|
|
|
|
@ -1,6 +1,6 @@
|
|
|
|
|
Index: Makefile.in
|
|
|
|
|
--- Makefile.in.orig 2020-01-29 17:42:32.000000000 +0100
|
|
|
|
|
+++ Makefile.in 2020-03-12 20:13:16.002628000 +0100
|
|
|
|
|
+++ Makefile.in 2020-03-12 23:07:35.270076000 +0100
|
|
|
|
|
@@ -1941,7 +1941,7 @@
|
|
|
|
|
p11-kit/p11-kit.c \
|
|
|
|
|
$(NULL)
|
|
|
|
|
@ -21,7 +21,7 @@ Index: Makefile.in
|
|
|
|
|
@WITH_TRUST_MODULE_TRUE@ libp11-common.la \
|
|
|
|
|
Index: common/compat.c
|
|
|
|
|
--- common/compat.c.orig 2020-01-07 16:15:00.000000000 +0100
|
|
|
|
|
+++ common/compat.c 2020-03-12 20:12:13.757486000 +0100
|
|
|
|
|
+++ common/compat.c 2020-03-12 23:07:35.270277000 +0100
|
|
|
|
|
@@ -39,6 +39,9 @@
|
|
|
|
|
* on older pthreads implementations
|
|
|
|
|
*/
|
|
|
|
|
@ -32,9 +32,116 @@ Index: common/compat.c
|
|
|
|
|
|
|
|
|
|
#include "compat.h"
|
|
|
|
|
#include "debug.h"
|
|
|
|
|
@@ -799,7 +802,7 @@
|
|
|
|
|
#ifndef HAVE_GETAUXVAL
|
|
|
|
|
|
|
|
|
|
unsigned long
|
|
|
|
|
-getauxval (unsigned long type)
|
|
|
|
|
+_p11_getauxval (unsigned long type)
|
|
|
|
|
{
|
|
|
|
|
static unsigned long secure = 0UL;
|
|
|
|
|
static bool check_secure_initialized = false;
|
|
|
|
|
@@ -811,7 +814,7 @@
|
|
|
|
|
assert (type == AT_SECURE);
|
|
|
|
|
|
|
|
|
|
if (!check_secure_initialized) {
|
|
|
|
|
-#if defined(HAVE___LIBC_ENABLE_SECURE)
|
|
|
|
|
+#if defined(HAVE___LIBC_ENABLE_SECURE) && !defined(__GNU__)
|
|
|
|
|
extern int __libc_enable_secure;
|
|
|
|
|
secure = __libc_enable_secure;
|
|
|
|
|
|
|
|
|
|
@@ -848,7 +851,7 @@
|
|
|
|
|
char *
|
|
|
|
|
secure_getenv (const char *name)
|
|
|
|
|
{
|
|
|
|
|
- if (getauxval (AT_SECURE))
|
|
|
|
|
+ if (_p11_getauxval (AT_SECURE))
|
|
|
|
|
return NULL;
|
|
|
|
|
return getenv (name);
|
|
|
|
|
}
|
|
|
|
|
Index: common/compat.h
|
|
|
|
|
--- common/compat.h.orig 2020-01-07 16:15:00.000000000 +0100
|
|
|
|
|
+++ common/compat.h 2020-03-12 23:07:35.270410000 +0100
|
|
|
|
|
@@ -343,10 +343,11 @@
|
|
|
|
|
#ifdef HAVE_GETAUXVAL
|
|
|
|
|
|
|
|
|
|
#include <sys/auxv.h>
|
|
|
|
|
+#define _p11_getauxval(X) getauxval(X)
|
|
|
|
|
|
|
|
|
|
#else /* !HAVE_GETAUXVAL */
|
|
|
|
|
|
|
|
|
|
-unsigned long getauxval (unsigned long type);
|
|
|
|
|
+unsigned long _p11_getauxval (unsigned long type);
|
|
|
|
|
|
|
|
|
|
#define AT_SECURE 23
|
|
|
|
|
|
|
|
|
|
Index: common/frob-getauxval.c
|
|
|
|
|
--- common/frob-getauxval.c.orig 2019-10-21 17:59:08.000000000 +0200
|
|
|
|
|
+++ common/frob-getauxval.c 2020-03-12 23:07:35.270525000 +0100
|
|
|
|
|
@@ -55,7 +55,7 @@
|
|
|
|
|
abort ();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
- ret = getauxval (type);
|
|
|
|
|
+ ret = _p11_getauxval (type);
|
|
|
|
|
printf ("getauxval(%lu) == %lu\n", type, ret);
|
|
|
|
|
return (int)ret;
|
|
|
|
|
}
|
|
|
|
|
Index: common/path.c
|
|
|
|
|
--- common/path.c.orig 2019-10-22 11:21:37.000000000 +0200
|
|
|
|
|
+++ common/path.c 2020-03-12 23:07:35.270645000 +0100
|
|
|
|
|
@@ -108,7 +108,7 @@
|
|
|
|
|
{
|
|
|
|
|
const char *env;
|
|
|
|
|
|
|
|
|
|
- if (getauxval (AT_SECURE)) {
|
|
|
|
|
+ if (_p11_getauxval (AT_SECURE)) {
|
|
|
|
|
errno = EPERM;
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
Index: common/unix-peer.c
|
|
|
|
|
--- common/unix-peer.c.orig 2019-10-21 17:59:08.000000000 +0200
|
|
|
|
|
+++ common/unix-peer.c 2020-03-12 23:07:35.270755000 +0100
|
|
|
|
|
@@ -47,6 +47,10 @@
|
|
|
|
|
# include <ucred.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
+#if (!defined(SO_PEERCRED) && !defined(HAVE_GETPEEREID) && !defined(HAVE_GETPEERUCRED) && defined(HAVE_SYS_UCRED_H)) || defined(__FreeBSD__)
|
|
|
|
|
+# include <sys/ucred.h>
|
|
|
|
|
+#endif
|
|
|
|
|
+
|
|
|
|
|
/* Returns the unix domain socket peer information.
|
|
|
|
|
* Returns zero on success.
|
|
|
|
|
*/
|
|
|
|
|
@@ -106,6 +110,25 @@
|
|
|
|
|
|
|
|
|
|
if (ret)
|
|
|
|
|
return -1;
|
|
|
|
|
+
|
|
|
|
|
+#elif (defined(HAVE_SYS_UCRED_H) && defined(LOCAL_PEERCRED) && defined(XUCRED_VERSION)) || defined(__FreeBSD__)
|
|
|
|
|
+ struct xucred cr;
|
|
|
|
|
+ socklen_t cr_len;
|
|
|
|
|
+
|
|
|
|
|
+ cr_len = sizeof (cr);
|
|
|
|
|
+ ret = getsockopt (cfd, 0, LOCAL_PEERCRED, &cr, &cr_len);
|
|
|
|
|
+ if (ret == -1)
|
|
|
|
|
+ return -1;
|
|
|
|
|
+
|
|
|
|
|
+ if (uid)
|
|
|
|
|
+ *uid = cr.cr_uid;
|
|
|
|
|
+
|
|
|
|
|
+ if (gid)
|
|
|
|
|
+ *gid = cr.cr_gid;
|
|
|
|
|
+
|
|
|
|
|
+ /* pid not available */
|
|
|
|
|
+ if (pid)
|
|
|
|
|
+ *pid = (socklen_t)-1;
|
|
|
|
|
#else
|
|
|
|
|
#error "Unsupported UNIX variant"
|
|
|
|
|
#endif
|
|
|
|
|
Index: configure
|
|
|
|
|
--- configure.orig 2020-01-29 17:42:31.000000000 +0100
|
|
|
|
|
+++ configure 2020-03-12 20:12:13.759065000 +0100
|
|
|
|
|
+++ configure 2020-03-12 23:07:57.497302000 +0100
|
|
|
|
|
@@ -16178,9 +16178,6 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@ -45,9 +152,33 @@ Index: configure
|
|
|
|
|
|
|
|
|
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for win32" >&5
|
|
|
|
|
$as_echo_n "checking for win32... " >&6; }
|
|
|
|
|
Index: p11-kit/conf.c
|
|
|
|
|
--- p11-kit/conf.c.orig 2020-01-07 16:15:00.000000000 +0100
|
|
|
|
|
+++ p11-kit/conf.c 2020-03-12 23:07:35.270893000 +0100
|
|
|
|
|
@@ -229,7 +229,7 @@
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (mode != CONF_USER_NONE) {
|
|
|
|
|
- if (getauxval (AT_SECURE)) {
|
|
|
|
|
+ if (_p11_getauxval (AT_SECURE)) {
|
|
|
|
|
p11_debug ("skipping user config in setuid or setgid program");
|
|
|
|
|
mode = CONF_USER_NONE;
|
|
|
|
|
#ifdef OS_UNIX
|
|
|
|
|
Index: p11-kit/frob-setuid.c
|
|
|
|
|
--- p11-kit/frob-setuid.c.orig 2019-10-21 17:59:08.000000000 +0200
|
|
|
|
|
+++ p11-kit/frob-setuid.c 2020-03-12 23:07:35.271006000 +0100
|
|
|
|
|
@@ -70,7 +70,7 @@
|
|
|
|
|
printf ("'setting' on module 'one': %s\n", field ? field : "(null)");
|
|
|
|
|
|
|
|
|
|
assert (field != NULL);
|
|
|
|
|
- if (getauxval (AT_SECURE))
|
|
|
|
|
+ if (_p11_getauxval (AT_SECURE))
|
|
|
|
|
assert (strcmp (field, "system1") == 0);
|
|
|
|
|
else
|
|
|
|
|
assert (strcmp (field, "user1") == 0);
|
|
|
|
|
Index: p11-kit/modules.c
|
|
|
|
|
--- p11-kit/modules.c.orig 2020-01-07 16:15:00.000000000 +0100
|
|
|
|
|
+++ p11-kit/modules.c 2020-03-12 20:12:13.759347000 +0100
|
|
|
|
|
+++ p11-kit/modules.c 2020-03-12 23:07:35.271301000 +0100
|
|
|
|
|
@@ -69,6 +69,7 @@
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <string.h>
|
|
|
|
|
@ -56,3 +187,28 @@ Index: p11-kit/modules.c
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* SECTION:p11-kit
|
|
|
|
|
Index: trust/extract-jks.c
|
|
|
|
|
--- trust/extract-jks.c.orig 2019-10-21 17:59:08.000000000 +0200
|
|
|
|
|
+++ trust/extract-jks.c 2020-03-12 23:07:35.271439000 +0100
|
|
|
|
|
@@ -250,9 +250,7 @@
|
|
|
|
|
* when this was this certificate was added to the keystore, however
|
|
|
|
|
* we don't have that information. Java uses time in milliseconds
|
|
|
|
|
*/
|
|
|
|
|
- if (_p11_extract_jks_timestamp)
|
|
|
|
|
- now = _p11_extract_jks_timestamp;
|
|
|
|
|
- else {
|
|
|
|
|
+ {
|
|
|
|
|
char *source_date_epoch;
|
|
|
|
|
source_date_epoch = secure_getenv ("SOURCE_DATE_EPOCH");
|
|
|
|
|
if (source_date_epoch) {
|
|
|
|
|
@@ -278,7 +276,9 @@
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
now = epoch;
|
|
|
|
|
- } else
|
|
|
|
|
+ } else if (_p11_extract_jks_timestamp)
|
|
|
|
|
+ now = _p11_extract_jks_timestamp;
|
|
|
|
|
+ else
|
|
|
|
|
now = time (NULL);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
