From 546257bdfe0cf0506b05645a3f0d5520d7e4189f5efa7936aa61cf70b48d11dd Mon Sep 17 00:00:00 2001
From: Torsten Gruner <t.gruner@katodev.de>
Date: Fri, 9 Feb 2024 17:58:54 +0000
Subject: [PATCH] Accepting request 1145140 from home:wfrisch:branches:security

- update to 2.5.0:
  * ykpiv: cmd: ykcs11: Add support for RSA3072 and RSA4096 key types.
    Available in firmware 5.7.0 and newer
  * ykpiv: cmd: Add support for ED25519 and X25519 key types.
    Available in firmware 5.7.0 and newer
  * ykpiv: cmd: Add support for deleting keys.
    Available in firmware 5.7.0 and newer
  * ykpiv: cmd: Add support for moving keys between slots.
    Available in firmware 5.7.0 and newer
- add temporary-cmake-flags-fix.patch
  The included cmake modules are buggy. This patch should be removed once the
  root cause is fixed in upstream.

OBS-URL: https://build.opensuse.org/request/show/1145140
OBS-URL: https://build.opensuse.org/package/show/security/yubico-piv-tool?expand=0&rev=41
---
 pthread-link.patch               |   6 +--
 temporary-cmake-flags-fix.patch  |  69 +++++++++++++++++++++++++++++++
 yubico-piv-tool-2.4.2.tar.gz     |   3 --
 yubico-piv-tool-2.4.2.tar.gz.sig | Bin 566 -> 0 bytes
 yubico-piv-tool-2.5.0.tar.gz     |   3 ++
 yubico-piv-tool-2.5.0.tar.gz.sig | Bin 0 -> 566 bytes
 yubico-piv-tool.changes          |  16 +++++++
 yubico-piv-tool.spec             |   7 +++-
 8 files changed, 96 insertions(+), 8 deletions(-)
 create mode 100644 temporary-cmake-flags-fix.patch
 delete mode 100644 yubico-piv-tool-2.4.2.tar.gz
 delete mode 100644 yubico-piv-tool-2.4.2.tar.gz.sig
 create mode 100644 yubico-piv-tool-2.5.0.tar.gz
 create mode 100644 yubico-piv-tool-2.5.0.tar.gz.sig

diff --git a/pthread-link.patch b/pthread-link.patch
index 83b6820..c1e8474 100644
--- a/pthread-link.patch
+++ b/pthread-link.patch
@@ -1,7 +1,7 @@
-Index: yubico-piv-tool-2.2.1/ykcs11/CMakeLists.txt
+Index: yubico-piv-tool-2.5.0/ykcs11/CMakeLists.txt
 ===================================================================
---- yubico-piv-tool-2.2.1.orig/ykcs11/CMakeLists.txt
-+++ yubico-piv-tool-2.2.1/ykcs11/CMakeLists.txt
+--- yubico-piv-tool-2.5.0.orig/ykcs11/CMakeLists.txt
++++ yubico-piv-tool-2.5.0/ykcs11/CMakeLists.txt
 @@ -60,6 +60,9 @@ if(${ENABLE_HARDWARE_TESTS})
      set(HW_TESTS 1)
  endif(${ENABLE_HARDWARE_TESTS})
diff --git a/temporary-cmake-flags-fix.patch b/temporary-cmake-flags-fix.patch
new file mode 100644
index 0000000..1746fe0
--- /dev/null
+++ b/temporary-cmake-flags-fix.patch
@@ -0,0 +1,69 @@
+diff --git a/lib/CMakeLists.txt b/lib/CMakeLists.txt
+index f44d009..d41b568 100644
+--- a/lib/CMakeLists.txt
++++ b/lib/CMakeLists.txt
+@@ -30,6 +30,22 @@ message("lib/CMakeList.txt")
+ include(${CMAKE_SOURCE_DIR}/cmake/pcscd.cmake)
+ find_pcscd()
+ 
++# The included cmake modules are buggy, generating invalid flags with
++# semicolons inserted. Temporary workaround until I find the time to fix the
++# root cause:
++message("PCSC_LIBRARIES BEFORE: ${PCSC_LIBRARIES}")
++string(REPLACE ";" " " PCSC_LIBRARIES "${PCSC_LIBRARIES}")
++message("PCSC_LIBRARIES AFTER:  ${PCSC_LIBRARIES}")
++
++message("LIBCRYPTO_CFLAGS BEFORE: ${LIBCRYPTO_CFLAGS}")
++string(REPLACE ";" " " LIBCRYPTO_CFLAGS "${LIBCRYPTO_CFLAGS}")
++message("LIBCRYPTO_CFLAGS AFTER:  ${LIBCRYPTO_CFLAGS}")
++
++message("CMAKE_C_FLAGS BEFORE: ${CMAKE_C_FLAGS}")
++string(REPLACE ";" " " CMAKE_C_FLAGS "${CMAKE_C_FLAGS}")
++message("CMAKE_C_FLAGS AFTER:  ${CMAKE_C_FLAGS}")
++
++
+ set(YKPIV_VERSION_STRING "${yubico_piv_tool_VERSION_MAJOR}.${yubico_piv_tool_VERSION_MINOR}.${yubico_piv_tool_VERSION_PATCH}")
+ 
+ set(CMAKE_WINDOWS_EXPORT_ALL_SYMBOLS TRUE)
+diff --git a/tool/CMakeLists.txt b/tool/CMakeLists.txt
+index f0e6de5..f2011bd 100644
+--- a/tool/CMakeLists.txt
++++ b/tool/CMakeLists.txt
+@@ -27,6 +27,14 @@
+ 
+ message("tool/CMakeList.txt")
+ 
++# The included cmake modules are buggy, generating invalid flags with
++# semicolons inserted. Temporary workaround until I find the time to fix the
++# root cause:
++message("CMAKE_C_FLAGS BEFORE: ${CMAKE_C_FLAGS}")
++string(REPLACE ";" " " CMAKE_C_FLAGS "${CMAKE_C_FLAGS}")
++message("CMAKE_C_FLAGS AFTER:  ${CMAKE_C_FLAGS}")
++
++
+ set (SOURCE
+         yubico-piv-tool.c
+         ../common/openssl-compat.c
+diff --git a/ykcs11/CMakeLists.txt b/ykcs11/CMakeLists.txt
+index 01670eb..c1e37b6 100644
+--- a/ykcs11/CMakeLists.txt
++++ b/ykcs11/CMakeLists.txt
+@@ -51,6 +51,18 @@ include_directories(
+         ${LIBCRYPTO_INCLUDE_DIRS}
+ )
+ 
++# The included cmake modules are buggy, generating invalid flags with
++# semicolons inserted. Temporary workaround until I find the time to fix the
++# root cause:
++message("LIBCRYPTO_CFLAGS BEFORE: ${LIBCRYPTO_CFLAGS}")
++string(REPLACE ";" " " LIBCRYPTO_CFLAGS "${LIBCRYPTO_CFLAGS}")
++message("LIBCRYPTO_CFLAGS AFTER:  ${LIBCRYPTO_CFLAGS}")
++
++message("CMAKE_C_FLAGS BEFORE: ${CMAKE_C_FLAGS}")
++string(REPLACE ";" " " CMAKE_C_FLAGS "${CMAKE_C_FLAGS}")
++message("CMAKE_C_FLAGS AFTER:  ${CMAKE_C_FLAGS}")
++
++
+ set(YKCS11_VERSION_MAJOR ${yubico_piv_tool_VERSION_MAJOR})
+ set(YKCS11_VERSION_MINOR  ${yubico_piv_tool_VERSION_MINOR})
+ set(YKCS11_VERSION_PATCH ${yubico_piv_tool_VERSION_PATCH})
diff --git a/yubico-piv-tool-2.4.2.tar.gz b/yubico-piv-tool-2.4.2.tar.gz
deleted file mode 100644
index 59ecd40..0000000
--- a/yubico-piv-tool-2.4.2.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:fa9837b232b078357c1fba3d34992b05654ea2b9b55476c1ad336d8c96aac40e
-size 1332497
diff --git a/yubico-piv-tool-2.4.2.tar.gz.sig b/yubico-piv-tool-2.4.2.tar.gz.sig
deleted file mode 100644
index c86aef97c2ce7387cc7856861f6827f678b7797cdee1529473b85aa122044492..0000000000000000000000000000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 566
zcmV-60?GY}0y6{v0SEvc79j+v&K7wT?&31JBYRX3%EXo~1INq-0%dX55C94Z5D?15
zmM#Ow%;4b=0EXXAw-!H?g|Zbj{UFe|Sw2;Ec8!o*qxgc;7i5yG``VPN&yEHyy+;Gd
zC_jYhCCYaq+QP?4LaLLUXLq%#$(837S%>I+%}{U#h{J(^hH4EKLV?vxU4_k<s}R~j
ziVZ<NpPdt(Ddbn<Av}WmpA>6<brO582%w~*oN;N5a@m7?6*mV(kIeEtwB$wLacPW%
z(8Kqn)vr|8d9`3^la!#{@>;6E#2xO_b41B^Tl^Y~pl`~gSbhID^<U+n$3j@S?qSpm
zbpi?bUrwJaqWr(hcT*F$I@=Z45f_zCW~XZox*75r50`?}kA7CrgJg^H6U}TbddeAk
zBo^-`-=KqTG3?xwthoiPhz^qii7VXP4IhUd5WwNR{tru;@Ez20RoP85c(uZRa;$H;
zqGY8inExz!V5l1=o&w2Baz&i_DAj$25mG##so#2B+GLHtg6ACM9+0jTpl4czCWs9P
zsnCR!%j-+`3^KX5wt7_=gWyt5H0+SkTayRv{cPOM2T+zn{!b%Z#i*L`?`1mm8G++!
z0)}VJIL<Wd{`E^mYN+Gt=P71R3Np?^V?^%we*xKy4~@pk8=dSBljsw9qIu54F^tVX
z8MZVyRTPs>U_l=vVELCtuR_?Mae*2fFDrx07+2*Av?y4y`q3xbRJ<CtYzs|Q8m>Te
Eyi#HkB>(^b

diff --git a/yubico-piv-tool-2.5.0.tar.gz b/yubico-piv-tool-2.5.0.tar.gz
new file mode 100644
index 0000000..ff9163a
--- /dev/null
+++ b/yubico-piv-tool-2.5.0.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:76a1b63bed9ff66fef2efcfed89117ee914fda0f2dde2574e084d6c9a1581f4a
+size 1334966
diff --git a/yubico-piv-tool-2.5.0.tar.gz.sig b/yubico-piv-tool-2.5.0.tar.gz.sig
new file mode 100644
index 0000000000000000000000000000000000000000000000000000000000000000..35ce195058eb5b1410f984ac3bcf53cec4b4e2590640dc51389e2d4bd263136d
GIT binary patch
literal 566
zcmV-60?GY}0y6{v0SEvc79j+v&K7wT?&31JBYRX3%EXo~1INq-0%f{MiU0};5D?15
zmM#Ow%%}Vh|5Z5HQ6azTg2aK!*j`((@ti8bt)g53alqBcygm+3*|QlzLdh?8sQ|oN
z^jTgoX<KLsEsaykRWHN#NPt%-i9?e}1yCyt=o|JY+0Q|Sy_*E@o26P5zu@??dt)LH
z#w?6KDTcLiveW%$O}j-v{AWkBycMP8ZzyZilRF3hQMtgkje&cn{}Y%qNu*?_5o$V=
zu!&i;nLXD6O3#^bevcxFdUY2Qmv<5ebgC-D<JhV@rFN)R#^Uor+XHu~*uPg?K~+DT
zgXH9oigX4Ot|wV^<%D5K2w3KFXZjT%q^uY4Xk}my;x|HRYpqY!0w+bf0D5^)x$uBe
zb@B#B4-44o2J>o6G(YeCIIOVV{Ib=-8Z#1WR(Un13`xAgc6w$K7=d>5raFrL%!xY;
zl9ut}N7J#>G|#ux2~B)PMETb}vLEB6NZDiWO`~OPA}Gi6z!FEvk~KPziT{O_<0F3v
zL2t4C>Vg^Llhmfm7Ty@Y#U$)!hcC70;=*auy&uLo{-*UFw(pP*-0R{AnLtlRPd6iY
zLQEY}QN+;4^|3IZ&6BmWSo%L}V+-r%0zL`^21HyxKAr#LfS0B;;NeRZ@?qa<J0*r*
zu*G#pM$hW!9B23M^Y=eWHTNolA(fyiQ<L~Obat_6^gJ9ZOK$-c@^E4lPv`{SR4pH)
EQuv<`Bme*a

literal 0
HcmV?d00001

diff --git a/yubico-piv-tool.changes b/yubico-piv-tool.changes
index ce32c37..1f5b91e 100644
--- a/yubico-piv-tool.changes
+++ b/yubico-piv-tool.changes
@@ -1,3 +1,19 @@
+-------------------------------------------------------------------
+Wed Feb  7 12:32:15 UTC 2024 - Wolfgang Frisch <wolfgang.frisch@suse.com>
+
+- update to 2.5.0:
+  * ykpiv: cmd: ykcs11: Add support for RSA3072 and RSA4096 key types.
+    Available in firmware 5.7.0 and newer
+  * ykpiv: cmd: Add support for ED25519 and X25519 key types.
+    Available in firmware 5.7.0 and newer
+  * ykpiv: cmd: Add support for deleting keys.
+    Available in firmware 5.7.0 and newer
+  * ykpiv: cmd: Add support for moving keys between slots.
+    Available in firmware 5.7.0 and newer
+- add temporary-cmake-flags-fix.patch
+  The included cmake modules are buggy. This patch should be removed once the
+  root cause is fixed in upstream.
+
 -------------------------------------------------------------------
 Sun Dec 17 15:01:35 UTC 2023 - Dirk Müller <dmueller@suse.com>
 
diff --git a/yubico-piv-tool.spec b/yubico-piv-tool.spec
index eed1629..c8009b1 100644
--- a/yubico-piv-tool.spec
+++ b/yubico-piv-tool.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package yubico-piv-tool
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
 
 %define sover  2
 Name:           yubico-piv-tool
-Version:        2.4.2
+Version:        2.5.0
 Release:        0
 Summary:        Yubico YubiKey NEO CCID Manager
 License:        BSD-2-Clause
@@ -28,11 +28,14 @@ Source0:        https://developers.yubico.com/yubico-piv-tool/Releases/%{name}-%
 Source1:        https://developers.yubico.com/yubico-piv-tool/Releases/%{name}-%{version}.tar.gz.sig
 Source3:        yubico-piv-tool.keyring
 Patch1:         pthread-link.patch
+# Remove the following patch once cmake/* is fixed in upstream:
+Patch2:         temporary-cmake-flags-fix.patch
 BuildRequires:  c++_compiler
 BuildRequires:  check-devel
 BuildRequires:  cmake
 BuildRequires:  gengetopt
 BuildRequires:  help2man
+BuildRequires:  libboost_thread-devel
 BuildRequires:  pcsc-lite-devel
 BuildRequires:  pkgconfig
 BuildRequires:  valgrind