security/opencryptoki: Update to 3.19.0

This commit is contained in:
Hiroki Sato 2023-02-11 14:34:26 +09:00
parent 5550e3d490
commit e83df13905
No known key found for this signature in database
GPG key ID: DBB07DC66F1F737F
10 changed files with 55 additions and 61 deletions

View file

@ -1,5 +1,5 @@
PORTNAME= opencryptoki
PORTVERSION= 3.18.0
PORTVERSION= 3.19.0
DISTVERSIONPREFIX= v
CATEGORIES= security

View file

@ -1,3 +1,3 @@
TIMESTAMP = 1651086346
SHA256 (opencryptoki-opencryptoki-v3.18.0_GH0.tar.gz) = 18882bbb3eaff37b2badf93bce1faab86406ed60f40fd5debc08afd3ceba36c2
SIZE (opencryptoki-opencryptoki-v3.18.0_GH0.tar.gz) = 1337092
TIMESTAMP = 1673927846
SHA256 (opencryptoki-opencryptoki-v3.19.0_GH0.tar.gz) = 9d8646fd5502bbcf6debc89e76ce064198272cbc5856baa8d350056abe5bdf14
SIZE (opencryptoki-opencryptoki-v3.19.0_GH0.tar.gz) = 1371265

View file

@ -1,6 +1,6 @@
--- Makefile.am.orig 2022-04-25 11:04:51 UTC
--- Makefile.am.orig 2022-09-30 07:45:52 UTC
+++ Makefile.am
@@ -39,9 +39,9 @@ if ENABLE_LIBRARY
@@ -47,9 +47,9 @@ if ENABLE_LIBRARY
cd $(DESTDIR)$(libdir)/opencryptoki && \
ln -fs libopencryptoki.so PKCS11_API.so
cd $(DESTDIR)$(libdir)/opencryptoki && \
@ -12,7 +12,7 @@
cd $(DESTDIR)$(libdir)/pkcs11 && \
ln -fs ../opencryptoki/libopencryptoki.so PKCS11_API.so
cd $(DESTDIR)$(libdir)/pkcs11 && \
@@ -53,55 +53,55 @@ if ENABLE_CCATOK
@@ -61,12 +61,12 @@ if ENABLE_CCATOK
cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
ln -fs libpkcs11_cca.so PKCS11_CCA.so
$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ
@ -26,8 +26,9 @@
- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/ccatok
+ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/ccatok
$(CHMOD) 0770 $(DESTDIR)$(lockdir)/ccatok
endif
if ENABLE_EP11TOK
test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true
test -f $(DESTDIR)$(sysconfdir)/opencryptoki/ccatok.conf || $(INSTALL) -m 644 $(srcdir)/usr/lib/cca_stdll/ccatok.conf $(DESTDIR)$(sysconfdir)/opencryptoki/ccatok.conf || true
@@ -75,43 +75,43 @@ if ENABLE_EP11TOK
cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
ln -fs libpkcs11_ep11.so PKCS11_EP11.so
$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok/TOK_OBJ
@ -39,7 +40,7 @@
$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok
$(MKDIR_P) $(DESTDIR)$(lockdir)/ep11tok
- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/ep11tok
+ $(CHGRP) @PKCSGROUP11@ $(DESTDIR)$(lockdir)/ep11tok
+ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/ep11tok
$(CHMOD) 0770 $(DESTDIR)$(lockdir)/ep11tok
test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true
- test -f $(DESTDIR)$(sysconfdir)/opencryptoki/ep11tok.conf || $(INSTALL) -m 644 $(srcdir)/usr/lib/ep11_stdll/ep11tok.conf $(DESTDIR)$(sysconfdir)/opencryptoki/ep11tok.conf || true
@ -50,7 +51,7 @@
if ENABLE_P11SAK
test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true
- test -f $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || $(INSTALL) -g pkcs11 -m 0640 $(srcdir)/usr/sbin/p11sak/p11sak_defined_attrs.conf $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || true
+ test -f $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf.sample || $(INSTALL) -m 0640 $(srcdir)/usr/sbin/p11sak/p11sak_defined_attrs.conf $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf.sample || true
+ test -f $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf.sample || $(INSTALL) -g @PKCS11GROUP@ -m 0640 $(srcdir)/usr/sbin/p11sak/p11sak_defined_attrs.conf $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf.sample || true
endif
if ENABLE_ICATOK
cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
@ -83,7 +84,7 @@
$(CHMOD) 0770 $(DESTDIR)$(lockdir)/swtok
endif
if ENABLE_TPMTOK
@@ -109,10 +109,10 @@ if ENABLE_TPMTOK
@@ -119,10 +119,10 @@ if ENABLE_TPMTOK
cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
ln -fs libpkcs11_tpm.so PKCS11_TPM.so
$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm
@ -96,7 +97,7 @@
$(CHMOD) 0770 $(DESTDIR)$(lockdir)/tpm
endif
if ENABLE_ICSFTOK
@@ -120,16 +120,15 @@ if ENABLE_ICSFTOK
@@ -130,16 +130,15 @@ if ENABLE_ICSFTOK
cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
ln -fs libpkcs11_icsf.so PKCS11_ICSF.so
$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf
@ -116,7 +117,7 @@
if ENABLE_SYSTEMD
mkdir -p $(DESTDIR)/usr/lib/tmpfiles.d
cp $(srcdir)/misc/tmpfiles.conf $(DESTDIR)/usr/lib/tmpfiles.d/opencryptoki.conf
@@ -137,16 +136,8 @@ if ENABLE_SYSTEMD
@@ -147,16 +146,8 @@ if ENABLE_SYSTEMD
rm -f $(DESTDIR)/usr/lib/systemd/system/tmpfiles.conf
endif
endif
@ -134,7 +135,7 @@
$(CHMOD) 0770 $(DESTDIR)$(lockdir) $(DESTDIR)$(logdir)
@@ -190,7 +181,6 @@ if ENABLE_TPMTOK
@@ -200,7 +191,6 @@ if ENABLE_TPMTOK
cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
rm -rf PKCS11_TPM.so; fi
endif

View file

@ -1,4 +1,4 @@
--- configure.ac.orig 2022-04-25 11:04:51 UTC
--- configure.ac.orig 2022-09-30 07:45:52 UTC
+++ configure.ac
@@ -12,6 +12,9 @@ dnl Checks for header files.
AC_DISABLE_STATIC
@ -19,20 +19,17 @@
AC_PATH_PROG([USERMOD], [usermod], [/usr/sbin/usermod])
AC_PATH_PROG([GROUPADD], [groupadd], [/usr/sbin/groupadd])
AC_PATH_PROG([CAT], [cat], [/bin/cat])
@@ -71,19 +74,27 @@ fi
@@ -71,18 +74,26 @@ fi
AC_CHECK_LIB([itm], [_ITM_commitTransaction], [itm=yes], [itm=no])
OPENLDAP_LIBS=
-AC_CHECK_HEADERS([lber.h ldap.h],
+if test "x$enable_icsftok" = "xyes"; then
+ AC_CHECK_HEADERS([lber.h ldap.h],
AC_CHECK_HEADERS([lber.h ldap.h],
[OPENLDAP_LIBS="-llber -lldap"],
[AC_MSG_ERROR([lber.h and ldap.h are missing. Please install
'openldap-devel'.])])
-LIBS="$LIBS $OPENLDAP_LIBS"
+ LIBS="$LIBS $OPENLDAP_LIBS"
+fi
AC_SUBST([OPENLDAP_LIBS])
+fi
dnl Define custom variables
@ -51,7 +48,7 @@
AC_SUBST(logdir)
dnl ---
@@ -241,6 +252,19 @@ AC_ARG_WITH([libudev],
@@ -244,6 +255,19 @@ AC_ARG_WITH([libudev],
[],
[with_libudev=check])
@ -71,9 +68,9 @@
dnl ---
dnl ---
dnl --- Now that we have all the options, let's check for a valid build
@@ -662,10 +686,14 @@ libitm and gcc>=4.7 is required])
@@ -674,10 +698,14 @@ else
fi
AM_CONDITIONAL([ENABLE_LOCKS], [test "x$enable_locks" = "xyes"])
AM_CONDITIONAL([ENABLE_MD2], [test "x$enable_md2" = "xyes"])
-CFLAGS="$CFLAGS -DPKCS64 -D_XOPEN_SOURCE=600 -Wall -Wextra"
+CFLAGS="$CFLAGS -Wall -Wextra -Wno-pointer-sign"
@ -88,7 +85,7 @@
# At this point, CFLAGS is set to something sensible
AC_PROG_CC
AC_PROG_CXX
@@ -678,6 +706,10 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM(
@@ -690,6 +718,10 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM(
#endif]])],,
[AC_MSG_ERROR([C++ compiler is missing on your system. Please install 'gcc-c++'.])])
AC_LANG_POP([C++])

View file

@ -1,4 +1,4 @@
--- usr/lib/ica_s390_stdll/ica_s390_stdll.mk.orig 2022-04-25 11:04:51 UTC
--- usr/lib/ica_s390_stdll/ica_s390_stdll.mk.orig 2022-09-30 07:45:52 UTC
+++ usr/lib/ica_s390_stdll/ica_s390_stdll.mk
@@ -3,7 +3,7 @@ nobase_lib_LTLIBRARIES += opencryptoki/stdll/libpkcs11
noinst_HEADERS += usr/lib/ica_s390_stdll/tok_struct.h
@ -6,7 +6,7 @@
opencryptoki_stdll_libpkcs11_ica_la_CFLAGS = \
- -DDEV -D_THREAD_SAFE -fPIC -DSHALLOW=0 -DSWTOK=0 -DLITE=1 \
+ -DDEV -D_THREAD_SAFE $(FPIC) -DSHALLOW=0 -DSWTOK=0 -DLITE=1 \
-DNODH -DNOCDMF -DNOMD2 -DNODSA -DSTDLL_NAME=\"icatok\" \
-DNODH -DNOMD2 -DNODSA -DSTDLL_NAME=\"icatok\" \
-DTOK_NEW_DATA_STORE=0x0003000c \
$(ICA_INC_DIRS) -I${srcdir}/usr/lib/ica_s390_stdll \
@@ -12,7 +12,7 @@ opencryptoki_stdll_libpkcs11_ica_la_CFLAGS = \
@ -15,6 +15,6 @@
$(LCRYPTO) $(ICA_LIB_DIRS) -nostartfiles -shared \
- -Wl,-z,defs,-Bsymbolic -Wl,-soname,$@ -lc -lpthread -lica -ldl \
+ -Wl,-z,defs,-Bsymbolic -Wl,-soname,$@ -lc -lpthread -lica \
-lcrypto -lrt \
-lcrypto -lrt -llber \
-Wl,--version-script=${srcdir}/opencryptoki_tok.map

View file

@ -1,9 +1,9 @@
--- usr/lib/soft_stdll/soft_stdll.mk.orig 2022-04-25 11:04:51 UTC
--- usr/lib/soft_stdll/soft_stdll.mk.orig 2022-09-30 07:45:52 UTC
+++ usr/lib/soft_stdll/soft_stdll.mk
@@ -4,7 +4,7 @@ noinst_HEADERS += usr/lib/soft_stdll/tok_struct.h
opencryptoki_stdll_libpkcs11_sw_la_CFLAGS = \
-DDEV -D_THREAD_SAFE -DSHALLOW=0 -DSWTOK=1 -DLITE=0 -DNOCDMF \
-DDEV -D_THREAD_SAFE -DSHALLOW=0 -DSWTOK=1 -DLITE=0 \
- -DNOMD2 -DNODSA -DNORIPE -fPIC -I${srcdir}/usr/lib/soft_stdll \
+ -DNOMD2 -DNODSA -DNORIPE $(FPIC) -I${srcdir}/usr/lib/soft_stdll \
-DTOK_NEW_DATA_STORE=0x0003000c \

View file

@ -1,6 +1,6 @@
--- usr/sbin/pkcsconf/pkcsconf.c.orig 2022-04-25 11:04:51 UTC
--- usr/sbin/pkcsconf/pkcsconf.c.orig 2022-09-30 07:45:52 UTC
+++ usr/sbin/pkcsconf/pkcsconf.c
@@ -548,7 +548,7 @@ CK_RV check_user_and_group(void)
@@ -362,7 +362,7 @@ CK_RV check_user_and_group(void)
* when forked). So we need to get the group information.
* Really need to take the uid and map it to a name.
*/
@ -9,12 +9,3 @@
if (grp == NULL) {
return CKR_FUNCTION_FAILED;
}
@@ -589,6 +589,8 @@ CK_RV display_pkcs11_info(void)
printf("\tLibrary Description: %.32s \n", CryptokiInfo.libraryDescription);
printf("\tLibrary Version: %d.%d \n", CryptokiInfo.libraryVersion.major,
CryptokiInfo.libraryVersion.minor);
+
+ cleanup();
return rc;
}

View file

@ -1,6 +1,6 @@
--- usr/sbin/pkcsslotd/opencryptoki.conf.orig 2022-04-25 11:04:51 UTC
--- usr/sbin/pkcsslotd/opencryptoki.conf.orig 2022-09-30 07:45:52 UTC
+++ usr/sbin/pkcsslotd/opencryptoki.conf
@@ -21,31 +21,40 @@ version opencryptoki-3.18
@@ -21,32 +21,41 @@ version opencryptoki-3.19
#
slot 0
{
@ -23,6 +23,7 @@
slot 2
{
-stdll = libpkcs11_cca.so
-confname = ccatok.conf
-tokversion = 3.12
+ stdll = %%DLLDIR%%/libpkcs11_icsf.so
+ description = "ICSF (Integrated Cryptographic Service Facility) Token"
@ -34,11 +35,11 @@
-stdll = libpkcs11_sw.so
-tokversion = 3.12
-}
+# slot 3
+# {
+# stdll = %%DLLDIR%%/libpkcs11_ica.so
+# tokversion = 3.12
+# }
+#slot 3
+#{
+# stdll = %%DLLDIR%%/libpkcs11_ica.so
+# tokversion = 3.12
+#}
-slot 4
-{
@ -46,15 +47,16 @@
-confname = ep11tok.conf
-tokversion = 3.12
-}
+# slot 4
+# {
+# stdll = %%DLLDIR%%/libpkcs11_cca.so
+# tokversion = 3.12
+# }
+#slot 4
+#{
+# stdll = %%DLLDIR%%/libpkcs11_cca.so
+# confname = ccatok.conf
+# tokversion = 3.12
+#}
+
+# slot 5
+# {
+# stdll = %%DLLDIR%%/libpkcs11_ep11.so
+# confname = ep11tok.conf
+# tokversion = 3.12
+# }
+#slot 5
+#{
+# stdll = %%DLLDIR%%/libpkcs11_ep11.so
+# confname = ep11tok.conf
+# tokversion = 3.12
+#}

View file

@ -1 +1,3 @@
openCryptoki is a PKCS#11 implementation.
openCryptoki implements the PKCS#11 specification version 3.0,
including several cryptographic tokens: CCA, ICA, TPM , SWToken,
ICSF and EP11.

View file

@ -27,6 +27,7 @@ lib/pkcs11/libopencryptoki.so
lib/pkcs11/methods
lib/pkcs11/PKCS11_API.so
lib/pkcs11/stdll
libdata/pkgconfig/opencryptoki.pc
man/man1/p11sak.1.gz
man/man1/pkcsconf.1.gz
man/man1/pkcsicsf.1.gz