-------------------------------------------------------------------
Tue Jan 14 19:30:47 UTC 2025 - Martin Hauke <mardnh@gmx.de>

- Update to version 0.26.1
  General improvements
  * Align allocations of sc_mem_secure_alloc (#3281).
  * Fix -O3 gcc optimization failure on amd64 and ppc64el (#3299).
  pkcs11-spy
  * Avoid crash while spying C_GetInterface() (#3275).
  TCOS
  * Fix reading certificate (#3296).

-------------------------------------------------------------------
Thu Nov 14 19:35:35 UTC 2024 - Martin Hauke <mardnh@gmx.de>

- Update to version 0.26.0
  Security
  * CVE-2024-45615: Usage of uninitialized values in libopensc#
    and pkcs15init (#3225).
  * CVE-2024-45616: Uninitialized values after incorrect check or 
    usage of APDU response values in libopensc (#3225)
  * CVE-2024-45617: Uninitialized values after incorrect or missing
    checking return values of functions in libopensc (#3225)
  * CVE-2024-45618: Uninitialized values after incorrect or missing
    checking return values of functions in pkcs15init (#3225)
  * CVE-2024-45619: Incorrect handling length of buffers or files
    in libopensc (#3225)
  * CVE-2024-45620: Incorrect handling of the length of buffers or
    files in pkcs15init (#3225)
  * CVE-2024-8443: Heap buffer overflow in OpenPGP driver when
    generating key (#3219)
  General improvements
  * Fix reselection of DF after error in PKCS#15 layer (#3067)
  * Unify OpenSSL logging throughout code (#2922)
  * Extend the p11test to support kryoptic (#3141)
  * Fix for error in PCSC reconnection (#3150)
  * Fixed various issues reported by OSS-Fuzz and Coverity in
    drivers, PKCS#11 and PKCS#15 layer
  PKCS#15
  * Documentation for PKCS#15 profile files (#3132)
  minidriver
  * Support PinCacheAlwaysPrompt usable for PIV cards (#3167)
  pkcs11-tool
  * Show URI when listing token information (#3125) and objects
  * Do not limit size of objects to 5000 bytes (#3174)
  * Add support for AES CMAC (#3184)
  * Add support for AES GCM encryption (#3195)
  * Add support for RSA OAEP encryption (#3175)
  * Add support for HKDF (#3193)
  * Implement better support for wrapping and unwrapping (#3198)
  * Add support for EdDSA sign and verify (#2979)
  pkcs15-crypt
  * Fix PKCS#1 encoding function to correctly detect padding type
  piv-tool
  * Fix RSA key generation (#3158)
  * Avoid possible state change when matching unknown card (#3112)
  sc-hsm-tool
  * Cleanse buffer with plaintext key share (#3226)
  pkcs11-register
  * Fix pkcs11-register defaults on macOS and Windows (#3053)
  IDPrime
  * Fix identification of IDPrime 840 cards (#3146)
  * Fix container mapping for IDPrime 940 cards (#3220)
  * Reorder ATRs for matching cards (#3154)
  OpenPGP
  * Fix state tracking after erasing card (#3024)
  Belpic
  * Disable Applet V1.8 (#3109)
  MICARDO
  * Deactivate driver (#3152)
  SmartCard-HSM
  * Fix signing with secp521r1 signature (#3157)
  eOI
  * Set model via sc_card_ctl function (#3189)
  Rutoken
  * increase the minimum PIN size to support Rutoken ECP BIO.
  JPKI
  * Adjust parameters for public key in PKCS#15 emulator (#3182)
  D-Trust
  * Add support for ECDSA signatures and ECDH key agreement for
    D-Trust Signatures Cards 4.1/4.4 (#3240, #3248)
- Drop patches (changes now in upstream):
  * opensc-CVE-2024-45615.patch
  * opensc-CVE-2024-45616.patch
  * opensc-CVE-2024-45617.patch
  * opensc-CVE-2024-45618.patch
  * opensc-CVE-2024-45619.patch
  * opensc-CVE-2024-45620.patch
  * opensc-CVE-2024-8443.patch

-------------------------------------------------------------------
Tue Oct  1 06:30:06 UTC 2024 - Angel Yankov <angel.yankov@suse.com>

- - Security fix: [CVE-2024-8443, bsc#1230364]
    * opensc: heap buffer overflow in OpenPGP driver when generating key
    * Added patch: opensc-CVE-2024-8443.patch

-------------------------------------------------------------------
Tue Oct  1 06:27:05 UTC 2024 - Angel Yankov <angel.yankov@suse.com>

- Security fix: [opensc-CVE-2024-45620, bsc#1230076]
- Security fix: [opensc-CVE-2024-45619, bsc#1230075]
- Security fix: [opensc-CVE-2024-45618, bsc#1230074]
- Security fix: [opensc-CVE-2024-45617, bsc#1230073]
- Security fix: [opensc-CVE-2024-45616, bsc#1230072]
- Security fix: [opensc-CVE-2024-45615, bsc#1230071]
  * opensc: pkcs15init: Usage of uninitialized values in libopensc and pkcs15init
  * opensc: Uninitialized values after incorrect check or usage of APDU response values in libopensc
  * opensc: Uninitialized values after incorrect or missing checking return values of functions in libopensc
  * opensc: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init
  * opensc: Incorrect handling length of buffers or files in libopensc
  * opensc: Incorrect handling of the length of buffers or files in pkcs15init
  * Added patches:
    - opensc-CVE-2024-45615.patch
    - opensc-CVE-2024-45616.patch
    - opensc-CVE-2024-45617.patch
    - opensc-CVE-2024-45618.patch
    - opensc-CVE-2024-45619.patch
    - opensc-CVE-2024-45620.patch

-------------------------------------------------------------------
Fri Apr  5 18:54:38 UTC 2024 - Martin Hauke <mardnh@gmx.de>

- Update to verion 0.25.1
  General improvements
  * Add missing file to dist tarball to build documentation.
  minidriver
  * Fix RSA decryption with PKCS#1 v1.5 padding.
  * Fix crash when app is not set.

-------------------------------------------------------------------
Wed Mar 13 21:56:31 UTC 2024 - Martin Hauke <mardnh@gmx.de>

- Build with support for libeac (OpenPACE)

-------------------------------------------------------------------
Sat Mar  9 12:06:03 UTC 2024 - Martin Hauke <mardnh@gmx.de>

- Update to version 0.25.0
  Security
  * CVE-2023-5992: Fix Side-channel leaks while stripping
    encryption PKCS#1.5 padding in OpenSC.
  * CVE-2024-1454: Fix Potential use-after-free in AuthentIC driver
    during card enrollment in pkcs15init.
  General improvements
  * Remove support for old card drivers Akis, GPK, Incrypto34 and
    Westcos, disable Cyberflex driver.
  * Fix 64b to 32b conversions.
  * Improvements for the p11test.
  * Fix reader initialization without SCardControl.
  * Make RSA PKCS#1 v1.5 depadding constant-time.
  * Add option for disabling PKCS#1 v1.5 depadding (type 01 and 02)
    on the card.
  * Fixed various issues reported by OSS-Fuzz and Coverity in
    drivers, PKCS#11 and PKCS#15 layer.
- Add patch:
  * opensc-docbook-xsl-fix.patch
- Drop not longer needed patches:
  * CVE-2024-1454.patch
- Introduce subpackage for bash-completion

-------------------------------------------------------------------
Sun Feb 25 20:35:05 UTC 2024 - Martin Schreiner <martin.schreiner@suse.com>

- Add CVE-2024-1454.patch.
  Fix for CVE-2024-1454 / bsc#1219868.

-------------------------------------------------------------------
Wed Dec 13 12:27:34 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>

- Update to OpenSC 0.24.0:
  * Security
    - CVE-2023-40660: Fix Potential PIN bypass
      (#2806, frankmorgner/OpenSCToken#50, #2807)
    - CVE-2023-40661: Important dynamic analyzers reports
    - CVE-2023-4535: Out-of-bounds read in MyEID driver handling encryption
      using symmetric keys (f1993dc)
  * General improvements
    - Fix compatibility of EAC with OpenSSL 3.0 (#2674)
    - Enable use_file_cache by default (#2501)
    - Use custom libctx with OpenSSL >= 3.0 (#2712, #2715)
    - Fix record-based files (#2604)
    - Fix several race conditions (#2735)
    - Run tests under Valgrind (#2756)
    - Test signing of data bigger than 512 bytes (#2789)
    - Update to OpenPACE 1.1.3 (#2796)
    - Implement logout for some of the card drivers (#2807)
    - Fix wrong popup position of opensc-notify (#2901)
    - Fixed various issues reported by OSS-Fuzz and Coverity regarding card
      drivers, PKCS#11 and PKCS#15 init
  * PKCS#11
    - Check card presence state in C_GetSessionInfo (#2740)
    - Remove onepin-opensc-pkcs11 module (#2681)
    - Do not use colons in the token info label (#2760)
    - Present profile objects in all slots with the CKA_TOKEN attribute to
      resolve issues with NSS (#2928, #2924)
    - Use secure memory for PUK (#2906)
    - Don't logout to preserve concurrent access from different processes
      (#2907)
    - Add more examples to manual page (#2936)
    - Present profile objects in all virtual slots (#2928)
    - Provide CKA_TOKEN attribute for profile objects (#2924)
    - Improve --slot parameter documentation (#2951)
  * PKCS#15
    - Honor cache offsets when writing file cache (#2858)
    - Prevent needless amount of PIN prompts from pkcs15init layer (#2916)
    - Propagate CKA_EXTRACTABLE and SC_PKCS15_PRKEY_ACCESS_SENSITIVE from and
      back to PKCS#11 (#2936)
  * Minidriver
    - Fix for private keys that do not need a PIN (#2722)
    - Unbreak decipher when the first null byte of PKCS#1.5 padding is
      missing (#2939*
  * pkcs11-tool
    - Fix RSA key import with OpenSSL 3.0 (#2656)
    - Add support for attribute filtering when listing objects (#2687)
    - Add support for --private flag when writing certificates (#2768)
    - Add support for non-AEAD ciphers to the test mode (#2780)
    - Show CKA_SIGN attribute for secret keys (#2862)
    - Do not attempt to read CKA_ALWAYS_AUTHENTICATE on secret keys
      (#2864, #2913)
    - Show Sign/VerifyRecover attributes (#2888)
    - Add option to import generic keys (#2955)
  * westcos-tool
    - Generate 2k RSA keys by default (b53fc5c)
  * pkcs11-register
    - Disable autostart on Linux by default (#2680)
  * IDPrime
    - Add support for IDPrime MD 830, 930 and 940 (#2666)
    - Add support for SafeNet eToken 5110 token (#2812)
    - Process index even without keyrefmap and use correct label for second
      PIN (#2878)
    - Add support for Gemalto IDPrime 940C (#2941)
  * EPass2003
    - Change of PIN requires verification of the PIN (#2759)
    - Fix incorrect CMAC computation for subkeys (#2759, issue #2734)
    - Use true random number for mutual authentication for SM (#2766)
    - Add verification of data coming from the token in the secure messaging
      mode (#2772)
    - Avoid success when using unsupported digest and fix data length for RAW
      ECDSA signatures (#2845)
  * OpenPGP
    - Fix select data command (#2753, issue #2752)
    - Unbreak ed/curve25519 support (#2892)
  * eOI
    - Add support for Slovenian eID card (eOI) (#2646)
  * Italian CNS
    - Add support for IDEMIA (Oberthur) tokens (#2483)
  * PIV
    - Add support for Swissbit iShield FIDO2 Authenticator (#2671)
    - Implement PIV secure messaging (#2053)
  * SkeID
    - Add support for Slovak eID cards (#2672)
  * isoApplet
    - Support ECDSA with off-card hashing (#2642)
  * MyEID
    - Fix WRAP operation when using T0 (#2695)
    - Identify changes on the card and enable use_file_cache (#2798)
    - Workaround for unwrapping using 2K RSA key (#2921)
  * SC-HSM
    - Add support for opensc-tool --serial (#2675)
    - Fix unwrapping of 4096 keys with handling reader limits (#2682)
    - Indicate supported hashes and MGF1s (#2827)
- Remove patches:
  * opensc-CVE-2023-40660-1of2.patch
  * opensc-CVE-2023-40660-2of2.patch
  * opensc-CVE-2023-40661-1of12.patch
  * opensc-CVE-2023-40661-2of12.patch
  * opensc-CVE-2023-40661-3of12.patch
  * opensc-CVE-2023-40661-4of12.patch
  * opensc-CVE-2023-40661-5of12.patch
  * opensc-CVE-2023-40661-6of12.patch
  * opensc-CVE-2023-40661-7of12.patch
  * opensc-CVE-2023-40661-8of12.patch
  * opensc-CVE-2023-40661-9of12.patch
  * opensc-CVE-2023-40661-10of12.patch
  * opensc-CVE-2023-40661-11of12.patch
  * opensc-CVE-2023-40661-12of12.patch
  * opensc-CVE-2023-4535.patch
  * opensc-CVE-2023-2977.patch
  * opensc-NULL_pointer_fix.patch

-------------------------------------------------------------------
Fri Oct  6 06:49:24 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>

- Security Fix: [CVE-2023-40661, bsc#1215761]
  * opensc: multiple memory issues with pkcs15-init (enrollment tool)
  * Add patches:
    - opensc-CVE-2023-40661-1of12.patch
    - opensc-CVE-2023-40661-2of12.patch
    - opensc-CVE-2023-40661-3of12.patch
    - opensc-CVE-2023-40661-4of12.patch
    - opensc-CVE-2023-40661-5of12.patch
    - opensc-CVE-2023-40661-6of12.patch
    - opensc-CVE-2023-40661-7of12.patch
    - opensc-CVE-2023-40661-8of12.patch
    - opensc-CVE-2023-40661-9of12.patch
    - opensc-CVE-2023-40661-10of12.patch
    - opensc-CVE-2023-40661-11of12.patch
    - opensc-CVE-2023-40661-12of12.patch

-------------------------------------------------------------------
Thu Oct  5 13:45:16 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>

- Security Fix: [CVE-2023-4535, bsc#1215763]
  * Add patches:
    - opensc-CVE-2023-4535.patch
    - opensc-NULL_pointer_fix.patch

-------------------------------------------------------------------
Wed Oct  4 13:26:11 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>

- Security Fix: [CVE-2023-40660, bsc#1215762]
  * opensc: PIN bypass when card tracks its own login state
  * Add patches:
    - opensc-CVE-2023-40660-1of2.patch
    - opensc-CVE-2023-40660-2of2.patch

-------------------------------------------------------------------
Thu Jun  1 12:55:19 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>

- Security Fix: [CVE-2023-2977, bsc#1211894]
  * opensc: out of bounds read in pkcs15 cardos_have_verifyrc_package()
  * Add opensc-CVE-2023-2977.patch

-------------------------------------------------------------------
Tue Nov 29 17:52:46 UTC 2022 - Michael Ströder <michael@stroeder.com>

- Update to OpenSC 0.23.0:
  * General improvements
    - Support signing of data with a length of more than 512 bytes (#2314)
    - By default, disable support for old card drivers (#2391) and remove
      support for old drivers MioCOS and JCOP (#2374)
    - Bump minimal required OpenSSL version to 1.1.1 and add support for OpenSSL 3.0 (#2438, #2506)
    - Compatibility with LibreSSL (#2495, #2595)
    - Remove support for DSA (#2503)
    - Extend p11test to support symmetric keys (#2430)
    - Notice detached reader on macOS (#2418)
    - Support for OAEP padding (#2475, #2484)
    - Fix for PSS salt length (#2478)
    - Improve fuzzing by adding new tests (#2417, #2500, #2520, #2550, #2637)
    - Fixed various issues reported by OSS-Fuzz and Coverity regarding
      card drivers, PKCS#11 and PKCS#15 init
    - Fix issues with OpenPACE (#2472)
    - Containers support for local testing
    - Add support for encryption and decryption using symmetric keys (#2473, #2607)
    - Stop building support for Gost algorithms with OpenSSL 3.0 as they
      require deprecated API (#2586)
    - Fix detection of disconnected readers in PCSC (#2600)
    - Add configuration option for on-disk caching of private data (#2588)
    - Skip building empty binaries when dependencies are missing and
      remove needless linking (#2617)
    - Define arm64 as a supported architecture in the Installer package (#2610)
  * PKCS#11
    - Implement C_CreateObject for EC keys and fix signature verification
      for CKM_ECDSA_SHAx cards (#2420)
  * pkcs11-tool
    - Add more elliptic curves (#2301)
    - Add support for symmetric encrypt and decrypt, wrap and unwrap operations,
      and initialization vector (#2268)
    - Fix consistent handling of secret key attributes (#2497)
    - Add support for signing and verifying with HMAC (#2385)
    - Add support for SHA3 (#2467)
    - Make object selectable via label (#2570)
    - Do not require an R/W session for some operations and
      add --session-rw option (#2579)
    - Print more information: CKA_UNIQUE_ID attribute, SHA3 HMACs and
      serial number for certificates (#2644, #2643, #2641)
    - Add new option --undestroyable to create keys with CKA_DESTROYABLE=FALSE (#2645)
  * sc-hsm-tool
    - Add options for public key authentication (#2301)
  * Minidriver
    - Fix reinit of the card (#2525)
    - Add an entry for Italian CNS (e) (#2548)
    - Fix detection of ECC mechanisms (#2523)
    - Fix ATRs before adding them to the windows registry (#2628)
  * NQ-Applet
    - Add support for the JCOP4 Cards with NQ-Applet (#2425)
  * ItaCNS
    - Add support for ItaCMS v1.1 (key length 2048) (#2371)
  * Belpic
    - Add support for applet v1.8 (#2455)
  * Starcos
    - Add ATR for V3.4 (#2464)
    - Add PKCS#15 emulator for 3.x cards with eSign app (#2544)
  * ePass2003
    - Fix PKCS#15 initialization (#2403)
    - Add support for FIPS (#2543)
    - Fix matching with newer versions and tokens initialized with OpenSC (#2575)
  * MyEID
    - Support logout operation (#2557)
    - Support for symmetric encryption and decryption (#2473, #2607)
  * GIDS
    - Fix decipher for TPM (#1881)
  * OpenPGP
    - Get the list of supported algorithms from algorithm information
      on the card (#2287)
    - Support for 3 certificates with OpenPGP 3+ (#2103)
  * nPA
    - Fix card detection (#2463)
  * Rutoken
    - Fix formatting rtecp cards (#2599)
  * PIV
    - Add new PIVKey ATRs for current cards (#2602)

-------------------------------------------------------------------
Mon Oct  4 12:59:24 UTC 2021 - Daniel Donisa <daniel.donisa@suse.com>

- Update to OpenSC 0.22.0:
  * Removed changes in opensc-gcc11.patch already present in upstream. 
    - See https://github.com/OpenSC/OpenSC/pull/2241/commits/e549e9c62eb4fcd2260800e2665071e4dd9bbbda
  * Removed some false positives from the openrc-rpmlintrc file.
  * Use standard paths for file cache on Linux (#2148) and OSX (#2214)
  * Various issues of memory/buffer handling in legacy drivers mostly reported by oss-fuzz and coverity (tcos, oberthur, isoapplet, iasecc, westcos, gpk, flex, dnie, mcrd, authentic, belpic)
  * Add threading test to `pkcs11-tool` (#2067)
  * Add support to generate generic secret keys (#2140)
  * `opensc-explorer`: Print information about LCS (Life cycle status byte) (#2195)
  * Add support for Apple's arm64 (M1) binaries, removed TokenD. A seperate installer with TokenD (and without arm64 binaries) will be available (#2179).
  * Support for gcc11 and its new strict aliasing rules (#2241, #2260)
  * Initial support for building with OpenSSL 3.0 (#2343)
  * pkcs15-tool: Write data objects in binary mode (#2324)
  * Avoid limited size of log messages (#2352)
  * Support for ECDSA verification (#2211)
  * Support for ECDSA with different SHA hashes (#2190)
  * Prevent issues in p11-kit by not returning unexpected return codes (#2207)
  * Add support for PKCS#11 3.0: The new interfaces, profile objects and functions (#2096, #2293)
  * Standardize the version 2 on 2.20 in the code (#2096)
  * Fix CKA_MODIFIABLE and CKA_EXTRACTABLE  (#2176)
  * Copy arguments of C_Initialize (#2350)
  * Fix RSA-PSS signing (#2234)
  * Fix DO deletion (#2215)
  * Add support for (X)EdDSA keys (#1960)
  * Add support for applet version 3 and fix RSA-PSS mechanisms (#2205)
  * Add support for applet version 4 (#2332)
  * New configuration option for opensc.conf to disable pkcs1_padding (#2193)
  * Add support for ECDSA with different hashes (#2190)
  * Enable more mechanisms (#2178)
  * Fixed asking for a user pin when formatting a card (#1737)
  * Added support for French CPx Healthcare cards (#2217)
  * Added ATR for new CardOS 5.4 version (#2296)
  * Fixes security issues:
    * tcos: use after return (bsc#1192005, CVE-2021-42780)
    * oberthur: use after free (bsc#1191992, CVE-2021-42779)
    * oberthur: multiple heap buffer overflows (bsc#1192000,
      CVE-2021-42781)
    * multiple stack buffer overflow issues (bsc#1191957,
      CVE-2021-42782)

-------------------------------------------------------------------
Sun Jun 27 16:48:49 UTC 2021 - Predrag Ivanović <predivan@mts.rs>

- Fix build on GCC11
    * Add opensc-gcc11.patch from Fedora 
    (https://github.com/OpenSC/OpenSC/pull/2241/)

-------------------------------------------------------------------
Fri Mar 12 22:58:46 UTC 2021 - Dirk Müller <dmueller@suse.com>

- move licenses to licensedir 

-------------------------------------------------------------------
Fri Nov 27 19:27:30 UTC 2020 - Andreas Stieger <andreas.stieger@gmx.de>

- OpenSC 0.21.0:
  * CVE-2020-26571: stack-based buffer overflow in the gemsafe GPK
    smart card software driver (boo#1177380)
  * CVE-2020-26572: stack-based buffer overflow in the TCOS smart
    card software driver (boo#1177378)
  * CVE-2020-26570: heap-based buffer overflow in the Oberthur
    smart card software driver (boo#1177364)
  * CardOS 5.x support boo#1179291
  * Support for OAEP encryption, make SHA256 default
  * New separate debug level for PIN commands
  * Fix handling of card/reader insertion/removal events in pcscd
  * Fixes of removed readers handling
  * Fix Firefox crash because of invalid pcsc context
  * PKCS#11: Return CKR_TOKEN_NOT_RECOGNIZED for not recognized cards
  * Propagate ignore_user_content to PKCS#11 layer not to confuse applications
  * Minidriver: Fix check of ATR length (2-to 33 characters inclusive)
  * pkcs11-tool: allow using SW tokens
  * opensc-explorer asn1 accepts offsets and decode records
  * opensc-explorer cat accepts records
  * OpenPGP: Add new ec curves supported by GNUK 
  * First steps supporting OpenPGP 3.4
  * OpenPGP: Add support for EC key import
  * Rutoken: Add ATR for Rutoken ECP SC NFC
  * Improve detection of various CardOS 5 configurations
  * DNIe: Add new DNIe CA structure for the secure channel
  * ePass2003: Improve ECC support
  * ePass2003: Fix erase sequence
  * IAS-ECC: Fix support for Idemia Cosmo cards
  * IAS-ECC: PIN padding settings are now used from PKCS#15 info when available
  * IAS-ECC: Added PIN-pad support for PIN unblock
  * New driver for Gemalto IDPrime (only some types)
  * eDo: New driver with initial support for Polish eID card (e-dowód, eDO)
  * MCRD: Remove unused and broken RSA EstEID support
  * TCOS: Add missing encryption certificates
  * PIV: Add ATR of DOD Yubikey
  * fixed PIV global pin bug
  * CAC1: Support changing PIN with CAC Alt tokens
- includes changes from 0.20.0
  * CVE-2019-6502: memory leak in libopensc (boo#1122756) 
  * CVE-2019-15946: out-of-bounds access of an ASN.1 Octet string (boo#1149747)
  * CVE-2019-15945: out-of-bounds access of an ASN.1 Bitstring (boo#1149746)
  * CVE-2019-19479: incorrect read operation during parsing of a SETCOS file attribute (boo#1158256)
  * CVE-2019-19480: improper free operation in sc_pkcs15_decode_prkdf_entry (boo#1158307)
  * CVE-2019-20792: double free in coolkey_free_private_dat (bsc#1170809)
  * Support RSA-PSS signature mechanisms using RSA-RAW
  * Added memory locking for secrets
  * added support for terminal colors
  * PC/SC driver: Fixed error handling in case of changing or removing the card reader
  * rename md_read_only to read_only and use it for PKCS#11 and Minidriver
  * allow global use of ignore_private_certificate
  * PKCS#11: Implement write protection (CKF_WRITE_PROTECTED) based on the card profile
  * PKCS#11: Add C_WrapKey and C_UnwrapKey implementations
  * PKCS#11: Handle CKA_ALWAYS_AUTHENTICATE when creating key objects
  * PKCS#11: Truncate long PKCS#11 labels with ...
  * PKCS#11: Fixed recognition of a token when being unplugged and reinserted
  * Minidriver: Register for CardOS5 cards
  * Minidriver: Add support for RSA-PSS
  * tools: Harmonize the use of option -r/--reader
  * goid-tool: GoID personalization with fingerprint
  * openpgp-tool: replace the options -L/--key-length with -t/--key-type
  * openpgp-tool: add options -C/--card-info and -K/--key-info
  * opensc-explorer: add command pin_info, extend random
  * pkcs11-register: Auto-configuration of applications for use of OpenSC PKCS#11
  * pkcd11-register: Autostart
  * opensc-tool: Show ATR also for cards not recognized by OpenSC
  * pkcs11-spy: parse CKM_AES_GCM, EC Derive parameters
  * pkcs11-spy: Add support for CKA_OTP_* and CKM_*_PSS values
  * pkcs11-tool: Support for signature verification via --verify
  * pkcs11-tool: Add object type secrkey for --type option
  * pkcs11-tool: Implement Secret Key write object
  * pkcs11-tool: Add GOSTR3410-2012 support
  * pkcs11-tool: Add support for testing CKM_RSA_PKCS_OAEP
  * pkcs11-tool: Add extractable option to key import
  * pkcs11-tool: list more key access flags when listing keys
  * pkcs11-tool: Add support for CKA_ALLOWED_MECHANISMS when creating new objects and listing keys
  * pkcs15-crypt: *Handle keys with user consent
  * New separate CAC1 driver using the old CAC specification (#1502)
  * CardOS: Add support for 4K RSA keys in CardOS 5
  * CardOS: Fixed decryption with CardOS 5
  * Enable CoolKey driver to handle 2048-bit keys
  * EstEID: add support for a minimalistic, small and fast card profile based on IAS-ECC issued since December 2018
  * GIDS Decipher fix (#1881)
  * GIDS: Allow RSA 4K support
  * MICARDO: Remove long expired EstEID 1.0/1.1 card support
  * MyEID: Add support for unwrapping a secret key with an RSA key or secret key
  * MyEID Add support for wrapping a secret key with a secret key
  * Support for MyEID 4K RSA
  * Support for OsEID
  * Gemalto GemSafe: add new PTeID ATRs, add support for 4K RSA keys
  * OpenPGP Card v3 ECC support
  * Add Rutoken ECP SC
  * Add Rutoken Lite
  * Add SmartCard-HSM 4K ATR
  * Add missing secp384r1 curve parameter
  * Stacros: Fix decipher with 2.3
  * Stacros: Add ATR for 2nd gen. eGK
  * Stacros: Add new ATR for 3.5
  * Stacros: Detect and allow Globalplatform PIN encoding
  * Fix TCOS IDKey support
  * TCOS: add encryption certificate for IDKey
  * Infocamere, Postecert, Cnipa: Remove profiles
  * Remove incomplete acos5 driver
- drop patches now upstream:
  * opensc-0.19.0-piv_card_matching.patch
  * opensc-0.19.0-redundant_logging.patch
  * opensc-0.19.0-rsa-pss.patch

-------------------------------------------------------------------
Sun Aug 18 01:35:45 UTC 2019 - Jason Sikes <jsikes@suse.com>

- added opensc-0.19.0-piv_card_matching.patch
  * Improve Card Matching for Dual CAC/PIV and PIVKEY cards.
  * sourced from https://github.com/OpenSC/OpenSC/pull/1549

-------------------------------------------------------------------
Tue Jul 30 03:15:14 UTC 2019 - Jason Sikes <jsikes@suse.de>

- added opensc-0.19.0-rsa-pss.patch
  * Fixes the pkcs11-tool example
  * Added missing CKM_SHA224_RSA_PKCS_PSS
  * Add support for PSS padding to RSA signatures
  * Support for signature verification in pkcs11-tool
  * Switch cleanup steps to avoid segfaults on errors and more sanity checking
- added opensc-0.19.0-redundant_logging.patch
  * Remove redundant debug output

-------------------------------------------------------------------
Tue Jul 23 21:51:42 UTC 2019 - Benjamin Greiner <code@bnavigator.de>

- add explicit BuildRequires: zlib-devel 

-------------------------------------------------------------------
Thu Sep 13 13:46:43 UTC 2018 - Karol Babioch <kbabioch@suse.com>

- Update to version 0.19.0
  * Fixed multiple security problems (out of bound writes/reads):
    * bsc#1104812
    * CVE-2018-16391 (bsc#1106998)
    * CVE-2018-16392 (bsc#1106999)
    * CVE-2018-16393 (bsc#1108318)
    * CVE-2018-16418 (bsc#1107039)
    * CVE-2018-16419 (bsc#1107107)
    * CVE-2018-16420 (bsc#1107097)
    * CVE-2018-16421 (bsc#1107049)
    * CVE-2018-16422 (bsc#1107038)
    * CVE-2018-16423 (bsc#1107037)
    * CVE-2018-16424 (bsc#1107036)
    * CVE-2018-16425 (bsc#1107035)
    * CVE-2018-16426 (bsc#1107034)
    * CVE-2018-16427 (bsc#1107033)
  * Workaround cards returning short signatures without leading zeroes
  * Distribute minimal opensc.conf
  * `pkcs11_enable_InitToken made` global configuration option
  * Modify behavior of `OPENSC_DRIVER` environment variable to restrict driver
    list instead of forcing one driver and skipping vital parts of
    configuration
  * Removed configuration options `zero_ckaid_for_ca_certs`,
    `force_card_driver`, `reopen_debug_file`, `paranoid-memory`
  * Generalized configuration option `ignored_readers`
  * If card initialization fails, continue card detection with other card
    drivers
  * reader-pcsc: allow fixing the length of a PIN
  * fixed crash during `C_WaitForSlotEvent`
  * Allow cancelling the PIN pad prompt before starting the reader transaction.
    Whether to start the transaction immediately or not is user-configurable
    for each application
  * opensc-notify
    * add Exit button to tray icon
    * User better description (GenericName) and a generic application icon
    * Do not display in the application list
- Removed patches included upstream now:
  * opensc-desktop.patch
  * opensc-desktop2.patch
  * opensc-bash-completions.patch
- Applied spec-cleaner

-------------------------------------------------------------------
Tue Jul 10 16:56:28 CEST 2018 - sbrabec@suse.com

- Update to version 0.18.0:
  * Further improvements of PIN support.
  * Large number of improvements and fixes
    (boo#1097951, boo#1100501).
  * See /usr/share/doc/packages/opensc/NEWS for complete list.
- Add opensc-desktop.patch, opensc-desktop2.patch and
  opensc-bash-completions.patch.

-------------------------------------------------------------------
Mon Jan  1 16:16:13 UTC 2018 - michael@stroeder.com

- update to version 0.17.0:
  * support for new cards
  * PIN support enhancemets
  * added .pc file
  * builds with OpenSSL 1.1.0 (1074799)
  * See /usr/share/doc/packages/opensc/NEWS for complete list.

-------------------------------------------------------------------
Tue Jul 18 13:58:05 UTC 2017 - tchvatal@suse.com

- Switch to tarball fetching from github
- Few small cleanups

-------------------------------------------------------------------
Tue Nov 22 16:42:06 CET 2016 - sbrabec@suse.com

- Add baselibs.conf to provide 32-bit PKCS11 plugins (bsc#996047).
- Drop opensc-ADVISORIES. There is no new advisory since 2009.

-------------------------------------------------------------------
Tue Jul  5 12:09:24 UTC 2016 - t.gruner@katodev.de

- update to version 0.16.0
- remove fix (issue 505)
- clean up spec-file

-------------------------------------------------------------------
Thu Jul 30 16:16:19 EEST 2015 - bwachter-pkg@lart.info

- update to version 0.15.0
- register with p11-kit
  (https://www.opensc-project.org/opensc/ticket/390)

-------------------------------------------------------------------
Mon Feb 16 15:14:55 UTC 2015 - michael@stroeder.com

- update to version 0.14.0

-------------------------------------------------------------------
Tue Dec  3 18:53:23 UTC 2013 - luizluca@tre-sc.gov.br

- update to version 0.13.0

-------------------------------------------------------------------
Tue Jun 12 21:00:03 UTC 2012 - mgorse@suse.com

- make needed directories before running make install

-------------------------------------------------------------------
Thu Sep 29 18:26:23 UTC 2011 - lmedinas@opensuse.org
- Updated to version 0.12.2:
  * Builds are now silent by default when OpenSC is built from
    source on Unix.
  * Using --wait with command line tools works with 64bit Linux
    again.
  * Greatly improved OpenPGP card support, including OpenPGP
    2.0 cards like the one found in German Privacy Foundation
    CryptoStick.
  * Fixed support for FINeID cards issued after 01.03.2011 with
    2048bit keys.
  * #256: Fixed support for TCOS cards (broken since 0.12.0).
  * Added support for IDKey-cards to TCOS3 driver.
  * #361: Improved PC/SC driver to fetch the maximum PIN sizes
    from the open source CCID driver. This fixes the issue for
    Linux/OSX with recent driver.
  * Fix FINeID cards for organizations.
  * Several smaller bugs and compiler warnings fixed

- Updated to version 0.12.1:
  * IAS-ECC 1.0.1
  * Support for cards with multiple PKCS#15 applications
  * New card driver: IAS/ECC 1.0.1
  * rutoken-tool has been deprecated and removed.
  * eidenv and piv-tool utilities now have manual pages.
  * pkcs11-tool now requires the use of --module parameter.
  * All tools can now use an ATR as an argument to --reader,
    to skip to the card with given ATR.
  * opensc-tool -l with -v now shows information about the
    inserted cards.
  * Creating files have an enforced upper size limit, 64K
  * Support for multiple PKCS#15 applications with different
    AID-s. PKCS#15 applications can be listed with pkcs15-tool
    --list-applications. Binding to a specific AID with PKCS#15
    tools can be done with --aid.
  * Hex strings (like card ATR or APDU-s) can now be separated
    by space, in addition to colons.
  * Pinpad readers known to be bogus are now ignored by OpenSC.
    At the moment only "HP USB Smart Card Keyboard" is disabled.
  * Numerous compiler warnings, unused code and internal bugs
    have been eliminated.

-------------------------------------------------------------------
Fri Jan  7 14:49:37 CET 2011 - sbrabec@suse.cz

- Updated to version 0.12.0:
  * Security fix (bnc#660109, CVE-2010-4523).
  * Only one backend is supported. openSUSE will use pcsc-lite.
  * libopensc made private, library should not be used by other
    applications. Please use generic PKCS#11 interface instead.
  * Signer plugin discontinued. Please use openssl engine_pkcs11.
  * No more depends on libassuan.
  * New card drivers.
  * Support for CardOS enhanced.
  * More changes and enhancements.
- libopensc merged back to the main package, as it is private now.

-------------------------------------------------------------------
Mon Aug 23 14:15:22 CEST 2010 - sbrabec@suse.cz

- Fixed broken opensc-fix-gcc-warnings.patch (bnc#627619).
- Simplified plugin installation.

-------------------------------------------------------------------
Tue Apr 13 14:35:32 UTC 2010 - puzel@novell.com

- update to version 0.11.13
  * Modify Rutoken S binary interfaces by Aktiv Co.
  * Muscle driver fixed (acl reading issue)
  * Many small fixes (e.g. mem leaks)
  * Compiling with openssl 1.0.0-beta fixed
  * Document integer problem in OpenSC and implement workaround
  * Improve entersafe profile to support private data objects
- Require pinentry
- add opensc-libassuan-2.patch
- add opensc-fix-gcc-warnings.patch

-------------------------------------------------------------------
Fri Jan  1 20:07:35 CET 2010 - jengelh@medozas.de

- package baselibs.conf

-------------------------------------------------------------------
Wed Aug  5 14:59:33 CEST 2009 - sbrabec@suse.cz

- Updated to version 0.11.9:
  * New rutoken_ecp driver
  * Allow more keys/certificates/files etc. with entersafe tokens
  * Updates pkcs11.h from scute fixing warnings
  * Small fixes in rutoken driver
  * Major update for piv driver with increased compatibility

-------------------------------------------------------------------
Thu Jul 30 12:45:26 CEST 2009 - sbrabec@suse.cz

- libopensc2 should not require opensc (bnc#466430).

-------------------------------------------------------------------
Thu May  7 17:52:06 CEST 2009 - sbrabec@suse.cz

- Updated to version 0.11.8:
  * Fix security problem in pkcs11-tool gen_keypair
    (PublicExponent 1) (bnc#501726)
    See http://en.opensuse.org/Smart_Cards/Advisories for more.
  * updated and improve entersafe driver. FTCOS/PK-01C cards are
    supported now, compatible with cards writen by Feitian's
    software on windows.

-------------------------------------------------------------------
Thu Apr  9 11:32:23 CEST 2009 - sbrabec@suse.cz

- Fixed undefined code (bnc#440853).
- Don't call autoreconf on older products.

-------------------------------------------------------------------
Tue Mar 17 18:01:29 CET 2009 - sbrabec@suse.cz

- Updated to version 0.11.7:
  * hide_empty_slots now on by default? small logic change?
  * ruToken driver was updated.
  * openct virtual readers reduced to 2 by default.
  * Security issue: Fix private data support. (bnc#480262,
    CVE-2009-0368)
    See http://en.opensuse.org/Smart_Cards/Advisories for more.
  * Enable lock_login by default.
  * Disable allow_soft_keygen by default.

-------------------------------------------------------------------
Wed Dec 10 12:34:56 CET 2008 - olh@suse.de

- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade
  (bnc#437293)

-------------------------------------------------------------------
Thu Oct 30 12:34:56 CET 2008 - olh@suse.de

- obsolete old -XXbit packages (bnc#437293)

-------------------------------------------------------------------
Wed Sep 10 13:46:44 CEST 2008 - sbrabec@suse.cz

- Updated to version 0.11.6:
  * New support for Feitian ePass3000.
  * GemSafeV1 improved to handle key_ref other than 3.
  * Build system rewritten.
  * ruToken now supported.
  * Allow specifying application name for data objects.
  * Basic reader hotplug support.
  * PC/SC library is dynamically linked.
  * PKCS#11 provider is now installed at LIBDIR/pkcs11.
  * PKCS#11 - Number of virtual slots moved into configuration.
  * PKCS#11 - Fix fork() compliance.
  * make sign_with_decrypt hack configureable for siemens cards.

-------------------------------------------------------------------
Mon Sep  1 14:06:17 CEST 2008 - sbrabec@suse.cz

- Check validity of SSL certificates for all Siemens CardOS M4
  cards (SCA and SCB are affected as well, bnc#413496#c6).

-------------------------------------------------------------------
Thu Jul 31 12:45:11 CEST 2008 - sbrabec@suse.cz

- Fixed initialization access rights for Siemens CardOS M4, added
  a security check to pkcs15-tool (bnc#413496, CVE-2008-2235)

-------------------------------------------------------------------
Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de

- added baselibs.conf file to build xxbit packages
  for multilib support

-------------------------------------------------------------------
Thu Feb  7 17:12:02 CET 2008 - sbrabec@suse.cz

- Updated to version 0.11.4:
  * Browser plugin support
  * Support Siemens CardOS initialized cards (signing with
    decryption)
  * Add Siemens CardOS M4.2B support (experimental)
  * Support for AKIS cards added (partial)

-------------------------------------------------------------------
Thu Jul 26 13:40:30 CEST 2007 - sbrabec@suse.cz

- Updated to version 0.11.3:
  * make lots of internal functions and variables static.
  * fix 0 vs NULL in many places. fix ansi c style (void).
  * avoid variable names used also as glibc function (random etc.).
  * new code for deleting objects.
  * special hack for firefox.
  * suport for Athena APCOS cards added.
  * piv driver now supports bigger rsa keys too.
  * enabled pin caching by default.
  * use max_send_size 255 / max_recv_size 256 bytes by default.
  * increase pin buffer size to allow longer pin codes.
  * Added --read-ssk-key option to pkcs15-tool
  * use pkg-config for finding openct
  * use strlcpy function
  * use new pkcs11.h from scute with an open source license
  * add support for sha2 to pkcs15-crypt
  * add piv-tool for managing piv cards
  * add muscle driver
  * improved oberthur driver
  * add support for pcsc v2 part10
  * convert source files to utf-8
- Split package according to shared library packaging policy.

-------------------------------------------------------------------
Tue Feb 27 12:12:30 CET 2007 - mvaner@suse.cz

- Fixing dodgy use of sizeof (#238660)
  - sizeof.patch

-------------------------------------------------------------------
Mon Oct  2 18:49:35 CEST 2006 - sbrabec@suse.cz

- Updated to version 0.11.1:
  * Update for piv pkcs#15 emulation
  * Improved TCOS driver for Uni Giesen Card
  * Handle size_t printf with "%lu" and (unsigned long) cast
  * Add support for d-trust cards / improve micardo 2.1 driver

-------------------------------------------------------------------
Thu May 25 16:13:02 CEST 2006 - sbrabec@suse.cz

- Fixed build for old SuSE Linux versions.

-------------------------------------------------------------------
Thu May 11 13:00:00 CEST 2006 - sbrabec@suse.cz

- Fixed devel dependencies.

-------------------------------------------------------------------
Wed May 10 16:58:12 CEST 2006 - sbrabec@suse.cz

- Updated to version 0.11.0.

-------------------------------------------------------------------
Wed Jan 25 21:39:06 CET 2006 - mls@suse.de

- converted neededforbuild to BuildRequires

-------------------------------------------------------------------
Thu Jan  5 02:05:11 CET 2006 - ro@suse.de

- added unpackaged so-links to devel filelist

-------------------------------------------------------------------
Tue Oct 25 15:30:04 CEST 2005 - rhafer@suse.de

- added LDAP_DEPRECATED to CFLAGS to build correctly with·
  OpenLDAP 2.3

-------------------------------------------------------------------
Fri Sep  2 12:56:14 CEST 2005 - okir@suse.de

- Removed +x permissions on opensc.conf (#114849)

-------------------------------------------------------------------
Thu Jul 14 16:11:56 CEST 2005 - okir@suse.de

- Updated to latest upstream version
- Added missing documentation files (#75425)

-------------------------------------------------------------------
Fri Mar  4 11:06:48 CET 2005 - meissner@suse.de

- fixed gcc4 compilation.

-------------------------------------------------------------------
Fri Jan 21 14:43:23 CET 2005 - okir@suse.de

- Updated to latest upstream version (0.9.4)

-------------------------------------------------------------------
Thu Nov 18 15:49:34 CET 2004 - ro@suse.de

- use kerberos-devel-packages

-------------------------------------------------------------------
Mon Jul 19 14:06:10 CEST 2004 - adrian@suse.de

- fix file list

-------------------------------------------------------------------
Mon Jul 12 17:26:31 CEST 2004 - adrian@suse.de

- update to version 0.8.1

-------------------------------------------------------------------
Fri Mar 19 11:10:13 CET 2004 - okir@suse.de

- Fixed permissions and path names of some include files (#36432)

-------------------------------------------------------------------
Fri Jan 16 13:19:16 CET 2004 - kukuk@suse.de

- Add pam-devel to neededforbuild

-------------------------------------------------------------------
Sat Jan 10 15:47:57 CET 2004 - adrian@suse.de

- add %run_ldconfig and %defattr

-------------------------------------------------------------------
Mon Aug  4 11:00:27 CEST 2003 - okir@suse.de

- Build fixes for x86_64/ppc64
- use a version string other than "CVS" (#28423)

-------------------------------------------------------------------
Fri Aug  1 12:04:29 CEST 2003 - okir@suse.de

- Updated to most recent upstream snapshot

-------------------------------------------------------------------
Thu Jun 12 13:28:31 CEST 2003 - kukuk@suse.de

- Fix filelist and permissions

-------------------------------------------------------------------
Wed Jun  4 00:39:12 CEST 2003 - ro@suse.de

- added rest of static libs to devel filelist
- remove unpackaged files from buildroot

-------------------------------------------------------------------
Wed Jan 15 17:34:58 CET 2003 - ro@suse.de

- use sasl2

-------------------------------------------------------------------
Thu Dec  5 11:22:44 CET 2002 - okir@suse.de

- fixed x86_64 build problem
- updated to latest upstream

-------------------------------------------------------------------
Fri Nov 29 10:01:14 CET 2002 - okir@suse.de

- updated to current CVS snapshot

-------------------------------------------------------------------
Fri Aug  9 21:35:43 CEST 2002 - okir@suse.de

- added missing libs to files list

-------------------------------------------------------------------
Thu Jul  4 17:48:11 CEST 2002 - ro@suse.de

- added heimdal-devel to neededforbuild to make libtool happy

-------------------------------------------------------------------
Fri Jun 28 17:34:49 CEST 2002 - schwab@suse.de

- Fix bootstrap script.
- Use correct libtool macros.

-------------------------------------------------------------------
Mon May 27 19:10:07 CEST 2002 - sf@suse.de

-  @libdir@ added to Makefile.am to use correct dirs for
   */lib */lib64

-------------------------------------------------------------------
Tue Apr 30 16:05:12 CEST 2002 - okir@suse.de

- Initial check-in