1
0

Accepting request 1146768 from home:wfrisch:branches:security

- update to 2.5.1:
  * ykpiv: cmd: ykcs11: Fix buffer size for key import.
- add cmake-flags-upstream-issue-474.patch: 
  proper fix for the cmake flags issue
- remove temporary-cmake-flags-fix.patch

OBS-URL: https://build.opensuse.org/request/show/1146768
OBS-URL: https://build.opensuse.org/package/show/security/yubico-piv-tool?expand=0&rev=43
This commit is contained in:
Torsten Gruner 2024-02-15 11:02:54 +00:00 committed by Git OBS Bridge
parent 546257bdfe
commit 84f5c9d586
8 changed files with 82 additions and 75 deletions

View File

@ -0,0 +1,67 @@
commit a3b81d574ac20a1f17eea245da6096f59416b8f7
Author: Wolfgang Frisch <wolfgang.frisch@suse.com>
Date: Thu Feb 15 10:23:03 2024 +0100
cmake: fix semicolons in CFLAGS of custom modules
Both `openssl.cmake` and `pcscd.cmake` use FindPkgConfig to retrieve the
required CFLAGS and LDFLAGS. However FindPkgConfig returns lists [1],
which are stored as semicolon-separated strings in CMake. This breaks
the build when there's more than one flag in any of those variables.
Fixes https://github.com/Yubico/yubico-piv-tool/issues/474
diff --git a/CMakeLists.txt b/CMakeLists.txt
index ae6654e..1bc068a 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -25,7 +25,7 @@
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-cmake_minimum_required (VERSION 3.5)
+cmake_minimum_required (VERSION 3.12)
# policy CMP0025 is to get AppleClang identifier rather than Clang for both
# this matters since the apple compiler accepts different flags.
cmake_policy(SET CMP0025 NEW)
diff --git a/cmake/openssl.cmake b/cmake/openssl.cmake
index e650d81..ec29ee3 100644
--- a/cmake/openssl.cmake
+++ b/cmake/openssl.cmake
@@ -84,8 +84,9 @@ macro (find_libcrypto)
endif(WIN32 OR OPENSSL_STATIC_LINK)
message(" OpenSSL version: ${OPENSSL_VERSION}")
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${LIBCRYPTO_CFLAGS}")
- set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${LIBCRYPTO_CFLAGS}")
+ list(JOIN LIBCRYPTO_CFLAGS " " LIBCRYPTO_CFLAGS_STRING)
+ set(CMAKE_C_FLAGS "${LIBCRYPTO_CFLAGS_STRING} ${CMAKE_C_FLAGS}")
+ set(CMAKE_CXX_FLAGS "${LIBCRYPTO_CFLAGS_STRING} ${CMAKE_CXX_FLAGS}")
link_directories(${LIBCRYPTO_LIBRARY_DIRS})
include_directories(${LIBCRYPTO_INCLUDE_DIRS})
diff --git a/cmake/pcscd.cmake b/cmake/pcscd.cmake
index 4222693..5fe0ad9 100644
--- a/cmake/pcscd.cmake
+++ b/cmake/pcscd.cmake
@@ -75,7 +75,7 @@ macro (find_pcscd)
set(ENV{PKG_CONFIG_PATH} "${PCSCLITE_PKG_PATH}:$ENV{PKG_CONFIG_PATH}")
pkg_check_modules(PCSC REQUIRED libpcsclite)
if(PCSC_FOUND)
- set(PCSC_LIBRARIES ${PCSC_LDFLAGS})
+ list(JOIN PCSC_LDFLAGS " " PCSC_LIBRARIES)
if(VERBOSE_CMAKE)
message("PCSC_FOUND: ${PCSC_FOUND}")
message("PCSC_LIBRARY_DIRS: ${PCSC_LIBRARY_DIRS}")
@@ -100,8 +100,9 @@ macro (find_pcscd)
else(${PCSC_DIR} NOT STREQUAL "")
set(PCSC_CUSTOM_LIBS "-Wl,-l${PCSC_LIB}")
endif(${PCSC_DIR} NOT STREQUAL "")
- set(CMAKE_C_FLAGS ${PCSC_CFLAGS} ${CMAKE_C_FLAGS})
- set(PCSC_LIBRARIES ${PCSC_LIBRARIES} ${PCSC_CUSTOM_LIBS})
+ list(JOIN PCSC_CFLAGS " " PCSC_CFLAGS_STRING)
+ set(CMAKE_C_FLAGS "${PCSC_CFLAGS_STRING} ${CMAKE_C_FLAGS}")
+ set(PCSC_LIBRARIES "${PCSC_LIBRARIES} ${PCSC_CUSTOM_LIBS}")
unset(PCSC_MACOSX_LIBS)
unset(PCSC_WIN_LIBS)
unset(PCSC_LIBS)

View File

@ -1,69 +0,0 @@
diff --git a/lib/CMakeLists.txt b/lib/CMakeLists.txt
index f44d009..d41b568 100644
--- a/lib/CMakeLists.txt
+++ b/lib/CMakeLists.txt
@@ -30,6 +30,22 @@ message("lib/CMakeList.txt")
include(${CMAKE_SOURCE_DIR}/cmake/pcscd.cmake)
find_pcscd()
+# The included cmake modules are buggy, generating invalid flags with
+# semicolons inserted. Temporary workaround until I find the time to fix the
+# root cause:
+message("PCSC_LIBRARIES BEFORE: ${PCSC_LIBRARIES}")
+string(REPLACE ";" " " PCSC_LIBRARIES "${PCSC_LIBRARIES}")
+message("PCSC_LIBRARIES AFTER: ${PCSC_LIBRARIES}")
+
+message("LIBCRYPTO_CFLAGS BEFORE: ${LIBCRYPTO_CFLAGS}")
+string(REPLACE ";" " " LIBCRYPTO_CFLAGS "${LIBCRYPTO_CFLAGS}")
+message("LIBCRYPTO_CFLAGS AFTER: ${LIBCRYPTO_CFLAGS}")
+
+message("CMAKE_C_FLAGS BEFORE: ${CMAKE_C_FLAGS}")
+string(REPLACE ";" " " CMAKE_C_FLAGS "${CMAKE_C_FLAGS}")
+message("CMAKE_C_FLAGS AFTER: ${CMAKE_C_FLAGS}")
+
+
set(YKPIV_VERSION_STRING "${yubico_piv_tool_VERSION_MAJOR}.${yubico_piv_tool_VERSION_MINOR}.${yubico_piv_tool_VERSION_PATCH}")
set(CMAKE_WINDOWS_EXPORT_ALL_SYMBOLS TRUE)
diff --git a/tool/CMakeLists.txt b/tool/CMakeLists.txt
index f0e6de5..f2011bd 100644
--- a/tool/CMakeLists.txt
+++ b/tool/CMakeLists.txt
@@ -27,6 +27,14 @@
message("tool/CMakeList.txt")
+# The included cmake modules are buggy, generating invalid flags with
+# semicolons inserted. Temporary workaround until I find the time to fix the
+# root cause:
+message("CMAKE_C_FLAGS BEFORE: ${CMAKE_C_FLAGS}")
+string(REPLACE ";" " " CMAKE_C_FLAGS "${CMAKE_C_FLAGS}")
+message("CMAKE_C_FLAGS AFTER: ${CMAKE_C_FLAGS}")
+
+
set (SOURCE
yubico-piv-tool.c
../common/openssl-compat.c
diff --git a/ykcs11/CMakeLists.txt b/ykcs11/CMakeLists.txt
index 01670eb..c1e37b6 100644
--- a/ykcs11/CMakeLists.txt
+++ b/ykcs11/CMakeLists.txt
@@ -51,6 +51,18 @@ include_directories(
${LIBCRYPTO_INCLUDE_DIRS}
)
+# The included cmake modules are buggy, generating invalid flags with
+# semicolons inserted. Temporary workaround until I find the time to fix the
+# root cause:
+message("LIBCRYPTO_CFLAGS BEFORE: ${LIBCRYPTO_CFLAGS}")
+string(REPLACE ";" " " LIBCRYPTO_CFLAGS "${LIBCRYPTO_CFLAGS}")
+message("LIBCRYPTO_CFLAGS AFTER: ${LIBCRYPTO_CFLAGS}")
+
+message("CMAKE_C_FLAGS BEFORE: ${CMAKE_C_FLAGS}")
+string(REPLACE ";" " " CMAKE_C_FLAGS "${CMAKE_C_FLAGS}")
+message("CMAKE_C_FLAGS AFTER: ${CMAKE_C_FLAGS}")
+
+
set(YKCS11_VERSION_MAJOR ${yubico_piv_tool_VERSION_MAJOR})
set(YKCS11_VERSION_MINOR ${yubico_piv_tool_VERSION_MINOR})
set(YKCS11_VERSION_PATCH ${yubico_piv_tool_VERSION_PATCH})

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:76a1b63bed9ff66fef2efcfed89117ee914fda0f2dde2574e084d6c9a1581f4a
size 1334966

Binary file not shown.

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:4262df01eec5c5ef942be9694db5bceac79f457e94879298a4934f6b5e44ff5f
size 1340147

Binary file not shown.

View File

@ -1,3 +1,12 @@
-------------------------------------------------------------------
Wed Feb 14 09:05:14 UTC 2024 - Wolfgang Frisch <wolfgang.frisch@suse.com>
- update to 2.5.1:
* ykpiv: cmd: ykcs11: Fix buffer size for key import.
- add cmake-flags-upstream-issue-474.patch:
proper fix for the cmake flags issue
- remove temporary-cmake-flags-fix.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Feb 7 12:32:15 UTC 2024 - Wolfgang Frisch <wolfgang.frisch@suse.com> Wed Feb 7 12:32:15 UTC 2024 - Wolfgang Frisch <wolfgang.frisch@suse.com>

View File

@ -18,7 +18,7 @@
%define sover 2 %define sover 2
Name: yubico-piv-tool Name: yubico-piv-tool
Version: 2.5.0 Version: 2.5.1
Release: 0 Release: 0
Summary: Yubico YubiKey NEO CCID Manager Summary: Yubico YubiKey NEO CCID Manager
License: BSD-2-Clause License: BSD-2-Clause
@ -28,8 +28,8 @@ Source0: https://developers.yubico.com/yubico-piv-tool/Releases/%{name}-%
Source1: https://developers.yubico.com/yubico-piv-tool/Releases/%{name}-%{version}.tar.gz.sig Source1: https://developers.yubico.com/yubico-piv-tool/Releases/%{name}-%{version}.tar.gz.sig
Source3: yubico-piv-tool.keyring Source3: yubico-piv-tool.keyring
Patch1: pthread-link.patch Patch1: pthread-link.patch
# Remove the following patch once cmake/* is fixed in upstream: # https://github.com/Yubico/yubico-piv-tool/issues/474
Patch2: temporary-cmake-flags-fix.patch Patch2: cmake-flags-upstream-issue-474.patch
BuildRequires: c++_compiler BuildRequires: c++_compiler
BuildRequires: check-devel BuildRequires: check-devel
BuildRequires: cmake BuildRequires: cmake