commit: a85b54e12c203e216d4d231a54c0d4f142b1da39
Author: David Seifert <soap <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 7 09:25:48 2024 +0000
Commit: David Seifert <soap <AT> gentoo <DOT> org>
CommitDate: Thu Mar 7 09:25:48 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a85b54e1
dev-libs/opensc: drop 0.23.0-r3
Signed-off-by: David Seifert <soap <AT> gentoo.org>
dev-libs/opensc/Manifest | 1 -
.../opensc/files/opensc-0.23.0-CVE-2023-2977.patch | 49 -----
.../files/opensc-0.23.0-backport-pr2656.patch | 215 ---------------------
.../files/opensc-0.23.0-backport-pr2765.patch | 39 ----
dev-libs/opensc/opensc-0.23.0-r3.ebuild | 82 --------
5 files changed, 386 deletions(-)
diff --git a/dev-libs/opensc/Manifest b/dev-libs/opensc/Manifest
index 9a0b274dd7eb..a8557d421768 100644
--- a/dev-libs/opensc/Manifest
+++ b/dev-libs/opensc/Manifest
@@ -1,2 +1 @@
-DIST opensc-0.23.0.tar.gz 2366469 BLAKE2B
c0f74379a70347a58be27684ae2cf833e6f35328b566af2c6daa8276174864406fa176acf7ba84931970fe07e3dd8d6eccf7884f079cb0110c4d6ff9a76792dc
SHA512
cd102cd64e719c59153960a4921b7525055045f16e6f6ffa8c9def6ce999a9c5098267b41f8753b41107f626bea20c34561002f5d38eddb4ce6b371913a17a1b
DIST opensc-0.24.0.tar.gz 2440952 BLAKE2B
afacdd151d169dd1840ecd6df1cec99a9805598d7b7af81e17b648f146cd1b3ad1d3dcae19ed94cf8ce0dbbd5b4285af9653af5ef5739d53908ce30a49544adb
SHA512
0fd2ea858874ae0b85c8fe8c4b920988693a47ca95b26449a1e95f86e17b76000f236c1f75d63ee133306e01a965155da5e14c1b8a59053b85026ecb58fb97bb
diff --git a/dev-libs/opensc/files/opensc-0.23.0-CVE-2023-2977.patch
b/dev-libs/opensc/files/opensc-0.23.0-CVE-2023-2977.patch
deleted file mode 100644
index ad3bc1fadc93..000000000000
--- a/dev-libs/opensc/files/opensc-0.23.0-CVE-2023-2977.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From 81944d1529202bd28359bede57c0a15deb65ba8a Mon Sep 17 00:00:00 2001
-From: fullwaywang <fullwayw...@tencent.com>
-Date: Mon, 29 May 2023 10:38:48 +0800
-Subject: [PATCH] pkcs15init: correct left length calculation to fix buffer
- overrun bug. Fixes #2785
-
----
- src/pkcs15init/pkcs15-cardos.c | 10 +++++-----
- 1 file changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/src/pkcs15init/pkcs15-cardos.c b/src/pkcs15init/pkcs15-cardos.c
-index 9715cf390f..f41f73c349 100644
---- a/src/pkcs15init/pkcs15-cardos.c
-+++ b/src/pkcs15init/pkcs15-cardos.c
-@@ -872,7 +872,7 @@ static int cardos_have_verifyrc_package(sc_card_t *card)
- sc_apdu_t apdu;
- u8 rbuf[SC_MAX_APDU_BUFFER_SIZE];
- int r;
-- const u8 *p = rbuf, *q;
-+ const u8 *p = rbuf, *q, *pp;
- size_t len, tlen = 0, ilen = 0;
-
- sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0xca, 0x01, 0x88);
-@@ -888,13 +888,13 @@ static int cardos_have_verifyrc_package(sc_card_t *card)
- return 0;
-
- while (len != 0) {
-- p = sc_asn1_find_tag(card->ctx, p, len, 0xe1, &tlen);
-- if (p == NULL)
-+ pp = sc_asn1_find_tag(card->ctx, p, len, 0xe1, &tlen);
-+ if (pp == NULL)
- return 0;
- if (card->type == SC_CARD_TYPE_CARDOS_M4_3) {
- /* the verifyRC package on CardOS 4.3B use Manufacturer
ID 0x01 */
- /* and Package Number 0x07
*/
-- q = sc_asn1_find_tag(card->ctx, p, tlen, 0x01, &ilen);
-+ q = sc_asn1_find_tag(card->ctx, pp, tlen, 0x01, &ilen);
- if (q == NULL || ilen != 4)
- return 0;
- if (q[0] == 0x07)
-@@ -902,7 +902,7 @@ static int cardos_have_verifyrc_package(sc_card_t *card)
- } else if (card->type == SC_CARD_TYPE_CARDOS_M4_4) {
- /* the verifyRC package on CardOS 4.4 use Manufacturer
ID 0x03 */
- /* and Package Number 0x02
*/
-- q = sc_asn1_find_tag(card->ctx, p, tlen, 0x03, &ilen);
-+ q = sc_asn1_find_tag(card->ctx, pp, tlen, 0x03, &ilen);
- if (q == NULL || ilen != 4)
- return 0;
- if (q[0] == 0x02)
diff --git a/dev-libs/opensc/files/opensc-0.23.0-backport-pr2656.patch
b/dev-libs/opensc/files/opensc-0.23.0-backport-pr2656.patch
deleted file mode 100644
index f9ce72d31776..000000000000
--- a/dev-libs/opensc/files/opensc-0.23.0-backport-pr2656.patch
+++ /dev/null
@@ -1,215 +0,0 @@
-https://bugs.gentoo.org/909781
-https://github.com/OpenSC/libp11/issues/478
-https://github.com/OpenSC/OpenSC/pull/2656
-
-From 99f7b82f187ca3512ceae6270c391243d018fdac Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jje...@redhat.com>
-Date: Thu, 1 Dec 2022 20:08:53 +0100
-Subject: [PATCH 1/4] pkcs11-tool: Fix private key import
-
----
- src/tools/pkcs11-tool.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
-index aae205fe2c..cfee8526d5 100644
---- a/src/tools/pkcs11-tool.c
-+++ b/src/tools/pkcs11-tool.c
-@@ -3669,13 +3669,13 @@ parse_rsa_pkey(EVP_PKEY *pkey, int private, struct
rsakey_info *rsa)
- RSA_get0_factors(r, &r_p, &r_q);
- RSA_get0_crt_params(r, &r_dmp1, &r_dmq1, &r_iqmp);
- #else
-- if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_FACTOR1,
&r_d) != 1 ||
-+ if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_D, &r_d) !=
1 ||
- EVP_PKEY_get_bn_param(pkey,
OSSL_PKEY_PARAM_RSA_FACTOR1, &r_p) != 1 ||
- EVP_PKEY_get_bn_param(pkey,
OSSL_PKEY_PARAM_RSA_FACTOR2, &r_q) != 1 ||
- EVP_PKEY_get_bn_param(pkey,
OSSL_PKEY_PARAM_RSA_EXPONENT1, &r_dmp1) != 1 ||
- EVP_PKEY_get_bn_param(pkey,
OSSL_PKEY_PARAM_RSA_EXPONENT2, &r_dmq1) != 1 ||
-- EVP_PKEY_get_bn_param(pkey,
OSSL_PKEY_PARAM_RSA_EXPONENT3, &r_iqmp) != 1) {
- util_fatal("OpenSSL error during RSA private key
parsing");
-+ EVP_PKEY_get_bn_param(pkey,
OSSL_PKEY_PARAM_RSA_COEFFICIENT1, &r_iqmp) != 1) {
- }
- #endif
- RSA_GET_BN(rsa, private_exponent, r_d);
-
-From 4a6e1d1dcd18757502027b1c5d2fb2cbaca28407 Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jje...@redhat.com>
-Date: Thu, 1 Dec 2022 20:11:41 +0100
-Subject: [PATCH 2/4] pkcs11-tool: Log more information on OpenSSL errors
-
----
- src/tools/pkcs11-tool.c | 15 ++++++---------
- 1 file changed, 6 insertions(+), 9 deletions(-)
-
-diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
-index cfee8526d5..f2e6b1dd91 100644
---- a/src/tools/pkcs11-tool.c
-+++ b/src/tools/pkcs11-tool.c
-@@ -3641,10 +3641,8 @@ parse_rsa_pkey(EVP_PKEY *pkey, int private, struct
rsakey_info *rsa)
- const BIGNUM *r_dmp1, *r_dmq1, *r_iqmp;
- r = EVP_PKEY_get1_RSA(pkey);
- if (!r) {
-- if (private)
-- util_fatal("OpenSSL error during RSA private key
parsing");
-- else
-- util_fatal("OpenSSL error during RSA public key
parsing");
-+ util_fatal("OpenSSL error during RSA %s key parsing: %s",
private ? "private" : "public",
-+ ERR_error_string(ERR_peek_last_error(), NULL));
- }
-
- RSA_get0_key(r, &r_n, &r_e, NULL);
-@@ -3654,10 +3652,8 @@ parse_rsa_pkey(EVP_PKEY *pkey, int private, struct
rsakey_info *rsa)
- BIGNUM *r_dmp1 = NULL, *r_dmq1 = NULL, *r_iqmp = NULL;
- if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_N, &r_n) != 1 ||
- EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_E, &r_e) != 1) {
-- if (private)
-- util_fatal("OpenSSL error during RSA private key
parsing");
-- else
-- util_fatal("OpenSSL error during RSA public key
parsing");
-+ util_fatal("OpenSSL error during RSA %s key parsing: %s",
private ? "private" : "public",
-+ ERR_error_string(ERR_peek_last_error(), NULL));
- }
- #endif
- RSA_GET_BN(rsa, modulus, r_n);
-@@ -3674,8 +3670,9 @@ parse_rsa_pkey(EVP_PKEY *pkey, int private, struct
rsakey_info *rsa)
- EVP_PKEY_get_bn_param(pkey,
OSSL_PKEY_PARAM_RSA_FACTOR2, &r_q) != 1 ||
- EVP_PKEY_get_bn_param(pkey,
OSSL_PKEY_PARAM_RSA_EXPONENT1, &r_dmp1) != 1 ||
- EVP_PKEY_get_bn_param(pkey,
OSSL_PKEY_PARAM_RSA_EXPONENT2, &r_dmq1) != 1 ||
-- util_fatal("OpenSSL error during RSA private key
parsing");
- EVP_PKEY_get_bn_param(pkey,
OSSL_PKEY_PARAM_RSA_COEFFICIENT1, &r_iqmp) != 1) {
-+ util_fatal("OpenSSL error during RSA private key
parsing: %s",
-+ ERR_error_string(ERR_peek_last_error(), NULL));
- }
- #endif
- RSA_GET_BN(rsa, private_exponent, r_d);
-
-From 267da3e81f1fc23a9ccce1462ab5deb1a4d4aec5 Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jje...@redhat.com>
-Date: Thu, 1 Dec 2022 20:38:31 +0100
-Subject: [PATCH 3/4] Reproducer for broken pkcs11-tool key import
-
----
- tests/Makefile.am | 10 ++++---
- tests/test-pkcs11-tool-import.sh | 48 ++++++++++++++++++++++++++++++++
- 2 files changed, 54 insertions(+), 4 deletions(-)
- create mode 100755 tests/test-pkcs11-tool-import.sh
-
-diff --git a/tests/Makefile.am b/tests/Makefile.am
-index d378e2ee00..9d8a24c321 100644
---- a/tests/Makefile.am
-+++ b/tests/Makefile.am
-@@ -14,8 +14,9 @@ dist_noinst_SCRIPTS = common.sh \
- test-pkcs11-tool-test-threads.sh \
- test-pkcs11-tool-sign-verify.sh \
- test-pkcs11-tool-allowed-mechanisms.sh \
-- test-pkcs11-tool-sym-crypt-test.sh\
-- test-pkcs11-tool-unwrap-wrap-test.sh
-+ test-pkcs11-tool-sym-crypt-test.sh \
-+ test-pkcs11-tool-unwrap-wrap-test.sh \
-+ test-pkcs11-tool-import.sh
-
- .NOTPARALLEL:
- TESTS = \
-@@ -25,8 +26,9 @@ TESTS = \
- test-pkcs11-tool-test.sh \
- test-pkcs11-tool-test-threads.sh \
- test-pkcs11-tool-allowed-mechanisms.sh \
-- test-pkcs11-tool-sym-crypt-test.sh\
-- test-pkcs11-tool-unwrap-wrap-test.sh
-+ test-pkcs11-tool-sym-crypt-test.sh \
-+ test-pkcs11-tool-unwrap-wrap-test.sh \
-+ test-pkcs11-tool-import.sh
- XFAIL_TESTS = \
- test-pkcs11-tool-test-threads.sh \
- test-pkcs11-tool-test.sh
-diff --git a/tests/test-pkcs11-tool-import.sh
b/tests/test-pkcs11-tool-import.sh
-new file mode 100755
-index 0000000000..76ff8e51be
---- /dev/null
-+++ b/tests/test-pkcs11-tool-import.sh
-@@ -0,0 +1,48 @@
-+#!/bin/bash
-+SOURCE_PATH=${SOURCE_PATH:-..}
-+
-+source $SOURCE_PATH/tests/common.sh
-+
-+echo "======================================================="
-+echo "Setup SoftHSM"
-+echo "======================================================="
-+if [[ ! -f $P11LIB ]]; then
-+ echo "WARNING: The SoftHSM is not installed. Can not run this test"
-+ exit 77;
-+fi
-+card_setup
-+
-+ID="0100"
-+OPTS=""
-+for KEYTYPE in "RSA" "EC"; do
-+ echo "======================================================="
-+ echo "Generate and import $KEYTYPE keys"
-+ echo "======================================================="
-+ if [ "$KEYTYPE" == "RSA" ]; then
-+ ID="0100"
-+ elif [ "$KEYTYPE" == "EC" ]; then
-+ ID="0200"
-+ OPTS="-pkeyopt ec_paramgen_curve:P-521"
-+ fi
-+ openssl genpkey -out "${KEYTYPE}_private.der" -outform DER -algorithm
$KEYTYPE $OPTS
-+ assert $? "Failed to generate private $KEYTYPE key"
-+ $PKCS11_TOOL --write-object "${KEYTYPE}_private.der" --id "$ID" --type
privkey \
-+ --label "$KEYTYPE" -p "$PIN" --module "$P11LIB"
-+ assert $? "Failed to write private $KEYTYPE key"
-+
-+ openssl pkey -in "${KEYTYPE}_private.der" -out "${KEYTYPE}_public.der"
-pubout -inform DER -outform DER
-+ assert $? "Failed to convert private $KEYTYPE key to public"
-+ $PKCS11_TOOL --write-object "${KEYTYPE}_public.der" --id "$ID" --type
pubkey --label "$KEYTYPE" \
-+ -p $PIN --module $P11LIB
-+ assert $? "Failed to write public $KEYTYPE key"
-+ # certificate import already tested in all other tests
-+
-+ rm "${KEYTYPE}_private.der" "${KEYTYPE}_public.der"
-+done
-+
-+echo "======================================================="
-+echo "Cleanup"
-+echo "======================================================="
-+card_cleanup
-+
-+exit $ERRORS
-
-From 63a7bceeca43ece1eee201ef7a974b20b294ba4e Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jak...@gmail.com>
-Date: Fri, 2 Dec 2022 18:07:43 +0100
-Subject: [PATCH 4/4] Simplify the new test
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Co-authored-by: Veronika HanulĂková
<61348757+xhanu...@users.noreply.github.com>
----
- tests/test-pkcs11-tool-import.sh | 8 +++-----
- 1 file changed, 3 insertions(+), 5 deletions(-)
-
-diff --git a/tests/test-pkcs11-tool-import.sh
b/tests/test-pkcs11-tool-import.sh
-index 76ff8e51be..c90b3b4926 100755
---- a/tests/test-pkcs11-tool-import.sh
-+++ b/tests/test-pkcs11-tool-import.sh
-@@ -12,15 +12,13 @@ if [[ ! -f $P11LIB ]]; then
- fi
- card_setup
-
--ID="0100"
--OPTS=""
- for KEYTYPE in "RSA" "EC"; do
- echo "======================================================="
- echo "Generate and import $KEYTYPE keys"
- echo "======================================================="
-- if [ "$KEYTYPE" == "RSA" ]; then
-- ID="0100"
-- elif [ "$KEYTYPE" == "EC" ]; then
-+ ID="0100"
-+ OPTS=""
-+ if [ "$KEYTYPE" == "EC" ]; then
- ID="0200"
- OPTS="-pkeyopt ec_paramgen_curve:P-521"
- fi
diff --git a/dev-libs/opensc/files/opensc-0.23.0-backport-pr2765.patch
b/dev-libs/opensc/files/opensc-0.23.0-backport-pr2765.patch
deleted file mode 100644
index 72572c598ac8..000000000000
--- a/dev-libs/opensc/files/opensc-0.23.0-backport-pr2765.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-https://bugs.gentoo.org/909781
-https://github.com/OpenSC/OpenSC/pull/2765
-
-From 36178c8188521f2627d2eea428a7e53d149eed58 Mon Sep 17 00:00:00 2001
-From: Peter Popovec <popovec.pe...@gmail.com>
-Date: Fri, 28 Apr 2023 10:50:25 +0200
-Subject: [PATCH] Fix pkcs11-tool unwrap / incorrect CKA_ID
-
-"object_id[]" and "id_len" must be allocated so that it is not deallocated
-or overwritten (on the stack) at the time of the C_UnwrapKey() call.
-
- modified: src/tools/pkcs11-tool.c
----
- src/tools/pkcs11-tool.c | 5 ++---
- 1 file changed, 2 insertions(+), 3 deletions(-)
-
-diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
-index 890ca27060..f3a01ab4cf 100644
---- a/src/tools/pkcs11-tool.c
-+++ b/src/tools/pkcs11-tool.c
-@@ -3347,6 +3347,8 @@ unwrap_key(CK_SESSION_HANDLE session)
- {CKA_CLASS, &secret_key_class, sizeof(secret_key_class)},
- {CKA_TOKEN, &_true, sizeof(_true)},
- };
-+ CK_BYTE object_id[100];
-+ size_t id_len;
- CK_OBJECT_HANDLE hSecretKey;
- int n_attr = 2;
- CK_RV rv;
-@@ -3450,9 +3452,6 @@ unwrap_key(CK_SESSION_HANDLE session)
- }
-
- if (opt_application_id != NULL) {
-- CK_BYTE object_id[100];
-- size_t id_len;
--
- id_len = sizeof(object_id);
- if (!sc_hex_to_bin(opt_application_id, object_id, &id_len)) {
- FILL_ATTR(keyTemplate[n_attr], CKA_ID, object_id,
id_len);
diff --git a/dev-libs/opensc/opensc-0.23.0-r3.ebuild
b/dev-libs/opensc/opensc-0.23.0-r3.ebuild
deleted file mode 100644
index 9808951f0b2b..000000000000
--- a/dev-libs/opensc/opensc-0.23.0-r3.ebuild
+++ /dev/null
@@ -1,82 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit autotools bash-completion-r1
-
-DESCRIPTION="Libraries and applications to access smartcards"
-HOMEPAGE="https://github.com/OpenSC/OpenSC/wiki";
-
-if [[ ${PV} == *9999 ]]; then
- inherit git-r3
- EGIT_REPO_URI="https://github.com/OpenSC/OpenSC.git";
-else
-
SRC_URI="https://github.com/OpenSC/OpenSC/releases/download/${PV}/${P}.tar.gz";
- KEYWORDS="amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ppc64 ~riscv
~s390 ~sparc x86"
-fi
-
-LICENSE="LGPL-2.1"
-SLOT="0"
-IUSE="ctapi doc openct notify pace +pcsc-lite readline secure-messaging ssl
test zlib"
-RESTRICT="!test? ( test )"
-
-RDEPEND="zlib? ( sys-libs/zlib )
- readline? ( sys-libs/readline:0= )
- ssl? ( dev-libs/openssl:0= )
- openct? ( >=dev-libs/openct-0.5.0 )
- pace? ( dev-libs/openpace:= )
- pcsc-lite? ( >=sys-apps/pcsc-lite-1.3.0 )
- notify? ( dev-libs/glib:2 )"
-DEPEND="${RDEPEND}
- app-text/docbook-xsl-stylesheets
- dev-libs/libxslt
- test? ( dev-util/cmocka )"
-BDEPEND="virtual/pkgconfig"
-
-REQUIRED_USE="
- pcsc-lite? ( !openct !ctapi )
- openct? ( !pcsc-lite !ctapi )
- ctapi? ( !pcsc-lite !openct )
- || ( pcsc-lite openct ctapi )"
-
-PATCHES=(
- "${FILESDIR}"/${P}-CVE-2023-2977.patch
- "${FILESDIR}"/${P}-backport-pr2656.patch
- "${FILESDIR}"/${P}-backport-pr2765.patch
-)
-
-src_prepare() {
- default
- eautoreconf
-}
-
-src_configure() {
- # don't want to run upstream's clang-tidy checks
- export ac_cv_path_CLANGTIDY=""
-
- econf \
- --with-completiondir="$(get_bashcompdir)" \
- --disable-strict \
- --enable-man \
- $(use_enable ctapi) \
- $(use_enable doc) \
- $(use_enable notify) \
- $(use_enable openct) \
- $(use_enable pace openpace) \
- $(use_enable pcsc-lite pcsc) \
- $(use_enable readline) \
- $(use_enable secure-messaging sm) \
- $(use_enable ssl openssl) \
- $(use_enable test cmocka) \
- $(use_enable zlib)
-}
-
-src_install() {
- default
-
- insinto /etc/pkcs11/modules/
- doins "${FILESDIR}"/opensc.module
-
- find "${ED}" -name '*.la' -delete || die
-}
