Hello community, here is the log from the commit of package engine_pkcs11 checked in at Mon Nov 10 17:24:39 CET 2008. -------- --- engine_pkcs11/engine_pkcs11.changes 2008-09-08 18:37:17.000000000 +0200 +++ /mounts/work_src_done/STABLE/engine_pkcs11/engine_pkcs11.changes 2008-11-10 16:41:55.000000000 +0100 @@ -1,0 +2,6 @@ +Mon Nov 10 17:35:43 EET 2008 - tambet@novell.com + +- Fix segfaults on unloading the engine. +- Implement getting certificates by label. + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- fix-pin-memory-corruption.patch search-certs-by-label.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ engine_pkcs11.spec ++++++ --- /var/tmp/diff_new_pack.w30221/_old 2008-11-10 17:24:29.000000000 +0100 +++ /var/tmp/diff_new_pack.w30221/_new 2008-11-10 17:24:29.000000000 +0100 @@ -20,13 +20,15 @@ Name: engine_pkcs11 Version: 0.1.5 -Release: 1 +Release: 5 Url: http://www.opensc-project.org/engine_pkcs11/ Group: Productivity/Security License: BSD 3-Clause Summary: OpenSSL PKCS#11 Engine Source: %{name}-%{version}.tar.bz2 Source1: %{name}-COPYING +Patch0: fix-pin-memory-corruption.patch +Patch1: search-certs-by-label.patch BuildRequires: libp11-devel libxslt pkg-config BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -52,6 +54,8 @@ %prep %setup +%patch0 -p1 +%patch1 -p1 cp -a %{S:1} COPYING %build @@ -74,6 +78,9 @@ %{_libdir}/engines/*.so %changelog +* Mon Nov 10 2008 tambet@novell.com +- Fix segfaults on unloading the engine. +- Implement getting certificates by label. * Mon Sep 08 2008 sbrabec@suse.cz - Updated to version 0.1.5: * Build system rewritten. ++++++ fix-pin-memory-corruption.patch ++++++ Index: engine_pkcs11-0.1.5/src/engine_pkcs11.c =================================================================== --- engine_pkcs11-0.1.5.orig/src/engine_pkcs11.c +++ engine_pkcs11-0.1.5/src/engine_pkcs11.c @@ -157,7 +157,7 @@ int pkcs11_finish(ENGINE * engine) ctx = NULL; } if (pin != NULL) { - OPENSSL_cleanse(pin, MAX_PIN_LENGTH); + OPENSSL_cleanse(pin, strlen(pin)); free(pin); pin = NULL; } @@ -181,7 +181,7 @@ int pkcs11_init(ENGINE * engine) int pkcs11_rsa_finish(RSA * rsa) { if (pin) { - OPENSSL_cleanse(pin, MAX_PIN_LENGTH); + OPENSSL_cleanse(pin, strlen(pin)); free(pin); pin = NULL; } @@ -685,7 +685,7 @@ static EVP_PKEY *pkcs11_load_key(ENGINE /* Free the PIN if it has already been assigned (i.e, cached by get_pin) */ if (pin != NULL) { - OPENSSL_cleanse(pin, MAX_PIN_LENGTH); + OPENSSL_cleanse(pin, strlen(pin)); free(pin); pin = NULL; } @@ -695,7 +695,7 @@ static EVP_PKEY *pkcs11_load_key(ENGINE fail("Could not allocate memory for PIN"); } if (!get_pin(ui_method, callback_data) ) { - OPENSSL_cleanse(pin, MAX_PIN_LENGTH); + OPENSSL_cleanse(pin, strlen(pin)); free(pin); pin = NULL; fail("No pin code was entered"); @@ -706,7 +706,7 @@ static EVP_PKEY *pkcs11_load_key(ENGINE if (PKCS11_login(slot, 0, pin)) { /* Login failed, so free the PIN if present */ if (pin != NULL) { - OPENSSL_cleanse(pin, MAX_PIN_LENGTH); + OPENSSL_cleanse(pin, strlen(pin)); free(pin); pin = NULL; } ++++++ search-certs-by-label.patch ++++++ Index: engine_pkcs11-0.1.5/src/engine_pkcs11.c =================================================================== --- engine_pkcs11-0.1.5.orig/src/engine_pkcs11.c +++ engine_pkcs11-0.1.5/src/engine_pkcs11.c @@ -496,7 +496,17 @@ static X509 *pkcs11_load_cert(ENGINE * e fprintf(stderr, "Found %u cert%s:\n", count, (count <= 1) ? "" : "s"); } - if ((s_slot_cert_id && *s_slot_cert_id) || (cert_id_len == 0)) { + + if (cert_label) { + for (n = 0; n < count; n++) { + PKCS11_CERT *k = certs + n; + + if (k->label && strcmp (k->label, cert_label)) + selected_cert = k; + } + + free(cert_label); + } else if ((s_slot_cert_id && *s_slot_cert_id) || (cert_id_len == 0)) { for (n = 0; n < count; n++) { PKCS11_CERT *k = certs + n; @@ -516,8 +526,6 @@ static X509 *pkcs11_load_cert(ENGINE * e } x509 = X509_dup(selected_cert->x509); - if (cert_label != NULL) - free(cert_label); return x509; } ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org