From: "Yann E. MORIN" <yann.morin.1998@free.fr>
To: Bernd Kuhls <bernd@kuhls.net>
Cc: "José Pekkarinen" <jose.pekkarinen@unikie.com>, buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH v2 1/2] package/opensc: bump version to 0.23.0
Date: Sat, 24 Jun 2023 15:25:49 +0200 [thread overview]
Message-ID: <20230624132549.GL24952@scaer> (raw)
In-Reply-To: <20230624085050.2927814-1-bernd@kuhls.net>
Bernd, All,
On 2023-06-24 10:50 +0200, Bernd Kuhls spake thusly:
> Release notes:
> https://github.com/OpenSC/OpenSC/blob/master/NEWS
>
> Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Applied to master, thanks.
> ---
> v2: no changes, added a LibreSSL patch to this series
I've squashed the LibreSSL fixed together with the bump, as the patches
can't be applied to pre-0.23 anyway, so we can't carry them in ourt
stable branches...
Regards,
Yann E. MORIN.
> .checkpackageignore | 2 -
> .../0001-Fix-maybe-uninitialized-errors.patch | 82 ---------
> ...02-added-compatibility-with-LibreSSL.patch | 173 ------------------
> .../0003-Fix-build-with-libressl-3.5.0.patch | 47 -----
> package/opensc/opensc.hash | 2 +-
> package/opensc/opensc.mk | 2 +-
> 6 files changed, 2 insertions(+), 306 deletions(-)
> delete mode 100644 package/opensc/0001-Fix-maybe-uninitialized-errors.patch
> delete mode 100644 package/opensc/0002-added-compatibility-with-LibreSSL.patch
> delete mode 100644 package/opensc/0003-Fix-build-with-libressl-3.5.0.patch
>
> diff --git a/.checkpackageignore b/.checkpackageignore
> index 07408893ce..88c69f3ad6 100644
> --- a/.checkpackageignore
> +++ b/.checkpackageignore
> @@ -1136,8 +1136,6 @@ package/openrc/0003-init.d-agetty-replace-sbin-agetty-by-sbin-getty.patch Upstre
> package/openrc/0004-init.d-agetty-start-agetty-after-all-sevices.patch Upstream
> package/openrc/0005-runlevels-do-not-add-agetty.tty-1-6-if-MKSYSVINIT-ye.patch Upstream
> package/openrc/0006-Also-create-run-lock-subsys-directory.patch Upstream
> -package/opensc/0002-added-compatibility-with-LibreSSL.patch Upstream
> -package/opensc/0003-Fix-build-with-libressl-3.5.0.patch Upstream
> package/openssh/S50sshd EmptyLastLine Indent Variables
> package/openswan/0001-lib-libopenswan-constants.c-workaround-missing-ns_t_.patch Upstream
> package/opentyrian/0001-Move-definitions-that-don-t-need-to-be-exposed-from-opl-h-to-opl-c.patch Upstream
> diff --git a/package/opensc/0001-Fix-maybe-uninitialized-errors.patch b/package/opensc/0001-Fix-maybe-uninitialized-errors.patch
> deleted file mode 100644
> index 671d92c150..0000000000
> --- a/package/opensc/0001-Fix-maybe-uninitialized-errors.patch
> +++ /dev/null
> @@ -1,82 +0,0 @@
> -From bcb39d6f4d2dee6beb035cb2f3618174ec1cb2b0 Mon Sep 17 00:00:00 2001
> -From: =?UTF-8?q?Jos=C3=A9=20Pekkarinen?= <jose.pekkarinen@unikie.com>
> -Date: Fri, 10 Dec 2021 13:54:26 +0200
> -Subject: [PATCH] Fix maybe uninitialized errors
> -MIME-Version: 1.0
> -Content-Type: text/plain; charset=UTF-8
> -Content-Transfer-Encoding: 8bit
> -
> -Signed-off-by: José Pekkarinen <jose.pekkarinen@unikie.com>
> -Upstream: https://github.com/OpenSC/OpenSC/commit/05ec8c7fe785a2b9aeaac1164adb349df42b7f80
> ----
> - src/libopensc/pkcs15-coolkey.c | 12 ++++++------
> - src/pkcs15init/pkcs15-asepcos.c | 2 +-
> - src/tools/opensc-explorer.c | 2 +-
> - 3 files changed, 8 insertions(+), 8 deletions(-)
> -
> -diff --git a/src/libopensc/pkcs15-coolkey.c b/src/libopensc/pkcs15-coolkey.c
> -index 586475dd..15684cef 100644
> ---- a/src/libopensc/pkcs15-coolkey.c
> -+++ b/src/libopensc/pkcs15-coolkey.c
> -@@ -147,9 +147,9 @@ coolkey_find_matching_cert(sc_card_t *card, sc_cardctl_coolkey_object_t *in_obj,
> - static int
> - coolkey_get_attribute_ulong(sc_card_t *card, sc_cardctl_coolkey_object_t *obj, CK_ATTRIBUTE_TYPE type, CK_ULONG *value)
> - {
> -- const u8 *val;
> -- size_t val_len;
> -- u8 data_type;
> -+ const u8 *val = NULL;
> -+ size_t val_len = 0;
> -+ u8 data_type = 0;
> - int r;
> -
> - r = coolkey_get_attribute(card, obj, type, &val, &val_len, &data_type);
> -@@ -168,8 +168,8 @@ static int
> - coolkey_get_attribute_boolean(sc_card_t *card, sc_cardctl_coolkey_object_t *obj, CK_ATTRIBUTE_TYPE attr_type)
> - {
> - int r;
> -- const u8 *val;
> -- size_t val_len;
> -+ const u8 *val = NULL;
> -+ size_t val_len = 0;
> -
> - r = coolkey_get_attribute(card, obj, attr_type, &val, &val_len, NULL);
> - if (r < 0) {
> -@@ -186,7 +186,7 @@ static int
> - coolkey_get_attribute_bytes(sc_card_t *card, sc_cardctl_coolkey_object_t *obj, CK_ATTRIBUTE_TYPE type, u8 *data, size_t *data_len, size_t max_data_len)
> - {
> - const u8 *val;
> -- size_t val_len;
> -+ size_t val_len = 0;
> - int r;
> -
> - r = coolkey_get_attribute(card, obj, type, &val, &val_len, NULL);
> -diff --git a/src/pkcs15init/pkcs15-asepcos.c b/src/pkcs15init/pkcs15-asepcos.c
> -index d7122012..bc0efb5c 100644
> ---- a/src/pkcs15init/pkcs15-asepcos.c
> -+++ b/src/pkcs15init/pkcs15-asepcos.c
> -@@ -221,7 +221,7 @@ static int asepcos_do_store_pin(sc_profile_t *profile, sc_card_t *card,
> - {
> - sc_file_t *nfile = NULL;
> - u8 buf[64], sbuf[64], *p = buf, *q = sbuf;
> -- int r, akn;
> -+ int r, akn = 0;
> -
> - if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
> - return SC_ERROR_OBJECT_NOT_VALID;
> -diff --git a/src/tools/opensc-explorer.c b/src/tools/opensc-explorer.c
> -index 9ec4daa1..04efdf8f 100644
> ---- a/src/tools/opensc-explorer.c
> -+++ b/src/tools/opensc-explorer.c
> -@@ -2472,7 +2472,7 @@ int main(int argc, char *argv[])
> - char *line;
> - int cargc;
> - char *cargv[260];
> -- int multiple;
> -+ int multiple = 0;
> - struct command *cmd;
> - char prompt[3*SC_MAX_PATH_STRING_SIZE];
> -
> ---
> -2.25.1
> -
> diff --git a/package/opensc/0002-added-compatibility-with-LibreSSL.patch b/package/opensc/0002-added-compatibility-with-LibreSSL.patch
> deleted file mode 100644
> index 86a17448f8..0000000000
> --- a/package/opensc/0002-added-compatibility-with-LibreSSL.patch
> +++ /dev/null
> @@ -1,173 +0,0 @@
> -From 302ad70471efa279b033d4d5511d979ec5d965fe Mon Sep 17 00:00:00 2001
> -From: Frank Morgner <frankmorgner@gmail.com>
> -Date: Thu, 20 Jan 2022 17:01:46 +0100
> -Subject: [PATCH] added compatibility with LibreSSL
> -
> -[Retrieved (and backported) from:
> -https://github.com/OpenSC/OpenSC/commit/302ad70471efa279b033d4d5511d979ec5d965fe]
> -Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ----
> - src/libopensc/sc-ossl-compat.h | 7 +++++++
> - src/tests/p11test/p11test_case_common.c | 14 ++++++++++++++
> - src/tests/p11test/p11test_case_ec_derive.c | 4 ++++
> - src/tests/p11test/p11test_case_readonly.c | 9 +++++++--
> - 4 files changed, 32 insertions(+), 2 deletions(-)
> -
> -diff --git a/src/libopensc/sc-ossl-compat.h b/src/libopensc/sc-ossl-compat.h
> -index f885f85bb9..ec694ad48d 100644
> ---- a/src/libopensc/sc-ossl-compat.h
> -+++ b/src/libopensc/sc-ossl-compat.h
> -@@ -105,6 +105,13 @@ extern "C" {
> - /* workaround unused value warning for a macro that does nothing */
> - #if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x20700000L
> - #define OPENSSL_malloc_init()
> -+#define FIPS_mode() (0)
> -+#define EVP_sha3_224() (NULL)
> -+#define EVP_sha3_256() (NULL)
> -+#define EVP_sha3_384() (NULL)
> -+#define EVP_sha3_512() (NULL)
> -+#define EVP_PKEY_new_raw_public_key(t, e, p, l) (NULL)
> -+#define EVP_PKEY_get_raw_public_key(p, pu, l) (0)
> - #endif
> -
> - #if OPENSSL_VERSION_NUMBER >= 0x30000000L
> -diff --git a/src/tests/p11test/p11test_case_common.c b/src/tests/p11test/p11test_case_common.c
> -index e432f8f4ed..f091dbcc10 100644
> ---- a/src/tests/p11test/p11test_case_common.c
> -+++ b/src/tests/p11test/p11test_case_common.c
> -@@ -164,6 +164,7 @@ add_supported_mechs(test_cert_t *o)
> - o->mechs[0].result_flags = 0;
> - o->mechs[0].usage_flags = CKF_SIGN | CKF_VERIFY;
> - }
> -+#ifdef EVP_PKEY_ED25519
> - } else if (o->type == EVP_PKEY_ED25519) {
> - if (token.num_ed_mechs > 0 ) {
> - o->num_mechs = token.num_ed_mechs;
> -@@ -184,6 +185,8 @@ add_supported_mechs(test_cert_t *o)
> - o->mechs[0].result_flags = 0;
> - o->mechs[0].usage_flags = CKF_SIGN | CKF_VERIFY;
> - }
> -+#endif
> -+#ifdef EVP_PKEY_X25519
> - } else if (o->type == EVP_PKEY_X25519) {
> - if (token.num_montgomery_mechs > 0 ) {
> - o->num_mechs = token.num_montgomery_mechs;
> -@@ -204,6 +207,7 @@ add_supported_mechs(test_cert_t *o)
> - o->mechs[0].result_flags = 0;
> - o->mechs[0].usage_flags = CKF_DERIVE;
> - }
> -+#endif
> - }
> - }
> -
> -@@ -601,6 +605,7 @@ int callback_public_keys(test_certs_t *objects,
> - a = template[6].pValue;
> - if (d2i_ASN1_PRINTABLESTRING(&curve, &a, (long)template[6].ulValueLen) != NULL) {
> - switch (o->key_type) {
> -+#ifdef EVP_PKEY_ED25519
> - case CKK_EC_EDWARDS:
> - if (strcmp((char *)curve->data, "edwards25519")) {
> - debug_print(" [WARN %s ] Unknown curve name. "
> -@@ -608,6 +613,8 @@ int callback_public_keys(test_certs_t *objects,
> - }
> - evp_type = EVP_PKEY_ED25519;
> - break;
> -+#endif
> -+#ifdef EVP_PKEY_X25519
> - case CKK_EC_MONTGOMERY:
> - if (strcmp((char *)curve->data, "curve25519")) {
> - debug_print(" [WARN %s ] Unknown curve name. "
> -@@ -615,16 +622,20 @@ int callback_public_keys(test_certs_t *objects,
> - }
> - evp_type = EVP_PKEY_X25519;
> - break;
> -+#endif
> - default:
> - debug_print(" [WARN %s ] Unknown key type %lu", o->id_str, o->key_type);
> - return -1;
> - }
> - ASN1_PRINTABLESTRING_free(curve);
> - } else if (d2i_ASN1_OBJECT(&obj, &a, (long)template[6].ulValueLen) != NULL) {
> -+#if defined(EVP_PKEY_ED25519) || defined (EVP_PKEY_X25519)
> - int nid = OBJ_obj2nid(obj);
> -+#endif
> - ASN1_OBJECT_free(obj);
> -
> - switch (o->key_type) {
> -+#ifdef EVP_PKEY_ED25519
> - case CKK_EC_EDWARDS:
> - if (nid != NID_ED25519) {
> - debug_print(" [WARN %s ] Unknown OID. "
> -@@ -632,6 +643,8 @@ int callback_public_keys(test_certs_t *objects,
> - }
> - evp_type = EVP_PKEY_ED25519;
> - break;
> -+#endif
> -+#ifdef EVP_PKEY_X25519
> - case CKK_EC_MONTGOMERY:
> - if (nid != NID_X25519) {
> - debug_print(" [WARN %s ] Unknown OID. "
> -@@ -639,6 +652,7 @@ int callback_public_keys(test_certs_t *objects,
> - }
> - evp_type = EVP_PKEY_X25519;
> - break;
> -+#endif
> - default:
> - debug_print(" [WARN %s ] Unknown key type %lu", o->id_str, o->key_type);
> - return -1;
> -diff --git a/src/tests/p11test/p11test_case_ec_derive.c b/src/tests/p11test/p11test_case_ec_derive.c
> -index 9f13b3e9d6..f7a5f92f9e 100644
> ---- a/src/tests/p11test/p11test_case_ec_derive.c
> -+++ b/src/tests/p11test/p11test_case_ec_derive.c
> -@@ -89,6 +89,7 @@ pkcs11_derive(test_cert_t *o, token_info_t * info,
> -
> - int test_derive_x25519(test_cert_t *o, token_info_t *info, test_mech_t *mech)
> - {
> -+#ifdef EVP_PKEY_X25519
> - unsigned char *secret = NULL, *pkcs11_secret = NULL;
> - EVP_PKEY_CTX *pctx = NULL;
> - EVP_PKEY *pkey = NULL; /* This is peer key */
> -@@ -210,6 +211,9 @@ int test_derive_x25519(test_cert_t *o, token_info_t *info, test_mech_t *mech)
> - free(secret);
> - free(pkcs11_secret);
> - return 1;
> -+#else
> -+ return 0;
> -+#endif
> - }
> -
> - int test_derive(test_cert_t *o, token_info_t *info, test_mech_t *mech)
> -diff --git a/src/tests/p11test/p11test_case_readonly.c b/src/tests/p11test/p11test_case_readonly.c
> -index 624bd6a54d..2aefdc7a70 100644
> ---- a/src/tests/p11test/p11test_case_readonly.c
> -+++ b/src/tests/p11test/p11test_case_readonly.c
> -@@ -522,6 +522,7 @@ int verify_message_openssl(test_cert_t *o, token_info_t *info, CK_BYTE *message,
> - rv, ERR_error_string(ERR_peek_last_error(), NULL));
> - return -1;
> - }
> -+#ifdef EVP_PKEY_ED25519
> - } else if (o->type == EVP_PKEY_ED25519) {
> - /* need to be created even though we do not do any MD */
> - EVP_MD_CTX *ctx = EVP_MD_CTX_create();
> -@@ -547,7 +548,7 @@ int verify_message_openssl(test_cert_t *o, token_info_t *info, CK_BYTE *message,
> - EVP_MD_CTX_free(ctx);
> - return -1;
> - }
> --
> -+#endif
> - } else {
> - fprintf(stderr, " [ KEY %s ] Unknown type. Not verifying\n", o->id_str);
> - }
> -@@ -641,7 +642,11 @@ int sign_verify_test(test_cert_t *o, token_info_t *info, test_mech_t *mech,
> - return 0;
> - }
> -
> -- if (o->type != EVP_PK_EC && o->type != EVP_PK_RSA && o->type != EVP_PKEY_ED25519) {
> -+ if (o->type != EVP_PK_EC && o->type != EVP_PK_RSA
> -+#ifdef EVP_PKEY_ED25519
> -+ && o->type != EVP_PKEY_ED25519
> -+#endif
> -+ ) {
> - debug_print(" [SKIP %s ] Skip non-RSA and non-EC key", o->id_str);
> - return 0;
> - }
> diff --git a/package/opensc/0003-Fix-build-with-libressl-3.5.0.patch b/package/opensc/0003-Fix-build-with-libressl-3.5.0.patch
> deleted file mode 100644
> index 1d262362d6..0000000000
> --- a/package/opensc/0003-Fix-build-with-libressl-3.5.0.patch
> +++ /dev/null
> @@ -1,47 +0,0 @@
> -From d13059d1ec2bbb8fe7068db0d66d521daa4b71ce Mon Sep 17 00:00:00 2001
> -From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> -Date: Sat, 13 Aug 2022 14:27:22 +0200
> -Subject: [PATCH] Fix build with libressl >= 3.5.0
> -
> -libressl added back FIPS_mode since version 3.5.0 and
> -https://github.com/libressl-portable/openbsd/commit/a97eabc90d7647e374c1c6da686aeec63c49ff14
> -
> -libressl provides X509_get_extension_flags since version 3.5.0 and
> -https://github.com/libressl-portable/openbsd/commit/3180723224c1b2c7856a110b8213e4966995d7e0
> -
> -Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> -[Upstream status: https://github.com/OpenSC/OpenSC/pull/2593 &
> - https://github.com/OpenSC/OpenSC/pull/2595 (merged)]
> ----
> - src/libopensc/sc-ossl-compat.h | 4 ++++
> - 1 file changed, 4 insertions(+)
> -
> -diff --git a/src/libopensc/sc-ossl-compat.h b/src/libopensc/sc-ossl-compat.h
> -index f0d55279..2c42794c 100644
> ---- a/src/libopensc/sc-ossl-compat.h
> -+++ b/src/libopensc/sc-ossl-compat.h
> -@@ -86,9 +86,11 @@ extern "C" {
> - #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
> - #define RSA_PKCS1_OpenSSL RSA_PKCS1_SSLeay
> -
> -+#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x30500000L
> - #define X509_get_extension_flags(x) (x->ex_flags)
> - #define X509_get_key_usage(x) (x->ex_kusage)
> - #define X509_get_extended_key_usage(x) (x->ex_xkusage)
> -+#endif
> - #if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x2050300fL
> - #define X509_up_ref(cert) CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509)
> - #endif
> -@@ -104,7 +106,9 @@ extern "C" {
> - /* workaround unused value warning for a macro that does nothing */
> - #if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x20700000L
> - #define OPENSSL_malloc_init()
> -+#if LIBRESSL_VERSION_NUMBER < 0x30500000L
> - #define FIPS_mode() (0)
> -+#endif
> - #define EVP_sha3_224() (NULL)
> - #define EVP_sha3_256() (NULL)
> - #define EVP_sha3_384() (NULL)
> ---
> -2.35.1
> -
> diff --git a/package/opensc/opensc.hash b/package/opensc/opensc.hash
> index 517cfe503a..e8e675667e 100644
> --- a/package/opensc/opensc.hash
> +++ b/package/opensc/opensc.hash
> @@ -1,5 +1,5 @@
> # Computed locally from https://https://github.com/OpenSC/OpenSC/releases/
> -sha256 8d4e5347195ebea332be585df61dcc470331c26969e4b0447c851fb0844c7186 opensc-0.22.0.tar.gz
> +sha256 a4844a6ea03a522ecf35e49659716dacb6be03f7c010a1a583aaf3eb915ed2e0 opensc-0.23.0.tar.gz
>
> # Computed locally
> sha256 376b54d4c5f4aa99421823fa4da93e3ab73096fce2400e89858632aa7da24a14 COPYING
> diff --git a/package/opensc/opensc.mk b/package/opensc/opensc.mk
> index f9e2f5083e..253b6b26f8 100644
> --- a/package/opensc/opensc.mk
> +++ b/package/opensc/opensc.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -OPENSC_VERSION = 0.22.0
> +OPENSC_VERSION = 0.23.0
> OPENSC_SITE = https://github.com/OpenSC/OpenSC/releases/download/$(OPENSC_VERSION)
> OPENSC_LICENSE = LGPL-2.1+
> OPENSC_LICENSE_FILES = COPYING
> --
> 2.39.2
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
prev parent reply other threads:[~2023-06-24 13:26 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-24 8:50 [Buildroot] [PATCH v2 1/2] package/opensc: bump version to 0.23.0 Bernd Kuhls
2023-06-24 8:50 ` [Buildroot] [PATCH 2/2] package/opensc: fix build with newer versions of LibreSSL Bernd Kuhls
2023-06-24 13:25 ` Yann E. MORIN [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230624132549.GL24952@scaer \
--to=yann.morin.1998@free.fr \
--cc=bernd@kuhls.net \
--cc=buildroot@buildroot.org \
--cc=jose.pekkarinen@unikie.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox