diff --git a/baselibs.conf b/baselibs.conf deleted file mode 100644 index 4c0b2ee..0000000 --- a/baselibs.conf +++ /dev/null @@ -1,2 +0,0 @@ -opensc -libopensc2 diff --git a/opensc-0.11.13.tar.bz2 b/opensc-0.11.13.tar.bz2 deleted file mode 100644 index c2f11af..0000000 --- a/opensc-0.11.13.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:8ef1bc9dd5f6c8df6814bfd1a53bd5ac135716a610a1dac957c9d5a35de19071 -size 1128054 diff --git a/opensc-0.12.0.tar.bz2 b/opensc-0.12.0.tar.bz2 new file mode 100644 index 0000000..07fbb82 --- /dev/null +++ b/opensc-0.12.0.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:295a9f3dfe4d7a18b8b98f54f21e6b396b88c0607bbab785aa32c94792842cc8 +size 1065834 diff --git a/opensc-fix-gcc-warnings.patch b/opensc-fix-gcc-warnings.patch deleted file mode 100644 index f89744f..0000000 --- a/opensc-fix-gcc-warnings.patch +++ /dev/null @@ -1,26 +0,0 @@ -Index: opensc-0.11.13/src/libopensc/card-belpic.c -=================================================================== ---- opensc-0.11.13.orig/src/libopensc/card-belpic.c -+++ opensc-0.11.13/src/libopensc/card-belpic.c -@@ -1338,7 +1338,7 @@ static int belpic_pin_cmd_usage(sc_card_ - data->pin1.encoding = data->pin2.encoding = BELPIC_PIN_ENCODING; - data->pin1.pad_char = data->pin2.pad_char = BELPIC_PAD_CHAR; - data->pin1.min_length = data->pin2.min_length = BELPIC_MIN_USER_PIN_LEN; -- data->pin1.max_length = data->pin1.max_length = BELPIC_MAX_USER_PIN_LEN; -+ data->pin1.max_length = data->pin2.max_length = BELPIC_MAX_USER_PIN_LEN; - data->apdu = NULL; - - return iso_ops->pin_cmd(card, data, tries_left); -Index: opensc-0.11.13/src/libopensc/card-myeid.c -=================================================================== ---- opensc-0.11.13.orig/src/libopensc/card-myeid.c -+++ opensc-0.11.13/src/libopensc/card-myeid.c -@@ -394,7 +394,7 @@ static int myeid_create_file(struct sc_c - SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_FILE_ALREADY_EXISTS); - - r = sc_check_sw(card, apdu.sw1, apdu.sw2); -- SC_TEST_RET(card->ctx, r, "Card returned error"); -+ SC_FUNC_RETURN(card->ctx, 1, r); - } - - /* no record oriented file services */ diff --git a/opensc-libassuan-2.patch b/opensc-libassuan-2.patch deleted file mode 100644 index ac419b7..0000000 --- a/opensc-libassuan-2.patch +++ /dev/null @@ -1,118 +0,0 @@ ---- - m4/gpg-error.m4 | 65 ++++++++++++++++++++++++++++++++++++++++++++++++++++ - m4/libassuan.m4 | 2 - - src/signer/dialog.c | 35 +++++++++++++++++----------- - 3 files changed, 88 insertions(+), 14 deletions(-) - -Index: opensc-0.11.13/m4/libassuan.m4 -=================================================================== ---- opensc-0.11.13.orig/m4/libassuan.m4 2009-12-13 10:14:26.000000000 +0100 -+++ opensc-0.11.13/m4/libassuan.m4 2010-04-13 12:26:56.000000000 +0200 -@@ -26,7 +26,7 @@ AC_DEFUN([_AM_PATH_LIBASSUAN_COMMON], - fi - AC_PATH_PROG(LIBASSUAN_CONFIG, libassuan-config, no) - -- tmp=ifelse([$1], ,1:0.9.2,$1) -+ tmp=ifelse([$1], ,2:2.0.0,$1) - if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then - req_libassuan_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'` - min_libassuan_version=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\2/'` -Index: opensc-0.11.13/src/signer/dialog.c -=================================================================== ---- opensc-0.11.13.orig/src/signer/dialog.c 2010-02-16 10:03:25.000000000 +0100 -+++ opensc-0.11.13/src/signer/dialog.c 2010-04-13 16:03:10.000000000 +0200 -@@ -15,31 +15,31 @@ struct entry_parm_s { - char *buffer; - }; - --static AssuanError -+static gpg_error_t - getpin_cb (void *opaque, const void *buffer, size_t length) - { - struct entry_parm_s *parm = (struct entry_parm_s *) opaque; - - /* we expect the pin to fit on one line */ - if (parm->lines || length >= parm->size) -- return ASSUAN_Too_Much_Data; -+ return gpg_error(GPG_ERR_ASS_TOO_MUCH_DATA); - - /* fixme: we should make sure that the assuan buffer is allocated in - secure memory or read the response byte by byte */ - memcpy(parm->buffer, buffer, length); - parm->buffer[length] = 0; - parm->lines++; -- return (AssuanError) 0; -+ return gpg_error(GPG_ERR_NO_ERROR); - } - - int ask_and_verify_pin_code(struct sc_pkcs15_card *p15card, - struct sc_pkcs15_object *pin) - { -- int r; -+ gpg_error_t r; - size_t len; - const char *argv[3]; - const char *pgmname = PIN_ENTRY; -- ASSUAN_CONTEXT ctx; -+ assuan_context_t ctx = NULL; - char buf[500]; - char errtext[100]; - struct entry_parm_s parm; -@@ -48,16 +48,26 @@ int ask_and_verify_pin_code(struct sc_pk - argv[0] = pgmname; - argv[1] = NULL; - -- r = assuan_pipe_connect(&ctx, pgmname, (char **) argv, NULL); -+ assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT); -+ -+ r = assuan_new(&ctx); -+ if (r) { -+ printf("Can't initialize assuan context: %s\n)", -+ gpg_strerror(r)); -+ goto err; -+ } -+ -+ r = assuan_pipe_connect(ctx, pgmname, (const char **) argv, \ -+ NULL, NULL, NULL, 0); - if (r) { - printf("Can't connect to the PIN entry module: %s\n", -- assuan_strerror((AssuanError) r)); -+ gpg_strerror(r)); - goto err; - } - sprintf(buf, "SETDESC Enter PIN [%s] for digital signing ", pin->label); - r = assuan_transact(ctx, buf, NULL, NULL, NULL, NULL, NULL, NULL); - if (r) { -- printf("SETDESC: %s\n", assuan_strerror((AssuanError) r)); -+ printf("SETDESC: %s\n", gpg_strerror(r)); - goto err; - } - errtext[0] = 0; -@@ -71,12 +81,12 @@ int ask_and_verify_pin_code(struct sc_pk - parm.size = sizeof(buf); - parm.buffer = buf; - r = assuan_transact(ctx, "GETPIN", getpin_cb, &parm, NULL, NULL, NULL, NULL); -- if (r == ASSUAN_Canceled) { -- assuan_disconnect(ctx); -+ if (gpg_err_code(r) == GPG_ERR_ASS_CANCELED) { -+ assuan_release(ctx); - return -2; - } - if (r) { -- printf("GETPIN: %s\n", assuan_strerror((AssuanError) r)); -+ printf("GETPIN: %s\n", gpg_strerror(r)); - goto err; - } - len = strlen(buf); -@@ -104,9 +114,9 @@ int ask_and_verify_pin_code(struct sc_pk - break; - } - -- assuan_disconnect(ctx); -+ assuan_release(ctx); - return 0; - err: -- assuan_disconnect(ctx); -+ assuan_release(ctx); - return -1; - } diff --git a/opensc-plugindir.patch b/opensc-plugindir.patch deleted file mode 100644 index e0a0dba..0000000 --- a/opensc-plugindir.patch +++ /dev/null @@ -1,26 +0,0 @@ -Index: opensc-0.11.13/src/signer/Makefile.am -=================================================================== ---- opensc-0.11.13/src/signer/Makefile.am -+++ opensc-0.11.13/src/signer/Makefile.am -@@ -2,8 +2,9 @@ MAINTAINERCLEANFILES = $(srcdir)/Makefil - - SUBDIRS = npinclude - if ENABLE_NSPLUGIN -+nsplugindir = $(plugindir) - noinst_HEADERS = opensc-crypto.h opensc-support.h signer.h --lib_LTLIBRARIES = opensc-signer.la -+nsplugin_LTLIBRARIES = opensc-signer.la - dist_noinst_DATA = testprog.c - endif - -@@ -18,10 +19,3 @@ opensc_signer_la_LIBADD = $(OPENSSL_LIBS - opensc_signer_la_LDFLAGS = $(AM_LDFLAGS) \ - -export-symbols "$(srcdir)/signer.exports" \ - -module -avoid-version -no-undefined -- --if ENABLE_NSPLUGIN --plugin_DATA=#Create directory --install-exec-hook: install-pluginDATA -- -rm -f "$(DESTDIR)$(plugindir)/opensc-signer.so" -- $(LN_S) "$(libdir)/opensc-signer.so" "$(DESTDIR)$(plugindir)" --endif diff --git a/opensc-rpmlintrc b/opensc-rpmlintrc index 4f1d9b9..a2b652f 100644 --- a/opensc-rpmlintrc +++ b/opensc-rpmlintrc @@ -1,4 +1,4 @@ -addFilter("devel-file-in-non-devel-package") -addFilter("shlib-policy-devel-file") -addFilter("shlib-policy-nonversioned-dir") +# Private library don't need to be in a separate package. addFilter("shlib-policy-missing-suffix") +# There is no devel package any more. +addFilter("obsolete-not-provided") diff --git a/opensc.changes b/opensc.changes index fbdf0f2..fa54737 100644 --- a/opensc.changes +++ b/opensc.changes @@ -1,3 +1,18 @@ +------------------------------------------------------------------- +Fri Jan 7 14:49:37 CET 2011 - sbrabec@suse.cz + +- Updated to version 0.12.0: + * Security fix (bnc#660109, CVE-2010-4523). + * Only one backend is supported. openSUSE will use pcsc-lite. + * libopensc made private, library should not be used by other + applications. Please use generic PKCS#11 interface instead. + * Signer plugin discontinued. Please use openssl engine_pkcs11. + * No more depends on libassuan. + * New card drivers. + * Support for CardOS enhanced. + * More changes and enhancements. +- libopensc merged back to the main package, as it is private now. + ------------------------------------------------------------------- Mon Aug 23 14:15:22 CEST 2010 - sbrabec@suse.cz diff --git a/opensc.spec b/opensc.spec index e8d52ce..6ebc34d 100644 --- a/opensc.spec +++ b/opensc.spec @@ -15,130 +15,54 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild - - Name: opensc -BuildRequires: libassuan-devel >= 2.0.0 -BuildRequires: libusb-devel -BuildRequires: openct-devel +BuildRequires: libtool BuildRequires: openssl-devel BuildRequires: pcsc-lite-devel BuildRequires: pkg-config BuildRequires: readline-devel -BuildRequires: xorg-x11-devel -BuildRequires: libgpg-error-devel -# bug437293 -%ifarch ppc64 -Obsoletes: opensc-64bit -%endif -# +BuildRequires: libxslt docbook-xsl-stylesheets Url: http://www.opensc-project.org/opensc/ -Version: 0.11.13 -Release: 4 +Version: 0.12.0 +Release: 0 Group: Productivity/Security -Summary: OpenSC Smart Card Library +Summary: Smart Card Utilities License: LGPLv2.1+ -Requires: libopensc2 = %{version} -Requires: pcsc-lite -Requires: pinentry -BuildRoot: %{_tmppath}/%{name}-%{version}-build Source: %{name}-%{version}.tar.bz2 Source1: %{name}-ADVISORIES -# Supress all ugly warnings related to required .so and .la files in the main package: Source2: %{name}-rpmlintrc -# and also skip-check-libtool-deps (and add these dependencies to the devel package) -Source3: baselibs.conf -# PATCH-FIX-UPSTREAM opensc-libassuan-2.patch http://www.opensc-project.org/opensc/ticket/217 puzel@novell.com -- allows to build with libassuan2 -Patch0: opensc-libassuan-2.patch -# PATCH-FIX-UPSTREAM opensc-fix-gcc-warnings.patch http://www.opensc-project.org/opensc/ticket/249 reddwarf@opensuse.org -- the card-myeid.c part has an equivalent fix in upstream's trunk -Patch1: opensc-fix-gcc-warnings.patch -# PATCH-FIX-UPSTREAM opensc-plugindir.patch https://www.opensc-project.org/opensc/ticket/251 sbrabec@suse.cz -- clean plugin installation -Patch2: opensc-plugindir.patch +Requires: pcsc-lite +# There is no more devel package. +Obsoletes: opensc-devel < %{version} +# This package is not supported any more. Last appeared in openSUSE 11.3, never appeared in SLE: +Obsoletes: opensc-java <= 0.2.2 +BuildRoot: %{_tmppath}/%{name}-%{version}-build %description -OpenSC provides a set of libraries and utilities to access smart cards. -It mainly focuses on cards that support cryptographic operations. It -facilitates their use in security applications such as mail encryption, + +OpenSC provides a set of utilities to access smart cards. It mainly +focuses on cards that support cryptographic operations. It facilitates +their use in security applications such as mail encryption, authentication, and digital signature. OpenSC implements the PKCS#11 API. Applications supporting this API, such as Mozilla Firefox and -Thunderbird, can use it. OpenSC implements the PKCS#15 standard and -aims to be compatible with every software that does so, too. - -Before purchasing any cards, please read carefully documentation in -/usr/share/doc/packages/opensc/wiki/index.html - only some cards are -supported. Not only card type matters, but also card version, card OS -version and preloaded applet. Only subset of possible operations may be -supported for your card. Card initialization may require third party -proprietary software. - +Thunderbird, can use it. OpenSC implements the PKCS#15 standard and aims +to be compatible with every software that does so, too. +Before purchasing any cards, please read carefully documentation on the +web pageonly some cards are supported. Not only card type matters, but +also card version, card OS version and preloaded applet. Only subset of +possible operations may be supported for your card. Card initialization +may require third party proprietary software. Authors: -------- - Juha Yrjölä + Juha Yrjölä Antti Tapaninen - Timo Teräs + Timo Teräs Olaf Kirch -%package -n libopensc2 -License: LGPLv2.1+ -Group: System/Libraries -Summary: OpenSC Smart Card Library - -%description -n libopensc2 -OpenSC provides a set of libraries and utilities to access smart cards. -It mainly focuses on cards that support cryptographic operations. It -facilitates their use in security applications such as mail encryption, -authentication, and digital signature. OpenSC implements the PKCS#11 -API. Applications supporting this API, such as Mozilla Firefox and -Thunderbird, can use it. OpenSC implements the PKCS#15 standard and -aims to be compatible with every software that does so, too. - -Before purchasing any cards, please read carefully documentation in -/usr/share/doc/packages/opensc/wiki/index.html - only some cards are -supported. Not only card type matters, but also card version, card OS -version and preloaded applet. Only subset of possible operations may be -supported for your card. Card initialization may require third party -proprietary software. - - - -Authors: --------- - Juha Yrjölä - Antti Tapaninen - Timo Teräs - Olaf Kirch - -%package devel -License: GPLv2+ -Group: Development/Libraries/C and C++ -Summary: Additional files needed for OpenSC development -# FIXME: Change to libtool-devel for the next libtool version: -Requires: %{name} = %{version} glibc-devel openct-devel libopenssl-devel zlib-devel libtool - -%description devel -This package contains files required to develop applications using the -OpenSC framework. - - - -Authors: --------- - Juha Yrjölä - Antti Tapaninen - Timo Teräs - Olaf Kirch - %prep %setup -q -%patch0 -p1 -%patch1 -p1 -%patch2 -p1 -tr -d '\r' doc/nonpersistent/wiki.out/trac.css~ -touch -r doc/nonpersistent/wiki.out/trac.css doc/nonpersistent/wiki.out/trac.css~ -mv doc/nonpersistent/wiki.out/trac.css~ doc/nonpersistent/wiki.out/trac.css cp -a %{S:1} ADVISORIES %build @@ -148,25 +72,21 @@ autoreconf -f -i %configure\ --docdir=%{_docdir}/%{name}\ --disable-static\ - --enable-doc\ - --enable-pcsc\ - --enable-openct\ - --enable-nsplugin\ - --with-pinentry=/usr/bin/pinentry\ - --with-plugindir=%{_libdir}/browser-plugins + --enable-doc make %{?jobs:-j%jobs} %install %makeinstall -rm $RPM_BUILD_ROOT%{_libdir}/browser-plugins/*.la -cp COPYING ADVISORIES doc/nonpersistent/ChangeLog $RPM_BUILD_ROOT%{_docdir}/%{name} +cp COPYING ADVISORIES ChangeLog README $RPM_BUILD_ROOT%{_docdir}/%{name} +# Private library. +rm $RPM_BUILD_ROOT%{_libdir}/libopensc.so %clean rm -rf $RPM_BUILD_ROOT -%post -n libopensc2 -p /sbin/ldconfig +%post -p /sbin/ldconfig -%postun -n libopensc2 -p /sbin/ldconfig +%postun -p /sbin/ldconfig %files %defattr(-,root,root) @@ -177,28 +97,16 @@ rm -rf $RPM_BUILD_ROOT %doc %{_docdir}/%{name}/NEWS %doc %{_docdir}/%{name}/README %doc %{_docdir}/%{name}/tools.html -%doc %{_docdir}/%{name}/wiki %{_bindir}/* -%exclude %{_bindir}/*-config %{_datadir}/opensc # Note: .la and .so must be in the main package, required by ltdl: %{_libdir}/*.la %{_libdir}/*.so -%{_libdir}/browser-plugins/*.so %dir %{_libdir}/pkcs11 %{_libdir}/pkcs11/*.so %doc %{_mandir}/man?/*.* %config %{_sysconfdir}/opensc.conf - -%files -n libopensc2 -%defattr(-,root,root) -%{_libdir}/*.so.* - -%files devel -%defattr(-,root,root) -%doc %{_docdir}/%{name}/api.html -%{_bindir}/*-config -%{_includedir}/opensc -%{_libdir}/pkgconfig/*.pc +# This is a private library. There is no reason to split it to libopensc* package. +%{_libdir}/libopensc.so.* %changelog