From 504faa73374e8e2a41ca843d648c18306a50f3483d44d98b3c575dd40be16547 Mon Sep 17 00:00:00 2001
From: Torsten Gruner <t.gruner@katodev.de>
Date: Tue, 2 Mar 2021 06:16:17 +0000
Subject: [PATCH] Accepting request 875814 from home:dirkmueller:Factory

- update to 2.2.0:
  * ykpiv: Increased SO version
  * ykpiv: Fixed minor memory leaks
  * ykpiv: Improved error handling
  * ykpiv: Improved handling of PCSC card validation
  * ykcs11: Updated Cryptoki version
  * ykcs11: Support for CKM_ECDH1_DERIVE mechanism info
  * ykcs11: Support for destroying ECDH derived keys
  * ykcs11: Improved handling of PIN after device re-connection
  * ykcs11: Improved debug logging
  * cmd: Improved parsing of certificate Distinguished Name to allow an escape character
  * cmd: Warning to discourage generating RSA1024 keys
  * build: Use of platform standard installation path when building yubico-piv-tool
  * tests: Improved testing
  * Replaced building with autotool with building with cmake
  * Security update for YSA-2020-02
  * ykpiv: Fixed potential memory leaks
  * ykpiv: Use PIN-protected MGMT key if the device is configured that way
  * ykpiv: Added attestation to CSR if requested
  * ykpiv: Fixed compatibility with LibreSSL
  * ykcs11: Improved handling of error codes
  * ykcs11: Improved handling of examples in the PKCS11 specifications
  * ykcs11: Added the possibility to have debug output as a runtime setting
  * ykcs11: Added support to unblock PIN with PUK
  * ykcs11: Make C_SetPIN backwards compatible while also allowing unblock PIN
  * tests: Improved tests
- run tests
- add pthread-link.patch

OBS-URL: https://build.opensuse.org/request/show/875814
OBS-URL: https://build.opensuse.org/package/show/security/yubico-piv-tool?expand=0&rev=32
---
 pthread-link.patch               |  23 ++++++++++++++++++++++
 yubico-piv-tool-2.0.0.tar.gz     |   3 ---
 yubico-piv-tool-2.0.0.tar.gz.sig | Bin 566 -> 0 bytes
 yubico-piv-tool-2.2.0.tar.gz     |   3 +++
 yubico-piv-tool-2.2.0.tar.gz.sig | Bin 0 -> 566 bytes
 yubico-piv-tool.changes          |  32 +++++++++++++++++++++++++++++++
 yubico-piv-tool.spec             |  26 ++++++++++++++++---------
 7 files changed, 75 insertions(+), 12 deletions(-)
 create mode 100644 pthread-link.patch
 delete mode 100644 yubico-piv-tool-2.0.0.tar.gz
 delete mode 100644 yubico-piv-tool-2.0.0.tar.gz.sig
 create mode 100644 yubico-piv-tool-2.2.0.tar.gz
 create mode 100644 yubico-piv-tool-2.2.0.tar.gz.sig

diff --git a/pthread-link.patch b/pthread-link.patch
new file mode 100644
index 0000000..93e5680
--- /dev/null
+++ b/pthread-link.patch
@@ -0,0 +1,23 @@
+Index: yubico-piv-tool-2.2.0/ykcs11/CMakeLists.txt
+===================================================================
+--- yubico-piv-tool-2.2.0.orig/ykcs11/CMakeLists.txt
++++ yubico-piv-tool-2.2.0/ykcs11/CMakeLists.txt
+@@ -60,6 +60,9 @@ if(${ENABLE_HARDWARE_TESTS})
+     set(HW_TESTS 1)
+ endif(${ENABLE_HARDWARE_TESTS})
+ 
++set(THREADS_PREFER_PTHREAD_FLAG ON)
++find_package(Threads REQUIRED)
++
+ # static library
+ if(BUILD_STATIC_LIB)
+     add_library(ykcs11 STATIC ${SOURCE})
+@@ -73,7 +76,7 @@ endif(BUILD_STATIC_LIB)
+ 
+ # dynamic library
+ add_library(ykcs11_shared SHARED ${SOURCE})
+-target_link_libraries(ykcs11_shared ${LIBCRYPTO_LDFLAGS} ykpiv_shared)
++target_link_libraries(ykcs11_shared ${LIBCRYPTO_LDFLAGS} ykpiv_shared Threads::Threads)
+ set_target_properties(ykcs11_shared PROPERTIES SOVERSION ${SO_VERSION} VERSION ${VERSION})
+ set_target_properties(ykcs11_shared PROPERTIES INSTALL_RPATH "${YKPIV_INSTALL_LIB_DIR}")
+ if(WIN32)
diff --git a/yubico-piv-tool-2.0.0.tar.gz b/yubico-piv-tool-2.0.0.tar.gz
deleted file mode 100644
index 2878288..0000000
--- a/yubico-piv-tool-2.0.0.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:dae510ea88922720019029c7f0296ddc74bb30573e40d9bc18fc155023859488
-size 1701905
diff --git a/yubico-piv-tool-2.0.0.tar.gz.sig b/yubico-piv-tool-2.0.0.tar.gz.sig
deleted file mode 100644
index f752459769ff2290d64825363d9d368bc4184e9de4818eb6fa3cd251229667f2..0000000000000000000000000000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 566
zcmV-60?GY}0y6{v0SEvc79j+1*A!nbHN<pP0fL$vAy<#YXlwoj0$wqyx&R6Z5E~&^
zkHlze{^s%!0Jhb&bn?|T#BblDaoQ^4lT(C2#mctni9*AK8lZpl|27(=`6EplBmOKV
z8tbb<hqZrN^r@JJH{9ft10|UvJS?{ZsQP^DScm<SU_}!19TiF{ylT*-KlR9`+Qz~x
zu3c#mN^?*Ti_;rEzW4OKu{8f2Vy$4BJThz)p8mlMJ7qDkg<-wybB#~IK^w_NKA#qY
zknusJz3CZ#uKJeatlHUI_`7Cj;$cf+KLg*{Fb|e_ru`QCjsM3d4frLLhG?_C@w-<u
z98AeY*z+=8W9_^m3`^1bLg`Qg6A5huZqQ6$#F(Vzvq{su|1%i`PxFv31n<%z{Ofnv
zE{<@D_~kuvf?(hV(OK_pbVY)={`?lN+nTbbgSZt;-v9BdyU4>94!qvB6Rvm3XyP`m
zS8tmVu<NR?iLOd)a>~6tfZQ+mb~2P#fi~2XaKQXpwMGFZvDw=hG-d-SB%@QgcH56W
zaO>Sz<L*^_H|^3zgwTni{LE!uILgXs5ko{8N`uRh(Ob~iTpB%<QL&fJzzERNxRwZd
zZODCD;m8-YSn8>Tc;H?Hvtacje`QEP8cNY0y2L|7Yh=Aot{$B>g_sB%@?tRusEClU
zsI}sQD2pVgG`r9;O?tGE4O5jG10TL4DFOkSj-3c!TYbIjqsLOJAO#&4f%KsAVS^aC
EGU5#u=Kufz

diff --git a/yubico-piv-tool-2.2.0.tar.gz b/yubico-piv-tool-2.2.0.tar.gz
new file mode 100644
index 0000000..7e0ff21
--- /dev/null
+++ b/yubico-piv-tool-2.2.0.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:74cb2e03c7137c0dd529f35a230b4a598121cb71b10d7e55b91fd0cdefcac457
+size 1321651
diff --git a/yubico-piv-tool-2.2.0.tar.gz.sig b/yubico-piv-tool-2.2.0.tar.gz.sig
new file mode 100644
index 0000000000000000000000000000000000000000000000000000000000000000..c3405896b8105bca2d095b49ab8831e7024fc98a30baa2c34558865a3816566c
GIT binary patch
literal 566
zcmV-60?GY}0y6{v0SEvc79j+1*A!nbHN<pP0fL$vAy<#YXlwoj0$<x$VE_sV5E~&^
zkHlze{*65k|3YvYE(6Cw;lL$k-GmjFe~E_e<=Hh_&g1&aj#>$mTDL%c_`B8O2KEov
zleQ28ZAnmyuLsrmu2p@!{PWM3CSl3k;HY?CUS6o+0aEId_ae+MUW{Y!rEu4F_Qvn9
z4cT1SEvYR?`zIsUS-SMSlO++@cqBKDwyzSx7rxWP>scuUafuH6p(&;-8MN!);{~M9
zV#hqMfw)q7515%WszhRPSJm9;dQi9k>s5|m(wlSq1lrhju=)V)m(@)@lnXV(SHu<9
zsvGLCR#V%ro%J)evZUdS|1CBEjXcvD+#+%4JYo(`8EV?f!ocT=0dI41jKY{y<DsaD
zF>#dGfa4yk-om>14w;6bh!1uVxM&iPyy5zy#~fzYQcu~2|8RZ=FZTUGbk5ZRJdH9L
zA8<RWWc~$IApVcsN-WiHJBvpK3IjFzRBzYGy9Q%_bKV)7Zo8eS0%5NVL1?3|kS>r_
zxkIU2S*`wPyk3DCU^wLtm_MB}A1_HfO{ySI208ue-F%kF;rlEd`#v`|_RSqw<B8*G
zK|~S9vg#yd&;k08n2jC-drm?q)lwwsQ0f7haTihJCnB}5q!<xhZ75S44F+xBr#1S;
zNXq-ZWbAg;k2njNJGblfftl7>zcoM%+|?jng43aB0P1-MMD}xJ@#{ln9kZi%k@+HK
E<yFlTh5!Hn

literal 0
HcmV?d00001

diff --git a/yubico-piv-tool.changes b/yubico-piv-tool.changes
index e7e07e0..308d61c 100644
--- a/yubico-piv-tool.changes
+++ b/yubico-piv-tool.changes
@@ -1,3 +1,35 @@
+-------------------------------------------------------------------
+Sun Feb 28 18:33:22 UTC 2021 - Dirk Müller <dmueller@suse.com>
+
+- update to 2.2.0:
+  * ykpiv: Increased SO version
+  * ykpiv: Fixed minor memory leaks
+  * ykpiv: Improved error handling
+  * ykpiv: Improved handling of PCSC card validation
+  * ykcs11: Updated Cryptoki version
+  * ykcs11: Support for CKM_ECDH1_DERIVE mechanism info
+  * ykcs11: Support for destroying ECDH derived keys
+  * ykcs11: Improved handling of PIN after device re-connection
+  * ykcs11: Improved debug logging
+  * cmd: Improved parsing of certificate Distinguished Name to allow an escape character
+  * cmd: Warning to discourage generating RSA1024 keys
+  * build: Use of platform standard installation path when building yubico-piv-tool
+  * tests: Improved testing
+  * Replaced building with autotool with building with cmake
+  * Security update for YSA-2020-02
+  * ykpiv: Fixed potential memory leaks
+  * ykpiv: Use PIN-protected MGMT key if the device is configured that way
+  * ykpiv: Added attestation to CSR if requested
+  * ykpiv: Fixed compatibility with LibreSSL
+  * ykcs11: Improved handling of error codes
+  * ykcs11: Improved handling of examples in the PKCS11 specifications
+  * ykcs11: Added the possibility to have debug output as a runtime setting
+  * ykcs11: Added support to unblock PIN with PUK
+  * ykcs11: Make C_SetPIN backwards compatible while also allowing unblock PIN
+  * tests: Improved tests 
+- run tests
+- add pthread-link.patch
+
 -------------------------------------------------------------------
 Sun Mar  1 00:11:08 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
 
diff --git a/yubico-piv-tool.spec b/yubico-piv-tool.spec
index 6ebea07..5abaf99 100644
--- a/yubico-piv-tool.spec
+++ b/yubico-piv-tool.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package yubico-piv-tool
 #
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -16,9 +16,9 @@
 #
 
 
-%define sover  1
+%define sover  2
 Name:           yubico-piv-tool
-Version:        2.0.0
+Version:        2.2.0
 Release:        0
 Summary:        Yubico YubiKey NEO CCID Manager
 License:        BSD-2-Clause
@@ -26,8 +26,12 @@ Group:          Productivity/Networking/Security
 URL:            https://developers.yubico.com/
 Source0:        https://developers.yubico.com/yubico-piv-tool/Releases/%{name}-%{version}.tar.gz
 Source1:        https://developers.yubico.com/yubico-piv-tool/Releases/%{name}-%{version}.tar.gz.sig
+Patch1:         pthread-link.patch
+BuildRequires:  c++_compiler
 BuildRequires:  check-devel
-BuildRequires:  libtool
+BuildRequires:  cmake
+BuildRequires:  gengetopt
+BuildRequires:  help2man
 BuildRequires:  pcsc-lite-devel
 BuildRequires:  pkgconfig
 BuildRequires:  valgrind
@@ -76,14 +80,18 @@ Yubikey NEO PKCS#11 applet library.
 
 %prep
 %setup -q
+%autopatch -p1
 
 %build
-%configure --disable-static --with-backend=pcsc
-make %{?_smp_mflags} V=1
+%cmake -DBUILD_STATIC_LIB=OFF
+%cmake_build
+
+%check
+cd build
+make test
 
 %install
-%make_install INSTALL="install -p"
-find %{buildroot} -type f -name "*.la" -delete -print
+%cmake_install
 
 %post -n libykpiv%{sover} -p /sbin/ldconfig
 %postun -n libykpiv%{sover} -p /sbin/ldconfig
@@ -92,7 +100,7 @@ find %{buildroot} -type f -name "*.la" -delete -print
 
 %files
 %license COPYING
-%doc NEWS ChangeLog README
+%doc NEWS README
 %{_bindir}/%{name}
 %{_mandir}/man1/*