diff options
author | Hiroki Sato <hrs@FreeBSD.org> | 2019-03-03 03:47:33 +0000 |
---|---|---|
committer | Hiroki Sato <hrs@FreeBSD.org> | 2019-03-03 03:47:33 +0000 |
commit | 24b4037afadd4e714322c5d93291911ca083c6f3 (patch) | |
tree | 60eaf15c38299ca937e0beb637be1c5e99ce0c93 /security/opencryptoki | |
parent | 0d30f133acf14017c28b4730f706146502d6352d (diff) | |
download | ports-24b4037afadd4e714322c5d93291911ca083c6f3.tar.gz ports-24b4037afadd4e714322c5d93291911ca083c6f3.zip |
Update to 3.11.0, which supports OpenSSL 1.0.x and 1.1.x.
Notes
Notes:
svn path=/head/; revision=494474
Diffstat (limited to 'security/opencryptoki')
42 files changed, 535 insertions, 554 deletions
diff --git a/security/opencryptoki/Makefile b/security/opencryptoki/Makefile index 5257cf8bded7..55f568102880 100644 --- a/security/opencryptoki/Makefile +++ b/security/opencryptoki/Makefile @@ -2,10 +2,9 @@ # $FreeBSD$ PORTNAME= opencryptoki -PORTVERSION= 3.6 -PORTREVISION= 1 +PORTVERSION= 3.11.0 +DISTVERSIONPREFIX= v CATEGORIES= security -MASTER_SITES= SF MAINTAINER= hrs@FreeBSD.org COMMENT= Open PKCS\#11 implementation library @@ -17,12 +16,15 @@ LICENSE_PERMS= dist-mirror dist-sell pkg-mirror pkg-sell auto-accept LIB_DEPENDS= libtspi.so:security/trousers -USES= alias autoreconf gmake libtool ssl tar:tgz +USES= alias autoreconf gmake libtool localbase ssl tar:tgz +USE_GCC= any +USE_OPENLDAP= yes USE_LDCONFIG= ${PREFIX}/lib/opencryptoki -WRKSRC= ${WRKDIR}/${PORTNAME} +USE_GITHUB= yes INSTALL_TARGET= install-strip GNU_CONFIGURE= yes CONFIGURE_ARGS= --enable-swtok --enable-tpmtok \ + --enable-icsftok \ --disable-crtok --disable-aeptok \ --disable-ccatok --disable-bcomtok \ --disable-pkcscca_migrate \ @@ -33,8 +35,6 @@ CONFIGURE_ARGS= --enable-swtok --enable-tpmtok \ --with-pkcs11user=${USERS} \ --with-pkcs11group=${GROUPS} \ ac_cv_path_CHGRP=true -CFLAGS+= -I${LOCALBASE}/include -LDFLAGS+= -L${LOCALBASE}/lib USE_RC_SUBR= pkcsslotd SUB_FILES= pkg-message SUB_LIST= USERS="${USERS}" GROUPS="${GROUPS}" @@ -42,11 +42,6 @@ PLIST_SUB= USERS="${USERS}" GROUPS="${GROUPS}" USERS= _pkcs11 GROUPS= _pkcs11 -OPTIONS_DEFINE= LDAP -OPTIONS_SUB= yes -LDAP_CONFIGURE_ENABLE= icsf -LDAP_USE= OPENLDAP=yes - post-install: ${MV} ${STAGEDIR}${ETCDIR}/opencryptoki.conf \ ${STAGEDIR}${ETCDIR}/opencryptoki.conf.sample diff --git a/security/opencryptoki/distinfo b/security/opencryptoki/distinfo index 889821867fe7..263bcc0db79a 100644 --- a/security/opencryptoki/distinfo +++ b/security/opencryptoki/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1478467347 -SHA256 (opencryptoki-3.6.tgz) = f78a70632e50f6275467e84e95c6fa10dca2078da4e394518280defeb3169d2a -SIZE (opencryptoki-3.6.tgz) = 1067759 +TIMESTAMP = 1551564276 +SHA256 (opencryptoki-opencryptoki-v3.11.0_GH0.tar.gz) = 4d901373b08ed0b0d56a4df5e3f35a7d17142bdc5c5bf9b37c8a10200a08d6fd +SIZE (opencryptoki-opencryptoki-v3.11.0_GH0.tar.gz) = 935891 diff --git a/security/opencryptoki/files/patch-Makefile.am b/security/opencryptoki/files/patch-Makefile.am index c8b6767f98af..b8e43eab836d 100644 --- a/security/opencryptoki/files/patch-Makefile.am +++ b/security/opencryptoki/files/patch-Makefile.am @@ -1,9 +1,128 @@ ---- Makefile.am.orig 2016-04-29 17:26:45 UTC -+++ Makefile.am -@@ -8,5 +8,5 @@ if ENABLE_DAEMON - MISCDIR = misc +--- Makefile.am.orig 2018-11-16 23:53:03.000000000 +0900 ++++ Makefile.am 2019-03-03 12:39:45.031868000 +0900 +@@ -29,7 +29,6 @@ + include man/man.mk + include usr/usr.mk + +- + install-data-hook: + if ENABLE_LIBRARY + $(MKDIR_P) $(DESTDIR)$(libdir)/opencryptoki/stdll +@@ -37,9 +36,9 @@ + cd $(DESTDIR)$(libdir)/opencryptoki && \ + ln -fs libopencryptoki.so PKCS11_API.so + cd $(DESTDIR)$(libdir)/opencryptoki && \ +- ln -nfs $(sbindir) methods ++ ln -nfs ../../sbin methods + cd $(DESTDIR)$(libdir)/pkcs11 && \ +- ln -nfs $(sbindir) methods ++ ln -nfs ../../sbin methods + cd $(DESTDIR)$(libdir)/pkcs11 && \ + ln -fs ../opencryptoki/libopencryptoki.so PKCS11_API.so + cd $(DESTDIR)$(libdir)/pkcs11 && \ +@@ -51,24 +50,24 @@ + cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ + ln -fs libpkcs11_cca.so PKCS11_CCA.so + $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ +- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ +- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok + $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ + $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok + $(MKDIR_P) $(DESTDIR)$(lockdir)/ccatok +- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/ccatok ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/ccatok + $(CHMOD) 0770 $(DESTDIR)$(lockdir)/ccatok + endif + if ENABLE_EP11TOK + cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ + ln -fs libpkcs11_ep11.so PKCS11_EP11.so + $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok/TOK_OBJ +- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok/TOK_OBJ +- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok/TOK_OBJ ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok + $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok/TOK_OBJ + $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok + $(MKDIR_P) $(DESTDIR)$(lockdir)/ep11tok +- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/ep11tok ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/ep11tok + $(CHMOD) 0770 $(DESTDIR)$(lockdir)/ep11tok + test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true + test -f $(DESTDIR)$(sysconfdir)/opencryptoki/ep11tok.conf || $(INSTALL) -m 644 $(srcdir)/usr/lib/ep11_stdll/ep11tok.conf $(DESTDIR)$(sysconfdir)/opencryptoki/ep11tok.conf || true +@@ -78,24 +77,24 @@ + cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ + ln -fs libpkcs11_ica.so PKCS11_ICA.so + $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ +- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ +- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite + $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ + $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite + $(MKDIR_P) $(DESTDIR)$(lockdir)/lite +- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/lite ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/lite + $(CHMOD) 0770 $(DESTDIR)$(lockdir)/lite + endif + if ENABLE_SWTOK + cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ + ln -fs libpkcs11_sw.so PKCS11_SW.so + $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ +- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ +- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok + $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ + $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok + $(MKDIR_P) $(DESTDIR)$(lockdir)/swtok +- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/swtok ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/swtok + $(CHMOD) 0770 $(DESTDIR)$(lockdir)/swtok + endif + if ENABLE_TPMTOK +@@ -103,10 +102,10 @@ + cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ + ln -fs libpkcs11_tpm.so PKCS11_TPM.so + $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm +- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm + $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm + $(MKDIR_P) $(DESTDIR)$(lockdir)/tpm +- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/tpm ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/tpm + $(CHMOD) 0770 $(DESTDIR)$(lockdir)/tpm + endif + if ENABLE_ICSFTOK +@@ -114,10 +113,10 @@ + cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ + ln -fs libpkcs11_icsf.so PKCS11_ICSF.so + $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf +- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf + $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf + $(MKDIR_P) $(DESTDIR)$(lockdir)/icsf +- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/icsf ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/icsf + $(CHMOD) 0770 $(DESTDIR)$(lockdir)/icsf + endif + if ENABLE_DAEMON +@@ -130,16 +129,8 @@ + rm -f $(DESTDIR)/usr/lib/systemd/system/tmpfiles.conf + endif endif +- $(MKDIR_P) $(DESTDIR)/etc/ld.so.conf.d +- echo "$(libdir)/opencryptoki" >\ +- $(DESTDIR)/etc/ld.so.conf.d/opencryptoki-$(target_cpu).conf +- echo "$(libdir)/opencryptoki/stdll" >>\ +- $(DESTDIR)/etc/ld.so.conf.d/opencryptoki-$(target_cpu).conf +- @echo "--------------------------------------------------------------" +- @echo "Remember you must run ldconfig before using the above settings" +- @echo "--------------------------------------------------------------" + $(MKDIR_P) $(DESTDIR)$(lockdir) $(DESTDIR)$(logdir) +- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir) $(DESTDIR)$(logdir) ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir) $(DESTDIR)$(logdir) + $(CHMOD) 0770 $(DESTDIR)$(lockdir) $(DESTDIR)$(logdir) --SUBDIRS = usr man $(MISCDIR) $(TESTDIR) -+SUBDIRS = usr man $(TESTDIR) diff --git a/security/opencryptoki/files/patch-configure.in b/security/opencryptoki/files/patch-configure.ac index dd2a9321b9e2..866c75f80e4d 100644 --- a/security/opencryptoki/files/patch-configure.in +++ b/security/opencryptoki/files/patch-configure.ac @@ -1,73 +1,74 @@ ---- configure.in.orig 2016-04-29 17:26:45 UTC -+++ configure.in -@@ -6,6 +6,9 @@ AC_CANONICAL_SYSTEM - - AM_INIT_AUTOMAKE([foreign 1.6]) +--- configure.ac.orig 2018-11-16 14:53:03 UTC ++++ configure.ac +@@ -12,6 +12,9 @@ dnl Checks for header files. + AC_DISABLE_STATIC + LT_INIT +AC_DEFINE(_BSD_SOURCE, 1, BSD functions) +AC_DEFINE(__BSD_VISIBLE, 1, BSD extensions) + - dnl Checks for header files. - AC_DISABLE_STATIC - LT_INIT -@@ -25,6 +28,7 @@ AC_FUNC_MEMCMP - AC_FUNC_STRFTIME - AC_FUNC_VPRINTF - AC_CHECK_FUNCS([getcwd]) -+AC_CHECK_FUNCS([asprintf]) + AC_HEADER_STDC + AC_CHECK_HEADER_STDBOOL + AC_CHECK_HEADERS([arpa/inet.h fcntl.h libintl.h limits.h locale.h malloc.h \ +@@ -77,18 +80,27 @@ fi + AC_CHECK_LIB([itm], [_ITM_commitTransaction], [itm=yes], [itm=no]) - dnl Used in various scripts - AC_PATH_PROG([ID], [id], [/us/bin/id]) -@@ -40,10 +44,16 @@ AC_PROG_YACC + OPENLDAP_LIBS= +-AC_CHECK_HEADERS([lber.h ldap.h], ++if test "x$enable_icsftok" = "xyes"; then ++ AC_CHECK_HEADERS([lber.h ldap.h], + [OPENLDAP_LIBS="-llber -lldap"], + [AC_MSG_ERROR([lber.h and ldap.h are missing. Please install + 'openldap-devel'.])]) +-LIBS="$LIBS $OPENLDAP_LIBS" ++ LIBS="$LIBS $OPENLDAP_LIBS" ++fi + AC_SUBST([OPENLDAP_LIBS]) dnl Define custom variables -lockdir=$localstatedir/lock/opencryptoki +AC_ARG_WITH([lockdir], + [AS_HELP_STRING([--with-lockdir],[lock directory])], -+ [lockdir=$withval], -+ [lockdir=$localstatedir/lock/opencryptoki]) ++ [lockdir=$withval], ++ [lockdir=$localstatedir/lock/opencryptoki]) AC_SUBST(lockdir) --logdir=$localstatedir/log/opencryptoki +AC_ARG_WITH([logdir], + [AS_HELP_STRING([--with-logdir],[log directory])], -+ [logdir=$withval], -+ [logdir=$localstatedir/log/opencryptoki]) ++ [logdir=$withval], ++ [logdir=$localstatedir/log/opencryptoki]) + logdir=$localstatedir/log/opencryptoki AC_SUBST(logdir) - dnl --- -@@ -166,6 +176,21 @@ AC_ARG_WITH([systemd], +@@ -225,6 +237,19 @@ AC_ARG_WITH([systemd], [], [with_systemd=no]) +dnl --- check for pkcs11 user +AC_ARG_WITH([pkcs11user], + AC_HELP_STRING([--with-pkcs11user[[=USER]]], [set pkcs11 user [[pkcs11]]]), -+ [pkcs11_user=$withval], -+ [pkcs11_user=pkcs11]) -+ ++ [pkcs11_user=$withval], ++ [pkcs11_user=pkcs11]) +dnl --- check for pkcs11 group +AC_ARG_WITH(pkcs11group, + AC_HELP_STRING([--with-pkcs11group[[=GROUP]]], [set pkcs11 group [[pkcs11]]]), + [pkcs11_group=$withval], + [pkcs11_group=pkcs11]) -+ +AC_SUBST(PKCS11USER, $pkcs11_user) +AC_SUBST(PKCS11GROUP, $pkcs11_group) + dnl --- dnl --- dnl --- Now that we have all the options, let's check for a valid build -@@ -554,13 +579,31 @@ fi - - AM_CONDITIONAL([ENABLE_PKCSEP11_MIGRATE], [test "x$enable_pkcsep11_migrate" = "xyes"]) +@@ -598,12 +623,31 @@ else + fi + AM_CONDITIONAL([ENABLE_LOCKS], [test "x$enable_locks" = "xyes"]) --CFLAGS="$CFLAGS -DPKCS64 -D_XOPEN_SOURCE=600 -Wall -Wno-pointer-sign" -- --CFLAGS+=' -DCONFIG_PATH=\"$(localstatedir)/lib/opencryptoki\" -DSBIN_PATH=\"$(sbindir)\" -DLIB_PATH=\"$(libdir)\" -DLOCKDIR_PATH=\"$(lockdir)\" -DOCK_CONFDIR=\"$(sysconfdir)/opencryptoki\" -DOCK_LOGDIR=\"$(logdir)\"' +-CFLAGS="$CFLAGS -DPKCS64 -D_XOPEN_SOURCE=600 -Wall -Wextra" +CFLAGS="$CFLAGS \ + -Wall \ ++ -Wextra \ + -Wno-pointer-sign \ +" +CPPFX=' \ @@ -86,11 +87,12 @@ + -DPKCS11GROUP=\\\"${pkcs11_group}\\\" \ +" +-CFLAGS+=' -DCONFIG_PATH=\"$(localstatedir)/lib/opencryptoki\" -DSBIN_PATH=\"$(sbindir)\" -DLIB_PATH=\"$(libdir)\" -DLOCKDIR_PATH=\"$(lockdir)\" -DOCK_CONFDIR=\"$(sysconfdir)/opencryptoki\" -DOCK_LOGDIR=\"$(logdir)\"' +- # At this point, CFLAGS is set to something sensible AC_PROG_CC - -+AC_SUBST(FPIC, $lt_prog_compiler_pic) + - AC_CONFIG_FILES([Makefile usr/Makefile \ - usr/include/Makefile \ - usr/include/pkcs11/Makefile \ ++AC_SUBST(FPIC, $lt_prog_compiler_pic) + + AC_CONFIG_MACRO_DIRS([m4]) + diff --git a/security/opencryptoki/files/patch-misc-misc.mk b/security/opencryptoki/files/patch-misc-misc.mk new file mode 100644 index 000000000000..08f253865917 --- /dev/null +++ b/security/opencryptoki/files/patch-misc-misc.mk @@ -0,0 +1,17 @@ +--- misc/misc.mk.orig 2018-11-16 14:53:03 UTC ++++ misc/misc.mk +@@ -39,14 +39,5 @@ ${srcdir}/misc/tmpfiles.conf: ${srcdir}/misc/tmpfiles. + $(foreach TOK,$(TOKENS),\ + echo "D $(lockdir)/$(TOK) 0770 root pkcs11 -" >> $@-t;) + mv $@-t $@ +-else +-initddir = $(sysconfdir)/rc.d/init.d +-initd_SCRIPTS = misc/pkcsslotd +- +-CLEANFILES += misc/pkcsslotd +-${srcdir}/misc/pkcsslotd: ${srcdir}/misc/pkcsslotd.in +- @SED@ -e s!\@sbindir\@!"@sbindir@"!g < $< > $@-t +- @CHMOD@ a+x $@-t +- mv $@-t $@ + endif + endif diff --git a/security/opencryptoki/files/patch-usr-lib-Makefile.am b/security/opencryptoki/files/patch-usr-lib-Makefile.am deleted file mode 100644 index ff1023b1e9a4..000000000000 --- a/security/opencryptoki/files/patch-usr-lib-Makefile.am +++ /dev/null @@ -1,15 +0,0 @@ ---- usr/lib/Makefile.am.orig 2016-04-29 17:26:45 UTC -+++ usr/lib/Makefile.am -@@ -1,12 +1,4 @@ - SUBDIRS = pkcs11 - --install-data-hook: -- $(MKDIR_P) $(DESTDIR)/etc/ld.so.conf.d -- echo "$(libdir)/opencryptoki" >\ -- $(DESTDIR)/etc/ld.so.conf.d/opencryptoki-$(target_cpu).conf -- echo "$(libdir)/opencryptoki/stdll" >>\ -- $(DESTDIR)/etc/ld.so.conf.d/opencryptoki-$(target_cpu).conf -- echo "**** Remember you must run ldconfig before using the above settings ****" -- - uninstall-hook: - rm -f $(DESTDIR)/etc/ld.so.conf.d/opencryptoki-$(target_cpu).conf diff --git a/security/opencryptoki/files/patch-usr-lib-api-api.mk b/security/opencryptoki/files/patch-usr-lib-api-api.mk new file mode 100644 index 000000000000..759a7e0e62a7 --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-api-api.mk @@ -0,0 +1,17 @@ +--- usr/lib/api/api.mk.orig 2018-11-16 14:53:03 UTC ++++ usr/lib/api/api.mk +@@ -7,12 +7,12 @@ SO_REVISION=0 + SO_AGE=0 + + opencryptoki_libopencryptoki_la_CFLAGS = \ +- -DAPI -DDEV -D_THREAD_SAFE -fPIC -I${srcdir}/usr/include \ ++ -DAPI -DDEV -D_THREAD_SAFE $(FPIC) -I${srcdir}/usr/include \ + -I${srcdir}/usr/lib/common -I${srcdir}/usr/lib/api \ + -DSTDLL_NAME=\"api\" + + opencryptoki_libopencryptoki_la_LDFLAGS = \ +- -shared -Wl,-z,defs,-Bsymbolic -lc -ldl -lpthread \ ++ -shared -Wl,-z,defs,-Bsymbolic -lc -lpthread \ + -version-info $(SO_CURRENT):$(SO_REVISION):$(SO_AGE) \ + -Wl,--version-script=${srcdir}/opencryptoki.map + diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-api-apiutil.c b/security/opencryptoki/files/patch-usr-lib-api-apiutil.c index 12ad45d9473a..76d2b849d7fb 100644 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-api-apiutil.c +++ b/security/opencryptoki/files/patch-usr-lib-api-apiutil.c @@ -1,6 +1,6 @@ ---- usr/lib/pkcs11/api/apiutil.c.orig 2016-04-29 17:26:45 UTC -+++ usr/lib/pkcs11/api/apiutil.c -@@ -298,10 +298,10 @@ +--- usr/lib/api/apiutil.c.orig 2018-11-16 14:53:03 UTC ++++ usr/lib/api/apiutil.c +@@ -19,10 +19,10 @@ #include <string.h> #include <strings.h> #include <unistd.h> @@ -12,7 +12,7 @@ #include <sys/ipc.h> -@@ -314,7 +314,6 @@ +@@ -35,7 +35,6 @@ #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> diff --git a/security/opencryptoki/files/patch-usr-lib-api-shrd_mem.c.in b/security/opencryptoki/files/patch-usr-lib-api-shrd_mem.c.in new file mode 100644 index 000000000000..09a387d7fbd5 --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-api-shrd_mem.c.in @@ -0,0 +1,11 @@ +--- usr/lib/api/shrd_mem.c.in.orig 2018-11-16 14:53:03 UTC ++++ usr/lib/api/shrd_mem.c.in +@@ -74,7 +74,7 @@ void *attach_shared_memory() + // only check group membership if not root user + if (uid != 0 && euid != 0) { + int i, member = 0; +- grp = getgrnam("pkcs11"); ++ grp = getgrnam(PKCS11GROUP); + if (!grp) { + // group pkcs11 not known to the system + return NULL; diff --git a/security/opencryptoki/files/patch-usr-lib-api-socket_client.c b/security/opencryptoki/files/patch-usr-lib-api-socket_client.c new file mode 100644 index 000000000000..51ad9ddeb5ed --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-api-socket_client.c @@ -0,0 +1,11 @@ +--- usr/lib/api/socket_client.c.orig 2018-11-16 14:53:03 UTC ++++ usr/lib/api/socket_client.c +@@ -51,7 +51,7 @@ int init_socket_data() + return FALSE; + } + +- grp = getgrnam("pkcs11"); ++ grp = getgrnam(PKCS11GROUP); + if (!grp) { + OCK_SYSLOG(LOG_ERR, + "init_socket_data: pkcs11 group does not exist, errno=%d", diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-btree.c b/security/opencryptoki/files/patch-usr-lib-common-btree.c index 99b2e72e83cd..cb297e19006a 100644 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-btree.c +++ b/security/opencryptoki/files/patch-usr-lib-common-btree.c @@ -1,6 +1,6 @@ ---- usr/lib/pkcs11/common/btree.c.orig 2016-04-29 17:26:45 UTC -+++ usr/lib/pkcs11/common/btree.c -@@ -30,7 +30,7 @@ +--- usr/lib/common/btree.c.orig 2018-11-16 14:53:03 UTC ++++ usr/lib/common/btree.c +@@ -18,7 +18,7 @@ #include <stdio.h> diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-host_defs.h b/security/opencryptoki/files/patch-usr-lib-common-host_defs.h index ff265b810d7e..263df0b9d661 100644 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-host_defs.h +++ b/security/opencryptoki/files/patch-usr-lib-common-host_defs.h @@ -1,8 +1,8 @@ ---- usr/lib/pkcs11/common/host_defs.h.orig 2016-04-29 17:26:45 UTC -+++ usr/lib/pkcs11/common/host_defs.h -@@ -294,12 +294,23 @@ - /* (C) COPYRIGHT International Business Machines Corp. 2001,2002 */ - +--- usr/lib/common/host_defs.h.orig 2018-11-16 14:53:03 UTC ++++ usr/lib/common/host_defs.h +@@ -8,12 +8,23 @@ + * https://opensource.org/licenses/cpl1.0.php + */ +#include <sys/types.h> #include <sys/mman.h> @@ -13,14 +13,14 @@ +#if defined(__OpenBSD__) || defined(__FreeBSD__) +#include <sys/endian.h> +#ifdef _BYTE_ORDER -+#define __BYTE_ORDER _BYTE_ORDER ++#define __BYTE_ORDER _BYTE_ORDER +#endif +#ifdef _LITTLE_ENDIAN -+#define __LITTLE_ENDIAN _LITTLE_ENDIAN ++#define __LITTLE_ENDIAN _LITTLE_ENDIAN +#endif +#else #include <endian.h> +#endif #include "pkcs32.h" - + #include <stdint.h> diff --git a/security/opencryptoki/files/patch-usr-lib-common-loadsave.c b/security/opencryptoki/files/patch-usr-lib-common-loadsave.c new file mode 100644 index 000000000000..2ac5ea0f2587 --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-common-loadsave.c @@ -0,0 +1,23 @@ +--- usr/lib/common/loadsave.c.orig 2018-11-16 14:53:03 UTC ++++ usr/lib/common/loadsave.c +@@ -20,11 +20,9 @@ + #include <string.h> + #include <strings.h> + #include <unistd.h> +-#include <alloca.h> + #include <sys/types.h> + #include <sys/stat.h> + #include <sys/ipc.h> +-#include <sys/file.h> + #include <errno.h> + #include <syslog.h> + #include <pwd.h> +@@ -370,7 +368,7 @@ void set_perm(int file) + // Set absolute permissions or rw-rw---- + fchmod(file, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP); + +- grp = getgrnam("pkcs11"); // Obtain the group id ++ grp = getgrnam(PKCS11GROUP); // Obtain the group id + if (grp) { + // set ownership to root, and pkcs11 group + if (fchown(file, getuid(), grp->gr_gid) != 0) { diff --git a/security/opencryptoki/files/patch-usr-lib-common-trace.c b/security/opencryptoki/files/patch-usr-lib-common-trace.c new file mode 100644 index 000000000000..8af744f2dced --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-common-trace.c @@ -0,0 +1,19 @@ +--- usr/lib/common/trace.c.orig 2018-11-16 14:53:03 UTC ++++ usr/lib/common/trace.c +@@ -21,6 +21,7 @@ + #include <unistd.h> + #include <sys/file.h> + #include <sys/types.h> ++#include <sys/stat.h> + + #include "pkcs11types.h" + #include "defs.h" +@@ -170,7 +171,7 @@ CK_RV trace_initialize(void) + return (CKR_FUNCTION_FAILED); + } + +- grp = getgrnam("pkcs11"); ++ grp = getgrnam(PKCS11GROUP); + if (grp == NULL) { + OCK_SYSLOG(LOG_ERR, "getgrnam(pkcs11) failed: %s." + "Tracing is disabled.\n", strerror(errno)); diff --git a/security/opencryptoki/files/patch-usr-lib-common-utility.c b/security/opencryptoki/files/patch-usr-lib-common-utility.c new file mode 100644 index 000000000000..106922a9c42d --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-common-utility.c @@ -0,0 +1,54 @@ +--- usr/lib/common/utility.c.orig 2018-11-16 14:53:03 UTC ++++ usr/lib/common/utility.c +@@ -21,6 +21,7 @@ + #include <errno.h> + #include <pwd.h> + #include <grp.h> ++#include <fcntl.h> + + #include "pkcs11types.h" + #include "defs.h" +@@ -35,6 +36,25 @@ + #include <sys/file.h> + #include <syslog.h> + ++#ifdef __sun ++#define LOCK_EX F_LOCK ++#define LOCK_UN F_ULOCK ++#define flock(fd, func) lockf(fd, func, 0) ++#endif ++ ++#ifndef LOCK_SH ++#define LOCK_SH 1 /* shared lock */ ++#endif ++#ifndef LOCK_EX ++#define LOCK_EX 2 /* exclusive lock */ ++#endif ++#ifndef LOCK_NB ++#define LOCK_NB 4 /* don't block when locking */ ++#endif ++#ifndef LOCK_UN ++#define LOCK_UN 8 /* unlock */ ++#endif ++ + // Function: dlist_add_as_first() + // + // Adds the specified node to the start of the list +@@ -317,7 +337,7 @@ CK_RV CreateXProcLock(char *tokname, STDLL_TokData_t * + lockdir, strerror(errno)); + goto err; + } +- grp = getgrnam("pkcs11"); ++ grp = getgrnam(PKCS11GROUP); + if (grp == NULL) { + fprintf(stderr, "getgrname(pkcs11): %s", strerror(errno)); + goto err; +@@ -355,7 +375,7 @@ CK_RV CreateXProcLock(char *tokname, STDLL_TokData_t * + goto err; + } + +- grp = getgrnam("pkcs11"); ++ grp = getgrnam(PKCS11GROUP); + if (grp != NULL) { + if (fchown(tokdata->spinxplfd, -1, grp->gr_gid) == -1) { + OCK_SYSLOG(LOG_ERR, diff --git a/security/opencryptoki/files/patch-usr-lib-ica_s390_stdll-ica_s390_stdll.mk b/security/opencryptoki/files/patch-usr-lib-ica_s390_stdll-ica_s390_stdll.mk new file mode 100644 index 000000000000..53c9d5f8ab0e --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-ica_s390_stdll-ica_s390_stdll.mk @@ -0,0 +1,19 @@ +--- usr/lib/ica_s390_stdll/ica_s390_stdll.mk.orig 2018-11-16 14:53:03 UTC ++++ usr/lib/ica_s390_stdll/ica_s390_stdll.mk +@@ -3,14 +3,14 @@ nobase_lib_LTLIBRARIES += opencryptoki/stdll/libpkcs11 + noinst_HEADERS += usr/lib/ica_s390_stdll/tok_struct.h + + opencryptoki_stdll_libpkcs11_ica_la_CFLAGS = \ +- -DDEV -D_THREAD_SAFE -fPIC -DSHALLOW=0 -DSWTOK=0 -DLITE=1 \ ++ -DDEV -D_THREAD_SAFE $(FPIC) -DSHALLOW=0 -DSWTOK=0 -DLITE=1 \ + -DNODH -DNOCDMF -DNOMD2 -DNODSA -DSTDLL_NAME=\"icatok\" \ + $(ICA_INC_DIRS) -I${srcdir}/usr/lib/ica_s390_stdll \ + -I${srcdir}/usr/lib/common -I${srcdir}/usr/include + + opencryptoki_stdll_libpkcs11_ica_la_LDFLAGS = \ + $(LCRYPTO) $(ICA_LIB_DIRS) -nostartfiles -shared \ +- -Wl,-z,defs,-Bsymbolic -Wl,-soname,$@ -lc -lpthread -lica -ldl \ ++ -Wl,-z,defs,-Bsymbolic -Wl,-soname,$@ -lc -lpthread -lica \ + -lcrypto -lrt \ + -Wl,--version-script=${srcdir}/opencryptoki_tok.map + diff --git a/security/opencryptoki/files/patch-usr-lib-icsf_stdll-pbkdf.c b/security/opencryptoki/files/patch-usr-lib-icsf_stdll-pbkdf.c new file mode 100644 index 000000000000..f40edd4569bd --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-icsf_stdll-pbkdf.c @@ -0,0 +1,11 @@ +--- usr/lib/icsf_stdll/pbkdf.c.orig 2018-11-16 14:53:03 UTC ++++ usr/lib/icsf_stdll/pbkdf.c +@@ -62,7 +62,7 @@ CK_RV set_perms(int file) + return CKR_FUNCTION_FAILED; + } + +- grp = getgrnam("pkcs11"); ++ grp = getgrnam(PKCS11GROUP); + if (grp) { + if (fchown(file, -1, grp->gr_gid) != 0) { + TRACE_ERROR("fchown failed: %s\n", strerror(errno)); diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-api-Makefile.am b/security/opencryptoki/files/patch-usr-lib-pkcs11-api-Makefile.am deleted file mode 100644 index 9c2819d4bf46..000000000000 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-api-Makefile.am +++ /dev/null @@ -1,18 +0,0 @@ ---- usr/lib/pkcs11/api/Makefile.am.orig 2016-04-29 17:26:45 UTC -+++ usr/lib/pkcs11/api/Makefile.am -@@ -4,13 +4,13 @@ SO_CURRENT=0 - SO_REVISION=0 - SO_AGE=0 - --opencryptoki_libopencryptoki_la_LDFLAGS = -shared -Wl,-Bsymbolic -lc -ldl \ -+opencryptoki_libopencryptoki_la_LDFLAGS = -shared -Wl,-Bsymbolic -lc \ - -lpthread -version-info \ - $(SO_CURRENT):$(SO_REVISION):$(SO_AGE) - - # Not all versions of automake observe libname_CFLAGS - opencryptoki_libopencryptoki_la_CFLAGS = -DAPI -DDEV -D_THREAD_SAFE \ -- -fPIC -I../. -I../../../include/pkcs11 \ -+ $(FPIC) -I../. -I../../../include/pkcs11 \ - -I ../common -DSTDLL_NAME=\"api\" - - opencryptoki_libopencryptoki_la_SOURCES = api_interface.c shrd_mem.c \ diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-api-shrd_mem.c.in b/security/opencryptoki/files/patch-usr-lib-pkcs11-api-shrd_mem.c.in deleted file mode 100644 index cda7f3706529..000000000000 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-api-shrd_mem.c.in +++ /dev/null @@ -1,11 +0,0 @@ ---- usr/lib/pkcs11/api/shrd_mem.c.in.orig 2016-04-29 17:26:45 UTC -+++ usr/lib/pkcs11/api/shrd_mem.c.in -@@ -357,7 +357,7 @@ attach_shared_memory() { - // only check group membership if not root user - if (uid != 0 && euid != 0) { - int i, member=0; -- grp = getgrnam("pkcs11"); -+ grp = getgrnam(PKCS11GROUP); - if (!grp) { - // group pkcs11 not known to the system - return NULL; diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-api-socket_client.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-api-socket_client.c deleted file mode 100644 index 92290bf70905..000000000000 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-api-socket_client.c +++ /dev/null @@ -1,11 +0,0 @@ ---- usr/lib/pkcs11/api/socket_client.c.orig 2016-04-29 17:26:45 UTC -+++ usr/lib/pkcs11/api/socket_client.c -@@ -320,7 +320,7 @@ init_socket_data() { - return FALSE; - } - -- grp = getgrnam("pkcs11"); -+ grp = getgrnam(PKCS11GROUP); - if ( !grp ) { - OCK_SYSLOG(LOG_ERR, "init_socket_data: pkcs11 group does not exist, errno=%d", errno); - return FALSE; diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-Makefile.am b/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-Makefile.am deleted file mode 100644 index c78feb04a83c..000000000000 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-Makefile.am +++ /dev/null @@ -1,18 +0,0 @@ ---- usr/lib/pkcs11/cca_stdll/Makefile.am.orig 2016-04-29 17:26:45 UTC -+++ usr/lib/pkcs11/cca_stdll/Makefile.am -@@ -66,12 +66,12 @@ install-data-hook: - cd $(DESTDIR)/$(libdir)/opencryptoki/stdll && \ - ln -sf libpkcs11_cca.so PKCS11_CCA.so - $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ -- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ -- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok -+ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ -+ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok - $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ - $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok - $(MKDIR_P) $(DESTDIR)$(lockdir)/ccatok -- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/ccatok -+ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/ccatok - $(CHMOD) 0770 $(DESTDIR)$(lockdir)/ccatok - - uninstall-hook: diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-loadsave.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-loadsave.c deleted file mode 100644 index 4a907660fcb6..000000000000 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-loadsave.c +++ /dev/null @@ -1,23 +0,0 @@ ---- usr/lib/pkcs11/common/loadsave.c.orig 2016-04-29 17:26:45 UTC -+++ usr/lib/pkcs11/common/loadsave.c -@@ -293,11 +293,9 @@ - #include <string.h> - #include <strings.h> - #include <unistd.h> --#include <alloca.h> - #include <sys/types.h> - #include <sys/stat.h> - #include <sys/ipc.h> --#include <sys/file.h> - #include <errno.h> - #include <syslog.h> - #include <pwd.h> -@@ -637,7 +635,7 @@ void set_perm(int file) - // Set absolute permissions or rw-rw---- - fchmod(file, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP); - -- grp = getgrnam("pkcs11"); // Obtain the group id -+ grp = getgrnam(PKCS11GROUP); // Obtain the group id - if (grp) { - // set ownership to root, and pkcs11 group - if (fchown(file, getuid(), grp->gr_gid) != 0) { diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-trace.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-trace.c deleted file mode 100644 index 52af68444618..000000000000 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-trace.c +++ /dev/null @@ -1,19 +0,0 @@ ---- usr/lib/pkcs11/common/trace.c.orig 2016-04-29 17:26:46 UTC -+++ usr/lib/pkcs11/common/trace.c -@@ -301,6 +301,7 @@ - #include <unistd.h> - #include <sys/file.h> - #include <sys/types.h> -+#include <sys/stat.h> - - #include "pkcs11types.h" - #include "defs.h" -@@ -449,7 +450,7 @@ CK_RV trace_initialize(void) - return(CKR_FUNCTION_FAILED); - } - -- grp = getgrnam("pkcs11"); -+ grp = getgrnam(PKCS11GROUP); - if (grp == NULL) { - OCK_SYSLOG(LOG_ERR, "getgrnam(pkcs11) failed: %s." - "Tracing is disabled.\n", strerror(errno)); diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-utility.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-utility.c deleted file mode 100644 index f8ddb5bb7682..000000000000 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-utility.c +++ /dev/null @@ -1,50 +0,0 @@ ---- usr/lib/pkcs11/common/utility.c.orig 2016-04-29 17:26:46 UTC -+++ usr/lib/pkcs11/common/utility.c -@@ -275,9 +275,28 @@ - legal action under this Agreement more than one year after - the cause of action arose. Each party waives its rights to - a jury trial in any resulting litigation. -+*/ - -+#include <fcntl.h> - --*/ -+#ifdef __sun -+#define LOCK_EX F_LOCK -+#define LOCK_UN F_ULOCK -+#define flock(fd, func) lockf(fd, func, 0) -+#endif -+ -+#ifndef LOCK_SH -+#define LOCK_SH 1 /* shared lock */ -+#endif -+#ifndef LOCK_EX -+#define LOCK_EX 2 /* exclusive lock */ -+#endif -+#ifndef LOCK_NB -+#define LOCK_NB 4 /* don't block when locking */ -+#endif -+#ifndef LOCK_UN -+#define LOCK_UN 8 /* unlock */ -+#endif - - /* (C) COPYRIGHT International Business Machines Corp. 2001,2002 */ - -@@ -587,7 +606,7 @@ CK_RV CreateXProcLock(void) - goto err; - } - -- grp = getgrnam("pkcs11"); -+ grp = getgrnam(PKCS11GROUP); - if (grp != NULL) { - if (fchown(spinxplfd, -1, grp->gr_gid) - == -1) { -@@ -1131,7 +1150,7 @@ CK_RV check_user_and_group() - * when forked). So we need to get the group information. - * Really need to take the uid and map it to a name. - */ -- grp = getgrnam("pkcs11"); -+ grp = getgrnam(PKCS11GROUP); - if (grp == NULL) { - OCK_SYSLOG(LOG_ERR, "getgrnam() failed: %s\n", strerror(errno)); - goto error; diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-ica_s390_stdll-Makefile.am b/security/opencryptoki/files/patch-usr-lib-pkcs11-ica_s390_stdll-Makefile.am deleted file mode 100644 index ae622c3da917..000000000000 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-ica_s390_stdll-Makefile.am +++ /dev/null @@ -1,33 +0,0 @@ ---- usr/lib/pkcs11/ica_s390_stdll/Makefile.am.orig 2016-04-29 17:26:46 UTC -+++ usr/lib/pkcs11/ica_s390_stdll/Makefile.am -@@ -6,12 +6,12 @@ opencryptoki_stdll_libpkcs11_ica_la_LDFL - -Wl,-Bsymbolic \ - -Wl,-soname,$@ \ - -Wl,-Bsymbolic -lc \ -- -lpthread -lica -ldl \ -+ -lpthread -lica \ - -lcrypto - - # Not all versions of automake observe libname_CFLAGS - opencryptoki_stdll_libpkcs11_ica_la_CFLAGS = -DDEV \ -- -D_THREAD_SAFE -fPIC \ -+ -D_THREAD_SAFE $(FPIC) \ - -DSHALLOW=0 -DSWTOK=0 \ - -DLITE=1 -DNODH \ - -DNOCDMF -DNOMD2 -DNODSA \ -@@ -64,12 +64,12 @@ install-data-hook: - cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ - ln -sf libpkcs11_ica.so PKCS11_ICA.so - $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ -- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ -- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite -+ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ -+ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite - $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ - $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite - $(MKDIR_P) $(DESTDIR)$(lockdir)/lite -- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/lite -+ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/lite - $(CHMOD) 0770 $(DESTDIR)$(lockdir)/lite - - uninstall-hook: diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-icsf_stdll-Makefile.am b/security/opencryptoki/files/patch-usr-lib-pkcs11-icsf_stdll-Makefile.am deleted file mode 100644 index 1c47fa893638..000000000000 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-icsf_stdll-Makefile.am +++ /dev/null @@ -1,15 +0,0 @@ ---- usr/lib/pkcs11/icsf_stdll/Makefile.am.orig 2016-04-29 17:26:46 UTC -+++ usr/lib/pkcs11/icsf_stdll/Makefile.am -@@ -79,10 +79,10 @@ install-data-hook: - cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ - ln -sf libpkcs11_icsf.so PKCS11_ICSF.so - $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf -- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf -+ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf - $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf - $(MKDIR_P) $(DESTDIR)$(lockdir)/icsf -- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/icsf -+ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/icsf - $(CHMOD) 0770 $(DESTDIR)$(lockdir)/icsf - - uninstall-hook: diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-icsf_stdll-pbkdf.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-icsf_stdll-pbkdf.c deleted file mode 100644 index 297a45c88f8f..000000000000 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-icsf_stdll-pbkdf.c +++ /dev/null @@ -1,11 +0,0 @@ ---- usr/lib/pkcs11/icsf_stdll/pbkdf.c.orig 2016-04-29 17:26:46 UTC -+++ usr/lib/pkcs11/icsf_stdll/pbkdf.c -@@ -337,7 +337,7 @@ set_perms(int file) - return CKR_FUNCTION_FAILED; - } - -- grp = getgrnam("pkcs11"); -+ grp = getgrnam(PKCS11GROUP); - if (grp) { - if (fchown(file, -1, grp->gr_gid) != 0) { - TRACE_ERROR("fchown failed: %s\n", strerror(errno)); diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-soft_stdll-Makefile.am b/security/opencryptoki/files/patch-usr-lib-pkcs11-soft_stdll-Makefile.am deleted file mode 100644 index 693bf997edff..000000000000 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-soft_stdll-Makefile.am +++ /dev/null @@ -1,27 +0,0 @@ ---- usr/lib/pkcs11/soft_stdll/Makefile.am.orig 2016-04-29 17:26:46 UTC -+++ usr/lib/pkcs11/soft_stdll/Makefile.am -@@ -7,7 +7,7 @@ opencryptoki_stdll_libpkcs11_sw_la_LDFLA - opencryptoki_stdll_libpkcs11_sw_la_CFLAGS = -DDEV -D_THREAD_SAFE \ - -DSHALLOW=0 -DSWTOK=1 -DLITE=0 \ - -DNOCDMF -DNOMD2 -DNODSA -DNORIPE \ -- -fPIC \ -+ $(FPIC) \ - -I/usr/include -I. \ - -I../../../include/pkcs11/stdll \ - -I../../../include/pkcs11 \ -@@ -56,12 +56,12 @@ install-data-hook: - cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ - ln -sf libpkcs11_sw.so PKCS11_SW.so - $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ -- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ -- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok -+ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ -+ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok - $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ - $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok - $(MKDIR_P) $(DESTDIR)$(lockdir)/swtok -- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/swtok -+ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/swtok - $(CHMOD) 0770 $(DESTDIR)$(lockdir)/swtok - - uninstall-hook: diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-soft_stdll-soft_specific.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-soft_stdll-soft_specific.c deleted file mode 100644 index 3edd4fa87ad8..000000000000 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-soft_stdll-soft_specific.c +++ /dev/null @@ -1,30 +0,0 @@ ---- usr/lib/pkcs11/soft_stdll/soft_specific.c.orig 2016-04-29 17:26:46 UTC -+++ usr/lib/pkcs11/soft_stdll/soft_specific.c -@@ -298,7 +298,9 @@ - - - ****************************************************************************/ -+#ifndef _BSD_SOURCE - #define _BSD_SOURCE -+#endif - - #include <pthread.h> - #include <string.h> // for memcmp() et al -@@ -317,7 +319,17 @@ - #include <sys/types.h> - #include <sys/stat.h> - #include <fcntl.h> -+#if defined(__OpenBSD__) || defined(__FreeBSD__) -+#include <sys/endian.h> -+#ifdef _BYTE_ORDER -+#define __BYTE_ORDER _BYTE_ORDER -+#endif -+#ifdef _LITTLE_ENDIAN -+#define __LITTLE_ENDIAN _LITTLE_ENDIAN -+#endif -+#else - #include <endian.h> -+#endif - - #include <openssl/des.h> - #include <openssl/rand.h> diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-Makefile.am b/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-Makefile.am deleted file mode 100644 index b19510c5ccf1..000000000000 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-Makefile.am +++ /dev/null @@ -1,15 +0,0 @@ ---- usr/lib/pkcs11/tpm_stdll/Makefile.am.orig 2016-04-29 17:26:46 UTC -+++ usr/lib/pkcs11/tpm_stdll/Makefile.am -@@ -71,10 +71,10 @@ install-data-hook: - cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ - ln -sf libpkcs11_tpm.so PKCS11_TPM.so - $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm -- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm -+ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm - $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm - $(MKDIR_P) $(DESTDIR)$(lockdir)/tpm -- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/tpm -+ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/tpm - $(CHMOD) 0770 $(DESTDIR)$(lockdir)/tpm - - uninstall-hook: diff --git a/security/opencryptoki/files/patch-usr-lib-soft_stdll-soft_specific.c b/security/opencryptoki/files/patch-usr-lib-soft_stdll-soft_specific.c new file mode 100644 index 000000000000..164da96ccc76 --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-soft_stdll-soft_specific.c @@ -0,0 +1,31 @@ +--- usr/lib/soft_stdll/soft_specific.c.orig 2018-11-16 14:53:03 UTC ++++ usr/lib/soft_stdll/soft_specific.c +@@ -19,6 +19,10 @@ + + ****************************************************************************/ + ++#ifndef _BSD_SOURCE ++#define _BSD_SOURCE ++#endif ++ + #include <pthread.h> + #include <string.h> // for memcmp() et al + #include <stdlib.h> +@@ -36,7 +40,17 @@ + #include <sys/types.h> + #include <sys/stat.h> + #include <fcntl.h> ++#if defined(__OpenBSD__) || defined(__FreeBSD__) ++#include <sys/endian.h> ++#ifdef _BYTE_ORDER ++#define __BYTE_ORDER _BYTE_ORDER ++#endif ++#ifdef _LITTLE_ENDIAN ++#define __LITTLE_ENDIAN _LITTLE_ENDIAN ++#endif ++#else + #include <endian.h> ++#endif + + #include <openssl/des.h> + #include <openssl/rand.h> diff --git a/security/opencryptoki/files/patch-usr-lib-soft_stdll-soft_stdll.mk b/security/opencryptoki/files/patch-usr-lib-soft_stdll-soft_stdll.mk new file mode 100644 index 000000000000..1c0b8fcdd670 --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-soft_stdll-soft_stdll.mk @@ -0,0 +1,11 @@ +--- usr/lib/soft_stdll/soft_stdll.mk.orig 2018-11-16 14:53:03 UTC ++++ usr/lib/soft_stdll/soft_stdll.mk +@@ -4,7 +4,7 @@ noinst_HEADERS += usr/lib/soft_stdll/tok_struct.h + + opencryptoki_stdll_libpkcs11_sw_la_CFLAGS = \ + -DDEV -D_THREAD_SAFE -DSHALLOW=0 -DSWTOK=1 -DLITE=0 -DNOCDMF \ +- -DNOMD2 -DNODSA -DNORIPE -fPIC -I${srcdir}/usr/lib/soft_stdll \ ++ -DNOMD2 -DNODSA -DNORIPE $(FPIC) -I${srcdir}/usr/lib/soft_stdll \ + -I${srcdir}/usr/lib/common -I${srcdir}/usr/include \ + -DSTDLL_NAME=\"swtok\" + diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsconf-Makefile.am b/security/opencryptoki/files/patch-usr-sbin-pkcsconf-Makefile.am deleted file mode 100644 index 0d7f5edc9649..000000000000 --- a/security/opencryptoki/files/patch-usr-sbin-pkcsconf-Makefile.am +++ /dev/null @@ -1,10 +0,0 @@ ---- usr/sbin/pkcsconf/Makefile.am.orig 2016-04-29 17:26:46 UTC -+++ usr/sbin/pkcsconf/Makefile.am -@@ -1,6 +1,6 @@ - sbin_PROGRAMS=pkcsconf - --pkcsconf_LDFLAGS = -lpthread -ldl -+pkcsconf_LDFLAGS = -lpthread - - # Not all versions of automake observe sbinname_CFLAGS - pkcsconf_CFLAGS = -D_THREAD_SAFE -DDEBUG -DDEV -DAPI diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c b/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c index 905d60314b7f..96a5dff1a837 100644 --- a/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c +++ b/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c @@ -1,11 +1,11 @@ ---- usr/sbin/pkcsconf/pkcsconf.c.orig 2016-04-29 17:26:46 UTC +--- usr/sbin/pkcsconf/pkcsconf.c.orig 2018-11-16 14:53:03 UTC +++ usr/sbin/pkcsconf/pkcsconf.c -@@ -777,6 +777,8 @@ display_pkcs11_info(void){ - printf("\tLibrary Version %d.%d \n", CryptokiInfo.libraryVersion.major, - CryptokiInfo.libraryVersion.minor); +@@ -530,6 +530,8 @@ CK_RV display_pkcs11_info(void) + printf("\tLibrary Version %d.%d \n", CryptokiInfo.libraryVersion.major, + CryptokiInfo.libraryVersion.minor); -+ cleanup(); ++ cleanup(); + - return rc; + return rc; } diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.mk b/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.mk new file mode 100644 index 000000000000..7f56db8137e3 --- /dev/null +++ b/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.mk @@ -0,0 +1,11 @@ +--- usr/sbin/pkcsconf/pkcsconf.mk.orig 2018-11-16 14:53:03 UTC ++++ usr/sbin/pkcsconf/pkcsconf.mk +@@ -1,7 +1,7 @@ + sbin_PROGRAMS += usr/sbin/pkcsconf/pkcsconf + noinst_HEADERS += usr/sbin/pkcsconf/pkcsconf_msg.h + +-usr_sbin_pkcsconf_pkcsconf_LDFLAGS = -lpthread -ldl -lcrypto ++usr_sbin_pkcsconf_pkcsconf_LDFLAGS = -lpthread -lcrypto + + usr_sbin_pkcsconf_pkcsconf_CFLAGS = \ + -D_THREAD_SAFE -DDEBUG -DDEV -DAPI \ diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-log.h b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-log.h index 1f072780121a..35dfd5b1cf7e 100644 --- a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-log.h +++ b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-log.h @@ -1,14 +1,12 @@ ---- usr/sbin/pkcsslotd/log.h.orig 2016-04-29 17:26:46 UTC +--- usr/sbin/pkcsslotd/log.h.orig 2018-11-16 14:53:03 UTC +++ usr/sbin/pkcsslotd/log.h -@@ -297,9 +297,8 @@ +@@ -11,6 +11,9 @@ #ifndef _LOG_H #define _LOG_H 1 -- -- -- +#include <sys/types.h> +#include <unistd.h> - ++ #ifndef FALSE #define FALSE 0 + #endif /* FALSE */ diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-mutex.c b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-mutex.c index 6169b34024d4..e64ad70486a9 100644 --- a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-mutex.c +++ b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-mutex.c @@ -1,41 +1,41 @@ ---- usr/sbin/pkcsslotd/mutex.c.orig 2016-04-29 17:26:46 UTC +--- usr/sbin/pkcsslotd/mutex.c.orig 2018-11-16 14:53:03 UTC +++ usr/sbin/pkcsslotd/mutex.c -@@ -281,10 +281,28 @@ - legal action under this Agreement more than one year after - the cause of action arose. Each party waives its rights to - a jury trial in any resulting litigation. -+*/ - +@@ -16,10 +16,29 @@ + #include <sys/stat.h> + #include <grp.h> + #include <string.h> +#include <fcntl.h> + #include "log.h" + #include "slotmgr.h" + +#ifdef __sun -+#define LOCK_EX F_LOCK -+#define LOCK_UN F_ULOCK -+#define flock(fd, func) lockf(fd, func, 0) ++#define LOCK_EX F_LOCK ++#define LOCK_UN F_ULOCK ++#define flock(fd, func) lockf(fd, func, 0) +#endif - --*/ +#ifndef LOCK_SH -+#define LOCK_SH 1 /* shared lock */ ++#define LOCK_SH 1 /* shared lock */ +#endif +#ifndef LOCK_EX -+#define LOCK_EX 2 /* exclusive lock */ ++#define LOCK_EX 2 /* exclusive lock */ +#endif +#ifndef LOCK_NB -+#define LOCK_NB 4 /* don't block when locking */ ++#define LOCK_NB 4 /* don't block when locking */ +#endif +#ifndef LOCK_UN -+#define LOCK_UN 8 /* unlock */ ++#define LOCK_UN 8 /* unlock */ +#endif ++ + static int xplfd = -1; - /* (C) COPYRIGHT International Business Machines Corp. 2001 */ - -@@ -323,7 +341,7 @@ CreateXProcLock(void) - goto error; - } + int CreateXProcLock(void) +@@ -41,7 +60,7 @@ int CreateXProcLock(void) + goto error; + } -- grp = getgrnam("pkcs11"); -+ grp = getgrnam(PKCS11GROUP); - if (grp != NULL) { - if (fchown(xplfd,-1,grp->gr_gid) == -1) { - DbgLog(DL0,"%s:fchown(%s):%s\n", +- grp = getgrnam("pkcs11"); ++ grp = getgrnam(PKCS11GROUP); + if (grp != NULL) { + if (fchown(xplfd, -1, grp->gr_gid) == -1) { + DbgLog(DL0, "%s:fchown(%s):%s\n", diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-pkcsslotd.h b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-pkcsslotd.h index d3649cc6044b..2d3c472129fb 100644 --- a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-pkcsslotd.h +++ b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-pkcsslotd.h @@ -1,8 +1,8 @@ ---- usr/sbin/pkcsslotd/pkcsslotd.h.orig 2016-04-29 17:26:46 UTC +--- usr/sbin/pkcsslotd/pkcsslotd.h.orig 2018-11-16 14:53:03 UTC +++ usr/sbin/pkcsslotd/pkcsslotd.h -@@ -305,6 +305,9 @@ +@@ -17,6 +17,9 @@ #ifndef _PKCSSLOTMGR_H - #define _PKCSSLOTMGR_H 1 + #define _PKCSSLOTMGR_H 1 +#include <sys/types.h> +#include <sys/ipc.h> diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-shmem.c b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-shmem.c index 252ebdee2f31..7c67229f9718 100644 --- a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-shmem.c +++ b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-shmem.c @@ -1,35 +1,37 @@ ---- usr/sbin/pkcsslotd/shmem.c.orig 2016-04-29 17:26:46 UTC +--- usr/sbin/pkcsslotd/shmem.c.orig 2018-11-16 14:53:03 UTC +++ usr/sbin/pkcsslotd/shmem.c -@@ -336,9 +336,9 @@ int CreateSharedMemory ( void ) { - } - // SAB Get the group information for the PKCS#11 group... fail if - // it does not exist -- grp = getgrnam("pkcs11"); -+ grp = getgrnam(PKCS11GROUP); - if ( !grp ) { -- ErrLog("Group PKCS#11 does not exist "); -+ ErrLog("Group " PKCS11GROUP " does not exist "); - return FALSE; // Group does not exist... setup is wrong.. - } +@@ -54,9 +54,9 @@ int CreateSharedMemory(void) + } + // SAB Get the group information for the PKCS#11 group... fail if + // it does not exist +- grp = getgrnam("pkcs11"); ++ grp = getgrnam(PKCS11GROUP); + if (!grp) { +- ErrLog("Group PKCS#11 does not exist "); ++ ErrLog("Group " PKCS11GROUP " does not exist "); + return FALSE; // Group does not exist... setup is wrong.. + } -@@ -415,9 +415,9 @@ int CreateSharedMemory ( void ) { - int i; - char *buffer; - -- grp = getgrnam("pkcs11"); -+ grp = getgrnam(PKCS11GROUP); - if ( !grp ) { -- ErrLog("Group \"pkcs11\" does not exist! Please run %s/pkcs11_startup.", -+ ErrLog("Group " PKCS11GROUP " does not exist! Please run %s/pkcs11_startup.", - SBIN_PATH); - return FALSE; // Group does not exist... setup is wrong.. - } -@@ -437,7 +437,7 @@ int CreateSharedMemory ( void ) { - return FALSE; - } - if (fchown(fd, 0, grp->gr_gid) == -1) { -- ErrLog("%s: fchown(%s, root, pkcs11): %s", __FUNCTION__, MAPFILENAME, -+ ErrLog("%s: fchown(%s, root, %s): %s", __FUNCTION__, MAPFILENAME, PKCS11GROUP, - strerror(errno)); - close(fd); - return FALSE; +@@ -136,9 +136,9 @@ int CreateSharedMemory(void) + int i; + char *buffer; + +- grp = getgrnam("pkcs11"); ++ grp = getgrnam(PKCS11GROUP); + if (!grp) { +- ErrLog("Group \"pkcs11\" does not exist! " ++ ErrLog("Group " PKCS11GROUP " does not exist! " + "Opencryptoki setup is incorrect."); + return FALSE; // Group does not exist... setup is wrong.. + } +@@ -160,8 +160,8 @@ int CreateSharedMemory(void) + return FALSE; + } + if (fchown(fd, 0, grp->gr_gid) == -1) { +- ErrLog("%s: fchown(%s, root, pkcs11): %s", __func__, +- MAPFILENAME, strerror(errno)); ++ ErrLog("%s: fchown(%s, root, %s): %s", __func__, ++ MAPFILENAME, PKCS11GROUP, strerror(errno)); + close(fd); + return FALSE; + } diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-socket_server.c b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-socket_server.c index 5b8ae7d9b4f7..85029168445c 100644 --- a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-socket_server.c +++ b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-socket_server.c @@ -1,6 +1,6 @@ ---- usr/sbin/pkcsslotd/socket_server.c.orig 2016-04-30 02:26:46.000000000 +0900 -+++ usr/sbin/pkcsslotd/socket_server.c 2016-06-12 07:33:22.000000000 +0900 -@@ -300,6 +300,9 @@ +--- usr/sbin/pkcsslotd/socket_server.c.orig 2018-11-16 14:53:03 UTC ++++ usr/sbin/pkcsslotd/socket_server.c +@@ -19,6 +19,9 @@ #include <sys/select.h> #include <sys/stat.h> #include <grp.h> @@ -10,36 +10,36 @@ #include "log.h" #include "slotmgr.h" -@@ -314,11 +317,23 @@ - struct group *grp; - int socketfd; +@@ -34,11 +37,23 @@ int CreateListenerSocket(void) + struct group *grp; + int socketfd; +#ifdef SOCK_NONBLOCK - socketfd = socket(PF_UNIX, SOCK_STREAM | SOCK_NONBLOCK, 0); + socketfd = socket(PF_UNIX, SOCK_STREAM | SOCK_NONBLOCK, 0); +#else -+ socketfd = socket(PF_UNIX, SOCK_STREAM, 0); ++ socketfd = socket(PF_UNIX, SOCK_STREAM, 0); +#endif - if (socketfd < 0) { - ErrLog("Failed to create listener socket, errno 0x%X.", errno); - return -1; - } + if (socketfd < 0) { + ErrLog("Failed to create listener socket, errno 0x%X.", errno); + return -1; + } +#ifndef SOCK_NONBLOCK -+ if (fcntl(socketfd, F_SETFL, -+ fcntl(socketfd, F_GETFL) | O_NONBLOCK) < 0) { -+ ErrLog("Failed to set listener non-block, errno 0x%X.", errno); -+ close(socketfd); -+ return -1; -+ } ++ if (fcntl(socketfd, F_SETFL, ++ fcntl(socketfd, F_GETFL) | O_NONBLOCK) < 0) { ++ ErrLog("Failed to set listener non-block, errno 0x%X.", errno); ++ close(socketfd); ++ return -1; ++ } +#endif - if (unlink(SOCKET_FILE_PATH) && errno != ENOENT) { - ErrLog("Failed to unlink socket file, errno 0x%X.", errno); - close(socketfd); -@@ -337,7 +352,7 @@ - - // make socket file part of the pkcs11 group, and write accessable - // for that group -- grp = getgrnam("pkcs11"); -+ grp = getgrnam(PKCS11GROUP); - if (!grp) { - ErrLog("Group PKCS#11 does not exist"); - DetachSocketListener(socketfd); + if (unlink(SOCKET_FILE_PATH) && errno != ENOENT) { + ErrLog("Failed to unlink socket file, errno 0x%X.", errno); + close(socketfd); +@@ -57,7 +72,7 @@ int CreateListenerSocket(void) + } + // make socket file part of the pkcs11 group, and write accessable + // for that group +- grp = getgrnam("pkcs11"); ++ grp = getgrnam(PKCS11GROUP); + if (!grp) { + ErrLog("Group PKCS#11 does not exist"); + DetachSocketListener(socketfd); diff --git a/security/opencryptoki/files/patch-usr_lib_pkcs11_common_sw__crypt.c b/security/opencryptoki/files/patch-usr_lib_pkcs11_common_sw__crypt.c deleted file mode 100644 index 847cf604af38..000000000000 --- a/security/opencryptoki/files/patch-usr_lib_pkcs11_common_sw__crypt.c +++ /dev/null @@ -1,62 +0,0 @@ ---- usr/lib/pkcs11/common/sw_crypt.c.orig 2016-04-29 17:26:46 UTC -+++ usr/lib/pkcs11/common/sw_crypt.c -@@ -309,12 +309,12 @@ sw_des3_cbc(CK_BYTE * in_data, - CK_BYTE *key_value, - CK_BYTE encrypt) - { -- des_key_schedule des_key1; -- des_key_schedule des_key2; -- des_key_schedule des_key3; -+ DES_key_schedule des_key1; -+ DES_key_schedule des_key2; -+ DES_key_schedule des_key3; - -- const_des_cblock key_SSL1, key_SSL2, key_SSL3; -- des_cblock ivec; -+ const_DES_cblock key_SSL1, key_SSL2, key_SSL3; -+ DES_cblock ivec; - - // the des decrypt will only fail if the data length is not evenly divisible - // by 8 -@@ -328,30 +328,30 @@ sw_des3_cbc(CK_BYTE * in_data, - memcpy(&key_SSL1, key_value, (size_t)8); - memcpy(&key_SSL2, key_value+8, (size_t)8); - memcpy(&key_SSL3, key_value+16, (size_t)8); -- des_set_key_unchecked(&key_SSL1, des_key1); -- des_set_key_unchecked(&key_SSL2, des_key2); -- des_set_key_unchecked(&key_SSL3, des_key3); -+ DES_set_key_unchecked(&key_SSL1, &des_key1); -+ DES_set_key_unchecked(&key_SSL2, &des_key2); -+ DES_set_key_unchecked(&key_SSL3, &des_key3); - - memcpy(ivec, init_v, sizeof(ivec)); - - // Encrypt or decrypt the data - if (encrypt) { -- des_ede3_cbc_encrypt(in_data, -+ DES_ede3_cbc_encrypt(in_data, - out_data, - in_data_len, -- des_key1, -- des_key2, -- des_key3, -+ &des_key1, -+ &des_key2, -+ &des_key3, - &ivec, - DES_ENCRYPT); - *out_data_len = in_data_len; - } else { -- des_ede3_cbc_encrypt(in_data, -+ DES_ede3_cbc_encrypt(in_data, - out_data, - in_data_len, -- des_key1, -- des_key2, -- des_key3, -+ &des_key1, -+ &des_key2, -+ &des_key3, - &ivec, - DES_DECRYPT); - diff --git a/security/opencryptoki/pkg-plist b/security/opencryptoki/pkg-plist index ea011eac104e..0c2f59eb93e5 100644 --- a/security/opencryptoki/pkg-plist +++ b/security/opencryptoki/pkg-plist @@ -7,7 +7,7 @@ lib/opencryptoki/libopencryptoki.so lib/opencryptoki/libopencryptoki.so.0 lib/opencryptoki/libopencryptoki.so.0.0.0 lib/opencryptoki/methods -%%LDAP%%lib/opencryptoki/stdll/PKCS11_ICSF.so +lib/opencryptoki/stdll/PKCS11_ICSF.so lib/opencryptoki/stdll/PKCS11_SW.so lib/opencryptoki/stdll/PKCS11_TPM.so lib/opencryptoki/stdll/libpkcs11_sw.so @@ -16,24 +16,22 @@ lib/opencryptoki/stdll/libpkcs11_sw.so.0.0.0 lib/opencryptoki/stdll/libpkcs11_tpm.so lib/opencryptoki/stdll/libpkcs11_tpm.so.0 lib/opencryptoki/stdll/libpkcs11_tpm.so.0.0.0 -%%LDAP%%lib/opencryptoki/stdll/libpkcs11_icsf.so.0.0.0 -%%LDAP%%lib/opencryptoki/stdll/libpkcs11_icsf.so.0 -%%LDAP%%lib/opencryptoki/stdll/libpkcs11_icsf.so +lib/opencryptoki/stdll/libpkcs11_icsf.so.0.0.0 +lib/opencryptoki/stdll/libpkcs11_icsf.so.0 +lib/opencryptoki/stdll/libpkcs11_icsf.so lib/pkcs11/PKCS11_API.so lib/pkcs11/libopencryptoki.so lib/pkcs11/methods lib/pkcs11/stdll -man/man1/pkcscca.1.gz man/man1/pkcsconf.1.gz -man/man1/pkcsep11_migrate.1.gz man/man1/pkcsicsf.1.gz man/man5/opencryptoki.conf.5.gz man/man7/opencryptoki.7.gz man/man8/pkcsslotd.8.gz sbin/pkcsconf -%%LDAP%%sbin/pkcsicsf +sbin/pkcsicsf sbin/pkcsslotd -%%LDAP%%@dir(%%USERS%%,%%GROUPS%%,700) /var/lib/opencryptoki/icsf +@dir(%%USERS%%,%%GROUPS%%,700) /var/lib/opencryptoki/icsf @dir(%%USERS%%,%%GROUPS%%,700) /var/lib/opencryptoki/swtok/TOK_OBJ @dir(%%USERS%%,%%GROUPS%%,700) /var/lib/opencryptoki/swtok @dir(%%USERS%%,%%GROUPS%%,700) /var/lib/opencryptoki/tpm |