new upstream release 3.1

This commit is contained in:
Petr Lautrbach 2014-07-24 15:26:11 +02:00
parent ac40e6f532
commit c92b26c0a0
9 changed files with 9 additions and 2998 deletions

1
.gitignore vendored
View File

@ -7,3 +7,4 @@ opencryptoki-2.3.1.tar.gz
/opencryptoki-2.4.3.tar.gz /opencryptoki-2.4.3.tar.gz
/opencryptoki-2.4.3.1-tar.gz /opencryptoki-2.4.3.1-tar.gz
/opencryptoki-v3.0.tar.gz /opencryptoki-v3.0.tar.gz
/opencryptoki-v3.1.tgz

File diff suppressed because it is too large Load Diff

View File

@ -1,59 +0,0 @@
From 95064291fe13d4ed98e195946d931fe779f8a48f Mon Sep 17 00:00:00 2001
From: Joy Latten <jmlatten@linux.vnet.ibm.com>
Date: Fri, 17 Jan 2014 10:33:19 -0600
Subject: [PATCH] Problem: A regular user in pkcs11 group cannot issue pkcsconf
-t. When shm_open() creates shared memory object, it honors umask of the
caller. This patch ensures the shared memory has expected permissions when it
is created.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Joy Latten <jmlatten@linux.vnet.ibm.com>
Signed-off-by: Dan Horák <dan@danny.cz>
---
usr/lib/pkcs11/common/shared_memory.c | 27 ++++++++++++++++++++++-----
1 file changed, 22 insertions(+), 5 deletions(-)
diff --git a/usr/lib/pkcs11/common/shared_memory.c b/usr/lib/pkcs11/common/shared_memory.c
index a8710c5..bf0411d 100644
--- a/usr/lib/pkcs11/common/shared_memory.c
+++ b/usr/lib/pkcs11/common/shared_memory.c
@@ -161,12 +161,29 @@ sm_open(const char *sm_name, int mode, void **p_addr, size_t len, int force)
goto done;
}
- fd = shm_open(name, O_RDWR | O_CREAT, mode);
+ /* try and open first... */
+ fd = shm_open(name, O_RDWR, mode);
if (fd < 0) {
- rc = -errno;
- SYS_ERROR(errno, "Failed to open shared memory \"%s\".\n",
- name);
- goto done;
+ /* maybe it needs to be created ... */
+ fd = shm_open(name, O_RDWR | O_CREAT, mode);
+ if (fd < 0) {
+ rc = -errno;
+ SYS_ERROR(errno,
+ "Failed to open shared memory \"%s\".\n",
+ name);
+ goto done;
+ } else {
+ /* umask may have altered permissions if we created
+ * the shared memory in above call, so set proper
+ * permissions just in case.
+ */
+ if (fchmod(fd, mode) == -1) {
+ rc = -errno;
+ SYS_ERROR(errno, "fchmod(%s): %s\n",
+ name, strerror(errno));
+ goto done;
+ }
+ }
}
/*
--
1.8.1.4

View File

@ -1,30 +0,0 @@
From 02d46e95acfca2ac3ca85a3f1c3d271a04e29206 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
Date: Tue, 3 Dec 2013 14:44:36 +0100
Subject: [PATCH] fix build with -Werror=format-security
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Dan Horák <dan@danny.cz>
---
usr/sbin/pkcsslotd/log.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/usr/sbin/pkcsslotd/log.c b/usr/sbin/pkcsslotd/log.c
index 949d95d..a2292ac 100755
--- a/usr/sbin/pkcsslotd/log.c
+++ b/usr/sbin/pkcsslotd/log.c
@@ -823,7 +823,7 @@ BOOL PKCS_Log ( pLogHandle phLog, char *Format, va_list ap ) {
/* Always log to syslog, if we're using it */
if ( pInfo->UseSyslog ) {
- syslog(pInfo->LogLevel, Buffer);
+ syslog(pInfo->LogLevel, "%s", Buffer);
}
return TRUE;
--
1.8.1.4

View File

@ -1,37 +0,0 @@
commit b50eb39e3cf8ccfdb735fbddfcdae10bdb70e1c4
Author: Joy Latten <jmlatten@linux.vnet.ibm.com>
Date: Wed Sep 4 16:12:38 2013 -0500
Update the opencryptoki(7) man page and remove reference to
pkcs11_startup and pk_config_data.
Signed-off-by: Joy Latten <jmlatten@linux.vnet.ibm.com>
diff --git a/man/man7/opencryptoki.7.in b/man/man7/opencryptoki.7.in
index 5030bd2..bf5a65e 100644
--- a/man/man7/opencryptoki.7.in
+++ b/man/man7/opencryptoki.7.in
@@ -9,11 +9,9 @@ tokens, which may be implemented via software or hardware. The PKCS#11
specification has been released by RSA Labs. More information on PKCS#11
can be found on the RSA labs website: http://www.rsa.com/rsalabs.
-To use openCryptoki, first run \fIpkcs11_startup\fP to initialize the
-contents of the pk_config_data file. Then run the \fIpkcsslotd\fP daemon. At
-this point, openCryptoki is ready to start receiving PKCS#11 requests
-from user applications. If openCryptoki is included by your distro, its
-likely that pkcs11_startup is run automatically by an init script.
+To use openCryptoki, run the \fIpkcsslotd\fP daemon. The daemon will
+read the \fIopencryptoki.conf\fP file to collect information about the
+tokens and their slots.
Use the \fIpkcsconf\fP utility to further configure openCryptoki once the
daemon is running.
@@ -33,7 +31,5 @@ privileges of other openCryptoki users.
.TP
\fBpkcsconf\fP(1),
.TP
-\fBpk_config_data\fP(5),
-.TP
-\fBpkcs11_startup\fP(1).
+\fBopencryptoki.conf\fP(5).
.PD

View File

@ -1,35 +0,0 @@
From 48e9a2fdcae6d373f56aefcb85507758803be7df Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
Date: Mon, 22 Jul 2013 18:49:43 +0200
Subject: [PATCH] update options in the pkcsconf man page to match the pkcsconf
binary
---
man/man1/pkcsconf.1.in | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/man/man1/pkcsconf.1.in b/man/man1/pkcsconf.1.in
index 1b95651..76293ae 100644
--- a/man/man1/pkcsconf.1.in
+++ b/man/man1/pkcsconf.1.in
@@ -4,7 +4,7 @@ pkcsconf \- configuration utility for the pkcsslotd daemon
.SH SYNOPSIS
\fBpkcsconf\fP
-[\fB-itsmMIupPh\fP]
+[\fB-itsmlIupPh\fP]
[\fB-c\fP \fIslotnumber\fP \fB-U\fP \fIuserPIN\fP
\fB-S\fP \fISOPin\fP \fB-n\fP \fInewpin\fP]
@@ -21,6 +21,8 @@ display token info
display slot info
.IP "\fB-m\fP" 10
display mechanism list
+.IP "\fB-l\fP" 10
+display slot description
.IP "\fB-I\fP" 10
initialize token
.IP "\fB-u\fP" 10
--
1.8.1.4

View File

@ -1,24 +0,0 @@
From a8870725de46b8c5716e1539a0d01256b319940b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
Date: Fri, 23 Aug 2013 16:57:52 +0200
Subject: [PATCH] update unit file for 3.0
---
misc/pkcsslotd.service.in | 1 -
1 file changed, 1 deletion(-)
diff --git a/misc/pkcsslotd.service.in b/misc/pkcsslotd.service.in
index bfd9934..461be60 100644
--- a/misc/pkcsslotd.service.in
+++ b/misc/pkcsslotd.service.in
@@ -5,7 +5,6 @@ After=syslog.target
[Service]
Type=forking
PIDFile=/var/run/pkcsslotd.pid
-ExecStartPre=@sbindir@/pkcs11_startup
ExecStart=@sbindir@/pkcsslotd
[Install]
--
1.8.1.4

View File

@ -2,31 +2,15 @@
Name: opencryptoki Name: opencryptoki
Summary: Implementation of the PKCS#11 (Cryptoki) specification v2.11 Summary: Implementation of the PKCS#11 (Cryptoki) specification v2.11
Version: 3.0 Version: 3.1
Release: 11%{?dist} Release: 1%{?dist}
License: CPL License: CPL
Group: System Environment/Base Group: System Environment/Base
URL: http://sourceforge.net/projects/opencryptoki URL: http://sourceforge.net/projects/opencryptoki
Source0: http://downloads.sourceforge.net/%{name}/%{name}-v%{version}.tar.gz Source0: http://downloads.sourceforge.net/%{name}/%{name}-v%{version}.tgz
Source1: %{name}-tmpfiles.conf Source1: %{name}-tmpfiles.conf
# https://bugzilla.redhat.com/show_bug.cgi?id=732756 # https://bugzilla.redhat.com/show_bug.cgi?id=732756
Patch0: %{name}-2.4-group.patch Patch0: %{name}-2.4-group.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=948460
# http://sourceforge.net/mailarchive/message.php?msg_id=31202168
Patch1: %{name}-3.0-pkcsconf-man.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=995002
# http://sourceforge.net/mailarchive/message.php?msg_id=31321105
Patch2: %{name}-3.0-unit.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1001729
# http://sourceforge.net/p/opencryptoki/opencryptoki/ci/b50eb39e3cf8ccfdb735fbddfcdae10bdb70e1c4/
Patch3: %{name}-3.0-opencryptoki-man.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1033284
# post-3.0 upstream fixes
Patch4: %{name}-3.0-bz1033284.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1037228
Patch5: %{name}-3.0-format.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1054661
Patch6: %{name}-3.0-bz1054661.patch
Requires(pre): shadow-utils coreutils sed Requires(pre): shadow-utils coreutils sed
BuildRequires: openssl-devel BuildRequires: openssl-devel
BuildRequires: trousers-devel BuildRequires: trousers-devel
@ -173,12 +157,6 @@ cryptographic hardware such as IBM 4764 or 4765 that uses the
%prep %prep
%setup -q -n %{name} %setup -q -n %{name}
%patch0 -p1 -b .group %patch0 -p1 -b .group
%patch1 -p1 -b .pkcsconf-man
%patch2 -p1 -b .unit
%patch3 -p1 -b .opencryptoki-man
%patch4 -p1 -b .bz1033284
%patch5 -p1 -b .format
%patch6 -p1 -b .bz1054661
# Upstream tarball has unnecessary executable perms set on the sources # Upstream tarball has unnecessary executable perms set on the sources
find . -name '*.[ch]' -print0 | xargs -0 chmod -x find . -name '*.[ch]' -print0 | xargs -0 chmod -x
@ -264,6 +242,7 @@ exit 0
%{_sbindir}/pkcsconf %{_sbindir}/pkcsconf
%{_sbindir}/pkcsslotd %{_sbindir}/pkcsslotd
%{_mandir}/man1/pkcsconf.1* %{_mandir}/man1/pkcsconf.1*
%{_mandir}/man1/pkcsep11_migrate.1.*
%{_mandir}/man5/%{name}.conf.5* %{_mandir}/man5/%{name}.conf.5*
%{_mandir}/man7/%{name}.7* %{_mandir}/man7/%{name}.7*
%{_mandir}/man8/pkcsslotd.8* %{_mandir}/man8/pkcsslotd.8*
@ -330,6 +309,9 @@ exit 0
%changelog %changelog
* Thu Jul 24 2014 Petr Lautrbach <plautrba@redhat.com> 3.1-1
- new upstream release 3.1
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.0-11 * Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.0-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

View File

@ -1 +1 @@
ec4e2a196c8a336d400d3b17288260af opencryptoki-v3.0.tar.gz ab5f2cc8680ddedde5a86a6cd2e1817f opencryptoki-v3.1.tgz