From 3dfad33b98bbfd7ae61e43667643618941c05dfe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Mr=C3=A1z?= Date: Wed, 9 Jun 2010 10:48:25 +0000 Subject: [PATCH 1/6] - replace file dependency (#601943) --- opensc.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/opensc.spec b/opensc.spec index 415d475..8c48f86 100644 --- a/opensc.spec +++ b/opensc.spec @@ -2,7 +2,7 @@ Name: opensc Version: 0.11.13 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Smart card library and applications Group: System Environment/Libraries @@ -34,7 +34,7 @@ Summary: Digital signature plugin for web browsers Group: Applications/Internet BuildRequires: libXt-devel BuildRequires: libassuan-static, libassuan-devel -Requires: %{plugindir} +Requires: mozilla-filesystem%{?_isa} Requires: pinentry-gui %description -n mozilla-opensc-signer @@ -156,6 +156,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Wed Jun 9 2010 Tomas Mraz - 0.11.13-2 +- replace file dependency (#601943) + * Tue Feb 16 2010 Kalev Lember - 0.11.13-1 - new upstream version From b5436d174bec8cd70fdea852d0a4c0f8fffd9bf0 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 29 Jul 2010 05:15:05 +0000 Subject: [PATCH 2/6] dist-git conversion --- .cvsignore => .gitignore | 0 Makefile | 21 --------------------- 2 files changed, 21 deletions(-) rename .cvsignore => .gitignore (100%) delete mode 100644 Makefile diff --git a/.cvsignore b/.gitignore similarity index 100% rename from .cvsignore rename to .gitignore diff --git a/Makefile b/Makefile deleted file mode 100644 index 12edb61..0000000 --- a/Makefile +++ /dev/null @@ -1,21 +0,0 @@ -# Makefile for source rpm: opensc -# $Id$ -NAME := opensc -SPECFILE = $(firstword $(wildcard *.spec)) - -define find-makefile-common -for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done -endef - -MAKEFILE_COMMON := $(shell $(find-makefile-common)) - -ifeq ($(MAKEFILE_COMMON),) -# attept a checkout -define checkout-makefile-common -test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2 -endef - -MAKEFILE_COMMON := $(shell $(checkout-makefile-common)) -endif - -include $(MAKEFILE_COMMON) From 6350e581c21a8a4e038c02bf4e7969d171dddea5 Mon Sep 17 00:00:00 2001 From: Rex Dieter Date: Wed, 11 Aug 2010 13:44:21 -0500 Subject: [PATCH 3/6] - build against libassuan1 (f14+) --- opensc-0.11.13-libassuan1.patch | 12 ++++++++++++ opensc.spec | 19 +++++++++++++++++-- 2 files changed, 29 insertions(+), 2 deletions(-) create mode 100644 opensc-0.11.13-libassuan1.patch diff --git a/opensc-0.11.13-libassuan1.patch b/opensc-0.11.13-libassuan1.patch new file mode 100644 index 0000000..0a9afd1 --- /dev/null +++ b/opensc-0.11.13-libassuan1.patch @@ -0,0 +1,12 @@ +diff -up opensc-0.11.13/aclocal.m4.libassuan1 opensc-0.11.13/aclocal.m4 +--- opensc-0.11.13/aclocal.m4.libassuan1 2010-02-16 03:32:15.000000000 -0600 ++++ opensc-0.11.13/aclocal.m4 2010-08-11 13:39:21.483606389 -0500 +@@ -1108,7 +1108,7 @@ AC_SUBST([am__untar]) + ]) # _AM_PROG_TAR + + m4_include([m4/acx_pthread.m4]) +-m4_include([m4/libassuan.m4]) ++m4_include([libassuan1.m4]) + m4_include([m4/libtool.m4]) + m4_include([m4/ltoptions.m4]) + m4_include([m4/ltsugar.m4]) diff --git a/opensc.spec b/opensc.spec index 8c48f86..5dce165 100644 --- a/opensc.spec +++ b/opensc.spec @@ -2,7 +2,7 @@ Name: opensc Version: 0.11.13 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Smart card library and applications Group: System Environment/Libraries @@ -11,6 +11,7 @@ URL: http://www.opensc-project.org/opensc/ Source0: http://www.opensc-project.org/files/opensc/%{name}-%{version}.tar.gz Patch1: %{name}-0.11.7-develconfig.patch Patch2: %{name}-0.11.12-no-add-needed.patch +Patch3: opensc-0.11.13-libassuan1.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: pcsc-lite-devel @@ -33,7 +34,11 @@ eID cards have also been confirmed to work. Summary: Digital signature plugin for web browsers Group: Applications/Internet BuildRequires: libXt-devel -BuildRequires: libassuan-static, libassuan-devel +%if 0%{?fedora} > 13 +BuildRequires: libassuan1-devel libassuan1-static automake +%else +BuildRequires: libassuan-devel libassuan-static +%endif Requires: mozilla-filesystem%{?_isa} Requires: pinentry-gui @@ -62,6 +67,13 @@ cp -p src/scconf/README.scconf . # No %{_libdir} here to avoid multilib conflicts; it's just an example sed -i -e 's|/usr/local/towitoko/lib/|/usr/lib/ctapi/|' etc/opensc.conf.in +# hacks for libassuan1 +%if 0%{?fedora} > 13 +rm -f m4/libassuan.m4 +%patch3 -p1 -b .libassuan1 +./bootstrap +%endif + %build %configure --disable-static \ @@ -156,6 +168,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Wed Aug 11 2010 Rex Dieter - 0.11.13-3 +- build against libassuan1 (f14+) + * Wed Jun 9 2010 Tomas Mraz - 0.11.13-2 - replace file dependency (#601943) From df1034d209c54f9523e67918d51e226a142f5182 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Tue, 7 Sep 2010 11:42:47 +0200 Subject: [PATCH 4/6] - fix build with new pcsc-lite --- opensc-0.11.13-build-readerstate.patch | 51 ++++++++++++++++++++++++++ opensc.spec | 7 +++- 2 files changed, 57 insertions(+), 1 deletion(-) create mode 100644 opensc-0.11.13-build-readerstate.patch diff --git a/opensc-0.11.13-build-readerstate.patch b/opensc-0.11.13-build-readerstate.patch new file mode 100644 index 0000000..f5f3ca7 --- /dev/null +++ b/opensc-0.11.13-build-readerstate.patch @@ -0,0 +1,51 @@ +diff -up opensc-0.11.13/src/libopensc/internal-winscard.h.build opensc-0.11.13/src/libopensc/internal-winscard.h +--- opensc-0.11.13/src/libopensc/internal-winscard.h.build 2010-02-16 10:03:28.000000000 +0100 ++++ opensc-0.11.13/src/libopensc/internal-winscard.h 2010-09-07 10:34:20.000000000 +0200 +@@ -88,7 +88,7 @@ SCARD_IO_REQUEST, *PSCARD_IO_REQUEST, *L + + typedef const SCARD_IO_REQUEST *LPCSCARD_IO_REQUEST; + typedef SCARD_READERSTATE_A SCARD_READERSTATE, *PSCARD_READERSTATE_A, +- *LPSCARD_READERSTATE_A; ++ *LPSCARD_READERSTATE_A, *LPSCARD_READERSTATE; + + #endif /* HAVE_SCARD_H */ + +@@ -113,7 +113,7 @@ typedef LONG (PCSC_API *SCardEndTransact + typedef LONG (PCSC_API *SCardStatus_t)(SCARDHANDLE hCard, LPSTR mszReaderNames, LPDWORD pcchReaderLen, + LPDWORD pdwState, LPDWORD pdwProtocol, LPBYTE pbAtr, LPDWORD pcbAtrLen); + typedef LONG (PCSC_API *SCardGetStatusChange_t)(SCARDCONTEXT hContext, DWORD dwTimeout, +- LPSCARD_READERSTATE_A rgReaderStates, DWORD cReaders); ++ LPSCARD_READERSTATE rgReaderStates, DWORD cReaders); + typedef LONG (PCSC_API *SCardControlOLD_t)(SCARDHANDLE hCard, LPCVOID pbSendBuffer, DWORD cbSendLength, + LPVOID pbRecvBuffer, LPDWORD lpBytesReturned); + typedef LONG (PCSC_API *SCardControl_t)(SCARDHANDLE hCard, DWORD dwControlCode, LPCVOID pbSendBuffer, +diff -up opensc-0.11.13/src/libopensc/reader-pcsc.c.build opensc-0.11.13/src/libopensc/reader-pcsc.c +--- opensc-0.11.13/src/libopensc/reader-pcsc.c.build 2010-02-16 10:03:28.000000000 +0100 ++++ opensc-0.11.13/src/libopensc/reader-pcsc.c 2010-09-07 10:34:51.000000000 +0200 +@@ -80,7 +80,7 @@ struct pcsc_private_data { + + struct pcsc_slot_data { + SCARDHANDLE pcsc_card; +- SCARD_READERSTATE_A reader_state; ++ SCARD_READERSTATE reader_state; + DWORD verify_ioctl; + DWORD verify_ioctl_start; + DWORD verify_ioctl_finish; +@@ -353,7 +353,7 @@ static int pcsc_wait_for_event(sc_reader + sc_context_t *ctx; + SCARDCONTEXT pcsc_ctx; + LONG ret; +- SCARD_READERSTATE_A rgReaderStates[SC_MAX_READERS]; ++ SCARD_READERSTATE rgReaderStates[SC_MAX_READERS]; + unsigned long on_bits, off_bits; + time_t end_time, now, delta; + size_t i; +@@ -401,7 +401,7 @@ static int pcsc_wait_for_event(sc_reader + /* Wait for a status change and return if it's a card insert/removal + */ + for( ; ; ) { +- SCARD_READERSTATE_A *rsp; ++ SCARD_READERSTATE *rsp; + + /* Scan the current state of all readers to see if they + * match any of the events we're polling for */ diff --git a/opensc.spec b/opensc.spec index 5dce165..e2f58cd 100644 --- a/opensc.spec +++ b/opensc.spec @@ -2,7 +2,7 @@ Name: opensc Version: 0.11.13 -Release: 3%{?dist} +Release: 4%{?dist} Summary: Smart card library and applications Group: System Environment/Libraries @@ -12,6 +12,7 @@ Source0: http://www.opensc-project.org/files/opensc/%{name}-%{version}.ta Patch1: %{name}-0.11.7-develconfig.patch Patch2: %{name}-0.11.12-no-add-needed.patch Patch3: opensc-0.11.13-libassuan1.patch +Patch4: opensc-0.11.13-build-readerstate.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: pcsc-lite-devel @@ -71,6 +72,7 @@ sed -i -e 's|/usr/local/towitoko/lib/|/usr/lib/ctapi/|' etc/opensc.conf.in %if 0%{?fedora} > 13 rm -f m4/libassuan.m4 %patch3 -p1 -b .libassuan1 +%patch4 -p1 -b .build ./bootstrap %endif @@ -168,6 +170,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Tue Sep 7 2010 Tomas Mraz - 0.11.13-4 +- fix build with new pcsc-lite + * Wed Aug 11 2010 Rex Dieter - 0.11.13-3 - build against libassuan1 (f14+) From 6a20aba13f4e874ca955cf4344c8f90111ba3d79 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Tue, 19 Oct 2010 21:27:13 +0200 Subject: [PATCH 5/6] - own the _libdir/pkcs11 subdirectory (#644527) --- opensc.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/opensc.spec b/opensc.spec index e2f58cd..53a4b83 100644 --- a/opensc.spec +++ b/opensc.spec @@ -2,7 +2,7 @@ Name: opensc Version: 0.11.13 -Release: 4%{?dist} +Release: 5%{?dist} Summary: Smart card library and applications Group: System Environment/Libraries @@ -137,6 +137,7 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/lib*.so.* %{_libdir}/onepin-opensc-pkcs11.so %{_libdir}/opensc-pkcs11.so +%dir %{_libdir}/pkcs11 %{_libdir}/pkcs11/onepin-opensc-pkcs11.so %{_libdir}/pkcs11/opensc-pkcs11.so %{_datadir}/opensc/ @@ -170,6 +171,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Tue Oct 19 2010 Tomas Mraz - 0.11.13-5 +- own the _libdir/pkcs11 subdirectory (#644527) + * Tue Sep 7 2010 Tomas Mraz - 0.11.13-4 - fix build with new pcsc-lite From d65ffb9ccd2231f2c058f8dc00a3fe842c2cbe0d Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Tue, 21 Dec 2010 21:30:04 +0100 Subject: [PATCH 6/6] - fix buffer overflow on rogue card serial numbers --- opensc-0.11.13-serial-overflow.patch | 71 ++++++++++++++++++++++++++++ opensc.spec | 12 ++++- 2 files changed, 82 insertions(+), 1 deletion(-) create mode 100644 opensc-0.11.13-serial-overflow.patch diff --git a/opensc-0.11.13-serial-overflow.patch b/opensc-0.11.13-serial-overflow.patch new file mode 100644 index 0000000..6d492e5 --- /dev/null +++ b/opensc-0.11.13-serial-overflow.patch @@ -0,0 +1,71 @@ +Index: /trunk/src/libopensc/muscle.c +=================================================================== +--- /trunk/src/libopensc/muscle.c (revision 4350) ++++ /trunk/src/libopensc/muscle.c (revision 4912) +@@ -31,11 +31,4 @@ + #define MSC_DSA_PUBLIC 0x04 + #define MSC_DSA_PRIVATE 0x05 +- +-#ifndef MAX +-#define MAX(x, y) (((x) > (y)) ? (x) : (y)) +-#endif +-#ifndef MIN +-#define MIN(x, y) (((x) < (y)) ? (x) : (y)) +-#endif + + static msc_id inputId = { { 0xFF, 0xFF, 0xFF, 0xFF } }; +Index: /trunk/src/libopensc/internal.h +=================================================================== +--- /trunk/src/libopensc/internal.h (revision 4902) ++++ /trunk/src/libopensc/internal.h (revision 4912) +@@ -48,4 +48,11 @@ + #define msleep(t) Sleep(t) + #define sleep(t) Sleep((t) * 1000) ++#endif ++ ++#ifndef MAX ++#define MAX(x, y) (((x) > (y)) ? (x) : (y)) ++#endif ++#ifndef MIN ++#define MIN(x, y) (((x) < (y)) ? (x) : (y)) + #endif + +Index: /trunk/src/libopensc/card-atrust-acos.c +=================================================================== +--- /trunk/src/libopensc/card-atrust-acos.c (revision 4706) ++++ /trunk/src/libopensc/card-atrust-acos.c (revision 4913) +@@ -843,6 +843,6 @@ + return SC_ERROR_INTERNAL; + /* cache serial number */ +- memcpy(card->serialnr.value, apdu.resp, apdu.resplen); +- card->serialnr.len = apdu.resplen; ++ memcpy(card->serialnr.value, apdu.resp, MIN(apdu.resplen, SC_MAX_SERIALNR)); ++ card->serialnr.len = MIN(apdu.resplen, SC_MAX_SERIALNR); + /* copy and return serial number */ + memcpy(serial, &card->serialnr, sizeof(*serial)); +Index: /trunk/src/libopensc/card-starcos.c +=================================================================== +--- /trunk/src/libopensc/card-starcos.c (revision 4706) ++++ /trunk/src/libopensc/card-starcos.c (revision 4913) +@@ -1280,6 +1280,6 @@ + return SC_ERROR_INTERNAL; + /* cache serial number */ +- memcpy(card->serialnr.value, apdu.resp, apdu.resplen); +- card->serialnr.len = apdu.resplen; ++ memcpy(card->serialnr.value, apdu.resp, MIN(apdu.resplen, SC_MAX_SERIALNR)); ++ card->serialnr.len = MIN(apdu.resplen, SC_MAX_SERIALNR); + /* copy and return serial number */ + memcpy(serial, &card->serialnr, sizeof(*serial)); +Index: /trunk/src/libopensc/card-acos5.c +=================================================================== +--- /trunk/src/libopensc/card-acos5.c (revision 4118) ++++ /trunk/src/libopensc/card-acos5.c (revision 4913) +@@ -139,6 +139,6 @@ + * Cache serial number. + */ +- memcpy(card->serialnr.value, apdu.resp, apdu.resplen); +- card->serialnr.len = apdu.resplen; ++ memcpy(card->serialnr.value, apdu.resp, MIN(apdu.resplen, SC_MAX_SERIALNR)); ++ card->serialnr.len = MIN(apdu.resplen, SC_MAX_SERIALNR); + + /* diff --git a/opensc.spec b/opensc.spec index 53a4b83..ee8a367 100644 --- a/opensc.spec +++ b/opensc.spec @@ -2,7 +2,7 @@ Name: opensc Version: 0.11.13 -Release: 5%{?dist} +Release: 6%{?dist} Summary: Smart card library and applications Group: System Environment/Libraries @@ -13,11 +13,14 @@ Patch1: %{name}-0.11.7-develconfig.patch Patch2: %{name}-0.11.12-no-add-needed.patch Patch3: opensc-0.11.13-libassuan1.patch Patch4: opensc-0.11.13-build-readerstate.patch +Patch5: opensc-0.11.13-serial-overflow.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: pcsc-lite-devel BuildRequires: readline-devel +%if 0%{?fedora} || 0%{?rhel} > 5 BuildRequires: openct-devel +%endif BuildRequires: openssl-devel BuildRequires: libtool-ltdl-devel BuildRequires: libtool @@ -62,6 +65,8 @@ OpenSC development files. %setup -q %patch1 -p1 -b .config %patch2 -p1 -b .no-add-needed +%patch5 -p2 -b .overflow + sed -i -e 's|"/lib /usr/lib\b|"/%{_lib} %{_libdir}|' configure # lib64 rpaths cp -p src/pkcs15init/README ./README.pkcs15init cp -p src/scconf/README.scconf . @@ -81,7 +86,9 @@ rm -f m4/libassuan.m4 %configure --disable-static \ --enable-nsplugin \ --enable-pcsc \ +%if 0%{?fedora} || 0%{?rhel} > 5 --enable-openct \ +%endif --enable-doc \ --with-pcsc-provider=libpcsclite.so.1 \ --with-plugindir=%{plugindir} \ @@ -171,6 +178,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Tue Dec 21 2010 Tomas Mraz - 0.11.13-6 +- fix buffer overflow on rogue card serial numbers + * Tue Oct 19 2010 Tomas Mraz - 0.11.13-5 - own the _libdir/pkcs11 subdirectory (#644527)