| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
New Win32 features
FIPS module updated to version 2.0.
OpenSSL DLLs updated to version 1.0.1c.
zlib DLL updated to version 1.2.7.
Engine DLLs added: 4758cca, aep, atalla, capi, chil, cswift, gmp, gost, nuron, padlock, sureware, ubsec.
Other new features
"session" option renamed to more readable "sessionCacheTimeout". The old name remains accepted for backward compatibility.
New service-level "sessionCacheSize" option to control session cache size.
New service-level option "reset" to control whether TCP RST flag is used to indicate errors. The default value is "reset = yes".
New service-level option "renegotiation" to disable SSL renegotiation. This feature is based on a public-domain patch by Janusz Dziemidowicz.
New FreeBSD socket options: IP_FREEBIND, IP_BINDANY, IPV6_BINDANY (thx to Janusz Dziemidowicz).
New parameters to configure TLS v1.1/v1.2 with OpenSSL version 1.0.1 or higher (thx to Henrik Riomar).
Bugfixes
Fixed "Application Failed to Initialize Properly (0xc0150002)" error.
Fixed missing SSL state debug log entries.
Fixed a race condition in libwrap code resulting in random stalls (thx to Andrew Skalski).
Session cache purged at configuration file reload to reduce memory leak. Remaining leak of a few kilobytes per section is yet to be fixed.
Fixed regression bug in "transparent = destination" functionality (thx to Stefan Lauterbach). This bug was introduced in stunnel 4.51.
"transparent = destination" is now a valid endpoint in inetd mode.
"delay = yes" fixed to work even if specified *after* "connect" option.
Multiple "connect" targets fixed to also work with delayed resolver.
The number of resolver retries of EAI_AGAIN error has been limited to 3 in order to prevent infinite loops.
Fix some directory owner/group rights and take over maintainership as I
use it almost daily.
|
|
|
|
From http://bugs.g10code.com/gnupg/issue1461
Reported by tez.
Bump PKGREVISION.
|
|
|
|
|
|
|
|
|
|
|
|
-Add support of
. SCR3310-NTTCom USB (was removed in version 1.4.6)
. Inside Secure VaultIC 420 Smart Object
. Inside Secure VaultIC 440 Smart Object
- Wait up to 3 seconds for reader start up
- Add support of new PC/SC V2 part 10 properties:
. dwMaxAPDUDataSize
. wIdVendor
. wIdProduct
- Use helper functions from libPCSCv2part10 to parse the PC/SC v2
part 10 features
1.4.7:
-Add support of
. ACS ACR101 ICC Reader
. ACS CryptoMate64
. Alcor Micro AU9522
. Bit4id CKey4
. Bit4id cryptokey
. Bit4id iAM
. Bit4id miniLector
. Bit4id miniLector-s
. CCB eSafeLD
. Gemalto Ezio Shield Branch
. KOBIL Systems IDToken
. NXP PR533
- KOBIL Systems IDToken special cases:
. Give more time (3 seconds instead of 2) to the reader to answer
. Hack for the Kobil IDToken and Geman eID card. The German eID
card is bogus and need to be powered off before a power on
. Add Reader-Info-Commands special APDU/command
- Manufacturer command
- Product name command
- Firmware version command
- Driver version command
- Use auto suspend for CCID devices only (Closes Alioth bug
[#313445] "Do not activate USB suspend for composite devices:
keyboard")
- Fix some error management in the T=1 TPDU state machine
- some minor bugs removed
- some minor improvements added
1.4.6:
-Add support of
. Avtor SC Reader 371
. Avtor SecureToken
. DIGIPASS KEY 202
. Fujitsu SmartCase KB SCR eSIG
. Giesecke & Devrient StarSign CUT
. Inside Secure VaultIC 460 Smart Object
. Macally NFC CCID eNetPad reader
. OmniKey 6321 USB
. SCM SDI 011
. Teridian TSC12xxF
. Vasco DIGIPASS KEY 101
- Remove support of readers without a USB CCID descriptor file
. 0x08E6:0x34C1:Gemalto Ezio Shield Secure Channel
. 0x08E6:0x34C4:Gemalto Ezio Generic
. 0x04E6:0x511A:SCM SCR 3310 NTTCom
. 0x0783:0x0008:C3PO LTC32 USBv2 with keyboard support
. 0x0783:0x9002:C3PO TLTC2USB
. 0x047B:0x020B:Silitek SK-3105
- Disable SPE for HP USB CCID Smartcard Keyboard. The reader is
bogus and unsafe.
- Convert "&" in a reader name into "&" to fix a problem on Mac OS X
- Fix a problem with ICCD type A devices. We now wait for device ready
- Secure PIN Verify and PIN Modify: set the minimum timeout to 90
seconds
- Add support of wIdVendor and wIdProduct properties
- Add support of dwMaxAPDUDataSize
- Add support of Gemalto firmware features
- some minor bugs removed
|
|
- Fix a problem when a reader is unplugged (and the reader is still in use)
pcsc-lite-1.8.6:
- Fix a problem when only serial drivers are used (no hotplug/USB
driver)
- increase log buffer size from 160 to 2048. Some "long" log lines where
truncated.
- Fix redirection of stdin, stdout and stderr to /dev/null when pcscd is
started as a daemon (default)
- Some other minor improvements and bug corrections
pcsc-lite-1.8.5:
- Fix crash when a reader is unplugged while pcscd is in the middle of a
PC/SC function
- SCardBeginTransaction(): fix a bug introduced in version 1.8.4
related to sharing
- Some other minor improvements and bug corrections
pcsc-lite-1.8.4:
- Add [ and ] in the list of accepted characters for a reader name
- truncates the reader name if it is too long instead of rejecting the
reader
- The restriction to have to call SCardEstablishContext() in each thread
has been removed. Threads could now share a PC/SC context.
- Fix compiler failure for static driver
- Update IFDHandler API Doxygen regarding the "libusb-1.0" naming scheme
- Some other minor improvements and bug corrections
pcsc-lite-1.8.3:
- ignore directories and hidden (.*) files when parsing a configuration
directory (like /etc/reader.conf.d/)
- add Mac OS X for PC/SC spy tool
- fix a bug in PC/SC spy tool when loading of the real library fails
- add PCSCv2_PART10_PROPERTY_dwMaxAPDUDataSize,
PCSCv2_PART10_PROPERTY_wIdVendor and PCSCv2_PART10_PROPERTY_wIdProduct
from PC/SC v2 part 10 release 2.02.09 (not yet published)
- Some other minor improvements and bug corrections
pcsc-lite-1.8.2:
- rename pcsc-spy.py to pcsc-spy and install it as a normal binary (in
/usr/local/bin by default)
- write a pcsc-spy.1 manpage
- fix a bug with a multi-slot reader
- Info.plist parser: avoid a buffer read overflow in & management
- Some Doxygen improvements
pcsc-lite-1.8.1:
- Distribute missing files from src/spy/
pcsc-lite-1.8.0:
- PC/SC spy tool
- Support systemd socket activation (the auto start of pcscd from the
library has been removed. Use systemd instead)
- SCardGetStatusChange(): check all the readers are already known and
return SCARD_E_UNKNOWN_READER if a reader name is not present.
Windows XP has this behavior.
- SCardEstablishContext(): Invalidate all the handles in the son after a
fork
- Add define of FEATURE_EXECUTE_PACE from PCSC v2 Part 10 Amendment 1
2011-06-03
- Fix some memory leaks reported by Coverity
- Enable silent build by default
- log_line(): correctly calculate delta time when no color is used
The update of last_time was only done in case of colorization
(LogDoColor). So on unsupported consoles the time was wrong.
- log_xxd_always(): Use a variable-length array
The debug message buffer is no more with a fixed size (around 600
bytes of buffer to log) but uses a variable-length array.
It is now possible to log extended APDU of 64kB.
The variable-length array feature is available in GCC in C90 mode and
is mandatory in C99 standard.
- Some other minor improvements and bug corrections
|
|
Fixes CVE-2012-6085
Upstream Changes:
* Add support for the old cipher algorithm IDEA.
* Minor bug fixes.
* Small changes to better cope with future OpenPGP and GnuPG
features.
|
|
* Fix "URI.escape is obsolete" warnings on Ruby>=1.9
* Alias encode to escape and decode to unescape
|
|
|
|
OpenBSD and MirBSD.
Freeze exception granted by wiz.
|
|
Intel assembler parts.
|
|
* added totals method
* added a note about repeat authorizations
* added documatation about pin-based flow
* fixed textile formating
* using the https endpoint for all oauth negotiation
* made the api host and version configurable
* wrapping the json parse error so you can programatically acces the response
* added configurable search host
|
|
|
|
constructor.
|
|
|
|
|
|
|
|
docbook-xsl is also needed.
Thank you, joerg@ again.
|
|
|
|
Upstream changes:
2.32 Fri Dec 14 14:20:17 EST 2012
- Fixes "Taint checks are turned on and your key is tainted" error when autogenerating salt and IV.
|
|
|
|
=== 2.6.0 / 19 Sep 2012
* Use OpenSSL::PKey.read to read arbitrary private key. [nagachika]
* Check availability of UNIXSocket and UNIXServer for Windows [Nobuhiro IMAI]
* Bump version to 2.5.3 and depend on newer jruby-pageant version for Java 1.5 compat. [arturaz]
* Implementation of the "none"-authentication method [dubspeed]
* Add class for stricter host key verification [Andy Brody]
|
|
|
|
New in 2.1.26
-------------
* Modernize SASL malloc/realloc callback prototypes
* Added sasl_config_done() to plug a memory leak when using an application
specific config file
* Fixed PLAIN/LOGIN authentication failure when using saslauthd
with no auxprop plugins (bug # 3590).
* unlock the mutex in sasl_dispose if the context was freed by another thread
* MINGW32 compatibility patches
* Fixed broken logic in get_fqhostname() when abort_if_no_fqdn is 0
* Fixed some memory leaks in libsasl
* GSSAPI plugin:
- Fixed a segfault in gssapi.c introduced in 2.1.25.
- Code refactoring
- Added support for GSS-SPNEGO SASL mechanism (Unix only), which is also
HTTP capable
* GS2 plugin:
- Updated GS2 plugin not to lose minor GSS-API status codes on errors
* DIGEST-MD5 plugin:
- Correctly send "stale" directive to prevent clients from (re)promtping
for password
- Better handling of HTTP reauthentication cases
- fixed some memory leaks
* SASLDB plugin:
- Added support for BerkleyDB 5.X or later
* OTP plugin:
- Removed calling of EVP_cleanup() on plugin shutdown in order to prevent
TLS from failing in calling applications
* SRP plugin:
- Removed calling of EVP_cleanup() on plugin shutdown in order to prevent
TLS from failing in calling applications
* saslauthd:
- auth_rimap.c: qstring incorrectly appending the closing double quote,
which might be causing crashes
- auth_rimap.c: read the whole IMAP greeting
- better error reporting from some drivers
- fixed some memory leaks
|
|
|
|
|
|
With -Werror set on this package, racoon2 would not build with gcc4.6+
|
|
|
|
|
|
- Do not log the time every second on "old" PC/SC without support of
\\?PnP?\Notification like on Mac OS X.
- 79 new ATRS
- minor fixes
1.4.20 - 16 June 2012, Ludovic ROUSSEAU
- Makefile: Add arguments to CFLAGS instead of overwritting them
- 3 new ATRs
1.4.19
- ATR_analysis: use XDG_CACHE_HOME env variable
The smartcard_list.txt file is now searched in ~/.cache/ by default
- 115 new ATRs
1.4.18
- gscriptor: Display hex dumps in lines of 16 bytes instead of 17
- gscriptor: Display bytes of value 0x20 as ' ' instead of '.'
- scriptor: Display lines of 16 bytes instead of 24
- 223 new ATRs
- pcsc_scan: Correctly detect reader Plug and Play support
1.4.17
- 153 new ATRs
- Allow to build with pcsc-lite >= 1.6.2
1.4.16
- 153 new ATR
- pcsc_scan.c: check for PnP support at run time instead of using a
#define
- ATR_analysis: use curl instead of wget on Darwin
- gscriptor: ReaderConfig(): escape metacharacters []() in
the reader name when using reader name as a pattern matching
|
|
1.4.5:
- Add support of Alcor Micro AU9540, Ubisys 13.56MHz RFID (CCID),
BIFIT USB-Token iBank2key, BIFIT iBank2Key, Gemalto Ezio Shield
PinPad reader, Gemalto SA .NET Dual, Precise Sense MC reader (with
fingerprint), SDS DOMINO-Key TWIN Pro
- Add support of bPPDUSupport and FEATURE_CCID_ESC_COMMAND
- SCARD_ATTR_VENDOR_NAME and SCARD_ATTR_VENDOR_IFD_VERSION are not
the vendor name and version of the driver but of the IFD:
InterFace Device i.e. the smart card reader. We then return the
USB iManufacturer string as SCARD_ATTR_VENDOR_NAME and USB
bcdDevice as SCARD_ATTR_VENDOR_IFD_VERSION
- reduce binary size bu removing unused features from simclist
- Fix some warnings reported bu Coverity
1.4.4:
- Add support of Gemalto Ezio Shield, Gemalto Ezio CB+, Gemalto Ezio
Shield Secure Channel, Gemalto Ezio Shield PinPad and Gemalto Ezio
Generic
- Activate USB automatic power suspend. The Linux kernel should
power off the reader automatically if it is not used (pcscd is not
running).
- Add support of TLV Properties wLcdMaxCharacters and wLcdMaxLines.
They just duplicate wLcdLayout
- some minor bugs removed
1.4.3:
- Add support of Neowave Weneo, Vasco DIGIPASS 920, SCM SCL011,
Feitian ePass2003 readers
- use :libudev: instead of :libhal: naming scheme.
- Do not install RSA_SecurID_getpasswd and Kobil_mIDentity_switch
and the associated documentation.
- the Secure Pin Entry of the HP USB Smart Card Keyboard is bogus so
disable it
- some minor bugs removed
1.4.2:
- Add support of Feitian SCR310 reader (also known as 301v2), ACS
APG8201 PINhandy 1, Oberthur ID-ONE TOKEN SLIM v2, new Neowave
Weneo token, Vasco DIGIPASS KEY 860, Vasco DIGIPASS KEY 200,
Xiring Leo v2, Xiring MyLeo, Aktiv Rutoken lite readers
- Add back support of "bogus" Oz776, REINER SCT and BLUDRIVE II
- Ease detection of OpenCT by pcsc-lite
- disable use of interrupt card events for multi slots readers (the
algorithm is bogus and can't be used)
- fix minor problems detected by the clang tool
- some minor bugs removed
1.4.1:
- Add support of Gemalto Smart Guardian (SG CCID), ReinerSCT
cyberJack RFID basis, Akasa AK-CR-03, BZH uKeyCI800-K18, Free
Software Initiative of Japan Gnuk token readers
- Remove O2 Micro Oz776 and Blutronics Bludrive II CCID since they
are no more supported since version 1.4.0
- SecurePINVerify() & SecurePINModify(): Accept big and little
endian byte orders for multibytes fields. The application
should not use HOST_TO_CCID_16() and HOST_TO_CCID_32() any more
and just use the normal byte order of the architecture.
- Need pcsc-lite 1.6.5 for TAG_IFD_POLLING_THREAD_WITH_TIMEOUT
- Add --enable-embedded (default is no) to build libccid for an
embedded system. This will activate the NO_LOG option to disable
logging and limit RAM and disk consumption.
- Remove --enable-udev option since it is not used anymore with
libhal. The udev rules file is now used to change the access
rights of the device and not send a hotplug signal to pcscd.
See http://ludovicrousseau.blogspot.com/2010/09/pcscd-auto-start.html
- some minor bugs removed
1.4.0:
- add support of Kingtrust Multi-Reader, Dectel CI692, Todos CX00,
C3PO LTC36, ACS AET65, Broadcom 5880, Tianyu Smart Card Reader,
Gemalto Hybrid Smartcard Reader
- Add support of the SCM SDI 010 again. At least the contact
interface can be used.
- Use libusb-1.0 instead of libusb-0.1
- add support of TAG_IFD_STOP_POLLING_THREAD and use of the
asynchronous libusb API to be able to stop a transfer.
- Request pcsc-lite 1.6.2 minimum (instead of 1.6.0) to have
TAG_IFD_STOP_POLLING_THREAD defined
- The O2MICRO OZ776 patch (for OZ776, OZ776_7772, REINER_SCT and
BLUDRIVEII_CCID) is no more supported with libusb-1.0
- correctly get the IFSC from the ATR (ATR parsing was not always
correct)
- some minor bugs removed
|
|
|
|
1.7.4:
- Fix a stupid bug from the previous version. T=1 cards were not
working.
1.7.3:
- COPYING: Add my name as copyright holder
- hotplug libudev: support libudev >= 171
- hotplug libusb: Fix a memory leak
- pcscd: exit immediately in case of SIGTERM
Closes Debian bug #620305 "pcscd slows down shutdown/restart"
- Send logs to stdout instead of stderr
It is now possible to use tee(1) to redirect logs in a file without
first redirecting stderr to stdout
- Add command line option -T, --color: force use of colored logs
The idea is to have colored logs even if they are redirected to a file
or a pipe.
- Define g_rgSCardT?Pci as const structures to be more Windows like
I do not expect a regression or compilation problem in WinSCard API
users but how knows...
- log at level PCSC_LOG_DEBUG instead of PCSC_LOG_ERROR to avoid filling
the system log file
- Remove the deprecated define FEATURE_MCT_READERDIRECT (replaced by
FEATURE_MCT_READER_DIRECT)
- better Hurd support
- some other minor improvements and bug corrections
1.7.2:
- fix a crash if a specific driver fails to work and no class driver is
available
1.7.1
- use libudev only on Linux and libusb elsewhere. The configuration now
works by default on GNU/kFreeBSD systems
- Try to use a (CCID) class driver if a specific driver fails to use the
reader.
- fix a potential crash
1.7.0:
- use libudev instead of (the deprecated) libhal
1.6.7:
- better Mac OS X support
- Fix Alioth bug [#312960] SCardDisconnect when other context has transaction
- add support of multi-interfaces readers with libusb and not just libhal
- add a API tracing feature in the client side (#define DO_TRACE)
- allow the use of tracing and profiling features from different
application threads
- fix a problem with a multi-slots reader
- fix minor problems detected by the clang tool
- some other minor improvements and bug corrections
1.6.6:
- SCardGetStatusChange(): fix a bug on 64-bits systems
- Fix another bug because of a regression in internal list manager
1.6.5:
- Power on the card _only_ if an application requests a connection.
You can disable the feature using DISABLE_ON_DEMAND_POWER_ON in
src/pcscd.h.in
If DISABLE_AUTO_POWER_ON is defined then do not automatically power on
the card. The card will be powered on on the first SCardConnect()
See http://ludovicrousseau.blogspot.com/2010/10/card-auto-power-on-and-off.html
- SCardReconnect(): return SCARD_E_NO_SMARTCARD when card is removed and
SCARD_W_UNRESPONSIVE_CARD when card is unresponsive instead of
SCARD_E_PROTO_MISMATCH
- Install pcscd as sgid pcscd instead of suid root
See http://ludovicrousseau.blogspot.com/2010/09/pcscd-auto-start.html
- SCardSetTimeout() is no more provided. This function is not provided
by Microsoft and is deprecated since 2004 in pcsc-lite.
- SCardCancelTransaction() is no more provided. This function is not
provided by Microsoft and is deprecated since 2005 in pcsc-lite.
- Parsing the CCID Info.plist (159 readers supported) was, on a i386
machine, done in 264306 #s and is now done 5547 #s => gain x47 or 4600%
See http://ludovicrousseau.blogspot.com/2010/08/ram-and-cpu-improvements-in-pcsc-lite.html
- It is now possible to configure the local socket name to use using the
environment variable PCSCLITE_CSOCK_NAME
See http://ludovicrousseau.blogspot.com/2010/11/pcsc-client-and-server-on-two-different.html
- Wait until all connected readers have a chance to power up a possibly
inserted card before accepting clients.
- restrict pcscd features when not run by root (so using suid): APDU
logging or setting parameters are disabled for example
- fix compilation problem on kfreebsd-* systems
- PCSC/reader.h: HOST_TO_CCID_16() and HOST_TO_CCID_32() are now
identity functions
Since libccid 1.4.1 (revision 5252) the byte order is no more important
- If you want to use IFDHCreateChannel() instead of
IFDHCreateChannelByName() then do not use any DEVICENAME line in the
configuration file. IFDHCreateChannel() will then be called with the
CHANNELID parameter.
- the CHANNELID parameter can also be a decimal number.
- Remove the support of IFDHandler v1 API. I don't know any driver using
this API.
See http://ludovicrousseau.blogspot.com/2010/10/ifdhandler-version-1-support-removed.html
- avoids a buffer overflow with badly formed ATR
- some other minor improvements and bug corrections
1.6.4:
- Do not use sysconfdir as configuration directory but
"${sysconfdir}/reader.conf.d" instead.
Use --enable-confdir=DIR if you want to set a specific value without
the "reader.conf.d" appended.
1.6.3:
- "/reader.conf.d" is only appended to sysconfdir if no value of
sysconfdir is provided
- Define LPSCARD_READERSTATE since this is used in the MSDN prototype.
Use LPSCARD_READERSTATE in winscard.h instead of (SCARD_READERSTATE *)
to mimic the MSDN API.
- fix a pcscd crash when the application uses a PCSC handle after a
fork. The crash was with openvpn.
- some other minor improvements and bug corrections
1.6.2:
- implement a "Forced suicide" mechanism.
After 3 Ctrl-C without much reaction from pcscd (in fact the drivers)
we force the suicide. Sometimes libusb is blocked in a kind of
dead-lock and kill -9 was the only option.
- Add support of TAG_IFD_STOP_POLLING_THREAD to request the stop of the
driver polling function.
- Avoid a division by 0. Closes [#312555] "simclist bug in pcsc-lite"
- if pcscd is stared by libpcsclite then close all file handles except
stdin, stdout and stderr so that pcscd does not confiscate ressources
allocated by the application
- in case of auto exit create a new session so that Ctrl-C on the
application will not also quit pcscd
- src/hotplug_libusb.c: port from libusb-0.1 to libusb-1.0
- default configuration is now $sysconfdir/reader.conf.d
- fix crash with empty config dir
- src/PCSC/winscard.h: Remove definitions of SCARD_READERSTATE_A
PSCARD_READERSTATE_A and LPSCARD_READERSTATE_A types
- some other minor improvements and bug corrections
1.6.1:
- SCardControl(): do not check for card events since we are talking to
the reader not the card. A smart card removal should not make
SCardControl() fail with SCARD_W_REMOVED_CARD
- pcscd do not timeout any more after 2 minutes of inactivity. If the
other side of the socket dies we will get an error from the kernel.
The problem was that if a client does nothing during
PCSCLITE_READ_TIMEOUT (120 seconds by default) then pcscd considers it
as a dead client and closes the connection. I guess this problem was
present since the first version of pcsc-lite but nobody complained
before.
- pcscd: do not return before most of the initialisation are done
correctly. The idea is that pcscd can return an error code if the
daemon fails to start correctly (hald not started for example).
Before the patch pcscd became a daemon, then returned 0 (success) and
then continued with the initialisation. If the initialisation failed
it was too late to return an error code. The /etc/init.d/pcscd script
was not aware of the failure.
Closes https://bugzilla.redhat.com/show_bug.cgi?id=580321
"/usr/sbin/pcscd exit codes broken"
- src/hotplug_libusb.c: Add a synchronisation so that if pcscd is auto
started the initial reader list is available before the server takes
commands from clients.
Before the change early calls of SCardListReaders() returned an empty
list of readers even if a reader was connected.
- SCardConnect() & SCardReconnect(): do not reset the cardProtocol in
SCARD_SHARE_DIRECT case since the card have _not_ been reseted. A new
PPS negociation would fail.
- Do not install files in /etc any more. Serial drivers are rare now.
- Avoids a crash if a client sends a unknown command.
- some other minor improvements and bug corrections
1.6.0:
- redesign the client/server communication:
* no more shared memory used (allow pcscd and libpcsclite1.so to be on
different computer and talk over a network)
* no more difference between short and extended APDU
* no more use of a /var/run/pcscd/pcscd.events/ directory. events are
sent through the socket
* simpler command format between client and server
The side effect is that you are not able to mix an old pcscd with a
new libpcsclite1.so or the reverse. SCardEstablishContext() will fail
unless you update both sides of the communication.
- Use lists instead of fixed size arrays to store handles.
It is now possible to have:
- 200 simultaneous PC/SC clients instead of 16
- 200 SCardConnect per client instead of 16
- 200 clients per reader instead of 16
The default value of 200 can be changed by giving an argument to pcscd
--max-thread --max-card-handle-per-thread --max-card-handle-per-reader
- Make SCardReconnect(), SCardStatus() and SCardTransmit() block instead
of returning SCARD_E_SHARING_VIOLATION immediately. These functions
will then behave like on Windows.
This can happen if these functions are called when the reader is
locked by a PCSC transaction
(SCardBeginTransaction/SCardEndTransaction).
You can define the environment variable PCSCLITE_NO_BLOCKING to use
the old behavior.
http://archives.neohapsis.com/archives/dev/muscle/2010-q1/0041.html
- SCardEstablishContext(): try to start the pcscd daemon if not already
running.
. pcscd will suicide itself after 60 seconds of inactivity if it is
started using --auto-exit. This is the default behavior when pcscd is
started by libpcsclite
. Set PCSCLITE_PCSCD_ARGS with the argument you want to pass to pcscd in
autostart Only one argument is passed. The space character is not a
separator. example: export PCSCLITE_PCSCD_ARGS=-dfa
- SCardListReaders(): can use SCARD_AUTOALLOCATE
- SCardGetAttrib(): return SCARD_E_INSUFFICIENT_BUFFER if the driver
returns IFD_ERROR_INSUFFICIENT_BUFFER
. add support of SCARD_ATTR_DEVICE_FRIENDLY_NAME as it is better
implemented in pcscd (it knows the friendly name)
- SCardGetStatusChange(): Calling with cReaders == 0 will now just
return SCARD_S_SUCCESS
. Use the special reader name "\\?PnP?\Notification" to wait for a
reader event notification
- SCardTransmit(): do not limit the minimum size of an APDU to 4 bytes.
non ISO 7816-4 compliant cards (like Mifare DESFIRE) may use shorter
commands
- SCardStatus(): returns SCARD_E_SHARING_VIOLATION if the reader is
already used More conform to Windows
- PCSC/reader.h: update sruct PIN_PROPERTIES_STRUCTURE to be conform
with Revision 2.02.06, April 2009 of PCSCv2 part 10 Fields
wLcdMaxCharacters and wLcdMaxLines have been removed
. rename FEATURE_MCT_READERDIRECT in FEATURE_MCT_READER_DIRECT to be
conform with ch. 2.3 of PCSC v2 part 10
. add FEATURE_GET_TLV_PROPERTIES and FEATURE_CCID_ESC_COMMAND from
PC/SC part 10 v2.02.07 March 2010
. Add PCSCv2_PART10_PROPERTY_* defines
- SCardControl() return SCARD_E_UNSUPPORTED_FEATURE if the driver
returned IFD_ERROR_NOT_SUPPORTED or IFD_NOT_SUPPORTED This is used to
separate an unsupported value of ControlCode from a general error
- Use the standard --sysconfdir=DIR ($prefix/etc by default) instead of
--enable-confdir=DIR for defining the directory containing reader.conf
- remove SCF support (PC/SC over Smart Card Framework). I never used
this feature and SCF is now dead and replaced by JSR 268
(javax.smartcardio)
- Better handling of PCSCLITE_STATIC_DRIVER as can be used on platforms
using #Clinux (without dynamic loader). This is used to statically
link the reader driver to pcscd. Since the link is static you must
define the IFDHandler API version at compilation time. Either define
IFDHANDLERv1, IFDHANDLERv2 or IFDHANDLERv3
- Use dynamic instead of static allocation for the driver library
filename. The filename is no more limited to 100 characters.
Closes: [#312332] MAX_LIBNAME too short?
- force the return codes SCARD_* to be long since the SCard* functions
return a LONG type
- Add the ability to parse all the configuration files of a directory
instead of just one configuration file. update-reader.conf is then now
obsolete.
- Add --enable-embedded (default is no) to build pcsc-lite for an
embedded system. This will activate the NO_LOG option to disable
logging and limit RAM and disk consumption.
- If NO_LOG is defined then no log are displayed. The idea is to limit
the binaries size on disk and RAM consumption at execution time.
With NO_LOG defined we gain 26% (17 kB) for the .text segment of pcscd
and 15% (4 kB) for the .text segment of libpcsclite.so (for i386)
- Define a minimal pcsc_stringify_error() if NO_LOG is defined. Only the
error code in hex is displayed in this case.
Gain: 2kB of .text (10%) for libpcsclite
- Add --disable-serial and --disable-usb options
--disable-serial removes support of /etc/reader.conf gain: 8.0kB of
.text (12%) and 160 bytes of .bss (4%) for pcscd
--disable-usb removes support of USB hotplug gain: 9.7kB of .text
(14%) and 960 bytes of .bss (23%) for pcscd
If you use both options (and use a static driver configuration) gain:
17.7kB of .text (26%) and 1152 bytes of .bss (28%) for pcscd
- Better support of Android
- some other minor improvements and bug corrections
|
|
|
|
Sources are from 2003, current tectia client/server has vulnterabilities,
there are no security eyes on this version.
|
|
For man pages generation, xsltproc from textproc/libxslt is needed.
Thank you, joerg@.
|
|
|
|
PolarSSL is an SSL library written in ANSI C. PolarSSL makes it easy for
developers to include cryptographic and SSL/TLS capabilities in their
(embedded) products with as little hassle as possible. It is designed to be
readable, documented, tested, loosely coupled and portable.
This package includes headers/libs only, not the demo programs.
PolarSSL is GPLv2, but offers exceptions to be distributed with other works
licensed as Apache, BSD, CC0, EUPL, LGPL, ISC, WTFPL, X11, zlib/libpng.
|
|
Bugfixes:
* SUPPORT-42: ./configure fails on FreeBSD (or if ldns is not installed in a
directory in the default search path of the complier).
* OpenDNSSEC does not compile against ldns 1.6.16 on platforms that rely on
the OpenDNSSEC implementation of strlcpy/cat
|
|
New in 0.6.20; 2010-02-16; Andreas Jellinghaus
* Modify Rutoken S binary interfaces by Aktiv Co.
* Makefiles fixed in doc/ directory
New in 0.6.19; 2010-01-07; Andreas Jellinghaus
* update on udev rules. Please now use udev instead of hal,
as distributions are deprecating hal in favor for udev.
* Thanks to Daniel Kahn Gillmor for testing on debian.
|
|
No functional change, other than building with both or neither
cardreader package will error from the options framework instead of at
configure time.
|
|
This does not make any functional changes - it is just rearranging and
comments.
|
|
|
|
libsecret is a library for storing and retrieving passwords and
other secrets. It communicates with the "Secret Service" using
DBus. gnome-keyring and ksecretservice are both implementations of
a Secret Service.
|
|
Thanks to manu@ for testing and resolving pcsc-lite ptthread leakage
problems.
Note that pcsc-lite and openct should be an options group.
Disable some obsolete CONFIGURE_ARGS.
Work around assumption that either getopt_long_only is present or
allgetopt functions must be provided.
Finnish EID patches have been applied upstream (from whence they came,
perhaps).
From upstream NEWS:
Complete change history is available online:
http://www.opensc-project.org/opensc/timeline
New in 0.12.2; 2011-07-15
* Builds are now silent by default when OpenSC is built from source on Unix.
* Using --wait with command line tools works with 64bit Linux again.
* Greatly improved OpenPGP card support, including OpenPGP 2.0 cards
like the one found in German Privacy Foundation CryptoStick.
* Fixed support for FINeID cards issued after 01.03.2011 with 2048bit keys.
* #256: Fixed support for TCOS cards (broken since 0.12.0).
* Added support for IDKey-cards to TCOS3 driver.
* #361: Improved PC/SC driver to fetch the maximum PIN sizes from the open
source CCID driver. This fixes the issue for Linux/OSX with recent driver.
* WindowsInstaller now installs only static DLL-s (PKCS#11, minidriver) to
system folder.
* Fix FINeID cards for organizations.
* Several smaller bugs and compiler warnings fixed.
New in 0.12.1; 2011-05-17
* New card driver: IAS/ECC 1.0.1
* rutoken-tool has been deprecated and removed.
* eidenv and piv-tool utilities now have manual pages.
* pkcs11-tool now requires the use of --module parameter.
* All tools can now use an ATR as an argument to --reader, to skip to the
card with given ATR.
* opensc-tool -l with -v now shows information about the inserted cards.
* Creating files have an enforced upper size limit, 64K
* Support for multiple PKCS#15 applications with different AID-s.
PKCS#15 applications can be listed with pkcs15-tool --list-applications.
Binding to a specific AID with PKCS#15 tools can be done with --aid.
* Hex strings (like card ATR or APDU-s) can now be separated by space, in
addition to colons.
* Pinpad readers known to be bogus are now ignored by OpenSC. At the moment
only "HP USB Smart Card Keyboard" is disabled.
* Windows installer is now distributed as a statically built MSI, for both
x86 and x64.
* Numerous compiler warnings, unused code and internal bugs have been
eliminated.
New in 0.12.0; 2010-12-22
* OpenSC uses a single reader driver, specified at compile time.
* New card driver: Italian eID (CNS) by Emanuele Pucciarelli.
* New card driver: Portuguese eID by João Poupino.
* New card driver: westcos by François Leblanc.
* pkcs11-tool can use a slot based on ID, label or index in the slot list.
* PIN flags are updated from supported cards when C_GetTokenInfo is called.
* Support for CardOS 4.4 cards added.
* Fature to exclude readers from OpenSC PKCS#11 via "ignored_readers"
configuration file entry.
* #229: Support semi-automatic fixes to cards personalized with older and
broken OpenSC versions.
* Software keys removed from pkcs15-init and the PKCS#11 module. OpenSC
can either generate keys on card or import plaintext keys to the card, but
will never generate plaintext key material in software by itself.
All traces of a software token (PKCS#15 Section 7) shall be removed.
* Updates to PC/SC driver to build with pcsc-lite >= 1.6.2
* Build script for a binary Mac OS X installer for 10.5 and 10.6 systems.
Binary installer includes OpenSC.tokend for platform integration.
10.6 installer includes engine_pkcs11.
* Modify Rutoken S binary interfaces by Aktiv Co.
* Support GOST R 34.10-2001 and GOST R 34.11-94 by Aktiv Co.
* CardOS driver now emulates sign on rsa keys with sign+decrypt usage
with padding and decrypt(). This is compatible with old cards and
card initialized by Siemens software. Removed "--split-key" option,
as it is no longer needed.
* Improved debugging support: debug level 3 will show everything
except of ASN1 and card matching debugging (usualy not needed).
* Massive changes to libopensc. This library is now internal, only
used by opensc-pkcs11.so and command line tools. Header files are
no longer installed, library should not be used by other applications.
Please use generic PKCS#11 interface instead.
* #include file statements cleaned up: first include "config.h", then
system headers, then additional libraries, then headers in opensc
(but from other directories), then header files from same directory.
Fix path to reference headers, remove src/include/ directory.
* Various source code fixes and improvements.
* OpenSC now depends on xsltproc utility and docbook-xsl to build docs and man
* Remove iconv dependency. EstEID driver now uses the commonName from the
certificate for card label.
* Possibility to change the default behavior for card resets via
opensc.conf.
|
|
This is necessary to avoid making opensc threaded, since then it can't
be dlopened by a non-threaded program.
Add patch comments.
Set LICENSE (modified-bsd, verified via wdiff).
This change is almost entirely due to manu@.
|
