Merge branch 'towards-opensc-0.16.0'

version.m4 updated for official release 0.16.0
coverity scan switched to 'master'

.gitignore

@@ -72,6 +72,7 @@ doc/tools/pkcs15-tool
 doc/tools/sc-hsm-tool
 doc/tools/westcos-tool
 doc/tools/dnie-tool
+doc/tools/gids-tool
 
 etc/opensc.conf.win
 etc/opensc.conf
@@ -95,6 +96,7 @@ src/tools/cryptoflex-tool
 src/tools/netkey-tool
 src/tools/pkcs11-tool
 src/tools/dnie-tool
+src/tools/gids-tool
 
 win32/OpenSC.iss
 win32/OpenSC.wxs

MacOSX/build-package.in

@@ -15,17 +15,30 @@ SDKS_PATH="$(xcode-select -p)/Platforms/MacOSX.platform/Developer/SDKs"
 SDK_PATH="${SDK_PATH:-$SDKS_PATH/$(ls -1 ${SDKS_PATH} | sort -n -k2 -t. -r | head -1)}"
 
 # Set SDK path
-export CFLAGS="$CFLAGS -isysroot $SDK_PATH -arch i386 -arch x86_64 -mmacosx-version-min=10.10"
-
-# OpenSSL is deprecated on OSX since 10.7 and that generates lots of
-# "false positive" warnings and there is no alternative option.
-# Just ignore these warning for now by silencing them.
-CFLAGS="$CFLAGS -Wno-deprecated-declarations"
+export CFLAGS="$CFLAGS -isysroot $SDK_PATH -arch x86_64 -mmacosx-version-min=10.10"
 
 export SED=/usr/bin/sed
 PREFIX=/Library/OpenSC
 export PKG_CONFIG_PATH=/usr/lib/pkgconfig
 
+if ! pkg-config libcrypto --atleast-version=1.0.1; then
+	# OpenSSL is not installed
+	if ! test -e $BUILDPATH/openssl_bin/lib/pkgconfig; then
+		# Build OpenSSL manually, because Apple's binaries are deprecated
+		if ! test -e openssl; then
+			git clone --depth=1 https://github.com/openssl/openssl.git -b OpenSSL_1_0_2-stable
+		fi
+		cd openssl
+		KERNEL_BITS=64 ./config --prefix=$PREFIX -mmacosx-version-min=10.10
+		make clean update depend
+		make
+		make INSTALL_PREFIX=$BUILDPATH/openssl_bin install_sw
+		cd ..
+	fi
+	export OPENSSL_CFLAGS="`env PKG_CONFIG_PATH=$BUILDPATH/openssl_bin/$PREFIX/lib/pkgconfig PKG_CONFIG_SYSROOT_DIR=$BUILDPATH/openssl_bin pkg-config --static --cflags libcrypto`"
+	export OPENSSL_LIBS="`  env PKG_CONFIG_PATH=$BUILDPATH/openssl_bin/$PREFIX/lib/pkgconfig PKG_CONFIG_SYSROOT_DIR=$BUILDPATH/openssl_bin pkg-config --static --libs   libcrypto`"
+fi
+
 ./configure --prefix=$PREFIX \
 --sysconfdir=$PREFIX/etc \
 --disable-dependency-tracking \

MacOSX/resources/ReadMe.html.in

@@ -17,10 +17,10 @@
 
 <p>OpenSC provides a set of libraries and utilities to work with smart cards. Its main focus is on cards that support cryptographic operations, and facilitate their use in security applications such as authentication, mail encryption and digital signatures.</p>
 
-<p>OpenSC implements the <a  href="http://www.rsa.com/rsalabs/node.asp?id=2133">PKCS#11 API</a> so applications supporting this API (such as Mozilla Firefox and Thunderbird) can use it. On the card OpenSC implements the <a href="http://www.rsa.com/rsalabs/node.asp?id=2141">PKCS#15</a> standard and aims to be compatible with every software/card that does so, too.</p>
+<p>OpenSC implements the <a href="https://www.oasis-open.org/committees/pkcs11/">PKCS#11 API</a> so applications supporting this API (such as Mozilla Firefox and Thunderbird) can use it. On the card OpenSC implements the <a href="http://www.emc.com/emc-plus/rsa-labs/standards-initiatives/pkcs-15-cryptographic-token-information-format.htm">PKCS#15</a> standard and aims to be compatible with every software/card that does so, too.</p>
 
 <h2>Documentation:</h2>
-<p>The OpenSC Wiki is available at: <a href="http://www.opensc-project.org/opensc">http://www.opensc-project.org/opensc</a> and should be consulted for further documentation and support.</p>
+<p>The OpenSC Wiki is available at: <a href="https://github.com/OpenSC/OpenSC/wiki">https://github.com/OpenSC/OpenSC/wiki</a> and should be consulted for further documentation and support.</p>
 
 </body>
-</html>
+</html>

NEWS

@@ -1,4 +1,85 @@
 NEWS for OpenSC -- History of user visible changes
+New in 0.16.0; 2016-05-15
+* build
+    link OpenSSL in static
+    option: enable PKCS11 thread locking
+* configuration
+    use one configuration file for all systems
+* tools:
+    package revision as version
+  ** pkcs11-tool
+       keygen mechanism in pkcs11 tools
+       write GOST public key
+       fix CKA_SENSITIVE attribute of public keys
+  ** opensc-explorer:
+       added command find_tags
+       allow ASN.1 decoding if the file seems incomplete
+  ** pkcs15-tool:
+       handle record-based files when doing file caching
+       option to prine raw data
+  ** sc-hsm-tool:
+       status info support for SmartCard-HSM V2.0
+  ** doc: some missing options are documented, added documentation
+       for gid tool
+* minidriver:
+  support for ECC
+  Windows x509 enrollment
+  first implementation of CardDeleteContainer
+  MD logs controlled by register and environment variable
+* reader-pcsc
+  fixed unreleased locks with pcsc-lite
+  honour PC/SC pt 10 dwMaxAPDUDataSize
+  added call back for getting vendor/product id
+  restrict access to card handles after fork
+  SCardGetAttrib is used to initialize reader's metadata
+  by default only short APDUs supported
+* pkcs11
+  no slot reserved for hot plug
+  no more slot created 'per-applications'
+  atomic operation (TODO: expand)
+  export all C_* symbols
+  metadata initialized from package info
+  fix registering pkcs11 mechanisms multiple times
+  sloppy initialization for C_GetSlotInfo
+* pkcs15
+  cache of on-card files extended to application paths
+  configuration option to enable/disable application
+  make file cache dir configurable
+  in key info data type introduced 'auxiliary data' -- container
+      for the non-pkc15 data.
+* OpenPGP
+  support for Gnuk -- USB cryptographic token for GNU Privacy Guard
+  build without OpenSSL
+  implemented 'erase card'
+  additional manufacturers
+* MyEID
+  support for 521 bit ECC keys
+  ATRs for the new cards
+* sc-hsm
+  read/write support in minidriver
+* rtecp
+  delete keys
+* GemSafeV1
+  support for European Patent Office smart card
+  sign with SHA256
+* Gids
+  first support for Gids smart card
+* dnie
+* Feitian PKI card
+  new ATRs 
+* IsoApplet
+  (fixes)
+* starcos
+  initial support for STARCOS 3.4 (German D-Trust cards)
+* macosx
+  install tokend to /Library/Security/ instead /System/Library/Security/
+  fixed locking issue in pcsc reader
+* PIV
+  allow using of cards where default application in not PIV
+  support for the Yubikey NEO
+* italian-CNS
+  italian-cns reg file for minidriver
+
 New in 0.15.0; 2015-05-11
 * new card drivers
   AzeDIT 3.5

appveyor.yml

@@ -1,4 +1,10 @@
-version: 0.15.0.{build}
+version: 0.16.0.{build}
+
+#init:
+#  # Exclude combinations allowed to fail
+#  - if "%Environment%" == "VSVER=14" (if "%Configuration%" == "Release" (exit /b 1))
+#  - if "%Environment%" == "VSVER=14" (if "%Configuration%" == "Debug" (exit /b 1))
+#  - if "%Environment%" == "VSVER=10" (if "%Platform%" == "x64" (exit /b 1))
 
 platform:
   - x86
@@ -12,11 +18,12 @@ configuration:
 
 environment:
   matrix:
-    - VSVER: 14
+    # - VSVER: 14
     - VSVER: 12
-    - VSVER: 10
+    # - VSVER: 10
 
 matrix:
+  fast_finish: true     # set this flag to immediately finish build once one of the jobs fails.
   allow_failures:
     # not included in AppVeyor right now
     - platform: x64
@@ -38,19 +45,20 @@ install:
   - set OPENSSL_VER=1_0_2e
   - set ZLIB_VER=128
   - set ZLIB_VER_DOT=1.2.8
+  - ps: $env:PACKAGE_NAME=(git describe --tags)
   - ps: >-
       If ($env:Platform -Match "x86") {
         $env:VCVARS_PLATFORM="x86"
         $env:ENV_PLATFORM="x86"
         $env:OPENSSL_PF="Win32"
         $env:NMAKE_ARCH=""
-        $env:ARTIFACT="OpenSC-${env:APPVEYOR_BUILD_VERSION}-win32_vs${env:VSVER}-${env:CONFIGURATION}.msi"
+        $env:ARTIFACT="OpenSC-${env:PACKAGE_NAME}-win32_vs${env:VSVER}-${env:CONFIGURATION}.msi"
       } Else {
         $env:VCVARS_PLATFORM="amd64"
         $env:ENV_PLATFORM="x64"
         $env:OPENSSL_PF="Win64"
         $env:NMAKE_ARCH="BUILD_ON=WIN64 BUILD_FOR=WIN64"
-        $env:ARTIFACT="OpenSC-${env:APPVEYOR_BUILD_VERSION}-win64_vs${env:VSVER}-${env:CONFIGURATION}.msi"
+        $env:ARTIFACT="OpenSC-${env:PACKAGE_NAME}-win64_vs${env:VSVER}-${env:CONFIGURATION}.msi"
       }
   - ps: >-
       If ($env:Configuration -Like "*Debug*") {
@@ -75,6 +83,7 @@ install:
   - appveyor DownloadFile "http://download.microsoft.com/download/2/C/9/2C93059C-0532-42DF-8C24-9AEAFF00768E/cngsdk.msi"
   - cngsdk.msi /quiet
   - uname -a
+  - set
 
 build_script:
   # build zlib.lib as a static library
@@ -108,3 +117,17 @@ cache:
   - C:\OpenSSL-Win32 -> appveyor.yml
   - C:\OpenSSL-Win64 -> appveyor.yml
   - zlib.zip -> appveyor.yml
+
+deploy:
+  - provider: GitHub
+    tag: $(APPVEYOR_REPO_TAG_NAME)
+    release: OpenSC-$(APPVEYOR_REPO_TAG_NAME)
+    description: 'release OpenSC $(APPVEYOR_REPO_TAG_NAME)'
+    auth_token:
+      secure: NGaTqWohBQa7fgE62rEm2sp9jkv6S9FRc3YEi3T5CpaoyIY6K89FJjqzaoPLr8vj
+    artifact: /OpenSC-.*\.msi/
+    draft: false
+    prerelease: true
+    on:
+      branch: /0.16.0-rc.*/		# here branch is release tag
+      appveyor_repo_tag: true  		# deploy on tag push only

configure.ac

@@ -6,7 +6,7 @@ define([PRODUCT_NAME], [OpenSC])
 define([PRODUCT_TARNAME], [opensc])
 define([PRODUCT_BUGREPORT], [https://github.com/OpenSC/OpenSC/issues])
 define([PACKAGE_VERSION_MAJOR], [0])
-define([PACKAGE_VERSION_MINOR], [15])
+define([PACKAGE_VERSION_MINOR], [16])
 define([PACKAGE_VERSION_FIX], [0])
 define([PACKAGE_SUFFIX], [])
 
@@ -224,6 +224,13 @@ AC_ARG_ENABLE(
 	[enable_dnie_ui="no"]
 )
 
+AC_ARG_ENABLE(
+	[werror-declaration-after-statement],
+	[AS_HELP_STRING([--disable-werror-declaration-after-statement],[disable -Werror 'declaration-after-statement' @<:@enabled@:>@])],
+	,
+	[werror_declaration_after_statement="yes"]
+)
+
 AC_ARG_WITH(
 	[xsl-stylesheetsdir],
 	[AS_HELP_STRING([--with-xsl-stylesheetsdir=PATH],[docbook xsl-stylesheets for svn build @<:@detect@:>@])],
@@ -244,6 +251,7 @@ AC_ARG_WITH(
 	,
 	[with_pkcs11_provider="detect"]
 )
+
 dnl ./configure check
 reader_count=""
 for rdriver in "${enable_pcsc}" "${enable_openct}" "${enable_ctapi}"; do
@@ -549,10 +557,6 @@ if test "${enable_sm}" = "yes"; then
 		*-mingw*|*-winnt*|*-cygwin*)
 			DEFAULT_SM_MODULE_PATH="\# module_path = \"\";"
 		;;
-		*-apple-*)
-			DEFAULT_SM_MODULE="libsmm-local.dylib"
-			DEFAULT_SM_MODULE_PATH="module_path = \$(libdir);"
-		;;
 		*)
 			DEFAULT_SM_MODULE="libsmm-local.so"
 			DEFAULT_SM_MODULE_PATH="module_path = \$(libdir);"
@@ -635,11 +639,6 @@ case "${host}" in
 		LIBDIR=""
 		LIB_PRE=""
 		;;
-	*-apple-*)
-		DYN_LIB_EXT=".dylib"
-		LIBDIR="\$(libdir)/"
-		LIB_PRE="lib"
-		;;
 	*)
 		DYN_LIB_EXT=".so"
 		LIBDIR="\$(libdir)/"
@@ -784,7 +783,9 @@ if test "$GCC" = "yes"; then
 	CFLAGS="-fno-strict-aliasing ${CFLAGS}"
 fi
 
-CFLAGS="${CFLAGS} -Werror=declaration-after-statement"
+if test "${werror_declaration_after_statement}" = "yes"; then
+	CFLAGS="${CFLAGS} -Werror=declaration-after-statement"
+fi
 
 AC_CONFIG_FILES([
 	Makefile