115a220eb16fa0530 Mon Sep 17 00:00:00 2001
From: Stef Walter <st...@redhat.com>
Date: Fri, 8 Aug 2014 08:47:54 +0200
Subject: [PATCH] trust: Don't use invalid public keys for looking up stapled
extensions
https://bugs.freedesktop.org/show_bug.cgi?id=82328
---
trust/builder.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/trust/builder.c b/trust/builder.c
index f7ea86a..fd7a662 100644
--- a/trust/builder.c
+++ b/trust/builder.c
@@ -125,7 +125,7 @@ lookup_extension (p11_builder *builder,
{ CKA_INVALID },
};
- if (public_key == NULL)
+ if (public_key == NULL || public_key->type == CKA_INVALID)
public_key = p11_attrs_find_valid (cert, CKA_X_PUBLIC_KEY_INFO);
/* Look for a stapled certificate extension */
--
1.9.3++++++ trust-Print-label-of-certificate-when-complaining-.patch ++++++
From 70228770eb96e7121e12632a85e603727ed42431 Mon Sep 17 00:00:00 2001
From: Stef Walter <st...@redhat.com>
Date: Fri, 8 Aug 2014 08:47:23 +0200
Subject: [PATCH] trust: Print label of certificate when complaining about
basic constraints
https://bugs.freedesktop.org/show_bug.cgi?id=82328
---
trust/builder.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/trust/builder.c b/trust/builder.c
index 18c09ad..f7ea86a 100644
--- a/trust/builder.c
+++ b/trust/builder.c
@@ -551,6 +551,7 @@ calc_certificate_category (p11_builder *builder,
CK_ATTRIBUTE *public_key,
CK_ULONG *category)
{
+ CK_ATTRIBUTE *label;
unsigned char *ext;
size_t ext_len;
bool is_ca = 0;
@@ -570,7 +571,10 @@ calc_certificate_category (p11_builder *builder,
ret = p11_x509_parse_basic_constraints (builder->asn1_defs,
ext, ext_len, &is_ca);
free (ext);
if (!ret) {
- p11_message ("invalid basic constraints certificate
extension");
+ label = p11_attrs_find_valid (cert, CKA_LABEL);
+ p11_message ("%.*s: invalid basic constraints
certificate extension",
+ label ? (int)label->ulValueLen : 7,
+ label ? (char *)label->pValue : "unknown");
return false;
}
--
1.9.3--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
