Projects
openEuler:Mainline
p11-kit
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 2
View file
_service:tar_scm:p11-kit.spec
Changed
@@ -1,6 +1,6 @@ Name: p11-kit -Version: 0.24.0 -Release: 2 +Version: 0.24.1 +Release: 1 Summary: Provides a way to load and enumerate PKCS#11 modules. License: BSD URL: http://p11-glue.freedesktop.org/p11-kit.html @@ -130,6 +130,9 @@ %{_datadir}/bash-completion/completions/trust %changelog +* Sun Jan 29 2023 zhengxiaoxiao <zhengxiaoxiao2@huawei.com> - 0.24.1-1 +- update to 0.24.1 + * Wed Jun 15 2022 duyiwei <duyiwei@kylinos.cn> - 0.24.0-2 - add subpackage server
View file
_service
Changed
@@ -2,7 +2,7 @@ <service name="tar_scm"> <param name="scm">git</param> <param name="url">git@gitee.com:src-openeuler/p11-kit.git</param> - <param name="revision">30b8cc201bbb7f509c37caa903676b324acb71de</param> + <param name="revision">master</param> <param name="exclude">*</param> <param name="extract">*</param> </service>
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/ChangeLog -> _service:tar_scm:p11-kit-0.24.1.tar.xz/ChangeLog
Changed
@@ -1,5 +1,292 @@ # Generate automatically. Do not edit. +commit dd0590d4e583f107e3e9fafe9ed754149da335d0 +Author: Daiki Ueno <ueno@gnu.org> +Date: 2022-01-17 + + Release 0.24.1 + + Signed-off-by: Daiki Ueno <ueno@gnu.org> + + NEWS | 7 +++++++ + configure.ac | 2 +- + meson.build | 2 +- + 3 files changed, 9 insertions(+), 2 deletions(-) + +commit 4589625f3038d85cada8555fc457ad30ca2bfd06 +Author: Daiki Ueno <ueno@gnu.org> +Date: 2021-05-30 + + common: Support copying attribute array recursively + + This enables p11_attrs_build to build an attribute list with arrays of + attributes indicated with CKF_ARRAY_ATTRIBUTE. A couple of new + internal functions have been added: p11_attr_copy and p11_attr_clear. + + Signed-off-by: Daiki Ueno <ueno@gnu.org> + + common/attrs.c | 80 +++++++++++++++++++++++++++++++++++++++++++++-------- + common/attrs.h | 3 ++ + common/test-attrs.c | 36 ++++++++++++++++++++++++ + 3 files changed, 107 insertions(+), 12 deletions(-) + +commit b9da18d6994b3a718248f59f1f080d4f6fe97b8c +Author: Daiki Ueno <ueno@gnu.org> +Date: 2021-06-01 + + common: Add assert_ptr_cmp + + Signed-off-by: Daiki Ueno <ueno@gnu.org> + + common/test.h | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +commit 9f01a8a45ba913a9b65894cef9369b6010005096 +Author: Eli Schwartz <eschwartz@archlinux.org> +Date: 2022-01-11 + + gtkdoc: remove dependencies on custom target files + + Sadly, the `dependencies` kwarg does not actually do what it seems to be + trying to be used for, here. It is for listing dependency or library + objects whose compiler flags should be added to gtkdoc-scangobj. + + It will not actually add ninja target dependencies. The similar kwarg in + other meson functions (e.g. genmarshal and compile_schemas) that *do* + allow adding target dependencies, is `depend_files`. + + Older versions of meson simply did nothing in an if/elif/elif block + where these custom_targets never matched anything, and were thus + silently ignored. + + Meson 0.61 type-validates the arguments and rejects CustomTarget as + invalid: + + ``` + doc/manual/meson.build:72:8: ERROR: gnome.gtkdoc keyword argument 'dependencies' was of type arrayCustomTarget | PkgConfigDependency but should have been arrayDependency | SharedLibrary | StaticLibrary + ``` + + Fixes #406 + + doc/manual/meson.build | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 04f85857b3029fd28c7c731aef89f61b22e846d3 +Author: Daiki Ueno <ueno@gnu.org> +Date: 2021-11-26 + + doc: Replace occurrence of black list with blocklist + + This is a follow-up of 47fabc2366d917e255241c41a6cfc179af372644. + + Signed-off-by: Daiki Ueno <ueno@gnu.org> + + doc/manual/pkcs11.conf.xml | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit fd7c4e7e9496a7b4b2a26430e8969f27fb38457e +Author: Daiki Ueno <ueno@gnu.org> +Date: 2021-10-16 + + build: Suppress cppcheck false-positive on array bounds + + Cppcheck 2.6 reports the following errors, when loops on arrays depend + on a sentinel: + + trust/builder.c:1103,error,arrayIndexOutOfBounds,Array 'schema->attrs32' accessed at index 9998, which is out of bounds. + trust/builder.c:1136,error,arrayIndexOutOfBounds,Array 'schema->attrs32' accessed at index 9998, which is out of bounds. + trust/builder.c:1301,error,arrayIndexOutOfBounds,Array 'ku_attribute_map8' accessed at index 9998, which is out of bounds. + trust/builder.c:1385,error,arrayIndexOutOfBounds,Array 'eku_attribute_map9' accessed at index 9998, which is out of bounds. + + This adds an extra check to those loop conditions. While it is + redundant, this should be harmless as it is not in the performance + critical path. + + Signed-off-by: Daiki Ueno <ueno@gnu.org> + + trust/builder.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +commit 2d34226781e89c23cef13833a3db25b1d59d9b07 +Author: Daiki Ueno <ueno@gnu.org> +Date: 2021-10-16 + + ci: Use Docker image from the same repository + + Signed-off-by: Daiki Ueno <ueno@gnu.org> + + .github/workflows/test.yaml | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +commit c643379626e6ea1d22ab406aafc0beed35b81ab3 +Author: Daiki Ueno <ueno@gnu.org> +Date: 2021-10-16 + + ci: Integrate Docker image building to GitHub workflow + + Signed-off-by: Daiki Ueno <ueno@gnu.org> + + .github/workflows/build-image.yml | 39 +++++++++++++++++++++++++++++++++++++++ + ci/Dockerfile | 9 +++++++++ + 2 files changed, 48 insertions(+) + +commit 0bc75cae1057b03e3d790c741adf97ac9b4dbe92 +Author: Daiki Ueno <ueno@gnu.org> +Date: 2021-09-18 + + rpc: Fallback to version 0 if server does not support negotiation + + Old servers without support for version negotiation cannot handle + version bytes other than 0 and will close the connection if a version + byte greater than 0 is received. This adds a fallback mechanism to + reconnect and reauthenticate with version 0 in that situation for + backward compatibility. + + Suggested by Owen Taylor. + + Signed-off-by: Daiki Ueno <ueno@gnu.org> + + p11-kit/rpc-client.c | 16 ++++++++++++++++ + p11-kit/rpc-transport.c | 2 +- + 2 files changed, 17 insertions(+), 1 deletion(-) + +commit fdf3f1f28b946ee737b55b4313f8a7f7a02143f3 +Author: Daiki Ueno <ueno@gnu.org> +Date: 2021-08-24 + + build: Port e850e03be65ed573d0b69ee0408e776c08fad8a3 to meson + + Also expand the comment in configure.ac. + + Signed-off-by: Daiki Ueno <ueno@gnu.org> + + configure.ac | 7 ++++--- + p11-kit/meson.build | 6 ++++++ + 2 files changed, 10 insertions(+), 3 deletions(-) + +commit e850e03be65ed573d0b69ee0408e776c08fad8a3 +Author: Emmanuel Dreyfus <manu@netbsd.org> +Date: 2021-08-24 + + Link libp11-kit so that it cannot unload + + libp11-kit installs a pthread_atfork() callback to count forks. If the + library gets unloaded, a stale pointer is called on the next fork(), + leading to a crash. + + This fix adds -z nodelete linker flag so that libp11-kit cannot be + unloaded. Unfortunately, that only fixes the problem for GNU ld. + More additionnal flags will be required for other linkers. + + configure.ac | 13 +++++++++++++ + p11-kit/Makefile.am | 1 + + 2 files changed, 14 insertions(+) + +commit 509c1c949751c554e6244f2b42f1ce905e02f47d +Author: Daiki Ueno <ueno@gnu.org> +Date: 2021-07-22 + + trust: Use dngettext for plurals + + Suggested by Rafael Fontenelle in: + https://github.com/p11-glue/p11-kit/issues/380 + + Signed-off-by: Daiki Ueno <ueno@gnu.org> + + trust/anchor.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +commit 4769c479a3c41d68a293d007dd9e17a763001239 +Author: Daiki Ueno <ueno@gnu.org> +Date: 2021-06-04 + + rpc: Support protocol version negotiation + + This works as follows: + - a couple of build-time constants have been added to represent the + minimal and maximum supported protocol versions + - the client sends the maximum supported version upon connection + establishment (when C_Initialize is called for first time from the + client process) + - the server checks the version sent from the client; if it is lower + than the minimum supported version of the server, sends an error + - otherwise, the server responds with either of smaller value between + the version sent from the client and the maximum supported version of + the server + + Signed-off-by: Daiki Ueno <ueno@gnu.org> + + configure.ac | 36 ++++++++++++++++++++++++++++++++++++ + meson.build | 10 ++++++++++ + meson_options.txt | 8 ++++++++ + p11-kit/rpc-client.c | 6 +++++- + p11-kit/rpc-server.c | 27 ++++++++++++++++++--------- + p11-kit/rpc-transport.c | 18 ++++++++++++++---- + p11-kit/rpc.h | 4 +++- + p11-kit/test-rpc.c | 4 +++- + 8 files changed, 97 insertions(+), 16 deletions(-) + +commit 2237f95b27e19f5f967c70ba8862a821e1e7de33 +Author: Daiki Ueno <ueno@gnu.org> +Date: 2021-06-04 + + rpc: Separate authentication step from transaction + + Signed-off-by: Daiki Ueno <ueno@gnu.org> + + p11-kit/rpc-client.c | 4 ++++ + p11-kit/rpc-transport.c | 61 ++++++++++++++++++++++++++++++------------------- + p11-kit/rpc.h | 2 ++ + p11-kit/test-rpc.c | 30 ++++++++++++++++-------- + 4 files changed, 64 insertions(+), 33 deletions(-) + +commit 576bba3c34d6994e8b02051d94e6446bb0631ca1 +Author: Issam E. Maghni <issam.e.maghni@mailbox.org> +Date: 2021-06-16 + + Meson: p11_system_config_modules instead of p11_package_config_modules + + p11-kit/meson.build | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit a36228a06ad87ea6fe429a8c4705d68b2780e0d9 +Author: Issam E. Maghni <issam.e.maghni@mailbox.org> +Date: 2021-06-15 + + shell: test -a|o is not POSIX + + configure.ac | 2 +- + p11-kit/test-server.sh | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +commit 79a0a3f235e44c174dd8efe5e2fe942812d18179 +Author: Issam E. Maghni <issam.e.maghni@mailbox.org> +Date: 2021-06-13 + + Meson: Add libtasn1 to trust programs + + trust/meson.build | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 40d3ab265bff4cca10f1e0b7ed60f037511ee477 +Author: Đoàn Trần Công Danh <congdanhqx@gmail.com> +Date: 2021-06-10 + + meson: optionalise glib's development files for gtk_doc + + In p11-kit, only installation prefix of glib is required to build gtk-doc. + + In some distro, those development files are splitted into separated + package. Pulling those development files in will pull its development + dependencies, too. + + Let's give our users an option to build gtk-doc without development + files of glib. + + doc/manual/meson.build | 5 ++++- + meson_options.txt | 4 ++++ + 2 files changed, 8 insertions(+), 1 deletion(-) + commit 34826623f58399b24c21f1788e2cdaea34521b7b Author: Daiki Ueno <ueno@gnu.org> Date: 2021-06-03
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/Makefile.in -> _service:tar_scm:p11-kit-0.24.1.tar.xz/Makefile.in
Changed
@@ -1620,6 +1620,7 @@ LCOV = @LCOV@ LD = @LD@ LDFLAGS = @LDFLAGS@ +LDFLAGS_Z_NODELETE = @LDFLAGS_Z_NODELETE@ LIBFFI_CFLAGS = @LIBFFI_CFLAGS@ LIBFFI_LIBS = @LIBFFI_LIBS@ LIBICONV = @LIBICONV@ @@ -1907,8 +1908,9 @@ $(NULL) libp11_kit_la_CFLAGS = $(COMMON_CFLAGS) -libp11_kit_la_LDFLAGS = -no-undefined -version-info \ - $(P11KIT_LT_RELEASE) $(am__append_3) $(am__append_4) +libp11_kit_la_LDFLAGS = $(LDFLAGS_Z_NODELETE) -no-undefined \ + -version-info $(P11KIT_LT_RELEASE) $(am__append_3) \ + $(am__append_4) libp11_kit_la_SOURCES = \ p11-kit/proxy.c p11-kit/proxy.h p11-kit/proxy-init.c \ p11-kit/rpc-server.c \
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/NEWS -> _service:tar_scm:p11-kit-0.24.1.tar.xz/NEWS
Changed
@@ -1,3 +1,10 @@ +0.24.1 (stable) + * rpc: Support protocol version negotiation PR#371, PR#385 + * proxy: Support copying attribute array recursively PR#368 + * Link libp11-kit so that it cannot unload PR#383 + * Translation improvements PR#381 + * Build fixes PR#372, PR#373, PR#375, PR#377, PR#384, PR#407 + 0.24.0 (stable) * Use inclusive language on certificate distrust. Note: This changes the directory and attribute names to distrust certain CAs to
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/common/attrs.c -> _service:tar_scm:p11-kit-0.24.1.tar.xz/common/attrs.c
Changed
@@ -82,8 +82,9 @@ if (!attrs) return; - for (i = 0; !p11_attrs_terminator (ats + i); i++) - free (atsi.pValue); + for (i = 0; !p11_attrs_terminator (ats + i); i++) { + p11_attr_clear (&atsi); + } free (ats); } @@ -143,18 +144,17 @@ free (add->pValue); continue; - /* The attribute exitss, and we're overriding */ + /* The attribute exists but we're overriding */ } else { free (attr->pValue); } - memcpy (attr, add, sizeof (CK_ATTRIBUTE)); - if (!take_values && attr->pValue != NULL) { - if (attr->ulValueLen == 0) - attr->pValue = malloc (1); - else - attr->pValue = memdup (attr->pValue, attr->ulValueLen); - return_val_if_fail (attr->pValue != NULL, NULL); + if (take_values) { + memcpy (attr, add, sizeof (CK_ATTRIBUTE)); + } else { + if (!p11_attr_copy (attr, add)) { + return_val_if_reached (NULL); + } } } @@ -416,8 +416,9 @@ if (i == count) return false; - if (attrsi.pValue) - free (attrsi.pValue); + if (attrsi.pValue) { + p11_attr_clear (&attrsi); + } memmove (attrs + i, attrs + i + 1, (count - (i + 1)) * sizeof (CK_ATTRIBUTE)); attrscount - 1.type = CKA_INVALID; @@ -526,6 +527,61 @@ return hash; } +bool +p11_attr_copy (CK_ATTRIBUTE *dst, const CK_ATTRIBUTE *src) +{ + memcpy (dst, src, sizeof (CK_ATTRIBUTE)); + + if (!src->pValue) { + return true; + } + + if (src->ulValueLen == 0) { + dst->pValue = malloc (1); + } else { + dst->pValue = malloc (src->ulValueLen); + } + if (!dst->pValue) { + return_val_if_reached (false); + } + + assert (dst->ulValueLen >= src->ulValueLen); + + if (!IS_ATTRIBUTE_ARRAY (src)) { + memcpy (dst->pValue, src->pValue, src->ulValueLen); + } else { + CK_ATTRIBUTE *child_dst; + const CK_ATTRIBUTE *child_src; + size_t i; + + for (i = 0, child_dst = dst->pValue, child_src = src->pValue; + i < src->ulValueLen / sizeof (CK_ATTRIBUTE); + i++, child_dst++, child_src++) { + if (!p11_attr_copy (child_dst, child_src)) { + return_val_if_reached (false); + } + } + } + + return true; +} + +void +p11_attr_clear (CK_ATTRIBUTE *attr) +{ + if (IS_ATTRIBUTE_ARRAY (attr) && attr->pValue) { + CK_ATTRIBUTE *child; + size_t i; + + for (i = 0, child = attr->pValue; + i < attr->ulValueLen / sizeof (CK_ATTRIBUTE); + i++, child++) { + p11_attr_clear (child); + } + } + free (attr->pValue); +} + static void buffer_append_printf (p11_buffer *buffer, const char *format,
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/common/attrs.h -> _service:tar_scm:p11-kit-0.24.1.tar.xz/common/attrs.h
Changed
@@ -142,5 +142,8 @@ bool p11_attr_match_value (const CK_ATTRIBUTE *attr, const void *value, ssize_t length); +bool p11_attr_copy (CK_ATTRIBUTE *dst, + const CK_ATTRIBUTE *src); +void p11_attr_clear (CK_ATTRIBUTE *attr); #endif /* P11_ATTRS_H_ */
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/common/test-attrs.c -> _service:tar_scm:p11-kit-0.24.1.tar.xz/common/test-attrs.c
Changed
@@ -244,6 +244,41 @@ } static void +test_build_recursive (void) +{ + CK_BBOOL vtrue = CK_TRUE; + CK_BYTE vpoint1; + CK_ATTRIBUTE template = { + { CKA_LOCAL, &vtrue, sizeof (vtrue) }, + { CKA_EC_POINT, vpoint, 0 }, + }; + CK_ATTRIBUTE add = { CKA_WRAP_TEMPLATE, template, sizeof (template) }; + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *array; + + attrs = p11_attrs_build (NULL, &add, NULL); + + /* Test the first attribute */ + assert_ptr_not_null (attrs); + assert_num_eq (attrs->type, CKA_WRAP_TEMPLATE); + assert_num_eq (attrs->ulValueLen, sizeof (template)); + array = attrs->pValue; + /* Check that the CKA_LOCAL attribute has been copied, but + * still has the same value */ + assert_num_eq (array0.type, CKA_LOCAL); + assert_num_eq (array0.ulValueLen, sizeof (vtrue)); + assert_ptr_cmp (array0.pValue, !=, &vtrue); + assert_num_eq (*(CK_BBOOL *)array0.pValue, vtrue); + /* Check that the CKA_EC_POINT attribute has been allocated, + * even if the length is zero */ + assert_num_eq (array1.type, CKA_EC_POINT); + assert_num_eq (array1.ulValueLen, 0); + assert_ptr_not_null (array1.pValue); + assert_ptr_cmp (array1.pValue, !=, vpoint); + p11_attrs_free (attrs); +} + +static void test_dup (void) { CK_ATTRIBUTE *attrs; @@ -766,6 +801,7 @@ p11_test (test_buildn_two, "/attrs/buildn-two"); p11_test (test_build_add, "/attrs/build-add"); p11_test (test_build_null, "/attrs/build-null"); + p11_test (test_build_recursive, "/attrs/build-recursive"); p11_test (test_dup, "/attrs/dup"); p11_test (test_take, "/attrs/take"); p11_test (test_merge_replace, "/attrs/merge-replace");
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/common/test.h -> _service:tar_scm:p11-kit-0.24.1.tar.xz/common/test.h
Changed
@@ -97,13 +97,15 @@ } while (0) #define assert_str_eq(a1, a2) \ assert_str_cmp(a1, ==, a2) -#define assert_ptr_eq(a1, a2) \ +#define assert_ptr_cmp(a1, cmp, a2) \ do { const void *__p1 = (a1); \ const void *__p2 = (a2); \ - if (__p1 == __p2) ; else \ + if (__p1 cmp __p2) ; else \ p11_test_fail (__FILE__, __LINE__, __FUNCTION__, "assertion failed (%s == %s): (0x%08lx == 0x%08lx)", \ #a1, #a2, (unsigned long)(size_t)__p1, (unsigned long)(size_t)__p2); \ } while (0) +#define assert_ptr_eq(a1, a2) \ + assert_ptr_cmp(a1, ==, a2) #define assert_str_contains(expr, needle) \ do { const char *__str = (expr); \
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/config.h.in -> _service:tar_scm:p11-kit-0.24.1.tar.xz/config.h.in
Changed
@@ -217,6 +217,12 @@ /* Building for win32 */ #undef OS_WIN32 +/* Maximum RPC protocol version we support */ +#undef P11_RPC_PROTOCOL_VERSION_MAXIMUM + +/* Minimum RPC protocol version we support */ +#undef P11_RPC_PROTOCOL_VERSION_MINIMUM + /* the compiler keyword to define thread-local storage */ #undef P11_TLS_KEYWORD
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/configure -> _service:tar_scm:p11-kit-0.24.1.tar.xz/configure
Changed
@@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for p11-kit 0.24.0. +# Generated by GNU Autoconf 2.69 for p11-kit 0.24.1. # # Report bugs to <https://github.com/p11-glue/p11-kit/issues>. # @@ -590,8 +590,8 @@ # Identity of this package. PACKAGE_NAME='p11-kit' PACKAGE_TARNAME='p11-kit' -PACKAGE_VERSION='0.24.0' -PACKAGE_STRING='p11-kit 0.24.0' +PACKAGE_VERSION='0.24.1' +PACKAGE_STRING='p11-kit 0.24.1' PACKAGE_BUGREPORT='https://github.com/p11-glue/p11-kit/issues' PACKAGE_URL='https://p11-glue.github.io/p11-glue/p11-kit.html' @@ -712,6 +712,7 @@ PKG_CONFIG_LIBDIR PKG_CONFIG_PATH PKG_CONFIG +LDFLAGS_Z_NODELETE HAVE_LD_VERSION_SCRIPT_FALSE HAVE_LD_VERSION_SCRIPT_TRUE LT_SYS_LIBRARY_PATH @@ -860,6 +861,8 @@ with_hash_impl enable_trust_module with_trust_paths +with_rpc_min +with_rpc_max with_html_dir enable_doc enable_doc_html @@ -1441,7 +1444,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures p11-kit 0.24.0 to adapt to many kinds of systems. +\`configure' configures p11-kit 0.24.1 to adapt to many kinds of systems. Usage: $0 OPTION... VAR=VALUE... @@ -1512,7 +1515,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of p11-kit 0.24.0:";; + short | recursive ) echo "Configuration of p11-kit 0.24.1:";; esac cat <<\_ACEOF @@ -1582,6 +1585,8 @@ input paths for trust module + --with-rpc-min Minimum RPC protocol version we support + --with-rpc-max Maximum RPC protocol version we support --with-html-dir=PATH path to installed docs --without-systemd Disable systemd socket activation --without-bash-completion @@ -1686,7 +1691,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -p11-kit configure 0.24.0 +p11-kit configure 0.24.1 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2395,7 +2400,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by p11-kit $as_me 0.24.0, which was +It was created by p11-kit $as_me 0.24.1, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2757,6 +2762,11 @@ P11KIT_AGE=3 # ------------------------------------------------------------------------------ +# p11-kit RPC protocol versions +P11KIT_RPC_MIN=0 +P11KIT_RPC_MAX=0 + +# ------------------------------------------------------------------------------ ac_config_headers="$ac_config_headers config.h" @@ -3277,7 +3287,7 @@ # Define the identity of the package. PACKAGE='p11-kit' - VERSION='0.24.0' + VERSION='0.24.1' cat >>confdefs.h <<_ACEOF @@ -12750,6 +12760,33 @@ +SAVE_LDFLAGS="$LDFLAGS" +LDFLAGS="$LDFLAGS -Wl,-z -Wl,nodelete" +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether linker understands -z nodelete" >&5 +$as_echo_n "checking whether linker understands -z nodelete... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + LDFLAGS_Z_NODELETE="-Wl,-z -Wl,nodelete"; has_option=yes +else + LDFLAGS_Z_NODELETE=""; has_option=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $has_option" >&5 +$as_echo "$has_option" >&6; } +LDFLAGS="$SAVE_LDFLAGS" + + ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' @@ -17850,7 +17887,7 @@ $as_echo "disabled" >&6; } # Option was not set, try to detect -elif test "$with_trust_paths" = "" -o "$with_trust_paths" = "yes"; then +elif test "$with_trust_paths" = "" || test "$with_trust_paths" = "yes"; then with_trust_paths="" for f in /etc/pki/tls/certs/ca-bundle.crt \ /etc/ssl/certs/ca-certificates.crt \ @@ -17883,6 +17920,57 @@ # -------------------------------------------------------------------- +# RPC + + +# Check whether --with-rpc-min was given. +if test "${with_rpc_min+set}" = set; then : + withval=$with_rpc_min; rpc_min=$withval +else + rpc_min=$P11KIT_RPC_MIN +fi + + + +# Check whether --with-rpc-max was given. +if test "${with_rpc_max+set}" = set; then : + withval=$with_rpc_max; rpc_max=$withval +else + rpc_max=$P11KIT_RPC_MAX +fi + + +if test $rpc_min -lt $P11KIT_RPC_MIN || test $rpc_min -gt $P11KIT_RPC_MAX; then : + + as_fn_error $? "Out of range version specified with --with-rpc-min" "$LINENO" 5 + +fi + +if test $rpc_max -lt $P11KIT_RPC_MIN || test $rpc_max -gt $P11KIT_RPC_MAX; then : + + as_fn_error $? "Out of range version specified with --with-rpc-max" "$LINENO" 5 + +fi + +if test $rpc_min -gt $rpc_max; then : + + as_fn_error $? "Conflicting versions specified with --with-rpc-min and --with-rpc-max" "$LINENO" 5 + +fi + + +cat >>confdefs.h <<_ACEOF +#define P11_RPC_PROTOCOL_VERSION_MINIMUM $rpc_min +_ACEOF + + + +cat >>confdefs.h <<_ACEOF +#define P11_RPC_PROTOCOL_VERSION_MAXIMUM $rpc_max +_ACEOF + + +# -------------------------------------------------------------------- # GTK Doc # Extract the first word of "gtkdoc-check", so it can be a program name with args. @@ -19295,7 +19383,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by p11-kit $as_me 0.24.0, which was +This file was extended by p11-kit $as_me 0.24.1, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -19362,7 +19450,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/\\""\`\$/\\\\&/g'`" ac_cs_version="\\ -p11-kit config.status 0.24.0 +p11-kit config.status 0.24.1 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" @@ -21200,6 +21288,8 @@ Build trust module: $enable_trust_module Trust module paths: $trust_status + RPC protocol versions: $rpc_min upto $rpc_max + " >&5 $as_echo "$as_me: build options: @@ -21222,4 +21312,6 @@ Build trust module: $enable_trust_module Trust module paths: $trust_status + RPC protocol versions: $rpc_min upto $rpc_max + " >&6;}
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/configure.ac -> _service:tar_scm:p11-kit-0.24.1.tar.xz/configure.ac
Changed
@@ -1,7 +1,7 @@ AC_PREREQ(2.61) AC_INIT(p11-kit, - 0.24.0, + 0.24.1, https://github.com/p11-glue/p11-kit/issues, p11-kit, https://p11-glue.github.io/p11-glue/p11-kit.html) @@ -18,6 +18,11 @@ P11KIT_AGE=3 # ------------------------------------------------------------------------------ +# p11-kit RPC protocol versions +P11KIT_RPC_MIN=0 +P11KIT_RPC_MAX=0 + +# ------------------------------------------------------------------------------ AC_CONFIG_HEADERS(config.h) AC_CONFIG_MACRO_DIR(build/m4) @@ -39,6 +44,20 @@ dnl Check if -Wl,--version-script is supported by the linker gl_LD_VERSION_SCRIPT +dnl libp11-kit installs pthread_atfork to count forks in ELF +dnl constructor, which could cause crash if the library is unloaded. +dnl Use the linker flag "-z nodelete" to prevent unloading, if +dnl available. +SAVE_LDFLAGS="$LDFLAGS" +LDFLAGS="$LDFLAGS -Wl,-z -Wl,nodelete" +AC_MSG_CHECKING(whether linker understands -z nodelete) +AC_LINK_IFELSE(AC_LANG_PROGRAM(, ), + LDFLAGS_Z_NODELETE="-Wl,-z -Wl,nodelete"; has_option=yes, + LDFLAGS_Z_NODELETE=""; has_option=no) +AC_MSG_RESULT($has_option) +LDFLAGS="$SAVE_LDFLAGS" +AC_SUBST(LDFLAGS_Z_NODELETE) + dnl Checks for programs. AC_PROG_CC AC_PROG_CPP @@ -350,7 +369,7 @@ AC_MSG_RESULT(disabled) # Option was not set, try to detect -elif test "$with_trust_paths" = "" -o "$with_trust_paths" = "yes"; then +elif test "$with_trust_paths" = "" || test "$with_trust_paths" = "yes"; then with_trust_paths="" for f in /etc/pki/tls/certs/ca-bundle.crt \ /etc/ssl/certs/ca-certificates.crt \ @@ -377,6 +396,35 @@ AC_SUBST(with_trust_paths) # -------------------------------------------------------------------- +# RPC + +AC_ARG_WITH(rpc-min, + AS_HELP_STRING(--with-rpc-min, Minimum RPC protocol version we support), + rpc_min=$withval, + rpc_min=$P11KIT_RPC_MIN) + +AC_ARG_WITH(rpc-max, + AS_HELP_STRING(--with-rpc-max, Maximum RPC protocol version we support), + rpc_max=$withval, + rpc_max=$P11KIT_RPC_MAX) + +AS_IF(test $rpc_min -lt $P11KIT_RPC_MIN || test $rpc_min -gt $P11KIT_RPC_MAX, + AC_MSG_ERROR(Out of range version specified with --with-rpc-min) +) + +AS_IF(test $rpc_max -lt $P11KIT_RPC_MIN || test $rpc_max -gt $P11KIT_RPC_MAX, + AC_MSG_ERROR(Out of range version specified with --with-rpc-max) +) + +AS_IF(test $rpc_min -gt $rpc_max, + AC_MSG_ERROR(Conflicting versions specified with --with-rpc-min and --with-rpc-max) +) + +AC_DEFINE_UNQUOTED(P11_RPC_PROTOCOL_VERSION_MINIMUM, $rpc_min, Minimum RPC protocol version we support) + +AC_DEFINE_UNQUOTED(P11_RPC_PROTOCOL_VERSION_MAXIMUM, $rpc_max, Maximum RPC protocol version we support) + +# -------------------------------------------------------------------- # GTK Doc dnl check for tools @@ -642,4 +690,6 @@ Build trust module: $enable_trust_module Trust module paths: $trust_status + RPC protocol versions: $rpc_min upto $rpc_max + )
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/doc/Makefile.in -> _service:tar_scm:p11-kit-0.24.1.tar.xz/doc/Makefile.in
Changed
@@ -241,6 +241,7 @@ LCOV = @LCOV@ LD = @LD@ LDFLAGS = @LDFLAGS@ +LDFLAGS_Z_NODELETE = @LDFLAGS_Z_NODELETE@ LIBFFI_CFLAGS = @LIBFFI_CFLAGS@ LIBFFI_LIBS = @LIBFFI_LIBS@ LIBICONV = @LIBICONV@
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/doc/manual/Makefile.in -> _service:tar_scm:p11-kit-0.24.1.tar.xz/doc/manual/Makefile.in
Changed
@@ -222,6 +222,7 @@ LCOV = @LCOV@ LD = @LD@ LDFLAGS = @LDFLAGS@ +LDFLAGS_Z_NODELETE = @LDFLAGS_Z_NODELETE@ LIBFFI_CFLAGS = @LIBFFI_CFLAGS@ LIBFFI_LIBS = @LIBFFI_LIBS@ LIBICONV = @LIBICONV@
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/doc/manual/html/index.html -> _service:tar_scm:p11-kit-0.24.1.tar.xz/doc/manual/html/index.html
Changed
@@ -14,7 +14,7 @@ <div class="titlepage"> <div> <div><table class="navigation" id="top" width="100%" cellpadding="2" cellspacing="0"><tr><th valign="middle"><p class="title">p11-kit</p></th></tr></table></div> -<div><p class="releaseinfo">for p11-kit 0.24.0</p></div> +<div><p class="releaseinfo">for p11-kit 0.24.1</p></div> </div> <hr> </div>
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/doc/manual/html/pkcs11-conf.html -> _service:tar_scm:p11-kit-0.24.1.tar.xz/doc/manual/html/pkcs11-conf.html
Changed
@@ -163,7 +163,7 @@ <tr> <td><p><span class="term"><code class="option">trust-policy:</code></span></p></td> <td><p>Set to <code class="literal">yes</code> to use use this module as a source - of trust policy information such as certificate anchors and black lists.</p></td> + of trust policy information such as certificate anchors and blocklists.</p></td> </tr> <tr> <td><p><a name="option-log-calls"></a><span class="term"><code class="option">log-calls:</code></span></p></td>
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/doc/manual/meson.build -> _service:tar_scm:p11-kit-0.24.1.tar.xz/doc/manual/meson.build
Changed
@@ -60,7 +60,10 @@ 'annotation-glossary.xml' - glib_prefix = dependency('glib-2.0').get_pkgconfig_variable('prefix') + glib_prefix = get_option('glib_prefix') + if glib_prefix == '' + glib_prefix = dependency('glib-2.0').get_pkgconfig_variable('prefix') + endif fixxref_args = '--html-dir=' + (prefix / gnome.gtkdoc_html_dir(meson.project_name())), '--extra-dir=' + (glib_prefix / gnome.gtkdoc_html_dir('glib')), @@ -70,7 +73,7 @@ main_xml: 'p11-kit-docs.xml', namespace: 'p11_kit', src_dir: 'p11-kit', - dependencies: libffi_deps + dlopen_deps + xml_deps, + dependencies: libffi_deps + dlopen_deps, scan_args: '--ignore-headers=' + ' '.join(ignore_headers), '--rebuild-types',
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/doc/manual/pkcs11.conf.xml -> _service:tar_scm:p11-kit-0.24.1.tar.xz/doc/manual/pkcs11.conf.xml
Changed
@@ -174,7 +174,7 @@ <term><option>trust-policy:</option></term> <listitem> <para>Set to <literal>yes</literal> to use use this module as a source - of trust policy information such as certificate anchors and black lists.</para> + of trust policy information such as certificate anchors and blocklists.</para> </listitem> </varlistentry> <varlistentry id="option-log-calls">
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/meson.build -> _service:tar_scm:p11-kit-0.24.1.tar.xz/meson.build
Changed
@@ -1,5 +1,5 @@ project('p11-kit', 'c', - version: '0.24.0', + version: '0.24.1', meson_version: '>= 0.49') version_arr = meson.project_version().split('.') @@ -89,6 +89,16 @@ conf.set('SIZEOF_UNSIGNED_LONG', cc.sizeof('unsigned long')) +rpc_min = get_option('rpc_min') +rpc_max = get_option('rpc_max') + +if rpc_min > rpc_max + error('rpc_min is larger than rpc_max') +endif + +conf.set('P11_RPC_PROTOCOL_VERSION_MINIMUM', rpc_min) +conf.set('P11_RPC_PROTOCOL_VERSION_MAXIMUM', rpc_max) + nanosleep_deps = dlopen_deps = socket_deps =
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/meson_options.txt -> _service:tar_scm:p11-kit-0.24.1.tar.xz/meson_options.txt
Changed
@@ -54,6 +54,10 @@ value : false, description : 'Build documentation using gtk-doc') +option('glib_prefix', type : 'string', + value : '', + description : 'GLib installed prefix, used for gtk-doc, taken from pkg-config if undefined') + option('man', type : 'boolean', value : false, description : 'Build manpages using xsltproc') @@ -65,3 +69,11 @@ option('test', type : 'boolean', value : true, description : 'Enable building test programs') + +option('rpc_min', type : 'integer', + min : 0, max : 0, value : 0, + description : 'Minimum RPC protocol version we support') + +option('rpc_max', type : 'integer', + min : 0, max : 0, value : 0, + description : 'Maximum RPC protocol version we support')
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/p11-kit/Makefile.am -> _service:tar_scm:p11-kit-0.24.1.tar.xz/p11-kit/Makefile.am
Changed
@@ -87,6 +87,7 @@ libp11_kit_la_CFLAGS = $(COMMON_CFLAGS) libp11_kit_la_LDFLAGS = \ + $(LDFLAGS_Z_NODELETE) \ -no-undefined \ -version-info $(P11KIT_LT_RELEASE)
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/p11-kit/meson.build -> _service:tar_scm:p11-kit-0.24.1.tar.xz/p11-kit/meson.build
Changed
@@ -57,6 +57,12 @@ ) libp11_kit_symbol_def = meson.current_source_dir() / 'libp11-kit-@0@.dll.def'.format(soversion) +# Make sure that libp11-kit is unloadable, as it installs +# pthread_atfork to count forks in the ELF constructor. +libp11_kit_ldflags += cc.get_supported_link_arguments( + '-Wl,-z,nodelete' +) + libp11_kit = shared_library('p11-kit', libp11_kit_sources, install: true, @@ -307,7 +313,7 @@ 'p11_module_configs=@0@'.format(prefix / p11_package_config_modules), 'p11_module_path=@0@'.format(prefix / p11_module_path), 'proxy_module=@0@/p11-kit-proxy.so'.format(prefix / libdir), - 'p11_system_config_modules=@0@'.format(prefix / p11_package_config_modules) + 'p11_system_config_modules=@0@'.format(prefix / p11_system_config_modules) if trust_paths != ''
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/p11-kit/rpc-client.c -> _service:tar_scm:p11-kit-0.24.1.tar.xz/p11-kit/rpc-client.c
Changed
@@ -66,6 +66,7 @@ p11_rpc_client_vtable *vtable; unsigned int initialized_forkid; bool initialize_done; + uint8_t version; } rpc_client; /* Allocator for call session buffers */ @@ -755,10 +756,33 @@ assert (module->vtable->connect != NULL); ret = (module->vtable->connect) (module->vtable, reserved); + if (ret == CKR_OK) { + module->version = P11_RPC_PROTOCOL_VERSION_MAXIMUM; + ret = (module->vtable->authenticate) (module->vtable, + &module->version); + +#if P11_RPC_PROTOCOL_VERSION_MAXIMUM > 0 + /* If the server is too old to support version negotiation + * (i.e., not accepting version bytes other than 0), try to + * reconnect and reauthenticate with version 0 */ + if (ret != CKR_OK) { + assert (module->vtable->disconnect != NULL); + (module->vtable->disconnect) (module->vtable, reserved); + ret = (module->vtable->connect) (module->vtable, reserved); + + module->version = 0; + ret = (module->vtable->authenticate) (module->vtable, + &module->version); + } +#endif + } + /* Successfully initialized */ if (ret == CKR_OK) { module->initialized_forkid = p11_forkid; module->initialize_done = true; + p11_debug ("authenticated with protocol version %u", + module->version); /* Server doesn't exist, initialize but don't call */ } else if (ret == CKR_DEVICE_REMOVED) {
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/p11-kit/rpc-server.c -> _service:tar_scm:p11-kit-0.24.1.tar.xz/p11-kit/rpc-server.c
Changed
@@ -70,6 +70,11 @@ #define PARSE_ERROR CKR_DEVICE_ERROR #define PREP_ERROR CKR_DEVICE_MEMORY +typedef struct { + p11_virtual virt; + uint8_t version; +} rpc_server; + static CK_RV proto_read_byte_buffer (p11_rpc_message *msg, CK_BYTE_PTR *buffer, @@ -1957,8 +1962,7 @@ int out_fd) { p11_rpc_status status; - unsigned char version; - p11_virtual virt; + rpc_server server; p11_buffer options; p11_buffer buffer; size_t state; @@ -1970,24 +1974,29 @@ p11_buffer_init (&options, 0); p11_buffer_init (&buffer, 0); - p11_virtual_init (&virt, &p11_virtual_base, module, NULL); + p11_virtual_init (&server.virt, &p11_virtual_base, module, NULL); - switch (read (in_fd, &version, 1)) { + switch (read (in_fd, &server.version, 1)) { case 0: goto out; case 1: - if (version != 0) { +#if P11_RPC_PROTOCOL_VERSION_MINIMUM > 0 + if (server.version < P11_RPC_PROTOCOL_VERSION_MINIMUM) { p11_message (_("unsupported version received: %d"), (int)version); goto out; } +#endif break; default: p11_message_err (errno, _("couldn't read credential byte")); goto out; } - version = 0; - switch (write (out_fd, &version, 1)) { + if (server.version > P11_RPC_PROTOCOL_VERSION_MAXIMUM) { + server.version = P11_RPC_PROTOCOL_VERSION_MAXIMUM; + } + + switch (write (out_fd, &server.version, 1)) { case 1: break; default: @@ -2018,7 +2027,7 @@ goto out; } - if (!p11_rpc_server_handle (&virt.funcs, &buffer, &buffer)) { + if (!p11_rpc_server_handle (&server.virt.funcs, &buffer, &buffer)) { p11_message (_("unexpected error handling rpc message")); goto out; } @@ -2046,7 +2055,7 @@ p11_buffer_uninit (&buffer); p11_buffer_uninit (&options); - p11_virtual_uninit (&virt); + p11_virtual_uninit (&server.virt); return ret; }
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/p11-kit/rpc-transport.c -> _service:tar_scm:p11-kit-0.24.1.tar.xz/p11-kit/rpc-transport.c
Changed
@@ -97,7 +97,6 @@ p11_mutex_t write_lock; int refs; int last_code; - bool sent_creds; /* This data is protected by read mutex */ p11_mutex_t read_lock; @@ -105,7 +104,6 @@ /* Signalled when read_code changes */ p11_cond_t read_code_cond; #endif - bool read_creds; uint32_t read_code; uint32_t read_olen; uint32_t read_dlen; @@ -122,8 +120,6 @@ sock->read_fd = fd; sock->write_fd = fd; sock->last_code = 0x10; - sock->read_creds = false; - sock->sent_creds = false; sock->refs = 1; p11_mutex_init (&sock->write_lock); @@ -259,20 +255,10 @@ p11_buffer *buffer) { unsigned char header12; - unsigned char dummy = '\0'; /* The socket is locked and referenced at this point */ assert (buffer != NULL); - /* Place holder byte, will later carry unix credentials (on some systems) */ - if (!sock->sent_creds) { - if (write_all (sock->write_fd, &dummy, 1) != 1) { - p11_message_err (errno, _("couldn't send socket credentials")); - return CKR_DEVICE_ERROR; - } - sock->sent_creds = true; - } - p11_rpc_buffer_encode_uint32 (header, code); p11_rpc_buffer_encode_uint32 (header + 4, options->len); p11_rpc_buffer_encode_uint32 (header + 8, buffer->len); @@ -401,7 +387,6 @@ { CK_RV ret = CKR_DEVICE_ERROR; unsigned char header12; - unsigned char dummy; #ifdef OS_WIN32 HANDLE handle; DWORD mode; @@ -417,14 +402,6 @@ p11_mutex_lock (&sock->read_lock); - if (!sock->read_creds) { - if (read_all (sock->read_fd, &dummy, 1) != 1) { - p11_mutex_unlock (&sock->read_lock); - return CKR_DEVICE_ERROR; - } - sock->read_creds = true; - } - for (;;) { /* No message header has been read yet? ... read one in */ if (sock->read_code == 0) { @@ -643,6 +620,51 @@ } static CK_RV +rpc_transport_authenticate (p11_rpc_client_vtable *vtable, + uint8_t *version) +{ + p11_rpc_transport *rpc = (p11_rpc_transport *)vtable; + rpc_socket *sock; + + assert (rpc != NULL); + assert (version != NULL); + + sock = rpc->socket; + assert (sock != NULL); + + if (sock->read_fd == -1) { + return CKR_DEVICE_ERROR; + } +#ifdef OS_WIN32 + if (sock->write_fd == -1) { + return CKR_DEVICE_ERROR; + } +#endif + + p11_debug ("authenticating with version %u", *version); + + /* Place holder byte, will later carry unix credentials (on some systems) */ + if (write_all (sock->write_fd, version, 1) != 1) { + p11_message_err (errno, _("couldn't send socket credentials")); + return CKR_DEVICE_ERROR; + } + + if (read_all (sock->read_fd, version, 1) != 1) { + p11_message_err (errno, _("couldn't receive socket credentials")); + return CKR_DEVICE_ERROR; + } + +#if P11_RPC_PROTOCOL_VERSION_MINIMUM > 0 + if (*version < P11_RPC_PROTOCOL_VERSION_MINIMUM) { + p11_message_err (errno, _("peer protocol version is too old")); + return CKR_DEVICE_ERROR; + } +#endif + + return CKR_OK; +} + +static CK_RV rpc_transport_buffer (p11_rpc_client_vtable *vtable, p11_buffer *request, p11_buffer *response) @@ -1066,6 +1088,7 @@ rex->base.vtable.connect = rpc_exec_connect; rex->base.vtable.disconnect = rpc_exec_disconnect; + rex->base.vtable.authenticate = rpc_transport_authenticate; rex->base.vtable.transport = rpc_transport_buffer; rpc_transport_init (&rex->base, name, rpc_exec_free); @@ -1142,6 +1165,7 @@ run->base.vtable.connect = rpc_unix_connect; run->base.vtable.disconnect = rpc_unix_disconnect; + run->base.vtable.authenticate = rpc_transport_authenticate; run->base.vtable.transport = rpc_transport_buffer; rpc_transport_init (&run->base, name, rpc_unix_free); @@ -1224,6 +1248,7 @@ run->base.vtable.connect = rpc_vsock_connect; run->base.vtable.disconnect = rpc_vsock_disconnect; + run->base.vtable.authenticate = rpc_transport_authenticate; run->base.vtable.transport = rpc_transport_buffer; rpc_transport_init (&run->base, name, rpc_vsock_free);
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/p11-kit/rpc.h -> _service:tar_scm:p11-kit-0.24.1.tar.xz/p11-kit/rpc.h
Changed
@@ -39,6 +39,7 @@ #include "pkcs11.h" #include "buffer.h" #include "virtual.h" +#include <stdint.h> typedef struct _p11_rpc_client_vtable p11_rpc_client_vtable; @@ -48,6 +49,9 @@ CK_RV (* connect) (p11_rpc_client_vtable *vtable, void *init_reserved); + CK_RV (* authenticate) (p11_rpc_client_vtable *vtable, + uint8_t *version); + CK_RV (* transport) (p11_rpc_client_vtable *vtable, p11_buffer *request, p11_buffer *response);
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/p11-kit/test-rpc.c -> _service:tar_scm:p11-kit-0.24.1.tar.xz/p11-kit/test-rpc.c
Changed
@@ -709,6 +709,16 @@ } static CK_RV +rpc_authenticate (p11_rpc_client_vtable *vtable, + uint8_t *version) +{ + assert_str_eq (vtable->data, "vtable-data"); + assert_ptr_not_null (version); + + return CKR_OK; +} + +static CK_RV rpc_initialize_fails (p11_rpc_client_vtable *vtable, void *init_reserved) { @@ -754,7 +764,7 @@ static void test_initialize (void) { - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport, rpc_finalize }; + p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_authenticate, rpc_transport, rpc_finalize }; p11_virtual mixin; bool ret; CK_RV rv; @@ -780,7 +790,7 @@ static void test_not_initialized (void) { - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport, rpc_finalize }; + p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_authenticate, rpc_transport, rpc_finalize }; p11_virtual mixin; CK_INFO info; bool ret; @@ -802,7 +812,7 @@ static void test_initialize_fails_on_client (void) { - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize_fails, rpc_transport, rpc_finalize }; + p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize_fails, rpc_authenticate, rpc_transport, rpc_finalize }; p11_virtual mixin; bool ret; CK_RV rv; @@ -832,7 +842,7 @@ static void test_transport_fails (void) { - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport_fails, rpc_finalize }; + p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_authenticate, rpc_transport_fails, rpc_finalize }; p11_virtual mixin; bool ret; CK_RV rv; @@ -854,7 +864,7 @@ static void test_initialize_fails_on_server (void) { - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport, rpc_finalize }; + p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_authenticate, rpc_transport, rpc_finalize }; p11_virtual mixin; bool ret; CK_RV rv; @@ -894,7 +904,7 @@ static void test_transport_bad_parse (void) { - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport_bad_parse, rpc_finalize }; + p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_authenticate, rpc_transport_bad_parse, rpc_finalize }; p11_virtual mixin; bool ret; CK_RV rv; @@ -942,7 +952,7 @@ static void test_transport_short_error (void) { - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport_short_error, rpc_finalize }; + p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_authenticate, rpc_transport_short_error, rpc_finalize }; p11_virtual mixin; bool ret; CK_RV rv; @@ -989,7 +999,7 @@ static void test_transport_invalid_error (void) { - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport_invalid_error, rpc_finalize }; + p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_authenticate, rpc_transport_invalid_error, rpc_finalize }; p11_virtual mixin; bool ret; CK_RV rv; @@ -1034,7 +1044,7 @@ static void test_transport_wrong_response (void) { - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport_wrong_response, rpc_finalize }; + p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_authenticate, rpc_transport_wrong_response, rpc_finalize }; p11_virtual mixin; bool ret; CK_RV rv; @@ -1081,7 +1091,7 @@ static void test_transport_bad_contents (void) { - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport_bad_contents, rpc_finalize }; + p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_authenticate, rpc_transport_bad_contents, rpc_finalize }; p11_virtual mixin; bool ret; CK_RV rv; @@ -1105,6 +1115,7 @@ static p11_rpc_client_vtable test_normal_vtable = { NULL, rpc_initialize, + rpc_authenticate, rpc_transport, rpc_finalize, }; @@ -1112,6 +1123,7 @@ static p11_rpc_client_vtable test_device_removed_vtable = { NULL, rpc_initialize_device_removed, + rpc_authenticate, rpc_transport, rpc_finalize, };
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/p11-kit/test-server.sh -> _service:tar_scm:p11-kit-0.24.1.tar.xz/p11-kit/test-server.sh
Changed
@@ -36,7 +36,7 @@ . ./start.env -if test "${P11_KIT_SERVER_ADDRESS+set}" = "set" -a "${P11_KIT_SERVER_PID+set}" = "set"; then +if test "${P11_KIT_SERVER_ADDRESS+set}" = "set" && test "${P11_KIT_SERVER_PID+set}" = "set"; then echo "ok 2 /server/start-env" else echo "not ok 2 /server/start-env" @@ -54,7 +54,7 @@ . ./stop.env -if test "${P11_KIT_SERVER_ADDRESS-unset}" = "unset" -a "${P11_KIT_SERVER_PID-unset}" = "unset"; then +if test "${P11_KIT_SERVER_ADDRESS-unset}" = "unset" && test "${P11_KIT_SERVER_PID-unset}" = "unset"; then echo "ok 4 /server/stop-env" else echo "not ok 4 /server/stop-env"
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/po/p11-kit.pot -> _service:tar_scm:p11-kit-0.24.1.tar.xz/po/p11-kit.pot
Changed
@@ -6,9 +6,9 @@ #, fuzzy msgid "" msgstr "" -"Project-Id-Version: p11-kit 0.24.0\n" +"Project-Id-Version: p11-kit 0.24.1\n" "Report-Msgid-Bugs-To: https://github.com/p11-glue/p11-kit/issues\n" -"POT-Creation-Date: 2021-06-03 16:52+0200\n" +"POT-Creation-Date: 2022-01-17 15:47+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" @@ -16,6 +16,7 @@ "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=CHARSET\n" "Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=INTEGER; plural=EXPRESSION;\n" #: common/tool.c:184 #, c-format @@ -538,43 +539,43 @@ msgid "only one module can be specified" msgstr "" -#: p11-kit/rpc-client.c:145 +#: p11-kit/rpc-client.c:146 msgid "invalid rpc error response: too short" msgstr "" -#: p11-kit/rpc-client.c:150 +#: p11-kit/rpc-client.c:151 msgid "invalid rpc error response: bad error code" msgstr "" -#: p11-kit/rpc-client.c:160 +#: p11-kit/rpc-client.c:161 msgid "invalid rpc response: call mismatch" msgstr "" -#: p11-kit/rpc-client.c:181 +#: p11-kit/rpc-client.c:182 msgid "invalid rpc response: bad argument data" msgstr "" -#: p11-kit/rpc-client.c:228 +#: p11-kit/rpc-client.c:229 msgid "received an attribute array with wrong number of attributes" msgstr "" -#: p11-kit/rpc-client.c:255 +#: p11-kit/rpc-client.c:256 msgid "returned attributes in invalid order" msgstr "" -#: p11-kit/rpc-client.c:726 trust/module.c:382 +#: p11-kit/rpc-client.c:727 trust/module.c:382 msgid "invalid set of mutex calls supplied" msgstr "" -#: p11-kit/rpc-client.c:735 trust/module.c:391 +#: p11-kit/rpc-client.c:736 trust/module.c:391 msgid "can't do without os locking" msgstr "" -#: p11-kit/rpc-client.c:748 +#: p11-kit/rpc-client.c:749 msgid "C_Initialize called twice for same process" msgstr "" -#: p11-kit/rpc-client.c:832 +#: p11-kit/rpc-client.c:856 #, c-format msgid "finalizing rpc module returned an error: %lu" msgstr "" @@ -601,176 +602,184 @@ msgid "invalid length space padded string received: %d != %d" msgstr "" -#: p11-kit/rpc-server.c:564 +#: p11-kit/rpc-server.c:569 msgid "invalid request from module, probably too short" msgstr "" -#: p11-kit/rpc-server.c:574 +#: p11-kit/rpc-server.c:579 msgid "couldn't initialize rpc response" msgstr "" -#: p11-kit/rpc-server.c:706 +#: p11-kit/rpc-server.c:711 msgid "invalid handshake received from connecting module" msgstr "" -#: p11-kit/rpc-server.c:1823 +#: p11-kit/rpc-server.c:1828 msgid "couldn't parse pkcs11 rpc message" msgstr "" -#: p11-kit/rpc-server.c:1910 +#: p11-kit/rpc-server.c:1915 msgid "out of memory error putting together message" msgstr "" -#: p11-kit/rpc-server.c:1934 +#: p11-kit/rpc-server.c:1939 msgid "out of memory responding with error" msgstr "" -#: p11-kit/rpc-server.c:1980 +#: p11-kit/rpc-server.c:1985 #, c-format msgid "unsupported version received: %d" msgstr "" -#: p11-kit/rpc-server.c:1985 +#: p11-kit/rpc-server.c:1991 msgid "couldn't read credential byte" msgstr "" -#: p11-kit/rpc-server.c:1994 +#: p11-kit/rpc-server.c:2003 msgid "couldn't write credential byte" msgstr "" -#: p11-kit/rpc-server.c:2017 +#: p11-kit/rpc-server.c:2026 msgid "failed to read rpc message" msgstr "" -#: p11-kit/rpc-server.c:2022 +#: p11-kit/rpc-server.c:2031 msgid "unexpected error handling rpc message" msgstr "" -#: p11-kit/rpc-server.c:2040 +#: p11-kit/rpc-server.c:2049 msgid "failed to write rpc message" msgstr "" -#: p11-kit/rpc-transport.c:212 +#: p11-kit/rpc-transport.c:208 msgid "couldn't send data: closed connection" msgstr "" -#: p11-kit/rpc-transport.c:215 +#: p11-kit/rpc-transport.c:211 msgid "couldn't send data" msgstr "" -#: p11-kit/rpc-transport.c:238 +#: p11-kit/rpc-transport.c:234 msgid "couldn't receive data: closed connection" msgstr "" -#: p11-kit/rpc-transport.c:242 +#: p11-kit/rpc-transport.c:238 msgid "couldn't receive data" msgstr "" -#: p11-kit/rpc-transport.c:270 +#: p11-kit/rpc-transport.c:416 +msgid "received invalid rpc header values: perhaps wrong protocol" +msgstr "" + +#: p11-kit/rpc-transport.c:459 +msgid "couldn't use select to wait on rpc pipe" +msgstr "" + +#: p11-kit/rpc-transport.c:648 msgid "couldn't send socket credentials" msgstr "" -#: p11-kit/rpc-transport.c:439 -msgid "received invalid rpc header values: perhaps wrong protocol" +#: p11-kit/rpc-transport.c:653 +msgid "couldn't receive socket credentials" msgstr "" -#: p11-kit/rpc-transport.c:482 -msgid "couldn't use select to wait on rpc pipe" +#: p11-kit/rpc-transport.c:659 +msgid "peer protocol version is too old" msgstr "" -#: p11-kit/rpc-transport.c:688 p11-kit/rpc-transport.c:694 +#: p11-kit/rpc-transport.c:710 p11-kit/rpc-transport.c:716 msgid "closing socket due to protocol failure" msgstr "" -#: p11-kit/rpc-transport.c:733 +#: p11-kit/rpc-transport.c:755 #, c-format msgid "process %d did not exit, terminating" msgstr "" -#: p11-kit/rpc-transport.c:740 +#: p11-kit/rpc-transport.c:762 #, c-format msgid "failed to wait for executed child: %d" msgstr "" -#: p11-kit/rpc-transport.c:747 +#: p11-kit/rpc-transport.c:769 #, c-format msgid "process %d exited with status %d" msgstr "" -#: p11-kit/rpc-transport.c:751 +#: p11-kit/rpc-transport.c:773 #, c-format msgid "process %d was terminated with signal %d" msgstr "" -#: p11-kit/rpc-transport.c:795 p11-kit/rpc-transport.c:931 -#: p11-kit/rpc-transport.c:938 +#: p11-kit/rpc-transport.c:817 p11-kit/rpc-transport.c:953 +#: p11-kit/rpc-transport.c:960 msgid "failed to create pipe for remote" msgstr "" -#: p11-kit/rpc-transport.c:806 +#: p11-kit/rpc-transport.c:828 msgid "failed to fork for remote" msgstr "" -#: p11-kit/rpc-transport.c:866 +#: p11-kit/rpc-transport.c:888 #, c-format msgid "process %p did not exit, terminating" msgstr "" -#: p11-kit/rpc-transport.c:868 +#: p11-kit/rpc-transport.c:890 #, c-format msgid "couldn't terminate process %p" msgstr "" -#: p11-kit/rpc-transport.c:873 +#: p11-kit/rpc-transport.c:895 #, c-format msgid "failed to wait for executed child: %p" msgstr "" -#: p11-kit/rpc-transport.c:876 +#: p11-kit/rpc-transport.c:898 #, c-format msgid "failed to get the exit status of %p" msgstr "" -#: p11-kit/rpc-transport.c:880 +#: p11-kit/rpc-transport.c:902 #, c-format msgid "process %p exited with status %lu" msgstr "" -#: p11-kit/rpc-transport.c:946 +#: p11-kit/rpc-transport.c:968 msgid "failed to duplicate stdin" msgstr "" -#: p11-kit/rpc-transport.c:953 +#: p11-kit/rpc-transport.c:975 msgid "failed to duplicate stdout" msgstr "" -#: p11-kit/rpc-transport.c:961 +#: p11-kit/rpc-transport.c:983 msgid "failed to duplicate child end of pipe" msgstr "" -#: p11-kit/rpc-transport.c:971 +#: p11-kit/rpc-transport.c:993 msgid "failed to spawn remote" msgstr "" -#: p11-kit/rpc-transport.c:984 +#: p11-kit/rpc-transport.c:1006 msgid "failed to restore file descriptors" msgstr "" -#: p11-kit/rpc-transport.c:1053 +#: p11-kit/rpc-transport.c:1075 #, c-format msgid "invalid remote command line: %s" msgstr "" -#: p11-kit/rpc-transport.c:1092 p11-kit/rpc-transport.c:1172 +#: p11-kit/rpc-transport.c:1115 p11-kit/rpc-transport.c:1196 msgid "failed to create socket for remote" msgstr "" -#: p11-kit/rpc-transport.c:1268 p11-kit/server.c:165 +#: p11-kit/rpc-transport.c:1293 p11-kit/server.c:165 #, c-format msgid "failed to parse vsock address: '%s'" msgstr "" -#: p11-kit/rpc-transport.c:1276 +#: p11-kit/rpc-transport.c:1301 #, c-format msgid "remote not supported: %s" msgstr "" @@ -928,182 +937,179 @@ msgid "unable to set DACL in security descriptor: %lu" msgstr "" -#: trust/anchor.c:125 +#: trust/anchor.c:126 #, c-format msgid "invalid PKCS#11 uri: %s" msgstr "" -#: trust/anchor.c:147 trust/anchor.c:203 +#: trust/anchor.c:148 trust/anchor.c:204 #, c-format msgid "unrecognized file format: %s" msgstr "" -#: trust/anchor.c:150 trust/anchor.c:206 +#: trust/anchor.c:151 trust/anchor.c:207 #, c-format msgid "failed to parse file: %s" msgstr "" -#: trust/anchor.c:245 +#: trust/anchor.c:246 #, c-format msgid "%s: couldn't initialize: %s" msgstr "" -#: trust/anchor.c:256 +#: trust/anchor.c:257 #, c-format msgid "%s: couldn't enumerate slots: %s" msgstr "" -#: trust/anchor.c:264 +#: trust/anchor.c:265 #, c-format msgid "%s: couldn't get token info: %s" msgstr "" -#: trust/anchor.c:276 +#: trust/anchor.c:277 #, c-format msgid "%s: couldn't open session: %s" msgstr "" -#: trust/anchor.c:324 +#: trust/anchor.c:325 msgid "no configured writable location to store anchors" msgstr "" -#: trust/anchor.c:326 +#: trust/anchor.c:327 msgid "no configured location to store anchors" msgstr "" -#: trust/anchor.c:387 trust/anchor.c:434 +#: trust/anchor.c:388 trust/anchor.c:435 #, c-format msgid "couldn't create object: %s" msgstr "" -#: trust/anchor.c:486 +#: trust/anchor.c:487 msgid "specify at least one anchor input file" msgstr "" -#: trust/anchor.c:569 +#: trust/anchor.c:570 #, c-format msgid "couldn't remove read-only %s" msgstr "" -#: trust/anchor.c:572 +#: trust/anchor.c:573 #, c-format msgid "couldn't remove %s: %s" msgstr "" -#: trust/anchor.c:598 +#: trust/anchor.c:599 msgid "at least one file or uri must be specified" msgstr "" -#: trust/anchor.c:664 +#: trust/anchor.c:665 msgid "an action was already specified" msgstr "" -#: trust/anchor.c:701 +#: trust/anchor.c:702 #, c-format msgid "%u error while processing" -msgstr "" +msgid_plural "%u errors while processing" +msgstr0 "" +msgstr1 "" -#: trust/anchor.c:703 -#, c-format -msgid "%u errors while processing" -msgstr "" - -#: trust/builder.c:153 +#: trust/builder.c:155 #, c-format msgid "%.*s: invalid certificate extension" msgstr "" -#: trust/builder.c:672 +#: trust/builder.c:674 #, c-format msgid "%.*s: invalid basic constraints certificate extension" msgstr "" -#: trust/builder.c:674 +#: trust/builder.c:676 msgid "unknown" msgstr "" -#: trust/builder.c:863 +#: trust/builder.c:865 msgid "missing the CKA_HASH_OF_SUBJECT_PUBLIC_KEY attribute" msgstr "" -#: trust/builder.c:868 +#: trust/builder.c:870 msgid "missing the CKA_HASH_OF_ISSUER_PUBLIC_KEY attribute" msgstr "" -#: trust/builder.c:1082 +#: trust/builder.c:1084 msgid "the object is not modifiable" msgstr "" -#: trust/builder.c:1089 +#: trust/builder.c:1091 msgid "objects of this type cannot be created" msgstr "" -#: trust/builder.c:1108 +#: trust/builder.c:1111 #, c-format msgid "the %s attribute cannot be set" msgstr "" -#: trust/builder.c:1113 +#: trust/builder.c:1116 #, c-format msgid "the %s attribute cannot be changed" msgstr "" -#: trust/builder.c:1119 +#: trust/builder.c:1122 #, c-format msgid "the %s attribute has an invalid value" msgstr "" -#: trust/builder.c:1128 +#: trust/builder.c:1131 #, c-format msgid "the %s attribute is not valid for the object" msgstr "" -#: trust/builder.c:1150 +#: trust/builder.c:1154 #, c-format msgid "missing the %s attribute" msgstr "" -#: trust/builder.c:1190 +#: trust/builder.c:1194 msgid "no CKA_CLASS attribute found" msgstr "" -#: trust/builder.c:1196 +#: trust/builder.c:1200 #, c-format msgid "cannot create a %s object" msgstr "" -#: trust/builder.c:1196 +#: trust/builder.c:1200 msgid "token" msgstr "" -#: trust/builder.c:1196 +#: trust/builder.c:1200 msgid "non-token" msgstr "" -#: trust/builder.c:1204 +#: trust/builder.c:1208 #, c-format msgid "missing %s on object" msgstr "" -#: trust/builder.c:1209 +#: trust/builder.c:1213 #, c-format msgid "%s unsupported %s" msgstr "" -#: trust/builder.c:1230 +#: trust/builder.c:1234 #, c-format msgid "%s unsupported object class" msgstr "" -#: trust/builder.c:1296 +#: trust/builder.c:1300 msgid "invalid key usage certificate extension" msgstr "" -#: trust/builder.c:1762 +#: trust/builder.c:1768 msgid "invalid extended key usage certificate extension" msgstr "" -#: trust/builder.c:1770 +#: trust/builder.c:1776 msgid "invalid reject key usage certificate extension" msgstr ""
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/trust/anchor.c -> _service:tar_scm:p11-kit-0.24.1.tar.xz/trust/anchor.c
Changed
@@ -60,6 +60,7 @@ #define _(x) dgettext(PACKAGE_NAME, x) #else #define _(x) (x) +#define dngettext(Domain,String1,String2,N) ((N) == 1 ? (String1) : (String2)) #endif static p11_parser * @@ -697,10 +698,11 @@ assert_not_reached (); if (errors > 0) { - if (errors == 1) - p11_message (_("%u error while processing"), errors); - else - p11_message (_("%u errors while processing"), errors); + p11_message (dngettext (PACKAGE_NAME, + "%u error while processing", + "%u errors while processing", + errors), + errors); } /* Extract the compat bundles after modification */
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/trust/builder.c -> _service:tar_scm:p11-kit-0.24.1.tar.xz/trust/builder.c
Changed
@@ -62,6 +62,8 @@ #define _(x) (x) #endif +#define ELEMS(x) (sizeof (x) / sizeof (x0)) + struct _p11_builder { p11_asn1_cache *asn1_cache; p11_dict *asn1_defs; @@ -1099,7 +1101,8 @@ continue; found = false; - for (j = 0; schema->attrsj.type != CKA_INVALID; j++) { + for (j = 0; j < ELEMS(schema->attrs) && + schema->attrsj.type != CKA_INVALID; j++) { if (schema->attrsj.type != mergei.type) continue; @@ -1132,7 +1135,8 @@ } if (attrs == NULL) { - for (j = 0; schema->attrsj.type != CKA_INVALID; j++) { + for (j = 0; j < ELEMS(schema->attrs) && + schema->attrsj.type != CKA_INVALID; j++) { flags = schema->attrsj.flags; found = false; @@ -1297,7 +1301,8 @@ free (data); } - for (i = 0; ku_attribute_mapi.type != CKA_INVALID; i++) { + for (i = 0; i < ELEMS(ku_attribute_map) && + ku_attribute_mapi.type != CKA_INVALID; i++) { attrsi.type = ku_attribute_mapi.type; if (data && (ku & ku_attribute_mapi.ku) == ku_attribute_mapi.ku) { attrsi.pValue = &present; @@ -1381,7 +1386,8 @@ /* The value set if a purpose is explicitly rejected */ disallow = CKT_NSS_NOT_TRUSTED; - for (i = 0; eku_attribute_mapi.type != CKA_INVALID; i++) { + for (i = 0; i < ELEMS(eku_attribute_map) && + eku_attribute_mapi.type != CKA_INVALID; i++) { attrsi.type = eku_attribute_mapi.type; if (dict_rej && p11_dict_get (dict_rej, eku_attribute_mapi.oid)) { attrsi.pValue = &disallow;
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/trust/meson.build -> _service:tar_scm:p11-kit-0.24.1.tar.xz/trust/meson.build
Changed
@@ -172,7 +172,7 @@ dependencies: asn_h_dep, libp11_kit_dep, libp11_library_dep, - libp11_test_dep + libffi_deps + dlopen_deps, + libp11_test_dep + libtasn1_deps + libffi_deps + dlopen_deps, link_with: libtrust_testable, libtrust_data, libtrust_test) endforeach endif
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2