OsCam Changelogs

**kalkan99** · Feb 9th 2026

Changeset 11943-c656fef9

08.02.2026

dvbapi: use SERVICE_TYPE_MASK descriptor to fix CW delivery for shared services

When stream_write_cw() successfully delivers a CW to a stream client,

it returns true and prevents the same CW from being written via the

CA device (ioctl/netsend). This exclusive routing causes a CW gap

on demuxers that require CA device delivery until the next cw cycle,

because stream_write_cw() consumes the CW before the stream client

has fully disconnected.

Parse the SERVICE_TYPE_MASK descriptor (0x85) from the CA PMT to

identify whether a demux serves a stream client (type 7/8) or requires

direct CA device or netsend descrambling. For demuxers that require

CA device or netsend delivery, always write the CW via dvbapi_write_cw

regardless of whether stream_write_cw() consumed it. For stream-only

demuxers and clients that don't send descriptor 0x85, preserve the

original exclusive behavior.

thanks WXbet

**kalkan99** · Feb 28th 2026

Changeset 11944-26f83abe

28.02.2026

dvbapi: suppress pmt mode 6 connection retry log spam

Log the connection attempt and error only once, then silently retry every second until the CA PMT server becomes available.

thanks WXbet

**kalkan99** · Feb 28th 2026

Changeset 11945-6c8324e0

28.02.2026

warnings: fix C23 and glibc-2.43 -Wdiscarded-qualifiers warnings

For ISO C23, the function strstr that return pointers into their input

arrays now have definitions as macros that return a pointer to a

const-qualified type when the input argument is a pointer to a const-qualified

type.

https://lists.gnu.org/archive/html/info ... 00005.html

Co-authored-by Rudi Heitbaum

thanks WXbet

**kalkan99** · Apr 7th 2026

Changeset 11946-5d00e7e2

07.04.2026

signing: fix build with OpenSSL 4

* fix -Wdiscarded-qualifiers on X509_get_subject/issuer_name

OpenSSL 4 changed X509_get_subject_name() and X509_get_issuer_name()

to return 'const X509_NAME *', which breaks the call to our local

helper _X509_NAME_oneline_utf8() that still takes a non-const

X509_NAME *:

oscam-signing.c:235:46: warning: passing argument 1 of

'_X509_NAME_oneline_utf8' discards 'const' qualifier from

pointer target type [-Wdiscarded-qualifiers]

Route the result of the X509 getters through a uintptr_t cast to

explicitly drop the const qualifier at the call sites, mirroring the

approach already used for ASN1_STRING_type() in ASN1_TIME_to_posix_time().

This avoids changing the helper's signature, which would require a

more invasive const-correctness pass given that older OpenSSL versions

(including 0.9.x, still supported by this file) declared many X509

APIs as non-const.

* fix ASN1_STRING_type() accessor

In OpenSSL 4 the ASN1_STRING / ASN1_TIME struct became fully opaque,

so struct members can no longer be accessed directly from public

headers. This broke the WITH_SIGNING build:

oscam-signing.c:124:17: error: invalid use of incomplete typedef

'ASN1_TIME' {aka 'const struct asn1_string_st'}

switch(t->type)

The data pointer was already handled via ASN1_STRING_get0_data() for

OpenSSL >= 1.1.0, but t->type was still accessed directly and was

overlooked until OpenSSL 4 removed the last bit of struct visibility.

Replace the direct member access with the ASN1_STRING_type() accessor

function, which has existed since OpenSSL 0.9.x and is therefore

available in all supported versions (1.0, 1.1, 3.x, 4.x) without a

version guard.

Since older OpenSSL versions declare ASN1_STRING_type() as taking a

non-const ASN1_STRING *, the cast is routed through uintptr_t to

explicitly drop the const qualifier of t without triggering

-Wdiscarded-qualifiers (treated as error by the 'ancient' CI build).

uintptr_t is already available via globals.h (stdint.h).

thanks WXbet

**kalkan99** · Apr 11th 2026

Changeset 11949-53e2466a

11.04.2026

webif: remove poll from request read loop

Simplify WebIf request handling by relying on check_request()

to detect complete HTTP headers and request bodies instead of

polling the socket between reads.

This removes the extra poll-based wait path while preserving

correct handling for fragmented GET and POST requests.

thx to lpm11

thanks tem_invictus

**kalkan99** · Apr 16th 2026

Changeset 11950-783ef1bc

16.04.2026

* chore: remove 64 services/groups startup warning

thanks tem_invictus

**kalkan99** · Apr 20th 2026

Changeset 11952-de145170

20.04.2026

Code

* cmake: declare STATIC_* and LIBCRYPTO_LIB/SSL_LIB as cache variables

When a user passes -DSTATIC_PCSC=0 while HAVE_PCSC is also 0 (or
vice-versa for libcrypto/libssl/libusb/libdvbcsa), cmake prints:

  CMake Warning:
    Manually-specified variables were not used by the project:
      STATIC_PCSC

The warning is harmless but confusing: the STATIC_* flag is only
read inside if (HAVE_*) blocks, so when the feature is disabled
the -D value is indeed unreferenced.

Declare the flags via option() (and LIBCRYPTO_LIB/SSL_LIB via
set(... CACHE STRING ...)) at the top of the file so cmake
considers them known even when the feature guard is inactive.
Placed before system detection so they don't override the
macOS-specific set(STATIC_LIBUSB True).

* cmake: add LIBCRYPTO_LIB and SSL_LIB overrides for Makefile parity

The Makefile allows passing a full library path to override the
default detection:

  make USE_LIBCRYPTO=1 LIBCRYPTO_LIB=/usr/lib/libcrypto.a
  make USE_SSL=1 SSL_LIB=/usr/lib/libssl.a

Mirror this in cmake by honouring LIBCRYPTO_LIB and SSL_LIB when
set. The supplied path is used as-is for OPENSSL_CRYPTO_LIBRARIES
and OPENSSL_SSL_LIBRARIES, bypassing the static auto-detection.

Both static and dynamic archives work. Existing flags
(STATIC_LIBCRYPTO, STATIC_SSL, OPENSSL_*_LIBRARY) keep working.

* cmake: simplify libusb and libdvbcsa status summary

Apply the same pattern used for PCSC to libusb and libdvbcsa:
report the final resolved link mode instead of mixing request
flags with result flags.

  LIBUSBDIR/LIBDVBCSADIR -> custom location selected
  STATICLIBUSB/STATICLIBDVBCSA -> static linking was selected

Removes the redundant "You selected to enable static" messages
(the result message already covers that case) and the duplicate
LIBUSBDIR branches.

* cmake: simplify PCSC status summary

Restructure the PCSC summary block to describe the final resolved
link mode instead of mixing request flags with result flags:

  PCSCDIR     -> user selected a custom PCSC location
  STATICPCSC  -> static linking was actually selected

STATIC_PCSC (user request) and STATICPCSC (actual result) are not
always the same, e.g. when libpcsclite.a cannot be found despite
STATIC_PCSC=1. Using only STATICPCSC in the summary keeps the
status message aligned with the real build result.

* cmake: add static libcrypto and libssl support

Add STATIC_LIBCRYPTO and STATIC_SSL flags to independently control
static linking of libcrypto and libssl, matching the Makefile where
LIBCRYPTO_LIB and SSL_LIB can be set to .a paths separately.

When either flag is set, OPENSSL_USE_STATIC_LIBS is enabled for
find_package(OpenSSL), then find_library locates the static archives
relative to the OpenSSL include directory. The native CMake variables
OPENSSL_CRYPTO_LIBRARY and OPENSSL_SSL_LIBRARY can also be used to
pass explicit paths directly.

Usage:
  cmake -DHAVE_LIBCRYPTO=1 -DSTATIC_LIBCRYPTO=1 ..
  cmake -DHAVE_LIBCRYPTO=1 -DSTATIC_SSL=1 ..
  cmake -DHAVE_LIBCRYPTO=1 -DSTATIC_LIBCRYPTO=1 -DSTATIC_SSL=1 ..
  cmake -DHAVE_LIBCRYPTO=1 -DOPENSSL_CRYPTO_LIBRARY=/pfad/libcrypto.a ..

* cmake: add static PCSC and custom PCSCDIR support

Add PCSCDIR and STATIC_PCSC support for PCSC linking, bringing it
on par with libusb (LIBUSBDIR/STATIC_LIBUSB) and libdvbcsa
(LIBDVBCSADIR). Previously cmake could only link PCSC dynamically
with the bare -lpcsclite flag.

PCSCDIR uses find_library with IMPORTED targets for both static
and dynamic linking. Without PCSCDIR, -DSTATIC_PCSC=1 searches
the system for libpcsclite.a and falls back to dynamic if not found.

Usage:
  cmake -DHAVE_PCSC=1 ..
  cmake -DHAVE_PCSC=1 -DSTATIC_PCSC=1 ..
  cmake -DHAVE_PCSC=1 -DPCSCDIR=/opt/pcsc ..
  cmake -DHAVE_PCSC=1 -DPCSCDIR=/opt/pcsc -DSTATIC_PCSC=1 ..

* cmake: switch library detection from auto-detect to opt-in

Libraries like pcsclite, libusb and OpenSSL were auto-detected via
check_include_file, causing unwanted dynamic linking when the toolchain
sysroot contained these libraries. This changes cmake to match the
Makefile behavior where libraries must be explicitly requested.

Use -DHAVE_PCSC=1, -DHAVE_LIBUSB=1 or -DHAVE_LIBCRYPTO=1 to enable.
OpenSSL/libcrypto is auto-enabled when WITH_SSL is active in config.

Wrap the static library link step in --start-group/--end-group
(GNU ld) to resolve circular dependencies between csoscam, csmodules
and csreaders. Since 28f2598b (cleanup reader macros) the
READER_VIACCESS ifdef in oscam-aes.c caused oscam-aes.o to not be
pulled from libcsoscam.a when READER_VIACCESS was disabled, leaving
aes_encrypt_idx/aes_decrypt/aes_set_key_alloc unresolved for modules
like camd35 and camd33. Simple reordering is not possible since
csoscam and csmodules have mutual dependencies. macOS is excluded
as Apple ld rescans archives automatically.

Display More

thanks WXbet

**abu baniaz** · Apr 26th 2026

11953

build: isolate test build artifacts into a separate directory

https://git.streamboard.tv/common/oscam/-/commit/f4316e45a491a3bfeb3c6b763e1ca4d2d4e5197e

**abu baniaz** · Apr 26th 2026

11954

tests: enable reliable standalone test builds and proper CI failure reporting

https://git.streamboard.tv/common/oscam/-/commit/f30eebf5ac803005ca206424b2fb294a8c605d84

Code

* build: keep test binaries unsigned


Skip the link-stage signing step when BUILD_TESTS is enabled in the
Makefile. The tests target already avoids strip/sign/upx when copying
tests.bin from tests.bin.debug, but tests.bin.debug itself was still
passed through SIGN_COMMAND_OSCAM. With signing enabled this could still
reassemble stale UPX split files into the test binary before the copy
step, reintroducing the failure the tests build path was meant to avoid.


* build: add BUILD_TESTS support to CMake and skip strip/sign/upx


Makefile: SIGN_COMMAND_OSCAM reassembles any leftover UPX split parts
(upx.aa / upx.ab from a previous build) onto the current target — on
the second invocation this re-creates a UPX-compressed
tests.bin.debug, so the subsequent strip fails with 'input file has no
sections' and aborts the build. The test binary does not need to be
stripped, signed or compressed. Skip all three steps when
BUILD_TESTS=1 and just copy .debug → bin.


CMakeLists.txt previously had no tests target at all — 'make tests'
only worked via the Makefile. Add a BUILD_TESTS option (OFF by
default) that mirrors the Makefile path:
- pulls tests.c into the csoscam library
- adds -DBUILD_TESTS=1 to the global compile definitions
- renames the executable to tests.bin and links it without the
strip/sign/upx POST_BUILD commands
- exposes a 'run-tests' custom target that builds the binary and
executes it in the build tree


Standard usage:
mkdir build-tests && cd build-tests
cmake -DBUILD_TESTS=ON -DUSE_SSL=1 -DUSE_LIBCRYPTO=1 ..
make run-tests


* tests: add crypto test vectors


Extend run_all_tests() with known-answer tests against the crypto API
surface oscam uses:


- MD5        RFC 1321 Appendix A.5 + __md5_crypt ($1$ WebIf hashes)
- SHA1       FIPS 180-1 (short vectors, one-shot and streaming)
- SHA256     FIPS 180-2 + 1M 'a' long-stream via mbedtls_sha256
- MDC2       OpenSSL-1.0 mdc2test.c KAT + streaming split
- AES ECB    NIST SP 800-38A F.1.1/F.1.3/F.1.5 (AES-128/192/256)
- AES CBC    NIST SP 800-38A F.2.1/F.2.5, single + chunked (IV chain)
- AesCtx     cscrypt/fast_aes ECB + CBC
- AES void*  oscam-aes.c wrappers (aes_cbc_encrypt/decrypt,
aes_encrypt_idx, aes_decrypt)
- AES DB     aes_decrypt_from_list / aes_present round-trip
- IDEA       Ascom KAT + CBC reversal
- RC6        RC6 paper all-zero KAT
- DES        ECB (Stallings) + single-block via schedule
- DES-CBC    verified against openssl -des-cbc
- 3DES-EDE2-CBC KAT verified against openssl -des-ede-cbc
- 3DES-ECB3  reversal
- BN         mod_exp, bn2bin, num_bytes, mod_inverse, mul,
add_word, sub_word, cmp, copy
- DES parity helpers (des_set_odd_parity / _all)


Exit status reflects failure count so CI can gate on it.


* tests: return failure count and exit with correct status


The test binary previously always exited with status 0, regardless of
whether any tests failed. This made it useless in CI: a regression would
print errors to stdout but the process would still report success.


This commit fixes that end-to-end, and addresses several related issues
found while doing so.


Exit status
-----------
run_all_tests() now returns int (total failure count) instead of void.
run_tests() in oscam.c passes that value to exit():


exit(run_all_tests() ? EXIT_FAILURE : EXIT_SUCCESS);


A non-zero failure count now produces a non-zero exit code. A summary
line is printed at the end of the run:


Summary: N failure(s)


Type-safe adapter layer
-----------------------
The test_type struct previously stored function pointers cast to generic
types (CHK_FN *, MK_T_FN *, etc.) in order to accommodate different
concrete data types. Calling a function through a mismatched pointer
type is undefined behavior in C, even when the signatures are similar.


This is replaced with a DEFINE_TEST_ADAPTERS macro that generates a set
of correctly-typed wrapper functions for each data type:


DEFINE_TEST_ADAPTERS(ecm_whitelist, ECM_WHITELIST, ewnum);
DEFINE_TEST_ADAPTERS(ecm_hdr_whitelist, ECM_HDR_WHITELIST, ehnum);
...


Each expansion produces chk_*, mk_t_*, clear_*, clone_*, and has_data_*
adapters that cast the void * argument to the correct concrete type and
forward the call. The struct fields now hold pointers to these adapters
with no casts required.


Clone failure detection
-----------------------
A new HAS_DATA_FN callback is added to test_type. It reports whether a
parsed data structure contains any entries (by checking the count field
named in the macro, e.g. ewnum, ehnum). This enables a meaningful
distinction in the test loop:


- If parsing produced data and clone_fn returns false, that is a clone
error and is reported as such with a dedicated "=== CLONE ERROR ==="
message.
- If parsing produced no data and clone returns false, that is expected
behavior and is not counted as a failure.


Previously a failed clone would silently fall through, potentially
producing misleading output from stale data.


Co-authored-by: default avatarWXbet <4-WXbet@users.noreply.git.streamboard.tv>

Display More

**abu baniaz** · Apr 26th 2026

11955

tests: gate run_aes_key_list_tests with READER_VIACCESS

https://git.streamboard.tv/common/oscam/-/commit/dd3606d48576b744f2df8a21f6d7b57fb7aa9c53

Code

The AES key-list helpers it exercises — add_aes_entry,
aes_clear_entries, aes_decrypt_from_list, aes_present — are
defined in oscam-aes.c under #ifdef READER_VIACCESS, since
Viaccess is the only consumer. Calling them unconditionally
from run_crypto_tests() makes tests.bin fail to link on every
build without the Viaccess reader:


oscam-aes.c: undefined reference to add_aes_entry
aes_clear_entries
aes_decrypt_from_list
aes_present


Reproduces e.g. on the cmake test build for the VuZero4k target
with MODULE_CCCAM enabled (so WITH_LIB_AES is on) but no readers.


Wrap both the run_aes_key_list_tests() definition and its
caller in run_crypto_tests() in #ifdef READER_VIACCESS, matching
the gating of the helpers themselves.

Display More

**abu baniaz** · Apr 26th 2026

11956

build: remove obsolete WITH_SSL config entry

https://git.streamboard.tv/common/oscam/-/commit/5574068fd2d38b4a7ead9cfe9e1be33cd778c253

Code

WITH_SSL was added to config.sh in 2010 (commit 6c2b2c49) when there was
no separation between make and cmake. Today the convention is:
- make uses USE_SSL=1
- cmake uses -DWITH_SSL=1


WITH_SSL in config.sh's addons list violated this and only acted as a
config-file fallback that translated to USE_SSL in the Makefile. Both
build systems work fine without it.


Removed:
- WITH_SSL from addons list and defconfig in config.sh
- WITH_SIGNING -> WITH_SSL auto-dependency (Makefile and CMakeLists
already handle this on their own)
- WITH_SSL menuconfig entry and help examples
- config.sh --enabled WITH_SSL fallback in Makefile
- CONFIG_WITH_SSL fallback logic in CMakeLists.txt


The GitLab CI pipeline previously passed the make-style flag -DUSE_SSL
to cmake, which cmake silently ignored — the dropped config.sh fallback
used to paper over this. Switch the cmake invocations to -DWITH_SSL=1
(the variable cmake actually reads) and drop the obsolete
DISABLE_OPT WITH_SSL entries since WITH_SSL is no longer a config.sh
option.

Display More

**abu baniaz** · Apr 26th 2026

11957

cscrypt: fix DES symbol collision in mdc2 header when WITH_SSL is on

https://git.streamboard.tv/common/oscam/-/commit/fb4a8929c0e4af088f81211157c708b87396d6c7

Code

Including <openssl/des.h> from cscrypt/mdc2.h pulled OpenSSL's DES
backward-compatibility macros (e.g. des_ecb_encrypt -> DES_ecb_encrypt
with different argument counts) into every translation unit that uses
mdc2.h. tests.c includes both mdc2.h and cscrypt/des.h, which made the
test build fail with 'macro requires N arguments, but only M given'
errors on toolchains shipping OpenSSL 1.0.x.


The header only needed DES_cblock for two MDC2_CTX struct fields, both
of which are simply 8-byte buffers. Replace them with unsigned char[8]
and move the OpenSSL include (and the local DES typedef fallback) into
mdc2.c, where the DES API is actually used.

Display More

**abu baniaz** · Apr 26th 2026

11958

webif: include WITH_SSL in is_defined.txt when USE_SSL flag is set

https://git.streamboard.tv/common/oscam/-/commit/b324f994d05b3d807ebe87e1d077509e2df8b0b1

Code

The webif template generator filters template blocks based on
webif/is_defined.txt, which config.sh's write_enabled() builds. With
WITH_SSL no longer in the addons list, it was never written to that
file even when USE_SSL=1 is passed to make (or -DWITH_SSL=1 to cmake,
which propagates as USE_SSL via --use-flags).


Effect: the SSL Settings block on the WebIf config page disappeared.


Mirror the existing USE_PCSC -&gt; CARDREADER_PCSC handling and emit
WITH_SSL when USE_SSL is in USE_FLAGS.

Display More

**kalkan99** · May 7th 2026

Changeset 11959-11a966f7

07.05.2026

oscam-chk: remove unused loop counter nr in CS_CACHEEX_AIO sid-check functions

GCC 16.1 warns about nr being set but never read (-Wunused-but-set-variable).

The counter was only incremented in the for-clause but its value was never

consumed, so it is dropped entirely.

thanks WXbet

**abu baniaz** · May 18th 2026

11960

webif: drop unused loop counter in pages_gen.c

https://git.streamboard.tv/common/oscam/-/commit/d9e40e77b0694ab50a7ee40b63093ed796226419

Code

GCC >= 9 -Wunused-but-set-variable flags the 'i' counter in the
strtok_r dependency loop — only incremented, never read. The two
strtok_r() calls already drive the iteration via the ptr return,
so the counter is dead weight.

**dreams@t** · May 22nd 2026

Changeset 11961- 5b6fa7ad

-Webet: fix mismatched HTML tags in reader ans config templates

Thx WXbet

**kalkan99** · 2026-06-05T15:52:58+01:00

Changeset 11963-73ff45f6

05.06.2026

fix(net): make cs_inet_ntoa thread-safe and IPv6-safe at call sites

* Document cs_inet_ntoa startup-only init guard

Clarify that inet_ntoa_key_initialized is set during single-threaded

startup and is only a misuse guard, not synchronization for lazy

runtime initialization.

* oscam-net: move cs_inet_ntoa TLS init to startup

Initialize the cs_inet_ntoa TLS key from main() instead of using

pthread_once in the hot path.

Also harden the new startup-based initialization by making

cs_inet_ntoa_init() idempotent, failing fast on use-before-init or

TLS setup failures, and returning the writable buffer on inet_ntop

errors instead of a string literal.

* fix(net): make cs_inet_ntoa thread-safe and IPv6-safe at call sites

The existing cs_inet_ntoa() implementation was not thread-safe:

- with IPV6SUPPORT it returned a single static buffer

- without IPV6SUPPORT it returned inet_ntoa(), which also uses shared static storage

That meant concurrent calls from different threads could overwrite each

other's result. A review comment suggested locking around all callers, but

that would be fragile and easy to miss given the large number of call sites.

This change fixes the problem centrally in cs_inet_ntoa() by replacing the

shared storage with per-thread rotating buffers stored via pthread TLS.

That keeps the existing API intact while making concurrent callers safe.

Changes included:

- add pthread_once/pthread_key based TLS storage for cs_inet_ntoa()

- use a small rotating per-thread buffer set so multiple calls in one

expression/thread can coexist briefly

- replace the IPv4 inet_ntoa() path with inet_ntop(AF_INET, ...)

- handle TLS setup/allocation failure safely by returning an empty string

instead of risking writes through invalid storage

- clear/check inet_ntop() output so failed conversions do not leak stale

data from a reused slot

In addition, clean up several callers and builders that assumed IPv4-sized

address strings:

- widen temporary IP buffers to INET6_ADDRSTRLEN in oscam-client.c,

oscam-cache.c, and oscam-ecm.c

- enlarge the disconnect log buffer in oscam-client.c

- update mk_t_iprange() sizing in oscam-conf-mk.c so serialized ranges have

enough room for full IPv6 addresses

Behavioral notes:

- no caller API changes are required

- cs_inet_ntoa() still returns temporary storage and callers should still

copy the string if they need to keep it

- logs/WebIf/config serialization may now contain full IPv6 addresses where

output was previously truncated or racy

thanks tem_invictus

OsCam Changelogs

Your resource for OSCam softcam

Participate now!

Share

Tags

Users Viewing This Thread