new upstream release 3.1
This commit is contained in:
parent
ac40e6f532
commit
c92b26c0a0
1
.gitignore
vendored
1
.gitignore
vendored
@ -7,3 +7,4 @@ opencryptoki-2.3.1.tar.gz
|
|||||||
/opencryptoki-2.4.3.tar.gz
|
/opencryptoki-2.4.3.tar.gz
|
||||||
/opencryptoki-2.4.3.1-tar.gz
|
/opencryptoki-2.4.3.1-tar.gz
|
||||||
/opencryptoki-v3.0.tar.gz
|
/opencryptoki-v3.0.tar.gz
|
||||||
|
/opencryptoki-v3.1.tgz
|
||||||
|
File diff suppressed because it is too large
Load Diff
@ -1,59 +0,0 @@
|
|||||||
From 95064291fe13d4ed98e195946d931fe779f8a48f Mon Sep 17 00:00:00 2001
|
|
||||||
From: Joy Latten <jmlatten@linux.vnet.ibm.com>
|
|
||||||
Date: Fri, 17 Jan 2014 10:33:19 -0600
|
|
||||||
Subject: [PATCH] Problem: A regular user in pkcs11 group cannot issue pkcsconf
|
|
||||||
-t. When shm_open() creates shared memory object, it honors umask of the
|
|
||||||
caller. This patch ensures the shared memory has expected permissions when it
|
|
||||||
is created.
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
Signed-off-by: Joy Latten <jmlatten@linux.vnet.ibm.com>
|
|
||||||
Signed-off-by: Dan Horák <dan@danny.cz>
|
|
||||||
---
|
|
||||||
usr/lib/pkcs11/common/shared_memory.c | 27 ++++++++++++++++++++++-----
|
|
||||||
1 file changed, 22 insertions(+), 5 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/usr/lib/pkcs11/common/shared_memory.c b/usr/lib/pkcs11/common/shared_memory.c
|
|
||||||
index a8710c5..bf0411d 100644
|
|
||||||
--- a/usr/lib/pkcs11/common/shared_memory.c
|
|
||||||
+++ b/usr/lib/pkcs11/common/shared_memory.c
|
|
||||||
@@ -161,12 +161,29 @@ sm_open(const char *sm_name, int mode, void **p_addr, size_t len, int force)
|
|
||||||
goto done;
|
|
||||||
}
|
|
||||||
|
|
||||||
- fd = shm_open(name, O_RDWR | O_CREAT, mode);
|
|
||||||
+ /* try and open first... */
|
|
||||||
+ fd = shm_open(name, O_RDWR, mode);
|
|
||||||
if (fd < 0) {
|
|
||||||
- rc = -errno;
|
|
||||||
- SYS_ERROR(errno, "Failed to open shared memory \"%s\".\n",
|
|
||||||
- name);
|
|
||||||
- goto done;
|
|
||||||
+ /* maybe it needs to be created ... */
|
|
||||||
+ fd = shm_open(name, O_RDWR | O_CREAT, mode);
|
|
||||||
+ if (fd < 0) {
|
|
||||||
+ rc = -errno;
|
|
||||||
+ SYS_ERROR(errno,
|
|
||||||
+ "Failed to open shared memory \"%s\".\n",
|
|
||||||
+ name);
|
|
||||||
+ goto done;
|
|
||||||
+ } else {
|
|
||||||
+ /* umask may have altered permissions if we created
|
|
||||||
+ * the shared memory in above call, so set proper
|
|
||||||
+ * permissions just in case.
|
|
||||||
+ */
|
|
||||||
+ if (fchmod(fd, mode) == -1) {
|
|
||||||
+ rc = -errno;
|
|
||||||
+ SYS_ERROR(errno, "fchmod(%s): %s\n",
|
|
||||||
+ name, strerror(errno));
|
|
||||||
+ goto done;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
--
|
|
||||||
1.8.1.4
|
|
||||||
|
|
@ -1,30 +0,0 @@
|
|||||||
From 02d46e95acfca2ac3ca85a3f1c3d271a04e29206 Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
|
|
||||||
Date: Tue, 3 Dec 2013 14:44:36 +0100
|
|
||||||
Subject: [PATCH] fix build with -Werror=format-security
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
|
|
||||||
Signed-off-by: Dan Horák <dan@danny.cz>
|
|
||||||
---
|
|
||||||
usr/sbin/pkcsslotd/log.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/usr/sbin/pkcsslotd/log.c b/usr/sbin/pkcsslotd/log.c
|
|
||||||
index 949d95d..a2292ac 100755
|
|
||||||
--- a/usr/sbin/pkcsslotd/log.c
|
|
||||||
+++ b/usr/sbin/pkcsslotd/log.c
|
|
||||||
@@ -823,7 +823,7 @@ BOOL PKCS_Log ( pLogHandle phLog, char *Format, va_list ap ) {
|
|
||||||
|
|
||||||
/* Always log to syslog, if we're using it */
|
|
||||||
if ( pInfo->UseSyslog ) {
|
|
||||||
- syslog(pInfo->LogLevel, Buffer);
|
|
||||||
+ syslog(pInfo->LogLevel, "%s", Buffer);
|
|
||||||
}
|
|
||||||
|
|
||||||
return TRUE;
|
|
||||||
--
|
|
||||||
1.8.1.4
|
|
||||||
|
|
@ -1,37 +0,0 @@
|
|||||||
commit b50eb39e3cf8ccfdb735fbddfcdae10bdb70e1c4
|
|
||||||
Author: Joy Latten <jmlatten@linux.vnet.ibm.com>
|
|
||||||
Date: Wed Sep 4 16:12:38 2013 -0500
|
|
||||||
|
|
||||||
Update the opencryptoki(7) man page and remove reference to
|
|
||||||
pkcs11_startup and pk_config_data.
|
|
||||||
|
|
||||||
Signed-off-by: Joy Latten <jmlatten@linux.vnet.ibm.com>
|
|
||||||
|
|
||||||
diff --git a/man/man7/opencryptoki.7.in b/man/man7/opencryptoki.7.in
|
|
||||||
index 5030bd2..bf5a65e 100644
|
|
||||||
--- a/man/man7/opencryptoki.7.in
|
|
||||||
+++ b/man/man7/opencryptoki.7.in
|
|
||||||
@@ -9,11 +9,9 @@ tokens, which may be implemented via software or hardware. The PKCS#11
|
|
||||||
specification has been released by RSA Labs. More information on PKCS#11
|
|
||||||
can be found on the RSA labs website: http://www.rsa.com/rsalabs.
|
|
||||||
|
|
||||||
-To use openCryptoki, first run \fIpkcs11_startup\fP to initialize the
|
|
||||||
-contents of the pk_config_data file. Then run the \fIpkcsslotd\fP daemon. At
|
|
||||||
-this point, openCryptoki is ready to start receiving PKCS#11 requests
|
|
||||||
-from user applications. If openCryptoki is included by your distro, its
|
|
||||||
-likely that pkcs11_startup is run automatically by an init script.
|
|
||||||
+To use openCryptoki, run the \fIpkcsslotd\fP daemon. The daemon will
|
|
||||||
+read the \fIopencryptoki.conf\fP file to collect information about the
|
|
||||||
+tokens and their slots.
|
|
||||||
|
|
||||||
Use the \fIpkcsconf\fP utility to further configure openCryptoki once the
|
|
||||||
daemon is running.
|
|
||||||
@@ -33,7 +31,5 @@ privileges of other openCryptoki users.
|
|
||||||
.TP
|
|
||||||
\fBpkcsconf\fP(1),
|
|
||||||
.TP
|
|
||||||
-\fBpk_config_data\fP(5),
|
|
||||||
-.TP
|
|
||||||
-\fBpkcs11_startup\fP(1).
|
|
||||||
+\fBopencryptoki.conf\fP(5).
|
|
||||||
.PD
|
|
@ -1,35 +0,0 @@
|
|||||||
From 48e9a2fdcae6d373f56aefcb85507758803be7df Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
|
|
||||||
Date: Mon, 22 Jul 2013 18:49:43 +0200
|
|
||||||
Subject: [PATCH] update options in the pkcsconf man page to match the pkcsconf
|
|
||||||
binary
|
|
||||||
|
|
||||||
---
|
|
||||||
man/man1/pkcsconf.1.in | 4 +++-
|
|
||||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/man/man1/pkcsconf.1.in b/man/man1/pkcsconf.1.in
|
|
||||||
index 1b95651..76293ae 100644
|
|
||||||
--- a/man/man1/pkcsconf.1.in
|
|
||||||
+++ b/man/man1/pkcsconf.1.in
|
|
||||||
@@ -4,7 +4,7 @@ pkcsconf \- configuration utility for the pkcsslotd daemon
|
|
||||||
|
|
||||||
.SH SYNOPSIS
|
|
||||||
\fBpkcsconf\fP
|
|
||||||
-[\fB-itsmMIupPh\fP]
|
|
||||||
+[\fB-itsmlIupPh\fP]
|
|
||||||
[\fB-c\fP \fIslotnumber\fP \fB-U\fP \fIuserPIN\fP
|
|
||||||
\fB-S\fP \fISOPin\fP \fB-n\fP \fInewpin\fP]
|
|
||||||
|
|
||||||
@@ -21,6 +21,8 @@ display token info
|
|
||||||
display slot info
|
|
||||||
.IP "\fB-m\fP" 10
|
|
||||||
display mechanism list
|
|
||||||
+.IP "\fB-l\fP" 10
|
|
||||||
+display slot description
|
|
||||||
.IP "\fB-I\fP" 10
|
|
||||||
initialize token
|
|
||||||
.IP "\fB-u\fP" 10
|
|
||||||
--
|
|
||||||
1.8.1.4
|
|
||||||
|
|
@ -1,24 +0,0 @@
|
|||||||
From a8870725de46b8c5716e1539a0d01256b319940b Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
|
|
||||||
Date: Fri, 23 Aug 2013 16:57:52 +0200
|
|
||||||
Subject: [PATCH] update unit file for 3.0
|
|
||||||
|
|
||||||
---
|
|
||||||
misc/pkcsslotd.service.in | 1 -
|
|
||||||
1 file changed, 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/misc/pkcsslotd.service.in b/misc/pkcsslotd.service.in
|
|
||||||
index bfd9934..461be60 100644
|
|
||||||
--- a/misc/pkcsslotd.service.in
|
|
||||||
+++ b/misc/pkcsslotd.service.in
|
|
||||||
@@ -5,7 +5,6 @@ After=syslog.target
|
|
||||||
[Service]
|
|
||||||
Type=forking
|
|
||||||
PIDFile=/var/run/pkcsslotd.pid
|
|
||||||
-ExecStartPre=@sbindir@/pkcs11_startup
|
|
||||||
ExecStart=@sbindir@/pkcsslotd
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
--
|
|
||||||
1.8.1.4
|
|
||||||
|
|
@ -2,31 +2,15 @@
|
|||||||
|
|
||||||
Name: opencryptoki
|
Name: opencryptoki
|
||||||
Summary: Implementation of the PKCS#11 (Cryptoki) specification v2.11
|
Summary: Implementation of the PKCS#11 (Cryptoki) specification v2.11
|
||||||
Version: 3.0
|
Version: 3.1
|
||||||
Release: 11%{?dist}
|
Release: 1%{?dist}
|
||||||
License: CPL
|
License: CPL
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
URL: http://sourceforge.net/projects/opencryptoki
|
URL: http://sourceforge.net/projects/opencryptoki
|
||||||
Source0: http://downloads.sourceforge.net/%{name}/%{name}-v%{version}.tar.gz
|
Source0: http://downloads.sourceforge.net/%{name}/%{name}-v%{version}.tgz
|
||||||
Source1: %{name}-tmpfiles.conf
|
Source1: %{name}-tmpfiles.conf
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=732756
|
# https://bugzilla.redhat.com/show_bug.cgi?id=732756
|
||||||
Patch0: %{name}-2.4-group.patch
|
Patch0: %{name}-2.4-group.patch
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=948460
|
|
||||||
# http://sourceforge.net/mailarchive/message.php?msg_id=31202168
|
|
||||||
Patch1: %{name}-3.0-pkcsconf-man.patch
|
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=995002
|
|
||||||
# http://sourceforge.net/mailarchive/message.php?msg_id=31321105
|
|
||||||
Patch2: %{name}-3.0-unit.patch
|
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1001729
|
|
||||||
# http://sourceforge.net/p/opencryptoki/opencryptoki/ci/b50eb39e3cf8ccfdb735fbddfcdae10bdb70e1c4/
|
|
||||||
Patch3: %{name}-3.0-opencryptoki-man.patch
|
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1033284
|
|
||||||
# post-3.0 upstream fixes
|
|
||||||
Patch4: %{name}-3.0-bz1033284.patch
|
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1037228
|
|
||||||
Patch5: %{name}-3.0-format.patch
|
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1054661
|
|
||||||
Patch6: %{name}-3.0-bz1054661.patch
|
|
||||||
Requires(pre): shadow-utils coreutils sed
|
Requires(pre): shadow-utils coreutils sed
|
||||||
BuildRequires: openssl-devel
|
BuildRequires: openssl-devel
|
||||||
BuildRequires: trousers-devel
|
BuildRequires: trousers-devel
|
||||||
@ -173,12 +157,6 @@ cryptographic hardware such as IBM 4764 or 4765 that uses the
|
|||||||
%prep
|
%prep
|
||||||
%setup -q -n %{name}
|
%setup -q -n %{name}
|
||||||
%patch0 -p1 -b .group
|
%patch0 -p1 -b .group
|
||||||
%patch1 -p1 -b .pkcsconf-man
|
|
||||||
%patch2 -p1 -b .unit
|
|
||||||
%patch3 -p1 -b .opencryptoki-man
|
|
||||||
%patch4 -p1 -b .bz1033284
|
|
||||||
%patch5 -p1 -b .format
|
|
||||||
%patch6 -p1 -b .bz1054661
|
|
||||||
|
|
||||||
# Upstream tarball has unnecessary executable perms set on the sources
|
# Upstream tarball has unnecessary executable perms set on the sources
|
||||||
find . -name '*.[ch]' -print0 | xargs -0 chmod -x
|
find . -name '*.[ch]' -print0 | xargs -0 chmod -x
|
||||||
@ -264,6 +242,7 @@ exit 0
|
|||||||
%{_sbindir}/pkcsconf
|
%{_sbindir}/pkcsconf
|
||||||
%{_sbindir}/pkcsslotd
|
%{_sbindir}/pkcsslotd
|
||||||
%{_mandir}/man1/pkcsconf.1*
|
%{_mandir}/man1/pkcsconf.1*
|
||||||
|
%{_mandir}/man1/pkcsep11_migrate.1.*
|
||||||
%{_mandir}/man5/%{name}.conf.5*
|
%{_mandir}/man5/%{name}.conf.5*
|
||||||
%{_mandir}/man7/%{name}.7*
|
%{_mandir}/man7/%{name}.7*
|
||||||
%{_mandir}/man8/pkcsslotd.8*
|
%{_mandir}/man8/pkcsslotd.8*
|
||||||
@ -330,6 +309,9 @@ exit 0
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Jul 24 2014 Petr Lautrbach <plautrba@redhat.com> 3.1-1
|
||||||
|
- new upstream release 3.1
|
||||||
|
|
||||||
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.0-11
|
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.0-11
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user