Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Frysinger <vapier@gentoo.org>2014-10-16 17:54:18 +0000
committerMike Frysinger <vapier@gentoo.org>2014-10-16 17:54:18 +0000
commit52e8c50d9a34cb80faa9f28d3e79589bc0be62ed (patch)
tree4aba217e17523205c26272adb5271f051a2109ef
parentVersion bump. (diff)
downloadhistorical-52e8c50d9a34cb80faa9f28d3e79589bc0be62ed.tar.gz
historical-52e8c50d9a34cb80faa9f28d3e79589bc0be62ed.tar.bz2
historical-52e8c50d9a34cb80faa9f28d3e79589bc0be62ed.zip
Fix from Chromium OS for handling of large certificates.
Package-Manager: portage-2.2.14_rc1/cvs/Linux x86_64 Manifest-Sign-Key: 0xD2E96200
Diffstat
-rw-r--r--dev-libs/libp11/ChangeLog8
-rw-r--r--dev-libs/libp11/Manifest20
-rw-r--r--dev-libs/libp11/files/libp11-0.2.8-variable-buffer-size.patch114
-rw-r--r--dev-libs/libp11/libp11-0.2.8-r2.ebuild46
4 files changed, 183 insertions, 5 deletions
diff --git a/dev-libs/libp11/ChangeLog b/dev-libs/libp11/ChangeLog
index ed03f1aeb7d2..68aa750cea7a 100644
--- a/dev-libs/libp11/ChangeLog
+++ b/dev-libs/libp11/ChangeLog
@@ -1,6 +1,12 @@
# ChangeLog for dev-libs/libp11
# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/libp11/ChangeLog,v 1.67 2014/08/10 20:37:23 slyfox Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/libp11/ChangeLog,v 1.68 2014/10/16 17:54:16 vapier Exp $
+
+*libp11-0.2.8-r2 (16 Oct 2014)
+
+ 16 Oct 2014; Mike Frysinger <vapier@gentoo.org>
+ +files/libp11-0.2.8-variable-buffer-size.patch, +libp11-0.2.8-r2.ebuild:
+ Fix from Chromium OS for handling of large certificates.
10 Aug 2014; Sergei Trofimovich <slyfox@gentoo.org> libp11-0.2.8-r1.ebuild,
libp11-0.2.8.ebuild:
diff --git a/dev-libs/libp11/Manifest b/dev-libs/libp11/Manifest
index 4cb85e6bc7e8..a4a2ec7fd2c9 100644
--- a/dev-libs/libp11/Manifest
+++ b/dev-libs/libp11/Manifest
@@ -2,15 +2,27 @@
Hash: SHA256
AUX libp11-0.2.8-no-ltdl.patch 5184 SHA256 9be90655cfa80a0e3695605a7b7c05cdcc81a8c39c2d347eef6715017cc2b199 SHA512 d8edbf0d615ee787e10391babd71c0d560ef4f71aa31934eed7165dd9ee5fb5214b9894b673843bf17ff2ffc9071daf375072738b82aafacec1f0495ce30957d WHIRLPOOL b51679b4b15e6685a41328042675b17725a39ffddcf1ddcdb003bef55128d993cbd643e1af31b9a866d5ddc475a3dce00640a923cb1857eb19ec26fd8110afe4
+AUX libp11-0.2.8-variable-buffer-size.patch 3076 SHA256 014591e8d109889c8e07e531a295182320c5bf78376cf12e8cc31c7f9ee0cd89 SHA512 166570157e31a24ab7339542e53febe6265a769ecc891d1778c0f66411f86fad7f66348af2410c24a71a1453002384c767a0daf8f7fd0d31f06dfd87edcb4b80 WHIRLPOOL 911540ed17f7ba400d88d2a1f74b2ed4802d988c87cfcc9b9d7165d86eb6aaac2f4c0a2a6250ff0b1723b3f2678298dbaab1f03290bedf4104b7caf0959daf9f
DIST libp11-0.2.8.tar.gz 377508 SHA256 a4121015503ade98074b5e2a2517fc8a139f8b28aed10021db2bb77283f40691 SHA512 917c6623942c83e7657c9b9c4ce0482ffc4539fc29edec9ace412dcece640be3785bf82e09e344c0866b55619ea011ab829ef3d4f8205f2019121d837b1d6c17 WHIRLPOOL fe4f8c6ce952e8a0985bf90af1413c0ba2c2ac84309b1cad55c12f65aa77655e4b9154e1af53d55ba968f9c88a960efd44a4033bcbaa309958f35327eeeac0d9
EBUILD libp11-0.2.8-r1.ebuild 1168 SHA256 ce74177dd01b1dcd0203104273d843fff81c8f5023e2275a6f90c42d313f31f8 SHA512 e78267c18af1530734c91a7603eed77a705184f6b8eb81e796e8c318d168f2bf85aebcef2e42f0a047e31617cf9e106b3371623732ebeb332e818bb5ac94ff2f WHIRLPOOL 5e2e42b47abd36890b22be0b0c51e61e9eab556185486586f81c278299d6e4e9febe0d0bed266720f25ec359b566fb0bac9f20a5cf150caa3a897b7279b12d3f
+EBUILD libp11-0.2.8-r2.ebuild 1164 SHA256 0b36bd406dcee7e658f0a6367af53e4410cf5ddfb305d8cf9ab8caed857df826 SHA512 ac13626a8e28d978b14e6ed8c50b256b411ffcb35fa24312ecde40008e7794ea606b3c46c79bb7e4bbc72738b2b0a6140763ef15a032f9132ec3c19ebb04bf04 WHIRLPOOL d872d248cd929eeef7179a49cab12002dd63eae9204f18377938a359f7780cac6e2f330be4dc9f3dbe7159e687086459a99751d818e3b18f8fd681edef5ffee9
EBUILD libp11-0.2.8.ebuild 1217 SHA256 d5b7e11fb82d15dd178c7a9a4748f5da733eda71fda7ffb743fdf9493a28632e SHA512 0dbec4f05d870afaf0ee16a86f7566060e1dc9cfd691c5cde86f86070b22f8c7601e219b48884898b857b7fb27387175af9f9456c362e3b92ff806f4eee1c531 WHIRLPOOL 4a162cc056b7fd1db70efd85e3829c87d6296189cb2e6b2ad80ff71a359434cf9d72cdee21f277224106c25dfc44736e053f29fb510ae18ddeef9cd84a3fecc8
-MISC ChangeLog 8094 SHA256 ef55842d5dc3b1eaba462d1da5de8b13b6be20c3b6a95fa13ac18304bff5ab85 SHA512 069c943259183147da0b71911eecce04dafa7df8995b6534dd0a5bb8fa7d9bca503df5ab6dcac96029444b0f5301d88c97741b0ccb2d8c61195cd893ccc4bd29 WHIRLPOOL 23a62e10f67aba5b04027cb3d1e374d5f00a4731512b59715e3c6925f7d3c3237ec0b2a37ff4b35775c03a31fec2d51eb478e3808c7da89d210ab4630040b252
+MISC ChangeLog 8311 SHA256 f2f83d025eb3f37e3b78bddd86aa6d384bd31a34b91d041a359fb26405bc7ebd SHA512 e7453cf84249690ba6fa470db1cec5a8b68fae516ed1bc45aa8d5c51e4a3f3974147413a03019f3e888df384b9c522779e3b32b49eb1b2dc1fe2064953d55f4a WHIRLPOOL fea3f255f8b155df41a6acf221347ab98d7ba6812f6d32c037416df7909f938d6c40402c14146bd4f33eeb8891371ee059b2e309d1fd74334a64a41d4058bcb7
MISC metadata.xml 427 SHA256 702a9485ff50ace3adf3a39c6862d82666d9d1b0aa98dc9b9cb33ca084637de7 SHA512 9a0876cc89a869609d72d8cea686ba52458eb93b11205851853c4327334a73a1065d2413b2f8f5de6f0af42149de3ed1629c8a7608f0a9b350b35f17fcd73a4c WHIRLPOOL 9cb636eb1780b7f206fc955f059ae4702ef32b12ad12010635e50a8682572c0fca6043f803bf7c3d94764e055092baf3536d650a7587d37d431be8a9a6d5b785
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-iEYEAREIAAYFAlPn2AQACgkQcaHudmEf86qVBACcCM+UlSGGvddASpQVH6zq2LqT
-jHEAnjjC6CybRNUjXtrR0pDZrtmOxUgB
-=nULH
+iQIcBAEBCAAGBQJUQAZKAAoJEPGu1DbS6WIA/KMP/1+oXDuHbgs/9g6A9Ik5y4UD
+4VjR11O7VsrZODXe1Ut/LLhu8si9Kn4+CTg2+sOZwLfnWV2sqEmtPhiXsSCxj0P9
+vGEBzXgMqgD22fhm3fqGkUQ2cdyNOfnB3MgQoRpwCgya9UsG7AshpmTqTWN2V/YI
++gSNDRz0Yb37teMbk6dLfo+KdbL3iurutDMiQX3ze0jk4soJ1COIjXsYguR4w0yr
+OrlKtR2fetsSK2nUtSB+BmotDmqzxaDYMauQKNKTr9fZATUC2OHaogrqN8i2KZav
+o4d7qXL4XSkirFqtHzINQhUXPuj7pHoKgCX3PUKsuju9zRxfbHsaIdMs3CvccwEw
+Ko75glTkE+kFcSiVwPgSRsdmLwU4jxwC2i46KB/yDhw8yvB2s4KLeQELFWIAkgom
+z3k51aKTMebmuyHRjzr+dSSn7bRw9NFsxshgKZofJ6DBIBMsr92syL5KyIA7zImQ
+mbb0+owYWYbVXnKKx6fqpPjBVN2mhyTBpOR/rCoqel67fWXrOAs3SLN1c5kBn2c6
+0I5HNH6cCF4OcYwTf14dv56q0Qp4UbuJFN32y4M1tBhSjNoOfu7XOim/ISCAk3+/
+uSCQFvYgtBKTaVKi0vXd37aud9bbhAExaCBkoGT5CZcqryaC6/yV9lmT4KWSvR9+
+XM3rl75MHUpc3IBmnrMW
+=8963
-----END PGP SIGNATURE-----
diff --git a/dev-libs/libp11/files/libp11-0.2.8-variable-buffer-size.patch b/dev-libs/libp11/files/libp11-0.2.8-variable-buffer-size.patch
new file mode 100644
index 000000000000..8cee3fb3f058
--- /dev/null
+++ b/dev-libs/libp11/files/libp11-0.2.8-variable-buffer-size.patch
@@ -0,0 +1,114 @@
+3 year old upstream proposal https://www.opensc-project.org/opensc/ticket/350
+
+The fixed buffers allocated in pkcs11_init_cert are too small to hold the
+output data for some certificates. It causes a "Buffer too small" error
+to be returned from pkcs11_getattr_var.
+
+Fix from Chromium OS:
+Use heap instead of stack for variable length data when reading
+certificate attributes.
+
+Patch by Paul Stewart <pstew@chromium.org>
+
+--- a/src/libp11-int.h
++++ b/src/libp11-int.h
+@@ -136,6 +136,8 @@
+ unsigned int, void *, size_t *);
+ extern int pkcs11_getattr_bn(PKCS11_TOKEN *, CK_OBJECT_HANDLE,
+ unsigned int, BIGNUM **);
++extern void *pkcs11_getattr_alloc(PKCS11_TOKEN *, CK_OBJECT_HANDLE,
++ unsigned int, size_t *);
+
+ #define key_getattr(key, t, p, s) \
+ pkcs11_getattr(KEY2TOKEN((key)), PRIVKEY((key))->object, (t), (p), (s))
+--- a/src/p11_attr.c
++++ b/src/p11_attr.c
+@@ -98,6 +98,32 @@
+ return *bn ? 0 : -1;
+ }
+
++void *
++pkcs11_getattr_alloc(PKCS11_TOKEN * token, CK_OBJECT_HANDLE object,
++ unsigned int type, size_t *size_out)
++{
++ size_t size = 0;
++ void *data = NULL;
++
++ if (pkcs11_getattr_var(token, object, type, NULL, &size))
++ return NULL;
++
++ data = malloc(size);
++ if (data == NULL)
++ return NULL;
++
++ memset(data, 0, size);
++ if (pkcs11_getattr_var(token, object, type, data, &size)) {
++ free(data);
++ return NULL;
++ }
++
++ if (size_out != NULL)
++ *size_out = size;
++
++ return data;
++}
++
+ /*
+ * Add attributes to template
+ */
+--- a/src/p11_cert.c
++++ b/src/p11_cert.c
+@@ -136,10 +136,9 @@
+ PKCS11_TOKEN_private *tpriv;
+ PKCS11_CERT_private *kpriv;
+ PKCS11_CERT *cert, *tmp;
+- char label[256], data[2048];
+- unsigned char id[256];
+ CK_CERTIFICATE_TYPE cert_type;
+ size_t size;
++ void *data;
+
+ size = sizeof(cert_type);
+ if (pkcs11_getattr_var(token, obj, CKA_CERTIFICATE_TYPE, &cert_type, &size))
+@@ -165,18 +164,32 @@
+ kpriv->object = obj;
+ kpriv->parent = token;
+
+- if (!pkcs11_getattr_s(token, obj, CKA_LABEL, label, sizeof(label)))
+- cert->label = BUF_strdup(label);
+- size = sizeof(data);
+- if (!pkcs11_getattr_var(token, obj, CKA_VALUE, data, &size)) {
+- const unsigned char *p = (unsigned char *) data;
++ data = pkcs11_getattr_alloc(token, obj, CKA_LABEL, &size);
++ if (data != NULL) {
++ char *label = data;
++ /* Fix any null-termination issues with the label */
++ if (label[size - 1] != '\0') {
++ label = realloc(label, size + 1);
++ if (label == NULL) {
++ free(data);
++ return -1;
++ }
++ label[size] = '\0';
++ }
++ cert->label = label;
++ }
+
++ data = pkcs11_getattr_alloc(token, obj, CKA_VALUE, &size);
++ if (data != NULL) {
++ const unsigned char *p = data;
+ cert->x509 = d2i_X509(NULL, &p, size);
++ free(data);
+ }
+- cert->id_len = sizeof(id);
+- if (!pkcs11_getattr_var(token, obj, CKA_ID, id, &cert->id_len)) {
+- cert->id = (unsigned char *) malloc(cert->id_len);
+- memcpy(cert->id, id, cert->id_len);
++ data = pkcs11_getattr_alloc(token, obj, CKA_ID, &cert->id_len);
++ if (data != NULL) {
++ cert->id = data;
++ } else {
++ cert->id_len = 0;
+ }
+
+ /* Initialize internal information */
diff --git a/dev-libs/libp11/libp11-0.2.8-r2.ebuild b/dev-libs/libp11/libp11-0.2.8-r2.ebuild
new file mode 100644
index 000000000000..aab4547a40dc
--- /dev/null
+++ b/dev-libs/libp11/libp11-0.2.8-r2.ebuild
@@ -0,0 +1,46 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/libp11/libp11-0.2.8-r2.ebuild,v 1.1 2014/10/16 17:54:16 vapier Exp $
+
+EAPI="4"
+inherit eutils autotools
+
+DESCRIPTION="A library implementing a layer on top of PKCS#11 API to make using PKCS#11 implementations easier"
+HOMEPAGE="https://github.com/opensc/libp11/wiki"
+SRC_URI="mirror://sourceforge/opensc/${PN}/${P}.tar.gz"
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="doc"
+
+RDEPEND="dev-libs/openssl"
+DEPEND="${RDEPEND}
+ virtual/pkgconfig
+ doc? ( app-doc/doxygen )"
+
+if [[ "${PV}" == "9999" ]]; then
+ DEPEND+="
+ app-text/docbook-xsl-stylesheets
+ dev-libs/libxslt"
+fi
+
+src_prepare() {
+ epatch "${FILESDIR}"/${P}-no-ltdl.patch
+ epatch "${FILESDIR}"/${P}-variable-buffer-size.patch
+ eautoreconf
+}
+
+src_configure() {
+ econf \
+ --docdir="/usr/share/doc/${PF}" \
+ --htmldir="/usr/share/doc/${PF}/html" \
+ --enable-shared --disable-static \
+ --enable-doc \
+ $(use_enable doc api-doc)
+}
+
+src_install() {
+ default
+ find "${D}" -name '*.la' -delete
+}