Accepting request 1156722 from home:mnhauke

- Update to version 0.25.0 Security * CVE-2023-5992: Fix Side-channel leaks while stripping encryption PKCS#1.5 padding in OpenSC. * CVE-2024-1454: Fix Potential use-after-free in AuthentIC driver during card enrollment in pkcs15init. General improvements * Remove support for old card drivers Akis, GPK, Incrypto34 and Westcos, disable Cyberflex driver. * Fix 64b to 32b conversions. * Improvements for the p11test. * Fix reader initialization without SCardControl. * Make RSA PKCS#1 v1.5 depadding constant-time. * Add option for disabling PKCS#1 v1.5 depadding (type 01 and 02) on the card. * Fixed various issues reported by OSS-Fuzz and Coverity in drivers, PKCS#11 and PKCS#15 layer. - Add patch: * opensc-docbook-xsl-fix.patch - Drop not longer needed patches: * CVE-2024-1454.patch - Introduce subpackage for bash-completion OBS-URL: https://build.opensuse.org/request/show/1156722 OBS-URL: https://build.opensuse.org/package/show/security:chipcard/opensc?expand=0&rev=82
2024-03-11 09:16:52 +00:00 · 2024-03-11 09:16:52 +00:00 · f1181f62b8
commit f1181f62b8
parent 25a0c61513
6 changed files with 60 additions and 32 deletions
--- a/CVE-2024-1454.patch
+++ b/CVE-2024-1454.patch
@ -1,25 +0,0 @@
 From 5835f0d4f6c033bd58806d33fa546908d39825c9 Mon Sep 17 00:00:00 2001
 From: Jakub Jelen <jjelen@redhat.com>
 Date: Mon, 18 Dec 2023 11:09:50 +0100
 Subject: [PATCH] authentic: Avoid use after free
 Thanks oss-fuzz
 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64898
 ---
 src/pkcs15init/pkcs15-authentic.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/src/pkcs15init/pkcs15-authentic.c b/src/pkcs15init/pkcs15-authentic.c
 index a6d8b8ffad..798bc44138 100644
 --- a/src/pkcs15init/pkcs15-authentic.c
 +++ b/src/pkcs15init/pkcs15-authentic.c
@@ -868,7 +868,7 @@ authentic_emu_update_tokeninfo(struct sc_profile *profile, struct sc_pkcs15_card
 	rv = sc_select_file(p15card->card, &path, &file);
 	if (!rv) {
 		rv = sc_get_challenge(p15card->card, buffer, sizeof(buffer));
 -		if (!rv) {
 +		if (rv < 0) {
 			sc_file_free(file);
 			LOG_TEST_RET(ctx, rv, "Get challenge error");
 		}
--- a/opensc-0.24.0.tar.gz
+++ b/opensc-0.24.0.tar.gz
--- a/opensc-0.25.0.tar.gz
+++ b/opensc-0.25.0.tar.gz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:e6d7b66e2a508a377ac9d67aa463025d3c54277227be10bd08872e3407d6622f
 size 2406137
--- a/opensc-docbook-xsl-fix.patch
+++ b/opensc-docbook-xsl-fix.patch
@ -0,0 +1,13 @@
 diff --git a/doc/html.xsl b/doc/html.xsl
 index 665d45f..734fa98 100644
 --- a/doc/html.xsl
 +++ b/doc/html.xsl
@@ -3,7 +3,7 @@
 <!ENTITY css SYSTEM "api.css">
 ]>
 <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">
 -	<xsl:import href="docbook-utf8.xsl"/>
 +	<xsl:import href="docbook.xsl"/>
 	<xsl:param name="toc.section.depth" select="0"/>
 	<xsl:param name="generate.consistent.ids" select="1"/>
 	<xsl:template name="user.head.content">
--- a/opensc.changes
+++ b/opensc.changes
@ -1,3 +1,29 @@
 -------------------------------------------------------------------
 Sat Mar  9 12:06:03 UTC 2024 - Martin Hauke <mardnh@gmx.de>
 - Update to version 0.25.0
  Security
  * CVE-2023-5992: Fix Side-channel leaks while stripping
    encryption PKCS#1.5 padding in OpenSC.
  * CVE-2024-1454: Fix Potential use-after-free in AuthentIC driver
    during card enrollment in pkcs15init.
  General improvements
  * Remove support for old card drivers Akis, GPK, Incrypto34 and
    Westcos, disable Cyberflex driver.
  * Fix 64b to 32b conversions.
  * Improvements for the p11test.
  * Fix reader initialization without SCardControl.
  * Make RSA PKCS#1 v1.5 depadding constant-time.
  * Add option for disabling PKCS#1 v1.5 depadding (type 01 and 02)
    on the card.
  * Fixed various issues reported by OSS-Fuzz and Coverity in
    drivers, PKCS#11 and PKCS#15 layer.
 - Add patch:
  * opensc-docbook-xsl-fix.patch
 - Drop not longer needed patches:
  * CVE-2024-1454.patch
 - Introduce subpackage for bash-completion
 -------------------------------------------------------------------
 Sun Feb 25 20:35:05 UTC 2024 - Martin Schreiner <martin.schreiner@suse.com>
--- a/opensc.spec
+++ b/opensc.spec
@ -18,7 +18,7 @@
 %define completionsdir %(pkg-config --variable completionsdir bash-completion)
 Name:           opensc
-Version:        0.24.0
+Version:        0.25.0
 Release:        0
 Summary:        Smart Card Utilities
 License:        LGPL-2.1-or-later
@ -31,8 +31,8 @@ Source2:        %{name}-rpmlintrc
 # https://web.archive.org/web/20111225073733/http://www.opensc-project.org/opensc/ticket/390
 Source3:        opensc.module
 Patch0:         opensc-gcc11.patch
-# PATCH-FIX-UPSTREAM martin.schreiner@suse.com CVE-2024-1454 bsc#1219868
+Patch1:         opensc-docbook-xsl-fix.patch
-Patch1:         CVE-2024-1454.patch
+BuildRequires:  automake
 BuildRequires:  docbook-xsl-stylesheets
 BuildRequires:  libxslt
 BuildRequires:  pkgconfig
@ -60,8 +60,20 @@ also card version, card OS version and preloaded applet. Only subset of
 possible operations may be supported for your card. Card initialization
 may require third party proprietary software.
 %package bash-completion
 Summary:        Bash Completion for %{name}
 Group:          Productivity/Security
 Requires:       %{name} = %{version}
 Requires:       bash-completion
 Supplements:    (%{name} and bash-completion)
 BuildArch:      noarch
 %description bash-completion
 Bash completion script for %{name}.
 %prep
-%autosetup -p1
+%setup -q
 %autopatch -p1
 %build
 %configure \
@ -101,6 +113,8 @@ install -D -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/pkcs11/modules/opensc.mo
 %config %{_sysconfdir}/pkcs11/modules/
 # This is a private library. There is no reason to split it to libopensc* package.
 %{_libdir}/libopensc.so.*
 %files bash-completion
 %{completionsdir}/*
 %changelog