!9 update libcacard version to 2.8.0

From: @zzm_567 Reviewed-by: @orange-snn Signed-off-by: @orange-snn
2021-02-03 17:43:24 +08:00 · 2021-02-03 17:43:24 +08:00 · 7078e18cfd
commit 7078e18cfd
parent c09ff3d03a 29a874bbd3
7 changed files with 39 additions and 142 deletions
--- a/libcacard-2.7.0-caching-keys.patch
+++ b/libcacard-2.7.0-caching-keys.patch
@ -1,124 +0,0 @@
 From 2c10ae315375730020108cbcae0c282d0d6eff5f Mon Sep 17 00:00:00 2001
 From: Jakub Jelen <jjelen@redhat.com>
 Date: Mon, 26 Aug 2019 17:42:06 +0200
 Subject: [PATCH 1/2] vcard_emul_nss: Drop the key caching to simplify error
 handling
 It could happen with PKCS#11 modules that (correctly) invalidate object
 handles after logout (which was introduced in 0d3a683a), that the handles
 are not valid when we try to use the objects again.
 This is trying to address this use case, which I noticed was breaking
 CI with SoftHSM PKCS#11 modules.
 Signed-off-by: Jakub Jelen <jjelen@redhat.com>
 ---
 src/vcard_emul_nss.c | 15 +--------------
 1 file changed, 1 insertion(+), 14 deletions(-)
 diff --git a/src/vcard_emul_nss.c b/src/vcard_emul_nss.c
 index e8f5c56..f788964 100644
 --- a/src/vcard_emul_nss.c
 +++ b/src/vcard_emul_nss.c
@@ -52,7 +52,6 @@ typedef enum {
 struct VCardKeyStruct {
     CERTCertificate *cert;
     PK11SlotInfo *slot;
 -    SECKEYPrivateKey *key;
     VCardEmulTriState failedX509;
 };
@@ -155,10 +154,6 @@ vcard_emul_make_key(PK11SlotInfo *slot, CERTCertificate *cert)
     key = g_new(VCardKey, 1);
     key->slot = PK11_ReferenceSlot(slot);
     key->cert = CERT_DupCertificate(cert);
 -    /* NOTE: if we aren't logged into the token, this could return NULL */
 -    /* NOTE: the cert is a temp cert, not necessarily the cert in the token,
 -     * use the DER version of this function */
 -    key->key = PK11_FindKeyByDERCert(slot, cert, NULL);
     key->failedX509 = VCardEmulUnknown;
     return key;
 }
@@ -170,10 +165,6 @@ vcard_emul_delete_key(VCardKey *key)
     if (!nss_emul_init || (key == NULL)) {
         return;
     }
 -    if (key->key) {
 -        SECKEY_DestroyPrivateKey(key->key);
 -        key->key = NULL;
 -    }
     if (key->cert) {
         CERT_DestroyCertificate(key->cert);
     }
@@ -189,12 +180,8 @@ vcard_emul_delete_key(VCardKey *key)
 static SECKEYPrivateKey *
 vcard_emul_get_nss_key(VCardKey *key)
 {
 -    if (key->key) {
 -        return key->key;
 -    }
     /* NOTE: if we aren't logged into the token, this could return NULL */
 -    key->key = PK11_FindPrivateKeyFromCert(key->slot, key->cert, NULL);
 -    return key->key;
 +    return PK11_FindPrivateKeyFromCert(key->slot, key->cert, NULL);
 }
 /*
 -- 
 2.22.0
 From 06587ef683373690f61540935b4516b4f23238ea Mon Sep 17 00:00:00 2001
 From: Jakub Jelen <jjelen@redhat.com>
 Date: Tue, 27 Aug 2019 12:38:45 +0200
 Subject: [PATCH 2/2] tests: Reproducer for pkcs11 modules invalidating object
 handles on logout
 Signed-off-by: Jakub Jelen <jjelen@redhat.com>
 ---
 tests/hwtests.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 diff --git a/tests/hwtests.c b/tests/hwtests.c
 index cd9a33b..39decfb 100644
 --- a/tests/hwtests.c
 +++ b/tests/hwtests.c
@@ -339,6 +339,26 @@ static void test_sign_bad_data_x509(void)
     vreader_free(reader); /* get by id ref */
 }
 +/* This is a regression test for issues with PKCS#11 tokens
 + * invalidating object handles after logout (such as softhsm).
 + * See: https://bugzilla.mozilla.org/show_bug.cgi?id=1576642
 + */
 +static void test_sign_logout_sign(void)
 +{
 +    VReader *reader = vreader_get_reader_by_id(0);
 +
 +    g_assert_nonnull(reader);
 +
 +    test_login();
 +    test_sign();
 +
 +    /* This implicitly logs out the user */
 +    test_login();
 +    test_sign();
 +
 +    vreader_free(reader); /* get by id ref */
 +}
 +
 static void libcacard_finalize(void)
 {
     VReader *reader = vreader_get_reader_by_id(0);
@@ -374,6 +394,7 @@ int main(int argc, char *argv[])
     g_test_add_func("/hw-tests/sign-bad-data", test_sign_bad_data_x509);
     g_test_add_func("/hw-tests/empty-applets", test_empty_applets);
     g_test_add_func("/hw-tests/get-response", test_get_response);
 +    g_test_add_func("/hw-tests/sign-logout-sign", test_sign_logout_sign);
     ret = g_test_run();
 -- 
 2.22.0
--- a/libcacard-2.7.0.tar.xz
+++ b/libcacard-2.7.0.tar.xz
--- a/libcacard-2.7.0.tar.xz.asc
+++ b/libcacard-2.7.0.tar.xz.asc
@ -1,11 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 iQEzBAABCAAdFiEE99xQpX39UrlCUyle9kkHrBW1wz0FAl0154wACgkQ9kkHrBW1
 wz06+Qf/Q6kuvcClfspNnHC6uiG4ltvxC1/56FQXXMOaiwvaR2lrH61po4f16EXI
 fQgjuecTMJukMWwdLFPfR444rfO3vNvaQom953MNI+NoWlzgpl+QoWWvCPJwOUl0
 ocKC7eehtSklbr05X885jHdsabhe4yUxOSJPhFwkiPZLnYGVwyB5gkhM/W9hBKqK
 IkMycN2lW8q+pcjafha9jcSWEa+fzxd+f/78oFwyXB9cPacm0g/LlpNjHZZlnnfn
 X8LVvVeYhMsm9eqY3js2QFOIu2045jBeeg5JwT2scuoMPzWBj8KrMGo8loN0NouZ
 uE7+03F0YKBoyV463bJkyYNryChXZg==
 =Qkcs
 -----END PGP SIGNATURE-----
--- a/libcacard-2.8.0-32bit.patch
+++ b/libcacard-2.8.0-32bit.patch
@ -0,0 +1,26 @@
 From 3c29cd10b211e81e79f38f4c0a9d42070a382789 Mon Sep 17 00:00:00 2001
 From: Jakub Jelen <jjelen@redhat.com>
 Date: Tue, 6 Oct 2020 17:36:28 +0200
 Subject: [PATCH] test: Add 32b paths for softhsm
 Signed-off-by: Jakub Jelen <jjelen@redhat.com>
 Reference:https://gitlab.freedesktop.org/spice/libcacard/-/commit/3c29cd10b211e81e79f38f4c0a9d42070a382789
 ---
 tests/setup-softhsm2.sh | 1 +
 1 file changed, 1 insertion(+)
 diff --git a/tests/setup-softhsm2.sh b/tests/setup-softhsm2.sh
 index 7523990..5341cd3 100755
 --- a/tests/setup-softhsm2.sh
 +++ b/tests/setup-softhsm2.sh
@@ -8,6 +8,7 @@ PIN="77777777"
 export GNUTLS_PIN=$PIN
 for P11LIB in \
 +        /usr/lib/pkcs11/libsofthsm2.so \
         /usr/lib64/pkcs11/libsofthsm2.so \
         /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so \
         /usr/lib/softhsm/libsofthsm2.so \
 -- 
 GitLab
--- a/libcacard-2.8.0.tar.xz
+++ b/libcacard-2.8.0.tar.xz
--- a/libcacard-2.8.0.tar.xz.asc
+++ b/libcacard-2.8.0.tar.xz.asc
--- a/libcacard.spec
+++ b/libcacard.spec
@ -1,16 +1,18 @@
 Name:           libcacard
-Version:        2.7.0
+Version:        2.8.0
-Release:        4
+Release:        1
 Epoch:          3
 Summary:        Common Access Card(CAC) library
 License:        LGPLv2+
 URL:            https://gitlab.freedesktop.org/spice/libcacard
 Source0:        https://www.spice-space.org/download/libcacard/%{name}-%{version}.tar.xz
 Source1:        https://www.spice-space.org/download/libcacard/%{name}-%{version}.tar.xz.asc
-Patch0:         libcacard-2.7.0-caching-keys.patch
+
 Patch6000:      libcacard-2.8.0-32bit.patch
 BuildRequires:  gcc glib2-devel nss-devel softhsm opensc 
 BuildRequires:  gnutls-utils nss-tools openssl gnupg2
 BuildRequires:  meson gcc-c++ pcsc-lite-devel
 Conflicts:      qemu-common < 2:2.5.0
 %description
@ -31,12 +33,13 @@ This package provides libraries and header files for the development of libcacar
 %autosetup -n %{name}-%{version} -p1
 %build
-%configure
+%meson
-sed -i -e 's! -shared ! -Wl,--as-needed\0!g' libtool
+%meson_build
-%make_build
+
 %install
-%make_install
+%meson_install
 rm -f %{buildroot}%{_libdir}/*.la
 %ldconfig_scriptlets
@ -57,6 +60,9 @@ sed -i -e 's! -shared ! -Wl,--as-needed\0!g' libtool
 %doc NEWS ChangeLog README.md
 %changelog
 * Fri Jan 29 2021 zhanzhimin <zhanzhimin@huawei.com> - 3:2.8.0-1
 - update to 2.8.0
 * Fri Aug 21 2020 orange_snn <songnannan2@huawei.com> - 3:2.7.0-4
 - delete the check