Update to 0.15.0. Some pkgsrc patches are now upstream. Don't

install new bash completion files, given a lack of pkgsrc doctrine for
where they go.

New in 0.15.0; 2015-05-11
* new card drivers
  AzeDIT 3.5
  IsoApplet
  MaskTech
* libopensc
  allow extended length APDUs
  accept no output for 'SELECT' MF and 'SELECT' DF_NAME APDUs
  fixed sc_driver_version check
  adjusted send/receive size accoriding to card capabilities
  in iso7816 make SELECT agnosting to sc_path_t's aid
* asn1
  support multi-bytes tags
* pkcs15
  reviewed support and tool functions for public key
  public certs and pubkeys with an auth_id are treated as private
* pkcs11
  introduced  default PKCS#11 provider
  fetched real value of CKA_LOCAL for pubkey
  removed inconsistent attributes
  C_Digest issues
    no check if buffer too small before update
* added support for Travis CI
* updated support of EC in libopensc, pkcs15 and pkcs11
* fixed number of warnings, resource leaks, overity-scan issues
* macosx
  target minimum OSX version to 10.7
  update the minimal building instructions.
  locate and target the latest SDK to build against.
  locate the best newest SDK present on the computer.
* build
  disable Secure Messaging if OpenSSL is not used
* tools
  util_get_pin helper function
* PIV
  Add AES support for PIV General Authenticate
  fixed invalid bit when writing PIV certificate object with gzipped certificate
  fixed bad caching behavior of PIV PKCS15 emulator
* ePass2003
  fixed failure due to re-authenticate of secure messaging when card is accessed
      by multiple PKCS11 sessions
* MyEID
  EC support for MyEID-v4 card
* openpgp
  extended options for openpgp-tool
* asepcos
  fixed puk handling
* sc-hsm
  support for Koblitz curves secp192k1 and secp256k1 (Bitcoin)
  improved error detection and reporting in sc-hsm-tool
  fixed Lc byte in VERIFY PIN block for PC/SC PIN PAD reader
  fix certificate delete bug
* IAS/ECC
  fixed PKCS#11 compliance issues
  support for Morpho IAS Agent Card
* cardos
  overwrite content of deleted private key
* win32
  setup improuvement
     look & feel
     custom actions with card registration
  minidriver impouvement
     fixed errors and warnings returned by Microsoft quality tool
     pin-pad support

New in 0.14.0; 2014-05-31
* new card driver DNIe
* extended existing drivers by support of
    Swedish eID card (gemsafeV1)
    EstEID 3.5 (mcrd)
* bogus javacard driver removed
* build
    return to the standard use of 'autoconf'
    CI specific bootstrap script: git commit stamp for the built packages
    windows friendly compile settings
    fixed a ton of compiler warnings
    fence against using EVP_sha256 mech
    debian packaging templates
    compile without OpenSSL and without SM
    enable compiler warnings by default
    win32
        add 'VarFileInfo' block to version-info
        include to MSI package 'openpgp-tool.exe'
        'version-info' resource for each target
* macOSX
    "graphical uninstaller" to distribution DMG
    update package building to modern tools
    new tool and SDK paths for OS X 10.8
    improved opensc-installer from distribution
    osx: target 10.9 (a free upgrade to anyone using 10.6+) from now on
    build 'fat' binaries i386
* common
    added getpass implementation for non windows
* libopensc
    allow for the pin to be entered on the keypad during issuing
    introduce 'encoded-content' to the sc_file data
    general usage method to allocate generalized time
* minidriver
    implemented 'CardChangeAuthenticator', 'CardGetChallenge' and 'CardUnblockPin'
    improved management of GUID
    use reader pin pad if available and allowed
    configuration options for
        compose GUID
        refuse create container mechanism
    add registers file for feitian cards
    fixed
        return code in 'CardGetContainerInfo'
        returned 'tries-left' for blocked card
        length of stripped data in RSADecrypt
* pkcs#11
    bind non-recognized card, generic 'init-token' procedure
    fixed
        CKA_VALUE of 'public-key' object
        fix ASN1 encoding issues
        PIN-NOT-INITIALIZED for the non-user PINs
        buffers overflow
        segfault due to the undefined 'application-file'
* pkcs15
    'direct' public key in PuKDF encoding
    implement SPKI public key encoding
    include and maintain minidriver framework data: cmap-record, md-flags, GUID, ..
    fixed
        encoding of 'SubjectPublicKeyInfo'
        DER encoding of 'issuer' and 'subject'
        PIN validation in 'pkcs15-verify'
        public key algorithm
        ECC public key encoding
        ECC ecpointQ
* pkcs15init
    introduce 'max-unblocks' PIN init parameter
    keep cert. blob in cert-info data
    file 'content' and 'prop-attrs' in the card profile
    in profile more AC operations are parsed
    fixed
        NULL pointer dereference error
        NULL 'store-key' handle
        ignore if no TokenInfo file to update
        set EC pubkey parameters from init data
* reader-pcsc
    fixed
        implicit pin modification
        pin checking when implicitly given
        verify/modify pinpad commands
* SM
    common SM 'increase-sequence-counter' procedure
    move SM APDU procedures to dedicated source file
    move SM common crypto procedures to the dedicated library
* doc
    documentation for --list-token-slots
* default driver
    do not send possibly arbitrary APDU-s to an unknown card.
    by default 'default' card driver is disabled
* sc-hsm
    Added support for
        persistent EC public keys generated from certificate signing requests
        token label to be set via C_InitToken or sc-hsm-tool
        unblock PIN using C_InitPIN()
    initialize EC key params
    fixed
        bug that prevents a newly generated 2048 key to show up at the PKCS#11 interface
        bug when changing SO-PIN with opensc-explorer sc-hsm-tool
        memory checking and removed warning
        problem deleting CA certificates sc-hsm
        public key format returned when generating ECC keys
    sc-hsm-tool
        better error handling for non-SmartCard-HSM cards
        support for DKEK password sharing scheme
        threshold scheme parameters to manpage
        crash on Windows when --wrap-key frees memory allocated in opensc.dll
* ias
    simplify the compute signature operation
* PIV
    use SPKI encoding for public key data
    extract public key from cert if no object on card
    fix
        segfault and valgrind issue
        gen_key to expect the proper PIV Key references
* CardOS
    build for Windows
    use information from AlgorithmInfo
    supported CardOS V5.0
* epass2003
    key generation allows stricter privkey/pubkey ACLs
    list_files implemented
    properly disable padding
    allow exponents other than 65537
* myeid
    fixed file-id in myeid.profile
* entersafe
    fix a bug when writing public key
* EstEID
    match card only based on presence of application.
* pteid
    do not call the iso7816 driver get_response operation
* myeid
    support of EC key is broken

12 files changed, 50 insertions, 96 deletions

diff --git a/security/opensc/Makefile b/security/opensc/Makefile
index baf0ac9a271..204610ea00b 100644
--- a/security/opensc/Makefile
+++ b/security/opensc/Makefile
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.22 2015/08/27 19:06:44 joerg Exp $
+# $NetBSD: Makefile,v 1.23 2015/09/07 19:59:42 gdt Exp $
 
-OPENSC_PKG_VERSION=	0.13.0
+OPENSC_PKG_VERSION=	0.15.0
 DISTNAME=		opensc-${OPENSC_PKG_VERSION}
-PKGREVISION=		1
 CATEGORIES=		security
 MASTER_SITES=		${MASTER_SITE_SOURCEFORGE:=opensc/OpenSC/opensc-0.13.0/}
 
diff --git a/security/opensc/PLIST b/security/opensc/PLIST
index 4a480630858..b0732d9b1a4 100644
--- a/security/opensc/PLIST
+++ b/security/opensc/PLIST
@@ -1,6 +1,7 @@
-@comment $NetBSD: PLIST,v 1.7 2014/03/14 20:49:56 gdt Exp $
+@comment $NetBSD: PLIST,v 1.8 2015/09/07 19:59:42 gdt Exp $
 bin/cardos-tool
 bin/cryptoflex-tool
+bin/dnie-tool
 bin/eidenv
 bin/iasecc-tool
 bin/netkey-tool
@@ -15,12 +16,16 @@ bin/pkcs15-tool
 bin/sc-hsm-tool
 bin/westcos-tool
 lib/libopensc.la
+lib/libsmm-local.la
+lib/onepin-opensc-pkcs11.la
 lib/opensc-pkcs11.la
 lib/pkcs11-spy.la
+lib/pkcs11/onepin-opensc-pkcs11.so
 lib/pkcs11/opensc-pkcs11.so
 lib/pkcs11/pkcs11-spy.so
 man/man1/cardos-tool.1
 man/man1/cryptoflex-tool.1
+man/man1/dnie-tool.1
 man/man1/eidenv.1
 man/man1/iasecc-tool.1
 man/man1/netkey-tool.1
@@ -53,6 +58,7 @@ share/opensc/iasecc_admin_eid.profile
 share/opensc/iasecc_generic_oberthur.profile
 share/opensc/iasecc_generic_pki.profile
 share/opensc/incrypto34.profile
+share/opensc/isoApplet.profile
 share/opensc/jcop.profile
 share/opensc/miocos.profile
 share/opensc/muscle.profile
diff --git a/security/opensc/distinfo b/security/opensc/distinfo
index 4311274e5e9..f1abafc3fec 100644
--- a/security/opensc/distinfo
+++ b/security/opensc/distinfo
@@ -1,14 +1,13 @@
-$NetBSD: distinfo,v 1.11 2014/03/14 20:49:56 gdt Exp $
+$NetBSD: distinfo,v 1.12 2015/09/07 19:59:42 gdt Exp $
 
-SHA1 (opensc-0.13.0.tar.gz) = 9285ccbed7b49f63e488c8fb1b3e102994a28218
-RMD160 (opensc-0.13.0.tar.gz) = 394e46a8a538155e33d9dcf830edc5db746086b7
-Size (opensc-0.13.0.tar.gz) = 1946899 bytes
-SHA1 (patch-aa) = 4c5110104252d2ec184cfc0ae7c194b12a91e176
-SHA1 (patch-ab) = 49f3ada86b4f7485ee56162b31bd75f740c4d5cc
-SHA1 (patch-bootstrap) = 76daef144be7020591d2b2d10ee7ba48ff4fdd6d
-SHA1 (patch-configure.ac) = ac79998c543ed51a2aa411486fa23edc51b7973f
-SHA1 (patch-src_common_compat__getopt.c) = cf65417e3ee047c5891d0b23f9afc46a5c256224
-SHA1 (patch-src_common_compat__getopt.h) = e34a67b7f5cf524e16301a4b3719c3f36cf82260
-SHA1 (patch-src_common_compat__getopt__main.c) = cf077d5a0db4c738738dfe54494b3292c166adfb
-SHA1 (patch-src_libopensc_log.c) = e7fd7477907284000cda18465624df21b2545266
-SHA1 (patch-src_pkcs11_pkcs11-global.c) = 991a9b3f5389d8b7033db3be32895216315d4ef0
+SHA1 (opensc-0.15.0.tar.gz) = 5bacb5814337af32ee85d49f420acc69ac961106
+RMD160 (opensc-0.15.0.tar.gz) = 90ff185bc82ab0d2b6487ca0fc00310609a674a5
+Size (opensc-0.15.0.tar.gz) = 2153075 bytes
+SHA1 (patch-aa) = 6863c837654b4fde76fbc7a95fe7fdae33590a50
+SHA1 (patch-ab) = c8a8a21ed7fe387aa93e6454e30d284d77ffd67c
+SHA1 (patch-configure.ac) = 7cf3afaf292c89ec990935e5a5d64bd015a9b1ce
+SHA1 (patch-doc_tools_Makefile.am) = bbfb4ae09bfeef5f4d2ca36da3efda6d1a699a0d
+SHA1 (patch-src_common_compat__getopt.h) = a9c4fad2d1fd73f5b2c245a364cfd37d838f51eb
+SHA1 (patch-src_common_compat__getopt__main.c) = 96d51499ea6d48bd53a17e3849c44ae4e0c9b669
+SHA1 (patch-src_libopensc_log.c) = eabe66dd52cedf81b3dffa01e5855a6b4a70416a
+SHA1 (patch-src_pkcs11_pkcs11-global.c) = 3390c14a61f4b50d7903faa1c300b3677a4831ac
diff --git a/security/opensc/patches/patch-aa b/security/opensc/patches/patch-aa
index 3bf256d0494..fd19c444435 100644
--- a/security/opensc/patches/patch-aa
+++ b/security/opensc/patches/patch-aa
@@ -1,15 +1,14 @@
-$NetBSD: patch-aa,v 1.4 2014/03/14 20:49:56 gdt Exp $
+$NetBSD: patch-aa,v 1.5 2015/09/07 19:59:42 gdt Exp $
 
 Disable installation of config file, because pkgsrc installs config
 files as examples.
 
---- etc/Makefile.am.orig	2012-12-04 14:43:40.000000000 +0000
+--- etc/Makefile.am.orig	2015-05-16 20:30:24.000000000 +0000
 +++ etc/Makefile.am
-@@ -22,11 +22,3 @@ opensc.conf: opensc.conf.in force
- 		-e 's|@DEFAULT_SM_MODULE[@]|$(DEFAULT_SM_MODULE)|g' \
+@@ -23,13 +23,5 @@ opensc.conf: opensc.conf.in force
  		-e 's|@DEBUG_FILE[@]|$(DEBUG_FILE)|g' \
  		< $< > $@
--
+ 
 -install-exec-hook: opensc.conf
 -	$(MKDIR_P) "$(DESTDIR)$(sysconfdir)"
 -	if [ -f "$(DESTDIR)$(sysconfdir)/opensc.conf" ]; then \
@@ -17,3 +16,6 @@ files as examples.
 -	else \
 -		$(INSTALL_DATA) opensc.conf "$(DESTDIR)$(sysconfdir)/opensc.conf"; \
 -	fi
+-
+ uninstall-hook: opensc.conf
+ 	rm -f "$(DESTDIR)$(sysconfdir)/opensc.conf.new" "$(DESTDIR)$(sysconfdir)/opensc.conf"
diff --git a/security/opensc/patches/patch-ab b/security/opensc/patches/patch-ab
index 7673c20bf91..872d0733fd9 100644
--- a/security/opensc/patches/patch-ab
+++ b/security/opensc/patches/patch-ab
@@ -1,11 +1,11 @@
-$NetBSD: patch-ab,v 1.4 2014/03/14 20:49:56 gdt Exp $
+$NetBSD: patch-ab,v 1.5 2015/09/07 19:59:42 gdt Exp $
 
 This patch was added 2009-09-10 by hasso@, with comment:
   More userfriendly default configuration.
 
---- etc/opensc.conf.in.orig	2012-12-04 14:43:40.000000000 +0000
+--- etc/opensc.conf.in.orig	2015-05-16 20:30:24.000000000 +0000
 +++ etc/opensc.conf.in
-@@ -453,6 +453,7 @@ app default {
+@@ -451,6 +451,7 @@ app default {
  		#
  		# Default: no
  		# try_emulation_first = yes;
diff --git a/security/opensc/patches/patch-bootstrap b/security/opensc/patches/patch-bootstrap
deleted file mode 100644
index a9aeeb0f948..00000000000
--- a/security/opensc/patches/patch-bootstrap
+++ /dev/null
@@ -1,18 +0,0 @@
-$NetBSD: patch-bootstrap,v 1.1 2014/03/14 20:49:56 gdt Exp $
-
-  * fix sed regular expressions to be POSIX BREs (change '\s' to
-    '[[:space:]]', '+' to '\{1,\}') (not yet reported upstream)
-  * quote $SUFFIX and $REVISION variable expansions (not yet reported
-    upstream)
-
---- bootstrap.orig	2012-12-04 14:43:40.000000000 +0000
-+++ bootstrap
-@@ -9,7 +9,7 @@ rm -rf *~ *.cache *.m4 config.guess conf
- 
- if test ! -z "$1"; then
-     cp configure.ac configure.ac.orig
--    sed 's/^define(\[PACKAGE_SUFFIX\],\s*\[\([-~]*[0-9a-zA-Z]*\)\])$/define(\[PACKAGE_SUFFIX\], \['$1'\])/g' configure.ac.orig > configure.ac
-+    sed 's/^define(\[PACKAGE_SUFFIX\],[[:space:]]*\[\([-~]*[0-9a-zA-Z]*\)\])$/define(\[PACKAGE_SUFFIX\], \['"$SUFFIX"'\])/g' configure.ac.orig > configure.ac
- fi
- 
- autoreconf --verbose --install --force
diff --git a/security/opensc/patches/patch-configure.ac b/security/opensc/patches/patch-configure.ac
index f5ab759b104..aeeb2813e29 100644
--- a/security/opensc/patches/patch-configure.ac
+++ b/security/opensc/patches/patch-configure.ac
@@ -1,33 +1,14 @@
-$NetBSD: patch-configure.ac,v 1.1 2014/03/14 20:49:56 gdt Exp $
+$NetBSD: patch-configure.ac,v 1.2 2015/09/07 19:59:42 gdt Exp $
 
-Patch taken from upstream post 0.13.0:
-  https://github.com/OpenSC/OpenSC/commit/11ff81367af9bc9dce2cbcb550cc463552a3b69e
+This hunk has been in pkgsrc for a long time; it needs a comment!
 
---- configure.ac.orig	2012-12-04 14:43:40.000000000 +0000
+--- configure.ac.orig	2015-05-16 20:30:24.000000000 +0000
 +++ configure.ac
-@@ -286,23 +286,19 @@ AC_CHECK_LIB(
- 
- if test "${WIN32}" = "no"; then
- 	dnl dl support
--	AC_CHECK_LIB(
--		[dl],
--		[dlopen],
--		,
--		[AC_MSG_ERROR([libdl required])]
--	)
-+	dnl https://github.com/OpenSC/OpenSC/commit/11ff81367af9bc9dce2cbcb550cc463552a3b69e
-+	AC_SEARCH_LIBS([dlopen], [dl dld], [], [
-+				 AC_MSG_ERROR([unable to find the dlopen() function])
-+				 ])
-+
-+case "${host_cpu}-${host_os}" in
-+        *netbsd*)
-+		acx_pthread_ok=yes
-+		PTHREAD_CFLAGS=""
-+		PTHREAD_LIBS=""
-+	;;
-+esac
- 
+@@ -344,17 +344,6 @@ if test "${WIN32}" = "no"; then
+ 	AC_SEARCH_LIBS([dlopen], [dl dld], [], [
+ 		AC_MSG_ERROR([unable to find the dlopen() function])
+ 	])
+-
 -	dnl Special check for pthread support.
 -	AX_PTHREAD(
 -		[AC_DEFINE(
diff --git a/security/opensc/patches/patch-src_common_compat__getopt.c b/security/opensc/patches/patch-src_common_compat__getopt.c
deleted file mode 100644
index 2e3ae7bea5f..00000000000
--- a/security/opensc/patches/patch-src_common_compat__getopt.c
+++ /dev/null
@@ -1,15 +0,0 @@
-$NetBSD: patch-src_common_compat__getopt.c,v 1.2 2014/03/14 20:49:56 gdt Exp $
-
-See comment in patch-src_common_compat__getopt.h.
-
---- src/common/compat_getopt.c.orig	2012-12-04 14:43:40.000000000 +0000
-+++ src/common/compat_getopt.c
-@@ -25,7 +25,7 @@
- 
- #include "config.h"
- 
--#if ! ( defined(HAVE_GETOPT_H) && defined(HAVE_GETOPT_LONG) && defined(HAVE_GETOPT_LONG_ONLY) )
-+#if ! ( defined(HAVE_GETOPT_H) && defined(HAVE_GETOPT_LONG) )
- 
- #include <sys/types.h>
- #include <stdlib.h>
diff --git a/security/opensc/patches/patch-src_common_compat__getopt.h b/security/opensc/patches/patch-src_common_compat__getopt.h
index 1c7b6019695..1389c9ee529 100644
--- a/security/opensc/patches/patch-src_common_compat__getopt.h
+++ b/security/opensc/patches/patch-src_common_compat__getopt.h
@@ -1,4 +1,4 @@
-$NetBSD: patch-src_common_compat__getopt.h,v 1.2 2014/03/14 20:49:56 gdt Exp $
+$NetBSD: patch-src_common_compat__getopt.h,v 1.3 2015/09/07 19:59:42 gdt Exp $
 
 NetBSD has getopt_long but not getopt_long_only.  Replacing
 getopt_long causes a type conflict with the built-in implementation.
@@ -12,7 +12,7 @@ The following is the original mail archive URL, but it currently
 yields a '404 not found' error:
 https://www.opensc-project.org/pipermail/opensc-devel/2012-November/018668.html
 
---- src/common/compat_getopt.h.orig	2012-12-04 14:43:40.000000000 +0000
+--- src/common/compat_getopt.h.orig	2015-05-16 20:30:24.000000000 +0000
 +++ src/common/compat_getopt.h
 @@ -30,7 +30,7 @@
  #include "config.h"
diff --git a/security/opensc/patches/patch-src_common_compat__getopt__main.c b/security/opensc/patches/patch-src_common_compat__getopt__main.c
index 90b1e8ca6fc..40935dafcf2 100644
--- a/security/opensc/patches/patch-src_common_compat__getopt__main.c
+++ b/security/opensc/patches/patch-src_common_compat__getopt__main.c
@@ -1,10 +1,10 @@
-$NetBSD: patch-src_common_compat__getopt__main.c,v 1.2 2014/03/14 20:49:56 gdt Exp $
+$NetBSD: patch-src_common_compat__getopt__main.c,v 1.3 2015/09/07 19:59:42 gdt Exp $
 
 See comment in patch-src_common_compat__getopt.h.  In addition, a
 kludge is added here to get the test file to build, pending a new
 release from upstream with the issue properly addressed.
 
---- src/common/compat_getopt_main.c.orig	2012-12-04 14:43:40.000000000 +0000
+--- src/common/compat_getopt_main.c.orig	2015-05-16 20:30:24.000000000 +0000
 +++ src/common/compat_getopt_main.c
 @@ -173,6 +173,8 @@ main(int argc, char * argv[])
                progname);
diff --git a/security/opensc/patches/patch-src_libopensc_log.c b/security/opensc/patches/patch-src_libopensc_log.c
index 7bac58392f3..eafd464cf5d 100644
--- a/security/opensc/patches/patch-src_libopensc_log.c
+++ b/security/opensc/patches/patch-src_libopensc_log.c
@@ -1,6 +1,6 @@
-$NetBSD: patch-src_libopensc_log.c,v 1.1 2014/03/14 20:49:56 gdt Exp $
+$NetBSD: patch-src_libopensc_log.c,v 1.2 2015/09/07 19:59:42 gdt Exp $
 
---- src/libopensc/log.c.orig	2012-12-04 14:43:40.000000000 +0000
+--- src/libopensc/log.c.orig	2015-05-16 20:30:24.000000000 +0000
 +++ src/libopensc/log.c
 @@ -91,7 +91,13 @@ static void sc_do_log_va(sc_context_t *c
  	gettimeofday (&tv, NULL);
diff --git a/security/opensc/patches/patch-src_pkcs11_pkcs11-global.c b/security/opensc/patches/patch-src_pkcs11_pkcs11-global.c
index 3b1ae8c36d2..5150d8419ac 100644
--- a/security/opensc/patches/patch-src_pkcs11_pkcs11-global.c
+++ b/security/opensc/patches/patch-src_pkcs11_pkcs11-global.c
@@ -1,17 +1,17 @@
-$NetBSD: patch-src_pkcs11_pkcs11-global.c,v 1.3 2014/03/14 20:49:56 gdt Exp $
+$NetBSD: patch-src_pkcs11_pkcs11-global.c,v 1.4 2015/09/07 19:59:42 gdt Exp $
 
 Use correct size for malloc.
 
 Not yet reported upstream.
 
---- src/pkcs11/pkcs11-global.c.orig	2012-12-04 14:43:40.000000000 +0000
+--- src/pkcs11/pkcs11-global.c.orig	2015-05-16 20:30:24.000000000 +0000
 +++ src/pkcs11/pkcs11-global.c
-@@ -42,7 +42,7 @@ extern CK_FUNCTION_LIST pkcs11_function_
+@@ -46,7 +46,7 @@ extern CK_FUNCTION_LIST pkcs11_function_
  #include <pthread.h>
  CK_RV mutex_create(void **mutex)
  {
--	pthread_mutex_t *m = malloc(sizeof(*mutex));
-+	pthread_mutex_t *m = malloc(sizeof(*m));
+-	pthread_mutex_t *m = calloc(1, sizeof(*mutex));
++	pthread_mutex_t *m = calloc(1, sizeof(*m));
  	if (m == NULL)
  		return CKR_GENERAL_ERROR;;
  	pthread_mutex_init(m, NULL);