diff --git a/opensc-0.11.7.tar.bz2 b/opensc-0.11.7.tar.bz2 deleted file mode 100644 index d18ab63..0000000 --- a/opensc-0.11.7.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f3215d440e07bdf16416b5dea148933fb8b9e0b045fdfd8376b3464e342e3362 -size 1066717 diff --git a/opensc-0.11.8.tar.bz2 b/opensc-0.11.8.tar.bz2 new file mode 100644 index 0000000..9d3b7c6 --- /dev/null +++ b/opensc-0.11.8.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0118909490608364d621898c0c33bb796e49f4b2b7327c2867772ed2d32072d6 +size 1071328 diff --git a/opensc-ADVISORIES b/opensc-ADVISORIES new file mode 100644 index 0000000..f64c2a0 --- /dev/null +++ b/opensc-ADVISORIES @@ -0,0 +1,14 @@ +opensc security advisories +========================== + +Opensc gets regular security updates during the maintenance period like +other packages in openSUSE and SLE. + +But opensc needs a special care - some of security problems cannot be +fixed by a simple package update. You need to take a special action and +check your cards, tokens or certificates. + +If you just updated from a previous version of openSUSE or SLE, don't +forget to check for these advisories. + +http://en.opensuse.org/Smart_Cards/Advisories diff --git a/opensc-gpk-profile.patch b/opensc-gpk-profile.patch deleted file mode 100644 index 3a7e66b..0000000 --- a/opensc-gpk-profile.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- src/pkcs15init/gpk.profile -+++ src/pkcs15init/gpk.profile -@@ -74,7 +74,7 @@ - - # private data objects are stored in transparent EFs. - EF privdata { -- file-id = 3300; -+ file-id = 3220; - structure = transparent; - ACL = *=NEVER, - READ=$PIN, diff --git a/opensc-pkcs15init-undefined.patch b/opensc-pkcs15init-undefined.patch deleted file mode 100644 index 96ac0e9..0000000 --- a/opensc-pkcs15init-undefined.patch +++ /dev/null @@ -1,41 +0,0 @@ -Index: src/pkcs15init/pkcs15-lib.c -=================================================================== ---- src/pkcs15init/pkcs15-lib.c (revision 3605) -+++ src/pkcs15init/pkcs15-lib.c (revision 3661) -@@ -3708,6 +3708,11 @@ - /* - * Parse OpenSC Info file. We rudely clobber any information - * given on the command line. -+ * -+ * passed is a pointer (p) to (len) bytes. Those bytes contain -+ * one or several tag-length-value constructs, where tag and -+ * length are both single bytes. a final 0x00 or 0xff byte -+ * (with or without len byte) is ok. - */ - static int - sc_pkcs15init_parse_info(sc_card_t *card, -@@ -3719,11 +3724,21 @@ - unsigned int nopts = 0; - size_t n; - -- end = p + len; -- while (p < end && (tag = *p++) != 0 && tag != 0xFF) { -+ if ((p == NULL) || (len == 0)) -+ return 0; -+ -+ end = p + (len - 1); -+ while (p < end) { /* more bytes to look at */ - int r = 0; - -- if (p >= end || p + (n = *p++) > end) -+ tag = *p; p++; -+ if ((tag == 0) || (tag == 0xff) || (p >= end)) -+ break; -+ -+ n = *p; -+ p++; -+ -+ if (p >= end || p + n > end) /* invalid length byte n */ - goto error; - - switch (tag) { diff --git a/opensc.changes b/opensc.changes index 9ed2a2f..d91b840 100644 --- a/opensc.changes +++ b/opensc.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Thu May 7 17:52:06 CEST 2009 - sbrabec@suse.cz + +- Updated to version 0.11.8: + * Fix security problem in pkcs11-tool gen_keypair + (PublicExponent 1) (bnc#501726) + See http://en.opensuse.org/Smart_Cards/Advisories for more. + * updated and improve entersafe driver. FTCOS/PK-01C cards are + supported now, compatible with cards writen by Feitian's + software on windows. + ------------------------------------------------------------------- Thu Apr 9 11:32:23 CEST 2009 - sbrabec@suse.cz diff --git a/opensc.spec b/opensc.spec index f2d60da..cd4cd75 100644 --- a/opensc.spec +++ b/opensc.spec @@ -1,5 +1,5 @@ # -# spec file for package opensc (Version 0.11.7) +# spec file for package opensc (Version 0.11.8) # # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -34,21 +34,18 @@ Obsoletes: opensc-64bit %endif # Url: http://www.opensc-project.org/opensc/ -Version: 0.11.7 -Release: 2 +Version: 0.11.8 +Release: 1 Group: Productivity/Security Summary: OpenSC Smart Card Library License: LGPL v2.1 or later Requires: libopensc2 = %{version} pcsc-lite BuildRoot: %{_tmppath}/%{name}-%{version}-build Source: %{name}-%{version}.tar.bz2 +Source1: %{name}-ADVISORIES # Supress all ugly warnings related to required .so and .la files in the main package: Source2: %{name}-rpmlintrc # and also skip-check-libtool-deps (and add these dependencies to the devel package) -# PATCH-FIX-UPSTREAM opensc-gpk-profile.patch sbrabec@suse.cz -- Fix privdata file-id clask for GPK cards. -Patch: opensc-gpk-profile.patch -# PATCH-FIX-UPSTREAM opensc-pkcs15init-undefined.patch bnc440853 sbrabec@suse.cz -- Fix undefined code. -Patch1: opensc-pkcs15init-undefined.patch %description OpenSC provides a set of libraries and utilities to access smart cards. @@ -128,8 +125,10 @@ Authors: %prep %setup -q -%patch -%patch1 +tr -d '\r' doc/nonpersistent/wiki.out/trac.css~ +touch -r doc/nonpersistent/wiki.out/trac.css doc/nonpersistent/wiki.out/trac.css~ +mv doc/nonpersistent/wiki.out/trac.css~ doc/nonpersistent/wiki.out/trac.css +cp -a %{S:1} ADVISORIES %build %if %suse_version > 1100 @@ -147,7 +146,7 @@ make %{?jobs:-j%jobs} %install %makeinstall -cp COPYING doc/nonpersistent/ChangeLog $RPM_BUILD_ROOT%{_docdir}/%{name} +cp COPYING ADVISORIES doc/nonpersistent/ChangeLog $RPM_BUILD_ROOT%{_docdir}/%{name} %clean rm -rf $RPM_BUILD_ROOT @@ -159,6 +158,7 @@ rm -rf $RPM_BUILD_ROOT %files %defattr(-,root,root) %doc %dir %{_docdir}/%{name} +%doc %{_docdir}/%{name}/ADVISORIES %doc %{_docdir}/%{name}/ChangeLog %doc %{_docdir}/%{name}/COPYING %doc %{_docdir}/%{name}/NEWS @@ -189,6 +189,14 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/*.pc %changelog +* Thu May 07 2009 sbrabec@suse.cz +- Updated to version 0.11.8: + * Fix security problem in pkcs11-tool gen_keypair + (PublicExponent 1) (bnc#501726) + See http://en.opensuse.org/Smart_Cards/Advisories for more. + * updated and improve entersafe driver. FTCOS/PK-01C cards are + supported now, compatible with cards writen by Feitian's + software on windows. * Thu Apr 09 2009 sbrabec@suse.cz - Fixed undefined code (bnc#440853). - Don't call autoreconf on older products.