diff options
author | Sam James <sam@gentoo.org> | 2023-12-02 04:50:35 +0000 |
---|---|---|
committer | Sam James <sam@gentoo.org> | 2023-12-02 04:50:35 +0000 |
commit | 3c99277497bde269514e37100e531a374b481bc8 (patch) | |
tree | b97777e04e86b71b3ea0d97799c0184e87f3631b /app-crypt | |
parent | dev-libs/libxslt: fix modern c issue in tests (diff) | |
download | gentoo-3c99277497bde269514e37100e531a374b481bc8.tar.gz gentoo-3c99277497bde269514e37100e531a374b481bc8.tar.bz2 gentoo-3c99277497bde269514e37100e531a374b481bc8.zip |
app-crypt/p11-kit: fix modern c issue (32-bit ptr truncation)
Closes: https://bugs.gentoo.org/918982
Signed-off-by: Sam James <sam@gentoo.org>
Diffstat (limited to 'app-crypt')
-rw-r--r-- | app-crypt/p11-kit/files/p11-kit-0.25.3-pointer.patch | 111 | ||||
-rw-r--r-- | app-crypt/p11-kit/p11-kit-0.25.3-r1.ebuild | 76 |
2 files changed, 187 insertions, 0 deletions
diff --git a/app-crypt/p11-kit/files/p11-kit-0.25.3-pointer.patch b/app-crypt/p11-kit/files/p11-kit-0.25.3-pointer.patch new file mode 100644 index 000000000000..feac3e132fce --- /dev/null +++ b/app-crypt/p11-kit/files/p11-kit-0.25.3-pointer.patch @@ -0,0 +1,111 @@ +https://bugs.gentoo.org/918982 +https://github.com/p11-glue/p11-kit/pull/609 + +From 6f05ca107d588fcedaa4ef06542760cbbda8c878 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno <ueno@gnu.org> +Date: Sat, 2 Dec 2023 09:24:01 +0900 +Subject: [PATCH] import-object: Avoid integer truncation on 32-bit platforms +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The build fails when compiling for 32-bit platforms with +-Werror=incompatible-pointer-types: + + CFLAGS="-m32 -march=i686 -Werror=incompatible-pointer-types -Werror=implicit -Werror=int-conversion" setarch i686 -- meson setup _build + setarch i686 -- meson compile -C _build -v + ... + + ../p11-kit/import-object.c: In function ‘add_attrs_pubkey_rsa’: + ../p11-kit/import-object.c:223:62: error: passing argument 3 of ‘p11_asn1_read’ from incompatible pointer type [-Werror=incompatible-pointer-types] + 223 | attr_modulus.pValue = p11_asn1_read (asn, "modulus", &attr_modulus.ulValueLen); + | ^~~~~~~~~~~~~~~~~~~~~~~~ + | | + | long unsigned int * + +Reported by Sam James in: +https://github.com/p11-glue/p11-kit/issues/608 + +Signed-off-by: Daiki Ueno <ueno@gnu.org> +--- + p11-kit/import-object.c | 32 ++++++++++++++++++++++++++++---- + 1 file changed, 28 insertions(+), 4 deletions(-) + +diff --git a/p11-kit/import-object.c b/p11-kit/import-object.c +index feee0765..278ad932 100644 +--- a/p11-kit/import-object.c ++++ b/p11-kit/import-object.c +@@ -55,6 +55,7 @@ + #endif + + #include <assert.h> ++#include <limits.h> + #include <stdbool.h> + #include <stdlib.h> + #include <string.h> +@@ -201,6 +202,7 @@ add_attrs_pubkey_rsa (CK_ATTRIBUTE *attrs, + CK_ATTRIBUTE attr_encrypt = { CKA_ENCRYPT, &tval, sizeof (tval) }; + CK_ATTRIBUTE attr_modulus = { CKA_MODULUS, }; + CK_ATTRIBUTE attr_exponent = { CKA_PUBLIC_EXPONENT, }; ++ size_t len; + + pubkey = p11_asn1_read (info, "subjectPublicKey", &pubkey_len); + if (pubkey == NULL) { +@@ -220,17 +222,31 @@ add_attrs_pubkey_rsa (CK_ATTRIBUTE *attrs, + goto cleanup; + } + +- attr_modulus.pValue = p11_asn1_read (asn, "modulus", &attr_modulus.ulValueLen); ++ attr_modulus.pValue = p11_asn1_read (asn, "modulus", &len); + if (attr_modulus.pValue == NULL) { + p11_message (_("failed to obtain modulus")); + goto cleanup; + } ++#if ULONG_MAX < SIZE_MAX ++ if (len > ULONG_MAX) { ++ p11_message (_("failed to obtain modulus")); ++ goto cleanup; ++ } ++#endif ++ attr_modulus.ulValueLen = len; + +- attr_exponent.pValue = p11_asn1_read (asn, "publicExponent", &attr_exponent.ulValueLen); +- if (attr_exponent.pValue == NULL) { ++ attr_exponent.pValue = p11_asn1_read (asn, "publicExponent", &len); ++ if (attr_exponent.pValue == NULL || len > ULONG_MAX) { ++ p11_message (_("failed to obtain exponent")); ++ goto cleanup; ++ } ++#if ULONG_MAX < SIZE_MAX ++ if (len > ULONG_MAX) { + p11_message (_("failed to obtain exponent")); + goto cleanup; + } ++#endif ++ attr_exponent.ulValueLen = len; + + result = p11_attrs_build (attrs, &attr_key_type, &attr_encrypt, &attr_modulus, &attr_exponent, NULL); + if (result == NULL) { +@@ -260,12 +276,20 @@ add_attrs_pubkey_ec (CK_ATTRIBUTE *attrs, + CK_ATTRIBUTE attr_key_type = { CKA_KEY_TYPE, &key_type, sizeof (key_type) }; + CK_ATTRIBUTE attr_ec_params = { CKA_EC_PARAMS, }; + CK_ATTRIBUTE attr_ec_point = { CKA_EC_POINT, }; ++ size_t len; + +- attr_ec_params.pValue = p11_asn1_read (info, "algorithm.parameters", &attr_ec_params.ulValueLen); ++ attr_ec_params.pValue = p11_asn1_read (info, "algorithm.parameters", &len); + if (attr_ec_params.pValue == NULL) { + p11_message (_("failed to obtain EC parameters")); + goto cleanup; + } ++#if ULONG_MAX < SIZE_MAX ++ if (len > ULONG_MAX) { ++ p11_message (_("failed to obtain EC parameters")); ++ goto cleanup; ++ } ++#endif ++ attr_ec_params.ulValueLen = len; + + /* subjectPublicKey is read as BIT STRING value which contains + * EC point data. We need to DER encode this data as OCTET STRING. + diff --git a/app-crypt/p11-kit/p11-kit-0.25.3-r1.ebuild b/app-crypt/p11-kit/p11-kit-0.25.3-r1.ebuild new file mode 100644 index 000000000000..acb110fc1090 --- /dev/null +++ b/app-crypt/p11-kit/p11-kit-0.25.3-r1.ebuild @@ -0,0 +1,76 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..12} ) +inherit bash-completion-r1 meson-multilib python-any-r1 + +DESCRIPTION="Provides a standard configuration setup for installing PKCS#11" +HOMEPAGE="https://p11-glue.github.io/p11-glue/p11-kit.html" +SRC_URI="https://github.com/p11-glue/p11-kit/releases/download/${PV}/${P}.tar.xz" + +LICENSE="MIT" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris" +IUSE="+libffi gtk-doc nls systemd test" +RESTRICT="!test? ( test )" + +RDEPEND=" + app-misc/ca-certificates + >=dev-libs/libtasn1-3.4:=[${MULTILIB_USEDEP}] + libffi? ( dev-libs/libffi:=[${MULTILIB_USEDEP}] ) + systemd? ( sys-apps/systemd:= ) +" +DEPEND="${RDEPEND}" +BDEPEND=" + ${PYTHON_DEPS} + app-text/docbook-xsl-stylesheets + virtual/pkgconfig + gtk-doc? ( dev-util/gtk-doc ) + nls? ( sys-devel/gettext ) +" + +PATCHES=( + "${FILESDIR}"/p11-kit-0.25.3-pointer.patch +) + +src_prepare() { + default + + # Relies on dlopen which won't work for multilib tests (bug #913971) + cat <<-EOF > "${S}"/p11-kit/test-server.sh || die + #!/bin/sh + exit 77 + EOF +} + +multilib_src_configure() { + # Disable unsafe tests, bug#502088 + export FAKED_MODE=1 + + local native_file="${T}"/meson.${CHOST}.${ABI}.ini.local + + # p11-kit doesn't need this to build and castxml needs Clang. To get + # a deterministic non-automagic build, always disable the search for + # castxml. + cat >> ${native_file} <<-EOF || die + [binaries] + castxml='castxml-falseified' + EOF + + local emesonargs=( + --native-file "${native_file}" + -Dbashcompdir="$(get_bashcompdir)" + -Dtrust_module=enabled + -Dtrust_paths="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt + $(meson_feature libffi) + $(meson_use nls) + $(meson_use test) + $(meson_native_use_bool gtk-doc gtk_doc) + $(meson_native_true man) + $(meson_native_use_feature systemd) + ) + + meson_src_configure +} |