diff options
author | Michael Palimaka <kensington@gentoo.org> | 2018-03-06 22:22:22 +1100 |
---|---|---|
committer | Michael Palimaka <kensington@gentoo.org> | 2018-03-06 22:22:45 +1100 |
commit | bce09dab8931afbb372738f1d2c3eca91a727c4f (patch) | |
tree | 80a5e8cb7746d70324d1a751686056462a6ee7b3 /sys-auth | |
parent | media-gfx/phototonic: version bump 2.0 (diff) | |
download | gentoo-bce09dab8931afbb372738f1d2c3eca91a727c4f.tar.gz gentoo-bce09dab8931afbb372738f1d2c3eca91a727c4f.tar.bz2 gentoo-bce09dab8931afbb372738f1d2c3eca91a727c4f.zip |
sys-auth/yubico-piv-tool: version bump 1.5.0
Includes a backported patch from upstream solving build failure with openssl-1.1.
Closes: https://bugs.gentoo.org/648796
Package-Manager: Portage-2.3.19, Repoman-2.3.6
Diffstat (limited to 'sys-auth')
-rw-r--r-- | sys-auth/yubico-piv-tool/Manifest | 1 | ||||
-rw-r--r-- | sys-auth/yubico-piv-tool/files/yubico-piv-tool-1.5.0-openssl110.patch | 170 | ||||
-rw-r--r-- | sys-auth/yubico-piv-tool/yubico-piv-tool-1.5.0.ebuild | 50 |
3 files changed, 221 insertions, 0 deletions
diff --git a/sys-auth/yubico-piv-tool/Manifest b/sys-auth/yubico-piv-tool/Manifest index 13ceea8d7a29..f56afecfd6fc 100644 --- a/sys-auth/yubico-piv-tool/Manifest +++ b/sys-auth/yubico-piv-tool/Manifest @@ -1 +1,2 @@ DIST yubico-piv-tool-1.4.4.tar.gz 109397 BLAKE2B ed1299508cd5f90c662a184527ae696e7cd463b0e8d327413c8acff47d41de7393570798b9582e845262afb1780e0c759246980051a62335d7033de913147bb9 SHA512 3edc341fdbeeacfbf541adc37d0bd2b1df9777ca04e13bc1825e99a151008213b816ff811e83e623f52eb1400a8146c36a5a874fc5e26a89c9398e79a0e234e1 +DIST yubico-piv-tool-1.5.0.tar.gz 179092 BLAKE2B d15eed89699989ff545f18cf54fd42349fc81862e7bb3e182fad59d0604cc9729dedcc4aaa40d3f28c1d40b78ddbb5ed073c107cb233d0fa66a17a2ef1e29d68 SHA512 10d7f7a2f163e5f61d6f7463f2124d06213506bff39f3fe0c5b361f90f8bc372de97ab1fa8d6bfcb77659f086d71f8ff536a064ee8f300a620b929ee76e8f8b9 diff --git a/sys-auth/yubico-piv-tool/files/yubico-piv-tool-1.5.0-openssl110.patch b/sys-auth/yubico-piv-tool/files/yubico-piv-tool-1.5.0-openssl110.patch new file mode 100644 index 000000000000..86b8bf9bedc9 --- /dev/null +++ b/sys-auth/yubico-piv-tool/files/yubico-piv-tool-1.5.0-openssl110.patch @@ -0,0 +1,170 @@ +From c8372f27d791aa445e879ded4efe4a267e3ff48e Mon Sep 17 00:00:00 2001 +From: quentin <quentin@minster.io> +Date: Mon, 26 Feb 2018 02:43:41 +0100 +Subject: [PATCH] Improve compatibility with OpenSSL 1.1.0 + +* add missing headers +* stop using deprecated APIs +--- + tool/util.c | 1 + + tool/yubico-piv-tool.c | 24 +++++++++++++++++++++++- + ykcs11/openssl_types.h | 1 + + ykcs11/openssl_utils.c | 11 +++++++++++ + 4 files changed, 36 insertions(+), 1 deletion(-) + +diff --git a/tool/util.c b/tool/util.c +index de6b071..5b299ca 100644 +--- a/tool/util.c ++++ b/tool/util.c +@@ -38,6 +38,7 @@ + #endif + + #include "openssl-compat.h" ++#include <openssl/bn.h> + #include <openssl/evp.h> + #include <openssl/x509.h> + #include <openssl/rsa.h> +diff --git a/tool/yubico-piv-tool.c b/tool/yubico-piv-tool.c +index c40b027..f8b72b1 100644 +--- a/tool/yubico-piv-tool.c ++++ b/tool/yubico-piv-tool.c +@@ -43,10 +43,12 @@ + #endif + + #include "openssl-compat.h" ++#include <openssl/bn.h> + #include <openssl/des.h> + #include <openssl/pem.h> + #include <openssl/pkcs12.h> + #include <openssl/rand.h> ++#include <openssl/rsa.h> + + #include "cmdline.h" + #include "util.h" +@@ -868,11 +870,19 @@ static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_fo + fprintf(stderr, "Failed to set certificate serial.\n"); + goto selfsign_out; + } ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if(!X509_gmtime_adj(X509_get_notBefore(x509), 0)) { ++#else ++ if(!X509_gmtime_adj(X509_getm_notBefore(x509), 0)) { ++#endif + fprintf(stderr, "Failed to set certificate notBefore.\n"); + goto selfsign_out; + } ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if(!X509_gmtime_adj(X509_get_notAfter(x509), 60L * 60L * 24L * validDays)) { ++#else ++ if(!X509_gmtime_adj(X509_getm_notAfter(x509), 60L * 60L * 24L * validDays)) { ++#endif + fprintf(stderr, "Failed to set certificate notAfter.\n"); + goto selfsign_out; + } +@@ -1241,7 +1251,7 @@ static void print_cert_info(ykpiv_state *state, enum enum_slot slot, const EVP_M + + if(*ptr++ == 0x70) { + unsigned int md_len = sizeof(data); +- ASN1_TIME *not_before, *not_after; ++ const ASN1_TIME *not_before, *not_after; + + ptr += get_length(ptr, &cert_len); + x509 = X509_new(); +@@ -1299,13 +1309,21 @@ static void print_cert_info(ykpiv_state *state, enum enum_slot slot, const EVP_M + dump_data(data, md_len, output, false, format_arg_hex); + + bio = BIO_new_fp(output, BIO_NOCLOSE | BIO_FP_TEXT); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + not_before = X509_get_notBefore(x509); ++#else ++ not_before = X509_get0_notBefore(x509); ++#endif + if(not_before) { + fprintf(output, "\tNot Before:\t"); + ASN1_TIME_print(bio, not_before); + fprintf(output, "\n"); + } ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + not_after = X509_get_notAfter(x509); ++#else ++ not_after = X509_get0_notAfter(x509); ++#endif + if(not_after) { + fprintf(output, "\tNot After:\t"); + ASN1_TIME_print(bio, not_after); +@@ -1950,7 +1968,9 @@ int main(int argc, char *argv[]) { + + + /* openssl setup.. */ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + OpenSSL_add_all_algorithms(); ++#endif + + + for(i = 0; i < args_info.action_given; i++) { +@@ -2191,6 +2211,8 @@ int main(int argc, char *argv[]) { + } + + ykpiv_done(state); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + EVP_cleanup(); ++#endif + return ret; + } +diff --git a/ykcs11/openssl_types.h b/ykcs11/openssl_types.h +index 307f746..08170fc 100644 +--- a/ykcs11/openssl_types.h ++++ b/ykcs11/openssl_types.h +@@ -31,6 +31,7 @@ + #ifndef OPENSSL_TYPES_H + #define OPENSSL_TYPES_H + ++#include <openssl/bn.h> + #include <openssl/x509.h> + #include <openssl/evp.h> + #include <openssl/rsa.h> +diff --git a/ykcs11/openssl_utils.c b/ykcs11/openssl_utils.c +index 5a7f85d..edfe0ea 100644 +--- a/ykcs11/openssl_utils.c ++++ b/ykcs11/openssl_utils.c +@@ -35,6 +35,11 @@ + #include "debug.h" + #include <string.h> + ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++# define X509_set_notBefore X509_set1_notBefore ++# define X509_set_notAfter X509_set1_notAfter ++#endif ++ + CK_RV do_store_cert(CK_BYTE_PTR data, CK_ULONG len, X509 **cert) { + + const unsigned char *p = data; // Mandatory temp variable required by OpenSSL +@@ -580,7 +585,9 @@ CK_RV do_pkcs_pss(ykcs11_rsa_key_t *key, CK_BYTE_PTR in, CK_ULONG in_len, + int nid, CK_BYTE_PTR out, CK_ULONG_PTR out_len) { + unsigned char em[RSA_size(key)]; + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + OpenSSL_add_all_digests(); ++#endif + + DBG("Apply PSS padding to %lu bytes and get %d", in_len, RSA_size(key)); + +@@ -590,14 +597,18 @@ CK_RV do_pkcs_pss(ykcs11_rsa_key_t *key, CK_BYTE_PTR in, CK_ULONG in_len, + + // In case of raw PSS (no hash) this function will fail because OpenSSL requires an MD + if (RSA_padding_add_PKCS1_PSS(key, em, out, EVP_get_digestbynid(nid), -2) == 0) { ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + EVP_cleanup(); ++#endif + return CKR_FUNCTION_FAILED; + } + + memcpy(out, em, sizeof(em)); + *out_len = (CK_ULONG) sizeof(em); + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + EVP_cleanup(); ++#endif + + return CKR_OK; + } diff --git a/sys-auth/yubico-piv-tool/yubico-piv-tool-1.5.0.ebuild b/sys-auth/yubico-piv-tool/yubico-piv-tool-1.5.0.ebuild new file mode 100644 index 000000000000..7a72c9087c3f --- /dev/null +++ b/sys-auth/yubico-piv-tool/yubico-piv-tool-1.5.0.ebuild @@ -0,0 +1,50 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit autotools + +DESCRIPTION="Command line tool for the YubiKey PIV application" +SRC_URI="https://github.com/Yubico/yubico-piv-tool/archive/yubico-piv-tool-${PV}.tar.gz" +HOMEPAGE="https://developers.yubico.com/yubico-piv-tool/ https://github.com/Yubico/yubico-piv-tool" + +LICENSE="BSD-2" +SLOT="0/1" +KEYWORDS="~amd64" +IUSE="test" + +RDEPEND=" + dev-libs/openssl:0=[-bindist] + sys-apps/pcsc-lite +" +DEPEND="${RDEPEND} + dev-util/gengetopt + sys-apps/help2man + virtual/pkgconfig + test? ( dev-libs/check ) +" + +S=${WORKDIR}/${PN}-${P} + +PATCHES=( "${FILESDIR}/${P}-openssl110.patch" ) + +src_prepare() { + default + + if ! use test; then + sed -i -e "/PKG_CHECK_MODULES(\[CHECK/d" configure.ac || die + sed -i -e "s/@CHECK_CFLAGS@//" -e "s/@CHECK_LIBS@//" */*/Makefile.am || die + fi + + eautoreconf +} + +src_configure() { + econf --disable-static +} + +src_install() { + default + rm "${D}"/usr/$(get_libdir)/*.la || die +} |