.gitignore

@@ -1,2 +1,2 @@
 SOURCES/gpgkey-F5E11B9FFE911146F41D953D78A1B4DFE8F9C57E.gpg
-SOURCES/pcsc-lite-1.9.5.tar.bz2
+SOURCES/pcsc-lite-1.9.4.tar.bz2

.pcsc-lite.metadata

@@ -1,2 +1,2 @@
 13df650b9548b4ef1b24ad11ef6b573af4d48011 SOURCES/gpgkey-F5E11B9FFE911146F41D953D78A1B4DFE8F9C57E.gpg
-66ab757215d5ea436e0f2dffb8594d71904e9d9c SOURCES/pcsc-lite-1.9.5.tar.bz2
+b8ca342dfa650c2c4d25a86f6dbfa3aa019c2045 SOURCES/pcsc-lite-1.9.4.tar.bz2

SOURCES/pcsc-lite-1.9.1-maxreaders.patch

@@ -15,7 +15,7 @@ diff -up ./src/PCSC/pcsclite.h.readers_32 ./src/PCSC/pcsclite.h
 +++ ./src/PCSC/pcsclite.h	2018-08-20 16:03:00.061567242 -0700
 @@ -281,7 +281,7 @@ extern const SCARD_IO_REQUEST g_rgSCardT
  
- #define PCSCLITE_VERSION_NUMBER		"1.9.5"	/**< Current version */
+ #define PCSCLITE_VERSION_NUMBER		"1.9.4"	/**< Current version */
  /** Maximum readers context (a slot is count as a reader) */
 -#define PCSCLITE_MAX_READERS_CONTEXTS			16
 +#define PCSCLITE_MAX_READERS_CONTEXTS		48	

SOURCES/pcsc-lite-1.9.4-disable-polkit-option.patch

@@ -0,0 +1,110 @@
+From a9c7c0886acfb6ca4cae1426a623a8cff2e9846c Mon Sep 17 00:00:00 2001
+From: Tharre <tharre3@gmail.com>
+Date: Thu, 6 Apr 2023 17:59:36 +0200
+Subject: [PATCH] Add '--disable-polkit' option
+
+On systems with an encrypted root drive, systemd-cryptsetup may be used
+to handle decrypting the disk with a PKCS#11 token via pcscd. For this
+to work however, pcscd has to run in the initramfs to handle
+communications with the smartcard.
+
+To avoid having to also add polkitd to the initramfs, or alternatively
+to avoid having 2 separate versions of pcscd installed on the same
+system, add a commandline flag to disable polkit authentication for
+these cases.
+
+https://salsa.debian.org/rousseau/PCSC/-/merge_requests/4
+---
+ src/auth.c       | 6 ++++++
+ src/pcscdaemon.c | 8 ++++++++
+ 2 files changed, 14 insertions(+)
+
+diff --git a/src/auth.c b/src/auth.c
+index e0318ed6..cbcdf9c8 100644
+--- a/src/auth.c
++++ b/src/auth.c
+@@ -54,6 +54,8 @@
+ #if defined(HAVE_POLKIT) && defined(SO_PEERCRED)
+ 
+ #include <polkit/polkit.h>
++
++extern char disable_polkit;
+ 
+ /* Returns non zero when the client is authorized */
+ unsigned IsClientAuthorized(int socket, const char* action, const char* reader)
+@@ -68,6 +71,9 @@ unsigned IsClientAuthorized(int socket, const char* action, const char* reader)
+ 	GError *error = NULL;
+ 	char action_name[128];
+ 
++	if (disable_polkit)
++		return 1;
++
+ 	snprintf(action_name, sizeof(action_name), "org.debian.pcsc-lite.%s", action);
+ 
+ 	cr_len = sizeof(cr);
+diff --git a/src/pcscdaemon.c b/src/pcscdaemon.c
+index 69faf86a..4a0b4c0f 100644
+--- a/src/pcscdaemon.c
++++ b/src/pcscdaemon.c
+@@ -77,6 +77,7 @@ bool AutoExit = false;
+ char SocketActivated = FALSE;
+ static int ExitValue = EXIT_FAILURE;
+ int HPForceReaderPolling = 0;
++char disable_polkit = FALSE;
+ static int pipefd[] = {-1, -1};
+ static int signal_handler_fd[] = {-1, -1};
+ char Add_Serial_In_Name = TRUE;
+@@ -286,6 +287,7 @@ int main(int argc, char **argv)
+ 		{"auto-exit", 0, NULL, 'x'},
+ 		{"reader-name-no-serial", 0, NULL, 'S'},
+ 		{"reader-name-no-interface", 0, NULL, 'I'},
++		{"disable-polkit", 0, NULL, 1},
+ 		{NULL, 0, NULL, 0}
+ 	};
+ #endif
+@@ -331,6 +333,11 @@ int main(int argc, char **argv)
+ 					"force-reader-polling") == 0)
+ 					HPForceReaderPolling = optarg ? abs(atoi(optarg)) : 1;
+ 				break;
++			case 1:
++				if (strcmp(long_options[option_index].name,
++					"disable-polkit") == 0)
++					disable_polkit = TRUE;
++				break;
+ #endif
+ 			case 'c':
+ 				Log2(PCSC_LOG_INFO, "using new config file: %s", optarg);
+@@ -885,6 +892,7 @@ static void print_usage(char const * const progname)
+ 	printf("  -x, --auto-exit	pcscd will quit after %d seconds of inactivity\n", TIME_BEFORE_SUICIDE);
+ 	printf("  -S, --reader-name-no-serial    do not include the USB serial number in the name\n");
+ 	printf("  -I, --reader-name-no-interface do not include the USB interface name in the name\n");
++	printf("  --disable-polkit	disable polkit support\n");
+ #else
+ 	printf("  -a    log APDU commands and results\n");
+ 	printf("  -c	path to reader.conf\n");
+
+
+From 13e5c53eab9e48be0925f48bdc1b9eeb3c1b1a04 Mon Sep 17 00:00:00 2001
+From: Ludovic Rousseau <ludovic.rousseau@free.fr>
+Date: Sat, 25 Nov 2023 12:16:44 +0100
+Subject: [PATCH] pcscd.8: document --disable-polkit
+
+---
+ doc/pcscd.8.in | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/doc/pcscd.8.in b/doc/pcscd.8.in
+index b17d93b3..639a1214 100644
+--- a/doc/pcscd.8.in
++++ b/doc/pcscd.8.in
+@@ -84,6 +84,9 @@ Do not include the USB serial number in the reader name.
+ .TP
+ .BR \-I ", " \-\-reader\-name\-no\-interface
+ Do not include the USB interface name in the reader name.
++.TP
++.BR \-\-disable-polkit
++Ignore polkit rules. All accesses are allowed.
+ .SH DESCRIPTION
+ pcscd is the daemon program for pcsc-lite. It is a resource manager that
+ coordinates communications with smart card readers and smart cards and
+

SOURCES/pcsc-lite-1.9.4.tar.bz2.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIyBAABCAAdFiEE9eEbn/6REUb0HZU9eKG03+j5xX4FAmFXMRwACgkQeKG03+j5
+xX7/KQ/3RHTZ0G5UIDOY8q072UkGUk1OJW7azD9o1BsQpD0UBIHDD1q8ISilhJ5A
+MM1qsV0oirL01CUdkx3rPAFHusZrGbx/DQrX/1k/HmsCtwGMHWX9HkvVfU2ollHV
+O6+6RCBrGzL28j6kx6XoC8d1bBkwjCHsdPpkgdnoSrUq79xtIVQa/T8JNg+lDfn4
+QmYzVjc2uyeofQt1R4LDOb4sNb4ZwvO/dLoQjJXm+M20TLocXVGS6EzuM3Kt1ppK
+1Lf6Y7nqERm8HZtWxqCuiEn+rF9Dr+7DgSfLWTzZ/hVhqSbg5QoQDTzoiYMz8EqL
+zagLx/Mqa7VFuHT35QLzExjfvNn94xBpcSMQ5IjOQpgLU79Fx9Dw0TmtKHipcE57
+B0Kvt5dWcRXIm3wit2nbL9QbSrkE3B6cy4w6uRU0+HIqR17fWqET1XSG9k9/Wlfi
+GYaxe4knAqu/7jcqbqOHs0OHNfUwXZa7xhfYK7/7FAomzHcyFGpDP39J1CrYIT/d
+lonOgD8Mul4GJE/ZUSXNMp2My1Ds055ILMmOpxpJzy6QWqXCYKjPoYZWpbNV+we9
+yKR22z4Oag2gh3Y/HFh9NQ2WpS23NcY7BD+bMO1zle1MaJbqqoMp29XacrZnqwjX
+sDDSia3dtqfZY4ktr98aars2M0BtoqxFnsbdLCxN7EowgEq1Ww==
+=auuN
+-----END PGP SIGNATURE-----

SOURCES/pcsc-lite-1.9.5.tar.bz2.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEE9eEbn/6REUb0HZU9eKG03+j5xX4FAmGrX3QACgkQeKG03+j5
-xX6OYhAAlPiKTLWkHUq0edTZqptfYvjflQ3oBRSz5aGl1v95RyuklhGSK7H6fVez
-eYTG8bVKJDaHQBE+b1LukvIrhVlRGSHzTChTjc4k8qGjvSIqTp3t5Zhi0TDBIBov
-agLr2YP6Bi07nJZ+UzE5ssx0zk8Ca4xJDoSpBuD6ZcdTzSJ1VW8DZwD0bpco4a1u
-l8/b/DgzLPtzsSeBDoIGRlZsx6VYoxH83vaUp0FUNcdbLnA7teeWgnkSFJws8YAe
-TXd10bv3OYYqC/vCcQUv96tZaN2aekhYH9CeefAb6EC+kVWEXvV7d0BN29ToWuDm
-AQqkXpSYVihhkmQjTOmX6sKYbXpIkL13Rvmsz++Sf1tKQNuFcudtD2D4BZy4cglk
-DwX0dlJeHcQadeeyvC61G5BzreykhD6891PaxTs+BeGLKHe/VXmLhPcbA1r0oOKB
-A1G6lie02u2lCeohVFOvrIg7Pgx/msEqvGlqqYAYIz7s3bH0y88dw/QQW0le94Vr
-HefVx/dAqN1n90DTwKR5s10OgMAVGj4g9FkxNV/rVqKK6PwpM8wu1RuUeJhbeioN
-FVwJXzSsVoLkUn+GEQHXFtx/uOpQcJ63CPybULSXHp9xh4XecEBbJ695TZkzikP0
-Y+eAurhL7mKFpWwVIxTqYy+JU6B2r/p7pY0i15i8nGa2xkda/M8=
-=nBYh
------END PGP SIGNATURE-----

SPECS/pcsc-lite.spec

@@ -1,17 +1,19 @@
 Name:           pcsc-lite
-Version:        1.9.5
-Release:        1%{?dist}
+Version:        1.9.4
+Release:        2%{?dist}
 Summary:        PC/SC Lite smart card framework and applications
 
-Group:          System Environment/Daemons
 License:        BSD
 URL:            https://pcsclite.apdu.fr/
 Source0:        https://pcsclite.apdu.fr/files/%{name}-%{version}.tar.bz2
 Source1:        https://pcsclite.apdu.fr/files/%{name}-%{version}.tar.bz2.asc
 Source2:	gpgkey-F5E11B9FFE911146F41D953D78A1B4DFE8F9C57E.gpg
-Patch1:		pcsc-lite-1.8.23-maxreaders.patch
+Patch1:		pcsc-lite-1.9.1-maxreaders.patch
+# a9c7c0886acfb6ca4cae1426a623a8cff2e9846c
+# 13e5c53eab9e48be0925f48bdc1b9eeb3c1b1a04
+Patch2:		pcsc-lite-1.9.4-disable-polkit-option.patch
 
-BuildRequires:  make
+BuildRequires: make
 BuildRequires:  doxygen
 BuildRequires:  graphviz
 BuildRequires:  systemd-devel
@@ -23,6 +25,8 @@ BuildRequires:  gettext-devel
 BuildRequires:  libtool
 BuildRequires:  gnupg2
 BuildRequires:  gcc
+BuildRequires:  python3-devel
+BuildRequires:  /usr/bin/pathfix.py
 
 Requires(post): systemd
 Requires(preun): systemd
@@ -30,8 +34,9 @@ Requires(postun): systemd
 Requires:       pcsc-ifd-handler
 Requires:       %{name}-libs = %{version}-%{release}
 Requires:       polkit
+Requires:       python3
 Recommends:     pcsc-lite-ccid
-# This is bundled in upstream without simple way to remove
+# This is bundled in upstream withou simple way to remove
 Provides:       bundled(simclist) = 1.6
 
 
@@ -46,14 +51,12 @@ line tools.
 
 %package        libs
 Summary:        PC/SC Lite libraries
-Group:          System Environment/Libraries
 
 %description    libs
 PC/SC Lite libraries.
 
 %package        devel
 Summary:        PC/SC Lite development files
-Group:          Development/Libraries
 Requires:       %{name}-libs = %{version}-%{release}
 
 %description    devel
@@ -61,7 +64,6 @@ PC/SC Lite development files.
 
 %package        doc
 Summary:        PC/SC Lite developer documentation
-Group:          Documentation
 BuildArch:      noarch
 Requires:       %{name}-libs = %{version}-%{release}
 
@@ -74,6 +76,7 @@ gpgv2 --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
 
 %setup -q
 %patch1 -p 0 -b .maxreaders
+%patch2 -p 1 -b .disable-polkit
 
 # Convert to utf-8
 for file in ChangeLog; do
@@ -90,6 +93,8 @@ done
   --enable-usbdropdir=%{_libdir}/pcsc/drivers
 %make_build
 doxygen doc/doxygen.conf ; rm -f doc/api/*.{map,md5}
+pathfix.py -pni "%{__python3} %{py3_shbang_opts}" src/spy/pcsc-spy
+
 
 %install
 %make_install
@@ -101,6 +106,7 @@ mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/run/pcscd
 
 rm $RPM_BUILD_ROOT%{_libdir}/*.la
 
+
 %post
 %systemd_post pcscd.socket pcscd.service
 # If install, test if pcscd socket is enabled.
@@ -119,9 +125,7 @@ fi
 %postun
 %systemd_postun_with_restart pcscd.socket pcscd.service
 
-%post libs -p /sbin/ldconfig
-
-%postun libs -p /sbin/ldconfig
+%ldconfig_scriptlets libs
 
 
 %files
@@ -155,24 +159,60 @@ fi
 
 
 %changelog
-* Fri Jan 07 2022 Jakub Jelen <jjelen@redhat.com> - 1.9.5-1
-- Rebase to 1.9.5 version to address race conditions (#2014641)
-- Drop dowstream polkit policy to avoid repeated authentication requests in remote sessions (#1928154)
+* Fri Oct 25 2024 Jakub Jelen <jjelen@redhat.com> - 1.9.4-2
+- Backport --disable-polkit option (RHEL-34856)
 
-* Thu Jun 17 2021 Bob Relyea <rrelyea@redhat.com> - 1.8.23-4.1
-- rebuild to retrigger gating
+* Thu Nov 18 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.4-1
+- Rebase to current version from Fedora (#2017828)
+- Use of upstrea polkit policy preventing unneeded prompts
 
-* Thu Jun 17 2021 Bob Relyea <rrelyea@redhat.com> - 1.8.23-4
-- Update max readers to 48
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.9.1-4
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
 
-* Fri May 10 2019 Bob Relyea <rrelyea@redhat.com> - 1.8.23-3.1
-- test gating.
+* Fri Jun 25 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.1-3
+- Increase the maximum readers count (#1975422)
 
-* Fri Aug 24 2018 Bob Relyea <rrelyea@redhat.com> - 1.8.23-3
-- Update max readers to 32
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.9.1-2
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
 
-* Fri Jun 22 2018 Troy Dawson <tdawson@redhat.com> - 1.8.23-2.1
-- Fix python shebangs (#1580842)
+* Thu Feb 25 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.1-1
+- New upstream release (#1932519)
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Mon Jun 15 2020 Jakub Jelen <jjelen@redhat.com> - 1.9.0-1
+- New upstream release (#1846925)
+
+* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.26-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Mon Jan 20 2020 Jakub Jelen <jjelen@redhat.com> - 1.8.26-1
+- New upstream release
+
+* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.25-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Fri Apr 05 2019 Jakub Jelen <jjelen@redhat.com> - 1.8.25-1
+- New upstream release (#1692559)
+- Fix memory leak in SCardEstablishContextTH() (#1684674)
+- Enable socket activation after installation (#1545027)
+
+* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.24-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Tue Nov 20 2018 Jakub Jelen <jjelen@redhat.com> - 1.8.24-1
+- New upstream release (#1651353)
+
+* Mon Jul 23 2018 Jakub Jelen <jjelen@redhat.com> - 1.8.23-4
+- Add missing dependencies (#1605389)
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.23-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 
 * Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.23-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild