https://github.com/OpenSC/OpenSC/releases/tag/0.23.0
my smart card keeps working with the opensc-pkcs11.so module as tested in
firefox, chrome and qdigidoc4.
Upstream tries to find a library to link against for dlopen(3) unless
LDL_LIB is already set, so instead of patching it for systems like ours
where dlopen(3) comes from libc, pass the empty string to skip detection;
I can upstream a proper fix later.
LibreSSL macro guards needed fixing, but I'm not 100% sure I got them right.
major bump due to symbol removal.
Feedback? OK?
Index: Makefile
===================================================================
RCS file: /cvs/ports/security/opensc/Makefile,v
retrieving revision 1.63
diff -u -p -r1.63 Makefile
--- Makefile 5 Nov 2022 17:07:24 -0000 1.63
+++ Makefile 20 Jun 2023 10:49:04 -0000
@@ -1,10 +1,9 @@
COMMENT= set of libraries and utilities to access smart cards
-V= 0.22.0
-REVISION= 3
+V= 0.23.0
DISTNAME= opensc-${V}
-SHARED_LIBS += opensc 7.3 # 8.0
+SHARED_LIBS += opensc 8.0 # 9.0
SHARED_LIBS += smm-local 3.1
CATEGORIES= security
@@ -14,8 +13,7 @@ HOMEPAGE= https://github.com/OpenSC/Open
# LGPLv2.1+
PERMIT_PACKAGE= Yes
-WANTLIB= c crypto curses ffi gio-2.0 glib-2.0 gmodule-2.0 gobject-2.0 \
- iconv intl pcre2-8 pthread readline z
+WANTLIB= c crypto curses gio-2.0 gobject-2.0 iconv pthread readline z
MASTER_SITES= https://github.com/OpenSC/OpenSC/releases/download/${V}/
@@ -24,7 +22,8 @@ BUILD_DEPENDS= security/pcsc-lite \
textproc/docbook-xsl
RUN_DEPENDS= devel/desktop-file-utils \
security/ccid
-TEST_DEPENDS= shells/bash
+TEST_DEPENDS= security/softhsm2 \
+ shells/bash
LIB_DEPENDS= devel/glib2
LIBTOOL_FLAGS= --tag=disable-static
@@ -37,7 +36,8 @@ CONFIGURE_ARGS= --enable-static \
--disable-cryptotokenkit \
--with-pkcs11-provider=${LOCALBASE}/lib/pkcs11/opensc-pkcs11.so
\
--with-xsl-stylesheetsdir=${LOCALBASE}/share/xsl/docbook
-CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include/PCSC"
+CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include/PCSC" \
+ LDL_LIBS=' '
FAKE_FLAGS= mandir="${PREFIX}/man/" \
sysconfdir="${PREFIX}/share/examples/opensc/"
Index: distinfo
===================================================================
RCS file: /cvs/ports/security/opensc/distinfo,v
retrieving revision 1.17
diff -u -p -r1.17 distinfo
--- distinfo 10 Mar 2022 14:37:15 -0000 1.17
+++ distinfo 20 Jun 2023 07:38:18 -0000
@@ -1,2 +1,2 @@
-SHA256 (opensc-0.22.0.tar.gz) = jU5TRxlevqMyvlhd9h3MRwMxwmlp5LBEfIUfsIRMcYY=
-SIZE (opensc-0.22.0.tar.gz) = 2287020
+SHA256 (opensc-0.23.0.tar.gz) = pIRKbqA6Ui7PNeSWWXFtrLa+A/fAEKGlg6rz65Fe0uA=
+SIZE (opensc-0.23.0.tar.gz) = 2366469
Index: patches/patch-configure_ac
===================================================================
RCS file: /cvs/ports/security/opensc/patches/patch-configure_ac,v
retrieving revision 1.14
diff -u -p -r1.14 patch-configure_ac
--- patches/patch-configure_ac 28 Jun 2022 10:13:51 -0000 1.14
+++ patches/patch-configure_ac 20 Jun 2023 10:38:19 -0000
@@ -1,7 +1,7 @@
Index: configure.ac
--- configure.ac.orig
+++ configure.ac
-@@ -414,7 +414,7 @@ AC_FUNC_STAT
+@@ -427,7 +427,7 @@ AC_FUNC_STAT
AC_FUNC_VPRINTF
AC_CHECK_FUNCS([ \
getpass gettimeofday getline memset mkdir \
Index: patches/patch-src_libopensc_card-iasecc_c
===================================================================
RCS file: patches/patch-src_libopensc_card-iasecc_c
diff -N patches/patch-src_libopensc_card-iasecc_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_libopensc_card-iasecc_c 20 Jun 2023 10:38:44 -0000
@@ -0,0 +1,16 @@
+LibreSSL does provide an EVP_MD_CTX_md_data() accessor
+
+Index: src/libopensc/card-iasecc.c
+--- src/libopensc/card-iasecc.c.orig
++++ src/libopensc/card-iasecc.c
+@@ -45,10 +45,6 @@
+ * LibreSSL
+ */
+
+-#if defined(LIBRESSL_VERSION_NUMBER)
+-# define EVP_MD_CTX_md_data(x) (x->md_data)
+-#endif
+-
+ #include "internal.h"
+ #include "asn1.h"
+ #include "cardctl.h"
Index: patches/patch-src_libopensc_sc-ossl-compat_h
===================================================================
RCS file:
/cvs/ports/security/opensc/patches/patch-src_libopensc_sc-ossl-compat_h,v
retrieving revision 1.6
diff -u -p -r1.6 patch-src_libopensc_sc-ossl-compat_h
--- patches/patch-src_libopensc_sc-ossl-compat_h 10 Mar 2022 14:37:15
-0000 1.6
+++ patches/patch-src_libopensc_sc-ossl-compat_h 20 Jun 2023 10:40:03
-0000
@@ -1,12 +1,18 @@
+LibreSSL does provide EVP_sha3_*() and EVP_PKEY_new(3)
+
Index: src/libopensc/sc-ossl-compat.h
--- src/libopensc/sc-ossl-compat.h.orig
+++ src/libopensc/sc-ossl-compat.h
-@@ -71,7 +71,7 @@ extern "C" {
- #define EVP_PKEY_base_id(x) (x->type)
+@@ -49,12 +49,6 @@ extern "C" {
+ #if LIBRESSL_VERSION_NUMBER < 0x30500000L
+ #define FIPS_mode() (0)
+ #endif
+-#define EVP_sha3_224() (NULL)
+-#define EVP_sha3_256() (NULL)
+-#define EVP_sha3_384() (NULL)
+-#define EVP_sha3_512() (NULL)
+-#define EVP_PKEY_new_raw_public_key(t, e, p, l) (NULL)
+-#define EVP_PKEY_get_raw_public_key(p, pu, l) (0)
#endif
--#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
- #define RSA_PKCS1_OpenSSL RSA_PKCS1_SSLeay
-
- #define X509_get_extension_flags(x) (x->ex_flags)
+ /* OpenSSL 1.1.1 has FIPS_mode function */
Index: patches/patch-src_libopensc_sc_c
===================================================================
RCS file: /cvs/ports/security/opensc/patches/patch-src_libopensc_sc_c,v
retrieving revision 1.4
diff -u -p -r1.4 patch-src_libopensc_sc_c
--- patches/patch-src_libopensc_sc_c 13 Oct 2022 13:11:27 -0000 1.4
+++ patches/patch-src_libopensc_sc_c 20 Jun 2023 09:29:45 -0000
@@ -7,7 +7,7 @@ but we might as well use this which conc
Index: src/libopensc/sc.c
--- src/libopensc/sc.c.orig
+++ src/libopensc/sc.c
-@@ -912,14 +912,18 @@ void *sc_mem_secure_alloc(size_t len)
+@@ -923,14 +923,18 @@ void *sc_mem_secure_alloc(size_t len)
len = pages * page_size;
}
@@ -28,7 +28,7 @@ Index: src/libopensc/sc.c
#endif
return p;
-@@ -927,10 +931,14 @@ void *sc_mem_secure_alloc(size_t len)
+@@ -938,10 +942,14 @@ void *sc_mem_secure_alloc(size_t len)
void sc_mem_secure_free(void *ptr, size_t len)
{
Index: patches/patch-src_pkcs11_Makefile_am
===================================================================
RCS file: /cvs/ports/security/opensc/patches/patch-src_pkcs11_Makefile_am,v
retrieving revision 1.6
diff -u -p -r1.6 patch-src_pkcs11_Makefile_am
--- patches/patch-src_pkcs11_Makefile_am 28 Jun 2022 10:13:51 -0000
1.6
+++ patches/patch-src_pkcs11_Makefile_am 20 Jun 2023 10:41:38 -0000
@@ -1,3 +1,6 @@
+- Fix lib and pkgconfig directories
+- Neuter install-exec-hook target
+
Index: src/pkcs11/Makefile.am
--- src/pkcs11/Makefile.am.orig
+++ src/pkcs11/Makefile.am
@@ -9,9 +12,9 @@ Index: src/pkcs11/Makefile.am
MAINTAINERCLEANFILES = $(srcdir)/Makefile.in $(srcdir)/versioninfo-pkcs11.rc
$(srcdir)/versioninfo-pkcs11-spy.rc
EXTRA_DIST = Makefile.mak versioninfo-pkcs11.rc.in
versioninfo-pkcs11-spy.rc.in opensc-pkcs11.pc.in opensc-pkcs11.dll.manifest
onepin-opensc-pkcs11.dll.manifest
-@@ -24,10 +26,6 @@ OPENSC_PKCS11_LIBS = \
- $(top_builddir)/src/common/libcompat.la \
- $(OPENPACE_LIBS) $(OPTIONAL_OPENSSL_LIBS) $(PTHREAD_LIBS)
+@@ -27,10 +29,6 @@ if WIN32
+ OPENSC_PKCS11_LIBS += -lshlwapi
+ endif
-pkgconfigdir = $(libdir)/pkgconfig
-pkgconfig_DATA = opensc-pkcs11.pc
@@ -20,19 +23,11 @@ Index: src/pkcs11/Makefile.am
opensc_pkcs11_la_SOURCES = $(OPENSC_PKCS11_SRC) $(OPENSC_PKCS11_INC)
opensc_pkcs11_la_CFLAGS = $(OPENSC_PKCS11_CFLAGS)
opensc_pkcs11_la_LIBADD = $(OPENSC_PKCS11_LIBS)
-@@ -69,15 +67,6 @@ install-exec-hook:
- for l in opensc-pkcs11.dll pkcs11-spy.dll; do \
- mv "$(DESTDIR)$(libdir)/$$l" "$(DESTDIR)$(bindir)/$$l"; \
- done
--else
--# see http://wiki.cacert.org/wiki/Pkcs11TaskForce
--install-exec-hook:
-- $(MKDIR_P) "$(DESTDIR)$(pkcs11dir)"
-- for l in opensc-pkcs11$(DYN_LIB_EXT) onepin-opensc-pkcs11$(DYN_LIB_EXT)
pkcs11-spy$(DYN_LIB_EXT); do \
-- rm -f "$(DESTDIR)$(pkcs11dir)/$$l"; \
-- $(LN_S) ../$$l "$(DESTDIR)$(pkcs11dir)/$$l"; \
-- done
--
- endif
-
- TIDY_FLAGS = $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS)
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) $(OPENSC_PKCS11_CFLAGS)
+@@ -81,6 +79,7 @@ uninstall-hook:
+ else
+ # see http://wiki.cacert.org/wiki/Pkcs11TaskForce
+ install-exec-hook:
++neutered:
+ $(MKDIR_P) "$(DESTDIR)$(pkcs11dir)"
+ for l in opensc-pkcs11$(DYN_LIB_EXT) onepin-opensc-pkcs11$(DYN_LIB_EXT)
pkcs11-spy$(DYN_LIB_EXT); do \
+ rm -f "$(DESTDIR)$(pkcs11dir)/$$l"; \
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/security/opensc/pkg/PLIST,v
retrieving revision 1.16
diff -u -p -r1.16 PLIST
--- pkg/PLIST 16 Mar 2022 10:16:26 -0000 1.16
+++ pkg/PLIST 20 Jun 2023 10:31:55 -0000
@@ -7,7 +7,6 @@
@bin bin/goid-tool
@bin bin/iasecc-tool
@bin bin/netkey-tool
-@bin bin/npa-tool
@bin bin/openpgp-tool
@bin bin/opensc-asn1
@bin bin/opensc-explorer
@@ -106,8 +105,6 @@ share/opensc/iasecc_generic_oberthur.pro
share/opensc/iasecc_generic_pki.profile
share/opensc/incrypto34.profile
share/opensc/isoApplet.profile
-share/opensc/jcop.profile
-share/opensc/miocos.profile
share/opensc/muscle.profile
share/opensc/myeid.profile
share/opensc/oberthur.profile
