Accepting request 57877 from home:sbrabec:branches:security:chipcard

Accepted my own submit.

OBS-URL: https://build.opensuse.org/request/show/57877
OBS-URL: https://build.opensuse.org/package/show/security:chipcard/opensc?expand=0&rev=25

baselibs.conf

@@ -1,2 +0,0 @@
-opensc
-libopensc2

opensc-0.11.13.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:8ef1bc9dd5f6c8df6814bfd1a53bd5ac135716a610a1dac957c9d5a35de19071
-size 1128054

opensc-0.12.0.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:295a9f3dfe4d7a18b8b98f54f21e6b396b88c0607bbab785aa32c94792842cc8
+size 1065834

opensc-fix-gcc-warnings.patch

@@ -1,26 +0,0 @@
-Index: opensc-0.11.13/src/libopensc/card-belpic.c
-===================================================================
---- opensc-0.11.13.orig/src/libopensc/card-belpic.c
-+++ opensc-0.11.13/src/libopensc/card-belpic.c
-@@ -1338,7 +1338,7 @@ static int belpic_pin_cmd_usage(sc_card_
- 	data->pin1.encoding = data->pin2.encoding = BELPIC_PIN_ENCODING;
- 	data->pin1.pad_char = data->pin2.pad_char = BELPIC_PAD_CHAR;
- 	data->pin1.min_length = data->pin2.min_length = BELPIC_MIN_USER_PIN_LEN;
--	data->pin1.max_length = data->pin1.max_length = BELPIC_MAX_USER_PIN_LEN;
-+	data->pin1.max_length = data->pin2.max_length = BELPIC_MAX_USER_PIN_LEN;
- 	data->apdu = NULL;
- 
- 	return iso_ops->pin_cmd(card, data, tries_left);
-Index: opensc-0.11.13/src/libopensc/card-myeid.c
-===================================================================
---- opensc-0.11.13.orig/src/libopensc/card-myeid.c
-+++ opensc-0.11.13/src/libopensc/card-myeid.c
-@@ -394,7 +394,7 @@ static int myeid_create_file(struct sc_c
- 		SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_FILE_ALREADY_EXISTS);
- 
- 	r = sc_check_sw(card, apdu.sw1, apdu.sw2);
--	SC_TEST_RET(card->ctx, r, "Card returned error");
-+	SC_FUNC_RETURN(card->ctx, 1, r);
- }
- 
- /* no record oriented file services */

opensc-libassuan-2.patch

@@ -1,118 +0,0 @@
----
- m4/gpg-error.m4     |   65 ++++++++++++++++++++++++++++++++++++++++++++++++++++
- m4/libassuan.m4     |    2 -
- src/signer/dialog.c |   35 +++++++++++++++++-----------
- 3 files changed, 88 insertions(+), 14 deletions(-)
-
-Index: opensc-0.11.13/m4/libassuan.m4
-===================================================================
---- opensc-0.11.13.orig/m4/libassuan.m4	2009-12-13 10:14:26.000000000 +0100
-+++ opensc-0.11.13/m4/libassuan.m4	2010-04-13 12:26:56.000000000 +0200
-@@ -26,7 +26,7 @@ AC_DEFUN([_AM_PATH_LIBASSUAN_COMMON],
-   fi
-   AC_PATH_PROG(LIBASSUAN_CONFIG, libassuan-config, no)
- 
--  tmp=ifelse([$1], ,1:0.9.2,$1)
-+  tmp=ifelse([$1], ,2:2.0.0,$1)
-   if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then
-     req_libassuan_api=`echo "$tmp"     | sed 's/\(.*\):\(.*\)/\1/'`
-     min_libassuan_version=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\2/'`
-Index: opensc-0.11.13/src/signer/dialog.c
-===================================================================
---- opensc-0.11.13.orig/src/signer/dialog.c	2010-02-16 10:03:25.000000000 +0100
-+++ opensc-0.11.13/src/signer/dialog.c	2010-04-13 16:03:10.000000000 +0200
-@@ -15,31 +15,31 @@ struct entry_parm_s {
-   char *buffer;
- };
- 
--static AssuanError
-+static gpg_error_t
- getpin_cb (void *opaque, const void *buffer, size_t length)
- {
-   struct entry_parm_s *parm = (struct entry_parm_s *) opaque;
- 
-   /* we expect the pin to fit on one line */
-   if (parm->lines || length >= parm->size)
--    return ASSUAN_Too_Much_Data;
-+    return gpg_error(GPG_ERR_ASS_TOO_MUCH_DATA);
- 
-   /* fixme: we should make sure that the assuan buffer is allocated in
-      secure memory or read the response byte by byte */
-   memcpy(parm->buffer, buffer, length);
-   parm->buffer[length] = 0;
-   parm->lines++;
--  return (AssuanError) 0;
-+  return gpg_error(GPG_ERR_NO_ERROR);
- }
- 
- int ask_and_verify_pin_code(struct sc_pkcs15_card *p15card,
- 			    struct sc_pkcs15_object *pin)
- {
--	int r;
-+	gpg_error_t r;
- 	size_t len;
- 	const char *argv[3];
- 	const char *pgmname = PIN_ENTRY;
--	ASSUAN_CONTEXT ctx;
-+	assuan_context_t ctx = NULL;
- 	char buf[500];
- 	char errtext[100];
- 	struct entry_parm_s parm;
-@@ -48,16 +48,26 @@ int ask_and_verify_pin_code(struct sc_pk
- 	argv[0] = pgmname;
- 	argv[1] = NULL;
- 	
--	r = assuan_pipe_connect(&ctx, pgmname, (char **) argv, NULL);
-+	assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
-+
-+	r = assuan_new(&ctx);
-+	if (r) {
-+		printf("Can't initialize assuan context: %s\n)",
-+			gpg_strerror(r));
-+		goto err;
-+	}
-+	
-+	r = assuan_pipe_connect(ctx, pgmname, (const char **) argv, \
-+				NULL, NULL, NULL, 0);
- 	if (r) {
- 		printf("Can't connect to the PIN entry module: %s\n",
--		       assuan_strerror((AssuanError) r));
-+		       gpg_strerror(r));
- 		goto err;
- 	}
- 	sprintf(buf, "SETDESC Enter PIN [%s] for digital signing  ", pin->label);
- 	r = assuan_transact(ctx, buf, NULL, NULL, NULL, NULL, NULL, NULL);
- 	if (r) {
--		printf("SETDESC: %s\n", assuan_strerror((AssuanError) r));
-+		printf("SETDESC: %s\n", gpg_strerror(r));
- 		goto err;
- 	}
- 	errtext[0] = 0;
-@@ -71,12 +81,12 @@ int ask_and_verify_pin_code(struct sc_pk
- 		parm.size = sizeof(buf);
- 		parm.buffer = buf;
- 		r = assuan_transact(ctx, "GETPIN", getpin_cb, &parm, NULL, NULL, NULL, NULL);
--		if (r == ASSUAN_Canceled) {
--			assuan_disconnect(ctx);
-+		if (gpg_err_code(r) == GPG_ERR_ASS_CANCELED) {
-+			assuan_release(ctx);
- 			return -2;
- 		}
- 		if (r) {
--			printf("GETPIN: %s\n", assuan_strerror((AssuanError) r));
-+			printf("GETPIN: %s\n", gpg_strerror(r));
- 			goto err;
- 		}
- 		len = strlen(buf);
-@@ -104,9 +114,9 @@ int ask_and_verify_pin_code(struct sc_pk
- 			break;
- 	}
- 
--	assuan_disconnect(ctx);	
-+	assuan_release(ctx);
- 	return 0;
- err:	
--	assuan_disconnect(ctx);
-+	assuan_release(ctx);
- 	return -1;
- }

opensc-plugindir.patch

@@ -1,26 +0,0 @@
-Index: opensc-0.11.13/src/signer/Makefile.am
-===================================================================
---- opensc-0.11.13/src/signer/Makefile.am
-+++ opensc-0.11.13/src/signer/Makefile.am
-@@ -2,8 +2,9 @@ MAINTAINERCLEANFILES = $(srcdir)/Makefil
- 
- SUBDIRS = npinclude
- if ENABLE_NSPLUGIN
-+nsplugindir = $(plugindir)
- noinst_HEADERS = opensc-crypto.h opensc-support.h signer.h 
--lib_LTLIBRARIES = opensc-signer.la
-+nsplugin_LTLIBRARIES = opensc-signer.la
- dist_noinst_DATA = testprog.c
- endif
- 
-@@ -18,10 +19,3 @@ opensc_signer_la_LIBADD = $(OPENSSL_LIBS
- opensc_signer_la_LDFLAGS = $(AM_LDFLAGS) \
- 	-export-symbols "$(srcdir)/signer.exports" \
- 	-module -avoid-version -no-undefined
--
--if ENABLE_NSPLUGIN
--plugin_DATA=#Create directory
--install-exec-hook:	install-pluginDATA
--	-rm -f "$(DESTDIR)$(plugindir)/opensc-signer.so"
--	$(LN_S) "$(libdir)/opensc-signer.so" "$(DESTDIR)$(plugindir)"
--endif

opensc-rpmlintrc

@@ -1,4 +1,4 @@
-addFilter("devel-file-in-non-devel-package")
+# Private library don't need to be in a separate package.
-addFilter("shlib-policy-devel-file")
-addFilter("shlib-policy-nonversioned-dir")
 addFilter("shlib-policy-missing-suffix")
+# There is no devel package any more.
+addFilter("obsolete-not-provided")

opensc.changes

@@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Fri Jan  7 14:49:37 CET 2011 - sbrabec@suse.cz
+
+- Updated to version 0.12.0:
+  * Security fix (bnc#660109, CVE-2010-4523).
+  * Only one backend is supported. openSUSE will use pcsc-lite.
+  * libopensc made private, library should not be used by other
+    applications. Please use generic PKCS#11 interface instead.
+  * Signer plugin discontinued. Please use openssl engine_pkcs11.
+  * No more depends on libassuan.
+  * New card drivers.
+  * Support for CardOS enhanced.
+  * More changes and enhancements.
+- libopensc merged back to the main package, as it is private now.
+
 -------------------------------------------------------------------
 Mon Aug 23 14:15:22 CEST 2010 - sbrabec@suse.cz
 

opensc.spec

@@ -15,130 +15,54 @@
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #
 
-# norootforbuild
-
-
 Name:           opensc
-BuildRequires:  libassuan-devel >= 2.0.0
+BuildRequires:  libtool
-BuildRequires:  libusb-devel
-BuildRequires:  openct-devel
 BuildRequires:  openssl-devel
 BuildRequires:  pcsc-lite-devel
 BuildRequires:  pkg-config
 BuildRequires:  readline-devel
-BuildRequires:  xorg-x11-devel
+BuildRequires:  libxslt docbook-xsl-stylesheets
-BuildRequires:  libgpg-error-devel
-# bug437293
-%ifarch ppc64
-Obsoletes:      opensc-64bit
-%endif
-#
 Url:            http://www.opensc-project.org/opensc/
-Version:        0.11.13
+Version:        0.12.0
-Release:        4
+Release:        0
 Group:          Productivity/Security
-Summary:        OpenSC Smart Card Library
+Summary:        Smart Card Utilities
 License:        LGPLv2.1+
-Requires:       libopensc2 = %{version} 
-Requires:       pcsc-lite
-Requires:       pinentry
-BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Source:         %{name}-%{version}.tar.bz2
 Source1:        %{name}-ADVISORIES
-# Supress all ugly warnings related to required .so and .la files in the main package:
 Source2:        %{name}-rpmlintrc
-# and also skip-check-libtool-deps (and add these dependencies to the devel package)
+Requires:       pcsc-lite
-Source3:        baselibs.conf
+# There is no more devel package.
-# PATCH-FIX-UPSTREAM opensc-libassuan-2.patch http://www.opensc-project.org/opensc/ticket/217 puzel@novell.com -- allows to build with libassuan2
+Obsoletes:      opensc-devel < %{version}
-Patch0:         opensc-libassuan-2.patch
+# This package is not supported any more. Last appeared in openSUSE 11.3, never appeared in SLE:
-# PATCH-FIX-UPSTREAM opensc-fix-gcc-warnings.patch http://www.opensc-project.org/opensc/ticket/249 reddwarf@opensuse.org -- the card-myeid.c part has an equivalent fix in upstream's trunk
+Obsoletes:      opensc-java <= 0.2.2
-Patch1:         opensc-fix-gcc-warnings.patch
+BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-# PATCH-FIX-UPSTREAM opensc-plugindir.patch https://www.opensc-project.org/opensc/ticket/251 sbrabec@suse.cz -- clean plugin installation
-Patch2:         opensc-plugindir.patch
 
 %description
-OpenSC provides a set of libraries and utilities to access smart cards.
+
-It mainly focuses on cards that support cryptographic operations. It
+OpenSC provides a set of utilities to access smart cards. It mainly
-facilitates their use in security applications such as mail encryption,
+focuses on cards that support cryptographic operations. It facilitates
+their use in security applications such as mail encryption,
 authentication, and digital signature. OpenSC implements the PKCS#11
 API. Applications supporting this API, such as Mozilla Firefox and
-Thunderbird, can use it. OpenSC implements the PKCS#15 standard and
+Thunderbird, can use it. OpenSC implements the PKCS#15 standard and aims
-aims to be compatible with every software that does so, too.
+to be compatible with every software that does so, too.
-
-Before purchasing any cards, please read carefully documentation in
-/usr/share/doc/packages/opensc/wiki/index.html - only some cards are
-supported. Not only card type matters, but also card version, card OS
-version and preloaded applet. Only subset of possible operations may be
-supported for your card. Card initialization may require third party
-proprietary software.
-
 
+Before purchasing any cards, please read carefully documentation on the
+web pageonly some cards are supported. Not only card type matters, but
+also card version, card OS version and preloaded applet. Only subset of
+possible operations may be supported for your card. Card initialization
+may require third party proprietary software.
 
 Authors:
 --------
-    Juha Yrjölä <jyrjola@cc.hut.fi>
+    Juha Yrjölä <jyrjola@cc.hut.fi>
     Antti Tapaninen <aet@cc.hut.fi>
-    Timo Teräs <timo.teras@iki.fi>
+    Timo Teräs <timo.teras@iki.fi>
     Olaf Kirch <okir@suse.de>
 
-%package -n libopensc2
-License:        LGPLv2.1+
-Group:          System/Libraries
-Summary:        OpenSC Smart Card Library
-
-%description -n libopensc2
-OpenSC provides a set of libraries and utilities to access smart cards.
-It mainly focuses on cards that support cryptographic operations. It
-facilitates their use in security applications such as mail encryption,
-authentication, and digital signature. OpenSC implements the PKCS#11
-API. Applications supporting this API, such as Mozilla Firefox and
-Thunderbird, can use it. OpenSC implements the PKCS#15 standard and
-aims to be compatible with every software that does so, too.
-
-Before purchasing any cards, please read carefully documentation in
-/usr/share/doc/packages/opensc/wiki/index.html - only some cards are
-supported. Not only card type matters, but also card version, card OS
-version and preloaded applet. Only subset of possible operations may be
-supported for your card. Card initialization may require third party
-proprietary software.
-
-
-
-Authors:
---------
-    Juha Yrjölä <jyrjola@cc.hut.fi>
-    Antti Tapaninen <aet@cc.hut.fi>
-    Timo Teräs <timo.teras@iki.fi>
-    Olaf Kirch <okir@suse.de>
-
-%package devel
-License:        GPLv2+
-Group:          Development/Libraries/C and C++
-Summary:        Additional files needed for OpenSC development
-# FIXME: Change to libtool-devel for the next libtool version:
-Requires:       %{name} = %{version} glibc-devel openct-devel libopenssl-devel zlib-devel libtool
-
-%description devel
-This package contains files required to develop applications using the
-OpenSC framework.
-
-
-
-Authors:
---------
-    Juha Yrjölä <juha.yrjola@iki.fi>
-    Antti Tapaninen <aet@cc.hut.fi>
-    Timo Teräs <timo.teras@iki.fi>
-    Olaf Kirch <okir@caldera.de>
-
 %prep
 %setup -q
-%patch0 -p1
-%patch1 -p1
-%patch2 -p1
-tr -d '\r' <doc/nonpersistent/wiki.out/trac.css >doc/nonpersistent/wiki.out/trac.css~
-touch -r doc/nonpersistent/wiki.out/trac.css doc/nonpersistent/wiki.out/trac.css~
-mv doc/nonpersistent/wiki.out/trac.css~ doc/nonpersistent/wiki.out/trac.css
 cp -a %{S:1} ADVISORIES
 
 %build
@@ -148,25 +72,21 @@ autoreconf -f -i
 %configure\
 	--docdir=%{_docdir}/%{name}\
 	--disable-static\
-	--enable-doc\
+	--enable-doc
-	--enable-pcsc\
-	--enable-openct\
-	--enable-nsplugin\
-	--with-pinentry=/usr/bin/pinentry\
-	--with-plugindir=%{_libdir}/browser-plugins
 make %{?jobs:-j%jobs}
 
 %install
 %makeinstall
-rm $RPM_BUILD_ROOT%{_libdir}/browser-plugins/*.la
+cp COPYING ADVISORIES ChangeLog README $RPM_BUILD_ROOT%{_docdir}/%{name}
-cp COPYING ADVISORIES doc/nonpersistent/ChangeLog $RPM_BUILD_ROOT%{_docdir}/%{name}
+# Private library.
+rm $RPM_BUILD_ROOT%{_libdir}/libopensc.so
 
 %clean
 rm -rf $RPM_BUILD_ROOT
 
-%post -n libopensc2 -p /sbin/ldconfig
+%post -p /sbin/ldconfig
 
-%postun -n libopensc2 -p /sbin/ldconfig
+%postun -p /sbin/ldconfig
 
 %files
 %defattr(-,root,root)
@@ -177,28 +97,16 @@ rm -rf $RPM_BUILD_ROOT
 %doc %{_docdir}/%{name}/NEWS
 %doc %{_docdir}/%{name}/README
 %doc %{_docdir}/%{name}/tools.html
-%doc %{_docdir}/%{name}/wiki
 %{_bindir}/*
-%exclude %{_bindir}/*-config
 %{_datadir}/opensc
 # Note: .la and .so must be in the main package, required by ltdl:
 %{_libdir}/*.la
 %{_libdir}/*.so
-%{_libdir}/browser-plugins/*.so
 %dir %{_libdir}/pkcs11
 %{_libdir}/pkcs11/*.so
 %doc %{_mandir}/man?/*.*
 %config %{_sysconfdir}/opensc.conf
-
+# This is a private library. There is no reason to split it to libopensc* package.
-%files -n libopensc2
+%{_libdir}/libopensc.so.*
-%defattr(-,root,root)
-%{_libdir}/*.so.*
-
-%files devel
-%defattr(-,root,root)
-%doc %{_docdir}/%{name}/api.html
-%{_bindir}/*-config
-%{_includedir}/opensc
-%{_libdir}/pkgconfig/*.pc
 
 %changelog