backport-fix-memory-handling-in-slot-refresh.patch

@@ -1,94 +0,0 @@
-From 6c96847f1f52a5ccc76e8f8d14820cc4d6af1ecb Mon Sep 17 00:00:00 2001
-From: Pavol Marko <pmarko@google.com>
-Date: Fri, 16 Jun 2023 21:04:22 +0000
-Subject: [PATCH] Fix memory handling in slot refresh
-
-On refreshing slots, there were two issues:
-- When reusing a PKCS11_SLOT_PRIVATE structure instance, the instance to
-  be reused was accidentally freed
-- Looking for an instance in the list of slots had bugs in pointer
-  usage.
----
- src/libp11-int.h |  5 +++--
- src/p11_slot.c   | 23 ++++++++++++++++-------
- 2 files changed, 19 insertions(+), 9 deletions(-)
-
-diff --git a/src/libp11-int.h b/src/libp11-int.h
-index 2d4c48a..fec334c 100644
---- a/src/libp11-int.h
-+++ b/src/libp11-int.h
-@@ -216,8 +216,9 @@ extern unsigned long pkcs11_get_slotid_from_slot(PKCS11_SLOT_private *);
- /* Increment slot reference count */
- extern PKCS11_SLOT_private *pkcs11_slot_ref(PKCS11_SLOT_private *slot);
- 
--/* Decrement slot reference count, free if it becomes zero */
--extern void pkcs11_slot_unref(PKCS11_SLOT_private *slot);
-+/* Decrement slot reference count, free if it becomes zero.
-+ * Returns 1 if it was freed. */
-+extern int pkcs11_slot_unref(PKCS11_SLOT_private *slot);
- 
- /* Free the list of slots allocated by PKCS11_enumerate_slots() */
- extern void pkcs11_release_all_slots(PKCS11_SLOT *slots, unsigned int nslots);
-diff --git a/src/p11_slot.c b/src/p11_slot.c
-index 3c00e22..c2e45b5 100644
---- a/src/p11_slot.c
-+++ b/src/p11_slot.c
-@@ -76,9 +76,14 @@ int pkcs11_enumerate_slots(PKCS11_CTX_private *ctx, PKCS11_SLOT **slotp,
- 	for (n = 0; n < nslots; n++) {
- 		PKCS11_SLOT_private *slot = NULL;
- 		for (i = 0; i < *countp; i++) {
--			if (PRIVSLOT(slotp[i])->id != slotid[n])
-+			PKCS11_SLOT_private *slot_old_private =
-+				PRIVSLOT(&((*slotp)[i]));
-+			if (slot_old_private->id != slotid[n])
- 				continue;
--			slot = pkcs11_slot_ref(PRIVSLOT(slotp[i]));
-+			/* Increase ref count so it doesn't get freed when ref
-+			* count is decremented in pkcs11_release_all_slots
-+			* at the end of this function. */
-+			slot = pkcs11_slot_ref(slot_old_private);
- 			break;
- 		}
- 		if (!slot)
-@@ -420,10 +425,10 @@ PKCS11_SLOT_private *pkcs11_slot_ref(PKCS11_SLOT_private *slot)
- 	return slot;
- }
- 
--void pkcs11_slot_unref(PKCS11_SLOT_private *slot)
-+int pkcs11_slot_unref(PKCS11_SLOT_private *slot)
- {
- 	if (pkcs11_atomic_add(&slot->refcnt, -1, &slot->lock) != 0)
--		return;
-+		return 0;
- 
- 	pkcs11_wipe_cache(slot);
- 	if (slot->prev_pin) {
-@@ -434,6 +439,8 @@ void pkcs11_slot_unref(PKCS11_SLOT_private *slot)
- 	OPENSSL_free(slot->session_pool);
- 	pthread_mutex_destroy(&slot->lock);
- 	pthread_cond_destroy(&slot->cond);
-+
-+	return 1;
- }
- 
- static int pkcs11_init_slot(PKCS11_CTX_private *ctx, PKCS11_SLOT *slot, PKCS11_SLOT_private *spriv)
-@@ -473,11 +480,13 @@ static void pkcs11_release_slot(PKCS11_SLOT *slot)
- 		pkcs11_destroy_token(slot->token);
- 		OPENSSL_free(slot->token);
- 	}
--	if (spriv)
--		pkcs11_slot_unref(spriv);
-+	if (spriv) {
-+		if (pkcs11_slot_unref(spriv) != 0) {
-+			OPENSSL_free(slot->_private);
-+		}
-+	}
- 	OPENSSL_free(slot->description);
- 	OPENSSL_free(slot->manufacturer);
--	OPENSSL_free(slot->_private);
- 
- 	memset(slot, 0, sizeof(*slot));
- }
--- 
-2.43.0
-

openssl-pkcs11.spec

@@ -1,22 +1,20 @@
 Name:           openssl-pkcs11
-Version:        0.4.12
+Version:        0.4.11
-Release:        3
+Release:        2
 Summary:        A PKCS#11 engine for use with OpenSSL
 License:        LGPLv2+ and BSD
 URL:            https://github.com/OpenSC/libp11
 Source0:        https://github.com/OpenSC/libp11/releases/download/libp11-%{version}/libp11-%{version}.tar.gz
 
-PATCH6000: backport-fix-memory-handling-in-slot-refresh.patch
-
 BuildRequires:  openssl-devel autoconf automake libtool
-BuildRequires:  softhsm opensc procps-ng p11-kit openssl chrpath
+BuildRequires:  softhsm opensc procps-ng p11-kit
 
 Provides:       libp11 = %{version}-%{release}
 Obsoletes:      libp11 < 0.4.7-4
 Provides:       engine_pkcs11 = %{version}-%{release}
 Obsoletes:      engine_pkcs11 < 0.4.7-4
 
-Requires:       p11-kit-trust openssl >= 3.0.0
+Requires:       p11-kit-trust openssl >= 1.0.2
 
 %description 
 openssl-pkcs11 is an implementation of an engine for OpenSSL. It can be loaded
@@ -38,26 +36,25 @@ Development headers and libraries for %{name}
 %build
 autoreconf -fvi
 export CFLAGS="%{optflags}"
-%configure --with-enginesdir=%{_libdir}/engines-3
+%configure --with-enginesdir=%{_libdir}/engines-1.1
 make %{?_smp_mflags} V=1
 
 %install
 rm -rf %{buildroot}
-mkdir -p %{buildroot}%{_libdir}/engines-3
+mkdir -p %{buildroot}%{_libdir}/engines-1.1
 %make_install
 %delete_la
 
+%check
+make check
+
 #strip binary files
 pushd %{_builddir}/libp11-%{version}
 find src/.libs -type f -name '*.so*' -exec strip '{}' ';'
+find examples -type f -name '*.o' -exec strip '{}' ';'
 strip examples/.libs/*
 popd
-
+strip %{buildroot}%{_libdir}/*.a
-%check
-make check ||:
-# strip %{_builddir}/libp11-%{version}/examples/.libs/lt-*
-#remove rpath files
-# chrpath -d %{_builddir}/libp11-%{version}/examples/.libs/lt-*
 
 %pre
 
@@ -72,7 +69,7 @@ make check ||:
 %doc NEWS
 %license COPYING
 %{_libdir}/*.so.*
-%{_libdir}/engines-3/*.so
+%{_libdir}/engines-1.1/*.so
 
 %files devel
 %defattr(-,root,root)
@@ -84,22 +81,6 @@ make check ||:
 %exclude %{_defaultdocdir}/libp11/*
 
 %changelog
-* Fri Nov  1 Wang Jinchao <wangjinchao@xfusion.com> - 0.4.12-3
-- Fix memory handling in slot refresh
-
-* Mon Feb 13 2023 zhouchenchen123 <zhouchenchen@huawei.com> - 0.4.12-2
-- fix obs build issue
-
-* Thu Feb 2 2023 zhouchenchen123 <zhouchenchen@huawei.com> - 0.4.12-1
-- update version to 1.20.1
-
-* Mon Jun 13 2022 fuanan <fuanan3@h-partners.com> - 0.4.11-4
-- remove rpath files of lt-auth and lt-listkeys
-- add openssl to BuildRequires for make check
-
-* Tue Mar 30 2021 lirui <lirui130@huawei.com> - 0.4.11-3
-- strip binary files
-
 * Tue Mar 30 2021 panxiaohe <panxiaohe@huawei.com> - 0.4.11-2
 - strip binary files