Subject: CVS commit: pkgsrc/security/opensc
From: Greg Troxel
Date: 2015-09-07 21:59:42
Message id: 20150907195942.F04E398@cvs.netbsd.org

Log Message:
Update to 0.15.0.  Some pkgsrc patches are now upstream.  Don't
install new bash completion files, given a lack of pkgsrc doctrine for
where they go.

New in 0.15.0; 2015-05-11
* new card drivers
  AzeDIT 3.5
  IsoApplet
  MaskTech
* libopensc
  allow extended length APDUs
  accept no output for 'SELECT' MF and 'SELECT' DF_NAME APDUs
  fixed sc_driver_version check
  adjusted send/receive size accoriding to card capabilities
  in iso7816 make SELECT agnosting to sc_path_t's aid
* asn1
  support multi-bytes tags
* pkcs15
  reviewed support and tool functions for public key
  public certs and pubkeys with an auth_id are treated as private
* pkcs11
  introduced  default PKCS#11 provider
  fetched real value of CKA_LOCAL for pubkey
  removed inconsistent attributes
  C_Digest issues
    no check if buffer too small before update
* added support for Travis CI
* updated support of EC in libopensc, pkcs15 and pkcs11
* fixed number of warnings, resource leaks, overity-scan issues
* macosx
  target minimum OSX version to 10.7
  update the minimal building instructions.
  locate and target the latest SDK to build against.
  locate the best newest SDK present on the computer.
* build
  disable Secure Messaging if OpenSSL is not used
* tools
  util_get_pin helper function
* PIV
  Add AES support for PIV General Authenticate
  fixed invalid bit when writing PIV certificate object with gzipped certificate
  fixed bad caching behavior of PIV PKCS15 emulator
* ePass2003
  fixed failure due to re-authenticate of secure messaging when card is accessed
      by multiple PKCS11 sessions
* MyEID
  EC support for MyEID-v4 card
* openpgp
  extended options for openpgp-tool
* asepcos
  fixed puk handling
* sc-hsm
  support for Koblitz curves secp192k1 and secp256k1 (Bitcoin)
  improved error detection and reporting in sc-hsm-tool
  fixed Lc byte in VERIFY PIN block for PC/SC PIN PAD reader
  fix certificate delete bug
* IAS/ECC
  fixed PKCS#11 compliance issues
  support for Morpho IAS Agent Card
* cardos
  overwrite content of deleted private key
* win32
  setup improuvement
     look & feel
     custom actions with card registration
  minidriver impouvement
     fixed errors and warnings returned by Microsoft quality tool
     pin-pad support

New in 0.14.0; 2014-05-31
* new card driver DNIe
* extended existing drivers by support of
    Swedish eID card (gemsafeV1)
    EstEID 3.5 (mcrd)
* bogus javacard driver removed
* build
    return to the standard use of 'autoconf'
    CI specific bootstrap script: git commit stamp for the built packages
    windows friendly compile settings
    fixed a ton of compiler warnings
    fence against using EVP_sha256 mech
    debian packaging templates
    compile without OpenSSL and without SM
    enable compiler warnings by default
    win32
        add 'VarFileInfo' block to version-info
        include to MSI package 'openpgp-tool.exe'
        'version-info' resource for each target
* macOSX
    "graphical uninstaller" to distribution DMG
    update package building to modern tools
    new tool and SDK paths for OS X 10.8
    improved opensc-installer from distribution
    osx: target 10.9 (a free upgrade to anyone using 10.6+) from now on
    build 'fat' binaries i386
* common
    added getpass implementation for non windows
* libopensc
    allow for the pin to be entered on the keypad during issuing
    introduce 'encoded-content' to the sc_file data
    general usage method to allocate generalized time
* minidriver
    implemented 'CardChangeAuthenticator', 'CardGetChallenge' and 'CardUnblockPin'
    improved management of GUID
    use reader pin pad if available and allowed
    configuration options for
        compose GUID
        refuse create container mechanism
    add registers file for feitian cards
    fixed
        return code in 'CardGetContainerInfo'
        returned 'tries-left' for blocked card
        length of stripped data in RSADecrypt
* pkcs#11
    bind non-recognized card, generic 'init-token' procedure
    fixed
        CKA_VALUE of 'public-key' object
        fix ASN1 encoding issues
        PIN-NOT-INITIALIZED for the non-user PINs
        buffers overflow
        segfault due to the undefined 'application-file'
* pkcs15
    'direct' public key in PuKDF encoding
    implement SPKI public key encoding
    include and maintain minidriver framework data: cmap-record, md-flags, GUID, ..
    fixed
        encoding of 'SubjectPublicKeyInfo'
        DER encoding of 'issuer' and 'subject'
        PIN validation in 'pkcs15-verify'
        public key algorithm
        ECC public key encoding
        ECC ecpointQ
* pkcs15init
    introduce 'max-unblocks' PIN init parameter
    keep cert. blob in cert-info data
    file 'content' and 'prop-attrs' in the card profile
    in profile more AC operations are parsed
    fixed
        NULL pointer dereference error
        NULL 'store-key' handle
        ignore if no TokenInfo file to update
        set EC pubkey parameters from init data
* reader-pcsc
    fixed
        implicit pin modification
        pin checking when implicitly given
        verify/modify pinpad commands
* SM
    common SM 'increase-sequence-counter' procedure
    move SM APDU procedures to dedicated source file
    move SM common crypto procedures to the dedicated library
* doc
    documentation for --list-token-slots
* default driver
    do not send possibly arbitrary APDU-s to an unknown card.
    by default 'default' card driver is disabled
* sc-hsm
    Added support for
        persistent EC public keys generated from certificate signing requests
        token label to be set via C_InitToken or sc-hsm-tool
        unblock PIN using C_InitPIN()
    initialize EC key params
    fixed
        bug that prevents a newly generated 2048 key to show up at the PKCS#11 \ 
interface
        bug when changing SO-PIN with opensc-explorer sc-hsm-tool
        memory checking and removed warning
        problem deleting CA certificates sc-hsm
        public key format returned when generating ECC keys
    sc-hsm-tool
        better error handling for non-SmartCard-HSM cards
        support for DKEK password sharing scheme
        threshold scheme parameters to manpage
        crash on Windows when --wrap-key frees memory allocated in opensc.dll
* ias
    simplify the compute signature operation
* PIV
    use SPKI encoding for public key data
    extract public key from cert if no object on card
    fix
        segfault and valgrind issue
        gen_key to expect the proper PIV Key references
* CardOS
    build for Windows
    use information from AlgorithmInfo
    supported CardOS V5.0
* epass2003
    key generation allows stricter privkey/pubkey ACLs
    list_files implemented
    properly disable padding
    allow exponents other than 65537
* myeid
    fixed file-id in myeid.profile
* entersafe
    fix a bug when writing public key
* EstEID
    match card only based on presence of application.
* pteid
    do not call the iso7816 driver get_response operation
* myeid
    support of EC key is broken

Files:
RevisionActionfile
1.23modifypkgsrc/security/opensc/Makefile
1.8modifypkgsrc/security/opensc/PLIST
1.12modifypkgsrc/security/opensc/distinfo
1.5modifypkgsrc/security/opensc/patches/patch-aa
1.5modifypkgsrc/security/opensc/patches/patch-ab
1.2modifypkgsrc/security/opensc/patches/patch-configure.ac
1.3modifypkgsrc/security/opensc/patches/patch-src_common_compat__getopt.h
1.3modifypkgsrc/security/opensc/patches/patch-src_common_compat__getopt__main.c
1.2modifypkgsrc/security/opensc/patches/patch-src_libopensc_log.c
1.4modifypkgsrc/security/opensc/patches/patch-src_pkcs11_pkcs11-global.c
1.1removepkgsrc/security/opensc/patches/patch-bootstrap
1.2removepkgsrc/security/opensc/patches/patch-src_common_compat__getopt.c