From ad69b6f0c4484e3ec67a670faaa1000bca493d09 Mon Sep 17 00:00:00 2001 From: Britney Fransen Date: Mon, 21 Sep 2015 14:03:22 +0000 Subject: p11-kit: update to 0.23.1 --- abs/core/p11-kit/PKGBUILD | 25 +++++++++++--- abs/core/p11-kit/libnssckbi-compat.patch | 57 ++++++++++++++++++++++++++++++++ 2 files changed, 78 insertions(+), 4 deletions(-) create mode 100644 abs/core/p11-kit/libnssckbi-compat.patch diff --git a/abs/core/p11-kit/PKGBUILD b/abs/core/p11-kit/PKGBUILD index 6c74929..a0d282b 100644 --- a/abs/core/p11-kit/PKGBUILD +++ b/abs/core/p11-kit/PKGBUILD @@ -2,16 +2,31 @@ # Maintainer: Ionut Biru pkgname=p11-kit -pkgver=0.20.7 +pkgver=0.23.1 pkgrel=2 pkgdesc="Library to work with PKCS#11 modules" arch=(i686 x86_64) url="http://p11-glue.freedesktop.org" license=('BSD') depends=('glibc' 'libtasn1' 'libffi') -source=($url/releases/$pkgname-$pkgver.tar.gz{,.sig}) -md5sums=('6648cad01a3080b685b8b3bf7372c91a' - 'SKIP') +source=($url/releases/$pkgname-$pkgver.tar.gz{,.sig} + libnssckbi-compat.patch) +md5sums=('96f073270c489c9a594e1c9413f42db8' + 'SKIP' + '8c3f119005908cf4a3e0ef0a0a310f14') +validpgpkeys=('C0F67099B808FB063E2C81117BFB1108D92765AF') + +prepare() { + cd $pkgname-$pkgver + + # Build and install an additional library (libnssckbi-p11-kit.so) which + # is a copy of p11-kit-trust.so but uses the same label for root certs as + # libnssckbi.so ("Builtin Object Token" instead of "Default Trust") + # https://bugs.freedesktop.org/show_bug.cgi?id=66161 + patch -Np1 -i ../libnssckbi-compat.patch + + autoreconf -vi +} build() { cd $pkgname-$pkgver @@ -30,6 +45,8 @@ package() { cd $pkgname-$pkgver make DESTDIR="$pkgdir" install install -Dm644 COPYING $pkgdir/usr/share/licenses/$pkgname/COPYING + + ln -srf "$pkgdir/usr/bin/update-ca-trust" "$pkgdir/usr/lib/p11-kit/trust-extract-compat" } # vim:set ts=2 sw=2 et: diff --git a/abs/core/p11-kit/libnssckbi-compat.patch b/abs/core/p11-kit/libnssckbi-compat.patch new file mode 100644 index 0000000..d1b70a3 --- /dev/null +++ b/abs/core/p11-kit/libnssckbi-compat.patch @@ -0,0 +1,57 @@ +diff -upr p11-kit-0.23.1.orig/trust/Makefile.am p11-kit-0.23.1/trust/Makefile.am +--- p11-kit-0.23.1.orig/trust/Makefile.am 2014-11-12 12:58:50.000000000 +0200 ++++ p11-kit-0.23.1/trust/Makefile.am 2015-03-30 16:43:35.275993032 +0300 +@@ -61,6 +61,20 @@ p11_kit_trust_la_LDFLAGS = \ + + p11_kit_trust_la_SOURCES = $(TRUST_SRCS) + ++libnssckbi_compatdir = $(libdir) ++libnssckbi_compat_LTLIBRARIES = \ ++ libnssckbi-p11-kit.la ++ ++libnssckbi_p11_kit_la_CFLAGS = \ ++ -DLIBNSSCKBI_COMPAT \ ++ $(p11_kit_trust_la_CFLAGS) ++ ++libnssckbi_p11_kit_la_LIBADD = $(p11_kit_trust_la_LIBADD) ++ ++libnssckbi_p11_kit_la_LDFLAGS = $(p11_kit_trust_la_LDFLAGS) ++ ++libnssckbi_p11_kit_la_SOURCES = $(p11_kit_trust_la_SOURCES) ++ + libtrust_testable_la_LDFLAGS = \ + -no-undefined + +diff -upr p11-kit-0.23.1.orig/trust/module.c p11-kit-0.23.1/trust/module.c +--- p11-kit-0.23.1.orig/trust/module.c 2014-12-16 12:24:01.000000000 +0200 ++++ p11-kit-0.23.1/trust/module.c 2015-03-30 16:48:41.370360130 +0300 +@@ -196,7 +196,11 @@ create_tokens_inlock (p11_array *tokens, + const char *label; + } labels[] = { + { "~/", "User Trust" }, ++#ifdef LIBNSSCKBI_COMPAT ++ { DATA_DIR, "Builtin Object Token" }, ++#else + { DATA_DIR, "Default Trust" }, ++#endif + { SYSCONFDIR, "System Trust" }, + { NULL }, + }; +@@ -521,9 +525,15 @@ sys_C_GetSlotInfo (CK_SLOT_ID id, + info->flags = CKF_TOKEN_PRESENT; + strncpy ((char*)info->manufacturerID, MANUFACTURER_ID, 32); + +- /* If too long, copy the first 64 characters into buffer */ +- path = p11_token_get_path (token); ++#ifdef LIBNSSCKBI_COMPAT ++ /* Change description to match libnssckbi so HPKP works in Chromium */ ++ if (strcmp (p11_token_get_label (token), "Builtin Object Token" ) == 0) ++ path = "NSS Builtin Objects"; ++ else ++#endif ++ path = p11_token_get_path (token); + length = strlen (path); ++ /* If too long, copy the first 64 characters into buffer */ + if (length > sizeof (info->slotDescription)) + length = sizeof (info->slotDescription); + memset (info->slotDescription, ' ', sizeof (info->slotDescription)); -- cgit v0.12