OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pcsc-lite?expand=0&rev=15

pcsc-lite-1.5.1.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:98591dacf84b78ed2d01a48234d9f00217e7e99ae0012c73232c98e8b74eafe5
-size 465677

pcsc-lite-1.5.3.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2dd18024f5730587cbfac04da8fd57b8910ce79e4e98f5a311f72e797f0485dd
+size 469752

pcsc-lite-init.patch

@@ -1,6 +1,12 @@
 --- etc/pcscd.init.in
 +++ etc/pcscd.init.in
-@@ -29,7 +29,8 @@
+@@ -24,12 +24,14 @@
+ #              PC/SC lite and Musclecard frameworks.  It coordinates
+ #              communications with smart card readers, smart cards, and
+ #              cryptographic tokens that are connected to the system.
++# X-UnitedLinux-Default-Enabled: yes
+ ### END INIT INFO
+ #
  # Note!  pcscd should be started after pcmcia, and shut down before it
  # for smooth experience with PCMCIA readers.
  
@@ -10,7 +16,7 @@
  
  umask 077
  
-@@ -45,19 +46,21 @@
+@@ -45,19 +47,21 @@
  
  start() {
      echo -n $"Starting PC/SC smart card daemon ($prog): "
@@ -36,7 +42,7 @@
  }
  restart() {
      stop
-@@ -73,12 +76,19 @@
+@@ -73,12 +77,19 @@
          restart
          ;;
      status)

pcsc-lite-overflow.patch

@@ -0,0 +1,125 @@
+Author: rousseau
+Date: Thu May 14 09:29:39 2009
+New Revision: 4208
+
+URL: http://svn.debian.org/wsvn/pcsclite/?sc=1&rev=4208
+Log:
+MSGFunctionDemarshall(): detect buffer overflows
+
+Thanks to Sebastian Krahmer for the bug report
+
+Modified:
+    trunk/PCSC/src/winscard_svc.c
+
+Modified: trunk/PCSC/src/winscard_svc.c
+URL: http://svn.debian.org/wsvn/pcsclite/trunk/PCSC/src/winscard_svc.c?rev=4208&op=diff
+==============================================================================
+--- trunk/PCSC/src/winscard_svc.c (original)
++++ trunk/PCSC/src/winscard_svc.c Thu May 14 09:29:39 2009
+@@ -387,6 +387,14 @@
+ 		dwProtocol = stStr->pdwProtocol;
+ 		cbAtrLen = stStr->pcbAtrLen;
+ 
++		/* avoids buffer overflow */
++		if ((cchReaderLen > sizeof(stStr->mszReaderNames))
++			|| (cbAtrLen > sizeof(stStr->pbAtr)))
++		{
++			stStr->rv = SCARD_E_INSUFFICIENT_BUFFER ;
++			break;
++		}
++
+ 		stStr->rv = SCardStatus(stStr->hCard, stStr->mszReaderNames,
+ 			&cchReaderLen, &dwState,
+ 			&dwProtocol, stStr->pbAtr, &cbAtrLen);
+@@ -401,6 +409,14 @@
+ 		trStr = ((transmit_struct *) msgStruct->data);
+ 		rv = MSGCheckHandleAssociation(trStr->hCard, dwContextIndex);
+ 		if (rv != 0) return rv;
++
++		/* avoids buffer overflow */
++		if ((trStr->pcbRecvLength > sizeof(trStr->pbRecvBuffer))
++			|| (trStr->cbSendLength > sizeof(trStr->pbSendBuffer)))
++		{
++			trStr->rv = SCARD_E_INSUFFICIENT_BUFFER ;
++			break;
++		}
+ 
+ 		ioSendPci.dwProtocol = trStr->pioSendPciProtocol;
+ 		ioSendPci.cbPciLength = trStr->pioSendPciLength;
+@@ -426,6 +442,14 @@
+ 		rv = MSGCheckHandleAssociation(ctStr->hCard, dwContextIndex);
+ 		if (rv != 0) return rv;
+ 
++		/* avoids buffer overflow */
++		if ((ctStr->dwBytesReturned > sizeof(ctStr->cbRecvLength))
++			|| (ctStr->cbSendLength > sizeof(ctStr->pbSendBuffer)))
++		{
++			ctStr->rv = SCARD_E_INSUFFICIENT_BUFFER;
++			break;
++		}
++
+ 		dwBytesReturned = ctStr->dwBytesReturned;
+ 
+ 		ctStr->rv = SCardControl(ctStr->hCard, ctStr->dwControlCode,
+@@ -442,6 +466,13 @@
+ 		rv = MSGCheckHandleAssociation(gsStr->hCard, dwContextIndex);
+ 		if (rv != 0) return rv;
+ 
++		/* avoids buffer overflow */
++		if (gsStr->cbAttrLen > sizeof(gsStr->pbAttr))
++		{
++			gsStr->rv = SCARD_E_INSUFFICIENT_BUFFER ;
++			break;
++		}
++
+ 		cbAttrLen = gsStr->cbAttrLen;
+ 
+ 		gsStr->rv = SCardGetAttrib(gsStr->hCard, gsStr->dwAttrId,
+@@ -455,6 +486,14 @@
+ 		gsStr = ((getset_struct *) msgStruct->data);
+ 		rv = MSGCheckHandleAssociation(gsStr->hCard, dwContextIndex);
+ 		if (rv != 0) return rv;
++
++		/* avoids buffer overflow */
++		if (gsStr->cbAttrLen <= sizeof(gsStr->pbAttr))
++		{
++			gsStr->rv = SCARD_E_INSUFFICIENT_BUFFER ;
++			break;
++		}
++
+ 		gsStr->rv = SCardSetAttrib(gsStr->hCard, gsStr->dwAttrId,
+ 			gsStr->pbAttr, gsStr->cbAttrLen);
+ 		break;
+@@ -468,6 +507,15 @@
+ 			treStr = ((transmit_struct_extended *) msgStruct->data);
+ 			rv = MSGCheckHandleAssociation(treStr->hCard, dwContextIndex);
+ 			if (rv != 0) return rv;
++
++			/* avoids buffer overflow */
++			if ((treStr->size > sizeof(pbSendBuffer))
++				|| (treStr->cbSendLength > sizeof(pbSendBuffer))
++				|| (treStr->pcbRecvLength > sizeof(pbRecvBuffer)))
++			{
++				treStr->rv = SCARD_E_INSUFFICIENT_BUFFER;
++				break;
++			}
+ 
+ 			/* on more block to read? */
+ 			if (treStr->size > PCSCLITE_MAX_MESSAGE_SIZE)
+@@ -549,6 +597,15 @@
+ 			cteStr = ((control_struct_extended *) msgStruct->data);
+ 			rv = MSGCheckHandleAssociation(cteStr->hCard, dwContextIndex);
+ 			if (rv != 0) return rv;
++
++			/* avoids buffer overflow */
++			if ((cteStr->size > sizeof(pbSendBuffer))
++				|| (cteStr->cbSendLength > sizeof(pbSendBuffer))
++				|| (cteStr->cbRecvLength > sizeof(pbRecvBuffer)))
++			{
++				cteStr->rv = SCARD_E_INSUFFICIENT_BUFFER;
++				break;
++			}
+ 
+ 			/* on more block to read? */
+ 			if (cteStr->size > PCSCLITE_MAX_MESSAGE_SIZE)
+

pcsc-lite-strict-aliasing.patch

@@ -0,0 +1,149 @@
+winscard_clnt.c:505: warning: dereferencing pointer 'veStr' does break strict-aliasing rules
+winscard_clnt.c:504: warning: dereferencing pointer 'veStr' does break strict-aliasing rules
+winscard_clnt.c:501: warning: dereferencing pointer 'veStr' does break strict-aliasing rules
+winscard_clnt.c:501: warning: dereferencing pointer 'veStr' does break strict-aliasing rules
+winscard_clnt.c:485: warning: dereferencing pointer 'veStr' does break strict-aliasing rules
+winscard_clnt.c:484: warning: dereferencing pointer 'veStr' does break strict-aliasing rules
+winscard_svc.c:209: warning: dereferencing pointer 'veStr' does break strict-aliasing rules
+winscard_svc.c:208: warning: dereferencing pointer 'veStr' does break strict-aliasing rules
+winscard_svc.c:204: warning: dereferencing pointer 'veStr' does break strict-aliasing rules
+winscard_svc.c:198: warning: dereferencing pointer 'veStr' does break strict-aliasing rules
+winscard_svc.c:198: warning: dereferencing pointer 'veStr' does break strict-aliasing rules
+winscard_svc.c:196: warning: dereferencing pointer 'veStr' does break strict-aliasing rules
+winscard_svc.c:196: warning: dereferencing pointer 'veStr' does break strict-aliasing rules
+winscard_svc.c:194: warning: dereferencing pointer 'veStr' does break strict-aliasing rules
+winscard_svc.c:191: warning: dereferencing pointer 'veStr' does break strict-aliasing rules
+winscard_svc.c:187: warning: dereferencing pointer 'veStr' does break strict-aliasing rules
+winscard_svc.c:187: warning: dereferencing pointer 'veStr' does break strict-aliasing rules
+winscard_svc.c:185: warning: dereferencing pointer 'veStr' does break strict-aliasing rules
+winscard_svc.c:184: warning: dereferencing pointer 'veStr' does break strict-aliasing rules
+cc1: warning: dereferencing pointer 'veStr' does break strict-aliasing rules
+testpcsc.c:313: warning: dereferencing type-punned pointer will break strict-aliasing rules
+testpcsc.c:323: warning: dereferencing type-punned pointer will break strict-aliasing rules
+================================================================================
+--- src/testpcsc.c
++++ src/testpcsc.c
+@@ -65,7 +65,11 @@
+ #else
+ 	unsigned char pbAtr[MAX_ATR_SIZE];
+ #endif
+-	unsigned char buf[100];
++	union {
++		unsigned char _char[100];
++		DWORD _DWORD[1];
++		uint32_t _uint32_t[1];
++	} buf;
+ 	DWORD dwBufLen;
+ 	unsigned char *pbAttr = NULL;
+ 	DWORD pcbAttrLen;
+@@ -306,31 +310,31 @@
+ 
+ 	printf("Testing SCardGetAttrib\t\t: ");
+ 	dwBufLen = sizeof(buf);
+-	rv = SCardGetAttrib(hCard, SCARD_ATTR_VENDOR_IFD_VERSION, buf, &dwBufLen);
++	rv = SCardGetAttrib(hCard, SCARD_ATTR_VENDOR_IFD_VERSION, buf._char, &dwBufLen);
+ 	test_rv(rv, hContext, DONT_PANIC);
+ 	if (rv == SCARD_S_SUCCESS)
+ 		printf("Vendor IFD version\t\t: " GREEN "0x%08lX\n" NORMAL,
+-			((DWORD *)buf)[0]);
++			buf._DWORD[0]);
+ 
+ 	printf("Testing SCardGetAttrib\t\t: ");
+ 	dwBufLen = sizeof(buf);
+-	rv = SCardGetAttrib(hCard, SCARD_ATTR_MAXINPUT, buf, &dwBufLen);
++	rv = SCardGetAttrib(hCard, SCARD_ATTR_MAXINPUT, buf._char, &dwBufLen);
+ 	test_rv(rv, hContext, DONT_PANIC);
+ 	if (rv == SCARD_S_SUCCESS)
+ 	{
+ 		if (dwBufLen == sizeof(uint32_t))
+ 			printf("Max message length\t\t: " GREEN "%d\n" NORMAL,
+-				*(uint32_t *)buf);
++				buf._uint32_t[0]);
+ 		else
+ 			printf(RED "Wrong size" NORMAL);
+ 	}
+ 
+ 	printf("Testing SCardGetAttrib\t\t: ");
+ 	dwBufLen = sizeof(buf);
+-	rv = SCardGetAttrib(hCard, SCARD_ATTR_VENDOR_NAME, buf, &dwBufLen);
++	rv = SCardGetAttrib(hCard, SCARD_ATTR_VENDOR_NAME, buf._char, &dwBufLen);
+ 	test_rv(rv, hContext, DONT_PANIC);
+ 	if (rv == SCARD_S_SUCCESS)
+-		printf("Vendor name\t\t\t: " GREEN "%s\n" NORMAL, buf);
++		printf("Vendor name\t\t\t: " GREEN "%s\n" NORMAL, buf._char);
+ 
+ 	printf("Testing SCardSetAttrib\t\t: ");
+ 	rv = SCardSetAttrib(hCard, SCARD_ATTR_ATR_STRING, (LPCBYTE)"", 1);
+--- src/winscard_clnt.c
++++ src/winscard_clnt.c
+@@ -480,7 +480,7 @@
+ 		msgStruct.command = 0;
+ 		msgStruct.date = time(NULL);
+ 
+-		veStr = (version_struct *) msgStruct.data;
++		veStr = &msgStruct.veStr;
+ 		veStr->major = PROTOCOL_VERSION_MAJOR;
+ 		veStr->minor = PROTOCOL_VERSION_MINOR;
+ 
+--- src/winscard_msg.h
++++ src/winscard_msg.h
+@@ -31,6 +31,17 @@
+ #endif
+ 
+ 	/**
++	 * @brief Information transmitted in \ref CMD_VERSION Messages.
++	 */
++	struct version_struct
++	{
++		int32_t major;	/**< IPC major \ref PROTOCOL_VERSION_MAJOR */
++		int32_t minor;	/**< IPC minor \ref PROTOCOL_VERSION_MINOR */
++		uint32_t rv;
++	};
++	typedef struct version_struct version_struct;
++
++	/**
+ 	 * @brief General structure for client/serve message data exchange.
+ 	 *
+ 	 * It is used in the calls of \c SHMMessageSend and \c SHMMessageReceive.
+@@ -49,7 +60,11 @@
+ 		uint32_t command;	/** one of the \c pcsc_msg_commands */
+ 		uint64_t date;
+ 		unsigned char key[PCSCLITE_MSG_KEY_LEN]; /* 16 bytes */
+-		unsigned char data[PCSCLITE_MAX_MESSAGE_SIZE];
++		union
++		{
++			unsigned char data[PCSCLITE_MAX_MESSAGE_SIZE];
++			struct version_struct veStr;
++		};
+ 	}
+ 	sharedSegmentMsg, *psharedSegmentMsg;
+ 
+@@ -93,17 +108,6 @@
+ 		SCARD_CONTROL_EXTENDED = 0x12	/**< used by SCardControl() */
+ 	};
+ 
+-	/**
+-	 * @brief Information transmitted in \ref CMD_VERSION Messages.
+-	 */
+-	struct version_struct
+-	{
+-		int32_t major;	/**< IPC major \ref PROTOCOL_VERSION_MAJOR */
+-		int32_t minor;	/**< IPC minor \ref PROTOCOL_VERSION_MINOR */
+-		uint32_t rv;
+-	};
+-	typedef struct version_struct version_struct;
+-
+ 	struct client_struct
+ 	{
+ 		uint32_t hContext;
+--- src/winscard_svc.c
++++ src/winscard_svc.c
+@@ -178,7 +178,7 @@
+ 				if (msgStruct.mtype == CMD_VERSION)
+ 				{
+ 					version_struct *veStr;
+-					veStr = (version_struct *) msgStruct.data;
++					veStr = &msgStruct.veStr;
+ 
+ 					/* get the client protocol version */
+ 					psContext[dwContextIndex].protocol_major = veStr->major;

pcsc-lite.changes

@@ -1,3 +1,37 @@
+-------------------------------------------------------------------
+Wed May 27 17:17:37 CEST 2009 - sbrabec@suse.cz
+
+- Updated to version 1.5.3:
+  * SCardEstablishContext(): check we do not reuse an already
+    allocated hContext
+  * pcsclite.h: add missing SCARD_E_* and SCARD_W_* return code.
+  * reader.h: add PIN_PROPERTIES_STRUCTURE structure and
+    FEATURE_IFD_PIN_PROPERTIES
+  * remove powermgt_macosx.c since it is using APSL version 1.1
+    instead of the BSD-like licence (bnc#474818)
+  * avoid a possible crash due to a race condition
+  * change default log level from PCSC_LOG_INFO to PCSC_LOG_ERROR
+  * CardDisconnect(): call RFUnlockAllSharing() instead of
+    RFUnlockSharing() to release all nested locks. Visible in
+    OpenSC "pkcs11-tool -I".
+  * some other minor improvements and bug corrections
+- Fixed possible overflows (bnc#499734).
+
+-------------------------------------------------------------------
+Thu Apr  9 16:01:54 CEST 2009 - sbrabec@suse.cz
+
+- Updated to version 1.5.2:
+  * SCardGetStatusChange(): return if the state of the reader
+    changed since the previous call
+  * SCardCancel() now works as expected
+  * log TxBuffer and RxBuffer if the SCardControl() command failed
+  * add a mutex to avoid a race condition 
+  * SCardGetStatusChange() may not return if the reader was removed
+  * some other minor improvements and bug corrections
+- Start daemon by default (bnc#466430).
+- Ensure that Apple Public Source License Version 1.1 does not
+  apply (bnc#474818).
+
 -------------------------------------------------------------------
 Tue Feb  3 13:41:22 CET 2009 - sbrabec@suse.cz
 

pcsc-lite.spec

@@ -1,5 +1,5 @@
 #
-# spec file for package pcsc-lite (Version 1.5.1)
+# spec file for package pcsc-lite (Version 1.5.3)
 #
 # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
@@ -22,7 +22,7 @@ Name:           pcsc-lite
 # FIXME: Maybe we should use /usr/lib/pcsc/drivers as others do:
 %define ifddir %{_libdir}/readers
 BuildRequires:  hal-devel pkg-config readline-devel
-Version:        1.5.1
+Version:        1.5.3
 Release:        1
 PreReq:         %{insserv_prereq} %{fillup_prereq}
 Group:          Productivity/Security
@@ -35,6 +35,10 @@ Source2:        README.SUSE
 Source3:        pre_checkin.sh
 Patch:          pcsc-lite-musclecard.patch
 Patch1:         pcsc-lite-init.patch
+# PATCH-FIX-UPSTREAM pcsc-lite-overflow.patch bnc499734 sbrabec@suse.cz -- Fix possible buffer overflows.
+Patch2:         pcsc-lite-overflow.patch
+# PATCH-FIX-UPSTREAM pcsc-lite-strict-aliasing.patch sbrabec@suse.cz -- Strict aliasing fix.
+Patch3:         pcsc-lite-strict-aliasing.patch
 Requires:       libpcsclite1 >= %{version}
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
@@ -119,9 +123,12 @@ Authors:
 
 %prep
 %setup -q
+# Ensure that Apple Public Source License Version 1.1 does not apply:
 cp -a %{S:1} %{S:2} .
 %patch
 %patch1
+%patch2 -p2
+%patch3
 
 %build
 %if %suse_version > 1010
@@ -154,7 +161,7 @@ rm -rf $RPM_BUILD_ROOT
 %{stop_on_removal pcscd}
 
 %post
-%{fillup_and_insserv -n pcscd pcscd}
+%{fillup_and_insserv -y -n pcscd pcscd}
 
 %postun
 %{restart_on_update pcscd}
@@ -189,6 +196,34 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/pkgconfig/*.pc
 
 %changelog
+* Wed May 27 2009 sbrabec@suse.cz
+- Updated to version 1.5.3:
+  * SCardEstablishContext(): check we do not reuse an already
+  allocated hContext
+  * pcsclite.h: add missing SCARD_E_* and SCARD_W_* return code.
+  * reader.h: add PIN_PROPERTIES_STRUCTURE structure and
+  FEATURE_IFD_PIN_PROPERTIES
+  * remove powermgt_macosx.c since it is using APSL version 1.1
+  instead of the BSD-like licence (bnc#474818)
+  * avoid a possible crash due to a race condition
+  * change default log level from PCSC_LOG_INFO to PCSC_LOG_ERROR
+  * CardDisconnect(): call RFUnlockAllSharing() instead of
+  RFUnlockSharing() to release all nested locks. Visible in
+  OpenSC "pkcs11-tool -I".
+  * some other minor improvements and bug corrections
+- Fixed possible overflows (bnc#499734).
+* Thu Apr 09 2009 sbrabec@suse.cz
+- Updated to version 1.5.2:
+  * SCardGetStatusChange(): return if the state of the reader
+  changed since the previous call
+  * SCardCancel() now works as expected
+  * log TxBuffer and RxBuffer if the SCardControl() command failed
+  * add a mutex to avoid a race condition
+  * SCardGetStatusChange() may not return if the reader was removed
+  * some other minor improvements and bug corrections
+- Start daemon by default (bnc#466430).
+- Ensure that Apple Public Source License Version 1.1 does not
+  apply (bnc#474818).
 * Tue Feb 03 2009 sbrabec@suse.cz
 - Updated to version 1.5.1:
   * Fixed extended APDU of more than 2048 bytes
@@ -442,7 +477,7 @@ rm -rf $RPM_BUILD_ROOT
 - fixed /etc/init.d/pcscd status-handling (bug #9069)
 * Thu Jun 07 2001 ro@suse.de
 - fix broken Makefile.am
-* Sun Apr 22 2001 mge@suse.de
+* Mon Apr 23 2001 mge@suse.de
 - update to 0.9.1
-* Wed Apr 18 2001 mge@suse.de
+* Thu Apr 19 2001 mge@suse.de
 - created package