Package init

build-Call-va_end-always-when-leaving-the-function.patch

@@ -0,0 +1,79 @@
+From c76197ddbbd0c29adc2bceff2ee9f740f71d134d Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <dueno@redhat.com>
+Date: Tue, 16 Oct 2018 18:06:56 +0200
+Subject: [PATCH 04/36] build: Call va_end() always when leaving the function
+
+---
+ common/attrs.c  | 4 +++-
+ common/compat.c | 5 ++++-
+ common/path.c   | 5 ++++-
+ trust/parser.c  | 4 +++-
+ 4 files changed, 14 insertions(+), 4 deletions(-)
+
+diff --git a/common/attrs.c b/common/attrs.c
+index aa91891..a387a66 100644
+--- a/common/attrs.c
++++ b/common/attrs.c
+@@ -538,8 +538,10 @@ buffer_append_printf (p11_buffer *buffer,
+ 	va_list va;
+ 
+ 	va_start (va, format);
+-	if (vasprintf (&string, format, va) < 0)
++	if (vasprintf (&string, format, va) < 0) {
++		va_end (va);
+ 		return_if_reached ();
++	}
+ 	va_end (va);
+ 
+ 	p11_buffer_add (buffer, string, -1);
+diff --git a/common/compat.c b/common/compat.c
+index 5a9702d..48614fa 100644
+--- a/common/compat.c
++++ b/common/compat.c
+@@ -525,7 +525,10 @@ strconcat (const char *first,
+ 	for (arg = first; arg; arg = va_arg (va, const char*)) {
+ 		size_t old_length = length;
+ 		length += strlen (arg);
+-		return_val_if_fail (length >= old_length, NULL);
++		if (length < old_length) {
++			va_end (va);
++			return_val_if_reached (NULL);
++		}
+ 	}
+ 
+ 	va_end (va);
+diff --git a/common/path.c b/common/path.c
+index 5cf0e1a..17a6230 100644
+--- a/common/path.c
++++ b/common/path.c
+@@ -218,7 +218,10 @@ p11_path_build (const char *path,
+ 	while (path != NULL) {
+ 		size_t old_len = len;
+ 		len += strlen (path) + 1;
+-		return_val_if_fail (len >= old_len, NULL);
++		if (len < old_len) {
++			va_end (va);
++			return_val_if_reached (NULL);
++		}
+ 		path = va_arg (va, const char *);
+ 	}
+ 	va_end (va);
+diff --git a/trust/parser.c b/trust/parser.c
+index f92cdc9..e912c3a 100644
+--- a/trust/parser.c
++++ b/trust/parser.c
+@@ -697,8 +697,10 @@ p11_parser_formats (p11_parser *parser,
+ 		func = va_arg (va, parser_func);
+ 		if (func == NULL)
+ 			break;
+-		if (!p11_array_push (formats, func))
++		if (!p11_array_push (formats, func)) {
++			va_end (va);
+ 			return_if_reached ();
++		}
+ 	}
+ 	va_end (va);
+ 
+-- 
+2.19.1
+

debug-Work-around-cppcheck-false-positives.patch

@@ -0,0 +1,42 @@
+From 8a8db182af533a43b4d478d28af8623035475d68 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <dueno@redhat.com>
+Date: Tue, 16 Oct 2018 18:05:10 +0200
+Subject: [PATCH 03/36] debug: Work around cppcheck false-positives
+
+https://trac.cppcheck.net/ticket/8794
+---
+ common/debug.h | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/common/debug.h b/common/debug.h
+index 255c62c..7ea36f3 100644
+--- a/common/debug.h
++++ b/common/debug.h
+@@ -71,13 +71,13 @@ void              p11_debug_precond             (const char *format,
+ #endif
+ 
+ #define return_val_if_fail(x, v) \
+-	do { if (!(x)) { \
++	do { if (x) { } else {							\
+ 	     p11_debug_precond ("p11-kit: '%s' not true at %s\n", #x, __func__); \
+ 	     return v; \
+ 	} } while (false)
+ 
+ #define return_if_fail(x) \
+-	do { if (!(x)) { \
++	do { if (x) { } else {						\
+ 	     p11_debug_precond ("p11-kit: '%s' not true at %s\n", #x, __func__); \
+ 	     return; \
+ 	} } while (false)
+@@ -100,7 +100,7 @@ void              p11_debug_precond             (const char *format,
+ 	} while (false)
+ 
+ #define warn_if_fail(x) \
+-	do { if (!(x)) { \
++	do { if (x) { } else {						\
+ 	     p11_debug_precond ("p11-kit: '%s' not true at %s\n", #x, __func__); \
+ 	} } while (false)
+ 
+-- 
+2.19.1
+

modules-Fix-index-used-in-call-to-p11_dict_remove.patch

@@ -0,0 +1,31 @@
+From 793cc3b78f17bb5a3c151eba1144b73a5d51be3e Mon Sep 17 00:00:00 2001
+From: Simon Haggett <simon.haggett@gmail.com>
+Date: Tue, 12 Mar 2019 11:26:20 +0000
+Subject: [PATCH 36/36] modules: Fix index used in call to p11_dict_remove()
+
+This fixes a call to p11_dict_remove() in managed_steal_sessions_inlock() to use
+the correct index in the stolen array (i, rather than at). This avoids an
+assert, which was encountered on a host serving a PKCS#11 module to a remote
+Linux client.
+
+Signed-off-by: Simon Haggett <simon.haggett@gmail.com>
+---
+ p11-kit/modules.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/p11-kit/modules.c b/p11-kit/modules.c
+index 891ce4c..39e1fda 100644
+--- a/p11-kit/modules.c
++++ b/p11-kit/modules.c
+@@ -1647,7 +1647,7 @@ managed_steal_sessions_inlock (p11_dict *sessions,
+ 	/* Only removed some, go through and remove those */
+ 	} else {
+ 		for (i = 0; i < at; i++) {
+-			if (!p11_dict_remove (sessions, stolen + at))
++			if (!p11_dict_remove (sessions, stolen + i))
+ 				assert_not_reached ();
+ 		}
+ 	}
+-- 
+2.19.1
+

modules-check-gl.modules-before-iterates-on-it-when-.patch

@@ -0,0 +1,50 @@
+From 4a925177a81c2566d2a81a0a450607a5ff4d9048 Mon Sep 17 00:00:00 2001
+From: Stefano Garzarella <sgarzare@redhat.com>
+Date: Wed, 27 Feb 2019 12:25:20 +0100
+Subject: [PATCH 34/36] modules: check gl.modules before iterates on it when
+ freeing
+
+In some circumstances, as described in the BZ, can happen that
+free_modules_when_no_refs_unlocked() is called multiple times
+when the module destructor is invoked.
+We should check gl.modules before iterates on it in the
+free_modules_when_no_refs_unlocked() functions, to avoid
+a SIGSEGV.
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1680963
+---
+ p11-kit/modules.c | 18 ++++++++++--------
+ 1 file changed, 10 insertions(+), 8 deletions(-)
+
+diff --git a/p11-kit/modules.c b/p11-kit/modules.c
+index 0299eda..891ce4c 100644
+--- a/p11-kit/modules.c
++++ b/p11-kit/modules.c
+@@ -797,14 +797,16 @@ init_globals_unlocked (void)
+ static void
+ free_modules_when_no_refs_unlocked (void)
+ {
+-	Module *mod;
+-	p11_dictiter iter;
+-
+-	/* Check if any modules have a ref count */
+-	p11_dict_iterate (gl.modules, &iter);
+-	while (p11_dict_next (&iter, (void **)&mod, NULL)) {
+-		if (mod->ref_count)
+-			return;
++	if (gl.modules) {
++		Module *mod;
++		p11_dictiter iter;
++
++		/* Check if any modules have a ref count */
++		p11_dict_iterate (gl.modules, &iter);
++		while (p11_dict_next (&iter, (void **)&mod, NULL)) {
++			if (mod->ref_count)
++				return;
++		}
+ 	}
+ 
+ 	p11_dict_free (gl.unmanaged_by_funcs);
+-- 
+2.19.1
+

p11-kit-client.service

@@ -0,0 +1,11 @@
+[Unit]
+Description=p11-kit client
+
+[Service]
+Type=oneshot
+RemainAfterExit=true
+RuntimeDirectory=p11-kit
+ExecStart=/usr/bin/true
+
+[Install]
+WantedBy=default.target

p11-kit.spec

@@ -0,0 +1,133 @@
+Name:           p11-kit
+Version:	0.23.14
+Release:	2
+Summary:        Provides a way to load and enumerate PKCS#11 modules.
+License:        BSD
+URL:            http://p11-glue.freedesktop.org/p11-kit.html
+
+Source0:        %{name}-%{version}.tar.gz
+Source1:        trust-extract-compat
+Source2:        p11-kit-client.service
+
+Patch6001:	debug-Work-around-cppcheck-false-positives.patch
+Patch6002:	build-Call-va_end-always-when-leaving-the-function.patch
+Patch6003:	rpc-server-p11_kit_remote_serve_tokens-Fix-memleak.patch
+Patch6004:	rpc-server-Check-calloc-failure.patch
+Patch6005:	trust-Check-index-buckets-is-allocated-on-cleanup.patch
+Patch6006:	trust-Propagate-library-verbosity-to-module-through-.patch
+Patch6007:	trust-Fail-if-trust-anchors-are-not-loaded-from-a-fi.patch
+Patch6008:	trust-p11_token_load-Treat-parse-error-as-failure.patch
+Patch6009:	trust-Continue-parsing-if-the-file-cannot-be-read-as.patch
+Patch6010:	pem-Fix-assert-condition.patch
+Patch6011:	trust-Ignore-unreadable-content-in-anchors.patch
+Patch6012:	modules-check-gl.modules-before-iterates-on-it-when-.patch
+Patch6013:	modules-Fix-index-used-in-call-to-p11_dict_remove.patch
+
+BuildRequires:  gcc libtasn1-devel >= 2.3 libffi-devel gtk-doc systemd-devel pkgconfig(glib-2.0)
+
+%description
+Provides a way to load and enumerate PKCS#11 modules.
+Provides a standard configuration setup for installing
+PKCS#11 modules in such a way that they're discoverable.
+Also solves problems with coordinating the use of PKCS#11
+by different components or libraries living in the same process.
+
+Provides:	%{name}-server
+Obsoletes:	%{name}-server
+
+%package devel
+Summary:        Development files for %{name}
+Requires:       %{name} = %{version}-%{release}
+
+%description devel
+Provides header and libraries files for applications use %{name} to develop.
+
+%package trust
+Summary:        Trust policy module of %{name}
+Requires:       %{name} = %{version}-%{release}
+Conflicts:      nss < 3.14.3-9
+
+%description trust
+This package contains PKCS#11 trust policy module.
+
+%package help
+Summary:        Help infomation of %{name}
+Requires:       %{name} = %{version}-%{release}
+
+%description help
+This package contains help information of p11-kit.
+
+%prep
+%autosetup -p1
+
+%build
+%configure --enable-doc --with-trust-paths=/etc/pki/ca-trust/source:/usr/share/pki/ca-trust-source
+make -j 4 V=1
+
+%install
+make install DESTDIR=$RPM_BUILD_ROOT
+mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pkcs11/modules
+install -p -m 755 %{SOURCE1} $RPM_BUILD_ROOT%{_libexecdir}/p11-kit/
+install -p -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_userunitdir}
+find $RPM_BUILD_ROOT -type f -name "*.la" -delete -print
+
+%check
+make check
+
+%post -p /sbin/ldconfig
+
+%post trust
+%{_sbindir}/update-alternatives --install %{_libdir}/libnssckbi.so libnssckbi.so %{_libdir}/pkcs11/p11-kit-trust.so 30
+
+%postun -p /sbin/ldconfig
+
+%postun trust
+if [ $1 -eq 0 ]; then
+        %{_sbindir}/update-alternatives --remove libnssckbi.so %{_libdir}/pkcs11/p11-kit-trust.so
+fi
+ 
+%files
+%license COPYING
+%dir %{_libexecdir}/p11-kit
+%dir %{_sysconfdir}/pkcs11
+%dir %{_sysconfdir}/pkcs11/modules
+%dir %{_datadir}/p11-kit
+%dir %{_datadir}/p11-kit/modules
+%{_bindir}/p11-kit
+%{_libdir}/libp11-kit.so.*
+%{_libdir}/p11-kit-proxy.so
+%{_libdir}/pkcs11/p11-kit-client.so
+%{_libexecdir}/p11-kit/p11-kit-remote
+%{_libexecdir}/p11-kit/p11-kit-server
+%{_userunitdir}/p11-kit-client.service
+%{_userunitdir}/p11-kit-server.service
+%{_userunitdir}/p11-kit-server.socket
+
+%files help
+%doc AUTHORS NEWS README
+%doc p11-kit/pkcs11.conf.example
+%{_mandir}/man1/trust.1.gz
+%{_mandir}/man8/p11-kit.8.gz
+%{_mandir}/man5/pkcs11.conf.5.gz
+%{_sysconfdir}/pkcs11/pkcs11.conf.example
+
+%files devel
+%doc %{_datadir}/gtk-doc/
+%{_includedir}/p11-kit-1/
+%{_libdir}/libp11-kit.so
+%{_libdir}/pkgconfig/p11-kit-1.pc
+
+%files trust
+%{_bindir}/trust
+%dir %{_libdir}/pkcs11
+%ghost %{_libdir}/libnssckbi.so
+%{_libdir}/pkcs11/p11-kit-trust.so
+%{_datadir}/p11-kit/modules/p11-kit-trust.module
+%{_libexecdir}/p11-kit/trust-extract-compat
+
+%changelog
+* Fri Sep 27 2019 openEuler Buildteam <buildteam@openeuler.org> - 0.23.14-2
+- Correct patch number
+
+* Sat Sep 7 2019 openEuler Buildteam <buildteam@openeuler.org> - 0.23.14-1
+- Package init

pem-Fix-assert-condition.patch

@@ -0,0 +1,58 @@
+From f277a1469aef05d3542e8ae9fd3f5dbadbe12463 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <dueno@redhat.com>
+Date: Fri, 11 Jan 2019 10:35:16 +0100
+Subject: [PATCH 30/36] pem: Fix assert condition
+
+If the PEM header is "-----BEGIN -----", *type should be an empty
+string and the parser shouldn't fail.  Reported by Han Han in:
+https://bugzilla.redhat.com/show_bug.cgi?id=1665172
+---
+ trust/pem.c      |  2 +-
+ trust/test-pem.c | 18 ++++++++++++++++++
+ 2 files changed, 19 insertions(+), 1 deletion(-)
+
+diff --git a/trust/pem.c b/trust/pem.c
+index ce4f554..fae7dd6 100644
+--- a/trust/pem.c
++++ b/trust/pem.c
+@@ -84,7 +84,7 @@ pem_find_begin (const char *data,
+ 
+ 	if (type) {
+ 		pref += ARMOR_PREF_BEGIN_L;
+-		assert (suff > pref);
++		assert (suff >= pref);
+ 		*type = strndup (pref, suff - pref);
+ 		return_val_if_fail (*type != NULL, NULL);
+ 	}
+diff --git a/trust/test-pem.c b/trust/test-pem.c
+index 0c7d60a..6feff86 100644
+--- a/trust/test-pem.c
++++ b/trust/test-pem.c
+@@ -119,6 +119,24 @@ struct {
+ 	  }
+ 	},
+ 
++	{
++	  /* one block with empty type */
++	  "-----BEGIN -----\n"
++	  "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n"
++	  "-----END -----",
++	  {
++	    {
++	      "",
++	      "\x69\x83\x4d\x5e\xab\x21\x95\x5c\x42\x76\x8f\x10\x7c\xa7\x97\x87"
++	      "\x71\x94\xcd\xdf\xf2\x9f\x82\xd8\x21\x58\x10\xaf\x1e\x1a",
++	      30,
++	    },
++	    {
++	      NULL,
++	    }
++	  }
++	},
++
+ 	{
+ 	  NULL,
+ 	}
+-- 
+2.19.1
+

rpc-server-Check-calloc-failure.patch

@@ -0,0 +1,27 @@
+From 6417780ebbbbb0f01ddb001b239347655fb98578 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <dueno@redhat.com>
+Date: Wed, 17 Oct 2018 09:53:27 +0200
+Subject: [PATCH 11/36] rpc-server: Check calloc failure
+
+---
+ p11-kit/rpc-server.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/p11-kit/rpc-server.c b/p11-kit/rpc-server.c
+index 5b3dbf0..3216742 100644
+--- a/p11-kit/rpc-server.c
++++ b/p11-kit/rpc-server.c
+@@ -2219,6 +2219,10 @@ p11_kit_remote_serve_tokens (const char **tokens,
+ 		filter = p11_dict_get (filters, module);
+ 		if (filter == NULL) {
+ 			lower = calloc (1, sizeof (p11_virtual));
++			if (lower == NULL) {
++				error = ENOMEM;
++				goto out;
++			}
+ 			p11_virtual_init (lower, &p11_virtual_base, module, NULL);
+ 			filter = p11_filter_subclass (lower, NULL);
+ 			if (filter == NULL) {
+-- 
+2.19.1
+

rpc-server-p11_kit_remote_serve_tokens-Fix-memleak.patch

@@ -0,0 +1,28 @@
+From 1f78cb0b4dd193ec1f1b2b424a497a6c2edec043 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <dueno@redhat.com>
+Date: Tue, 16 Oct 2018 18:16:51 +0200
+Subject: [PATCH 08/36] rpc-server: p11_kit_remote_serve_tokens: Fix memleak
+
+---
+ p11-kit/rpc-server.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/p11-kit/rpc-server.c b/p11-kit/rpc-server.c
+index 3a8991d..5b3dbf0 100644
+--- a/p11-kit/rpc-server.c
++++ b/p11-kit/rpc-server.c
+@@ -2285,6 +2285,11 @@ p11_kit_remote_serve_tokens (const char **tokens,
+ 		p11_kit_modules_release (modules);
+ 	if (error != 0)
+ 		errno = error;
++	if (uris) {
++		for (i = 0; i < n_tokens; i++)
++			p11_kit_uri_free (uris[i]);
++		free (uris);
++	}
+ 
+ 	return ret;
+ }
+-- 
+2.19.1
+

trust-Check-index-buckets-is-allocated-on-cleanup.patch

@@ -0,0 +1,31 @@
+From 83e92c2f9575707083d8b0c70ef330e285d70836 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <dueno@redhat.com>
+Date: Wed, 17 Oct 2018 09:53:46 +0200
+Subject: [PATCH 12/36] trust: Check index->buckets is allocated on cleanup
+
+---
+ trust/index.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/trust/index.c b/trust/index.c
+index 6a8e535..2d1da29 100644
+--- a/trust/index.c
++++ b/trust/index.c
+@@ -193,9 +193,11 @@ p11_index_free (p11_index *index)
+ 
+ 	p11_dict_free (index->objects);
+ 	p11_dict_free (index->changes);
+-	for (i = 0; i < NUM_BUCKETS; i++)
+-		free (index->buckets[i].elem);
+-	free (index->buckets);
++	if (index->buckets) {
++		for (i = 0; i < NUM_BUCKETS; i++)
++			free (index->buckets[i].elem);
++		free (index->buckets);
++	}
+ 	free (index);
+ }
+ 
+-- 
+2.19.1
+

trust-Continue-parsing-if-the-file-cannot-be-read-as.patch

@@ -0,0 +1,29 @@
+From 5e6a92b67ddade14a54769b05cc717043bc56b78 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <dueno@redhat.com>
+Date: Tue, 25 Dec 2018 08:32:19 +0100
+Subject: [PATCH 27/36] trust: Continue parsing if the file cannot be read as
+ persist format
+
+A corrupted file that contains "[p11-kit-object-v1]" can be a valid
+PEM certs file.  Continue with the next format if it cannot be read as
+a persistent format.
+---
+ trust/parser.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/trust/parser.c b/trust/parser.c
+index e912c3a..e84e47c 100644
+--- a/trust/parser.c
++++ b/trust/parser.c
+@@ -639,7 +639,7 @@ p11_parser_format_persist (p11_parser *parser,
+ 	}
+ 
+ 	p11_array_free (objects);
+-	return ret ? P11_PARSE_SUCCESS : P11_PARSE_FAILURE;
++	return ret ? P11_PARSE_SUCCESS : P11_PARSE_UNRECOGNIZED;
+ }
+ 
+ p11_parser *
+-- 
+2.19.1
+

trust-Fail-if-trust-anchors-are-not-loaded-from-a-fi.patch

@@ -0,0 +1,69 @@
+From eb503f3a1467f21a5ecc9ae84ae23b216afc102f Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <dueno@redhat.com>
+Date: Tue, 25 Dec 2018 07:32:01 +0100
+Subject: [PATCH 25/36] trust: Fail if trust anchors are not loaded from a file
+
+If the trust path is a file, treat parse error as fatal and abort the
+C_FindObjectsInit call.
+---
+ trust/module.c | 11 ++++++++---
+ trust/token.c  |  6 +++---
+ 2 files changed, 11 insertions(+), 6 deletions(-)
+
+diff --git a/trust/module.c b/trust/module.c
+index 0c16a39..1722340 100644
+--- a/trust/module.c
++++ b/trust/module.c
+@@ -1198,11 +1198,16 @@ sys_C_FindObjectsInit (CK_SESSION_HANDLE handle,
+ 				indices[n++] = session->index;
+ 			if (want_token_objects) {
+ 				if (!session->loaded)
+-					p11_token_load (session->token);
+-				session->loaded = CK_TRUE;
+-				indices[n++] = p11_token_index (session->token);
++					if (p11_token_load (session->token) < 0)
++						rv = CKR_FUNCTION_FAILED;
++				if (rv == CKR_OK) {
++					session->loaded = CK_TRUE;
++					indices[n++] = p11_token_index (session->token);
++				}
+ 			}
++		}
+ 
++		if (rv == CKR_OK) {
+ 			find = calloc (1, sizeof (FindObjects));
+ 			warn_if_fail (find != NULL);
+ 
+diff --git a/trust/token.c b/trust/token.c
+index fd3b043..030c17b 100644
+--- a/trust/token.c
++++ b/trust/token.c
+@@ -196,14 +196,14 @@ loader_load_file (p11_token *token,
+ 	default:
+ 		p11_debug ("failed to parse: %s", filename);
+ 		loader_gone_file (token, filename);
+-		return 0;
++		return -1;
+ 	}
+ 
+ 	/* Update each parsed object with the origin */
+ 	parsed = p11_parser_parsed (token->parser);
+ 	for (i = 0; i < parsed->num; i++) {
+ 		parsed->elem[i] = p11_attrs_build (parsed->elem[i], origin, NULL);
+-		return_val_if_fail (parsed->elem[i] != NULL, 0);
++		return_val_if_fail (parsed->elem[i] != NULL, -1);
+ 	}
+ 
+ 	p11_index_load (token->index);
+@@ -215,7 +215,7 @@ loader_load_file (p11_token *token,
+ 
+ 	if (rv != CKR_OK) {
+ 		p11_message ("couldn't load file into objects: %s", filename);
+-		return 0;
++		return -1;
+ 	}
+ 
+ 	loader_was_loaded (token, filename, sb);
+-- 
+2.19.1
+

trust-Ignore-unreadable-content-in-anchors.patch

@@ -0,0 +1,181 @@
+From e2170b295992cb7fdf115227a78028ac3780619f Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <dueno@redhat.com>
+Date: Mon, 18 Feb 2019 14:53:49 +0100
+Subject: [PATCH 33/36] trust: Ignore unreadable content in anchors
+
+This amends eb503f3a1467f21a5ecc9ae84ae23b216afc102f.  Instead of
+failing C_FindObjectsInit, treat any errors internally and accumulates
+the successfully loaded certificates.
+
+Reported by Andrej Kvasnica in:
+https://bugzilla.redhat.com/show_bug.cgi?id=1675441
+---
+ trust/module.c      |  3 +-
+ trust/test-module.c | 77 +++++++++++++++++++++++++++++++++++++++++++++
+ trust/token.c       | 23 ++++++--------
+ 3 files changed, 88 insertions(+), 15 deletions(-)
+
+diff --git a/trust/module.c b/trust/module.c
+index 1722340..ec3333d 100644
+--- a/trust/module.c
++++ b/trust/module.c
+@@ -1198,8 +1198,7 @@ sys_C_FindObjectsInit (CK_SESSION_HANDLE handle,
+ 				indices[n++] = session->index;
+ 			if (want_token_objects) {
+ 				if (!session->loaded)
+-					if (p11_token_load (session->token) < 0)
+-						rv = CKR_FUNCTION_FAILED;
++					p11_token_load (session->token);
+ 				if (rv == CKR_OK) {
+ 					session->loaded = CK_TRUE;
+ 					indices[n++] = p11_token_index (session->token);
+diff --git a/trust/test-module.c b/trust/test-module.c
+index 1e8d812..4024d81 100644
+--- a/trust/test-module.c
++++ b/trust/test-module.c
+@@ -163,6 +163,80 @@ setup_writable (void *unused)
+ 	p11_parser_formats (test.parser, p11_parser_format_persist, NULL);
+ }
+ 
++/* This is similar to setup(), but it adds an unreadable content in
++ * the anchor directory. */
++static void
++setup_unreadable (void *unused)
++{
++	CK_C_INITIALIZE_ARGS args;
++	const char *paths;
++	char *p, *pp, *anchors;
++	FILE *f, *ff;
++	char buffer[4096];
++	char *arguments;
++	CK_ULONG count;
++	CK_RV rv;
++
++	memset (&test, 0, sizeof (test));
++
++	/* This is the entry point of the trust module, linked to this test */
++	rv = C_GetFunctionList (&test.module);
++	assert (rv == CKR_OK);
++
++	test.directory = p11_test_directory ("test-module");
++	anchors = p11_path_build (test.directory, "anchors", NULL);
++#ifdef OS_UNIX
++	if (mkdir (anchors, S_IRWXU) < 0)
++#else
++	if (mkdir (anchors) < 0)
++#endif
++		assert_fail ("mkdir()", anchors);
++
++	p = p11_path_build (anchors, "unreadable", NULL);
++	f = fopen (p, "w");
++	fwrite ("foo", 3, 1, f);
++	fclose (f);
++	chmod (p, 0);
++	free (p);
++
++	pp = p11_path_build (anchors, "thawte", NULL);
++	ff = fopen (pp, "w");
++	f = fopen (SRCDIR "/trust/fixtures/thawte.pem", "r");
++	while (!feof (f)) {
++		size_t size;
++		size = fread (buffer, 1, sizeof (buffer), f);
++		if (ferror (f))
++			assert_fail ("fread()",
++				     SRCDIR "/trust/fixtures/thawte.pem");
++		fwrite (buffer, 1, size, ff);
++		if (ferror (ff))
++			assert_fail ("write()", pp);
++	}
++	free (pp);
++	fclose (ff);
++	fclose (f);
++	free (anchors);
++
++	memset (&args, 0, sizeof (args));
++	paths = SRCDIR "/trust/input" P11_PATH_SEP \
++		SRCDIR "/trust/fixtures/self-signed-with-ku.der";
++	if (asprintf (&arguments, "paths='%s%c%s'",
++		      paths, P11_PATH_SEP_C, test.directory) < 0)
++		assert (false && "not reached");
++	args.pReserved = arguments;
++	args.flags = CKF_OS_LOCKING_OK;
++
++	rv = test.module->C_Initialize (&args);
++	assert (rv == CKR_OK);
++
++	free (arguments);
++
++	count = NUM_SLOTS;
++	rv = test.module->C_GetSlotList (CK_TRUE, test.slots, &count);
++	assert (rv == CKR_OK);
++	assert (count == NUM_SLOTS);
++}
++
+ static void
+ test_get_slot_list (void)
+ {
+@@ -1324,5 +1398,8 @@ main (int argc,
+ 	p11_fixture (NULL, NULL);
+ 	p11_test (test_token_write_protected, "/module/token-write-protected");
+ 
++	p11_fixture (setup_unreadable, teardown);
++	p11_test (test_find_certificates, "/module/unreadable");
++
+ 	return p11_test_run (argc, argv);
+ }
+diff --git a/trust/token.c b/trust/token.c
+index b91a1d0..8c75d06 100644
+--- a/trust/token.c
++++ b/trust/token.c
+@@ -266,8 +266,8 @@ loader_load_directory (p11_token *token,
+ 		return_val_if_fail (path != NULL, -1);
+ 
+ 		ret = loader_load_if_file (token, path);
+-		return_val_if_fail (ret >=0, -1);
+-		total += ret;
++		if (ret >= 0)
++			total += ret;
+ 
+ 		/* Make note that this file was seen */
+ 		p11_dict_remove (present, path);
+@@ -328,8 +328,8 @@ loader_load_path (p11_token *token,
+ 			p11_dict_iterate (present, &iter);
+ 			while (p11_dict_next (&iter, (void **)&filename, NULL)) {
+ 				ret = loader_load_if_file (token, filename);
+-				return_val_if_fail (ret >= 0, ret);
+-				total += ret;
++				if (ret >= 0)
++					total += ret;
+ 			}
+ 		}
+ 
+@@ -377,20 +377,17 @@ p11_token_load (p11_token *token)
+ 	int ret;
+ 
+ 	ret = loader_load_path (token, token->path, &is_dir);
+-	if (ret < 0)
+-		return -1;
+-	total += ret;
++	if (ret >= 0)
++		total += ret;
+ 
+ 	if (is_dir) {
+ 		ret = loader_load_path (token, token->anchors, &is_dir);
+-		if (ret < 0)
+-			return -1;
+-		total += ret;
++		if (ret >= 0)
++			total += ret;
+ 
+ 		ret = loader_load_path (token, token->blacklist, &is_dir);
+-		if (ret < 0)
+-			return -1;
+-		total += ret;
++		if (ret >= 0)
++			total += ret;
+ 	}
+ 
+ 	return total;
+-- 
+2.19.1
+

trust-Propagate-library-verbosity-to-module-through-.patch

@@ -0,0 +1,222 @@
+From 0dd62395788ae566d3adef967611bce214a04435 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <dueno@redhat.com>
+Date: Sun, 23 Dec 2018 14:11:00 +0100
+Subject: [PATCH 24/36] trust: Propagate library verbosity to module through
+ init_args
+
+Previously, even when the -v option is used with the 'trust' command,
+the messages from p11-kit-trust.so module were suppressed because the
+verbosity setting is not propagated to the module.
+---
+ common/message.c           |  8 ++++----
+ p11-kit/modules.c          | 29 +++++++++++++++++++++++------
+ p11-kit/p11-kit.h          |  3 ++-
+ trust/enumerate.c          | 11 +++++++++--
+ trust/module.c             |  5 +++++
+ trust/p11-kit-trust.module |  4 ++++
+ 6 files changed, 47 insertions(+), 13 deletions(-)
+
+diff --git a/common/message.c b/common/message.c
+index f9d4f57..e439def 100644
+--- a/common/message.c
++++ b/common/message.c
+@@ -58,7 +58,7 @@
+ #include <stdio.h>
+ #include <string.h>
+ 
+-static bool print_messages = false;
++bool p11_print_messages = false;
+ 
+ #ifdef HAVE_STRERROR_L
+ locale_t p11_message_locale = (locale_t) 0;
+@@ -148,7 +148,7 @@ p11_message (const char* msg,
+ 	buffer[length] = 0;
+ 
+ 	/* If printing is not disabled, just print out */
+-	if (print_messages)
++	if (p11_print_messages)
+ 		fprintf (stderr, "p11-kit: %s\n", buffer);
+ 	else
+ 		p11_debug_message (P11_DEBUG_LIB, "message: %s", buffer);
+@@ -158,13 +158,13 @@ p11_message (const char* msg,
+ void
+ p11_message_quiet (void)
+ {
+-	print_messages = false;
++	p11_print_messages = false;
+ }
+ 
+ void
+ p11_message_loud (void)
+ {
+-	print_messages = true;
++	p11_print_messages = true;
+ }
+ 
+ const char *
+diff --git a/p11-kit/modules.c b/p11-kit/modules.c
+index cfc4daf..0299eda 100644
+--- a/p11-kit/modules.c
++++ b/p11-kit/modules.c
+@@ -306,6 +306,7 @@ free_module_unlocked (void *data)
+ 	p11_dict_free (mod->config);
+ 	free (mod->name);
+ 	free (mod->filename);
++	free (mod->init_args.pReserved);
+ 	free (mod);
+ }
+ 
+@@ -550,10 +551,12 @@ is_module_enabled_unlocked (const char *name,
+ static CK_RV
+ take_config_and_load_module_inlock (char **name,
+                                     p11_dict **config,
+-                                    bool critical)
++                                    bool critical,
++                                    bool verbose)
+ {
+ 	const char *filename = NULL;
+ 	const char *remote = NULL;
++	char *init_reserved = NULL;
+ 	CK_RV rv = CKR_OK;
+ 	Module *mod;
+ 
+@@ -591,7 +594,19 @@ take_config_and_load_module_inlock (char **name,
+ 	 * 'x-init-reserved' setting in the config. This only works with specific
+ 	 * PKCS#11 modules, and is non-standard use of that field.
+ 	 */
+-	mod->init_args.pReserved = p11_dict_get (*config, "x-init-reserved");
++	init_reserved = p11_dict_get (*config, "x-init-reserved");
++	if (init_reserved) {
++		if (verbose) {
++			init_reserved = strconcat (init_reserved, " verbose=yes", NULL);
++		} else {
++			init_reserved = strdup (init_reserved);
++		}
++		if (init_reserved == NULL) {
++			rv = CKR_HOST_MEMORY;
++			goto out;
++		}
++	}
++	mod->init_args.pReserved = init_reserved;
+ 
+ 	/* Take ownership of thes evariables */
+ 	p11_dict_free (mod->config);
+@@ -607,7 +622,7 @@ out:
+ }
+ 
+ static CK_RV
+-load_registered_modules_unlocked (void)
++load_registered_modules_unlocked (int flags)
+ {
+ 	p11_dictiter iter;
+ 	p11_dict *configs;
+@@ -617,6 +632,7 @@ load_registered_modules_unlocked (void)
+ 	int mode;
+ 	CK_RV rv;
+ 	bool critical;
++	bool verbose;
+ 
+ 	if (gl.config)
+ 		return CKR_OK;
+@@ -652,7 +668,8 @@ load_registered_modules_unlocked (void)
+ 
+ 		/* Is this a critical module, should abort loading of others? */
+ 		critical = _p11_conf_parse_boolean (p11_dict_get (config, "critical"), false);
+-		rv = take_config_and_load_module_inlock (&name, &config, critical);
++		verbose = (flags & P11_KIT_MODULE_VERBOSE) != 0;
++		rv = take_config_and_load_module_inlock (&name, &config, critical, verbose);
+ 
+ 		/*
+ 		 * These variables will be cleared if ownership is transeferred
+@@ -858,7 +875,7 @@ initialize_registered_inlock_reentrant (void)
+ 	if (rv != CKR_OK)
+ 		return rv;
+ 
+-	rv = load_registered_modules_unlocked ();
++	rv = load_registered_modules_unlocked (0);
+ 	if (rv == CKR_OK) {
+ 		p11_dict_iterate (gl.unmanaged_by_funcs, &iter);
+ 		while (rv == CKR_OK && p11_dict_next (&iter, NULL, (void **)&mod)) {
+@@ -1955,7 +1972,7 @@ p11_modules_load_inlock_reentrant (int flags,
+ 	if (rv != CKR_OK)
+ 		return rv;
+ 
+-	rv = load_registered_modules_unlocked ();
++	rv = load_registered_modules_unlocked (flags);
+ 	if (rv != CKR_OK)
+ 		return rv;
+ 
+diff --git a/p11-kit/p11-kit.h b/p11-kit/p11-kit.h
+index abf618b..cc89595 100644
+--- a/p11-kit/p11-kit.h
++++ b/p11-kit/p11-kit.h
+@@ -57,7 +57,8 @@ enum {
+ 	P11_KIT_MODULE_UNMANAGED = 1 << 0,
+ 	P11_KIT_MODULE_CRITICAL = 1 << 1,
+ 	P11_KIT_MODULE_TRUSTED = 1 << 2,
+-	P11_KIT_MODULE_MASK = (1 << 3) - 1
++	P11_KIT_MODULE_VERBOSE = 1 << 3,
++	P11_KIT_MODULE_MASK = (1 << 4) - 1
+ };
+ 
+ typedef void        (* p11_kit_destroyer)                   (void *data);
+diff --git a/trust/enumerate.c b/trust/enumerate.c
+index e197765..0cef089 100644
+--- a/trust/enumerate.c
++++ b/trust/enumerate.c
+@@ -674,6 +674,8 @@ p11_enumerate_opt_purpose (p11_enumerate *ex,
+ 	return true;
+ }
+ 
++extern bool p11_print_messages;
++
+ bool
+ p11_enumerate_ready (p11_enumerate *ex,
+                      const char *def_filter)
+@@ -687,8 +689,13 @@ p11_enumerate_ready (p11_enumerate *ex,
+ 	 * We only "believe" the CKA_TRUSTED and CKA_X_DISTRUSTED attributes
+ 	 * we get from modules explicitly marked as containing trust-policy.
+ 	 */
+-	if (!ex->modules)
+-		ex->modules = p11_kit_modules_load_and_initialize (P11_KIT_MODULE_TRUSTED);
++	if (!ex->modules) {
++		int flags = P11_KIT_MODULE_TRUSTED;
++		if (p11_print_messages)
++			flags |= P11_KIT_MODULE_VERBOSE;
++
++		ex->modules = p11_kit_modules_load_and_initialize (flags);
++	}
+ 	if (!ex->modules)
+ 		return false;
+ 	if (ex->modules[0] == NULL)
+diff --git a/trust/module.c b/trust/module.c
+index 24cda87..0c16a39 100644
+--- a/trust/module.c
++++ b/trust/module.c
+@@ -287,6 +287,11 @@ parse_argument (char *arg,
+ 		free (gl.paths);
+ 		gl.paths = value ? strdup (value) : NULL;
+ 
++	} else if (strcmp (arg, "verbose") == 0) {
++		if (strcmp (value, "yes") == 0)
++			p11_message_loud ();
++		else if (strcmp (value, "no") == 0)
++			p11_message_quiet ();
+ 	} else {
+ 		p11_message ("unrecognized module argument: %s", arg);
+ 	}
+diff --git a/trust/p11-kit-trust.module b/trust/p11-kit-trust.module
+index 72122c3..a2a3306 100644
+--- a/trust/p11-kit-trust.module
++++ b/trust/p11-kit-trust.module
+@@ -18,3 +18,7 @@ x-trust-lookup: pkcs11:library-description=PKCS%2311%20Kit%20Trust%20Module
+ 
+ # Prevent this module being loaded by the proxy module
+ disable-in: p11-kit-proxy
++
++# This will be overwritten by appending "verbose=yes", if the trust
++# command is called with the -v option.
++x-init-reserved:
+-- 
+2.19.1
+

trust-extract-compat

@@ -0,0 +1,20 @@
+#!/bin/sh
+
+# This script is a placeholder designed to be replaced when this software
+# has been customized for distribution. It should be symlinked linked to the
+# distribution's update-ca-certificates or update-ca-trust command as
+# appropriate. In the future this script will be called when the PKCS#11
+# trust module is used to modify trust anchors and related data.
+
+if [ $# -ne 0 ]; then
+	echo "usage: trust extract-compat" >&2
+	exit 2
+fi
+
+uid=$(id -u)
+if [ "$uid" != 0 ]; then
+        echo "trust: running as non-root user: skip extracting compat bundles" >&2
+        exit 0
+fi
+
+exec /usr/bin/update-ca-trust

trust-p11_token_load-Treat-parse-error-as-failure.patch

@@ -0,0 +1,42 @@
+From 4aa6ef9e82f6bb14746a47a7d56789d5e982a1f5 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <dueno@redhat.com>
+Date: Tue, 25 Dec 2018 07:38:26 +0100
+Subject: [PATCH 26/36] trust: p11_token_load: Treat parse error as failure
+
+Those conditions can happen when the trust file is corrupted, so it
+makes more sense to treat them as a failure instead of programmer
+error.
+---
+ trust/token.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/trust/token.c b/trust/token.c
+index 030c17b..b91a1d0 100644
+--- a/trust/token.c
++++ b/trust/token.c
+@@ -377,16 +377,19 @@ p11_token_load (p11_token *token)
+ 	int ret;
+ 
+ 	ret = loader_load_path (token, token->path, &is_dir);
+-	return_val_if_fail (ret >= 0, -1);
++	if (ret < 0)
++		return -1;
+ 	total += ret;
+ 
+ 	if (is_dir) {
+ 		ret = loader_load_path (token, token->anchors, &is_dir);
+-		return_val_if_fail (ret >= 0, -1);
++		if (ret < 0)
++			return -1;
+ 		total += ret;
+ 
+ 		ret = loader_load_path (token, token->blacklist, &is_dir);
+-		return_val_if_fail (ret >= 0, -1);
++		if (ret < 0)
++			return -1;
+ 		total += ret;
+ 	}
+ 
+-- 
+2.19.1
+