Accepting request 1156722 from home:mnhauke

- Update to version 0.25.0 Security * CVE-2023-5992: Fix Side-channel leaks while stripping encryption PKCS#1.5 padding in OpenSC. * CVE-2024-1454: Fix Potential use-after-free in AuthentIC driver during card enrollment in pkcs15init. General improvements * Remove support for old card drivers Akis, GPK, Incrypto34 and Westcos, disable Cyberflex driver. * Fix 64b to 32b conversions. * Improvements for the p11test. * Fix reader initialization without SCardControl. * Make RSA PKCS#1 v1.5 depadding constant-time. * Add option for disabling PKCS#1 v1.5 depadding (type 01 and 02) on the card. * Fixed various issues reported by OSS-Fuzz and Coverity in drivers, PKCS#11 and PKCS#15 layer. - Add patch: * opensc-docbook-xsl-fix.patch - Drop not longer needed patches: * CVE-2024-1454.patch - Introduce subpackage for bash-completion OBS-URL: https://build.opensuse.org/request/show/1156722 OBS-URL: https://build.opensuse.org/package/show/security:chipcard/opensc?expand=0&rev=82
2024-03-11 09:16:52 +00:00 · 2024-03-11 09:16:52 +00:00 · f1181f62b8
commit f1181f62b8
parent 25a0c61513
6 changed files with 60 additions and 32 deletions
--- a/CVE-2024-1454.patch
+++ b/CVE-2024-1454.patch
@ -1,25 +0,0 @@
-From 5835f0d4f6c033bd58806d33fa546908d39825c9 Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jjelen@redhat.com>
-Date: Mon, 18 Dec 2023 11:09:50 +0100
-Subject: [PATCH] authentic: Avoid use after free
-
-Thanks oss-fuzz
-
-https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64898
---
- src/pkcs15init/pkcs15-authentic.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/pkcs15init/pkcs15-authentic.c b/src/pkcs15init/pkcs15-authentic.c
-index a6d8b8ffad..798bc44138 100644
--- a/src/pkcs15init/pkcs15-authentic.c
-+++ b/src/pkcs15init/pkcs15-authentic.c
-@@ -868,7 +868,7 @@ authentic_emu_update_tokeninfo(struct sc_profile *profile, struct sc_pkcs15_card
- 	rv = sc_select_file(p15card->card, &path, &file);
- 	if (!rv) {
- 		rv = sc_get_challenge(p15card->card, buffer, sizeof(buffer));
-		if (!rv) {
-+		if (rv < 0) {
- 			sc_file_free(file);
- 			LOG_TEST_RET(ctx, rv, "Get challenge error");
- 		}
--- a/opensc-0.24.0.tar.gz
+++ b/opensc-0.24.0.tar.gz
--- a/opensc-0.25.0.tar.gz
+++ b/opensc-0.25.0.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e6d7b66e2a508a377ac9d67aa463025d3c54277227be10bd08872e3407d6622f
+size 2406137
--- a/opensc-docbook-xsl-fix.patch
+++ b/opensc-docbook-xsl-fix.patch
@ -0,0 +1,13 @@
+diff --git a/doc/html.xsl b/doc/html.xsl
+index 665d45f..734fa98 100644
+--- a/doc/html.xsl
+++ b/doc/html.xsl
+@@ -3,7 +3,7 @@
+ <!ENTITY css SYSTEM "api.css">
+ ]>
+ <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">
+-	<xsl:import href="docbook-utf8.xsl"/>
+	<xsl:import href="docbook.xsl"/>
+ 	<xsl:param name="toc.section.depth" select="0"/>
+ 	<xsl:param name="generate.consistent.ids" select="1"/>
+ 	<xsl:template name="user.head.content">
--- a/opensc.changes
+++ b/opensc.changes
@ -1,3 +1,29 @@
+-------------------------------------------------------------------
+Sat Mar  9 12:06:03 UTC 2024 - Martin Hauke <mardnh@gmx.de>
+
+- Update to version 0.25.0
+  Security
+  * CVE-2023-5992: Fix Side-channel leaks while stripping
+    encryption PKCS#1.5 padding in OpenSC.
+  * CVE-2024-1454: Fix Potential use-after-free in AuthentIC driver
+    during card enrollment in pkcs15init.
+  General improvements
+  * Remove support for old card drivers Akis, GPK, Incrypto34 and
+    Westcos, disable Cyberflex driver.
+  * Fix 64b to 32b conversions.
+  * Improvements for the p11test.
+  * Fix reader initialization without SCardControl.
+  * Make RSA PKCS#1 v1.5 depadding constant-time.
+  * Add option for disabling PKCS#1 v1.5 depadding (type 01 and 02)
+    on the card.
+  * Fixed various issues reported by OSS-Fuzz and Coverity in
+    drivers, PKCS#11 and PKCS#15 layer.
+- Add patch:
+  * opensc-docbook-xsl-fix.patch
+- Drop not longer needed patches:
+  * CVE-2024-1454.patch
+- Introduce subpackage for bash-completion
+
 -------------------------------------------------------------------
 Sun Feb 25 20:35:05 UTC 2024 - Martin Schreiner <martin.schreiner@suse.com>

--- a/opensc.spec
+++ b/opensc.spec
@ -18,7 +18,7 @@

 %define completionsdir %(pkg-config --variable completionsdir bash-completion)
 Name:           opensc
-Version:        0.24.0
+Version:        0.25.0
 Release:        0
 Summary:        Smart Card Utilities
 License:        LGPL-2.1-or-later
@ -31,8 +31,8 @@ Source2:        %{name}-rpmlintrc
 # https://web.archive.org/web/20111225073733/http://www.opensc-project.org/opensc/ticket/390
 Source3:        opensc.module
 Patch0:         opensc-gcc11.patch
-# PATCH-FIX-UPSTREAM martin.schreiner@suse.com CVE-2024-1454 bsc#1219868
-Patch1:         CVE-2024-1454.patch
+Patch1:         opensc-docbook-xsl-fix.patch
+BuildRequires:  automake
 BuildRequires:  docbook-xsl-stylesheets
 BuildRequires:  libxslt
 BuildRequires:  pkgconfig
@ -60,8 +60,20 @@ also card version, card OS version and preloaded applet. Only subset of
 possible operations may be supported for your card. Card initialization
 may require third party proprietary software.

+%package bash-completion
+Summary:        Bash Completion for %{name}
+Group:          Productivity/Security
+Requires:       %{name} = %{version}
+Requires:       bash-completion
+Supplements:    (%{name} and bash-completion)
+BuildArch:      noarch
+
+%description bash-completion
+Bash completion script for %{name}.
+
 %prep
-%autosetup -p1
+%setup -q
+%autopatch -p1

 %build
 %configure \
@ -101,6 +113,8 @@ install -D -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/pkcs11/modules/opensc.mo
 %config %{_sysconfdir}/pkcs11/modules/
 # This is a private library. There is no reason to split it to libopensc* package.
 %{_libdir}/libopensc.so.*
+
+%files bash-completion
 %{completionsdir}/*

 %changelog