diff --git a/opensc-0.21.0.tar.gz b/opensc-0.21.0.tar.gz deleted file mode 100644 index ff0d1d6..0000000 --- a/opensc-0.21.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:2bfbbb1dcb4b8d8d75685a3e95c30798fb6411d4efab3690fd89d2cb25f3325e -size 2210878 diff --git a/opensc-0.22.0.tar.gz b/opensc-0.22.0.tar.gz new file mode 100644 index 0000000..14881b7 --- /dev/null +++ b/opensc-0.22.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8d4e5347195ebea332be585df61dcc470331c26969e4b0447c851fb0844c7186 +size 2287020 diff --git a/opensc-gcc11.patch b/opensc-gcc11.patch index ee020be..3462350 100644 --- a/opensc-gcc11.patch +++ b/opensc-gcc11.patch @@ -29,333 +29,3 @@ Date: Tue Feb 23 19:57:02 2021 +0100 https://bugzilla.redhat.com/show_bug.cgi?id=1930652 -diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c -index 18803b83..c65ec3ed 100644 ---- a/src/pkcs11/framework-pkcs15.c -+++ b/src/pkcs11/framework-pkcs15.c -@@ -670,6 +670,7 @@ __pkcs15_create_cert_object(struct pkcs15_fw_data *fw_data, struct sc_pkcs15_obj - { - struct sc_pkcs15_cert_info *p15_info = NULL; - struct sc_pkcs15_cert *p15_cert = NULL; -+ struct pkcs15_any_object *any_object = NULL; - struct pkcs15_cert_object *object = NULL; - struct pkcs15_pubkey_object *obj2 = NULL; - int rv; -@@ -686,8 +687,9 @@ __pkcs15_create_cert_object(struct pkcs15_fw_data *fw_data, struct sc_pkcs15_obj - } - - /* Certificate object */ -- rv = __pkcs15_create_object(fw_data, (struct pkcs15_any_object **) &object, -+ rv = __pkcs15_create_object(fw_data, &any_object, - cert, &pkcs15_cert_ops, sizeof(struct pkcs15_cert_object)); -+ object = (struct pkcs15_cert_object *) any_object; - if (rv < 0) { - if (p15_cert != NULL) - sc_pkcs15_free_certificate(p15_cert); -@@ -720,7 +722,7 @@ __pkcs15_create_cert_object(struct pkcs15_fw_data *fw_data, struct sc_pkcs15_obj - pkcs15_cert_extract_label(object); - - if (cert_object != NULL) -- *cert_object = (struct pkcs15_any_object *) object; -+ *cert_object = any_object; - - return 0; - } -@@ -730,6 +732,7 @@ static int - __pkcs15_create_pubkey_object(struct pkcs15_fw_data *fw_data, - struct sc_pkcs15_object *pubkey, struct pkcs15_any_object **pubkey_object) - { -+ struct pkcs15_any_object *any_object = NULL; - struct pkcs15_pubkey_object *object = NULL; - struct sc_pkcs15_pubkey *p15_key = NULL; - int rv; -@@ -758,8 +761,9 @@ __pkcs15_create_pubkey_object(struct pkcs15_fw_data *fw_data, - } - - /* Public key object */ -- rv = __pkcs15_create_object(fw_data, (struct pkcs15_any_object **) &object, -+ rv = __pkcs15_create_object(fw_data, &any_object, - pubkey, &pkcs15_pubkey_ops, sizeof(struct pkcs15_pubkey_object)); -+ object = (struct pkcs15_pubkey_object *) any_object; - if (rv >= 0) { - object->pub_info = (struct sc_pkcs15_pubkey_info *) pubkey->data; - object->pub_data = p15_key; -@@ -773,7 +777,7 @@ __pkcs15_create_pubkey_object(struct pkcs15_fw_data *fw_data, - object->pub_data->alg_id->params = &((object->pub_data->u).gostr3410.params); - } - if (pubkey_object != NULL) -- *pubkey_object = (struct pkcs15_any_object *) object; -+ *pubkey_object = any_object; - - return rv; - } -@@ -783,16 +787,18 @@ static int - __pkcs15_create_prkey_object(struct pkcs15_fw_data *fw_data, - struct sc_pkcs15_object *prkey, struct pkcs15_any_object **prkey_object) - { -+ struct pkcs15_any_object *any_object = NULL; - struct pkcs15_prkey_object *object = NULL; - int rv; - -- rv = __pkcs15_create_object(fw_data, (struct pkcs15_any_object **) &object, -+ rv = __pkcs15_create_object(fw_data, &any_object, - prkey, &pkcs15_prkey_ops, sizeof(struct pkcs15_prkey_object)); -+ object = (struct pkcs15_prkey_object *) any_object; - if (rv >= 0) - object->prv_info = (struct sc_pkcs15_prkey_info *) prkey->data; - - if (prkey_object != NULL) -- *prkey_object = (struct pkcs15_any_object *) object; -+ *prkey_object = any_object; - - return rv; - } -@@ -802,18 +808,20 @@ static int - __pkcs15_create_data_object(struct pkcs15_fw_data *fw_data, - struct sc_pkcs15_object *object, struct pkcs15_any_object **data_object) - { -+ struct pkcs15_any_object *any_object = NULL; - struct pkcs15_data_object *dobj = NULL; - int rv; - -- rv = __pkcs15_create_object(fw_data, (struct pkcs15_any_object **) &dobj, -+ rv = __pkcs15_create_object(fw_data, &any_object, - object, &pkcs15_dobj_ops, sizeof(struct pkcs15_data_object)); -+ dobj = (struct pkcs15_data_object *) any_object; - if (rv >= 0) { - dobj->info = (struct sc_pkcs15_data_info *) object->data; - dobj->value = NULL; - } - - if (data_object != NULL) -- *data_object = (struct pkcs15_any_object *) dobj; -+ *data_object = any_object; - - return rv; - } -@@ -853,16 +861,18 @@ static int - __pkcs15_create_secret_key_object(struct pkcs15_fw_data *fw_data, - struct sc_pkcs15_object *object, struct pkcs15_any_object **skey_object) - { -+ struct pkcs15_any_object *any_object = NULL; - struct pkcs15_skey_object *skey = NULL; - int rv; - -- rv = __pkcs15_create_object(fw_data, (struct pkcs15_any_object **) &skey, -+ rv = __pkcs15_create_object(fw_data, &any_object, - object, &pkcs15_skey_ops, sizeof(struct pkcs15_skey_object)); -+ skey = (struct pkcs15_skey_object *) any_object; - if (rv >= 0) - skey->info = (struct sc_pkcs15_skey_info *) object->data; - - if (skey_object != NULL) -- *skey_object = (struct pkcs15_any_object *) skey; -+ *skey_object = any_object; - - return rv; - } -diff --git a/src/libopensc/pkcs15-westcos.c b/src/libopensc/pkcs15-westcos.c -index 885abd37..9277061b 100644 ---- a/src/libopensc/pkcs15-westcos.c -+++ b/src/libopensc/pkcs15-westcos.c -@@ -124,18 +124,17 @@ static int sc_pkcs15emu_westcos_init(sc_pkcs15_card_t * p15card) - struct sc_pkcs15_pubkey_info pubkey_info; - struct sc_pkcs15_object pubkey_obj; - struct sc_pkcs15_pubkey *pkey = NULL; -+ sc_pkcs15_cert_t *cert = NULL; -+ - memset(&cert_info, 0, sizeof(cert_info)); - memset(&cert_obj, 0, sizeof(cert_obj)); - cert_info.id.len = 1; - cert_info.id.value[0] = 0x45; - cert_info.authority = 0; - cert_info.path = path; -- r = sc_pkcs15_read_certificate(p15card, &cert_info, -- (sc_pkcs15_cert_t -- **) (&cert_obj.data)); -+ r = sc_pkcs15_read_certificate(p15card, &cert_info, &cert); -+ cert_obj.data = (void *) cert; - if (!r) { -- sc_pkcs15_cert_t *cert = -- (sc_pkcs15_cert_t *) (cert_obj.data); - strlcpy(cert_obj.label, "User certificate", - sizeof(cert_obj.label)); - cert_obj.flags = SC_PKCS15_CO_FLAG_MODIFIABLE; -diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c -index c65ec3ed..a5e6ff1f 100644 ---- a/src/pkcs11/framework-pkcs15.c -+++ b/src/pkcs11/framework-pkcs15.c -@@ -673,6 +673,7 @@ __pkcs15_create_cert_object(struct pkcs15_fw_data *fw_data, struct sc_pkcs15_obj - struct pkcs15_any_object *any_object = NULL; - struct pkcs15_cert_object *object = NULL; - struct pkcs15_pubkey_object *obj2 = NULL; -+ struct pkcs15_any_object *any_object2 = NULL; - int rv; - - p15_info = (struct sc_pkcs15_cert_info *) cert->data; -@@ -700,10 +701,11 @@ __pkcs15_create_cert_object(struct pkcs15_fw_data *fw_data, struct sc_pkcs15_obj - object->cert_data = p15_cert; - - /* Corresponding public key */ -- rv = public_key_created(fw_data, &p15_info->id, (struct pkcs15_any_object **) &obj2); -+ rv = public_key_created(fw_data, &p15_info->id, &any_object2); - if (rv != SC_SUCCESS) -- rv = __pkcs15_create_object(fw_data, (struct pkcs15_any_object **) &obj2, -+ rv = __pkcs15_create_object(fw_data, &any_object2, - NULL, &pkcs15_pubkey_ops, sizeof(struct pkcs15_pubkey_object)); -+ obj2 = (struct pkcs15_pubkey_object *) any_object2; - if (rv < 0) - return rv; - -@@ -2975,14 +2977,17 @@ set_gost3410_params(struct sc_pkcs15init_prkeyargs *prkey_args, - const CK_BYTE * gost_params_encoded_oid_from_template; - const CK_BYTE * gost_hash_params_encoded_oid_from_template; - size_t len, param_index, hash_index; -+ void *ptr = NULL; - CK_RV rv; - - /* If template has CKA_GOSTR3410_PARAMS attribute, set param_index to - * corresponding item's index in gostr3410_param_oid[] */ -- if (pPrivTpl && ulPrivCnt) -- rv = attr_find_ptr2(pPubTpl, ulPubCnt, pPrivTpl, ulPrivCnt, CKA_GOSTR3410_PARAMS, (void **)&gost_params_encoded_oid_from_template, &len); -- else -- rv = attr_find_ptr(pPubTpl, ulPubCnt, CKA_GOSTR3410_PARAMS, (void **)&gost_params_encoded_oid_from_template, &len); -+ if (pPrivTpl && ulPrivCnt) { -+ rv = attr_find_ptr2(pPubTpl, ulPubCnt, pPrivTpl, ulPrivCnt, CKA_GOSTR3410_PARAMS, &ptr, &len); -+ } else { -+ rv = attr_find_ptr(pPubTpl, ulPubCnt, CKA_GOSTR3410_PARAMS, &ptr, &len); -+ } -+ gost_params_encoded_oid_from_template = (const CK_BYTE *) ptr; - - if (rv == CKR_OK) { - size_t nn = sizeof(gostr3410_param_oid)/sizeof(gostr3410_param_oid[0]); -@@ -3005,10 +3010,12 @@ set_gost3410_params(struct sc_pkcs15init_prkeyargs *prkey_args, - - /* If template has CKA_GOSTR3411_PARAMS attribute, set hash_index to - * corresponding item's index in gostr3410_hash_param_oid[] */ -- if (pPrivTpl && ulPrivCnt) -- rv = attr_find_ptr2(pPubTpl, ulPubCnt, pPrivTpl, ulPrivCnt, CKA_GOSTR3411_PARAMS, (void **)&gost_hash_params_encoded_oid_from_template, &len); -- else -- rv = attr_find_ptr(pPubTpl, ulPubCnt, CKA_GOSTR3411_PARAMS, (void **)&gost_hash_params_encoded_oid_from_template, &len); -+ if (pPrivTpl && ulPrivCnt) { -+ rv = attr_find_ptr2(pPubTpl, ulPubCnt, pPrivTpl, ulPrivCnt, CKA_GOSTR3411_PARAMS, &ptr, &len); -+ } else { -+ rv = attr_find_ptr(pPubTpl, ulPubCnt, CKA_GOSTR3411_PARAMS, &ptr, &len); -+ } -+ gost_hash_params_encoded_oid_from_template = ptr; - - if (rv == CKR_OK) { - size_t nn = sizeof(gostr3410_hash_param_oid)/sizeof(gostr3410_hash_param_oid[0]); -@@ -3155,9 +3162,11 @@ pkcs15_gen_keypair(struct sc_pkcs11_slot *slot, CK_MECHANISM_PTR pMechanism, - } - else if (keytype == CKK_EC) { - struct sc_lv_data *der = &keygen_args.prkey_args.key.u.ec.params.der; -+ void *ptr = NULL; - - der->len = sizeof(struct sc_object_id); -- rv = attr_find_and_allocate_ptr(pPubTpl, ulPubCnt, CKA_EC_PARAMS, (void **)&der->value, &der->len); -+ rv = attr_find_and_allocate_ptr(pPubTpl, ulPubCnt, CKA_EC_PARAMS, &ptr, &der->len); -+ der->value = (unsigned char *) ptr; - if (rv != CKR_OK) { - sc_unlock(p11card->card); - return sc_to_cryptoki_error(rc, "C_GenerateKeyPair"); -diff --git a/src/pkcs11/pkcs11-object.c b/src/pkcs11/pkcs11-object.c -index 8fb3e5af..a6c91ce1 100644 ---- a/src/pkcs11/pkcs11-object.c -+++ b/src/pkcs11/pkcs11-object.c -@@ -347,6 +347,7 @@ C_FindObjectsInit(CK_SESSION_HANDLE hSession, /* the session's handle */ - struct sc_pkcs11_object *object; - struct sc_pkcs11_find_operation *operation; - struct sc_pkcs11_slot *slot; -+ struct sc_pkcs11_operation *op = NULL; - - if (pTemplate == NULL_PTR && ulCount > 0) - return CKR_ARGUMENTS_BAD; -@@ -363,7 +364,8 @@ C_FindObjectsInit(CK_SESSION_HANDLE hSession, /* the session's handle */ - dump_template(SC_LOG_DEBUG_NORMAL, "C_FindObjectsInit()", pTemplate, ulCount); - - rv = session_start_operation(session, SC_PKCS11_OPERATION_FIND, -- &find_mechanism, (struct sc_pkcs11_operation **)&operation); -+ &find_mechanism, &op); -+ operation = (struct sc_pkcs11_find_operation *) op; - if (rv != CKR_OK) - goto out; - -diff --git a/src/pkcs11/pkcs11-object.c b/src/pkcs11/pkcs11-object.c -index a6c91ce1..603a6713 100644 ---- a/src/pkcs11/pkcs11-object.c -+++ b/src/pkcs11/pkcs11-object.c -@@ -453,6 +453,7 @@ C_FindObjects(CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_ULONG to_return; - struct sc_pkcs11_session *session; - struct sc_pkcs11_find_operation *operation; -+ struct sc_pkcs11_operation *op = NULL; - - if (phObject == NULL_PTR || ulMaxObjectCount == 0 || pulObjectCount == NULL_PTR) - return CKR_ARGUMENTS_BAD; -@@ -465,7 +466,8 @@ C_FindObjects(CK_SESSION_HANDLE hSession, /* the session's handle */ - if (rv != CKR_OK) - goto out; - -- rv = session_get_operation(session, SC_PKCS11_OPERATION_FIND, (sc_pkcs11_operation_t **) & operation); -+ rv = session_get_operation(session, SC_PKCS11_OPERATION_FIND, &op); -+ operation = (struct sc_pkcs11_find_operation *) op; - if (rv != CKR_OK) - goto out; - -diff --git a/src/tools/pkcs11-register.c b/src/tools/pkcs11-register.c -index 007ff1ae..873ebcba 100644 ---- a/src/tools/pkcs11-register.c -+++ b/src/tools/pkcs11-register.c -@@ -123,13 +123,15 @@ add_module_pkcs11_txt(const char *profile_dir, - char pkcs11_txt_path[PATH_MAX]; - char *pkcs11_txt = NULL; - size_t pkcs11_txt_len = 0; -+ unsigned char *txt = NULL; -+ - if (!profile_dir - || snprintf(pkcs11_txt_path, sizeof pkcs11_txt_path, - "%s%c%s", profile_dir, path_sep, "pkcs11.txt") < 0 -- || !fread_to_eof(pkcs11_txt_path, -- (unsigned char **) &pkcs11_txt, &pkcs11_txt_len)) { -+ || !fread_to_eof(pkcs11_txt_path, &txt, &pkcs11_txt_len)) { - goto err; - } -+ pkcs11_txt = (char *)txt; - char *p = realloc(pkcs11_txt, pkcs11_txt_len+1); - if (!p) - goto err; -diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c -index a4d9c94b..35b96792 100644 ---- a/src/tools/pkcs11-tool.c -+++ b/src/tools/pkcs11-tool.c -@@ -6303,11 +6303,12 @@ static CK_SESSION_HANDLE test_kpgen_certwrite(CK_SLOT_ID slot, CK_SESSION_HANDLE - return session; - } - -- tmp = getID(session, priv_key, (CK_ULONG *) &opt_object_id_len); -- if (opt_object_id_len == 0) { -+ tmp = getID(session, priv_key, &i); -+ if (i == 0) { - fprintf(stderr, "ERR: newly generated private key has no (or an empty) CKA_ID\n"); - return session; - } -+ opt_object_id_len = (size_t) i; - memcpy(opt_object_id, tmp, opt_object_id_len); - - /* This is done in NSS */ -@@ -6485,11 +6486,12 @@ static void test_ec(CK_SLOT_ID slot, CK_SESSION_HANDLE session) - if (!gen_keypair(slot, session, &pub_key, &priv_key, opt_key_type)) - return; - -- tmp = getID(session, priv_key, (CK_ULONG *) &opt_object_id_len); -- if (opt_object_id_len == 0) { -+ tmp = getID(session, priv_key, &i); -+ if (i == 0) { - printf("ERR: newly generated private key has no (or an empty) CKA_ID\n"); - return; - } -+ i = (size_t) opt_object_id_len; - memcpy(opt_object_id, tmp, opt_object_id_len); - - /* This is done in NSS */ diff --git a/opensc-rpmlintrc b/opensc-rpmlintrc index a8441c2..916ca6a 100644 --- a/opensc-rpmlintrc +++ b/opensc-rpmlintrc @@ -1,5 +1,3 @@ -# Private library don't need to be in a separate package. -addFilter("shlib-policy-missing-suffix") # There is no devel package any more. addFilter("obsolete-not-provided") addFilter("devel-file-in-non-devel-package") diff --git a/opensc.changes b/opensc.changes index 8288a48..4354ac8 100644 --- a/opensc.changes +++ b/opensc.changes @@ -1,3 +1,39 @@ +------------------------------------------------------------------- +Mon Oct 4 12:59:24 UTC 2021 - Daniel Donisa + +- Update to OpenSC 0.22.0: + * Removed changes in opensc-gcc11.patch already present in upstream. + - See https://github.com/OpenSC/OpenSC/pull/2241/commits/e549e9c62eb4fcd2260800e2665071e4dd9bbbda + * Removed some false positives from the openrc-rpmlintrc file. + * Use standard paths for file cache on Linux (#2148) and OSX (#2214) + * Various issues of memory/buffer handling in legacy drivers mostly reported by oss-fuzz and coverity (tcos, oberthur, isoapplet, iasecc, westcos, gpk, flex, dnie, mcrd, authentic, belpic) + * Add threading test to `pkcs11-tool` (#2067) + * Add support to generate generic secret keys (#2140) + * `opensc-explorer`: Print information about LCS (Life cycle status byte) (#2195) + * Add support for Apple's arm64 (M1) binaries, removed TokenD. A seperate installer with TokenD (and without arm64 binaries) will be available (#2179). + * Support for gcc11 and its new strict aliasing rules (#2241, #2260) + * Initial support for building with OpenSSL 3.0 (#2343) + * pkcs15-tool: Write data objects in binary mode (#2324) + * Avoid limited size of log messages (#2352) + * Support for ECDSA verification (#2211) + * Support for ECDSA with different SHA hashes (#2190) + * Prevent issues in p11-kit by not returning unexpected return codes (#2207) + * Add support for PKCS#11 3.0: The new interfaces, profile objects and functions (#2096, #2293) + * Standardize the version 2 on 2.20 in the code (#2096) + * Fix CKA_MODIFIABLE and CKA_EXTRACTABLE (#2176) + * Copy arguments of C_Initialize (#2350) + * Fix RSA-PSS signing (#2234) + * Fix DO deletion (#2215) + * Add support for (X)EdDSA keys (#1960) + * Add support for applet version 3 and fix RSA-PSS mechanisms (#2205) + * Add support for applet version 4 (#2332) + * New configuration option for opensc.conf to disable pkcs1_padding (#2193) + * Add support for ECDSA with different hashes (#2190) + * Enable more mechanisms (#2178) + * Fixed asking for a user pin when formatting a card (#1737) + * Added support for French CPx Healthcare cards (#2217) + * Added ATR for new CardOS 5.4 version (#2296) + ------------------------------------------------------------------- Sun Jun 27 16:48:49 UTC 2021 - Predrag Ivanović diff --git a/opensc.spec b/opensc.spec index 0d1ae09..3b74481 100644 --- a/opensc.spec +++ b/opensc.spec @@ -18,7 +18,7 @@ %define completionsdir %(pkg-config --variable completionsdir bash-completion) Name: opensc -Version: 0.21.0 +Version: 0.22.0 Release: 0 Summary: Smart Card Utilities License: LGPL-2.1-or-later