Accepting request 1146768 from home:wfrisch:branches:security

- update to 2.5.1:
  * ykpiv: cmd: ykcs11: Fix buffer size for key import.
- add cmake-flags-upstream-issue-474.patch: 
  proper fix for the cmake flags issue
- remove temporary-cmake-flags-fix.patch

OBS-URL: https://build.opensuse.org/request/show/1146768
OBS-URL: https://build.opensuse.org/package/show/security/yubico-piv-tool?expand=0&rev=43

cmake-flags-upstream-issue-474.patch

@@ -0,0 +1,67 @@
+commit a3b81d574ac20a1f17eea245da6096f59416b8f7
+Author: Wolfgang Frisch <wolfgang.frisch@suse.com>
+Date:   Thu Feb 15 10:23:03 2024 +0100
+
+    cmake: fix semicolons in CFLAGS of custom modules
+    
+    Both `openssl.cmake` and `pcscd.cmake` use FindPkgConfig to retrieve the
+    required CFLAGS and LDFLAGS. However FindPkgConfig returns lists [1],
+    which are stored as semicolon-separated strings in CMake.  This breaks
+    the build when there's more than one flag in any of those variables.
+    
+    Fixes https://github.com/Yubico/yubico-piv-tool/issues/474
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index ae6654e..1bc068a 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -25,7 +25,7 @@
+ # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ 
+-cmake_minimum_required (VERSION 3.5)
++cmake_minimum_required (VERSION 3.12)
+ # policy CMP0025 is to get AppleClang identifier rather than Clang for both
+ # this matters since the apple compiler accepts different flags.
+ cmake_policy(SET CMP0025 NEW)
+diff --git a/cmake/openssl.cmake b/cmake/openssl.cmake
+index e650d81..ec29ee3 100644
+--- a/cmake/openssl.cmake
++++ b/cmake/openssl.cmake
+@@ -84,8 +84,9 @@ macro (find_libcrypto)
+     endif(WIN32 OR OPENSSL_STATIC_LINK)
+     
+     message("        OpenSSL version:   ${OPENSSL_VERSION}")
+-    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${LIBCRYPTO_CFLAGS}")
+-    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${LIBCRYPTO_CFLAGS}")
++    list(JOIN LIBCRYPTO_CFLAGS " " LIBCRYPTO_CFLAGS_STRING)
++    set(CMAKE_C_FLAGS "${LIBCRYPTO_CFLAGS_STRING} ${CMAKE_C_FLAGS}")
++    set(CMAKE_CXX_FLAGS "${LIBCRYPTO_CFLAGS_STRING} ${CMAKE_CXX_FLAGS}")
+     link_directories(${LIBCRYPTO_LIBRARY_DIRS})
+     include_directories(${LIBCRYPTO_INCLUDE_DIRS})
+ 
+diff --git a/cmake/pcscd.cmake b/cmake/pcscd.cmake
+index 4222693..5fe0ad9 100644
+--- a/cmake/pcscd.cmake
++++ b/cmake/pcscd.cmake
+@@ -75,7 +75,7 @@ macro (find_pcscd)
+         set(ENV{PKG_CONFIG_PATH} "${PCSCLITE_PKG_PATH}:$ENV{PKG_CONFIG_PATH}")
+         pkg_check_modules(PCSC REQUIRED libpcsclite)
+         if(PCSC_FOUND)
+-            set(PCSC_LIBRARIES ${PCSC_LDFLAGS})
++            list(JOIN PCSC_LDFLAGS " " PCSC_LIBRARIES)
+             if(VERBOSE_CMAKE)
+                 message("PCSC_FOUND: ${PCSC_FOUND}")
+                 message("PCSC_LIBRARY_DIRS: ${PCSC_LIBRARY_DIRS}")
+@@ -100,8 +100,9 @@ macro (find_pcscd)
+         else(${PCSC_DIR} NOT STREQUAL "")
+             set(PCSC_CUSTOM_LIBS "-Wl,-l${PCSC_LIB}")
+         endif(${PCSC_DIR} NOT STREQUAL "")
+-        set(CMAKE_C_FLAGS ${PCSC_CFLAGS} ${CMAKE_C_FLAGS})
+-        set(PCSC_LIBRARIES ${PCSC_LIBRARIES} ${PCSC_CUSTOM_LIBS})
++        list(JOIN PCSC_CFLAGS " " PCSC_CFLAGS_STRING)
++        set(CMAKE_C_FLAGS "${PCSC_CFLAGS_STRING} ${CMAKE_C_FLAGS}")
++        set(PCSC_LIBRARIES "${PCSC_LIBRARIES} ${PCSC_CUSTOM_LIBS}")
+         unset(PCSC_MACOSX_LIBS)
+         unset(PCSC_WIN_LIBS)
+         unset(PCSC_LIBS)

temporary-cmake-flags-fix.patch

@@ -1,69 +0,0 @@
-diff --git a/lib/CMakeLists.txt b/lib/CMakeLists.txt
-index f44d009..d41b568 100644
---- a/lib/CMakeLists.txt
-+++ b/lib/CMakeLists.txt
-@@ -30,6 +30,22 @@ message("lib/CMakeList.txt")
- include(${CMAKE_SOURCE_DIR}/cmake/pcscd.cmake)
- find_pcscd()
- 
-+# The included cmake modules are buggy, generating invalid flags with
-+# semicolons inserted. Temporary workaround until I find the time to fix the
-+# root cause:
-+message("PCSC_LIBRARIES BEFORE: ${PCSC_LIBRARIES}")
-+string(REPLACE ";" " " PCSC_LIBRARIES "${PCSC_LIBRARIES}")
-+message("PCSC_LIBRARIES AFTER:  ${PCSC_LIBRARIES}")
-+
-+message("LIBCRYPTO_CFLAGS BEFORE: ${LIBCRYPTO_CFLAGS}")
-+string(REPLACE ";" " " LIBCRYPTO_CFLAGS "${LIBCRYPTO_CFLAGS}")
-+message("LIBCRYPTO_CFLAGS AFTER:  ${LIBCRYPTO_CFLAGS}")
-+
-+message("CMAKE_C_FLAGS BEFORE: ${CMAKE_C_FLAGS}")
-+string(REPLACE ";" " " CMAKE_C_FLAGS "${CMAKE_C_FLAGS}")
-+message("CMAKE_C_FLAGS AFTER:  ${CMAKE_C_FLAGS}")
-+
-+
- set(YKPIV_VERSION_STRING "${yubico_piv_tool_VERSION_MAJOR}.${yubico_piv_tool_VERSION_MINOR}.${yubico_piv_tool_VERSION_PATCH}")
- 
- set(CMAKE_WINDOWS_EXPORT_ALL_SYMBOLS TRUE)
-diff --git a/tool/CMakeLists.txt b/tool/CMakeLists.txt
-index f0e6de5..f2011bd 100644
---- a/tool/CMakeLists.txt
-+++ b/tool/CMakeLists.txt
-@@ -27,6 +27,14 @@
- 
- message("tool/CMakeList.txt")
- 
-+# The included cmake modules are buggy, generating invalid flags with
-+# semicolons inserted. Temporary workaround until I find the time to fix the
-+# root cause:
-+message("CMAKE_C_FLAGS BEFORE: ${CMAKE_C_FLAGS}")
-+string(REPLACE ";" " " CMAKE_C_FLAGS "${CMAKE_C_FLAGS}")
-+message("CMAKE_C_FLAGS AFTER:  ${CMAKE_C_FLAGS}")
-+
-+
- set (SOURCE
-         yubico-piv-tool.c
-         ../common/openssl-compat.c
-diff --git a/ykcs11/CMakeLists.txt b/ykcs11/CMakeLists.txt
-index 01670eb..c1e37b6 100644
---- a/ykcs11/CMakeLists.txt
-+++ b/ykcs11/CMakeLists.txt
-@@ -51,6 +51,18 @@ include_directories(
-         ${LIBCRYPTO_INCLUDE_DIRS}
- )
- 
-+# The included cmake modules are buggy, generating invalid flags with
-+# semicolons inserted. Temporary workaround until I find the time to fix the
-+# root cause:
-+message("LIBCRYPTO_CFLAGS BEFORE: ${LIBCRYPTO_CFLAGS}")
-+string(REPLACE ";" " " LIBCRYPTO_CFLAGS "${LIBCRYPTO_CFLAGS}")
-+message("LIBCRYPTO_CFLAGS AFTER:  ${LIBCRYPTO_CFLAGS}")
-+
-+message("CMAKE_C_FLAGS BEFORE: ${CMAKE_C_FLAGS}")
-+string(REPLACE ";" " " CMAKE_C_FLAGS "${CMAKE_C_FLAGS}")
-+message("CMAKE_C_FLAGS AFTER:  ${CMAKE_C_FLAGS}")
-+
-+
- set(YKCS11_VERSION_MAJOR ${yubico_piv_tool_VERSION_MAJOR})
- set(YKCS11_VERSION_MINOR  ${yubico_piv_tool_VERSION_MINOR})
- set(YKCS11_VERSION_PATCH ${yubico_piv_tool_VERSION_PATCH})

yubico-piv-tool-2.5.0.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:76a1b63bed9ff66fef2efcfed89117ee914fda0f2dde2574e084d6c9a1581f4a
-size 1334966

yubico-piv-tool-2.5.1.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4262df01eec5c5ef942be9694db5bceac79f457e94879298a4934f6b5e44ff5f
+size 1340147

yubico-piv-tool.changes

@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Wed Feb 14 09:05:14 UTC 2024 - Wolfgang Frisch <wolfgang.frisch@suse.com>
+
+- update to 2.5.1:
+  * ykpiv: cmd: ykcs11: Fix buffer size for key import.
+- add cmake-flags-upstream-issue-474.patch: 
+  proper fix for the cmake flags issue
+- remove temporary-cmake-flags-fix.patch
+
 -------------------------------------------------------------------
 Wed Feb  7 12:32:15 UTC 2024 - Wolfgang Frisch <wolfgang.frisch@suse.com>
 

yubico-piv-tool.spec

@@ -18,7 +18,7 @@
 
 %define sover  2
 Name:           yubico-piv-tool
-Version:        2.5.0
+Version:        2.5.1
 Release:        0
 Summary:        Yubico YubiKey NEO CCID Manager
 License:        BSD-2-Clause
@@ -28,8 +28,8 @@ Source0:        https://developers.yubico.com/yubico-piv-tool/Releases/%{name}-%
 Source1:        https://developers.yubico.com/yubico-piv-tool/Releases/%{name}-%{version}.tar.gz.sig
 Source3:        yubico-piv-tool.keyring
 Patch1:         pthread-link.patch
-# Remove the following patch once cmake/* is fixed in upstream:
-Patch2:         temporary-cmake-flags-fix.patch
+# https://github.com/Yubico/yubico-piv-tool/issues/474
+Patch2:         cmake-flags-upstream-issue-474.patch
 BuildRequires:  c++_compiler
 BuildRequires:  check-devel
 BuildRequires:  cmake