opensc-0.23.0-1

2022-11-30 11:00:38 +01:00 · 2022-11-30 11:00:38 +01:00 · 0175532054
commit 0175532054
parent 4bb95fd897
11 changed files with 15 additions and 429 deletions
--- a/.gitignore
+++ b/.gitignore
@ -9,3 +9,4 @@
 /opensc-0.20.0.tar.gz
 /opensc-0.21.0.tar.gz
 /opensc-0.22.0.tar.gz
+/opensc-0.23.0.tar.gz
--- a/opensc-0.19.0-pinpad.patch
+++ b/opensc-0.19.0-pinpad.patch
@ -3,7 +3,7 @@ diff -up opensc-0.19.0/etc/opensc.conf.pinpad opensc-0.19.0/etc/opensc.conf
 +++ opensc-0.19.0/etc/opensc.conf	2018-10-22 14:33:59.939410701 +0200
@@ -4,4 +4,9 @@ app default {
 	framework pkcs15 {
- 		# use_file_caching = true;
+ 		# use_file_caching = public;
 	}
 +	reader_driver pcsc {
 +		# The pinpad is disabled by default,
--- a/opensc-0.22.0-detect-empty.patch
+++ b/opensc-0.22.0-detect-empty.patch
@ -1,62 +0,0 @@
-From fe198e8b3837aa4c960e75d0e2a41020ad4dc9f9 Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jjelen@redhat.com>
-Date: Fri, 24 Sep 2021 13:33:26 +0200
-Subject: [PATCH 1/9] pkcs11: Unbreak detection of unenrolled cards
-
-This was broken since 58b03b68, which tried to sanitize some states,
-but caused C_GetTokenInfo returning CKR_TOKEN_NOT_RECOGNIZED instead
-of empty token information.
-
-Note, that this has effect only if the configuration options
-enable_default_driver and pkcs11_enable_InitToken are turned on.
-Otherwise it still returns CKR_TOKEN_NOT_RECOGNIZED.
---
- src/pkcs11/framework-pkcs15.c | 17 +++++++++--------
- 1 file changed, 9 insertions(+), 8 deletions(-)
-
-diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c
-index 74fe7b3c49..4205e41739 100644
--- a/src/pkcs11/framework-pkcs15.c
-+++ b/src/pkcs11/framework-pkcs15.c
-@@ -544,9 +544,7 @@ CK_RV C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
- {
- 	struct sc_pkcs11_slot *slot;
- 	struct pkcs15_fw_data *fw_data = NULL;
-	struct sc_pkcs15_card *p15card = NULL;
- 	struct sc_pkcs15_object *auth;
-	struct sc_pkcs15_auth_info *pin_info;
- 	CK_RV rv;
- 
- 	sc_log(context, "C_GetTokenInfo(%lx)", slotID);
-@@ -578,12 +576,6 @@ CK_RV C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
- 		rv = sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_GetTokenInfo");
- 		goto out;
- 	}
-	p15card = fw_data->p15_card;
-	if (!p15card) {
-		rv = sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GetTokenInfo");
-		goto out;
-	}
-
- 	/* User PIN flags are cleared before re-calculation */
- 	slot->token_info.flags &= ~(CKF_USER_PIN_COUNT_LOW|CKF_USER_PIN_FINAL_TRY|CKF_USER_PIN_LOCKED);
- 	auth = slot_data_auth(slot->fw_data);
-@@ -591,8 +583,17 @@ CK_RV C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
- 		"C_GetTokenInfo() auth. object %p, token-info flags 0x%lX", auth,
- 		slot->token_info.flags);
- 	if (auth) {
-+		struct sc_pkcs15_card *p15card = NULL;
-+		struct sc_pkcs15_auth_info *pin_info = NULL;
-+
- 		pin_info = (struct sc_pkcs15_auth_info*) auth->data;
- 
-+		p15card = fw_data->p15_card;
-+		if (!p15card) {
-+			rv = sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GetTokenInfo");
-+			goto out;
-+		}
-+
- 		sc_pkcs15_get_pin_info(p15card, auth);
- 
- 		if (pin_info->tries_left >= 0) {
-
--- a/opensc-0.22.0-file-cache.patch
+++ b/opensc-0.22.0-file-cache.patch
@ -5,8 +5,8 @@ diff -up opensc-0.22.0/etc/opensc.conf.file-cache opensc-0.22.0/etc/opensc.conf
 	# debug = 3;
 	# debug_file = opensc-debug.txt;
 	framework pkcs15 {
-		# use_file_caching = true;
-+		use_file_caching = true;
+-		# use_file_caching = public;
+		use_file_caching = public;
 	}
 	reader_driver pcsc {
 		# The pinpad is disabled by default,
--- a/opensc-0.22.0-init-var.patch
+++ b/opensc-0.22.0-init-var.patch
@ -1,27 +0,0 @@
-From bd8269ed0afd24da2fc0c5350640f66f0641d4d4 Mon Sep 17 00:00:00 2001
-From: Veronika Hanulikova <vhanulik@redhat.com>
-Date: Mon, 21 Feb 2022 14:02:32 +0100
-Subject: [PATCH] base64: Initialize variables
-
---
- src/libopensc/base64.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/libopensc/base64.c b/src/libopensc/base64.c
-index 4fe79897..1aa1c941 100644
--- a/src/libopensc/base64.c
-+++ b/src/libopensc/base64.c
-@@ -150,8 +150,8 @@ int sc_base64_encode(const u8 *in, size_t len, u8 *out, size_t outlen, size_t li
- 
- int sc_base64_decode(const char *in, u8 *out, size_t outlen)
- {
-	int len = 0, r, skip;
-	unsigned int i;
-+	int len = 0, r = 0, skip = 0;
-+	unsigned int i = 0;
- 
- 	while ((r = from_base64(in, &i, &skip)) > 0) {
- 		int finished = 0, s = 16;
-- 
-2.27.0
-
--- a/opensc-0.22.0-realloc-pointer.patch
+++ b/opensc-0.22.0-realloc-pointer.patch
@ -1,30 +0,0 @@
-From b3537ced353579b59e2421645707e9aeda64ff29 Mon Sep 17 00:00:00 2001
-From: Veronika Hanulikova <vhanulik@redhat.com>
-Date: Wed, 16 Feb 2022 11:59:27 +0100
-Subject: [PATCH] Fix usage of pointer after realloc
-
---
- src/sm/sm-iso.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/src/sm/sm-iso.c b/src/sm/sm-iso.c
-index 5baded77c6..2c3f6bcabd 100644
--- a/src/sm/sm-iso.c
-+++ b/src/sm/sm-iso.c
-@@ -181,13 +181,14 @@ static int format_le(size_t le, struct sc_asn1_entry *le_entry,
- 
- static int prefix_buf(u8 prefix, u8 *buf, size_t buflen, u8 **cat)
- {
-	u8 *p;
-+	u8 *p = NULL;
-+	int ptr_same = *cat == buf;
- 
- 	p = realloc(*cat, buflen + 1);
- 	if (!p)
- 		return SC_ERROR_OUT_OF_MEMORY;
- 
-	if (*cat == buf) {
-+	if (ptr_same) {
- 		memmove(p + 1, p, buflen);
- 	} else {
- 		/* Flawfinder: ignore */
--- a/opensc-0.22.0-support-itacns-2048.patch
+++ b/opensc-0.22.0-support-itacns-2048.patch
@ -1,227 +0,0 @@
-From 24d6c30dcfec00c425360414b2b75336a42982e8 Mon Sep 17 00:00:00 2001
-From: 0xdebe <gdeber@libero.it>
-Date: Thu, 29 Jul 2021 17:13:01 +0200
-Subject: [PATCH 1/3] fix Key Lenght for ST2021
-
---
- src/libopensc/card-itacns.c | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/src/libopensc/card-itacns.c b/src/libopensc/card-itacns.c
-index bf085cafbc..52e144f194 100644
--- a/src/libopensc/card-itacns.c
-+++ b/src/libopensc/card-itacns.c
-@@ -105,7 +105,7 @@ static int itacns_match_cns_card(sc_card_t *card, unsigned int i)
- 		DRVDATA(card)->cns_version = atr[i];
- 	}
- 	/* Warn if the version is not 1.0. */
-	if(atr[i] != 0x10) {
-+	if(atr[i] != 0x10 && atr[i] != 0x11) {
- 		char version[8];
- 		snprintf(version, sizeof(version), "%d.%d", (atr[i] >> 4) & 0x0f, atr[i] & 0x0f);
- 		sc_log(card->ctx, "CNS card version %s; no official specifications "
-@@ -219,8 +219,13 @@ static int itacns_init(sc_card_t *card)
- 		| SC_ALGORITHM_RSA_RAW
- 		| SC_ALGORITHM_RSA_HASHES
- 		;
-+
- 	_sc_card_add_rsa_alg(card, 1024, flags, 0);
- 
-+	if (DRVDATA(card)->cns_version == 0x11) {
-+		card->caps |= SC_CARD_CAP_APDU_EXT;
-+		_sc_card_add_rsa_alg(card, 2048, flags, 0);
-+	}
- 	return SC_SUCCESS;
- }
- 
-
-From 9a38cd36c2823efb2b7615902e7cbef0534da1aa Mon Sep 17 00:00:00 2001
-From: 0xdebe <gdeber@libero.it>
-Date: Thu, 29 Jul 2021 17:13:16 +0200
-Subject: [PATCH 2/3] fix Modulus Lenght for ST2021
-
---
- src/libopensc/pkcs15-itacns.c | 15 ++++++++++++++-
- 1 file changed, 14 insertions(+), 1 deletion(-)
-
-diff --git a/src/libopensc/pkcs15-itacns.c b/src/libopensc/pkcs15-itacns.c
-index 9c9b40a591..875b12276d 100644
--- a/src/libopensc/pkcs15-itacns.c
-+++ b/src/libopensc/pkcs15-itacns.c
-@@ -283,7 +283,16 @@ static int itacns_add_pubkey(sc_pkcs15_card_t *p15card,
- 	 * This is hard-coded, unless unforeseen versions of the CNS
- 	 * turn up sometime.
- 	 */
-	info.modulus_length = 1024;
-+
-+	/* This is the unforseen version :D */
-+	if (((itacns_drv_data_t *) p15card->card->drv_data)->cns_version == 0x11) {
-+		info.modulus_length = 2048;
-+	}
-+	else {
-+		info.modulus_length = 1024;
-+	}
-+
-+	
- 
- 	*modulus_len_out = info.modulus_length;
- 	r = sc_pkcs15emu_add_rsa_pubkey(p15card, &obj, &info);
-@@ -590,6 +599,10 @@ static int itacns_add_keyset(sc_pkcs15_card_t *p15card,
- 
- 	/* This is hard-coded, for the time being. */
- 	int modulus_length = 1024;
-+	/* it's a ST2021? */
-+	if (((itacns_drv_data_t *) p15card->card->drv_data)->cns_version == 0x11) {
-+		modulus_length = 2048;
-+	}
- 
- 	/* Public key; not really needed */
- 	/* FIXME: set usage according to the certificate. */
-
-From 03707e182235ce9f83d3847e33f4fb4e38eebe42 Mon Sep 17 00:00:00 2001
-From: 0xdebe <gdeber@libero.it>
-Date: Sat, 31 Jul 2021 16:25:58 +0200
-Subject: [PATCH 3/3] fix modulus len
-
---
- src/libopensc/card-itacns.c   |  2 +-
- src/libopensc/pkcs15-itacns.c | 43 ++++++++++++-----------------------
- 2 files changed, 15 insertions(+), 30 deletions(-)
-
-diff --git a/src/libopensc/card-itacns.c b/src/libopensc/card-itacns.c
-index 52e144f194..b26f9d3317 100644
--- a/src/libopensc/card-itacns.c
-+++ b/src/libopensc/card-itacns.c
-@@ -104,7 +104,7 @@ static int itacns_match_cns_card(sc_card_t *card, unsigned int i)
- 	if(card->driver) {
- 		DRVDATA(card)->cns_version = atr[i];
- 	}
-	/* Warn if the version is not 1.0. */
-+	/* Warn if version is not 1.X. */
- 	if(atr[i] != 0x10 && atr[i] != 0x11) {
- 		char version[8];
- 		snprintf(version, sizeof(version), "%d.%d", (atr[i] >> 4) & 0x0f, atr[i] & 0x0f);
-diff --git a/src/libopensc/pkcs15-itacns.c b/src/libopensc/pkcs15-itacns.c
-index 875b12276d..afdf459c4e 100644
--- a/src/libopensc/pkcs15-itacns.c
-+++ b/src/libopensc/pkcs15-itacns.c
-@@ -189,7 +189,7 @@ static int loadFile(const sc_pkcs15_card_t *p15card, const sc_path_t *path,
- static int itacns_add_cert(sc_pkcs15_card_t *p15card,
- 	int type, int authority, const sc_path_t *path,
- 	const sc_pkcs15_id_t *id, const char *label, int obj_flags,
-	int *ext_info_ok, int *key_usage, int *x_key_usage)
-+	int *ext_info_ok, int *key_usage, int *x_key_usage, int *modulus_len)
- {
- 	int r;
- 	/* const char *label = "Certificate"; */
-@@ -237,6 +237,11 @@ static int itacns_add_cert(sc_pkcs15_card_t *p15card,
- 		const u8 *throwaway = cert->data.value;
- 		x509 = d2i_X509(NULL, &throwaway, cert->data.len);
- 	}
-+
-+	if (cert->key && cert->key->algorithm == SC_ALGORITHM_RSA) {
-+		*modulus_len = cert->key->u.rsa.modulus.len * 8;
-+	}
-+
- 	sc_pkcs15_free_certificate(cert);
- 	if (!x509) return SC_SUCCESS;
- 	X509_check_purpose(x509, -1, 0);
-@@ -260,7 +265,7 @@ static int itacns_add_cert(sc_pkcs15_card_t *p15card,
- 
- static int itacns_add_pubkey(sc_pkcs15_card_t *p15card,
- 	 const sc_path_t *path, const sc_pkcs15_id_t *id, const char *label,
-	int usage, int ref, int obj_flags, int *modulus_len_out)
-+	int usage, int ref, int obj_flags, int modulus_len)
- {
- 	int r;
- 	sc_pkcs15_pubkey_info_t info;
-@@ -279,22 +284,8 @@ static int itacns_add_pubkey(sc_pkcs15_card_t *p15card,
- 	strlcpy(obj.label, label, sizeof(obj.label));
- 	obj.flags		= obj_flags;
- 
-	/*
-	 * This is hard-coded, unless unforeseen versions of the CNS
-	 * turn up sometime.
-	 */
-
-	/* This is the unforseen version :D */
-	if (((itacns_drv_data_t *) p15card->card->drv_data)->cns_version == 0x11) {
-		info.modulus_length = 2048;
-	}
-	else {
-		info.modulus_length = 1024;
-	}
-+	info.modulus_length = modulus_len;
- 
-	
-
-	*modulus_len_out = info.modulus_length;
- 	r = sc_pkcs15emu_add_rsa_pubkey(p15card, &obj, &info);
- 	LOG_TEST_RET(p15card->card->ctx, r,
- 		"Could not add pub key");
-@@ -589,7 +580,7 @@ static int itacns_add_keyset(sc_pkcs15_card_t *p15card,
- 	const char *label, int sec_env, sc_pkcs15_id_t *cert_id,
- 	const char *pubkey_path, const char *prkey_path,
- 	unsigned int pubkey_usage_flags, unsigned int prkey_usage_flags,
-	u8 pin_ref)
-+	u8 pin_ref, int modulus_len)
- {
- 	int r;
- 	sc_path_t path;
-@@ -597,19 +588,13 @@ static int itacns_add_keyset(sc_pkcs15_card_t *p15card,
- 	char pinlabel[16];
- 	int fake_puk_authid, pin_flags;
- 
-	/* This is hard-coded, for the time being. */
-	int modulus_length = 1024;
-	/* it's a ST2021? */
-	if (((itacns_drv_data_t *) p15card->card->drv_data)->cns_version == 0x11) {
-		modulus_length = 2048;
-	}
- 
- 	/* Public key; not really needed */
- 	/* FIXME: set usage according to the certificate. */
- 	if (pubkey_path) {
- 		sc_format_path(pubkey_path, &path);
- 		r = itacns_add_pubkey(p15card, &path, cert_id, label,
-			pubkey_usage_flags, sec_env, 0, &modulus_length);
-+			pubkey_usage_flags, sec_env, 0, modulus_len);
- 		LOG_TEST_RET(p15card->card->ctx, r,
- 			"Could not add public key");
- 	}
-@@ -623,7 +608,7 @@ static int itacns_add_keyset(sc_pkcs15_card_t *p15card,
- 		private_path = &path;
- 	}
- 	r = itacns_add_prkey(p15card, cert_id, label, SC_PKCS15_TYPE_PRKEY_RSA,
-		modulus_length,
-+		modulus_len,
- 		prkey_usage_flags,
- 		private_path, sec_env, cert_id, SC_PKCS15_CO_FLAG_PRIVATE);
- 	LOG_TEST_RET(p15card->card->ctx, r,
-@@ -674,7 +659,7 @@ static int itacns_check_and_add_keyset(sc_pkcs15_card_t *p15card,
- 	sc_path_t path;
- 	sc_pkcs15_id_t cert_id;
- 	int ext_info_ok;
-	int ku = 0, xku = 0;
-+	int ku = 0, xku = 0, modulus_len = 0;
- 	int pubkey_usage_flags = 0, prkey_usage_flags = 0;
- 
- 	cert_id.len = 1;
-@@ -720,7 +705,7 @@ static int itacns_check_and_add_keyset(sc_pkcs15_card_t *p15card,
- 	}
- 
- 	r = itacns_add_cert(p15card, SC_PKCS15_TYPE_CERT_X509, 0,
-		&path, &cert_id, label, 0, &ext_info_ok, &ku, &xku);
-+		&path, &cert_id, label, 0, &ext_info_ok, &ku, &xku, &modulus_len);
- 	if (r == SC_ERROR_INVALID_ASN1_OBJECT)
- 		return 0;
- 	LOG_TEST_RET(p15card->card->ctx, r,
-@@ -765,7 +750,7 @@ static int itacns_check_and_add_keyset(sc_pkcs15_card_t *p15card,
- 
- 	r = itacns_add_keyset(p15card, label, sec_env, &cert_id,
- 		pubkey_path, prkey_path, pubkey_usage_flags, prkey_usage_flags,
-		pin_ref);
-+		pin_ref, modulus_len);
- 	LOG_TEST_RET(p15card->card->ctx, r,
- 		"Could not add keys for this certificate");
- 
--- a/opensc-32b-arch.patch
+++ b/opensc-32b-arch.patch
@ -1,33 +0,0 @@
-commit 6bc05d7037041e543d627248ca9df90723426ce1
-Author: Jakub Jelen <jjelen@redhat.com>
-Date:   Tue Aug 10 16:30:40 2021 +0200
-
-    p11test: Fix invalid format string on 32b architectures
-
-diff --git a/src/tests/p11test/p11test.c b/src/tests/p11test/p11test.c
-index dbac167d..49de6a93 100644
--- a/src/tests/p11test/p11test.c
-+++ b/src/tests/p11test/p11test.c
-@@ -139,7 +139,7 @@ int main(int argc, char** argv) {
- 		return -1;
- 	}
- 
-	debug_print("Card info:\n\tPIN %s\n\tPIN LENGTH %lu\n\t",
-+	debug_print("Card info:\n\tPIN %s\n\tPIN LENGTH %zu\n\t",
- 		token.pin, token.pin_length);
- 
- 	return cmocka_run_group_tests(readonly_tests_without_initialization,
-diff --git a/src/tests/p11test/p11test_case_pss_oaep.c b/src/tests/p11test/p11test_case_pss_oaep.c
-index 1d876a5b..5a6ae9d0 100644
--- a/src/tests/p11test/p11test_case_pss_oaep.c
-+++ b/src/tests/p11test/p11test_case_pss_oaep.c
-@@ -402,7 +402,7 @@ int oaep_encrypt_decrypt_test(test_cert_t *o, token_info_t *info, test_mech_t *m
- 	if (message_length < 0) {
- 		mech->usage_flags &= ~CKF_DECRYPT;
- 		debug_print(" [SKIP %s ] Too small modulus (%ld bits)"
-			" or too large hash %s (%lu B) for OAEP", o->id_str,
-+			" or too large hash %s (%zu B) for OAEP", o->id_str,
- 			o->bits, get_mechanism_name(mech->hash),
- 			get_hash_length(mech->hash));
- 		return 0;
-
--- a/opensc-gcc11.patch
+++ b/opensc-gcc11.patch
@ -1,17 +0,0 @@
-diff --git a/src/tools/opensc-explorer.c b/src/tools/opensc-explorer.c
-index 41e620a..57f8a79 100644
--- a/src/tools/opensc-explorer.c
-+++ b/src/tools/opensc-explorer.c
-@@ -1839,6 +1839,12 @@ static int do_apdu(int argc, char **argv)
- 	if (argc < 1)
- 		return usage(do_apdu);
- 
-+	/* gcc-11 complains about BUF potentially being used without being
-+	   initialized.  I can't convince myself that the calls to
-+	   parse_string_or_hexdata will fully initialize it, so we just
-+	   initialize it here.  */
-+	memset (buf, 0, sizeof (buf));
-+
- 	/* loop over the args and parse them, making sure the result fits into buf[] */
- 	for (i = 0, len = 0; i < (unsigned) argc && len < sizeof(buf); i++)   {
- 		size_t len0 = sizeof(buf) - len;
--- a/opensc.spec
+++ b/opensc.spec
@ -1,6 +1,6 @@
 Name:           opensc
-Version:        0.22.0
-Release:        7%{?dist}
+Version:        0.23.0
+Release:        1%{?dist}
 Summary:        Smart card library and applications

 License:        LGPLv2+
@ -8,18 +8,8 @@ URL:            https://github.com/OpenSC/OpenSC/wiki
 Source0:        https://github.com/OpenSC/OpenSC/releases/download/%{version}/%{name}-%{version}.tar.gz
 Source1:        opensc.module
 Patch1:         opensc-0.19.0-pinpad.patch
-# https://github.com/OpenSC/OpenSC/pull/2241/
-Patch5:         %{name}-gcc11.patch
-Patch6:         %{name}-32b-arch.patch
 # File caching by default (#2000626)
-Patch8:         %{name}-%{version}-file-cache.patch
-# https://github.com/OpenSC/OpenSC/pull/2414 (#2007029)
-Patch9:         %{name}-%{version}-detect-empty.patch
-# https://github.com/OpenSC/OpenSC/pull/2512 (#2046792)
-Patch10:        %{name}-%{version}-realloc-pointer.patch
-Patch11:        %{name}-%{version}-init-var.patch
-# https://github.com/OpenSC/OpenSC/pull/2371 (#2080783)
-Patch12:        %{name}-%{version}-support-itacns-2048.patch
+Patch8:         %{name}-0.22.0-file-cache.patch

 BuildRequires:  make
 BuildRequires:  pcsc-lite-devel
@ -32,6 +22,7 @@ BuildRequires:  bash-completion
 BuildRequires:  zlib-devel
 # For tests
 BuildRequires:  libcmocka-devel
+BuildRequires:  vim-common
 %if ! 0%{?rhel}
 BuildRequires:  softhsm
 %endif
@ -57,17 +48,11 @@ every software/card that does so, too.
 %prep
 %setup -q
 %patch1 -p1 -b .pinpad
-%patch5 -p1 -b .gcc11
-%patch6 -p1 -b .32b
 %patch8 -p1 -b .file-cache
-%patch9 -p1 -b .detect-empty
-%patch10 -p1 -b .realloc-pointer
-%patch11 -p1 -b .init-var
-%patch12 -p1 -b .support-itacns-2048

 # The test-pkcs11-tool-allowed-mechanisms already works in Fedora
 sed -i -e '/XFAIL_TESTS/,$ {
-  s/XFAIL_TESTS.*/XFAIL_TESTS=test-pkcs11-tool-test-threads.sh/
+  s/XFAIL_TESTS.*/XFAIL_TESTS=test-pkcs11-tool-test-threads.sh test-pkcs11-tool-test.sh/
  q
 }' tests/Makefile.am

@ -86,7 +71,7 @@ sed -i -e 's/opensc.conf/opensc-%{_arch}.conf/g' src/libopensc/Makefile.in
 sed -i -e 's|"/lib /usr/lib\b|"/%{_lib} %{_libdir}|' configure # lib64 rpaths
 %set_build_flags
 CFLAGS="$CFLAGS -Wstrict-aliasing=2 -Wno-deprecated-declarations"
-%configure  --disable-static \
+%configure --disable-static \
  --disable-autostart-items \
  --disable-notify \
  --disable-assert \
@ -100,7 +85,6 @@ CFLAGS="$CFLAGS -Wstrict-aliasing=2 -Wno-deprecated-declarations"
 %check
 make check

-
 %install
 %make_install
 install -Dpm 644 %{SOURCE1} $RPM_BUILD_ROOT%{_datadir}/p11-kit/modules/opensc.module
@ -130,9 +114,6 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/libopensc.so
 # remove the .pc file so we do not confuse users #1673139
 rm -f $RPM_BUILD_ROOT%{_libdir}/pkgconfig/*.pc
 rm -f $RPM_BUILD_ROOT%{_libdir}/libsmm-local.so
-%if 0%{?rhel} && 0%{?rhel} < 7
-rm -rf %{buildroot}%{_datadir}/bash-completion/
-%endif

 # the npa-tool builds to nothing since we do not have OpenPACE library
 rm -rf %{buildroot}%{_bindir}/npa-tool
@ -143,7 +124,6 @@ rm -rf %{buildroot}%{_bindir}/pkcs11-register
 rm -rf %{buildroot}%{_mandir}/man1/pkcs11-register.1*

 # Remove the notification files
-rm %{buildroot}%{_bindir}/opensc-notify
 rm %{buildroot}%{_datadir}/applications/org.opensc.notify.desktop
 rm %{buildroot}%{_mandir}/man1/opensc-notify.1*

@ -151,9 +131,7 @@ rm %{buildroot}%{_mandir}/man1/opensc-notify.1*
 %files
 %doc COPYING NEWS README*

-%if ! 0%{?rhel} || 0%{?rhel} >= 7
 %{_datadir}/bash-completion/*
-%endif

 %ifarch %{ix86}
 %{_mandir}/man5/opensc-%{_arch}.conf.5*
@ -191,7 +169,7 @@ rm %{buildroot}%{_mandir}/man1/opensc-notify.1*
 %{_libdir}/opensc-pkcs11.so
 %{_libdir}/pkcs11-spy.so
 %{_libdir}/onepin-opensc-pkcs11.so
-%%dir %{_libdir}/pkcs11
+%dir %{_libdir}/pkcs11
 %{_libdir}/pkcs11/opensc-pkcs11.so
 %{_libdir}/pkcs11/onepin-opensc-pkcs11.so
 %{_libdir}/pkcs11/pkcs11-spy.so
@ -220,6 +198,9 @@ rm %{buildroot}%{_mandir}/man1/opensc-notify.1*


 %changelog
+* Wed Nov 30 2022 Jakub Jelen <jjelen@redhat.com> - 0.23.0-1
+- New upstream release (#2134076)
+
 * Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.22.0-7
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild

--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (opensc-0.22.0.tar.gz) = 70ad5f1219f2ec2a5529a30d8e9955510c77c87d0bc857d5951c7227c75cf9de1c6071f43dd3816a2034123ebd902709793ff776e84d5379fdd54c811ccfaaee
+SHA512 (opensc-0.23.0.tar.gz) = cd102cd64e719c59153960a4921b7525055045f16e6f6ffa8c9def6ce999a9c5098267b41f8753b41107f626bea20c34561002f5d38eddb4ce6b371913a17a1b