git: e83df13905e9 - main - security/opencryptoki: Update to 3.19.0
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 11 Feb 2023 05:56:32 UTC
The branch main has been updated by hrs: URL: https://cgit.FreeBSD.org/ports/commit/?id=e83df13905e945f1b776a84ff8abfeda29f04743 commit e83df13905e945f1b776a84ff8abfeda29f04743 Author: Hiroki Sato <hrs@FreeBSD.org> AuthorDate: 2023-02-11 05:34:26 +0000 Commit: Hiroki Sato <hrs@FreeBSD.org> CommitDate: 2023-02-11 05:34:26 +0000 security/opencryptoki: Update to 3.19.0 --- security/opencryptoki/Makefile | 2 +- security/opencryptoki/distinfo | 6 ++-- security/opencryptoki/files/patch-Makefile.am | 23 ++++++------- security/opencryptoki/files/patch-configure.ac | 19 +++++------ .../patch-usr-lib-ica_s390_stdll-ica_s390_stdll.mk | 6 ++-- .../files/patch-usr-lib-soft_stdll-soft_stdll.mk | 4 +-- .../files/patch-usr-sbin-pkcsconf-pkcsconf.c | 13 ++------ .../patch-usr-sbin-pkcsslotd-opencryptoki.conf | 38 ++++++++++++---------- security/opencryptoki/pkg-descr | 4 ++- security/opencryptoki/pkg-plist | 1 + 10 files changed, 55 insertions(+), 61 deletions(-) diff --git a/security/opencryptoki/Makefile b/security/opencryptoki/Makefile index 0b0fa6c75acd..7ae3cc6d4bb1 100644 --- a/security/opencryptoki/Makefile +++ b/security/opencryptoki/Makefile @@ -1,5 +1,5 @@ PORTNAME= opencryptoki -PORTVERSION= 3.18.0 +PORTVERSION= 3.19.0 DISTVERSIONPREFIX= v CATEGORIES= security diff --git a/security/opencryptoki/distinfo b/security/opencryptoki/distinfo index b969f909723a..5f4f5a9f8f46 100644 --- a/security/opencryptoki/distinfo +++ b/security/opencryptoki/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1651086346 -SHA256 (opencryptoki-opencryptoki-v3.18.0_GH0.tar.gz) = 18882bbb3eaff37b2badf93bce1faab86406ed60f40fd5debc08afd3ceba36c2 -SIZE (opencryptoki-opencryptoki-v3.18.0_GH0.tar.gz) = 1337092 +TIMESTAMP = 1673927846 +SHA256 (opencryptoki-opencryptoki-v3.19.0_GH0.tar.gz) = 9d8646fd5502bbcf6debc89e76ce064198272cbc5856baa8d350056abe5bdf14 +SIZE (opencryptoki-opencryptoki-v3.19.0_GH0.tar.gz) = 1371265 diff --git a/security/opencryptoki/files/patch-Makefile.am b/security/opencryptoki/files/patch-Makefile.am index 36da7c4e1f9c..7f102a37c1f3 100644 --- a/security/opencryptoki/files/patch-Makefile.am +++ b/security/opencryptoki/files/patch-Makefile.am @@ -1,6 +1,6 @@ ---- Makefile.am.orig 2022-04-25 11:04:51 UTC +--- Makefile.am.orig 2022-09-30 07:45:52 UTC +++ Makefile.am -@@ -39,9 +39,9 @@ if ENABLE_LIBRARY +@@ -47,9 +47,9 @@ if ENABLE_LIBRARY cd $(DESTDIR)$(libdir)/opencryptoki && \ ln -fs libopencryptoki.so PKCS11_API.so cd $(DESTDIR)$(libdir)/opencryptoki && \ @@ -12,7 +12,7 @@ cd $(DESTDIR)$(libdir)/pkcs11 && \ ln -fs ../opencryptoki/libopencryptoki.so PKCS11_API.so cd $(DESTDIR)$(libdir)/pkcs11 && \ -@@ -53,55 +53,55 @@ if ENABLE_CCATOK +@@ -61,12 +61,12 @@ if ENABLE_CCATOK cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ ln -fs libpkcs11_cca.so PKCS11_CCA.so $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ @@ -26,8 +26,9 @@ - $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/ccatok + $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/ccatok $(CHMOD) 0770 $(DESTDIR)$(lockdir)/ccatok - endif - if ENABLE_EP11TOK + test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true + test -f $(DESTDIR)$(sysconfdir)/opencryptoki/ccatok.conf || $(INSTALL) -m 644 $(srcdir)/usr/lib/cca_stdll/ccatok.conf $(DESTDIR)$(sysconfdir)/opencryptoki/ccatok.conf || true +@@ -75,43 +75,43 @@ if ENABLE_EP11TOK cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ ln -fs libpkcs11_ep11.so PKCS11_EP11.so $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok/TOK_OBJ @@ -39,7 +40,7 @@ $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok $(MKDIR_P) $(DESTDIR)$(lockdir)/ep11tok - $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/ep11tok -+ $(CHGRP) @PKCSGROUP11@ $(DESTDIR)$(lockdir)/ep11tok ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/ep11tok $(CHMOD) 0770 $(DESTDIR)$(lockdir)/ep11tok test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true - test -f $(DESTDIR)$(sysconfdir)/opencryptoki/ep11tok.conf || $(INSTALL) -m 644 $(srcdir)/usr/lib/ep11_stdll/ep11tok.conf $(DESTDIR)$(sysconfdir)/opencryptoki/ep11tok.conf || true @@ -50,7 +51,7 @@ if ENABLE_P11SAK test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true - test -f $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || $(INSTALL) -g pkcs11 -m 0640 $(srcdir)/usr/sbin/p11sak/p11sak_defined_attrs.conf $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || true -+ test -f $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf.sample || $(INSTALL) -m 0640 $(srcdir)/usr/sbin/p11sak/p11sak_defined_attrs.conf $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf.sample || true ++ test -f $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf.sample || $(INSTALL) -g @PKCS11GROUP@ -m 0640 $(srcdir)/usr/sbin/p11sak/p11sak_defined_attrs.conf $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf.sample || true endif if ENABLE_ICATOK cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ @@ -83,7 +84,7 @@ $(CHMOD) 0770 $(DESTDIR)$(lockdir)/swtok endif if ENABLE_TPMTOK -@@ -109,10 +109,10 @@ if ENABLE_TPMTOK +@@ -119,10 +119,10 @@ if ENABLE_TPMTOK cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ ln -fs libpkcs11_tpm.so PKCS11_TPM.so $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm @@ -96,7 +97,7 @@ $(CHMOD) 0770 $(DESTDIR)$(lockdir)/tpm endif if ENABLE_ICSFTOK -@@ -120,16 +120,15 @@ if ENABLE_ICSFTOK +@@ -130,16 +130,15 @@ if ENABLE_ICSFTOK cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ ln -fs libpkcs11_icsf.so PKCS11_ICSF.so $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf @@ -116,7 +117,7 @@ if ENABLE_SYSTEMD mkdir -p $(DESTDIR)/usr/lib/tmpfiles.d cp $(srcdir)/misc/tmpfiles.conf $(DESTDIR)/usr/lib/tmpfiles.d/opencryptoki.conf -@@ -137,16 +136,8 @@ if ENABLE_SYSTEMD +@@ -147,16 +146,8 @@ if ENABLE_SYSTEMD rm -f $(DESTDIR)/usr/lib/systemd/system/tmpfiles.conf endif endif @@ -134,7 +135,7 @@ $(CHMOD) 0770 $(DESTDIR)$(lockdir) $(DESTDIR)$(logdir) -@@ -190,7 +181,6 @@ if ENABLE_TPMTOK +@@ -200,7 +191,6 @@ if ENABLE_TPMTOK cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ rm -rf PKCS11_TPM.so; fi endif diff --git a/security/opencryptoki/files/patch-configure.ac b/security/opencryptoki/files/patch-configure.ac index 8dd546747d7f..4dfd5277b635 100644 --- a/security/opencryptoki/files/patch-configure.ac +++ b/security/opencryptoki/files/patch-configure.ac @@ -1,4 +1,4 @@ ---- configure.ac.orig 2022-04-25 11:04:51 UTC +--- configure.ac.orig 2022-09-30 07:45:52 UTC +++ configure.ac @@ -12,6 +12,9 @@ dnl Checks for header files. AC_DISABLE_STATIC @@ -19,20 +19,17 @@ AC_PATH_PROG([USERMOD], [usermod], [/usr/sbin/usermod]) AC_PATH_PROG([GROUPADD], [groupadd], [/usr/sbin/groupadd]) AC_PATH_PROG([CAT], [cat], [/bin/cat]) -@@ -71,19 +74,27 @@ fi +@@ -71,18 +74,26 @@ fi AC_CHECK_LIB([itm], [_ITM_commitTransaction], [itm=yes], [itm=no]) OPENLDAP_LIBS= --AC_CHECK_HEADERS([lber.h ldap.h], +if test "x$enable_icsftok" = "xyes"; then -+ AC_CHECK_HEADERS([lber.h ldap.h], + AC_CHECK_HEADERS([lber.h ldap.h], [OPENLDAP_LIBS="-llber -lldap"], [AC_MSG_ERROR([lber.h and ldap.h are missing. Please install 'openldap-devel'.])]) --LIBS="$LIBS $OPENLDAP_LIBS" -+ LIBS="$LIBS $OPENLDAP_LIBS" -+fi AC_SUBST([OPENLDAP_LIBS]) ++fi dnl Define custom variables @@ -51,7 +48,7 @@ AC_SUBST(logdir) dnl --- -@@ -241,6 +252,19 @@ AC_ARG_WITH([libudev], +@@ -244,6 +255,19 @@ AC_ARG_WITH([libudev], [], [with_libudev=check]) @@ -71,9 +68,9 @@ dnl --- dnl --- dnl --- Now that we have all the options, let's check for a valid build -@@ -662,10 +686,14 @@ libitm and gcc>=4.7 is required]) +@@ -674,10 +698,14 @@ else fi - AM_CONDITIONAL([ENABLE_LOCKS], [test "x$enable_locks" = "xyes"]) + AM_CONDITIONAL([ENABLE_MD2], [test "x$enable_md2" = "xyes"]) -CFLAGS="$CFLAGS -DPKCS64 -D_XOPEN_SOURCE=600 -Wall -Wextra" +CFLAGS="$CFLAGS -Wall -Wextra -Wno-pointer-sign" @@ -88,7 +85,7 @@ # At this point, CFLAGS is set to something sensible AC_PROG_CC AC_PROG_CXX -@@ -678,6 +706,10 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM( +@@ -690,6 +718,10 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM( #endif]])],, [AC_MSG_ERROR([C++ compiler is missing on your system. Please install 'gcc-c++'.])]) AC_LANG_POP([C++]) diff --git a/security/opencryptoki/files/patch-usr-lib-ica_s390_stdll-ica_s390_stdll.mk b/security/opencryptoki/files/patch-usr-lib-ica_s390_stdll-ica_s390_stdll.mk index c8ea5dfc3812..d52aee50e309 100644 --- a/security/opencryptoki/files/patch-usr-lib-ica_s390_stdll-ica_s390_stdll.mk +++ b/security/opencryptoki/files/patch-usr-lib-ica_s390_stdll-ica_s390_stdll.mk @@ -1,4 +1,4 @@ ---- usr/lib/ica_s390_stdll/ica_s390_stdll.mk.orig 2022-04-25 11:04:51 UTC +--- usr/lib/ica_s390_stdll/ica_s390_stdll.mk.orig 2022-09-30 07:45:52 UTC +++ usr/lib/ica_s390_stdll/ica_s390_stdll.mk @@ -3,7 +3,7 @@ nobase_lib_LTLIBRARIES += opencryptoki/stdll/libpkcs11 noinst_HEADERS += usr/lib/ica_s390_stdll/tok_struct.h @@ -6,7 +6,7 @@ opencryptoki_stdll_libpkcs11_ica_la_CFLAGS = \ - -DDEV -D_THREAD_SAFE -fPIC -DSHALLOW=0 -DSWTOK=0 -DLITE=1 \ + -DDEV -D_THREAD_SAFE $(FPIC) -DSHALLOW=0 -DSWTOK=0 -DLITE=1 \ - -DNODH -DNOCDMF -DNOMD2 -DNODSA -DSTDLL_NAME=\"icatok\" \ + -DNODH -DNOMD2 -DNODSA -DSTDLL_NAME=\"icatok\" \ -DTOK_NEW_DATA_STORE=0x0003000c \ $(ICA_INC_DIRS) -I${srcdir}/usr/lib/ica_s390_stdll \ @@ -12,7 +12,7 @@ opencryptoki_stdll_libpkcs11_ica_la_CFLAGS = \ @@ -15,6 +15,6 @@ $(LCRYPTO) $(ICA_LIB_DIRS) -nostartfiles -shared \ - -Wl,-z,defs,-Bsymbolic -Wl,-soname,$@ -lc -lpthread -lica -ldl \ + -Wl,-z,defs,-Bsymbolic -Wl,-soname,$@ -lc -lpthread -lica \ - -lcrypto -lrt \ + -lcrypto -lrt -llber \ -Wl,--version-script=${srcdir}/opencryptoki_tok.map diff --git a/security/opencryptoki/files/patch-usr-lib-soft_stdll-soft_stdll.mk b/security/opencryptoki/files/patch-usr-lib-soft_stdll-soft_stdll.mk index 484201a38bb4..759760623953 100644 --- a/security/opencryptoki/files/patch-usr-lib-soft_stdll-soft_stdll.mk +++ b/security/opencryptoki/files/patch-usr-lib-soft_stdll-soft_stdll.mk @@ -1,9 +1,9 @@ ---- usr/lib/soft_stdll/soft_stdll.mk.orig 2022-04-25 11:04:51 UTC +--- usr/lib/soft_stdll/soft_stdll.mk.orig 2022-09-30 07:45:52 UTC +++ usr/lib/soft_stdll/soft_stdll.mk @@ -4,7 +4,7 @@ noinst_HEADERS += usr/lib/soft_stdll/tok_struct.h opencryptoki_stdll_libpkcs11_sw_la_CFLAGS = \ - -DDEV -D_THREAD_SAFE -DSHALLOW=0 -DSWTOK=1 -DLITE=0 -DNOCDMF \ + -DDEV -D_THREAD_SAFE -DSHALLOW=0 -DSWTOK=1 -DLITE=0 \ - -DNOMD2 -DNODSA -DNORIPE -fPIC -I${srcdir}/usr/lib/soft_stdll \ + -DNOMD2 -DNODSA -DNORIPE $(FPIC) -I${srcdir}/usr/lib/soft_stdll \ -DTOK_NEW_DATA_STORE=0x0003000c \ diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c b/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c index 5191373d0e1e..cdde00a4f14b 100644 --- a/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c +++ b/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c @@ -1,6 +1,6 @@ ---- usr/sbin/pkcsconf/pkcsconf.c.orig 2022-04-25 11:04:51 UTC +--- usr/sbin/pkcsconf/pkcsconf.c.orig 2022-09-30 07:45:52 UTC +++ usr/sbin/pkcsconf/pkcsconf.c -@@ -548,7 +548,7 @@ CK_RV check_user_and_group(void) +@@ -362,7 +362,7 @@ CK_RV check_user_and_group(void) * when forked). So we need to get the group information. * Really need to take the uid and map it to a name. */ @@ -9,12 +9,3 @@ if (grp == NULL) { return CKR_FUNCTION_FAILED; } -@@ -589,6 +589,8 @@ CK_RV display_pkcs11_info(void) - printf("\tLibrary Description: %.32s \n", CryptokiInfo.libraryDescription); - printf("\tLibrary Version: %d.%d \n", CryptokiInfo.libraryVersion.major, - CryptokiInfo.libraryVersion.minor); -+ -+ cleanup(); - - return rc; - } diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-opencryptoki.conf b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-opencryptoki.conf index 9b9a5c6060ca..2c00d1ffdb50 100644 --- a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-opencryptoki.conf +++ b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-opencryptoki.conf @@ -1,6 +1,6 @@ ---- usr/sbin/pkcsslotd/opencryptoki.conf.orig 2022-04-25 11:04:51 UTC +--- usr/sbin/pkcsslotd/opencryptoki.conf.orig 2022-09-30 07:45:52 UTC +++ usr/sbin/pkcsslotd/opencryptoki.conf -@@ -21,31 +21,40 @@ version opencryptoki-3.18 +@@ -21,32 +21,41 @@ version opencryptoki-3.19 # slot 0 { @@ -23,6 +23,7 @@ slot 2 { -stdll = libpkcs11_cca.so +-confname = ccatok.conf -tokversion = 3.12 + stdll = %%DLLDIR%%/libpkcs11_icsf.so + description = "ICSF (Integrated Cryptographic Service Facility) Token" @@ -34,11 +35,11 @@ -stdll = libpkcs11_sw.so -tokversion = 3.12 -} -+# slot 3 -+# { -+# stdll = %%DLLDIR%%/libpkcs11_ica.so -+# tokversion = 3.12 -+# } ++#slot 3 ++#{ ++# stdll = %%DLLDIR%%/libpkcs11_ica.so ++# tokversion = 3.12 ++#} -slot 4 -{ @@ -46,15 +47,16 @@ -confname = ep11tok.conf -tokversion = 3.12 -} -+# slot 4 -+# { -+# stdll = %%DLLDIR%%/libpkcs11_cca.so -+# tokversion = 3.12 -+# } ++#slot 4 ++#{ ++# stdll = %%DLLDIR%%/libpkcs11_cca.so ++# confname = ccatok.conf ++# tokversion = 3.12 ++#} + -+# slot 5 -+# { -+# stdll = %%DLLDIR%%/libpkcs11_ep11.so -+# confname = ep11tok.conf -+# tokversion = 3.12 -+# } ++#slot 5 ++#{ ++# stdll = %%DLLDIR%%/libpkcs11_ep11.so ++# confname = ep11tok.conf ++# tokversion = 3.12 ++#} diff --git a/security/opencryptoki/pkg-descr b/security/opencryptoki/pkg-descr index cdaa8827a684..5019079d4b58 100644 --- a/security/opencryptoki/pkg-descr +++ b/security/opencryptoki/pkg-descr @@ -1 +1,3 @@ -openCryptoki is a PKCS#11 implementation. +openCryptoki implements the PKCS#11 specification version 3.0, +including several cryptographic tokens: CCA, ICA, TPM , SWToken, +ICSF and EP11. diff --git a/security/opencryptoki/pkg-plist b/security/opencryptoki/pkg-plist index 54f88034d21e..61144a82bf62 100644 --- a/security/opencryptoki/pkg-plist +++ b/security/opencryptoki/pkg-plist @@ -27,6 +27,7 @@ lib/pkcs11/libopencryptoki.so lib/pkcs11/methods lib/pkcs11/PKCS11_API.so lib/pkcs11/stdll +libdata/pkgconfig/opencryptoki.pc man/man1/p11sak.1.gz man/man1/pkcsconf.1.gz man/man1/pkcsicsf.1.gz