* [PR PATCH] ykpivmgr: update to 1.7.0.
@ 2019-10-02 8:24 voidlinux-github
2019-10-02 12:51 ` [PR PATCH] [Updated] " voidlinux-github
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: voidlinux-github @ 2019-10-02 8:24 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 388 bytes --]
There is a new pull request by zdtcd against master on the void-packages repository
https://github.com/zdtcd/void-packages ykpivmgr
https://github.com/void-linux/void-packages/pull/14946
ykpivmgr: update to 1.7.0.
Patch is submited upstream at https://github.com/Yubico/yubico-piv-tool/pull/212
A patch file from https://github.com/void-linux/void-packages/pull/14946.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-ykpivmgr-14946.patch --]
[-- Type: text/x-diff, Size: 8823 bytes --]
From 2c72cf807a578c306cc793d4bce56c2766dd29a5 Mon Sep 17 00:00:00 2001
From: Doan Tran Cong Danh <congdanhqx@gmail.com>
Date: Wed, 2 Oct 2019 10:39:34 +0700
Subject: [PATCH] ykpivmgr: update to 1.7.0.
Patch is submited upstream at https://github.com/Yubico/yubico-piv-tool/pull/212
---
srcpkgs/ykpivmgr/patches/libressl.patch | 158 --------------------
srcpkgs/ykpivmgr/patches/ssl_obsolete.patch | 22 +++
srcpkgs/ykpivmgr/template | 7 +-
3 files changed, 26 insertions(+), 161 deletions(-)
delete mode 100644 srcpkgs/ykpivmgr/patches/libressl.patch
create mode 100644 srcpkgs/ykpivmgr/patches/ssl_obsolete.patch
diff --git a/srcpkgs/ykpivmgr/patches/libressl.patch b/srcpkgs/ykpivmgr/patches/libressl.patch
deleted file mode 100644
index 4c48300e932..00000000000
--- a/srcpkgs/ykpivmgr/patches/libressl.patch
+++ /dev/null
@@ -1,158 +0,0 @@
---- tool/openssl-compat.c
-+++ tool/openssl-compat.c
-@@ -71,6 +71,10 @@
- *iqmp = r->iqmp;
- }
-
-+#endif /* OPENSSL_VERSION_NUMBER */
-+
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-+
- void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
- ASN1_OCTET_STRING **pdigest)
- {
-@@ -80,4 +84,4 @@
- *pdigest = sig->digest;
- }
-
--#endif /* OPENSSL_VERSION_NUMBER */
-+#endif /* OPENSSL_VERSION_NUMBER || defined(LIBRESSL_VERSION_NUMBER) */
-
---- tool/openssl-compat.h
-+++ tool/openssl-compat.h
-@@ -20,7 +20,6 @@
- #include <openssl/ecdsa.h>
- #include <openssl/dh.h>
- #include <openssl/evp.h>
--#include <openssl/x509.h>
-
- int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
- void RSA_get0_key(const RSA *r,
-@@ -29,9 +28,15 @@
- void RSA_get0_crt_params(const RSA *r,
- const BIGNUM **dmp1, const BIGNUM **dmq1,
- const BIGNUM **iqmp);
-+#endif /* OPENSSL_VERSION_NUMBER */
-+
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-+
-+#include <openssl/x509.h>
-+
- void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
- ASN1_OCTET_STRING **pdigest);
-
-+#endif /* OPENSSL_VERSION_NUMBER || defined(LIBRESSL_VERSION_NUMBER) */
- #endif /* _WINDOWS */
--#endif /* OPENSSL_VERSION_NUMBER */
- #endif /* LIBCRYPTO_COMPAT_H */
-
---- tool/yubico-piv-tool.c
-+++ tool/yubico-piv-tool.c
-@@ -124,7 +124,7 @@
- return false;
- }
-
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+#if !((OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER))
- static int ec_key_ex_data_idx = -1;
-
- struct internal_key {
-@@ -688,7 +688,7 @@
- goto request_out;
- }
-
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
- memcpy(digest, oid, oid_len);
- /* XXX: this should probably use X509_REQ_digest() but that's buggy */
- if(!ASN1_item_digest(ASN1_ITEM_rptr(X509_REQ_INFO), md, req->req_info,
-@@ -721,7 +721,7 @@
- fprintf(stderr, "Failed signing request.\n");
- goto request_out;
- }
-- M_ASN1_BIT_STRING_set(req->signature, signature, sig_len);
-+ ASN1_BIT_STRING_set(req->signature, signature, sig_len);
- /* mark that all bits should be used. */
- req->signature->flags = ASN1_STRING_FLAG_BITS_LEFT;
- }
-@@ -751,7 +751,7 @@
- EVP_PKEY_free(public_key);
- }
- if(req) {
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
- if(req->sig_alg->parameter) {
- req->sig_alg->parameter = NULL;
- }
-@@ -884,7 +884,7 @@
- if(nid == 0) {
- goto selfsign_out;
- }
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
- if(YKPIV_IS_RSA(algorithm)) {
- signinput = digest;
- len = oid_len + md_len;
-@@ -912,7 +912,7 @@
- fprintf(stderr, "Failed signing certificate.\n");
- goto selfsign_out;
- }
-- M_ASN1_BIT_STRING_set(x509->signature, signature, sig_len);
-+ ASN1_BIT_STRING_set(x509->signature, signature, sig_len);
- /* setting flags to ASN1_STRING_FLAG_BITS_LEFT here marks that no bits
- * should be subtracted from the bit string, thus making sure that the
- * certificate can be validated. */
-@@ -941,7 +941,7 @@
- fclose(output_file);
- }
- if(x509) {
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
- if(x509->sig_alg->parameter) {
- x509->sig_alg->parameter = NULL;
- x509->cert_info->signature->parameter = NULL;
-
-diff --git ykcs11/openssl_utils.c ykcs11/openssl_utils.c
-index 68fb29a..5a7f85d 100644
---- ykcs11/openssl_utils.c
-+++ ykcs11/openssl_utils.c
-@@ -165,7 +165,7 @@ CK_RV do_create_empty_cert(CK_BYTE_PTR in, CK_ULONG in_len, CK_BBOOL is_rsa,
- X509_set_notBefore(cert, tm);
- X509_set_notAfter(cert, tm);
-
--#if OPENSSL_VERSION_NUMBER < 10100000L
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
- // Manually set the signature algorithms.
- // OpenSSL 1.0.1i complains about empty DER fields
- // 8 => md5WithRsaEncryption
-diff --git ykcs11/tests/ykcs11_tests.c ykcs11/tests/ykcs11_tests.c
-index 9fb51da..257c938 100644
---- ykcs11/tests/ykcs11_tests.c
-+++ ykcs11/tests/ykcs11_tests.c
-@@ -274,7 +274,7 @@ static void test_login() {
-
- }
-
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+#if !((OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER))
- static int bogus_sign(int dtype, const unsigned char *m, unsigned int m_length,
- unsigned char *sigret, unsigned int *siglen, const RSA *rsa) {
- sigret = malloc(1);
-@@ -385,7 +385,7 @@ static void test_import_and_sign_all_10() {
- X509_set_notBefore(cert, tm);
- X509_set_notAfter(cert, tm);
-
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
- cert->sig_alg->algorithm = OBJ_nid2obj(8);
- cert->cert_info->signature->algorithm = OBJ_nid2obj(8);
-
-@@ -583,7 +583,7 @@ static void test_import_and_sign_all_10_RSA() {
- X509_set_notBefore(cert, tm);
- X509_set_notAfter(cert, tm);
-
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
- /* putting bogus data to signature to make some checks happy */
- cert->sig_alg->algorithm = OBJ_nid2obj(8);
- cert->cert_info->signature->algorithm = OBJ_nid2obj(8);
diff --git a/srcpkgs/ykpivmgr/patches/ssl_obsolete.patch b/srcpkgs/ykpivmgr/patches/ssl_obsolete.patch
new file mode 100644
index 00000000000..e842806e821
--- /dev/null
+++ b/srcpkgs/ykpivmgr/patches/ssl_obsolete.patch
@@ -0,0 +1,22 @@
+diff --git a/tool/yubico-piv-tool.c b/tool/yubico-piv-tool.c
+index d7e11d5..7cd15e3 100644
+--- a/tool/yubico-piv-tool.c
++++ b/tool/yubico-piv-tool.c
+@@ -751,7 +751,7 @@ static bool request_certificate(ykpiv_state *state, enum enum_key_format key_for
+ fprintf(stderr, "Failed signing request.\n");
+ goto request_out;
+ }
+- M_ASN1_BIT_STRING_set(req->signature, signature, sig_len);
++ ASN1_STRING_set(req->signature, signature, sig_len);
+ /* mark that all bits should be used. */
+ req->signature->flags = ASN1_STRING_FLAG_BITS_LEFT;
+ }
+@@ -1007,7 +1007,7 @@ static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_fo
+ fprintf(stderr, "Failed signing certificate.\n");
+ goto selfsign_out;
+ }
+- M_ASN1_BIT_STRING_set(x509->signature, signature, sig_len);
++ ASN1_STRING_set(x509->signature, signature, sig_len);
+ /* setting flags to ASN1_STRING_FLAG_BITS_LEFT here marks that no bits
+ * should be subtracted from the bit string, thus making sure that the
+ * certificate can be validated. */
diff --git a/srcpkgs/ykpivmgr/template b/srcpkgs/ykpivmgr/template
index 7e72bcc15f5..99c781b9832 100644
--- a/srcpkgs/ykpivmgr/template
+++ b/srcpkgs/ykpivmgr/template
@@ -6,8 +6,8 @@ _libykcs_name="libykcs11"
_libykcs_desc="Yubikey PIV pkcs11 library"
pkgname=ykpivmgr
-version=1.5.0
-revision=5
+version=1.7.0
+revision=1
wrksrc="${_real_name}-${version}"
build_style=gnu-configure
configure_args="--enable-doxygen-man --program-transform-name='s/^yubico-piv-tool$/ykpivmgr/'"
@@ -18,7 +18,8 @@ maintainer="Aloz1 <kno0001@gmail.com>"
license="BSD"
homepage="https://developers.yubico.com/${_real_name}"
distfiles="https://developers.yubico.com/${_real_name}/Releases/${_real_name}-${version}.tar.gz"
-checksum=c18375179ba25bf9d61365b3903f033f112897bbd54ca63c62fa153f2d05aaab
+checksum=b428527e4031453a637128077983e782e9fea25df98e95e0fc27819b2e82fd7f
+patch_args="-Np1"
post_extract() {
sed -i '/^yubico-piv-tool.1/,$d' tool/Makefile.am
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PR PATCH] [Updated] ykpivmgr: update to 1.7.0.
2019-10-02 8:24 [PR PATCH] ykpivmgr: update to 1.7.0 voidlinux-github
@ 2019-10-02 12:51 ` voidlinux-github
2019-10-02 12:51 ` voidlinux-github
2019-10-02 14:44 ` [PR PATCH] [Merged]: " voidlinux-github
2 siblings, 0 replies; 4+ messages in thread
From: voidlinux-github @ 2019-10-02 12:51 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 393 bytes --]
There is an updated pull request by zdtcd against master on the void-packages repository
https://github.com/zdtcd/void-packages ykpivmgr
https://github.com/void-linux/void-packages/pull/14946
ykpivmgr: update to 1.7.0.
Patch is submited upstream at https://github.com/Yubico/yubico-piv-tool/pull/212
A patch file from https://github.com/void-linux/void-packages/pull/14946.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-ykpivmgr-14946.patch --]
[-- Type: text/x-diff, Size: 9018 bytes --]
From 139959cec3352563713e55753215cb1c7598440f Mon Sep 17 00:00:00 2001
From: Doan Tran Cong Danh <congdanhqx@gmail.com>
Date: Wed, 2 Oct 2019 10:39:34 +0700
Subject: [PATCH] ykpivmgr: update to 1.7.0.
Patch is submited upstream at https://github.com/Yubico/yubico-piv-tool/pull/212
---
srcpkgs/ykpivmgr/patches/libressl.patch | 158 --------------------
srcpkgs/ykpivmgr/patches/ssl_obsolete.patch | 22 +++
srcpkgs/ykpivmgr/template | 9 +-
3 files changed, 27 insertions(+), 162 deletions(-)
delete mode 100644 srcpkgs/ykpivmgr/patches/libressl.patch
create mode 100644 srcpkgs/ykpivmgr/patches/ssl_obsolete.patch
diff --git a/srcpkgs/ykpivmgr/patches/libressl.patch b/srcpkgs/ykpivmgr/patches/libressl.patch
deleted file mode 100644
index 4c48300e932..00000000000
--- a/srcpkgs/ykpivmgr/patches/libressl.patch
+++ /dev/null
@@ -1,158 +0,0 @@
---- tool/openssl-compat.c
-+++ tool/openssl-compat.c
-@@ -71,6 +71,10 @@
- *iqmp = r->iqmp;
- }
-
-+#endif /* OPENSSL_VERSION_NUMBER */
-+
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-+
- void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
- ASN1_OCTET_STRING **pdigest)
- {
-@@ -80,4 +84,4 @@
- *pdigest = sig->digest;
- }
-
--#endif /* OPENSSL_VERSION_NUMBER */
-+#endif /* OPENSSL_VERSION_NUMBER || defined(LIBRESSL_VERSION_NUMBER) */
-
---- tool/openssl-compat.h
-+++ tool/openssl-compat.h
-@@ -20,7 +20,6 @@
- #include <openssl/ecdsa.h>
- #include <openssl/dh.h>
- #include <openssl/evp.h>
--#include <openssl/x509.h>
-
- int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
- void RSA_get0_key(const RSA *r,
-@@ -29,9 +28,15 @@
- void RSA_get0_crt_params(const RSA *r,
- const BIGNUM **dmp1, const BIGNUM **dmq1,
- const BIGNUM **iqmp);
-+#endif /* OPENSSL_VERSION_NUMBER */
-+
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-+
-+#include <openssl/x509.h>
-+
- void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
- ASN1_OCTET_STRING **pdigest);
-
-+#endif /* OPENSSL_VERSION_NUMBER || defined(LIBRESSL_VERSION_NUMBER) */
- #endif /* _WINDOWS */
--#endif /* OPENSSL_VERSION_NUMBER */
- #endif /* LIBCRYPTO_COMPAT_H */
-
---- tool/yubico-piv-tool.c
-+++ tool/yubico-piv-tool.c
-@@ -124,7 +124,7 @@
- return false;
- }
-
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+#if !((OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER))
- static int ec_key_ex_data_idx = -1;
-
- struct internal_key {
-@@ -688,7 +688,7 @@
- goto request_out;
- }
-
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
- memcpy(digest, oid, oid_len);
- /* XXX: this should probably use X509_REQ_digest() but that's buggy */
- if(!ASN1_item_digest(ASN1_ITEM_rptr(X509_REQ_INFO), md, req->req_info,
-@@ -721,7 +721,7 @@
- fprintf(stderr, "Failed signing request.\n");
- goto request_out;
- }
-- M_ASN1_BIT_STRING_set(req->signature, signature, sig_len);
-+ ASN1_BIT_STRING_set(req->signature, signature, sig_len);
- /* mark that all bits should be used. */
- req->signature->flags = ASN1_STRING_FLAG_BITS_LEFT;
- }
-@@ -751,7 +751,7 @@
- EVP_PKEY_free(public_key);
- }
- if(req) {
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
- if(req->sig_alg->parameter) {
- req->sig_alg->parameter = NULL;
- }
-@@ -884,7 +884,7 @@
- if(nid == 0) {
- goto selfsign_out;
- }
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
- if(YKPIV_IS_RSA(algorithm)) {
- signinput = digest;
- len = oid_len + md_len;
-@@ -912,7 +912,7 @@
- fprintf(stderr, "Failed signing certificate.\n");
- goto selfsign_out;
- }
-- M_ASN1_BIT_STRING_set(x509->signature, signature, sig_len);
-+ ASN1_BIT_STRING_set(x509->signature, signature, sig_len);
- /* setting flags to ASN1_STRING_FLAG_BITS_LEFT here marks that no bits
- * should be subtracted from the bit string, thus making sure that the
- * certificate can be validated. */
-@@ -941,7 +941,7 @@
- fclose(output_file);
- }
- if(x509) {
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
- if(x509->sig_alg->parameter) {
- x509->sig_alg->parameter = NULL;
- x509->cert_info->signature->parameter = NULL;
-
-diff --git ykcs11/openssl_utils.c ykcs11/openssl_utils.c
-index 68fb29a..5a7f85d 100644
---- ykcs11/openssl_utils.c
-+++ ykcs11/openssl_utils.c
-@@ -165,7 +165,7 @@ CK_RV do_create_empty_cert(CK_BYTE_PTR in, CK_ULONG in_len, CK_BBOOL is_rsa,
- X509_set_notBefore(cert, tm);
- X509_set_notAfter(cert, tm);
-
--#if OPENSSL_VERSION_NUMBER < 10100000L
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
- // Manually set the signature algorithms.
- // OpenSSL 1.0.1i complains about empty DER fields
- // 8 => md5WithRsaEncryption
-diff --git ykcs11/tests/ykcs11_tests.c ykcs11/tests/ykcs11_tests.c
-index 9fb51da..257c938 100644
---- ykcs11/tests/ykcs11_tests.c
-+++ ykcs11/tests/ykcs11_tests.c
-@@ -274,7 +274,7 @@ static void test_login() {
-
- }
-
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+#if !((OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER))
- static int bogus_sign(int dtype, const unsigned char *m, unsigned int m_length,
- unsigned char *sigret, unsigned int *siglen, const RSA *rsa) {
- sigret = malloc(1);
-@@ -385,7 +385,7 @@ static void test_import_and_sign_all_10() {
- X509_set_notBefore(cert, tm);
- X509_set_notAfter(cert, tm);
-
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
- cert->sig_alg->algorithm = OBJ_nid2obj(8);
- cert->cert_info->signature->algorithm = OBJ_nid2obj(8);
-
-@@ -583,7 +583,7 @@ static void test_import_and_sign_all_10_RSA() {
- X509_set_notBefore(cert, tm);
- X509_set_notAfter(cert, tm);
-
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
- /* putting bogus data to signature to make some checks happy */
- cert->sig_alg->algorithm = OBJ_nid2obj(8);
- cert->cert_info->signature->algorithm = OBJ_nid2obj(8);
diff --git a/srcpkgs/ykpivmgr/patches/ssl_obsolete.patch b/srcpkgs/ykpivmgr/patches/ssl_obsolete.patch
new file mode 100644
index 00000000000..e842806e821
--- /dev/null
+++ b/srcpkgs/ykpivmgr/patches/ssl_obsolete.patch
@@ -0,0 +1,22 @@
+diff --git a/tool/yubico-piv-tool.c b/tool/yubico-piv-tool.c
+index d7e11d5..7cd15e3 100644
+--- a/tool/yubico-piv-tool.c
++++ b/tool/yubico-piv-tool.c
+@@ -751,7 +751,7 @@ static bool request_certificate(ykpiv_state *state, enum enum_key_format key_for
+ fprintf(stderr, "Failed signing request.\n");
+ goto request_out;
+ }
+- M_ASN1_BIT_STRING_set(req->signature, signature, sig_len);
++ ASN1_STRING_set(req->signature, signature, sig_len);
+ /* mark that all bits should be used. */
+ req->signature->flags = ASN1_STRING_FLAG_BITS_LEFT;
+ }
+@@ -1007,7 +1007,7 @@ static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_fo
+ fprintf(stderr, "Failed signing certificate.\n");
+ goto selfsign_out;
+ }
+- M_ASN1_BIT_STRING_set(x509->signature, signature, sig_len);
++ ASN1_STRING_set(x509->signature, signature, sig_len);
+ /* setting flags to ASN1_STRING_FLAG_BITS_LEFT here marks that no bits
+ * should be subtracted from the bit string, thus making sure that the
+ * certificate can be validated. */
diff --git a/srcpkgs/ykpivmgr/template b/srcpkgs/ykpivmgr/template
index 7e72bcc15f5..1e4a78e0e4a 100644
--- a/srcpkgs/ykpivmgr/template
+++ b/srcpkgs/ykpivmgr/template
@@ -6,8 +6,8 @@ _libykcs_name="libykcs11"
_libykcs_desc="Yubikey PIV pkcs11 library"
pkgname=ykpivmgr
-version=1.5.0
-revision=5
+version=1.7.0
+revision=1
wrksrc="${_real_name}-${version}"
build_style=gnu-configure
configure_args="--enable-doxygen-man --program-transform-name='s/^yubico-piv-tool$/ykpivmgr/'"
@@ -15,10 +15,11 @@ hostmakedepends="automake libtool gengetopt pkg-config doxygen perl"
makedepends="libressl-devel check-devel pcsclite-devel"
short_desc="Yubikey PIV management tool"
maintainer="Aloz1 <kno0001@gmail.com>"
-license="BSD"
+license="BSD-2-Clause"
homepage="https://developers.yubico.com/${_real_name}"
distfiles="https://developers.yubico.com/${_real_name}/Releases/${_real_name}-${version}.tar.gz"
-checksum=c18375179ba25bf9d61365b3903f033f112897bbd54ca63c62fa153f2d05aaab
+checksum=b428527e4031453a637128077983e782e9fea25df98e95e0fc27819b2e82fd7f
+patch_args="-Np1"
post_extract() {
sed -i '/^yubico-piv-tool.1/,$d' tool/Makefile.am
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PR PATCH] [Updated] ykpivmgr: update to 1.7.0.
2019-10-02 8:24 [PR PATCH] ykpivmgr: update to 1.7.0 voidlinux-github
2019-10-02 12:51 ` [PR PATCH] [Updated] " voidlinux-github
@ 2019-10-02 12:51 ` voidlinux-github
2019-10-02 14:44 ` [PR PATCH] [Merged]: " voidlinux-github
2 siblings, 0 replies; 4+ messages in thread
From: voidlinux-github @ 2019-10-02 12:51 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 393 bytes --]
There is an updated pull request by zdtcd against master on the void-packages repository
https://github.com/zdtcd/void-packages ykpivmgr
https://github.com/void-linux/void-packages/pull/14946
ykpivmgr: update to 1.7.0.
Patch is submited upstream at https://github.com/Yubico/yubico-piv-tool/pull/212
A patch file from https://github.com/void-linux/void-packages/pull/14946.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-ykpivmgr-14946.patch --]
[-- Type: text/x-diff, Size: 9018 bytes --]
From 139959cec3352563713e55753215cb1c7598440f Mon Sep 17 00:00:00 2001
From: Doan Tran Cong Danh <congdanhqx@gmail.com>
Date: Wed, 2 Oct 2019 10:39:34 +0700
Subject: [PATCH] ykpivmgr: update to 1.7.0.
Patch is submited upstream at https://github.com/Yubico/yubico-piv-tool/pull/212
---
srcpkgs/ykpivmgr/patches/libressl.patch | 158 --------------------
srcpkgs/ykpivmgr/patches/ssl_obsolete.patch | 22 +++
srcpkgs/ykpivmgr/template | 9 +-
3 files changed, 27 insertions(+), 162 deletions(-)
delete mode 100644 srcpkgs/ykpivmgr/patches/libressl.patch
create mode 100644 srcpkgs/ykpivmgr/patches/ssl_obsolete.patch
diff --git a/srcpkgs/ykpivmgr/patches/libressl.patch b/srcpkgs/ykpivmgr/patches/libressl.patch
deleted file mode 100644
index 4c48300e932..00000000000
--- a/srcpkgs/ykpivmgr/patches/libressl.patch
+++ /dev/null
@@ -1,158 +0,0 @@
---- tool/openssl-compat.c
-+++ tool/openssl-compat.c
-@@ -71,6 +71,10 @@
- *iqmp = r->iqmp;
- }
-
-+#endif /* OPENSSL_VERSION_NUMBER */
-+
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-+
- void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
- ASN1_OCTET_STRING **pdigest)
- {
-@@ -80,4 +84,4 @@
- *pdigest = sig->digest;
- }
-
--#endif /* OPENSSL_VERSION_NUMBER */
-+#endif /* OPENSSL_VERSION_NUMBER || defined(LIBRESSL_VERSION_NUMBER) */
-
---- tool/openssl-compat.h
-+++ tool/openssl-compat.h
-@@ -20,7 +20,6 @@
- #include <openssl/ecdsa.h>
- #include <openssl/dh.h>
- #include <openssl/evp.h>
--#include <openssl/x509.h>
-
- int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
- void RSA_get0_key(const RSA *r,
-@@ -29,9 +28,15 @@
- void RSA_get0_crt_params(const RSA *r,
- const BIGNUM **dmp1, const BIGNUM **dmq1,
- const BIGNUM **iqmp);
-+#endif /* OPENSSL_VERSION_NUMBER */
-+
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-+
-+#include <openssl/x509.h>
-+
- void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
- ASN1_OCTET_STRING **pdigest);
-
-+#endif /* OPENSSL_VERSION_NUMBER || defined(LIBRESSL_VERSION_NUMBER) */
- #endif /* _WINDOWS */
--#endif /* OPENSSL_VERSION_NUMBER */
- #endif /* LIBCRYPTO_COMPAT_H */
-
---- tool/yubico-piv-tool.c
-+++ tool/yubico-piv-tool.c
-@@ -124,7 +124,7 @@
- return false;
- }
-
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+#if !((OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER))
- static int ec_key_ex_data_idx = -1;
-
- struct internal_key {
-@@ -688,7 +688,7 @@
- goto request_out;
- }
-
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
- memcpy(digest, oid, oid_len);
- /* XXX: this should probably use X509_REQ_digest() but that's buggy */
- if(!ASN1_item_digest(ASN1_ITEM_rptr(X509_REQ_INFO), md, req->req_info,
-@@ -721,7 +721,7 @@
- fprintf(stderr, "Failed signing request.\n");
- goto request_out;
- }
-- M_ASN1_BIT_STRING_set(req->signature, signature, sig_len);
-+ ASN1_BIT_STRING_set(req->signature, signature, sig_len);
- /* mark that all bits should be used. */
- req->signature->flags = ASN1_STRING_FLAG_BITS_LEFT;
- }
-@@ -751,7 +751,7 @@
- EVP_PKEY_free(public_key);
- }
- if(req) {
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
- if(req->sig_alg->parameter) {
- req->sig_alg->parameter = NULL;
- }
-@@ -884,7 +884,7 @@
- if(nid == 0) {
- goto selfsign_out;
- }
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
- if(YKPIV_IS_RSA(algorithm)) {
- signinput = digest;
- len = oid_len + md_len;
-@@ -912,7 +912,7 @@
- fprintf(stderr, "Failed signing certificate.\n");
- goto selfsign_out;
- }
-- M_ASN1_BIT_STRING_set(x509->signature, signature, sig_len);
-+ ASN1_BIT_STRING_set(x509->signature, signature, sig_len);
- /* setting flags to ASN1_STRING_FLAG_BITS_LEFT here marks that no bits
- * should be subtracted from the bit string, thus making sure that the
- * certificate can be validated. */
-@@ -941,7 +941,7 @@
- fclose(output_file);
- }
- if(x509) {
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
- if(x509->sig_alg->parameter) {
- x509->sig_alg->parameter = NULL;
- x509->cert_info->signature->parameter = NULL;
-
-diff --git ykcs11/openssl_utils.c ykcs11/openssl_utils.c
-index 68fb29a..5a7f85d 100644
---- ykcs11/openssl_utils.c
-+++ ykcs11/openssl_utils.c
-@@ -165,7 +165,7 @@ CK_RV do_create_empty_cert(CK_BYTE_PTR in, CK_ULONG in_len, CK_BBOOL is_rsa,
- X509_set_notBefore(cert, tm);
- X509_set_notAfter(cert, tm);
-
--#if OPENSSL_VERSION_NUMBER < 10100000L
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
- // Manually set the signature algorithms.
- // OpenSSL 1.0.1i complains about empty DER fields
- // 8 => md5WithRsaEncryption
-diff --git ykcs11/tests/ykcs11_tests.c ykcs11/tests/ykcs11_tests.c
-index 9fb51da..257c938 100644
---- ykcs11/tests/ykcs11_tests.c
-+++ ykcs11/tests/ykcs11_tests.c
-@@ -274,7 +274,7 @@ static void test_login() {
-
- }
-
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+#if !((OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER))
- static int bogus_sign(int dtype, const unsigned char *m, unsigned int m_length,
- unsigned char *sigret, unsigned int *siglen, const RSA *rsa) {
- sigret = malloc(1);
-@@ -385,7 +385,7 @@ static void test_import_and_sign_all_10() {
- X509_set_notBefore(cert, tm);
- X509_set_notAfter(cert, tm);
-
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
- cert->sig_alg->algorithm = OBJ_nid2obj(8);
- cert->cert_info->signature->algorithm = OBJ_nid2obj(8);
-
-@@ -583,7 +583,7 @@ static void test_import_and_sign_all_10_RSA() {
- X509_set_notBefore(cert, tm);
- X509_set_notAfter(cert, tm);
-
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
- /* putting bogus data to signature to make some checks happy */
- cert->sig_alg->algorithm = OBJ_nid2obj(8);
- cert->cert_info->signature->algorithm = OBJ_nid2obj(8);
diff --git a/srcpkgs/ykpivmgr/patches/ssl_obsolete.patch b/srcpkgs/ykpivmgr/patches/ssl_obsolete.patch
new file mode 100644
index 00000000000..e842806e821
--- /dev/null
+++ b/srcpkgs/ykpivmgr/patches/ssl_obsolete.patch
@@ -0,0 +1,22 @@
+diff --git a/tool/yubico-piv-tool.c b/tool/yubico-piv-tool.c
+index d7e11d5..7cd15e3 100644
+--- a/tool/yubico-piv-tool.c
++++ b/tool/yubico-piv-tool.c
+@@ -751,7 +751,7 @@ static bool request_certificate(ykpiv_state *state, enum enum_key_format key_for
+ fprintf(stderr, "Failed signing request.\n");
+ goto request_out;
+ }
+- M_ASN1_BIT_STRING_set(req->signature, signature, sig_len);
++ ASN1_STRING_set(req->signature, signature, sig_len);
+ /* mark that all bits should be used. */
+ req->signature->flags = ASN1_STRING_FLAG_BITS_LEFT;
+ }
+@@ -1007,7 +1007,7 @@ static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_fo
+ fprintf(stderr, "Failed signing certificate.\n");
+ goto selfsign_out;
+ }
+- M_ASN1_BIT_STRING_set(x509->signature, signature, sig_len);
++ ASN1_STRING_set(x509->signature, signature, sig_len);
+ /* setting flags to ASN1_STRING_FLAG_BITS_LEFT here marks that no bits
+ * should be subtracted from the bit string, thus making sure that the
+ * certificate can be validated. */
diff --git a/srcpkgs/ykpivmgr/template b/srcpkgs/ykpivmgr/template
index 7e72bcc15f5..1e4a78e0e4a 100644
--- a/srcpkgs/ykpivmgr/template
+++ b/srcpkgs/ykpivmgr/template
@@ -6,8 +6,8 @@ _libykcs_name="libykcs11"
_libykcs_desc="Yubikey PIV pkcs11 library"
pkgname=ykpivmgr
-version=1.5.0
-revision=5
+version=1.7.0
+revision=1
wrksrc="${_real_name}-${version}"
build_style=gnu-configure
configure_args="--enable-doxygen-man --program-transform-name='s/^yubico-piv-tool$/ykpivmgr/'"
@@ -15,10 +15,11 @@ hostmakedepends="automake libtool gengetopt pkg-config doxygen perl"
makedepends="libressl-devel check-devel pcsclite-devel"
short_desc="Yubikey PIV management tool"
maintainer="Aloz1 <kno0001@gmail.com>"
-license="BSD"
+license="BSD-2-Clause"
homepage="https://developers.yubico.com/${_real_name}"
distfiles="https://developers.yubico.com/${_real_name}/Releases/${_real_name}-${version}.tar.gz"
-checksum=c18375179ba25bf9d61365b3903f033f112897bbd54ca63c62fa153f2d05aaab
+checksum=b428527e4031453a637128077983e782e9fea25df98e95e0fc27819b2e82fd7f
+patch_args="-Np1"
post_extract() {
sed -i '/^yubico-piv-tool.1/,$d' tool/Makefile.am
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PR PATCH] [Merged]: ykpivmgr: update to 1.7.0.
2019-10-02 8:24 [PR PATCH] ykpivmgr: update to 1.7.0 voidlinux-github
2019-10-02 12:51 ` [PR PATCH] [Updated] " voidlinux-github
2019-10-02 12:51 ` voidlinux-github
@ 2019-10-02 14:44 ` voidlinux-github
2 siblings, 0 replies; 4+ messages in thread
From: voidlinux-github @ 2019-10-02 14:44 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 240 bytes --]
There's a merged pull request on the void-packages repository
ykpivmgr: update to 1.7.0.
https://github.com/void-linux/void-packages/pull/14946
Description:
Patch is submited upstream at https://github.com/Yubico/yubico-piv-tool/pull/212
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-10-02 14:44 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-02 8:24 [PR PATCH] ykpivmgr: update to 1.7.0 voidlinux-github
2019-10-02 12:51 ` [PR PATCH] [Updated] " voidlinux-github
2019-10-02 12:51 ` voidlinux-github
2019-10-02 14:44 ` [PR PATCH] [Merged]: " voidlinux-github
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).