diff options
53 files changed, 424 insertions, 902 deletions
diff --git a/security/opencryptoki/Makefile b/security/opencryptoki/Makefile index b26dd480b92b..8a139cbb6c9d 100644 --- a/security/opencryptoki/Makefile +++ b/security/opencryptoki/Makefile @@ -2,8 +2,7 @@ # $FreeBSD$ PORTNAME= opencryptoki -PORTVERSION= 2.3.2 -PORTREVISION= 8 +PORTVERSION= 3.5 CATEGORIES= security MASTER_SITES= SF @@ -17,23 +16,35 @@ LICENSE_PERMS= dist-mirror dist-sell pkg-mirror pkg-sell auto-accept LIB_DEPENDS= libtspi.so:security/trousers -USES= alias autoreconf gmake libtool tar:bzip2 +USES= alias autoreconf gmake libtool tar:tgz USE_LDCONFIG= ${PREFIX}/lib/opencryptoki +WRKSRC= ${WRKDIR}/${PORTNAME} INSTALL_TARGET= install-strip GNU_CONFIGURE= yes CONFIGURE_ARGS= --enable-swtok --enable-tpmtok \ --disable-crtok --disable-aeptok \ --disable-ccatok --disable-bcomtok \ --disable-pkcscca_migrate \ + --with-lockdir=/var/run/opencryptoki \ + --with-logdir=/var/log/opencryptoki \ --localstatedir=/var \ --with-pkcs11user=${USERS} \ - --with-pkcs11group=${GROUPS} + --with-pkcs11group=${GROUPS} \ + ac_cv_path_CHGRP=true CFLAGS+= -I${LOCALBASE}/include LDFLAGS+= -L${LOCALBASE}/lib USE_RC_SUBR= pkcsslotd SUB_FILES= pkg-message -SUB_LIST= USERS=${USERS} GROUPS=${GROUPS} +SUB_LIST= USERS="${USERS}" GROUPS="${GROUPS}" +PLIST_SUB= USERS="${USERS}" GROUPS="${GROUPS}" USERS= _pkcs11 GROUPS= _pkcs11 +post-install: + ${MV} ${STAGEDIR}${ETCDIR}/opencryptoki.conf \ + ${STAGEDIR}${ETCDIR}/opencryptoki.conf.sample + ${RMDIR} ${STAGEDIR}/var/run/opencryptoki/swtok \ + ${STAGEDIR}/var/run/opencryptoki/tpm \ + ${STAGEDIR}/var/run/opencryptoki + .include <bsd.port.mk> diff --git a/security/opencryptoki/distinfo b/security/opencryptoki/distinfo index 7abfdc949951..72f349183c39 100644 --- a/security/opencryptoki/distinfo +++ b/security/opencryptoki/distinfo @@ -1,2 +1,3 @@ -SHA256 (opencryptoki-2.3.2.tar.bz2) = 44fdf74a9eab2586240a69779c5c323e8378e8f2fde21cd4f8bd9186a24c30f7 -SIZE (opencryptoki-2.3.2.tar.bz2) = 665134 +TIMESTAMP = 1463579349 +SHA256 (opencryptoki-3.5.tgz) = 2789e3135196828e2b904faba766aa4c7fd9d1e67664df79bd9a05381a771452 +SIZE (opencryptoki-3.5.tgz) = 1031722 diff --git a/security/opencryptoki/files/patch-Makefile.am b/security/opencryptoki/files/patch-Makefile.am index d8d58bc388ac..c8b6767f98af 100644 --- a/security/opencryptoki/files/patch-Makefile.am +++ b/security/opencryptoki/files/patch-Makefile.am @@ -1,6 +1,6 @@ ---- Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900 -+++ Makefile.am 2010-11-23 22:35:25.112978674 +0900 -@@ -8,5 +8,5 @@ +--- Makefile.am.orig 2016-04-29 17:26:45 UTC ++++ Makefile.am +@@ -8,5 +8,5 @@ if ENABLE_DAEMON MISCDIR = misc endif diff --git a/security/opencryptoki/files/patch-configure.in b/security/opencryptoki/files/patch-configure.in index df7e9e90737d..dd2a9321b9e2 100644 --- a/security/opencryptoki/files/patch-configure.in +++ b/security/opencryptoki/files/patch-configure.in @@ -1,16 +1,16 @@ ---- configure.in.orig 2010-07-29 21:28:41.000000000 +0900 -+++ configure.in 2010-10-20 01:31:02.971984782 +0900 -@@ -8,6 +8,9 @@ +--- configure.in.orig 2016-04-29 17:26:45 UTC ++++ configure.in +@@ -6,6 +6,9 @@ AC_CANONICAL_SYSTEM AM_INIT_AUTOMAKE([foreign 1.6]) +AC_DEFINE(_BSD_SOURCE, 1, BSD functions) +AC_DEFINE(__BSD_VISIBLE, 1, BSD extensions) + - dnl Get the canonical host type - AC_CANONICAL_TARGET - -@@ -30,6 +33,7 @@ + dnl Checks for header files. + AC_DISABLE_STATIC + LT_INIT +@@ -25,6 +28,7 @@ AC_FUNC_MEMCMP AC_FUNC_STRFTIME AC_FUNC_VPRINTF AC_CHECK_FUNCS([getcwd]) @@ -18,9 +18,28 @@ dnl Used in various scripts AC_PATH_PROG([ID], [id], [/us/bin/id]) -@@ -193,6 +197,21 @@ +@@ -40,10 +44,16 @@ AC_PROG_YACC + + dnl Define custom variables + +-lockdir=$localstatedir/lock/opencryptoki ++AC_ARG_WITH([lockdir], ++ [AS_HELP_STRING([--with-lockdir],[lock directory])], ++ [lockdir=$withval], ++ [lockdir=$localstatedir/lock/opencryptoki]) + AC_SUBST(lockdir) + +-logdir=$localstatedir/log/opencryptoki ++AC_ARG_WITH([logdir], ++ [AS_HELP_STRING([--with-logdir],[log directory])], ++ [logdir=$withval], ++ [logdir=$localstatedir/log/opencryptoki]) + AC_SUBST(logdir) + + dnl --- +@@ -166,6 +176,21 @@ AC_ARG_WITH([systemd], [], - [with_xcryptolinz=check]) + [with_systemd=no]) +dnl --- check for pkcs11 user +AC_ARG_WITH([pkcs11user], @@ -40,20 +59,38 @@ dnl --- dnl --- dnl --- Now that we have all the options, let's check for a valid build -@@ -630,11 +649,15 @@ +@@ -554,13 +579,31 @@ fi - CFLAGS="$CFLAGS $DEBUG_CFLAGS -DPKCS64 -D_XOPEN_SOURCE=500" + AM_CONDITIONAL([ENABLE_PKCSEP11_MIGRATE], [test "x$enable_pkcsep11_migrate" = "xyes"]) --CFLAGS+=' -DCONFIG_PATH=\"$(localstatedir)/lib/opencryptoki\" -DSBIN_PATH=\"$(sbindir)\" -DLIB_PATH=\"$(libdir)\"' -+CFLAGS="$CFLAGS -DCONFIG_PATH='\"$localstatedir/lib/opencryptoki\"' -DSBIN_PATH='\"$sbindir\"' -DLIB_PATH='\"$libdir\"'" -+ -+CFLAGS="$CFLAGS -DPKCS11USER='\"${pkcs11_user}\"' -DPKCS11GROUP='\"${pkcs11_group}\"'" +-CFLAGS="$CFLAGS -DPKCS64 -D_XOPEN_SOURCE=600 -Wall -Wno-pointer-sign" +- +-CFLAGS+=' -DCONFIG_PATH=\"$(localstatedir)/lib/opencryptoki\" -DSBIN_PATH=\"$(sbindir)\" -DLIB_PATH=\"$(libdir)\" -DLOCKDIR_PATH=\"$(lockdir)\" -DOCK_CONFDIR=\"$(sysconfdir)/opencryptoki\" -DOCK_LOGDIR=\"$(logdir)\"' ++CFLAGS="$CFLAGS \ ++ -Wall \ ++ -Wno-pointer-sign \ ++" ++CPPFX=' \ ++ -DCONFIG_PATH=\"$(localstatedir)/lib/opencryptoki\" \ ++ -DSBIN_PATH=\"$(sbindir)\" \ ++ -DLIB_PATH=\"$(libdir)\" \ ++ -DLOCKDIR_PATH=\"$(lockdir)\" \ ++ -DOCK_CONFDIR=\"$(sysconfdir)/opencryptoki\" \ ++ -DOCK_LOGDIR=\"$(logdir)\" \ ++' ++CPPFLAGS="$CPPFLAGS \ ++ -DPKCS64 \ ++ -D_XOPEN_SOURCE=600 \ ++ $CPPFX \ ++ -DPKCS11USER=\\\"${pkcs11_user}\\\" \ ++ -DPKCS11GROUP=\\\"${pkcs11_group}\\\" \ ++" # At this point, CFLAGS is set to something sensible AC_PROG_CC +AC_SUBST(FPIC, $lt_prog_compiler_pic) + - AC_OUTPUT([Makefile usr/Makefile \ + AC_CONFIG_FILES([Makefile usr/Makefile \ usr/include/Makefile \ usr/include/pkcs11/Makefile \ diff --git a/security/opencryptoki/files/patch-usr-include-pkcs11-apictl.h b/security/opencryptoki/files/patch-usr-include-pkcs11-apictl.h deleted file mode 100644 index 192c312b5063..000000000000 --- a/security/opencryptoki/files/patch-usr-include-pkcs11-apictl.h +++ /dev/null @@ -1,11 +0,0 @@ ---- usr/include/pkcs11/apictl.h.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/include/pkcs11/apictl.h 2010-10-19 23:42:04.580983829 +0900 -@@ -296,7 +296,7 @@ - - - #include <pkcs11types.h> --#include <linux/limits.h> -+#include <limits.h> - #include <local_types.h> - #include <stdll.h> - #include <slotmgr.h> diff --git a/security/opencryptoki/files/patch-usr-include-pkcs11-slotmgr.h b/security/opencryptoki/files/patch-usr-include-pkcs11-slotmgr.h deleted file mode 100644 index ce9be4e17b33..000000000000 --- a/security/opencryptoki/files/patch-usr-include-pkcs11-slotmgr.h +++ /dev/null @@ -1,11 +0,0 @@ ---- usr/include/pkcs11/slotmgr.h.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/include/pkcs11/slotmgr.h 2010-10-19 23:42:55.423984058 +0900 -@@ -301,7 +301,7 @@ - - - #include <pkcs11types.h> --#include <linux/limits.h> -+#include <limits.h> - #include <local_types.h> - #include <pthread.h> - diff --git a/security/opencryptoki/files/patch-usr-include-pkcs11-stdll.h b/security/opencryptoki/files/patch-usr-include-pkcs11-stdll.h deleted file mode 100644 index 8ee112945d9e..000000000000 --- a/security/opencryptoki/files/patch-usr-include-pkcs11-stdll.h +++ /dev/null @@ -1,11 +0,0 @@ ---- usr/include/pkcs11/stdll.h.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/include/pkcs11/stdll.h 2010-10-19 23:43:40.418984281 +0900 -@@ -302,7 +302,7 @@ - - - #include <pkcs11types.h> --#include <linux/limits.h> -+#include <limits.h> - #include <local_types.h> - #include <slotmgr.h> - diff --git a/security/opencryptoki/files/patch-usr-lib-Makefile.am b/security/opencryptoki/files/patch-usr-lib-Makefile.am index 64a1781ba81c..ff1023b1e9a4 100644 --- a/security/opencryptoki/files/patch-usr-lib-Makefile.am +++ b/security/opencryptoki/files/patch-usr-lib-Makefile.am @@ -1,6 +1,6 @@ ---- usr/lib/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/Makefile.am 2010-11-24 02:34:56.159978814 +0900 -@@ -1,10 +1,2 @@ +--- usr/lib/Makefile.am.orig 2016-04-29 17:26:45 UTC ++++ usr/lib/Makefile.am +@@ -1,12 +1,4 @@ SUBDIRS = pkcs11 -install-data-hook: @@ -11,3 +11,5 @@ - $(DESTDIR)/etc/ld.so.conf.d/opencryptoki-$(target_cpu).conf - echo "**** Remember you must run ldconfig before using the above settings ****" - + uninstall-hook: + rm -f $(DESTDIR)/etc/ld.so.conf.d/opencryptoki-$(target_cpu).conf diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-aep_stdll-Makefile.am b/security/opencryptoki/files/patch-usr-lib-pkcs11-aep_stdll-Makefile.am deleted file mode 100644 index 424ea1b8c461..000000000000 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-aep_stdll-Makefile.am +++ /dev/null @@ -1,11 +0,0 @@ ---- usr/lib/pkcs11/aep_stdll/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/aep_stdll/Makefile.am 2010-10-19 23:45:36.945982287 +0900 -@@ -6,7 +6,7 @@ - - # Not all versions of automake observe libname_CFLAGS - opencryptoki_stdll_libpkcs11_aep_la_CFLAGS = -DSPINXPL -DDEV \ ---D_THREAD_SAFE -fPIC -DSHALLOW=0 -DSWTOK=1 -DLITE=0 -DNOCDMF -DNOMD2 \ -+-D_THREAD_SAFE $(FPIC) -DSHALLOW=0 -DSWTOK=1 -DLITE=0 -DNOCDMF -DNOMD2 \ - -DNODSA -DDEBUGON -DAEP_GENERIC -DNORIPE -DSTDLL_NAME=\"aeptok\" - - opencryptoki_stdll_libpkcs11_aep_la_SOURCES = ../common/asn1.c \ diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-api-Makefile.am b/security/opencryptoki/files/patch-usr-lib-pkcs11-api-Makefile.am index caf3d7e49ff1..9c2819d4bf46 100644 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-api-Makefile.am +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-api-Makefile.am @@ -1,6 +1,6 @@ ---- usr/lib/pkcs11/api/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/api/Makefile.am 2010-10-19 23:49:45.125982519 +0900 -@@ -4,13 +4,13 @@ +--- usr/lib/pkcs11/api/Makefile.am.orig 2016-04-29 17:26:45 UTC ++++ usr/lib/pkcs11/api/Makefile.am +@@ -4,13 +4,13 @@ SO_CURRENT=0 SO_REVISION=0 SO_AGE=0 @@ -10,9 +10,9 @@ $(SO_CURRENT):$(SO_REVISION):$(SO_AGE) # Not all versions of automake observe libname_CFLAGS - opencryptoki_libopencryptoki_la_CFLAGS = -DSPINXPL -DAPI -DDEV -D_THREAD_SAFE \ -- -fPIC -I../. -I../../../include/pkcs11 -+ $(FPIC) -I../. -I../../../include/pkcs11 - - opencryptoki_libopencryptoki_la_SOURCES = api_interface.c shrd_mem.c apiutil.c + opencryptoki_libopencryptoki_la_CFLAGS = -DAPI -DDEV -D_THREAD_SAFE \ +- -fPIC -I../. -I../../../include/pkcs11 \ ++ $(FPIC) -I../. -I../../../include/pkcs11 \ + -I ../common -DSTDLL_NAME=\"api\" + opencryptoki_libopencryptoki_la_SOURCES = api_interface.c shrd_mem.c \ diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-api-api_interface.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-api-api_interface.c deleted file mode 100644 index e8dc61475253..000000000000 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-api-api_interface.c +++ /dev/null @@ -1,35 +0,0 @@ ---- usr/lib/pkcs11/api/api_interface.c.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/api/api_interface.c 2010-10-19 23:52:25.355983620 +0900 -@@ -2390,7 +2390,7 @@ - C_GetFunctionList ( CK_FUNCTION_LIST_PTR_PTR ppFunctionList ) - { - -- _init(); -+ api_init(); - - LOG("C_GetFunctionList"); - FuncList.version.major = VERSION_MAJOR; -@@ -5168,7 +5168,11 @@ - - } - -+#ifdef __sun -+#pragma init(api_init) -+#else - void api_init(void) __attribute__((constructor)); -+#endif - - void - api_init(void) -@@ -5194,7 +5198,11 @@ - - } - -+#ifdef __sun -+#pragma fini(api_fini) -+#else - void api_fini(void) __attribute__((destructor)); -+#endif - - void - api_fini() diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-api-apiutil.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-api-apiutil.c index 350878557631..12ad45d9473a 100644 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-api-apiutil.c +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-api-apiutil.c @@ -1,6 +1,6 @@ ---- usr/lib/pkcs11/api/apiutil.c.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/api/apiutil.c 2010-10-19 23:54:52.374982634 +0900 -@@ -305,10 +305,10 @@ +--- usr/lib/pkcs11/api/apiutil.c.orig 2016-04-29 17:26:45 UTC ++++ usr/lib/pkcs11/api/apiutil.c +@@ -298,10 +298,10 @@ #include <string.h> #include <strings.h> #include <unistd.h> @@ -12,33 +12,11 @@ #include <sys/ipc.h> -@@ -325,10 +325,28 @@ +@@ -314,7 +314,6 @@ #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> -#include <sys/file.h> - static int xplfd=-1; - #endif -+#ifdef __sun -+#define LOCK_EX F_LOCK -+#define LOCK_UN F_ULOCK -+#define flock(fd, func) lockf(fd, func, 0) -+#endif -+ -+#ifndef LOCK_SH -+#define LOCK_SH 1 /* shared lock */ -+#endif -+#ifndef LOCK_EX -+#define LOCK_EX 2 /* exclusive lock */ -+#endif -+#ifndef LOCK_NB -+#define LOCK_NB 4 /* don't block when locking */ -+#endif -+#ifndef LOCK_UN -+#define LOCK_UN 8 /* unlock */ -+#endif -+ - #include <libgen.h> + static int xplfd = -1; - #define LIBLOCATION LIB_PATH diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-api-shrd_mem.c.in b/security/opencryptoki/files/patch-usr-lib-pkcs11-api-shrd_mem.c.in index f615f1f34a35..cda7f3706529 100644 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-api-shrd_mem.c.in +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-api-shrd_mem.c.in @@ -1,11 +1,11 @@ ---- usr/lib/pkcs11/api/shrd_mem.c.in.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/api/shrd_mem.c.in 2010-10-19 23:56:22.728981736 +0900 -@@ -353,7 +353,7 @@ - - - // SAB check for the group id here and membership here as well -- grp = getgrnam("pkcs11"); -+ grp = getgrnam(PKCS11GROUP); - if ( grp ) { - int i=0; - char member=0; +--- usr/lib/pkcs11/api/shrd_mem.c.in.orig 2016-04-29 17:26:45 UTC ++++ usr/lib/pkcs11/api/shrd_mem.c.in +@@ -357,7 +357,7 @@ attach_shared_memory() { + // only check group membership if not root user + if (uid != 0 && euid != 0) { + int i, member=0; +- grp = getgrnam("pkcs11"); ++ grp = getgrnam(PKCS11GROUP); + if (!grp) { + // group pkcs11 not known to the system + return NULL; diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-api-socket_client.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-api-socket_client.c new file mode 100644 index 000000000000..92290bf70905 --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-api-socket_client.c @@ -0,0 +1,11 @@ +--- usr/lib/pkcs11/api/socket_client.c.orig 2016-04-29 17:26:45 UTC ++++ usr/lib/pkcs11/api/socket_client.c +@@ -320,7 +320,7 @@ init_socket_data() { + return FALSE; + } + +- grp = getgrnam("pkcs11"); ++ grp = getgrnam(PKCS11GROUP); + if ( !grp ) { + OCK_SYSLOG(LOG_ERR, "init_socket_data: pkcs11 group does not exist, errno=%d", errno); + return FALSE; diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-bcom_stdll-Makefile.am b/security/opencryptoki/files/patch-usr-lib-pkcs11-bcom_stdll-Makefile.am deleted file mode 100644 index 30c7b7da9d91..000000000000 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-bcom_stdll-Makefile.am +++ /dev/null @@ -1,11 +0,0 @@ ---- usr/lib/pkcs11/bcom_stdll/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/bcom_stdll/Makefile.am 2010-10-19 23:57:38.434983522 +0900 -@@ -8,7 +8,7 @@ - - # Not all versions of automake observe libname_CFLAGS - opencryptoki_stdll_libpkcs11_bc_la_CFLAGS = -DSPINXPL -DDEV \ ---D_THREAD_SAFE -fPIC $(VARIANT) -DNOCDMF -DNOMD2 -DNODSA -DNOAES \ -+-D_THREAD_SAFE $(FPIC) $(VARIANT) -DNOCDMF -DNOMD2 -DNODSA -DNOAES \ - -DNODH -DDEBUGON -DNORIPE -DSTDLL_NAME=\"bcomtok\" - - opencryptoki_stdll_libpkcs11_bc_la_SOURCES = ../common/asn1.c \ diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-Makefile.am b/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-Makefile.am new file mode 100644 index 000000000000..c78feb04a83c --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-Makefile.am @@ -0,0 +1,18 @@ +--- usr/lib/pkcs11/cca_stdll/Makefile.am.orig 2016-04-29 17:26:45 UTC ++++ usr/lib/pkcs11/cca_stdll/Makefile.am +@@ -66,12 +66,12 @@ install-data-hook: + cd $(DESTDIR)/$(libdir)/opencryptoki/stdll && \ + ln -sf libpkcs11_cca.so PKCS11_CCA.so + $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ +- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ +- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok + $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ + $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok + $(MKDIR_P) $(DESTDIR)$(lockdir)/ccatok +- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/ccatok ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/ccatok + $(CHMOD) 0770 $(DESTDIR)$(lockdir)/ccatok + + uninstall-hook: diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-host_defs.h b/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-host_defs.h deleted file mode 100644 index 4db0453f3d2c..000000000000 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-host_defs.h +++ /dev/null @@ -1,27 +0,0 @@ ---- usr/lib/pkcs11/cca_stdll/host_defs.h.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/cca_stdll/host_defs.h 2010-10-19 23:59:33.363984758 +0900 -@@ -10,13 +10,24 @@ - */ - - -+#include <sys/types.h> - #include <sys/mman.h> - #ifndef _HOST_DEFS_H - #define _HOST_DEFS_H - - #include <semaphore.h> - #include <pthread.h> -+#if defined(__OpenBSD__) || defined(__FreeBSD__) -+#include <sys/endian.h> -+#ifdef _BYTE_ORDER -+#define __BYTE_ORDER _BYTE_ORDER -+#endif -+#ifdef _LITTLE_ENDIAN -+#define __LITTLE_ENDIAN _LITTLE_ENDIAN -+#endif -+#else - #include <endian.h> -+#endif - - #include "pkcs32.h" - // Both of the strings below have a length of 32 chars and must be diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-loadsave.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-loadsave.c deleted file mode 100644 index fd6dc631209f..000000000000 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-loadsave.c +++ /dev/null @@ -1,23 +0,0 @@ ---- usr/lib/pkcs11/cca_stdll/loadsave.c.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/cca_stdll/loadsave.c 2010-10-20 01:49:50.769984323 +0900 -@@ -22,11 +22,9 @@ - #include <string.h> - #include <strings.h> - #include <unistd.h> --#include <alloca.h> - #include <sys/types.h> - #include <sys/stat.h> - #include <sys/ipc.h> --#include <sys/file.h> - #include <errno.h> - - #include <pwd.h> -@@ -51,7 +49,7 @@ - // Set absolute permissions or rw-rw-r-- - fchmod(file,S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH); - -- grp = getgrnam("pkcs11"); // Obtain the group id -+ grp = getgrnam(PKCS11GROUP); // Obtain the group id - if (grp){ - fchown(file,getuid(),grp->gr_gid); // set ownership to root, and pkcs11 group - } diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-new_host.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-new_host.c deleted file mode 100644 index c00cf212bad4..000000000000 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-new_host.c +++ /dev/null @@ -1,52 +0,0 @@ ---- usr/lib/pkcs11/cca_stdll/new_host.c.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/cca_stdll/new_host.c 2010-10-20 00:06:26.575983974 +0900 -@@ -298,7 +298,7 @@ - struct group *grp; - int rc = 0; - gid_t gid,egid; -- grp = getgrnam("pkcs11"); -+ grp = getgrnam(PKCS11GROUP); - if (grp) { - // Check for member of group.. - // SAB get login seems to not work with some -@@ -786,7 +786,19 @@ - // - object_mgr_destroy_token_objects(); - #if 0 /* TODO: Implement delete_all_files_in_dir() */ -+#if HAVE_ASPRINTF - local_rc = asprintf(&pk_full_path, "%s/%s", pk_dir, PK_LITE_OBJ_DIR); -+#else -+ pk_full_path = malloc(1024); -+ if( pk_full_path != NULL ) { -+ local_rc = snprintf(pk_full_path, 1023, "%s/%s", -+ pk_dir, PK_LITE_OBJ_DIR); -+ if( local_rc == -1 ) free(pk_full_path); -+ } -+ else { -+ local_rc = -1; -+ } -+#endif - if (local_rc == -1) { - rc = CKR_HOST_MEMORY; - goto out; -@@ -797,8 +809,20 @@ - goto out; - } - #endif -+#if HAVE_ASPRINTF - local_rc = asprintf(&s, "%s %s/%s/* > /dev/null 2>&1", DEL_CMD, pk_dir, - PK_LITE_OBJ_DIR); -+#else -+ s = malloc(1024); -+ if( s != NULL ) { -+ local_rc = snprintf(s, 1023, "%s %s/%s/* > /dev/null 2>&1", -+ DEL_CMD, pk_dir, PK_LITE_OBJ_DIR); -+ if( local_rc == -1 ) free(s); -+ } -+ else { -+ local_rc = -1; -+ } -+#endif - if (local_rc == -1) { - rc = CKR_HOST_MEMORY; - goto out; diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-tok_spec_struct.h b/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-tok_spec_struct.h deleted file mode 100644 index 302deaba508e..000000000000 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-tok_spec_struct.h +++ /dev/null @@ -1,15 +0,0 @@ ---- usr/lib/pkcs11/cca_stdll/tok_spec_struct.h.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/cca_stdll/tok_spec_struct.h 2010-10-20 00:08:00.317982423 +0900 -@@ -22,9 +22,9 @@ - #define _TOK_SPECIFIC_STRUCT - - struct token_specific_struct{ -- CK_BYTE token_directory[2048]; // Used to be in the token_local.h as a #def -- CK_BYTE token_subdir[2048]; // subdirectory -- CK_BYTE token_debug_tag[2048]; // debug logging tag -+ CK_BYTE *token_directory; // Used to be in the token_local.h as a #def -+ CK_BYTE *token_subdir; // subdirectory -+ CK_BYTE *token_debug_tag; // debug logging tag - - CK_RV (*t_init)(char *,CK_SLOT_ID); // Initialization function - int (*t_slot2local)(); // convert the PKCS#11 slot to a local index diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-btree.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-btree.c new file mode 100644 index 000000000000..99b2e72e83cd --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-btree.c @@ -0,0 +1,11 @@ +--- usr/lib/pkcs11/common/btree.c.orig 2016-04-29 17:26:45 UTC ++++ usr/lib/pkcs11/common/btree.c +@@ -30,7 +30,7 @@ + + + #include <stdio.h> +-#include <malloc.h> ++#include <stdlib.h> + + #include "pkcs11types.h" + #include "local_types.h" diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-host_defs.h b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-host_defs.h index d111bf5e002f..ff265b810d7e 100644 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-host_defs.h +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-host_defs.h @@ -1,6 +1,6 @@ ---- usr/lib/pkcs11/common/host_defs.h.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/common/host_defs.h 2010-10-20 00:10:01.398983092 +0900 -@@ -294,13 +294,24 @@ +--- usr/lib/pkcs11/common/host_defs.h.orig 2016-04-29 17:26:45 UTC ++++ usr/lib/pkcs11/common/host_defs.h +@@ -294,12 +294,23 @@ /* (C) COPYRIGHT International Business Machines Corp. 2001,2002 */ @@ -9,19 +9,18 @@ #ifndef _HOST_DEFS_H #define _HOST_DEFS_H - #include <semaphore.h> #include <pthread.h> +#if defined(__OpenBSD__) || defined(__FreeBSD__) +#include <sys/endian.h> -+#ifdef _BYTE_ORDER -+#define __BYTE_ORDER _BYTE_ORDER ++#ifdef _BYTE_ORDER ++#define __BYTE_ORDER _BYTE_ORDER +#endif -+#ifdef _LITTLE_ENDIAN -+#define __LITTLE_ENDIAN _LITTLE_ENDIAN ++#ifdef _LITTLE_ENDIAN ++#define __LITTLE_ENDIAN _LITTLE_ENDIAN +#endif +#else #include <endian.h> +#endif #include "pkcs32.h" - // Both of the strings below have a length of 32 chars and must be + diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-loadsave.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-loadsave.c index f213b304b0a8..4a907660fcb6 100644 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-loadsave.c +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-loadsave.c @@ -1,6 +1,6 @@ ---- usr/lib/pkcs11/common/loadsave.c.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/common/loadsave.c 2010-10-20 00:11:28.399983780 +0900 -@@ -301,11 +301,9 @@ +--- usr/lib/pkcs11/common/loadsave.c.orig 2016-04-29 17:26:45 UTC ++++ usr/lib/pkcs11/common/loadsave.c +@@ -293,11 +293,9 @@ #include <string.h> #include <strings.h> #include <unistd.h> @@ -10,14 +10,14 @@ #include <sys/ipc.h> -#include <sys/file.h> #include <errno.h> - + #include <syslog.h> #include <pwd.h> -@@ -328,7 +326,7 @@ - // Set absolute permissions or rw-rw-r-- - fchmod(file,S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH); +@@ -637,7 +635,7 @@ void set_perm(int file) + // Set absolute permissions or rw-rw---- + fchmod(file, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP); -- grp = getgrnam("pkcs11"); // Obtain the group id -+ grp = getgrnam(PKCS11GROUP); // Obtain the group id - if (grp){ - fchown(file,getuid(),grp->gr_gid); // set ownership to root, and pkcs11 group - } +- grp = getgrnam("pkcs11"); // Obtain the group id ++ grp = getgrnam(PKCS11GROUP); // Obtain the group id + if (grp) { + // set ownership to root, and pkcs11 group + if (fchown(file, getuid(), grp->gr_gid) != 0) { diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-new_host.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-new_host.c deleted file mode 100644 index 0c1cc783c420..000000000000 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-new_host.c +++ /dev/null @@ -1,52 +0,0 @@ ---- usr/lib/pkcs11/common/new_host.c.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/common/new_host.c 2010-10-20 00:16:08.274985517 +0900 -@@ -576,7 +576,7 @@ - struct group *grp; - int rc = 0; - gid_t gid,egid; -- grp = getgrnam("pkcs11"); -+ grp = getgrnam(PKCS11GROUP); - if (grp) { - // Check for member of group.. - // SAB get login seems to not work with some -@@ -1064,7 +1064,19 @@ - // - object_mgr_destroy_token_objects(); - #if 0 /* TODO: Implement delete_all_files_in_dir() */ -+#if HAVE_ASPRINTF - local_rc = asprintf(&pk_full_path, "%s/%s", pk_dir, PK_LITE_OBJ_DIR); -+#else -+ pk_full_path = malloc(1024); -+ if( pk_full_path != NULL ) { -+ local_rc = snprintf(pk_full_path, 1023, "%s/%s", -+ pk_dir, PK_LITE_OBJ_DIR); -+ if( local_rc == -1 ) free(pk_full_path); -+ } -+ else { -+ local_rc = -1; -+ } -+#endif - if (local_rc == -1) { - rc = CKR_HOST_MEMORY; - goto out; -@@ -1075,8 +1087,20 @@ - goto out; - } - #endif -+#if HAVE_ASPRINTF - local_rc = asprintf(&s, "%s %s/%s/* > /dev/null 2>&1", DEL_CMD, pk_dir, - PK_LITE_OBJ_DIR); -+#else -+ s = malloc(1024); -+ if( s != NULL ) { -+ local_rc = snprintf(s, 1023, "%s %s/%s/* > /dev/null 2>&1", -+ DEL_CMD, pk_dir, PK_LITE_OBJ_DIR); -+ if( local_rc == -1 ) free(s); -+ } -+ else { -+ local_rc = -1; -+ } -+#endif - if (local_rc == -1) { - rc = CKR_HOST_MEMORY; - goto out; diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-tok_spec_struct.h b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-tok_spec_struct.h deleted file mode 100644 index bcbfff0dd613..000000000000 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-tok_spec_struct.h +++ /dev/null @@ -1,15 +0,0 @@ ---- usr/lib/pkcs11/common/tok_spec_struct.h.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/common/tok_spec_struct.h 2010-10-20 00:17:28.288984976 +0900 -@@ -308,9 +308,9 @@ - #define _TOK_SPECIFIC_STRUCT - - struct token_specific_struct{ -- CK_BYTE token_directory[PATH_MAX]; // Used to be in the token_local.h as a #def -- CK_BYTE token_subdir[PATH_MAX]; // subdirectory -- CK_BYTE token_debug_tag[PATH_MAX]; // debug logging tag -+ CK_BYTE *token_directory; // Used to be in the token_local.h as a #def -+ CK_BYTE *token_subdir; // subdirectory -+ CK_BYTE *token_debug_tag; // debug logging tag - - CK_RV (*t_init)(char *,CK_SLOT_ID); // Initialization function - int (*t_slot2local)(); // convert the PKCS#11 slot to a local index diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-trace.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-trace.c new file mode 100644 index 000000000000..52af68444618 --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-trace.c @@ -0,0 +1,19 @@ +--- usr/lib/pkcs11/common/trace.c.orig 2016-04-29 17:26:46 UTC ++++ usr/lib/pkcs11/common/trace.c +@@ -301,6 +301,7 @@ + #include <unistd.h> + #include <sys/file.h> + #include <sys/types.h> ++#include <sys/stat.h> + + #include "pkcs11types.h" + #include "defs.h" +@@ -449,7 +450,7 @@ CK_RV trace_initialize(void) + return(CKR_FUNCTION_FAILED); + } + +- grp = getgrnam("pkcs11"); ++ grp = getgrnam(PKCS11GROUP); + if (grp == NULL) { + OCK_SYSLOG(LOG_ERR, "getgrnam(pkcs11) failed: %s." + "Tracing is disabled.\n", strerror(errno)); diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-utility.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-utility.c index 77e821c60edc..f8ddb5bb7682 100644 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-common-utility.c +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-common-utility.c @@ -1,11 +1,14 @@ ---- usr/lib/pkcs11/common/utility.c.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/common/utility.c 2010-10-20 00:19:02.740983592 +0900 -@@ -302,6 +302,26 @@ - #include <errno.h> - #include <pwd.h> +--- usr/lib/pkcs11/common/utility.c.orig 2016-04-29 17:26:46 UTC ++++ usr/lib/pkcs11/common/utility.c +@@ -275,9 +275,28 @@ + legal action under this Agreement more than one year after + the cause of action arose. Each party waives its rights to + a jury trial in any resulting litigation. ++*/ +#include <fcntl.h> -+ + +-*/ +#ifdef __sun +#define LOCK_EX F_LOCK +#define LOCK_UN F_ULOCK @@ -25,5 +28,23 @@ +#define LOCK_UN 8 /* unlock */ +#endif - #include "pkcs11types.h" - #include "defs.h" + /* (C) COPYRIGHT International Business Machines Corp. 2001,2002 */ + +@@ -587,7 +606,7 @@ CK_RV CreateXProcLock(void) + goto err; + } + +- grp = getgrnam("pkcs11"); ++ grp = getgrnam(PKCS11GROUP); + if (grp != NULL) { + if (fchown(spinxplfd, -1, grp->gr_gid) + == -1) { +@@ -1131,7 +1150,7 @@ CK_RV check_user_and_group() + * when forked). So we need to get the group information. + * Really need to take the uid and map it to a name. + */ +- grp = getgrnam("pkcs11"); ++ grp = getgrnam(PKCS11GROUP); + if (grp == NULL) { + OCK_SYSLOG(LOG_ERR, "getgrnam() failed: %s\n", strerror(errno)); + goto error; diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-cr_stdll-Makefile.am b/security/opencryptoki/files/patch-usr-lib-pkcs11-cr_stdll-Makefile.am deleted file mode 100644 index dbf0a2ff35ce..000000000000 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-cr_stdll-Makefile.am +++ /dev/null @@ -1,18 +0,0 @@ ---- usr/lib/pkcs11/cr_stdll/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/cr_stdll/Makefile.am 2010-10-20 00:20:46.987982761 +0900 -@@ -2,13 +2,13 @@ - - opencryptoki_stdll_libpkcs11_cr_la_LDFLAGS = $(LCRYPTO) $(CR_LIB_DIRS) \ - -nostartfiles -shared -Wl,-Bsymbolic -Wl,-soname,PKCS11_BC.so.1 -lc \ ---lpthread -lsocketarmor -ldl -lcrypto -+-lpthread -lsocketarmor -lcrypto - - VARIANT = -DSHALLOW=0 -DSWTOK=1 -DLITE=0 - - # Not all versions of automake observe libname_CFLAGS - opencryptoki_stdll_libpkcs11_cr_la_CFLAGS = -DSPINXPL -DDEV \ ---D_THREAD_SAFE -fPIC $(VARIANT) -DNOCDMF -DNOMD2 -DNODSA -DDEBUGON -+-D_THREAD_SAFE $(FPIC) $(VARIANT) -DNOCDMF -DNOMD2 -DNODSA -DDEBUGON - - opencryptoki_stdll_libpkcs11_cr_la_SOURCES = ../common/asn1.c \ - ../common/cert.c ../common/hwf_obj.c ../common/dp_obj.c \ diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-ica_s390_stdll-Makefile.am b/security/opencryptoki/files/patch-usr-lib-pkcs11-ica_s390_stdll-Makefile.am index 3dbaac74a518..ae622c3da917 100644 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-ica_s390_stdll-Makefile.am +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-ica_s390_stdll-Makefile.am @@ -1,16 +1,33 @@ ---- usr/lib/pkcs11/ica_s390_stdll/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/ica_s390_stdll/Makefile.am 2010-10-20 00:22:00.867981839 +0900 -@@ -2,11 +2,11 @@ - - opencryptoki_stdll_libpkcs11_ica_la_LDFLAGS = $(LCRYPTO) \ - $(ICA_LIB_DIRS) -nostartfiles -shared -Wl,-Bsymbolic -Wl,-soname,$@ \ ---Wl,-Bsymbolic -lc -lpthread -lica -ldl -lcrypto -+-Wl,-Bsymbolic -lc -lpthread -lica -lcrypto +--- usr/lib/pkcs11/ica_s390_stdll/Makefile.am.orig 2016-04-29 17:26:46 UTC ++++ usr/lib/pkcs11/ica_s390_stdll/Makefile.am +@@ -6,12 +6,12 @@ opencryptoki_stdll_libpkcs11_ica_la_LDFL + -Wl,-Bsymbolic \ + -Wl,-soname,$@ \ + -Wl,-Bsymbolic -lc \ +- -lpthread -lica -ldl \ ++ -lpthread -lica \ + -lcrypto # Not all versions of automake observe libname_CFLAGS - opencryptoki_stdll_libpkcs11_ica_la_CFLAGS = -DSPINXPL -DDEV \ ---D_THREAD_SAFE -fPIC -DSHALLOW=0 -DSWTOK=0 -DLITE=1 -DNODH \ -+-D_THREAD_SAFE $(FPIC) -DSHALLOW=0 -DSWTOK=0 -DLITE=1 -DNODH \ - -DNOCDMF -DNOMD2 -DNODSA -DSTDLL_NAME=\"icatok\" + opencryptoki_stdll_libpkcs11_ica_la_CFLAGS = -DDEV \ +- -D_THREAD_SAFE -fPIC \ ++ -D_THREAD_SAFE $(FPIC) \ + -DSHALLOW=0 -DSWTOK=0 \ + -DLITE=1 -DNODH \ + -DNOCDMF -DNOMD2 -DNODSA \ +@@ -64,12 +64,12 @@ install-data-hook: + cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ + ln -sf libpkcs11_ica.so PKCS11_ICA.so + $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ +- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ +- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite + $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ + $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite + $(MKDIR_P) $(DESTDIR)$(lockdir)/lite +- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/lite ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/lite + $(CHMOD) 0770 $(DESTDIR)$(lockdir)/lite - opencryptoki_stdll_libpkcs11_ica_la_SOURCES = ../common/asn1.c \ + uninstall-hook: diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-ica_stdll-Makefile.am b/security/opencryptoki/files/patch-usr-lib-pkcs11-ica_stdll-Makefile.am deleted file mode 100644 index 6d41bd3d8b03..000000000000 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-ica_stdll-Makefile.am +++ /dev/null @@ -1,21 +0,0 @@ ---- usr/lib/pkcs11/ica_stdll/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/ica_stdll/Makefile.am 2010-10-20 00:23:51.161996275 +0900 -@@ -2,15 +2,15 @@ - - opencryptoki_stdll_libpkcs11_ica_la_LDFLAGS = $(LCRYPTO) \ - $(ICA_LIB_DIRS) -nostartfiles -shared -Wl,-Bsymbolic \ ---Wl,-soname,PKCS11_ICA.so.1 -lc -lpthread -ldl -lica -+-Wl,-soname,PKCS11_ICA.so.1 -lc -lpthread -lica - - # Not all versions of automake observe libname_CFLAGS - opencryptoki_stdll_libpkcs11_ica_la_CFLAGS = -DSPINXPL -DDEV \ ---D_THREAD_SAFE -fPIC -DSHALLOW=0 -DSWTOK=0 -DLITE=1 -DNOCDMF -DNOMD2 \ -+-D_THREAD_SAFE $(FPIC) -DSHALLOW=0 -DSWTOK=0 -DLITE=1 -DNOCDMF -DNOMD2 \ - -DNODSA -DNOAES -DNODH -DNORIPE -DSTDLL_NAME=\"icatok\" - - # Not all versions of automake observe libname_CFLAGS --AM_CFLAGS = -DSPINXPL -DDEV -D_THREAD_SAFE -fPIC -DSHALLOW=0 -DSWTOK=0 \ -+AM_CFLAGS = -DSPINXPL -DDEV -D_THREAD_SAFE $(FPIC) -DSHALLOW=0 -DSWTOK=0 \ - -DLITE=1 -DNOCDMF -DNOMD2 -DNODSA -DNOAES -DNODH -DNORIPE - - opencryptoki_stdll_libpkcs11_ica_la_SOURCES= ../common/asn1.c \ diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-icsf_stdll-Makefile.am b/security/opencryptoki/files/patch-usr-lib-pkcs11-icsf_stdll-Makefile.am new file mode 100644 index 000000000000..1c47fa893638 --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-icsf_stdll-Makefile.am @@ -0,0 +1,15 @@ +--- usr/lib/pkcs11/icsf_stdll/Makefile.am.orig 2016-04-29 17:26:46 UTC ++++ usr/lib/pkcs11/icsf_stdll/Makefile.am +@@ -79,10 +79,10 @@ install-data-hook: + cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ + ln -sf libpkcs11_icsf.so PKCS11_ICSF.so + $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf +- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf + $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf + $(MKDIR_P) $(DESTDIR)$(lockdir)/icsf +- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/icsf ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/icsf + $(CHMOD) 0770 $(DESTDIR)$(lockdir)/icsf + + uninstall-hook: diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-icsf_stdll-pbkdf.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-icsf_stdll-pbkdf.c new file mode 100644 index 000000000000..297a45c88f8f --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-icsf_stdll-pbkdf.c @@ -0,0 +1,11 @@ +--- usr/lib/pkcs11/icsf_stdll/pbkdf.c.orig 2016-04-29 17:26:46 UTC ++++ usr/lib/pkcs11/icsf_stdll/pbkdf.c +@@ -337,7 +337,7 @@ set_perms(int file) + return CKR_FUNCTION_FAILED; + } + +- grp = getgrnam("pkcs11"); ++ grp = getgrnam(PKCS11GROUP); + if (grp) { + if (fchown(file, -1, grp->gr_gid) != 0) { + TRACE_ERROR("fchown failed: %s\n", strerror(errno)); diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-soft_stdll-Makefile.am b/security/opencryptoki/files/patch-usr-lib-pkcs11-soft_stdll-Makefile.am index 056d26b6f727..693bf997edff 100644 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-soft_stdll-Makefile.am +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-soft_stdll-Makefile.am @@ -1,11 +1,27 @@ ---- usr/lib/pkcs11/soft_stdll/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/soft_stdll/Makefile.am 2010-10-20 00:25:03.227984225 +0900 -@@ -7,7 +7,7 @@ - opencryptoki_stdll_libpkcs11_sw_la_CFLAGS = -DSPINXPL -DDEV -D_THREAD_SAFE \ +--- usr/lib/pkcs11/soft_stdll/Makefile.am.orig 2016-04-29 17:26:46 UTC ++++ usr/lib/pkcs11/soft_stdll/Makefile.am +@@ -7,7 +7,7 @@ opencryptoki_stdll_libpkcs11_sw_la_LDFLA + opencryptoki_stdll_libpkcs11_sw_la_CFLAGS = -DDEV -D_THREAD_SAFE \ -DSHALLOW=0 -DSWTOK=1 -DLITE=0 \ -DNOCDMF -DNOMD2 -DNODSA -DNORIPE \ -- -DDEBUGON -fPIC \ -+ -DDEBUGON $(FPIC) \ +- -fPIC \ ++ $(FPIC) \ -I/usr/include -I. \ -I../../../include/pkcs11/stdll \ -I../../../include/pkcs11 \ +@@ -56,12 +56,12 @@ install-data-hook: + cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ + ln -sf libpkcs11_sw.so PKCS11_SW.so + $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ +- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ +- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok + $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ + $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok + $(MKDIR_P) $(DESTDIR)$(lockdir)/swtok +- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/swtok ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/swtok + $(CHMOD) 0770 $(DESTDIR)$(lockdir)/swtok + + uninstall-hook: diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-soft_stdll-soft_specific.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-soft_stdll-soft_specific.c new file mode 100644 index 000000000000..3edd4fa87ad8 --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-soft_stdll-soft_specific.c @@ -0,0 +1,30 @@ +--- usr/lib/pkcs11/soft_stdll/soft_specific.c.orig 2016-04-29 17:26:46 UTC ++++ usr/lib/pkcs11/soft_stdll/soft_specific.c +@@ -298,7 +298,9 @@ + + + ****************************************************************************/ ++#ifndef _BSD_SOURCE + #define _BSD_SOURCE ++#endif + + #include <pthread.h> + #include <string.h> // for memcmp() et al +@@ -317,7 +319,17 @@ + #include <sys/types.h> + #include <sys/stat.h> + #include <fcntl.h> ++#if defined(__OpenBSD__) || defined(__FreeBSD__) ++#include <sys/endian.h> ++#ifdef _BYTE_ORDER ++#define __BYTE_ORDER _BYTE_ORDER ++#endif ++#ifdef _LITTLE_ENDIAN ++#define __LITTLE_ENDIAN _LITTLE_ENDIAN ++#endif ++#else + #include <endian.h> ++#endif + + #include <openssl/des.h> + #include <openssl/rand.h> diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-Makefile.am b/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-Makefile.am new file mode 100644 index 000000000000..b19510c5ccf1 --- /dev/null +++ b/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-Makefile.am @@ -0,0 +1,15 @@ +--- usr/lib/pkcs11/tpm_stdll/Makefile.am.orig 2016-04-29 17:26:46 UTC ++++ usr/lib/pkcs11/tpm_stdll/Makefile.am +@@ -71,10 +71,10 @@ install-data-hook: + cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ + ln -sf libpkcs11_tpm.so PKCS11_TPM.so + $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm +- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm + $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm + $(MKDIR_P) $(DESTDIR)$(lockdir)/tpm +- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/tpm ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/tpm + $(CHMOD) 0770 $(DESTDIR)$(lockdir)/tpm + + uninstall-hook: diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-host_defs.h b/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-host_defs.h deleted file mode 100644 index dcbdda52666c..000000000000 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-host_defs.h +++ /dev/null @@ -1,28 +0,0 @@ ---- usr/lib/pkcs11/tpm_stdll/host_defs.h.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/tpm_stdll/host_defs.h 2010-10-20 00:26:48.474982648 +0900 -@@ -2,13 +2,25 @@ - /* (C) COPYRIGHT International Business Machines Corp. 2001, 2002, 2005*/ - - -+#include <sys/types.h> - #include <sys/mman.h> - #ifndef _HOST_DEFS_H - #define _HOST_DEFS_H - - #include <semaphore.h> - #include <pthread.h> -+ -+#if defined(__OpenBSD__) || defined(__FreeBSD__) -+#include <sys/endian.h> -+#ifdef _BYTE_ORDER -+#define __BYTE_ORDER _BYTE_ORDER -+#endif -+#ifdef _LITTLE_ENDIAN -+#define __LITTLE_ENDIAN _LITTLE_ENDIAN -+#endif -+#else - #include <endian.h> -+#endif - - #include "pkcs32.h" - // Both of the strings below have a length of 32 chars and must be diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-loadsave.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-loadsave.c deleted file mode 100644 index 7144ab0d4f51..000000000000 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-loadsave.c +++ /dev/null @@ -1,11 +0,0 @@ ---- usr/lib/pkcs11/tpm_stdll/loadsave.c.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/tpm_stdll/loadsave.c 2010-10-20 00:27:47.109983972 +0900 -@@ -339,7 +339,7 @@ - fchmod(file,S_IRUSR|S_IWUSR); - - #if 0 -- grp = getgrnam("pkcs11"); // Obtain the group id -+ grp = getgrnam(PKCS11GROUP); // Obtain the group id - if (grp){ - fchown(file,getuid(),grp->gr_gid); // set ownership to root, and pkcs11 group - } diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-new_host.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-new_host.c deleted file mode 100644 index b89f2b1ecb78..000000000000 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-new_host.c +++ /dev/null @@ -1,11 +0,0 @@ ---- usr/lib/pkcs11/tpm_stdll/new_host.c.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/tpm_stdll/new_host.c 2010-10-20 00:29:17.108984288 +0900 -@@ -356,7 +356,7 @@ - int rc = 0; - int index = 0; - gid_t gid,egid; -- grp = getgrnam("pkcs11"); -+ grp = getgrnam(PKCS11GROUP); - if ( grp ) { - // Check for member of group.. - diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-tok_spec_struct.h b/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-tok_spec_struct.h deleted file mode 100644 index c49362f92053..000000000000 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-tok_spec_struct.h +++ /dev/null @@ -1,15 +0,0 @@ ---- usr/lib/pkcs11/tpm_stdll/tok_spec_struct.h.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/tpm_stdll/tok_spec_struct.h 2010-10-20 00:30:22.991986453 +0900 -@@ -33,9 +33,9 @@ - #define _TOK_SPECIFIC_STRUCT - - struct token_specific_struct{ -- CK_BYTE token_directory[PATH_MAX]; // Used to be in the token_local.h as a #def -- CK_BYTE token_subdir[PATH_MAX]; // subdirectory -- CK_BYTE token_debug_tag[PATH_MAX]; // debug logging tag -+ CK_BYTE *token_directory; // Used to be in the token_local.h as a #def -+ CK_BYTE *token_subdir; // subdirectory -+ CK_BYTE *token_debug_tag; // debug logging tag - - CK_RV (*t_init)(char *,CK_SLOT_ID); // Initialization function - int (*t_slot2local)(); // convert the PKCS#11 slot to a local index diff --git a/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-utility.c b/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-utility.c deleted file mode 100644 index db9dc344854e..000000000000 --- a/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-utility.c +++ /dev/null @@ -1,30 +0,0 @@ ---- usr/lib/pkcs11/tpm_stdll/utility.c.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/tpm_stdll/utility.c 2010-10-20 00:33:02.810983787 +0900 -@@ -44,6 +44,27 @@ - #include "tok_spec_struct.h" - #include "pkcs32.h" - -+#include <fcntl.h> -+ -+#ifdef __sun -+#define LOCK_EX F_LOCK -+#define LOCK_UN F_ULOCK -+#define flock(fd, func) lockf(fd, func, 0) -+#endif -+ -+#ifndef LOCK_SH -+#define LOCK_SH 1 /* shared lock */ -+#endif -+#ifndef LOCK_EX -+#define LOCK_EX 2 /* exclusive lock */ -+#endif -+#ifndef LOCK_NB -+#define LOCK_NB 4 /* don't block when locking */ -+#endif -+#ifndef LOCK_UN -+#define LOCK_UN 8 /* unlock */ -+#endif -+ - #if (SPINXPL) - #include <sys/file.h> - #endif diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcs11_startup-Makefile.am b/security/opencryptoki/files/patch-usr-sbin-pkcs11_startup-Makefile.am deleted file mode 100644 index 5a4da539916b..000000000000 --- a/security/opencryptoki/files/patch-usr-sbin-pkcs11_startup-Makefile.am +++ /dev/null @@ -1,11 +0,0 @@ ---- usr/sbin/pkcs11_startup/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/sbin/pkcs11_startup/Makefile.am 2010-10-22 00:59:30.397048865 +0900 -@@ -12,6 +12,8 @@ - -e s!\@ID\@!"@ID@"!g \ - -e s!\@CAT\@!"@CAT@"!g \ - -e s!\@SED\@!"@SED@"!g \ -+ -e s!\@PKCS11USER\@!"@PKCS11USER@"!g \ -+ -e s!\@PKCS11GROUP\@!"@PKCS11GROUP@"!g \ - -e s!\@GROUPADD\@!"@GROUPADD@"!g \ - -e s!\@USERMOD\@!"@USERMOD@"!g < $< > $@-t - @CHMOD@ +x $@-t diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcs11_startup-pkcs11_startup.in b/security/opencryptoki/files/patch-usr-sbin-pkcs11_startup-pkcs11_startup.in deleted file mode 100644 index eab5c2b3b78a..000000000000 --- a/security/opencryptoki/files/patch-usr-sbin-pkcs11_startup-pkcs11_startup.in +++ /dev/null @@ -1,41 +0,0 @@ ---- usr/sbin/pkcs11_startup/pkcs11_startup.in.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/sbin/pkcs11_startup/pkcs11_startup.in 2010-10-22 00:57:35.508983672 +0900 -@@ -1,4 +1,4 @@ --#!/bin/bash -+#!/bin/sh - - # - # -@@ -310,29 +310,20 @@ - - - # Create the pkcs11 group if it does not exist... --cat /etc/group|grep pkcs11 >/dev/null 2>&1 -+cat /etc/group|grep @PKCS11GROUP@ >/dev/null 2>&1 - rc=$? - if [ $rc = 1 ] - then - if [ -x @GROUPADD@ ] - then -- @GROUPADD@ pkcs11 >/dev/null 2>&1 -+ @GROUPADD@ @PKCS11GROUP@ >/dev/null 2>&1 - - else -- echo "Couldn't execute @GROUPADD@. Please add the group 'pkcs11' manually." -+ echo "Couldn't execute @GROUPADD@. Please add the group '@PKCS11GROUP@' manually." - fi - fi - - --if [ -x @USERMOD@ -a -x @ID@ ] --then -- # add the pkcs group -- # replace spaces by commas -- @USERMOD@ -G $( @ID@ --groups --name root | @SED@ -e 'y/ /,/'),pkcs11 root --else -- echo "Couldn't execute @USERMOD@. Please add root to the group 'pkcs11' manually." --fi -- - - # For each card run the status command and if successful - # create the odm stanza for the file diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcs_slot-pkcs_slot.in b/security/opencryptoki/files/patch-usr-sbin-pkcs_slot-pkcs_slot.in deleted file mode 100644 index 92446a0b6353..000000000000 --- a/security/opencryptoki/files/patch-usr-sbin-pkcs_slot-pkcs_slot.in +++ /dev/null @@ -1,142 +0,0 @@ ---- usr/sbin/pkcs_slot/pkcs_slot.in.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/sbin/pkcs_slot/pkcs_slot.in 2010-10-22 00:42:38.286985256 +0900 -@@ -1,4 +1,4 @@ --#!/bin/bash -+#!/bin/sh - - # - # -@@ -360,7 +360,7 @@ - if [ ! -d @localstatedir@/lib/opencryptoki ] - then - @MKDIR_P@ @localstatedir@/lib/opencryptoki -- @CHGRP@ pkcs11 @localstatedir@/lib/opencryptoki -+ @CHGRP@ @PKCS11GROUP@ @localstatedir@/lib/opencryptoki - @CHMOD@ -R g+rwX @localstatedir@/lib/opencryptoki - fi - -@@ -372,9 +372,9 @@ - if [ $? -ne 0 ] - then - mkdir $SOFT_DIR -- @CHGRP@ pkcs11 $SOFT_DIR -+ @CHGRP@ @PKCS11GROUP@ $SOFT_DIR - mkdir "$SOFT_DIR"/TOK_OBJ -- @CHGRP@ pkcs11 "$SOFT_DIR"/TOK_OBJ -+ @CHGRP@ @PKCS11GROUP@ "$SOFT_DIR"/TOK_OBJ - fi - SYS_SLOT="Soft" - fi -@@ -386,7 +386,7 @@ - if [ $? -ne 0 ] - then - mkdir $TPM_DIR -- @CHGRP@ pkcs11 $TPM_DIR -+ @CHGRP@ @PKCS11GROUP@ $TPM_DIR - fi - SYS_SLOT="TPM" - fi -@@ -397,7 +397,7 @@ - if [ $? -ne 0 ] - then - mkdir $CCA_DIR -- @CHGRP@ pkcs11 $CCA_DIR -+ @CHGRP@ @PKCS11GROUP@ $CCA_DIR - mkdir "$CCA_DIR"/TOK_OBJ - @CHGRP@ pkcs11 "$CCA_DIR"/TOK_OBJ - fi -@@ -406,7 +406,7 @@ - - # If we are using a shallow device, make sure that the directory - # to store token objects is available, if not create it and change --# the ownership to the pkcs11 group -+# the ownership to the @PKCS11GROUP@ group - - - if [ $DEPTH = "ica" ] -@@ -415,9 +415,9 @@ - if [ $? -ne 0 ] - then - mkdir $ICA_DIR -- @CHGRP@ pkcs11 $ICA_DIR -+ @CHGRP@ @PKCS11GROUP@ $ICA_DIR - mkdir "$ICA_DIR"/TOK_OBJ -- @CHGRP@ pkcs11 "$ICA_DIR"/TOK_OBJ -+ @CHGRP@ @PKCS11GROUP@ "$ICA_DIR"/TOK_OBJ - fi - SYS_SLOT="ICA" - fi -@@ -428,9 +428,9 @@ - if [ $? -ne 0 ] - then - mkdir $BCOM_DIR -- @CHGRP@ pkcs11 $BCOM_DIR -+ @CHGRP@ @PKCS11GROUP@ $BCOM_DIR - mkdir "$BCOM_DIR"/TOK_OBJ -- @CHGRP@ pkcs11 "$BCOM_DIR"/TOK_OBJ -+ @CHGRP@ @PKCS11GROUP@ "$BCOM_DIR"/TOK_OBJ - fi - SYS_SLOT="BCOM" - fi -@@ -441,9 +441,9 @@ - if [ $? -ne 0 ] - then - mkdir $AEP_DIR -- @CHGRP@ pkcs11 $AEP_DIR -+ @CHGRP@ @PKCS11GROUP@ $AEP_DIR - mkdir "$AEP_DIR"/TOK_OBJ -- @CHGRP@ pkcs11 "$AEP_DIR"/TOK_OBJ -+ @CHGRP@ @PKCS11GROUP@ "$AEP_DIR"/TOK_OBJ - fi - SYS_SLOT="AEP" - fi -@@ -454,9 +454,9 @@ - if [ $? -ne 0 ] - then - mkdir $CR_DIR -- @CHGRP@ pkcs11 $CR_DIR -+ @CHGRP@ @PKCS11GROUP@ $CR_DIR - mkdir "$CR_DIR"/TOK_OBJ -- @CHGRP@ pkcs11 "$CR_DIR"/TOK_OBJ -+ @CHGRP@ @PKCS11GROUP@ "$CR_DIR"/TOK_OBJ - fi - SYS_SLOT="CRNT" - fi -@@ -477,29 +477,29 @@ - - if [ $DEPTH = "deep" ] - then --echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|$DEVICE|$DEEP4758_DLL_FN|$DEEP4758_INIT" >>$CFGFILE -+echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|$DEVICE|$DEEP4758_DLL|$DEEP4758_INIT" >>$CFGFILE - - elif [ $DEPTH = "ica" ] - then --echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$ICA_DLL_FN|$ICA_INIT" >>$CFGFILE -+echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$ICA_DLL|$ICA_INIT" >>$CFGFILE - elif [ $DEPTH = "bcom" ] - then --echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$BCOM_DLL_FN|$BCOM_INIT" >>$CFGFILE -+echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$BCOM_DLL|$BCOM_INIT" >>$CFGFILE - elif [ $DEPTH = "aep" ] - then --echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$AEP_DLL_FN|$AEP_INIT" >>$CFGFILE -+echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$AEP_DLL|$AEP_INIT" >>$CFGFILE - elif [ $DEPTH = "cr" ] - then --echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$CR_DLL_FN|$CR_INIT" >>$CFGFILE -+echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$CR_DLL|$CR_INIT" >>$CFGFILE - elif [ $DEPTH = "soft" ] - then --echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|FALSE|0|0|1|1|NONE|$SOFT_DLL_FN|$SOFT_INIT" >>$CFGFILE -+echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|FALSE|0|0|1|1|NONE|$SOFT_DLL|$SOFT_INIT" >>$CFGFILE - elif [ $DEPTH = "tpm" ] - then --echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$TPM_DLL_FN|$TPM_INIT" >>$CFGFILE -+echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$TPM_DLL|$TPM_INIT" >>$CFGFILE - elif [ $DEPTH = "cca" ] - then --echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$CCA_DLL_FN|$CCA_INIT" >>$CFGFILE -+echo "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$CCA_DLL|$CCA_INIT" >>$CFGFILE - fi - - @CHMOD@ -R g+wrX @localstatedir@/lib/opencryptoki diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsconf-Makefile.am b/security/opencryptoki/files/patch-usr-sbin-pkcsconf-Makefile.am index 6e61e87c04b0..0d7f5edc9649 100644 --- a/security/opencryptoki/files/patch-usr-sbin-pkcsconf-Makefile.am +++ b/security/opencryptoki/files/patch-usr-sbin-pkcsconf-Makefile.am @@ -1,5 +1,5 @@ ---- usr/sbin/pkcsconf/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/sbin/pkcsconf/Makefile.am 2010-10-20 00:46:34.600985372 +0900 +--- usr/sbin/pkcsconf/Makefile.am.orig 2016-04-29 17:26:46 UTC ++++ usr/sbin/pkcsconf/Makefile.am @@ -1,6 +1,6 @@ sbin_PROGRAMS=pkcsconf @@ -7,4 +7,4 @@ +pkcsconf_LDFLAGS = -lpthread # Not all versions of automake observe sbinname_CFLAGS - pkcsconf_CFLAGS = -DSPINXPL -D_THREAD_SAFE -DDEBUG -DDEV -DAPI + pkcsconf_CFLAGS = -D_THREAD_SAFE -DDEBUG -DDEV -DAPI diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c b/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c index 31aef7224424..905d60314b7f 100644 --- a/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c +++ b/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c @@ -1,11 +1,11 @@ ---- usr/sbin/pkcsconf/pkcsconf.c.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/sbin/pkcsconf/pkcsconf.c 2010-10-20 00:47:46.462984231 +0900 -@@ -654,6 +654,8 @@ - free (newpin2); - } +--- usr/sbin/pkcsconf/pkcsconf.c.orig 2016-04-29 17:26:46 UTC ++++ usr/sbin/pkcsconf/pkcsconf.c +@@ -777,6 +777,8 @@ display_pkcs11_info(void){ + printf("\tLibrary Version %d.%d \n", CryptokiInfo.libraryVersion.major, + CryptokiInfo.libraryVersion.minor); + cleanup(); + return rc; - } + diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-err.c b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-err.c deleted file mode 100644 index 1ef0ba153f20..000000000000 --- a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-err.c +++ /dev/null @@ -1,107 +0,0 @@ ---- usr/sbin/pkcsslotd/err.c.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/sbin/pkcsslotd/err.c 2010-10-20 01:17:17.245985003 +0900 -@@ -288,6 +288,7 @@ - - /* (C) COPYRIGHT International Business Machines Corp. 2001 */ - -+#include <signal.h> - - #include "pthread.h" - -@@ -331,14 +332,30 @@ - CONSTINFO(ERANGE), - CONSTINFO(ENOMSG), - CONSTINFO(EIDRM), -+#ifdef ECHRNG - CONSTINFO(ECHRNG), -+#endif -+#ifdef EL2NSYNC - CONSTINFO(EL2NSYNC), -+#endif -+#ifdef EL3HLT - CONSTINFO(EL3HLT), -+#endif -+#ifdef EL3RST - CONSTINFO(EL3RST), -+#endif -+#ifdef ELNRNG - CONSTINFO(ELNRNG), -+#endif -+#ifdef EUNATCH - CONSTINFO(EUNATCH), -+#endif -+#ifdef ENOCSI - CONSTINFO(ENOCSI), -+#endif -+#ifdef EL2HLT - CONSTINFO(EL2HLT), -+#endif - CONSTINFO(EDEADLK), - CONSTINFO(ESTALE), - CONSTINFO(EWOULDBLOCK), -@@ -369,7 +386,9 @@ - CONSTINFO(ECONNREFUSED), - CONSTINFO(EHOSTDOWN), - CONSTINFO(EHOSTUNREACH), -+#ifdef ERESTART - CONSTINFO(ERESTART), -+#endif - CONSTINFO(EUSERS), - CONSTINFO(ELOOP), - CONSTINFO(ENAMETOOLONG), -@@ -380,16 +399,34 @@ - CONSTINFO(ETOOMANYREFS), - CONSTINFO(EILSEQ), - CONSTINFO(ECANCELED), -+#ifdef ENOSR - CONSTINFO(ENOSR), -+#endif -+#ifdef ETIME - CONSTINFO(ETIME), -+#endif -+#ifdef EBADMSG - CONSTINFO(EBADMSG), -+#endif -+#ifdef EPROTO - CONSTINFO(EPROTO), -+#endif -+#ifdef ENODATA - CONSTINFO(ENODATA), -+#endif -+#ifdef ENOSTR - CONSTINFO(ENOSTR), -+#endif - CONSTINFO(ENOTSUP), -+#ifdef EMULTIHOP - CONSTINFO(EMULTIHOP), -+#endif -+#ifdef ENOLINK - CONSTINFO(ENOLINK), -+#endif -+#ifdef EOVERFLOW - CONSTINFO(EOVERFLOW), -+#endif - - }; - -@@ -424,14 +461,20 @@ - CONSTINFO(SIGXCPU), - CONSTINFO(SIGXFSZ), - CONSTINFO(SIGWINCH), -+#ifdef SIGPWR - CONSTINFO(SIGPWR), -+#endif - CONSTINFO(SIGUSR1), - CONSTINFO(SIGUSR2), - CONSTINFO(SIGPROF), - CONSTINFO(SIGVTALRM), - CONSTINFO(SIGIOT), -+#ifdef SIGCLD - CONSTINFO(SIGCLD), -+#endif -+#ifdef SIGPOLL - CONSTINFO(SIGPOLL), -+#endif - #if 0 - CONSTINFO(SIG_DFL), - CONSTINFO(SIG_IGN), diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-log.h b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-log.h new file mode 100644 index 000000000000..1f072780121a --- /dev/null +++ b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-log.h @@ -0,0 +1,14 @@ +--- usr/sbin/pkcsslotd/log.h.orig 2016-04-29 17:26:46 UTC ++++ usr/sbin/pkcsslotd/log.h +@@ -297,9 +297,8 @@ + #ifndef _LOG_H + #define _LOG_H 1 + +- +- +- ++#include <sys/types.h> ++#include <unistd.h> + + #ifndef FALSE + #define FALSE 0 diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-mutex.c b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-mutex.c index 412566aa9422..6169b34024d4 100644 --- a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-mutex.c +++ b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-mutex.c @@ -1,17 +1,20 @@ ---- usr/sbin/pkcsslotd/mutex.c.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/sbin/pkcsslotd/mutex.c 2010-12-19 12:13:34.837579374 +0900 -@@ -293,6 +293,26 @@ - - #include "pkcsslotd.h" +--- usr/sbin/pkcsslotd/mutex.c.orig 2016-04-29 17:26:46 UTC ++++ usr/sbin/pkcsslotd/mutex.c +@@ -281,10 +281,28 @@ + legal action under this Agreement more than one year after + the cause of action arose. Each party waives its rights to + a jury trial in any resulting litigation. ++*/ +#include <fcntl.h> -+ + +#ifdef __sun +#define LOCK_EX F_LOCK +#define LOCK_UN F_ULOCK +#define flock(fd, func) lockf(fd, func, 0) +#endif -+ + +-*/ +#ifndef LOCK_SH +#define LOCK_SH 1 /* shared lock */ +#endif @@ -25,28 +28,14 @@ +#define LOCK_UN 8 /* unlock */ +#endif - #if SYSVSEM - #error "Caveat Emptor... this does not work" -@@ -315,7 +335,7 @@ - #include <sys/types.h> - #include <sys/stat.h> - #include <fcntl.h> --#include <sys/file.h> -+#include <grp.h> - static int xplfd=-1; - #endif + /* (C) COPYRIGHT International Business Machines Corp. 2001 */ -@@ -349,6 +369,13 @@ - #elif (SPINXPL) - - xplfd = open (XPL_FILE,O_CREAT|O_RDWR,S_IRWXU|S_IRWXG|S_IRWXO); -+ { -+ struct group *grp; -+ fchmod(xplfd,S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH); -+ grp = getgrnam(PKCS11GROUP); -+ if (grp) -+ fchown(xplfd,getuid(),grp->gr_gid); -+ } +@@ -323,7 +341,7 @@ CreateXProcLock(void) + goto error; + } - #elif (SYSVSEM) - #error "Caveat Emptor... this does not work" +- grp = getgrnam("pkcs11"); ++ grp = getgrnam(PKCS11GROUP); + if (grp != NULL) { + if (fchown(xplfd,-1,grp->gr_gid) == -1) { + DbgLog(DL0,"%s:fchown(%s):%s\n", diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-pkcsslotd.h b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-pkcsslotd.h index 024873633a1c..d3649cc6044b 100644 --- a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-pkcsslotd.h +++ b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-pkcsslotd.h @@ -1,11 +1,12 @@ ---- usr/sbin/pkcsslotd/pkcsslotd.h.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/sbin/pkcsslotd/pkcsslotd.h 2010-10-20 01:20:18.253984238 +0900 -@@ -353,7 +353,7 @@ - #include <nl_types.h> +--- usr/sbin/pkcsslotd/pkcsslotd.h.orig 2016-04-29 17:26:46 UTC ++++ usr/sbin/pkcsslotd/pkcsslotd.h +@@ -305,6 +305,9 @@ + #ifndef _PKCSSLOTMGR_H + #define _PKCSSLOTMGR_H 1 - #include <sys/ipc.h> --#include <linux/limits.h> -+#include <limits.h> - #include <sys/shm.h> - #include <sys/stat.h> - #include <sys/types.h> ++#include <sys/types.h> ++#include <sys/ipc.h> ++ + /*********** + * Defines * + ***********/ diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-shmem.c b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-shmem.c index 973c25b76436..252ebdee2f31 100644 --- a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-shmem.c +++ b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-shmem.c @@ -1,6 +1,6 @@ ---- usr/sbin/pkcsslotd/shmem.c.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/sbin/pkcsslotd/shmem.c 2010-10-20 01:23:03.203984101 +0900 -@@ -338,9 +338,9 @@ +--- usr/sbin/pkcsslotd/shmem.c.orig 2016-04-29 17:26:46 UTC ++++ usr/sbin/pkcsslotd/shmem.c +@@ -336,9 +336,9 @@ int CreateSharedMemory ( void ) { } // SAB Get the group information for the PKCS#11 group... fail if // it does not exist @@ -12,7 +12,7 @@ return FALSE; // Group does not exist... setup is wrong.. } -@@ -409,9 +409,9 @@ +@@ -415,9 +415,9 @@ int CreateSharedMemory ( void ) { int i; char *buffer; @@ -24,7 +24,7 @@ SBIN_PATH); return FALSE; // Group does not exist... setup is wrong.. } -@@ -431,7 +431,7 @@ +@@ -437,7 +437,7 @@ int CreateSharedMemory ( void ) { return FALSE; } if (fchown(fd, 0, grp->gr_gid) == -1) { diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-socket_server.c b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-socket_server.c new file mode 100644 index 000000000000..56d3acc14595 --- /dev/null +++ b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-socket_server.c @@ -0,0 +1,11 @@ +--- usr/sbin/pkcsslotd/socket_server.c.orig 2016-04-29 17:26:46 UTC ++++ usr/sbin/pkcsslotd/socket_server.c +@@ -337,7 +337,7 @@ int CreateListenerSocket (void) { + + // make socket file part of the pkcs11 group, and write accessable + // for that group +- grp = getgrnam("pkcs11"); ++ grp = getgrnam(PKCS11GROUP); + if (!grp) { + ErrLog("Group PKCS#11 does not exist"); + DetachSocketListener(socketfd); diff --git a/security/opencryptoki/files/pkcsslotd.in b/security/opencryptoki/files/pkcsslotd.in index 6da0156a11e5..159fa36dfa90 100644 --- a/security/opencryptoki/files/pkcsslotd.in +++ b/security/opencryptoki/files/pkcsslotd.in @@ -16,18 +16,19 @@ . /etc/rc.subr name=pkcsslotd -rcvar=pkcsslotd_enable -command=%%PREFIX%%/sbin/${name} +rcvar=${name}_enable +command="%%PREFIX%%/sbin/$name" start_precmd=${name}_prestart pkcsslotd_prestart () { - [ -f /var/lib/opencryptoki/pk_config_data ] || \ - %%PREFIX%%/sbin/pkcs11_startup + install -d -o %%USERS%% -g %%GROUPS%% -m 0755 \ + /var/run/opencryptoki/swtok \ + /var/run/opencryptoki/tpm } -load_rc_config ${name} +load_rc_config $name -: pkcsslotd_enable=${pkcsslotd_enable-"NO"} +: ${pkcsslotd_enable="NO"} run_rc_command "$1" diff --git a/security/opencryptoki/pkg-plist b/security/opencryptoki/pkg-plist index 06f5af1f40c8..9244ac756430 100644 --- a/security/opencryptoki/pkg-plist +++ b/security/opencryptoki/pkg-plist @@ -1,3 +1,4 @@ +@sample etc/opencryptoki/opencryptoki.conf.sample include/opencryptoki/apiclient.h include/opencryptoki/pkcs11.h include/opencryptoki/pkcs11types.h @@ -7,10 +8,10 @@ lib/opencryptoki/libopencryptoki.so.0 lib/opencryptoki/libopencryptoki.so.0.0.0 lib/opencryptoki/methods lib/opencryptoki/stdll/PKCS11_SW.so +lib/opencryptoki/stdll/PKCS11_TPM.so lib/opencryptoki/stdll/libpkcs11_sw.so lib/opencryptoki/stdll/libpkcs11_sw.so.0 lib/opencryptoki/stdll/libpkcs11_sw.so.0.0.0 -lib/opencryptoki/stdll/PKCS11_TPM.so lib/opencryptoki/stdll/libpkcs11_tpm.so lib/opencryptoki/stdll/libpkcs11_tpm.so.0 lib/opencryptoki/stdll/libpkcs11_tpm.so.0.0.0 @@ -18,16 +19,18 @@ lib/pkcs11/PKCS11_API.so lib/pkcs11/libopencryptoki.so lib/pkcs11/methods lib/pkcs11/stdll -sbin/pkcs11_startup -sbin/pkcs_slot -sbin/pkcsconf -sbin/pkcsslotd -man/man1/pkcs11_startup.1.gz +man/man1/pkcscca.1.gz man/man1/pkcsconf.1.gz -man/man5/pk_config_data.5.gz +man/man1/pkcsep11_migrate.1.gz +man/man1/pkcsicsf.1.gz +man/man5/opencryptoki.conf.5.gz man/man7/opencryptoki.7.gz man/man8/pkcsslotd.8.gz -@dir(_pkcs11,_pkcs11,700) /var/lib/opencryptoki/swtok -@dir(_pkcs11,_pkcs11,700) /var/lib/opencryptoki/tpm -@dir(_pkcs11,_pkcs11,700) /var/lib/opencryptoki +sbin/pkcsconf +sbin/pkcsslotd +@dir(%%USERS%%,%%GROUPS%%,700) /var/lib/opencryptoki/swtok/TOK_OBJ +@dir(%%USERS%%,%%GROUPS%%,700) /var/lib/opencryptoki/swtok +@dir(%%USERS%%,%%GROUPS%%,700) /var/lib/opencryptoki/tpm +@dir(%%USERS%%,%%GROUPS%%,700) /var/lib/opencryptoki @dir /var/lib +@dir /var/log/opencryptoki |