diff --git a/pcsc-lite-permissions.patch b/pcsc-lite-permissions.patch new file mode 100644 index 0000000..50a217c --- /dev/null +++ b/pcsc-lite-permissions.patch @@ -0,0 +1,45 @@ +Author: rousseau +Date: Tue May 19 14:43:56 2009 +New Revision: 4213 + +URL: http://svn.debian.org/wsvn/pcsclite/?sc=1&rev=4213 +Log: +main(): force access rights on /var/run/pcscd to be sure it can be used +by a libpcsclite client without privileges + +Thanks to Sébastien Lorquet for the bug report + +Modified: + trunk/PCSC/src/pcscdaemon.c + +Modified: trunk/PCSC/src/pcscdaemon.c +URL: http://svn.debian.org/wsvn/pcsclite/trunk/PCSC/src/pcscdaemon.c?rev=4213&op=diff +============================================================================== +--- trunk/PCSC/src/pcscdaemon.c (original) ++++ trunk/PCSC/src/pcscdaemon.c Tue May 19 14:43:56 2009 +@@ -396,14 +396,20 @@ + rv = SYS_Stat(PCSCLITE_IPC_DIR, &fStatBuf); + if (rv < 0) + { +- rv = SYS_Mkdir(PCSCLITE_IPC_DIR, +- S_IROTH | S_IXOTH | S_IRGRP | S_IXGRP | S_IRWXU); ++ int mode = S_IROTH | S_IXOTH | S_IRGRP | S_IXGRP | S_IRWXU; ++ ++ rv = SYS_Mkdir(PCSCLITE_IPC_DIR, mode); + if (rv != 0) + { + Log2(PCSC_LOG_CRITICAL, + "cannot create " PCSCLITE_IPC_DIR ": %s", strerror(errno)); + return EXIT_FAILURE; + } ++ ++ /* set mode so that the directory is world readable and ++ * executable even is umask is restrictive ++ * The directory containes files used by libpcsclite */ ++ (void)SYS_Chmod(PCSCLITE_IPC_DIR, mode); + } + + /* + + + diff --git a/pcsc-lite.changes b/pcsc-lite.changes index ec4ac40..08935d9 100644 --- a/pcsc-lite.changes +++ b/pcsc-lite.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Jun 4 14:28:02 CEST 2009 - sbrabec@suse.cz + +- Fixed permissions of /var/run/pcscd (bnc#466211). + ------------------------------------------------------------------- Wed May 27 17:17:37 CEST 2009 - sbrabec@suse.cz diff --git a/pcsc-lite.spec b/pcsc-lite.spec index 9d76a8f..81f4956 100644 --- a/pcsc-lite.spec +++ b/pcsc-lite.spec @@ -23,10 +23,10 @@ Name: pcsc-lite %define ifddir %{_libdir}/readers BuildRequires: hal-devel pkg-config readline-devel Version: 1.5.3 -Release: 1 +Release: 2 PreReq: %{insserv_prereq} %{fillup_prereq} Group: Productivity/Security -License: BSD 3-Clause +License: BSD 3-clause (or similar) Url: http://pcsclite.alioth.debian.org/ Summary: PCS Smart Cards Library Source: %{name}-%{version}.tar.bz2 @@ -39,6 +39,8 @@ Patch1: pcsc-lite-init.patch Patch2: pcsc-lite-overflow.patch # PATCH-FIX-UPSTREAM pcsc-lite-strict-aliasing.patch sbrabec@suse.cz -- Strict aliasing fix. Patch3: pcsc-lite-strict-aliasing.patch +# PATCH-FIX-UPSTREAM pcsc-lite-strict-aliasing.patch bnc466211 sbrabec@suse.cz -- Fix permissions of /var/run/pcscd. +Patch4: pcsc-lite-permissions.patch Requires: libpcsclite1 >= %{version} BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -70,7 +72,7 @@ Authors: Antti Tapaninen %package -n libpcsclite1 -License: BSD 3-Clause +License: BSD 3-clause (or similar) Group: System/Libraries Summary: PCS Smart Cards Library @@ -102,7 +104,7 @@ Authors: Antti Tapaninen %package devel -License: BSD 3-Clause +License: BSD 3-clause (or similar) Group: Development/Libraries/C and C++ Summary: Development package for the MUSCLE project SmartCards library Requires: %{name} = %{version} pcsc-lite glibc-devel @@ -129,6 +131,7 @@ cp -a %{S:1} %{S:2} . %patch1 %patch2 -p2 %patch3 +%patch4 -p2 %build %if %suse_version > 1010 @@ -196,288 +199,3 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/*.pc %changelog -* Wed May 27 2009 sbrabec@suse.cz -- Updated to version 1.5.3: - * SCardEstablishContext(): check we do not reuse an already - allocated hContext - * pcsclite.h: add missing SCARD_E_* and SCARD_W_* return code. - * reader.h: add PIN_PROPERTIES_STRUCTURE structure and - FEATURE_IFD_PIN_PROPERTIES - * remove powermgt_macosx.c since it is using APSL version 1.1 - instead of the BSD-like licence (bnc#474818) - * avoid a possible crash due to a race condition - * change default log level from PCSC_LOG_INFO to PCSC_LOG_ERROR - * CardDisconnect(): call RFUnlockAllSharing() instead of - RFUnlockSharing() to release all nested locks. Visible in - OpenSC "pkcs11-tool -I". - * some other minor improvements and bug corrections -- Fixed possible overflows (bnc#499734). -* Thu Apr 09 2009 sbrabec@suse.cz -- Updated to version 1.5.2: - * SCardGetStatusChange(): return if the state of the reader - changed since the previous call - * SCardCancel() now works as expected - * log TxBuffer and RxBuffer if the SCardControl() command failed - * add a mutex to avoid a race condition - * SCardGetStatusChange() may not return if the reader was removed - * some other minor improvements and bug corrections -- Start daemon by default (bnc#466430). -- Ensure that Apple Public Source License Version 1.1 does not - apply (bnc#474818). -* Tue Feb 03 2009 sbrabec@suse.cz -- Updated to version 1.5.1: - * Fixed extended APDU of more than 2048 bytes - * some other minor improvements and bug corrections - * correctly handle up to PCSCLITE_MAX_READERS_CONTEXTS - * SCardGetStatusChange() behavior change - * SCardStatus(): support of SCARD_AUTOALLOCATE - * SCardGetStatusChange() now uses asynchronous events - * more and/or better documentation - * SCardTransmit(): correctly pass the pioRecvPci parameter - * SCardConnect() and SCardReconnect(): correct a race condition - * pcscd logs the command name sent by the application - * some other minor improvements and bug corrections -- Split according to shared library packaging rules - (bnc#466430#c5). -- Removed obsolete udev rules. -- Install init script based on upstream one (bnc#467255). -- Removed upgrade protection for <= SLE9. -* Tue Jan 06 2009 sbrabec@suse.cz -- Do not call autoreconf for SLE10. -* Wed Sep 10 2008 sbrabec@suse.cz -- Updated to version 1.4.102: - * pcscd -v now displays enabled features - * add support of SCARD_AUTOALLOCATE in SCardListReaders(), - SCardListReaderGroups() and SCardGetAttrib - * add SCardFreeMemory() - * try to use the reader polling thread also for the other slots - on a multi-slots reader - * solve a possible crash with SCardCancel() in multithreading - environment - * SCardConnect(), SCardReconnect(): do not check the parameter - dwPreferredProtocols if dwShareMode == SCARD_SHARE_DIRECT - * better support of driver termination (when pcscd exits) - * kill the driver polling thread only if the driver supports it. - * support for fork(). Handles are now invalid in the child - process. - * SCardStatus() returns SCARD_W_REMOVED_CARD instead of - SCARD_W_RESET_CARD when a card has been removed and inserted - * some other minor improvements and bug corrections -* Fri Aug 22 2008 lnussel@suse.de -- remove resmgr from BuildRequires -* Thu Apr 10 2008 ro@suse.de -- added baselibs.conf file to build xxbit packages - for multilib support -* Thu Apr 03 2008 sbrabec@suse.cz -- Updated to version 1.4.100: - * add libhal support to avoid polling the USB bus. - * improve performances. - * SCardListReaders(): returns SCARD_E_NO_READERS_AVAILABLE when - no reader are available. - * add support of TAG_IFD_POLLING_THREAD to use an asynchronous - card movements detection instead of an active polling. - * CardCheckDaemonAvailability(): lower the priority of the log - message in case of "PCSC Not Running" or "PCSC restarted" so - that nothing is logged by default. - * default log level is PCSC_LOG_CRITICAL+1 so that NO log is sent - to stderr by default. - * Document more details about deviceName argument of - IFDHCreateChannelByName() - * add support of mix 32/64 bits platforms. - * increase MAX_READERNAME from 52 to 100 - * default ipcdir is /var/run/pcscd instead of /var/run so the - directory can be shared locally between 32/64 bits systems on - chroots - * display time delta between two lines of logs when printed to - stderr - * return EXIT_SUCCESS (instead of EXIT_SUCCESS) if parsing - /etc/reader.conf fails. - * performance improvement when powering a card after insertion - * some other minor improvements and bug corrections - * do not call a Log function in a signal handler and do hotplug - synchronously. - * some other minor improvements and bug corrections -* Tue Nov 06 2007 sbrabec@suse.cz -- Added necessary udev rule (#337666). -* Wed Aug 01 2007 sbrabec@suse.cz -- Applied Jacob Berkman's patch for 32-64-bit interoperability. -* Thu Jul 26 2007 sbrabec@suse.cz -- Updated to version 1.4.3: - * see ChangeLog for complete list of changes -* Wed May 16 2007 olh@suse.de -- Buildrequires libusb -> libusb-devel -* Mon Mar 05 2007 pgajdos@suse.cz -- fixed 'warning: array subscript is above array bounds' (#239174) -* Tue Feb 13 2007 sbrabec@suse.cz -- Updated to version 1.3.3: - * Added -H --hotplug argument. - * Added support for IFD_GENERATE_HOTPLUG bit in driver Info.plist - ifdCapabilities. - * SCardConnect() & SCardDisconnect(): Wait until any transaction - finishes before going on. - * Removed tools installifd and formaticc. - * SCardControl(): do not limit cbSendLength to MAX_BUFFER_SIZE. - * implement SCardIsValidContext() PC/SC call. - * Other API changes and improvements. -- Spec file cleanup. -- Moved testpcsc to /usr/sbin. -* Wed Jan 17 2007 sbrabec@suse.cz -- pcsclite.so moved to the main package (#235773). -* Tue Sep 19 2006 anosek@suse.cz -- update to version 1.3.2 - * add support of extended APDU in the standard configuration - and in a backward compatible way: pcscd 1.3.2 can be used - with libpcsclite <= 1.3.2 - * define MAX_BUFFER_SIZE_EXTENDED as the maximal size allowed - for a extended APDU (64KB) - * LPCTSTR and LPTSTR types are deprecated. - Use LPCSTR and LPSTR instead - * Dual licence src/error.c so it can be used bu OpenSC. It is now - BSD-like, see the COPYING file and GNU Lesser General - Licence 2.1 or (at your option) any later version - * document that the 4 bytes field value in PCSC_TLV_STRUCTURE is - always in big endian as documented in PCSC v2 part 10 ch 2.2 - page 2. You can use ntohl() to convert the value. - * some other minor improvements and bug corrections -- fixed compiler warning: subscript out of range [#204770] - (overflow.patch) -* Fri Aug 11 2006 stark@suse.de -- update to version 1.3.1 - * use fprintf(stderr,) instead of syslog(3) to log messages from - libpcsclite - * use PCSCLITE_DEBUG to activate the debug messages in libpcsclite - * add the reader serial number in the reader name only if - ADD_SERIAL_NUMBER is defined -* Thu Apr 06 2006 mjancar@suse.cz -- remove powermgt_macosx.c from the package (#161324) -* Mon Mar 13 2006 mjancar@suse.cz -- mount /proc/bus/usb in initscript anyway (#146979) -* Tue Feb 07 2006 mjancar@suse.cz -- start after kbd instead of mounting usbfs ourselfs (#146979) -* Mon Feb 06 2006 mjancar@suse.cz -- mount /proc/bus/usb in initscript (#146979) -* Wed Jan 25 2006 mls@suse.de -- converted neededforbuild to BuildRequires -* Tue Jan 03 2006 mjancar@suse.cz -- move drivers to separate source packages -- branch devel subpackage -* Mon Jan 02 2006 stark@suse.de -- removed obsolete hotplug stuff for cyberjack -- Updated pcsc-lite to version 1.2.9-beta9 -- Updated CCID driver to 0.9.4 -- Updated GemPC driver to 1.0.0 -- package pkgconfig files to be able to build drivers outside - the package -* Tue Dec 20 2005 ro@suse.de -- removed unpackaged man-page symlinks -* Tue Nov 29 2005 ro@suse.de -- remove keeper from nfb (unused) -* Mon Oct 10 2005 stark@suse.de -- Updated towitoko driver to 2.0.7 and install USB bundle -* Wed Sep 21 2005 stark@suse.de -- Repackaged CCID as bundle for USB usage (#116497) -* Tue Sep 20 2005 stark@suse.de -- handle old reader.conf in upgrade case -- compile with -fno-strict-aliasing -- fixed missing return in ctapi-cyberjack -* Sat Sep 17 2005 stark@suse.de -- Updated pcsc-lite to version 1.2.9beta8 (#116497) - * use /etc/reader.conf.d/ - * adapted init script to create /etc/reader.conf -- Updated cyberjack driver to version 2.0.9 - * use rpath for cyberjack tools -- Updated ccid driver to version 0.9.3 (#116497) -- Use RPM_OPT_FLAGS everywhere -- Fixed serious compiler warnings -* Mon Sep 05 2005 skh@suse.de -- fix off-by-one error in hotplug_libusb.c [#112964] -* Mon Aug 29 2005 skh@suse.de -- Remove unnecessary files from pcsc-acr38 again [#112927] -* Mon Aug 29 2005 skh@suse.de -- package ACR38 driver in correct bundle format [#112927] -- remove orphaned /var/run/pcscd.pub when necessary [#112928] -- update ACR38u driver to version 100705 to fix crash when reader - is plugged in [#112964] -* Tue Aug 16 2005 skh@suse.de -- Updated ACR38u driver to version 100703 -* Tue Jul 26 2005 okir@suse.de -- Added ACR38u driver -* Tue Jul 26 2005 okir@suse.de -- Updated description in init script (#79287) -* Thu Jun 16 2005 meissner@suse.de -- use RPM_OPT_FLAGS in 1 more driver -- added includes to avoid implict declaration of memcpy and similar. -* Mon Apr 18 2005 ro@suse.de -- make it build with gcc-4 -* Thu Mar 17 2005 okir@suse.de -- Disable support for extended-apdus, it eats 32MB of memory (#73629) -* Thu Mar 10 2005 okir@suse.de -- Fix default search location for USB bundles -* Fri Jan 21 2005 okir@suse.de -- Updated to latest upstream version -- Updated several drivers -- Added CCID driver -- Provide a more informative readers.conf file (#42620) -* Thu Jan 20 2005 ro@suse.de -- drop subpackage gpr400 -* Wed Apr 28 2004 ro@suse.de -- compile formaticc with no-strict-aliasing -- fix unused return type in musclecard.c -* Wed Mar 31 2004 okir@suse.de -- Properly install testpcsc, formaticc (#37625) -- Build towitoko driver with --enable-win32-com -* Thu Mar 18 2004 okir@suse.de -- cyberjack apps installed in /bin should be executable (#36409) -* Sat Jan 10 2004 adrian@suse.de -- add %%run_ldconfig -* Tue Aug 05 2003 mge@suse.de -- merge ctapi-cyberjack into pcsc-lite: two additional - packages are created: ctapi-cyberjack and pcsc-cyberjack -* Thu Jun 26 2003 ro@suse.de -- remove unpackaged files from buildroot -- added directories to filelist -* Fri Nov 29 2002 okir@suse.de -- added -fPIC when building eToken driver -* Fri Nov 29 2002 okir@suse.de -- Updated to latest upstream version -- Included driver for Aladdin eToken PRO -- More GNU auto#*@! headaches -- Various minor fixes -* Wed Aug 28 2002 okir@suse.de -- Moved shared objects to /usr/lib64 on ppc64/s390x (#18421) -* Mon Aug 05 2002 olh@suse.de -- fix initscript, Should-start: setserial hotplug -* Fri Aug 02 2002 okir@suse.de -- added PreReq for insserv_and_fillup -* Wed Jul 31 2002 okir@suse.de -- fixed build problem on s390x (force aclocal.m4 regen) -* Wed Jun 26 2002 ro@suse.de -- use -fPIC when building a shared lib -* Wed Jun 12 2002 okir@suse.de -- fix for bug #15051 (hey, it's a palindrome bug:): - missing %%doc DRIVERS file; misc silly binaries moved - out of /usr/bin -* Tue Apr 30 2002 okir@suse.de -- Fixed build problem introduced by previous patch -* Tue Apr 30 2002 okir@suse.de -- updated to latest upstream version -- added drivers for these readers: Towitoko, Schlumberger Reflex 6x, - Gemplus GPR 400, GemPlus GemPC 410/430 -* Tue Apr 09 2002 ro@suse.de -- fixed for latest automake/autoconf -* Wed Feb 13 2002 stark@suse.de -- spec-file cleanup -- LSB compliant init-script -* Mon Jan 14 2002 ro@suse.de -- removed START_PCSCD -* Wed Nov 14 2001 ro@suse.de -- call aclocal -* Sun Aug 26 2001 mge@suse.de -- updated to 1.0.0Beta -- fixed /etc/init.d/pcscd status-handling (bug #9069) -* Thu Jun 07 2001 ro@suse.de -- fix broken Makefile.am -* Mon Apr 23 2001 mge@suse.de -- update to 0.9.1 -* Thu Apr 19 2001 mge@suse.de -- created package