------------------------------------------------------------------- Tue Oct 1 06:30:06 UTC 2024 - Angel Yankov - - Security fix: [CVE-2024-8443, bsc#1230364] * opensc: heap buffer overflow in OpenPGP driver when generating key * Added patch: opensc-CVE-2024-8443.patch ------------------------------------------------------------------- Tue Oct 1 06:27:05 UTC 2024 - Angel Yankov - Security fix: [opensc-CVE-2024-45620, bsc#1230076] - Security fix: [opensc-CVE-2024-45619, bsc#1230075] - Security fix: [opensc-CVE-2024-45618, bsc#1230074] - Security fix: [opensc-CVE-2024-45617, bsc#1230073] - Security fix: [opensc-CVE-2024-45616, bsc#1230072] - Security fix: [opensc-CVE-2024-45615, bsc#1230071] * opensc: pkcs15init: Usage of uninitialized values in libopensc and pkcs15init * opensc: Uninitialized values after incorrect check or usage of APDU response values in libopensc * opensc: Uninitialized values after incorrect or missing checking return values of functions in libopensc * opensc: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init * opensc: Incorrect handling length of buffers or files in libopensc * opensc: Incorrect handling of the length of buffers or files in pkcs15init * Added patches: - opensc-CVE-2024-45615.patch - opensc-CVE-2024-45616.patch - opensc-CVE-2024-45617.patch - opensc-CVE-2024-45618.patch - opensc-CVE-2024-45619.patch - opensc-CVE-2024-45620.patch ------------------------------------------------------------------- Sun Feb 25 20:35:05 UTC 2024 - Martin Schreiner - Add CVE-2024-1454.patch. Fix for CVE-2024-1454 / bsc#1219868. ------------------------------------------------------------------- Wed Dec 13 12:27:34 UTC 2023 - Otto Hollmann - Update to OpenSC 0.24.0: * Security - CVE-2023-40660: Fix Potential PIN bypass (#2806, frankmorgner/OpenSCToken#50, #2807) - CVE-2023-40661: Important dynamic analyzers reports - CVE-2023-4535: Out-of-bounds read in MyEID driver handling encryption using symmetric keys (f1993dc) * General improvements - Fix compatibility of EAC with OpenSSL 3.0 (#2674) - Enable use_file_cache by default (#2501) - Use custom libctx with OpenSSL >= 3.0 (#2712, #2715) - Fix record-based files (#2604) - Fix several race conditions (#2735) - Run tests under Valgrind (#2756) - Test signing of data bigger than 512 bytes (#2789) - Update to OpenPACE 1.1.3 (#2796) - Implement logout for some of the card drivers (#2807) - Fix wrong popup position of opensc-notify (#2901) - Fixed various issues reported by OSS-Fuzz and Coverity regarding card drivers, PKCS#11 and PKCS#15 init * PKCS#11 - Check card presence state in C_GetSessionInfo (#2740) - Remove onepin-opensc-pkcs11 module (#2681) - Do not use colons in the token info label (#2760) - Present profile objects in all slots with the CKA_TOKEN attribute to resolve issues with NSS (#2928, #2924) - Use secure memory for PUK (#2906) - Don't logout to preserve concurrent access from different processes (#2907) - Add more examples to manual page (#2936) - Present profile objects in all virtual slots (#2928) - Provide CKA_TOKEN attribute for profile objects (#2924) - Improve --slot parameter documentation (#2951) * PKCS#15 - Honor cache offsets when writing file cache (#2858) - Prevent needless amount of PIN prompts from pkcs15init layer (#2916) - Propagate CKA_EXTRACTABLE and SC_PKCS15_PRKEY_ACCESS_SENSITIVE from and back to PKCS#11 (#2936) * Minidriver - Fix for private keys that do not need a PIN (#2722) - Unbreak decipher when the first null byte of PKCS#1.5 padding is missing (#2939* * pkcs11-tool - Fix RSA key import with OpenSSL 3.0 (#2656) - Add support for attribute filtering when listing objects (#2687) - Add support for --private flag when writing certificates (#2768) - Add support for non-AEAD ciphers to the test mode (#2780) - Show CKA_SIGN attribute for secret keys (#2862) - Do not attempt to read CKA_ALWAYS_AUTHENTICATE on secret keys (#2864, #2913) - Show Sign/VerifyRecover attributes (#2888) - Add option to import generic keys (#2955) * westcos-tool - Generate 2k RSA keys by default (b53fc5c) * pkcs11-register - Disable autostart on Linux by default (#2680) * IDPrime - Add support for IDPrime MD 830, 930 and 940 (#2666) - Add support for SafeNet eToken 5110 token (#2812) - Process index even without keyrefmap and use correct label for second PIN (#2878) - Add support for Gemalto IDPrime 940C (#2941) * EPass2003 - Change of PIN requires verification of the PIN (#2759) - Fix incorrect CMAC computation for subkeys (#2759, issue #2734) - Use true random number for mutual authentication for SM (#2766) - Add verification of data coming from the token in the secure messaging mode (#2772) - Avoid success when using unsupported digest and fix data length for RAW ECDSA signatures (#2845) * OpenPGP - Fix select data command (#2753, issue #2752) - Unbreak ed/curve25519 support (#2892) * eOI - Add support for Slovenian eID card (eOI) (#2646) * Italian CNS - Add support for IDEMIA (Oberthur) tokens (#2483) * PIV - Add support for Swissbit iShield FIDO2 Authenticator (#2671) - Implement PIV secure messaging (#2053) * SkeID - Add support for Slovak eID cards (#2672) * isoApplet - Support ECDSA with off-card hashing (#2642) * MyEID - Fix WRAP operation when using T0 (#2695) - Identify changes on the card and enable use_file_cache (#2798) - Workaround for unwrapping using 2K RSA key (#2921) * SC-HSM - Add support for opensc-tool --serial (#2675) - Fix unwrapping of 4096 keys with handling reader limits (#2682) - Indicate supported hashes and MGF1s (#2827) - Remove patches: * opensc-CVE-2023-40660-1of2.patch * opensc-CVE-2023-40660-2of2.patch * opensc-CVE-2023-40661-1of12.patch * opensc-CVE-2023-40661-2of12.patch * opensc-CVE-2023-40661-3of12.patch * opensc-CVE-2023-40661-4of12.patch * opensc-CVE-2023-40661-5of12.patch * opensc-CVE-2023-40661-6of12.patch * opensc-CVE-2023-40661-7of12.patch * opensc-CVE-2023-40661-8of12.patch * opensc-CVE-2023-40661-9of12.patch * opensc-CVE-2023-40661-10of12.patch * opensc-CVE-2023-40661-11of12.patch * opensc-CVE-2023-40661-12of12.patch * opensc-CVE-2023-4535.patch * opensc-CVE-2023-2977.patch * opensc-NULL_pointer_fix.patch ------------------------------------------------------------------- Fri Oct 6 06:49:24 UTC 2023 - Otto Hollmann - Security Fix: [CVE-2023-40661, bsc#1215761] * opensc: multiple memory issues with pkcs15-init (enrollment tool) * Add patches: - opensc-CVE-2023-40661-1of12.patch - opensc-CVE-2023-40661-2of12.patch - opensc-CVE-2023-40661-3of12.patch - opensc-CVE-2023-40661-4of12.patch - opensc-CVE-2023-40661-5of12.patch - opensc-CVE-2023-40661-6of12.patch - opensc-CVE-2023-40661-7of12.patch - opensc-CVE-2023-40661-8of12.patch - opensc-CVE-2023-40661-9of12.patch - opensc-CVE-2023-40661-10of12.patch - opensc-CVE-2023-40661-11of12.patch - opensc-CVE-2023-40661-12of12.patch ------------------------------------------------------------------- Thu Oct 5 13:45:16 UTC 2023 - Otto Hollmann - Security Fix: [CVE-2023-4535, bsc#1215763] * Add patches: - opensc-CVE-2023-4535.patch - opensc-NULL_pointer_fix.patch ------------------------------------------------------------------- Wed Oct 4 13:26:11 UTC 2023 - Otto Hollmann - Security Fix: [CVE-2023-40660, bsc#1215762] * opensc: PIN bypass when card tracks its own login state * Add patches: - opensc-CVE-2023-40660-1of2.patch - opensc-CVE-2023-40660-2of2.patch ------------------------------------------------------------------- Thu Jun 1 12:55:19 UTC 2023 - Otto Hollmann - Security Fix: [CVE-2023-2977, bsc#1211894] * opensc: out of bounds read in pkcs15 cardos_have_verifyrc_package() * Add opensc-CVE-2023-2977.patch ------------------------------------------------------------------- Tue Nov 29 17:52:46 UTC 2022 - Michael Ströder - Update to OpenSC 0.23.0: * General improvements - Support signing of data with a length of more than 512 bytes (#2314) - By default, disable support for old card drivers (#2391) and remove support for old drivers MioCOS and JCOP (#2374) - Bump minimal required OpenSSL version to 1.1.1 and add support for OpenSSL 3.0 (#2438, #2506) - Compatibility with LibreSSL (#2495, #2595) - Remove support for DSA (#2503) - Extend p11test to support symmetric keys (#2430) - Notice detached reader on macOS (#2418) - Support for OAEP padding (#2475, #2484) - Fix for PSS salt length (#2478) - Improve fuzzing by adding new tests (#2417, #2500, #2520, #2550, #2637) - Fixed various issues reported by OSS-Fuzz and Coverity regarding card drivers, PKCS#11 and PKCS#15 init - Fix issues with OpenPACE (#2472) - Containers support for local testing - Add support for encryption and decryption using symmetric keys (#2473, #2607) - Stop building support for Gost algorithms with OpenSSL 3.0 as they require deprecated API (#2586) - Fix detection of disconnected readers in PCSC (#2600) - Add configuration option for on-disk caching of private data (#2588) - Skip building empty binaries when dependencies are missing and remove needless linking (#2617) - Define arm64 as a supported architecture in the Installer package (#2610) * PKCS#11 - Implement C_CreateObject for EC keys and fix signature verification for CKM_ECDSA_SHAx cards (#2420) * pkcs11-tool - Add more elliptic curves (#2301) - Add support for symmetric encrypt and decrypt, wrap and unwrap operations, and initialization vector (#2268) - Fix consistent handling of secret key attributes (#2497) - Add support for signing and verifying with HMAC (#2385) - Add support for SHA3 (#2467) - Make object selectable via label (#2570) - Do not require an R/W session for some operations and add --session-rw option (#2579) - Print more information: CKA_UNIQUE_ID attribute, SHA3 HMACs and serial number for certificates (#2644, #2643, #2641) - Add new option --undestroyable to create keys with CKA_DESTROYABLE=FALSE (#2645) * sc-hsm-tool - Add options for public key authentication (#2301) * Minidriver - Fix reinit of the card (#2525) - Add an entry for Italian CNS (e) (#2548) - Fix detection of ECC mechanisms (#2523) - Fix ATRs before adding them to the windows registry (#2628) * NQ-Applet - Add support for the JCOP4 Cards with NQ-Applet (#2425) * ItaCNS - Add support for ItaCMS v1.1 (key length 2048) (#2371) * Belpic - Add support for applet v1.8 (#2455) * Starcos - Add ATR for V3.4 (#2464) - Add PKCS#15 emulator for 3.x cards with eSign app (#2544) * ePass2003 - Fix PKCS#15 initialization (#2403) - Add support for FIPS (#2543) - Fix matching with newer versions and tokens initialized with OpenSC (#2575) * MyEID - Support logout operation (#2557) - Support for symmetric encryption and decryption (#2473, #2607) * GIDS - Fix decipher for TPM (#1881) * OpenPGP - Get the list of supported algorithms from algorithm information on the card (#2287) - Support for 3 certificates with OpenPGP 3+ (#2103) * nPA - Fix card detection (#2463) * Rutoken - Fix formatting rtecp cards (#2599) * PIV - Add new PIVKey ATRs for current cards (#2602) ------------------------------------------------------------------- Mon Oct 4 12:59:24 UTC 2021 - Daniel Donisa - Update to OpenSC 0.22.0: * Removed changes in opensc-gcc11.patch already present in upstream. - See https://github.com/OpenSC/OpenSC/pull/2241/commits/e549e9c62eb4fcd2260800e2665071e4dd9bbbda * Removed some false positives from the openrc-rpmlintrc file. * Use standard paths for file cache on Linux (#2148) and OSX (#2214) * Various issues of memory/buffer handling in legacy drivers mostly reported by oss-fuzz and coverity (tcos, oberthur, isoapplet, iasecc, westcos, gpk, flex, dnie, mcrd, authentic, belpic) * Add threading test to `pkcs11-tool` (#2067) * Add support to generate generic secret keys (#2140) * `opensc-explorer`: Print information about LCS (Life cycle status byte) (#2195) * Add support for Apple's arm64 (M1) binaries, removed TokenD. A seperate installer with TokenD (and without arm64 binaries) will be available (#2179). * Support for gcc11 and its new strict aliasing rules (#2241, #2260) * Initial support for building with OpenSSL 3.0 (#2343) * pkcs15-tool: Write data objects in binary mode (#2324) * Avoid limited size of log messages (#2352) * Support for ECDSA verification (#2211) * Support for ECDSA with different SHA hashes (#2190) * Prevent issues in p11-kit by not returning unexpected return codes (#2207) * Add support for PKCS#11 3.0: The new interfaces, profile objects and functions (#2096, #2293) * Standardize the version 2 on 2.20 in the code (#2096) * Fix CKA_MODIFIABLE and CKA_EXTRACTABLE (#2176) * Copy arguments of C_Initialize (#2350) * Fix RSA-PSS signing (#2234) * Fix DO deletion (#2215) * Add support for (X)EdDSA keys (#1960) * Add support for applet version 3 and fix RSA-PSS mechanisms (#2205) * Add support for applet version 4 (#2332) * New configuration option for opensc.conf to disable pkcs1_padding (#2193) * Add support for ECDSA with different hashes (#2190) * Enable more mechanisms (#2178) * Fixed asking for a user pin when formatting a card (#1737) * Added support for French CPx Healthcare cards (#2217) * Added ATR for new CardOS 5.4 version (#2296) * Fixes security issues: * tcos: use after return (bsc#1192005, CVE-2021-42780) * oberthur: use after free (bsc#1191992, CVE-2021-42779) * oberthur: multiple heap buffer overflows (bsc#1192000, CVE-2021-42781) * multiple stack buffer overflow issues (bsc#1191957, CVE-2021-42782) ------------------------------------------------------------------- Sun Jun 27 16:48:49 UTC 2021 - Predrag Ivanović - Fix build on GCC11 * Add opensc-gcc11.patch from Fedora (https://github.com/OpenSC/OpenSC/pull/2241/) ------------------------------------------------------------------- Fri Mar 12 22:58:46 UTC 2021 - Dirk Müller - move licenses to licensedir ------------------------------------------------------------------- Fri Nov 27 19:27:30 UTC 2020 - Andreas Stieger - OpenSC 0.21.0: * CVE-2020-26571: stack-based buffer overflow in the gemsafe GPK smart card software driver (boo#1177380) * CVE-2020-26572: stack-based buffer overflow in the TCOS smart card software driver (boo#1177378) * CVE-2020-26570: heap-based buffer overflow in the Oberthur smart card software driver (boo#1177364) * CardOS 5.x support boo#1179291 * Support for OAEP encryption, make SHA256 default * New separate debug level for PIN commands * Fix handling of card/reader insertion/removal events in pcscd * Fixes of removed readers handling * Fix Firefox crash because of invalid pcsc context * PKCS#11: Return CKR_TOKEN_NOT_RECOGNIZED for not recognized cards * Propagate ignore_user_content to PKCS#11 layer not to confuse applications * Minidriver: Fix check of ATR length (2-to 33 characters inclusive) * pkcs11-tool: allow using SW tokens * opensc-explorer asn1 accepts offsets and decode records * opensc-explorer cat accepts records * OpenPGP: Add new ec curves supported by GNUK * First steps supporting OpenPGP 3.4 * OpenPGP: Add support for EC key import * Rutoken: Add ATR for Rutoken ECP SC NFC * Improve detection of various CardOS 5 configurations * DNIe: Add new DNIe CA structure for the secure channel * ePass2003: Improve ECC support * ePass2003: Fix erase sequence * IAS-ECC: Fix support for Idemia Cosmo cards * IAS-ECC: PIN padding settings are now used from PKCS#15 info when available * IAS-ECC: Added PIN-pad support for PIN unblock * New driver for Gemalto IDPrime (only some types) * eDo: New driver with initial support for Polish eID card (e-dowód, eDO) * MCRD: Remove unused and broken RSA EstEID support * TCOS: Add missing encryption certificates * PIV: Add ATR of DOD Yubikey * fixed PIV global pin bug * CAC1: Support changing PIN with CAC Alt tokens - includes changes from 0.20.0 * CVE-2019-6502: memory leak in libopensc (boo#1122756) * CVE-2019-15946: out-of-bounds access of an ASN.1 Octet string (boo#1149747) * CVE-2019-15945: out-of-bounds access of an ASN.1 Bitstring (boo#1149746) * CVE-2019-19479: incorrect read operation during parsing of a SETCOS file attribute (boo#1158256) * CVE-2019-19480: improper free operation in sc_pkcs15_decode_prkdf_entry (boo#1158307) * CVE-2019-20792: double free in coolkey_free_private_dat (bsc#1170809) * Support RSA-PSS signature mechanisms using RSA-RAW * Added memory locking for secrets * added support for terminal colors * PC/SC driver: Fixed error handling in case of changing or removing the card reader * rename md_read_only to read_only and use it for PKCS#11 and Minidriver * allow global use of ignore_private_certificate * PKCS#11: Implement write protection (CKF_WRITE_PROTECTED) based on the card profile * PKCS#11: Add C_WrapKey and C_UnwrapKey implementations * PKCS#11: Handle CKA_ALWAYS_AUTHENTICATE when creating key objects * PKCS#11: Truncate long PKCS#11 labels with ... * PKCS#11: Fixed recognition of a token when being unplugged and reinserted * Minidriver: Register for CardOS5 cards * Minidriver: Add support for RSA-PSS * tools: Harmonize the use of option -r/--reader * goid-tool: GoID personalization with fingerprint * openpgp-tool: replace the options -L/--key-length with -t/--key-type * openpgp-tool: add options -C/--card-info and -K/--key-info * opensc-explorer: add command pin_info, extend random * pkcs11-register: Auto-configuration of applications for use of OpenSC PKCS#11 * pkcd11-register: Autostart * opensc-tool: Show ATR also for cards not recognized by OpenSC * pkcs11-spy: parse CKM_AES_GCM, EC Derive parameters * pkcs11-spy: Add support for CKA_OTP_* and CKM_*_PSS values * pkcs11-tool: Support for signature verification via --verify * pkcs11-tool: Add object type secrkey for --type option * pkcs11-tool: Implement Secret Key write object * pkcs11-tool: Add GOSTR3410-2012 support * pkcs11-tool: Add support for testing CKM_RSA_PKCS_OAEP * pkcs11-tool: Add extractable option to key import * pkcs11-tool: list more key access flags when listing keys * pkcs11-tool: Add support for CKA_ALLOWED_MECHANISMS when creating new objects and listing keys * pkcs15-crypt: *Handle keys with user consent * New separate CAC1 driver using the old CAC specification (#1502) * CardOS: Add support for 4K RSA keys in CardOS 5 * CardOS: Fixed decryption with CardOS 5 * Enable CoolKey driver to handle 2048-bit keys * EstEID: add support for a minimalistic, small and fast card profile based on IAS-ECC issued since December 2018 * GIDS Decipher fix (#1881) * GIDS: Allow RSA 4K support * MICARDO: Remove long expired EstEID 1.0/1.1 card support * MyEID: Add support for unwrapping a secret key with an RSA key or secret key * MyEID Add support for wrapping a secret key with a secret key * Support for MyEID 4K RSA * Support for OsEID * Gemalto GemSafe: add new PTeID ATRs, add support for 4K RSA keys * OpenPGP Card v3 ECC support * Add Rutoken ECP SC * Add Rutoken Lite * Add SmartCard-HSM 4K ATR * Add missing secp384r1 curve parameter * Stacros: Fix decipher with 2.3 * Stacros: Add ATR for 2nd gen. eGK * Stacros: Add new ATR for 3.5 * Stacros: Detect and allow Globalplatform PIN encoding * Fix TCOS IDKey support * TCOS: add encryption certificate for IDKey * Infocamere, Postecert, Cnipa: Remove profiles * Remove incomplete acos5 driver - drop patches now upstream: * opensc-0.19.0-piv_card_matching.patch * opensc-0.19.0-redundant_logging.patch * opensc-0.19.0-rsa-pss.patch ------------------------------------------------------------------- Sun Aug 18 01:35:45 UTC 2019 - Jason Sikes - added opensc-0.19.0-piv_card_matching.patch * Improve Card Matching for Dual CAC/PIV and PIVKEY cards. * sourced from https://github.com/OpenSC/OpenSC/pull/1549 ------------------------------------------------------------------- Tue Jul 30 03:15:14 UTC 2019 - Jason Sikes - added opensc-0.19.0-rsa-pss.patch * Fixes the pkcs11-tool example * Added missing CKM_SHA224_RSA_PKCS_PSS * Add support for PSS padding to RSA signatures * Support for signature verification in pkcs11-tool * Switch cleanup steps to avoid segfaults on errors and more sanity checking - added opensc-0.19.0-redundant_logging.patch * Remove redundant debug output ------------------------------------------------------------------- Tue Jul 23 21:51:42 UTC 2019 - Benjamin Greiner - add explicit BuildRequires: zlib-devel ------------------------------------------------------------------- Thu Sep 13 13:46:43 UTC 2018 - Karol Babioch - Update to version 0.19.0 * Fixed multiple security problems (out of bound writes/reads): * bsc#1104812 * CVE-2018-16391 (bsc#1106998) * CVE-2018-16392 (bsc#1106999) * CVE-2018-16393 (bsc#1108318) * CVE-2018-16418 (bsc#1107039) * CVE-2018-16419 (bsc#1107107) * CVE-2018-16420 (bsc#1107097) * CVE-2018-16421 (bsc#1107049) * CVE-2018-16422 (bsc#1107038) * CVE-2018-16423 (bsc#1107037) * CVE-2018-16424 (bsc#1107036) * CVE-2018-16425 (bsc#1107035) * CVE-2018-16426 (bsc#1107034) * CVE-2018-16427 (bsc#1107033) * Workaround cards returning short signatures without leading zeroes * Distribute minimal opensc.conf * `pkcs11_enable_InitToken made` global configuration option * Modify behavior of `OPENSC_DRIVER` environment variable to restrict driver list instead of forcing one driver and skipping vital parts of configuration * Removed configuration options `zero_ckaid_for_ca_certs`, `force_card_driver`, `reopen_debug_file`, `paranoid-memory` * Generalized configuration option `ignored_readers` * If card initialization fails, continue card detection with other card drivers * reader-pcsc: allow fixing the length of a PIN * fixed crash during `C_WaitForSlotEvent` * Allow cancelling the PIN pad prompt before starting the reader transaction. Whether to start the transaction immediately or not is user-configurable for each application * opensc-notify * add Exit button to tray icon * User better description (GenericName) and a generic application icon * Do not display in the application list - Removed patches included upstream now: * opensc-desktop.patch * opensc-desktop2.patch * opensc-bash-completions.patch - Applied spec-cleaner ------------------------------------------------------------------- Tue Jul 10 16:56:28 CEST 2018 - sbrabec@suse.com - Update to version 0.18.0: * Further improvements of PIN support. * Large number of improvements and fixes (boo#1097951, boo#1100501). * See /usr/share/doc/packages/opensc/NEWS for complete list. - Add opensc-desktop.patch, opensc-desktop2.patch and opensc-bash-completions.patch. ------------------------------------------------------------------- Mon Jan 1 16:16:13 UTC 2018 - michael@stroeder.com - update to version 0.17.0: * support for new cards * PIN support enhancemets * added .pc file * builds with OpenSSL 1.1.0 (1074799) * See /usr/share/doc/packages/opensc/NEWS for complete list. ------------------------------------------------------------------- Tue Jul 18 13:58:05 UTC 2017 - tchvatal@suse.com - Switch to tarball fetching from github - Few small cleanups ------------------------------------------------------------------- Tue Nov 22 16:42:06 CET 2016 - sbrabec@suse.com - Add baselibs.conf to provide 32-bit PKCS11 plugins (bsc#996047). - Drop opensc-ADVISORIES. There is no new advisory since 2009. ------------------------------------------------------------------- Tue Jul 5 12:09:24 UTC 2016 - t.gruner@katodev.de - update to version 0.16.0 - remove fix (issue 505) - clean up spec-file ------------------------------------------------------------------- Thu Jul 30 16:16:19 EEST 2015 - bwachter-pkg@lart.info - update to version 0.15.0 - register with p11-kit (https://www.opensc-project.org/opensc/ticket/390) ------------------------------------------------------------------- Mon Feb 16 15:14:55 UTC 2015 - michael@stroeder.com - update to version 0.14.0 ------------------------------------------------------------------- Tue Dec 3 18:53:23 UTC 2013 - luizluca@tre-sc.gov.br - update to version 0.13.0 ------------------------------------------------------------------- Tue Jun 12 21:00:03 UTC 2012 - mgorse@suse.com - make needed directories before running make install ------------------------------------------------------------------- Thu Sep 29 18:26:23 UTC 2011 - lmedinas@opensuse.org - Updated to version 0.12.2: * Builds are now silent by default when OpenSC is built from source on Unix. * Using --wait with command line tools works with 64bit Linux again. * Greatly improved OpenPGP card support, including OpenPGP 2.0 cards like the one found in German Privacy Foundation CryptoStick. * Fixed support for FINeID cards issued after 01.03.2011 with 2048bit keys. * #256: Fixed support for TCOS cards (broken since 0.12.0). * Added support for IDKey-cards to TCOS3 driver. * #361: Improved PC/SC driver to fetch the maximum PIN sizes from the open source CCID driver. This fixes the issue for Linux/OSX with recent driver. * Fix FINeID cards for organizations. * Several smaller bugs and compiler warnings fixed - Updated to version 0.12.1: * IAS-ECC 1.0.1 * Support for cards with multiple PKCS#15 applications * New card driver: IAS/ECC 1.0.1 * rutoken-tool has been deprecated and removed. * eidenv and piv-tool utilities now have manual pages. * pkcs11-tool now requires the use of --module parameter. * All tools can now use an ATR as an argument to --reader, to skip to the card with given ATR. * opensc-tool -l with -v now shows information about the inserted cards. * Creating files have an enforced upper size limit, 64K * Support for multiple PKCS#15 applications with different AID-s. PKCS#15 applications can be listed with pkcs15-tool --list-applications. Binding to a specific AID with PKCS#15 tools can be done with --aid. * Hex strings (like card ATR or APDU-s) can now be separated by space, in addition to colons. * Pinpad readers known to be bogus are now ignored by OpenSC. At the moment only "HP USB Smart Card Keyboard" is disabled. * Numerous compiler warnings, unused code and internal bugs have been eliminated. ------------------------------------------------------------------- Fri Jan 7 14:49:37 CET 2011 - sbrabec@suse.cz - Updated to version 0.12.0: * Security fix (bnc#660109, CVE-2010-4523). * Only one backend is supported. openSUSE will use pcsc-lite. * libopensc made private, library should not be used by other applications. Please use generic PKCS#11 interface instead. * Signer plugin discontinued. Please use openssl engine_pkcs11. * No more depends on libassuan. * New card drivers. * Support for CardOS enhanced. * More changes and enhancements. - libopensc merged back to the main package, as it is private now. ------------------------------------------------------------------- Mon Aug 23 14:15:22 CEST 2010 - sbrabec@suse.cz - Fixed broken opensc-fix-gcc-warnings.patch (bnc#627619). - Simplified plugin installation. ------------------------------------------------------------------- Tue Apr 13 14:35:32 UTC 2010 - puzel@novell.com - update to version 0.11.13 * Modify Rutoken S binary interfaces by Aktiv Co. * Muscle driver fixed (acl reading issue) * Many small fixes (e.g. mem leaks) * Compiling with openssl 1.0.0-beta fixed * Document integer problem in OpenSC and implement workaround * Improve entersafe profile to support private data objects - Require pinentry - add opensc-libassuan-2.patch - add opensc-fix-gcc-warnings.patch ------------------------------------------------------------------- Fri Jan 1 20:07:35 CET 2010 - jengelh@medozas.de - package baselibs.conf ------------------------------------------------------------------- Wed Aug 5 14:59:33 CEST 2009 - sbrabec@suse.cz - Updated to version 0.11.9: * New rutoken_ecp driver * Allow more keys/certificates/files etc. with entersafe tokens * Updates pkcs11.h from scute fixing warnings * Small fixes in rutoken driver * Major update for piv driver with increased compatibility ------------------------------------------------------------------- Thu Jul 30 12:45:26 CEST 2009 - sbrabec@suse.cz - libopensc2 should not require opensc (bnc#466430). ------------------------------------------------------------------- Thu May 7 17:52:06 CEST 2009 - sbrabec@suse.cz - Updated to version 0.11.8: * Fix security problem in pkcs11-tool gen_keypair (PublicExponent 1) (bnc#501726) See http://en.opensuse.org/Smart_Cards/Advisories for more. * updated and improve entersafe driver. FTCOS/PK-01C cards are supported now, compatible with cards writen by Feitian's software on windows. ------------------------------------------------------------------- Thu Apr 9 11:32:23 CEST 2009 - sbrabec@suse.cz - Fixed undefined code (bnc#440853). - Don't call autoreconf on older products. ------------------------------------------------------------------- Tue Mar 17 18:01:29 CET 2009 - sbrabec@suse.cz - Updated to version 0.11.7: * hide_empty_slots now on by default? small logic change? * ruToken driver was updated. * openct virtual readers reduced to 2 by default. * Security issue: Fix private data support. (bnc#480262, CVE-2009-0368) See http://en.opensuse.org/Smart_Cards/Advisories for more. * Enable lock_login by default. * Disable allow_soft_keygen by default. ------------------------------------------------------------------- Wed Dec 10 12:34:56 CET 2008 - olh@suse.de - use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade (bnc#437293) ------------------------------------------------------------------- Thu Oct 30 12:34:56 CET 2008 - olh@suse.de - obsolete old -XXbit packages (bnc#437293) ------------------------------------------------------------------- Wed Sep 10 13:46:44 CEST 2008 - sbrabec@suse.cz - Updated to version 0.11.6: * New support for Feitian ePass3000. * GemSafeV1 improved to handle key_ref other than 3. * Build system rewritten. * ruToken now supported. * Allow specifying application name for data objects. * Basic reader hotplug support. * PC/SC library is dynamically linked. * PKCS#11 provider is now installed at LIBDIR/pkcs11. * PKCS#11 - Number of virtual slots moved into configuration. * PKCS#11 - Fix fork() compliance. * make sign_with_decrypt hack configureable for siemens cards. ------------------------------------------------------------------- Mon Sep 1 14:06:17 CEST 2008 - sbrabec@suse.cz - Check validity of SSL certificates for all Siemens CardOS M4 cards (SCA and SCB are affected as well, bnc#413496#c6). ------------------------------------------------------------------- Thu Jul 31 12:45:11 CEST 2008 - sbrabec@suse.cz - Fixed initialization access rights for Siemens CardOS M4, added a security check to pkcs15-tool (bnc#413496, CVE-2008-2235) ------------------------------------------------------------------- Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de - added baselibs.conf file to build xxbit packages for multilib support ------------------------------------------------------------------- Thu Feb 7 17:12:02 CET 2008 - sbrabec@suse.cz - Updated to version 0.11.4: * Browser plugin support * Support Siemens CardOS initialized cards (signing with decryption) * Add Siemens CardOS M4.2B support (experimental) * Support for AKIS cards added (partial) ------------------------------------------------------------------- Thu Jul 26 13:40:30 CEST 2007 - sbrabec@suse.cz - Updated to version 0.11.3: * make lots of internal functions and variables static. * fix 0 vs NULL in many places. fix ansi c style (void). * avoid variable names used also as glibc function (random etc.). * new code for deleting objects. * special hack for firefox. * suport for Athena APCOS cards added. * piv driver now supports bigger rsa keys too. * enabled pin caching by default. * use max_send_size 255 / max_recv_size 256 bytes by default. * increase pin buffer size to allow longer pin codes. * Added --read-ssk-key option to pkcs15-tool * use pkg-config for finding openct * use strlcpy function * use new pkcs11.h from scute with an open source license * add support for sha2 to pkcs15-crypt * add piv-tool for managing piv cards * add muscle driver * improved oberthur driver * add support for pcsc v2 part10 * convert source files to utf-8 - Split package according to shared library packaging policy. ------------------------------------------------------------------- Tue Feb 27 12:12:30 CET 2007 - mvaner@suse.cz - Fixing dodgy use of sizeof (#238660) - sizeof.patch ------------------------------------------------------------------- Mon Oct 2 18:49:35 CEST 2006 - sbrabec@suse.cz - Updated to version 0.11.1: * Update for piv pkcs#15 emulation * Improved TCOS driver for Uni Giesen Card * Handle size_t printf with "%lu" and (unsigned long) cast * Add support for d-trust cards / improve micardo 2.1 driver ------------------------------------------------------------------- Thu May 25 16:13:02 CEST 2006 - sbrabec@suse.cz - Fixed build for old SuSE Linux versions. ------------------------------------------------------------------- Thu May 11 13:00:00 CEST 2006 - sbrabec@suse.cz - Fixed devel dependencies. ------------------------------------------------------------------- Wed May 10 16:58:12 CEST 2006 - sbrabec@suse.cz - Updated to version 0.11.0. ------------------------------------------------------------------- Wed Jan 25 21:39:06 CET 2006 - mls@suse.de - converted neededforbuild to BuildRequires ------------------------------------------------------------------- Thu Jan 5 02:05:11 CET 2006 - ro@suse.de - added unpackaged so-links to devel filelist ------------------------------------------------------------------- Tue Oct 25 15:30:04 CEST 2005 - rhafer@suse.de - added LDAP_DEPRECATED to CFLAGS to build correctly with· OpenLDAP 2.3 ------------------------------------------------------------------- Fri Sep 2 12:56:14 CEST 2005 - okir@suse.de - Removed +x permissions on opensc.conf (#114849) ------------------------------------------------------------------- Thu Jul 14 16:11:56 CEST 2005 - okir@suse.de - Updated to latest upstream version - Added missing documentation files (#75425) ------------------------------------------------------------------- Fri Mar 4 11:06:48 CET 2005 - meissner@suse.de - fixed gcc4 compilation. ------------------------------------------------------------------- Fri Jan 21 14:43:23 CET 2005 - okir@suse.de - Updated to latest upstream version (0.9.4) ------------------------------------------------------------------- Thu Nov 18 15:49:34 CET 2004 - ro@suse.de - use kerberos-devel-packages ------------------------------------------------------------------- Mon Jul 19 14:06:10 CEST 2004 - adrian@suse.de - fix file list ------------------------------------------------------------------- Mon Jul 12 17:26:31 CEST 2004 - adrian@suse.de - update to version 0.8.1 ------------------------------------------------------------------- Fri Mar 19 11:10:13 CET 2004 - okir@suse.de - Fixed permissions and path names of some include files (#36432) ------------------------------------------------------------------- Fri Jan 16 13:19:16 CET 2004 - kukuk@suse.de - Add pam-devel to neededforbuild ------------------------------------------------------------------- Sat Jan 10 15:47:57 CET 2004 - adrian@suse.de - add %run_ldconfig and %defattr ------------------------------------------------------------------- Mon Aug 4 11:00:27 CEST 2003 - okir@suse.de - Build fixes for x86_64/ppc64 - use a version string other than "CVS" (#28423) ------------------------------------------------------------------- Fri Aug 1 12:04:29 CEST 2003 - okir@suse.de - Updated to most recent upstream snapshot ------------------------------------------------------------------- Thu Jun 12 13:28:31 CEST 2003 - kukuk@suse.de - Fix filelist and permissions ------------------------------------------------------------------- Wed Jun 4 00:39:12 CEST 2003 - ro@suse.de - added rest of static libs to devel filelist - remove unpackaged files from buildroot ------------------------------------------------------------------- Wed Jan 15 17:34:58 CET 2003 - ro@suse.de - use sasl2 ------------------------------------------------------------------- Thu Dec 5 11:22:44 CET 2002 - okir@suse.de - fixed x86_64 build problem - updated to latest upstream ------------------------------------------------------------------- Fri Nov 29 10:01:14 CET 2002 - okir@suse.de - updated to current CVS snapshot ------------------------------------------------------------------- Fri Aug 9 21:35:43 CEST 2002 - okir@suse.de - added missing libs to files list ------------------------------------------------------------------- Thu Jul 4 17:48:11 CEST 2002 - ro@suse.de - added heimdal-devel to neededforbuild to make libtool happy ------------------------------------------------------------------- Fri Jun 28 17:34:49 CEST 2002 - schwab@suse.de - Fix bootstrap script. - Use correct libtool macros. ------------------------------------------------------------------- Mon May 27 19:10:07 CEST 2002 - sf@suse.de - @libdir@ added to Makefile.am to use correct dirs for */lib */lib64 ------------------------------------------------------------------- Tue Apr 30 16:05:12 CEST 2002 - okir@suse.de - Initial check-in