Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package p11-kit for openSUSE:Factory checked in at 2026-02-10 21:11:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/p11-kit (Old) and /work/SRC/openSUSE:Factory/.p11-kit.new.1670 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "p11-kit" Tue Feb 10 21:11:30 2026 rev:51 rq:1331978 version:0.26.2 Changes: -------- --- /work/SRC/openSUSE:Factory/p11-kit/p11-kit.changes 2026-01-21 14:14:50.012529527 +0100 +++ /work/SRC/openSUSE:Factory/.p11-kit.new.1670/p11-kit.changes 2026-02-10 21:11:33.833404252 +0100 @@ -1,0 +2,6 @@ +Mon Feb 9 08:52:59 UTC 2026 - Angel Yankov <[email protected]> + +- Update to 0.26.2 + rpc: CVE-2026-2100: NULL dereference via C_DeriveKey with specific NULL parameters (bsc#1257820) + +------------------------------------------------------------------- Old: ---- p11-kit-0.26.1.tar.xz p11-kit-0.26.1.tar.xz.sig New: ---- p11-kit-0.26.2.tar.xz p11-kit-0.26.2.tar.xz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ p11-kit.spec ++++++ --- /var/tmp/diff_new_pack.ZmdZcK/_old 2026-02-10 21:11:34.521433082 +0100 +++ /var/tmp/diff_new_pack.ZmdZcK/_new 2026-02-10 21:11:34.521433082 +0100 @@ -21,7 +21,7 @@ %define trustdir_cfg %{pkidir_cfg}/trust %define trustdir_static %{pkidir_static}/trust Name: p11-kit -Version: 0.26.1 +Version: 0.26.2 Release: 0 Summary: Library to work with PKCS#11 modules License: BSD-3-Clause ++++++ p11-kit-0.26.1.tar.xz -> p11-kit-0.26.2.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/p11-kit-0.26.1/ChangeLog new/p11-kit-0.26.2/ChangeLog --- old/p11-kit-0.26.1/ChangeLog 2026-01-19 12:31:19.000000000 +0100 +++ new/p11-kit-0.26.2/ChangeLog 2026-02-06 17:01:26.000000000 +0100 @@ -1,5 +1,29 @@ # Generate automatically. Do not edit. +commit 8e6e4e6d64d9fe91c62b0052c105b2b72d4c24ef +Author: Zoltan Fridrich <[email protected]> +Date: 2026-02-06 + + Release 0.26.2 + + Signed-off-by: Zoltan Fridrich <[email protected]> + + NEWS | 3 +++ + configure.ac | 4 ++-- + meson.build | 4 ++-- + 3 files changed, 7 insertions(+), 4 deletions(-) + +commit 39f3b5ed3deccc2772e21ffb7d269329e3ecb600 +Author: Zoltan Fridrich <[email protected]> +Date: 2026-01-26 + + Fix issues found by static analysis + + Signed-off-by: Zoltan Fridrich <[email protected]> + + p11-kit/rpc-message.c | 44 ++++++++++++++++++++++++-------------------- + 1 file changed, 24 insertions(+), 20 deletions(-) + commit 49ccc27a1e433d6128d40a43c7ecc4624b0dbfde Author: Zoltan Fridrich <[email protected]> Date: 2026-01-19 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/p11-kit-0.26.1/NEWS new/p11-kit-0.26.2/NEWS --- old/p11-kit-0.26.1/NEWS 2026-01-19 12:28:26.000000000 +0100 +++ new/p11-kit-0.26.2/NEWS 2026-02-06 16:59:06.000000000 +0100 @@ -1,3 +1,6 @@ +0.26.2 (stable) +* rpc: fix NULL dereference via C_DeriveKey with specific NULL parameters (CVE-2026-2100) + 0.26.1 (stable) * trust: Ensure compatibility of CKA_NSS_TRUST and CKA_TRUST diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/p11-kit-0.26.1/configure new/p11-kit-0.26.2/configure --- old/p11-kit-0.26.1/configure 2026-01-19 12:29:20.000000000 +0100 +++ new/p11-kit-0.26.2/configure 2026-02-06 16:59:40.000000000 +0100 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.72 for p11-kit 0.26.1. +# Generated by GNU Autoconf 2.72 for p11-kit 0.26.2. # # Report bugs to <https://github.com/p11-glue/p11-kit/issues>. # @@ -614,8 +614,8 @@ # Identity of this package. PACKAGE_NAME='p11-kit' PACKAGE_TARNAME='p11-kit' -PACKAGE_VERSION='0.26.1' -PACKAGE_STRING='p11-kit 0.26.1' +PACKAGE_VERSION='0.26.2' +PACKAGE_STRING='p11-kit 0.26.2' PACKAGE_BUGREPORT='https://github.com/p11-glue/p11-kit/issues' PACKAGE_URL='https://p11-glue.github.io/p11-glue/p11-kit.html' @@ -1494,7 +1494,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -'configure' configures p11-kit 0.26.1 to adapt to many kinds of systems. +'configure' configures p11-kit 0.26.2 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1565,7 +1565,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of p11-kit 0.26.1:";; + short | recursive ) echo "Configuration of p11-kit 0.26.2:";; esac cat <<\_ACEOF @@ -1750,7 +1750,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -p11-kit configure 0.26.1 +p11-kit configure 0.26.2 generated by GNU Autoconf 2.72 Copyright (C) 2023 Free Software Foundation, Inc. @@ -2428,7 +2428,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by p11-kit $as_me 0.26.1, which was +It was created by p11-kit $as_me 0.26.2, which was generated by GNU Autoconf 2.72. Invocation command line was $ $0$ac_configure_args_raw @@ -3213,7 +3213,7 @@ # ? : +1 : ? == internal changes that doesn't break anything. P11KIT_CURRENT=4 -P11KIT_REVISION=7 +P11KIT_REVISION=8 P11KIT_AGE=4 # ------------------------------------------------------------------------------ @@ -3933,7 +3933,7 @@ # Define the identity of the package. PACKAGE='p11-kit' - VERSION='0.26.1' + VERSION='0.26.2' printf "%s\n" "#define PACKAGE \"$PACKAGE\"" >>confdefs.h @@ -22592,7 +22592,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by p11-kit $as_me 0.26.1, which was +This file was extended by p11-kit $as_me 0.26.2, which was generated by GNU Autoconf 2.72. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -22661,7 +22661,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -p11-kit config.status 0.26.1 +p11-kit config.status 0.26.2 configured by $0, generated by GNU Autoconf 2.72, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/p11-kit-0.26.1/configure.ac new/p11-kit-0.26.2/configure.ac --- old/p11-kit-0.26.1/configure.ac 2026-01-19 12:28:26.000000000 +0100 +++ new/p11-kit-0.26.2/configure.ac 2026-02-06 16:59:06.000000000 +0100 @@ -1,7 +1,7 @@ AC_PREREQ(2.61) AC_INIT([p11-kit], - [0.26.1], + [0.26.2], [https://github.com/p11-glue/p11-kit/issues], [p11-kit], [https://p11-glue.github.io/p11-glue/p11-kit.html]) @@ -14,7 +14,7 @@ # ? : +1 : ? == internal changes that doesn't break anything. P11KIT_CURRENT=4 -P11KIT_REVISION=7 +P11KIT_REVISION=8 P11KIT_AGE=4 # ------------------------------------------------------------------------------ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/p11-kit-0.26.1/doc/manual/html/index.html new/p11-kit-0.26.2/doc/manual/html/index.html --- old/p11-kit-0.26.1/doc/manual/html/index.html 2026-01-19 12:31:18.000000000 +0100 +++ new/p11-kit-0.26.2/doc/manual/html/index.html 2026-02-06 17:01:25.000000000 +0100 @@ -14,7 +14,7 @@ <div class="titlepage"> <div> <div><table class="navigation" id="top" width="100%" cellpadding="2" cellspacing="0"><tr><th valign="middle"><p class="title">p11-kit</p></th></tr></table></div> -<div><p class="releaseinfo">for p11-kit 0.26.1</p></div> +<div><p class="releaseinfo">for p11-kit 0.26.2</p></div> </div> <hr> </div> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/p11-kit-0.26.1/meson.build new/p11-kit-0.26.2/meson.build --- old/p11-kit-0.26.1/meson.build 2026-01-19 12:28:26.000000000 +0100 +++ new/p11-kit-0.26.2/meson.build 2026-02-06 16:59:06.000000000 +0100 @@ -1,5 +1,5 @@ project('p11-kit', 'c', - version: '0.26.1', + version: '0.26.2', meson_version: '>= 0.51') version_arr = meson.project_version().split('.') @@ -10,7 +10,7 @@ cc = meson.get_compiler('c') current = 4 -revision = 7 +revision = 8 age = 4 soversion = current - age diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/p11-kit-0.26.1/p11-kit/rpc-message.c new/p11-kit-0.26.2/p11-kit/rpc-message.c --- old/p11-kit-0.26.1/p11-kit/rpc-message.c 2025-09-18 14:24:32.000000000 +0200 +++ new/p11-kit-0.26.2/p11-kit/rpc-message.c 2026-02-06 16:36:24.000000000 +0100 @@ -1716,25 +1716,27 @@ if (!p11_rpc_buffer_get_byte(buffer, offset, &has_data)) return false; - if (has_data == 0) { - if (!p11_rpc_buffer_get_uint32(buffer, offset, &length)) + if (has_data) { + if (!p11_rpc_buffer_get_byte_array(buffer, offset, &data, &len)) return false; - len = length; } else { - if (!p11_rpc_buffer_get_byte_array(buffer, offset, &data, &len)) + if (!p11_rpc_buffer_get_uint32(buffer, offset, &length)) return false; + len = length; } if (value) { CK_IBM_KYBER_PARAMS *params = (CK_IBM_KYBER_PARAMS *) value; - if (params->pCipher && params->ulCipherLen == len) { - memcpy(params->pCipher, data, len); - params->ulCipherLen = len; - } else { - params->pCipher = (void *) data; - params->ulCipherLen = len; + if (has_data) { + assert (data != NULL); + + if (params->pCipher && params->ulCipherLen == len) + memcpy(params->pCipher, data, len); + else + params->pCipher = (void *) data; } + params->ulCipherLen = len; } } @@ -1781,25 +1783,27 @@ if (!p11_rpc_buffer_get_byte(buffer, offset, &has_data)) return false; - if (has_data == 0) { - if (!p11_rpc_buffer_get_uint32(buffer, offset, &length)) + if (has_data) { + if (!p11_rpc_buffer_get_byte_array(buffer, offset, &data, &len)) return false; - len = length; } else { - if (!p11_rpc_buffer_get_byte_array(buffer, offset, &data, &len)) + if (!p11_rpc_buffer_get_uint32(buffer, offset, &length)) return false; + len = length; } if (value) { CK_IBM_BTC_DERIVE_PARAMS *params = (CK_IBM_BTC_DERIVE_PARAMS *) value; - if (params->pChainCode && params->ulChainCodeLen == len) { - memcpy(params->pChainCode, data, len); - params->ulChainCodeLen = len; - } else { - params->pChainCode = (void *) data; - params->ulChainCodeLen = len; + if (has_data) { + assert (data != NULL); + + if (params->pChainCode && params->ulChainCodeLen == len) + memcpy(params->pChainCode, data, len); + else + params->pChainCode = (void *) data; } + params->ulChainCodeLen = len; } if (value_length) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/p11-kit-0.26.1/po/p11-kit.pot new/p11-kit-0.26.2/po/p11-kit.pot --- old/p11-kit-0.26.1/po/p11-kit.pot 2026-01-19 12:31:16.000000000 +0100 +++ new/p11-kit-0.26.2/po/p11-kit.pot 2026-02-06 17:01:23.000000000 +0100 @@ -6,9 +6,9 @@ #, fuzzy msgid "" msgstr "" -"Project-Id-Version: p11-kit 0.26.1\n" +"Project-Id-Version: p11-kit 0.26.2\n" "Report-Msgid-Bugs-To: https://github.com/p11-glue/p11-kit/issues\n"; -"POT-Creation-Date: 2026-01-19 10:15+0100\n" +"POT-Creation-Date: 2026-01-27 13:09+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <[email protected]>\n"
