1
0

Accepting request 1145140 from home:wfrisch:branches:security

- update to 2.5.0:
  * ykpiv: cmd: ykcs11: Add support for RSA3072 and RSA4096 key types.
    Available in firmware 5.7.0 and newer
  * ykpiv: cmd: Add support for ED25519 and X25519 key types.
    Available in firmware 5.7.0 and newer
  * ykpiv: cmd: Add support for deleting keys.
    Available in firmware 5.7.0 and newer
  * ykpiv: cmd: Add support for moving keys between slots.
    Available in firmware 5.7.0 and newer
- add temporary-cmake-flags-fix.patch
  The included cmake modules are buggy. This patch should be removed once the
  root cause is fixed in upstream.

OBS-URL: https://build.opensuse.org/request/show/1145140
OBS-URL: https://build.opensuse.org/package/show/security/yubico-piv-tool?expand=0&rev=41
This commit is contained in:
Torsten Gruner 2024-02-09 17:58:54 +00:00 committed by Git OBS Bridge
parent e10cdff67a
commit 546257bdfe
8 changed files with 96 additions and 8 deletions

View File

@ -1,7 +1,7 @@
Index: yubico-piv-tool-2.2.1/ykcs11/CMakeLists.txt Index: yubico-piv-tool-2.5.0/ykcs11/CMakeLists.txt
=================================================================== ===================================================================
--- yubico-piv-tool-2.2.1.orig/ykcs11/CMakeLists.txt --- yubico-piv-tool-2.5.0.orig/ykcs11/CMakeLists.txt
+++ yubico-piv-tool-2.2.1/ykcs11/CMakeLists.txt +++ yubico-piv-tool-2.5.0/ykcs11/CMakeLists.txt
@@ -60,6 +60,9 @@ if(${ENABLE_HARDWARE_TESTS}) @@ -60,6 +60,9 @@ if(${ENABLE_HARDWARE_TESTS})
set(HW_TESTS 1) set(HW_TESTS 1)
endif(${ENABLE_HARDWARE_TESTS}) endif(${ENABLE_HARDWARE_TESTS})

View File

@ -0,0 +1,69 @@
diff --git a/lib/CMakeLists.txt b/lib/CMakeLists.txt
index f44d009..d41b568 100644
--- a/lib/CMakeLists.txt
+++ b/lib/CMakeLists.txt
@@ -30,6 +30,22 @@ message("lib/CMakeList.txt")
include(${CMAKE_SOURCE_DIR}/cmake/pcscd.cmake)
find_pcscd()
+# The included cmake modules are buggy, generating invalid flags with
+# semicolons inserted. Temporary workaround until I find the time to fix the
+# root cause:
+message("PCSC_LIBRARIES BEFORE: ${PCSC_LIBRARIES}")
+string(REPLACE ";" " " PCSC_LIBRARIES "${PCSC_LIBRARIES}")
+message("PCSC_LIBRARIES AFTER: ${PCSC_LIBRARIES}")
+
+message("LIBCRYPTO_CFLAGS BEFORE: ${LIBCRYPTO_CFLAGS}")
+string(REPLACE ";" " " LIBCRYPTO_CFLAGS "${LIBCRYPTO_CFLAGS}")
+message("LIBCRYPTO_CFLAGS AFTER: ${LIBCRYPTO_CFLAGS}")
+
+message("CMAKE_C_FLAGS BEFORE: ${CMAKE_C_FLAGS}")
+string(REPLACE ";" " " CMAKE_C_FLAGS "${CMAKE_C_FLAGS}")
+message("CMAKE_C_FLAGS AFTER: ${CMAKE_C_FLAGS}")
+
+
set(YKPIV_VERSION_STRING "${yubico_piv_tool_VERSION_MAJOR}.${yubico_piv_tool_VERSION_MINOR}.${yubico_piv_tool_VERSION_PATCH}")
set(CMAKE_WINDOWS_EXPORT_ALL_SYMBOLS TRUE)
diff --git a/tool/CMakeLists.txt b/tool/CMakeLists.txt
index f0e6de5..f2011bd 100644
--- a/tool/CMakeLists.txt
+++ b/tool/CMakeLists.txt
@@ -27,6 +27,14 @@
message("tool/CMakeList.txt")
+# The included cmake modules are buggy, generating invalid flags with
+# semicolons inserted. Temporary workaround until I find the time to fix the
+# root cause:
+message("CMAKE_C_FLAGS BEFORE: ${CMAKE_C_FLAGS}")
+string(REPLACE ";" " " CMAKE_C_FLAGS "${CMAKE_C_FLAGS}")
+message("CMAKE_C_FLAGS AFTER: ${CMAKE_C_FLAGS}")
+
+
set (SOURCE
yubico-piv-tool.c
../common/openssl-compat.c
diff --git a/ykcs11/CMakeLists.txt b/ykcs11/CMakeLists.txt
index 01670eb..c1e37b6 100644
--- a/ykcs11/CMakeLists.txt
+++ b/ykcs11/CMakeLists.txt
@@ -51,6 +51,18 @@ include_directories(
${LIBCRYPTO_INCLUDE_DIRS}
)
+# The included cmake modules are buggy, generating invalid flags with
+# semicolons inserted. Temporary workaround until I find the time to fix the
+# root cause:
+message("LIBCRYPTO_CFLAGS BEFORE: ${LIBCRYPTO_CFLAGS}")
+string(REPLACE ";" " " LIBCRYPTO_CFLAGS "${LIBCRYPTO_CFLAGS}")
+message("LIBCRYPTO_CFLAGS AFTER: ${LIBCRYPTO_CFLAGS}")
+
+message("CMAKE_C_FLAGS BEFORE: ${CMAKE_C_FLAGS}")
+string(REPLACE ";" " " CMAKE_C_FLAGS "${CMAKE_C_FLAGS}")
+message("CMAKE_C_FLAGS AFTER: ${CMAKE_C_FLAGS}")
+
+
set(YKCS11_VERSION_MAJOR ${yubico_piv_tool_VERSION_MAJOR})
set(YKCS11_VERSION_MINOR ${yubico_piv_tool_VERSION_MINOR})
set(YKCS11_VERSION_PATCH ${yubico_piv_tool_VERSION_PATCH})

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:fa9837b232b078357c1fba3d34992b05654ea2b9b55476c1ad336d8c96aac40e
size 1332497

Binary file not shown.

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:76a1b63bed9ff66fef2efcfed89117ee914fda0f2dde2574e084d6c9a1581f4a
size 1334966

Binary file not shown.

View File

@ -1,3 +1,19 @@
-------------------------------------------------------------------
Wed Feb 7 12:32:15 UTC 2024 - Wolfgang Frisch <wolfgang.frisch@suse.com>
- update to 2.5.0:
* ykpiv: cmd: ykcs11: Add support for RSA3072 and RSA4096 key types.
Available in firmware 5.7.0 and newer
* ykpiv: cmd: Add support for ED25519 and X25519 key types.
Available in firmware 5.7.0 and newer
* ykpiv: cmd: Add support for deleting keys.
Available in firmware 5.7.0 and newer
* ykpiv: cmd: Add support for moving keys between slots.
Available in firmware 5.7.0 and newer
- add temporary-cmake-flags-fix.patch
The included cmake modules are buggy. This patch should be removed once the
root cause is fixed in upstream.
------------------------------------------------------------------- -------------------------------------------------------------------
Sun Dec 17 15:01:35 UTC 2023 - Dirk Müller <dmueller@suse.com> Sun Dec 17 15:01:35 UTC 2023 - Dirk Müller <dmueller@suse.com>

View File

@ -1,7 +1,7 @@
# #
# spec file for package yubico-piv-tool # spec file for package yubico-piv-tool
# #
# Copyright (c) 2023 SUSE LLC # Copyright (c) 2024 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -18,7 +18,7 @@
%define sover 2 %define sover 2
Name: yubico-piv-tool Name: yubico-piv-tool
Version: 2.4.2 Version: 2.5.0
Release: 0 Release: 0
Summary: Yubico YubiKey NEO CCID Manager Summary: Yubico YubiKey NEO CCID Manager
License: BSD-2-Clause License: BSD-2-Clause
@ -28,11 +28,14 @@ Source0: https://developers.yubico.com/yubico-piv-tool/Releases/%{name}-%
Source1: https://developers.yubico.com/yubico-piv-tool/Releases/%{name}-%{version}.tar.gz.sig Source1: https://developers.yubico.com/yubico-piv-tool/Releases/%{name}-%{version}.tar.gz.sig
Source3: yubico-piv-tool.keyring Source3: yubico-piv-tool.keyring
Patch1: pthread-link.patch Patch1: pthread-link.patch
# Remove the following patch once cmake/* is fixed in upstream:
Patch2: temporary-cmake-flags-fix.patch
BuildRequires: c++_compiler BuildRequires: c++_compiler
BuildRequires: check-devel BuildRequires: check-devel
BuildRequires: cmake BuildRequires: cmake
BuildRequires: gengetopt BuildRequires: gengetopt
BuildRequires: help2man BuildRequires: help2man
BuildRequires: libboost_thread-devel
BuildRequires: pcsc-lite-devel BuildRequires: pcsc-lite-devel
BuildRequires: pkgconfig BuildRequires: pkgconfig
BuildRequires: valgrind BuildRequires: valgrind