From 7fc36de91596f9e210c0401267158c5faa41f9b7 Mon Sep 17 00:00:00 2001 From: manu Date: Sun, 29 Mar 2020 02:13:32 +0000 Subject: [PATCH] Update libp11 to 0.4.4 so that we can build with NetBSD-9.0 newer OpenSSL Changes since libp11-0.2.8 from the NEWS file: New in 0.4.4; 2017-01-26; Michal Trojnara * Fixed a state reset caused by re-login on LOAD_CERT_CTRL engine ctrl; fixes #141 (Michal Trojnara) * "?" and "&" allowed as URI separators; fixes #142 (Michal Trojnara) * engine: Unified private/public key and certificate enumeration to be performed without login if possible (Michal Trojnara) New in 0.4.3; 2016-12-04; Michal Trojnara * Use UI to get CKU_CONTEXT_SPECIFIC PINs (Michal Trojnara) * Added graceful handling of alien (non-PKCS#11) keys (Michal Trojnara) * Added symbol versioning (Nikos Mavrogiannopoulos) * Soname tied with with the OpenSSL soname (Nikos Mavrogiannopoulos) * Added MSYS2, Cygwin, and MinGW/MSYS support (Pawel Witas) * Workaround implemented for a deadlock in PKCS#11 modules that internally use OpenSSL engines (Michal Trojnara, Pawel Witas) * Fixed an EVP_PKEY reference count leak (David Woodhouse) * Fixed OpenSSL 1.1.x crash in public RSA methods (Doug Engert, Michal Trojnara) * Fixed OpenSSL 1.1.x builds (Nikos Mavrogiannopoulos, Michal Trojnara) * Fixed retrieving PIN values from certificate URIs (Andrei Korikov) * Fixed symlink installation (Alon Bar-Lev) New in 0.4.2; 2016-09-25; Michal Trojnara * Fixed a 0.4.0 regression bug causing the engine finish function to remove any configured engine parameters; fixes #104 (Michal Trojnara) New in 0.4.1; 2016-09-17; Michal Trojnara * Use enginesdir provided by libcrypto.pc if available (David Woodhouse) * Certificate cache destroyed on login/logout (David Woodhouse) * Fixed accessing certificates marked as CKA_PRIVATE (David Woodhouse) * Directly included libp11 code into the engine (Matt Hauck) * Fixed handling simultaneous make jobs (Derek Straka) * Reverted an old hack that broke engine initialization (Michal Trojnara) * Fixed loading of multiple keys due to unneeded re-logging (Matt Hauck) * Makefile fixes and improvements (Nikos Mavrogiannopoulos) * Fixed several certificate selection bugs (Michal Trojnara) * The signed message digest is truncated if it is too long for the signing curve (David von Oheimb) * Workaround for broken PKCS#11 modules not returning CKA_EC_POINT in the ASN1_OCTET_STRING format (Michal Trojnara) * OpenSSL 1.1.0 build fixes (Michal Trojnara) New in 0.4.0; 2016-03-28; Michal Trojnara * Merged engine_pkcs11 (Michal Trojnara) * Added ECDSA support for OpenSSL < 1.0.2 (Michal Trojnara) * Added ECDH key derivation support (Doug Engert and Michal Trojnara) * Added support for RSA_NO_PADDING RSA private key decryption, used by OpenSSL for various features including OAEP (Michal Trojnara) * Added support for the ANSI X9.31 (RSA_X931_PADDING) RSA padding (Michal Trojnara) * Added support for RSA encryption (not only signing) (Michal Trojnara) * Added CKA_ALWAYS_AUTHENTICATE support (Michal Trojnara) * Fixed double locking the global engine lock (Michal Trojnara) * Fixed incorrect errors reported on signing/encryption/decryption (Michal Trojnara) * Fixed deadlocks in keys and certificates listing (Brian Hinz) * Use PKCS11_MODULE_PATH environment variable (Doug Engert) * Added support for building against OpenSSL 1.1.0-dev (Doug Engert) * Returned EVP_PKEY objects are no longer "const" (Michal Trojnara) * Fixed building against OpenSSL 0.9.8 (Michal Trojnara) * Removed support for OpenSSL 0.9.7 (Michal Trojnara) New in 0.3.1; 2016-01-22; Michal Trojnara * Added PKCS11_is_logged_in to the API (Mikhail Denisenko) * Added PKCS11_enumerate_public_keys to the API (Michal Trojnara) * Fixed EVP_PKEY handling of public keys (Michal Trojnara) * Added thread safety based on OpenSSL dynamic locks (Michal Trojnara) * A private index is allocated for ex_data access (RSA and ECDSA classes) instead of using the reserved index zero (app_data) (Michal Trojnara) * Fixes in reinitialization after fork; addresses #39 (Michal Trojnara) * Improved searching for dlopen() (Christoph Moench-Tegeder) * MSVC build fixes (Michal Trojnara) * Fixed memory leaks in pkcs11_get_evp_key_rsa() (Michal Trojnara) New in 0.3.0; 2015-10-09; Nikos Mavrogiannopoulos * Added small test suite based on softhsm (run on make check) * Memory leak fixes (Christian Heimes) * On module initialization tell the module to that the OS locking primitives are OK to use (Mike Gerow) * Transparently handle applications that fork. That is call C_Initialize() and reopen any handles if a fork is detected. * Eliminated any hard coded limits for certificate size (Doug Engert) * Added support for ECDSA (Doug Engert) * Allow RSA_NO_PADDING padding mode in PKCS11_private_encrypt (Stephane Adenot) * Eliminated several hard-coded limits in parameter sizes. --- doc/CHANGES-2020 | 3 ++- security/libp11/Makefile | 4 ++-- security/libp11/PLIST | 4 +++- security/libp11/distinfo | 12 ++++++------ security/libp11/patches/patch-Makefile.am | 19 +++++++++++-------- 5 files changed, 24 insertions(+), 18 deletions(-) diff --git a/doc/CHANGES-2020 b/doc/CHANGES-2020 index a6a977a6c171..b3c3bce596d3 100644 --- a/doc/CHANGES-2020 +++ b/doc/CHANGES-2020 @@ -1,4 +1,4 @@ -$NetBSD: CHANGES-2020,v 1.1959 2020/03/28 18:36:52 wiz Exp $ +$NetBSD: CHANGES-2020,v 1.1960 2020/03/29 02:13:32 manu Exp $ Changes to the packages collection and infrastructure in 2020: @@ -2638,3 +2638,4 @@ Changes to the packages collection and infrastructure in 2020: Updated databases/py-ldap to 3.2.0nb2 [gutteridge 2020-03-27] Updated devel/ncurses to 6.2nb1 [wiz 2020-03-28] Updated textproc/docbook-xsl to 1.79.2nb3 [wiz 2020-03-28] + Updated security/libp11 to 0.4.4 [manu 2020-03-29] diff --git a/security/libp11/Makefile b/security/libp11/Makefile index 3ecaa7878583..c25b41b1998e 100644 --- a/security/libp11/Makefile +++ b/security/libp11/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.13 2020/01/25 10:45:11 jperkin Exp $ +# $NetBSD: Makefile,v 1.14 2020/03/29 02:13:32 manu Exp $ # -VERSION= 0.2.8 +VERSION= 0.4.4 DISTNAME= libp11-${VERSION} PKGREVISION= 2 CATEGORIES= security diff --git a/security/libp11/PLIST b/security/libp11/PLIST index 62b894997015..8755a4e5bb23 100644 --- a/security/libp11/PLIST +++ b/security/libp11/PLIST @@ -1,4 +1,6 @@ -@comment $NetBSD: PLIST,v 1.1.1.1 2009/03/05 20:28:24 hasso Exp $ +@comment $NetBSD: PLIST,v 1.2 2020/03/29 02:13:32 manu Exp $ include/libp11.h lib/libp11.la +lib/libpkcs11.so +lib/pkcs11.la lib/pkgconfig/libp11.pc diff --git a/security/libp11/distinfo b/security/libp11/distinfo index 7c3010b40377..913e34382ee1 100644 --- a/security/libp11/distinfo +++ b/security/libp11/distinfo @@ -1,7 +1,7 @@ -$NetBSD: distinfo,v 1.4 2015/11/04 01:17:49 agc Exp $ +$NetBSD: distinfo,v 1.5 2020/03/29 02:13:32 manu Exp $ -SHA1 (libp11-0.2.8.tar.gz) = e20a3eb67b7effc26339f1decbca85dee3d98586 -RMD160 (libp11-0.2.8.tar.gz) = 8f54c66f929fff1bc4ec548f95e7798f9992a272 -SHA512 (libp11-0.2.8.tar.gz) = b07da8a9055dd63563fb0e4dffbc4705c6bf125fdd6188f751a14b853de43608b5737f8b91730f47f4963f9fe37fec15fd2cac340196c5e53876faa0294e48b5 -Size (libp11-0.2.8.tar.gz) = 69955 bytes -SHA1 (patch-Makefile.am) = 5020d2b5f345f603be775b7d5bf3edb75b5a2549 +SHA1 (libp11-0.4.4.tar.gz) = eff34266f77e8758b2c6a33588fe37a70059fc11 +RMD160 (libp11-0.4.4.tar.gz) = 28e5d6c0001a24695d37d3e905617ec3d6dac064 +SHA512 (libp11-0.4.4.tar.gz) = d39976cf27655a01331a08fdcd28c9d00de586c6918bec9e43228da4668132e637a3b0069d7478618ae63aeaa6bdb9f40b36e6fdac2934d42ea12c7e9b5eec5b +Size (libp11-0.4.4.tar.gz) = 108307 bytes +SHA1 (patch-Makefile.am) = c1ef488d455013841d973462fb67a64baf4db452 diff --git a/security/libp11/patches/patch-Makefile.am b/security/libp11/patches/patch-Makefile.am index a8688b1b9d32..db12b7daa271 100644 --- a/security/libp11/patches/patch-Makefile.am +++ b/security/libp11/patches/patch-Makefile.am @@ -1,22 +1,25 @@ -$NetBSD: patch-Makefile.am,v 1.1 2014/04/02 20:14:19 gdt Exp $ +$NetBSD: patch-Makefile.am,v 1.2 2020/03/29 02:13:32 manu Exp $ Don't install NEWS, as usually it is not. Don't install a README about a wiki copy that isn't there. These changes have not yet been submitted upstream. ---- Makefile.am.orig 2011-04-15 11:52:31.000000000 +0000 -+++ Makefile.am -@@ -16,9 +16,10 @@ EXTRA_DIST = svnignore Makefile.mak winc +--- Makefile.am.orig 2017-01-26 22:19:45.000000000 +0100 ++++ Makefile.am 2020-03-28 02:57:20.450453387 +0100 +@@ -14,12 +14,13 @@ + EXTRA_DIST = Makefile.mak make.rules.mak README.md + + dist_noinst_DATA = COPYING INSTALL.md - dist_noinst_DATA = COPYING bootstrap \ - $(srcdir)/examples/Makefile $(srcdir)/examples/*.c $(srcdir)/examples/README -dist_doc_DATA = NEWS +#dist_doc_DATA = NEWS --SUBDIRS = src doc + # Prerequisites must be first on the list +-SUBDIRS = src doc examples tests +SUBDIRS = src -+# doc ++# doc examples tests # Allow detection of packaged tarball dist-hook: + $(MKDIR_P) "$(distdir)/m4"