The package rpms/libcacard.git has added or updated architecture specific content in its spec file (ExclusiveArch/ExcludeArch or %ifarch/%ifnarch) in commit(s): https://src.fedoraproject.org/cgit/rpms/libcacard.git/commit/?id=34da83c4f9e....
Change: +%ifnarch s390x
Thanks.
Full change: ============
commit d7d646982c104e53e6bbdc730e3b3e3c4de17055 Author: Jakub Jelen jjelen@redhat.com Date: Thu Aug 29 14:33:33 2019 +0200
libcacard-2.7.0-3
diff --git a/libcacard.spec b/libcacard.spec index bbcc435..2dce3f2 100644 --- a/libcacard.spec +++ b/libcacard.spec @@ -1,6 +1,6 @@ Name: libcacard Version: 2.7.0 -Release: 2%{?dist} +Release: 3%{?dist} Summary: CAC (Common Access Card) library License: LGPLv2+ URL: https://gitlab.freedesktop.org/spice/libcacard @@ -72,6 +72,9 @@ rm -f %{buildroot}%{_libdir}/*.la %{_libdir}/pkgconfig/libcacard.pc
%changelog +* Thu Aug 29 2019 Jakub Jelen jjelen@redhat.com - 2.7.0-3 +- Backport an upstream patch to unbreak testing + * Thu Jul 25 2019 Fedora Release Engineering releng@fedoraproject.org - 3:2.7.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
commit 022a6b5470019fbdb2ee1e7e5729ab06899ec4d3 Author: Jakub Jelen jjelen@redhat.com Date: Thu Aug 29 14:31:16 2019 +0200
Backport patch removing the key caching to handle reusing
diff --git a/libcacard-2.7.0-caching-keys.patch b/libcacard-2.7.0-caching-keys.patch new file mode 100644 index 0000000..8c8a3b9 --- /dev/null +++ b/libcacard-2.7.0-caching-keys.patch @@ -0,0 +1,124 @@ +From 2c10ae315375730020108cbcae0c282d0d6eff5f Mon Sep 17 00:00:00 2001 +From: Jakub Jelen jjelen@redhat.com +Date: Mon, 26 Aug 2019 17:42:06 +0200 +Subject: [PATCH 1/2] vcard_emul_nss: Drop the key caching to simplify error + handling + +It could happen with PKCS#11 modules that (correctly) invalidate object +handles after logout (which was introduced in 0d3a683a), that the handles +are not valid when we try to use the objects again. + +This is trying to address this use case, which I noticed was breaking +CI with SoftHSM PKCS#11 modules. + +Signed-off-by: Jakub Jelen jjelen@redhat.com +--- + src/vcard_emul_nss.c | 15 +-------------- + 1 file changed, 1 insertion(+), 14 deletions(-) + +diff --git a/src/vcard_emul_nss.c b/src/vcard_emul_nss.c +index e8f5c56..f788964 100644 +--- a/src/vcard_emul_nss.c ++++ b/src/vcard_emul_nss.c +@@ -52,7 +52,6 @@ typedef enum { + struct VCardKeyStruct { + CERTCertificate *cert; + PK11SlotInfo *slot; +- SECKEYPrivateKey *key; + VCardEmulTriState failedX509; + }; + +@@ -155,10 +154,6 @@ vcard_emul_make_key(PK11SlotInfo *slot, CERTCertificate *cert) + key = g_new(VCardKey, 1); + key->slot = PK11_ReferenceSlot(slot); + key->cert = CERT_DupCertificate(cert); +- /* NOTE: if we aren't logged into the token, this could return NULL */ +- /* NOTE: the cert is a temp cert, not necessarily the cert in the token, +- * use the DER version of this function */ +- key->key = PK11_FindKeyByDERCert(slot, cert, NULL); + key->failedX509 = VCardEmulUnknown; + return key; + } +@@ -170,10 +165,6 @@ vcard_emul_delete_key(VCardKey *key) + if (!nss_emul_init || (key == NULL)) { + return; + } +- if (key->key) { +- SECKEY_DestroyPrivateKey(key->key); +- key->key = NULL; +- } + if (key->cert) { + CERT_DestroyCertificate(key->cert); + } +@@ -189,12 +180,8 @@ vcard_emul_delete_key(VCardKey *key) + static SECKEYPrivateKey * + vcard_emul_get_nss_key(VCardKey *key) + { +- if (key->key) { +- return key->key; +- } + /* NOTE: if we aren't logged into the token, this could return NULL */ +- key->key = PK11_FindPrivateKeyFromCert(key->slot, key->cert, NULL); +- return key->key; ++ return PK11_FindPrivateKeyFromCert(key->slot, key->cert, NULL); + } + + /* +-- +2.22.0 + + +From 06587ef683373690f61540935b4516b4f23238ea Mon Sep 17 00:00:00 2001 +From: Jakub Jelen jjelen@redhat.com +Date: Tue, 27 Aug 2019 12:38:45 +0200 +Subject: [PATCH 2/2] tests: Reproducer for pkcs11 modules invalidating object + handles on logout + +Signed-off-by: Jakub Jelen jjelen@redhat.com +--- + tests/hwtests.c | 21 +++++++++++++++++++++ + 1 file changed, 21 insertions(+) + +diff --git a/tests/hwtests.c b/tests/hwtests.c +index cd9a33b..39decfb 100644 +--- a/tests/hwtests.c ++++ b/tests/hwtests.c +@@ -339,6 +339,26 @@ static void test_sign_bad_data_x509(void) + vreader_free(reader); /* get by id ref */ + } + ++/* This is a regression test for issues with PKCS#11 tokens ++ * invalidating object handles after logout (such as softhsm). ++ * See: https://bugzilla.mozilla.org/show_bug.cgi?id=1576642 ++ */ ++static void test_sign_logout_sign(void) ++{ ++ VReader *reader = vreader_get_reader_by_id(0); ++ ++ g_assert_nonnull(reader); ++ ++ test_login(); ++ test_sign(); ++ ++ /* This implicitly logs out the user */ ++ test_login(); ++ test_sign(); ++ ++ vreader_free(reader); /* get by id ref */ ++} ++ + static void libcacard_finalize(void) + { + VReader *reader = vreader_get_reader_by_id(0); +@@ -374,6 +394,7 @@ int main(int argc, char *argv[]) + g_test_add_func("/hw-tests/sign-bad-data", test_sign_bad_data_x509); + g_test_add_func("/hw-tests/empty-applets", test_empty_applets); + g_test_add_func("/hw-tests/get-response", test_get_response); ++ g_test_add_func("/hw-tests/sign-logout-sign", test_sign_logout_sign); + + ret = g_test_run(); + +-- +2.22.0 + + diff --git a/libcacard.spec b/libcacard.spec index c5a45fd..bbcc435 100644 --- a/libcacard.spec +++ b/libcacard.spec @@ -7,6 +7,8 @@ URL: https://gitlab.freedesktop.org/spice/libcacard Source0: http://www.spice-space.org/download/libcacard/%%7Bname%7D-%%7Bversion%7D.tar... Source1: http://www.spice-space.org/download/libcacard/%%7Bname%7D-%%7Bversion%7D.tar... Source2: gpgkey-15B5C33D.gpg +# https://gitlab.freedesktop.org/spice/libcacard/merge_requests/5 +Patch0: %{name}-2.7.0-caching-keys.patch Epoch: 3
BuildRequires: gcc @@ -39,6 +41,7 @@ developing applications that use %{name}. %prep gpgv2 --quiet --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0} %setup -q +%patch0 -p1
%build %configure --disable-static
commit ac27802a0db4becb97836c66a87cb135288596ec Author: Fedora Release Engineering releng@fedoraproject.org Date: Thu Jul 25 12:53:46 2019 +0000
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
Signed-off-by: Fedora Release Engineering releng@fedoraproject.org
diff --git a/libcacard.spec b/libcacard.spec index 65da263..c5a45fd 100644 --- a/libcacard.spec +++ b/libcacard.spec @@ -1,6 +1,6 @@ Name: libcacard Version: 2.7.0 -Release: 1%{?dist} +Release: 2%{?dist} Summary: CAC (Common Access Card) library License: LGPLv2+ URL: https://gitlab.freedesktop.org/spice/libcacard @@ -69,6 +69,9 @@ rm -f %{buildroot}%{_libdir}/*.la %{_libdir}/pkgconfig/libcacard.pc
%changelog +* Thu Jul 25 2019 Fedora Release Engineering releng@fedoraproject.org - 3:2.7.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + * Fri Feb 01 2019 Fedora Release Engineering releng@fedoraproject.org - 3:2.6.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
commit 34da83c4f9ec77a328891b897eb8bf7adc0a006b Author: Jakub Jelen jjelen@redhat.com Date: Mon Jul 22 18:53:27 2019 +0200
libcacard-2.7.0
diff --git a/.gitignore b/.gitignore index de2cfb5..906ecaf 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,6 @@ /libcacard-2.5.3.tar.xz /libcacard-2.6.0.tar.xz /libcacard-2.6.1.tar.xz +/libcacard-2.7.0.tar.xz +/libcacard-2.7.0.tar.xz.asc +/gpgkey-15B5C33D.gpg diff --git a/libcacard.spec b/libcacard.spec index abeb6c3..65da263 100644 --- a/libcacard.spec +++ b/libcacard.spec @@ -1,15 +1,24 @@ Name: libcacard -Version: 2.6.1 -Release: 2%{?dist} +Version: 2.7.0 +Release: 1%{?dist} Summary: CAC (Common Access Card) library License: LGPLv2+ URL: https://gitlab.freedesktop.org/spice/libcacard Source0: http://www.spice-space.org/download/libcacard/%%7Bname%7D-%%7Bversion%7D.tar... +Source1: http://www.spice-space.org/download/libcacard/%%7Bname%7D-%%7Bversion%7D.tar... +Source2: gpgkey-15B5C33D.gpg Epoch: 3
BuildRequires: gcc BuildRequires: glib2-devel BuildRequires: nss-devel +BuildRequires: softhsm +BuildRequires: opensc +BuildRequires: gnutls-utils +BuildRequires: nss-tools +BuildRequires: openssl +BuildRequires: lcov +BuildRequires: gnupg2 Conflicts: qemu-common < 2:2.5.0
%description @@ -28,6 +37,7 @@ The %{name}-devel package contains libraries and header files for developing applications that use %{name}.
%prep +gpgv2 --quiet --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0} %setup -q
%build @@ -35,6 +45,13 @@ developing applications that use %{name}. sed -i -e 's! -shared ! -Wl,--as-needed\0!g' libtool make %{?_smp_mflags}
+%check +# Do not run the tests on s390x, which fails +%ifnarch s390x +sed -i "s!/usr/lib64/!%{_libdir}/!" tests/setup-softhsm2.sh +make check +%endif + %install %make_install rm -f %{buildroot}%{_libdir}/*.la diff --git a/sources b/sources index 403147e..40c6d7c 100644 --- a/sources +++ b/sources @@ -1 +1,3 @@ -SHA512 (libcacard-2.6.1.tar.xz) = 1df2fa0cf46ee503cebb3a6f28c5e11609ec19dbf4e146d6d89ea59ddc7fcace45fc02adf852bfa385ae1ba1a889e9731a034b5e6630d45f3475cbc093e3aa2d +SHA512 (libcacard-2.7.0.tar.xz) = 347c13396e6777193e4e158321605410f4cbd90727c1ba8d85a1aac41d5ada96728dbef367ed4027d16dd0b10c8a4d0cf902ce3345334be4c78994cf72c58352 +SHA512 (libcacard-2.7.0.tar.xz.asc) = a8890117610a0d89019fee5c2ec67a8e383095a39ce56b3a2d092c6e1164435888c5128f9ca303689ffa304f4bcdf71bfab9b2218361bb352427c58dae54dce0 +SHA512 (gpgkey-15B5C33D.gpg) = 7f17283e5ea7e173d867ff815370c37b138df4fd8b7310f8a6eca13c5af90b0e6bd51bac79c0d3265021f6ae0e0e32f738ba4e12ba21e5302d628c235d5aed58
arch-excludes@lists.fedoraproject.org