-
Notifications
You must be signed in to change notification settings - Fork 712
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Towards new release 0.19.0 #1448
Comments
Thanks for the great starter 👍 I'd like to leave out some technical details and be more specific about the change in the minidriver. If you agree, I'll directly edit the problem description, OK? |
Sure. This was mostly copy paste from commit messages that I considered important, but I don't quite much anything know about the minidriver so feel free to use better wording by directly editing the issue. |
I've updated the description. @Jakuje , could you review the CAC/Coolkey description from a user perspective (NEWS will contain only user visible changes). |
I fixed a typo and removed the reference to security issues as not covered. CAC/Coolkey sections look good to me. |
Hi, I experience the following:
Configure:
Regards, |
I do not see this is fixed.
```
Making all in files
make[3]: Entering directory
'/var/tmp/portage/dev-libs/opensc-0.19.0/work/opensc-0.19.0/doc/files'
sed -e 's|@pkgdatadir[@]|/usr/share/opensc|g' < pkcs15-profile.5.xml \
| xsltproc --nonet --path
"./..:/usr/share/sgml/docbook/xsl-stylesheets/manpages" --xinclude -o
pkcs15-profile.5 man.xsl pkcs15-profile.5.xml
Warn: meta author : no refentry/info/author
pkcs15-profile
Note: meta author : see http:https://docbook.sf.net/el/author
pkcs15-profile
Warn: meta author : no author data, so inserted a fixme
pkcs15-profile
Note: Writing pkcs15-profile.5
sed \
-e 's|@sysconfdir[@]|/etc|g' \
-e 's|@DocDir[@]|/usr/share/doc/opensc-0.19.0|g' \
-e 's|@libdir[@]|/usr/lib64|g' \
-e 's|@DYN_LIB_EXT[@]|.so|g' \
-e 's|@DEFAULT_PCSC_PROVIDER[@]|libpcsclite.so.1|g' \
-e 's|@PROFILE_DIR_DEFAULT[@]|/usr/share/opensc|g' \
-e 's|@DEFAULT_SM_MODULE[@]||g' \
< opensc.conf.5.xml.in > opensc.conf.5.xml
xsltproc --nonet --path
"./..:/usr/share/sgml/docbook/xsl-stylesheets/manpages" --xinclude -o
opensc.conf.5 man.xsl opensc.conf.5.xml
Warn: meta author : no refentry/info/author
opensc.conf
Note: meta author : see http:https://docbook.sf.net/el/author
opensc.conf
Warn: meta author : no author data, so inserted a fixme
opensc.conf
Note: Writing opensc.conf.5
make[3]: *** No rule to make target 'files.xml', needed by 'all-am'. Stop.
```
Please also check the libressl compatibility before release.
|
I don't see this problem in CI nor on my machine... How are you building the package? Were you using https://github.com/OpenSC/Nightly/blob/2018-09-04_62a28473/opensc-0.19.0.tar.gz?raw=true? Could you check on libressl? |
On Wed, Sep 5, 2018 at 9:27 AM Frank Morgner ***@***.***> wrote:
I don't see this problem in CI nor on my machine... How are you building the package? Were you using https://github.com/OpenSC/Nightly/blob/2018-09-04_62a28473/opensc-0.19.0.tar.gz?raw=true?
yes + the patch.
do you check also parallel build? although I get this with non parallel.
Could you check on libressl?
I have a very limited time to be qa. The CI should also check libressl.
|
Please tell me how to reproduce this... |
As I wrote it is reproduced every time for me with a simple build I pasted
the configure statement. Please try make -j5 and see if you can reproduce
if it is related to parallel build, otherwise, I will have time on weekend
to look into this and fix it.
|
please check as fast as possible, because there are a number of security fixes with this release. |
In response to #1448 (comment) I can get the same error when building separate source and build directories:
But only if I specified The problem appears to be the above line is looking for Adding "./" to the path fixes it. Need to do a ./bootstrap.
|
Thanks, Doug! Building in a separate folder was the missing hint. It's fixed now. |
updated the description |
master build success. thanks! |
Please merge this to 0.19.0 #1477 |
I updated the test results with my cards: https://github.com/OpenSC/OpenSC/wiki/Smart-Card-Release-Testing All of them work well. The only issues I noticed were the following:
|
Unfortunately the muscle driver still seems to be used often... We've moved the MUSCLE driver up the detection list, because this applet always return 9000, no matter what AID was used for selection. This would make the muscle applet be detected as any other applet based card (58b6cc0). I wonder why the muscle driver matches for a coolkey card. Did I miss some discussion? |
It is most probably because coolkey is based on muscle applet so it behaves similarly in this way. |
I would have nothing against detecting coolkey first, but if the applet has the same bug, this means that muscle card will be mistakenly identified as coolkey cards. Unfortunately, this is only treating the symptoms; a real fix should be applied in the applets' implementations. Is there some maintainer of the coolkey applet who can help? |
@dengert tried to analyze this in #1377 (comment) but there was no outcome since none of us is Java Card expert. Notably, this issue does not express when the card is plugged in the reader and only after that the card is accessed by the OpenSC. The issue happens only soon after hot-plug (wait for slot event and then start detection) or after reset (fast disconnect and connect from p11tests), which makes me think that it is problem of the platform itself, rather than problem of either of applets, I can try to bring this to Bob, who might have some idea but even if we would fix it in the applet, there are many enrolled cards in the wild so we should really modify the card detection to request some content and not only the 90 00 from the card select. Anyway, this is not a regression, since this was behaving the same also in previous releases. Is there still anything that needs to be done before release or when we can expect one, when the CVEs are already assigned? |
OK, done |
Please, lets have also the home page of the wiki updated with the new release links and information. I can do it tomorrow, if nobody else will pick it up. |
done |
hi, |
With #1447 and many other features from recent months, it is time to prepare next release.
Below you'll find a draft for an update of the NEWS file. Let me know if I missed something or something can be worded better.
What is not covered in the news, but I would really like to see reviewed and merged is #1435 (RSA-PSS using RAW RSA), which will soon be demanded feature mostly for TSL1.3.
General Improvements
pkcs11_enable_InitToken made
global configuration optionOPENSC_DRIVER
environment variable to restrict driver list instead of forcing one driver and skipping vital parts of configurationzero_ckaid_for_ca_certs
,force_card_driver
,reopen_debug_file
,paranoid-memory
ignored_readers
PKCS#11
C_WaitForSlotEvent
(Do not temporarily set SC_READER_REMOVED on all readers #1335)Minidriver
OpenSC tools
opensc-notify
pkcs15-tool
p11test
CKC_X_509
opengpg-tool
sc-hsm
CAC
Coolkey
OpenPGP
Starcos
CardOS
pkcs15init
)German ID card
PIV
The list of changes and commits since last release so far:
0.18.0...master
The text was updated successfully, but these errors were encountered: