import opencryptoki-3.16.0-5.el8

SOURCES/opencryptoki-3.16.0-5824364d995e5d2418f885ee57e377e11d1b3302.patch

@@ -0,0 +1,28 @@
+commit 5824364d995e5d2418f885ee57e377e11d1b3302
+Author: Ingo Franzki <ifranzki@linux.ibm.com>
+Date:   Wed Jul 7 13:44:46 2021 +0200
+
+    pkcstok_migrate: Quote strings with spaces in opencryptoki.conf
+    
+    When modifying opencryptoki.conf during token migration, put quotes
+    around strings that contain spaces, e.g. for the slot description and
+    manufacturer.
+    
+    Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
+
+diff --git a/usr/sbin/pkcstok_migrate/pkcstok_migrate.c b/usr/sbin/pkcstok_migrate/pkcstok_migrate.c
+index 94fd1196..3df1596e 100644
+--- a/usr/sbin/pkcstok_migrate/pkcstok_migrate.c
++++ b/usr/sbin/pkcstok_migrate/pkcstok_migrate.c
+@@ -2107,7 +2107,10 @@ static int parseupdate_key_str(void *private, int tok, const char *val)
+ {
+ 	struct parseupdate *u = (struct parseupdate *)private;
+ 
+-    if (tok != KW_TOKVERSION)
++    if (tok != KW_HWVERSION && tok != KW_FWVERSION &&
++        strchr(val, ' ') != NULL)
++        fprintf(u->f, "  %s = \"%s\"", keyword_token_to_str(tok), val);
++    else if (tok != KW_TOKVERSION)
+         fprintf(u->f, "  %s = %s", keyword_token_to_str(tok), val);
+     return 0;
+ }

SOURCES/opencryptoki-3.16.0-d2f137cce5e6efb123842509352c7c49f889c67f.patch

@@ -0,0 +1,104 @@
+commit d2f137cce5e6efb123842509352c7c49f889c67f
+Author: Ingo Franzki <ifranzki@linux.ibm.com>
+Date:   Thu Jul 22 15:55:02 2021 +0200
+
+    pkcstok_migrate: Rework string quoting for opencryptoki.conf migration
+    
+    Due to the way the parser works, a slot description like
+    'description = "slot"' works, but not without quotes ('description = slot').
+    The word 'slot' is treated as a keyword if not quoted (besides other keywords,
+    too), so if the word 'slot' would appear in an unquoted string, the
+    configuration file would fail to parse.
+    
+    Always quote the value of 'description' and 'manufacturer'. Quote the
+    value of 'stdll', 'confname', and 'tokname' if it contains spaces, and
+    never quote the value of 'hwversion', 'firmwareversion', and 'tokversion'.
+    
+    Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
+
+diff --git a/usr/sbin/pkcstok_migrate/pkcstok_migrate.c b/usr/sbin/pkcstok_migrate/pkcstok_migrate.c
+index a29dc8f7..853986e8 100644
+--- a/usr/sbin/pkcstok_migrate/pkcstok_migrate.c
++++ b/usr/sbin/pkcstok_migrate/pkcstok_migrate.c
+@@ -2060,7 +2060,7 @@ done:
+  */
+ static int parseupdate_ockversion(void *private, const char *version)
+ {
+-	struct parseupdate *u = (struct parseupdate *)private;
++    struct parseupdate *u = (struct parseupdate *)private;
+ 
+     fprintf(u->f, "version %s", version);
+     return 0;
+@@ -2075,14 +2075,14 @@ static void parseupdate_disab_event_supp(void *private)
+ 
+ static void parseupdate_eol(void *private)
+ {
+-	struct parseupdate *u = (struct parseupdate *)private;
++    struct parseupdate *u = (struct parseupdate *)private;
+ 
+     fputc('\n', u->f);
+ }
+ 
+ static int parseupdate_begin_slot(void *private, int slot, int nl_before_begin)
+ {
+-	struct parseupdate *u = (struct parseupdate *)private;
++    struct parseupdate *u = (struct parseupdate *)private;
+ 
+     u->activeslot = (slot == u->slotnum);
+     if (nl_before_begin)
+@@ -2094,7 +2094,7 @@ static int parseupdate_begin_slot(void *private, int slot, int nl_before_begin)
+ 
+ static int parseupdate_end_slot(void *private)
+ {
+-	struct parseupdate *u = (struct parseupdate *)private;
++    struct parseupdate *u = (struct parseupdate *)private;
+ 
+     if (u->activeslot)
+         fprintf(u->f, "  tokversion = 3.12\n");
+@@ -2105,19 +2105,32 @@ static int parseupdate_end_slot(void *private)
+ 
+ static int parseupdate_key_str(void *private, int tok, const char *val)
+ {
+-	struct parseupdate *u = (struct parseupdate *)private;
++    struct parseupdate *u = (struct parseupdate *)private;
+ 
+-    if (tok != KW_HWVERSION && tok != KW_FWVERSION &&
+-        strchr(val, ' ') != NULL)
++    switch (tok) {
++    case KW_SLOTDESC:
++    case KW_MANUFID:
+         fprintf(u->f, "  %s = \"%s\"", keyword_token_to_str(tok), val);
+-    else if (tok != KW_TOKVERSION)
++        break;
++    case KW_STDLL:
++    case KW_CONFNAME:
++    case KW_TOKNAME:
++        if (strchr(val, ' ') != NULL)
++            fprintf(u->f, "  %s = \"%s\"", keyword_token_to_str(tok), val);
++        else
++            fprintf(u->f, "  %s = %s", keyword_token_to_str(tok), val);
++        break;
++    case KW_HWVERSION:
++    case KW_FWVERSION:
+         fprintf(u->f, "  %s = %s", keyword_token_to_str(tok), val);
++        break;
++	}
+     return 0;
+ }
+ 
+ static int parseupdate_key_vers(void *private, int tok, unsigned int vers)
+ {
+-	struct parseupdate *u = (struct parseupdate *)private;
++    struct parseupdate *u = (struct parseupdate *)private;
+ 
+     if (tok == KW_TOKVERSION && !u->activeslot)
+         fprintf(u->f, "  %s = %d.%d", keyword_token_to_str(tok),
+@@ -2127,7 +2140,7 @@ static int parseupdate_key_vers(void *private, int tok, unsigned int vers)
+ 
+ static void parseupdate_eolcomment(void *private, const char *comment)
+ {
+-	struct parseupdate *u = (struct parseupdate *)private;
++    struct parseupdate *u = (struct parseupdate *)private;
+ 
+     fprintf(u->f, "#%s", comment);
+ }

SOURCES/opencryptoki-3.16.0-e88a9de3128df1c4b89bd4c7312c15bb3eb34593.patch

@@ -0,0 +1,25 @@
+commit e88a9de3128df1c4b89bd4c7312c15bb3eb34593
+Author: Ingo Franzki <ifranzki@linux.ibm.com>
+Date:   Thu Jul 8 15:18:30 2021 +0200
+
+    pkcstok_migrate: Don't remove 'tokversion = x.y' during migration
+    
+    When migrating a slot the opencryptoki.conf file is modified. If it
+    contains slots that already contain the 'tokversion = x.y' keyword,
+    this is accidentally removed when migrating another slot.
+    
+    Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
+
+diff --git a/usr/sbin/pkcstok_migrate/pkcstok_migrate.c b/usr/sbin/pkcstok_migrate/pkcstok_migrate.c
+index 3df1596e..05081aff 100644
+--- a/usr/sbin/pkcstok_migrate/pkcstok_migrate.c
++++ b/usr/sbin/pkcstok_migrate/pkcstok_migrate.c
+@@ -2119,7 +2119,7 @@ static int parseupdate_key_vers(void *private, int tok, unsigned int vers)
+ {
+ 	struct parseupdate *u = (struct parseupdate *)private;
+ 
+-    if (tok != KW_TOKVERSION)
++    if (tok == KW_TOKVERSION && !u->activeslot)
+         fprintf(u->f, "  %s = %d.%d", keyword_token_to_str(tok),
+                 vers >> 16, vers & 0xffu);
+     return 0;

SPECS/opencryptoki.spec

@@ -1,7 +1,7 @@
 Name: opencryptoki
 Summary: Implementation of the PKCS#11 (Cryptoki) specification v2.11
 Version: 3.16.0
-Release: 4%{?dist}
+Release: 5%{?dist}
 License: CPL
 Group: System Environment/Base
 URL: https://github.com/opencryptoki/opencryptoki
@@ -27,6 +27,9 @@ Patch211: opencryptoki-3.16.0-1fdd0e4497b0078e73e0004e3492db647c7c458b.patch
 Patch212: opencryptoki-3.16.0-bf812c652c49d7e248b115d121a4f7f6568941a2.patch
 Patch213: opencryptoki-3.16.0-7b7d83c571ceb3050969359817d4145600f14ae8.patch
 Patch214: opencryptoki-3.16.0-pkcstok_migrate-detection_if_pkcsslotd_is_still_running.patch
+Patch215: opencryptoki-3.16.0-5824364d995e5d2418f885ee57e377e11d1b3302.patch
+Patch216: opencryptoki-3.16.0-e88a9de3128df1c4b89bd4c7312c15bb3eb34593.patch
+Patch217: opencryptoki-3.16.0-d2f137cce5e6efb123842509352c7c49f889c67f.patch
 
 Requires(pre): coreutils
 Requires: (selinux-policy >= 3.14.3-70 if selinux-policy-targeted)
@@ -357,6 +360,9 @@ fi
 
 
 %changelog
+* Thu Aug 19 2021 Than Ngo <than@redhat.com> - 3.16.0-5
+- Resolves: #1987256, pkcstok_migrate leaves options with multiple strings in opencryptoki.conf options without double-quotes
+
 * Fri Jul 16 2021 Than Ngo <than@redhat.com> - 3.16.0-4
 - Resolves: #1964304, Fix detection if pkcsslotd is still running