From 957013f5b811a32f8c0780d62841a2eb109b416c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jason=20=E3=83=86=E3=82=A3=E3=83=93=E3=83=84?= Date: Sun, 12 Jul 2009 16:59:00 +0000 Subject: [PATCH 01/51] Setup of module pkcs11-helper --- .cvsignore | 0 Makefile | 21 +++++++++++++++++++++ sources | 0 3 files changed, 21 insertions(+) create mode 100644 .cvsignore create mode 100644 Makefile create mode 100644 sources diff --git a/.cvsignore b/.cvsignore new file mode 100644 index 0000000..e69de29 diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..c24da93 --- /dev/null +++ b/Makefile @@ -0,0 +1,21 @@ +# Makefile for source rpm: pkcs11-helper +# $Id$ +NAME := pkcs11-helper +SPECFILE = $(firstword $(wildcard *.spec)) + +define find-makefile-common +for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done +endef + +MAKEFILE_COMMON := $(shell $(find-makefile-common)) + +ifeq ($(MAKEFILE_COMMON),) +# attept a checkout +define checkout-makefile-common +test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2 +endef + +MAKEFILE_COMMON := $(shell $(checkout-makefile-common)) +endif + +include $(MAKEFILE_COMMON) diff --git a/sources b/sources new file mode 100644 index 0000000..e69de29 From 2e809c117cbfd601505e24a8739c5db05f45fb26 Mon Sep 17 00:00:00 2001 From: Kalev Lember Date: Sun, 12 Jul 2009 21:00:38 +0000 Subject: [PATCH 02/51] Initial import. --- .cvsignore | 1 + import.log | 1 + pkcs11-helper.spec | 90 ++++++++++++++++++++++++++++++++++++++++++++++ sources | 1 + 4 files changed, 93 insertions(+) create mode 100644 import.log create mode 100644 pkcs11-helper.spec diff --git a/.cvsignore b/.cvsignore index e69de29..e435766 100644 --- a/.cvsignore +++ b/.cvsignore @@ -0,0 +1 @@ +pkcs11-helper-1.07.tar.bz2 diff --git a/import.log b/import.log new file mode 100644 index 0000000..4e7c637 --- /dev/null +++ b/import.log @@ -0,0 +1 @@ +pkcs11-helper-1_07-2_fc12:HEAD:pkcs11-helper-1.07-2.fc12.src.rpm:1247432394 diff --git a/pkcs11-helper.spec b/pkcs11-helper.spec new file mode 100644 index 0000000..42b2ad7 --- /dev/null +++ b/pkcs11-helper.spec @@ -0,0 +1,90 @@ +Name: pkcs11-helper +Version: 1.07 +Release: 2%{?dist} +Summary: A library for using PKCS#11 providers + +Group: Development/Libraries +License: GPLv2 or BSD +URL: http://www.opensc-project.org/pkcs11-helper/ +Source0: http://www.opensc-project.org/files/%{name}/%{name}-%{version}.tar.bz2 +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) + +BuildRequires: doxygen graphviz +BuildRequires: openssl-devel + +%description +pkcs11-helper is a library that simplifies the interaction with PKCS#11 +providers for end-user applications using a simple API and optional OpenSSL +engine. The library allows using multiple PKCS#11 providers at the same time, +enumerating available token certificates, or selecting a certificate directly +by serialized id, handling card removal and card insert events, handling card +re-insert to a different slot, supporting session expiration and much more all +using a simple API. + +%package devel +Summary: Development files for pkcs11-helper +Group: Development/Libraries +Requires: %{name} = %{version}-%{release} +Requires: openssl-devel +Requires: pkgconfig +# for /usr/share/aclocal +Requires: automake + +%description devel +This package contains header files and documentation necessary for developing +programs using the pkcs11-helper library. + + +%prep +%setup -q + + +%build +%configure --disable-static --enable-doc +make %{?_smp_mflags} + + +%install +rm -rf $RPM_BUILD_ROOT +make install DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" + +# Use %%doc to install documentation in a standard location +mkdir apidocdir +mv $RPM_BUILD_ROOT%{_datadir}/doc/%{name}/api/ apidocdir/ +rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/%{name}/ + +# Remove libtool .la files +rm -f $RPM_BUILD_ROOT%{_libdir}/*.la + + +%clean +rm -rf $RPM_BUILD_ROOT + + +%post -p /sbin/ldconfig + +%postun -p /sbin/ldconfig + + +%files +%defattr(-,root,root,-) +%doc AUTHORS ChangeLog COPYING* README THANKS +%{_libdir}/libpkcs11-helper.so.* + + +%files devel +%defattr(-,root,root,-) +%doc apidocdir/* +%{_includedir}/pkcs11-helper-1.0/ +%{_libdir}/libpkcs11-helper.so +%{_libdir}/pkgconfig/libpkcs11-helper-1.pc +%{_datadir}/aclocal/pkcs11-helper-1.m4 +%{_mandir}/man8/pkcs11-helper-1.8* + + +%changelog +* Sat Jul 11 2009 Kalev Lember - 1.07-2 +- Make devel package depend on automake for /usr/share/aclocal + +* Tue Jun 23 2009 Kalev Lember - 1.07-1 +- Initial RPM release. diff --git a/sources b/sources index e69de29..5f2fd24 100644 --- a/sources +++ b/sources @@ -0,0 +1 @@ +d0034481a39af9e840702246e2ffa43e pkcs11-helper-1.07.tar.bz2 From c74f73d320a3bdaefe7ed75070eec5b786fe05c0 Mon Sep 17 00:00:00 2001 From: Jesse Keating Date: Sun, 26 Jul 2009 18:51:08 +0000 Subject: [PATCH 03/51] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild --- pkcs11-helper.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkcs11-helper.spec b/pkcs11-helper.spec index 42b2ad7..874dd34 100644 --- a/pkcs11-helper.spec +++ b/pkcs11-helper.spec @@ -1,6 +1,6 @@ Name: pkcs11-helper Version: 1.07 -Release: 2%{?dist} +Release: 3%{?dist} Summary: A library for using PKCS#11 providers Group: Development/Libraries @@ -83,6 +83,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Sun Jul 26 2009 Fedora Release Engineering - 1.07-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + * Sat Jul 11 2009 Kalev Lember - 1.07-2 - Make devel package depend on automake for /usr/share/aclocal From 857fd4b0c07b93df6875444c9971b3b14ff89cc1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Mr=C3=A1z?= Date: Fri, 21 Aug 2009 15:24:36 +0000 Subject: [PATCH 04/51] - rebuilt with new openssl --- pkcs11-helper.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkcs11-helper.spec b/pkcs11-helper.spec index 874dd34..813d7c1 100644 --- a/pkcs11-helper.spec +++ b/pkcs11-helper.spec @@ -1,6 +1,6 @@ Name: pkcs11-helper Version: 1.07 -Release: 3%{?dist} +Release: 4%{?dist} Summary: A library for using PKCS#11 providers Group: Development/Libraries @@ -83,6 +83,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Fri Aug 21 2009 Tomas Mraz - 1.07-4 +- rebuilt with new openssl + * Sun Jul 26 2009 Fedora Release Engineering - 1.07-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild From 66d24ef3f68d0b9c3a58e636e2ac9b16afc306f4 Mon Sep 17 00:00:00 2001 From: Bill Nottingham Date: Wed, 25 Nov 2009 23:31:39 +0000 Subject: [PATCH 05/51] Fix typo that causes a failure to update the common directory. (releng #2781) --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index c24da93..aba927b 100644 --- a/Makefile +++ b/Makefile @@ -1,10 +1,10 @@ # Makefile for source rpm: pkcs11-helper -# $Id$ +# $Id: Makefile,v 1.1 2009/07/12 16:59:00 tibbs Exp $ NAME := pkcs11-helper SPECFILE = $(firstword $(wildcard *.spec)) define find-makefile-common -for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done +for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done endef MAKEFILE_COMMON := $(shell $(find-makefile-common)) From 4771e98a053ab77a3c662a6d056a8c48f71db0ba Mon Sep 17 00:00:00 2001 From: Kalev Lember Date: Thu, 1 Jul 2010 08:58:31 +0000 Subject: [PATCH 06/51] - use System Environment/Libraries group for main package - removed R: pkgconfig from devel subpackage --- import.log | 1 - pkcs11-helper.spec | 9 ++++++--- 2 files changed, 6 insertions(+), 4 deletions(-) delete mode 100644 import.log diff --git a/import.log b/import.log deleted file mode 100644 index 4e7c637..0000000 --- a/import.log +++ /dev/null @@ -1 +0,0 @@ -pkcs11-helper-1_07-2_fc12:HEAD:pkcs11-helper-1.07-2.fc12.src.rpm:1247432394 diff --git a/pkcs11-helper.spec b/pkcs11-helper.spec index 813d7c1..f7dbc41 100644 --- a/pkcs11-helper.spec +++ b/pkcs11-helper.spec @@ -1,9 +1,9 @@ Name: pkcs11-helper Version: 1.07 -Release: 4%{?dist} +Release: 5%{?dist} Summary: A library for using PKCS#11 providers -Group: Development/Libraries +Group: System Environment/Libraries License: GPLv2 or BSD URL: http://www.opensc-project.org/pkcs11-helper/ Source0: http://www.opensc-project.org/files/%{name}/%{name}-%{version}.tar.bz2 @@ -26,7 +26,6 @@ Summary: Development files for pkcs11-helper Group: Development/Libraries Requires: %{name} = %{version}-%{release} Requires: openssl-devel -Requires: pkgconfig # for /usr/share/aclocal Requires: automake @@ -83,6 +82,10 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Thu Jul 01 2010 Kalev Lember - 1.07-5 +- use System Environment/Libraries group for main package +- removed R: pkgconfig from devel subpackage + * Fri Aug 21 2009 Tomas Mraz - 1.07-4 - rebuilt with new openssl From a68042b5af814977555056bc4873ed953544a8eb Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 29 Jul 2010 09:23:00 +0000 Subject: [PATCH 07/51] dist-git conversion --- .cvsignore => .gitignore | 0 Makefile | 21 --------------------- 2 files changed, 21 deletions(-) rename .cvsignore => .gitignore (100%) delete mode 100644 Makefile diff --git a/.cvsignore b/.gitignore similarity index 100% rename from .cvsignore rename to .gitignore diff --git a/Makefile b/Makefile deleted file mode 100644 index aba927b..0000000 --- a/Makefile +++ /dev/null @@ -1,21 +0,0 @@ -# Makefile for source rpm: pkcs11-helper -# $Id: Makefile,v 1.1 2009/07/12 16:59:00 tibbs Exp $ -NAME := pkcs11-helper -SPECFILE = $(firstword $(wildcard *.spec)) - -define find-makefile-common -for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done -endef - -MAKEFILE_COMMON := $(shell $(find-makefile-common)) - -ifeq ($(MAKEFILE_COMMON),) -# attept a checkout -define checkout-makefile-common -test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2 -endef - -MAKEFILE_COMMON := $(shell $(checkout-makefile-common)) -endif - -include $(MAKEFILE_COMMON) From 68f5a9c412faab55efbdd5c2aa1977dbf214c168 Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Wed, 9 Feb 2011 08:46:53 -0600 Subject: [PATCH 08/51] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild --- pkcs11-helper.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkcs11-helper.spec b/pkcs11-helper.spec index f7dbc41..4fcb857 100644 --- a/pkcs11-helper.spec +++ b/pkcs11-helper.spec @@ -1,6 +1,6 @@ Name: pkcs11-helper Version: 1.07 -Release: 5%{?dist} +Release: 6%{?dist} Summary: A library for using PKCS#11 providers Group: System Environment/Libraries @@ -82,6 +82,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Wed Feb 09 2011 Fedora Release Engineering - 1.07-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + * Thu Jul 01 2010 Kalev Lember - 1.07-5 - use System Environment/Libraries group for main package - removed R: pkgconfig from devel subpackage From ed87f572b1958fb3f9eb72068cf99cb653b405b2 Mon Sep 17 00:00:00 2001 From: Kalev Lember Date: Sun, 19 Jun 2011 14:26:03 +0300 Subject: [PATCH 09/51] Update to 1.08 --- .gitignore | 1 + pkcs11-helper.spec | 9 ++++++--- sources | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index e435766..bbf6e86 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ pkcs11-helper-1.07.tar.bz2 +/pkcs11-helper-1.08.tar.bz2 diff --git a/pkcs11-helper.spec b/pkcs11-helper.spec index 4fcb857..dc42ad0 100644 --- a/pkcs11-helper.spec +++ b/pkcs11-helper.spec @@ -1,11 +1,11 @@ Name: pkcs11-helper -Version: 1.07 -Release: 6%{?dist} +Version: 1.08 +Release: 1%{?dist} Summary: A library for using PKCS#11 providers Group: System Environment/Libraries License: GPLv2 or BSD -URL: http://www.opensc-project.org/pkcs11-helper/ +URL: http://www.opensc-project.org/opensc/wiki/pkcs11-helper Source0: http://www.opensc-project.org/files/%{name}/%{name}-%{version}.tar.bz2 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -82,6 +82,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Sun Jun 19 2011 Kalev Lember - 1.08-1 +- Update to 1.08 + * Wed Feb 09 2011 Fedora Release Engineering - 1.07-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild diff --git a/sources b/sources index 5f2fd24..0927bcc 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -d0034481a39af9e840702246e2ffa43e pkcs11-helper-1.07.tar.bz2 +3ef571961c7f2ebf1f4b1230f36a524f pkcs11-helper-1.08.tar.bz2 From 24ccce2c75588d0d4235a5c5dd1dd97ef3bf53ef Mon Sep 17 00:00:00 2001 From: Kalev Lember Date: Sun, 19 Jun 2011 14:28:18 +0300 Subject: [PATCH 10/51] Clean up the spec file for modern rpmbuild --- pkcs11-helper.spec | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/pkcs11-helper.spec b/pkcs11-helper.spec index dc42ad0..32670fd 100644 --- a/pkcs11-helper.spec +++ b/pkcs11-helper.spec @@ -7,7 +7,6 @@ Group: System Environment/Libraries License: GPLv2 or BSD URL: http://www.opensc-project.org/opensc/wiki/pkcs11-helper Source0: http://www.opensc-project.org/files/%{name}/%{name}-%{version}.tar.bz2 -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: doxygen graphviz BuildRequires: openssl-devel @@ -44,7 +43,6 @@ make %{?_smp_mflags} %install -rm -rf $RPM_BUILD_ROOT make install DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" # Use %%doc to install documentation in a standard location @@ -56,23 +54,17 @@ rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/%{name}/ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la -%clean -rm -rf $RPM_BUILD_ROOT - - %post -p /sbin/ldconfig %postun -p /sbin/ldconfig %files -%defattr(-,root,root,-) %doc AUTHORS ChangeLog COPYING* README THANKS %{_libdir}/libpkcs11-helper.so.* %files devel -%defattr(-,root,root,-) %doc apidocdir/* %{_includedir}/pkcs11-helper-1.0/ %{_libdir}/libpkcs11-helper.so @@ -84,6 +76,7 @@ rm -rf $RPM_BUILD_ROOT %changelog * Sun Jun 19 2011 Kalev Lember - 1.08-1 - Update to 1.08 +- Clean up the spec file for modern rpmbuild * Wed Feb 09 2011 Fedora Release Engineering - 1.07-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild From b5722f2572bc3ceeae86772219510653de5ab699 Mon Sep 17 00:00:00 2001 From: Kalev Lember Date: Wed, 17 Aug 2011 07:24:00 +0300 Subject: [PATCH 11/51] Update to 1.09 --- .gitignore | 1 + pkcs11-helper.spec | 5 ++++- sources | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index bbf6e86..e2134df 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ pkcs11-helper-1.07.tar.bz2 /pkcs11-helper-1.08.tar.bz2 +/pkcs11-helper-1.09.tar.bz2 diff --git a/pkcs11-helper.spec b/pkcs11-helper.spec index 32670fd..83f8938 100644 --- a/pkcs11-helper.spec +++ b/pkcs11-helper.spec @@ -1,5 +1,5 @@ Name: pkcs11-helper -Version: 1.08 +Version: 1.09 Release: 1%{?dist} Summary: A library for using PKCS#11 providers @@ -74,6 +74,9 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la %changelog +* Wed Aug 17 2011 Kalev Lember - 1.09-1 +- Update to 1.09 + * Sun Jun 19 2011 Kalev Lember - 1.08-1 - Update to 1.08 - Clean up the spec file for modern rpmbuild diff --git a/sources b/sources index 0927bcc..45a7841 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -3ef571961c7f2ebf1f4b1230f36a524f pkcs11-helper-1.08.tar.bz2 +88ca59143f1b1d36283cab406f33a3fa pkcs11-helper-1.09.tar.bz2 From fd623055374dc25d49de4e032f7921b66c0c119f Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Fri, 13 Jan 2012 18:58:27 -0600 Subject: [PATCH 12/51] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild --- pkcs11-helper.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkcs11-helper.spec b/pkcs11-helper.spec index 83f8938..357d33c 100644 --- a/pkcs11-helper.spec +++ b/pkcs11-helper.spec @@ -1,6 +1,6 @@ Name: pkcs11-helper Version: 1.09 -Release: 1%{?dist} +Release: 2%{?dist} Summary: A library for using PKCS#11 providers Group: System Environment/Libraries @@ -74,6 +74,9 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la %changelog +* Sat Jan 14 2012 Fedora Release Engineering - 1.09-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + * Wed Aug 17 2011 Kalev Lember - 1.09-1 - Update to 1.09 From cbec3901c69a8a65bb4197e1008d12d3c64cc617 Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Fri, 20 Jul 2012 20:56:40 -0500 Subject: [PATCH 13/51] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild --- pkcs11-helper.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkcs11-helper.spec b/pkcs11-helper.spec index 357d33c..28fe5e1 100644 --- a/pkcs11-helper.spec +++ b/pkcs11-helper.spec @@ -1,6 +1,6 @@ Name: pkcs11-helper Version: 1.09 -Release: 2%{?dist} +Release: 3%{?dist} Summary: A library for using PKCS#11 providers Group: System Environment/Libraries @@ -74,6 +74,9 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la %changelog +* Sat Jul 21 2012 Fedora Release Engineering - 1.09-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + * Sat Jan 14 2012 Fedora Release Engineering - 1.09-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild From ae00a1ceaaef84a23164a99ef1a1ff88e715139d Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Thu, 14 Feb 2013 11:57:50 -0600 Subject: [PATCH 14/51] - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild --- pkcs11-helper.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkcs11-helper.spec b/pkcs11-helper.spec index 28fe5e1..ce64758 100644 --- a/pkcs11-helper.spec +++ b/pkcs11-helper.spec @@ -1,6 +1,6 @@ Name: pkcs11-helper Version: 1.09 -Release: 3%{?dist} +Release: 4%{?dist} Summary: A library for using PKCS#11 providers Group: System Environment/Libraries @@ -74,6 +74,9 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la %changelog +* Thu Feb 14 2013 Fedora Release Engineering - 1.09-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + * Sat Jul 21 2012 Fedora Release Engineering - 1.09-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild From 88283cdcf57a543c1ad28142be53e0ad7742b71e Mon Sep 17 00:00:00 2001 From: Kalev Lember Date: Mon, 1 Apr 2013 23:51:23 +0200 Subject: [PATCH 15/51] Update to 1.10 --- .gitignore | 1 + pkcs11-helper.spec | 9 ++++++--- sources | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index e2134df..f054f18 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ pkcs11-helper-1.07.tar.bz2 /pkcs11-helper-1.08.tar.bz2 /pkcs11-helper-1.09.tar.bz2 +/pkcs11-helper-1.10.tar.bz2 diff --git a/pkcs11-helper.spec b/pkcs11-helper.spec index ce64758..81b6554 100644 --- a/pkcs11-helper.spec +++ b/pkcs11-helper.spec @@ -1,12 +1,12 @@ Name: pkcs11-helper -Version: 1.09 -Release: 4%{?dist} +Version: 1.10 +Release: 1%{?dist} Summary: A library for using PKCS#11 providers Group: System Environment/Libraries License: GPLv2 or BSD URL: http://www.opensc-project.org/opensc/wiki/pkcs11-helper -Source0: http://www.opensc-project.org/files/%{name}/%{name}-%{version}.tar.bz2 +Source0: http://downloads.sourceforge.net/opensc/pkcs11-helper-%{version}.tar.bz2 BuildRequires: doxygen graphviz BuildRequires: openssl-devel @@ -74,6 +74,9 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la %changelog +* Tue Apr 02 2013 Kalev Lember - 1.10-1 +- Update to 1.10 + * Thu Feb 14 2013 Fedora Release Engineering - 1.09-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild diff --git a/sources b/sources index 45a7841..a97ed9f 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -88ca59143f1b1d36283cab406f33a3fa pkcs11-helper-1.09.tar.bz2 +a26b279fb5f606f742e3bf02f1065cf3 pkcs11-helper-1.10.tar.bz2 From 37b5c5a77f0535ca3aa0de5c4dfdc54f04559067 Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Sat, 3 Aug 2013 23:23:11 -0500 Subject: [PATCH 16/51] - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild --- pkcs11-helper.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkcs11-helper.spec b/pkcs11-helper.spec index 81b6554..c35a5c5 100644 --- a/pkcs11-helper.spec +++ b/pkcs11-helper.spec @@ -1,6 +1,6 @@ Name: pkcs11-helper Version: 1.10 -Release: 1%{?dist} +Release: 2%{?dist} Summary: A library for using PKCS#11 providers Group: System Environment/Libraries @@ -74,6 +74,9 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la %changelog +* Sun Aug 04 2013 Fedora Release Engineering - 1.10-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + * Tue Apr 02 2013 Kalev Lember - 1.10-1 - Update to 1.10 From 49fe1ad2bdc47bf6dbd3606c5f35477517107c93 Mon Sep 17 00:00:00 2001 From: Jon Ciesla Date: Fri, 11 Apr 2014 14:19:21 -0500 Subject: [PATCH 17/51] 1.11. --- .gitignore | 1 + pkcs11-helper.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index f054f18..6f3f113 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ pkcs11-helper-1.07.tar.bz2 /pkcs11-helper-1.08.tar.bz2 /pkcs11-helper-1.09.tar.bz2 /pkcs11-helper-1.10.tar.bz2 +/pkcs11-helper-1.11.tar.bz2 diff --git a/pkcs11-helper.spec b/pkcs11-helper.spec index c35a5c5..d487add 100644 --- a/pkcs11-helper.spec +++ b/pkcs11-helper.spec @@ -1,6 +1,6 @@ Name: pkcs11-helper -Version: 1.10 -Release: 2%{?dist} +Version: 1.11 +Release: 1%{?dist} Summary: A library for using PKCS#11 providers Group: System Environment/Libraries @@ -74,6 +74,9 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la %changelog +* Fri Apr 11 2014 Jon Ciesla - 1.11-1 +- Latest upstream, required for openvpn 2.3.3. + * Sun Aug 04 2013 Fedora Release Engineering - 1.10-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild diff --git a/sources b/sources index a97ed9f..109493a 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -a26b279fb5f606f742e3bf02f1065cf3 pkcs11-helper-1.10.tar.bz2 +59f2ac76c66e4dc0c21614cc944e89fb pkcs11-helper-1.11.tar.bz2 From d6c7dc61afa14401895b9a060c2a2f4419aa9834 Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Sat, 7 Jun 2014 11:09:59 -0500 Subject: [PATCH 18/51] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild --- pkcs11-helper.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkcs11-helper.spec b/pkcs11-helper.spec index d487add..518b3ab 100644 --- a/pkcs11-helper.spec +++ b/pkcs11-helper.spec @@ -1,6 +1,6 @@ Name: pkcs11-helper Version: 1.11 -Release: 1%{?dist} +Release: 2%{?dist} Summary: A library for using PKCS#11 providers Group: System Environment/Libraries @@ -74,6 +74,9 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la %changelog +* Sat Jun 07 2014 Fedora Release Engineering - 1.11-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + * Fri Apr 11 2014 Jon Ciesla - 1.11-1 - Latest upstream, required for openvpn 2.3.3. From fae1e77096b99d7f2bde71f83ea9a0dd3c76052d Mon Sep 17 00:00:00 2001 From: Peter Robinson Date: Sun, 17 Aug 2014 19:06:04 +0000 Subject: [PATCH 19/51] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild --- pkcs11-helper.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkcs11-helper.spec b/pkcs11-helper.spec index 518b3ab..84dcfe0 100644 --- a/pkcs11-helper.spec +++ b/pkcs11-helper.spec @@ -1,6 +1,6 @@ Name: pkcs11-helper Version: 1.11 -Release: 2%{?dist} +Release: 3%{?dist} Summary: A library for using PKCS#11 providers Group: System Environment/Libraries @@ -74,6 +74,9 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la %changelog +* Sun Aug 17 2014 Fedora Release Engineering - 1.11-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + * Sat Jun 07 2014 Fedora Release Engineering - 1.11-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild From 830e8d13bf61a0c34e4b1251e3fea31f0ec0b1fc Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Tue, 9 Dec 2014 17:03:07 +0000 Subject: [PATCH 20/51] Apply upstream fix for bug #1172237 (ignore objects without CKA_ID) --- ...e-ignore-certificates-without-CKA_ID.patch | 46 +++++++++++++++++++ pkcs11-helper.spec | 8 +++- 2 files changed, 52 insertions(+), 2 deletions(-) create mode 100644 0001-certificate-ignore-certificates-without-CKA_ID.patch diff --git a/0001-certificate-ignore-certificates-without-CKA_ID.patch b/0001-certificate-ignore-certificates-without-CKA_ID.patch new file mode 100644 index 0000000..d42120b --- /dev/null +++ b/0001-certificate-ignore-certificates-without-CKA_ID.patch @@ -0,0 +1,46 @@ +From 8d81cf6b460c0443c64605fe9ab0137c12c1ccba Mon Sep 17 00:00:00 2001 +From: Alon Bar-Lev +Date: Mon, 30 Dec 2013 20:17:13 +0200 +Subject: [PATCH] certificate: ignore certificates without CKA_ID + +we won't be able to retrieve them anyway. + +Signed-off-by: Alon Bar-Lev +--- + ChangeLog | 1 + + lib/pkcs11h-certificate.c | 19 ++++++++++++++++++- + 2 files changed, 19 insertions(+), 1 deletion(-) + +diff --git a/lib/pkcs11h-certificate.c b/lib/pkcs11h-certificate.c +index 086e22d..6eb95e2 100644 +--- a/lib/pkcs11h-certificate.c ++++ b/lib/pkcs11h-certificate.c +@@ -2383,7 +2383,24 @@ _pkcs11h_certificate_enumSessionCertificates ( + objects[i], + attrs, + sizeof (attrs) / sizeof (CK_ATTRIBUTE) +- )) != CKR_OK || ++ )) != CKR_OK ++ ) { ++ goto retry1; ++ } ++ ++ /* ++ * skip objects without CKA_ID as we ++ * won't be able to retrieve them. ++ */ ++ if ( ++ attrs[0].pValue == NULL || ++ attrs[0].ulValueLen == 0 ++ ) { ++ rv = CKR_OK; ++ goto retry1; ++ } ++ ++ if ( + (rv = _pkcs11h_certificate_newCertificateId (&certificate_id)) != CKR_OK || + (rv = pkcs11h_token_duplicateTokenId ( + &certificate_id->token_id, +-- +2.1.0 + diff --git a/pkcs11-helper.spec b/pkcs11-helper.spec index 84dcfe0..a1910dc 100644 --- a/pkcs11-helper.spec +++ b/pkcs11-helper.spec @@ -1,12 +1,13 @@ Name: pkcs11-helper Version: 1.11 -Release: 3%{?dist} +Release: 4%{?dist} Summary: A library for using PKCS#11 providers Group: System Environment/Libraries License: GPLv2 or BSD URL: http://www.opensc-project.org/opensc/wiki/pkcs11-helper Source0: http://downloads.sourceforge.net/opensc/pkcs11-helper-%{version}.tar.bz2 +Patch1: 0001-certificate-ignore-certificates-without-CKA_ID.patch BuildRequires: doxygen graphviz BuildRequires: openssl-devel @@ -35,7 +36,7 @@ programs using the pkcs11-helper library. %prep %setup -q - +%patch1 -p1 %build %configure --disable-static --enable-doc @@ -74,6 +75,9 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la %changelog +* Tue Dec 09 2014 David Woodhouse - 1.11-4 +- Apply upstream fix for bug #1172237 (ignore objects without CKA_ID) + * Sun Aug 17 2014 Fedora Release Engineering - 1.11-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild From b6b4200127e3ee8c2566202a50e3b14bc0d713d5 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Tue, 5 May 2015 17:35:15 +0100 Subject: [PATCH 21/51] Use RFC7512 URIs --- pkcs11-helper-rfc7512.patch | 686 ++++++++++++++++++++++++++++++++++++ pkcs11-helper.spec | 7 +- 2 files changed, 692 insertions(+), 1 deletion(-) create mode 100644 pkcs11-helper-rfc7512.patch diff --git a/pkcs11-helper-rfc7512.patch b/pkcs11-helper-rfc7512.patch new file mode 100644 index 0000000..8f808fc --- /dev/null +++ b/pkcs11-helper-rfc7512.patch @@ -0,0 +1,686 @@ +commit 41882e5e2e924ae1ee5aaec729a40484ccc3935d +Author: David Woodhouse +Date: Thu Apr 30 14:58:24 2015 +0100 + + Serialize to RFC7512-compliant PKCS#11 URIs + + Signed-off-by: David Woodhouse + +commit 52e66b688c296f115c7bea6d5dd6a98eec33a337 +Author: David Woodhouse +Date: Wed Dec 10 14:00:21 2014 +0000 + + Accept RFC7512-compliant PKCS#11 URIs as serialized token/certificate IDs + + The old format is still accepted for compatibility. + + Signed-off-by: David Woodhouse + +commit 7f89de7690edc3dfbd4eb70ad457814a2489a5bc +Author: David Woodhouse +Date: Sun Dec 14 19:42:18 2014 +0000 + + Stop _pkcs11h_util_hexToBinary() checking for trailing NUL + + We are going to want to use this for parsing %XX hex escapes in RFC7512 + PKCS#11 URIs, where we cannot expect a trailing NUL. Since there's only + one existing caller at the moment, it's simple just to let the caller + have responsibility for that check. + + Signed-off-by: David Woodhouse +diff --git a/lib/pkcs11h-serialization.c b/lib/pkcs11h-serialization.c +index ad275f8..cb85a35 100644 +--- a/lib/pkcs11h-serialization.c ++++ b/lib/pkcs11h-serialization.c +@@ -61,29 +61,127 @@ + + #if defined(ENABLE_PKCS11H_TOKEN) || defined(ENABLE_PKCS11H_CERTIFICATE) + ++#define URI_SCHEME "pkcs11:" ++ ++#define token_field_ofs(field) ((unsigned long)&(((struct pkcs11h_token_id_s *)0)->field)) ++#define token_field_size(field) sizeof((((struct pkcs11h_token_id_s *)0)->field)) ++#define token_field(name, field) { name "=", sizeof(name), \ ++ token_field_ofs(field), token_field_size(field) } ++ ++static struct { ++ const char const *name; ++ size_t namelen; ++ unsigned long field_ofs; ++ size_t field_size; ++} __token_fields[] = { ++ token_field ("model", model), ++ token_field ("token", label), ++ token_field ("manufacturer", manufacturerID ), ++ token_field ("serial", serialNumber ), ++ { NULL }, ++}; ++ ++#define P11_URL_VERBATIM "abcdefghijklmnopqrstuvwxyz" \ ++ "ABCDEFGHIJKLMNOPQRSTUVWXYZ" \ ++ "0123456789_-." ++ ++static ++int ++__token_attr_escape(char *uri, char *attr, size_t attrlen) ++{ ++ int len = 0, i; ++ ++ for (i = 0; i < attrlen; i++) { ++ if (strchr(P11_URL_VERBATIM, attr[i])) { ++ if (uri) { ++ *(uri++) = attr[i]; ++ } ++ len++; ++ } else { ++ if (uri) { ++ sprintf(uri, "%%%02x", (unsigned char)attr[i]); ++ uri += 3; ++ } ++ len += 3; ++ } ++ } ++ return len; ++} ++ ++static ++CK_RV ++__generate_pkcs11_uri ( ++ OUT char * const sz, ++ IN OUT size_t *max, ++ IN const pkcs11h_certificate_id_t certificate_id, ++ IN const pkcs11h_token_id_t token_id ++) { ++ size_t _max; ++ char *p = sz; ++ int i; ++ ++ _PKCS11H_ASSERT (max!=NULL); ++ _PKCS11H_ASSERT (token_id!=NULL); ++ ++ _max = strlen(URI_SCHEME); ++ for (i = 0; __token_fields[i].name; i++) { ++ char *field = ((char *)token_id) + __token_fields[i].field_ofs; ++ ++ _max += __token_fields[i].namelen; ++ _max += __token_attr_escape (NULL, field, strlen(field)); ++ _max++; /* For a semicolon or trailing NUL */ ++ } ++ if (certificate_id) { ++ _max += strlen (";id="); ++ _max += __token_attr_escape (NULL, ++ (char *)certificate_id->attrCKA_ID, ++ certificate_id->attrCKA_ID_size); ++ } ++ ++ if (!sz) { ++ *max = _max; ++ return CKR_OK; ++ } ++ ++ if (sz && *max < _max) ++ return CKR_ATTRIBUTE_VALUE_INVALID; ++ ++ p += sprintf(p, URI_SCHEME); ++ for (i = 0; __token_fields[i].name; i++) { ++ char *field = ((char *)token_id) + __token_fields[i].field_ofs; ++ ++ p += sprintf (p, "%s", __token_fields[i].name); ++ p += __token_attr_escape (p, field, strlen(field)); ++ *(p++) = ';'; ++ } ++ if (certificate_id) { ++ p += sprintf (p, "id="); ++ p += __token_attr_escape (p, ++ (char *)certificate_id->attrCKA_ID, ++ certificate_id->attrCKA_ID_size); ++ } else { ++ /* Remove the unneeded trailing semicolon */ ++ p--; ++ } ++ *(p++) = 0; ++ ++ *max = _max; ++ ++ return CKR_OK; ++} ++ + CK_RV + pkcs11h_token_serializeTokenId ( + OUT char * const sz, + IN OUT size_t *max, + IN const pkcs11h_token_id_t token_id + ) { +- const char *sources[5]; + CK_RV rv = CKR_FUNCTION_FAILED; +- size_t n; +- int e; + + /*_PKCS11H_ASSERT (sz!=NULL); Not required*/ + _PKCS11H_ASSERT (max!=NULL); + _PKCS11H_ASSERT (token_id!=NULL); + +- { /* Must be after assert */ +- sources[0] = token_id->manufacturerID; +- sources[1] = token_id->model; +- sources[2] = token_id->serialNumber; +- sources[3] = token_id->label; +- sources[4] = NULL; +- } +- + _PKCS11H_DEBUG ( + PKCS11H_LOG_DEBUG2, + "PKCS#11: pkcs11h_token_serializeTokenId entry sz=%p, *max="P_Z", token_id=%p", +@@ -92,67 +190,161 @@ pkcs11h_token_serializeTokenId ( + (void *)token_id + ); + +- n = 0; +- for (e=0;sources[e] != NULL;e++) { +- size_t t; +- if ( +- (rv = _pkcs11h_util_escapeString ( +- NULL, +- sources[e], +- &t, +- __PKCS11H_SERIALIZE_INVALID_CHARS +- )) != CKR_OK +- ) { +- goto cleanup; ++ rv = __generate_pkcs11_uri(sz, max, NULL, token_id); ++ ++ _PKCS11H_DEBUG ( ++ PKCS11H_LOG_DEBUG2, ++ "PKCS#11: pkcs11h_token_serializeTokenId return rv=%lu-'%s', *max="P_Z", sz='%s'", ++ rv, ++ pkcs11h_getMessage (rv), ++ *max, ++ sz ++ ); ++ ++ return rv; ++} ++ ++static ++CK_RV ++__parse_token_uri_attr ( ++ const char *uri, ++ size_t urilen, ++ char *tokstr, ++ size_t toklen, ++ size_t *parsed_len ++) { ++ size_t orig_toklen = toklen; ++ CK_RV rv = CKR_OK; ++ ++ while (urilen && toklen > 1) { ++ if (*uri == '%') { ++ size_t size = 1; ++ ++ if (urilen < 3) { ++ rv = CKR_ATTRIBUTE_VALUE_INVALID; ++ goto done; ++ } ++ ++ rv = _pkcs11h_util_hexToBinary ((unsigned char *)tokstr, ++ uri + 1, &size); ++ if (rv != CKR_OK) { ++ goto done; ++ } ++ ++ uri += 2; ++ urilen -= 2; ++ } else { ++ *tokstr = *uri; + } +- n+=t; ++ tokstr++; ++ uri++; ++ toklen--; ++ urilen--; ++ tokstr[1] = 0; + } + +- if (sz != NULL) { +- if (*max < n) { +- rv = CKR_ATTRIBUTE_VALUE_INVALID; +- goto cleanup; ++ if (urilen) { ++ rv = CKR_ATTRIBUTE_VALUE_INVALID; ++ } else if (parsed_len) { ++ *parsed_len = orig_toklen - toklen; ++ } ++ ++ done: ++ return rv; ++} ++ ++static ++CK_RV ++__parse_pkcs11_uri ( ++ OUT pkcs11h_token_id_t token_id, ++ OUT pkcs11h_certificate_id_t certificate_id, ++ IN const char * const sz ++) { ++ const char *end, *p; ++ CK_RV rv = CKR_OK; ++ ++ _PKCS11H_ASSERT (token_id!=NULL); ++ _PKCS11H_ASSERT (sz!=NULL); ++ ++ if (strncmp (sz, URI_SCHEME, strlen (URI_SCHEME))) ++ return CKR_ATTRIBUTE_VALUE_INVALID; ++ ++ end = sz + strlen (URI_SCHEME) - 1; ++ while (rv == CKR_OK && end[0] && end[1]) { ++ int i; ++ ++ p = end + 1; ++ end = strchr (p, ';'); ++ if (!end) ++ end = p + strlen(p); ++ ++ for (i = 0; __token_fields[i].name; i++) { ++ /* Parse the token=, label=, manufacturer= and serial= fields */ ++ if (!strncmp(p, __token_fields[i].name, __token_fields[i].namelen)) { ++ char *field = ((char *)token_id) + __token_fields[i].field_ofs; ++ ++ p += __token_fields[i].namelen; ++ rv = __parse_token_uri_attr (p, end - p, field, ++ __token_fields[i].field_size, ++ NULL); ++ if (rv != CKR_OK) { ++ goto cleanup; ++ } ++ ++ goto matched; ++ } + } ++ if (certificate_id && !strncmp(p, "id=", 3)) { ++ p += 3; ++ ++ rv = _pkcs11h_mem_malloc ((void *)&certificate_id->attrCKA_ID, ++ end - p); ++ if (rv != CKR_OK) { ++ goto cleanup; ++ } + +- n = 0; +- for (e=0;sources[e] != NULL;e++) { +- size_t t = *max-n; +- if ( +- (rv = _pkcs11h_util_escapeString ( +- sz+n, +- sources[e], +- &t, +- __PKCS11H_SERIALIZE_INVALID_CHARS +- )) != CKR_OK +- ) { ++ rv = __parse_token_uri_attr (p, end - p, ++ (char *)certificate_id->attrCKA_ID, ++ end - p, ++ &certificate_id->attrCKA_ID_size); ++ if (rv != CKR_OK) { + goto cleanup; + } +- n+=t; +- sz[n-1] = '/'; ++ ++ goto matched; + } +- sz[n-1] = '\x0'; +- } + +- *max = n; +- rv = CKR_OK; ++ /* We don't parse object= because the match code doesn't support ++ matching by label. */ ++ ++ /* Failed to parse PKCS#11 URI element. */ ++ return CKR_ATTRIBUTE_VALUE_INVALID; + ++ matched: ++ ; ++ } + cleanup: ++ /* The matching code doesn't support support partial matches; it needs ++ * *all* of manufacturer, model, serial and label attributes to be ++ * defined. So reject partial URIs early instead of letting it do the ++ * wrong thing. We can maybe improve this later. */ ++ if (!token_id->model[0] || !token_id->label[0] || ++ !token_id->manufacturerID[0] || !token_id->serialNumber[0]) { ++ return CKR_ATTRIBUTE_VALUE_INVALID; ++ } + +- _PKCS11H_DEBUG ( +- PKCS11H_LOG_DEBUG2, +- "PKCS#11: pkcs11h_token_serializeTokenId return rv=%lu-'%s', *max="P_Z", sz='%s'", +- rv, +- pkcs11h_getMessage (rv), +- *max, +- sz +- ); ++ /* For a certificate ID we need CKA_ID */ ++ if (certificate_id && !certificate_id->attrCKA_ID_size) { ++ return CKR_ATTRIBUTE_VALUE_INVALID; ++ } + + return rv; + } + ++static + CK_RV +-pkcs11h_token_deserializeTokenId ( +- OUT pkcs11h_token_id_t *p_token_id, ++__pkcs11h_token_legacy_deserializeTokenId ( ++ OUT pkcs11h_token_id_t token_id, + IN const char * const sz + ) { + #define __PKCS11H_TARGETS_NUMBER 4 +@@ -161,24 +353,11 @@ pkcs11h_token_deserializeTokenId ( + size_t s; + } targets[__PKCS11H_TARGETS_NUMBER]; + +- pkcs11h_token_id_t token_id = NULL; + char *p1 = NULL; + char *_sz = NULL; + int e; + CK_RV rv = CKR_FUNCTION_FAILED; + +- _PKCS11H_ASSERT (p_token_id!=NULL); +- _PKCS11H_ASSERT (sz!=NULL); +- +- _PKCS11H_DEBUG ( +- PKCS11H_LOG_DEBUG2, +- "PKCS#11: pkcs11h_token_deserializeTokenId entry p_token_id=%p, sz='%s'", +- (void *)p_token_id, +- sz +- ); +- +- *p_token_id = NULL; +- + if ( + (rv = _pkcs11h_mem_strdup ( + (void *)&_sz, +@@ -190,10 +369,6 @@ pkcs11h_token_deserializeTokenId ( + + p1 = _sz; + +- if ((rv = _pkcs11h_token_newTokenId (&token_id)) != CKR_OK) { +- goto cleanup; +- } +- + targets[0].p = token_id->manufacturerID; + targets[0].s = sizeof (token_id->manufacturerID); + targets[1].p = token_id->model; +@@ -252,6 +427,51 @@ pkcs11h_token_deserializeTokenId ( + p1 = p2+1; + } + ++ rv = CKR_OK; ++ ++cleanup: ++ ++ if (_sz != NULL) { ++ _pkcs11h_mem_free ((void *)&_sz); ++ } ++ ++ return rv; ++#undef __PKCS11H_TARGETS_NUMBER ++} ++ ++CK_RV ++pkcs11h_token_deserializeTokenId ( ++ OUT pkcs11h_token_id_t *p_token_id, ++ IN const char * const sz ++) { ++ pkcs11h_token_id_t token_id = NULL; ++ CK_RV rv = CKR_FUNCTION_FAILED; ++ ++ _PKCS11H_ASSERT (p_token_id!=NULL); ++ _PKCS11H_ASSERT (sz!=NULL); ++ ++ _PKCS11H_DEBUG ( ++ PKCS11H_LOG_DEBUG2, ++ "PKCS#11: pkcs11h_token_deserializeTokenId entry p_token_id=%p, sz='%s'", ++ (void *)p_token_id, ++ sz ++ ); ++ ++ *p_token_id = NULL; ++ ++ if ((rv = _pkcs11h_token_newTokenId (&token_id)) != CKR_OK) { ++ goto cleanup; ++ } ++ ++ if (!strncmp (sz, URI_SCHEME, strlen (URI_SCHEME))) { ++ rv = __parse_pkcs11_uri(token_id, NULL, sz); ++ } else { ++ rv = __pkcs11h_token_legacy_deserializeTokenId(token_id, sz); ++ } ++ if (rv != CKR_OK) { ++ goto cleanup; ++ } ++ + strncpy ( + token_id->display, + token_id->label, +@@ -264,11 +484,6 @@ pkcs11h_token_deserializeTokenId ( + rv = CKR_OK; + + cleanup: +- +- if (_sz != NULL) { +- _pkcs11h_mem_free ((void *)&_sz); +- } +- + if (token_id != NULL) { + pkcs11h_token_freeTokenId (token_id); + } +@@ -281,7 +496,6 @@ cleanup: + ); + + return rv; +-#undef __PKCS11H_TARGETS_NUMBER + } + + #endif /* ENABLE_PKCS11H_TOKEN || ENABLE_PKCS11H_CERTIFICATE */ +@@ -295,9 +509,6 @@ pkcs11h_certificate_serializeCertificateId ( + IN const pkcs11h_certificate_id_t certificate_id + ) { + CK_RV rv = CKR_FUNCTION_FAILED; +- size_t saved_max = 0; +- size_t n = 0; +- size_t _max = 0; + + /*_PKCS11H_ASSERT (sz!=NULL); Not required */ + _PKCS11H_ASSERT (max!=NULL); +@@ -311,42 +522,7 @@ pkcs11h_certificate_serializeCertificateId ( + (void *)certificate_id + ); + +- if (sz != NULL) { +- saved_max = n = *max; +- } +- *max = 0; +- +- if ( +- (rv = pkcs11h_token_serializeTokenId ( +- sz, +- &n, +- certificate_id->token_id +- )) != CKR_OK +- ) { +- goto cleanup; +- } +- +- _max = n + certificate_id->attrCKA_ID_size*2 + 1; +- +- if (sz != NULL) { +- if (saved_max < _max) { +- rv = CKR_ATTRIBUTE_VALUE_INVALID; +- goto cleanup; +- } +- +- sz[n-1] = '/'; +- rv = _pkcs11h_util_binaryToHex ( +- sz+n, +- saved_max-n, +- certificate_id->attrCKA_ID, +- certificate_id->attrCKA_ID_size +- ); +- } +- +- *max = _max; +- rv = CKR_OK; +- +-cleanup: ++ rv = __generate_pkcs11_uri(sz, max, certificate_id, certificate_id->token_id); + + _PKCS11H_DEBUG ( + PKCS11H_LOG_DEBUG2, +@@ -360,27 +536,16 @@ cleanup: + return rv; + } + ++static + CK_RV +-pkcs11h_certificate_deserializeCertificateId ( +- OUT pkcs11h_certificate_id_t * const p_certificate_id, ++__pkcs11h_certificate_legacy_deserializeCertificateId ( ++ OUT pkcs11h_certificate_id_t certificate_id, + IN const char * const sz + ) { +- pkcs11h_certificate_id_t certificate_id = NULL; + CK_RV rv = CKR_FUNCTION_FAILED; + char *p = NULL; + char *_sz = NULL; +- +- _PKCS11H_ASSERT (p_certificate_id!=NULL); +- _PKCS11H_ASSERT (sz!=NULL); +- +- *p_certificate_id = NULL; +- +- _PKCS11H_DEBUG ( +- PKCS11H_LOG_DEBUG2, +- "PKCS#11: pkcs11h_certificate_deserializeCertificateId entry p_certificate_id=%p, sz='%s'", +- (void *)p_certificate_id, +- sz +- ); ++ size_t id_hex_len; + + if ( + (rv = _pkcs11h_mem_strdup ( +@@ -393,10 +558,6 @@ pkcs11h_certificate_deserializeCertificateId ( + + p = _sz; + +- if ((rv = _pkcs11h_certificate_newCertificateId (&certificate_id)) != CKR_OK) { +- goto cleanup; +- } +- + if ((p = strrchr (_sz, '/')) == NULL) { + rv = CKR_ATTRIBUTE_VALUE_INVALID; + goto cleanup; +@@ -414,7 +575,12 @@ pkcs11h_certificate_deserializeCertificateId ( + goto cleanup; + } + +- certificate_id->attrCKA_ID_size = strlen (p)/2; ++ id_hex_len = strlen (p); ++ if (id_hex_len & 1) { ++ rv = CKR_ATTRIBUTE_VALUE_INVALID; ++ goto cleanup; ++ } ++ certificate_id->attrCKA_ID_size = id_hex_len/2; + + if ( + (rv = _pkcs11h_mem_malloc ( +@@ -430,21 +596,64 @@ pkcs11h_certificate_deserializeCertificateId ( + goto cleanup; + } + ++ rv = CKR_OK; ++ ++cleanup: ++ ++ if (_sz != NULL) { ++ _pkcs11h_mem_free ((void *)&_sz); ++ } ++ ++ return rv; ++ ++} ++ ++CK_RV ++pkcs11h_certificate_deserializeCertificateId ( ++ OUT pkcs11h_certificate_id_t * const p_certificate_id, ++ IN const char * const sz ++) { ++ pkcs11h_certificate_id_t certificate_id = NULL; ++ CK_RV rv = CKR_FUNCTION_FAILED; ++ ++ _PKCS11H_ASSERT (p_certificate_id!=NULL); ++ _PKCS11H_ASSERT (sz!=NULL); ++ ++ *p_certificate_id = NULL; ++ ++ _PKCS11H_DEBUG ( ++ PKCS11H_LOG_DEBUG2, ++ "PKCS#11: pkcs11h_certificate_deserializeCertificateId entry p_certificate_id=%p, sz='%s'", ++ (void *)p_certificate_id, ++ sz ++ ); ++ ++ if ((rv = _pkcs11h_certificate_newCertificateId (&certificate_id)) != CKR_OK) { ++ goto cleanup; ++ } ++ if ((rv = _pkcs11h_token_newTokenId (&certificate_id->token_id)) != CKR_OK) { ++ goto cleanup; ++ } ++ ++ if (!strncmp(sz, URI_SCHEME, strlen (URI_SCHEME))) { ++ rv = __parse_pkcs11_uri (certificate_id->token_id, certificate_id, sz); ++ } else { ++ rv = __pkcs11h_certificate_legacy_deserializeCertificateId (certificate_id, sz); ++ } ++ if (rv != CKR_OK) { ++ goto cleanup; ++ } ++ + *p_certificate_id = certificate_id; + certificate_id = NULL; + rv = CKR_OK; + + cleanup: +- + if (certificate_id != NULL) { + pkcs11h_certificate_freeCertificateId (certificate_id); + certificate_id = NULL; + } + +- if (_sz != NULL) { +- _pkcs11h_mem_free ((void *)&_sz); +- } +- + _PKCS11H_DEBUG ( + PKCS11H_LOG_DEBUG2, + "PKCS#11: pkcs11h_certificate_deserializeCertificateId return rv=%lu-'%s'", +diff --git a/lib/pkcs11h-util.c b/lib/pkcs11h-util.c +index 0743fd1..f90e443 100644 +--- a/lib/pkcs11h-util.c ++++ b/lib/pkcs11h-util.c +@@ -110,12 +110,7 @@ _pkcs11h_util_hexToBinary ( + p++; + } + +- if (*p != '\x0') { +- return CKR_ATTRIBUTE_VALUE_INVALID; +- } +- else { +- return CKR_OK; +- } ++ return CKR_OK; + } + + CK_RV diff --git a/pkcs11-helper.spec b/pkcs11-helper.spec index a1910dc..c712e3f 100644 --- a/pkcs11-helper.spec +++ b/pkcs11-helper.spec @@ -1,6 +1,6 @@ Name: pkcs11-helper Version: 1.11 -Release: 4%{?dist} +Release: 5%{?dist} Summary: A library for using PKCS#11 providers Group: System Environment/Libraries @@ -8,6 +8,7 @@ License: GPLv2 or BSD URL: http://www.opensc-project.org/opensc/wiki/pkcs11-helper Source0: http://downloads.sourceforge.net/opensc/pkcs11-helper-%{version}.tar.bz2 Patch1: 0001-certificate-ignore-certificates-without-CKA_ID.patch +Patch2: pkcs11-helper-rfc7512.patch BuildRequires: doxygen graphviz BuildRequires: openssl-devel @@ -37,6 +38,7 @@ programs using the pkcs11-helper library. %prep %setup -q %patch1 -p1 +%patch2 -p1 %build %configure --disable-static --enable-doc @@ -75,6 +77,9 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la %changelog +* Wed Apr 29 2015 David Woodhouse - 1.11-5 +- Migrate ID serialisation format to RFC7512 (#1173554) + * Tue Dec 09 2014 David Woodhouse - 1.11-4 - Apply upstream fix for bug #1172237 (ignore objects without CKA_ID) From 8fb2232df5eeb0ec5b124da00f8bcc0520e82d0f Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Thu, 18 Jun 2015 15:21:30 +0000 Subject: [PATCH 22/51] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild --- pkcs11-helper.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkcs11-helper.spec b/pkcs11-helper.spec index c712e3f..78b7ca6 100644 --- a/pkcs11-helper.spec +++ b/pkcs11-helper.spec @@ -1,6 +1,6 @@ Name: pkcs11-helper Version: 1.11 -Release: 5%{?dist} +Release: 6%{?dist} Summary: A library for using PKCS#11 providers Group: System Environment/Libraries @@ -77,6 +77,9 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la %changelog +* Thu Jun 18 2015 Fedora Release Engineering - 1.11-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + * Wed Apr 29 2015 David Woodhouse - 1.11-5 - Migrate ID serialisation format to RFC7512 (#1173554) From 3a9fcbae1e28bd683d4f92238d2259c9ea2b8394 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Tue, 22 Sep 2015 21:41:01 +0100 Subject: [PATCH 23/51] Fix URI ID parsing (#1264645) --- pkcs11-helper-rfc7512.patch | 10 +++++----- pkcs11-helper.spec | 5 ++++- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/pkcs11-helper-rfc7512.patch b/pkcs11-helper-rfc7512.patch index 8f808fc..a4cf0e8 100644 --- a/pkcs11-helper-rfc7512.patch +++ b/pkcs11-helper-rfc7512.patch @@ -1,4 +1,4 @@ -commit 41882e5e2e924ae1ee5aaec729a40484ccc3935d +commit 8b614fd9554d3b372a829e4a05e21c5899f581ca Author: David Woodhouse Date: Thu Apr 30 14:58:24 2015 +0100 @@ -6,7 +6,7 @@ Date: Thu Apr 30 14:58:24 2015 +0100 Signed-off-by: David Woodhouse -commit 52e66b688c296f115c7bea6d5dd6a98eec33a337 +commit db7a561668614b16b3a14564b3b4f71912db8e17 Author: David Woodhouse Date: Wed Dec 10 14:00:21 2014 +0000 @@ -29,7 +29,7 @@ Date: Sun Dec 14 19:42:18 2014 +0000 Signed-off-by: David Woodhouse diff --git a/lib/pkcs11h-serialization.c b/lib/pkcs11h-serialization.c -index ad275f8..cb85a35 100644 +index ad275f8..1d077e4 100644 --- a/lib/pkcs11h-serialization.c +++ b/lib/pkcs11h-serialization.c @@ -61,29 +61,127 @@ @@ -300,7 +300,7 @@ index ad275f8..cb85a35 100644 + p += 3; + + rv = _pkcs11h_mem_malloc ((void *)&certificate_id->attrCKA_ID, -+ end - p); ++ end - p + 1); + if (rv != CKR_OK) { + goto cleanup; + } @@ -318,7 +318,7 @@ index ad275f8..cb85a35 100644 - ) { + rv = __parse_token_uri_attr (p, end - p, + (char *)certificate_id->attrCKA_ID, -+ end - p, ++ end - p + 1, + &certificate_id->attrCKA_ID_size); + if (rv != CKR_OK) { goto cleanup; diff --git a/pkcs11-helper.spec b/pkcs11-helper.spec index 78b7ca6..b77f7d8 100644 --- a/pkcs11-helper.spec +++ b/pkcs11-helper.spec @@ -1,6 +1,6 @@ Name: pkcs11-helper Version: 1.11 -Release: 6%{?dist} +Release: 7%{?dist} Summary: A library for using PKCS#11 providers Group: System Environment/Libraries @@ -77,6 +77,9 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la %changelog +* Tue Sep 22 2015 David Woodhouse - 1.11-7 +- Fix ID buffer size for URI parsing (#1264645) + * Thu Jun 18 2015 Fedora Release Engineering - 1.11-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild From f9a65385f48ecefa6a8dc609297926fe0d780df2 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 4 Feb 2016 18:06:36 +0000 Subject: [PATCH 24/51] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild --- pkcs11-helper.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkcs11-helper.spec b/pkcs11-helper.spec index b77f7d8..1752818 100644 --- a/pkcs11-helper.spec +++ b/pkcs11-helper.spec @@ -1,6 +1,6 @@ Name: pkcs11-helper Version: 1.11 -Release: 7%{?dist} +Release: 8%{?dist} Summary: A library for using PKCS#11 providers Group: System Environment/Libraries @@ -77,6 +77,9 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la %changelog +* Thu Feb 04 2016 Fedora Release Engineering - 1.11-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + * Tue Sep 22 2015 David Woodhouse - 1.11-7 - Fix ID buffer size for URI parsing (#1264645) From 0d91c593b61c2fa34bc402dfb7b7db5a41afd90b Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 11 Feb 2017 07:31:46 +0000 Subject: [PATCH 25/51] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild --- pkcs11-helper.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkcs11-helper.spec b/pkcs11-helper.spec index 1752818..6a2c8ad 100644 --- a/pkcs11-helper.spec +++ b/pkcs11-helper.spec @@ -1,6 +1,6 @@ Name: pkcs11-helper Version: 1.11 -Release: 8%{?dist} +Release: 9%{?dist} Summary: A library for using PKCS#11 providers Group: System Environment/Libraries @@ -77,6 +77,9 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la %changelog +* Sat Feb 11 2017 Fedora Release Engineering - 1.11-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + * Thu Feb 04 2016 Fedora Release Engineering - 1.11-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild From 3bbda1b07c94dd62087490e655a0e58eb96203ff Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Tue, 21 Feb 2017 09:45:54 +0100 Subject: [PATCH 26/51] updated to 1.22 --- .gitignore | 1 + ...e-ignore-certificates-without-CKA_ID.patch | 46 ------------------- pkcs11-helper.spec | 9 ++-- sources | 2 +- 4 files changed, 7 insertions(+), 51 deletions(-) delete mode 100644 0001-certificate-ignore-certificates-without-CKA_ID.patch diff --git a/.gitignore b/.gitignore index 6f3f113..e23dc51 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ pkcs11-helper-1.07.tar.bz2 /pkcs11-helper-1.09.tar.bz2 /pkcs11-helper-1.10.tar.bz2 /pkcs11-helper-1.11.tar.bz2 +/pkcs11-helper-1.22.tar.bz2 diff --git a/0001-certificate-ignore-certificates-without-CKA_ID.patch b/0001-certificate-ignore-certificates-without-CKA_ID.patch deleted file mode 100644 index d42120b..0000000 --- a/0001-certificate-ignore-certificates-without-CKA_ID.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 8d81cf6b460c0443c64605fe9ab0137c12c1ccba Mon Sep 17 00:00:00 2001 -From: Alon Bar-Lev -Date: Mon, 30 Dec 2013 20:17:13 +0200 -Subject: [PATCH] certificate: ignore certificates without CKA_ID - -we won't be able to retrieve them anyway. - -Signed-off-by: Alon Bar-Lev ---- - ChangeLog | 1 + - lib/pkcs11h-certificate.c | 19 ++++++++++++++++++- - 2 files changed, 19 insertions(+), 1 deletion(-) - -diff --git a/lib/pkcs11h-certificate.c b/lib/pkcs11h-certificate.c -index 086e22d..6eb95e2 100644 ---- a/lib/pkcs11h-certificate.c -+++ b/lib/pkcs11h-certificate.c -@@ -2383,7 +2383,24 @@ _pkcs11h_certificate_enumSessionCertificates ( - objects[i], - attrs, - sizeof (attrs) / sizeof (CK_ATTRIBUTE) -- )) != CKR_OK || -+ )) != CKR_OK -+ ) { -+ goto retry1; -+ } -+ -+ /* -+ * skip objects without CKA_ID as we -+ * won't be able to retrieve them. -+ */ -+ if ( -+ attrs[0].pValue == NULL || -+ attrs[0].ulValueLen == 0 -+ ) { -+ rv = CKR_OK; -+ goto retry1; -+ } -+ -+ if ( - (rv = _pkcs11h_certificate_newCertificateId (&certificate_id)) != CKR_OK || - (rv = pkcs11h_token_duplicateTokenId ( - &certificate_id->token_id, --- -2.1.0 - diff --git a/pkcs11-helper.spec b/pkcs11-helper.spec index 6a2c8ad..0670302 100644 --- a/pkcs11-helper.spec +++ b/pkcs11-helper.spec @@ -1,13 +1,12 @@ Name: pkcs11-helper -Version: 1.11 -Release: 9%{?dist} +Version: 1.22 +Release: 1%{?dist} Summary: A library for using PKCS#11 providers Group: System Environment/Libraries License: GPLv2 or BSD URL: http://www.opensc-project.org/opensc/wiki/pkcs11-helper Source0: http://downloads.sourceforge.net/opensc/pkcs11-helper-%{version}.tar.bz2 -Patch1: 0001-certificate-ignore-certificates-without-CKA_ID.patch Patch2: pkcs11-helper-rfc7512.patch BuildRequires: doxygen graphviz @@ -37,7 +36,6 @@ programs using the pkcs11-helper library. %prep %setup -q -%patch1 -p1 %patch2 -p1 %build @@ -77,6 +75,9 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la %changelog +* Tue Feb 21 2017 Nikos Mavrogiannopoulos - 1.22-1 +- New upstream release + * Sat Feb 11 2017 Fedora Release Engineering - 1.11-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild diff --git a/sources b/sources index 109493a..9760f06 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -59f2ac76c66e4dc0c21614cc944e89fb pkcs11-helper-1.11.tar.bz2 +SHA512 (pkcs11-helper-1.22.tar.bz2) = f17b3e1079cd226437b5b7eb6176c5b49db00e91419b405b097badaf166c79c7e06f5792f81bcd0d44c4c695549c3c1d61c25ca57caf3758dd4c3a6b5a94c928 From d9dfa4eda9fba34fb75aaddd536418cd78be11b4 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 27 Jul 2017 08:40:52 +0000 Subject: [PATCH 27/51] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild --- pkcs11-helper.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkcs11-helper.spec b/pkcs11-helper.spec index 0670302..b22f1c2 100644 --- a/pkcs11-helper.spec +++ b/pkcs11-helper.spec @@ -1,6 +1,6 @@ Name: pkcs11-helper Version: 1.22 -Release: 1%{?dist} +Release: 2%{?dist} Summary: A library for using PKCS#11 providers Group: System Environment/Libraries @@ -75,6 +75,9 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la %changelog +* Thu Jul 27 2017 Fedora Release Engineering - 1.22-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + * Tue Feb 21 2017 Nikos Mavrogiannopoulos - 1.22-1 - New upstream release From 5c12970bd6df79089623db886c41fce62f6bf11e Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 3 Aug 2017 06:05:52 +0000 Subject: [PATCH 28/51] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild --- pkcs11-helper.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkcs11-helper.spec b/pkcs11-helper.spec index b22f1c2..2ec53fc 100644 --- a/pkcs11-helper.spec +++ b/pkcs11-helper.spec @@ -1,6 +1,6 @@ Name: pkcs11-helper Version: 1.22 -Release: 2%{?dist} +Release: 3%{?dist} Summary: A library for using PKCS#11 providers Group: System Environment/Libraries @@ -75,6 +75,9 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la %changelog +* Thu Aug 03 2017 Fedora Release Engineering - 1.22-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + * Thu Jul 27 2017 Fedora Release Engineering - 1.22-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild From 133efad4c29879d5e52255f858eaa1a7140ebffe Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Fri, 24 Nov 2017 11:14:17 +0100 Subject: [PATCH 29/51] Addressed issue with RFC7512 URI parsing (#1516474) --- pkcs11-helper-rfc7512.patch | 2 +- pkcs11-helper.spec | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/pkcs11-helper-rfc7512.patch b/pkcs11-helper-rfc7512.patch index a4cf0e8..8d64569 100644 --- a/pkcs11-helper-rfc7512.patch +++ b/pkcs11-helper-rfc7512.patch @@ -238,7 +238,7 @@ index ad275f8..1d077e4 100644 + uri++; + toklen--; + urilen--; -+ tokstr[1] = 0; ++ tokstr[0] = 0; } - if (sz != NULL) { diff --git a/pkcs11-helper.spec b/pkcs11-helper.spec index 2ec53fc..a012ca9 100644 --- a/pkcs11-helper.spec +++ b/pkcs11-helper.spec @@ -1,6 +1,6 @@ Name: pkcs11-helper Version: 1.22 -Release: 3%{?dist} +Release: 4%{?dist} Summary: A library for using PKCS#11 providers Group: System Environment/Libraries @@ -75,6 +75,9 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la %changelog +* Fri Nov 24 2017 Nikos Mavrogiannopoulos - 1.22-4 +- Addressed issue with RFC7512 URI parsing (#1516474) + * Thu Aug 03 2017 Fedora Release Engineering - 1.22-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild From 280c020eaeb2380be7723d5a9e84957662dabc68 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 9 Feb 2018 05:10:04 +0000 Subject: [PATCH 30/51] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- pkcs11-helper.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkcs11-helper.spec b/pkcs11-helper.spec index a012ca9..2eb943f 100644 --- a/pkcs11-helper.spec +++ b/pkcs11-helper.spec @@ -1,6 +1,6 @@ Name: pkcs11-helper Version: 1.22 -Release: 4%{?dist} +Release: 5%{?dist} Summary: A library for using PKCS#11 providers Group: System Environment/Libraries @@ -75,6 +75,9 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la %changelog +* Fri Feb 09 2018 Fedora Release Engineering - 1.22-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + * Fri Nov 24 2017 Nikos Mavrogiannopoulos - 1.22-4 - Addressed issue with RFC7512 URI parsing (#1516474) From 34d7f7bc2d48121be1749cd8b1beb8321ee32e68 Mon Sep 17 00:00:00 2001 From: Igor Gnatenko Date: Mon, 9 Jul 2018 19:06:50 +0200 Subject: [PATCH 31/51] add BuildRequires: gcc Reference: https://fedoraproject.org/wiki/Changes/Remove_GCC_from_BuildRoot --- pkcs11-helper.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/pkcs11-helper.spec b/pkcs11-helper.spec index 2eb943f..d21c3c2 100644 --- a/pkcs11-helper.spec +++ b/pkcs11-helper.spec @@ -9,6 +9,7 @@ URL: http://www.opensc-project.org/opensc/wiki/pkcs11-helper Source0: http://downloads.sourceforge.net/opensc/pkcs11-helper-%{version}.tar.bz2 Patch2: pkcs11-helper-rfc7512.patch +BuildRequires: gcc BuildRequires: doxygen graphviz BuildRequires: openssl-devel From f8ba6cc734e4b94114f0232a49b58fd1d463755c Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 13 Jul 2018 22:30:22 +0000 Subject: [PATCH 32/51] - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- pkcs11-helper.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkcs11-helper.spec b/pkcs11-helper.spec index d21c3c2..94ee7f3 100644 --- a/pkcs11-helper.spec +++ b/pkcs11-helper.spec @@ -1,6 +1,6 @@ Name: pkcs11-helper Version: 1.22 -Release: 5%{?dist} +Release: 6%{?dist} Summary: A library for using PKCS#11 providers Group: System Environment/Libraries @@ -76,6 +76,9 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la %changelog +* Fri Jul 13 2018 Fedora Release Engineering - 1.22-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + * Fri Feb 09 2018 Fedora Release Engineering - 1.22-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild From 9234ff5919142e058f6eb106364e9d7e7b58d4e6 Mon Sep 17 00:00:00 2001 From: Igor Gnatenko Date: Tue, 22 Jan 2019 18:40:41 +0100 Subject: [PATCH 33/51] Remove obsolete ldconfig scriptlets References: https://fedoraproject.org/wiki/Changes/RemoveObsoleteScriptlets Signed-off-by: Igor Gnatenko --- pkcs11-helper.spec | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/pkcs11-helper.spec b/pkcs11-helper.spec index 94ee7f3..2f139ed 100644 --- a/pkcs11-helper.spec +++ b/pkcs11-helper.spec @@ -56,9 +56,7 @@ rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/%{name}/ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la -%post -p /sbin/ldconfig - -%postun -p /sbin/ldconfig +%ldconfig_scriptlets %files From a97a7845f44ab0abc3330f644518bd11a592ed0c Mon Sep 17 00:00:00 2001 From: Igor Gnatenko Date: Mon, 28 Jan 2019 20:18:13 +0100 Subject: [PATCH 34/51] Remove obsolete Group tag References: https://fedoraproject.org/wiki/Changes/Remove_Group_Tag --- pkcs11-helper.spec | 2 -- 1 file changed, 2 deletions(-) diff --git a/pkcs11-helper.spec b/pkcs11-helper.spec index 2f139ed..8ef52b7 100644 --- a/pkcs11-helper.spec +++ b/pkcs11-helper.spec @@ -3,7 +3,6 @@ Version: 1.22 Release: 6%{?dist} Summary: A library for using PKCS#11 providers -Group: System Environment/Libraries License: GPLv2 or BSD URL: http://www.opensc-project.org/opensc/wiki/pkcs11-helper Source0: http://downloads.sourceforge.net/opensc/pkcs11-helper-%{version}.tar.bz2 @@ -24,7 +23,6 @@ using a simple API. %package devel Summary: Development files for pkcs11-helper -Group: Development/Libraries Requires: %{name} = %{version}-%{release} Requires: openssl-devel # for /usr/share/aclocal From 316ded11c3b3c60812dc004d2d073d6cfbc637d4 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 2 Feb 2019 04:18:21 +0000 Subject: [PATCH 35/51] - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- pkcs11-helper.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkcs11-helper.spec b/pkcs11-helper.spec index 8ef52b7..340d7ff 100644 --- a/pkcs11-helper.spec +++ b/pkcs11-helper.spec @@ -1,6 +1,6 @@ Name: pkcs11-helper Version: 1.22 -Release: 6%{?dist} +Release: 7%{?dist} Summary: A library for using PKCS#11 providers License: GPLv2 or BSD @@ -72,6 +72,9 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la %changelog +* Sat Feb 02 2019 Fedora Release Engineering - 1.22-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + * Fri Jul 13 2018 Fedora Release Engineering - 1.22-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild From d343cc9722ec3812f84b60850205288ccba9b885 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 26 Jul 2019 10:46:49 +0000 Subject: [PATCH 36/51] - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- pkcs11-helper.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkcs11-helper.spec b/pkcs11-helper.spec index 340d7ff..4e371f1 100644 --- a/pkcs11-helper.spec +++ b/pkcs11-helper.spec @@ -1,6 +1,6 @@ Name: pkcs11-helper Version: 1.22 -Release: 7%{?dist} +Release: 8%{?dist} Summary: A library for using PKCS#11 providers License: GPLv2 or BSD @@ -72,6 +72,9 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la %changelog +* Fri Jul 26 2019 Fedora Release Engineering - 1.22-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + * Sat Feb 02 2019 Fedora Release Engineering - 1.22-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild From 5b402d73b33087c761f7b28d7e634ad74385f2c9 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 30 Jan 2020 09:09:50 +0000 Subject: [PATCH 37/51] - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- pkcs11-helper.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkcs11-helper.spec b/pkcs11-helper.spec index 4e371f1..cc47cf6 100644 --- a/pkcs11-helper.spec +++ b/pkcs11-helper.spec @@ -1,6 +1,6 @@ Name: pkcs11-helper Version: 1.22 -Release: 8%{?dist} +Release: 9%{?dist} Summary: A library for using PKCS#11 providers License: GPLv2 or BSD @@ -72,6 +72,9 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la %changelog +* Thu Jan 30 2020 Fedora Release Engineering - 1.22-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + * Fri Jul 26 2019 Fedora Release Engineering - 1.22-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild From c182a7c48acd0427a6f081a3dea8ebd8169e8046 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Fri, 24 Apr 2020 14:39:53 +0100 Subject: [PATCH 38/51] Fix serialisation of attributes with NUL bytes in (#1825496) --- pkcs11-helper-rfc7512.patch | 8 ++++---- pkcs11-helper.spec | 5 ++++- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/pkcs11-helper-rfc7512.patch b/pkcs11-helper-rfc7512.patch index 8d64569..84fba08 100644 --- a/pkcs11-helper-rfc7512.patch +++ b/pkcs11-helper-rfc7512.patch @@ -1,4 +1,4 @@ -commit 8b614fd9554d3b372a829e4a05e21c5899f581ca +commit 90590b02085edc3830bdfe0942a46c4e7bf3f1ab (HEAD -> master) Author: David Woodhouse Date: Thu Apr 30 14:58:24 2015 +0100 @@ -6,7 +6,7 @@ Date: Thu Apr 30 14:58:24 2015 +0100 Signed-off-by: David Woodhouse -commit db7a561668614b16b3a14564b3b4f71912db8e17 +commit 4d5280da8df591aab701dff4493d13a835a9b29c Author: David Woodhouse Date: Wed Dec 10 14:00:21 2014 +0000 @@ -16,7 +16,7 @@ Date: Wed Dec 10 14:00:21 2014 +0000 Signed-off-by: David Woodhouse -commit 7f89de7690edc3dfbd4eb70ad457814a2489a5bc +commit 14e09211c3d50eb06825090c9765e4382cf52f19 Author: David Woodhouse Date: Sun Dec 14 19:42:18 2014 +0000 @@ -67,7 +67,7 @@ index ad275f8..1d077e4 100644 + int len = 0, i; + + for (i = 0; i < attrlen; i++) { -+ if (strchr(P11_URL_VERBATIM, attr[i])) { ++ if ((attr[i] != '\x0') && strchr(P11_URL_VERBATIM, attr[i])) { + if (uri) { + *(uri++) = attr[i]; + } diff --git a/pkcs11-helper.spec b/pkcs11-helper.spec index cc47cf6..dc9ecc1 100644 --- a/pkcs11-helper.spec +++ b/pkcs11-helper.spec @@ -1,6 +1,6 @@ Name: pkcs11-helper Version: 1.22 -Release: 9%{?dist} +Release: 10%{?dist} Summary: A library for using PKCS#11 providers License: GPLv2 or BSD @@ -72,6 +72,9 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la %changelog +* Fri Apr 24 2020 David Woodhouse - 1.22-10 +- Fix serialisation of attributes with NUL bytes in (#1825496) + * Thu Jan 30 2020 Fedora Release Engineering - 1.22-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild From c24cab7057745486e64d55b694c84da643a633e4 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Tue, 28 Jul 2020 22:34:02 +0000 Subject: [PATCH 39/51] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- pkcs11-helper.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkcs11-helper.spec b/pkcs11-helper.spec index dc9ecc1..1dd879f 100644 --- a/pkcs11-helper.spec +++ b/pkcs11-helper.spec @@ -1,6 +1,6 @@ Name: pkcs11-helper Version: 1.22 -Release: 10%{?dist} +Release: 11%{?dist} Summary: A library for using PKCS#11 providers License: GPLv2 or BSD @@ -72,6 +72,9 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la %changelog +* Tue Jul 28 2020 Fedora Release Engineering - 1.22-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + * Fri Apr 24 2020 David Woodhouse - 1.22-10 - Fix serialisation of attributes with NUL bytes in (#1825496) From 7e495eaab139eac60bbda671138290532fd379b9 Mon Sep 17 00:00:00 2001 From: Kalev Lember Date: Fri, 20 Nov 2020 09:08:17 +0100 Subject: [PATCH 40/51] Update to 1.27.0 --- .gitignore | 1 + pkcs11-helper.spec | 9 ++++++--- sources | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index e23dc51..b987c37 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,4 @@ pkcs11-helper-1.07.tar.bz2 /pkcs11-helper-1.10.tar.bz2 /pkcs11-helper-1.11.tar.bz2 /pkcs11-helper-1.22.tar.bz2 +/pkcs11-helper-1.27.0.tar.bz2 diff --git a/pkcs11-helper.spec b/pkcs11-helper.spec index 1dd879f..e9635bb 100644 --- a/pkcs11-helper.spec +++ b/pkcs11-helper.spec @@ -1,11 +1,11 @@ Name: pkcs11-helper -Version: 1.22 -Release: 11%{?dist} +Version: 1.27.0 +Release: 1%{?dist} Summary: A library for using PKCS#11 providers License: GPLv2 or BSD URL: http://www.opensc-project.org/opensc/wiki/pkcs11-helper -Source0: http://downloads.sourceforge.net/opensc/pkcs11-helper-%{version}.tar.bz2 +Source0: https://github.com/OpenSC/pkcs11-helper/releases/download/pkcs11-helper-1.27/pkcs11-helper-%{version}.tar.bz2 Patch2: pkcs11-helper-rfc7512.patch BuildRequires: gcc @@ -72,6 +72,9 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la %changelog +* Fri Nov 20 2020 Kalev Lember - 1.27.0-1 +- Update to 1.27.0 + * Tue Jul 28 2020 Fedora Release Engineering - 1.22-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild diff --git a/sources b/sources index 9760f06..c254bfe 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (pkcs11-helper-1.22.tar.bz2) = f17b3e1079cd226437b5b7eb6176c5b49db00e91419b405b097badaf166c79c7e06f5792f81bcd0d44c4c695549c3c1d61c25ca57caf3758dd4c3a6b5a94c928 +SHA512 (pkcs11-helper-1.27.0.tar.bz2) = 5799342cb755dae8b7ba0880d652e9d4b4f1e52a74043015e1185e1e059326cb2689bb51957db98060ac2257dee34e2f047dcf3d52ad59fd49b91fedcfc5332b From 0370ca40cfbab4b03aab7da5b6350cb4d7a01a55 Mon Sep 17 00:00:00 2001 From: Kalev Lember Date: Fri, 20 Nov 2020 09:09:11 +0100 Subject: [PATCH 41/51] Use make_build and make_install macros --- pkcs11-helper.spec | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pkcs11-helper.spec b/pkcs11-helper.spec index e9635bb..fca0623 100644 --- a/pkcs11-helper.spec +++ b/pkcs11-helper.spec @@ -39,11 +39,11 @@ programs using the pkcs11-helper library. %build %configure --disable-static --enable-doc -make %{?_smp_mflags} +%make_build %install -make install DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" +%make_install # Use %%doc to install documentation in a standard location mkdir apidocdir @@ -74,6 +74,7 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la %changelog * Fri Nov 20 2020 Kalev Lember - 1.27.0-1 - Update to 1.27.0 +- Use make_build and make_install macros * Tue Jul 28 2020 Fedora Release Engineering - 1.22-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild From cdba3dd0d96715eb49e3889151edc5558d5b3a8e Mon Sep 17 00:00:00 2001 From: Kalev Lember Date: Fri, 20 Nov 2020 09:09:48 +0100 Subject: [PATCH 42/51] Tighten soname globs This avoids accidental soname bumps. --- pkcs11-helper.spec | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkcs11-helper.spec b/pkcs11-helper.spec index fca0623..6435dae 100644 --- a/pkcs11-helper.spec +++ b/pkcs11-helper.spec @@ -59,7 +59,7 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la %files %doc AUTHORS ChangeLog COPYING* README THANKS -%{_libdir}/libpkcs11-helper.so.* +%{_libdir}/libpkcs11-helper.so.1* %files devel @@ -75,6 +75,7 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la * Fri Nov 20 2020 Kalev Lember - 1.27.0-1 - Update to 1.27.0 - Use make_build and make_install macros +- Tighten soname globs * Tue Jul 28 2020 Fedora Release Engineering - 1.22-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild From 1f12e7a33cafdf228db476262ae247b3ded929c5 Mon Sep 17 00:00:00 2001 From: Kalev Lember Date: Fri, 20 Nov 2020 09:10:27 +0100 Subject: [PATCH 43/51] Use license macro for COPYING* --- pkcs11-helper.spec | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkcs11-helper.spec b/pkcs11-helper.spec index 6435dae..766644a 100644 --- a/pkcs11-helper.spec +++ b/pkcs11-helper.spec @@ -58,7 +58,8 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la %files -%doc AUTHORS ChangeLog COPYING* README THANKS +%license COPYING* +%doc AUTHORS ChangeLog README THANKS %{_libdir}/libpkcs11-helper.so.1* @@ -76,6 +77,7 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la - Update to 1.27.0 - Use make_build and make_install macros - Tighten soname globs +- Use license macro for COPYING* * Tue Jul 28 2020 Fedora Release Engineering - 1.22-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild From 16a5e8d03d00f6f9d6a23dff5e2c43f6cf2448ea Mon Sep 17 00:00:00 2001 From: Kalev Lember Date: Fri, 20 Nov 2020 09:11:05 +0100 Subject: [PATCH 44/51] Tighten requires with _isa macro --- pkcs11-helper.spec | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkcs11-helper.spec b/pkcs11-helper.spec index 766644a..84615fc 100644 --- a/pkcs11-helper.spec +++ b/pkcs11-helper.spec @@ -23,7 +23,7 @@ using a simple API. %package devel Summary: Development files for pkcs11-helper -Requires: %{name} = %{version}-%{release} +Requires: %{name}%{?_isa} = %{version}-%{release} Requires: openssl-devel # for /usr/share/aclocal Requires: automake @@ -78,6 +78,7 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la - Use make_build and make_install macros - Tighten soname globs - Use license macro for COPYING* +- Tighten requires with _isa macro * Tue Jul 28 2020 Fedora Release Engineering - 1.22-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild From 1ef25b66bb872ca8dffe1ae67f93b96e2c852e0a Mon Sep 17 00:00:00 2001 From: Kalev Lember Date: Fri, 18 Dec 2020 13:12:50 +0100 Subject: [PATCH 45/51] Update pkcs11-helper-rfc7512.patch Sync it with https://github.com/OpenSC/pkcs11-helper/pull/4 https://bugzilla.redhat.com/show_bug.cgi?id=1849259#c5 --- pkcs11-helper-rfc7512.patch | 679 +++++++++++++++++++----------------- pkcs11-helper.spec | 7 +- 2 files changed, 362 insertions(+), 324 deletions(-) diff --git a/pkcs11-helper-rfc7512.patch b/pkcs11-helper-rfc7512.patch index 84fba08..59d9955 100644 --- a/pkcs11-helper-rfc7512.patch +++ b/pkcs11-helper-rfc7512.patch @@ -1,38 +1,83 @@ -commit 90590b02085edc3830bdfe0942a46c4e7bf3f1ab (HEAD -> master) -Author: David Woodhouse -Date: Thu Apr 30 14:58:24 2015 +0100 +From 14e09211c3d50eb06825090c9765e4382cf52f19 Mon Sep 17 00:00:00 2001 +From: David Woodhouse +Date: Sun, 14 Dec 2014 19:42:18 +0000 +Subject: [PATCH 1/3] Stop _pkcs11h_util_hexToBinary() checking for trailing + NUL - Serialize to RFC7512-compliant PKCS#11 URIs - - Signed-off-by: David Woodhouse +We are going to want to use this for parsing %XX hex escapes in RFC7512 +PKCS#11 URIs, where we cannot expect a trailing NUL. Since there's only +one existing caller at the moment, it's simple just to let the caller +have responsibility for that check. -commit 4d5280da8df591aab701dff4493d13a835a9b29c -Author: David Woodhouse -Date: Wed Dec 10 14:00:21 2014 +0000 +Signed-off-by: David Woodhouse +--- + lib/pkcs11h-serialization.c | 8 +++++++- + lib/pkcs11h-util.c | 7 +------ + 2 files changed, 8 insertions(+), 7 deletions(-) - Accept RFC7512-compliant PKCS#11 URIs as serialized token/certificate IDs - - The old format is still accepted for compatibility. - - Signed-off-by: David Woodhouse +diff --git a/lib/pkcs11h-serialization.c b/lib/pkcs11h-serialization.c +index 74b4ca7..a45a6c5 100644 +--- a/lib/pkcs11h-serialization.c ++++ b/lib/pkcs11h-serialization.c +@@ -368,6 +368,7 @@ pkcs11h_certificate_deserializeCertificateId ( + CK_RV rv = CKR_FUNCTION_FAILED; + char *p = NULL; + char *_sz = NULL; ++ size_t id_hex_len; + + _PKCS11H_ASSERT (p_certificate_id!=NULL); + _PKCS11H_ASSERT (sz!=NULL); +@@ -413,7 +414,12 @@ pkcs11h_certificate_deserializeCertificateId ( + goto cleanup; + } + +- certificate_id->attrCKA_ID_size = strlen (p)/2; ++ id_hex_len = strlen (p); ++ if (id_hex_len & 1) { ++ rv = CKR_ATTRIBUTE_VALUE_INVALID; ++ goto cleanup; ++ } ++ certificate_id->attrCKA_ID_size = id_hex_len/2; + + if ( + (rv = _pkcs11h_mem_malloc ( +diff --git a/lib/pkcs11h-util.c b/lib/pkcs11h-util.c +index 7325db4..7dfe9a3 100644 +--- a/lib/pkcs11h-util.c ++++ b/lib/pkcs11h-util.c +@@ -109,12 +109,7 @@ _pkcs11h_util_hexToBinary ( + p++; + } + +- if (*p != '\x0') { +- return CKR_ATTRIBUTE_VALUE_INVALID; +- } +- else { +- return CKR_OK; +- } ++ return CKR_OK; + } + + CK_RV + +From 4d5280da8df591aab701dff4493d13a835a9b29c Mon Sep 17 00:00:00 2001 +From: David Woodhouse +Date: Wed, 10 Dec 2014 14:00:21 +0000 +Subject: [PATCH 2/3] Accept RFC7512-compliant PKCS#11 URIs as serialized + token/certificate IDs -commit 14e09211c3d50eb06825090c9765e4382cf52f19 -Author: David Woodhouse -Date: Sun Dec 14 19:42:18 2014 +0000 +The old format is still accepted for compatibility. + +Signed-off-by: David Woodhouse +--- + lib/pkcs11h-serialization.c | 305 ++++++++++++++++++++++++++++++------ + 1 file changed, 256 insertions(+), 49 deletions(-) - Stop _pkcs11h_util_hexToBinary() checking for trailing NUL - - We are going to want to use this for parsing %XX hex escapes in RFC7512 - PKCS#11 URIs, where we cannot expect a trailing NUL. Since there's only - one existing caller at the moment, it's simple just to let the caller - have responsibility for that check. - - Signed-off-by: David Woodhouse diff --git a/lib/pkcs11h-serialization.c b/lib/pkcs11h-serialization.c -index ad275f8..1d077e4 100644 +index a45a6c5..390ac0e 100644 --- a/lib/pkcs11h-serialization.c +++ b/lib/pkcs11h-serialization.c -@@ -61,29 +61,127 @@ +@@ -60,6 +60,26 @@ #if defined(ENABLE_PKCS11H_TOKEN) || defined(ENABLE_PKCS11H_CERTIFICATE) @@ -55,154 +100,18 @@ index ad275f8..1d077e4 100644 + token_field ("serial", serialNumber ), + { NULL }, +}; -+ -+#define P11_URL_VERBATIM "abcdefghijklmnopqrstuvwxyz" \ -+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ" \ -+ "0123456789_-." -+ -+static -+int -+__token_attr_escape(char *uri, char *attr, size_t attrlen) -+{ -+ int len = 0, i; -+ -+ for (i = 0; i < attrlen; i++) { -+ if ((attr[i] != '\x0') && strchr(P11_URL_VERBATIM, attr[i])) { -+ if (uri) { -+ *(uri++) = attr[i]; -+ } -+ len++; -+ } else { -+ if (uri) { -+ sprintf(uri, "%%%02x", (unsigned char)attr[i]); -+ uri += 3; -+ } -+ len += 3; -+ } -+ } -+ return len; -+} -+ -+static -+CK_RV -+__generate_pkcs11_uri ( -+ OUT char * const sz, -+ IN OUT size_t *max, -+ IN const pkcs11h_certificate_id_t certificate_id, -+ IN const pkcs11h_token_id_t token_id -+) { -+ size_t _max; -+ char *p = sz; -+ int i; -+ -+ _PKCS11H_ASSERT (max!=NULL); -+ _PKCS11H_ASSERT (token_id!=NULL); -+ -+ _max = strlen(URI_SCHEME); -+ for (i = 0; __token_fields[i].name; i++) { -+ char *field = ((char *)token_id) + __token_fields[i].field_ofs; -+ -+ _max += __token_fields[i].namelen; -+ _max += __token_attr_escape (NULL, field, strlen(field)); -+ _max++; /* For a semicolon or trailing NUL */ -+ } -+ if (certificate_id) { -+ _max += strlen (";id="); -+ _max += __token_attr_escape (NULL, -+ (char *)certificate_id->attrCKA_ID, -+ certificate_id->attrCKA_ID_size); -+ } -+ -+ if (!sz) { -+ *max = _max; -+ return CKR_OK; -+ } -+ -+ if (sz && *max < _max) -+ return CKR_ATTRIBUTE_VALUE_INVALID; -+ -+ p += sprintf(p, URI_SCHEME); -+ for (i = 0; __token_fields[i].name; i++) { -+ char *field = ((char *)token_id) + __token_fields[i].field_ofs; -+ -+ p += sprintf (p, "%s", __token_fields[i].name); -+ p += __token_attr_escape (p, field, strlen(field)); -+ *(p++) = ';'; -+ } -+ if (certificate_id) { -+ p += sprintf (p, "id="); -+ p += __token_attr_escape (p, -+ (char *)certificate_id->attrCKA_ID, -+ certificate_id->attrCKA_ID_size); -+ } else { -+ /* Remove the unneeded trailing semicolon */ -+ p--; -+ } -+ *(p++) = 0; -+ -+ *max = _max; -+ -+ return CKR_OK; -+} + CK_RV pkcs11h_token_serializeTokenId ( OUT char * const sz, - IN OUT size_t *max, - IN const pkcs11h_token_id_t token_id - ) { -- const char *sources[5]; - CK_RV rv = CKR_FUNCTION_FAILED; -- size_t n; -- int e; - - /*_PKCS11H_ASSERT (sz!=NULL); Not required*/ - _PKCS11H_ASSERT (max!=NULL); - _PKCS11H_ASSERT (token_id!=NULL); - -- { /* Must be after assert */ -- sources[0] = token_id->manufacturerID; -- sources[1] = token_id->model; -- sources[2] = token_id->serialNumber; -- sources[3] = token_id->label; -- sources[4] = NULL; -- } -- - _PKCS11H_DEBUG ( - PKCS11H_LOG_DEBUG2, - "PKCS#11: pkcs11h_token_serializeTokenId entry sz=%p, *max="P_Z", token_id=%p", -@@ -92,67 +190,161 @@ pkcs11h_token_serializeTokenId ( - (void *)token_id - ); +@@ -149,9 +169,147 @@ pkcs11h_token_serializeTokenId ( + return rv; + } -- n = 0; -- for (e=0;sources[e] != NULL;e++) { -- size_t t; -- if ( -- (rv = _pkcs11h_util_escapeString ( -- NULL, -- sources[e], -- &t, -- __PKCS11H_SERIALIZE_INVALID_CHARS -- )) != CKR_OK -- ) { -- goto cleanup; -+ rv = __generate_pkcs11_uri(sz, max, NULL, token_id); -+ -+ _PKCS11H_DEBUG ( -+ PKCS11H_LOG_DEBUG2, -+ "PKCS#11: pkcs11h_token_serializeTokenId return rv=%lu-'%s', *max="P_Z", sz='%s'", -+ rv, -+ pkcs11h_getMessage (rv), -+ *max, -+ sz -+ ); -+ -+ return rv; -+} -+ +static -+CK_RV + CK_RV +-pkcs11h_token_deserializeTokenId ( +- OUT pkcs11h_token_id_t *p_token_id, +__parse_token_uri_attr ( + const char *uri, + size_t urilen, @@ -232,19 +141,14 @@ index ad275f8..1d077e4 100644 + urilen -= 2; + } else { + *tokstr = *uri; - } -- n+=t; ++ } + tokstr++; + uri++; + toklen--; + urilen--; + tokstr[0] = 0; - } - -- if (sz != NULL) { -- if (*max < n) { -- rv = CKR_ATTRIBUTE_VALUE_INVALID; -- goto cleanup; ++ } ++ + if (urilen) { + rv = CKR_ATTRIBUTE_VALUE_INVALID; + } else if (parsed_len) { @@ -295,7 +199,7 @@ index ad275f8..1d077e4 100644 + + goto matched; + } - } ++ } + if (certificate_id && !strncmp(p, "id=", 3)) { + p += 3; + @@ -304,45 +208,28 @@ index ad275f8..1d077e4 100644 + if (rv != CKR_OK) { + goto cleanup; + } - -- n = 0; -- for (e=0;sources[e] != NULL;e++) { -- size_t t = *max-n; -- if ( -- (rv = _pkcs11h_util_escapeString ( -- sz+n, -- sources[e], -- &t, -- __PKCS11H_SERIALIZE_INVALID_CHARS -- )) != CKR_OK -- ) { ++ + rv = __parse_token_uri_attr (p, end - p, + (char *)certificate_id->attrCKA_ID, + end - p + 1, + &certificate_id->attrCKA_ID_size); + if (rv != CKR_OK) { - goto cleanup; - } -- n+=t; -- sz[n-1] = '/'; ++ goto cleanup; ++ } + + goto matched; - } -- sz[n-1] = '\x0'; -- } - -- *max = n; -- rv = CKR_OK; ++ } ++ + /* We don't parse object= because the match code doesn't support + matching by label. */ + + /* Failed to parse PKCS#11 URI element. */ + return CKR_ATTRIBUTE_VALUE_INVALID; - ++ + matched: + ; + } - cleanup: ++cleanup: + /* The matching code doesn't support support partial matches; it needs + * *all* of manufacturer, model, serial and label attributes to be + * defined. So reject partial URIs early instead of letting it do the @@ -351,33 +238,23 @@ index ad275f8..1d077e4 100644 + !token_id->manufacturerID[0] || !token_id->serialNumber[0]) { + return CKR_ATTRIBUTE_VALUE_INVALID; + } - -- _PKCS11H_DEBUG ( -- PKCS11H_LOG_DEBUG2, -- "PKCS#11: pkcs11h_token_serializeTokenId return rv=%lu-'%s', *max="P_Z", sz='%s'", -- rv, -- pkcs11h_getMessage (rv), -- *max, -- sz -- ); ++ + /* For a certificate ID we need CKA_ID */ + if (certificate_id && !certificate_id->attrCKA_ID_size) { + return CKR_ATTRIBUTE_VALUE_INVALID; + } - - return rv; - } - ++ ++ return rv; ++} ++ +static - CK_RV --pkcs11h_token_deserializeTokenId ( -- OUT pkcs11h_token_id_t *p_token_id, ++CK_RV +__pkcs11h_token_legacy_deserializeTokenId ( + OUT pkcs11h_token_id_t token_id, IN const char * const sz ) { #define __PKCS11H_TARGETS_NUMBER 4 -@@ -161,24 +353,11 @@ pkcs11h_token_deserializeTokenId ( +@@ -160,24 +318,11 @@ pkcs11h_token_deserializeTokenId ( size_t s; } targets[__PKCS11H_TARGETS_NUMBER]; @@ -402,7 +279,7 @@ index ad275f8..1d077e4 100644 if ( (rv = _pkcs11h_mem_strdup ( (void *)&_sz, -@@ -190,10 +369,6 @@ pkcs11h_token_deserializeTokenId ( +@@ -189,10 +334,6 @@ pkcs11h_token_deserializeTokenId ( p1 = _sz; @@ -413,7 +290,7 @@ index ad275f8..1d077e4 100644 targets[0].p = token_id->manufacturerID; targets[0].s = sizeof (token_id->manufacturerID); targets[1].p = token_id->model; -@@ -252,6 +427,51 @@ pkcs11h_token_deserializeTokenId ( +@@ -251,6 +392,51 @@ pkcs11h_token_deserializeTokenId ( p1 = p2+1; } @@ -465,7 +342,7 @@ index ad275f8..1d077e4 100644 strncpy ( token_id->display, token_id->label, -@@ -264,11 +484,6 @@ pkcs11h_token_deserializeTokenId ( +@@ -263,11 +449,6 @@ pkcs11h_token_deserializeTokenId ( rv = CKR_OK; cleanup: @@ -477,7 +354,7 @@ index ad275f8..1d077e4 100644 if (token_id != NULL) { pkcs11h_token_freeTokenId (token_id); } -@@ -281,7 +496,6 @@ cleanup: +@@ -280,7 +461,6 @@ pkcs11h_token_deserializeTokenId ( ); return rv; @@ -485,77 +362,24 @@ index ad275f8..1d077e4 100644 } #endif /* ENABLE_PKCS11H_TOKEN || ENABLE_PKCS11H_CERTIFICATE */ -@@ -295,9 +509,6 @@ pkcs11h_certificate_serializeCertificateId ( - IN const pkcs11h_certificate_id_t certificate_id +@@ -359,29 +539,17 @@ pkcs11h_certificate_serializeCertificateId ( + return rv; + } + ++static + CK_RV +-pkcs11h_certificate_deserializeCertificateId ( +- OUT pkcs11h_certificate_id_t * const p_certificate_id, ++__pkcs11h_certificate_legacy_deserializeCertificateId ( ++ OUT pkcs11h_certificate_id_t certificate_id, + IN const char * const sz ) { +- pkcs11h_certificate_id_t certificate_id = NULL; CK_RV rv = CKR_FUNCTION_FAILED; -- size_t saved_max = 0; -- size_t n = 0; -- size_t _max = 0; + char *p = NULL; + char *_sz = NULL; + size_t id_hex_len; - /*_PKCS11H_ASSERT (sz!=NULL); Not required */ - _PKCS11H_ASSERT (max!=NULL); -@@ -311,42 +522,7 @@ pkcs11h_certificate_serializeCertificateId ( - (void *)certificate_id - ); - -- if (sz != NULL) { -- saved_max = n = *max; -- } -- *max = 0; -- -- if ( -- (rv = pkcs11h_token_serializeTokenId ( -- sz, -- &n, -- certificate_id->token_id -- )) != CKR_OK -- ) { -- goto cleanup; -- } -- -- _max = n + certificate_id->attrCKA_ID_size*2 + 1; -- -- if (sz != NULL) { -- if (saved_max < _max) { -- rv = CKR_ATTRIBUTE_VALUE_INVALID; -- goto cleanup; -- } -- -- sz[n-1] = '/'; -- rv = _pkcs11h_util_binaryToHex ( -- sz+n, -- saved_max-n, -- certificate_id->attrCKA_ID, -- certificate_id->attrCKA_ID_size -- ); -- } -- -- *max = _max; -- rv = CKR_OK; -- --cleanup: -+ rv = __generate_pkcs11_uri(sz, max, certificate_id, certificate_id->token_id); - - _PKCS11H_DEBUG ( - PKCS11H_LOG_DEBUG2, -@@ -360,27 +536,16 @@ cleanup: - return rv; - } - -+static - CK_RV --pkcs11h_certificate_deserializeCertificateId ( -- OUT pkcs11h_certificate_id_t * const p_certificate_id, -+__pkcs11h_certificate_legacy_deserializeCertificateId ( -+ OUT pkcs11h_certificate_id_t certificate_id, - IN const char * const sz - ) { -- pkcs11h_certificate_id_t certificate_id = NULL; - CK_RV rv = CKR_FUNCTION_FAILED; - char *p = NULL; - char *_sz = NULL; -- - _PKCS11H_ASSERT (p_certificate_id!=NULL); - _PKCS11H_ASSERT (sz!=NULL); - @@ -567,11 +391,11 @@ index ad275f8..1d077e4 100644 - (void *)p_certificate_id, - sz - ); -+ size_t id_hex_len; - +- if ( (rv = _pkcs11h_mem_strdup ( -@@ -393,10 +558,6 @@ pkcs11h_certificate_deserializeCertificateId ( + (void *)&_sz, +@@ -393,10 +561,6 @@ pkcs11h_certificate_deserializeCertificateId ( p = _sz; @@ -582,21 +406,7 @@ index ad275f8..1d077e4 100644 if ((p = strrchr (_sz, '/')) == NULL) { rv = CKR_ATTRIBUTE_VALUE_INVALID; goto cleanup; -@@ -414,7 +575,12 @@ pkcs11h_certificate_deserializeCertificateId ( - goto cleanup; - } - -- certificate_id->attrCKA_ID_size = strlen (p)/2; -+ id_hex_len = strlen (p); -+ if (id_hex_len & 1) { -+ rv = CKR_ATTRIBUTE_VALUE_INVALID; -+ goto cleanup; -+ } -+ certificate_id->attrCKA_ID_size = id_hex_len/2; - - if ( - (rv = _pkcs11h_mem_malloc ( -@@ -430,21 +596,64 @@ pkcs11h_certificate_deserializeCertificateId ( +@@ -435,21 +599,64 @@ pkcs11h_certificate_deserializeCertificateId ( goto cleanup; } @@ -666,21 +476,244 @@ index ad275f8..1d077e4 100644 _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: pkcs11h_certificate_deserializeCertificateId return rv=%lu-'%s'", -diff --git a/lib/pkcs11h-util.c b/lib/pkcs11h-util.c -index 0743fd1..f90e443 100644 ---- a/lib/pkcs11h-util.c -+++ b/lib/pkcs11h-util.c -@@ -110,12 +110,7 @@ _pkcs11h_util_hexToBinary ( - p++; - } + +From 90590b02085edc3830bdfe0942a46c4e7bf3f1ab Mon Sep 17 00:00:00 2001 +From: David Woodhouse +Date: Thu, 30 Apr 2015 14:58:24 +0100 +Subject: [PATCH 3/3] Serialize to RFC7512-compliant PKCS#11 URIs + +Signed-off-by: David Woodhouse +--- + lib/pkcs11h-serialization.c | 186 ++++++++++++++++++------------------ + 1 file changed, 91 insertions(+), 95 deletions(-) + +diff --git a/lib/pkcs11h-serialization.c b/lib/pkcs11h-serialization.c +index 390ac0e..0ea1861 100644 +--- a/lib/pkcs11h-serialization.c ++++ b/lib/pkcs11h-serialization.c +@@ -80,29 +80,107 @@ static struct { + { NULL }, + }; -- if (*p != '\x0') { -- return CKR_ATTRIBUTE_VALUE_INVALID; ++#define P11_URL_VERBATIM "abcdefghijklmnopqrstuvwxyz" \ ++ "ABCDEFGHIJKLMNOPQRSTUVWXYZ" \ ++ "0123456789_-." ++ ++static ++int ++__token_attr_escape(char *uri, char *attr, size_t attrlen) ++{ ++ int len = 0, i; ++ ++ for (i = 0; i < attrlen; i++) { ++ if ((attr[i] != '\x0') && strchr(P11_URL_VERBATIM, attr[i])) { ++ if (uri) { ++ *(uri++) = attr[i]; ++ } ++ len++; ++ } else { ++ if (uri) { ++ sprintf(uri, "%%%02x", (unsigned char)attr[i]); ++ uri += 3; ++ } ++ len += 3; ++ } ++ } ++ return len; ++} ++ ++static ++CK_RV ++__generate_pkcs11_uri ( ++ OUT char * const sz, ++ IN OUT size_t *max, ++ IN const pkcs11h_certificate_id_t certificate_id, ++ IN const pkcs11h_token_id_t token_id ++) { ++ size_t _max; ++ char *p = sz; ++ int i; ++ ++ _PKCS11H_ASSERT (max!=NULL); ++ _PKCS11H_ASSERT (token_id!=NULL); ++ ++ _max = strlen(URI_SCHEME); ++ for (i = 0; __token_fields[i].name; i++) { ++ char *field = ((char *)token_id) + __token_fields[i].field_ofs; ++ ++ _max += __token_fields[i].namelen; ++ _max += __token_attr_escape (NULL, field, strlen(field)); ++ _max++; /* For a semicolon or trailing NUL */ ++ } ++ if (certificate_id) { ++ _max += strlen (";id="); ++ _max += __token_attr_escape (NULL, ++ (char *)certificate_id->attrCKA_ID, ++ certificate_id->attrCKA_ID_size); ++ } ++ ++ if (!sz) { ++ *max = _max; ++ return CKR_OK; ++ } ++ ++ if (sz && *max < _max) ++ return CKR_ATTRIBUTE_VALUE_INVALID; ++ ++ p += sprintf(p, URI_SCHEME); ++ for (i = 0; __token_fields[i].name; i++) { ++ char *field = ((char *)token_id) + __token_fields[i].field_ofs; ++ ++ p += sprintf (p, "%s", __token_fields[i].name); ++ p += __token_attr_escape (p, field, strlen(field)); ++ *(p++) = ';'; ++ } ++ if (certificate_id) { ++ p += sprintf (p, "id="); ++ p += __token_attr_escape (p, ++ (char *)certificate_id->attrCKA_ID, ++ certificate_id->attrCKA_ID_size); ++ } else { ++ /* Remove the unneeded trailing semicolon */ ++ p--; ++ } ++ *(p++) = 0; ++ ++ *max = _max; ++ ++ return CKR_OK; ++} ++ + CK_RV + pkcs11h_token_serializeTokenId ( + OUT char * const sz, + IN OUT size_t *max, + IN const pkcs11h_token_id_t token_id + ) { +- const char *sources[5]; + CK_RV rv = CKR_FUNCTION_FAILED; +- size_t n; +- int e; + + /*_PKCS11H_ASSERT (sz!=NULL); Not required*/ + _PKCS11H_ASSERT (max!=NULL); + _PKCS11H_ASSERT (token_id!=NULL); + +- { /* Must be after assert */ +- sources[0] = token_id->manufacturerID; +- sources[1] = token_id->model; +- sources[2] = token_id->serialNumber; +- sources[3] = token_id->label; +- sources[4] = NULL; - } -- else { -- return CKR_OK; +- + _PKCS11H_DEBUG ( + PKCS11H_LOG_DEBUG2, + "PKCS#11: pkcs11h_token_serializeTokenId entry sz=%p, *max="P_Z", token_id=%p", +@@ -111,51 +189,7 @@ pkcs11h_token_serializeTokenId ( + (void *)token_id + ); + +- n = 0; +- for (e=0;sources[e] != NULL;e++) { +- size_t t; +- if ( +- (rv = _pkcs11h_util_escapeString ( +- NULL, +- sources[e], +- &t, +- __PKCS11H_SERIALIZE_INVALID_CHARS +- )) != CKR_OK +- ) { +- goto cleanup; +- } +- n+=t; - } -+ return CKR_OK; - } +- +- if (sz != NULL) { +- if (*max < n) { +- rv = CKR_ATTRIBUTE_VALUE_INVALID; +- goto cleanup; +- } +- +- n = 0; +- for (e=0;sources[e] != NULL;e++) { +- size_t t = *max-n; +- if ( +- (rv = _pkcs11h_util_escapeString ( +- sz+n, +- sources[e], +- &t, +- __PKCS11H_SERIALIZE_INVALID_CHARS +- )) != CKR_OK +- ) { +- goto cleanup; +- } +- n+=t; +- sz[n-1] = '/'; +- } +- sz[n-1] = '\x0'; +- } +- +- *max = n; +- rv = CKR_OK; +- +-cleanup: ++ rv = __generate_pkcs11_uri(sz, max, NULL, token_id); - CK_RV + _PKCS11H_DEBUG ( + PKCS11H_LOG_DEBUG2, +@@ -474,9 +508,6 @@ pkcs11h_certificate_serializeCertificateId ( + IN const pkcs11h_certificate_id_t certificate_id + ) { + CK_RV rv = CKR_FUNCTION_FAILED; +- size_t saved_max = 0; +- size_t n = 0; +- size_t _max = 0; + + /*_PKCS11H_ASSERT (sz!=NULL); Not required */ + _PKCS11H_ASSERT (max!=NULL); +@@ -490,42 +521,7 @@ pkcs11h_certificate_serializeCertificateId ( + (void *)certificate_id + ); + +- if (sz != NULL) { +- saved_max = n = *max; +- } +- *max = 0; +- +- if ( +- (rv = pkcs11h_token_serializeTokenId ( +- sz, +- &n, +- certificate_id->token_id +- )) != CKR_OK +- ) { +- goto cleanup; +- } +- +- _max = n + certificate_id->attrCKA_ID_size*2 + 1; +- +- if (sz != NULL) { +- if (saved_max < _max) { +- rv = CKR_ATTRIBUTE_VALUE_INVALID; +- goto cleanup; +- } +- +- sz[n-1] = '/'; +- rv = _pkcs11h_util_binaryToHex ( +- sz+n, +- saved_max-n, +- certificate_id->attrCKA_ID, +- certificate_id->attrCKA_ID_size +- ); +- } +- +- *max = _max; +- rv = CKR_OK; +- +-cleanup: ++ rv = __generate_pkcs11_uri(sz, max, certificate_id, certificate_id->token_id); + + _PKCS11H_DEBUG ( + PKCS11H_LOG_DEBUG2, diff --git a/pkcs11-helper.spec b/pkcs11-helper.spec index 84615fc..6b9955f 100644 --- a/pkcs11-helper.spec +++ b/pkcs11-helper.spec @@ -1,11 +1,12 @@ Name: pkcs11-helper Version: 1.27.0 -Release: 1%{?dist} +Release: 2%{?dist} Summary: A library for using PKCS#11 providers License: GPLv2 or BSD URL: http://www.opensc-project.org/opensc/wiki/pkcs11-helper Source0: https://github.com/OpenSC/pkcs11-helper/releases/download/pkcs11-helper-1.27/pkcs11-helper-%{version}.tar.bz2 +# https://github.com/OpenSC/pkcs11-helper/pull/4 Patch2: pkcs11-helper-rfc7512.patch BuildRequires: gcc @@ -73,6 +74,10 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la %changelog +* Fri Dec 18 2020 Kalev Lember - 1.27.0-2 +- Update pkcs11-helper-rfc7512.patch from + https://github.com/OpenSC/pkcs11-helper/pull/4 (#1849259) + * Fri Nov 20 2020 Kalev Lember - 1.27.0-1 - Update to 1.27.0 - Use make_build and make_install macros From 2a6b59480c2a9842a53674d79f3544316b9190e3 Mon Sep 17 00:00:00 2001 From: Tom Stellard Date: Fri, 8 Jan 2021 19:18:34 +0000 Subject: [PATCH 46/51] Add BuildRequires: make https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot --- pkcs11-helper.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/pkcs11-helper.spec b/pkcs11-helper.spec index 6b9955f..ec70d1d 100644 --- a/pkcs11-helper.spec +++ b/pkcs11-helper.spec @@ -9,6 +9,7 @@ Source0: https://github.com/OpenSC/pkcs11-helper/releases/download/pkcs11 # https://github.com/OpenSC/pkcs11-helper/pull/4 Patch2: pkcs11-helper-rfc7512.patch +BuildRequires: make BuildRequires: gcc BuildRequires: doxygen graphviz BuildRequires: openssl-devel From 5d92770367e799f8d190d3145e7595b04b64d71e Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 27 Jan 2021 08:09:22 +0000 Subject: [PATCH 47/51] - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- pkcs11-helper.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkcs11-helper.spec b/pkcs11-helper.spec index ec70d1d..cfc2956 100644 --- a/pkcs11-helper.spec +++ b/pkcs11-helper.spec @@ -1,6 +1,6 @@ Name: pkcs11-helper Version: 1.27.0 -Release: 2%{?dist} +Release: 3%{?dist} Summary: A library for using PKCS#11 providers License: GPLv2 or BSD @@ -75,6 +75,9 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la %changelog +* Wed Jan 27 2021 Fedora Release Engineering - 1.27.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + * Fri Dec 18 2020 Kalev Lember - 1.27.0-2 - Update pkcs11-helper-rfc7512.patch from https://github.com/OpenSC/pkcs11-helper/pull/4 (#1849259) From 3257e2fc0527a12af7ffe7382860ea95559d9af7 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Tue, 27 Jul 2021 07:39:43 +0000 Subject: [PATCH 48/51] - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- pkcs11-helper.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/pkcs11-helper.spec b/pkcs11-helper.spec index cfc2956..7ede91a 100644 --- a/pkcs11-helper.spec +++ b/pkcs11-helper.spec @@ -1,6 +1,6 @@ Name: pkcs11-helper Version: 1.27.0 -Release: 3%{?dist} +Release: 4%{?dist} Summary: A library for using PKCS#11 providers License: GPLv2 or BSD @@ -75,6 +75,10 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la %changelog +* Tue Jul 27 2021 Fedora Release Engineering - 1.27.0-4 +- Second attempt - Rebuilt for + https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + * Wed Jan 27 2021 Fedora Release Engineering - 1.27.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild From 25e56b051026ab1193a7d7a9e51d7d52d08a9dcc Mon Sep 17 00:00:00 2001 From: Sahana Prasad Date: Tue, 14 Sep 2021 19:11:39 +0200 Subject: [PATCH 49/51] Rebuilt with OpenSSL 3.0.0 --- pkcs11-helper.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkcs11-helper.spec b/pkcs11-helper.spec index 7ede91a..0c5aca4 100644 --- a/pkcs11-helper.spec +++ b/pkcs11-helper.spec @@ -1,6 +1,6 @@ Name: pkcs11-helper Version: 1.27.0 -Release: 4%{?dist} +Release: 5%{?dist} Summary: A library for using PKCS#11 providers License: GPLv2 or BSD @@ -75,6 +75,9 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la %changelog +* Tue Sep 14 2021 Sahana Prasad - 1.27.0-5 +- Rebuilt with OpenSSL 3.0.0 + * Tue Jul 27 2021 Fedora Release Engineering - 1.27.0-4 - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild From 29974529201de14b99473f3f559d1d1bf731fb3d Mon Sep 17 00:00:00 2001 From: Neal Gompa Date: Mon, 4 Oct 2021 10:24:08 -0400 Subject: [PATCH 50/51] Backport fix for OpenSSL 3.0 support --- pkcs11-helper-openssl3.patch | 24 ++++++++++++++++++++++++ pkcs11-helper.spec | 10 +++++++--- 2 files changed, 31 insertions(+), 3 deletions(-) create mode 100644 pkcs11-helper-openssl3.patch diff --git a/pkcs11-helper-openssl3.patch b/pkcs11-helper-openssl3.patch new file mode 100644 index 0000000..62194bd --- /dev/null +++ b/pkcs11-helper-openssl3.patch @@ -0,0 +1,24 @@ +From 086d551251cebb67cd74ab2e735427969bbf215f Mon Sep 17 00:00:00 2001 +From: Alon Bar-Lev +Date: Wed, 4 Aug 2021 19:02:34 +0300 +Subject: [PATCH] build: openssl: remove RSA_SSLV23_PADDING constant usage + +Due to openssl-3 compatibility, thanks to t0b3 +--- + lib/pkcs11h-openssl.c | 3 --- + 1 files changed, 3 deletions(-) + +diff --git a/lib/pkcs11h-openssl.c b/lib/pkcs11h-openssl.c +index dfb00136..78bb7fc1 100644 +--- a/lib/pkcs11h-openssl.c ++++ b/lib/pkcs11h-openssl.c +@@ -474,9 +474,6 @@ __pkcs11h_openssl_rsa_dec ( + case RSA_PKCS1_OAEP_PADDING: + mech = CKM_RSA_PKCS_OAEP; + break; +- case RSA_SSLV23_PADDING: +- rv = CKR_MECHANISM_INVALID; +- break; + case RSA_NO_PADDING: + mech = CKM_RSA_X_509; + break; diff --git a/pkcs11-helper.spec b/pkcs11-helper.spec index 0c5aca4..2c15521 100644 --- a/pkcs11-helper.spec +++ b/pkcs11-helper.spec @@ -1,6 +1,6 @@ Name: pkcs11-helper Version: 1.27.0 -Release: 5%{?dist} +Release: 6%{?dist} Summary: A library for using PKCS#11 providers License: GPLv2 or BSD @@ -8,6 +8,8 @@ URL: http://www.opensc-project.org/opensc/wiki/pkcs11-helper Source0: https://github.com/OpenSC/pkcs11-helper/releases/download/pkcs11-helper-1.27/pkcs11-helper-%{version}.tar.bz2 # https://github.com/OpenSC/pkcs11-helper/pull/4 Patch2: pkcs11-helper-rfc7512.patch +# https://github.com/OpenSC/pkcs11-helper/commit/086d551251cebb67cd74ab2e735427969bbf215f +Patch3: pkcs11-helper-openssl3.patch BuildRequires: make BuildRequires: gcc @@ -36,8 +38,7 @@ programs using the pkcs11-helper library. %prep -%setup -q -%patch2 -p1 +%autosetup -p1 %build %configure --disable-static --enable-doc @@ -75,6 +76,9 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la %changelog +* Mon Oct 04 2021 Neal Gompa - 1.27.0-6 +- Backport fix for OpenSSL 3.0 support + * Tue Sep 14 2021 Sahana Prasad - 1.27.0-5 - Rebuilt with OpenSSL 3.0.0 From b353a8111fd8010edc4b33db5d23c33fcdd4d35a Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Mon, 30 Oct 2023 23:42:32 +0300 Subject: [PATCH 51/51] Remove unnecessary files --- sources | 1 - 1 file changed, 1 deletion(-) delete mode 100644 sources diff --git a/sources b/sources deleted file mode 100644 index c254bfe..0000000 --- a/sources +++ /dev/null @@ -1 +0,0 @@ -SHA512 (pkcs11-helper-1.27.0.tar.bz2) = 5799342cb755dae8b7ba0880d652e9d4b4f1e52a74043015e1185e1e059326cb2689bb51957db98060ac2257dee34e2f047dcf3d52ad59fd49b91fedcfc5332b