Sync from SUSE:ALP:Source:Standard:1.0 opensc revision 44cfccffcc89eb0cf825a46a41ddc7d4
This commit is contained in:
commit
3699ef7348
23
.gitattributes
vendored
Normal file
23
.gitattributes
vendored
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
## Default LFS
|
||||||
|
*.7z filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.bsp filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.bz2 filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.gem filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.gz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.jar filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.lz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.lzma filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.obscpio filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.oxt filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.pdf filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.png filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.rpm filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tbz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tbz2 filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tgz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.ttf filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.txz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.whl filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.xz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.zip filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.zst filter=lfs diff=lfs merge=lfs -text
|
5
baselibs.conf
Normal file
5
baselibs.conf
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
opensc
|
||||||
|
+/usr/lib(64)?/*.la
|
||||||
|
+/usr/lib(64)?/*.so*
|
||||||
|
+/usr/lib(64)?/pkcs11/*.so
|
||||||
|
requires "opensc = <version>"
|
BIN
opensc-0.24.0.tar.gz
(Stored with Git LFS)
Normal file
BIN
opensc-0.24.0.tar.gz
(Stored with Git LFS)
Normal file
Binary file not shown.
31
opensc-gcc11.patch
Normal file
31
opensc-gcc11.patch
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
diff --git a/src/tools/opensc-explorer.c b/src/tools/opensc-explorer.c
|
||||||
|
index 41e620a..57f8a79 100644
|
||||||
|
--- a/src/tools/opensc-explorer.c
|
||||||
|
+++ b/src/tools/opensc-explorer.c
|
||||||
|
@@ -1839,6 +1839,12 @@ static int do_apdu(int argc, char **argv)
|
||||||
|
if (argc < 1)
|
||||||
|
return usage(do_apdu);
|
||||||
|
|
||||||
|
+ /* gcc-11 complains about BUF potentially being used without being
|
||||||
|
+ initialized. I can't convince myself that the calls to
|
||||||
|
+ parse_string_or_hexdata will fully initialize it, so we just
|
||||||
|
+ initialize it here. */
|
||||||
|
+ memset (buf, 0, sizeof (buf));
|
||||||
|
+
|
||||||
|
/* loop over the args and parse them, making sure the result fits into buf[] */
|
||||||
|
for (i = 0, len = 0; i < (unsigned) argc && len < sizeof(buf); i++) {
|
||||||
|
size_t len0 = sizeof(buf) - len;
|
||||||
|
commit 1680b3a1fb15319e41dbe3214ef8c4a4c215d529
|
||||||
|
Author: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Date: Tue Feb 23 19:57:02 2021 +0100
|
||||||
|
|
||||||
|
Fix build on gcc11
|
||||||
|
|
||||||
|
This made most of the applications crashing in Fedora 34 when
|
||||||
|
smart card was plugged in.
|
||||||
|
|
||||||
|
The suggested patch makes the code path more obvious for gcc to
|
||||||
|
handle.
|
||||||
|
|
||||||
|
https://bugzilla.redhat.com/show_bug.cgi?id=1930652
|
||||||
|
|
3
opensc-rpmlintrc
Normal file
3
opensc-rpmlintrc
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
# There is no devel package any more.
|
||||||
|
addFilter("obsolete-not-provided")
|
||||||
|
addFilter("devel-file-in-non-devel-package")
|
904
opensc.changes
Normal file
904
opensc.changes
Normal file
@ -0,0 +1,904 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Dec 13 12:27:34 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>
|
||||||
|
|
||||||
|
- Update to OpenSC 0.24.0:
|
||||||
|
* Security
|
||||||
|
- CVE-2023-40660: Fix Potential PIN bypass
|
||||||
|
(#2806, frankmorgner/OpenSCToken#50, #2807)
|
||||||
|
- CVE-2023-40661: Important dynamic analyzers reports
|
||||||
|
- CVE-2023-4535: Out-of-bounds read in MyEID driver handling encryption
|
||||||
|
using symmetric keys (f1993dc)
|
||||||
|
* General improvements
|
||||||
|
- Fix compatibility of EAC with OpenSSL 3.0 (#2674)
|
||||||
|
- Enable use_file_cache by default (#2501)
|
||||||
|
- Use custom libctx with OpenSSL >= 3.0 (#2712, #2715)
|
||||||
|
- Fix record-based files (#2604)
|
||||||
|
- Fix several race conditions (#2735)
|
||||||
|
- Run tests under Valgrind (#2756)
|
||||||
|
- Test signing of data bigger than 512 bytes (#2789)
|
||||||
|
- Update to OpenPACE 1.1.3 (#2796)
|
||||||
|
- Implement logout for some of the card drivers (#2807)
|
||||||
|
- Fix wrong popup position of opensc-notify (#2901)
|
||||||
|
- Fixed various issues reported by OSS-Fuzz and Coverity regarding card
|
||||||
|
drivers, PKCS#11 and PKCS#15 init
|
||||||
|
* PKCS#11
|
||||||
|
- Check card presence state in C_GetSessionInfo (#2740)
|
||||||
|
- Remove onepin-opensc-pkcs11 module (#2681)
|
||||||
|
- Do not use colons in the token info label (#2760)
|
||||||
|
- Present profile objects in all slots with the CKA_TOKEN attribute to
|
||||||
|
resolve issues with NSS (#2928, #2924)
|
||||||
|
- Use secure memory for PUK (#2906)
|
||||||
|
- Don't logout to preserve concurrent access from different processes
|
||||||
|
(#2907)
|
||||||
|
- Add more examples to manual page (#2936)
|
||||||
|
- Present profile objects in all virtual slots (#2928)
|
||||||
|
- Provide CKA_TOKEN attribute for profile objects (#2924)
|
||||||
|
- Improve --slot parameter documentation (#2951)
|
||||||
|
* PKCS#15
|
||||||
|
- Honor cache offsets when writing file cache (#2858)
|
||||||
|
- Prevent needless amount of PIN prompts from pkcs15init layer (#2916)
|
||||||
|
- Propagate CKA_EXTRACTABLE and SC_PKCS15_PRKEY_ACCESS_SENSITIVE from and
|
||||||
|
back to PKCS#11 (#2936)
|
||||||
|
* Minidriver
|
||||||
|
- Fix for private keys that do not need a PIN (#2722)
|
||||||
|
- Unbreak decipher when the first null byte of PKCS#1.5 padding is
|
||||||
|
missing (#2939*
|
||||||
|
* pkcs11-tool
|
||||||
|
- Fix RSA key import with OpenSSL 3.0 (#2656)
|
||||||
|
- Add support for attribute filtering when listing objects (#2687)
|
||||||
|
- Add support for --private flag when writing certificates (#2768)
|
||||||
|
- Add support for non-AEAD ciphers to the test mode (#2780)
|
||||||
|
- Show CKA_SIGN attribute for secret keys (#2862)
|
||||||
|
- Do not attempt to read CKA_ALWAYS_AUTHENTICATE on secret keys
|
||||||
|
(#2864, #2913)
|
||||||
|
- Show Sign/VerifyRecover attributes (#2888)
|
||||||
|
- Add option to import generic keys (#2955)
|
||||||
|
* westcos-tool
|
||||||
|
- Generate 2k RSA keys by default (b53fc5c)
|
||||||
|
* pkcs11-register
|
||||||
|
- Disable autostart on Linux by default (#2680)
|
||||||
|
* IDPrime
|
||||||
|
- Add support for IDPrime MD 830, 930 and 940 (#2666)
|
||||||
|
- Add support for SafeNet eToken 5110 token (#2812)
|
||||||
|
- Process index even without keyrefmap and use correct label for second
|
||||||
|
PIN (#2878)
|
||||||
|
- Add support for Gemalto IDPrime 940C (#2941)
|
||||||
|
* EPass2003
|
||||||
|
- Change of PIN requires verification of the PIN (#2759)
|
||||||
|
- Fix incorrect CMAC computation for subkeys (#2759, issue #2734)
|
||||||
|
- Use true random number for mutual authentication for SM (#2766)
|
||||||
|
- Add verification of data coming from the token in the secure messaging
|
||||||
|
mode (#2772)
|
||||||
|
- Avoid success when using unsupported digest and fix data length for RAW
|
||||||
|
ECDSA signatures (#2845)
|
||||||
|
* OpenPGP
|
||||||
|
- Fix select data command (#2753, issue #2752)
|
||||||
|
- Unbreak ed/curve25519 support (#2892)
|
||||||
|
* eOI
|
||||||
|
- Add support for Slovenian eID card (eOI) (#2646)
|
||||||
|
* Italian CNS
|
||||||
|
- Add support for IDEMIA (Oberthur) tokens (#2483)
|
||||||
|
* PIV
|
||||||
|
- Add support for Swissbit iShield FIDO2 Authenticator (#2671)
|
||||||
|
- Implement PIV secure messaging (#2053)
|
||||||
|
* SkeID
|
||||||
|
- Add support for Slovak eID cards (#2672)
|
||||||
|
* isoApplet
|
||||||
|
- Support ECDSA with off-card hashing (#2642)
|
||||||
|
* MyEID
|
||||||
|
- Fix WRAP operation when using T0 (#2695)
|
||||||
|
- Identify changes on the card and enable use_file_cache (#2798)
|
||||||
|
- Workaround for unwrapping using 2K RSA key (#2921)
|
||||||
|
* SC-HSM
|
||||||
|
- Add support for opensc-tool --serial (#2675)
|
||||||
|
- Fix unwrapping of 4096 keys with handling reader limits (#2682)
|
||||||
|
- Indicate supported hashes and MGF1s (#2827)
|
||||||
|
- Remove patches:
|
||||||
|
* opensc-CVE-2023-40660-1of2.patch
|
||||||
|
* opensc-CVE-2023-40660-2of2.patch
|
||||||
|
* opensc-CVE-2023-40661-1of12.patch
|
||||||
|
* opensc-CVE-2023-40661-2of12.patch
|
||||||
|
* opensc-CVE-2023-40661-3of12.patch
|
||||||
|
* opensc-CVE-2023-40661-4of12.patch
|
||||||
|
* opensc-CVE-2023-40661-5of12.patch
|
||||||
|
* opensc-CVE-2023-40661-6of12.patch
|
||||||
|
* opensc-CVE-2023-40661-7of12.patch
|
||||||
|
* opensc-CVE-2023-40661-8of12.patch
|
||||||
|
* opensc-CVE-2023-40661-9of12.patch
|
||||||
|
* opensc-CVE-2023-40661-10of12.patch
|
||||||
|
* opensc-CVE-2023-40661-11of12.patch
|
||||||
|
* opensc-CVE-2023-40661-12of12.patch
|
||||||
|
* opensc-CVE-2023-4535.patch
|
||||||
|
* opensc-CVE-2023-2977.patch
|
||||||
|
* opensc-NULL_pointer_fix.patch
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Oct 6 06:49:24 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>
|
||||||
|
|
||||||
|
- Security Fix: [CVE-2023-40661, bsc#1215761]
|
||||||
|
* opensc: multiple memory issues with pkcs15-init (enrollment tool)
|
||||||
|
* Add patches:
|
||||||
|
- opensc-CVE-2023-40661-1of12.patch
|
||||||
|
- opensc-CVE-2023-40661-2of12.patch
|
||||||
|
- opensc-CVE-2023-40661-3of12.patch
|
||||||
|
- opensc-CVE-2023-40661-4of12.patch
|
||||||
|
- opensc-CVE-2023-40661-5of12.patch
|
||||||
|
- opensc-CVE-2023-40661-6of12.patch
|
||||||
|
- opensc-CVE-2023-40661-7of12.patch
|
||||||
|
- opensc-CVE-2023-40661-8of12.patch
|
||||||
|
- opensc-CVE-2023-40661-9of12.patch
|
||||||
|
- opensc-CVE-2023-40661-10of12.patch
|
||||||
|
- opensc-CVE-2023-40661-11of12.patch
|
||||||
|
- opensc-CVE-2023-40661-12of12.patch
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Oct 5 13:45:16 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>
|
||||||
|
|
||||||
|
- Security Fix: [CVE-2023-4535, bsc#1215763]
|
||||||
|
* Add patches:
|
||||||
|
- opensc-CVE-2023-4535.patch
|
||||||
|
- opensc-NULL_pointer_fix.patch
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Oct 4 13:26:11 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>
|
||||||
|
|
||||||
|
- Security Fix: [CVE-2023-40660, bsc#1215762]
|
||||||
|
* opensc: PIN bypass when card tracks its own login state
|
||||||
|
* Add patches:
|
||||||
|
- opensc-CVE-2023-40660-1of2.patch
|
||||||
|
- opensc-CVE-2023-40660-2of2.patch
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jun 1 12:55:19 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>
|
||||||
|
|
||||||
|
- Security Fix: [CVE-2023-2977, bsc#1211894]
|
||||||
|
* opensc: out of bounds read in pkcs15 cardos_have_verifyrc_package()
|
||||||
|
* Add opensc-CVE-2023-2977.patch
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Nov 29 17:52:46 UTC 2022 - Michael Ströder <michael@stroeder.com>
|
||||||
|
|
||||||
|
- Update to OpenSC 0.23.0:
|
||||||
|
* General improvements
|
||||||
|
- Support signing of data with a length of more than 512 bytes (#2314)
|
||||||
|
- By default, disable support for old card drivers (#2391) and remove
|
||||||
|
support for old drivers MioCOS and JCOP (#2374)
|
||||||
|
- Bump minimal required OpenSSL version to 1.1.1 and add support for OpenSSL 3.0 (#2438, #2506)
|
||||||
|
- Compatibility with LibreSSL (#2495, #2595)
|
||||||
|
- Remove support for DSA (#2503)
|
||||||
|
- Extend p11test to support symmetric keys (#2430)
|
||||||
|
- Notice detached reader on macOS (#2418)
|
||||||
|
- Support for OAEP padding (#2475, #2484)
|
||||||
|
- Fix for PSS salt length (#2478)
|
||||||
|
- Improve fuzzing by adding new tests (#2417, #2500, #2520, #2550, #2637)
|
||||||
|
- Fixed various issues reported by OSS-Fuzz and Coverity regarding
|
||||||
|
card drivers, PKCS#11 and PKCS#15 init
|
||||||
|
- Fix issues with OpenPACE (#2472)
|
||||||
|
- Containers support for local testing
|
||||||
|
- Add support for encryption and decryption using symmetric keys (#2473, #2607)
|
||||||
|
- Stop building support for Gost algorithms with OpenSSL 3.0 as they
|
||||||
|
require deprecated API (#2586)
|
||||||
|
- Fix detection of disconnected readers in PCSC (#2600)
|
||||||
|
- Add configuration option for on-disk caching of private data (#2588)
|
||||||
|
- Skip building empty binaries when dependencies are missing and
|
||||||
|
remove needless linking (#2617)
|
||||||
|
- Define arm64 as a supported architecture in the Installer package (#2610)
|
||||||
|
* PKCS#11
|
||||||
|
- Implement C_CreateObject for EC keys and fix signature verification
|
||||||
|
for CKM_ECDSA_SHAx cards (#2420)
|
||||||
|
* pkcs11-tool
|
||||||
|
- Add more elliptic curves (#2301)
|
||||||
|
- Add support for symmetric encrypt and decrypt, wrap and unwrap operations,
|
||||||
|
and initialization vector (#2268)
|
||||||
|
- Fix consistent handling of secret key attributes (#2497)
|
||||||
|
- Add support for signing and verifying with HMAC (#2385)
|
||||||
|
- Add support for SHA3 (#2467)
|
||||||
|
- Make object selectable via label (#2570)
|
||||||
|
- Do not require an R/W session for some operations and
|
||||||
|
add --session-rw option (#2579)
|
||||||
|
- Print more information: CKA_UNIQUE_ID attribute, SHA3 HMACs and
|
||||||
|
serial number for certificates (#2644, #2643, #2641)
|
||||||
|
- Add new option --undestroyable to create keys with CKA_DESTROYABLE=FALSE (#2645)
|
||||||
|
* sc-hsm-tool
|
||||||
|
- Add options for public key authentication (#2301)
|
||||||
|
* Minidriver
|
||||||
|
- Fix reinit of the card (#2525)
|
||||||
|
- Add an entry for Italian CNS (e) (#2548)
|
||||||
|
- Fix detection of ECC mechanisms (#2523)
|
||||||
|
- Fix ATRs before adding them to the windows registry (#2628)
|
||||||
|
* NQ-Applet
|
||||||
|
- Add support for the JCOP4 Cards with NQ-Applet (#2425)
|
||||||
|
* ItaCNS
|
||||||
|
- Add support for ItaCMS v1.1 (key length 2048) (#2371)
|
||||||
|
* Belpic
|
||||||
|
- Add support for applet v1.8 (#2455)
|
||||||
|
* Starcos
|
||||||
|
- Add ATR for V3.4 (#2464)
|
||||||
|
- Add PKCS#15 emulator for 3.x cards with eSign app (#2544)
|
||||||
|
* ePass2003
|
||||||
|
- Fix PKCS#15 initialization (#2403)
|
||||||
|
- Add support for FIPS (#2543)
|
||||||
|
- Fix matching with newer versions and tokens initialized with OpenSC (#2575)
|
||||||
|
* MyEID
|
||||||
|
- Support logout operation (#2557)
|
||||||
|
- Support for symmetric encryption and decryption (#2473, #2607)
|
||||||
|
* GIDS
|
||||||
|
- Fix decipher for TPM (#1881)
|
||||||
|
* OpenPGP
|
||||||
|
- Get the list of supported algorithms from algorithm information
|
||||||
|
on the card (#2287)
|
||||||
|
- Support for 3 certificates with OpenPGP 3+ (#2103)
|
||||||
|
* nPA
|
||||||
|
- Fix card detection (#2463)
|
||||||
|
* Rutoken
|
||||||
|
- Fix formatting rtecp cards (#2599)
|
||||||
|
* PIV
|
||||||
|
- Add new PIVKey ATRs for current cards (#2602)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Oct 4 12:59:24 UTC 2021 - Daniel Donisa <daniel.donisa@suse.com>
|
||||||
|
|
||||||
|
- Update to OpenSC 0.22.0:
|
||||||
|
* Removed changes in opensc-gcc11.patch already present in upstream.
|
||||||
|
- See https://github.com/OpenSC/OpenSC/pull/2241/commits/e549e9c62eb4fcd2260800e2665071e4dd9bbbda
|
||||||
|
* Removed some false positives from the openrc-rpmlintrc file.
|
||||||
|
* Use standard paths for file cache on Linux (#2148) and OSX (#2214)
|
||||||
|
* Various issues of memory/buffer handling in legacy drivers mostly reported by oss-fuzz and coverity (tcos, oberthur, isoapplet, iasecc, westcos, gpk, flex, dnie, mcrd, authentic, belpic)
|
||||||
|
* Add threading test to `pkcs11-tool` (#2067)
|
||||||
|
* Add support to generate generic secret keys (#2140)
|
||||||
|
* `opensc-explorer`: Print information about LCS (Life cycle status byte) (#2195)
|
||||||
|
* Add support for Apple's arm64 (M1) binaries, removed TokenD. A seperate installer with TokenD (and without arm64 binaries) will be available (#2179).
|
||||||
|
* Support for gcc11 and its new strict aliasing rules (#2241, #2260)
|
||||||
|
* Initial support for building with OpenSSL 3.0 (#2343)
|
||||||
|
* pkcs15-tool: Write data objects in binary mode (#2324)
|
||||||
|
* Avoid limited size of log messages (#2352)
|
||||||
|
* Support for ECDSA verification (#2211)
|
||||||
|
* Support for ECDSA with different SHA hashes (#2190)
|
||||||
|
* Prevent issues in p11-kit by not returning unexpected return codes (#2207)
|
||||||
|
* Add support for PKCS#11 3.0: The new interfaces, profile objects and functions (#2096, #2293)
|
||||||
|
* Standardize the version 2 on 2.20 in the code (#2096)
|
||||||
|
* Fix CKA_MODIFIABLE and CKA_EXTRACTABLE (#2176)
|
||||||
|
* Copy arguments of C_Initialize (#2350)
|
||||||
|
* Fix RSA-PSS signing (#2234)
|
||||||
|
* Fix DO deletion (#2215)
|
||||||
|
* Add support for (X)EdDSA keys (#1960)
|
||||||
|
* Add support for applet version 3 and fix RSA-PSS mechanisms (#2205)
|
||||||
|
* Add support for applet version 4 (#2332)
|
||||||
|
* New configuration option for opensc.conf to disable pkcs1_padding (#2193)
|
||||||
|
* Add support for ECDSA with different hashes (#2190)
|
||||||
|
* Enable more mechanisms (#2178)
|
||||||
|
* Fixed asking for a user pin when formatting a card (#1737)
|
||||||
|
* Added support for French CPx Healthcare cards (#2217)
|
||||||
|
* Added ATR for new CardOS 5.4 version (#2296)
|
||||||
|
* Fixes security issues:
|
||||||
|
* tcos: use after return (bsc#1192005, CVE-2021-42780)
|
||||||
|
* oberthur: use after free (bsc#1191992, CVE-2021-42779)
|
||||||
|
* oberthur: multiple heap buffer overflows (bsc#1192000,
|
||||||
|
CVE-2021-42781)
|
||||||
|
* multiple stack buffer overflow issues (bsc#1191957,
|
||||||
|
CVE-2021-42782)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Sun Jun 27 16:48:49 UTC 2021 - Predrag Ivanović <predivan@mts.rs>
|
||||||
|
|
||||||
|
- Fix build on GCC11
|
||||||
|
* Add opensc-gcc11.patch from Fedora
|
||||||
|
(https://github.com/OpenSC/OpenSC/pull/2241/)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Mar 12 22:58:46 UTC 2021 - Dirk Müller <dmueller@suse.com>
|
||||||
|
|
||||||
|
- move licenses to licensedir
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Nov 27 19:27:30 UTC 2020 - Andreas Stieger <andreas.stieger@gmx.de>
|
||||||
|
|
||||||
|
- OpenSC 0.21.0:
|
||||||
|
* CVE-2020-26571: stack-based buffer overflow in the gemsafe GPK
|
||||||
|
smart card software driver (boo#1177380)
|
||||||
|
* CVE-2020-26572: stack-based buffer overflow in the TCOS smart
|
||||||
|
card software driver (boo#1177378)
|
||||||
|
* CVE-2020-26570: heap-based buffer overflow in the Oberthur
|
||||||
|
smart card software driver (boo#1177364)
|
||||||
|
* CardOS 5.x support boo#1179291
|
||||||
|
* Support for OAEP encryption, make SHA256 default
|
||||||
|
* New separate debug level for PIN commands
|
||||||
|
* Fix handling of card/reader insertion/removal events in pcscd
|
||||||
|
* Fixes of removed readers handling
|
||||||
|
* Fix Firefox crash because of invalid pcsc context
|
||||||
|
* PKCS#11: Return CKR_TOKEN_NOT_RECOGNIZED for not recognized cards
|
||||||
|
* Propagate ignore_user_content to PKCS#11 layer not to confuse applications
|
||||||
|
* Minidriver: Fix check of ATR length (2-to 33 characters inclusive)
|
||||||
|
* pkcs11-tool: allow using SW tokens
|
||||||
|
* opensc-explorer asn1 accepts offsets and decode records
|
||||||
|
* opensc-explorer cat accepts records
|
||||||
|
* OpenPGP: Add new ec curves supported by GNUK
|
||||||
|
* First steps supporting OpenPGP 3.4
|
||||||
|
* OpenPGP: Add support for EC key import
|
||||||
|
* Rutoken: Add ATR for Rutoken ECP SC NFC
|
||||||
|
* Improve detection of various CardOS 5 configurations
|
||||||
|
* DNIe: Add new DNIe CA structure for the secure channel
|
||||||
|
* ePass2003: Improve ECC support
|
||||||
|
* ePass2003: Fix erase sequence
|
||||||
|
* IAS-ECC: Fix support for Idemia Cosmo cards
|
||||||
|
* IAS-ECC: PIN padding settings are now used from PKCS#15 info when available
|
||||||
|
* IAS-ECC: Added PIN-pad support for PIN unblock
|
||||||
|
* New driver for Gemalto IDPrime (only some types)
|
||||||
|
* eDo: New driver with initial support for Polish eID card (e-dowód, eDO)
|
||||||
|
* MCRD: Remove unused and broken RSA EstEID support
|
||||||
|
* TCOS: Add missing encryption certificates
|
||||||
|
* PIV: Add ATR of DOD Yubikey
|
||||||
|
* fixed PIV global pin bug
|
||||||
|
* CAC1: Support changing PIN with CAC Alt tokens
|
||||||
|
- includes changes from 0.20.0
|
||||||
|
* CVE-2019-6502: memory leak in libopensc (boo#1122756)
|
||||||
|
* CVE-2019-15946: out-of-bounds access of an ASN.1 Octet string (boo#1149747)
|
||||||
|
* CVE-2019-15945: out-of-bounds access of an ASN.1 Bitstring (boo#1149746)
|
||||||
|
* CVE-2019-19479: incorrect read operation during parsing of a SETCOS file attribute (boo#1158256)
|
||||||
|
* CVE-2019-19480: improper free operation in sc_pkcs15_decode_prkdf_entry (boo#1158307)
|
||||||
|
* CVE-2019-20792: double free in coolkey_free_private_dat (bsc#1170809)
|
||||||
|
* Support RSA-PSS signature mechanisms using RSA-RAW
|
||||||
|
* Added memory locking for secrets
|
||||||
|
* added support for terminal colors
|
||||||
|
* PC/SC driver: Fixed error handling in case of changing or removing the card reader
|
||||||
|
* rename md_read_only to read_only and use it for PKCS#11 and Minidriver
|
||||||
|
* allow global use of ignore_private_certificate
|
||||||
|
* PKCS#11: Implement write protection (CKF_WRITE_PROTECTED) based on the card profile
|
||||||
|
* PKCS#11: Add C_WrapKey and C_UnwrapKey implementations
|
||||||
|
* PKCS#11: Handle CKA_ALWAYS_AUTHENTICATE when creating key objects
|
||||||
|
* PKCS#11: Truncate long PKCS#11 labels with ...
|
||||||
|
* PKCS#11: Fixed recognition of a token when being unplugged and reinserted
|
||||||
|
* Minidriver: Register for CardOS5 cards
|
||||||
|
* Minidriver: Add support for RSA-PSS
|
||||||
|
* tools: Harmonize the use of option -r/--reader
|
||||||
|
* goid-tool: GoID personalization with fingerprint
|
||||||
|
* openpgp-tool: replace the options -L/--key-length with -t/--key-type
|
||||||
|
* openpgp-tool: add options -C/--card-info and -K/--key-info
|
||||||
|
* opensc-explorer: add command pin_info, extend random
|
||||||
|
* pkcs11-register: Auto-configuration of applications for use of OpenSC PKCS#11
|
||||||
|
* pkcd11-register: Autostart
|
||||||
|
* opensc-tool: Show ATR also for cards not recognized by OpenSC
|
||||||
|
* pkcs11-spy: parse CKM_AES_GCM, EC Derive parameters
|
||||||
|
* pkcs11-spy: Add support for CKA_OTP_* and CKM_*_PSS values
|
||||||
|
* pkcs11-tool: Support for signature verification via --verify
|
||||||
|
* pkcs11-tool: Add object type secrkey for --type option
|
||||||
|
* pkcs11-tool: Implement Secret Key write object
|
||||||
|
* pkcs11-tool: Add GOSTR3410-2012 support
|
||||||
|
* pkcs11-tool: Add support for testing CKM_RSA_PKCS_OAEP
|
||||||
|
* pkcs11-tool: Add extractable option to key import
|
||||||
|
* pkcs11-tool: list more key access flags when listing keys
|
||||||
|
* pkcs11-tool: Add support for CKA_ALLOWED_MECHANISMS when creating new objects and listing keys
|
||||||
|
* pkcs15-crypt: *Handle keys with user consent
|
||||||
|
* New separate CAC1 driver using the old CAC specification (#1502)
|
||||||
|
* CardOS: Add support for 4K RSA keys in CardOS 5
|
||||||
|
* CardOS: Fixed decryption with CardOS 5
|
||||||
|
* Enable CoolKey driver to handle 2048-bit keys
|
||||||
|
* EstEID: add support for a minimalistic, small and fast card profile based on IAS-ECC issued since December 2018
|
||||||
|
* GIDS Decipher fix (#1881)
|
||||||
|
* GIDS: Allow RSA 4K support
|
||||||
|
* MICARDO: Remove long expired EstEID 1.0/1.1 card support
|
||||||
|
* MyEID: Add support for unwrapping a secret key with an RSA key or secret key
|
||||||
|
* MyEID Add support for wrapping a secret key with a secret key
|
||||||
|
* Support for MyEID 4K RSA
|
||||||
|
* Support for OsEID
|
||||||
|
* Gemalto GemSafe: add new PTeID ATRs, add support for 4K RSA keys
|
||||||
|
* OpenPGP Card v3 ECC support
|
||||||
|
* Add Rutoken ECP SC
|
||||||
|
* Add Rutoken Lite
|
||||||
|
* Add SmartCard-HSM 4K ATR
|
||||||
|
* Add missing secp384r1 curve parameter
|
||||||
|
* Stacros: Fix decipher with 2.3
|
||||||
|
* Stacros: Add ATR for 2nd gen. eGK
|
||||||
|
* Stacros: Add new ATR for 3.5
|
||||||
|
* Stacros: Detect and allow Globalplatform PIN encoding
|
||||||
|
* Fix TCOS IDKey support
|
||||||
|
* TCOS: add encryption certificate for IDKey
|
||||||
|
* Infocamere, Postecert, Cnipa: Remove profiles
|
||||||
|
* Remove incomplete acos5 driver
|
||||||
|
- drop patches now upstream:
|
||||||
|
* opensc-0.19.0-piv_card_matching.patch
|
||||||
|
* opensc-0.19.0-redundant_logging.patch
|
||||||
|
* opensc-0.19.0-rsa-pss.patch
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Sun Aug 18 01:35:45 UTC 2019 - Jason Sikes <jsikes@suse.com>
|
||||||
|
|
||||||
|
- added opensc-0.19.0-piv_card_matching.patch
|
||||||
|
* Improve Card Matching for Dual CAC/PIV and PIVKEY cards.
|
||||||
|
* sourced from https://github.com/OpenSC/OpenSC/pull/1549
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Jul 30 03:15:14 UTC 2019 - Jason Sikes <jsikes@suse.de>
|
||||||
|
|
||||||
|
- added opensc-0.19.0-rsa-pss.patch
|
||||||
|
* Fixes the pkcs11-tool example
|
||||||
|
* Added missing CKM_SHA224_RSA_PKCS_PSS
|
||||||
|
* Add support for PSS padding to RSA signatures
|
||||||
|
* Support for signature verification in pkcs11-tool
|
||||||
|
* Switch cleanup steps to avoid segfaults on errors and more sanity checking
|
||||||
|
- added opensc-0.19.0-redundant_logging.patch
|
||||||
|
* Remove redundant debug output
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Jul 23 21:51:42 UTC 2019 - Benjamin Greiner <code@bnavigator.de>
|
||||||
|
|
||||||
|
- add explicit BuildRequires: zlib-devel
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Sep 13 13:46:43 UTC 2018 - Karol Babioch <kbabioch@suse.com>
|
||||||
|
|
||||||
|
- Update to version 0.19.0
|
||||||
|
* Fixed multiple security problems (out of bound writes/reads):
|
||||||
|
* bsc#1104812
|
||||||
|
* CVE-2018-16391 (bsc#1106998)
|
||||||
|
* CVE-2018-16392 (bsc#1106999)
|
||||||
|
* CVE-2018-16393 (bsc#1108318)
|
||||||
|
* CVE-2018-16418 (bsc#1107039)
|
||||||
|
* CVE-2018-16419 (bsc#1107107)
|
||||||
|
* CVE-2018-16420 (bsc#1107097)
|
||||||
|
* CVE-2018-16421 (bsc#1107049)
|
||||||
|
* CVE-2018-16422 (bsc#1107038)
|
||||||
|
* CVE-2018-16423 (bsc#1107037)
|
||||||
|
* CVE-2018-16424 (bsc#1107036)
|
||||||
|
* CVE-2018-16425 (bsc#1107035)
|
||||||
|
* CVE-2018-16426 (bsc#1107034)
|
||||||
|
* CVE-2018-16427 (bsc#1107033)
|
||||||
|
* Workaround cards returning short signatures without leading zeroes
|
||||||
|
* Distribute minimal opensc.conf
|
||||||
|
* `pkcs11_enable_InitToken made` global configuration option
|
||||||
|
* Modify behavior of `OPENSC_DRIVER` environment variable to restrict driver
|
||||||
|
list instead of forcing one driver and skipping vital parts of
|
||||||
|
configuration
|
||||||
|
* Removed configuration options `zero_ckaid_for_ca_certs`,
|
||||||
|
`force_card_driver`, `reopen_debug_file`, `paranoid-memory`
|
||||||
|
* Generalized configuration option `ignored_readers`
|
||||||
|
* If card initialization fails, continue card detection with other card
|
||||||
|
drivers
|
||||||
|
* reader-pcsc: allow fixing the length of a PIN
|
||||||
|
* fixed crash during `C_WaitForSlotEvent`
|
||||||
|
* Allow cancelling the PIN pad prompt before starting the reader transaction.
|
||||||
|
Whether to start the transaction immediately or not is user-configurable
|
||||||
|
for each application
|
||||||
|
* opensc-notify
|
||||||
|
* add Exit button to tray icon
|
||||||
|
* User better description (GenericName) and a generic application icon
|
||||||
|
* Do not display in the application list
|
||||||
|
- Removed patches included upstream now:
|
||||||
|
* opensc-desktop.patch
|
||||||
|
* opensc-desktop2.patch
|
||||||
|
* opensc-bash-completions.patch
|
||||||
|
- Applied spec-cleaner
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Jul 10 16:56:28 CEST 2018 - sbrabec@suse.com
|
||||||
|
|
||||||
|
- Update to version 0.18.0:
|
||||||
|
* Further improvements of PIN support.
|
||||||
|
* Large number of improvements and fixes
|
||||||
|
(boo#1097951, boo#1100501).
|
||||||
|
* See /usr/share/doc/packages/opensc/NEWS for complete list.
|
||||||
|
- Add opensc-desktop.patch, opensc-desktop2.patch and
|
||||||
|
opensc-bash-completions.patch.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Jan 1 16:16:13 UTC 2018 - michael@stroeder.com
|
||||||
|
|
||||||
|
- update to version 0.17.0:
|
||||||
|
* support for new cards
|
||||||
|
* PIN support enhancemets
|
||||||
|
* added .pc file
|
||||||
|
* builds with OpenSSL 1.1.0 (1074799)
|
||||||
|
* See /usr/share/doc/packages/opensc/NEWS for complete list.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Jul 18 13:58:05 UTC 2017 - tchvatal@suse.com
|
||||||
|
|
||||||
|
- Switch to tarball fetching from github
|
||||||
|
- Few small cleanups
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Nov 22 16:42:06 CET 2016 - sbrabec@suse.com
|
||||||
|
|
||||||
|
- Add baselibs.conf to provide 32-bit PKCS11 plugins (bsc#996047).
|
||||||
|
- Drop opensc-ADVISORIES. There is no new advisory since 2009.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Jul 5 12:09:24 UTC 2016 - t.gruner@katodev.de
|
||||||
|
|
||||||
|
- update to version 0.16.0
|
||||||
|
- remove fix (issue 505)
|
||||||
|
- clean up spec-file
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jul 30 16:16:19 EEST 2015 - bwachter-pkg@lart.info
|
||||||
|
|
||||||
|
- update to version 0.15.0
|
||||||
|
- register with p11-kit
|
||||||
|
(https://www.opensc-project.org/opensc/ticket/390)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Feb 16 15:14:55 UTC 2015 - michael@stroeder.com
|
||||||
|
|
||||||
|
- update to version 0.14.0
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Dec 3 18:53:23 UTC 2013 - luizluca@tre-sc.gov.br
|
||||||
|
|
||||||
|
- update to version 0.13.0
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Jun 12 21:00:03 UTC 2012 - mgorse@suse.com
|
||||||
|
|
||||||
|
- make needed directories before running make install
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Sep 29 18:26:23 UTC 2011 - lmedinas@opensuse.org
|
||||||
|
- Updated to version 0.12.2:
|
||||||
|
* Builds are now silent by default when OpenSC is built from
|
||||||
|
source on Unix.
|
||||||
|
* Using --wait with command line tools works with 64bit Linux
|
||||||
|
again.
|
||||||
|
* Greatly improved OpenPGP card support, including OpenPGP
|
||||||
|
2.0 cards like the one found in German Privacy Foundation
|
||||||
|
CryptoStick.
|
||||||
|
* Fixed support for FINeID cards issued after 01.03.2011 with
|
||||||
|
2048bit keys.
|
||||||
|
* #256: Fixed support for TCOS cards (broken since 0.12.0).
|
||||||
|
* Added support for IDKey-cards to TCOS3 driver.
|
||||||
|
* #361: Improved PC/SC driver to fetch the maximum PIN sizes
|
||||||
|
from the open source CCID driver. This fixes the issue for
|
||||||
|
Linux/OSX with recent driver.
|
||||||
|
* Fix FINeID cards for organizations.
|
||||||
|
* Several smaller bugs and compiler warnings fixed
|
||||||
|
|
||||||
|
- Updated to version 0.12.1:
|
||||||
|
* IAS-ECC 1.0.1
|
||||||
|
* Support for cards with multiple PKCS#15 applications
|
||||||
|
* New card driver: IAS/ECC 1.0.1
|
||||||
|
* rutoken-tool has been deprecated and removed.
|
||||||
|
* eidenv and piv-tool utilities now have manual pages.
|
||||||
|
* pkcs11-tool now requires the use of --module parameter.
|
||||||
|
* All tools can now use an ATR as an argument to --reader,
|
||||||
|
to skip to the card with given ATR.
|
||||||
|
* opensc-tool -l with -v now shows information about the
|
||||||
|
inserted cards.
|
||||||
|
* Creating files have an enforced upper size limit, 64K
|
||||||
|
* Support for multiple PKCS#15 applications with different
|
||||||
|
AID-s. PKCS#15 applications can be listed with pkcs15-tool
|
||||||
|
--list-applications. Binding to a specific AID with PKCS#15
|
||||||
|
tools can be done with --aid.
|
||||||
|
* Hex strings (like card ATR or APDU-s) can now be separated
|
||||||
|
by space, in addition to colons.
|
||||||
|
* Pinpad readers known to be bogus are now ignored by OpenSC.
|
||||||
|
At the moment only "HP USB Smart Card Keyboard" is disabled.
|
||||||
|
* Numerous compiler warnings, unused code and internal bugs
|
||||||
|
have been eliminated.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Jan 7 14:49:37 CET 2011 - sbrabec@suse.cz
|
||||||
|
|
||||||
|
- Updated to version 0.12.0:
|
||||||
|
* Security fix (bnc#660109, CVE-2010-4523).
|
||||||
|
* Only one backend is supported. openSUSE will use pcsc-lite.
|
||||||
|
* libopensc made private, library should not be used by other
|
||||||
|
applications. Please use generic PKCS#11 interface instead.
|
||||||
|
* Signer plugin discontinued. Please use openssl engine_pkcs11.
|
||||||
|
* No more depends on libassuan.
|
||||||
|
* New card drivers.
|
||||||
|
* Support for CardOS enhanced.
|
||||||
|
* More changes and enhancements.
|
||||||
|
- libopensc merged back to the main package, as it is private now.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Aug 23 14:15:22 CEST 2010 - sbrabec@suse.cz
|
||||||
|
|
||||||
|
- Fixed broken opensc-fix-gcc-warnings.patch (bnc#627619).
|
||||||
|
- Simplified plugin installation.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Apr 13 14:35:32 UTC 2010 - puzel@novell.com
|
||||||
|
|
||||||
|
- update to version 0.11.13
|
||||||
|
* Modify Rutoken S binary interfaces by Aktiv Co.
|
||||||
|
* Muscle driver fixed (acl reading issue)
|
||||||
|
* Many small fixes (e.g. mem leaks)
|
||||||
|
* Compiling with openssl 1.0.0-beta fixed
|
||||||
|
* Document integer problem in OpenSC and implement workaround
|
||||||
|
* Improve entersafe profile to support private data objects
|
||||||
|
- Require pinentry
|
||||||
|
- add opensc-libassuan-2.patch
|
||||||
|
- add opensc-fix-gcc-warnings.patch
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Jan 1 20:07:35 CET 2010 - jengelh@medozas.de
|
||||||
|
|
||||||
|
- package baselibs.conf
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Aug 5 14:59:33 CEST 2009 - sbrabec@suse.cz
|
||||||
|
|
||||||
|
- Updated to version 0.11.9:
|
||||||
|
* New rutoken_ecp driver
|
||||||
|
* Allow more keys/certificates/files etc. with entersafe tokens
|
||||||
|
* Updates pkcs11.h from scute fixing warnings
|
||||||
|
* Small fixes in rutoken driver
|
||||||
|
* Major update for piv driver with increased compatibility
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jul 30 12:45:26 CEST 2009 - sbrabec@suse.cz
|
||||||
|
|
||||||
|
- libopensc2 should not require opensc (bnc#466430).
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu May 7 17:52:06 CEST 2009 - sbrabec@suse.cz
|
||||||
|
|
||||||
|
- Updated to version 0.11.8:
|
||||||
|
* Fix security problem in pkcs11-tool gen_keypair
|
||||||
|
(PublicExponent 1) (bnc#501726)
|
||||||
|
See http://en.opensuse.org/Smart_Cards/Advisories for more.
|
||||||
|
* updated and improve entersafe driver. FTCOS/PK-01C cards are
|
||||||
|
supported now, compatible with cards writen by Feitian's
|
||||||
|
software on windows.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Apr 9 11:32:23 CEST 2009 - sbrabec@suse.cz
|
||||||
|
|
||||||
|
- Fixed undefined code (bnc#440853).
|
||||||
|
- Don't call autoreconf on older products.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Mar 17 18:01:29 CET 2009 - sbrabec@suse.cz
|
||||||
|
|
||||||
|
- Updated to version 0.11.7:
|
||||||
|
* hide_empty_slots now on by default? small logic change?
|
||||||
|
* ruToken driver was updated.
|
||||||
|
* openct virtual readers reduced to 2 by default.
|
||||||
|
* Security issue: Fix private data support. (bnc#480262,
|
||||||
|
CVE-2009-0368)
|
||||||
|
See http://en.opensuse.org/Smart_Cards/Advisories for more.
|
||||||
|
* Enable lock_login by default.
|
||||||
|
* Disable allow_soft_keygen by default.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Dec 10 12:34:56 CET 2008 - olh@suse.de
|
||||||
|
|
||||||
|
- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade
|
||||||
|
(bnc#437293)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Oct 30 12:34:56 CET 2008 - olh@suse.de
|
||||||
|
|
||||||
|
- obsolete old -XXbit packages (bnc#437293)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Sep 10 13:46:44 CEST 2008 - sbrabec@suse.cz
|
||||||
|
|
||||||
|
- Updated to version 0.11.6:
|
||||||
|
* New support for Feitian ePass3000.
|
||||||
|
* GemSafeV1 improved to handle key_ref other than 3.
|
||||||
|
* Build system rewritten.
|
||||||
|
* ruToken now supported.
|
||||||
|
* Allow specifying application name for data objects.
|
||||||
|
* Basic reader hotplug support.
|
||||||
|
* PC/SC library is dynamically linked.
|
||||||
|
* PKCS#11 provider is now installed at LIBDIR/pkcs11.
|
||||||
|
* PKCS#11 - Number of virtual slots moved into configuration.
|
||||||
|
* PKCS#11 - Fix fork() compliance.
|
||||||
|
* make sign_with_decrypt hack configureable for siemens cards.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Sep 1 14:06:17 CEST 2008 - sbrabec@suse.cz
|
||||||
|
|
||||||
|
- Check validity of SSL certificates for all Siemens CardOS M4
|
||||||
|
cards (SCA and SCB are affected as well, bnc#413496#c6).
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jul 31 12:45:11 CEST 2008 - sbrabec@suse.cz
|
||||||
|
|
||||||
|
- Fixed initialization access rights for Siemens CardOS M4, added
|
||||||
|
a security check to pkcs15-tool (bnc#413496, CVE-2008-2235)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de
|
||||||
|
|
||||||
|
- added baselibs.conf file to build xxbit packages
|
||||||
|
for multilib support
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Feb 7 17:12:02 CET 2008 - sbrabec@suse.cz
|
||||||
|
|
||||||
|
- Updated to version 0.11.4:
|
||||||
|
* Browser plugin support
|
||||||
|
* Support Siemens CardOS initialized cards (signing with
|
||||||
|
decryption)
|
||||||
|
* Add Siemens CardOS M4.2B support (experimental)
|
||||||
|
* Support for AKIS cards added (partial)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jul 26 13:40:30 CEST 2007 - sbrabec@suse.cz
|
||||||
|
|
||||||
|
- Updated to version 0.11.3:
|
||||||
|
* make lots of internal functions and variables static.
|
||||||
|
* fix 0 vs NULL in many places. fix ansi c style (void).
|
||||||
|
* avoid variable names used also as glibc function (random etc.).
|
||||||
|
* new code for deleting objects.
|
||||||
|
* special hack for firefox.
|
||||||
|
* suport for Athena APCOS cards added.
|
||||||
|
* piv driver now supports bigger rsa keys too.
|
||||||
|
* enabled pin caching by default.
|
||||||
|
* use max_send_size 255 / max_recv_size 256 bytes by default.
|
||||||
|
* increase pin buffer size to allow longer pin codes.
|
||||||
|
* Added --read-ssk-key option to pkcs15-tool
|
||||||
|
* use pkg-config for finding openct
|
||||||
|
* use strlcpy function
|
||||||
|
* use new pkcs11.h from scute with an open source license
|
||||||
|
* add support for sha2 to pkcs15-crypt
|
||||||
|
* add piv-tool for managing piv cards
|
||||||
|
* add muscle driver
|
||||||
|
* improved oberthur driver
|
||||||
|
* add support for pcsc v2 part10
|
||||||
|
* convert source files to utf-8
|
||||||
|
- Split package according to shared library packaging policy.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Feb 27 12:12:30 CET 2007 - mvaner@suse.cz
|
||||||
|
|
||||||
|
- Fixing dodgy use of sizeof (#238660)
|
||||||
|
- sizeof.patch
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Oct 2 18:49:35 CEST 2006 - sbrabec@suse.cz
|
||||||
|
|
||||||
|
- Updated to version 0.11.1:
|
||||||
|
* Update for piv pkcs#15 emulation
|
||||||
|
* Improved TCOS driver for Uni Giesen Card
|
||||||
|
* Handle size_t printf with "%lu" and (unsigned long) cast
|
||||||
|
* Add support for d-trust cards / improve micardo 2.1 driver
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu May 25 16:13:02 CEST 2006 - sbrabec@suse.cz
|
||||||
|
|
||||||
|
- Fixed build for old SuSE Linux versions.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu May 11 13:00:00 CEST 2006 - sbrabec@suse.cz
|
||||||
|
|
||||||
|
- Fixed devel dependencies.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed May 10 16:58:12 CEST 2006 - sbrabec@suse.cz
|
||||||
|
|
||||||
|
- Updated to version 0.11.0.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jan 25 21:39:06 CET 2006 - mls@suse.de
|
||||||
|
|
||||||
|
- converted neededforbuild to BuildRequires
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jan 5 02:05:11 CET 2006 - ro@suse.de
|
||||||
|
|
||||||
|
- added unpackaged so-links to devel filelist
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Oct 25 15:30:04 CEST 2005 - rhafer@suse.de
|
||||||
|
|
||||||
|
- added LDAP_DEPRECATED to CFLAGS to build correctly with·
|
||||||
|
OpenLDAP 2.3
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Sep 2 12:56:14 CEST 2005 - okir@suse.de
|
||||||
|
|
||||||
|
- Removed +x permissions on opensc.conf (#114849)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jul 14 16:11:56 CEST 2005 - okir@suse.de
|
||||||
|
|
||||||
|
- Updated to latest upstream version
|
||||||
|
- Added missing documentation files (#75425)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Mar 4 11:06:48 CET 2005 - meissner@suse.de
|
||||||
|
|
||||||
|
- fixed gcc4 compilation.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Jan 21 14:43:23 CET 2005 - okir@suse.de
|
||||||
|
|
||||||
|
- Updated to latest upstream version (0.9.4)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Nov 18 15:49:34 CET 2004 - ro@suse.de
|
||||||
|
|
||||||
|
- use kerberos-devel-packages
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Jul 19 14:06:10 CEST 2004 - adrian@suse.de
|
||||||
|
|
||||||
|
- fix file list
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Jul 12 17:26:31 CEST 2004 - adrian@suse.de
|
||||||
|
|
||||||
|
- update to version 0.8.1
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Mar 19 11:10:13 CET 2004 - okir@suse.de
|
||||||
|
|
||||||
|
- Fixed permissions and path names of some include files (#36432)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Jan 16 13:19:16 CET 2004 - kukuk@suse.de
|
||||||
|
|
||||||
|
- Add pam-devel to neededforbuild
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Sat Jan 10 15:47:57 CET 2004 - adrian@suse.de
|
||||||
|
|
||||||
|
- add %run_ldconfig and %defattr
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Aug 4 11:00:27 CEST 2003 - okir@suse.de
|
||||||
|
|
||||||
|
- Build fixes for x86_64/ppc64
|
||||||
|
- use a version string other than "CVS" (#28423)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Aug 1 12:04:29 CEST 2003 - okir@suse.de
|
||||||
|
|
||||||
|
- Updated to most recent upstream snapshot
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jun 12 13:28:31 CEST 2003 - kukuk@suse.de
|
||||||
|
|
||||||
|
- Fix filelist and permissions
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jun 4 00:39:12 CEST 2003 - ro@suse.de
|
||||||
|
|
||||||
|
- added rest of static libs to devel filelist
|
||||||
|
- remove unpackaged files from buildroot
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jan 15 17:34:58 CET 2003 - ro@suse.de
|
||||||
|
|
||||||
|
- use sasl2
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Dec 5 11:22:44 CET 2002 - okir@suse.de
|
||||||
|
|
||||||
|
- fixed x86_64 build problem
|
||||||
|
- updated to latest upstream
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Nov 29 10:01:14 CET 2002 - okir@suse.de
|
||||||
|
|
||||||
|
- updated to current CVS snapshot
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Aug 9 21:35:43 CEST 2002 - okir@suse.de
|
||||||
|
|
||||||
|
- added missing libs to files list
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jul 4 17:48:11 CEST 2002 - ro@suse.de
|
||||||
|
|
||||||
|
- added heimdal-devel to neededforbuild to make libtool happy
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Jun 28 17:34:49 CEST 2002 - schwab@suse.de
|
||||||
|
|
||||||
|
- Fix bootstrap script.
|
||||||
|
- Use correct libtool macros.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon May 27 19:10:07 CEST 2002 - sf@suse.de
|
||||||
|
|
||||||
|
- @libdir@ added to Makefile.am to use correct dirs for
|
||||||
|
*/lib */lib64
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Apr 30 16:05:12 CEST 2002 - okir@suse.de
|
||||||
|
|
||||||
|
- Initial check-in
|
||||||
|
|
8
opensc.module
Normal file
8
opensc.module
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
# This file describes how to load the opensc module
|
||||||
|
# See: http://p11-glue.freedesktop.org/doc/p11-kit/config.html
|
||||||
|
|
||||||
|
# This is a relative path, which means it will be loaded from
|
||||||
|
# the p11-kit default path which is usually $(libdir)/pkcs11.
|
||||||
|
# Doing it this way allows for packagers to package opensc for
|
||||||
|
# 32-bit and 64-bit and make them parallel installable
|
||||||
|
module: onepin-opensc-pkcs11.so
|
104
opensc.spec
Normal file
104
opensc.spec
Normal file
@ -0,0 +1,104 @@
|
|||||||
|
#
|
||||||
|
# spec file for package opensc
|
||||||
|
#
|
||||||
|
# Copyright (c) 2023 SUSE LLC
|
||||||
|
#
|
||||||
|
# All modifications and additions to the file contributed by third parties
|
||||||
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
|
# upon. The license for this file, and modifications and additions to the
|
||||||
|
# file, is the same license as for the pristine package itself (unless the
|
||||||
|
# license for the pristine package is not an Open Source License, in which
|
||||||
|
# case the license is the MIT License). An "Open Source License" is a
|
||||||
|
# license that conforms to the Open Source Definition (Version 1.9)
|
||||||
|
# published by the Open Source Initiative.
|
||||||
|
|
||||||
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||||
|
#
|
||||||
|
|
||||||
|
|
||||||
|
%define completionsdir %(pkg-config --variable completionsdir bash-completion)
|
||||||
|
Name: opensc
|
||||||
|
Version: 0.24.0
|
||||||
|
Release: 0
|
||||||
|
Summary: Smart Card Utilities
|
||||||
|
License: LGPL-2.1-or-later
|
||||||
|
Group: Productivity/Security
|
||||||
|
URL: https://github.com/OpenSC/OpenSC/wiki
|
||||||
|
Source: https://github.com/OpenSC/OpenSC/releases/download/%{version}/%{name}-%{version}.tar.gz
|
||||||
|
Source1: baselibs.conf
|
||||||
|
Source2: %{name}-rpmlintrc
|
||||||
|
# Register with p11-kit
|
||||||
|
# https://web.archive.org/web/20111225073733/http://www.opensc-project.org/opensc/ticket/390
|
||||||
|
Source3: opensc.module
|
||||||
|
Patch0: opensc-gcc11.patch
|
||||||
|
BuildRequires: docbook-xsl-stylesheets
|
||||||
|
BuildRequires: libxslt
|
||||||
|
BuildRequires: pkgconfig
|
||||||
|
BuildRequires: readline-devel
|
||||||
|
BuildRequires: zlib-devel
|
||||||
|
BuildRequires: pkgconfig(bash-completion)
|
||||||
|
BuildRequires: pkgconfig(libpcsclite) >= 1.8.22
|
||||||
|
BuildRequires: pkgconfig(openssl) >= 1.0.1
|
||||||
|
Requires: pcsc-lite
|
||||||
|
# There is no more devel package.
|
||||||
|
Obsoletes: opensc-devel < %{version}
|
||||||
|
|
||||||
|
%description
|
||||||
|
OpenSC provides a set of utilities to access smart cards. It mainly
|
||||||
|
focuses on cards that support cryptographic operations. It facilitates
|
||||||
|
their use in security applications such as mail encryption,
|
||||||
|
authentication, and digital signature. OpenSC implements the PKCS#11
|
||||||
|
API. Applications supporting this API, such as Mozilla Firefox and
|
||||||
|
Thunderbird, can use it. OpenSC implements the PKCS#15 standard and aims
|
||||||
|
to be compatible with every software that does so, too.
|
||||||
|
|
||||||
|
Before purchasing any cards, please read carefully documentation on the
|
||||||
|
web pageonly some cards are supported. Not only card type matters, but
|
||||||
|
also card version, card OS version and preloaded applet. Only subset of
|
||||||
|
possible operations may be supported for your card. Card initialization
|
||||||
|
may require third party proprietary software.
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%autosetup -p1
|
||||||
|
|
||||||
|
%build
|
||||||
|
%configure \
|
||||||
|
--docdir=%{_docdir}/%{name} \
|
||||||
|
--disable-static \
|
||||||
|
--enable-doc \
|
||||||
|
--disable-silent-rules
|
||||||
|
%make_build
|
||||||
|
|
||||||
|
%install
|
||||||
|
%make_install
|
||||||
|
# Private library.
|
||||||
|
rm %{buildroot}%{_libdir}/libopensc.so
|
||||||
|
install -D -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/pkcs11/modules/opensc.module
|
||||||
|
|
||||||
|
%post -p /sbin/ldconfig
|
||||||
|
%postun -p /sbin/ldconfig
|
||||||
|
|
||||||
|
%files
|
||||||
|
%license COPYING
|
||||||
|
%doc NEWS README
|
||||||
|
%doc %{_docdir}/%{name}/tools.html
|
||||||
|
%doc %{_docdir}/%{name}/files.html
|
||||||
|
%doc %{_docdir}/%{name}/opensc.conf
|
||||||
|
%{_bindir}/*
|
||||||
|
%{_datadir}/applications/*.desktop
|
||||||
|
%{_datadir}/opensc
|
||||||
|
# Note: .la and .so must be in the main package, required by ltdl:
|
||||||
|
%{_libdir}/*.la
|
||||||
|
%{_libdir}/*.so*
|
||||||
|
%dir %{_libdir}/pkcs11
|
||||||
|
%{_libdir}/pkcs11/*.so
|
||||||
|
%{_libdir}/pkgconfig/opensc-pkcs11.pc
|
||||||
|
%{_mandir}/man?/*%{ext_man}
|
||||||
|
%config %{_sysconfdir}/opensc.conf
|
||||||
|
%dir %{_sysconfdir}/pkcs11
|
||||||
|
%config %{_sysconfdir}/pkcs11/modules/
|
||||||
|
# This is a private library. There is no reason to split it to libopensc* package.
|
||||||
|
%{_libdir}/libopensc.so.*
|
||||||
|
%{completionsdir}/*
|
||||||
|
|
||||||
|
%changelog
|
Loading…
Reference in New Issue
Block a user