import opencryptoki-3.16.0-5.el8
This commit is contained in:
parent
bd874b55c0
commit
96449d9a32
@ -0,0 +1,28 @@
|
||||
commit 5824364d995e5d2418f885ee57e377e11d1b3302
|
||||
Author: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||
Date: Wed Jul 7 13:44:46 2021 +0200
|
||||
|
||||
pkcstok_migrate: Quote strings with spaces in opencryptoki.conf
|
||||
|
||||
When modifying opencryptoki.conf during token migration, put quotes
|
||||
around strings that contain spaces, e.g. for the slot description and
|
||||
manufacturer.
|
||||
|
||||
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||
|
||||
diff --git a/usr/sbin/pkcstok_migrate/pkcstok_migrate.c b/usr/sbin/pkcstok_migrate/pkcstok_migrate.c
|
||||
index 94fd1196..3df1596e 100644
|
||||
--- a/usr/sbin/pkcstok_migrate/pkcstok_migrate.c
|
||||
+++ b/usr/sbin/pkcstok_migrate/pkcstok_migrate.c
|
||||
@@ -2107,7 +2107,10 @@ static int parseupdate_key_str(void *private, int tok, const char *val)
|
||||
{
|
||||
struct parseupdate *u = (struct parseupdate *)private;
|
||||
|
||||
- if (tok != KW_TOKVERSION)
|
||||
+ if (tok != KW_HWVERSION && tok != KW_FWVERSION &&
|
||||
+ strchr(val, ' ') != NULL)
|
||||
+ fprintf(u->f, " %s = \"%s\"", keyword_token_to_str(tok), val);
|
||||
+ else if (tok != KW_TOKVERSION)
|
||||
fprintf(u->f, " %s = %s", keyword_token_to_str(tok), val);
|
||||
return 0;
|
||||
}
|
@ -0,0 +1,104 @@
|
||||
commit d2f137cce5e6efb123842509352c7c49f889c67f
|
||||
Author: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||
Date: Thu Jul 22 15:55:02 2021 +0200
|
||||
|
||||
pkcstok_migrate: Rework string quoting for opencryptoki.conf migration
|
||||
|
||||
Due to the way the parser works, a slot description like
|
||||
'description = "slot"' works, but not without quotes ('description = slot').
|
||||
The word 'slot' is treated as a keyword if not quoted (besides other keywords,
|
||||
too), so if the word 'slot' would appear in an unquoted string, the
|
||||
configuration file would fail to parse.
|
||||
|
||||
Always quote the value of 'description' and 'manufacturer'. Quote the
|
||||
value of 'stdll', 'confname', and 'tokname' if it contains spaces, and
|
||||
never quote the value of 'hwversion', 'firmwareversion', and 'tokversion'.
|
||||
|
||||
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||
|
||||
diff --git a/usr/sbin/pkcstok_migrate/pkcstok_migrate.c b/usr/sbin/pkcstok_migrate/pkcstok_migrate.c
|
||||
index a29dc8f7..853986e8 100644
|
||||
--- a/usr/sbin/pkcstok_migrate/pkcstok_migrate.c
|
||||
+++ b/usr/sbin/pkcstok_migrate/pkcstok_migrate.c
|
||||
@@ -2060,7 +2060,7 @@ done:
|
||||
*/
|
||||
static int parseupdate_ockversion(void *private, const char *version)
|
||||
{
|
||||
- struct parseupdate *u = (struct parseupdate *)private;
|
||||
+ struct parseupdate *u = (struct parseupdate *)private;
|
||||
|
||||
fprintf(u->f, "version %s", version);
|
||||
return 0;
|
||||
@@ -2075,14 +2075,14 @@ static void parseupdate_disab_event_supp(void *private)
|
||||
|
||||
static void parseupdate_eol(void *private)
|
||||
{
|
||||
- struct parseupdate *u = (struct parseupdate *)private;
|
||||
+ struct parseupdate *u = (struct parseupdate *)private;
|
||||
|
||||
fputc('\n', u->f);
|
||||
}
|
||||
|
||||
static int parseupdate_begin_slot(void *private, int slot, int nl_before_begin)
|
||||
{
|
||||
- struct parseupdate *u = (struct parseupdate *)private;
|
||||
+ struct parseupdate *u = (struct parseupdate *)private;
|
||||
|
||||
u->activeslot = (slot == u->slotnum);
|
||||
if (nl_before_begin)
|
||||
@@ -2094,7 +2094,7 @@ static int parseupdate_begin_slot(void *private, int slot, int nl_before_begin)
|
||||
|
||||
static int parseupdate_end_slot(void *private)
|
||||
{
|
||||
- struct parseupdate *u = (struct parseupdate *)private;
|
||||
+ struct parseupdate *u = (struct parseupdate *)private;
|
||||
|
||||
if (u->activeslot)
|
||||
fprintf(u->f, " tokversion = 3.12\n");
|
||||
@@ -2105,19 +2105,32 @@ static int parseupdate_end_slot(void *private)
|
||||
|
||||
static int parseupdate_key_str(void *private, int tok, const char *val)
|
||||
{
|
||||
- struct parseupdate *u = (struct parseupdate *)private;
|
||||
+ struct parseupdate *u = (struct parseupdate *)private;
|
||||
|
||||
- if (tok != KW_HWVERSION && tok != KW_FWVERSION &&
|
||||
- strchr(val, ' ') != NULL)
|
||||
+ switch (tok) {
|
||||
+ case KW_SLOTDESC:
|
||||
+ case KW_MANUFID:
|
||||
fprintf(u->f, " %s = \"%s\"", keyword_token_to_str(tok), val);
|
||||
- else if (tok != KW_TOKVERSION)
|
||||
+ break;
|
||||
+ case KW_STDLL:
|
||||
+ case KW_CONFNAME:
|
||||
+ case KW_TOKNAME:
|
||||
+ if (strchr(val, ' ') != NULL)
|
||||
+ fprintf(u->f, " %s = \"%s\"", keyword_token_to_str(tok), val);
|
||||
+ else
|
||||
+ fprintf(u->f, " %s = %s", keyword_token_to_str(tok), val);
|
||||
+ break;
|
||||
+ case KW_HWVERSION:
|
||||
+ case KW_FWVERSION:
|
||||
fprintf(u->f, " %s = %s", keyword_token_to_str(tok), val);
|
||||
+ break;
|
||||
+ }
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int parseupdate_key_vers(void *private, int tok, unsigned int vers)
|
||||
{
|
||||
- struct parseupdate *u = (struct parseupdate *)private;
|
||||
+ struct parseupdate *u = (struct parseupdate *)private;
|
||||
|
||||
if (tok == KW_TOKVERSION && !u->activeslot)
|
||||
fprintf(u->f, " %s = %d.%d", keyword_token_to_str(tok),
|
||||
@@ -2127,7 +2140,7 @@ static int parseupdate_key_vers(void *private, int tok, unsigned int vers)
|
||||
|
||||
static void parseupdate_eolcomment(void *private, const char *comment)
|
||||
{
|
||||
- struct parseupdate *u = (struct parseupdate *)private;
|
||||
+ struct parseupdate *u = (struct parseupdate *)private;
|
||||
|
||||
fprintf(u->f, "#%s", comment);
|
||||
}
|
@ -0,0 +1,25 @@
|
||||
commit e88a9de3128df1c4b89bd4c7312c15bb3eb34593
|
||||
Author: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||
Date: Thu Jul 8 15:18:30 2021 +0200
|
||||
|
||||
pkcstok_migrate: Don't remove 'tokversion = x.y' during migration
|
||||
|
||||
When migrating a slot the opencryptoki.conf file is modified. If it
|
||||
contains slots that already contain the 'tokversion = x.y' keyword,
|
||||
this is accidentally removed when migrating another slot.
|
||||
|
||||
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||
|
||||
diff --git a/usr/sbin/pkcstok_migrate/pkcstok_migrate.c b/usr/sbin/pkcstok_migrate/pkcstok_migrate.c
|
||||
index 3df1596e..05081aff 100644
|
||||
--- a/usr/sbin/pkcstok_migrate/pkcstok_migrate.c
|
||||
+++ b/usr/sbin/pkcstok_migrate/pkcstok_migrate.c
|
||||
@@ -2119,7 +2119,7 @@ static int parseupdate_key_vers(void *private, int tok, unsigned int vers)
|
||||
{
|
||||
struct parseupdate *u = (struct parseupdate *)private;
|
||||
|
||||
- if (tok != KW_TOKVERSION)
|
||||
+ if (tok == KW_TOKVERSION && !u->activeslot)
|
||||
fprintf(u->f, " %s = %d.%d", keyword_token_to_str(tok),
|
||||
vers >> 16, vers & 0xffu);
|
||||
return 0;
|
@ -1,7 +1,7 @@
|
||||
Name: opencryptoki
|
||||
Summary: Implementation of the PKCS#11 (Cryptoki) specification v2.11
|
||||
Version: 3.16.0
|
||||
Release: 4%{?dist}
|
||||
Release: 5%{?dist}
|
||||
License: CPL
|
||||
Group: System Environment/Base
|
||||
URL: https://github.com/opencryptoki/opencryptoki
|
||||
@ -27,6 +27,9 @@ Patch211: opencryptoki-3.16.0-1fdd0e4497b0078e73e0004e3492db647c7c458b.patch
|
||||
Patch212: opencryptoki-3.16.0-bf812c652c49d7e248b115d121a4f7f6568941a2.patch
|
||||
Patch213: opencryptoki-3.16.0-7b7d83c571ceb3050969359817d4145600f14ae8.patch
|
||||
Patch214: opencryptoki-3.16.0-pkcstok_migrate-detection_if_pkcsslotd_is_still_running.patch
|
||||
Patch215: opencryptoki-3.16.0-5824364d995e5d2418f885ee57e377e11d1b3302.patch
|
||||
Patch216: opencryptoki-3.16.0-e88a9de3128df1c4b89bd4c7312c15bb3eb34593.patch
|
||||
Patch217: opencryptoki-3.16.0-d2f137cce5e6efb123842509352c7c49f889c67f.patch
|
||||
|
||||
Requires(pre): coreutils
|
||||
Requires: (selinux-policy >= 3.14.3-70 if selinux-policy-targeted)
|
||||
@ -357,6 +360,9 @@ fi
|
||||
|
||||
|
||||
%changelog
|
||||
* Thu Aug 19 2021 Than Ngo <than@redhat.com> - 3.16.0-5
|
||||
- Resolves: #1987256, pkcstok_migrate leaves options with multiple strings in opencryptoki.conf options without double-quotes
|
||||
|
||||
* Fri Jul 16 2021 Than Ngo <than@redhat.com> - 3.16.0-4
|
||||
- Resolves: #1964304, Fix detection if pkcsslotd is still running
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user