Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK)) by mollari.NetBSD.org (Postfix) with ESMTPS id 2B8ECA5864 for ; Mon, 7 Sep 2015 19:59:45 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id B9C6014A225; Mon, 7 Sep 2015 19:59:44 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 0912F14A1F5 for ; Mon, 7 Sep 2015 19:59:44 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id LfSiF_6Ik_sz for ; Mon, 7 Sep 2015 19:59:43 +0000 (UTC) Received: from cvs.netbsd.org (cvs.NetBSD.org [IPv6:2001:4f8:3:7:2e0:81ff:fe30:95bd]) by mail.netbsd.org (Postfix) with ESMTP id 01CCE14A1F4 for ; Mon, 7 Sep 2015 19:59:43 +0000 (UTC) Received: by cvs.netbsd.org (Postfix, from userid 500) id F04E398; Mon, 7 Sep 2015 19:59:42 +0000 (UTC) Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" MIME-Version: 1.0 Date: Mon, 7 Sep 2015 19:59:42 +0000 From: "Greg Troxel" Subject: CVS commit: pkgsrc/security/opensc To: pkgsrc-changes@NetBSD.org Reply-To: gdt@netbsd.org X-Mailer: log_accum Message-Id: <20150907195942.F04E398@cvs.netbsd.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk Module Name: pkgsrc Committed By: gdt Date: Mon Sep 7 19:59:42 UTC 2015 Modified Files: pkgsrc/security/opensc: Makefile PLIST distinfo pkgsrc/security/opensc/patches: patch-aa patch-ab patch-configure.ac patch-src_common_compat__getopt.h patch-src_common_compat__getopt__main.c patch-src_libopensc_log.c patch-src_pkcs11_pkcs11-global.c Removed Files: pkgsrc/security/opensc/patches: patch-bootstrap patch-src_common_compat__getopt.c Log Message: Update to 0.15.0. Some pkgsrc patches are now upstream. Don't install new bash completion files, given a lack of pkgsrc doctrine for where they go. New in 0.15.0; 2015-05-11 * new card drivers AzeDIT 3.5 IsoApplet MaskTech * libopensc allow extended length APDUs accept no output for 'SELECT' MF and 'SELECT' DF_NAME APDUs fixed sc_driver_version check adjusted send/receive size accoriding to card capabilities in iso7816 make SELECT agnosting to sc_path_t's aid * asn1 support multi-bytes tags * pkcs15 reviewed support and tool functions for public key public certs and pubkeys with an auth_id are treated as private * pkcs11 introduced default PKCS#11 provider fetched real value of CKA_LOCAL for pubkey removed inconsistent attributes C_Digest issues no check if buffer too small before update * added support for Travis CI * updated support of EC in libopensc, pkcs15 and pkcs11 * fixed number of warnings, resource leaks, overity-scan issues * macosx target minimum OSX version to 10.7 update the minimal building instructions. locate and target the latest SDK to build against. locate the best newest SDK present on the computer. * build disable Secure Messaging if OpenSSL is not used * tools util_get_pin helper function * PIV Add AES support for PIV General Authenticate fixed invalid bit when writing PIV certificate object with gzipped certificate fixed bad caching behavior of PIV PKCS15 emulator * ePass2003 fixed failure due to re-authenticate of secure messaging when card is accessed by multiple PKCS11 sessions * MyEID EC support for MyEID-v4 card * openpgp extended options for openpgp-tool * asepcos fixed puk handling * sc-hsm support for Koblitz curves secp192k1 and secp256k1 (Bitcoin) improved error detection and reporting in sc-hsm-tool fixed Lc byte in VERIFY PIN block for PC/SC PIN PAD reader fix certificate delete bug * IAS/ECC fixed PKCS#11 compliance issues support for Morpho IAS Agent Card * cardos overwrite content of deleted private key * win32 setup improuvement look & feel custom actions with card registration minidriver impouvement fixed errors and warnings returned by Microsoft quality tool pin-pad support New in 0.14.0; 2014-05-31 * new card driver DNIe * extended existing drivers by support of Swedish eID card (gemsafeV1) EstEID 3.5 (mcrd) * bogus javacard driver removed * build return to the standard use of 'autoconf' CI specific bootstrap script: git commit stamp for the built packages windows friendly compile settings fixed a ton of compiler warnings fence against using EVP_sha256 mech debian packaging templates compile without OpenSSL and without SM enable compiler warnings by default win32 add 'VarFileInfo' block to version-info include to MSI package 'openpgp-tool.exe' 'version-info' resource for each target * macOSX "graphical uninstaller" to distribution DMG update package building to modern tools new tool and SDK paths for OS X 10.8 improved opensc-installer from distribution osx: target 10.9 (a free upgrade to anyone using 10.6+) from now on build 'fat' binaries i386 * common added getpass implementation for non windows * libopensc allow for the pin to be entered on the keypad during issuing introduce 'encoded-content' to the sc_file data general usage method to allocate generalized time * minidriver implemented 'CardChangeAuthenticator', 'CardGetChallenge' and 'CardUnblockPin' improved management of GUID use reader pin pad if available and allowed configuration options for compose GUID refuse create container mechanism add registers file for feitian cards fixed return code in 'CardGetContainerInfo' returned 'tries-left' for blocked card length of stripped data in RSADecrypt * pkcs#11 bind non-recognized card, generic 'init-token' procedure fixed CKA_VALUE of 'public-key' object fix ASN1 encoding issues PIN-NOT-INITIALIZED for the non-user PINs buffers overflow segfault due to the undefined 'application-file' * pkcs15 'direct' public key in PuKDF encoding implement SPKI public key encoding include and maintain minidriver framework data: cmap-record, md-flags, GUID, .. fixed encoding of 'SubjectPublicKeyInfo' DER encoding of 'issuer' and 'subject' PIN validation in 'pkcs15-verify' public key algorithm ECC public key encoding ECC ecpointQ * pkcs15init introduce 'max-unblocks' PIN init parameter keep cert. blob in cert-info data file 'content' and 'prop-attrs' in the card profile in profile more AC operations are parsed fixed NULL pointer dereference error NULL 'store-key' handle ignore if no TokenInfo file to update set EC pubkey parameters from init data * reader-pcsc fixed implicit pin modification pin checking when implicitly given verify/modify pinpad commands * SM common SM 'increase-sequence-counter' procedure move SM APDU procedures to dedicated source file move SM common crypto procedures to the dedicated library * doc documentation for --list-token-slots * default driver do not send possibly arbitrary APDU-s to an unknown card. by default 'default' card driver is disabled * sc-hsm Added support for persistent EC public keys generated from certificate signing requests token label to be set via C_InitToken or sc-hsm-tool unblock PIN using C_InitPIN() initialize EC key params fixed bug that prevents a newly generated 2048 key to show up at the PKCS#11 interface bug when changing SO-PIN with opensc-explorer sc-hsm-tool memory checking and removed warning problem deleting CA certificates sc-hsm public key format returned when generating ECC keys sc-hsm-tool better error handling for non-SmartCard-HSM cards support for DKEK password sharing scheme threshold scheme parameters to manpage crash on Windows when --wrap-key frees memory allocated in opensc.dll * ias simplify the compute signature operation * PIV use SPKI encoding for public key data extract public key from cert if no object on card fix segfault and valgrind issue gen_key to expect the proper PIV Key references * CardOS build for Windows use information from AlgorithmInfo supported CardOS V5.0 * epass2003 key generation allows stricter privkey/pubkey ACLs list_files implemented properly disable padding allow exponents other than 65537 * myeid fixed file-id in myeid.profile * entersafe fix a bug when writing public key * EstEID match card only based on presence of application. * pteid do not call the iso7816 driver get_response operation * myeid support of EC key is broken To generate a diff of this commit: cvs rdiff -u -r1.22 -r1.23 pkgsrc/security/opensc/Makefile cvs rdiff -u -r1.7 -r1.8 pkgsrc/security/opensc/PLIST cvs rdiff -u -r1.11 -r1.12 pkgsrc/security/opensc/distinfo cvs rdiff -u -r1.4 -r1.5 pkgsrc/security/opensc/patches/patch-aa \ pkgsrc/security/opensc/patches/patch-ab cvs rdiff -u -r1.1 -r0 pkgsrc/security/opensc/patches/patch-bootstrap cvs rdiff -u -r1.1 -r1.2 pkgsrc/security/opensc/patches/patch-configure.ac \ pkgsrc/security/opensc/patches/patch-src_libopensc_log.c cvs rdiff -u -r1.2 -r0 \ pkgsrc/security/opensc/patches/patch-src_common_compat__getopt.c cvs rdiff -u -r1.2 -r1.3 \ pkgsrc/security/opensc/patches/patch-src_common_compat__getopt.h \ pkgsrc/security/opensc/patches/patch-src_common_compat__getopt__main.c cvs rdiff -u -r1.3 -r1.4 \ pkgsrc/security/opensc/patches/patch-src_pkcs11_pkcs11-global.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.