From nobody Fri May 06 08:33:03 2022 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 65E911AB7BF9; Fri, 6 May 2022 08:33:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4KvkNH2L0qz4XDh; Fri, 6 May 2022 08:33:03 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1651825983; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=DESeiI78DzdliGNageSxgnuhGcSBbMXakpW2XRA+wJs=; b=c/6jOg6a0mnXgMH5m6nA6vKqJ6MhpVRKHbG1jPq8fF1Cggh6kEyjDGG3Axb1SXL0xrL3OR NKMYQSvSpZfyVLef8KvM3y0In3HGe7IrwecMkfi5TDWS13JuywVETCYWJKjSxplr0+KOC5 Or2EyDPbrQQ+Bq7C9j16r59mbkH1o+pxAOG2A89LAKDbUzz0bQb0BRXK/9BTl7IDwDVwzV P0F0ZXE+Wc3iYzwokV/2nBLwGclUuc2I3dJpJ+sUei4ahrbRwV+pPzx6Beu77vUE3zweT2 cMlL2gWeOvsV0tFG78wnZRLVm55iVCV0zvC4Cg0ANyE8X+R+kFfgETckyfF2kw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 2FB8D1876D; Fri, 6 May 2022 08:33:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 2468X3ot070199; Fri, 6 May 2022 08:33:03 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 2468X3uv070198; Fri, 6 May 2022 08:33:03 GMT (envelope-from git) Date: Fri, 6 May 2022 08:33:03 GMT Message-Id: <202205060833.2468X3uv070198@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Hiroki Sato Subject: git: cd09274aa2c5 - main - security/opencryptoki: update to 3.18.0 List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: hrs X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: cd09274aa2c59b5a06508ed00bf5bded7b7b6213 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1651825983; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=DESeiI78DzdliGNageSxgnuhGcSBbMXakpW2XRA+wJs=; b=jnfSDrBb2jlEuQFQSjyzZ4qBWz3Z52f5ftTpA89j7UEBP/QWRfjEkaFRCPbMk4Ikfy7FTR LHe0ob96dY2isA5CDG/jouemTPyTN77M1eVAGXgpdlrjsj5bAHYkPM50CfnFs4pw1PzXrv rR3UeWlLIwmW0cbXLNrydezgrHlYkjnMMr+TavJ29HUyek1QFoCwpgcrEsUA4hbS0DU7ot snbRRd5CfJPXarIDVFxCnjVm2V2FfyZwLvs6ts6SoIJPXHfbS2P2LpVMil2zdiyxbO2T+s v35jyZOaVdTNYE+SekXFeFc2aGJ0NFCgYMQu5BzzmzBY3mNnZ+SD3MC609tucA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1651825983; a=rsa-sha256; cv=none; b=pFSw/xz3tvH0ubaAKlLd35Va2iJY/vn+O+n8V77DD3tXnjK4NWR5pkt4HZuujznF90r8zW S55G3FDgOUWJ+xyuwIdZ270Fd+ZVb+yTWWQ8wy8adrCl88fi7yVq5bbQ3MsRZg50yb8i+E 37ROQBXtynxHb+HaRYQyQBwzYfF/q8UwdsvBpzCb3cLrKLG44ewGDtuJ9icgptnJ/NeJ6I JAe8mf9pGLrkt65Co3yVyznWlVRIvBKcBqSFpAsqSloQBY3n1NO2PfFtq5HaO36FbwysZ5 +6cyCKNNDM77eLgbohY0XHFylKBn2FDNdOv/i8HCOtHOxQstfCgaO+XjFJXGLw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by hrs: URL: https://cgit.FreeBSD.org/ports/commit/?id=cd09274aa2c59b5a06508ed00bf5bded7b7b6213 commit cd09274aa2c59b5a06508ed00bf5bded7b7b6213 Author: Hiroki Sato AuthorDate: 2022-05-06 08:31:40 +0000 Commit: Hiroki Sato CommitDate: 2022-05-06 08:32:09 +0000 security/opencryptoki: update to 3.18.0 --- security/opencryptoki/Makefile | 30 +++-- security/opencryptoki/distinfo | 6 +- security/opencryptoki/files/patch-Makefile.am | 52 ++++++--- security/opencryptoki/files/patch-configure.ac | 67 +++++------ .../opencryptoki/files/patch-usr-include-slotmgr.h | 16 +++ .../opencryptoki/files/patch-usr-lib-api-api.mk | 12 +- .../files/patch-usr-lib-api-api_interface.c | 11 ++ .../opencryptoki/files/patch-usr-lib-api-apiutil.c | 13 ++- .../opencryptoki/files/patch-usr-lib-api-policy.c | 39 +++++++ .../files/patch-usr-lib-api-socket_client.c | 8 +- .../files/patch-usr-lib-common-event_client.c | 11 ++ .../files/patch-usr-lib-common-loadsave.c | 36 +++++- .../files/patch-usr-lib-common-mech_ec.c | 14 +++ .../files/patch-usr-lib-common-pkcs_utils.c | 11 ++ .../files/patch-usr-lib-common-shared_memory.c | 15 +++ .../files/patch-usr-lib-common-trace.c | 20 +++- .../files/patch-usr-lib-common-utility.c | 35 +++--- .../patch-usr-lib-ica_s390_stdll-ica_s390_stdll.mk | 7 +- .../files/patch-usr-lib-soft_stdll-soft_specific.c | 6 +- .../files/patch-usr-lib-soft_stdll-soft_stdll.mk | 6 +- .../files/patch-usr-lib-tpm_stdll-tpm_specific.c | 14 +++ .../files/patch-usr-sbin-p11sak-p11sak.c | 20 ++++ .../files/patch-usr-sbin-pkcsconf-pkcsconf.c | 21 +++- .../files/patch-usr-sbin-pkcsconf-pkcsconf.mk | 6 +- .../files/patch-usr-sbin-pkcsslotd-mutex.c | 25 ++-- .../patch-usr-sbin-pkcsslotd-opencryptoki.conf | 60 ++++++++++ .../files/patch-usr-sbin-pkcsslotd-pkcsslotd.mk | 52 +++++++++ .../patch-usr-sbin-pkcsslotd-pkcsslotd_util.c | 10 ++ .../files/patch-usr-sbin-pkcsslotd-shmem.c | 8 +- .../files/patch-usr-sbin-pkcsslotd-slotmgr.c | 55 +++++++++ .../files/patch-usr-sbin-pkcsslotd-socket_server.c | 127 ++++++++++++++++----- ...atch-usr-sbin-pkcstok_migrate-pkcstok_migrate.c | 23 ++++ security/opencryptoki/pkg-plist | 39 ++++--- 33 files changed, 688 insertions(+), 187 deletions(-) diff --git a/security/opencryptoki/Makefile b/security/opencryptoki/Makefile index 4b95be7be1f7..e829cbf166ed 100644 --- a/security/opencryptoki/Makefile +++ b/security/opencryptoki/Makefile @@ -1,8 +1,7 @@ # Created by: Ralf Meister PORTNAME= opencryptoki -PORTVERSION= 3.11.0 -PORTREVISION= 2 +PORTVERSION= 3.18.0 DISTVERSIONPREFIX= v CATEGORIES= security @@ -14,19 +13,22 @@ LICENSE_NAME= Common Public License LICENSE_FILE= ${WRKSRC}/LICENSE LICENSE_PERMS= dist-mirror dist-sell pkg-mirror pkg-sell auto-accept -LIB_DEPENDS= libtspi.so:security/trousers +LIB_DEPENDS= libtspi.so:security/trousers \ + libepoll-shim.so:devel/libepoll-shim USES= alias autoreconf gmake libtool localbase ssl tar:tgz -USE_GCC= yes USE_OPENLDAP= yes USE_LDCONFIG= ${PREFIX}/lib/opencryptoki USE_GITHUB= yes -INSTALL_TARGET= install-strip GNU_CONFIGURE= yes -CONFIGURE_ARGS= --enable-swtok --enable-tpmtok \ +CONFIGURE_ENV= LOCALBASE=${LOCALBASE} +CONFIGURE_ARGS= --enable-swtok \ + --enable-tpmtok \ --enable-icsftok \ - --disable-crtok --disable-aeptok \ - --disable-ccatok --disable-bcomtok \ + --disable-crtok \ + --disable-aeptok \ + --disable-ccatok \ + --disable-bcomtok \ --disable-pkcscca_migrate \ --with-lockdir=/var/run/opencryptoki \ --with-logdir=/var/log/opencryptoki \ @@ -35,6 +37,7 @@ CONFIGURE_ARGS= --enable-swtok --enable-tpmtok \ --with-pkcs11user=${USERS} \ --with-pkcs11group=${GROUPS} \ ac_cv_path_CHGRP=true +INSTALL_TARGET= install-strip USE_RC_SUBR= pkcsslotd SUB_FILES= pkg-message SUB_LIST= USERS="${USERS}" GROUPS="${GROUPS}" @@ -42,9 +45,16 @@ PLIST_SUB= USERS="${USERS}" GROUPS="${GROUPS}" USERS= _pkcs11 GROUPS= _pkcs11 +post-patch: + cd ${WRKSRC} && \ + ${REINPLACE_CMD} 's,%%DLLDIR%%,${PREFIX}/lib/opencryptoki/stdll,' \ + usr/sbin/pkcsslotd/opencryptoki.conf + post-install: - ${MV} ${STAGEDIR}${ETCDIR}/opencryptoki.conf \ - ${STAGEDIR}${ETCDIR}/opencryptoki.conf.sample + ${MV} ${STAGEDIR}${DOCSDIR}/strength-example.conf \ + ${STAGEDIR}${ETCDIR}/strength.conf.sample + ${MV} ${STAGEDIR}${DOCSDIR}/policy-example.conf \ + ${STAGEDIR}${ETCDIR}/policy.conf.sample ${RMDIR} ${STAGEDIR}/var/run/opencryptoki/* \ ${STAGEDIR}/var/run/opencryptoki diff --git a/security/opencryptoki/distinfo b/security/opencryptoki/distinfo index 263bcc0db79a..b969f909723a 100644 --- a/security/opencryptoki/distinfo +++ b/security/opencryptoki/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1551564276 -SHA256 (opencryptoki-opencryptoki-v3.11.0_GH0.tar.gz) = 4d901373b08ed0b0d56a4df5e3f35a7d17142bdc5c5bf9b37c8a10200a08d6fd -SIZE (opencryptoki-opencryptoki-v3.11.0_GH0.tar.gz) = 935891 +TIMESTAMP = 1651086346 +SHA256 (opencryptoki-opencryptoki-v3.18.0_GH0.tar.gz) = 18882bbb3eaff37b2badf93bce1faab86406ed60f40fd5debc08afd3ceba36c2 +SIZE (opencryptoki-opencryptoki-v3.18.0_GH0.tar.gz) = 1337092 diff --git a/security/opencryptoki/files/patch-Makefile.am b/security/opencryptoki/files/patch-Makefile.am index b8e43eab836d..36da7c4e1f9c 100644 --- a/security/opencryptoki/files/patch-Makefile.am +++ b/security/opencryptoki/files/patch-Makefile.am @@ -1,14 +1,6 @@ ---- Makefile.am.orig 2018-11-16 23:53:03.000000000 +0900 -+++ Makefile.am 2019-03-03 12:39:45.031868000 +0900 -@@ -29,7 +29,6 @@ - include man/man.mk - include usr/usr.mk - -- - install-data-hook: - if ENABLE_LIBRARY - $(MKDIR_P) $(DESTDIR)$(libdir)/opencryptoki/stdll -@@ -37,9 +36,9 @@ +--- Makefile.am.orig 2022-04-25 11:04:51 UTC ++++ Makefile.am +@@ -39,9 +39,9 @@ if ENABLE_LIBRARY cd $(DESTDIR)$(libdir)/opencryptoki && \ ln -fs libopencryptoki.so PKCS11_API.so cd $(DESTDIR)$(libdir)/opencryptoki && \ @@ -20,7 +12,7 @@ cd $(DESTDIR)$(libdir)/pkcs11 && \ ln -fs ../opencryptoki/libopencryptoki.so PKCS11_API.so cd $(DESTDIR)$(libdir)/pkcs11 && \ -@@ -51,24 +50,24 @@ +@@ -53,55 +53,55 @@ if ENABLE_CCATOK cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ ln -fs libpkcs11_cca.so PKCS11_CCA.so $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ @@ -47,11 +39,20 @@ $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok $(MKDIR_P) $(DESTDIR)$(lockdir)/ep11tok - $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/ep11tok -+ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/ep11tok ++ $(CHGRP) @PKCSGROUP11@ $(DESTDIR)$(lockdir)/ep11tok $(CHMOD) 0770 $(DESTDIR)$(lockdir)/ep11tok test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true - test -f $(DESTDIR)$(sysconfdir)/opencryptoki/ep11tok.conf || $(INSTALL) -m 644 $(srcdir)/usr/lib/ep11_stdll/ep11tok.conf $(DESTDIR)$(sysconfdir)/opencryptoki/ep11tok.conf || true -@@ -78,24 +77,24 @@ +- test -f $(DESTDIR)$(sysconfdir)/opencryptoki/ep11tok.conf || $(INSTALL) -m 644 $(srcdir)/usr/lib/ep11_stdll/ep11tok.conf $(DESTDIR)$(sysconfdir)/opencryptoki/ep11tok.conf || true +- test -f $(DESTDIR)$(sysconfdir)/opencryptoki/ep11cpfilter.conf || $(INSTALL) -m 644 $(srcdir)/usr/lib/ep11_stdll/ep11cpfilter.conf $(DESTDIR)$(sysconfdir)/opencryptoki/ep11cpfilter.conf || true ++ test -f $(DESTDIR)$(sysconfdir)/opencryptoki/ep11tok.conf.sample || $(INSTALL) -m 644 $(srcdir)/usr/lib/ep11_stdll/ep11tok.conf $(DESTDIR)$(sysconfdir)/opencryptoki/ep11tok.conf.sample || true ++ test -f $(DESTDIR)$(sysconfdir)/opencryptoki/ep11cpfilter.conf.sample || $(INSTALL) -m 644 $(srcdir)/usr/lib/ep11_stdll/ep11cpfilter.conf $(DESTDIR)$(sysconfdir)/opencryptoki/ep11cpfilter.conf.sample || true + endif + if ENABLE_P11SAK + test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true +- test -f $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || $(INSTALL) -g pkcs11 -m 0640 $(srcdir)/usr/sbin/p11sak/p11sak_defined_attrs.conf $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || true ++ test -f $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf.sample || $(INSTALL) -m 0640 $(srcdir)/usr/sbin/p11sak/p11sak_defined_attrs.conf $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf.sample || true + endif + if ENABLE_ICATOK cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ ln -fs libpkcs11_ica.so PKCS11_ICA.so $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ @@ -82,7 +83,7 @@ $(CHMOD) 0770 $(DESTDIR)$(lockdir)/swtok endif if ENABLE_TPMTOK -@@ -103,10 +102,10 @@ +@@ -109,10 +109,10 @@ if ENABLE_TPMTOK cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ ln -fs libpkcs11_tpm.so PKCS11_TPM.so $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm @@ -95,7 +96,7 @@ $(CHMOD) 0770 $(DESTDIR)$(lockdir)/tpm endif if ENABLE_ICSFTOK -@@ -114,10 +113,10 @@ +@@ -120,16 +120,15 @@ if ENABLE_ICSFTOK cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ ln -fs libpkcs11_icsf.so PKCS11_ICSF.so $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf @@ -108,7 +109,14 @@ $(CHMOD) 0770 $(DESTDIR)$(lockdir)/icsf endif if ENABLE_DAEMON -@@ -130,16 +129,8 @@ + test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true +- test -f $(DESTDIR)$(sysconfdir)/opencryptoki/opencryptoki.conf || $(INSTALL) -m 644 $(srcdir)/usr/sbin/pkcsslotd/opencryptoki.conf $(DESTDIR)$(sysconfdir)/opencryptoki/opencryptoki.conf || true +- test -f $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || $(INSTALL) -m 640 -o root -g pkcs11 -T $(srcdir)/doc/strength-example.conf $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || true ++ test -f $(DESTDIR)$(sysconfdir)/opencryptoki/opencryptoki.conf.sample || $(INSTALL) -m 644 $(srcdir)/usr/sbin/pkcsslotd/opencryptoki.conf $(DESTDIR)$(sysconfdir)/opencryptoki/opencryptoki.conf.sample || true + if ENABLE_SYSTEMD + mkdir -p $(DESTDIR)/usr/lib/tmpfiles.d + cp $(srcdir)/misc/tmpfiles.conf $(DESTDIR)/usr/lib/tmpfiles.d/opencryptoki.conf +@@ -137,16 +136,8 @@ if ENABLE_SYSTEMD rm -f $(DESTDIR)/usr/lib/systemd/system/tmpfiles.conf endif endif @@ -126,3 +134,11 @@ $(CHMOD) 0770 $(DESTDIR)$(lockdir) $(DESTDIR)$(logdir) +@@ -190,7 +181,6 @@ if ENABLE_TPMTOK + cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ + rm -rf PKCS11_TPM.so; fi + endif +- rm -f $(DESTDIR)/etc/ld.so.conf.d/opencryptoki-$(target_cpu).conf + if ENABLE_ICSFTOK + if test -d $(DESTDIR)$(libdir)/opencryptoki/stdll; then \ + cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ diff --git a/security/opencryptoki/files/patch-configure.ac b/security/opencryptoki/files/patch-configure.ac index 866c75f80e4d..8dd546747d7f 100644 --- a/security/opencryptoki/files/patch-configure.ac +++ b/security/opencryptoki/files/patch-configure.ac @@ -1,4 +1,4 @@ ---- configure.ac.orig 2018-11-16 14:53:03 UTC +--- configure.ac.orig 2022-04-25 11:04:51 UTC +++ configure.ac @@ -12,6 +12,9 @@ dnl Checks for header files. AC_DISABLE_STATIC @@ -10,16 +10,25 @@ AC_HEADER_STDC AC_CHECK_HEADER_STDBOOL AC_CHECK_HEADERS([arpa/inet.h fcntl.h libintl.h limits.h locale.h malloc.h \ -@@ -77,18 +80,27 @@ fi +@@ -47,7 +50,7 @@ AC_CHECK_FUNCS([atexit ftruncate gettimeofday localtim + strdup strerror strncasecmp strrchr strstr strtol strtoul]) + + dnl Used in various scripts +-AC_PATH_PROG([ID], [id], [/us/bin/id]) ++AC_PATH_PROG([ID], [id], [/usr/bin/id]) + AC_PATH_PROG([USERMOD], [usermod], [/usr/sbin/usermod]) + AC_PATH_PROG([GROUPADD], [groupadd], [/usr/sbin/groupadd]) + AC_PATH_PROG([CAT], [cat], [/bin/cat]) +@@ -71,19 +74,27 @@ fi AC_CHECK_LIB([itm], [_ITM_commitTransaction], [itm=yes], [itm=no]) OPENLDAP_LIBS= -AC_CHECK_HEADERS([lber.h ldap.h], +if test "x$enable_icsftok" = "xyes"; then + AC_CHECK_HEADERS([lber.h ldap.h], - [OPENLDAP_LIBS="-llber -lldap"], - [AC_MSG_ERROR([lber.h and ldap.h are missing. Please install - 'openldap-devel'.])]) + [OPENLDAP_LIBS="-llber -lldap"], + [AC_MSG_ERROR([lber.h and ldap.h are missing. Please install + 'openldap-devel'.])]) -LIBS="$LIBS $OPENLDAP_LIBS" + LIBS="$LIBS $OPENLDAP_LIBS" +fi @@ -34,65 +43,59 @@ + [lockdir=$localstatedir/lock/opencryptoki]) AC_SUBST(lockdir) +-logdir=$localstatedir/log/opencryptoki +AC_ARG_WITH([logdir], + [AS_HELP_STRING([--with-logdir],[log directory])], + [logdir=$withval], + [logdir=$localstatedir/log/opencryptoki]) - logdir=$localstatedir/log/opencryptoki AC_SUBST(logdir) -@@ -225,6 +237,19 @@ AC_ARG_WITH([systemd], + dnl --- +@@ -241,6 +252,19 @@ AC_ARG_WITH([libudev], [], - [with_systemd=no]) + [with_libudev=check]) +dnl --- check for pkcs11 user +AC_ARG_WITH([pkcs11user], + AC_HELP_STRING([--with-pkcs11user[[=USER]]], [set pkcs11 user [[pkcs11]]]), + [pkcs11_user=$withval], -+ [pkcs11_user=pkcs11]) ++ [pkcs11_user=_pkcs11]) +dnl --- check for pkcs11 group +AC_ARG_WITH(pkcs11group, + AC_HELP_STRING([--with-pkcs11group[[=GROUP]]], [set pkcs11 group [[pkcs11]]]), + [pkcs11_group=$withval], -+ [pkcs11_group=pkcs11]) ++ [pkcs11_group=_pkcs11]) +AC_SUBST(PKCS11USER, $pkcs11_user) +AC_SUBST(PKCS11GROUP, $pkcs11_group) + dnl --- dnl --- dnl --- Now that we have all the options, let's check for a valid build -@@ -598,12 +623,31 @@ else +@@ -662,10 +686,14 @@ libitm and gcc>=4.7 is required]) fi AM_CONDITIONAL([ENABLE_LOCKS], [test "x$enable_locks" = "xyes"]) -CFLAGS="$CFLAGS -DPKCS64 -D_XOPEN_SOURCE=600 -Wall -Wextra" -+CFLAGS="$CFLAGS \ -+ -Wall \ -+ -Wextra \ -+ -Wno-pointer-sign \ -+" -+CPPFX=' \ -+ -DCONFIG_PATH=\"$(localstatedir)/lib/opencryptoki\" \ -+ -DSBIN_PATH=\"$(sbindir)\" \ -+ -DLIB_PATH=\"$(libdir)\" \ -+ -DLOCKDIR_PATH=\"$(lockdir)\" \ -+ -DOCK_CONFDIR=\"$(sysconfdir)/opencryptoki\" \ -+ -DOCK_LOGDIR=\"$(logdir)\" \ -+' -+CPPFLAGS="$CPPFLAGS \ -+ -DPKCS64 \ -+ -D_XOPEN_SOURCE=600 \ -+ $CPPFX \ -+ -DPKCS11USER=\\\"${pkcs11_user}\\\" \ -+ -DPKCS11GROUP=\\\"${pkcs11_group}\\\" \ -+" ++CFLAGS="$CFLAGS -Wall -Wextra -Wno-pointer-sign" -CFLAGS+=' -DCONFIG_PATH=\"$(localstatedir)/lib/opencryptoki\" -DSBIN_PATH=\"$(sbindir)\" -DLIB_PATH=\"$(libdir)\" -DLOCKDIR_PATH=\"$(lockdir)\" -DOCK_CONFDIR=\"$(sysconfdir)/opencryptoki\" -DOCK_LOGDIR=\"$(logdir)\"' -- ++CPPFX='-DCONFIG_PATH=\"$(localstatedir)/lib/opencryptoki\" -DSBIN_PATH=\"$(sbindir)\" -DLIB_PATH=\"$(libdir)\" -DLOCKDIR_PATH=\"$(lockdir)\" -DOCK_CONFDIR=\"$(sysconfdir)/opencryptoki\" -DOCK_LOGDIR=\"$(logdir)\"' + ++CPPFLAGS="$CPPFLAGS -DPKCS64 -D_XOPEN_SOURCE=600 $CPPFX" ++CPPFLAGS="$CPPFLAGS -DPKCS11USER=\\\"${pkcs11_user}\\\"" ++CPPFLAGS="$CPPFLAGS -DPKCS11GROUP=\\\"${pkcs11_group}\\\"" ++ # At this point, CFLAGS is set to something sensible AC_PROG_CC + AC_PROG_CXX +@@ -678,6 +706,10 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM( + #endif]])],, + [AC_MSG_ERROR([C++ compiler is missing on your system. Please install 'gcc-c++'.])]) + AC_LANG_POP([C++]) + +AC_SUBST(FPIC, $lt_prog_compiler_pic) ++ ++AC_SUBST(LOCALBASE, $LOCALBASE) AC_CONFIG_MACRO_DIRS([m4]) diff --git a/security/opencryptoki/files/patch-usr-include-slotmgr.h b/security/opencryptoki/files/patch-usr-include-slotmgr.h new file mode 100644 index 000000000000..eaef763f7ffd --- /dev/null +++ b/security/opencryptoki/files/patch-usr-include-slotmgr.h @@ -0,0 +1,16 @@ +--- usr/include/slotmgr.h.orig 2022-04-25 11:04:51 UTC ++++ usr/include/slotmgr.h +@@ -31,10 +31,10 @@ + #define TOK_PATH SBIN_PATH "/pkcsslotd" + #define OCK_API_LOCK_FILE LOCKDIR_PATH "/LCK..APIlock" + +-#define PROC_SOCKET_FILE_PATH "/run/pkcsslotd.socket" +-#define ADMIN_SOCKET_FILE_PATH "/run/pkcsslotd.admin.socket" ++#define PROC_SOCKET_FILE_PATH "/var/run/pkcsslotd.socket" ++#define ADMIN_SOCKET_FILE_PATH "/var/run/pkcsslotd.admin.socket" + +-#define PID_FILE_PATH "/run/pkcsslotd.pid" ++#define PID_FILE_PATH "/var/run/pkcsslotd.pid" + #define OCK_CONFIG OCK_CONFDIR "/opencryptoki.conf" + + #ifndef CK_BOOL diff --git a/security/opencryptoki/files/patch-usr-lib-api-api.mk b/security/opencryptoki/files/patch-usr-lib-api-api.mk index 759a7e0e62a7..22d4bf1a3284 100644 --- a/security/opencryptoki/files/patch-usr-lib-api-api.mk +++ b/security/opencryptoki/files/patch-usr-lib-api-api.mk @@ -1,17 +1,19 @@ ---- usr/lib/api/api.mk.orig 2018-11-16 14:53:03 UTC +--- usr/lib/api/api.mk.orig 2022-04-25 11:04:51 UTC +++ usr/lib/api/api.mk -@@ -7,12 +7,12 @@ SO_REVISION=0 +@@ -8,14 +8,14 @@ SO_REVISION=0 SO_AGE=0 opencryptoki_libopencryptoki_la_CFLAGS = \ - -DAPI -DDEV -D_THREAD_SAFE -fPIC -I${srcdir}/usr/include \ + -DAPI -DDEV -D_THREAD_SAFE $(FPIC) -I${srcdir}/usr/include \ -I${srcdir}/usr/lib/common -I${srcdir}/usr/lib/api \ - -DSTDLL_NAME=\"api\" + -I${srcdir}/usr/lib/config -I${top_builddir}/usr/lib/config \ + -DSTDLL_NAME=\"api\" -DHASHMAP_JENKINS_MIX \ + -I${top_builddir}/usr/lib/api opencryptoki_libopencryptoki_la_LDFLAGS = \ -- -shared -Wl,-z,defs,-Bsymbolic -lc -ldl -lpthread \ -+ -shared -Wl,-z,defs,-Bsymbolic -lc -lpthread \ +- -shared -Wl,-z,defs,-Bsymbolic -lc -ldl -lpthread -lcrypto -lrt \ ++ -shared -Wl,-z,defs,-Bsymbolic -lc -lpthread -lcrypto -lrt \ -version-info $(SO_CURRENT):$(SO_REVISION):$(SO_AGE) \ -Wl,--version-script=${srcdir}/opencryptoki.map diff --git a/security/opencryptoki/files/patch-usr-lib-api-api_interface.c b/security/opencryptoki/files/patch-usr-lib-api-api_interface.c new file mode 100644 index 000000000000..f23f53dae326 --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-api-api_interface.c @@ -0,0 +1,11 @@ +--- usr/lib/api/api_interface.c.orig 2022-04-25 11:04:51 UTC ++++ usr/lib/api/api_interface.c +@@ -373,7 +373,7 @@ static CK_RV check_user_and_group() + * when forked). So we need to get the group information. + * Really need to take the uid and map it to a name. + */ +- grp = getgrnam("pkcs11"); ++ grp = getgrnam(PKCS11GROUP); + if (grp == NULL) { + OCK_SYSLOG(LOG_ERR, "getgrnam() failed: %s\n", strerror(errno)); + goto error; diff --git a/security/opencryptoki/files/patch-usr-lib-api-apiutil.c b/security/opencryptoki/files/patch-usr-lib-api-apiutil.c index 76d2b849d7fb..32708dbcdfe3 100644 --- a/security/opencryptoki/files/patch-usr-lib-api-apiutil.c +++ b/security/opencryptoki/files/patch-usr-lib-api-apiutil.c @@ -1,22 +1,25 @@ ---- usr/lib/api/apiutil.c.orig 2018-11-16 14:53:03 UTC +--- usr/lib/api/apiutil.c.orig 2022-04-25 11:04:51 UTC +++ usr/lib/api/apiutil.c -@@ -19,10 +19,10 @@ +@@ -19,11 +19,14 @@ #include #include #include --#include ++#if !defined(__FreeBSD__) + #include ++#endif #include #include #include + #include +#include #include -@@ -35,7 +35,6 @@ +@@ -36,7 +39,6 @@ #include #include #include -#include static int xplfd = -1; - + pthread_rwlock_t xplfd_rwlock = PTHREAD_RWLOCK_INITIALIZER; diff --git a/security/opencryptoki/files/patch-usr-lib-api-policy.c b/security/opencryptoki/files/patch-usr-lib-api-policy.c new file mode 100644 index 000000000000..af6fca6c14aa --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-api-policy.c @@ -0,0 +1,39 @@ +--- usr/lib/api/policy.c.orig 2022-04-25 11:04:51 UTC ++++ usr/lib/api/policy.c +@@ -1178,10 +1178,10 @@ static CK_RV policy_check_cfg_file(FILE *fp, const cha + struct group *grp = NULL; + int err; + +- grp = getgrnam("pkcs11"); ++ grp = getgrnam(PKCS11GROUP); + if (!grp) { +- TRACE_ERROR("Could not retrieve \"pkcs11\" group!"); +- OCK_SYSLOG(LOG_ERR, "POLICY: Could not retrieve \"pkcs11\" group!"); ++ TRACE_ERROR("Could not retrieve \"" PKCS11GROUP "\" group!"); ++ OCK_SYSLOG(LOG_ERR, "POLICY: Could not retrieve \"" PKCS11GROUP "\" group!"); + return CKR_GENERAL_ERROR; + } + if (fstat(fileno(fp), &statbuf)) { +@@ -1200,16 +1200,17 @@ static CK_RV policy_check_cfg_file(FILE *fp, const cha + return CKR_GENERAL_ERROR; + } + if (statbuf.st_gid != grp->gr_gid) { +- TRACE_ERROR("Policy configuration file %s should have group \"pkcs11\"!\n", ++ TRACE_ERROR("Policy configuration file %s should have group \"" PKCS11GROUP "\"!\n", + name); +- OCK_SYSLOG(LOG_ERR, "POLICY: Configuration file %s should have group \"pkcs11\"!\n", ++ OCK_SYSLOG(LOG_ERR, "POLICY: Configuration file %s should have group \"" PKCS11GROUP "\"!\n", + name); + return CKR_GENERAL_ERROR; + } + if ((statbuf.st_mode & ~S_IFMT) != OCK_POLICY_PERMS) { +- TRACE_ERROR("Configuration file %s has wrong permissions!\n", name); +- OCK_SYSLOG(LOG_ERR, "POLICY: Configuration file %s has wrong permissions!\n", +- name); ++ TRACE_ERROR("Configuration file %s must have %04o permission (was %04o)\n", ++ name, OCK_POLICY_PERMS, (statbuf.st_mode & ~S_IFMT)); ++ OCK_SYSLOG(LOG_ERR, "POLICY: Configuration file %s must have %04o permission (is %04o)\n", ++ name, OCK_POLICY_PERMS, (statbuf.st_mode & ~S_IFMT)); + return CKR_GENERAL_ERROR; + } + return CKR_OK; diff --git a/security/opencryptoki/files/patch-usr-lib-api-socket_client.c b/security/opencryptoki/files/patch-usr-lib-api-socket_client.c index 51ad9ddeb5ed..9d989df6b181 100644 --- a/security/opencryptoki/files/patch-usr-lib-api-socket_client.c +++ b/security/opencryptoki/files/patch-usr-lib-api-socket_client.c @@ -1,11 +1,11 @@ ---- usr/lib/api/socket_client.c.orig 2018-11-16 14:53:03 UTC +--- usr/lib/api/socket_client.c.orig 2022-04-25 11:04:51 UTC +++ usr/lib/api/socket_client.c -@@ -51,7 +51,7 @@ int init_socket_data() - return FALSE; +@@ -49,7 +49,7 @@ int connect_socket(const char *file_path) + return -1; } - grp = getgrnam("pkcs11"); + grp = getgrnam(PKCS11GROUP); if (!grp) { OCK_SYSLOG(LOG_ERR, - "init_socket_data: pkcs11 group does not exist, errno=%d", + "connect_socket: pkcs11 group does not exist, errno=%d", diff --git a/security/opencryptoki/files/patch-usr-lib-common-event_client.c b/security/opencryptoki/files/patch-usr-lib-common-event_client.c new file mode 100644 index 000000000000..258299588368 --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-common-event_client.c @@ -0,0 +1,11 @@ +--- usr/lib/common/event_client.c.orig 2022-04-25 11:04:51 UTC ++++ usr/lib/common/event_client.c +@@ -32,7 +32,7 @@ static int connect_socket(const char *file_path) + if (stat(file_path, &file_info)) + return -errno; + +- grp = getgrnam("pkcs11"); ++ grp = getgrnam(PKCS11GROUP); + if (!grp) + return -errno; + diff --git a/security/opencryptoki/files/patch-usr-lib-common-loadsave.c b/security/opencryptoki/files/patch-usr-lib-common-loadsave.c index 2ac5ea0f2587..4560b35b683c 100644 --- a/security/opencryptoki/files/patch-usr-lib-common-loadsave.c +++ b/security/opencryptoki/files/patch-usr-lib-common-loadsave.c @@ -1,10 +1,12 @@ ---- usr/lib/common/loadsave.c.orig 2018-11-16 14:53:03 UTC +--- usr/lib/common/loadsave.c.orig 2022-04-25 11:04:51 UTC +++ usr/lib/common/loadsave.c -@@ -20,11 +20,9 @@ +@@ -20,17 +20,22 @@ #include #include #include --#include ++#if !defined(__FreeBSD__) + #include ++#endif #include #include #include @@ -12,12 +14,34 @@ #include #include #include -@@ -370,7 +368,7 @@ void set_perm(int file) + #include + #include ++#if !defined(__FreeBSD__) + #include ++#else ++#include ++#endif + + #include "pkcs11types.h" + #include "defs.h" +@@ -132,7 +137,7 @@ void set_perm(int file) // Set absolute permissions or rw-rw---- fchmod(file, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP); - grp = getgrnam("pkcs11"); // Obtain the group id + grp = getgrnam(PKCS11GROUP); // Obtain the group id if (grp) { - // set ownership to root, and pkcs11 group - if (fchown(file, getuid(), grp->gr_gid) != 0) { + // set ownership to pkcs11 group + if (fchown(file, -1, grp->gr_gid) != 0) { +@@ -303,7 +308,11 @@ CK_RV init_data_store(STDLL_TokData_t *tokdata, char * + tokdata->pk_dir = NULL; + } + ++#if !defined(__FreeBSD__) + if ((pkdir = secure_getenv("PKCS_APP_STORE")) != NULL) { ++#else ++ if ((pkdir = getenv("PKCS_APP_STORE")) != NULL) { ++#endif + pklen = strlen(pkdir) + 1024; + tokdata->pk_dir = (char *) calloc(pklen, 1); + if (!(tokdata->pk_dir)) diff --git a/security/opencryptoki/files/patch-usr-lib-common-mech_ec.c b/security/opencryptoki/files/patch-usr-lib-common-mech_ec.c new file mode 100644 index 000000000000..4cab27ce0a2a --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-common-mech_ec.c @@ -0,0 +1,14 @@ +--- usr/lib/common/mech_ec.c.orig 2022-04-25 11:04:51 UTC ++++ usr/lib/common/mech_ec.c +@@ -14,7 +14,11 @@ + */ + + #define _GNU_SOURCE ++#if !defined(__FreeBSD__) + #include ++#else ++#include ++#endif + #include + #include + #include diff --git a/security/opencryptoki/files/patch-usr-lib-common-pkcs_utils.c b/security/opencryptoki/files/patch-usr-lib-common-pkcs_utils.c new file mode 100644 index 000000000000..d9a1b70e0bd4 --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-common-pkcs_utils.c @@ -0,0 +1,11 @@ +--- usr/lib/common/pkcs_utils.c.orig 2022-04-25 11:04:51 UTC ++++ usr/lib/common/pkcs_utils.c +@@ -466,7 +466,7 @@ void set_perm(int file) + // Set absolute permissions or rw-rw---- + fchmod(file, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP); + +- grp = getgrnam("pkcs11"); // Obtain the group id ++ grp = getgrnam(PKCS11GROUP); // Obtain the group id + if (grp) { + // set ownership to pkcs11 group + if (fchown(file, -1, grp->gr_gid) != 0) { diff --git a/security/opencryptoki/files/patch-usr-lib-common-shared_memory.c b/security/opencryptoki/files/patch-usr-lib-common-shared_memory.c new file mode 100644 index 000000000000..ed1caae32ede --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-common-shared_memory.c @@ -0,0 +1,15 @@ +--- usr/lib/common/shared_memory.c.orig 2022-04-25 11:04:51 UTC ++++ usr/lib/common/shared_memory.c +@@ -172,10 +172,10 @@ int sm_open(const char *sm_name, int mode, void **p_ad + goto done; + } + +- grp = getgrnam("pkcs11"); ++ grp = getgrnam(PKCS11GROUP); + if (!grp) { + rc = -errno; +- SYS_ERROR(errno, "getgrname(\"pkcs11\"): %s\n", ++ SYS_ERROR(errno, "getgrname(\"" PKCS11GROUP "\"): %s\n", + strerror(errno)); + goto done; + } diff --git a/security/opencryptoki/files/patch-usr-lib-common-trace.c b/security/opencryptoki/files/patch-usr-lib-common-trace.c index 8af744f2dced..fbc6fefa6289 100644 --- a/security/opencryptoki/files/patch-usr-lib-common-trace.c +++ b/security/opencryptoki/files/patch-usr-lib-common-trace.c @@ -1,14 +1,26 @@ ---- usr/lib/common/trace.c.orig 2018-11-16 14:53:03 UTC +--- usr/lib/common/trace.c.orig 2022-04-25 11:04:51 UTC +++ usr/lib/common/trace.c -@@ -21,6 +21,7 @@ - #include +@@ -23,7 +23,10 @@ #include #include + #include +#include ++#include ++ #include "pkcs11types.h" #include "defs.h" -@@ -170,7 +171,7 @@ CK_RV trace_initialize(void) + #include "host_defs.h" +@@ -34,7 +37,7 @@ + #ifdef SYS_gettid + #define __gettid() syscall(SYS_gettid) + #else +-#define __gettid() gettid() ++#define __gettid() pthread_getthreadid_np() + #endif + + pthread_mutex_t tlmtx = PTHREAD_MUTEX_INITIALIZER; +@@ -178,7 +181,7 @@ CK_RV trace_initialize(void) return (CKR_FUNCTION_FAILED); } diff --git a/security/opencryptoki/files/patch-usr-lib-common-utility.c b/security/opencryptoki/files/patch-usr-lib-common-utility.c index 106922a9c42d..0893560aba16 100644 --- a/security/opencryptoki/files/patch-usr-lib-common-utility.c +++ b/security/opencryptoki/files/patch-usr-lib-common-utility.c @@ -1,40 +1,37 @@ ---- usr/lib/common/utility.c.orig 2018-11-16 14:53:03 UTC +--- usr/lib/common/utility.c.orig 2022-04-25 11:04:51 UTC +++ usr/lib/common/utility.c @@ -21,6 +21,7 @@ #include #include #include +#include + #include + #include - #include "pkcs11types.h" - #include "defs.h" -@@ -35,6 +36,25 @@ +@@ -40,6 +41,22 @@ #include #include -+#ifdef __sun -+#define LOCK_EX F_LOCK -+#define LOCK_UN F_ULOCK -+#define flock(fd, func) lockf(fd, func, 0) -+#endif -+ +#ifndef LOCK_SH -+#define LOCK_SH 1 /* shared lock */ ++#define LOCK_SH 1 +#endif ++ +#ifndef LOCK_EX -+#define LOCK_EX 2 /* exclusive lock */ ++#define LOCK_EX 2 +#endif ++ +#ifndef LOCK_NB -+#define LOCK_NB 4 /* don't block when locking */ ++#define LOCK_NB 4 +#endif ++ +#ifndef LOCK_UN -+#define LOCK_UN 8 /* unlock */ ++#define LOCK_UN 8 +#endif + - // Function: dlist_add_as_first() - // - // Adds the specified node to the start of the list -@@ -317,7 +337,7 @@ CK_RV CreateXProcLock(char *tokname, STDLL_TokData_t * + CK_RV CreateXProcLock(char *tokname, STDLL_TokData_t *tokdata) + { + char lockfile[PATH_MAX]; +@@ -82,7 +99,7 @@ CK_RV CreateXProcLock(char *tokname, STDLL_TokData_t * lockdir, strerror(errno)); goto err; } @@ -43,7 +40,7 @@ if (grp == NULL) { fprintf(stderr, "getgrname(pkcs11): %s", strerror(errno)); goto err; -@@ -355,7 +375,7 @@ CK_RV CreateXProcLock(char *tokname, STDLL_TokData_t * +@@ -122,7 +139,7 @@ CK_RV CreateXProcLock(char *tokname, STDLL_TokData_t * goto err; } diff --git a/security/opencryptoki/files/patch-usr-lib-ica_s390_stdll-ica_s390_stdll.mk b/security/opencryptoki/files/patch-usr-lib-ica_s390_stdll-ica_s390_stdll.mk index 53c9d5f8ab0e..c8ea5dfc3812 100644 --- a/security/opencryptoki/files/patch-usr-lib-ica_s390_stdll-ica_s390_stdll.mk +++ b/security/opencryptoki/files/patch-usr-lib-ica_s390_stdll-ica_s390_stdll.mk @@ -1,14 +1,15 @@ ---- usr/lib/ica_s390_stdll/ica_s390_stdll.mk.orig 2018-11-16 14:53:03 UTC +--- usr/lib/ica_s390_stdll/ica_s390_stdll.mk.orig 2022-04-25 11:04:51 UTC +++ usr/lib/ica_s390_stdll/ica_s390_stdll.mk -@@ -3,14 +3,14 @@ nobase_lib_LTLIBRARIES += opencryptoki/stdll/libpkcs11 +@@ -3,7 +3,7 @@ nobase_lib_LTLIBRARIES += opencryptoki/stdll/libpkcs11 noinst_HEADERS += usr/lib/ica_s390_stdll/tok_struct.h opencryptoki_stdll_libpkcs11_ica_la_CFLAGS = \ - -DDEV -D_THREAD_SAFE -fPIC -DSHALLOW=0 -DSWTOK=0 -DLITE=1 \ + -DDEV -D_THREAD_SAFE $(FPIC) -DSHALLOW=0 -DSWTOK=0 -DLITE=1 \ -DNODH -DNOCDMF -DNOMD2 -DNODSA -DSTDLL_NAME=\"icatok\" \ + -DTOK_NEW_DATA_STORE=0x0003000c \ $(ICA_INC_DIRS) -I${srcdir}/usr/lib/ica_s390_stdll \ - -I${srcdir}/usr/lib/common -I${srcdir}/usr/include +@@ -12,7 +12,7 @@ opencryptoki_stdll_libpkcs11_ica_la_CFLAGS = \ opencryptoki_stdll_libpkcs11_ica_la_LDFLAGS = \ $(LCRYPTO) $(ICA_LIB_DIRS) -nostartfiles -shared \ diff --git a/security/opencryptoki/files/patch-usr-lib-soft_stdll-soft_specific.c b/security/opencryptoki/files/patch-usr-lib-soft_stdll-soft_specific.c index 164da96ccc76..a62410f0de9d 100644 --- a/security/opencryptoki/files/patch-usr-lib-soft_stdll-soft_specific.c +++ b/security/opencryptoki/files/patch-usr-lib-soft_stdll-soft_specific.c @@ -1,4 +1,4 @@ ---- usr/lib/soft_stdll/soft_specific.c.orig 2018-11-16 14:53:03 UTC +--- usr/lib/soft_stdll/soft_specific.c.orig 2022-04-25 11:04:51 UTC +++ usr/lib/soft_stdll/soft_specific.c @@ -19,6 +19,10 @@ @@ -11,7 +11,7 @@ #include #include // for memcmp() et al #include -@@ -36,7 +40,17 @@ +@@ -38,7 +42,17 @@ #include #include #include @@ -27,5 +27,5 @@ #include +#endif - #include #include + #include diff --git a/security/opencryptoki/files/patch-usr-lib-soft_stdll-soft_stdll.mk b/security/opencryptoki/files/patch-usr-lib-soft_stdll-soft_stdll.mk index 1c0b8fcdd670..484201a38bb4 100644 --- a/security/opencryptoki/files/patch-usr-lib-soft_stdll-soft_stdll.mk +++ b/security/opencryptoki/files/patch-usr-lib-soft_stdll-soft_stdll.mk @@ -1,4 +1,4 @@ ---- usr/lib/soft_stdll/soft_stdll.mk.orig 2018-11-16 14:53:03 UTC +--- usr/lib/soft_stdll/soft_stdll.mk.orig 2022-04-25 11:04:51 UTC +++ usr/lib/soft_stdll/soft_stdll.mk @@ -4,7 +4,7 @@ noinst_HEADERS += usr/lib/soft_stdll/tok_struct.h @@ -6,6 +6,6 @@ -DDEV -D_THREAD_SAFE -DSHALLOW=0 -DSWTOK=1 -DLITE=0 -DNOCDMF \ - -DNOMD2 -DNODSA -DNORIPE -fPIC -I${srcdir}/usr/lib/soft_stdll \ + -DNOMD2 -DNODSA -DNORIPE $(FPIC) -I${srcdir}/usr/lib/soft_stdll \ + -DTOK_NEW_DATA_STORE=0x0003000c \ -I${srcdir}/usr/lib/common -I${srcdir}/usr/include \ - -DSTDLL_NAME=\"swtok\" - + -DSTDLL_NAME=\"swtok\" -I${top_builddir}/usr/lib/api \ diff --git a/security/opencryptoki/files/patch-usr-lib-tpm_stdll-tpm_specific.c b/security/opencryptoki/files/patch-usr-lib-tpm_stdll-tpm_specific.c new file mode 100644 index 000000000000..076414c35609 --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-tpm_stdll-tpm_specific.c @@ -0,0 +1,14 @@ +--- usr/lib/tpm_stdll/tpm_specific.c.orig 2022-04-25 11:04:51 UTC ++++ usr/lib/tpm_stdll/tpm_specific.c +@@ -3251,9 +3251,9 @@ int token_specific_creatlock(void) + "Directory(%s) missing: %s\n", lockdir, strerror(errno)); + goto err; + } +- grp = getgrnam("pkcs11"); ++ grp = getgrnam(PKCS11GROUP); + if (grp == NULL) { +- fprintf(stderr, "getgrname(pkcs11): %s", strerror(errno)); ++ fprintf(stderr, "getgrname(" PKCS11GROUP "): %s", strerror(errno)); + goto err; + } + /* set ownership to euid, and pkcs11 group */ diff --git a/security/opencryptoki/files/patch-usr-sbin-p11sak-p11sak.c b/security/opencryptoki/files/patch-usr-sbin-p11sak-p11sak.c new file mode 100644 index 000000000000..3dddb5de9d8b --- /dev/null +++ b/security/opencryptoki/files/patch-usr-sbin-p11sak-p11sak.c @@ -0,0 +1,20 @@ +--- usr/sbin/p11sak/p11sak.c.orig 2022-04-25 11:04:51 UTC ++++ usr/sbin/p11sak/p11sak.c +@@ -19,7 +19,7 @@ + #include "cfgparser.h" + #include "configuration.h" + #include +-#include ++#include + + #include + #include +@@ -81,7 +81,7 @@ static void load_pkcs11lib(void) + const char *libname; + + /* check for environment variable PKCSLIB */ +- libname = secure_getenv("PKCSLIB"); ++ libname = getenv("PKCSLIB"); + if (libname == NULL || strlen(libname) < 1) + libname = default_pkcs11lib; + diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c b/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c index 96a5dff1a837..5191373d0e1e 100644 --- a/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c +++ b/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c @@ -1,11 +1,20 @@ ---- usr/sbin/pkcsconf/pkcsconf.c.orig 2018-11-16 14:53:03 UTC +--- usr/sbin/pkcsconf/pkcsconf.c.orig 2022-04-25 11:04:51 UTC +++ usr/sbin/pkcsconf/pkcsconf.c -@@ -530,6 +530,8 @@ CK_RV display_pkcs11_info(void) - printf("\tLibrary Version %d.%d \n", CryptokiInfo.libraryVersion.major, +@@ -548,7 +548,7 @@ CK_RV check_user_and_group(void) + * when forked). So we need to get the group information. + * Really need to take the uid and map it to a name. + */ +- grp = getgrnam("pkcs11"); ++ grp = getgrnam(PKCS11GROUP); + if (grp == NULL) { + return CKR_FUNCTION_FAILED; + } +@@ -589,6 +589,8 @@ CK_RV display_pkcs11_info(void) + printf("\tLibrary Description: %.32s \n", CryptokiInfo.libraryDescription); + printf("\tLibrary Version: %d.%d \n", CryptokiInfo.libraryVersion.major, CryptokiInfo.libraryVersion.minor); - -+ cleanup(); + ++ cleanup(); + return rc; } - diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.mk b/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.mk index 7f56db8137e3..f7c8bb358539 100644 --- a/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.mk +++ b/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.mk @@ -1,4 +1,4 @@ ---- usr/sbin/pkcsconf/pkcsconf.mk.orig 2018-11-16 14:53:03 UTC +--- usr/sbin/pkcsconf/pkcsconf.mk.orig 2022-04-25 11:04:51 UTC +++ usr/sbin/pkcsconf/pkcsconf.mk @@ -1,7 +1,7 @@ sbin_PROGRAMS += usr/sbin/pkcsconf/pkcsconf @@ -7,5 +7,5 @@ -usr_sbin_pkcsconf_pkcsconf_LDFLAGS = -lpthread -ldl -lcrypto +usr_sbin_pkcsconf_pkcsconf_LDFLAGS = -lpthread -lcrypto - usr_sbin_pkcsconf_pkcsconf_CFLAGS = \ - -D_THREAD_SAFE -DDEBUG -DDEV -DAPI \ + usr_sbin_pkcsconf_pkcsconf_CFLAGS = -D_THREAD_SAFE -DDEBUG -DDEV \ + -DAPI -I${srcdir}/usr/include -I${srcdir}/usr/lib/common \ diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-mutex.c b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-mutex.c index e64ad70486a9..dfb4f47233c6 100644 --- a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-mutex.c +++ b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-mutex.c @@ -1,6 +1,6 @@ ---- usr/sbin/pkcsslotd/mutex.c.orig 2018-11-16 14:53:03 UTC +--- usr/sbin/pkcsslotd/mutex.c.orig 2022-04-25 11:04:51 UTC +++ usr/sbin/pkcsslotd/mutex.c -@@ -16,10 +16,29 @@ +@@ -16,10 +16,24 @@ #include #include #include @@ -9,11 +9,6 @@ #include "log.h" #include "slotmgr.h" -+#ifdef __sun -+#define LOCK_EX F_LOCK -+#define LOCK_UN F_ULOCK -+#define flock(fd, func) lockf(fd, func, 0) -+#endif +#ifndef LOCK_SH +#define LOCK_SH 1 /* shared lock */ +#endif @@ -30,12 +25,12 @@ static int xplfd = -1; int CreateXProcLock(void) -@@ -41,7 +60,7 @@ int CreateXProcLock(void) - goto error; - } +@@ -37,7 +51,7 @@ int CreateXProcLock(void) + goto error; + } -- grp = getgrnam("pkcs11"); -+ grp = getgrnam(PKCS11GROUP); - if (grp != NULL) { - if (fchown(xplfd, -1, grp->gr_gid) == -1) { - DbgLog(DL0, "%s:fchown(%s):%s\n", +- grp = getgrnam("pkcs11"); ++ grp = getgrnam(PKCS11GROUP); + if (grp != NULL) { + if (fchown(xplfd, -1, grp->gr_gid) == -1) { + DbgLog(DL0, "%s:fchown(%s):%s\n", diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-opencryptoki.conf b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-opencryptoki.conf new file mode 100644 index 000000000000..9b9a5c6060ca --- /dev/null +++ b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-opencryptoki.conf @@ -0,0 +1,60 @@ +--- usr/sbin/pkcsslotd/opencryptoki.conf.orig 2022-04-25 11:04:51 UTC ++++ usr/sbin/pkcsslotd/opencryptoki.conf +@@ -21,31 +21,40 @@ version opencryptoki-3.18 + # + slot 0 + { +-stdll = libpkcs11_tpm.so +-tokversion = 3.12 ++ stdll = %%DLLDIR%%/libpkcs11_tpm.so ++ description = "TPM (Trusted Platform Module) Token" ++ tokversion = 3.12 *** 461 LINES SKIPPED ***