gentoo resync : 09.03.2018

author: V3n3RiX <venerix@redcorelinux.org> 2018-03-09 16:53:27 +0000
committer: V3n3RiX <venerix@redcorelinux.org> 2018-03-09 16:53:27 +0000
commit: 80208fb578cf92cc308906660ca6d7860c6b2a1f (patch)
tree: 6f06818031b553c506fc10dfe9908a835df288aa /sys-auth/yubico-piv-tool
parent: 06a7b5647e11a8ddf69b1c3d3ded6a8ba28b923e (diff)
3 files changed, 223 insertions, 0 deletions
diff --git a/sys-auth/yubico-piv-tool/Manifest b/sys-auth/yubico-piv-tool/Manifest
index b9e69d18ea91..6b5740eba44a 100644
--- a/sys-auth/yubico-piv-tool/Manifest
+++ b/sys-auth/yubico-piv-tool/Manifest
@@ -1,3 +1,6 @@
+AUX yubico-piv-tool-1.5.0-openssl110.patch 5114 BLAKE2B f21851a171dc94a7862b47d094d25e1c39aa874c62c8753b5b6d6f01dbcecfe2db7b94322a9e8326fe66f6c800199e407a964a4cdf3a2dca7e5fb88fa83e4290 SHA512 d7561f1d9e0cc2f1ffae2ae46ad140ac63ee77daac0e0fc8c4e975678e3abe33c9ac2181ce7c1e237ebbd54511ecd65271f463fec55672e6e904c2edafd97b0e
 DIST yubico-piv-tool-1.4.4.tar.gz 109397 BLAKE2B ed1299508cd5f90c662a184527ae696e7cd463b0e8d327413c8acff47d41de7393570798b9582e845262afb1780e0c759246980051a62335d7033de913147bb9 SHA512 3edc341fdbeeacfbf541adc37d0bd2b1df9777ca04e13bc1825e99a151008213b816ff811e83e623f52eb1400a8146c36a5a874fc5e26a89c9398e79a0e234e1
+DIST yubico-piv-tool-1.5.0.tar.gz 179092 BLAKE2B d15eed89699989ff545f18cf54fd42349fc81862e7bb3e182fad59d0604cc9729dedcc4aaa40d3f28c1d40b78ddbb5ed073c107cb233d0fa66a17a2ef1e29d68 SHA512 10d7f7a2f163e5f61d6f7463f2124d06213506bff39f3fe0c5b361f90f8bc372de97ab1fa8d6bfcb77659f086d71f8ff536a064ee8f300a620b929ee76e8f8b9
 EBUILD yubico-piv-tool-1.4.4.ebuild 647 BLAKE2B 527ff9328cdc01228974aaa7b4f846ec22aea8dc1b7b63078784a6100293db1b4c0992558fb26fd9b33f5b7f72404e06a675141b11fd785919d5a981362af184 SHA512 96360ad999f9f1af146b2ea6f2795791221f8b0803b4f6de2accd20d03e2bf5b1b8091cf00cdb05aea52995664bdafabe3a3bbf695f909de85d44ec9d8e3a0ac
+EBUILD yubico-piv-tool-1.5.0.ebuild 1012 BLAKE2B 9f43dc92c0d0cdac06620494838a5f555d9bf7236289f48ed12a71a4579206202e0df3c471a88a2ac4fe1f680072b80ba13efb582f50826278174e36f679a672 SHA512 16de41a9380636e55add90752abc9cace3364607cfc6f4dac90fa3d11e5b59c7d28e8bdf14d702ec4216f324695ce96bb6a9eb0829dd1d8d45b48385e45727d2
 MISC metadata.xml 254 BLAKE2B 469b2f4552e9db14cd35556a77359913ea2470137cd26ae2ecc0dd253c155a1e3bd04d19d16a8588c7e72b85057da2f3d62c5ca093992f121d9a32835f1b5ed4 SHA512 b30ec6f0a6c90d7e5d21552c23b34d6326e29fed03c766edf9da7a2a0848edbf694c0fca4fbb81cf291e607cd5de342b9e2f59a3ea5cf27e5b50d6dc2384e8b1
diff --git a/sys-auth/yubico-piv-tool/files/yubico-piv-tool-1.5.0-openssl110.patch b/sys-auth/yubico-piv-tool/files/yubico-piv-tool-1.5.0-openssl110.patch
new file mode 100644
index 000000000000..86b8bf9bedc9
--- /dev/null
+++ b/sys-auth/yubico-piv-tool/files/yubico-piv-tool-1.5.0-openssl110.patch
@@ -0,0 +1,170 @@
+From c8372f27d791aa445e879ded4efe4a267e3ff48e Mon Sep 17 00:00:00 2001
+From: quentin <quentin@minster.io>
+Date: Mon, 26 Feb 2018 02:43:41 +0100
+Subject: [PATCH] Improve compatibility with OpenSSL 1.1.0
+
+* add missing headers
+* stop using deprecated APIs
+---
+ tool/util.c            |  1 +
+ tool/yubico-piv-tool.c | 24 +++++++++++++++++++++++-
+ ykcs11/openssl_types.h |  1 +
+ ykcs11/openssl_utils.c | 11 +++++++++++
+ 4 files changed, 36 insertions(+), 1 deletion(-)
+
+diff --git a/tool/util.c b/tool/util.c
+index de6b071..5b299ca 100644
+--- a/tool/util.c
++++ b/tool/util.c
+@@ -38,6 +38,7 @@
+ #endif
+ 
+ #include "openssl-compat.h"
++#include <openssl/bn.h>
+ #include <openssl/evp.h>
+ #include <openssl/x509.h>
+ #include <openssl/rsa.h>
+diff --git a/tool/yubico-piv-tool.c b/tool/yubico-piv-tool.c
+index c40b027..f8b72b1 100644
+--- a/tool/yubico-piv-tool.c
++++ b/tool/yubico-piv-tool.c
+@@ -43,10 +43,12 @@
+ #endif
+ 
+ #include "openssl-compat.h"
++#include <openssl/bn.h>
+ #include <openssl/des.h>
+ #include <openssl/pem.h>
+ #include <openssl/pkcs12.h>
+ #include <openssl/rand.h>
++#include <openssl/rsa.h>
+ 
+ #include "cmdline.h"
+ #include "util.h"
+@@ -868,11 +870,19 @@ static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_fo
+     fprintf(stderr, "Failed to set certificate serial.\n");
+     goto selfsign_out;
+   }
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+   if(!X509_gmtime_adj(X509_get_notBefore(x509), 0)) {
++#else
++  if(!X509_gmtime_adj(X509_getm_notBefore(x509), 0)) {
++#endif
+     fprintf(stderr, "Failed to set certificate notBefore.\n");
+     goto selfsign_out;
+   }
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+   if(!X509_gmtime_adj(X509_get_notAfter(x509), 60L * 60L * 24L * validDays)) {
++#else
++  if(!X509_gmtime_adj(X509_getm_notAfter(x509), 60L * 60L * 24L * validDays)) {
++#endif
+     fprintf(stderr, "Failed to set certificate notAfter.\n");
+     goto selfsign_out;
+   }
+@@ -1241,7 +1251,7 @@ static void print_cert_info(ykpiv_state *state, enum enum_slot slot, const EVP_M
+ 
+   if(*ptr++ == 0x70) {
+     unsigned int md_len = sizeof(data);
+-    ASN1_TIME *not_before, *not_after;
++    const ASN1_TIME *not_before, *not_after;
+ 
+     ptr += get_length(ptr, &cert_len);
+     x509 = X509_new();
+@@ -1299,13 +1309,21 @@ static void print_cert_info(ykpiv_state *state, enum enum_slot slot, const EVP_M
+     dump_data(data, md_len, output, false, format_arg_hex);
+ 
+     bio = BIO_new_fp(output, BIO_NOCLOSE | BIO_FP_TEXT);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+     not_before = X509_get_notBefore(x509);
++#else
++    not_before = X509_get0_notBefore(x509);
++#endif
+     if(not_before) {
+       fprintf(output, "\tNot Before:\t");
+       ASN1_TIME_print(bio, not_before);
+       fprintf(output, "\n");
+     }
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+     not_after = X509_get_notAfter(x509);
++#else
++    not_after = X509_get0_notAfter(x509);
++#endif
+     if(not_after) {
+       fprintf(output, "\tNot After:\t");
+       ASN1_TIME_print(bio, not_after);
+@@ -1950,7 +1968,9 @@ int main(int argc, char *argv[]) {
+ 
+ 
+   /* openssl setup.. */
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+   OpenSSL_add_all_algorithms();
++#endif
+ 
+ 
+   for(i = 0; i < args_info.action_given; i++) {
+@@ -2191,6 +2211,8 @@ int main(int argc, char *argv[]) {
+   }
+ 
+   ykpiv_done(state);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+   EVP_cleanup();
++#endif
+   return ret;
+ }
+diff --git a/ykcs11/openssl_types.h b/ykcs11/openssl_types.h
+index 307f746..08170fc 100644
+--- a/ykcs11/openssl_types.h
++++ b/ykcs11/openssl_types.h
+@@ -31,6 +31,7 @@
+ #ifndef OPENSSL_TYPES_H
+ #define OPENSSL_TYPES_H
+ 
++#include <openssl/bn.h>
+ #include <openssl/x509.h>
+ #include <openssl/evp.h>
+ #include <openssl/rsa.h>
+diff --git a/ykcs11/openssl_utils.c b/ykcs11/openssl_utils.c
+index 5a7f85d..edfe0ea 100644
+--- a/ykcs11/openssl_utils.c
++++ b/ykcs11/openssl_utils.c
+@@ -35,6 +35,11 @@
+ #include "debug.h"
+ #include <string.h>
+ 
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++# define X509_set_notBefore X509_set1_notBefore
++# define X509_set_notAfter X509_set1_notAfter
++#endif
++
+ CK_RV do_store_cert(CK_BYTE_PTR data, CK_ULONG len, X509 **cert) {
+ 
+   const unsigned char *p = data; // Mandatory temp variable required by OpenSSL
+@@ -580,7 +585,9 @@ CK_RV do_pkcs_pss(ykcs11_rsa_key_t *key, CK_BYTE_PTR in, CK_ULONG in_len,
+           int nid, CK_BYTE_PTR out, CK_ULONG_PTR out_len) {
+   unsigned char em[RSA_size(key)];
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+   OpenSSL_add_all_digests();
++#endif
+ 
+   DBG("Apply PSS padding to %lu bytes and get %d", in_len, RSA_size(key));
+ 
+@@ -590,14 +597,18 @@ CK_RV do_pkcs_pss(ykcs11_rsa_key_t *key, CK_BYTE_PTR in, CK_ULONG in_len,
+ 
+   // In case of raw PSS (no hash) this function will fail because OpenSSL requires an MD
+   if (RSA_padding_add_PKCS1_PSS(key, em, out, EVP_get_digestbynid(nid), -2) == 0) {
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+     EVP_cleanup();
++#endif
+     return CKR_FUNCTION_FAILED;
+   }
+ 
+   memcpy(out, em, sizeof(em));
+   *out_len = (CK_ULONG) sizeof(em);
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+   EVP_cleanup();
++#endif
+ 
+   return CKR_OK;
+ }
diff --git a/sys-auth/yubico-piv-tool/yubico-piv-tool-1.5.0.ebuild b/sys-auth/yubico-piv-tool/yubico-piv-tool-1.5.0.ebuild
new file mode 100644
index 000000000000..7a72c9087c3f
--- /dev/null
+++ b/sys-auth/yubico-piv-tool/yubico-piv-tool-1.5.0.ebuild
@@ -0,0 +1,50 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit autotools
+
+DESCRIPTION="Command line tool for the YubiKey PIV application"
+SRC_URI="https://github.com/Yubico/yubico-piv-tool/archive/yubico-piv-tool-${PV}.tar.gz"
+HOMEPAGE="https://developers.yubico.com/yubico-piv-tool/ https://github.com/Yubico/yubico-piv-tool"
+
+LICENSE="BSD-2"
+SLOT="0/1"
+KEYWORDS="~amd64"
+IUSE="test"
+
+RDEPEND="
+	dev-libs/openssl:0=[-bindist]
+	sys-apps/pcsc-lite
+"
+DEPEND="${RDEPEND}
+	dev-util/gengetopt
+	sys-apps/help2man
+	virtual/pkgconfig
+	test? ( dev-libs/check )
+"
+
+S=${WORKDIR}/${PN}-${P}
+
+PATCHES=( "${FILESDIR}/${P}-openssl110.patch" )
+
+src_prepare() {
+	default
+
+	if ! use test; then
+		sed -i -e "/PKG_CHECK_MODULES(\[CHECK/d" configure.ac || die
+		sed -i -e "s/@CHECK_CFLAGS@//" -e "s/@CHECK_LIBS@//" */*/Makefile.am || die
+	fi
+
+	eautoreconf
+}
+
+src_configure() {
+	econf --disable-static
+}
+
+src_install() {
+	default
+	rm "${D}"/usr/$(get_libdir)/*.la || die
+}
author	V3n3RiX <venerix@redcorelinux.org>	2018-03-09 16:53:27 +0000
committer	V3n3RiX <venerix@redcorelinux.org>	2018-03-09 16:53:27 +0000
commit	80208fb578cf92cc308906660ca6d7860c6b2a1f (patch)
tree	6f06818031b553c506fc10dfe9908a835df288aa /sys-auth/yubico-piv-tool
parent	06a7b5647e11a8ddf69b1c3d3ded6a8ba28b923e (diff)