diff --git a/build-Call-va_end-always-when-leaving-the-function.patch b/build-Call-va_end-always-when-leaving-the-function.patch deleted file mode 100644 index 6e2befa..0000000 --- a/build-Call-va_end-always-when-leaving-the-function.patch +++ /dev/null @@ -1,79 +0,0 @@ -From c76197ddbbd0c29adc2bceff2ee9f740f71d134d Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Tue, 16 Oct 2018 18:06:56 +0200 -Subject: [PATCH 04/36] build: Call va_end() always when leaving the function - ---- - common/attrs.c | 4 +++- - common/compat.c | 5 ++++- - common/path.c | 5 ++++- - trust/parser.c | 4 +++- - 4 files changed, 14 insertions(+), 4 deletions(-) - -diff --git a/common/attrs.c b/common/attrs.c -index aa91891..a387a66 100644 ---- a/common/attrs.c -+++ b/common/attrs.c -@@ -538,8 +538,10 @@ buffer_append_printf (p11_buffer *buffer, - va_list va; - - va_start (va, format); -- if (vasprintf (&string, format, va) < 0) -+ if (vasprintf (&string, format, va) < 0) { -+ va_end (va); - return_if_reached (); -+ } - va_end (va); - - p11_buffer_add (buffer, string, -1); -diff --git a/common/compat.c b/common/compat.c -index 5a9702d..48614fa 100644 ---- a/common/compat.c -+++ b/common/compat.c -@@ -525,7 +525,10 @@ strconcat (const char *first, - for (arg = first; arg; arg = va_arg (va, const char*)) { - size_t old_length = length; - length += strlen (arg); -- return_val_if_fail (length >= old_length, NULL); -+ if (length < old_length) { -+ va_end (va); -+ return_val_if_reached (NULL); -+ } - } - - va_end (va); -diff --git a/common/path.c b/common/path.c -index 5cf0e1a..17a6230 100644 ---- a/common/path.c -+++ b/common/path.c -@@ -218,7 +218,10 @@ p11_path_build (const char *path, - while (path != NULL) { - size_t old_len = len; - len += strlen (path) + 1; -- return_val_if_fail (len >= old_len, NULL); -+ if (len < old_len) { -+ va_end (va); -+ return_val_if_reached (NULL); -+ } - path = va_arg (va, const char *); - } - va_end (va); -diff --git a/trust/parser.c b/trust/parser.c -index f92cdc9..e912c3a 100644 ---- a/trust/parser.c -+++ b/trust/parser.c -@@ -697,8 +697,10 @@ p11_parser_formats (p11_parser *parser, - func = va_arg (va, parser_func); - if (func == NULL) - break; -- if (!p11_array_push (formats, func)) -+ if (!p11_array_push (formats, func)) { -+ va_end (va); - return_if_reached (); -+ } - } - va_end (va); - --- -2.19.1 - diff --git a/debug-Work-around-cppcheck-false-positives.patch b/debug-Work-around-cppcheck-false-positives.patch deleted file mode 100644 index 1863422..0000000 --- a/debug-Work-around-cppcheck-false-positives.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 8a8db182af533a43b4d478d28af8623035475d68 Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Tue, 16 Oct 2018 18:05:10 +0200 -Subject: [PATCH 03/36] debug: Work around cppcheck false-positives - -https://trac.cppcheck.net/ticket/8794 ---- - common/debug.h | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/common/debug.h b/common/debug.h -index 255c62c..7ea36f3 100644 ---- a/common/debug.h -+++ b/common/debug.h -@@ -71,13 +71,13 @@ void p11_debug_precond (const char *format, - #endif - - #define return_val_if_fail(x, v) \ -- do { if (!(x)) { \ -+ do { if (x) { } else { \ - p11_debug_precond ("p11-kit: '%s' not true at %s\n", #x, __func__); \ - return v; \ - } } while (false) - - #define return_if_fail(x) \ -- do { if (!(x)) { \ -+ do { if (x) { } else { \ - p11_debug_precond ("p11-kit: '%s' not true at %s\n", #x, __func__); \ - return; \ - } } while (false) -@@ -100,7 +100,7 @@ void p11_debug_precond (const char *format, - } while (false) - - #define warn_if_fail(x) \ -- do { if (!(x)) { \ -+ do { if (x) { } else { \ - p11_debug_precond ("p11-kit: '%s' not true at %s\n", #x, __func__); \ - } } while (false) - --- -2.19.1 - diff --git a/modules-Fix-index-used-in-call-to-p11_dict_remove.patch b/modules-Fix-index-used-in-call-to-p11_dict_remove.patch deleted file mode 100644 index df65ef1..0000000 --- a/modules-Fix-index-used-in-call-to-p11_dict_remove.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 793cc3b78f17bb5a3c151eba1144b73a5d51be3e Mon Sep 17 00:00:00 2001 -From: Simon Haggett -Date: Tue, 12 Mar 2019 11:26:20 +0000 -Subject: [PATCH 36/36] modules: Fix index used in call to p11_dict_remove() - -This fixes a call to p11_dict_remove() in managed_steal_sessions_inlock() to use -the correct index in the stolen array (i, rather than at). This avoids an -assert, which was encountered on a host serving a PKCS#11 module to a remote -Linux client. - -Signed-off-by: Simon Haggett ---- - p11-kit/modules.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/p11-kit/modules.c b/p11-kit/modules.c -index 891ce4c..39e1fda 100644 ---- a/p11-kit/modules.c -+++ b/p11-kit/modules.c -@@ -1647,7 +1647,7 @@ managed_steal_sessions_inlock (p11_dict *sessions, - /* Only removed some, go through and remove those */ - } else { - for (i = 0; i < at; i++) { -- if (!p11_dict_remove (sessions, stolen + at)) -+ if (!p11_dict_remove (sessions, stolen + i)) - assert_not_reached (); - } - } --- -2.19.1 - diff --git a/modules-check-gl.modules-before-iterates-on-it-when-.patch b/modules-check-gl.modules-before-iterates-on-it-when-.patch deleted file mode 100644 index 38c5c28..0000000 --- a/modules-check-gl.modules-before-iterates-on-it-when-.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 4a925177a81c2566d2a81a0a450607a5ff4d9048 Mon Sep 17 00:00:00 2001 -From: Stefano Garzarella -Date: Wed, 27 Feb 2019 12:25:20 +0100 -Subject: [PATCH 34/36] modules: check gl.modules before iterates on it when - freeing - -In some circumstances, as described in the BZ, can happen that -free_modules_when_no_refs_unlocked() is called multiple times -when the module destructor is invoked. -We should check gl.modules before iterates on it in the -free_modules_when_no_refs_unlocked() functions, to avoid -a SIGSEGV. - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1680963 ---- - p11-kit/modules.c | 18 ++++++++++-------- - 1 file changed, 10 insertions(+), 8 deletions(-) - -diff --git a/p11-kit/modules.c b/p11-kit/modules.c -index 0299eda..891ce4c 100644 ---- a/p11-kit/modules.c -+++ b/p11-kit/modules.c -@@ -797,14 +797,16 @@ init_globals_unlocked (void) - static void - free_modules_when_no_refs_unlocked (void) - { -- Module *mod; -- p11_dictiter iter; -- -- /* Check if any modules have a ref count */ -- p11_dict_iterate (gl.modules, &iter); -- while (p11_dict_next (&iter, (void **)&mod, NULL)) { -- if (mod->ref_count) -- return; -+ if (gl.modules) { -+ Module *mod; -+ p11_dictiter iter; -+ -+ /* Check if any modules have a ref count */ -+ p11_dict_iterate (gl.modules, &iter); -+ while (p11_dict_next (&iter, (void **)&mod, NULL)) { -+ if (mod->ref_count) -+ return; -+ } - } - - p11_dict_free (gl.unmanaged_by_funcs); --- -2.19.1 - diff --git a/p11-kit-0.23.14.tar.gz b/p11-kit-0.23.14.tar.gz deleted file mode 100644 index 0e68c9a..0000000 Binary files a/p11-kit-0.23.14.tar.gz and /dev/null differ diff --git a/p11-kit-0.23.20.tar.xz b/p11-kit-0.23.20.tar.xz new file mode 100644 index 0000000..5275a84 Binary files /dev/null and b/p11-kit-0.23.20.tar.xz differ diff --git a/p11-kit.spec b/p11-kit.spec index 0bffdca..ae572f8 100644 --- a/p11-kit.spec +++ b/p11-kit.spec @@ -1,29 +1,15 @@ Name: p11-kit -Version: 0.23.14 -Release: 6 +Version: 0.23.20 +Release: 1 Summary: Provides a way to load and enumerate PKCS#11 modules. License: BSD URL: http://p11-glue.freedesktop.org/p11-kit.html -Source0: https://github.com/p11-glue/p11-kit/releases/download/%{version}//%{name}-%{version}.tar.gz +Source0: https://github.com/p11-glue/p11-kit/releases/download/%{version}/%{name}-%{version}.tar.xz Source1: p11-kit-client.service -Patch6001: debug-Work-around-cppcheck-false-positives.patch -Patch6002: build-Call-va_end-always-when-leaving-the-function.patch -Patch6003: rpc-server-p11_kit_remote_serve_tokens-Fix-memleak.patch -Patch6004: rpc-server-Check-calloc-failure.patch -Patch6005: trust-Check-index-buckets-is-allocated-on-cleanup.patch -Patch6006: trust-Propagate-library-verbosity-to-module-through-.patch -Patch6007: trust-Fail-if-trust-anchors-are-not-loaded-from-a-fi.patch -Patch6008: trust-p11_token_load-Treat-parse-error-as-failure.patch -Patch6009: trust-Continue-parsing-if-the-file-cannot-be-read-as.patch -Patch6010: pem-Fix-assert-condition.patch -Patch6011: trust-Ignore-unreadable-content-in-anchors.patch -Patch6012: modules-check-gl.modules-before-iterates-on-it-when-.patch -Patch6013: modules-Fix-index-used-in-call-to-p11_dict_remove.patch - BuildRequires: gcc libtasn1-devel >= 2.3 libffi-devel gtk-doc systemd-devel pkgconfig(glib-2.0) libxslt - +BuildRequires: bash-completion Provides: p11-kit-server = %{version}-%{release} Obsoletes: p11-kit-server < %{version}-%{release} @@ -109,6 +95,7 @@ fi %{_userunitdir}/p11-kit-client.service %{_userunitdir}/p11-kit-server.service %{_userunitdir}/p11-kit-server.socket +%{_datadir}/bash-completion/completions/p11-kit %files help %doc AUTHORS NEWS README @@ -131,8 +118,12 @@ fi %{_libdir}/pkcs11/p11-kit-trust.so %{_datadir}/p11-kit/modules/p11-kit-trust.module %{_libexecdir}/p11-kit/trust-extract-compat +%{_datadir}/bash-completion/completions/trust %changelog +* Mon Jul 27 2020 Liquor - 0.23.20-1 +- update to 0.23.20 + * Fri Jan 10 2020 openEuler Buildteam - 0.23.14-6 - delete unused file diff --git a/pem-Fix-assert-condition.patch b/pem-Fix-assert-condition.patch deleted file mode 100644 index 46b8a45..0000000 --- a/pem-Fix-assert-condition.patch +++ /dev/null @@ -1,58 +0,0 @@ -From f277a1469aef05d3542e8ae9fd3f5dbadbe12463 Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Fri, 11 Jan 2019 10:35:16 +0100 -Subject: [PATCH 30/36] pem: Fix assert condition - -If the PEM header is "-----BEGIN -----", *type should be an empty -string and the parser shouldn't fail. Reported by Han Han in: -https://bugzilla.redhat.com/show_bug.cgi?id=1665172 ---- - trust/pem.c | 2 +- - trust/test-pem.c | 18 ++++++++++++++++++ - 2 files changed, 19 insertions(+), 1 deletion(-) - -diff --git a/trust/pem.c b/trust/pem.c -index ce4f554..fae7dd6 100644 ---- a/trust/pem.c -+++ b/trust/pem.c -@@ -84,7 +84,7 @@ pem_find_begin (const char *data, - - if (type) { - pref += ARMOR_PREF_BEGIN_L; -- assert (suff > pref); -+ assert (suff >= pref); - *type = strndup (pref, suff - pref); - return_val_if_fail (*type != NULL, NULL); - } -diff --git a/trust/test-pem.c b/trust/test-pem.c -index 0c7d60a..6feff86 100644 ---- a/trust/test-pem.c -+++ b/trust/test-pem.c -@@ -119,6 +119,24 @@ struct { - } - }, - -+ { -+ /* one block with empty type */ -+ "-----BEGIN -----\n" -+ "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" -+ "-----END -----", -+ { -+ { -+ "", -+ "\x69\x83\x4d\x5e\xab\x21\x95\x5c\x42\x76\x8f\x10\x7c\xa7\x97\x87" -+ "\x71\x94\xcd\xdf\xf2\x9f\x82\xd8\x21\x58\x10\xaf\x1e\x1a", -+ 30, -+ }, -+ { -+ NULL, -+ } -+ } -+ }, -+ - { - NULL, - } --- -2.19.1 - diff --git a/rpc-server-Check-calloc-failure.patch b/rpc-server-Check-calloc-failure.patch deleted file mode 100644 index 3b85d59..0000000 --- a/rpc-server-Check-calloc-failure.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 6417780ebbbbb0f01ddb001b239347655fb98578 Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Wed, 17 Oct 2018 09:53:27 +0200 -Subject: [PATCH 11/36] rpc-server: Check calloc failure - ---- - p11-kit/rpc-server.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/p11-kit/rpc-server.c b/p11-kit/rpc-server.c -index 5b3dbf0..3216742 100644 ---- a/p11-kit/rpc-server.c -+++ b/p11-kit/rpc-server.c -@@ -2219,6 +2219,10 @@ p11_kit_remote_serve_tokens (const char **tokens, - filter = p11_dict_get (filters, module); - if (filter == NULL) { - lower = calloc (1, sizeof (p11_virtual)); -+ if (lower == NULL) { -+ error = ENOMEM; -+ goto out; -+ } - p11_virtual_init (lower, &p11_virtual_base, module, NULL); - filter = p11_filter_subclass (lower, NULL); - if (filter == NULL) { --- -2.19.1 - diff --git a/rpc-server-p11_kit_remote_serve_tokens-Fix-memleak.patch b/rpc-server-p11_kit_remote_serve_tokens-Fix-memleak.patch deleted file mode 100644 index 3f6ec69..0000000 --- a/rpc-server-p11_kit_remote_serve_tokens-Fix-memleak.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 1f78cb0b4dd193ec1f1b2b424a497a6c2edec043 Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Tue, 16 Oct 2018 18:16:51 +0200 -Subject: [PATCH 08/36] rpc-server: p11_kit_remote_serve_tokens: Fix memleak - ---- - p11-kit/rpc-server.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/p11-kit/rpc-server.c b/p11-kit/rpc-server.c -index 3a8991d..5b3dbf0 100644 ---- a/p11-kit/rpc-server.c -+++ b/p11-kit/rpc-server.c -@@ -2285,6 +2285,11 @@ p11_kit_remote_serve_tokens (const char **tokens, - p11_kit_modules_release (modules); - if (error != 0) - errno = error; -+ if (uris) { -+ for (i = 0; i < n_tokens; i++) -+ p11_kit_uri_free (uris[i]); -+ free (uris); -+ } - - return ret; - } --- -2.19.1 - diff --git a/trust-Check-index-buckets-is-allocated-on-cleanup.patch b/trust-Check-index-buckets-is-allocated-on-cleanup.patch deleted file mode 100644 index 6dae406..0000000 --- a/trust-Check-index-buckets-is-allocated-on-cleanup.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 83e92c2f9575707083d8b0c70ef330e285d70836 Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Wed, 17 Oct 2018 09:53:46 +0200 -Subject: [PATCH 12/36] trust: Check index->buckets is allocated on cleanup - ---- - trust/index.c | 8 +++++--- - 1 file changed, 5 insertions(+), 3 deletions(-) - -diff --git a/trust/index.c b/trust/index.c -index 6a8e535..2d1da29 100644 ---- a/trust/index.c -+++ b/trust/index.c -@@ -193,9 +193,11 @@ p11_index_free (p11_index *index) - - p11_dict_free (index->objects); - p11_dict_free (index->changes); -- for (i = 0; i < NUM_BUCKETS; i++) -- free (index->buckets[i].elem); -- free (index->buckets); -+ if (index->buckets) { -+ for (i = 0; i < NUM_BUCKETS; i++) -+ free (index->buckets[i].elem); -+ free (index->buckets); -+ } - free (index); - } - --- -2.19.1 - diff --git a/trust-Continue-parsing-if-the-file-cannot-be-read-as.patch b/trust-Continue-parsing-if-the-file-cannot-be-read-as.patch deleted file mode 100644 index 095fe54..0000000 --- a/trust-Continue-parsing-if-the-file-cannot-be-read-as.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 5e6a92b67ddade14a54769b05cc717043bc56b78 Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Tue, 25 Dec 2018 08:32:19 +0100 -Subject: [PATCH 27/36] trust: Continue parsing if the file cannot be read as - persist format - -A corrupted file that contains "[p11-kit-object-v1]" can be a valid -PEM certs file. Continue with the next format if it cannot be read as -a persistent format. ---- - trust/parser.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/trust/parser.c b/trust/parser.c -index e912c3a..e84e47c 100644 ---- a/trust/parser.c -+++ b/trust/parser.c -@@ -639,7 +639,7 @@ p11_parser_format_persist (p11_parser *parser, - } - - p11_array_free (objects); -- return ret ? P11_PARSE_SUCCESS : P11_PARSE_FAILURE; -+ return ret ? P11_PARSE_SUCCESS : P11_PARSE_UNRECOGNIZED; - } - - p11_parser * --- -2.19.1 - diff --git a/trust-Fail-if-trust-anchors-are-not-loaded-from-a-fi.patch b/trust-Fail-if-trust-anchors-are-not-loaded-from-a-fi.patch deleted file mode 100644 index d762d81..0000000 --- a/trust-Fail-if-trust-anchors-are-not-loaded-from-a-fi.patch +++ /dev/null @@ -1,69 +0,0 @@ -From eb503f3a1467f21a5ecc9ae84ae23b216afc102f Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Tue, 25 Dec 2018 07:32:01 +0100 -Subject: [PATCH 25/36] trust: Fail if trust anchors are not loaded from a file - -If the trust path is a file, treat parse error as fatal and abort the -C_FindObjectsInit call. ---- - trust/module.c | 11 ++++++++--- - trust/token.c | 6 +++--- - 2 files changed, 11 insertions(+), 6 deletions(-) - -diff --git a/trust/module.c b/trust/module.c -index 0c16a39..1722340 100644 ---- a/trust/module.c -+++ b/trust/module.c -@@ -1198,11 +1198,16 @@ sys_C_FindObjectsInit (CK_SESSION_HANDLE handle, - indices[n++] = session->index; - if (want_token_objects) { - if (!session->loaded) -- p11_token_load (session->token); -- session->loaded = CK_TRUE; -- indices[n++] = p11_token_index (session->token); -+ if (p11_token_load (session->token) < 0) -+ rv = CKR_FUNCTION_FAILED; -+ if (rv == CKR_OK) { -+ session->loaded = CK_TRUE; -+ indices[n++] = p11_token_index (session->token); -+ } - } -+ } - -+ if (rv == CKR_OK) { - find = calloc (1, sizeof (FindObjects)); - warn_if_fail (find != NULL); - -diff --git a/trust/token.c b/trust/token.c -index fd3b043..030c17b 100644 ---- a/trust/token.c -+++ b/trust/token.c -@@ -196,14 +196,14 @@ loader_load_file (p11_token *token, - default: - p11_debug ("failed to parse: %s", filename); - loader_gone_file (token, filename); -- return 0; -+ return -1; - } - - /* Update each parsed object with the origin */ - parsed = p11_parser_parsed (token->parser); - for (i = 0; i < parsed->num; i++) { - parsed->elem[i] = p11_attrs_build (parsed->elem[i], origin, NULL); -- return_val_if_fail (parsed->elem[i] != NULL, 0); -+ return_val_if_fail (parsed->elem[i] != NULL, -1); - } - - p11_index_load (token->index); -@@ -215,7 +215,7 @@ loader_load_file (p11_token *token, - - if (rv != CKR_OK) { - p11_message ("couldn't load file into objects: %s", filename); -- return 0; -+ return -1; - } - - loader_was_loaded (token, filename, sb); --- -2.19.1 - diff --git a/trust-Ignore-unreadable-content-in-anchors.patch b/trust-Ignore-unreadable-content-in-anchors.patch deleted file mode 100644 index 9df3687..0000000 --- a/trust-Ignore-unreadable-content-in-anchors.patch +++ /dev/null @@ -1,181 +0,0 @@ -From e2170b295992cb7fdf115227a78028ac3780619f Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Mon, 18 Feb 2019 14:53:49 +0100 -Subject: [PATCH 33/36] trust: Ignore unreadable content in anchors - -This amends eb503f3a1467f21a5ecc9ae84ae23b216afc102f. Instead of -failing C_FindObjectsInit, treat any errors internally and accumulates -the successfully loaded certificates. - -Reported by Andrej Kvasnica in: -https://bugzilla.redhat.com/show_bug.cgi?id=1675441 ---- - trust/module.c | 3 +- - trust/test-module.c | 77 +++++++++++++++++++++++++++++++++++++++++++++ - trust/token.c | 23 ++++++-------- - 3 files changed, 88 insertions(+), 15 deletions(-) - -diff --git a/trust/module.c b/trust/module.c -index 1722340..ec3333d 100644 ---- a/trust/module.c -+++ b/trust/module.c -@@ -1198,8 +1198,7 @@ sys_C_FindObjectsInit (CK_SESSION_HANDLE handle, - indices[n++] = session->index; - if (want_token_objects) { - if (!session->loaded) -- if (p11_token_load (session->token) < 0) -- rv = CKR_FUNCTION_FAILED; -+ p11_token_load (session->token); - if (rv == CKR_OK) { - session->loaded = CK_TRUE; - indices[n++] = p11_token_index (session->token); -diff --git a/trust/test-module.c b/trust/test-module.c -index 1e8d812..4024d81 100644 ---- a/trust/test-module.c -+++ b/trust/test-module.c -@@ -163,6 +163,80 @@ setup_writable (void *unused) - p11_parser_formats (test.parser, p11_parser_format_persist, NULL); - } - -+/* This is similar to setup(), but it adds an unreadable content in -+ * the anchor directory. */ -+static void -+setup_unreadable (void *unused) -+{ -+ CK_C_INITIALIZE_ARGS args; -+ const char *paths; -+ char *p, *pp, *anchors; -+ FILE *f, *ff; -+ char buffer[4096]; -+ char *arguments; -+ CK_ULONG count; -+ CK_RV rv; -+ -+ memset (&test, 0, sizeof (test)); -+ -+ /* This is the entry point of the trust module, linked to this test */ -+ rv = C_GetFunctionList (&test.module); -+ assert (rv == CKR_OK); -+ -+ test.directory = p11_test_directory ("test-module"); -+ anchors = p11_path_build (test.directory, "anchors", NULL); -+#ifdef OS_UNIX -+ if (mkdir (anchors, S_IRWXU) < 0) -+#else -+ if (mkdir (anchors) < 0) -+#endif -+ assert_fail ("mkdir()", anchors); -+ -+ p = p11_path_build (anchors, "unreadable", NULL); -+ f = fopen (p, "w"); -+ fwrite ("foo", 3, 1, f); -+ fclose (f); -+ chmod (p, 0); -+ free (p); -+ -+ pp = p11_path_build (anchors, "thawte", NULL); -+ ff = fopen (pp, "w"); -+ f = fopen (SRCDIR "/trust/fixtures/thawte.pem", "r"); -+ while (!feof (f)) { -+ size_t size; -+ size = fread (buffer, 1, sizeof (buffer), f); -+ if (ferror (f)) -+ assert_fail ("fread()", -+ SRCDIR "/trust/fixtures/thawte.pem"); -+ fwrite (buffer, 1, size, ff); -+ if (ferror (ff)) -+ assert_fail ("write()", pp); -+ } -+ free (pp); -+ fclose (ff); -+ fclose (f); -+ free (anchors); -+ -+ memset (&args, 0, sizeof (args)); -+ paths = SRCDIR "/trust/input" P11_PATH_SEP \ -+ SRCDIR "/trust/fixtures/self-signed-with-ku.der"; -+ if (asprintf (&arguments, "paths='%s%c%s'", -+ paths, P11_PATH_SEP_C, test.directory) < 0) -+ assert (false && "not reached"); -+ args.pReserved = arguments; -+ args.flags = CKF_OS_LOCKING_OK; -+ -+ rv = test.module->C_Initialize (&args); -+ assert (rv == CKR_OK); -+ -+ free (arguments); -+ -+ count = NUM_SLOTS; -+ rv = test.module->C_GetSlotList (CK_TRUE, test.slots, &count); -+ assert (rv == CKR_OK); -+ assert (count == NUM_SLOTS); -+} -+ - static void - test_get_slot_list (void) - { -@@ -1324,5 +1398,8 @@ main (int argc, - p11_fixture (NULL, NULL); - p11_test (test_token_write_protected, "/module/token-write-protected"); - -+ p11_fixture (setup_unreadable, teardown); -+ p11_test (test_find_certificates, "/module/unreadable"); -+ - return p11_test_run (argc, argv); - } -diff --git a/trust/token.c b/trust/token.c -index b91a1d0..8c75d06 100644 ---- a/trust/token.c -+++ b/trust/token.c -@@ -266,8 +266,8 @@ loader_load_directory (p11_token *token, - return_val_if_fail (path != NULL, -1); - - ret = loader_load_if_file (token, path); -- return_val_if_fail (ret >=0, -1); -- total += ret; -+ if (ret >= 0) -+ total += ret; - - /* Make note that this file was seen */ - p11_dict_remove (present, path); -@@ -328,8 +328,8 @@ loader_load_path (p11_token *token, - p11_dict_iterate (present, &iter); - while (p11_dict_next (&iter, (void **)&filename, NULL)) { - ret = loader_load_if_file (token, filename); -- return_val_if_fail (ret >= 0, ret); -- total += ret; -+ if (ret >= 0) -+ total += ret; - } - } - -@@ -377,20 +377,17 @@ p11_token_load (p11_token *token) - int ret; - - ret = loader_load_path (token, token->path, &is_dir); -- if (ret < 0) -- return -1; -- total += ret; -+ if (ret >= 0) -+ total += ret; - - if (is_dir) { - ret = loader_load_path (token, token->anchors, &is_dir); -- if (ret < 0) -- return -1; -- total += ret; -+ if (ret >= 0) -+ total += ret; - - ret = loader_load_path (token, token->blacklist, &is_dir); -- if (ret < 0) -- return -1; -- total += ret; -+ if (ret >= 0) -+ total += ret; - } - - return total; --- -2.19.1 - diff --git a/trust-Propagate-library-verbosity-to-module-through-.patch b/trust-Propagate-library-verbosity-to-module-through-.patch deleted file mode 100644 index 10763a2..0000000 --- a/trust-Propagate-library-verbosity-to-module-through-.patch +++ /dev/null @@ -1,222 +0,0 @@ -From 0dd62395788ae566d3adef967611bce214a04435 Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Sun, 23 Dec 2018 14:11:00 +0100 -Subject: [PATCH 24/36] trust: Propagate library verbosity to module through - init_args - -Previously, even when the -v option is used with the 'trust' command, -the messages from p11-kit-trust.so module were suppressed because the -verbosity setting is not propagated to the module. ---- - common/message.c | 8 ++++---- - p11-kit/modules.c | 29 +++++++++++++++++++++++------ - p11-kit/p11-kit.h | 3 ++- - trust/enumerate.c | 11 +++++++++-- - trust/module.c | 5 +++++ - trust/p11-kit-trust.module | 4 ++++ - 6 files changed, 47 insertions(+), 13 deletions(-) - -diff --git a/common/message.c b/common/message.c -index f9d4f57..e439def 100644 ---- a/common/message.c -+++ b/common/message.c -@@ -58,7 +58,7 @@ - #include - #include - --static bool print_messages = false; -+bool p11_print_messages = false; - - #ifdef HAVE_STRERROR_L - locale_t p11_message_locale = (locale_t) 0; -@@ -148,7 +148,7 @@ p11_message (const char* msg, - buffer[length] = 0; - - /* If printing is not disabled, just print out */ -- if (print_messages) -+ if (p11_print_messages) - fprintf (stderr, "p11-kit: %s\n", buffer); - else - p11_debug_message (P11_DEBUG_LIB, "message: %s", buffer); -@@ -158,13 +158,13 @@ p11_message (const char* msg, - void - p11_message_quiet (void) - { -- print_messages = false; -+ p11_print_messages = false; - } - - void - p11_message_loud (void) - { -- print_messages = true; -+ p11_print_messages = true; - } - - const char * -diff --git a/p11-kit/modules.c b/p11-kit/modules.c -index cfc4daf..0299eda 100644 ---- a/p11-kit/modules.c -+++ b/p11-kit/modules.c -@@ -306,6 +306,7 @@ free_module_unlocked (void *data) - p11_dict_free (mod->config); - free (mod->name); - free (mod->filename); -+ free (mod->init_args.pReserved); - free (mod); - } - -@@ -550,10 +551,12 @@ is_module_enabled_unlocked (const char *name, - static CK_RV - take_config_and_load_module_inlock (char **name, - p11_dict **config, -- bool critical) -+ bool critical, -+ bool verbose) - { - const char *filename = NULL; - const char *remote = NULL; -+ char *init_reserved = NULL; - CK_RV rv = CKR_OK; - Module *mod; - -@@ -591,7 +594,19 @@ take_config_and_load_module_inlock (char **name, - * 'x-init-reserved' setting in the config. This only works with specific - * PKCS#11 modules, and is non-standard use of that field. - */ -- mod->init_args.pReserved = p11_dict_get (*config, "x-init-reserved"); -+ init_reserved = p11_dict_get (*config, "x-init-reserved"); -+ if (init_reserved) { -+ if (verbose) { -+ init_reserved = strconcat (init_reserved, " verbose=yes", NULL); -+ } else { -+ init_reserved = strdup (init_reserved); -+ } -+ if (init_reserved == NULL) { -+ rv = CKR_HOST_MEMORY; -+ goto out; -+ } -+ } -+ mod->init_args.pReserved = init_reserved; - - /* Take ownership of thes evariables */ - p11_dict_free (mod->config); -@@ -607,7 +622,7 @@ out: - } - - static CK_RV --load_registered_modules_unlocked (void) -+load_registered_modules_unlocked (int flags) - { - p11_dictiter iter; - p11_dict *configs; -@@ -617,6 +632,7 @@ load_registered_modules_unlocked (void) - int mode; - CK_RV rv; - bool critical; -+ bool verbose; - - if (gl.config) - return CKR_OK; -@@ -652,7 +668,8 @@ load_registered_modules_unlocked (void) - - /* Is this a critical module, should abort loading of others? */ - critical = _p11_conf_parse_boolean (p11_dict_get (config, "critical"), false); -- rv = take_config_and_load_module_inlock (&name, &config, critical); -+ verbose = (flags & P11_KIT_MODULE_VERBOSE) != 0; -+ rv = take_config_and_load_module_inlock (&name, &config, critical, verbose); - - /* - * These variables will be cleared if ownership is transeferred -@@ -858,7 +875,7 @@ initialize_registered_inlock_reentrant (void) - if (rv != CKR_OK) - return rv; - -- rv = load_registered_modules_unlocked (); -+ rv = load_registered_modules_unlocked (0); - if (rv == CKR_OK) { - p11_dict_iterate (gl.unmanaged_by_funcs, &iter); - while (rv == CKR_OK && p11_dict_next (&iter, NULL, (void **)&mod)) { -@@ -1955,7 +1972,7 @@ p11_modules_load_inlock_reentrant (int flags, - if (rv != CKR_OK) - return rv; - -- rv = load_registered_modules_unlocked (); -+ rv = load_registered_modules_unlocked (flags); - if (rv != CKR_OK) - return rv; - -diff --git a/p11-kit/p11-kit.h b/p11-kit/p11-kit.h -index abf618b..cc89595 100644 ---- a/p11-kit/p11-kit.h -+++ b/p11-kit/p11-kit.h -@@ -57,7 +57,8 @@ enum { - P11_KIT_MODULE_UNMANAGED = 1 << 0, - P11_KIT_MODULE_CRITICAL = 1 << 1, - P11_KIT_MODULE_TRUSTED = 1 << 2, -- P11_KIT_MODULE_MASK = (1 << 3) - 1 -+ P11_KIT_MODULE_VERBOSE = 1 << 3, -+ P11_KIT_MODULE_MASK = (1 << 4) - 1 - }; - - typedef void (* p11_kit_destroyer) (void *data); -diff --git a/trust/enumerate.c b/trust/enumerate.c -index e197765..0cef089 100644 ---- a/trust/enumerate.c -+++ b/trust/enumerate.c -@@ -674,6 +674,8 @@ p11_enumerate_opt_purpose (p11_enumerate *ex, - return true; - } - -+extern bool p11_print_messages; -+ - bool - p11_enumerate_ready (p11_enumerate *ex, - const char *def_filter) -@@ -687,8 +689,13 @@ p11_enumerate_ready (p11_enumerate *ex, - * We only "believe" the CKA_TRUSTED and CKA_X_DISTRUSTED attributes - * we get from modules explicitly marked as containing trust-policy. - */ -- if (!ex->modules) -- ex->modules = p11_kit_modules_load_and_initialize (P11_KIT_MODULE_TRUSTED); -+ if (!ex->modules) { -+ int flags = P11_KIT_MODULE_TRUSTED; -+ if (p11_print_messages) -+ flags |= P11_KIT_MODULE_VERBOSE; -+ -+ ex->modules = p11_kit_modules_load_and_initialize (flags); -+ } - if (!ex->modules) - return false; - if (ex->modules[0] == NULL) -diff --git a/trust/module.c b/trust/module.c -index 24cda87..0c16a39 100644 ---- a/trust/module.c -+++ b/trust/module.c -@@ -287,6 +287,11 @@ parse_argument (char *arg, - free (gl.paths); - gl.paths = value ? strdup (value) : NULL; - -+ } else if (strcmp (arg, "verbose") == 0) { -+ if (strcmp (value, "yes") == 0) -+ p11_message_loud (); -+ else if (strcmp (value, "no") == 0) -+ p11_message_quiet (); - } else { - p11_message ("unrecognized module argument: %s", arg); - } -diff --git a/trust/p11-kit-trust.module b/trust/p11-kit-trust.module -index 72122c3..a2a3306 100644 ---- a/trust/p11-kit-trust.module -+++ b/trust/p11-kit-trust.module -@@ -18,3 +18,7 @@ x-trust-lookup: pkcs11:library-description=PKCS%2311%20Kit%20Trust%20Module - - # Prevent this module being loaded by the proxy module - disable-in: p11-kit-proxy -+ -+# This will be overwritten by appending "verbose=yes", if the trust -+# command is called with the -v option. -+x-init-reserved: --- -2.19.1 - diff --git a/trust-p11_token_load-Treat-parse-error-as-failure.patch b/trust-p11_token_load-Treat-parse-error-as-failure.patch deleted file mode 100644 index 10de39b..0000000 --- a/trust-p11_token_load-Treat-parse-error-as-failure.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 4aa6ef9e82f6bb14746a47a7d56789d5e982a1f5 Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Tue, 25 Dec 2018 07:38:26 +0100 -Subject: [PATCH 26/36] trust: p11_token_load: Treat parse error as failure - -Those conditions can happen when the trust file is corrupted, so it -makes more sense to treat them as a failure instead of programmer -error. ---- - trust/token.c | 9 ++++++--- - 1 file changed, 6 insertions(+), 3 deletions(-) - -diff --git a/trust/token.c b/trust/token.c -index 030c17b..b91a1d0 100644 ---- a/trust/token.c -+++ b/trust/token.c -@@ -377,16 +377,19 @@ p11_token_load (p11_token *token) - int ret; - - ret = loader_load_path (token, token->path, &is_dir); -- return_val_if_fail (ret >= 0, -1); -+ if (ret < 0) -+ return -1; - total += ret; - - if (is_dir) { - ret = loader_load_path (token, token->anchors, &is_dir); -- return_val_if_fail (ret >= 0, -1); -+ if (ret < 0) -+ return -1; - total += ret; - - ret = loader_load_path (token, token->blacklist, &is_dir); -- return_val_if_fail (ret >= 0, -1); -+ if (ret < 0) -+ return -1; - total += ret; - } - --- -2.19.1 -