dist-git conversion

#2781)

.cvsignore

@@ -1 +0,0 @@
-pcsc-lite-1.3.3.tar.gz

.gitignore

@@ -0,0 +1 @@
+pcsc-lite-1.5.2.tar.bz2

Makefile

@@ -1,6 +0,0 @@
-# Makefile for source rpm: pcsc-lite
-# $Id$
-NAME := pcsc-lite
-SPECFILE = $(firstword $(wildcard *.spec))
-
-include ../common/Makefile.common

pcsc-lite-1.3.0-rpath64.patch

@@ -1,20 +0,0 @@
---- pcsc-lite-1.3.0/configure~	2006-03-03 15:48:59.000000000 +0200
-+++ pcsc-lite-1.3.0/configure	2006-03-05 23:40:48.000000000 +0200
-@@ -9103,7 +9103,7 @@
- shlibpath_overrides_runpath=unknown
- version_type=none
- dynamic_linker="$host_os ld.so"
--sys_lib_dlsearch_path_spec="/lib /usr/lib"
-+sys_lib_dlsearch_path_spec="/lib64 /usr/lib64 /lib /usr/lib"
- if test "$GCC" = yes; then
-   sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
-   if echo "$sys_lib_search_path_spec" | grep ';' >/dev/null ; then
-@@ -9480,7 +9480,7 @@
-   # Append ld.so.conf contents to the search path
-   if test -f /etc/ld.so.conf; then
-     lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:,	]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
--    sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
-+    sys_lib_dlsearch_path_spec="/lib64 /usr/lib64 /lib /usr/lib $lt_ld_extra"
-   fi
- 
-   # We used to test for /lib/ld.so.1 and disable shared libraries on

pcsc-lite-1.4-docinst.patch

@@ -0,0 +1,11 @@
+--- ./doc/Makefile.in.docinst	2008-06-26 20:32:52.000000000 -0700
++++ ./doc/Makefile.in	2008-08-28 14:18:11.240452000 -0700
+@@ -612,7 +612,7 @@
+ 
+ info-am:
+ 
+-install-data-am: install-docDATA install-man
++install-data-am: install-man
+ 
+ install-dvi: install-dvi-recursive
+ 

pcsc-lite-1.4.100-rpath64.patch

@@ -0,0 +1,20 @@
+--- pcsc-lite-1.4.101/configure.rpath64	2008-04-30 08:14:32.000000000 -0700
++++ pcsc-lite-1.4.101/configure	2008-05-06 17:13:11.168871000 -0700
+@@ -10503,7 +10503,7 @@
+ shlibpath_overrides_runpath=unknown
+ version_type=none
+ dynamic_linker="$host_os ld.so"
+-sys_lib_dlsearch_path_spec="/lib /usr/lib"
++sys_lib_dlsearch_path_spec="/lib64 /usr/lib64 /lib /usr/lib"
+ 
+ if test "$GCC" = yes; then
+   case $host_os in
+@@ -10902,7 +10902,7 @@
+   # Append ld.so.conf contents to the search path
+   if test -f /etc/ld.so.conf; then
+     lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ 	]*hwcap[ 	]/d;s/[:,	]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
+-    sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
++    sys_lib_dlsearch_path_spec="/lib64 /usr/lib/64 /lib /usr/lib $lt_ld_extra"
+   fi
+ 
+   # We used to test for /lib/ld.so.1 and disable shared libraries on

pcsc-lite-1.5-permissions.patch

@@ -0,0 +1,49 @@
+diff -up ./src/pcscdaemon.c.permissions ./src/pcscdaemon.c
+--- ./src/pcscdaemon.c.permissions	2009-02-06 00:46:20.000000000 -0800
++++ ./src/pcscdaemon.c	2009-06-17 10:06:49.419656000 -0700
+@@ -438,7 +438,8 @@ int main(int argc, char **argv)
+ 	rv = SYS_Stat(PCSCLITE_EVENTS_DIR, &fStatBuf);
+ 	if (rv < 0)
+ 	{
+-		int mode = S_IRWXU | S_IWGRP | S_IXGRP | S_IWOTH | S_IXOTH; /* 0755 */
++ 		/* 1733 : world writable + sticky bit */
++ 		int mode = S_IRWXU | S_IWGRP | S_IXGRP | S_IWOTH | S_IXOTH | S_ISVTX;
+ 
+ 		rv = SYS_Mkdir(PCSCLITE_EVENTS_DIR, mode);
+ 		if (rv != 0)
+diff -up ./src/winscard_clnt.c.permissions ./src/winscard_clnt.c
+--- ./src/winscard_clnt.c.permissions	2009-02-06 00:46:20.000000000 -0800
++++ ./src/winscard_clnt.c	2009-06-17 10:07:32.392742000 -0700
+@@ -1717,7 +1717,7 @@ static long WaitForPcscdEvent(SCARDCONTE
+ {
+ 	char filename[FILENAME_MAX];
+ 	char buf[1];
+-	int fd;
++	int fd, r;
+ 	struct timeval tv, *ptv = NULL;
+ 	struct timeval before, after;
+ 	fd_set read_fd;
+@@ -1734,7 +1734,14 @@ static long WaitForPcscdEvent(SCARDCONTE
+ 
+ 	(void)snprintf(filename, sizeof(filename), "%s/event.%d.%ld",
+ 		PCSCLITE_EVENTS_DIR, SYS_GetPID(), hContext);
+-	(void)mkfifo(filename, 0644);
++	r = mkfifo(filename, 0644);
++ 	if (-1 == r)
++ 	{
++ 		Log2(PCSC_LOG_CRITICAL, "Can't create event fifo: %s", strerror(errno));
++ 		goto exit;
++ 	}
++ 
++
+ 	fd = SYS_OpenFile(filename, O_RDONLY | O_NONBLOCK, 0);
+ 
+ 	FD_ZERO(&read_fd);
+@@ -1755,6 +1762,7 @@ static long WaitForPcscdEvent(SCARDCONTE
+ 		dwTime -= diff/1000;
+ 	}
+ 
++exit:
+ 	return dwTime;
+ }
+ 

pcsc-lite-CVE-2010-0407.patch

@@ -0,0 +1,109 @@
+diff -ru pcsc-lite-1.4.102.orig//src/winscard_svc.c pcsc-lite-1.4.102/src/winscard_svc.c
+--- pcsc-lite-1.4.102.orig//src/winscard_svc.c	2008-06-27 05:31:39.000000000 +0200
++++ pcsc-lite-1.4.102/src/winscard_svc.c	2010-05-26 15:04:04.000000000 +0200
+@@ -385,6 +385,14 @@
+ 		dwProtocol = stStr->pdwProtocol;
+ 		cbAtrLen = stStr->pcbAtrLen;
+ 
++		/* avoids buffer overflow */
++		if ((cchReaderLen > sizeof(stStr->mszReaderNames))
++			|| (cbAtrLen > sizeof(stStr->pbAtr)))
++		{
++			stStr->rv = SCARD_E_INSUFFICIENT_BUFFER ;
++			break;
++		}
++
+ 		stStr->rv = SCardStatus(stStr->hCard, stStr->mszReaderNames,
+ 			&cchReaderLen, &dwState,
+ 			&dwProtocol, stStr->pbAtr, &cbAtrLen);
+@@ -400,6 +408,14 @@
+ 		rv = MSGCheckHandleAssociation(trStr->hCard, dwContextIndex);
+ 		if (rv != 0) return rv;
+ 
++		/* avoids buffer overflow */
++		if ((trStr->pcbRecvLength > sizeof(trStr->pbRecvBuffer))
++			|| (trStr->cbSendLength > sizeof(trStr->pbSendBuffer)))
++		{
++			trStr->rv = SCARD_E_INSUFFICIENT_BUFFER ;
++			break;
++		}
++
+ 		ioSendPci.dwProtocol = trStr->pioSendPciProtocol;
+ 		ioSendPci.cbPciLength = trStr->pioSendPciLength;
+ 		ioRecvPci.dwProtocol = trStr->pioRecvPciProtocol;
+@@ -424,6 +440,14 @@
+ 		rv = MSGCheckHandleAssociation(ctStr->hCard, dwContextIndex);
+ 		if (rv != 0) return rv;
+ 
++		/* avoids buffer overflow */
++		if ((ctStr->cbRecvLength > sizeof(ctStr->pbRecvBuffer))
++			|| (ctStr->cbSendLength > sizeof(ctStr->pbSendBuffer)))
++		{
++			ctStr->rv = SCARD_E_INSUFFICIENT_BUFFER;
++			break;
++		}
++
+ 		dwBytesReturned = ctStr->dwBytesReturned;
+ 
+ 		ctStr->rv = SCardControl(ctStr->hCard, ctStr->dwControlCode,
+@@ -440,6 +464,13 @@
+ 		rv = MSGCheckHandleAssociation(gsStr->hCard, dwContextIndex);
+ 		if (rv != 0) return rv;
+ 
++		/* avoids buffer overflow */
++		if (gsStr->cbAttrLen > sizeof(gsStr->pbAttr))
++		{
++			gsStr->rv = SCARD_E_INSUFFICIENT_BUFFER ;
++			break;
++		}
++
+ 		cbAttrLen = gsStr->cbAttrLen;
+ 
+ 		gsStr->rv = SCardGetAttrib(gsStr->hCard, gsStr->dwAttrId,
+@@ -453,6 +484,14 @@
+ 		gsStr = ((getset_struct *) msgStruct->data);
+ 		rv = MSGCheckHandleAssociation(gsStr->hCard, dwContextIndex);
+ 		if (rv != 0) return rv;
++
++		/* avoids buffer overflow */
++		if (gsStr->cbAttrLen > sizeof(gsStr->pbAttr))
++		{
++			gsStr->rv = SCARD_E_INSUFFICIENT_BUFFER ;
++			break;
++		}
++
+ 		gsStr->rv = SCardSetAttrib(gsStr->hCard, gsStr->dwAttrId,
+ 			gsStr->pbAttr, gsStr->cbAttrLen);
+ 		break;
+@@ -467,6 +506,15 @@
+ 			rv = MSGCheckHandleAssociation(treStr->hCard, dwContextIndex);
+ 			if (rv != 0) return rv;
+ 
++			/* avoids buffer overflow */
++			if ((treStr->size > sizeof(pbSendBuffer))
++				|| (treStr->cbSendLength > sizeof(pbSendBuffer))
++				|| (treStr->pcbRecvLength > sizeof(pbRecvBuffer)))
++			{
++				treStr->rv = SCARD_E_INSUFFICIENT_BUFFER;
++				break;
++			}
++
+ 			/* on more block to read? */
+ 			if (treStr->size > PCSCLITE_MAX_MESSAGE_SIZE)
+ 			{
+@@ -548,6 +596,15 @@
+ 			rv = MSGCheckHandleAssociation(cteStr->hCard, dwContextIndex);
+ 			if (rv != 0) return rv;
+ 
++			/* avoids buffer overflow */
++			if ((cteStr->size > sizeof(pbSendBuffer))
++				|| (cteStr->cbSendLength > sizeof(pbSendBuffer))
++				|| (cteStr->cbRecvLength > sizeof(pbRecvBuffer)))
++			{
++				cteStr->rv = SCARD_E_INSUFFICIENT_BUFFER;
++				break;
++			}
++
+ 			/* on more block to read? */
+ 			if (cteStr->size > PCSCLITE_MAX_MESSAGE_SIZE)
+ 			{

pcsc-lite-close_on_exec.patch

@@ -0,0 +1,17 @@
+diff -up ./src/sys_unix.c.close_on_exec ./src/sys_unix.c
+--- ./src/sys_unix.c.close_on_exec	2009-02-24 16:02:47.641288000 -0800
++++ ./src/sys_unix.c	2009-02-24 16:10:25.774746000 -0800
+@@ -123,9 +123,12 @@ INTERNAL int SYS_USleep(int iTimeVal)
+  * @retval >0 The file descriptor.
+  * @retval -1 An error ocurred.
+  */
++
+ INTERNAL int SYS_OpenFile(const char *pcFile, int flags, int mode)
+ {
+-	return open(pcFile, flags, mode);
++	int fd = open(pcFile, flags, mode);
++	fcntl(fd, F_SETFD, FD_CLOEXEC);
++	return fd;
+ }
+ 
+ /**

pcsc-lite-docinst.patch

@@ -1,11 +0,0 @@
---- doc/Makefile.in	2003-05-31 00:24:32.000000000 +0300
-+++ doc/Makefile.in	2003-06-01 15:43:17.000000000 +0300
-@@ -390,7 +390,7 @@
- 
- info-am:
- 
--install-data-am: install-dataDATA install-man
-+install-data-am: install-man
- 
- install-exec-am:
- 

pcsc-lite.spec

@@ -1,18 +1,23 @@
 Name:           pcsc-lite
-Version:        1.3.3
-Release:        1%{dist}
+Version:        1.5.2
+Release:        5%{?dist}
 Summary:        PC/SC Lite smart card framework and applications
+%define upstream_build 2795
 
 Group:          System Environment/Daemons
 License:        BSD
 URL:            http://pcsclite.alioth.debian.org/
-Source0:        http://alioth.debian.org/download.php/1565/%{name}-%{version}.tar.gz
-Patch0:         %{name}-docinst.patch
-Patch1:         %{name}-1.3.0-rpath64.patch
+Source0:        http://alioth.debian.org/download.php/%{upstream_build}/%{name}-%{version}.tar.bz2
+Patch0:         %{name}-1.4-docinst.patch
+Patch1:         %{name}-1.4.100-rpath64.patch
+Patch2:         %{name}-close_on_exec.patch
+Patch3:         %{name}-1.5-permissions.patch
+Patch4:         %{name}-CVE-2010-0407.patch
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires:  libusb-devel >= 0.1.7
+BuildRequires:  hal-devel 
 BuildRequires:  doxygen
 Requires(post): initscripts
 Requires(post): /sbin/chkconfig
@@ -20,8 +25,6 @@ Requires(preun): /sbin/chkconfig
 Requires(preun): initscripts
 Requires(postun): initscripts
 Requires:       pcsc-ifd-handler
-# 390 does not have libusb or smartCards
-ExcludeArch: s390 s390x
 
 %description
 The purpose of PC/SC Lite is to provide a Windows(R) SCard interface
@@ -62,6 +65,9 @@ Group:          Documentation
 %setup -q
 %patch0 -p0 -b .docinst
 %patch1 -p1 -b .rpath64
+%patch2 -p1 -b .close_on_exec
+%patch3 -p0 -b .permissions
+%patch4 -p1 -b .CVE-2010-0407
 
 %build
 %configure \
@@ -96,7 +102,7 @@ rm -f $RPM_BUILD_ROOT%{_mandir}/man1/formaticc.1*
 
 
 %clean
-#rm -rf $RPM_BUILD_ROOT
+rm -rf $RPM_BUILD_ROOT
 
 
 %post
@@ -123,7 +129,7 @@ fi
 %doc AUTHORS ChangeLog* COPYING DRIVERS HELP README SECURITY TODO
 %dir %{_sysconfdir}/reader.conf.d/
 %doc %{_sysconfdir}/reader.conf.d/README
-%ghost %config %{_sysconfdir}/reader.conf
+%ghost %config(noreplace) %{_sysconfdir}/reader.conf
 %{_initrddir}/pcscd
 %{_sbindir}/pcscd
 %{_sbindir}/update-reader.conf
@@ -144,10 +150,57 @@ fi
 
 %files doc
 %defattr(-,root,root,-)
-%doc doc/api/ doc/*.pdf doc/example/pcsc_demo.c
+%doc doc/api/ doc/example/pcsc_demo.c
 
 
 %changelog
+* Sun Jul 04 2010 Kalev Lember <kalev@smartlink.ee> - 1.5.2-5
+- Fix up incorrect checks in CVE-2010-0407.patch (#596426)
+
+* Tue Jun 15 2010 Kalev Lember <kalev@smartlink.ee> - 1.5.2-4
+- Patch for CVE-2010-0407
+
+* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.5.2-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Wed Jun 17 2009 Bob Relyea <rrelyea@redhat.com> - 1.5.2-2
+- Pick up security fixes from upstream
+
+* Fri Feb 27 2009 Bob Relyea <rrelyea@redhat.com> - 1.5.2-1
+- Pick up 1.5.2
+- Add FD_CLOEXEC flag
+- make reader.conf a noreplace config file
+
+* Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.102-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Wed Feb 11 2009 Karsten Hopp <karsten@redhat.com> 1.4.102-4
+- remove excludearch s390, s390x (#467788)
+  even though s390 does not have libusb or smartCards, the libusb
+  packages are required to build other packages.
+
+* Thu Aug 18 2008 Bob Relyea <rrelyea@redhat.com> - 1.4.102-3
+- bump tag becaue the build system can't deal with mistakes.
+
+* Thu Aug 18 2008 Bob Relyea <rrelyea@redhat.com> - 1.4.102-2
+- mock build changes
+
+* Wed Aug 17 2008 Bob Relyea <rrelyea@redhat.com> - 1.4.102-1
+- Pick up 1.4.102
+
+* Wed May 6 2008 Bob Relyea <rrelyea@redhat.com> - 1.4.101-1
+- Pick up 1.4.101
+
+* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 1.4.4-3
+- Autorebuild for GCC 4.3
+
+* Wed Jan 16 2008 Bob Relyea <rrelyea@redhat.com> - 1.4.4-2
+- Silence libpcsc-lite even when the daemon isn't running.
+- fix typo in init file which prevents the config file from being read.
+
+* Tue Nov 22 2007 Bob Relyea <rrelyea@redhat.com> - 1.4.4-1
+- Pick up 1.4.4
+
 * Tue Feb 06 2007 Bob Relyea <rrelyea@redhat.com> - 1.3.3-1
 - Pick up 1.3.3
 

sources

@@ -1 +1 @@
-851b090aa0efedd0196f6afd9c0c61bb  pcsc-lite-1.3.3.tar.gz
+d7d466621bec39354351f09349f6374c  pcsc-lite-1.5.2.tar.bz2