Date: Wed, 18 May 2016 17:23:00 +0000 (UTC) From: Hiroki Sato <hrs@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r415459 - in head/security/opencryptoki: . files Message-ID: <201605181723.u4IHN0vY062375@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: hrs Date: Wed May 18 17:22:59 2016 New Revision: 415459 URL: https://svnweb.freebsd.org/changeset/ports/415459 Log: Update to 3.5. Notable changes are as follows: - No longer required to run pkcs11_startup. pkcs11_startup and pkcs_slotd were shell scripts that created the config file, pk_config_data, which was read by pkcsslotd to get available slot information. The pk_config_data configuration file has been replaced with /etc/opencryptoki/opencryptoki.conf. In version 3, the pkcsslotd daemon reads opencryptoki.conf to get slot information. The opencryptoki.conf by default contains slot information for each token currently supported by opencryptoki with the exception of the ICSF token, which requires some initial setup. Please see man page for opencryptoki.conf for further information. Since pk_config_data is no longer required, pkcs11_startup and pkcs_slotd have been removed. Added: head/security/opencryptoki/files/patch-usr-lib-pkcs11-api-socket_client.c (contents, props changed) head/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-Makefile.am (contents, props changed) head/security/opencryptoki/files/patch-usr-lib-pkcs11-common-btree.c (contents, props changed) head/security/opencryptoki/files/patch-usr-lib-pkcs11-common-trace.c (contents, props changed) head/security/opencryptoki/files/patch-usr-lib-pkcs11-icsf_stdll-Makefile.am (contents, props changed) head/security/opencryptoki/files/patch-usr-lib-pkcs11-icsf_stdll-pbkdf.c (contents, props changed) head/security/opencryptoki/files/patch-usr-lib-pkcs11-soft_stdll-soft_specific.c (contents, props changed) head/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-Makefile.am (contents, props changed) head/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-log.h (contents, props changed) head/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-socket_server.c (contents, props changed) Deleted: head/security/opencryptoki/files/patch-usr-include-pkcs11-apictl.h head/security/opencryptoki/files/patch-usr-include-pkcs11-slotmgr.h head/security/opencryptoki/files/patch-usr-include-pkcs11-stdll.h head/security/opencryptoki/files/patch-usr-lib-pkcs11-aep_stdll-Makefile.am head/security/opencryptoki/files/patch-usr-lib-pkcs11-api-api_interface.c head/security/opencryptoki/files/patch-usr-lib-pkcs11-bcom_stdll-Makefile.am head/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-host_defs.h head/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-loadsave.c head/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-new_host.c head/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-tok_spec_struct.h head/security/opencryptoki/files/patch-usr-lib-pkcs11-common-new_host.c head/security/opencryptoki/files/patch-usr-lib-pkcs11-common-tok_spec_struct.h head/security/opencryptoki/files/patch-usr-lib-pkcs11-cr_stdll-Makefile.am head/security/opencryptoki/files/patch-usr-lib-pkcs11-ica_stdll-Makefile.am head/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-host_defs.h head/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-loadsave.c head/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-new_host.c head/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-tok_spec_struct.h head/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-utility.c head/security/opencryptoki/files/patch-usr-sbin-pkcs11_startup-Makefile.am head/security/opencryptoki/files/patch-usr-sbin-pkcs11_startup-pkcs11_startup.in head/security/opencryptoki/files/patch-usr-sbin-pkcs_slot-pkcs_slot.in head/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-err.c Modified: head/security/opencryptoki/Makefile head/security/opencryptoki/distinfo head/security/opencryptoki/files/patch-Makefile.am head/security/opencryptoki/files/patch-configure.in head/security/opencryptoki/files/patch-usr-lib-Makefile.am head/security/opencryptoki/files/patch-usr-lib-pkcs11-api-Makefile.am head/security/opencryptoki/files/patch-usr-lib-pkcs11-api-apiutil.c head/security/opencryptoki/files/patch-usr-lib-pkcs11-api-shrd_mem.c.in head/security/opencryptoki/files/patch-usr-lib-pkcs11-common-host_defs.h head/security/opencryptoki/files/patch-usr-lib-pkcs11-common-loadsave.c head/security/opencryptoki/files/patch-usr-lib-pkcs11-common-utility.c head/security/opencryptoki/files/patch-usr-lib-pkcs11-ica_s390_stdll-Makefile.am head/security/opencryptoki/files/patch-usr-lib-pkcs11-soft_stdll-Makefile.am head/security/opencryptoki/files/patch-usr-sbin-pkcsconf-Makefile.am head/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c head/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-mutex.c head/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-pkcsslotd.h head/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-shmem.c head/security/opencryptoki/files/pkcsslotd.in head/security/opencryptoki/pkg-plist Modified: head/security/opencryptoki/Makefile ============================================================================== --- head/security/opencryptoki/Makefile Wed May 18 17:19:40 2016 (r415458) +++ head/security/opencryptoki/Makefile Wed May 18 17:22:59 2016 (r415459) @@ -2,8 +2,7 @@ # $FreeBSD$ PORTNAME= opencryptoki -PORTVERSION= 2.3.2 -PORTREVISION= 8 +PORTVERSION= 3.5 CATEGORIES= security MASTER_SITES= SF @@ -17,23 +16,35 @@ LICENSE_PERMS= dist-mirror dist-sell pkg LIB_DEPENDS= libtspi.so:security/trousers -USES= alias autoreconf gmake libtool tar:bzip2 +USES= alias autoreconf gmake libtool tar:tgz USE_LDCONFIG= ${PREFIX}/lib/opencryptoki +WRKSRC= ${WRKDIR}/${PORTNAME} INSTALL_TARGET= install-strip GNU_CONFIGURE= yes CONFIGURE_ARGS= --enable-swtok --enable-tpmtok \ --disable-crtok --disable-aeptok \ --disable-ccatok --disable-bcomtok \ --disable-pkcscca_migrate \ + --with-lockdir=/var/run/opencryptoki \ + --with-logdir=/var/log/opencryptoki \ --localstatedir=/var \ --with-pkcs11user=${USERS} \ - --with-pkcs11group=${GROUPS} + --with-pkcs11group=${GROUPS} \ + ac_cv_path_CHGRP=true CFLAGS+= -I${LOCALBASE}/include LDFLAGS+= -L${LOCALBASE}/lib USE_RC_SUBR= pkcsslotd SUB_FILES= pkg-message -SUB_LIST= USERS=${USERS} GROUPS=${GROUPS} +SUB_LIST= USERS="${USERS}" GROUPS="${GROUPS}" +PLIST_SUB= USERS="${USERS}" GROUPS="${GROUPS}" USERS= _pkcs11 GROUPS= _pkcs11 +post-install: + ${MV} ${STAGEDIR}${ETCDIR}/opencryptoki.conf \ + ${STAGEDIR}${ETCDIR}/opencryptoki.conf.sample + ${RMDIR} ${STAGEDIR}/var/run/opencryptoki/swtok \ + ${STAGEDIR}/var/run/opencryptoki/tpm \ + ${STAGEDIR}/var/run/opencryptoki + .include <bsd.port.mk> Modified: head/security/opencryptoki/distinfo ============================================================================== --- head/security/opencryptoki/distinfo Wed May 18 17:19:40 2016 (r415458) +++ head/security/opencryptoki/distinfo Wed May 18 17:22:59 2016 (r415459) @@ -1,2 +1,3 @@ -SHA256 (opencryptoki-2.3.2.tar.bz2) = 44fdf74a9eab2586240a69779c5c323e8378e8f2fde21cd4f8bd9186a24c30f7 -SIZE (opencryptoki-2.3.2.tar.bz2) = 665134 +TIMESTAMP = 1463579349 +SHA256 (opencryptoki-3.5.tgz) = 2789e3135196828e2b904faba766aa4c7fd9d1e67664df79bd9a05381a771452 +SIZE (opencryptoki-3.5.tgz) = 1031722 Modified: head/security/opencryptoki/files/patch-Makefile.am ============================================================================== --- head/security/opencryptoki/files/patch-Makefile.am Wed May 18 17:19:40 2016 (r415458) +++ head/security/opencryptoki/files/patch-Makefile.am Wed May 18 17:22:59 2016 (r415459) @@ -1,6 +1,6 @@ ---- Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900 -+++ Makefile.am 2010-11-23 22:35:25.112978674 +0900 -@@ -8,5 +8,5 @@ +--- Makefile.am.orig 2016-04-29 17:26:45 UTC ++++ Makefile.am +@@ -8,5 +8,5 @@ if ENABLE_DAEMON MISCDIR = misc endif Modified: head/security/opencryptoki/files/patch-configure.in ============================================================================== --- head/security/opencryptoki/files/patch-configure.in Wed May 18 17:19:40 2016 (r415458) +++ head/security/opencryptoki/files/patch-configure.in Wed May 18 17:22:59 2016 (r415459) @@ -1,16 +1,16 @@ ---- configure.in.orig 2010-07-29 21:28:41.000000000 +0900 -+++ configure.in 2010-10-20 01:31:02.971984782 +0900 -@@ -8,6 +8,9 @@ +--- configure.in.orig 2016-04-29 17:26:45 UTC ++++ configure.in +@@ -6,6 +6,9 @@ AC_CANONICAL_SYSTEM AM_INIT_AUTOMAKE([foreign 1.6]) +AC_DEFINE(_BSD_SOURCE, 1, BSD functions) +AC_DEFINE(__BSD_VISIBLE, 1, BSD extensions) + - dnl Get the canonical host type - AC_CANONICAL_TARGET - -@@ -30,6 +33,7 @@ + dnl Checks for header files. + AC_DISABLE_STATIC + LT_INIT +@@ -25,6 +28,7 @@ AC_FUNC_MEMCMP AC_FUNC_STRFTIME AC_FUNC_VPRINTF AC_CHECK_FUNCS([getcwd]) @@ -18,9 +18,28 @@ dnl Used in various scripts AC_PATH_PROG([ID], [id], [/us/bin/id]) -@@ -193,6 +197,21 @@ +@@ -40,10 +44,16 @@ AC_PROG_YACC + + dnl Define custom variables + +-lockdir=$localstatedir/lock/opencryptoki ++AC_ARG_WITH([lockdir], ++ [AS_HELP_STRING([--with-lockdir],[lock directory])], ++ [lockdir=$withval], ++ [lockdir=$localstatedir/lock/opencryptoki]) + AC_SUBST(lockdir) + +-logdir=$localstatedir/log/opencryptoki ++AC_ARG_WITH([logdir], ++ [AS_HELP_STRING([--with-logdir],[log directory])], ++ [logdir=$withval], ++ [logdir=$localstatedir/log/opencryptoki]) + AC_SUBST(logdir) + + dnl --- +@@ -166,6 +176,21 @@ AC_ARG_WITH([systemd], [], - [with_xcryptolinz=check]) + [with_systemd=no]) +dnl --- check for pkcs11 user +AC_ARG_WITH([pkcs11user], @@ -40,20 +59,38 @@ dnl --- dnl --- dnl --- Now that we have all the options, let's check for a valid build -@@ -630,11 +649,15 @@ +@@ -554,13 +579,31 @@ fi - CFLAGS="$CFLAGS $DEBUG_CFLAGS -DPKCS64 -D_XOPEN_SOURCE=500" + AM_CONDITIONAL([ENABLE_PKCSEP11_MIGRATE], [test "x$enable_pkcsep11_migrate" = "xyes"]) --CFLAGS+=' -DCONFIG_PATH=\"$(localstatedir)/lib/opencryptoki\" -DSBIN_PATH=\"$(sbindir)\" -DLIB_PATH=\"$(libdir)\"' -+CFLAGS="$CFLAGS -DCONFIG_PATH='\"$localstatedir/lib/opencryptoki\"' -DSBIN_PATH='\"$sbindir\"' -DLIB_PATH='\"$libdir\"'" -+ -+CFLAGS="$CFLAGS -DPKCS11USER='\"${pkcs11_user}\"' -DPKCS11GROUP='\"${pkcs11_group}\"'" +-CFLAGS="$CFLAGS -DPKCS64 -D_XOPEN_SOURCE=600 -Wall -Wno-pointer-sign" +- +-CFLAGS+=' -DCONFIG_PATH=\"$(localstatedir)/lib/opencryptoki\" -DSBIN_PATH=\"$(sbindir)\" -DLIB_PATH=\"$(libdir)\" -DLOCKDIR_PATH=\"$(lockdir)\" -DOCK_CONFDIR=\"$(sysconfdir)/opencryptoki\" -DOCK_LOGDIR=\"$(logdir)\"' ++CFLAGS="$CFLAGS \ ++ -Wall \ ++ -Wno-pointer-sign \ ++" ++CPPFX=' \ ++ -DCONFIG_PATH=\"$(localstatedir)/lib/opencryptoki\" \ ++ -DSBIN_PATH=\"$(sbindir)\" \ ++ -DLIB_PATH=\"$(libdir)\" \ ++ -DLOCKDIR_PATH=\"$(lockdir)\" \ ++ -DOCK_CONFDIR=\"$(sysconfdir)/opencryptoki\" \ ++ -DOCK_LOGDIR=\"$(logdir)\" \ ++' ++CPPFLAGS="$CPPFLAGS \ ++ -DPKCS64 \ ++ -D_XOPEN_SOURCE=600 \ ++ $CPPFX \ ++ -DPKCS11USER=\\\"${pkcs11_user}\\\" \ ++ -DPKCS11GROUP=\\\"${pkcs11_group}\\\" \ ++" # At this point, CFLAGS is set to something sensible AC_PROG_CC +AC_SUBST(FPIC, $lt_prog_compiler_pic) + - AC_OUTPUT([Makefile usr/Makefile \ + AC_CONFIG_FILES([Makefile usr/Makefile \ usr/include/Makefile \ usr/include/pkcs11/Makefile \ Modified: head/security/opencryptoki/files/patch-usr-lib-Makefile.am ============================================================================== --- head/security/opencryptoki/files/patch-usr-lib-Makefile.am Wed May 18 17:19:40 2016 (r415458) +++ head/security/opencryptoki/files/patch-usr-lib-Makefile.am Wed May 18 17:22:59 2016 (r415459) @@ -1,6 +1,6 @@ ---- usr/lib/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/Makefile.am 2010-11-24 02:34:56.159978814 +0900 -@@ -1,10 +1,2 @@ +--- usr/lib/Makefile.am.orig 2016-04-29 17:26:45 UTC ++++ usr/lib/Makefile.am +@@ -1,12 +1,4 @@ SUBDIRS = pkcs11 -install-data-hook: @@ -11,3 +11,5 @@ - $(DESTDIR)/etc/ld.so.conf.d/opencryptoki-$(target_cpu).conf - echo "**** Remember you must run ldconfig before using the above settings ****" - + uninstall-hook: + rm -f $(DESTDIR)/etc/ld.so.conf.d/opencryptoki-$(target_cpu).conf Modified: head/security/opencryptoki/files/patch-usr-lib-pkcs11-api-Makefile.am ============================================================================== --- head/security/opencryptoki/files/patch-usr-lib-pkcs11-api-Makefile.am Wed May 18 17:19:40 2016 (r415458) +++ head/security/opencryptoki/files/patch-usr-lib-pkcs11-api-Makefile.am Wed May 18 17:22:59 2016 (r415459) @@ -1,6 +1,6 @@ ---- usr/lib/pkcs11/api/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/api/Makefile.am 2010-10-19 23:49:45.125982519 +0900 -@@ -4,13 +4,13 @@ +--- usr/lib/pkcs11/api/Makefile.am.orig 2016-04-29 17:26:45 UTC ++++ usr/lib/pkcs11/api/Makefile.am +@@ -4,13 +4,13 @@ SO_CURRENT=0 SO_REVISION=0 SO_AGE=0 @@ -10,9 +10,9 @@ $(SO_CURRENT):$(SO_REVISION):$(SO_AGE) # Not all versions of automake observe libname_CFLAGS - opencryptoki_libopencryptoki_la_CFLAGS = -DSPINXPL -DAPI -DDEV -D_THREAD_SAFE \ -- -fPIC -I../. -I../../../include/pkcs11 -+ $(FPIC) -I../. -I../../../include/pkcs11 - - opencryptoki_libopencryptoki_la_SOURCES = api_interface.c shrd_mem.c apiutil.c + opencryptoki_libopencryptoki_la_CFLAGS = -DAPI -DDEV -D_THREAD_SAFE \ +- -fPIC -I../. -I../../../include/pkcs11 \ ++ $(FPIC) -I../. -I../../../include/pkcs11 \ + -I ../common -DSTDLL_NAME=\"api\" + opencryptoki_libopencryptoki_la_SOURCES = api_interface.c shrd_mem.c \ Modified: head/security/opencryptoki/files/patch-usr-lib-pkcs11-api-apiutil.c ============================================================================== --- head/security/opencryptoki/files/patch-usr-lib-pkcs11-api-apiutil.c Wed May 18 17:19:40 2016 (r415458) +++ head/security/opencryptoki/files/patch-usr-lib-pkcs11-api-apiutil.c Wed May 18 17:22:59 2016 (r415459) @@ -1,6 +1,6 @@ ---- usr/lib/pkcs11/api/apiutil.c.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/api/apiutil.c 2010-10-19 23:54:52.374982634 +0900 -@@ -305,10 +305,10 @@ +--- usr/lib/pkcs11/api/apiutil.c.orig 2016-04-29 17:26:45 UTC ++++ usr/lib/pkcs11/api/apiutil.c +@@ -298,10 +298,10 @@ #include <string.h> #include <strings.h> #include <unistd.h> @@ -12,33 +12,11 @@ #include <sys/ipc.h> -@@ -325,10 +325,28 @@ +@@ -314,7 +314,6 @@ #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> -#include <sys/file.h> - static int xplfd=-1; - #endif -+#ifdef __sun -+#define LOCK_EX F_LOCK -+#define LOCK_UN F_ULOCK -+#define flock(fd, func) lockf(fd, func, 0) -+#endif -+ -+#ifndef LOCK_SH -+#define LOCK_SH 1 /* shared lock */ -+#endif -+#ifndef LOCK_EX -+#define LOCK_EX 2 /* exclusive lock */ -+#endif -+#ifndef LOCK_NB -+#define LOCK_NB 4 /* don't block when locking */ -+#endif -+#ifndef LOCK_UN -+#define LOCK_UN 8 /* unlock */ -+#endif -+ - #include <libgen.h> + static int xplfd = -1; - #define LIBLOCATION LIB_PATH Modified: head/security/opencryptoki/files/patch-usr-lib-pkcs11-api-shrd_mem.c.in ============================================================================== --- head/security/opencryptoki/files/patch-usr-lib-pkcs11-api-shrd_mem.c.in Wed May 18 17:19:40 2016 (r415458) +++ head/security/opencryptoki/files/patch-usr-lib-pkcs11-api-shrd_mem.c.in Wed May 18 17:22:59 2016 (r415459) @@ -1,11 +1,11 @@ ---- usr/lib/pkcs11/api/shrd_mem.c.in.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/api/shrd_mem.c.in 2010-10-19 23:56:22.728981736 +0900 -@@ -353,7 +353,7 @@ - - - // SAB check for the group id here and membership here as well -- grp = getgrnam("pkcs11"); -+ grp = getgrnam(PKCS11GROUP); - if ( grp ) { - int i=0; - char member=0; +--- usr/lib/pkcs11/api/shrd_mem.c.in.orig 2016-04-29 17:26:45 UTC ++++ usr/lib/pkcs11/api/shrd_mem.c.in +@@ -357,7 +357,7 @@ attach_shared_memory() { + // only check group membership if not root user + if (uid != 0 && euid != 0) { + int i, member=0; +- grp = getgrnam("pkcs11"); ++ grp = getgrnam(PKCS11GROUP); + if (!grp) { + // group pkcs11 not known to the system + return NULL; Added: head/security/opencryptoki/files/patch-usr-lib-pkcs11-api-socket_client.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/opencryptoki/files/patch-usr-lib-pkcs11-api-socket_client.c Wed May 18 17:22:59 2016 (r415459) @@ -0,0 +1,11 @@ +--- usr/lib/pkcs11/api/socket_client.c.orig 2016-04-29 17:26:45 UTC ++++ usr/lib/pkcs11/api/socket_client.c +@@ -320,7 +320,7 @@ init_socket_data() { + return FALSE; + } + +- grp = getgrnam("pkcs11"); ++ grp = getgrnam(PKCS11GROUP); + if ( !grp ) { + OCK_SYSLOG(LOG_ERR, "init_socket_data: pkcs11 group does not exist, errno=%d", errno); + return FALSE; Added: head/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-Makefile.am ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/opencryptoki/files/patch-usr-lib-pkcs11-cca_stdll-Makefile.am Wed May 18 17:22:59 2016 (r415459) @@ -0,0 +1,18 @@ +--- usr/lib/pkcs11/cca_stdll/Makefile.am.orig 2016-04-29 17:26:45 UTC ++++ usr/lib/pkcs11/cca_stdll/Makefile.am +@@ -66,12 +66,12 @@ install-data-hook: + cd $(DESTDIR)/$(libdir)/opencryptoki/stdll && \ + ln -sf libpkcs11_cca.so PKCS11_CCA.so + $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ +- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ +- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok + $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ + $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok + $(MKDIR_P) $(DESTDIR)$(lockdir)/ccatok +- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/ccatok ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/ccatok + $(CHMOD) 0770 $(DESTDIR)$(lockdir)/ccatok + + uninstall-hook: Added: head/security/opencryptoki/files/patch-usr-lib-pkcs11-common-btree.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/opencryptoki/files/patch-usr-lib-pkcs11-common-btree.c Wed May 18 17:22:59 2016 (r415459) @@ -0,0 +1,11 @@ +--- usr/lib/pkcs11/common/btree.c.orig 2016-04-29 17:26:45 UTC ++++ usr/lib/pkcs11/common/btree.c +@@ -30,7 +30,7 @@ + + + #include <stdio.h> +-#include <malloc.h> ++#include <stdlib.h> + + #include "pkcs11types.h" + #include "local_types.h" Modified: head/security/opencryptoki/files/patch-usr-lib-pkcs11-common-host_defs.h ============================================================================== --- head/security/opencryptoki/files/patch-usr-lib-pkcs11-common-host_defs.h Wed May 18 17:19:40 2016 (r415458) +++ head/security/opencryptoki/files/patch-usr-lib-pkcs11-common-host_defs.h Wed May 18 17:22:59 2016 (r415459) @@ -1,6 +1,6 @@ ---- usr/lib/pkcs11/common/host_defs.h.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/common/host_defs.h 2010-10-20 00:10:01.398983092 +0900 -@@ -294,13 +294,24 @@ +--- usr/lib/pkcs11/common/host_defs.h.orig 2016-04-29 17:26:45 UTC ++++ usr/lib/pkcs11/common/host_defs.h +@@ -294,12 +294,23 @@ /* (C) COPYRIGHT International Business Machines Corp. 2001,2002 */ @@ -9,19 +9,18 @@ #ifndef _HOST_DEFS_H #define _HOST_DEFS_H - #include <semaphore.h> #include <pthread.h> +#if defined(__OpenBSD__) || defined(__FreeBSD__) +#include <sys/endian.h> -+#ifdef _BYTE_ORDER -+#define __BYTE_ORDER _BYTE_ORDER ++#ifdef _BYTE_ORDER ++#define __BYTE_ORDER _BYTE_ORDER +#endif -+#ifdef _LITTLE_ENDIAN -+#define __LITTLE_ENDIAN _LITTLE_ENDIAN ++#ifdef _LITTLE_ENDIAN ++#define __LITTLE_ENDIAN _LITTLE_ENDIAN +#endif +#else #include <endian.h> +#endif #include "pkcs32.h" - // Both of the strings below have a length of 32 chars and must be + Modified: head/security/opencryptoki/files/patch-usr-lib-pkcs11-common-loadsave.c ============================================================================== --- head/security/opencryptoki/files/patch-usr-lib-pkcs11-common-loadsave.c Wed May 18 17:19:40 2016 (r415458) +++ head/security/opencryptoki/files/patch-usr-lib-pkcs11-common-loadsave.c Wed May 18 17:22:59 2016 (r415459) @@ -1,6 +1,6 @@ ---- usr/lib/pkcs11/common/loadsave.c.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/common/loadsave.c 2010-10-20 00:11:28.399983780 +0900 -@@ -301,11 +301,9 @@ +--- usr/lib/pkcs11/common/loadsave.c.orig 2016-04-29 17:26:45 UTC ++++ usr/lib/pkcs11/common/loadsave.c +@@ -293,11 +293,9 @@ #include <string.h> #include <strings.h> #include <unistd.h> @@ -10,14 +10,14 @@ #include <sys/ipc.h> -#include <sys/file.h> #include <errno.h> - + #include <syslog.h> #include <pwd.h> -@@ -328,7 +326,7 @@ - // Set absolute permissions or rw-rw-r-- - fchmod(file,S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH); +@@ -637,7 +635,7 @@ void set_perm(int file) + // Set absolute permissions or rw-rw---- + fchmod(file, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP); -- grp = getgrnam("pkcs11"); // Obtain the group id -+ grp = getgrnam(PKCS11GROUP); // Obtain the group id - if (grp){ - fchown(file,getuid(),grp->gr_gid); // set ownership to root, and pkcs11 group - } +- grp = getgrnam("pkcs11"); // Obtain the group id ++ grp = getgrnam(PKCS11GROUP); // Obtain the group id + if (grp) { + // set ownership to root, and pkcs11 group + if (fchown(file, getuid(), grp->gr_gid) != 0) { Added: head/security/opencryptoki/files/patch-usr-lib-pkcs11-common-trace.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/opencryptoki/files/patch-usr-lib-pkcs11-common-trace.c Wed May 18 17:22:59 2016 (r415459) @@ -0,0 +1,19 @@ +--- usr/lib/pkcs11/common/trace.c.orig 2016-04-29 17:26:46 UTC ++++ usr/lib/pkcs11/common/trace.c +@@ -301,6 +301,7 @@ + #include <unistd.h> + #include <sys/file.h> + #include <sys/types.h> ++#include <sys/stat.h> + + #include "pkcs11types.h" + #include "defs.h" +@@ -449,7 +450,7 @@ CK_RV trace_initialize(void) + return(CKR_FUNCTION_FAILED); + } + +- grp = getgrnam("pkcs11"); ++ grp = getgrnam(PKCS11GROUP); + if (grp == NULL) { + OCK_SYSLOG(LOG_ERR, "getgrnam(pkcs11) failed: %s." + "Tracing is disabled.\n", strerror(errno)); Modified: head/security/opencryptoki/files/patch-usr-lib-pkcs11-common-utility.c ============================================================================== --- head/security/opencryptoki/files/patch-usr-lib-pkcs11-common-utility.c Wed May 18 17:19:40 2016 (r415458) +++ head/security/opencryptoki/files/patch-usr-lib-pkcs11-common-utility.c Wed May 18 17:22:59 2016 (r415459) @@ -1,11 +1,14 @@ ---- usr/lib/pkcs11/common/utility.c.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/common/utility.c 2010-10-20 00:19:02.740983592 +0900 -@@ -302,6 +302,26 @@ - #include <errno.h> - #include <pwd.h> +--- usr/lib/pkcs11/common/utility.c.orig 2016-04-29 17:26:46 UTC ++++ usr/lib/pkcs11/common/utility.c +@@ -275,9 +275,28 @@ + legal action under this Agreement more than one year after + the cause of action arose. Each party waives its rights to + a jury trial in any resulting litigation. ++*/ +#include <fcntl.h> -+ + +-*/ +#ifdef __sun +#define LOCK_EX F_LOCK +#define LOCK_UN F_ULOCK @@ -25,5 +28,23 @@ +#define LOCK_UN 8 /* unlock */ +#endif - #include "pkcs11types.h" - #include "defs.h" + /* (C) COPYRIGHT International Business Machines Corp. 2001,2002 */ + +@@ -587,7 +606,7 @@ CK_RV CreateXProcLock(void) + goto err; + } + +- grp = getgrnam("pkcs11"); ++ grp = getgrnam(PKCS11GROUP); + if (grp != NULL) { + if (fchown(spinxplfd, -1, grp->gr_gid) + == -1) { +@@ -1131,7 +1150,7 @@ CK_RV check_user_and_group() + * when forked). So we need to get the group information. + * Really need to take the uid and map it to a name. + */ +- grp = getgrnam("pkcs11"); ++ grp = getgrnam(PKCS11GROUP); + if (grp == NULL) { + OCK_SYSLOG(LOG_ERR, "getgrnam() failed: %s\n", strerror(errno)); + goto error; Modified: head/security/opencryptoki/files/patch-usr-lib-pkcs11-ica_s390_stdll-Makefile.am ============================================================================== --- head/security/opencryptoki/files/patch-usr-lib-pkcs11-ica_s390_stdll-Makefile.am Wed May 18 17:19:40 2016 (r415458) +++ head/security/opencryptoki/files/patch-usr-lib-pkcs11-ica_s390_stdll-Makefile.am Wed May 18 17:22:59 2016 (r415459) @@ -1,16 +1,33 @@ ---- usr/lib/pkcs11/ica_s390_stdll/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/ica_s390_stdll/Makefile.am 2010-10-20 00:22:00.867981839 +0900 -@@ -2,11 +2,11 @@ - - opencryptoki_stdll_libpkcs11_ica_la_LDFLAGS = $(LCRYPTO) \ - $(ICA_LIB_DIRS) -nostartfiles -shared -Wl,-Bsymbolic -Wl,-soname,$@ \ ---Wl,-Bsymbolic -lc -lpthread -lica -ldl -lcrypto -+-Wl,-Bsymbolic -lc -lpthread -lica -lcrypto +--- usr/lib/pkcs11/ica_s390_stdll/Makefile.am.orig 2016-04-29 17:26:46 UTC ++++ usr/lib/pkcs11/ica_s390_stdll/Makefile.am +@@ -6,12 +6,12 @@ opencryptoki_stdll_libpkcs11_ica_la_LDFL + -Wl,-Bsymbolic \ + -Wl,-soname,$@ \ + -Wl,-Bsymbolic -lc \ +- -lpthread -lica -ldl \ ++ -lpthread -lica \ + -lcrypto # Not all versions of automake observe libname_CFLAGS - opencryptoki_stdll_libpkcs11_ica_la_CFLAGS = -DSPINXPL -DDEV \ ---D_THREAD_SAFE -fPIC -DSHALLOW=0 -DSWTOK=0 -DLITE=1 -DNODH \ -+-D_THREAD_SAFE $(FPIC) -DSHALLOW=0 -DSWTOK=0 -DLITE=1 -DNODH \ - -DNOCDMF -DNOMD2 -DNODSA -DSTDLL_NAME=\"icatok\" + opencryptoki_stdll_libpkcs11_ica_la_CFLAGS = -DDEV \ +- -D_THREAD_SAFE -fPIC \ ++ -D_THREAD_SAFE $(FPIC) \ + -DSHALLOW=0 -DSWTOK=0 \ + -DLITE=1 -DNODH \ + -DNOCDMF -DNOMD2 -DNODSA \ +@@ -64,12 +64,12 @@ install-data-hook: + cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ + ln -sf libpkcs11_ica.so PKCS11_ICA.so + $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ +- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ +- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite + $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ + $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite + $(MKDIR_P) $(DESTDIR)$(lockdir)/lite +- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/lite ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/lite + $(CHMOD) 0770 $(DESTDIR)$(lockdir)/lite - opencryptoki_stdll_libpkcs11_ica_la_SOURCES = ../common/asn1.c \ + uninstall-hook: Added: head/security/opencryptoki/files/patch-usr-lib-pkcs11-icsf_stdll-Makefile.am ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/opencryptoki/files/patch-usr-lib-pkcs11-icsf_stdll-Makefile.am Wed May 18 17:22:59 2016 (r415459) @@ -0,0 +1,15 @@ +--- usr/lib/pkcs11/icsf_stdll/Makefile.am.orig 2016-04-29 17:26:46 UTC ++++ usr/lib/pkcs11/icsf_stdll/Makefile.am +@@ -79,10 +79,10 @@ install-data-hook: + cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ + ln -sf libpkcs11_icsf.so PKCS11_ICSF.so + $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf +- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf + $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf + $(MKDIR_P) $(DESTDIR)$(lockdir)/icsf +- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/icsf ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/icsf + $(CHMOD) 0770 $(DESTDIR)$(lockdir)/icsf + + uninstall-hook: Added: head/security/opencryptoki/files/patch-usr-lib-pkcs11-icsf_stdll-pbkdf.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/opencryptoki/files/patch-usr-lib-pkcs11-icsf_stdll-pbkdf.c Wed May 18 17:22:59 2016 (r415459) @@ -0,0 +1,11 @@ +--- usr/lib/pkcs11/icsf_stdll/pbkdf.c.orig 2016-04-29 17:26:46 UTC ++++ usr/lib/pkcs11/icsf_stdll/pbkdf.c +@@ -337,7 +337,7 @@ set_perms(int file) + return CKR_FUNCTION_FAILED; + } + +- grp = getgrnam("pkcs11"); ++ grp = getgrnam(PKCS11GROUP); + if (grp) { + if (fchown(file, -1, grp->gr_gid) != 0) { + TRACE_ERROR("fchown failed: %s\n", strerror(errno)); Modified: head/security/opencryptoki/files/patch-usr-lib-pkcs11-soft_stdll-Makefile.am ============================================================================== --- head/security/opencryptoki/files/patch-usr-lib-pkcs11-soft_stdll-Makefile.am Wed May 18 17:19:40 2016 (r415458) +++ head/security/opencryptoki/files/patch-usr-lib-pkcs11-soft_stdll-Makefile.am Wed May 18 17:22:59 2016 (r415459) @@ -1,11 +1,27 @@ ---- usr/lib/pkcs11/soft_stdll/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/lib/pkcs11/soft_stdll/Makefile.am 2010-10-20 00:25:03.227984225 +0900 -@@ -7,7 +7,7 @@ - opencryptoki_stdll_libpkcs11_sw_la_CFLAGS = -DSPINXPL -DDEV -D_THREAD_SAFE \ +--- usr/lib/pkcs11/soft_stdll/Makefile.am.orig 2016-04-29 17:26:46 UTC ++++ usr/lib/pkcs11/soft_stdll/Makefile.am +@@ -7,7 +7,7 @@ opencryptoki_stdll_libpkcs11_sw_la_LDFLA + opencryptoki_stdll_libpkcs11_sw_la_CFLAGS = -DDEV -D_THREAD_SAFE \ -DSHALLOW=0 -DSWTOK=1 -DLITE=0 \ -DNOCDMF -DNOMD2 -DNODSA -DNORIPE \ -- -DDEBUGON -fPIC \ -+ -DDEBUGON $(FPIC) \ +- -fPIC \ ++ $(FPIC) \ -I/usr/include -I. \ -I../../../include/pkcs11/stdll \ -I../../../include/pkcs11 \ +@@ -56,12 +56,12 @@ install-data-hook: + cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ + ln -sf libpkcs11_sw.so PKCS11_SW.so + $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ +- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ +- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok + $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ + $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok + $(MKDIR_P) $(DESTDIR)$(lockdir)/swtok +- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/swtok ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/swtok + $(CHMOD) 0770 $(DESTDIR)$(lockdir)/swtok + + uninstall-hook: Added: head/security/opencryptoki/files/patch-usr-lib-pkcs11-soft_stdll-soft_specific.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/opencryptoki/files/patch-usr-lib-pkcs11-soft_stdll-soft_specific.c Wed May 18 17:22:59 2016 (r415459) @@ -0,0 +1,30 @@ +--- usr/lib/pkcs11/soft_stdll/soft_specific.c.orig 2016-04-29 17:26:46 UTC ++++ usr/lib/pkcs11/soft_stdll/soft_specific.c +@@ -298,7 +298,9 @@ + + + ****************************************************************************/ ++#ifndef _BSD_SOURCE + #define _BSD_SOURCE ++#endif + + #include <pthread.h> + #include <string.h> // for memcmp() et al +@@ -317,7 +319,17 @@ + #include <sys/types.h> + #include <sys/stat.h> + #include <fcntl.h> ++#if defined(__OpenBSD__) || defined(__FreeBSD__) ++#include <sys/endian.h> ++#ifdef _BYTE_ORDER ++#define __BYTE_ORDER _BYTE_ORDER ++#endif ++#ifdef _LITTLE_ENDIAN ++#define __LITTLE_ENDIAN _LITTLE_ENDIAN ++#endif ++#else + #include <endian.h> ++#endif + + #include <openssl/des.h> + #include <openssl/rand.h> Added: head/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-Makefile.am ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/opencryptoki/files/patch-usr-lib-pkcs11-tpm_stdll-Makefile.am Wed May 18 17:22:59 2016 (r415459) @@ -0,0 +1,15 @@ +--- usr/lib/pkcs11/tpm_stdll/Makefile.am.orig 2016-04-29 17:26:46 UTC ++++ usr/lib/pkcs11/tpm_stdll/Makefile.am +@@ -71,10 +71,10 @@ install-data-hook: + cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ + ln -sf libpkcs11_tpm.so PKCS11_TPM.so + $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm +- $(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm + $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm + $(MKDIR_P) $(DESTDIR)$(lockdir)/tpm +- $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/tpm ++ $(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/tpm + $(CHMOD) 0770 $(DESTDIR)$(lockdir)/tpm + + uninstall-hook: Modified: head/security/opencryptoki/files/patch-usr-sbin-pkcsconf-Makefile.am ============================================================================== --- head/security/opencryptoki/files/patch-usr-sbin-pkcsconf-Makefile.am Wed May 18 17:19:40 2016 (r415458) +++ head/security/opencryptoki/files/patch-usr-sbin-pkcsconf-Makefile.am Wed May 18 17:22:59 2016 (r415459) @@ -1,5 +1,5 @@ ---- usr/sbin/pkcsconf/Makefile.am.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/sbin/pkcsconf/Makefile.am 2010-10-20 00:46:34.600985372 +0900 +--- usr/sbin/pkcsconf/Makefile.am.orig 2016-04-29 17:26:46 UTC ++++ usr/sbin/pkcsconf/Makefile.am @@ -1,6 +1,6 @@ sbin_PROGRAMS=pkcsconf @@ -7,4 +7,4 @@ +pkcsconf_LDFLAGS = -lpthread # Not all versions of automake observe sbinname_CFLAGS - pkcsconf_CFLAGS = -DSPINXPL -D_THREAD_SAFE -DDEBUG -DDEV -DAPI + pkcsconf_CFLAGS = -D_THREAD_SAFE -DDEBUG -DDEV -DAPI Modified: head/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c ============================================================================== --- head/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c Wed May 18 17:19:40 2016 (r415458) +++ head/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c Wed May 18 17:22:59 2016 (r415459) @@ -1,11 +1,11 @@ ---- usr/sbin/pkcsconf/pkcsconf.c.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/sbin/pkcsconf/pkcsconf.c 2010-10-20 00:47:46.462984231 +0900 -@@ -654,6 +654,8 @@ - free (newpin2); - } +--- usr/sbin/pkcsconf/pkcsconf.c.orig 2016-04-29 17:26:46 UTC ++++ usr/sbin/pkcsconf/pkcsconf.c +@@ -777,6 +777,8 @@ display_pkcs11_info(void){ + printf("\tLibrary Version %d.%d \n", CryptokiInfo.libraryVersion.major, + CryptokiInfo.libraryVersion.minor); + cleanup(); + return rc; - } + Added: head/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-log.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-log.h Wed May 18 17:22:59 2016 (r415459) @@ -0,0 +1,14 @@ +--- usr/sbin/pkcsslotd/log.h.orig 2016-04-29 17:26:46 UTC ++++ usr/sbin/pkcsslotd/log.h +@@ -297,9 +297,8 @@ + #ifndef _LOG_H + #define _LOG_H 1 + +- +- +- ++#include <sys/types.h> ++#include <unistd.h> + + #ifndef FALSE + #define FALSE 0 Modified: head/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-mutex.c ============================================================================== --- head/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-mutex.c Wed May 18 17:19:40 2016 (r415458) +++ head/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-mutex.c Wed May 18 17:22:59 2016 (r415459) @@ -1,17 +1,20 @@ ---- usr/sbin/pkcsslotd/mutex.c.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/sbin/pkcsslotd/mutex.c 2010-12-19 12:13:34.837579374 +0900 -@@ -293,6 +293,26 @@ - - #include "pkcsslotd.h" +--- usr/sbin/pkcsslotd/mutex.c.orig 2016-04-29 17:26:46 UTC ++++ usr/sbin/pkcsslotd/mutex.c +@@ -281,10 +281,28 @@ + legal action under this Agreement more than one year after + the cause of action arose. Each party waives its rights to + a jury trial in any resulting litigation. ++*/ +#include <fcntl.h> -+ + +#ifdef __sun +#define LOCK_EX F_LOCK +#define LOCK_UN F_ULOCK +#define flock(fd, func) lockf(fd, func, 0) +#endif -+ + +-*/ +#ifndef LOCK_SH +#define LOCK_SH 1 /* shared lock */ +#endif @@ -25,28 +28,14 @@ +#define LOCK_UN 8 /* unlock */ +#endif - #if SYSVSEM - #error "Caveat Emptor... this does not work" -@@ -315,7 +335,7 @@ - #include <sys/types.h> - #include <sys/stat.h> - #include <fcntl.h> --#include <sys/file.h> -+#include <grp.h> - static int xplfd=-1; - #endif - -@@ -349,6 +369,13 @@ - #elif (SPINXPL) - - xplfd = open (XPL_FILE,O_CREAT|O_RDWR,S_IRWXU|S_IRWXG|S_IRWXO); -+ { -+ struct group *grp; -+ fchmod(xplfd,S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH); -+ grp = getgrnam(PKCS11GROUP); -+ if (grp) -+ fchown(xplfd,getuid(),grp->gr_gid); -+ } + /* (C) COPYRIGHT International Business Machines Corp. 2001 */ + +@@ -323,7 +341,7 @@ CreateXProcLock(void) + goto error; + } - #elif (SYSVSEM) - #error "Caveat Emptor... this does not work" +- grp = getgrnam("pkcs11"); ++ grp = getgrnam(PKCS11GROUP); + if (grp != NULL) { + if (fchown(xplfd,-1,grp->gr_gid) == -1) { + DbgLog(DL0,"%s:fchown(%s):%s\n", Modified: head/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-pkcsslotd.h ============================================================================== --- head/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-pkcsslotd.h Wed May 18 17:19:40 2016 (r415458) +++ head/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-pkcsslotd.h Wed May 18 17:22:59 2016 (r415459) @@ -1,11 +1,12 @@ ---- usr/sbin/pkcsslotd/pkcsslotd.h.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/sbin/pkcsslotd/pkcsslotd.h 2010-10-20 01:20:18.253984238 +0900 -@@ -353,7 +353,7 @@ - #include <nl_types.h> +--- usr/sbin/pkcsslotd/pkcsslotd.h.orig 2016-04-29 17:26:46 UTC ++++ usr/sbin/pkcsslotd/pkcsslotd.h +@@ -305,6 +305,9 @@ + #ifndef _PKCSSLOTMGR_H + #define _PKCSSLOTMGR_H 1 - #include <sys/ipc.h> --#include <linux/limits.h> -+#include <limits.h> - #include <sys/shm.h> - #include <sys/stat.h> - #include <sys/types.h> ++#include <sys/types.h> ++#include <sys/ipc.h> ++ + /*********** + * Defines * + ***********/ Modified: head/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-shmem.c ============================================================================== --- head/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-shmem.c Wed May 18 17:19:40 2016 (r415458) +++ head/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-shmem.c Wed May 18 17:22:59 2016 (r415459) @@ -1,6 +1,6 @@ ---- usr/sbin/pkcsslotd/shmem.c.orig 2010-07-29 21:28:41.000000000 +0900 -+++ usr/sbin/pkcsslotd/shmem.c 2010-10-20 01:23:03.203984101 +0900 -@@ -338,9 +338,9 @@ +--- usr/sbin/pkcsslotd/shmem.c.orig 2016-04-29 17:26:46 UTC ++++ usr/sbin/pkcsslotd/shmem.c +@@ -336,9 +336,9 @@ int CreateSharedMemory ( void ) { } // SAB Get the group information for the PKCS#11 group... fail if // it does not exist @@ -12,7 +12,7 @@ return FALSE; // Group does not exist... setup is wrong.. } -@@ -409,9 +409,9 @@ +@@ -415,9 +415,9 @@ int CreateSharedMemory ( void ) { int i; char *buffer; @@ -24,7 +24,7 @@ SBIN_PATH); return FALSE; // Group does not exist... setup is wrong.. } -@@ -431,7 +431,7 @@ +@@ -437,7 +437,7 @@ int CreateSharedMemory ( void ) { return FALSE; } if (fchown(fd, 0, grp->gr_gid) == -1) { Added: head/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-socket_server.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-socket_server.c Wed May 18 17:22:59 2016 (r415459) @@ -0,0 +1,11 @@ +--- usr/sbin/pkcsslotd/socket_server.c.orig 2016-04-29 17:26:46 UTC ++++ usr/sbin/pkcsslotd/socket_server.c +@@ -337,7 +337,7 @@ int CreateListenerSocket (void) { + + // make socket file part of the pkcs11 group, and write accessable + // for that group +- grp = getgrnam("pkcs11"); ++ grp = getgrnam(PKCS11GROUP); + if (!grp) { + ErrLog("Group PKCS#11 does not exist"); + DetachSocketListener(socketfd); Modified: head/security/opencryptoki/files/pkcsslotd.in ============================================================================== --- head/security/opencryptoki/files/pkcsslotd.in Wed May 18 17:19:40 2016 (r415458) +++ head/security/opencryptoki/files/pkcsslotd.in Wed May 18 17:22:59 2016 (r415459) @@ -16,18 +16,19 @@ . /etc/rc.subr name=pkcsslotd -rcvar=pkcsslotd_enable -command=%%PREFIX%%/sbin/${name} +rcvar=${name}_enable +command="%%PREFIX%%/sbin/$name" start_precmd=${name}_prestart pkcsslotd_prestart () { - [ -f /var/lib/opencryptoki/pk_config_data ] || \ - %%PREFIX%%/sbin/pkcs11_startup + install -d -o %%USERS%% -g %%GROUPS%% -m 0755 \ + /var/run/opencryptoki/swtok \ + /var/run/opencryptoki/tpm } -load_rc_config ${name} +load_rc_config $name -: pkcsslotd_enable=${pkcsslotd_enable-"NO"} +: ${pkcsslotd_enable="NO"} run_rc_command "$1" Modified: head/security/opencryptoki/pkg-plist ============================================================================== --- head/security/opencryptoki/pkg-plist Wed May 18 17:19:40 2016 (r415458) +++ head/security/opencryptoki/pkg-plist Wed May 18 17:22:59 2016 (r415459) @@ -1,3 +1,4 @@ +@sample etc/opencryptoki/opencryptoki.conf.sample include/opencryptoki/apiclient.h include/opencryptoki/pkcs11.h include/opencryptoki/pkcs11types.h @@ -7,10 +8,10 @@ lib/opencryptoki/libopencryptoki.so.0 lib/opencryptoki/libopencryptoki.so.0.0.0 lib/opencryptoki/methods lib/opencryptoki/stdll/PKCS11_SW.so +lib/opencryptoki/stdll/PKCS11_TPM.so lib/opencryptoki/stdll/libpkcs11_sw.so lib/opencryptoki/stdll/libpkcs11_sw.so.0 lib/opencryptoki/stdll/libpkcs11_sw.so.0.0.0 -lib/opencryptoki/stdll/PKCS11_TPM.so lib/opencryptoki/stdll/libpkcs11_tpm.so lib/opencryptoki/stdll/libpkcs11_tpm.so.0 lib/opencryptoki/stdll/libpkcs11_tpm.so.0.0.0 @@ -18,16 +19,18 @@ lib/pkcs11/PKCS11_API.so lib/pkcs11/libopencryptoki.so lib/pkcs11/methods lib/pkcs11/stdll -sbin/pkcs11_startup -sbin/pkcs_slot -sbin/pkcsconf -sbin/pkcsslotd -man/man1/pkcs11_startup.1.gz +man/man1/pkcscca.1.gz man/man1/pkcsconf.1.gz -man/man5/pk_config_data.5.gz +man/man1/pkcsep11_migrate.1.gz +man/man1/pkcsicsf.1.gz +man/man5/opencryptoki.conf.5.gz man/man7/opencryptoki.7.gz man/man8/pkcsslotd.8.gz -@dir(_pkcs11,_pkcs11,700) /var/lib/opencryptoki/swtok -@dir(_pkcs11,_pkcs11,700) /var/lib/opencryptoki/tpm -@dir(_pkcs11,_pkcs11,700) /var/lib/opencryptoki +sbin/pkcsconf +sbin/pkcsslotd +@dir(%%USERS%%,%%GROUPS%%,700) /var/lib/opencryptoki/swtok/TOK_OBJ +@dir(%%USERS%%,%%GROUPS%%,700) /var/lib/opencryptoki/swtok +@dir(%%USERS%%,%%GROUPS%%,700) /var/lib/opencryptoki/tpm +@dir(%%USERS%%,%%GROUPS%%,700) /var/lib/opencryptoki @dir /var/lib +@dir /var/log/opencryptoki
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201605181723.u4IHN0vY062375>