summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSam James <sam@gentoo.org>2023-12-02 04:50:35 +0000
committerSam James <sam@gentoo.org>2023-12-02 04:50:35 +0000
commit3c99277497bde269514e37100e531a374b481bc8 (patch)
treeb97777e04e86b71b3ea0d97799c0184e87f3631b /app-crypt
parentdev-libs/libxslt: fix modern c issue in tests (diff)
downloadgentoo-3c99277497bde269514e37100e531a374b481bc8.tar.gz
gentoo-3c99277497bde269514e37100e531a374b481bc8.tar.bz2
gentoo-3c99277497bde269514e37100e531a374b481bc8.zip
app-crypt/p11-kit: fix modern c issue (32-bit ptr truncation)
Closes: https://bugs.gentoo.org/918982 Signed-off-by: Sam James <sam@gentoo.org>
Diffstat (limited to 'app-crypt')
-rw-r--r--app-crypt/p11-kit/files/p11-kit-0.25.3-pointer.patch111
-rw-r--r--app-crypt/p11-kit/p11-kit-0.25.3-r1.ebuild76
2 files changed, 187 insertions, 0 deletions
diff --git a/app-crypt/p11-kit/files/p11-kit-0.25.3-pointer.patch b/app-crypt/p11-kit/files/p11-kit-0.25.3-pointer.patch
new file mode 100644
index 000000000000..feac3e132fce
--- /dev/null
+++ b/app-crypt/p11-kit/files/p11-kit-0.25.3-pointer.patch
@@ -0,0 +1,111 @@
+https://bugs.gentoo.org/918982
+https://github.com/p11-glue/p11-kit/pull/609
+
+From 6f05ca107d588fcedaa4ef06542760cbbda8c878 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Sat, 2 Dec 2023 09:24:01 +0900
+Subject: [PATCH] import-object: Avoid integer truncation on 32-bit platforms
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The build fails when compiling for 32-bit platforms with
+-Werror=incompatible-pointer-types:
+
+ CFLAGS="-m32 -march=i686 -Werror=incompatible-pointer-types -Werror=implicit -Werror=int-conversion" setarch i686 -- meson setup _build
+ setarch i686 -- meson compile -C _build -v
+ ...
+
+ ../p11-kit/import-object.c: In function ‘add_attrs_pubkey_rsa’:
+ ../p11-kit/import-object.c:223:62: error: passing argument 3 of ‘p11_asn1_read’ from incompatible pointer type [-Werror=incompatible-pointer-types]
+ 223 | attr_modulus.pValue = p11_asn1_read (asn, "modulus", &attr_modulus.ulValueLen);
+ | ^~~~~~~~~~~~~~~~~~~~~~~~
+ | |
+ | long unsigned int *
+
+Reported by Sam James in:
+https://github.com/p11-glue/p11-kit/issues/608
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+---
+ p11-kit/import-object.c | 32 ++++++++++++++++++++++++++++----
+ 1 file changed, 28 insertions(+), 4 deletions(-)
+
+diff --git a/p11-kit/import-object.c b/p11-kit/import-object.c
+index feee0765..278ad932 100644
+--- a/p11-kit/import-object.c
++++ b/p11-kit/import-object.c
+@@ -55,6 +55,7 @@
+ #endif
+
+ #include <assert.h>
++#include <limits.h>
+ #include <stdbool.h>
+ #include <stdlib.h>
+ #include <string.h>
+@@ -201,6 +202,7 @@ add_attrs_pubkey_rsa (CK_ATTRIBUTE *attrs,
+ CK_ATTRIBUTE attr_encrypt = { CKA_ENCRYPT, &tval, sizeof (tval) };
+ CK_ATTRIBUTE attr_modulus = { CKA_MODULUS, };
+ CK_ATTRIBUTE attr_exponent = { CKA_PUBLIC_EXPONENT, };
++ size_t len;
+
+ pubkey = p11_asn1_read (info, "subjectPublicKey", &pubkey_len);
+ if (pubkey == NULL) {
+@@ -220,17 +222,31 @@ add_attrs_pubkey_rsa (CK_ATTRIBUTE *attrs,
+ goto cleanup;
+ }
+
+- attr_modulus.pValue = p11_asn1_read (asn, "modulus", &attr_modulus.ulValueLen);
++ attr_modulus.pValue = p11_asn1_read (asn, "modulus", &len);
+ if (attr_modulus.pValue == NULL) {
+ p11_message (_("failed to obtain modulus"));
+ goto cleanup;
+ }
++#if ULONG_MAX < SIZE_MAX
++ if (len > ULONG_MAX) {
++ p11_message (_("failed to obtain modulus"));
++ goto cleanup;
++ }
++#endif
++ attr_modulus.ulValueLen = len;
+
+- attr_exponent.pValue = p11_asn1_read (asn, "publicExponent", &attr_exponent.ulValueLen);
+- if (attr_exponent.pValue == NULL) {
++ attr_exponent.pValue = p11_asn1_read (asn, "publicExponent", &len);
++ if (attr_exponent.pValue == NULL || len > ULONG_MAX) {
++ p11_message (_("failed to obtain exponent"));
++ goto cleanup;
++ }
++#if ULONG_MAX < SIZE_MAX
++ if (len > ULONG_MAX) {
+ p11_message (_("failed to obtain exponent"));
+ goto cleanup;
+ }
++#endif
++ attr_exponent.ulValueLen = len;
+
+ result = p11_attrs_build (attrs, &attr_key_type, &attr_encrypt, &attr_modulus, &attr_exponent, NULL);
+ if (result == NULL) {
+@@ -260,12 +276,20 @@ add_attrs_pubkey_ec (CK_ATTRIBUTE *attrs,
+ CK_ATTRIBUTE attr_key_type = { CKA_KEY_TYPE, &key_type, sizeof (key_type) };
+ CK_ATTRIBUTE attr_ec_params = { CKA_EC_PARAMS, };
+ CK_ATTRIBUTE attr_ec_point = { CKA_EC_POINT, };
++ size_t len;
+
+- attr_ec_params.pValue = p11_asn1_read (info, "algorithm.parameters", &attr_ec_params.ulValueLen);
++ attr_ec_params.pValue = p11_asn1_read (info, "algorithm.parameters", &len);
+ if (attr_ec_params.pValue == NULL) {
+ p11_message (_("failed to obtain EC parameters"));
+ goto cleanup;
+ }
++#if ULONG_MAX < SIZE_MAX
++ if (len > ULONG_MAX) {
++ p11_message (_("failed to obtain EC parameters"));
++ goto cleanup;
++ }
++#endif
++ attr_ec_params.ulValueLen = len;
+
+ /* subjectPublicKey is read as BIT STRING value which contains
+ * EC point data. We need to DER encode this data as OCTET STRING.
+
diff --git a/app-crypt/p11-kit/p11-kit-0.25.3-r1.ebuild b/app-crypt/p11-kit/p11-kit-0.25.3-r1.ebuild
new file mode 100644
index 000000000000..acb110fc1090
--- /dev/null
+++ b/app-crypt/p11-kit/p11-kit-0.25.3-r1.ebuild
@@ -0,0 +1,76 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..12} )
+inherit bash-completion-r1 meson-multilib python-any-r1
+
+DESCRIPTION="Provides a standard configuration setup for installing PKCS#11"
+HOMEPAGE="https://p11-glue.github.io/p11-glue/p11-kit.html"
+SRC_URI="https://github.com/p11-glue/p11-kit/releases/download/${PV}/${P}.tar.xz"
+
+LICENSE="MIT"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris"
+IUSE="+libffi gtk-doc nls systemd test"
+RESTRICT="!test? ( test )"
+
+RDEPEND="
+ app-misc/ca-certificates
+ >=dev-libs/libtasn1-3.4:=[${MULTILIB_USEDEP}]
+ libffi? ( dev-libs/libffi:=[${MULTILIB_USEDEP}] )
+ systemd? ( sys-apps/systemd:= )
+"
+DEPEND="${RDEPEND}"
+BDEPEND="
+ ${PYTHON_DEPS}
+ app-text/docbook-xsl-stylesheets
+ virtual/pkgconfig
+ gtk-doc? ( dev-util/gtk-doc )
+ nls? ( sys-devel/gettext )
+"
+
+PATCHES=(
+ "${FILESDIR}"/p11-kit-0.25.3-pointer.patch
+)
+
+src_prepare() {
+ default
+
+ # Relies on dlopen which won't work for multilib tests (bug #913971)
+ cat <<-EOF > "${S}"/p11-kit/test-server.sh || die
+ #!/bin/sh
+ exit 77
+ EOF
+}
+
+multilib_src_configure() {
+ # Disable unsafe tests, bug#502088
+ export FAKED_MODE=1
+
+ local native_file="${T}"/meson.${CHOST}.${ABI}.ini.local
+
+ # p11-kit doesn't need this to build and castxml needs Clang. To get
+ # a deterministic non-automagic build, always disable the search for
+ # castxml.
+ cat >> ${native_file} <<-EOF || die
+ [binaries]
+ castxml='castxml-falseified'
+ EOF
+
+ local emesonargs=(
+ --native-file "${native_file}"
+ -Dbashcompdir="$(get_bashcompdir)"
+ -Dtrust_module=enabled
+ -Dtrust_paths="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt
+ $(meson_feature libffi)
+ $(meson_use nls)
+ $(meson_use test)
+ $(meson_native_use_bool gtk-doc gtk_doc)
+ $(meson_native_true man)
+ $(meson_native_use_feature systemd)
+ )
+
+ meson_src_configure
+}