opensc: updated to 0.23.0

New in 0.23.0; 2022-11-29 General improvements Support signing of data with a length of more than 512 bytes By default, disable support for old card drivers Bump minimal required OpenSSL version to 1.1.1 and add support for OpenSSL 3.0 Compatibility with LibreSSL Remove support for DSA Extend p11test to support symmetric keys Notice detached reader on macOS Support for OAEP padding Fix for PSS salt length Improve fuzzing by adding new tests Fixed various issues reported by OSS-Fuzz and Coverity regarding card drivers, PKCS#11 and PKCS#15 init Fix issues with OpenPACE Containers support for local testing Add support for encryption and decryption using symmetric keys Stop building support for Gost algorithms with OpenSSL 3.0 as they require deprecated API Fix detection of disconnected readers in PCSC Add configuration option for on-disk caching of private data Skip building empty binaries when dependencies are missing and remove needless linking Define arm64 as a supported architecture in the Installer package PKCS#11 Implement C_CreateObject for EC keys and fix signature verification for CKM_ECDSA_SHAx cards pkcs11-tool Add more elliptic curves Add support for symmetric encrypt and decrypt, wrap and unwrap operations, and initialization vector Fix consistent handling of secret key attributes Add support for signing and verifying with HMAC Add support for SHA3 Make object selectable via label Do not require an R/W session for some operations and add --session-rw option Print more information: CKA_UNIQUE_ID attribute, SHA3 HMACs and serial number for certificates Add new option --undestroyable to create keys with CKA_DESTROYABLE=FALSE sc-hsm-tool Add options for public key authentication Minidriver Fix reinit of the card Add an entry for Italian CNS (e) Fix detection of ECC mechanisms Fix ATRs before adding them to the windows registry NQ-Applet Add support for the JCOP4 Cards with NQ-Applet ItaCNS Add support for ItaCMS v1.1 (key length 2048) Belpic Add support for applet v1.8 Starcos Add ATR for V3.4 Add PKCS#15 emulator for 3.x cards with eSign app ePass2003 Fix PKCS#15 initialization Add support for FIPS Fix matching with newer versions and tokens initialized with OpenSC MyEID Support logout operation Support for symmetric encryption and decryption GIDS Fix decipher for TPM OpenPGP Get the list of supported algorithms from algorithm information on the card Support for 3 certificates with OpenPGP 3+ nPA Fix card detection Rutoken Fix formatting rtecp cards PIV Add new PIVKey ATRs for current cards
2023-02-21 17:23:07 +00:00 · 2023-02-21 17:23:07 +00:00 · 1a360d74f8
commit 1a360d74f8
parent 605b78c43b
8 changed files with 53 additions and 70 deletions
--- a/security/opensc/Makefile
+++ b/security/opensc/Makefile
@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.37 2022/11/23 16:21:01 adam Exp $
+# $NetBSD: Makefile,v 1.38 2023/02/21 17:23:07 adam Exp $

-DISTNAME=	opensc-0.20.0
-PKGREVISION=	7
+DISTNAME=	opensc-0.23.0
 CATEGORIES=	security
 MASTER_SITES=	${MASTER_SITE_GITHUB:=OpenSC/}

@ -12,18 +11,18 @@ LICENSE=	gnu-lgpl-v2.1

 WRKSRC=		${WRKDIR}/OpenSC-${PKGVERSION_NOREV}

-BUILD_DEPENDS+=		docbook-xsl-[0-9]*:../../textproc/docbook-xsl
+BUILD_DEPENDS+=	docbook-xsl-[0-9]*:../../textproc/docbook-xsl

 USE_LIBTOOL=		yes
 USE_TOOLS+=		autoreconf autoconf automake gmake pkg-config
 GNU_CONFIGURE=		yes
 CONFIGURE_ARGS+=	--disable-autostart-items
+CONFIGURE_ARGS+=	--disable-cmocka
 CONFIGURE_ARGS+=	--disable-strict  # avoid -Werror
+CONFIGURE_ARGS+=	--enable-notify
 CONFIGURE_ARGS+=	--sysconfdir=${PKG_SYSCONFDIR}
 # The stylesheets are not found without this.
 CONFIGURE_ARGS+=	--with-xsl-stylesheetsdir=${PREFIX}/share/xsl/docbook
-# This is perhaps an upstream bug.
-CONFIGURE_ENV+=		PCSC_CFLAGS=-I${PREFIX}/include/PCSC

 .include "options.mk"

@ -37,13 +36,11 @@ INSTALLATION_DIRS=	${EGDIR}
 post-install:
 	${INSTALL_DATA} ${WRKSRC}/etc/opensc.conf.example ${DESTDIR}${EGDIR}/opensc.conf

-# build tools for doc; should be TOOLS
-.include "../../textproc/libxslt/buildlink3.mk"
-
-# We avoid pthreads intentionally; tell dlopen not drag it in.
-DLOPEN_REQUIRE_PTHREADS=	no
-.include "../../mk/dlopen.buildlink3.mk"
-.include "../../mk/readline.buildlink3.mk"
+.include "../../devel/glib2/buildlink3.mk"
 .include "../../devel/zlib/buildlink3.mk"
 .include "../../security/openssl/buildlink3.mk"
+# build tools for doc; should be TOOLS
+.include "../../textproc/libxslt/buildlink3.mk"
+.include "../../mk/dlopen.buildlink3.mk"
+.include "../../mk/readline.buildlink3.mk"
 .include "../../mk/bsd.pkg.mk"
--- a/security/opensc/PLIST
+++ b/security/opensc/PLIST
@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.13 2020/06/20 19:08:19 adam Exp $
+@comment $NetBSD: PLIST,v 1.14 2023/02/21 17:23:07 adam Exp $
 bin/cardos-tool
 bin/cryptoflex-tool
 bin/dnie-tool
@ -8,7 +8,6 @@ bin/gids-tool
 bin/goid-tool
 bin/iasecc-tool
 bin/netkey-tool
-bin/npa-tool
 bin/openpgp-tool
 bin/opensc-asn1
 bin/opensc-explorer
@ -37,6 +36,7 @@ man/man1/dnie-tool.1
 man/man1/egk-tool.1
 man/man1/eidenv.1
 man/man1/gids-tool.1
+man/man1/goid-tool.1
 man/man1/iasecc-tool.1
 man/man1/netkey-tool.1
 man/man1/npa-tool.1
@ -46,6 +46,7 @@ man/man1/opensc-explorer.1
 man/man1/opensc-notify.1
 man/man1/opensc-tool.1
 man/man1/piv-tool.1
+man/man1/pkcs11-register.1
 man/man1/pkcs11-tool.1
 man/man1/pkcs15-crypt.1
 man/man1/pkcs15-init.1
@ -75,8 +76,6 @@ share/opensc/iasecc_generic_oberthur.profile
 share/opensc/iasecc_generic_pki.profile
 share/opensc/incrypto34.profile
 share/opensc/isoApplet.profile
-share/opensc/jcop.profile
-share/opensc/miocos.profile
 share/opensc/muscle.profile
 share/opensc/myeid.profile
 share/opensc/oberthur.profile
--- a/security/opensc/distinfo
+++ b/security/opensc/distinfo
@ -1,10 +1,9 @@
-$NetBSD: distinfo,v 1.20 2021/10/26 11:17:22 nia Exp $
+$NetBSD: distinfo,v 1.21 2023/02/21 17:23:07 adam Exp $

-BLAKE2s (opensc-0.20.0.tar.gz) = 405d04236f8b8bd8f5b0c6d504b4f53cd5c089f41c521b8c17c05f072555d092
-SHA512 (opensc-0.20.0.tar.gz) = 1360ee35f579cbeecf368777bb60d6c23ec2a80a2983328ea2c193530cc9b101a807ff1e2982ad34bfcc2bae2c867feecf300b6229d15057e796bd31ecffb02d
-Size (opensc-0.20.0.tar.gz) = 1653931 bytes
-SHA1 (patch-aa) = 5ca9245c763a9f8a8aa273e7e76c75168c52d0cd
-SHA1 (patch-ab) = 5ea2a3e623df6bc2c814c37ce89fed491149f8b4
-SHA1 (patch-configure.ac) = 9031a51162d883b3e3118820d400e07ef99dbad9
-SHA1 (patch-doc_tools_Makefile.am) = 4535988c6fbe4b9f45838362f2f9604c91fecd53
+BLAKE2s (opensc-0.23.0.tar.gz) = b29b7ff1fdae39640da96344616329e0f812a024ca0d068135b483e747a6a5a6
+SHA512 (opensc-0.23.0.tar.gz) = ea85f28fc3c8f1b0b98c6edee6c3843fefa709f42caf5930b29e7fa5fbacb8fdf791eadae6325020c676208728f4d75c44bf44b7b89e7ce880a92d04e43bb9d9
+Size (opensc-0.23.0.tar.gz) = 1965145 bytes
+SHA1 (patch-configure.ac) = 37fbb6eab0eb19299ce1feefd08c18a73f688150
+SHA1 (patch-doc_tools_Makefile.am) = bc70d3371cde940f2352e1d9a9e8c3c2c49658ed
+SHA1 (patch-etc_Makefile.am) = 5ca9245c763a9f8a8aa273e7e76c75168c52d0cd
 SHA1 (patch-src_libopensc_log.c) = 00acff447b1890b05cd3bea10ece8d42e7b6cf26
--- a/security/opensc/options.mk
+++ b/security/opensc/options.mk
@ -1,4 +1,4 @@
-# $NetBSD: options.mk,v 1.5 2019/11/04 21:12:56 rillig Exp $
+# $NetBSD: options.mk,v 1.6 2023/02/21 17:23:07 adam Exp $

 PKG_OPTIONS_VAR=	PKG_OPTIONS.opensc

@ -10,12 +10,24 @@ PKG_SUGGESTED_OPTIONS=		pcsc-lite

 .include "../../mk/bsd.options.mk"

+.if ${OPSYS} == "Darwin"
+SOEXT=	dylib
+.else
+SOEXT=	so
+.endif
+
 .if !empty(PKG_OPTIONS:Mpcsc-lite)
 .include "../../security/pcsc-lite/buildlink3.mk"
 CONFIGURE_ARGS+=	--enable-pcsc
+.  if ${OPSYS} == "Darwin" && exists(/System/Library/Frameworks/PCSC.framework)
+# On Darwin, prefer system-provided PCSC.
+.  else
 # While one might expect the libtool .la, ltdl support has been
 # removed from opensc.
-CONFIGURE_ARGS+=	--with-pcsc-provider=${BUILDLINK_PREFIX.pcsc-lite}/lib/libpcsclite.so
+CONFIGURE_ARGS+=	--with-pcsc-provider=${BUILDLINK_PREFIX.pcsc-lite}/lib/libpcsclite.${SOEXT}
+.  endif
+# This is perhaps an upstream bug.
+CONFIGURE_ENV+=		PCSC_CFLAGS=-I${BUILDLINK_PREFIX.pcsc-lite}/include/PCSC
 .else
 CONFIGURE_ARGS+=	--disable-pcsc
 .endif
--- a/security/opensc/patches/patch-ab
+++ b/security/opensc/patches/patch-ab
@ -1,15 +0,0 @@
-$NetBSD: patch-ab,v 1.6 2018/10/13 10:54:05 mlelstv Exp $
-
-This patch was added 2009-09-10 by hasso@, with comment:
-  More userfriendly default configuration.
-
--- etc/opensc.conf.example.in.orig	2018-09-13 11:47:21.000000000 +0000
-+++ etc/opensc.conf.example.in
-@@ -898,6 +898,7 @@ app default {
- 		#
- 		# Default: no
- 		# try_emulation_first = yes;
-+		try_emulation_first = yes;
- 
- 		# Enable builtin emulators.
- 		# Default: yes
--- a/security/opensc/patches/patch-configure.ac
+++ b/security/opensc/patches/patch-configure.ac
@ -1,24 +1,16 @@
-$NetBSD: patch-configure.ac,v 1.3 2016/08/04 13:08:25 mef Exp $
+$NetBSD: patch-configure.ac,v 1.4 2023/02/21 17:23:07 adam Exp $

-This hunk has been in pkgsrc for a long time; it needs a comment!
+Do not fail if dlopen() library is not found.

--- configure.ac.orig	2016-06-04 08:22:08.000000000 +0900
-+++ configure.ac	2016-08-04 21:50:22.000000000 +0900
-@@ -384,17 +384,6 @@ if test "${WIN32}" = "no"; then
- 	AC_SEARCH_LIBS([dlopen], [dl dld], [], [
- 		AC_MSG_ERROR([unable to find the dlopen() function])
- 	])
-
-	dnl Special check for pthread support.
-	AX_PTHREAD(
-		[AC_DEFINE(
-			[HAVE_PTHREAD],
-			[1],
-			[Define if you have POSIX threads libraries and header files.]
-		)],
-		[AC_MSG_ERROR([POSIX thread support required])]
-	)
-	CC="${PTHREAD_CC}"
- fi
- 
- if test "${enable_thread_locking}" = "yes"; then
+--- configure.ac.orig	2023-02-21 13:18:52.603387598 +0000
+++ configure.ac
+@@ -475,8 +475,7 @@ if test "${WIN32}" = "no"; then
+ 			AC_CHECK_LIB(
+ 				[dld],
+ 				[dlopen],
+-				[LDL_LIBS="-ldld"],
+-				AC_MSG_ERROR([unable to find the dlopen() function])
+				[LDL_LIBS="-ldld"]
+ 			)
+ 		)
+ 	fi
--- a/security/opensc/patches/patch-doc_tools_Makefile.am
+++ b/security/opensc/patches/patch-doc_tools_Makefile.am
@ -1,17 +1,16 @@
-$NetBSD: patch-doc_tools_Makefile.am,v 1.2 2018/10/13 10:54:05 mlelstv Exp $
+$NetBSD: patch-doc_tools_Makefile.am,v 1.3 2023/02/21 17:23:07 adam Exp $

 These files are interpreted as config files by the pkgsrc framework,
 and there's no agreed-upon place to put them.  For now, just skip
 installing them.  Not reported upstream.

--- doc/tools/Makefile.am.orig	2018-09-13 11:47:21.000000000 +0000
+--- doc/tools/Makefile.am.orig	2022-11-29 08:34:43.000000000 +0000
 +++ doc/tools/Makefile.am
-@@ -14,7 +14,7 @@ if ENABLE_MAN
+@@ -11,7 +11,6 @@ if ENABLE_MAN
 man1_MANS = $(patsubst $(srcdir)/%.xml, %, $(wildcard $(srcdir)/*.1.xml))
 endif
 
 -completion_DATA = $(patsubst $(srcdir)/%.1.xml, %, $(wildcard $(srcdir)/*.1.xml))
-+#completion_DATA = $(patsubst $(srcdir)/%.1.xml, %, $(wildcard $(srcdir)/*.1.xml))
 
 tools.html: $(srcdir)/tools.xml $(wildcard $(srcdir)/*.1.xml)
- 	$(XSLTPROC) --nonet --path "$(srcdir)/..:$(xslstylesheetsdir)/html" --xinclude -o $@ html.xsl $<
+ 	$(AM_V_GEN)$(XSLTPROC) --nonet --path "$(srcdir)/..:$(xslstylesheetsdir)/html" --xinclude -o $@ html.xsl $< 2>/dev/null
--- a/security/opensc/patches/patch-etc_Makefile.am
+++ b/security/opensc/patches/patch-etc_Makefile.am
@ -1,4 +1,4 @@
-$NetBSD: patch-aa,v 1.7 2018/10/13 10:54:05 mlelstv Exp $
+$NetBSD: patch-etc_Makefile.am,v 1.1 2023/02/21 17:23:07 adam Exp $

 Disable installation of config file, because pkgsrc installs config
 files as examples.