ALP-pool/opensc
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Sync from SUSE:ALP:Source:Standard:1.0 opensc revision 8aaa3bcb100ffedcf401a011ee060568

Browse Source
This commit is contained in:
Adrian Schröter 2024-03-15 15:48:41 +01:00
parent 3699ef7348
commit be2212950f
3 changed files with 34 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
CVE-2024-1454.patch Normal file
View File

@ -0,0 +1,25 @@
From 5835f0d4f6c033bd58806d33fa546908d39825c9 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Mon, 18 Dec 2023 11:09:50 +0100
Subject: [PATCH] authentic: Avoid use after free
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64898
---
src/pkcs15init/pkcs15-authentic.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/pkcs15init/pkcs15-authentic.c b/src/pkcs15init/pkcs15-authentic.c
index a6d8b8ffad..798bc44138 100644
--- a/src/pkcs15init/pkcs15-authentic.c
+++ b/src/pkcs15init/pkcs15-authentic.c
@@ -868,7 +868,7 @@ authentic_emu_update_tokeninfo(struct sc_profile *profile, struct sc_pkcs15_card
rv = sc_select_file(p15card->card, &path, &file);
if (!rv) {
rv = sc_get_challenge(p15card->card, buffer, sizeof(buffer));
- if (!rv) {
+ if (rv < 0) {
sc_file_free(file);
LOG_TEST_RET(ctx, rv, "Get challenge error");
}

6
opensc.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Sun Feb 25 20:35:05 UTC 2024 - Martin Schreiner <martin.schreiner@suse.com>
- Add CVE-2024-1454.patch.
Fix for CVE-2024-1454 / bsc#1219868.
-------------------------------------------------------------------
Wed Dec 13 12:27:34 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>

4
opensc.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package opensc
#
# Copyright (c) 2023 SUSE LLC
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -31,6 +31,8 @@ Source2: %{name}-rpmlintrc
# https://web.archive.org/web/20111225073733/http://www.opensc-project.org/opensc/ticket/390
Source3: opensc.module
Patch0: opensc-gcc11.patch
# PATCH-FIX-UPSTREAM martin.schreiner@suse.com CVE-2024-1454 bsc#1219868
Patch1: CVE-2024-1454.patch
BuildRequires: docbook-xsl-stylesheets
BuildRequires: libxslt
BuildRequires: pkgconfig