7 changed files with 194 additions and 44 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,2 @@
 SOURCES/gpgkey-F5E11B9FFE911146F41D953D78A1B4DFE8F9C57E.gpg
-SOURCES/pcsc-lite-1.9.5.tar.bz2
+SOURCES/pcsc-lite-1.9.4.tar.bz2
--- a/.pcsc-lite.metadata
+++ b/.pcsc-lite.metadata
@ -1,2 +1,2 @@
 13df650b9548b4ef1b24ad11ef6b573af4d48011 SOURCES/gpgkey-F5E11B9FFE911146F41D953D78A1B4DFE8F9C57E.gpg
-66ab757215d5ea436e0f2dffb8594d71904e9d9c SOURCES/pcsc-lite-1.9.5.tar.bz2
+b8ca342dfa650c2c4d25a86f6dbfa3aa019c2045 SOURCES/pcsc-lite-1.9.4.tar.bz2
--- a/SOURCES/pcsc-lite-1.8.23-maxreaders.patch
+++ b/SOURCES/pcsc-lite-1.8.23-maxreaders.patch
@ -15,7 +15,7 @@ diff -up ./src/PCSC/pcsclite.h.readers_32 ./src/PCSC/pcsclite.h
 +++ ./src/PCSC/pcsclite.h	2018-08-20 16:03:00.061567242 -0700
@@ -281,7 +281,7 @@ extern const SCARD_IO_REQUEST g_rgSCardT
- #define PCSCLITE_VERSION_NUMBER		"1.9.5"	/**< Current version */
+ #define PCSCLITE_VERSION_NUMBER		"1.9.4"	/**< Current version */
 /** Maximum readers context (a slot is count as a reader) */
 -#define PCSCLITE_MAX_READERS_CONTEXTS			16
 +#define PCSCLITE_MAX_READERS_CONTEXTS		48	
--- a/SOURCES/pcsc-lite-1.9.4-disable-polkit-option.patch
+++ b/SOURCES/pcsc-lite-1.9.4-disable-polkit-option.patch
@ -0,0 +1,110 @@
 From a9c7c0886acfb6ca4cae1426a623a8cff2e9846c Mon Sep 17 00:00:00 2001
 From: Tharre <tharre3@gmail.com>
 Date: Thu, 6 Apr 2023 17:59:36 +0200
 Subject: [PATCH] Add '--disable-polkit' option
 On systems with an encrypted root drive, systemd-cryptsetup may be used
 to handle decrypting the disk with a PKCS#11 token via pcscd. For this
 to work however, pcscd has to run in the initramfs to handle
 communications with the smartcard.
 To avoid having to also add polkitd to the initramfs, or alternatively
 to avoid having 2 separate versions of pcscd installed on the same
 system, add a commandline flag to disable polkit authentication for
 these cases.
 https://salsa.debian.org/rousseau/PCSC/-/merge_requests/4
 ---
 src/auth.c       | 6 ++++++
 src/pcscdaemon.c | 8 ++++++++
 2 files changed, 14 insertions(+)
 diff --git a/src/auth.c b/src/auth.c
 index e0318ed6..cbcdf9c8 100644
 --- a/src/auth.c
 +++ b/src/auth.c
@@ -54,6 +54,8 @@
 #if defined(HAVE_POLKIT) && defined(SO_PEERCRED)
 #include <polkit/polkit.h>
 +
 +extern char disable_polkit;
 /* Returns non zero when the client is authorized */
 unsigned IsClientAuthorized(int socket, const char* action, const char* reader)
@@ -68,6 +71,9 @@ unsigned IsClientAuthorized(int socket, const char* action, const char* reader)
 	GError *error = NULL;
 	char action_name[128];
 +	if (disable_polkit)
 +		return 1;
 +
 	snprintf(action_name, sizeof(action_name), "org.debian.pcsc-lite.%s", action);
 	cr_len = sizeof(cr);
 diff --git a/src/pcscdaemon.c b/src/pcscdaemon.c
 index 69faf86a..4a0b4c0f 100644
 --- a/src/pcscdaemon.c
 +++ b/src/pcscdaemon.c
@@ -77,6 +77,7 @@ bool AutoExit = false;
 char SocketActivated = FALSE;
 static int ExitValue = EXIT_FAILURE;
 int HPForceReaderPolling = 0;
 +char disable_polkit = FALSE;
 static int pipefd[] = {-1, -1};
 static int signal_handler_fd[] = {-1, -1};
 char Add_Serial_In_Name = TRUE;
@@ -286,6 +287,7 @@ int main(int argc, char **argv)
 		{"auto-exit", 0, NULL, 'x'},
 		{"reader-name-no-serial", 0, NULL, 'S'},
 		{"reader-name-no-interface", 0, NULL, 'I'},
 +		{"disable-polkit", 0, NULL, 1},
 		{NULL, 0, NULL, 0}
 	};
 #endif
@@ -331,6 +333,11 @@ int main(int argc, char **argv)
 					"force-reader-polling") == 0)
 					HPForceReaderPolling = optarg ? abs(atoi(optarg)) : 1;
 				break;
 +			case 1:
 +				if (strcmp(long_options[option_index].name,
 +					"disable-polkit") == 0)
 +					disable_polkit = TRUE;
 +				break;
 #endif
 			case 'c':
 				Log2(PCSC_LOG_INFO, "using new config file: %s", optarg);
@@ -885,6 +892,7 @@ static void print_usage(char const * const progname)
 	printf("  -x, --auto-exit	pcscd will quit after %d seconds of inactivity\n", TIME_BEFORE_SUICIDE);
 	printf("  -S, --reader-name-no-serial    do not include the USB serial number in the name\n");
 	printf("  -I, --reader-name-no-interface do not include the USB interface name in the name\n");
 +	printf("  --disable-polkit	disable polkit support\n");
 #else
 	printf("  -a    log APDU commands and results\n");
 	printf("  -c	path to reader.conf\n");
 From 13e5c53eab9e48be0925f48bdc1b9eeb3c1b1a04 Mon Sep 17 00:00:00 2001
 From: Ludovic Rousseau <ludovic.rousseau@free.fr>
 Date: Sat, 25 Nov 2023 12:16:44 +0100
 Subject: [PATCH] pcscd.8: document --disable-polkit
 ---
 doc/pcscd.8.in | 3 +++
 1 file changed, 3 insertions(+)
 diff --git a/doc/pcscd.8.in b/doc/pcscd.8.in
 index b17d93b3..639a1214 100644
 --- a/doc/pcscd.8.in
 +++ b/doc/pcscd.8.in
@@ -84,6 +84,9 @@ Do not include the USB serial number in the reader name.
 .TP
 .BR \-I ", " \-\-reader\-name\-no\-interface
 Do not include the USB interface name in the reader name.
 +.TP
 +.BR \-\-disable-polkit
 +Ignore polkit rules. All accesses are allowed.
 .SH DESCRIPTION
 pcscd is the daemon program for pcsc-lite. It is a resource manager that
 coordinates communications with smart card readers and smart cards and
--- a/SOURCES/pcsc-lite-1.9.4.tar.bz2.asc
+++ b/SOURCES/pcsc-lite-1.9.4.tar.bz2.asc
@ -0,0 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
 iQIyBAABCAAdFiEE9eEbn/6REUb0HZU9eKG03+j5xX4FAmFXMRwACgkQeKG03+j5
 xX7/KQ/3RHTZ0G5UIDOY8q072UkGUk1OJW7azD9o1BsQpD0UBIHDD1q8ISilhJ5A
 MM1qsV0oirL01CUdkx3rPAFHusZrGbx/DQrX/1k/HmsCtwGMHWX9HkvVfU2ollHV
 O6+6RCBrGzL28j6kx6XoC8d1bBkwjCHsdPpkgdnoSrUq79xtIVQa/T8JNg+lDfn4
 QmYzVjc2uyeofQt1R4LDOb4sNb4ZwvO/dLoQjJXm+M20TLocXVGS6EzuM3Kt1ppK
 1Lf6Y7nqERm8HZtWxqCuiEn+rF9Dr+7DgSfLWTzZ/hVhqSbg5QoQDTzoiYMz8EqL
 zagLx/Mqa7VFuHT35QLzExjfvNn94xBpcSMQ5IjOQpgLU79Fx9Dw0TmtKHipcE57
 B0Kvt5dWcRXIm3wit2nbL9QbSrkE3B6cy4w6uRU0+HIqR17fWqET1XSG9k9/Wlfi
 GYaxe4knAqu/7jcqbqOHs0OHNfUwXZa7xhfYK7/7FAomzHcyFGpDP39J1CrYIT/d
 lonOgD8Mul4GJE/ZUSXNMp2My1Ds055ILMmOpxpJzy6QWqXCYKjPoYZWpbNV+we9
 yKR22z4Oag2gh3Y/HFh9NQ2WpS23NcY7BD+bMO1zle1MaJbqqoMp29XacrZnqwjX
 sDDSia3dtqfZY4ktr98aars2M0BtoqxFnsbdLCxN7EowgEq1Ww==
 =auuN
 -----END PGP SIGNATURE-----
--- a/SOURCES/pcsc-lite-1.9.5.tar.bz2.asc
+++ b/SOURCES/pcsc-lite-1.9.5.tar.bz2.asc
@ -1,16 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCAAdFiEE9eEbn/6REUb0HZU9eKG03+j5xX4FAmGrX3QACgkQeKG03+j5
 xX6OYhAAlPiKTLWkHUq0edTZqptfYvjflQ3oBRSz5aGl1v95RyuklhGSK7H6fVez
 eYTG8bVKJDaHQBE+b1LukvIrhVlRGSHzTChTjc4k8qGjvSIqTp3t5Zhi0TDBIBov
 agLr2YP6Bi07nJZ+UzE5ssx0zk8Ca4xJDoSpBuD6ZcdTzSJ1VW8DZwD0bpco4a1u
 l8/b/DgzLPtzsSeBDoIGRlZsx6VYoxH83vaUp0FUNcdbLnA7teeWgnkSFJws8YAe
 TXd10bv3OYYqC/vCcQUv96tZaN2aekhYH9CeefAb6EC+kVWEXvV7d0BN29ToWuDm
 AQqkXpSYVihhkmQjTOmX6sKYbXpIkL13Rvmsz++Sf1tKQNuFcudtD2D4BZy4cglk
 DwX0dlJeHcQadeeyvC61G5BzreykhD6891PaxTs+BeGLKHe/VXmLhPcbA1r0oOKB
 A1G6lie02u2lCeohVFOvrIg7Pgx/msEqvGlqqYAYIz7s3bH0y88dw/QQW0le94Vr
 HefVx/dAqN1n90DTwKR5s10OgMAVGj4g9FkxNV/rVqKK6PwpM8wu1RuUeJhbeioN
 FVwJXzSsVoLkUn+GEQHXFtx/uOpQcJ63CPybULSXHp9xh4XecEBbJ695TZkzikP0
 Y+eAurhL7mKFpWwVIxTqYy+JU6B2r/p7pY0i15i8nGa2xkda/M8=
 =nBYh
 -----END PGP SIGNATURE-----
--- a/SPECS/pcsc-lite.spec
+++ b/SPECS/pcsc-lite.spec
@ -1,17 +1,19 @@
 Name:           pcsc-lite
-Version:        1.9.5
+Version:        1.9.4
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        PC/SC Lite smart card framework and applications
 Group:          System Environment/Daemons
 License:        BSD
 URL:            https://pcsclite.apdu.fr/
 Source0:        https://pcsclite.apdu.fr/files/%{name}-%{version}.tar.bz2
 Source1:        https://pcsclite.apdu.fr/files/%{name}-%{version}.tar.bz2.asc
 Source2:	gpgkey-F5E11B9FFE911146F41D953D78A1B4DFE8F9C57E.gpg
-Patch1:		pcsc-lite-1.8.23-maxreaders.patch
+Patch1:		pcsc-lite-1.9.1-maxreaders.patch
 # a9c7c0886acfb6ca4cae1426a623a8cff2e9846c
 # 13e5c53eab9e48be0925f48bdc1b9eeb3c1b1a04
 Patch2:		pcsc-lite-1.9.4-disable-polkit-option.patch
-BuildRequires:  make
+BuildRequires: make
 BuildRequires:  doxygen
 BuildRequires:  graphviz
 BuildRequires:  systemd-devel
@ -23,6 +25,8 @@ BuildRequires:  gettext-devel
 BuildRequires:  libtool
 BuildRequires:  gnupg2
 BuildRequires:  gcc
 BuildRequires:  python3-devel
 BuildRequires:  /usr/bin/pathfix.py
 Requires(post): systemd
 Requires(preun): systemd
@ -30,8 +34,9 @@ Requires(postun): systemd
 Requires:       pcsc-ifd-handler
 Requires:       %{name}-libs = %{version}-%{release}
 Requires:       polkit
 Requires:       python3
 Recommends:     pcsc-lite-ccid
-# This is bundled in upstream without simple way to remove
+# This is bundled in upstream withou simple way to remove
 Provides:       bundled(simclist) = 1.6
@ -46,14 +51,12 @@ line tools.
 %package        libs
 Summary:        PC/SC Lite libraries
 Group:          System Environment/Libraries
 %description    libs
 PC/SC Lite libraries.
 %package        devel
 Summary:        PC/SC Lite development files
 Group:          Development/Libraries
 Requires:       %{name}-libs = %{version}-%{release}
 %description    devel
@ -61,7 +64,6 @@ PC/SC Lite development files.
 %package        doc
 Summary:        PC/SC Lite developer documentation
 Group:          Documentation
 BuildArch:      noarch
 Requires:       %{name}-libs = %{version}-%{release}
@ -74,6 +76,7 @@ gpgv2 --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
 %setup -q
 %patch1 -p 0 -b .maxreaders
 %patch2 -p 1 -b .disable-polkit
 # Convert to utf-8
 for file in ChangeLog; do
@ -90,6 +93,8 @@ done
  --enable-usbdropdir=%{_libdir}/pcsc/drivers
 %make_build
 doxygen doc/doxygen.conf ; rm -f doc/api/*.{map,md5}
 pathfix.py -pni "%{__python3} %{py3_shbang_opts}" src/spy/pcsc-spy
 %install
 %make_install
@ -101,6 +106,7 @@ mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/run/pcscd
 rm $RPM_BUILD_ROOT%{_libdir}/*.la
 %post
 %systemd_post pcscd.socket pcscd.service
 # If install, test if pcscd socket is enabled.
@ -119,9 +125,7 @@ fi
 %postun
 %systemd_postun_with_restart pcscd.socket pcscd.service
-%post libs -p /sbin/ldconfig
+%ldconfig_scriptlets libs
 %postun libs -p /sbin/ldconfig
 %files
@ -155,24 +159,60 @@ fi
 %changelog
-* Fri Jan 07 2022 Jakub Jelen <jjelen@redhat.com> - 1.9.5-1
+* Fri Oct 25 2024 Jakub Jelen <jjelen@redhat.com> - 1.9.4-2
- Rebase to 1.9.5 version to address race conditions (#2014641)
+- Backport --disable-polkit option (RHEL-34856)
 - Drop dowstream polkit policy to avoid repeated authentication requests in remote sessions (#1928154)
-* Thu Jun 17 2021 Bob Relyea <rrelyea@redhat.com> - 1.8.23-4.1
+* Thu Nov 18 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.4-1
- rebuild to retrigger gating
+- Rebase to current version from Fedora (#2017828)
 - Use of upstrea polkit policy preventing unneeded prompts
-* Thu Jun 17 2021 Bob Relyea <rrelyea@redhat.com> - 1.8.23-4
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.9.1-4
- Update max readers to 48
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
  Related: rhbz#1991688
-* Fri May 10 2019 Bob Relyea <rrelyea@redhat.com> - 1.8.23-3.1
+* Fri Jun 25 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.1-3
- test gating.
+- Increase the maximum readers count (#1975422)
-* Fri Aug 24 2018 Bob Relyea <rrelyea@redhat.com> - 1.8.23-3
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.9.1-2
- Update max readers to 32
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
-* Fri Jun 22 2018 Troy Dawson <tdawson@redhat.com> - 1.8.23-2.1
+* Thu Feb 25 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.1-1
- Fix python shebangs (#1580842)
+- New upstream release (#1932519)
 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.0-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
 * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.0-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 * Mon Jun 15 2020 Jakub Jelen <jjelen@redhat.com> - 1.9.0-1
 - New upstream release (#1846925)
 * Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.26-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
 * Mon Jan 20 2020 Jakub Jelen <jjelen@redhat.com> - 1.8.26-1
 - New upstream release
 * Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.25-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
 * Fri Apr 05 2019 Jakub Jelen <jjelen@redhat.com> - 1.8.25-1
 - New upstream release (#1692559)
 - Fix memory leak in SCardEstablishContextTH() (#1684674)
 - Enable socket activation after installation (#1545027)
 * Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.24-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 * Tue Nov 20 2018 Jakub Jelen <jjelen@redhat.com> - 1.8.24-1
 - New upstream release (#1651353)
 * Mon Jul 23 2018 Jakub Jelen <jjelen@redhat.com> - 1.8.23-4
 - Add missing dependencies (#1605389)
 * Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.23-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 * Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.23-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
`@ -1,2 +1,2 @@`
	`SOURCES/gpgkey-F5E11B9FFE911146F41D953D78A1B4DFE8F9C57E.gpg`	`SOURCES/gpgkey-F5E11B9FFE911146F41D953D78A1B4DFE8F9C57E.gpg`
	`SOURCES/pcsc-lite-1.9.5.tar.bz2`	`SOURCES/pcsc-lite-1.9.4.tar.bz2`
`@ -1,2 +1,2 @@`
	`13df650b9548b4ef1b24ad11ef6b573af4d48011 SOURCES/gpgkey-F5E11B9FFE911146F41D953D78A1B4DFE8F9C57E.gpg`	`13df650b9548b4ef1b24ad11ef6b573af4d48011 SOURCES/gpgkey-F5E11B9FFE911146F41D953D78A1B4DFE8F9C57E.gpg`
	`66ab757215d5ea436e0f2dffb8594d71904e9d9c SOURCES/pcsc-lite-1.9.5.tar.bz2`	`b8ca342dfa650c2c4d25a86f6dbfa3aa019c2045 SOURCES/pcsc-lite-1.9.4.tar.bz2`