update to 2.8.0

2021-01-29 16:06:32 +08:00 · 2021-01-29 16:06:32 +08:00 · 29a874bbd3
commit 29a874bbd3
parent c09ff3d03a
7 changed files with 39 additions and 142 deletions
--- a/libcacard-2.7.0-caching-keys.patch
+++ b/libcacard-2.7.0-caching-keys.patch
@ -1,124 +0,0 @@
-From 2c10ae315375730020108cbcae0c282d0d6eff5f Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jjelen@redhat.com>
-Date: Mon, 26 Aug 2019 17:42:06 +0200
-Subject: [PATCH 1/2] vcard_emul_nss: Drop the key caching to simplify error
- handling
-
-It could happen with PKCS#11 modules that (correctly) invalidate object
-handles after logout (which was introduced in 0d3a683a), that the handles
-are not valid when we try to use the objects again.
-
-This is trying to address this use case, which I noticed was breaking
-CI with SoftHSM PKCS#11 modules.
-
-Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
- src/vcard_emul_nss.c | 15 +--------------
- 1 file changed, 1 insertion(+), 14 deletions(-)
-
-diff --git a/src/vcard_emul_nss.c b/src/vcard_emul_nss.c
-index e8f5c56..f788964 100644
--- a/src/vcard_emul_nss.c
-+++ b/src/vcard_emul_nss.c
-@@ -52,7 +52,6 @@ typedef enum {
- struct VCardKeyStruct {
-     CERTCertificate *cert;
-     PK11SlotInfo *slot;
-    SECKEYPrivateKey *key;
-     VCardEmulTriState failedX509;
- };
- 
-@@ -155,10 +154,6 @@ vcard_emul_make_key(PK11SlotInfo *slot, CERTCertificate *cert)
-     key = g_new(VCardKey, 1);
-     key->slot = PK11_ReferenceSlot(slot);
-     key->cert = CERT_DupCertificate(cert);
-    /* NOTE: if we aren't logged into the token, this could return NULL */
-    /* NOTE: the cert is a temp cert, not necessarily the cert in the token,
-     * use the DER version of this function */
-    key->key = PK11_FindKeyByDERCert(slot, cert, NULL);
-     key->failedX509 = VCardEmulUnknown;
-     return key;
- }
-@@ -170,10 +165,6 @@ vcard_emul_delete_key(VCardKey *key)
-     if (!nss_emul_init || (key == NULL)) {
-         return;
-     }
-    if (key->key) {
-        SECKEY_DestroyPrivateKey(key->key);
-        key->key = NULL;
-    }
-     if (key->cert) {
-         CERT_DestroyCertificate(key->cert);
-     }
-@@ -189,12 +180,8 @@ vcard_emul_delete_key(VCardKey *key)
- static SECKEYPrivateKey *
- vcard_emul_get_nss_key(VCardKey *key)
- {
-    if (key->key) {
-        return key->key;
-    }
-     /* NOTE: if we aren't logged into the token, this could return NULL */
-    key->key = PK11_FindPrivateKeyFromCert(key->slot, key->cert, NULL);
-    return key->key;
-+    return PK11_FindPrivateKeyFromCert(key->slot, key->cert, NULL);
- }
- 
- /*
-- 
-2.22.0
-
-
-From 06587ef683373690f61540935b4516b4f23238ea Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jjelen@redhat.com>
-Date: Tue, 27 Aug 2019 12:38:45 +0200
-Subject: [PATCH 2/2] tests: Reproducer for pkcs11 modules invalidating object
- handles on logout
-
-Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
- tests/hwtests.c | 21 +++++++++++++++++++++
- 1 file changed, 21 insertions(+)
-
-diff --git a/tests/hwtests.c b/tests/hwtests.c
-index cd9a33b..39decfb 100644
--- a/tests/hwtests.c
-+++ b/tests/hwtests.c
-@@ -339,6 +339,26 @@ static void test_sign_bad_data_x509(void)
-     vreader_free(reader); /* get by id ref */
- }
- 
-+/* This is a regression test for issues with PKCS#11 tokens
-+ * invalidating object handles after logout (such as softhsm).
-+ * See: https://bugzilla.mozilla.org/show_bug.cgi?id=1576642
-+ */
-+static void test_sign_logout_sign(void)
-+{
-+    VReader *reader = vreader_get_reader_by_id(0);
-+
-+    g_assert_nonnull(reader);
-+
-+    test_login();
-+    test_sign();
-+
-+    /* This implicitly logs out the user */
-+    test_login();
-+    test_sign();
-+
-+    vreader_free(reader); /* get by id ref */
-+}
-+
- static void libcacard_finalize(void)
- {
-     VReader *reader = vreader_get_reader_by_id(0);
-@@ -374,6 +394,7 @@ int main(int argc, char *argv[])
-     g_test_add_func("/hw-tests/sign-bad-data", test_sign_bad_data_x509);
-     g_test_add_func("/hw-tests/empty-applets", test_empty_applets);
-     g_test_add_func("/hw-tests/get-response", test_get_response);
-+    g_test_add_func("/hw-tests/sign-logout-sign", test_sign_logout_sign);
- 
-     ret = g_test_run();
- 
-- 
-2.22.0
-
-
--- a/libcacard-2.7.0.tar.xz
+++ b/libcacard-2.7.0.tar.xz
--- a/libcacard-2.7.0.tar.xz.asc
+++ b/libcacard-2.7.0.tar.xz.asc
@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQEzBAABCAAdFiEE99xQpX39UrlCUyle9kkHrBW1wz0FAl0154wACgkQ9kkHrBW1
-wz06+Qf/Q6kuvcClfspNnHC6uiG4ltvxC1/56FQXXMOaiwvaR2lrH61po4f16EXI
-fQgjuecTMJukMWwdLFPfR444rfO3vNvaQom953MNI+NoWlzgpl+QoWWvCPJwOUl0
-ocKC7eehtSklbr05X885jHdsabhe4yUxOSJPhFwkiPZLnYGVwyB5gkhM/W9hBKqK
-IkMycN2lW8q+pcjafha9jcSWEa+fzxd+f/78oFwyXB9cPacm0g/LlpNjHZZlnnfn
-X8LVvVeYhMsm9eqY3js2QFOIu2045jBeeg5JwT2scuoMPzWBj8KrMGo8loN0NouZ
-uE7+03F0YKBoyV463bJkyYNryChXZg==
-=Qkcs
-----END PGP SIGNATURE-----
--- a/libcacard-2.8.0-32bit.patch
+++ b/libcacard-2.8.0-32bit.patch
@ -0,0 +1,26 @@
+From 3c29cd10b211e81e79f38f4c0a9d42070a382789 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Tue, 6 Oct 2020 17:36:28 +0200
+Subject: [PATCH] test: Add 32b paths for softhsm
+
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+
+Reference:https://gitlab.freedesktop.org/spice/libcacard/-/commit/3c29cd10b211e81e79f38f4c0a9d42070a382789
+---
+ tests/setup-softhsm2.sh | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/tests/setup-softhsm2.sh b/tests/setup-softhsm2.sh
+index 7523990..5341cd3 100755
+--- a/tests/setup-softhsm2.sh
+++ b/tests/setup-softhsm2.sh
+@@ -8,6 +8,7 @@ PIN="77777777"
+ export GNUTLS_PIN=$PIN
+ 
+ for P11LIB in \
+        /usr/lib/pkcs11/libsofthsm2.so \
+         /usr/lib64/pkcs11/libsofthsm2.so \
+         /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so \
+         /usr/lib/softhsm/libsofthsm2.so \
+-- 
+GitLab
--- a/libcacard-2.8.0.tar.xz
+++ b/libcacard-2.8.0.tar.xz
--- a/libcacard-2.8.0.tar.xz.asc
+++ b/libcacard-2.8.0.tar.xz.asc
--- a/libcacard.spec
+++ b/libcacard.spec
@ -1,16 +1,18 @@
 Name:           libcacard
-Version:        2.7.0
-Release:        4
+Version:        2.8.0
+Release:        1
 Epoch:          3
 Summary:        Common Access Card(CAC) library
 License:        LGPLv2+
 URL:            https://gitlab.freedesktop.org/spice/libcacard
 Source0:        https://www.spice-space.org/download/libcacard/%{name}-%{version}.tar.xz
 Source1:        https://www.spice-space.org/download/libcacard/%{name}-%{version}.tar.xz.asc
-Patch0:         libcacard-2.7.0-caching-keys.patch
+
+Patch6000:      libcacard-2.8.0-32bit.patch

 BuildRequires:  gcc glib2-devel nss-devel softhsm opensc 
 BuildRequires:  gnutls-utils nss-tools openssl gnupg2
+BuildRequires:  meson gcc-c++ pcsc-lite-devel
 Conflicts:      qemu-common < 2:2.5.0

 %description
@ -31,12 +33,13 @@ This package provides libraries and header files for the development of libcacar
 %autosetup -n %{name}-%{version} -p1

 %build
-%configure
-sed -i -e 's! -shared ! -Wl,--as-needed\0!g' libtool
-%make_build
+%meson
+%meson_build
+

 %install
-%make_install
+%meson_install
+rm -f %{buildroot}%{_libdir}/*.la

 %ldconfig_scriptlets

@ -57,6 +60,9 @@ sed -i -e 's! -shared ! -Wl,--as-needed\0!g' libtool
 %doc NEWS ChangeLog README.md

 %changelog
+* Fri Jan 29 2021 zhanzhimin <zhanzhimin@huawei.com> - 3:2.8.0-1
+- update to 2.8.0
+
 * Fri Aug 21 2020 orange_snn <songnannan2@huawei.com> - 3:2.7.0-4
 - delete the check