diff --git a/libcacard-2.7.0-caching-keys.patch b/libcacard-2.7.0-caching-keys.patch deleted file mode 100644 index 8c8a3b9..0000000 --- a/libcacard-2.7.0-caching-keys.patch +++ /dev/null @@ -1,124 +0,0 @@ -From 2c10ae315375730020108cbcae0c282d0d6eff5f Mon Sep 17 00:00:00 2001 -From: Jakub Jelen -Date: Mon, 26 Aug 2019 17:42:06 +0200 -Subject: [PATCH 1/2] vcard_emul_nss: Drop the key caching to simplify error - handling - -It could happen with PKCS#11 modules that (correctly) invalidate object -handles after logout (which was introduced in 0d3a683a), that the handles -are not valid when we try to use the objects again. - -This is trying to address this use case, which I noticed was breaking -CI with SoftHSM PKCS#11 modules. - -Signed-off-by: Jakub Jelen ---- - src/vcard_emul_nss.c | 15 +-------------- - 1 file changed, 1 insertion(+), 14 deletions(-) - -diff --git a/src/vcard_emul_nss.c b/src/vcard_emul_nss.c -index e8f5c56..f788964 100644 ---- a/src/vcard_emul_nss.c -+++ b/src/vcard_emul_nss.c -@@ -52,7 +52,6 @@ typedef enum { - struct VCardKeyStruct { - CERTCertificate *cert; - PK11SlotInfo *slot; -- SECKEYPrivateKey *key; - VCardEmulTriState failedX509; - }; - -@@ -155,10 +154,6 @@ vcard_emul_make_key(PK11SlotInfo *slot, CERTCertificate *cert) - key = g_new(VCardKey, 1); - key->slot = PK11_ReferenceSlot(slot); - key->cert = CERT_DupCertificate(cert); -- /* NOTE: if we aren't logged into the token, this could return NULL */ -- /* NOTE: the cert is a temp cert, not necessarily the cert in the token, -- * use the DER version of this function */ -- key->key = PK11_FindKeyByDERCert(slot, cert, NULL); - key->failedX509 = VCardEmulUnknown; - return key; - } -@@ -170,10 +165,6 @@ vcard_emul_delete_key(VCardKey *key) - if (!nss_emul_init || (key == NULL)) { - return; - } -- if (key->key) { -- SECKEY_DestroyPrivateKey(key->key); -- key->key = NULL; -- } - if (key->cert) { - CERT_DestroyCertificate(key->cert); - } -@@ -189,12 +180,8 @@ vcard_emul_delete_key(VCardKey *key) - static SECKEYPrivateKey * - vcard_emul_get_nss_key(VCardKey *key) - { -- if (key->key) { -- return key->key; -- } - /* NOTE: if we aren't logged into the token, this could return NULL */ -- key->key = PK11_FindPrivateKeyFromCert(key->slot, key->cert, NULL); -- return key->key; -+ return PK11_FindPrivateKeyFromCert(key->slot, key->cert, NULL); - } - - /* --- -2.22.0 - - -From 06587ef683373690f61540935b4516b4f23238ea Mon Sep 17 00:00:00 2001 -From: Jakub Jelen -Date: Tue, 27 Aug 2019 12:38:45 +0200 -Subject: [PATCH 2/2] tests: Reproducer for pkcs11 modules invalidating object - handles on logout - -Signed-off-by: Jakub Jelen ---- - tests/hwtests.c | 21 +++++++++++++++++++++ - 1 file changed, 21 insertions(+) - -diff --git a/tests/hwtests.c b/tests/hwtests.c -index cd9a33b..39decfb 100644 ---- a/tests/hwtests.c -+++ b/tests/hwtests.c -@@ -339,6 +339,26 @@ static void test_sign_bad_data_x509(void) - vreader_free(reader); /* get by id ref */ - } - -+/* This is a regression test for issues with PKCS#11 tokens -+ * invalidating object handles after logout (such as softhsm). -+ * See: https://bugzilla.mozilla.org/show_bug.cgi?id=1576642 -+ */ -+static void test_sign_logout_sign(void) -+{ -+ VReader *reader = vreader_get_reader_by_id(0); -+ -+ g_assert_nonnull(reader); -+ -+ test_login(); -+ test_sign(); -+ -+ /* This implicitly logs out the user */ -+ test_login(); -+ test_sign(); -+ -+ vreader_free(reader); /* get by id ref */ -+} -+ - static void libcacard_finalize(void) - { - VReader *reader = vreader_get_reader_by_id(0); -@@ -374,6 +394,7 @@ int main(int argc, char *argv[]) - g_test_add_func("/hw-tests/sign-bad-data", test_sign_bad_data_x509); - g_test_add_func("/hw-tests/empty-applets", test_empty_applets); - g_test_add_func("/hw-tests/get-response", test_get_response); -+ g_test_add_func("/hw-tests/sign-logout-sign", test_sign_logout_sign); - - ret = g_test_run(); - --- -2.22.0 - - diff --git a/libcacard-2.7.0.tar.xz b/libcacard-2.7.0.tar.xz deleted file mode 100644 index 036db70..0000000 Binary files a/libcacard-2.7.0.tar.xz and /dev/null differ diff --git a/libcacard-2.7.0.tar.xz.asc b/libcacard-2.7.0.tar.xz.asc deleted file mode 100644 index 8cfdbde..0000000 --- a/libcacard-2.7.0.tar.xz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCAAdFiEE99xQpX39UrlCUyle9kkHrBW1wz0FAl0154wACgkQ9kkHrBW1 -wz06+Qf/Q6kuvcClfspNnHC6uiG4ltvxC1/56FQXXMOaiwvaR2lrH61po4f16EXI -fQgjuecTMJukMWwdLFPfR444rfO3vNvaQom953MNI+NoWlzgpl+QoWWvCPJwOUl0 -ocKC7eehtSklbr05X885jHdsabhe4yUxOSJPhFwkiPZLnYGVwyB5gkhM/W9hBKqK -IkMycN2lW8q+pcjafha9jcSWEa+fzxd+f/78oFwyXB9cPacm0g/LlpNjHZZlnnfn -X8LVvVeYhMsm9eqY3js2QFOIu2045jBeeg5JwT2scuoMPzWBj8KrMGo8loN0NouZ -uE7+03F0YKBoyV463bJkyYNryChXZg== -=Qkcs ------END PGP SIGNATURE----- diff --git a/libcacard-2.8.0-32bit.patch b/libcacard-2.8.0-32bit.patch new file mode 100644 index 0000000..e206a8e --- /dev/null +++ b/libcacard-2.8.0-32bit.patch @@ -0,0 +1,26 @@ +From 3c29cd10b211e81e79f38f4c0a9d42070a382789 Mon Sep 17 00:00:00 2001 +From: Jakub Jelen +Date: Tue, 6 Oct 2020 17:36:28 +0200 +Subject: [PATCH] test: Add 32b paths for softhsm + +Signed-off-by: Jakub Jelen + +Reference:https://gitlab.freedesktop.org/spice/libcacard/-/commit/3c29cd10b211e81e79f38f4c0a9d42070a382789 +--- + tests/setup-softhsm2.sh | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/tests/setup-softhsm2.sh b/tests/setup-softhsm2.sh +index 7523990..5341cd3 100755 +--- a/tests/setup-softhsm2.sh ++++ b/tests/setup-softhsm2.sh +@@ -8,6 +8,7 @@ PIN="77777777" + export GNUTLS_PIN=$PIN + + for P11LIB in \ ++ /usr/lib/pkcs11/libsofthsm2.so \ + /usr/lib64/pkcs11/libsofthsm2.so \ + /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so \ + /usr/lib/softhsm/libsofthsm2.so \ +-- +GitLab diff --git a/libcacard-2.8.0.tar.xz b/libcacard-2.8.0.tar.xz new file mode 100644 index 0000000..98a4ee2 Binary files /dev/null and b/libcacard-2.8.0.tar.xz differ diff --git a/libcacard-2.8.0.tar.xz.asc b/libcacard-2.8.0.tar.xz.asc new file mode 100644 index 0000000..c2e6cc7 Binary files /dev/null and b/libcacard-2.8.0.tar.xz.asc differ diff --git a/libcacard.spec b/libcacard.spec index 529e506..9c35dc6 100644 --- a/libcacard.spec +++ b/libcacard.spec @@ -1,16 +1,18 @@ Name: libcacard -Version: 2.7.0 -Release: 4 +Version: 2.8.0 +Release: 1 Epoch: 3 Summary: Common Access Card(CAC) library License: LGPLv2+ URL: https://gitlab.freedesktop.org/spice/libcacard Source0: https://www.spice-space.org/download/libcacard/%{name}-%{version}.tar.xz Source1: https://www.spice-space.org/download/libcacard/%{name}-%{version}.tar.xz.asc -Patch0: libcacard-2.7.0-caching-keys.patch + +Patch6000: libcacard-2.8.0-32bit.patch BuildRequires: gcc glib2-devel nss-devel softhsm opensc BuildRequires: gnutls-utils nss-tools openssl gnupg2 +BuildRequires: meson gcc-c++ pcsc-lite-devel Conflicts: qemu-common < 2:2.5.0 %description @@ -31,12 +33,13 @@ This package provides libraries and header files for the development of libcacar %autosetup -n %{name}-%{version} -p1 %build -%configure -sed -i -e 's! -shared ! -Wl,--as-needed\0!g' libtool -%make_build +%meson +%meson_build + %install -%make_install +%meson_install +rm -f %{buildroot}%{_libdir}/*.la %ldconfig_scriptlets @@ -57,6 +60,9 @@ sed -i -e 's! -shared ! -Wl,--as-needed\0!g' libtool %doc NEWS ChangeLog README.md %changelog +* Fri Jan 29 2021 zhanzhimin - 3:2.8.0-1 +- update to 2.8.0 + * Fri Aug 21 2020 orange_snn - 3:2.7.0-4 - delete the check