git: cd09274aa2c5 - main - security/opencryptoki: update to 3.18.0
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 06 May 2022 08:33:03 UTC
The branch main has been updated by hrs:
URL: https://cgit.FreeBSD.org/ports/commit/?id=cd09274aa2c59b5a06508ed00bf5bded7b7b6213
commit cd09274aa2c59b5a06508ed00bf5bded7b7b6213
Author: Hiroki Sato <hrs@FreeBSD.org>
AuthorDate: 2022-05-06 08:31:40 +0000
Commit: Hiroki Sato <hrs@FreeBSD.org>
CommitDate: 2022-05-06 08:32:09 +0000
security/opencryptoki: update to 3.18.0
---
security/opencryptoki/Makefile | 30 +++--
security/opencryptoki/distinfo | 6 +-
security/opencryptoki/files/patch-Makefile.am | 52 ++++++---
security/opencryptoki/files/patch-configure.ac | 67 +++++------
.../opencryptoki/files/patch-usr-include-slotmgr.h | 16 +++
.../opencryptoki/files/patch-usr-lib-api-api.mk | 12 +-
.../files/patch-usr-lib-api-api_interface.c | 11 ++
.../opencryptoki/files/patch-usr-lib-api-apiutil.c | 13 ++-
.../opencryptoki/files/patch-usr-lib-api-policy.c | 39 +++++++
.../files/patch-usr-lib-api-socket_client.c | 8 +-
.../files/patch-usr-lib-common-event_client.c | 11 ++
.../files/patch-usr-lib-common-loadsave.c | 36 +++++-
.../files/patch-usr-lib-common-mech_ec.c | 14 +++
.../files/patch-usr-lib-common-pkcs_utils.c | 11 ++
.../files/patch-usr-lib-common-shared_memory.c | 15 +++
.../files/patch-usr-lib-common-trace.c | 20 +++-
.../files/patch-usr-lib-common-utility.c | 35 +++---
.../patch-usr-lib-ica_s390_stdll-ica_s390_stdll.mk | 7 +-
.../files/patch-usr-lib-soft_stdll-soft_specific.c | 6 +-
.../files/patch-usr-lib-soft_stdll-soft_stdll.mk | 6 +-
.../files/patch-usr-lib-tpm_stdll-tpm_specific.c | 14 +++
.../files/patch-usr-sbin-p11sak-p11sak.c | 20 ++++
.../files/patch-usr-sbin-pkcsconf-pkcsconf.c | 21 +++-
.../files/patch-usr-sbin-pkcsconf-pkcsconf.mk | 6 +-
.../files/patch-usr-sbin-pkcsslotd-mutex.c | 25 ++--
.../patch-usr-sbin-pkcsslotd-opencryptoki.conf | 60 ++++++++++
.../files/patch-usr-sbin-pkcsslotd-pkcsslotd.mk | 52 +++++++++
.../patch-usr-sbin-pkcsslotd-pkcsslotd_util.c | 10 ++
.../files/patch-usr-sbin-pkcsslotd-shmem.c | 8 +-
.../files/patch-usr-sbin-pkcsslotd-slotmgr.c | 55 +++++++++
.../files/patch-usr-sbin-pkcsslotd-socket_server.c | 127 ++++++++++++++++-----
...atch-usr-sbin-pkcstok_migrate-pkcstok_migrate.c | 23 ++++
security/opencryptoki/pkg-plist | 39 ++++---
33 files changed, 688 insertions(+), 187 deletions(-)
diff --git a/security/opencryptoki/Makefile b/security/opencryptoki/Makefile
index 4b95be7be1f7..e829cbf166ed 100644
--- a/security/opencryptoki/Makefile
+++ b/security/opencryptoki/Makefile
@@ -1,8 +1,7 @@
# Created by: Ralf Meister
PORTNAME= opencryptoki
-PORTVERSION= 3.11.0
-PORTREVISION= 2
+PORTVERSION= 3.18.0
DISTVERSIONPREFIX= v
CATEGORIES= security
@@ -14,19 +13,22 @@ LICENSE_NAME= Common Public License
LICENSE_FILE= ${WRKSRC}/LICENSE
LICENSE_PERMS= dist-mirror dist-sell pkg-mirror pkg-sell auto-accept
-LIB_DEPENDS= libtspi.so:security/trousers
+LIB_DEPENDS= libtspi.so:security/trousers \
+ libepoll-shim.so:devel/libepoll-shim
USES= alias autoreconf gmake libtool localbase ssl tar:tgz
-USE_GCC= yes
USE_OPENLDAP= yes
USE_LDCONFIG= ${PREFIX}/lib/opencryptoki
USE_GITHUB= yes
-INSTALL_TARGET= install-strip
GNU_CONFIGURE= yes
-CONFIGURE_ARGS= --enable-swtok --enable-tpmtok \
+CONFIGURE_ENV= LOCALBASE=${LOCALBASE}
+CONFIGURE_ARGS= --enable-swtok \
+ --enable-tpmtok \
--enable-icsftok \
- --disable-crtok --disable-aeptok \
- --disable-ccatok --disable-bcomtok \
+ --disable-crtok \
+ --disable-aeptok \
+ --disable-ccatok \
+ --disable-bcomtok \
--disable-pkcscca_migrate \
--with-lockdir=/var/run/opencryptoki \
--with-logdir=/var/log/opencryptoki \
@@ -35,6 +37,7 @@ CONFIGURE_ARGS= --enable-swtok --enable-tpmtok \
--with-pkcs11user=${USERS} \
--with-pkcs11group=${GROUPS} \
ac_cv_path_CHGRP=true
+INSTALL_TARGET= install-strip
USE_RC_SUBR= pkcsslotd
SUB_FILES= pkg-message
SUB_LIST= USERS="${USERS}" GROUPS="${GROUPS}"
@@ -42,9 +45,16 @@ PLIST_SUB= USERS="${USERS}" GROUPS="${GROUPS}"
USERS= _pkcs11
GROUPS= _pkcs11
+post-patch:
+ cd ${WRKSRC} && \
+ ${REINPLACE_CMD} 's,%%DLLDIR%%,${PREFIX}/lib/opencryptoki/stdll,' \
+ usr/sbin/pkcsslotd/opencryptoki.conf
+
post-install:
- ${MV} ${STAGEDIR}${ETCDIR}/opencryptoki.conf \
- ${STAGEDIR}${ETCDIR}/opencryptoki.conf.sample
+ ${MV} ${STAGEDIR}${DOCSDIR}/strength-example.conf \
+ ${STAGEDIR}${ETCDIR}/strength.conf.sample
+ ${MV} ${STAGEDIR}${DOCSDIR}/policy-example.conf \
+ ${STAGEDIR}${ETCDIR}/policy.conf.sample
${RMDIR} ${STAGEDIR}/var/run/opencryptoki/* \
${STAGEDIR}/var/run/opencryptoki
diff --git a/security/opencryptoki/distinfo b/security/opencryptoki/distinfo
index 263bcc0db79a..b969f909723a 100644
--- a/security/opencryptoki/distinfo
+++ b/security/opencryptoki/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1551564276
-SHA256 (opencryptoki-opencryptoki-v3.11.0_GH0.tar.gz) = 4d901373b08ed0b0d56a4df5e3f35a7d17142bdc5c5bf9b37c8a10200a08d6fd
-SIZE (opencryptoki-opencryptoki-v3.11.0_GH0.tar.gz) = 935891
+TIMESTAMP = 1651086346
+SHA256 (opencryptoki-opencryptoki-v3.18.0_GH0.tar.gz) = 18882bbb3eaff37b2badf93bce1faab86406ed60f40fd5debc08afd3ceba36c2
+SIZE (opencryptoki-opencryptoki-v3.18.0_GH0.tar.gz) = 1337092
diff --git a/security/opencryptoki/files/patch-Makefile.am b/security/opencryptoki/files/patch-Makefile.am
index b8e43eab836d..36da7c4e1f9c 100644
--- a/security/opencryptoki/files/patch-Makefile.am
+++ b/security/opencryptoki/files/patch-Makefile.am
@@ -1,14 +1,6 @@
---- Makefile.am.orig 2018-11-16 23:53:03.000000000 +0900
-+++ Makefile.am 2019-03-03 12:39:45.031868000 +0900
-@@ -29,7 +29,6 @@
- include man/man.mk
- include usr/usr.mk
-
--
- install-data-hook:
- if ENABLE_LIBRARY
- $(MKDIR_P) $(DESTDIR)$(libdir)/opencryptoki/stdll
-@@ -37,9 +36,9 @@
+--- Makefile.am.orig 2022-04-25 11:04:51 UTC
++++ Makefile.am
+@@ -39,9 +39,9 @@ if ENABLE_LIBRARY
cd $(DESTDIR)$(libdir)/opencryptoki && \
ln -fs libopencryptoki.so PKCS11_API.so
cd $(DESTDIR)$(libdir)/opencryptoki && \
@@ -20,7 +12,7 @@
cd $(DESTDIR)$(libdir)/pkcs11 && \
ln -fs ../opencryptoki/libopencryptoki.so PKCS11_API.so
cd $(DESTDIR)$(libdir)/pkcs11 && \
-@@ -51,24 +50,24 @@
+@@ -53,55 +53,55 @@ if ENABLE_CCATOK
cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
ln -fs libpkcs11_cca.so PKCS11_CCA.so
$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ
@@ -47,11 +39,20 @@
$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok
$(MKDIR_P) $(DESTDIR)$(lockdir)/ep11tok
- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/ep11tok
-+ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/ep11tok
++ $(CHGRP) @PKCSGROUP11@ $(DESTDIR)$(lockdir)/ep11tok
$(CHMOD) 0770 $(DESTDIR)$(lockdir)/ep11tok
test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true
- test -f $(DESTDIR)$(sysconfdir)/opencryptoki/ep11tok.conf || $(INSTALL) -m 644 $(srcdir)/usr/lib/ep11_stdll/ep11tok.conf $(DESTDIR)$(sysconfdir)/opencryptoki/ep11tok.conf || true
-@@ -78,24 +77,24 @@
+- test -f $(DESTDIR)$(sysconfdir)/opencryptoki/ep11tok.conf || $(INSTALL) -m 644 $(srcdir)/usr/lib/ep11_stdll/ep11tok.conf $(DESTDIR)$(sysconfdir)/opencryptoki/ep11tok.conf || true
+- test -f $(DESTDIR)$(sysconfdir)/opencryptoki/ep11cpfilter.conf || $(INSTALL) -m 644 $(srcdir)/usr/lib/ep11_stdll/ep11cpfilter.conf $(DESTDIR)$(sysconfdir)/opencryptoki/ep11cpfilter.conf || true
++ test -f $(DESTDIR)$(sysconfdir)/opencryptoki/ep11tok.conf.sample || $(INSTALL) -m 644 $(srcdir)/usr/lib/ep11_stdll/ep11tok.conf $(DESTDIR)$(sysconfdir)/opencryptoki/ep11tok.conf.sample || true
++ test -f $(DESTDIR)$(sysconfdir)/opencryptoki/ep11cpfilter.conf.sample || $(INSTALL) -m 644 $(srcdir)/usr/lib/ep11_stdll/ep11cpfilter.conf $(DESTDIR)$(sysconfdir)/opencryptoki/ep11cpfilter.conf.sample || true
+ endif
+ if ENABLE_P11SAK
+ test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true
+- test -f $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || $(INSTALL) -g pkcs11 -m 0640 $(srcdir)/usr/sbin/p11sak/p11sak_defined_attrs.conf $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || true
++ test -f $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf.sample || $(INSTALL) -m 0640 $(srcdir)/usr/sbin/p11sak/p11sak_defined_attrs.conf $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf.sample || true
+ endif
+ if ENABLE_ICATOK
cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
ln -fs libpkcs11_ica.so PKCS11_ICA.so
$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ
@@ -82,7 +83,7 @@
$(CHMOD) 0770 $(DESTDIR)$(lockdir)/swtok
endif
if ENABLE_TPMTOK
-@@ -103,10 +102,10 @@
+@@ -109,10 +109,10 @@ if ENABLE_TPMTOK
cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
ln -fs libpkcs11_tpm.so PKCS11_TPM.so
$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm
@@ -95,7 +96,7 @@
$(CHMOD) 0770 $(DESTDIR)$(lockdir)/tpm
endif
if ENABLE_ICSFTOK
-@@ -114,10 +113,10 @@
+@@ -120,16 +120,15 @@ if ENABLE_ICSFTOK
cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
ln -fs libpkcs11_icsf.so PKCS11_ICSF.so
$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf
@@ -108,7 +109,14 @@
$(CHMOD) 0770 $(DESTDIR)$(lockdir)/icsf
endif
if ENABLE_DAEMON
-@@ -130,16 +129,8 @@
+ test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true
+- test -f $(DESTDIR)$(sysconfdir)/opencryptoki/opencryptoki.conf || $(INSTALL) -m 644 $(srcdir)/usr/sbin/pkcsslotd/opencryptoki.conf $(DESTDIR)$(sysconfdir)/opencryptoki/opencryptoki.conf || true
+- test -f $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || $(INSTALL) -m 640 -o root -g pkcs11 -T $(srcdir)/doc/strength-example.conf $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || true
++ test -f $(DESTDIR)$(sysconfdir)/opencryptoki/opencryptoki.conf.sample || $(INSTALL) -m 644 $(srcdir)/usr/sbin/pkcsslotd/opencryptoki.conf $(DESTDIR)$(sysconfdir)/opencryptoki/opencryptoki.conf.sample || true
+ if ENABLE_SYSTEMD
+ mkdir -p $(DESTDIR)/usr/lib/tmpfiles.d
+ cp $(srcdir)/misc/tmpfiles.conf $(DESTDIR)/usr/lib/tmpfiles.d/opencryptoki.conf
+@@ -137,16 +136,8 @@ if ENABLE_SYSTEMD
rm -f $(DESTDIR)/usr/lib/systemd/system/tmpfiles.conf
endif
endif
@@ -126,3 +134,11 @@
$(CHMOD) 0770 $(DESTDIR)$(lockdir) $(DESTDIR)$(logdir)
+@@ -190,7 +181,6 @@ if ENABLE_TPMTOK
+ cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
+ rm -rf PKCS11_TPM.so; fi
+ endif
+- rm -f $(DESTDIR)/etc/ld.so.conf.d/opencryptoki-$(target_cpu).conf
+ if ENABLE_ICSFTOK
+ if test -d $(DESTDIR)$(libdir)/opencryptoki/stdll; then \
+ cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
diff --git a/security/opencryptoki/files/patch-configure.ac b/security/opencryptoki/files/patch-configure.ac
index 866c75f80e4d..8dd546747d7f 100644
--- a/security/opencryptoki/files/patch-configure.ac
+++ b/security/opencryptoki/files/patch-configure.ac
@@ -1,4 +1,4 @@
---- configure.ac.orig 2018-11-16 14:53:03 UTC
+--- configure.ac.orig 2022-04-25 11:04:51 UTC
+++ configure.ac
@@ -12,6 +12,9 @@ dnl Checks for header files.
AC_DISABLE_STATIC
@@ -10,16 +10,25 @@
AC_HEADER_STDC
AC_CHECK_HEADER_STDBOOL
AC_CHECK_HEADERS([arpa/inet.h fcntl.h libintl.h limits.h locale.h malloc.h \
-@@ -77,18 +80,27 @@ fi
+@@ -47,7 +50,7 @@ AC_CHECK_FUNCS([atexit ftruncate gettimeofday localtim
+ strdup strerror strncasecmp strrchr strstr strtol strtoul])
+
+ dnl Used in various scripts
+-AC_PATH_PROG([ID], [id], [/us/bin/id])
++AC_PATH_PROG([ID], [id], [/usr/bin/id])
+ AC_PATH_PROG([USERMOD], [usermod], [/usr/sbin/usermod])
+ AC_PATH_PROG([GROUPADD], [groupadd], [/usr/sbin/groupadd])
+ AC_PATH_PROG([CAT], [cat], [/bin/cat])
+@@ -71,19 +74,27 @@ fi
AC_CHECK_LIB([itm], [_ITM_commitTransaction], [itm=yes], [itm=no])
OPENLDAP_LIBS=
-AC_CHECK_HEADERS([lber.h ldap.h],
+if test "x$enable_icsftok" = "xyes"; then
+ AC_CHECK_HEADERS([lber.h ldap.h],
- [OPENLDAP_LIBS="-llber -lldap"],
- [AC_MSG_ERROR([lber.h and ldap.h are missing. Please install
- 'openldap-devel'.])])
+ [OPENLDAP_LIBS="-llber -lldap"],
+ [AC_MSG_ERROR([lber.h and ldap.h are missing. Please install
+ 'openldap-devel'.])])
-LIBS="$LIBS $OPENLDAP_LIBS"
+ LIBS="$LIBS $OPENLDAP_LIBS"
+fi
@@ -34,65 +43,59 @@
+ [lockdir=$localstatedir/lock/opencryptoki])
AC_SUBST(lockdir)
+-logdir=$localstatedir/log/opencryptoki
+AC_ARG_WITH([logdir],
+ [AS_HELP_STRING([--with-logdir],[log directory])],
+ [logdir=$withval],
+ [logdir=$localstatedir/log/opencryptoki])
- logdir=$localstatedir/log/opencryptoki
AC_SUBST(logdir)
-@@ -225,6 +237,19 @@ AC_ARG_WITH([systemd],
+ dnl ---
+@@ -241,6 +252,19 @@ AC_ARG_WITH([libudev],
[],
- [with_systemd=no])
+ [with_libudev=check])
+dnl --- check for pkcs11 user
+AC_ARG_WITH([pkcs11user],
+ AC_HELP_STRING([--with-pkcs11user[[=USER]]], [set pkcs11 user [[pkcs11]]]),
+ [pkcs11_user=$withval],
-+ [pkcs11_user=pkcs11])
++ [pkcs11_user=_pkcs11])
+dnl --- check for pkcs11 group
+AC_ARG_WITH(pkcs11group,
+ AC_HELP_STRING([--with-pkcs11group[[=GROUP]]], [set pkcs11 group [[pkcs11]]]),
+ [pkcs11_group=$withval],
-+ [pkcs11_group=pkcs11])
++ [pkcs11_group=_pkcs11])
+AC_SUBST(PKCS11USER, $pkcs11_user)
+AC_SUBST(PKCS11GROUP, $pkcs11_group)
+
dnl ---
dnl ---
dnl --- Now that we have all the options, let's check for a valid build
-@@ -598,12 +623,31 @@ else
+@@ -662,10 +686,14 @@ libitm and gcc>=4.7 is required])
fi
AM_CONDITIONAL([ENABLE_LOCKS], [test "x$enable_locks" = "xyes"])
-CFLAGS="$CFLAGS -DPKCS64 -D_XOPEN_SOURCE=600 -Wall -Wextra"
-+CFLAGS="$CFLAGS \
-+ -Wall \
-+ -Wextra \
-+ -Wno-pointer-sign \
-+"
-+CPPFX=' \
-+ -DCONFIG_PATH=\"$(localstatedir)/lib/opencryptoki\" \
-+ -DSBIN_PATH=\"$(sbindir)\" \
-+ -DLIB_PATH=\"$(libdir)\" \
-+ -DLOCKDIR_PATH=\"$(lockdir)\" \
-+ -DOCK_CONFDIR=\"$(sysconfdir)/opencryptoki\" \
-+ -DOCK_LOGDIR=\"$(logdir)\" \
-+'
-+CPPFLAGS="$CPPFLAGS \
-+ -DPKCS64 \
-+ -D_XOPEN_SOURCE=600 \
-+ $CPPFX \
-+ -DPKCS11USER=\\\"${pkcs11_user}\\\" \
-+ -DPKCS11GROUP=\\\"${pkcs11_group}\\\" \
-+"
++CFLAGS="$CFLAGS -Wall -Wextra -Wno-pointer-sign"
-CFLAGS+=' -DCONFIG_PATH=\"$(localstatedir)/lib/opencryptoki\" -DSBIN_PATH=\"$(sbindir)\" -DLIB_PATH=\"$(libdir)\" -DLOCKDIR_PATH=\"$(lockdir)\" -DOCK_CONFDIR=\"$(sysconfdir)/opencryptoki\" -DOCK_LOGDIR=\"$(logdir)\"'
--
++CPPFX='-DCONFIG_PATH=\"$(localstatedir)/lib/opencryptoki\" -DSBIN_PATH=\"$(sbindir)\" -DLIB_PATH=\"$(libdir)\" -DLOCKDIR_PATH=\"$(lockdir)\" -DOCK_CONFDIR=\"$(sysconfdir)/opencryptoki\" -DOCK_LOGDIR=\"$(logdir)\"'
+
++CPPFLAGS="$CPPFLAGS -DPKCS64 -D_XOPEN_SOURCE=600 $CPPFX"
++CPPFLAGS="$CPPFLAGS -DPKCS11USER=\\\"${pkcs11_user}\\\""
++CPPFLAGS="$CPPFLAGS -DPKCS11GROUP=\\\"${pkcs11_group}\\\""
++
# At this point, CFLAGS is set to something sensible
AC_PROG_CC
+ AC_PROG_CXX
+@@ -678,6 +706,10 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM(
+ #endif]])],,
+ [AC_MSG_ERROR([C++ compiler is missing on your system. Please install 'gcc-c++'.])])
+ AC_LANG_POP([C++])
+
+AC_SUBST(FPIC, $lt_prog_compiler_pic)
++
++AC_SUBST(LOCALBASE, $LOCALBASE)
AC_CONFIG_MACRO_DIRS([m4])
diff --git a/security/opencryptoki/files/patch-usr-include-slotmgr.h b/security/opencryptoki/files/patch-usr-include-slotmgr.h
new file mode 100644
index 000000000000..eaef763f7ffd
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-include-slotmgr.h
@@ -0,0 +1,16 @@
+--- usr/include/slotmgr.h.orig 2022-04-25 11:04:51 UTC
++++ usr/include/slotmgr.h
+@@ -31,10 +31,10 @@
+ #define TOK_PATH SBIN_PATH "/pkcsslotd"
+ #define OCK_API_LOCK_FILE LOCKDIR_PATH "/LCK..APIlock"
+
+-#define PROC_SOCKET_FILE_PATH "/run/pkcsslotd.socket"
+-#define ADMIN_SOCKET_FILE_PATH "/run/pkcsslotd.admin.socket"
++#define PROC_SOCKET_FILE_PATH "/var/run/pkcsslotd.socket"
++#define ADMIN_SOCKET_FILE_PATH "/var/run/pkcsslotd.admin.socket"
+
+-#define PID_FILE_PATH "/run/pkcsslotd.pid"
++#define PID_FILE_PATH "/var/run/pkcsslotd.pid"
+ #define OCK_CONFIG OCK_CONFDIR "/opencryptoki.conf"
+
+ #ifndef CK_BOOL
diff --git a/security/opencryptoki/files/patch-usr-lib-api-api.mk b/security/opencryptoki/files/patch-usr-lib-api-api.mk
index 759a7e0e62a7..22d4bf1a3284 100644
--- a/security/opencryptoki/files/patch-usr-lib-api-api.mk
+++ b/security/opencryptoki/files/patch-usr-lib-api-api.mk
@@ -1,17 +1,19 @@
---- usr/lib/api/api.mk.orig 2018-11-16 14:53:03 UTC
+--- usr/lib/api/api.mk.orig 2022-04-25 11:04:51 UTC
+++ usr/lib/api/api.mk
-@@ -7,12 +7,12 @@ SO_REVISION=0
+@@ -8,14 +8,14 @@ SO_REVISION=0
SO_AGE=0
opencryptoki_libopencryptoki_la_CFLAGS = \
- -DAPI -DDEV -D_THREAD_SAFE -fPIC -I${srcdir}/usr/include \
+ -DAPI -DDEV -D_THREAD_SAFE $(FPIC) -I${srcdir}/usr/include \
-I${srcdir}/usr/lib/common -I${srcdir}/usr/lib/api \
- -DSTDLL_NAME=\"api\"
+ -I${srcdir}/usr/lib/config -I${top_builddir}/usr/lib/config \
+ -DSTDLL_NAME=\"api\" -DHASHMAP_JENKINS_MIX \
+ -I${top_builddir}/usr/lib/api
opencryptoki_libopencryptoki_la_LDFLAGS = \
-- -shared -Wl,-z,defs,-Bsymbolic -lc -ldl -lpthread \
-+ -shared -Wl,-z,defs,-Bsymbolic -lc -lpthread \
+- -shared -Wl,-z,defs,-Bsymbolic -lc -ldl -lpthread -lcrypto -lrt \
++ -shared -Wl,-z,defs,-Bsymbolic -lc -lpthread -lcrypto -lrt \
-version-info $(SO_CURRENT):$(SO_REVISION):$(SO_AGE) \
-Wl,--version-script=${srcdir}/opencryptoki.map
diff --git a/security/opencryptoki/files/patch-usr-lib-api-api_interface.c b/security/opencryptoki/files/patch-usr-lib-api-api_interface.c
new file mode 100644
index 000000000000..f23f53dae326
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-api-api_interface.c
@@ -0,0 +1,11 @@
+--- usr/lib/api/api_interface.c.orig 2022-04-25 11:04:51 UTC
++++ usr/lib/api/api_interface.c
+@@ -373,7 +373,7 @@ static CK_RV check_user_and_group()
+ * when forked). So we need to get the group information.
+ * Really need to take the uid and map it to a name.
+ */
+- grp = getgrnam("pkcs11");
++ grp = getgrnam(PKCS11GROUP);
+ if (grp == NULL) {
+ OCK_SYSLOG(LOG_ERR, "getgrnam() failed: %s\n", strerror(errno));
+ goto error;
diff --git a/security/opencryptoki/files/patch-usr-lib-api-apiutil.c b/security/opencryptoki/files/patch-usr-lib-api-apiutil.c
index 76d2b849d7fb..32708dbcdfe3 100644
--- a/security/opencryptoki/files/patch-usr-lib-api-apiutil.c
+++ b/security/opencryptoki/files/patch-usr-lib-api-apiutil.c
@@ -1,22 +1,25 @@
---- usr/lib/api/apiutil.c.orig 2018-11-16 14:53:03 UTC
+--- usr/lib/api/apiutil.c.orig 2022-04-25 11:04:51 UTC
+++ usr/lib/api/apiutil.c
-@@ -19,10 +19,10 @@
+@@ -19,11 +19,14 @@
#include <string.h>
#include <strings.h>
#include <unistd.h>
--#include <alloca.h>
++#if !defined(__FreeBSD__)
+ #include <alloca.h>
++#endif
#include <dlfcn.h>
#include <errno.h>
#include <sys/syslog.h>
+ #include <pthread.h>
+#include <limits.h>
#include <sys/ipc.h>
-@@ -35,7 +35,6 @@
+@@ -36,7 +39,6 @@
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
-#include <sys/file.h>
static int xplfd = -1;
-
+ pthread_rwlock_t xplfd_rwlock = PTHREAD_RWLOCK_INITIALIZER;
diff --git a/security/opencryptoki/files/patch-usr-lib-api-policy.c b/security/opencryptoki/files/patch-usr-lib-api-policy.c
new file mode 100644
index 000000000000..af6fca6c14aa
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-api-policy.c
@@ -0,0 +1,39 @@
+--- usr/lib/api/policy.c.orig 2022-04-25 11:04:51 UTC
++++ usr/lib/api/policy.c
+@@ -1178,10 +1178,10 @@ static CK_RV policy_check_cfg_file(FILE *fp, const cha
+ struct group *grp = NULL;
+ int err;
+
+- grp = getgrnam("pkcs11");
++ grp = getgrnam(PKCS11GROUP);
+ if (!grp) {
+- TRACE_ERROR("Could not retrieve \"pkcs11\" group!");
+- OCK_SYSLOG(LOG_ERR, "POLICY: Could not retrieve \"pkcs11\" group!");
++ TRACE_ERROR("Could not retrieve \"" PKCS11GROUP "\" group!");
++ OCK_SYSLOG(LOG_ERR, "POLICY: Could not retrieve \"" PKCS11GROUP "\" group!");
+ return CKR_GENERAL_ERROR;
+ }
+ if (fstat(fileno(fp), &statbuf)) {
+@@ -1200,16 +1200,17 @@ static CK_RV policy_check_cfg_file(FILE *fp, const cha
+ return CKR_GENERAL_ERROR;
+ }
+ if (statbuf.st_gid != grp->gr_gid) {
+- TRACE_ERROR("Policy configuration file %s should have group \"pkcs11\"!\n",
++ TRACE_ERROR("Policy configuration file %s should have group \"" PKCS11GROUP "\"!\n",
+ name);
+- OCK_SYSLOG(LOG_ERR, "POLICY: Configuration file %s should have group \"pkcs11\"!\n",
++ OCK_SYSLOG(LOG_ERR, "POLICY: Configuration file %s should have group \"" PKCS11GROUP "\"!\n",
+ name);
+ return CKR_GENERAL_ERROR;
+ }
+ if ((statbuf.st_mode & ~S_IFMT) != OCK_POLICY_PERMS) {
+- TRACE_ERROR("Configuration file %s has wrong permissions!\n", name);
+- OCK_SYSLOG(LOG_ERR, "POLICY: Configuration file %s has wrong permissions!\n",
+- name);
++ TRACE_ERROR("Configuration file %s must have %04o permission (was %04o)\n",
++ name, OCK_POLICY_PERMS, (statbuf.st_mode & ~S_IFMT));
++ OCK_SYSLOG(LOG_ERR, "POLICY: Configuration file %s must have %04o permission (is %04o)\n",
++ name, OCK_POLICY_PERMS, (statbuf.st_mode & ~S_IFMT));
+ return CKR_GENERAL_ERROR;
+ }
+ return CKR_OK;
diff --git a/security/opencryptoki/files/patch-usr-lib-api-socket_client.c b/security/opencryptoki/files/patch-usr-lib-api-socket_client.c
index 51ad9ddeb5ed..9d989df6b181 100644
--- a/security/opencryptoki/files/patch-usr-lib-api-socket_client.c
+++ b/security/opencryptoki/files/patch-usr-lib-api-socket_client.c
@@ -1,11 +1,11 @@
---- usr/lib/api/socket_client.c.orig 2018-11-16 14:53:03 UTC
+--- usr/lib/api/socket_client.c.orig 2022-04-25 11:04:51 UTC
+++ usr/lib/api/socket_client.c
-@@ -51,7 +51,7 @@ int init_socket_data()
- return FALSE;
+@@ -49,7 +49,7 @@ int connect_socket(const char *file_path)
+ return -1;
}
- grp = getgrnam("pkcs11");
+ grp = getgrnam(PKCS11GROUP);
if (!grp) {
OCK_SYSLOG(LOG_ERR,
- "init_socket_data: pkcs11 group does not exist, errno=%d",
+ "connect_socket: pkcs11 group does not exist, errno=%d",
diff --git a/security/opencryptoki/files/patch-usr-lib-common-event_client.c b/security/opencryptoki/files/patch-usr-lib-common-event_client.c
new file mode 100644
index 000000000000..258299588368
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-common-event_client.c
@@ -0,0 +1,11 @@
+--- usr/lib/common/event_client.c.orig 2022-04-25 11:04:51 UTC
++++ usr/lib/common/event_client.c
+@@ -32,7 +32,7 @@ static int connect_socket(const char *file_path)
+ if (stat(file_path, &file_info))
+ return -errno;
+
+- grp = getgrnam("pkcs11");
++ grp = getgrnam(PKCS11GROUP);
+ if (!grp)
+ return -errno;
+
diff --git a/security/opencryptoki/files/patch-usr-lib-common-loadsave.c b/security/opencryptoki/files/patch-usr-lib-common-loadsave.c
index 2ac5ea0f2587..4560b35b683c 100644
--- a/security/opencryptoki/files/patch-usr-lib-common-loadsave.c
+++ b/security/opencryptoki/files/patch-usr-lib-common-loadsave.c
@@ -1,10 +1,12 @@
---- usr/lib/common/loadsave.c.orig 2018-11-16 14:53:03 UTC
+--- usr/lib/common/loadsave.c.orig 2022-04-25 11:04:51 UTC
+++ usr/lib/common/loadsave.c
-@@ -20,11 +20,9 @@
+@@ -20,17 +20,22 @@
#include <string.h>
#include <strings.h>
#include <unistd.h>
--#include <alloca.h>
++#if !defined(__FreeBSD__)
+ #include <alloca.h>
++#endif
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/ipc.h>
@@ -12,12 +14,34 @@
#include <errno.h>
#include <syslog.h>
#include <pwd.h>
-@@ -370,7 +368,7 @@ void set_perm(int file)
+ #include <grp.h>
+ #include <openssl/evp.h>
++#if !defined(__FreeBSD__)
+ #include <endian.h>
++#else
++#include <sys/endian.h>
++#endif
+
+ #include "pkcs11types.h"
+ #include "defs.h"
+@@ -132,7 +137,7 @@ void set_perm(int file)
// Set absolute permissions or rw-rw----
fchmod(file, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP);
- grp = getgrnam("pkcs11"); // Obtain the group id
+ grp = getgrnam(PKCS11GROUP); // Obtain the group id
if (grp) {
- // set ownership to root, and pkcs11 group
- if (fchown(file, getuid(), grp->gr_gid) != 0) {
+ // set ownership to pkcs11 group
+ if (fchown(file, -1, grp->gr_gid) != 0) {
+@@ -303,7 +308,11 @@ CK_RV init_data_store(STDLL_TokData_t *tokdata, char *
+ tokdata->pk_dir = NULL;
+ }
+
++#if !defined(__FreeBSD__)
+ if ((pkdir = secure_getenv("PKCS_APP_STORE")) != NULL) {
++#else
++ if ((pkdir = getenv("PKCS_APP_STORE")) != NULL) {
++#endif
+ pklen = strlen(pkdir) + 1024;
+ tokdata->pk_dir = (char *) calloc(pklen, 1);
+ if (!(tokdata->pk_dir))
diff --git a/security/opencryptoki/files/patch-usr-lib-common-mech_ec.c b/security/opencryptoki/files/patch-usr-lib-common-mech_ec.c
new file mode 100644
index 000000000000..4cab27ce0a2a
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-common-mech_ec.c
@@ -0,0 +1,14 @@
+--- usr/lib/common/mech_ec.c.orig 2022-04-25 11:04:51 UTC
++++ usr/lib/common/mech_ec.c
+@@ -14,7 +14,11 @@
+ */
+
+ #define _GNU_SOURCE
++#if !defined(__FreeBSD__)
+ #include <endian.h>
++#else
++#include <sys/endian.h>
++#endif
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <stdint.h>
diff --git a/security/opencryptoki/files/patch-usr-lib-common-pkcs_utils.c b/security/opencryptoki/files/patch-usr-lib-common-pkcs_utils.c
new file mode 100644
index 000000000000..d9a1b70e0bd4
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-common-pkcs_utils.c
@@ -0,0 +1,11 @@
+--- usr/lib/common/pkcs_utils.c.orig 2022-04-25 11:04:51 UTC
++++ usr/lib/common/pkcs_utils.c
+@@ -466,7 +466,7 @@ void set_perm(int file)
+ // Set absolute permissions or rw-rw----
+ fchmod(file, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP);
+
+- grp = getgrnam("pkcs11"); // Obtain the group id
++ grp = getgrnam(PKCS11GROUP); // Obtain the group id
+ if (grp) {
+ // set ownership to pkcs11 group
+ if (fchown(file, -1, grp->gr_gid) != 0) {
diff --git a/security/opencryptoki/files/patch-usr-lib-common-shared_memory.c b/security/opencryptoki/files/patch-usr-lib-common-shared_memory.c
new file mode 100644
index 000000000000..ed1caae32ede
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-common-shared_memory.c
@@ -0,0 +1,15 @@
+--- usr/lib/common/shared_memory.c.orig 2022-04-25 11:04:51 UTC
++++ usr/lib/common/shared_memory.c
+@@ -172,10 +172,10 @@ int sm_open(const char *sm_name, int mode, void **p_ad
+ goto done;
+ }
+
+- grp = getgrnam("pkcs11");
++ grp = getgrnam(PKCS11GROUP);
+ if (!grp) {
+ rc = -errno;
+- SYS_ERROR(errno, "getgrname(\"pkcs11\"): %s\n",
++ SYS_ERROR(errno, "getgrname(\"" PKCS11GROUP "\"): %s\n",
+ strerror(errno));
+ goto done;
+ }
diff --git a/security/opencryptoki/files/patch-usr-lib-common-trace.c b/security/opencryptoki/files/patch-usr-lib-common-trace.c
index 8af744f2dced..fbc6fefa6289 100644
--- a/security/opencryptoki/files/patch-usr-lib-common-trace.c
+++ b/security/opencryptoki/files/patch-usr-lib-common-trace.c
@@ -1,14 +1,26 @@
---- usr/lib/common/trace.c.orig 2018-11-16 14:53:03 UTC
+--- usr/lib/common/trace.c.orig 2022-04-25 11:04:51 UTC
+++ usr/lib/common/trace.c
-@@ -21,6 +21,7 @@
- #include <unistd.h>
+@@ -23,7 +23,10 @@
#include <sys/file.h>
#include <sys/types.h>
+ #include <sys/syscall.h>
+#include <sys/stat.h>
++#include <pthread_np.h>
++
#include "pkcs11types.h"
#include "defs.h"
-@@ -170,7 +171,7 @@ CK_RV trace_initialize(void)
+ #include "host_defs.h"
+@@ -34,7 +37,7 @@
+ #ifdef SYS_gettid
+ #define __gettid() syscall(SYS_gettid)
+ #else
+-#define __gettid() gettid()
++#define __gettid() pthread_getthreadid_np()
+ #endif
+
+ pthread_mutex_t tlmtx = PTHREAD_MUTEX_INITIALIZER;
+@@ -178,7 +181,7 @@ CK_RV trace_initialize(void)
return (CKR_FUNCTION_FAILED);
}
diff --git a/security/opencryptoki/files/patch-usr-lib-common-utility.c b/security/opencryptoki/files/patch-usr-lib-common-utility.c
index 106922a9c42d..0893560aba16 100644
--- a/security/opencryptoki/files/patch-usr-lib-common-utility.c
+++ b/security/opencryptoki/files/patch-usr-lib-common-utility.c
@@ -1,40 +1,37 @@
---- usr/lib/common/utility.c.orig 2018-11-16 14:53:03 UTC
+--- usr/lib/common/utility.c.orig 2022-04-25 11:04:51 UTC
+++ usr/lib/common/utility.c
@@ -21,6 +21,7 @@
#include <errno.h>
#include <pwd.h>
#include <grp.h>
+#include <fcntl.h>
+ #include <pthread.h>
+ #include <openssl/evp.h>
- #include "pkcs11types.h"
- #include "defs.h"
-@@ -35,6 +36,25 @@
+@@ -40,6 +41,22 @@
#include <sys/file.h>
#include <syslog.h>
-+#ifdef __sun
-+#define LOCK_EX F_LOCK
-+#define LOCK_UN F_ULOCK
-+#define flock(fd, func) lockf(fd, func, 0)
-+#endif
-+
+#ifndef LOCK_SH
-+#define LOCK_SH 1 /* shared lock */
++#define LOCK_SH 1
+#endif
++
+#ifndef LOCK_EX
-+#define LOCK_EX 2 /* exclusive lock */
++#define LOCK_EX 2
+#endif
++
+#ifndef LOCK_NB
-+#define LOCK_NB 4 /* don't block when locking */
++#define LOCK_NB 4
+#endif
++
+#ifndef LOCK_UN
-+#define LOCK_UN 8 /* unlock */
++#define LOCK_UN 8
+#endif
+
- // Function: dlist_add_as_first()
- //
- // Adds the specified node to the start of the list
-@@ -317,7 +337,7 @@ CK_RV CreateXProcLock(char *tokname, STDLL_TokData_t *
+ CK_RV CreateXProcLock(char *tokname, STDLL_TokData_t *tokdata)
+ {
+ char lockfile[PATH_MAX];
+@@ -82,7 +99,7 @@ CK_RV CreateXProcLock(char *tokname, STDLL_TokData_t *
lockdir, strerror(errno));
goto err;
}
@@ -43,7 +40,7 @@
if (grp == NULL) {
fprintf(stderr, "getgrname(pkcs11): %s", strerror(errno));
goto err;
-@@ -355,7 +375,7 @@ CK_RV CreateXProcLock(char *tokname, STDLL_TokData_t *
+@@ -122,7 +139,7 @@ CK_RV CreateXProcLock(char *tokname, STDLL_TokData_t *
goto err;
}
diff --git a/security/opencryptoki/files/patch-usr-lib-ica_s390_stdll-ica_s390_stdll.mk b/security/opencryptoki/files/patch-usr-lib-ica_s390_stdll-ica_s390_stdll.mk
index 53c9d5f8ab0e..c8ea5dfc3812 100644
--- a/security/opencryptoki/files/patch-usr-lib-ica_s390_stdll-ica_s390_stdll.mk
+++ b/security/opencryptoki/files/patch-usr-lib-ica_s390_stdll-ica_s390_stdll.mk
@@ -1,14 +1,15 @@
---- usr/lib/ica_s390_stdll/ica_s390_stdll.mk.orig 2018-11-16 14:53:03 UTC
+--- usr/lib/ica_s390_stdll/ica_s390_stdll.mk.orig 2022-04-25 11:04:51 UTC
+++ usr/lib/ica_s390_stdll/ica_s390_stdll.mk
-@@ -3,14 +3,14 @@ nobase_lib_LTLIBRARIES += opencryptoki/stdll/libpkcs11
+@@ -3,7 +3,7 @@ nobase_lib_LTLIBRARIES += opencryptoki/stdll/libpkcs11
noinst_HEADERS += usr/lib/ica_s390_stdll/tok_struct.h
opencryptoki_stdll_libpkcs11_ica_la_CFLAGS = \
- -DDEV -D_THREAD_SAFE -fPIC -DSHALLOW=0 -DSWTOK=0 -DLITE=1 \
+ -DDEV -D_THREAD_SAFE $(FPIC) -DSHALLOW=0 -DSWTOK=0 -DLITE=1 \
-DNODH -DNOCDMF -DNOMD2 -DNODSA -DSTDLL_NAME=\"icatok\" \
+ -DTOK_NEW_DATA_STORE=0x0003000c \
$(ICA_INC_DIRS) -I${srcdir}/usr/lib/ica_s390_stdll \
- -I${srcdir}/usr/lib/common -I${srcdir}/usr/include
+@@ -12,7 +12,7 @@ opencryptoki_stdll_libpkcs11_ica_la_CFLAGS = \
opencryptoki_stdll_libpkcs11_ica_la_LDFLAGS = \
$(LCRYPTO) $(ICA_LIB_DIRS) -nostartfiles -shared \
diff --git a/security/opencryptoki/files/patch-usr-lib-soft_stdll-soft_specific.c b/security/opencryptoki/files/patch-usr-lib-soft_stdll-soft_specific.c
index 164da96ccc76..a62410f0de9d 100644
--- a/security/opencryptoki/files/patch-usr-lib-soft_stdll-soft_specific.c
+++ b/security/opencryptoki/files/patch-usr-lib-soft_stdll-soft_specific.c
@@ -1,4 +1,4 @@
---- usr/lib/soft_stdll/soft_specific.c.orig 2018-11-16 14:53:03 UTC
+--- usr/lib/soft_stdll/soft_specific.c.orig 2022-04-25 11:04:51 UTC
+++ usr/lib/soft_stdll/soft_specific.c
@@ -19,6 +19,10 @@
@@ -11,7 +11,7 @@
#include <pthread.h>
#include <string.h> // for memcmp() et al
#include <stdlib.h>
-@@ -36,7 +40,17 @@
+@@ -38,7 +42,17 @@
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
@@ -27,5 +27,5 @@
#include <endian.h>
+#endif
- #include <openssl/des.h>
#include <openssl/rand.h>
+ #include <openssl/dh.h>
diff --git a/security/opencryptoki/files/patch-usr-lib-soft_stdll-soft_stdll.mk b/security/opencryptoki/files/patch-usr-lib-soft_stdll-soft_stdll.mk
index 1c0b8fcdd670..484201a38bb4 100644
--- a/security/opencryptoki/files/patch-usr-lib-soft_stdll-soft_stdll.mk
+++ b/security/opencryptoki/files/patch-usr-lib-soft_stdll-soft_stdll.mk
@@ -1,4 +1,4 @@
---- usr/lib/soft_stdll/soft_stdll.mk.orig 2018-11-16 14:53:03 UTC
+--- usr/lib/soft_stdll/soft_stdll.mk.orig 2022-04-25 11:04:51 UTC
+++ usr/lib/soft_stdll/soft_stdll.mk
@@ -4,7 +4,7 @@ noinst_HEADERS += usr/lib/soft_stdll/tok_struct.h
@@ -6,6 +6,6 @@
-DDEV -D_THREAD_SAFE -DSHALLOW=0 -DSWTOK=1 -DLITE=0 -DNOCDMF \
- -DNOMD2 -DNODSA -DNORIPE -fPIC -I${srcdir}/usr/lib/soft_stdll \
+ -DNOMD2 -DNODSA -DNORIPE $(FPIC) -I${srcdir}/usr/lib/soft_stdll \
+ -DTOK_NEW_DATA_STORE=0x0003000c \
-I${srcdir}/usr/lib/common -I${srcdir}/usr/include \
- -DSTDLL_NAME=\"swtok\"
-
+ -DSTDLL_NAME=\"swtok\" -I${top_builddir}/usr/lib/api \
diff --git a/security/opencryptoki/files/patch-usr-lib-tpm_stdll-tpm_specific.c b/security/opencryptoki/files/patch-usr-lib-tpm_stdll-tpm_specific.c
new file mode 100644
index 000000000000..076414c35609
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-tpm_stdll-tpm_specific.c
@@ -0,0 +1,14 @@
+--- usr/lib/tpm_stdll/tpm_specific.c.orig 2022-04-25 11:04:51 UTC
++++ usr/lib/tpm_stdll/tpm_specific.c
+@@ -3251,9 +3251,9 @@ int token_specific_creatlock(void)
+ "Directory(%s) missing: %s\n", lockdir, strerror(errno));
+ goto err;
+ }
+- grp = getgrnam("pkcs11");
++ grp = getgrnam(PKCS11GROUP);
+ if (grp == NULL) {
+- fprintf(stderr, "getgrname(pkcs11): %s", strerror(errno));
++ fprintf(stderr, "getgrname(" PKCS11GROUP "): %s", strerror(errno));
+ goto err;
+ }
+ /* set ownership to euid, and pkcs11 group */
diff --git a/security/opencryptoki/files/patch-usr-sbin-p11sak-p11sak.c b/security/opencryptoki/files/patch-usr-sbin-p11sak-p11sak.c
new file mode 100644
index 000000000000..3dddb5de9d8b
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-sbin-p11sak-p11sak.c
@@ -0,0 +1,20 @@
+--- usr/sbin/p11sak/p11sak.c.orig 2022-04-25 11:04:51 UTC
++++ usr/sbin/p11sak/p11sak.c
+@@ -19,7 +19,7 @@
+ #include "cfgparser.h"
+ #include "configuration.h"
+ #include <ctype.h>
+-#include <linux/limits.h>
++#include <limits.h>
+
+ #include <unistd.h>
+ #include <sys/types.h>
+@@ -81,7 +81,7 @@ static void load_pkcs11lib(void)
+ const char *libname;
+
+ /* check for environment variable PKCSLIB */
+- libname = secure_getenv("PKCSLIB");
++ libname = getenv("PKCSLIB");
+ if (libname == NULL || strlen(libname) < 1)
+ libname = default_pkcs11lib;
+
diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c b/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c
index 96a5dff1a837..5191373d0e1e 100644
--- a/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c
+++ b/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c
@@ -1,11 +1,20 @@
---- usr/sbin/pkcsconf/pkcsconf.c.orig 2018-11-16 14:53:03 UTC
+--- usr/sbin/pkcsconf/pkcsconf.c.orig 2022-04-25 11:04:51 UTC
+++ usr/sbin/pkcsconf/pkcsconf.c
-@@ -530,6 +530,8 @@ CK_RV display_pkcs11_info(void)
- printf("\tLibrary Version %d.%d \n", CryptokiInfo.libraryVersion.major,
+@@ -548,7 +548,7 @@ CK_RV check_user_and_group(void)
+ * when forked). So we need to get the group information.
+ * Really need to take the uid and map it to a name.
+ */
+- grp = getgrnam("pkcs11");
++ grp = getgrnam(PKCS11GROUP);
+ if (grp == NULL) {
+ return CKR_FUNCTION_FAILED;
+ }
+@@ -589,6 +589,8 @@ CK_RV display_pkcs11_info(void)
+ printf("\tLibrary Description: %.32s \n", CryptokiInfo.libraryDescription);
+ printf("\tLibrary Version: %d.%d \n", CryptokiInfo.libraryVersion.major,
CryptokiInfo.libraryVersion.minor);
-
-+ cleanup();
+
++ cleanup();
+
return rc;
}
-
diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.mk b/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.mk
index 7f56db8137e3..f7c8bb358539 100644
--- a/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.mk
+++ b/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.mk
@@ -1,4 +1,4 @@
---- usr/sbin/pkcsconf/pkcsconf.mk.orig 2018-11-16 14:53:03 UTC
+--- usr/sbin/pkcsconf/pkcsconf.mk.orig 2022-04-25 11:04:51 UTC
+++ usr/sbin/pkcsconf/pkcsconf.mk
@@ -1,7 +1,7 @@
sbin_PROGRAMS += usr/sbin/pkcsconf/pkcsconf
@@ -7,5 +7,5 @@
-usr_sbin_pkcsconf_pkcsconf_LDFLAGS = -lpthread -ldl -lcrypto
+usr_sbin_pkcsconf_pkcsconf_LDFLAGS = -lpthread -lcrypto
- usr_sbin_pkcsconf_pkcsconf_CFLAGS = \
- -D_THREAD_SAFE -DDEBUG -DDEV -DAPI \
+ usr_sbin_pkcsconf_pkcsconf_CFLAGS = -D_THREAD_SAFE -DDEBUG -DDEV \
+ -DAPI -I${srcdir}/usr/include -I${srcdir}/usr/lib/common \
diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-mutex.c b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-mutex.c
index e64ad70486a9..dfb4f47233c6 100644
--- a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-mutex.c
+++ b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-mutex.c
@@ -1,6 +1,6 @@
---- usr/sbin/pkcsslotd/mutex.c.orig 2018-11-16 14:53:03 UTC
+--- usr/sbin/pkcsslotd/mutex.c.orig 2022-04-25 11:04:51 UTC
+++ usr/sbin/pkcsslotd/mutex.c
-@@ -16,10 +16,29 @@
+@@ -16,10 +16,24 @@
#include <sys/stat.h>
#include <grp.h>
#include <string.h>
@@ -9,11 +9,6 @@
#include "log.h"
#include "slotmgr.h"
-+#ifdef __sun
-+#define LOCK_EX F_LOCK
-+#define LOCK_UN F_ULOCK
-+#define flock(fd, func) lockf(fd, func, 0)
-+#endif
+#ifndef LOCK_SH
+#define LOCK_SH 1 /* shared lock */
+#endif
@@ -30,12 +25,12 @@
static int xplfd = -1;
int CreateXProcLock(void)
-@@ -41,7 +60,7 @@ int CreateXProcLock(void)
- goto error;
- }
+@@ -37,7 +51,7 @@ int CreateXProcLock(void)
+ goto error;
+ }
-- grp = getgrnam("pkcs11");
-+ grp = getgrnam(PKCS11GROUP);
- if (grp != NULL) {
- if (fchown(xplfd, -1, grp->gr_gid) == -1) {
- DbgLog(DL0, "%s:fchown(%s):%s\n",
+- grp = getgrnam("pkcs11");
++ grp = getgrnam(PKCS11GROUP);
+ if (grp != NULL) {
+ if (fchown(xplfd, -1, grp->gr_gid) == -1) {
+ DbgLog(DL0, "%s:fchown(%s):%s\n",
diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-opencryptoki.conf b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-opencryptoki.conf
new file mode 100644
index 000000000000..9b9a5c6060ca
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-opencryptoki.conf
@@ -0,0 +1,60 @@
+--- usr/sbin/pkcsslotd/opencryptoki.conf.orig 2022-04-25 11:04:51 UTC
++++ usr/sbin/pkcsslotd/opencryptoki.conf
+@@ -21,31 +21,40 @@ version opencryptoki-3.18
+ #
+ slot 0
+ {
+-stdll = libpkcs11_tpm.so
+-tokversion = 3.12
++ stdll = %%DLLDIR%%/libpkcs11_tpm.so
++ description = "TPM (Trusted Platform Module) Token"
++ tokversion = 3.12
*** 461 LINES SKIPPED ***