From e83df13905e945f1b776a84ff8abfeda29f04743 Mon Sep 17 00:00:00 2001
From: Hiroki Sato <hrs@FreeBSD.org>
Date: Sat, 11 Feb 2023 14:34:26 +0900
Subject: [PATCH] security/opencryptoki: Update to 3.19.0

---
 security/opencryptoki/Makefile                |  2 +-
 security/opencryptoki/distinfo                |  6 +--
 security/opencryptoki/files/patch-Makefile.am | 23 +++++------
 .../opencryptoki/files/patch-configure.ac     | 19 ++++------
 ...h-usr-lib-ica_s390_stdll-ica_s390_stdll.mk |  6 +--
 .../patch-usr-lib-soft_stdll-soft_stdll.mk    |  4 +-
 .../files/patch-usr-sbin-pkcsconf-pkcsconf.c  | 13 +------
 ...patch-usr-sbin-pkcsslotd-opencryptoki.conf | 38 ++++++++++---------
 security/opencryptoki/pkg-descr               |  4 +-
 security/opencryptoki/pkg-plist               |  1 +
 10 files changed, 55 insertions(+), 61 deletions(-)

diff --git a/security/opencryptoki/Makefile b/security/opencryptoki/Makefile
index 0b0fa6c75acd8..7ae3cc6d4bb1e 100644
--- a/security/opencryptoki/Makefile
+++ b/security/opencryptoki/Makefile
@@ -1,5 +1,5 @@
 PORTNAME=	opencryptoki
-PORTVERSION=	3.18.0
+PORTVERSION=	3.19.0
 DISTVERSIONPREFIX=	v
 CATEGORIES=	security
 
diff --git a/security/opencryptoki/distinfo b/security/opencryptoki/distinfo
index b969f909723af..5f4f5a9f8f46e 100644
--- a/security/opencryptoki/distinfo
+++ b/security/opencryptoki/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1651086346
-SHA256 (opencryptoki-opencryptoki-v3.18.0_GH0.tar.gz) = 18882bbb3eaff37b2badf93bce1faab86406ed60f40fd5debc08afd3ceba36c2
-SIZE (opencryptoki-opencryptoki-v3.18.0_GH0.tar.gz) = 1337092
+TIMESTAMP = 1673927846
+SHA256 (opencryptoki-opencryptoki-v3.19.0_GH0.tar.gz) = 9d8646fd5502bbcf6debc89e76ce064198272cbc5856baa8d350056abe5bdf14
+SIZE (opencryptoki-opencryptoki-v3.19.0_GH0.tar.gz) = 1371265
diff --git a/security/opencryptoki/files/patch-Makefile.am b/security/opencryptoki/files/patch-Makefile.am
index 36da7c4e1f9ce..7f102a37c1f39 100644
--- a/security/opencryptoki/files/patch-Makefile.am
+++ b/security/opencryptoki/files/patch-Makefile.am
@@ -1,6 +1,6 @@
---- Makefile.am.orig	2022-04-25 11:04:51 UTC
+--- Makefile.am.orig	2022-09-30 07:45:52 UTC
 +++ Makefile.am
-@@ -39,9 +39,9 @@ if ENABLE_LIBRARY
+@@ -47,9 +47,9 @@ if ENABLE_LIBRARY
  	cd $(DESTDIR)$(libdir)/opencryptoki && \
  		ln -fs libopencryptoki.so PKCS11_API.so
  	cd $(DESTDIR)$(libdir)/opencryptoki && \
@@ -12,7 +12,7 @@
  	cd $(DESTDIR)$(libdir)/pkcs11 && \
  		ln -fs ../opencryptoki/libopencryptoki.so PKCS11_API.so
  	cd $(DESTDIR)$(libdir)/pkcs11 && \
-@@ -53,55 +53,55 @@ if ENABLE_CCATOK
+@@ -61,12 +61,12 @@ if ENABLE_CCATOK
  	cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
  		ln -fs libpkcs11_cca.so PKCS11_CCA.so
  	$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ
@@ -26,8 +26,9 @@
 -	$(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/ccatok
 +	$(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/ccatok
  	$(CHMOD) 0770 $(DESTDIR)$(lockdir)/ccatok
- endif
- if ENABLE_EP11TOK
+ 	test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true
+ 	test -f $(DESTDIR)$(sysconfdir)/opencryptoki/ccatok.conf || $(INSTALL) -m 644 $(srcdir)/usr/lib/cca_stdll/ccatok.conf $(DESTDIR)$(sysconfdir)/opencryptoki/ccatok.conf || true
+@@ -75,43 +75,43 @@ if ENABLE_EP11TOK
  	cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
  		ln -fs libpkcs11_ep11.so PKCS11_EP11.so
  	$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok/TOK_OBJ
@@ -39,7 +40,7 @@
  	$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok
  	$(MKDIR_P) $(DESTDIR)$(lockdir)/ep11tok
 -	$(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/ep11tok
-+	$(CHGRP) @PKCSGROUP11@ $(DESTDIR)$(lockdir)/ep11tok
++	$(CHGRP) @PKCS11GROUP@ $(DESTDIR)$(lockdir)/ep11tok
  	$(CHMOD) 0770 $(DESTDIR)$(lockdir)/ep11tok
  	test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true
 -	test -f $(DESTDIR)$(sysconfdir)/opencryptoki/ep11tok.conf || $(INSTALL) -m 644 $(srcdir)/usr/lib/ep11_stdll/ep11tok.conf $(DESTDIR)$(sysconfdir)/opencryptoki/ep11tok.conf || true
@@ -50,7 +51,7 @@
  if ENABLE_P11SAK
  	test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true
 -	test -f $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || $(INSTALL) -g pkcs11 -m 0640 $(srcdir)/usr/sbin/p11sak/p11sak_defined_attrs.conf $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || true
-+	test -f $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf.sample || $(INSTALL) -m 0640 $(srcdir)/usr/sbin/p11sak/p11sak_defined_attrs.conf $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf.sample || true
++	test -f $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf.sample || $(INSTALL) -g @PKCS11GROUP@ -m 0640 $(srcdir)/usr/sbin/p11sak/p11sak_defined_attrs.conf $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf.sample || true
  endif
  if ENABLE_ICATOK
  	cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
@@ -83,7 +84,7 @@
  	$(CHMOD) 0770 $(DESTDIR)$(lockdir)/swtok
  endif
  if ENABLE_TPMTOK
-@@ -109,10 +109,10 @@ if ENABLE_TPMTOK
+@@ -119,10 +119,10 @@ if ENABLE_TPMTOK
  	cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
  		ln -fs libpkcs11_tpm.so PKCS11_TPM.so
  	$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm
@@ -96,7 +97,7 @@
  	$(CHMOD) 0770 $(DESTDIR)$(lockdir)/tpm
  endif
  if ENABLE_ICSFTOK
-@@ -120,16 +120,15 @@ if ENABLE_ICSFTOK
+@@ -130,16 +130,15 @@ if ENABLE_ICSFTOK
  	cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
  		ln -fs libpkcs11_icsf.so PKCS11_ICSF.so
  	$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf
@@ -116,7 +117,7 @@
  if ENABLE_SYSTEMD
  	mkdir -p $(DESTDIR)/usr/lib/tmpfiles.d
  	cp $(srcdir)/misc/tmpfiles.conf $(DESTDIR)/usr/lib/tmpfiles.d/opencryptoki.conf
-@@ -137,16 +136,8 @@ if ENABLE_SYSTEMD
+@@ -147,16 +146,8 @@ if ENABLE_SYSTEMD
  	rm -f $(DESTDIR)/usr/lib/systemd/system/tmpfiles.conf
  endif
  endif
@@ -134,7 +135,7 @@
  	$(CHMOD) 0770 $(DESTDIR)$(lockdir) $(DESTDIR)$(logdir)
  
  
-@@ -190,7 +181,6 @@ if ENABLE_TPMTOK
+@@ -200,7 +191,6 @@ if ENABLE_TPMTOK
  		cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
  		rm -rf PKCS11_TPM.so; fi
  endif
diff --git a/security/opencryptoki/files/patch-configure.ac b/security/opencryptoki/files/patch-configure.ac
index 8dd546747d7f5..4dfd5277b6354 100644
--- a/security/opencryptoki/files/patch-configure.ac
+++ b/security/opencryptoki/files/patch-configure.ac
@@ -1,4 +1,4 @@
---- configure.ac.orig	2022-04-25 11:04:51 UTC
+--- configure.ac.orig	2022-09-30 07:45:52 UTC
 +++ configure.ac
 @@ -12,6 +12,9 @@ dnl Checks for header files.
  AC_DISABLE_STATIC
@@ -19,20 +19,17 @@
  AC_PATH_PROG([USERMOD], [usermod], [/usr/sbin/usermod])
  AC_PATH_PROG([GROUPADD], [groupadd], [/usr/sbin/groupadd])
  AC_PATH_PROG([CAT], [cat], [/bin/cat])
-@@ -71,19 +74,27 @@ fi
+@@ -71,18 +74,26 @@ fi
  AC_CHECK_LIB([itm], [_ITM_commitTransaction], [itm=yes], [itm=no])
  
  OPENLDAP_LIBS=
--AC_CHECK_HEADERS([lber.h ldap.h],
 +if test "x$enable_icsftok" = "xyes"; then
-+    AC_CHECK_HEADERS([lber.h ldap.h],
+ AC_CHECK_HEADERS([lber.h ldap.h],
  		[OPENLDAP_LIBS="-llber -lldap"],
  		[AC_MSG_ERROR([lber.h and ldap.h are missing. Please install
  			      'openldap-devel'.])])
--LIBS="$LIBS $OPENLDAP_LIBS"
-+    LIBS="$LIBS $OPENLDAP_LIBS"
-+fi
  AC_SUBST([OPENLDAP_LIBS])
++fi
  
  dnl Define custom variables
  
@@ -51,7 +48,7 @@
  AC_SUBST(logdir)
  
  dnl ---
-@@ -241,6 +252,19 @@ AC_ARG_WITH([libudev],
+@@ -244,6 +255,19 @@ AC_ARG_WITH([libudev],
  	[],
  	[with_libudev=check])
  
@@ -71,9 +68,9 @@
  dnl ---
  dnl ---
  dnl --- Now that we have all the options, let's check for a valid build
-@@ -662,10 +686,14 @@ libitm and gcc>=4.7 is required])
+@@ -674,10 +698,14 @@ else
  fi
- AM_CONDITIONAL([ENABLE_LOCKS], [test "x$enable_locks" = "xyes"])
+ AM_CONDITIONAL([ENABLE_MD2], [test "x$enable_md2" = "xyes"])
  
 -CFLAGS="$CFLAGS -DPKCS64 -D_XOPEN_SOURCE=600 -Wall -Wextra"
 +CFLAGS="$CFLAGS -Wall -Wextra -Wno-pointer-sign"
@@ -88,7 +85,7 @@
  # At this point, CFLAGS is set to something sensible
  AC_PROG_CC
  AC_PROG_CXX
-@@ -678,6 +706,10 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM(
+@@ -690,6 +718,10 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM(
      #endif]])],,
    [AC_MSG_ERROR([C++ compiler is missing on your system. Please install 'gcc-c++'.])])
  AC_LANG_POP([C++])
diff --git a/security/opencryptoki/files/patch-usr-lib-ica_s390_stdll-ica_s390_stdll.mk b/security/opencryptoki/files/patch-usr-lib-ica_s390_stdll-ica_s390_stdll.mk
index c8ea5dfc38125..d52aee50e309d 100644
--- a/security/opencryptoki/files/patch-usr-lib-ica_s390_stdll-ica_s390_stdll.mk
+++ b/security/opencryptoki/files/patch-usr-lib-ica_s390_stdll-ica_s390_stdll.mk
@@ -1,4 +1,4 @@
---- usr/lib/ica_s390_stdll/ica_s390_stdll.mk.orig	2022-04-25 11:04:51 UTC
+--- usr/lib/ica_s390_stdll/ica_s390_stdll.mk.orig	2022-09-30 07:45:52 UTC
 +++ usr/lib/ica_s390_stdll/ica_s390_stdll.mk
 @@ -3,7 +3,7 @@ nobase_lib_LTLIBRARIES += opencryptoki/stdll/libpkcs11
  noinst_HEADERS += usr/lib/ica_s390_stdll/tok_struct.h
@@ -6,7 +6,7 @@
  opencryptoki_stdll_libpkcs11_ica_la_CFLAGS =				\
 -	-DDEV -D_THREAD_SAFE -fPIC -DSHALLOW=0 -DSWTOK=0 -DLITE=1	\
 +	-DDEV -D_THREAD_SAFE $(FPIC) -DSHALLOW=0 -DSWTOK=0 -DLITE=1	\
- 	-DNODH -DNOCDMF -DNOMD2 -DNODSA -DSTDLL_NAME=\"icatok\"		\
+ 	-DNODH -DNOMD2 -DNODSA -DSTDLL_NAME=\"icatok\"			\
  	-DTOK_NEW_DATA_STORE=0x0003000c					\
  	$(ICA_INC_DIRS) -I${srcdir}/usr/lib/ica_s390_stdll		\
 @@ -12,7 +12,7 @@ opencryptoki_stdll_libpkcs11_ica_la_CFLAGS =				\
@@ -15,6 +15,6 @@
  	$(LCRYPTO) $(ICA_LIB_DIRS) -nostartfiles -shared		\
 -	-Wl,-z,defs,-Bsymbolic -Wl,-soname,$@ -lc -lpthread -lica -ldl	\
 +	-Wl,-z,defs,-Bsymbolic -Wl,-soname,$@ -lc -lpthread -lica 	\
- 	-lcrypto -lrt							\
+ 	-lcrypto -lrt -llber						\
  	-Wl,--version-script=${srcdir}/opencryptoki_tok.map
  
diff --git a/security/opencryptoki/files/patch-usr-lib-soft_stdll-soft_stdll.mk b/security/opencryptoki/files/patch-usr-lib-soft_stdll-soft_stdll.mk
index 484201a38bb49..7597606239538 100644
--- a/security/opencryptoki/files/patch-usr-lib-soft_stdll-soft_stdll.mk
+++ b/security/opencryptoki/files/patch-usr-lib-soft_stdll-soft_stdll.mk
@@ -1,9 +1,9 @@
---- usr/lib/soft_stdll/soft_stdll.mk.orig	2022-04-25 11:04:51 UTC
+--- usr/lib/soft_stdll/soft_stdll.mk.orig	2022-09-30 07:45:52 UTC
 +++ usr/lib/soft_stdll/soft_stdll.mk
 @@ -4,7 +4,7 @@ noinst_HEADERS += usr/lib/soft_stdll/tok_struct.h
  
  opencryptoki_stdll_libpkcs11_sw_la_CFLAGS =				\
- 	-DDEV -D_THREAD_SAFE -DSHALLOW=0 -DSWTOK=1 -DLITE=0 -DNOCDMF	\
+ 	-DDEV -D_THREAD_SAFE -DSHALLOW=0 -DSWTOK=1 -DLITE=0		\
 -	-DNOMD2 -DNODSA -DNORIPE -fPIC -I${srcdir}/usr/lib/soft_stdll	\
 +	-DNOMD2 -DNODSA -DNORIPE $(FPIC) -I${srcdir}/usr/lib/soft_stdll	\
  	-DTOK_NEW_DATA_STORE=0x0003000c					\
diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c b/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c
index 5191373d0e1ee..cdde00a4f14b0 100644
--- a/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c
+++ b/security/opencryptoki/files/patch-usr-sbin-pkcsconf-pkcsconf.c
@@ -1,6 +1,6 @@
---- usr/sbin/pkcsconf/pkcsconf.c.orig	2022-04-25 11:04:51 UTC
+--- usr/sbin/pkcsconf/pkcsconf.c.orig	2022-09-30 07:45:52 UTC
 +++ usr/sbin/pkcsconf/pkcsconf.c
-@@ -548,7 +548,7 @@ CK_RV check_user_and_group(void)
+@@ -362,7 +362,7 @@ CK_RV check_user_and_group(void)
       * when forked). So we need to get the group information.
       * Really need to take the uid and map it to a name.
       */
@@ -9,12 +9,3 @@
      if (grp == NULL) {
          return CKR_FUNCTION_FAILED;
      }
-@@ -589,6 +589,8 @@ CK_RV display_pkcs11_info(void)
-     printf("\tLibrary Description: %.32s \n", CryptokiInfo.libraryDescription);
-     printf("\tLibrary Version: %d.%d \n", CryptokiInfo.libraryVersion.major,
-            CryptokiInfo.libraryVersion.minor);
-+
-+    cleanup();
- 
-     return rc;
- }
diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-opencryptoki.conf b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-opencryptoki.conf
index 9b9a5c6060caa..2c00d1ffdb507 100644
--- a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-opencryptoki.conf
+++ b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-opencryptoki.conf
@@ -1,6 +1,6 @@
---- usr/sbin/pkcsslotd/opencryptoki.conf.orig	2022-04-25 11:04:51 UTC
+--- usr/sbin/pkcsslotd/opencryptoki.conf.orig	2022-09-30 07:45:52 UTC
 +++ usr/sbin/pkcsslotd/opencryptoki.conf
-@@ -21,31 +21,40 @@ version opencryptoki-3.18
+@@ -21,32 +21,41 @@ version opencryptoki-3.19
  #
  slot 0
  {
@@ -23,6 +23,7 @@
  slot 2
  {
 -stdll = libpkcs11_cca.so
+-confname = ccatok.conf
 -tokversion = 3.12
 +  stdll = %%DLLDIR%%/libpkcs11_icsf.so
 +  description = "ICSF (Integrated Cryptographic Service Facility) Token"
@@ -34,11 +35,11 @@
 -stdll = libpkcs11_sw.so
 -tokversion = 3.12
 -}
-+# slot 3
-+# {
-+# stdll = %%DLLDIR%%/libpkcs11_ica.so
-+# tokversion = 3.12
-+# }
++#slot 3
++#{
++#  stdll = %%DLLDIR%%/libpkcs11_ica.so
++#  tokversion = 3.12
++#}
  
 -slot 4
 -{
@@ -46,15 +47,16 @@
 -confname = ep11tok.conf
 -tokversion = 3.12
 -}
-+# slot 4 
-+# {
-+# stdll = %%DLLDIR%%/libpkcs11_cca.so
-+# tokversion = 3.12
-+# }
++#slot 4
++#{
++#  stdll = %%DLLDIR%%/libpkcs11_cca.so
++#  confname = ccatok.conf
++#  tokversion = 3.12
++#}
 +
-+# slot 5
-+# {
-+# stdll = %%DLLDIR%%/libpkcs11_ep11.so
-+# confname = ep11tok.conf
-+# tokversion = 3.12
-+# }
++#slot 5
++#{
++#  stdll = %%DLLDIR%%/libpkcs11_ep11.so
++#  confname = ep11tok.conf
++#  tokversion = 3.12
++#}
diff --git a/security/opencryptoki/pkg-descr b/security/opencryptoki/pkg-descr
index cdaa8827a684f..5019079d4b589 100644
--- a/security/opencryptoki/pkg-descr
+++ b/security/opencryptoki/pkg-descr
@@ -1 +1,3 @@
-openCryptoki is a PKCS#11 implementation.
+openCryptoki implements the PKCS#11 specification version 3.0,
+including several cryptographic tokens: CCA, ICA, TPM , SWToken,
+ICSF and EP11.
diff --git a/security/opencryptoki/pkg-plist b/security/opencryptoki/pkg-plist
index 54f88034d21e2..61144a82bf624 100644
--- a/security/opencryptoki/pkg-plist
+++ b/security/opencryptoki/pkg-plist
@@ -27,6 +27,7 @@ lib/pkcs11/libopencryptoki.so
 lib/pkcs11/methods
 lib/pkcs11/PKCS11_API.so
 lib/pkcs11/stdll
+libdata/pkgconfig/opencryptoki.pc
 man/man1/p11sak.1.gz
 man/man1/pkcsconf.1.gz
 man/man1/pkcsicsf.1.gz