security/opencryptoki: Update to 3.19.0

2023-02-11 14:34:26 +09:00 · 2023-02-11 14:34:26 +09:00 · e83df13905
commit e83df13905
parent 5550e3d490
10 changed files with 55 additions and 61 deletions
--- a/security/opencryptoki/Makefile
+++ b/security/opencryptoki/Makefile
@ -1,5 +1,5 @@
 PORTNAME=	opencryptoki
-PORTVERSION=	3.18.0
+PORTVERSION=	3.19.0
 DISTVERSIONPREFIX=	v
 CATEGORIES=	security

--- a/security/opencryptoki/distinfo
+++ b/security/opencryptoki/distinfo
@ -1,3 +1,3 @@
-TIMESTAMP = 1651086346
-SHA256 (opencryptoki-opencryptoki-v3.18.0_GH0.tar.gz) = 18882bbb3eaff37b2badf93bce1faab86406ed60f40fd5debc08afd3ceba36c2
-SIZE (opencryptoki-opencryptoki-v3.18.0_GH0.tar.gz) = 1337092
+TIMESTAMP = 1673927846
+SHA256 (opencryptoki-opencryptoki-v3.19.0_GH0.tar.gz) = 9d8646fd5502bbcf6debc89e76ce064198272cbc5856baa8d350056abe5bdf14
+SIZE (opencryptoki-opencryptoki-v3.19.0_GH0.tar.gz) = 1371265
--- a/security/opencryptoki/files/patch-Makefile.am
+++ b/security/opencryptoki/files/patch-Makefile.am
@ -1,6 +1,6 @@
--- Makefile.am.orig	2022-04-25 11:04:51 UTC
+--- Makefile.am.orig	2022-09-30 07:45:52 UTC
 +++ Makefile.am
-@@ -39,9 +39,9 @@ if ENABLE_LIBRARY
+@@ -47,9 +47,9 @@ if ENABLE_LIBRARY
 	cd $(DESTDIR)$(libdir)/opencryptoki && \
 		ln -fs libopencryptoki.so PKCS11_API.so
 	cd $(DESTDIR)$(libdir)/opencryptoki && \
@ -12,7 +12,7 @@
 	cd $(DESTDIR)$(libdir)/pkcs11 && \
 		ln -fs ../opencryptoki/libopencryptoki.so PKCS11_API.so
 	cd $(DESTDIR)$(libdir)/pkcs11 && \
-@@ -53,55 +53,55 @@ if ENABLE_CCATOK
+@@ -61,12 +61,12 @@ if ENABLE_CCATOK
 	cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
 		ln -fs libpkcs11_cca.so PKCS11_CCA.so
 	$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ
@ -26,8 +26,9 @@
 -	$(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/ccatok
 +	$(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/ccatok
 	$(CHMOD) 0770 $(DESTDIR)$(lockdir)/ccatok
- endif
- if ENABLE_EP11TOK
+ 	test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true
+ 	test -f $(DESTDIR)$(sysconfdir)/opencryptoki/ccatok.conf || $(INSTALL) -m 644 $(srcdir)/usr/lib/cca_stdll/ccatok.conf $(DESTDIR)$(sysconfdir)/opencryptoki/ccatok.conf || true
+@@ -75,43 +75,43 @@ if ENABLE_EP11TOK
 	cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
 		ln -fs libpkcs11_ep11.so PKCS11_EP11.so
 	$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok/TOK_OBJ
@ -39,7 +40,7 @@
 	$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok
 	$(MKDIR_P) $(DESTDIR)$(lockdir)/ep11tok
 -	$(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/ep11tok
-+	$(CHGRP) @PKCSGROUP11@ $(DESTDIR)$(lockdir)/ep11tok
+	$(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/ep11tok
 	$(CHMOD) 0770 $(DESTDIR)$(lockdir)/ep11tok
 	test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true
 -	test -f $(DESTDIR)$(sysconfdir)/opencryptoki/ep11tok.conf || $(INSTALL) -m 644 $(srcdir)/usr/lib/ep11_stdll/ep11tok.conf $(DESTDIR)$(sysconfdir)/opencryptoki/ep11tok.conf || true
@ -50,7 +51,7 @@
 if ENABLE_P11SAK
 	test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true
 -	test -f $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || $(INSTALL) -g pkcs11 -m 0640 $(srcdir)/usr/sbin/p11sak/p11sak_defined_attrs.conf $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || true
-+	test -f $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf.sample || $(INSTALL) -m 0640 $(srcdir)/usr/sbin/p11sak/p11sak_defined_attrs.conf $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf.sample || true
+	test -f $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf.sample || $(INSTALL) -g @PKCS11GROUP@ -m 0640 $(srcdir)/usr/sbin/p11sak/p11sak_defined_attrs.conf $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf.sample || true
 endif
 if ENABLE_ICATOK
 	cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
@ -83,7 +84,7 @@
 	$(CHMOD) 0770 $(DESTDIR)$(lockdir)/swtok
 endif
 if ENABLE_TPMTOK
-@@ -109,10 +109,10 @@ if ENABLE_TPMTOK
+@@ -119,10 +119,10 @@ if ENABLE_TPMTOK
 	cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
 		ln -fs libpkcs11_tpm.so PKCS11_TPM.so
 	$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm
@ -96,7 +97,7 @@
 	$(CHMOD) 0770 $(DESTDIR)$(lockdir)/tpm
 endif
 if ENABLE_ICSFTOK
-@@ -120,16 +120,15 @@ if ENABLE_ICSFTOK
+@@ -130,16 +130,15 @@ if ENABLE_ICSFTOK
 	cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
 		ln -fs libpkcs11_icsf.so PKCS11_ICSF.so
 	$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf
@ -116,7 +117,7 @@
 if ENABLE_SYSTEMD
 	mkdir -p $(DESTDIR)/usr/lib/tmpfiles.d
 	cp $(srcdir)/misc/tmpfiles.conf $(DESTDIR)/usr/lib/tmpfiles.d/opencryptoki.conf
-@@ -137,16 +136,8 @@ if ENABLE_SYSTEMD
+@@ -147,16 +146,8 @@ if ENABLE_SYSTEMD
 	rm -f $(DESTDIR)/usr/lib/systemd/system/tmpfiles.conf
 endif
 endif
@ -134,7 +135,7 @@
 	$(CHMOD) 0770 $(DESTDIR)$(lockdir) $(DESTDIR)$(logdir)
 
 
-@@ -190,7 +181,6 @@ if ENABLE_TPMTOK
+@@ -200,7 +191,6 @@ if ENABLE_TPMTOK
 		cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
 		rm -rf PKCS11_TPM.so; fi
 endif
--- a/security/opencryptoki/files/patch-configure.ac
+++ b/security/opencryptoki/files/patch-configure.ac
@ -1,4 +1,4 @@
--- configure.ac.orig	2022-04-25 11:04:51 UTC
+--- configure.ac.orig	2022-09-30 07:45:52 UTC
 +++ configure.ac
@@ -12,6 +12,9 @@ dnl Checks for header files.
 AC_DISABLE_STATIC
@ -19,20 +19,17 @@
 AC_PATH_PROG([USERMOD], [usermod], [/usr/sbin/usermod])
 AC_PATH_PROG([GROUPADD], [groupadd], [/usr/sbin/groupadd])
 AC_PATH_PROG([CAT], [cat], [/bin/cat])
-@@ -71,19 +74,27 @@ fi
+@@ -71,18 +74,26 @@ fi
 AC_CHECK_LIB([itm], [_ITM_commitTransaction], [itm=yes], [itm=no])
 
 OPENLDAP_LIBS=
-AC_CHECK_HEADERS([lber.h ldap.h],
 +if test "x$enable_icsftok" = "xyes"; then
-+    AC_CHECK_HEADERS([lber.h ldap.h],
+ AC_CHECK_HEADERS([lber.h ldap.h],
 		[OPENLDAP_LIBS="-llber -lldap"],
 		[AC_MSG_ERROR([lber.h and ldap.h are missing. Please install
 			      'openldap-devel'.])])
-LIBS="$LIBS $OPENLDAP_LIBS"
-+    LIBS="$LIBS $OPENLDAP_LIBS"
-+fi
 AC_SUBST([OPENLDAP_LIBS])
+fi
 
 dnl Define custom variables
 
@ -51,7 +48,7 @@
 AC_SUBST(logdir)
 
 dnl ---
-@@ -241,6 +252,19 @@ AC_ARG_WITH([libudev],
+@@ -244,6 +255,19 @@ AC_ARG_WITH([libudev],
 	[],
 	[with_libudev=check])
 
@ -71,9 +68,9 @@
 dnl ---
 dnl ---
 dnl --- Now that we have all the options, let's check for a valid build
-@@ -662,10 +686,14 @@ libitm and gcc>=4.7 is required])
+@@ -674,10 +698,14 @@ else
 fi
- AM_CONDITIONAL([ENABLE_LOCKS], [test "x$enable_locks" = "xyes"])
+ AM_CONDITIONAL([ENABLE_MD2], [test "x$enable_md2" = "xyes"])
 
 -CFLAGS="$CFLAGS -DPKCS64 -D_XOPEN_SOURCE=600 -Wall -Wextra"
 +CFLAGS="$CFLAGS -Wall -Wextra -Wno-pointer-sign"
@ -88,7 +85,7 @@
 # At this point, CFLAGS is set to something sensible
 AC_PROG_CC
 AC_PROG_CXX
-@@ -678,6 +706,10 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM(
+@@ -690,6 +718,10 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM(
     #endif]])],,
   [AC_MSG_ERROR([C++ compiler is missing on your system. Please install 'gcc-c++'.])])
 AC_LANG_POP([C++])
--- a/security/opencryptoki/files/patch-usr-lib-ica_s390_stdll-ica_s390_stdll.mk
+++ b/security/opencryptoki/files/patch-usr-lib-ica_s390_stdll-ica_s390_stdll.mk
@ -1,4 +1,4 @@
--- usr/lib/ica_s390_stdll/ica_s390_stdll.mk.orig	2022-04-25 11:04:51 UTC
+--- usr/lib/ica_s390_stdll/ica_s390_stdll.mk.orig	2022-09-30 07:45:52 UTC
 +++ usr/lib/ica_s390_stdll/ica_s390_stdll.mk
@@ -3,7 +3,7 @@ nobase_lib_LTLIBRARIES += opencryptoki/stdll/libpkcs11
 noinst_HEADERS += usr/lib/ica_s390_stdll/tok_struct.h
@ -6,7 +6,7 @@
 opencryptoki_stdll_libpkcs11_ica_la_CFLAGS =				\
 -	-DDEV -D_THREAD_SAFE -fPIC -DSHALLOW=0 -DSWTOK=0 -DLITE=1	\
 +	-DDEV -D_THREAD_SAFE $(FPIC) -DSHALLOW=0 -DSWTOK=0 -DLITE=1	\
- 	-DNODH -DNOCDMF -DNOMD2 -DNODSA -DSTDLL_NAME=\"icatok\"		\
+ 	-DNODH -DNOMD2 -DNODSA -DSTDLL_NAME=\"icatok\"			\
 	-DTOK_NEW_DATA_STORE=0x0003000c					\
 	$(ICA_INC_DIRS) -I${srcdir}/usr/lib/ica_s390_stdll		\
@@ -12,7 +12,7 @@ opencryptoki_stdll_libpkcs11_ica_la_CFLAGS =				\
@ -15,6 +15,6 @@
 	$(LCRYPTO) $(ICA_LIB_DIRS) -nostartfiles -shared		\
 -	-Wl,-z,defs,-Bsymbolic -Wl,-soname,$@ -lc -lpthread -lica -ldl	\
 +	-Wl,-z,defs,-Bsymbolic -Wl,-soname,$@ -lc -lpthread -lica 	\
- 	-lcrypto -lrt							\
+ 	-lcrypto -lrt -llber						\
 	-Wl,--version-script=${srcdir}/opencryptoki_tok.map
 
--- a/security/opencryptoki/files/patch-usr-lib-soft_stdll-soft_stdll.mk
+++ b/security/opencryptoki/files/patch-usr-lib-soft_stdll-soft_stdll.mk
@ -1,9 +1,9 @@
--- usr/lib/soft_stdll/soft_stdll.mk.orig	2022-04-25 11:04:51 UTC
+--- usr/lib/soft_stdll/soft_stdll.mk.orig	2022-09-30 07:45:52 UTC
 +++ usr/lib/soft_stdll/soft_stdll.mk
@@ -4,7 +4,7 @@ noinst_HEADERS += usr/lib/soft_stdll/tok_struct.h
 
 opencryptoki_stdll_libpkcs11_sw_la_CFLAGS =				\
- 	-DDEV -D_THREAD_SAFE -DSHALLOW=0 -DSWTOK=1 -DLITE=0 -DNOCDMF	\
+ 	-DDEV -D_THREAD_SAFE -DSHALLOW=0 -DSWTOK=1 -DLITE=0		\
 -	-DNOMD2 -DNODSA -DNORIPE -fPIC -I${srcdir}/usr/lib/soft_stdll	\
 +	-DNOMD2 -DNODSA -DNORIPE $(FPIC) -I${srcdir}/usr/lib/soft_stdll	\
 	-DTOK_NEW_DATA_STORE=0x0003000c					\
--- a/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c
+++ b/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c
@ -1,6 +1,6 @@
--- usr/sbin/pkcsconf/pkcsconf.c.orig	2022-04-25 11:04:51 UTC
+--- usr/sbin/pkcsconf/pkcsconf.c.orig	2022-09-30 07:45:52 UTC
 +++ usr/sbin/pkcsconf/pkcsconf.c
-@@ -548,7 +548,7 @@ CK_RV check_user_and_group(void)
+@@ -362,7 +362,7 @@ CK_RV check_user_and_group(void)
      * when forked). So we need to get the group information.
      * Really need to take the uid and map it to a name.
      */
@ -9,12 +9,3 @@
     if (grp == NULL) {
         return CKR_FUNCTION_FAILED;
     }
-@@ -589,6 +589,8 @@ CK_RV display_pkcs11_info(void)
-     printf("\tLibrary Description: %.32s \n", CryptokiInfo.libraryDescription);
-     printf("\tLibrary Version: %d.%d \n", CryptokiInfo.libraryVersion.major,
-            CryptokiInfo.libraryVersion.minor);
-+
-+    cleanup();
- 
-     return rc;
- }
--- a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-opencryptoki.conf
+++ b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-opencryptoki.conf
@ -1,6 +1,6 @@
--- usr/sbin/pkcsslotd/opencryptoki.conf.orig	2022-04-25 11:04:51 UTC
+--- usr/sbin/pkcsslotd/opencryptoki.conf.orig	2022-09-30 07:45:52 UTC
 +++ usr/sbin/pkcsslotd/opencryptoki.conf
-@@ -21,31 +21,40 @@ version opencryptoki-3.18
+@@ -21,32 +21,41 @@ version opencryptoki-3.19
 #
 slot 0
 {
@ -23,6 +23,7 @@
 slot 2
 {
 -stdll = libpkcs11_cca.so
+-confname = ccatok.conf
 -tokversion = 3.12
 +  stdll = %%DLLDIR%%/libpkcs11_icsf.so
 +  description = "ICSF (Integrated Cryptographic Service Facility) Token"
@ -34,11 +35,11 @@
 -stdll = libpkcs11_sw.so
 -tokversion = 3.12
 -}
-+# slot 3
-+# {
-+# stdll = %%DLLDIR%%/libpkcs11_ica.so
-+# tokversion = 3.12
-+# }
+#slot 3
+#{
+#  stdll = %%DLLDIR%%/libpkcs11_ica.so
+#  tokversion = 3.12
+#}
 
 -slot 4
 -{
@ -46,15 +47,16 @@
 -confname = ep11tok.conf
 -tokversion = 3.12
 -}
-+# slot 4 
-+# {
-+# stdll = %%DLLDIR%%/libpkcs11_cca.so
-+# tokversion = 3.12
-+# }
+#slot 4
+#{
+#  stdll = %%DLLDIR%%/libpkcs11_cca.so
+#  confname = ccatok.conf
+#  tokversion = 3.12
+#}
 +
-+# slot 5
-+# {
-+# stdll = %%DLLDIR%%/libpkcs11_ep11.so
-+# confname = ep11tok.conf
-+# tokversion = 3.12
-+# }
+#slot 5
+#{
+#  stdll = %%DLLDIR%%/libpkcs11_ep11.so
+#  confname = ep11tok.conf
+#  tokversion = 3.12
+#}
--- a/security/opencryptoki/pkg-descr
+++ b/security/opencryptoki/pkg-descr
@ -1 +1,3 @@
-openCryptoki is a PKCS#11 implementation.
+openCryptoki implements the PKCS#11 specification version 3.0,
+including several cryptographic tokens: CCA, ICA, TPM , SWToken,
+ICSF and EP11.
--- a/security/opencryptoki/pkg-plist
+++ b/security/opencryptoki/pkg-plist
@ -27,6 +27,7 @@ lib/pkcs11/libopencryptoki.so
 lib/pkcs11/methods
 lib/pkcs11/PKCS11_API.so
 lib/pkcs11/stdll
+libdata/pkgconfig/opencryptoki.pc
 man/man1/p11sak.1.gz
 man/man1/pkcsconf.1.gz
 man/man1/pkcsicsf.1.gz