diff options
| author | Andrea Scarpino | 2019-05-18 18:23:52 +0200 |
|---|---|---|
| committer | Andrea Scarpino | 2019-05-18 18:23:52 +0200 |
| commit | d1ab00ae46bb32c1cb8fb06382c33615750d2b4a (patch) | |
| tree | 50be45abac9c11dd7336ae8fff0a27dd0813334f | |
| parent | bac1cc68c9ba72215b54eb12020477e07453e402 (diff) | |
| download | aur-d1ab00ae46bb32c1cb8fb06382c33615750d2b4a.tar.gz | |
0.6.10 + openssl 1.1.0 fix
Patch has been applied upstream:
https://github.com/OpenSC/pam_pkcs11/pull/32
| -rw-r--r-- | .SRCINFO | 10 | ||||
| -rw-r--r-- | PKGBUILD | 13 | ||||
| -rw-r--r-- | openssl-1.1.0.patch | 97 |
3 files changed, 112 insertions, 8 deletions
@@ -1,8 +1,6 @@ -# Generated by mksrcinfo v8 -# Sun Oct 30 08:09:04 UTC 2016 pkgbase = pam_pkcs11 pkgdesc = PAM module allows a X.509 certificate based user login - pkgver = 0.6.9 + pkgver = 0.6.10 pkgrel = 1 url = https://opensc.github.io/pam_pkcs11/ arch = i686 @@ -12,8 +10,10 @@ pkgbase = pam_pkcs11 backup = etc/pam_pkcs11/pam_pkcs11.conf backup = etc/pam_pkcs11/subject_mapping backup = etc/pam_pkcs11/card_eventmgr.conf - source = https://github.com/OpenSC/pam_pkcs11/archive/pam_pkcs11-0.6.9.tar.gz - md5sums = e09e5e54ca92e0610e70eef9170e2355 + source = https://github.com/OpenSC/pam_pkcs11/archive/pam_pkcs11-0.6.10.tar.gz + source = openssl-1.1.0.patch + md5sums = 8ededc8acdcc6084ad52ee03bdf9e4d3 + md5sums = 36b2c236de3946fc334a8603d6db56b3 pkgname = pam_pkcs11 @@ -2,7 +2,7 @@ # Contributor: Oleg Smirnov <oleg.smirnov@gmail.com> pkgname=pam_pkcs11 -pkgver=0.6.9 +pkgver=0.6.10 pkgrel=1 pkgdesc='PAM module allows a X.509 certificate based user login' arch=('i686' 'x86_64') @@ -10,8 +10,15 @@ url='https://opensc.github.io/pam_pkcs11/' license=('LGPL') depends=('pcsclite') backup=('etc/pam_pkcs11/pam_pkcs11.conf' 'etc/pam_pkcs11/subject_mapping' 'etc/pam_pkcs11/card_eventmgr.conf') -source=("https://github.com/OpenSC/${pkgname}/archive/${pkgname}-${pkgver}.tar.gz") -md5sums=('e09e5e54ca92e0610e70eef9170e2355') +source=("https://github.com/OpenSC/${pkgname}/archive/${pkgname}-${pkgver}.tar.gz" + 'openssl-1.1.0.patch') +md5sums=('8ededc8acdcc6084ad52ee03bdf9e4d3' + '36b2c236de3946fc334a8603d6db56b3') + +prepare() { + cd ${pkgname}-${pkgname}-${pkgver} + patch -p1 -i "${srcdir}"/openssl-1.1.0.patch +} build() { cd ${pkgname}-${pkgname}-${pkgver} diff --git a/openssl-1.1.0.patch b/openssl-1.1.0.patch new file mode 100644 index 000000000000..b61fac0f3a2e --- /dev/null +++ b/openssl-1.1.0.patch @@ -0,0 +1,97 @@ +From 0644dd1f457f5cae5b00f1ad911d69d99396fe62 Mon Sep 17 00:00:00 2001 +From: Andrea Scarpino <me@andreascarpino.it> +Date: Tue, 4 Dec 2018 00:20:16 +0100 +Subject: [PATCH] Support openssl 1.1.0 + +--- + src/common/cert_vfy.c | 28 ++++++++++++++++++++++++++-- + 1 file changed, 26 insertions(+), 2 deletions(-) + +diff --git a/src/common/cert_vfy.c b/src/common/cert_vfy.c +index 6016ca0..fd809b0 100644 +--- a/src/common/cert_vfy.c ++++ b/src/common/cert_vfy.c +@@ -143,12 +143,17 @@ static X509_CRL *download_crl(const char *uri) + static int verify_crl(X509_CRL * crl, X509_STORE_CTX * ctx) + { + int rv; +- X509_OBJECT obj; + EVP_PKEY *pkey = NULL; + X509 *issuer_cert; + + /* get issuer certificate */ ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) ++ X509_OBJECT obj; + rv = X509_STORE_get_by_subject(ctx, X509_LU_X509, X509_CRL_get_issuer(crl), &obj); ++#else ++ X509_OBJECT *obj = X509_OBJECT_new(); ++ rv = X509_STORE_get_by_subject(ctx, X509_LU_X509, X509_CRL_get_issuer(crl), obj); ++#endif + if (rv <= 0) { + set_error("getting the certificate of the crl-issuer failed"); + return -1; +@@ -156,7 +161,11 @@ static int verify_crl(X509_CRL * crl, X509_STORE_CTX * ctx) + /* extract public key and verify signature */ + issuer_cert = X509_OBJECT_get0_X509((&obj)); + pkey = X509_get_pubkey(issuer_cert); ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) + X509_OBJECT_free_contents(&obj); ++#else ++ X509_OBJECT_free(obj); ++#endif + if (pkey == NULL) { + set_error("getting the issuer's public key failed"); + return -1; +@@ -202,14 +211,17 @@ static int verify_crl(X509_CRL * crl, X509_STORE_CTX * ctx) + static int check_for_revocation(X509 * x509, X509_STORE_CTX * ctx, crl_policy_t policy) + { + int rv, i, j; ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) + X509_OBJECT obj; ++#else ++ X509_OBJECT *obj = X509_OBJECT_new(); ++#endif + X509_REVOKED *rev = NULL; + STACK_OF(DIST_POINT) * dist_points; + DIST_POINT *point; + GENERAL_NAME *name; + X509_CRL *crl; + X509 *x509_ca = NULL; +- EVP_PKEY crl_pkey; + + DBG1("crl policy: %d", policy); + if (policy == CRLP_NONE) { +@@ -227,13 +239,21 @@ static int check_for_revocation(X509 * x509, X509_STORE_CTX * ctx, crl_policy_t + } else if (policy == CRLP_OFFLINE) { + /* OFFLINE */ + DBG("looking for an dedicated local crl"); ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) + rv = X509_STORE_get_by_subject(ctx, X509_LU_CRL, X509_get_issuer_name(x509), &obj); ++#else ++ rv = X509_STORE_get_by_subject(ctx, X509_LU_CRL, X509_get_issuer_name(x509), obj); ++#endif + if (rv <= 0) { + set_error("no dedicated crl available"); + return -1; + } + crl = X509_OBJECT_get0_X509_CRL((&obj)); ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) + X509_OBJECT_free_contents(&obj); ++#else ++ X509_OBJECT_free(obj); ++#endif + } else if (policy == CRLP_ONLINE) { + /* ONLINE */ + DBG("extracting crl distribution points"); +@@ -247,7 +267,11 @@ static int check_for_revocation(X509 * x509, X509_STORE_CTX * ctx, crl_policy_t + } + x509_ca = X509_OBJECT_get0_X509((&obj)); + dist_points = X509_get_ext_d2i(x509_ca, NID_crl_distribution_points, NULL, NULL); ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) + X509_OBJECT_free_contents(&obj); ++#else ++ X509_OBJECT_free(obj); ++#endif + if (dist_points == NULL) { + set_error("neither the user nor the ca certificate does contain a crl distribution point"); + return -1; |