From 84f5c9d586ae6e716f09d803655ac40d2d23633d7239a991f45efb4710791a8e Mon Sep 17 00:00:00 2001
From: Torsten Gruner <t.gruner@katodev.de>
Date: Thu, 15 Feb 2024 11:02:54 +0000
Subject: [PATCH] Accepting request 1146768 from home:wfrisch:branches:security

- update to 2.5.1:
  * ykpiv: cmd: ykcs11: Fix buffer size for key import.
- add cmake-flags-upstream-issue-474.patch:
  proper fix for the cmake flags issue
- remove temporary-cmake-flags-fix.patch

OBS-URL: https://build.opensuse.org/request/show/1146768
OBS-URL: https://build.opensuse.org/package/show/security/yubico-piv-tool?expand=0&rev=43
---
 cmake-flags-upstream-issue-474.patch |  67 ++++++++++++++++++++++++++
 temporary-cmake-flags-fix.patch      |  69 ---------------------------
 yubico-piv-tool-2.5.0.tar.gz         |   3 --
 yubico-piv-tool-2.5.0.tar.gz.sig     | Bin 566 -> 0 bytes
 yubico-piv-tool-2.5.1.tar.gz         |   3 ++
 yubico-piv-tool-2.5.1.tar.gz.sig     | Bin 0 -> 566 bytes
 yubico-piv-tool.changes              |   9 ++++
 yubico-piv-tool.spec                 |   6 +--
 8 files changed, 82 insertions(+), 75 deletions(-)
 create mode 100644 cmake-flags-upstream-issue-474.patch
 delete mode 100644 temporary-cmake-flags-fix.patch
 delete mode 100644 yubico-piv-tool-2.5.0.tar.gz
 delete mode 100644 yubico-piv-tool-2.5.0.tar.gz.sig
 create mode 100644 yubico-piv-tool-2.5.1.tar.gz
 create mode 100644 yubico-piv-tool-2.5.1.tar.gz.sig

diff --git a/cmake-flags-upstream-issue-474.patch b/cmake-flags-upstream-issue-474.patch
new file mode 100644
index 0000000..449bcbd
--- /dev/null
+++ b/cmake-flags-upstream-issue-474.patch
@@ -0,0 +1,67 @@
+commit a3b81d574ac20a1f17eea245da6096f59416b8f7
+Author: Wolfgang Frisch <wolfgang.frisch@suse.com>
+Date:   Thu Feb 15 10:23:03 2024 +0100
+
+    cmake: fix semicolons in CFLAGS of custom modules
+    
+    Both `openssl.cmake` and `pcscd.cmake` use FindPkgConfig to retrieve the
+    required CFLAGS and LDFLAGS. However FindPkgConfig returns lists [1],
+    which are stored as semicolon-separated strings in CMake.  This breaks
+    the build when there's more than one flag in any of those variables.
+    
+    Fixes https://github.com/Yubico/yubico-piv-tool/issues/474
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index ae6654e..1bc068a 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -25,7 +25,7 @@
+ # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ 
+-cmake_minimum_required (VERSION 3.5)
++cmake_minimum_required (VERSION 3.12)
+ # policy CMP0025 is to get AppleClang identifier rather than Clang for both
+ # this matters since the apple compiler accepts different flags.
+ cmake_policy(SET CMP0025 NEW)
+diff --git a/cmake/openssl.cmake b/cmake/openssl.cmake
+index e650d81..ec29ee3 100644
+--- a/cmake/openssl.cmake
++++ b/cmake/openssl.cmake
+@@ -84,8 +84,9 @@ macro (find_libcrypto)
+     endif(WIN32 OR OPENSSL_STATIC_LINK)
+     
+     message("        OpenSSL version:   ${OPENSSL_VERSION}")
+-    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${LIBCRYPTO_CFLAGS}")
+-    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${LIBCRYPTO_CFLAGS}")
++    list(JOIN LIBCRYPTO_CFLAGS " " LIBCRYPTO_CFLAGS_STRING)
++    set(CMAKE_C_FLAGS "${LIBCRYPTO_CFLAGS_STRING} ${CMAKE_C_FLAGS}")
++    set(CMAKE_CXX_FLAGS "${LIBCRYPTO_CFLAGS_STRING} ${CMAKE_CXX_FLAGS}")
+     link_directories(${LIBCRYPTO_LIBRARY_DIRS})
+     include_directories(${LIBCRYPTO_INCLUDE_DIRS})
+ 
+diff --git a/cmake/pcscd.cmake b/cmake/pcscd.cmake
+index 4222693..5fe0ad9 100644
+--- a/cmake/pcscd.cmake
++++ b/cmake/pcscd.cmake
+@@ -75,7 +75,7 @@ macro (find_pcscd)
+         set(ENV{PKG_CONFIG_PATH} "${PCSCLITE_PKG_PATH}:$ENV{PKG_CONFIG_PATH}")
+         pkg_check_modules(PCSC REQUIRED libpcsclite)
+         if(PCSC_FOUND)
+-            set(PCSC_LIBRARIES ${PCSC_LDFLAGS})
++            list(JOIN PCSC_LDFLAGS " " PCSC_LIBRARIES)
+             if(VERBOSE_CMAKE)
+                 message("PCSC_FOUND: ${PCSC_FOUND}")
+                 message("PCSC_LIBRARY_DIRS: ${PCSC_LIBRARY_DIRS}")
+@@ -100,8 +100,9 @@ macro (find_pcscd)
+         else(${PCSC_DIR} NOT STREQUAL "")
+             set(PCSC_CUSTOM_LIBS "-Wl,-l${PCSC_LIB}")
+         endif(${PCSC_DIR} NOT STREQUAL "")
+-        set(CMAKE_C_FLAGS ${PCSC_CFLAGS} ${CMAKE_C_FLAGS})
+-        set(PCSC_LIBRARIES ${PCSC_LIBRARIES} ${PCSC_CUSTOM_LIBS})
++        list(JOIN PCSC_CFLAGS " " PCSC_CFLAGS_STRING)
++        set(CMAKE_C_FLAGS "${PCSC_CFLAGS_STRING} ${CMAKE_C_FLAGS}")
++        set(PCSC_LIBRARIES "${PCSC_LIBRARIES} ${PCSC_CUSTOM_LIBS}")
+         unset(PCSC_MACOSX_LIBS)
+         unset(PCSC_WIN_LIBS)
+         unset(PCSC_LIBS)
diff --git a/temporary-cmake-flags-fix.patch b/temporary-cmake-flags-fix.patch
deleted file mode 100644
index 1746fe0..0000000
--- a/temporary-cmake-flags-fix.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-diff --git a/lib/CMakeLists.txt b/lib/CMakeLists.txt
-index f44d009..d41b568 100644
---- a/lib/CMakeLists.txt
-+++ b/lib/CMakeLists.txt
-@@ -30,6 +30,22 @@ message("lib/CMakeList.txt")
- include(${CMAKE_SOURCE_DIR}/cmake/pcscd.cmake)
- find_pcscd()
- 
-+# The included cmake modules are buggy, generating invalid flags with
-+# semicolons inserted. Temporary workaround until I find the time to fix the
-+# root cause:
-+message("PCSC_LIBRARIES BEFORE: ${PCSC_LIBRARIES}")
-+string(REPLACE ";" " " PCSC_LIBRARIES "${PCSC_LIBRARIES}")
-+message("PCSC_LIBRARIES AFTER:  ${PCSC_LIBRARIES}")
-+
-+message("LIBCRYPTO_CFLAGS BEFORE: ${LIBCRYPTO_CFLAGS}")
-+string(REPLACE ";" " " LIBCRYPTO_CFLAGS "${LIBCRYPTO_CFLAGS}")
-+message("LIBCRYPTO_CFLAGS AFTER:  ${LIBCRYPTO_CFLAGS}")
-+
-+message("CMAKE_C_FLAGS BEFORE: ${CMAKE_C_FLAGS}")
-+string(REPLACE ";" " " CMAKE_C_FLAGS "${CMAKE_C_FLAGS}")
-+message("CMAKE_C_FLAGS AFTER:  ${CMAKE_C_FLAGS}")
-+
-+
- set(YKPIV_VERSION_STRING "${yubico_piv_tool_VERSION_MAJOR}.${yubico_piv_tool_VERSION_MINOR}.${yubico_piv_tool_VERSION_PATCH}")
- 
- set(CMAKE_WINDOWS_EXPORT_ALL_SYMBOLS TRUE)
-diff --git a/tool/CMakeLists.txt b/tool/CMakeLists.txt
-index f0e6de5..f2011bd 100644
---- a/tool/CMakeLists.txt
-+++ b/tool/CMakeLists.txt
-@@ -27,6 +27,14 @@
- 
- message("tool/CMakeList.txt")
- 
-+# The included cmake modules are buggy, generating invalid flags with
-+# semicolons inserted. Temporary workaround until I find the time to fix the
-+# root cause:
-+message("CMAKE_C_FLAGS BEFORE: ${CMAKE_C_FLAGS}")
-+string(REPLACE ";" " " CMAKE_C_FLAGS "${CMAKE_C_FLAGS}")
-+message("CMAKE_C_FLAGS AFTER:  ${CMAKE_C_FLAGS}")
-+
-+
- set (SOURCE
-         yubico-piv-tool.c
-         ../common/openssl-compat.c
-diff --git a/ykcs11/CMakeLists.txt b/ykcs11/CMakeLists.txt
-index 01670eb..c1e37b6 100644
---- a/ykcs11/CMakeLists.txt
-+++ b/ykcs11/CMakeLists.txt
-@@ -51,6 +51,18 @@ include_directories(
-         ${LIBCRYPTO_INCLUDE_DIRS}
- )
- 
-+# The included cmake modules are buggy, generating invalid flags with
-+# semicolons inserted. Temporary workaround until I find the time to fix the
-+# root cause:
-+message("LIBCRYPTO_CFLAGS BEFORE: ${LIBCRYPTO_CFLAGS}")
-+string(REPLACE ";" " " LIBCRYPTO_CFLAGS "${LIBCRYPTO_CFLAGS}")
-+message("LIBCRYPTO_CFLAGS AFTER:  ${LIBCRYPTO_CFLAGS}")
-+
-+message("CMAKE_C_FLAGS BEFORE: ${CMAKE_C_FLAGS}")
-+string(REPLACE ";" " " CMAKE_C_FLAGS "${CMAKE_C_FLAGS}")
-+message("CMAKE_C_FLAGS AFTER:  ${CMAKE_C_FLAGS}")
-+
-+
- set(YKCS11_VERSION_MAJOR ${yubico_piv_tool_VERSION_MAJOR})
- set(YKCS11_VERSION_MINOR  ${yubico_piv_tool_VERSION_MINOR})
- set(YKCS11_VERSION_PATCH ${yubico_piv_tool_VERSION_PATCH})
diff --git a/yubico-piv-tool-2.5.0.tar.gz b/yubico-piv-tool-2.5.0.tar.gz
deleted file mode 100644
index ff9163a..0000000
--- a/yubico-piv-tool-2.5.0.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:76a1b63bed9ff66fef2efcfed89117ee914fda0f2dde2574e084d6c9a1581f4a
-size 1334966
diff --git a/yubico-piv-tool-2.5.0.tar.gz.sig b/yubico-piv-tool-2.5.0.tar.gz.sig
deleted file mode 100644
index 35ce195058eb5b1410f984ac3bcf53cec4b4e2590640dc51389e2d4bd263136d..0000000000000000000000000000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 566
zcmV-60?GY}0y6{v0SEvc79j+v&K7wT?&31JBYRX3%EXo~1INq-0%f{MiU0};5D?15
zmM#Ow%%}Vh|5Z5HQ6azTg2aK!*j`((@ti8bt)g53alqBcygm+3*|QlzLdh?8sQ|oN
z^jTgoX<KLsEsaykRWHN#NPt%-i9?e}1yCyt=o|JY+0Q|Sy_*E@o26P5zu@??dt)LH
z#w?6KDTcLiveW%$O}j-v{AWkBycMP8ZzyZilRF3hQMtgkje&cn{}Y%qNu*?_5o$V=
zu!&i;nLXD6O3#^bevcxFdUY2Qmv<5ebgC-D<JhV@rFN)R#^Uor+XHu~*uPg?K~+DT
zgXH9oigX4Ot|wV^<%D5K2w3KFXZjT%q^uY4Xk}my;x|HRYpqY!0w+bf0D5^)x$uBe
zb@B#B4-44o2J>o6G(YeCIIOVV{Ib=-8Z#1WR(Un13`xAgc6w$K7=d>5raFrL%!xY;
zl9ut}N7J#>G|#ux2~B)PMETb}vLEB6NZDiWO`~OPA}Gi6z!FEvk~KPziT{O_<0F3v
zL2t4C>Vg^Llhmfm7Ty@Y#U$)!hcC70;=*auy&uLo{-*UFw(pP*-0R{AnLtlRPd6iY
zLQEY}QN+;4^|3IZ&6BmWSo%L}V+-r%0zL`^21HyxKAr#LfS0B;;NeRZ@?qa<J0*r*
zu*G#pM$hW!9B23M^Y=eWHTNolA(fyiQ<L~Obat_6^gJ9ZOK$-c@^E4lPv`{SR4pH)
EQuv<`Bme*a

diff --git a/yubico-piv-tool-2.5.1.tar.gz b/yubico-piv-tool-2.5.1.tar.gz
new file mode 100644
index 0000000..4904dd9
--- /dev/null
+++ b/yubico-piv-tool-2.5.1.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4262df01eec5c5ef942be9694db5bceac79f457e94879298a4934f6b5e44ff5f
+size 1340147
diff --git a/yubico-piv-tool-2.5.1.tar.gz.sig b/yubico-piv-tool-2.5.1.tar.gz.sig
new file mode 100644
index 0000000000000000000000000000000000000000000000000000000000000000..140eab7b12cf159fe49cec3ec2bee4ef149a4521ef0dc2d024191491a6380f74
GIT binary patch
literal 566
zcmV-60?GY}0y6{v0SEvc79j+v&K7wT?&31JBYRX3%EXo~1INq-0%gl*>HrD}5D?15
zmM#Ow%pax?{0Wlh0oK-%;bp~f==6+I=7V&Gk^lUeK?rT9v<QJrOJqBlZKUw2d8;tJ
zN6zMlaqONF09o86I4fLxI!ON$(mVVH!!cnzXnZ__MEqno&YSz0!An2x!H{(T3m<?n
z95`~_2-E<>k57%}sb{<RLB~Al`UzC@OF{hu(~$c;&pU`K@#F|m#OrwSZ9S<0V@`?&
zJl2gn%m_c9Td($bK7m;w0xT$0D5GwlY9}8nz_x~f0BLA<B{r1Kq{!N%n_;f?jTzJb
zMrv8+(Dwzb6n<{c@~xfX$+_26V~pT-yP<{48LbTgRSpzCtOTZTv00ZVn&>{7K9|9F
zQ(EEkUo^XREQyt_+($Jtl((FiGn9uy6Fw^U>D?i!$j{K(Bx~9?$vU6rgey@Ys9s8i
zkj!XB*)|AL;~jn{_MbO+Bf#nUmS%5UP=oC_8rG*M_lTD-yt3}54M;lBxk*Sw;At|V
zIP5uI-vMRj*VAsL*9~{K!u7mI2d#!H6g@5E^epmV?d=Uvc9GAJEi40Oc{8G)k8BuS
z$%BMk#SUjvn87Z$$^1=BOUBgd!EtipVY@sK6`^xj@xZDFDXZJ_ONPF2>G5GFoB=&M
zpXWCcesbclnIt3|8g(o<Ssi5rlR<iBl3P2sB_BaVN=B+t4)=^utJE{D&2K?<DwjH|
E*3i8U9RL6T

literal 0
HcmV?d00001

diff --git a/yubico-piv-tool.changes b/yubico-piv-tool.changes
index 1f5b91e..65301b3 100644
--- a/yubico-piv-tool.changes
+++ b/yubico-piv-tool.changes
@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Wed Feb 14 09:05:14 UTC 2024 - Wolfgang Frisch <wolfgang.frisch@suse.com>
+
+- update to 2.5.1:
+  * ykpiv: cmd: ykcs11: Fix buffer size for key import.
+- add cmake-flags-upstream-issue-474.patch: 
+  proper fix for the cmake flags issue
+- remove temporary-cmake-flags-fix.patch
+
 -------------------------------------------------------------------
 Wed Feb  7 12:32:15 UTC 2024 - Wolfgang Frisch <wolfgang.frisch@suse.com>
 
diff --git a/yubico-piv-tool.spec b/yubico-piv-tool.spec
index c8009b1..4bdf87a 100644
--- a/yubico-piv-tool.spec
+++ b/yubico-piv-tool.spec
@@ -18,7 +18,7 @@
 
 %define sover  2
 Name:           yubico-piv-tool
-Version:        2.5.0
+Version:        2.5.1
 Release:        0
 Summary:        Yubico YubiKey NEO CCID Manager
 License:        BSD-2-Clause
@@ -28,8 +28,8 @@ Source0:        https://developers.yubico.com/yubico-piv-tool/Releases/%{name}-%
 Source1:        https://developers.yubico.com/yubico-piv-tool/Releases/%{name}-%{version}.tar.gz.sig
 Source3:        yubico-piv-tool.keyring
 Patch1:         pthread-link.patch
-# Remove the following patch once cmake/* is fixed in upstream:
-Patch2:         temporary-cmake-flags-fix.patch
+# https://github.com/Yubico/yubico-piv-tool/issues/474
+Patch2:         cmake-flags-upstream-issue-474.patch
 BuildRequires:  c++_compiler
 BuildRequires:  check-devel
 BuildRequires:  cmake