From c4620785505dfd2a027c3d13aac9424965b42b5c Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Tue, 2 Aug 2016 13:54:59 +0200 Subject: [PATCH] opensc-0.16.0-1 * all patches applied upstream * new gids-tool * the folder from taball is in lower case --- .gitignore | 1 + opensc-0.15.0-cka_private.patch | 120 ---------- opensc-0.15.0-eID-rsa2048.patch | 24 -- opensc-0.15.0-fork-issue.patch | 399 ------------------------------- opensc-0.15.0-pubkey-crash.patch | 31 --- opensc-export-symbols.patch | 75 ------ opensc.spec | 23 +- sources | 2 +- 8 files changed, 10 insertions(+), 665 deletions(-) delete mode 100644 opensc-0.15.0-cka_private.patch delete mode 100644 opensc-0.15.0-eID-rsa2048.patch delete mode 100644 opensc-0.15.0-fork-issue.patch delete mode 100644 opensc-0.15.0-pubkey-crash.patch delete mode 100644 opensc-export-symbols.patch diff --git a/.gitignore b/.gitignore index e00ebec..3ee2dad 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ /opensc-0.13.0.tar.gz /opensc-0.14.0.tar.gz /opensc-0.15.0.tar.gz +/opensc-0.16.0.tar.gz diff --git a/opensc-0.15.0-cka_private.patch b/opensc-0.15.0-cka_private.patch deleted file mode 100644 index 2731551..0000000 --- a/opensc-0.15.0-cka_private.patch +++ /dev/null @@ -1,120 +0,0 @@ -commit 4df35b922c8eb7e0776a23260b65e570b33e4d42 -Author: Nicholas Wilson -Date: Tue Aug 11 14:02:52 2015 +0100 - - pkcs11: Fix to CKA_PRIVATE handling pcks11-tool - - There's a copy-and-paste bug in there, where the CKA_PRIVATE attribute - is being set on the wrong variables! As well as fixing that, we should - explicitly set CKA_PRIVATE to "false" for certificates and public keys, - since the PKCS#11 spec doesn't specify a default and some drivers use - "private" as the default, making it impossible to add a public key/cert - using pkcs11-tool. - -diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c -index 2781302..c3861d5 100644 ---- a/src/tools/pkcs11-tool.c -+++ b/src/tools/pkcs11-tool.c -@@ -1923,6 +1923,7 @@ static int parse_gost_private_key(EVP_PKEY *evp_key, struct gostkey_info *gost) - static int write_object(CK_SESSION_HANDLE session) - { - CK_BBOOL _true = TRUE; -+ CK_BBOOL _false = FALSE; - unsigned char contents[MAX_OBJECT_SIZE + 1]; - int contents_len = 0; - unsigned char certdata[MAX_OBJECT_SIZE]; -@@ -2026,28 +2027,24 @@ static int write_object(CK_SESSION_HANDLE session) - FILL_ATTR(cert_templ[1], CKA_VALUE, contents, contents_len); - FILL_ATTR(cert_templ[2], CKA_CLASS, &clazz, sizeof(clazz)); - FILL_ATTR(cert_templ[3], CKA_CERTIFICATE_TYPE, &cert_type, sizeof(cert_type)); -- n_cert_attr = 4; -+ FILL_ATTR(cert_templ[4], CKA_PRIVATE, &_false, sizeof(_false)); -+ n_cert_attr = 5; - - if (opt_object_label != NULL) { -- FILL_ATTR(cert_templ[n_cert_attr], CKA_LABEL, -- opt_object_label, strlen(opt_object_label)); -+ FILL_ATTR(cert_templ[n_cert_attr], CKA_LABEL, opt_object_label, strlen(opt_object_label)); - n_cert_attr++; - } - if (opt_object_id_len != 0) { -- FILL_ATTR(cert_templ[n_cert_attr], CKA_ID, -- opt_object_id, opt_object_id_len); -+ FILL_ATTR(cert_templ[n_cert_attr], CKA_ID, opt_object_id, opt_object_id_len); - n_cert_attr++; - } - #ifdef ENABLE_OPENSSL - /* according to PKCS #11 CKA_SUBJECT MUST be specified */ -- FILL_ATTR(cert_templ[n_cert_attr], CKA_SUBJECT, -- cert.subject, cert.subject_len); -+ FILL_ATTR(cert_templ[n_cert_attr], CKA_SUBJECT, cert.subject, cert.subject_len); - n_cert_attr++; -- FILL_ATTR(cert_templ[n_cert_attr], CKA_ISSUER, -- cert.issuer, cert.issuer_len); -+ FILL_ATTR(cert_templ[n_cert_attr], CKA_ISSUER, cert.issuer, cert.issuer_len); - n_cert_attr++; -- FILL_ATTR(cert_templ[n_cert_attr], CKA_SERIAL_NUMBER, -- cert.serialnum, cert.serialnum_len); -+ FILL_ATTR(cert_templ[n_cert_attr], CKA_SERIAL_NUMBER, cert.serialnum, cert.serialnum_len); - n_cert_attr++; - #endif - } -@@ -2150,9 +2147,12 @@ static int write_object(CK_SESSION_HANDLE session) - n_pubkey_attr = 3; - - if (opt_is_private != 0) { -- FILL_ATTR(data_templ[n_data_attr], CKA_PRIVATE, -- &_true, sizeof(_true)); -- n_data_attr++; -+ FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_PRIVATE, &_true, sizeof(_true)); -+ n_pubkey_attr++; -+ } -+ else { -+ FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_PRIVATE, &_false, sizeof(_false)); -+ n_pubkey_attr++; - } - - if (opt_object_label != NULL) { -@@ -2180,15 +2180,12 @@ static int write_object(CK_SESSION_HANDLE session) - - #ifdef ENABLE_OPENSSL - if (cert.subject_len != 0) { -- FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_SUBJECT, -- cert.subject, cert.subject_len); -+ FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_SUBJECT, cert.subject, cert.subject_len); - n_pubkey_attr++; - } -- FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_MODULUS, -- rsa.modulus, rsa.modulus_len); -+ FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_MODULUS, rsa.modulus, rsa.modulus_len); - n_pubkey_attr++; -- FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_PUBLIC_EXPONENT, -- rsa.public_exponent, rsa.public_exponent_len); -+ FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_PUBLIC_EXPONENT, rsa.public_exponent, rsa.public_exponent_len); - n_pubkey_attr++; - #endif - } -@@ -2202,8 +2199,11 @@ static int write_object(CK_SESSION_HANDLE session) - n_data_attr = 3; - - if (opt_is_private != 0) { -- FILL_ATTR(data_templ[n_data_attr], CKA_PRIVATE, -- &_true, sizeof(_true)); -+ FILL_ATTR(data_templ[n_data_attr], CKA_PRIVATE, &_true, sizeof(_true)); -+ n_data_attr++; -+ } -+ else { -+ FILL_ATTR(data_templ[n_data_attr], CKA_PRIVATE, &_false, sizeof(_false)); - n_data_attr++; - } - -@@ -2227,8 +2227,7 @@ static int write_object(CK_SESSION_HANDLE session) - } - - if (opt_object_label != NULL) { -- FILL_ATTR(data_templ[n_data_attr], CKA_LABEL, -- opt_object_label, strlen(opt_object_label)); -+ FILL_ATTR(data_templ[n_data_attr], CKA_LABEL, opt_object_label, strlen(opt_object_label)); - n_data_attr++; - } - diff --git a/opensc-0.15.0-eID-rsa2048.patch b/opensc-0.15.0-eID-rsa2048.patch deleted file mode 100644 index b3f6cce..0000000 --- a/opensc-0.15.0-eID-rsa2048.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 74493ca73f8e3c21c098fecb42a7a08ead85e197 Mon Sep 17 00:00:00 2001 -From: Henrik Andersson -Date: Fri, 13 May 2016 09:16:21 +0200 -Subject: [PATCH] Add support for RSA with keylength 2048 - -This solves sign issues with swedish eID cards which have -RSA keys with length 2048. This also solves the issue #726. ---- - src/libopensc/card-setcos.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/libopensc/card-setcos.c b/src/libopensc/card-setcos.c -index 2b0182a..a852180 100644 ---- a/src/libopensc/card-setcos.c -+++ b/src/libopensc/card-setcos.c -@@ -215,6 +215,7 @@ static int setcos_init(sc_card_t *card) - _sc_card_add_rsa_alg(card, 512, flags, 0); - _sc_card_add_rsa_alg(card, 768, flags, 0); - _sc_card_add_rsa_alg(card, 1024, flags, 0); -+ _sc_card_add_rsa_alg(card, 2048, flags, 0); - } - break; - } - diff --git a/opensc-0.15.0-fork-issue.patch b/opensc-0.15.0-fork-issue.patch deleted file mode 100644 index 1ae7069..0000000 --- a/opensc-0.15.0-fork-issue.patch +++ /dev/null @@ -1,399 +0,0 @@ -diff --git a/configure.ac b/configure.ac -index 67aa5c4..e65c919 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -39,8 +39,8 @@ OPENSC_VS_FF_PRODUCT_NAME="VS_FF_PRODUCT_NAME" - # (Code changed: REVISION++) - # (Oldest interface removed: OLDEST++) - # (Interfaces added: CURRENT++, REVISION=0) --OPENSC_LT_CURRENT="3" --OPENSC_LT_OLDEST="3" -+OPENSC_LT_CURRENT="4" -+OPENSC_LT_OLDEST="4" - OPENSC_LT_REVISION="0" - OPENSC_LT_AGE="0" - OPENSC_LT_AGE="$((${OPENSC_LT_CURRENT}-${OPENSC_LT_OLDEST}))" -diff --git a/src/libopensc/card.c b/src/libopensc/card.c -index 2cb16f6..f3cb152 100644 ---- a/src/libopensc/card.c -+++ b/src/libopensc/card.c -@@ -218,7 +218,8 @@ int sc_connect_card(sc_reader_t *reader, sc_card_t **card_out) - if (ops == NULL || ops->match_card == NULL) { - continue; - } -- else if (!ctx->enable_default_driver && !strcmp("default", drv->short_name)) { -+ else if (!(ctx->flags & SC_CTX_FLAG_ENABLE_DEFAULT_DRIVER) -+ && !strcmp("default", drv->short_name)) { - sc_log(ctx , "ignore 'default' card driver"); - continue; - } -diff --git a/src/libopensc/ctx.c b/src/libopensc/ctx.c -index 5595dc4..15312f7 100644 ---- a/src/libopensc/ctx.c -+++ b/src/libopensc/ctx.c -@@ -186,8 +186,7 @@ static void set_defaults(sc_context_t *ctx, struct _sc_ctx_options *opts) - if (ctx->debug_file && (ctx->debug_file != stderr && ctx->debug_file != stdout)) - fclose(ctx->debug_file); - ctx->debug_file = stderr; -- ctx->paranoid_memory = 0; -- ctx->enable_default_driver = 0; -+ ctx->flags = 0; - - #ifdef __APPLE__ - /* Override the default debug log for OpenSC.tokend to be different from PKCS#11. -@@ -258,11 +257,13 @@ load_parameters(sc_context_t *ctx, scconf_block *block, struct _sc_ctx_options * - sc_ctx_log_to_file(ctx, val); - } - -- ctx->paranoid_memory = scconf_get_bool (block, "paranoid-memory", -- ctx->paranoid_memory); -+ if (scconf_get_bool (block, "paranoid-memory", -+ ctx->flags & SC_CTX_FLAG_PARANOID_MEMORY)) -+ ctx->flags |= SC_CTX_FLAG_PARANOID_MEMORY; - -- ctx->enable_default_driver = scconf_get_bool (block, "enable_default_driver", -- ctx->enable_default_driver); -+ if (scconf_get_bool (block, "enable_default_driver", -+ ctx->flags & SC_CTX_FLAG_ENABLE_DEFAULT_DRIVER)) -+ ctx->flags |= SC_CTX_FLAG_ENABLE_DEFAULT_DRIVER; - - val = scconf_get_str(block, "force_card_driver", NULL); - if (val) { -@@ -723,7 +724,9 @@ int sc_context_create(sc_context_t **ctx_out, const sc_context_param_t *parm) - return SC_ERROR_OUT_OF_MEMORY; - } - -+ ctx->flags = parm->flags; - set_defaults(ctx, &opts); -+ - list_init(&ctx->readers); - list_attributes_seeker(&ctx->readers, reader_list_seeker); - /* set thread context and create mutex object (if specified) */ -diff --git a/src/libopensc/opensc.h b/src/libopensc/opensc.h -index 8c4e81f..e9a4d19 100644 ---- a/src/libopensc/opensc.h -+++ b/src/libopensc/opensc.h -@@ -639,13 +639,25 @@ typedef struct { - unsigned long (*thread_id)(void); - } sc_thread_context_t; - -+/** Stop modifing or using external resources -+ * -+ * Currently this is used to avoid freeing duplicated external resources for a -+ * process that has been forked. For example, a child process may want to leave -+ * the duplicated card handles for the parent process. With this flag the child -+ * process indicates that shall the reader shall ignore those resources when -+ * calling sc_disconnect_card. -+ */ -+#define SC_CTX_FLAG_TERMINATE 0x00000001 -+#define SC_CTX_FLAG_PARANOID_MEMORY 0x00000002 -+#define SC_CTX_FLAG_DEBUG_MEMORY 0x00000004 -+#define SC_CTX_FLAG_ENABLE_DEFAULT_DRIVER 0x00000008 -+ - typedef struct sc_context { - scconf_context *conf; - scconf_block *conf_blocks[3]; - char *app_name; - int debug; -- int paranoid_memory; -- int enable_default_driver; -+ unsigned long flags; - - FILE *debug_file; - char *debug_filename; -@@ -719,7 +731,7 @@ typedef struct { - * dependend configuration data). If NULL the name "default" - * will be used. */ - const char *app_name; -- /** flags, currently unused */ -+ /** context flags */ - unsigned long flags; - /** mutex functions to use (optional) */ - sc_thread_context_t *thread_ctx; -diff --git a/src/libopensc/reader-ctapi.c b/src/libopensc/reader-ctapi.c -index 919c3f0..c526500 100644 ---- a/src/libopensc/reader-ctapi.c -+++ b/src/libopensc/reader-ctapi.c -@@ -116,6 +116,9 @@ static int refresh_attributes(sc_reader_t *reader) - u8 cmd[5], rbuf[256], sad, dad; - unsigned short lr; - -+ if (reader->ctx->flags & SC_CTX_FLAG_TERMINATE) -+ return SC_ERROR_NOT_ALLOWED; -+ - cmd[0] = CTBCS_CLA; - cmd[1] = CTBCS_INS_STATUS; - cmd[2] = CTBCS_P1_CT_KERNEL; -@@ -158,6 +161,9 @@ static int ctapi_internal_transmit(sc_reader_t *reader, - u8 dad, sad; - unsigned short lr; - char rv; -+ -+ if (reader->ctx->flags & SC_CTX_FLAG_TERMINATE) -+ return SC_ERROR_NOT_ALLOWED; - - if (control) - dad = 1; -@@ -235,6 +241,9 @@ static int ctapi_connect(sc_reader_t *reader) - unsigned short lr; - int r; - -+ if (reader->ctx->flags & SC_CTX_FLAG_TERMINATE) -+ return SC_ERROR_NOT_ALLOWED; -+ - cmd[0] = CTBCS_CLA; - cmd[1] = CTBCS_INS_REQUEST; - cmd[2] = CTBCS_P1_INTERFACE1; -@@ -280,7 +289,9 @@ static int ctapi_release(sc_reader_t *reader) - { - struct ctapi_private_data *priv = GET_PRIV_DATA(reader); - -- priv->funcs.CT_close(priv->ctn); -+ -+ if (!(reader->ctx->flags & SC_CTX_FLAG_TERMINATE)) -+ priv->funcs.CT_close(priv->ctn); - - free(priv); - return 0; -diff --git a/src/libopensc/reader-openct.c b/src/libopensc/reader-openct.c -index a276d52..2d7d6bd 100644 ---- a/src/libopensc/reader-openct.c -+++ b/src/libopensc/reader-openct.c -@@ -154,7 +154,7 @@ static int openct_reader_release(sc_reader_t *reader) - - SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_VERBOSE); - if (data) { -- if (data->h) -+ if (data->h && !(reader->ctx->flags & SC_CTX_FLAG_TERMINATE)) - ct_reader_disconnect(data->h); - sc_mem_clear(data, sizeof(*data)); - reader->drv_data = NULL; -@@ -174,6 +174,9 @@ static int openct_reader_detect_card_presence(sc_reader_t *reader) - - SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_VERBOSE); - -+ if (reader->ctx->flags & SC_CTX_FLAG_TERMINATE) -+ return SC_ERROR_NOT_ALLOWED; -+ - reader->flags = 0; - if (!data->h && !(data->h = ct_reader_connect(data->num))) - return 0; -@@ -197,6 +200,9 @@ openct_reader_connect(sc_reader_t *reader) - - SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_VERBOSE); - -+ if (reader->ctx->flags & SC_CTX_FLAG_TERMINATE) -+ return SC_ERROR_NOT_ALLOWED; -+ - if (data->h) - ct_reader_disconnect(data->h); - -@@ -242,7 +248,7 @@ static int openct_reader_disconnect(sc_reader_t *reader) - struct driver_data *data = (struct driver_data *) reader->drv_data; - - SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_VERBOSE); -- if (data->h) -+ if (data->h && !(reader->flags & SC_TERMINATE)) - ct_reader_disconnect(data->h); - data->h = NULL; - return SC_SUCCESS; -@@ -256,6 +262,9 @@ openct_reader_internal_transmit(sc_reader_t *reader, - struct driver_data *data = (struct driver_data *) reader->drv_data; - int rc; - -+ if (reader->ctx->flags & SC_CTX_FLAG_TERMINATE) -+ return SC_ERROR_NOT_ALLOWED; -+ - /* Hotplug check */ - if ((rc = openct_reader_reconnect(reader)) < 0) - return rc; -@@ -324,6 +333,9 @@ static int openct_reader_perform_verify(sc_reader_t *reader, struct sc_pin_cmd_d - u8 buf[254]; - int rc; - -+ if (reader->ctx->flags & SC_CTX_FLAG_TERMINATE) -+ return SC_ERROR_NOT_ALLOWED; -+ - /* Hotplug check */ - if ((rc = openct_reader_reconnect(reader)) < 0) - return rc; -@@ -382,6 +394,9 @@ static int openct_reader_lock(sc_reader_t *reader) - - SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_VERBOSE); - -+ if (reader->ctx->flags & SC_CTX_FLAG_TERMINATE) -+ return SC_ERROR_NOT_ALLOWED; -+ - /* Hotplug check */ - if ((rc = openct_reader_reconnect(reader)) < 0) - return rc; -@@ -408,6 +423,9 @@ static int openct_reader_unlock(sc_reader_t *reader) - - SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_VERBOSE); - -+ if (reader->ctx->flags & SC_CTX_FLAG_TERMINATE) -+ return SC_ERROR_NOT_ALLOWED; -+ - /* Not connected */ - if (data->h == NULL) - return 0; -diff --git a/src/libopensc/reader-pcsc.c b/src/libopensc/reader-pcsc.c -index 666265d..7c26a25 100644 ---- a/src/libopensc/reader-pcsc.c -+++ b/src/libopensc/reader-pcsc.c -@@ -184,6 +184,9 @@ static int pcsc_internal_transmit(sc_reader_t *reader, - SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_NORMAL); - card = priv->pcsc_card; - -+ if (reader->ctx->flags & SC_CTX_FLAG_TERMINATE) -+ return SC_ERROR_NOT_ALLOWED; -+ - sSendPci.dwProtocol = opensc_proto_to_pcsc(reader->active_protocol); - sSendPci.cbPciLength = sizeof(sSendPci); - sRecvPci.dwProtocol = opensc_proto_to_pcsc(reader->active_protocol); -@@ -284,6 +287,9 @@ static int refresh_attributes(sc_reader_t *reader) - - sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "%s check", reader->name); - -+ if (reader->ctx->flags & SC_CTX_FLAG_TERMINATE) -+ return SC_ERROR_NOT_ALLOWED; -+ - if (priv->reader_state.szReader == NULL) { - priv->reader_state.szReader = reader->name; - priv->reader_state.dwCurrentState = SCARD_STATE_UNAWARE; -@@ -505,7 +511,8 @@ static int pcsc_disconnect(sc_reader_t * reader) - - SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_NORMAL); - -- priv->gpriv->SCardDisconnect(priv->pcsc_card, priv->gpriv->disconnect_action); -+ if (!(reader->ctx->flags & SC_CTX_FLAG_TERMINATE)) -+ priv->gpriv->SCardDisconnect(priv->pcsc_card, priv->gpriv->disconnect_action); - reader->flags = 0; - return SC_SUCCESS; - } -@@ -518,6 +525,9 @@ static int pcsc_lock(sc_reader_t *reader) - - SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_NORMAL); - -+ if (reader->ctx->flags & SC_CTX_FLAG_TERMINATE) -+ return SC_ERROR_NOT_ALLOWED; -+ - rv = priv->gpriv->SCardBeginTransaction(priv->pcsc_card); - - switch (rv) { -@@ -555,6 +565,9 @@ static int pcsc_unlock(sc_reader_t *reader) - - SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_NORMAL); - -+ if (reader->ctx->flags & SC_CTX_FLAG_TERMINATE) -+ return SC_ERROR_NOT_ALLOWED; -+ - rv = priv->gpriv->SCardEndTransaction(priv->pcsc_card, priv->gpriv->transaction_end_action); - - priv->locked = 0; -@@ -597,12 +610,18 @@ static int pcsc_cancel(sc_context_t *ctx) - struct pcsc_global_private_data *gpriv = (struct pcsc_global_private_data *)ctx->reader_drv_data; - - SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); -+ -+ if (ctx->flags & SC_CTX_FLAG_TERMINATE) -+ return SC_ERROR_NOT_ALLOWED; -+ - #ifndef _WIN32 - if (gpriv->pcsc_wait_ctx != -1) { - rv = gpriv->SCardCancel(gpriv->pcsc_wait_ctx); -- if (rv == SCARD_S_SUCCESS) -+ if (rv == SCARD_S_SUCCESS) { - /* Also close and clear the waiting context */ - rv = gpriv->SCardReleaseContext(gpriv->pcsc_wait_ctx); -+ gpriv->pcsc_wait_ctx = -1; -+ } - } - #else - rv = gpriv->SCardCancel(gpriv->pcsc_ctx); -@@ -747,7 +766,7 @@ static int pcsc_finish(sc_context_t *ctx) - SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); - - if (gpriv) { -- if (gpriv->pcsc_ctx != -1) -+ if (gpriv->pcsc_ctx != -1 && !(ctx->flags & SC_CTX_FLAG_TERMINATE)) - gpriv->SCardReleaseContext(gpriv->pcsc_ctx); - if (gpriv->dlhandle != NULL) - sc_dlclose(gpriv->dlhandle); -@@ -1693,6 +1712,9 @@ pcsc_pin_cmd(sc_reader_t *reader, struct sc_pin_cmd_data *data) - - SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_NORMAL); - -+ if (reader->ctx->flags & SC_CTX_FLAG_TERMINATE) -+ return SC_ERROR_NOT_ALLOWED; -+ - if (priv->gpriv->SCardControl == NULL) - return SC_ERROR_NOT_SUPPORTED; - -@@ -1982,8 +2004,8 @@ static int transform_pace_output(u8 *rbuf, size_t rbuflen, - static int - pcsc_perform_pace(struct sc_reader *reader, void *input_pace, void *output_pace) - { -- struct establish_pace_channel_input *pace_input = (struct establish_pace_channel_input *) input_pace; -- struct establish_pace_channel_output *pace_output = (struct establish_pace_channel_output *) output_pace; -+ struct establish_pace_channel_input *pace_input = (struct establish_pace_channel_input *) input_pace; -+ struct establish_pace_channel_output *pace_output = (struct establish_pace_channel_output *) output_pace; - struct pcsc_private_data *priv; - u8 rbuf[SC_MAX_EXT_APDU_BUFFER_SIZE], sbuf[SC_MAX_EXT_APDU_BUFFER_SIZE]; - size_t rcount = sizeof rbuf, scount = sizeof sbuf; -diff --git a/src/libopensc/sc.c b/src/libopensc/sc.c -index 052d6eb..5cddd32 100644 ---- a/src/libopensc/sc.c -+++ b/src/libopensc/sc.c -@@ -806,7 +806,7 @@ void *sc_mem_alloc_secure(sc_context_t *ctx, size_t len) - locked = 1; - #endif - if (!locked) { -- if (ctx->paranoid_memory) { -+ if (ctx->flags & SC_CTX_FLAG_PARANOID_MEMORY) { - sc_do_log (ctx, 0, NULL, 0, NULL, "cannot lock memory, failing allocation because paranoid set"); - free (pointer); - pointer = NULL; -diff --git a/src/pkcs11/pkcs11-global.c b/src/pkcs11/pkcs11-global.c -index a01cbab..349ee29 100644 ---- a/src/pkcs11/pkcs11-global.c -+++ b/src/pkcs11/pkcs11-global.c -@@ -202,9 +202,11 @@ CK_RV C_Initialize(CK_VOID_PTR pInitArgs) - unsigned int i; - sc_context_param_t ctx_opts; - -- /* Handle fork() exception */ - #if !defined(_WIN32) -+ /* Handle fork() exception */ - if (current_pid != initialized_pid) { -+ if (context) -+ context->flags |= SC_CTX_FLAG_TERMINATE; - C_Finalize(NULL_PTR); - } - initialized_pid = current_pid; -diff --git a/src/tools/opensc-explorer.c b/src/tools/opensc-explorer.c -index fa2581b..75588df 100644 ---- a/src/tools/opensc-explorer.c -+++ b/src/tools/opensc-explorer.c -@@ -1836,7 +1836,7 @@ int main(int argc, char * const argv[]) - return 1; - } - -- ctx->enable_default_driver = 1; -+ ctx->flags |= SC_CTX_FLAG_ENABLE_DEFAULT_DRIVER; - - if (verbose > 1) { - ctx->debug = verbose; -diff --git a/src/tools/opensc-tool.c b/src/tools/opensc-tool.c -index d907984..aea526e 100644 ---- a/src/tools/opensc-tool.c -+++ b/src/tools/opensc-tool.c -@@ -758,7 +758,7 @@ int main(int argc, char * const argv[]) - return 1; - } - -- ctx->enable_default_driver = 1; -+ ctx->flags |= SC_CTX_FLAG_ENABLE_DEFAULT_DRIVER; - - if (verbose > 1) { - ctx->debug = verbose; diff --git a/opensc-0.15.0-pubkey-crash.patch b/opensc-0.15.0-pubkey-crash.patch deleted file mode 100644 index da6dd77..0000000 --- a/opensc-0.15.0-pubkey-crash.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 6e5ae841eb398b6393d7349d45f2386f820c9f5f Mon Sep 17 00:00:00 2001 -From: LE TOUX Vincent -Date: Sat, 2 Jan 2016 09:31:36 +0100 -Subject: [PATCH] fix a pkcs11 crash when the public key reading fails - ---- - src/pkcs11/framework-pkcs15.c | 8 +++++--- - 1 file changed, 5 insertions(+), 3 deletions(-) - -diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c -index e103550..8496f43 100644 ---- a/src/pkcs11/framework-pkcs15.c -+++ b/src/pkcs11/framework-pkcs15.c -@@ -772,9 +772,11 @@ __pkcs15_prkey_bind_related(struct pkcs15_fw_data *fw_data, struct pkcs15_prkey_ - if (sc_pkcs15_compare_id(&pubkey->pub_info->id, id)) { - sc_log(context, "Associating object %d as public key", i); - pk->prv_pubkey = pubkey; -- sc_pkcs15_dup_pubkey(context, pubkey->pub_data, &pk->pub_data); -- if (pk->prv_info->modulus_length == 0) -- pk->prv_info->modulus_length = pubkey->pub_info->modulus_length; -+ if (pubkey->pub_data) { -+ sc_pkcs15_dup_pubkey(context, pubkey->pub_data, &pk->pub_data); -+ if (pk->prv_info->modulus_length == 0) -+ pk->prv_info->modulus_length = pubkey->pub_info->modulus_length; -+ } - } - } - } --- -2.5.0 - diff --git a/opensc-export-symbols.patch b/opensc-export-symbols.patch deleted file mode 100644 index baa1e21..0000000 --- a/opensc-export-symbols.patch +++ /dev/null @@ -1,75 +0,0 @@ -diff --git a/src/pkcs11/pkcs11-spy.exports b/src/pkcs11/pkcs11-spy.exports -index 562ecea..9b9b01c 100644 ---- a/src/pkcs11/pkcs11-spy.exports -+++ b/src/pkcs11/pkcs11-spy.exports -@@ -1 +1,70 @@ -+C_Initialize -+C_Finalize -+C_GetInfo - C_GetFunctionList -+C_GetSlotList -+C_GetSlotInfo -+C_GetTokenInfo -+C_GetMechanismList -+C_GetMechanismInfo -+C_InitToken -+C_InitPIN -+C_SetPIN -+C_OpenSession -+C_CloseSession -+C_CloseAllSessions -+C_GetSessionInfo -+C_GetOperationState -+C_SetOperationState -+C_Login -+C_Logout -+C_CreateObject -+C_CopyObject -+C_DestroyObject -+C_GetObjectSize -+C_GetAttributeValue -+C_SetAttributeValue -+C_FindObjectsInit -+C_FindObjects -+C_FindObjectsFinal -+C_EncryptInit -+C_Encrypt -+C_EncryptUpdate -+C_EncryptFinal -+C_DecryptInit -+C_Decrypt -+C_DecryptUpdate -+C_DecryptFinal -+C_DigestInit -+C_Digest -+C_DigestUpdate -+C_DigestKey -+C_DigestFinal -+C_SignInit -+C_Sign -+C_SignUpdate -+C_SignFinal -+C_SignRecoverInit -+C_SignRecover -+C_VerifyInit -+C_Verify -+C_VerifyUpdate -+C_VerifyFinal -+C_VerifyRecoverInit -+C_VerifyRecover -+C_DigestEncryptUpdate -+C_DecryptDigestUpdate -+C_SignEncryptUpdate -+C_DecryptVerifyUpdate -+C_GenerateKey -+C_GenerateKeyPair -+C_WrapKey -+C_UnwrapKey -+C_DeriveKey -+C_SeedRandom -+C_GenerateRandom -+C_GetFunctionStatus -+C_CancelFunction -+C_WaitForSlotEvent -+C_Initialize -+C_Finalize diff --git a/opensc.spec b/opensc.spec index 7fdfa70..5c72a06 100644 --- a/opensc.spec +++ b/opensc.spec @@ -1,6 +1,6 @@ Name: opensc -Version: 0.15.0 -Release: 6%{?dist} +Version: 0.16.0 +Release: 1%{?dist} Summary: Smart card library and applications Group: System Environment/Libraries @@ -20,12 +20,6 @@ Requires: pcsc-lite Obsoletes: mozilla-opensc-signer < 0.12.0 Obsoletes: opensc-devel < 0.12.0 -Patch0: opensc-0.15.0-fork-issue.patch -Patch1: opensc-export-symbols.patch -Patch2: opensc-0.15.0-pubkey-crash.patch -Patch3: opensc-0.15.0-eID-rsa2048.patch -Patch4: opensc-0.15.0-cka_private.patch - %description OpenSC provides a set of libraries and utilities to work with smart cards. Its main focus is on cards that support cryptographic operations, and facilitate @@ -37,13 +31,7 @@ every software/card that does so, too. %prep -%setup -q -n OpenSC-%{version} - -%patch0 -p1 -b .fork-issue -%patch1 -p1 -b .export-symbols -%patch2 -p1 -b .pubkey-crash -%patch3 -p1 -b .eID-rsa2048 -%patch4 -p1 -b .cka-private +%setup -q -n opensc-%{version} cp -p src/pkcs15init/README ./README.pkcs15init cp -p src/scconf/README.scconf . @@ -104,6 +92,7 @@ rm -rf %{buildroot}%{_sysconfdir}/bash_completion.d/ %{_bindir}/cryptoflex-tool %{_bindir}/eidenv %{_bindir}/iasecc-tool +%{_bindir}/gids-tool %{_bindir}/netkey-tool %{_bindir}/openpgp-tool %{_bindir}/opensc-explorer @@ -128,6 +117,7 @@ rm -rf %{buildroot}%{_sysconfdir}/bash_completion.d/ %{_mandir}/man1/cardos-tool.1* %{_mandir}/man1/cryptoflex-tool.1* %{_mandir}/man1/eidenv.1* +%{_mandir}/man1/gids-tool.1* %{_mandir}/man1/iasecc-tool.1* %{_mandir}/man1/netkey-tool.1* %{_mandir}/man1/openpgp-tool.1* @@ -145,6 +135,9 @@ rm -rf %{buildroot}%{_sysconfdir}/bash_completion.d/ %changelog +* Tue Aug 02 2016 Jakub Jelen - 0.16.0-1 +- New upstream release 0.16.0 (#1306071) + * Tue Jul 12 2016 Jakub Jelen - 0.15.0-6 - Add support for 2048 key length (#1350588) - Explicitly set CKA_PRIVATE to false when writing certificates (#1272127) diff --git a/sources b/sources index 245128d..1c29ceb 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -f266024e5a9630821ffa0ac14f72e369 opensc-0.15.0.tar.gz +724d128f23cd7a74b28d04300ce7bcbd opensc-0.16.0.tar.gz