import opensc-0.20.0-4.el8

SOURCES/opensc-0.20.0-calloc0.patch

@@ -0,0 +1,102 @@
+From f1bcadfbe9d156adbe509b0860511ee41add0c67 Mon Sep 17 00:00:00 2001
+From: Frank Morgner <frankmorgner@gmail.com>
+Date: Tue, 10 Mar 2020 12:13:29 +0100
+Subject: [PATCH]  pkcs11: don't try to allocate 0 byte with calloc
+
+fixes #1978
+---
+ src/pkcs11/pkcs11-global.c | 7 ++++++-
+ win32/Make.rules.mak       | 4 ++--
+ win32/winconfig.h.in       | 2 ++
+ 3 files changed, 10 insertions(+), 3 deletions(-)
+
+diff --git a/src/pkcs11/pkcs11-global.c b/src/pkcs11/pkcs11-global.c
+index a3260314f8..671890309f 100644
+--- a/src/pkcs11/pkcs11-global.c
++++ b/src/pkcs11/pkcs11-global.c
+@@ -456,6 +456,13 @@ CK_RV C_GetSlotList(CK_BBOOL       tokenPresent,  /* only slots with token prese
+ 
+ 	card_detect_all();
+ 
++	if (list_empty(&virtual_slots)) {
++		sc_log(context, "returned 0 slots\n");
++		*pulCount = 0;
++		rv = CKR_OK;
++		goto out;
++	}
++
+ 	found = calloc(list_size(&virtual_slots), sizeof(CK_SLOT_ID));
+ 
+ 	if (found == NULL) {
+diff --git a/win32/Make.rules.mak b/win32/Make.rules.mak
+index 4f4971a72d..c6b1aac340 100644
+--- a/win32/Make.rules.mak
++++ b/win32/Make.rules.mak
+@@ -1,7 +1,7 @@
+ OPENSC_FEATURES = pcsc
+ 
+ #Include support for minidriver
+-MINIDRIVER_DEF = /DENABLE_MINIDRIVER
++#MINIDRIVER_DEF = /DENABLE_MINIDRIVER
+ 
+ #Build MSI with the Windows Installer XML (WIX) toolkit, requires WIX >= 3.9
+ !IF "$(WIX)" == ""
+@@ -33,7 +33,7 @@ WIX_LIBS = "$(WIX)\SDK\$(WIXVSVER)\lib\$(PLATFORM)\dutil.lib" "$(WIX)\SDK\$(WIXV
+ SM_DEF = /DENABLE_SM
+ 
+ #Build with debugging support
+-#DEBUG_DEF = /DDEBUG
++DEBUG_DEF = /DDEBUG
+ 
+ # If you want support for OpenSSL (needed for pkcs15-init tool, software hashing in PKCS#11 library and verification):
+ # - download and build OpenSSL
+diff --git a/win32/winconfig.h.in b/win32/winconfig.h.in
+index 94ed9b5475..fa682c5bcc 100644
+--- a/win32/winconfig.h.in
++++ b/win32/winconfig.h.in
+@@ -103,6 +103,8 @@
+ #define DEFAULT_ONEPIN_PKCS11_PROVIDER "@DEFAULT_ONEPIN_PKCS11_PROVIDER@"
+ #endif
+ 
++#define PKCS11_THREAD_LOCKING
++
+ #ifndef DEFAULT_SM_MODULE
+ #define DEFAULT_SM_MODULE "@DEFAULT_SM_MODULE@"
+ #endif
+
+commit 500ecd3d127975379e2310626c3ce94c3e7035ea
+Author: Jakub Jelen <jjelen@redhat.com>
+Date:   Wed Nov 25 13:49:08 2020 +0100
+
+    pkcs11-tool: Avoid calloc with 0 argument
+
+diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
+index 4015aaf1..89244795 100644
+--- a/src/tools/pkcs11-tool.c
++++ b/src/tools/pkcs11-tool.c
+@@ -1270,15 +1270,18 @@ static void list_slots(int tokens, int refresh, int print)
+ 		if (rv != CKR_OK)
+ 			p11_fatal("C_GetSlotList(NULL)", rv);
+ 		free(p11_slots);
+-		p11_slots = calloc(p11_num_slots, sizeof(CK_SLOT_ID));
+-		if (p11_slots == NULL) {
+-			perror("calloc failed");
+-			exit(1);
++		p11_slots = NULL;
++		if (p11_num_slots > 0) {
++			p11_slots = calloc(p11_num_slots, sizeof(CK_SLOT_ID));
++			if (p11_slots == NULL) {
++				perror("calloc failed");
++				exit(1);
++			}
++			rv = p11->C_GetSlotList(tokens, p11_slots, &p11_num_slots);
++			if (rv != CKR_OK)
++				p11_fatal("C_GetSlotList()", rv);
+ 		}
+ 
+-		rv = p11->C_GetSlotList(tokens, p11_slots, &p11_num_slots);
+-		if (rv != CKR_OK)
+-			p11_fatal("C_GetSlotList()", rv);
+ 	}
+ 
+ 	if (!print)

SOURCES/opensc-0.20.0-file-cache.patch

@@ -0,0 +1,85 @@
+From 2a28dcd3f6e4af7a5b2d7d7810b26b6321dd1bf1 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Tue, 10 Nov 2020 14:44:43 +0100
+Subject: [PATCH 1/3] ctx: Use more standard cache directory
+
+https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html
+---
+ src/libopensc/ctx.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/src/libopensc/ctx.c b/src/libopensc/ctx.c
+index 6b57170f01..d6058c070e 100644
+--- a/src/libopensc/ctx.c
++++ b/src/libopensc/ctx.c
+@@ -1008,7 +1008,12 @@ int sc_get_cache_dir(sc_context_t *ctx, char *buf, size_t bufsize)
+ 	}
+ 
+ #ifndef _WIN32
+-	cache_dir = ".eid/cache";
++	cache_dir = getenv("XDG_CACHE_HOME");
++	if (cache_dir != NULL && cache_dir[0] != '\0') {
++		snprintf(buf, bufsize, "%s/%s", cache_dir, "opensc");
++		return SC_SUCCESS;
++	}
++	cache_dir = ".cache/opensc";
+ 	homedir = getenv("HOME");
+ #else
+ 	cache_dir = "eid-cache";
+@@ -1020,7 +1025,7 @@ int sc_get_cache_dir(sc_context_t *ctx, char *buf, size_t bufsize)
+ 		homedir = temp_path;
+ 	}
+ #endif
+-	if (homedir == NULL)
++	if (homedir == NULL || homedir[0] == '\0')
+ 		return SC_ERROR_INTERNAL;
+ 	if (snprintf(buf, bufsize, "%s/%s", homedir, cache_dir) < 0)
+ 		return SC_ERROR_BUFFER_TOO_SMALL;
+
+From 7c1c6f6be47f55693647827259edcacc98761371 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Tue, 10 Nov 2020 15:07:42 +0100
+Subject: [PATCH 3/3] doc: Update documentation about the cache location
+
+---
+ doc/files/opensc.conf.5.xml.in | 9 +++++++--
+ 2 files changed, 11 insertions(+), 4 deletions(-)
+
+diff --git a/doc/files/opensc.conf.5.xml.in b/doc/files/opensc.conf.5.xml.in
+index 118922a877..791f11669a 100644
+--- a/doc/files/opensc.conf.5.xml.in
++++ b/doc/files/opensc.conf.5.xml.in
+@@ -1116,12 +1116,17 @@ app <replaceable>application</replaceable> {
+ 							<itemizedlist>
+ 								<listitem>
+ 									<para>
+-										<filename><envar>HOME</envar>/.eid/cache/</filename> (Unix)
++										<filename><envar>$XDG_CACHE_HOME</envar>/opensc/</filename> (If <envar>$XDG_CACHE_HOME</envar> is defined)
+ 									</para>
+ 								</listitem>
+ 								<listitem>
+ 									<para>
+-										<filename><envar>USERPROFILE</envar>\.eid-cache\</filename> (Windows)
++										<filename><envar>$HOME</envar>/.cache/opensc/</filename> (Unix)
++									</para>
++								</listitem>
++								<listitem>
++									<para>
++										<filename><envar>$USERPROFILE</envar>\.eid-cache\</filename> (Windows)
+ 									</para>
+ 								</listitem>
+ 							</itemizedlist>
+
+diff -up opensc-0.20.0/etc/opensc.conf.file-cache opensc-0.20.0/etc/opensc.conf
+--- opensc-0.20.0/etc/opensc.conf.file-cache	2020-11-20 16:49:30.995526825 +0100
++++ opensc-0.20.0/etc/opensc.conf	2020-11-20 16:50:07.665053280 +0100
+@@ -2,7 +2,7 @@ app default {
+ 	# debug = 3;
+ 	# debug_file = opensc-debug.txt;
+ 	framework pkcs15 {
+-		# use_file_caching = true;
++		use_file_caching = true;
+ 	}
+ 	reader_driver pcsc {
+ 		# The pinpad is disabled by default,
+

SPECS/opensc.spec

@@ -3,7 +3,7 @@
 
 Name:           opensc
 Version:        0.20.0
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        Smart card library and applications
 
 Group:          System Environment/Libraries
@@ -26,6 +26,12 @@ Patch12:        opensc-0.20.0-CVE-2020-26571.patch
 Patch13:        opensc-0.20.0-CVE-2020-26572.patch
 # https://github.com/OpenSC/OpenSC/commit/8d4af9eb
 Patch14:        opensc-0.20.0-label-padding.patch
+# https://github.com/OpenSC/OpenSC/commit/f1bcadfb
+# https://github.com/OpenSC/OpenSC/pull/2166
+Patch15:        opensc-0.20.0-calloc0.patch
+# https://github.com/OpenSC/OpenSC/pull/2148
+# + configuration change by default
+Patch16:        opensc-0.20.0-file-cache.patch
 
 
 BuildRequires:  pcsc-lite-devel
@@ -63,6 +69,8 @@ every software/card that does so, too.
 %patch12 -p1 -b .CVE-2020-26571
 %patch13 -p1 -b .CVE-2020-26572
 %patch14 -p1 -b .padding
+%patch15 -p1 -b .calloc0
+%patch16 -p1 -b .file-cache
 
 cp -p src/pkcs15init/README ./README.pkcs15init
 cp -p src/scconf/README.scconf .
@@ -221,6 +229,10 @@ fi
 
 
 %changelog
+* Fri Nov 20 2020 Jakub Jelen <jjelen@redhat.com> - 0.20.0-4
+- Use file cache by default (#1892810)
+- Avoid calloc with 0 argument (#1895401)
+
 * Tue Oct 20 2020 Jakub Jelen <jjelen@redhat.com> - 0.20.0-3
 - Support PIN change for HID Alt tokens (#1830901)
 - Fix CVE-2020-26570, CVE-2020-26571 and CVE-2020-26572