!35 backport patch for glibc-networking

From: @yunjia_w Reviewed-by: @HuaxinLuGitee Signed-off-by: @HuaxinLuGitee
backport patch for glibc-networking
2023-09-26 06:23:36 +00:00 · 2023-09-26 11:35:10 +08:00 · 2023-07-26 07:56:37 +00:00 · 2023-07-20 11:16:24 +08:00 · 2023-01-30 06:36:02 +00:00 · 2023-01-29 17:47:05 +08:00
4 changed files with 78 additions and 7 deletions
--- a/backport-Fix-probing-of-C_GetInterface.patch
+++ b/backport-Fix-probing-of-C_GetInterface.patch
@ -0,0 +1,45 @@
+From d1d4b0ac316a27c739ff91e6c4153f1154e96e5a Mon Sep 17 00:00:00 2001
+From: Xi Ruoyao <xry111@xry111.site>
+Date: Thu, 27 Jul 2023 12:18:15 +0800
+Subject: [PATCH] Fix probing of C_GetInterface
+
+`p11_dl_symbol (dl, "C_GetInterface")` uses dlsym() to find
+C_GetInterface in the loaded pkcs11 module.  For legacy (pre-3.0) pkcs11
+modules, C_GetInterface is not defined in the module.  But according to
+the documentation of dlsym():
+
+    The search performed by dlsym() is breadth first through the
+    dependency tree of these shared objects.
+
+So if a pkcs11 module links to libp11-kit.so, the C_GetInterface
+implementation in libp11-kit.so itself will be found.  This
+C_GetInterface will return the metadata of p11-kit-proxy.so, causing
+"Refuse to load the p11-kit-proxy.so as a registered module".
+
+To solve the issue, if p11_dl_symbol() returns the C_GetInterface in
+libp11-kit.so itself, we should ignore it and continue trying
+C_GetFunctionList.
+---
+ p11-kit/modules.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/p11-kit/modules.c b/p11-kit/modules.c
+index 8ad88ae..da0a7f0 100644
+--- a/p11-kit/modules.c
+++ b/p11-kit/modules.c
+@@ -383,6 +383,12 @@ dlopen_and_get_function_list (Module *mod,
+ 	mod->loaded_module = dl;
+ 
+ 	gi = p11_dl_symbol (dl, "C_GetInterface");
+
+#ifndef OS_WIN32
+	if (gi == C_GetInterface)
+		gi = NULL;
+#endif
+
+ 	if (gi) {
+ 		/* Get the default standard interface */
+ 		rv = gi ((unsigned char *)"PKCS 11", NULL, &interface, 0);
+-- 
+2.27.0
+
--- a/p11-kit-0.23.22.tar.xz
+++ b/p11-kit-0.23.22.tar.xz
--- a/p11-kit-0.25.0.tar.xz
+++ b/p11-kit-0.25.0.tar.xz
--- a/p11-kit.spec
+++ b/p11-kit.spec
@ -1,6 +1,6 @@
 Name:           p11-kit
-Version:	0.23.22
-Release:	1
+Version:        0.25.0
+Release:        2
 Summary:        Provides a way to load and enumerate PKCS#11 modules.
 License:        BSD
 URL:            http://p11-glue.freedesktop.org/p11-kit.html
@ -8,10 +8,10 @@ URL:            http://p11-glue.freedesktop.org/p11-kit.html
 Source0:        https://github.com/p11-glue/p11-kit/releases/download/%{version}/%{name}-%{version}.tar.xz
 Source1:        p11-kit-client.service

+Patch0: backport-Fix-probing-of-C_GetInterface.patch
+
 BuildRequires:  gcc libtasn1-devel >= 2.3 libffi-devel gtk-doc systemd-devel pkgconfig(glib-2.0) libxslt
 BuildRequires:  bash-completion
-Provides:       p11-kit-server = %{version}-%{release}
-Obsoletes:      p11-kit-server < %{version}-%{release}

 %description
 Provides a way to load and enumerate PKCS#11 modules.
@ -37,6 +37,15 @@ Conflicts:      nss < 3.14.3-9
 %description trust
 This package contains PKCS#11 trust policy module.

+%package server
+Summary:        Server and client commands for %{name}
+Requires:       %{name} = %{version}-%{release}
+
+%description server
+The %{name}-server package contains command line tools that enable to
+export PKCS#11 modules through a Unix domain socket.  Note that this
+feature is still experimental.
+
 %package help
 Summary:        Help infomation of %{name}
 Requires:       %{name} = %{version}-%{release}
@ -89,13 +98,15 @@ fi
 %{_bindir}/p11-kit
 %{_libdir}/libp11-kit.so.*
 %{_libdir}/p11-kit-proxy.so
-%{_libdir}/pkcs11/p11-kit-client.so
 %{_libexecdir}/p11-kit/p11-kit-remote
-%{_libexecdir}/p11-kit/p11-kit-server
+%{_datadir}/bash-completion/completions/p11-kit
+
+%files server
+%{_libdir}/pkcs11/p11-kit-client.so
 %{_userunitdir}/p11-kit-client.service
+%{_libexecdir}/p11-kit/p11-kit-server
 %{_userunitdir}/p11-kit-server.service
 %{_userunitdir}/p11-kit-server.socket
-%{_datadir}/bash-completion/completions/p11-kit

 %files help
 %doc AUTHORS NEWS README
@ -121,6 +132,21 @@ fi
 %{_datadir}/bash-completion/completions/trust

 %changelog
+* Tue Sep 26 2023 wangyunjia <yunjia.wang@huawei.com> - 0.25.0-2
+- backport patch for glib-networking
+
+* Thu Jul 20 2023 wangyunjia <yunjia.wang@huawei.com> - 0.25.0-1
+- update to 0.25.0
+
+* Sun Jan 29 2023 zhengxiaoxiao <zhengxiaoxiao2@huawei.com> - 0.24.1-1
+- update to 0.24.1
+
+* Wed Jun 15 2022 duyiwei <duyiwei@kylinos.cn> - 0.24.0-2
+- add subpackage server
+
+* Wed Dec 1 2021 panxiaohe <panxiaohe@huawei.com> - 0.24.0-1
+- update to 0.24.0
+
 * Sat Jan 23 2021 panxiaohe <panxiaohe@huawei.com> - 0.23.22-1
 - update to 0.23.22
Author	SHA1	Message	Date
openeuler-ci-bot	56ad694843	!35 backport patch for glibc-networking From: @yunjia_w Reviewed-by: @HuaxinLuGitee Signed-off-by: @HuaxinLuGitee	2023-09-26 06:23:36 +00:00
wangyunjia	0b58dfdee2	backport patch for glibc-networking Signed-off-by: wangyunjia <yunjia_w@163.com>	2023-09-26 11:35:10 +08:00
openeuler-ci-bot	3473b60a7b	!34 update to 0.25.0 From: @yunjia_w Reviewed-by: @HuaxinLuGitee Signed-off-by: @HuaxinLuGitee	2023-07-26 07:56:37 +00:00
yunjia_w	9806f1d8ec	update to 0.25.0 Signed-off-by: yunjia_w <yunjia.wang@huawei.com>	2023-07-20 11:16:24 +08:00
openeuler-ci-bot	ef32607bad	!33 update version to 0.24.1 From: @zhengxiaoxiaoGitee Reviewed-by: @HuaxinLuGitee Signed-off-by: @HuaxinLuGitee	2023-01-30 06:36:02 +00:00
zhengxiaoxiao	fc8d818e7e	update version to 0.24.1	2023-01-29 17:47:05 +08:00
openeuler-ci-bot	30b8cc201b	!27 为p11-kit 拆分出子包server From: @duyiwei7w Reviewed-by: @zhujianwei001 Signed-off-by: @zhujianwei001	2022-07-06 02:59:29 +00:00
duyiwei	415f161388	add subpackage server	2022-07-06 09:15:12 +08:00
openeuler-ci-bot	6642f5f50d	!21 update to 0.24.0 Merge pull request !21 from panxh_purple/master	2021-12-21 03:03:10 +00:00
panxiaohe	961bb6b500	update to 0.24.0	2021-12-06 10:29:00 +08:00