From ecf8b1ed4d7342d427e1a4e593ddc49321c80fe2 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Dec 07 2021 19:14:03 +0000
Subject: import opensc-0.22.0-2.el9


---

diff --git a/SOURCES/opensc-0.22.0-detect-empty.patch b/SOURCES/opensc-0.22.0-detect-empty.patch
new file mode 100644
index 0000000..671aba2
--- /dev/null
+++ b/SOURCES/opensc-0.22.0-detect-empty.patch
@@ -0,0 +1,62 @@
+From fe198e8b3837aa4c960e75d0e2a41020ad4dc9f9 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Fri, 24 Sep 2021 13:33:26 +0200
+Subject: [PATCH 1/9] pkcs11: Unbreak detection of unenrolled cards
+
+This was broken since 58b03b68, which tried to sanitize some states,
+but caused C_GetTokenInfo returning CKR_TOKEN_NOT_RECOGNIZED instead
+of empty token information.
+
+Note, that this has effect only if the configuration options
+enable_default_driver and pkcs11_enable_InitToken are turned on.
+Otherwise it still returns CKR_TOKEN_NOT_RECOGNIZED.
+---
+ src/pkcs11/framework-pkcs15.c | 17 +++++++++--------
+ 1 file changed, 9 insertions(+), 8 deletions(-)
+
+diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c
+index 74fe7b3c49..4205e41739 100644
+--- a/src/pkcs11/framework-pkcs15.c
++++ b/src/pkcs11/framework-pkcs15.c
+@@ -544,9 +544,7 @@ CK_RV C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
+ {
+ 	struct sc_pkcs11_slot *slot;
+ 	struct pkcs15_fw_data *fw_data = NULL;
+-	struct sc_pkcs15_card *p15card = NULL;
+ 	struct sc_pkcs15_object *auth;
+-	struct sc_pkcs15_auth_info *pin_info;
+ 	CK_RV rv;
+ 
+ 	sc_log(context, "C_GetTokenInfo(%lx)", slotID);
+@@ -578,12 +576,6 @@ CK_RV C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
+ 		rv = sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_GetTokenInfo");
+ 		goto out;
+ 	}
+-	p15card = fw_data->p15_card;
+-	if (!p15card) {
+-		rv = sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GetTokenInfo");
+-		goto out;
+-	}
+-
+ 	/* User PIN flags are cleared before re-calculation */
+ 	slot->token_info.flags &= ~(CKF_USER_PIN_COUNT_LOW|CKF_USER_PIN_FINAL_TRY|CKF_USER_PIN_LOCKED);
+ 	auth = slot_data_auth(slot->fw_data);
+@@ -591,8 +583,17 @@ CK_RV C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
+ 		"C_GetTokenInfo() auth. object %p, token-info flags 0x%lX", auth,
+ 		slot->token_info.flags);
+ 	if (auth) {
++		struct sc_pkcs15_card *p15card = NULL;
++		struct sc_pkcs15_auth_info *pin_info = NULL;
++
+ 		pin_info = (struct sc_pkcs15_auth_info*) auth->data;
+ 
++		p15card = fw_data->p15_card;
++		if (!p15card) {
++			rv = sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GetTokenInfo");
++			goto out;
++		}
++
+ 		sc_pkcs15_get_pin_info(p15card, auth);
+ 
+ 		if (pin_info->tries_left >= 0) {
+
diff --git a/SOURCES/opensc-0.22.0-file-cache.patch b/SOURCES/opensc-0.22.0-file-cache.patch
new file mode 100644
index 0000000..3702537
--- /dev/null
+++ b/SOURCES/opensc-0.22.0-file-cache.patch
@@ -0,0 +1,23 @@
+diff -up opensc-0.22.0/etc/opensc.conf.file-cache opensc-0.22.0/etc/opensc.conf
+--- opensc-0.22.0/etc/opensc.conf.file-cache	2021-10-08 13:14:44.091772071 +0200
++++ opensc-0.22.0/etc/opensc.conf	2021-10-08 13:19:27.339051951 +0200
+@@ -2,7 +2,7 @@ app default {
+ 	# debug = 3;
+ 	# debug_file = opensc-debug.txt;
+ 	framework pkcs15 {
+-		# use_file_caching = true;
++		use_file_caching = true;
+ 	}
+ 	reader_driver pcsc {
+ 		# The pinpad is disabled by default,
+@@ -10,3 +10,10 @@ app default {
+ 		enable_pinpad = false;
+ 	}
+ }
++# the pkcs15-init is used for card initialization when the file caching
++# brings more trouble than use so disable that:
++app pkcs15-init {
++	framework pkcs15 {
++		use_file_caching = false;
++	}
++}
diff --git a/SPECS/opensc.spec b/SPECS/opensc.spec
index 8b245f8..a749e2c 100644
--- a/SPECS/opensc.spec
+++ b/SPECS/opensc.spec
@@ -3,7 +3,7 @@
 
 Name:           opensc
 Version:        0.22.0
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        Smart card library and applications
 
 License:        LGPLv2+
@@ -15,6 +15,10 @@ Patch1:         opensc-0.19.0-pinpad.patch
 Patch5:         %{name}-gcc11.patch
 # https://github.com/OpenSC/OpenSC/pull/2343
 Patch7:         %{name}-32b-arch.patch
+# File caching by default (#2000626)
+Patch8:         %{name}-%{version}-file-cache.patch
+# https://github.com/OpenSC/OpenSC/pull/2414 (#2007029)
+Patch9:         %{name}-%{version}-detect-empty.patch
 
 BuildRequires: make
 BuildRequires:  pcsc-lite-devel
@@ -54,6 +58,8 @@ every software/card that does so, too.
 %patch1 -p1 -b .pinpad
 %patch5 -p1 -b .gcc11
 %patch7 -p1 -b .32b
+%patch8 -p1 -b .file-cache
+%patch9 -p1 -b .detect-empty
 
 cp -p src/pkcs15init/README ./README.pkcs15init
 cp -p src/scconf/README.scconf .
@@ -203,6 +209,10 @@ rm %{buildroot}%{_mandir}/man1/opensc-notify.1*
 
 
 %changelog
+* Fri Oct 08 2021 Jakub Jelen <jjelen@redhat.com> - 0.22.0-2
+- Unbreak detection of unentrolled smart cards (#2007029)
+- Enable file caching by default except for pkcs15-init (#2000626)
+
 * Wed Aug 11 2021 Jakub Jelen <jjelen@redhat.com> - 0.22.0-1
 - New upstream release (#1970534)