opensc/opensc.changes

623 lines
24 KiB
Plaintext

-------------------------------------------------------------------
Sun Jun 27 16:48:49 UTC 2021 - Predrag Ivanović <predivan@mts.rs>
- Fix build on GCC11
* Add opensc-gcc11.patch from Fedora
(https://github.com/OpenSC/OpenSC/pull/2241/)
-------------------------------------------------------------------
Fri Mar 12 22:58:46 UTC 2021 - Dirk Müller <dmueller@suse.com>
- move licenses to licensedir
-------------------------------------------------------------------
Fri Nov 27 19:27:30 UTC 2020 - Andreas Stieger <andreas.stieger@gmx.de>
- OpenSC 0.21.0:
* CVE-2020-26571: stack-based buffer overflow in the gemsafe GPK
smart card software driver (boo#1177380)
* CVE-2020-26572: stack-based buffer overflow in the TCOS smart
card software driver (boo#1177378)
* CVE-2020-26570: heap-based buffer overflow in the Oberthur
smart card software driver (boo#1177364)
* CardOS 5.x support boo#1179291
* Support for OAEP encryption, make SHA256 default
* New separate debug level for PIN commands
* Fix handling of card/reader insertion/removal events in pcscd
* Fixes of removed readers handling
* Fix Firefox crash because of invalid pcsc context
* PKCS#11: Return CKR_TOKEN_NOT_RECOGNIZED for not recognized cards
* Propagate ignore_user_content to PKCS#11 layer not to confuse applications
* Minidriver: Fix check of ATR length (2-to 33 characters inclusive)
* pkcs11-tool: allow using SW tokens
* opensc-explorer asn1 accepts offsets and decode records
* opensc-explorer cat accepts records
* OpenPGP: Add new ec curves supported by GNUK
* First steps supporting OpenPGP 3.4
* OpenPGP: Add support for EC key import
* Rutoken: Add ATR for Rutoken ECP SC NFC
* Improve detection of various CardOS 5 configurations
* DNIe: Add new DNIe CA structure for the secure channel
* ePass2003: Improve ECC support
* ePass2003: Fix erase sequence
* IAS-ECC: Fix support for Idemia Cosmo cards
* IAS-ECC: PIN padding settings are now used from PKCS#15 info when available
* IAS-ECC: Added PIN-pad support for PIN unblock
* New driver for Gemalto IDPrime (only some types)
* eDo: New driver with initial support for Polish eID card (e-dowód, eDO)
* MCRD: Remove unused and broken RSA EstEID support
* TCOS: Add missing encryption certificates
* PIV: Add ATR of DOD Yubikey
* fixed PIV global pin bug
* CAC1: Support changing PIN with CAC Alt tokens
- includes changes from 0.20.0
* CVE-2019-6502: memory leak in libopensc (boo#1122756)
* CVE-2019-15946: out-of-bounds access of an ASN.1 Octet string (boo#1149747)
* CVE-2019-15945: out-of-bounds access of an ASN.1 Bitstring (boo#1149746)
* CVE-2019-19479: incorrect read operation during parsing of a SETCOS file attribute (boo#1158256)
* CVE-2019-19480: improper free operation in sc_pkcs15_decode_prkdf_entry (boo#1158307)
* Support RSA-PSS signature mechanisms using RSA-RAW
* Added memory locking for secrets
* added support for terminal colors
* PC/SC driver: Fixed error handling in case of changing or removing the card reader
* rename md_read_only to read_only and use it for PKCS#11 and Minidriver
* allow global use of ignore_private_certificate
* PKCS#11: Implement write protection (CKF_WRITE_PROTECTED) based on the card profile
* PKCS#11: Add C_WrapKey and C_UnwrapKey implementations
* PKCS#11: Handle CKA_ALWAYS_AUTHENTICATE when creating key objects
* PKCS#11: Truncate long PKCS#11 labels with ...
* PKCS#11: Fixed recognition of a token when being unplugged and reinserted
* Minidriver: Register for CardOS5 cards
* Minidriver: Add support for RSA-PSS
* tools: Harmonize the use of option -r/--reader
* goid-tool: GoID personalization with fingerprint
* openpgp-tool: replace the options -L/--key-length with -t/--key-type
* openpgp-tool: add options -C/--card-info and -K/--key-info
* opensc-explorer: add command pin_info, extend random
* pkcs11-register: Auto-configuration of applications for use of OpenSC PKCS#11
* pkcd11-register: Autostart
* opensc-tool: Show ATR also for cards not recognized by OpenSC
* pkcs11-spy: parse CKM_AES_GCM, EC Derive parameters
* pkcs11-spy: Add support for CKA_OTP_* and CKM_*_PSS values
* pkcs11-tool: Support for signature verification via --verify
* pkcs11-tool: Add object type secrkey for --type option
* pkcs11-tool: Implement Secret Key write object
* pkcs11-tool: Add GOSTR3410-2012 support
* pkcs11-tool: Add support for testing CKM_RSA_PKCS_OAEP
* pkcs11-tool: Add extractable option to key import
* pkcs11-tool: list more key access flags when listing keys
* pkcs11-tool: Add support for CKA_ALLOWED_MECHANISMS when creating new objects and listing keys
* pkcs15-crypt: *Handle keys with user consent
* New separate CAC1 driver using the old CAC specification (#1502)
* CardOS: Add support for 4K RSA keys in CardOS 5
* CardOS: Fixed decryption with CardOS 5
* Enable CoolKey driver to handle 2048-bit keys
* EstEID: add support for a minimalistic, small and fast card profile based on IAS-ECC issued since December 2018
* GIDS Decipher fix (#1881)
* GIDS: Allow RSA 4K support
* MICARDO: Remove long expired EstEID 1.0/1.1 card support
* MyEID: Add support for unwrapping a secret key with an RSA key or secret key
* MyEID Add support for wrapping a secret key with a secret key
* Support for MyEID 4K RSA
* Support for OsEID
* Gemalto GemSafe: add new PTeID ATRs, add support for 4K RSA keys
* OpenPGP Card v3 ECC support
* Add Rutoken ECP SC
* Add Rutoken Lite
* Add SmartCard-HSM 4K ATR
* Add missing secp384r1 curve parameter
* Stacros: Fix decipher with 2.3
* Stacros: Add ATR for 2nd gen. eGK
* Stacros: Add new ATR for 3.5
* Stacros: Detect and allow Globalplatform PIN encoding
* Fix TCOS IDKey support
* TCOS: add encryption certificate for IDKey
* Infocamere, Postecert, Cnipa: Remove profiles
* Remove incomplete acos5 driver
- drop patches now upstream:
* opensc-0.19.0-piv_card_matching.patch
* opensc-0.19.0-redundant_logging.patch
* opensc-0.19.0-rsa-pss.patch
-------------------------------------------------------------------
Sun Aug 18 01:35:45 UTC 2019 - Jason Sikes <jsikes@suse.com>
- added opensc-0.19.0-piv_card_matching.patch
* Improve Card Matching for Dual CAC/PIV and PIVKEY cards.
* sourced from https://github.com/OpenSC/OpenSC/pull/1549
-------------------------------------------------------------------
Tue Jul 30 03:15:14 UTC 2019 - Jason Sikes <jsikes@suse.de>
- added opensc-0.19.0-rsa-pss.patch
* Fixes the pkcs11-tool example
* Added missing CKM_SHA224_RSA_PKCS_PSS
* Add support for PSS padding to RSA signatures
* Support for signature verification in pkcs11-tool
* Switch cleanup steps to avoid segfaults on errors and more sanity checking
- added opensc-0.19.0-redundant_logging.patch
* Remove redundant debug output
-------------------------------------------------------------------
Tue Jul 23 21:51:42 UTC 2019 - Benjamin Greiner <code@bnavigator.de>
- add explicit BuildRequires: zlib-devel
-------------------------------------------------------------------
Thu Sep 13 13:46:43 UTC 2018 - Karol Babioch <kbabioch@suse.com>
- Update to version 0.19.0
* Fixed multiple security problems (out of bound writes/reads):
* CVE-2018-16391 (bsc#1106998)
* CVE-2018-16392 (bsc#1106999)
* CVE-2018-16393 (bsc#1108318)
* CVE-2018-16418 (bsc#1107039)
* CVE-2018-16419 (bsc#1107107)
* CVE-2018-16420 (bsc#1107097)
* CVE-2018-16421 (bsc#1107049)
* CVE-2018-16422 (bsc#1107038)
* CVE-2018-16423 (bsc#1107037)
* CVE-2018-16424 (bsc#1107036)
* CVE-2018-16425 (bsc#1107035)
* CVE-2018-16426 (bsc#1107034)
* CVE-2018-16427 (bsc#1107033)
* Workaround cards returning short signatures without leading zeroes
* Distribute minimal opensc.conf
* `pkcs11_enable_InitToken made` global configuration option
* Modify behavior of `OPENSC_DRIVER` environment variable to restrict driver
list instead of forcing one driver and skipping vital parts of
configuration
* Removed configuration options `zero_ckaid_for_ca_certs`,
`force_card_driver`, `reopen_debug_file`, `paranoid-memory`
* Generalized configuration option `ignored_readers`
* If card initialization fails, continue card detection with other card
drivers
* reader-pcsc: allow fixing the length of a PIN
* fixed crash during `C_WaitForSlotEvent`
* Allow cancelling the PIN pad prompt before starting the reader transaction.
Whether to start the transaction immediately or not is user-configurable
for each application
* opensc-notify
* add Exit button to tray icon
* User better description (GenericName) and a generic application icon
* Do not display in the application list
- Removed patches included upstream now:
* opensc-desktop.patch
* opensc-desktop2.patch
* opensc-bash-completions.patch
- Applied spec-cleaner
-------------------------------------------------------------------
Tue Jul 10 16:56:28 CEST 2018 - sbrabec@suse.com
- Update to version 0.18.0:
* Further improvements of PIN support.
* Large number of improvements and fixes
(boo#1097951, boo#1100501).
* See /usr/share/doc/packages/opensc/NEWS for complete list.
- Add opensc-desktop.patch, opensc-desktop2.patch and
opensc-bash-completions.patch.
-------------------------------------------------------------------
Mon Jan 1 16:16:13 UTC 2018 - michael@stroeder.com
- update to version 0.17.0:
* support for new cards
* PIN support enhancemets
* added .pc file
* builds with OpenSSL 1.1.0 (1074799)
* See /usr/share/doc/packages/opensc/NEWS for complete list.
-------------------------------------------------------------------
Tue Jul 18 13:58:05 UTC 2017 - tchvatal@suse.com
- Switch to tarball fetching from github
- Few small cleanups
-------------------------------------------------------------------
Tue Nov 22 16:42:06 CET 2016 - sbrabec@suse.com
- Add baselibs.conf to provide 32-bit PKCS11 plugins (bsc#996047).
- Drop opensc-ADVISORIES. There is no new advisory since 2009.
-------------------------------------------------------------------
Tue Jul 5 12:09:24 UTC 2016 - t.gruner@katodev.de
- update to version 0.16.0
- remove fix (issue 505)
- clean up spec-file
-------------------------------------------------------------------
Thu Jul 30 16:16:19 EEST 2015 - bwachter-pkg@lart.info
- update to version 0.15.0
- register with p11-kit
(https://www.opensc-project.org/opensc/ticket/390)
-------------------------------------------------------------------
Mon Feb 16 15:14:55 UTC 2015 - michael@stroeder.com
- update to version 0.14.0
-------------------------------------------------------------------
Tue Dec 3 18:53:23 UTC 2013 - luizluca@tre-sc.gov.br
- update to version 0.13.0
-------------------------------------------------------------------
Tue Jun 12 21:00:03 UTC 2012 - mgorse@suse.com
- make needed directories before running make install
-------------------------------------------------------------------
Thu Sep 29 18:26:23 UTC 2011 - lmedinas@opensuse.org
- Updated to version 0.12.2:
* Builds are now silent by default when OpenSC is built from
source on Unix.
* Using --wait with command line tools works with 64bit Linux
again.
* Greatly improved OpenPGP card support, including OpenPGP
2.0 cards like the one found in German Privacy Foundation
CryptoStick.
* Fixed support for FINeID cards issued after 01.03.2011 with
2048bit keys.
* #256: Fixed support for TCOS cards (broken since 0.12.0).
* Added support for IDKey-cards to TCOS3 driver.
* #361: Improved PC/SC driver to fetch the maximum PIN sizes
from the open source CCID driver. This fixes the issue for
Linux/OSX with recent driver.
* Fix FINeID cards for organizations.
* Several smaller bugs and compiler warnings fixed
- Updated to version 0.12.1:
* IAS-ECC 1.0.1
* Support for cards with multiple PKCS#15 applications
* New card driver: IAS/ECC 1.0.1
* rutoken-tool has been deprecated and removed.
* eidenv and piv-tool utilities now have manual pages.
* pkcs11-tool now requires the use of --module parameter.
* All tools can now use an ATR as an argument to --reader,
to skip to the card with given ATR.
* opensc-tool -l with -v now shows information about the
inserted cards.
* Creating files have an enforced upper size limit, 64K
* Support for multiple PKCS#15 applications with different
AID-s. PKCS#15 applications can be listed with pkcs15-tool
--list-applications. Binding to a specific AID with PKCS#15
tools can be done with --aid.
* Hex strings (like card ATR or APDU-s) can now be separated
by space, in addition to colons.
* Pinpad readers known to be bogus are now ignored by OpenSC.
At the moment only "HP USB Smart Card Keyboard" is disabled.
* Numerous compiler warnings, unused code and internal bugs
have been eliminated.
-------------------------------------------------------------------
Fri Jan 7 14:49:37 CET 2011 - sbrabec@suse.cz
- Updated to version 0.12.0:
* Security fix (bnc#660109, CVE-2010-4523).
* Only one backend is supported. openSUSE will use pcsc-lite.
* libopensc made private, library should not be used by other
applications. Please use generic PKCS#11 interface instead.
* Signer plugin discontinued. Please use openssl engine_pkcs11.
* No more depends on libassuan.
* New card drivers.
* Support for CardOS enhanced.
* More changes and enhancements.
- libopensc merged back to the main package, as it is private now.
-------------------------------------------------------------------
Mon Aug 23 14:15:22 CEST 2010 - sbrabec@suse.cz
- Fixed broken opensc-fix-gcc-warnings.patch (bnc#627619).
- Simplified plugin installation.
-------------------------------------------------------------------
Tue Apr 13 14:35:32 UTC 2010 - puzel@novell.com
- update to version 0.11.13
* Modify Rutoken S binary interfaces by Aktiv Co.
* Muscle driver fixed (acl reading issue)
* Many small fixes (e.g. mem leaks)
* Compiling with openssl 1.0.0-beta fixed
* Document integer problem in OpenSC and implement workaround
* Improve entersafe profile to support private data objects
- Require pinentry
- add opensc-libassuan-2.patch
- add opensc-fix-gcc-warnings.patch
-------------------------------------------------------------------
Fri Jan 1 20:07:35 CET 2010 - jengelh@medozas.de
- package baselibs.conf
-------------------------------------------------------------------
Wed Aug 5 14:59:33 CEST 2009 - sbrabec@suse.cz
- Updated to version 0.11.9:
* New rutoken_ecp driver
* Allow more keys/certificates/files etc. with entersafe tokens
* Updates pkcs11.h from scute fixing warnings
* Small fixes in rutoken driver
* Major update for piv driver with increased compatibility
-------------------------------------------------------------------
Thu Jul 30 12:45:26 CEST 2009 - sbrabec@suse.cz
- libopensc2 should not require opensc (bnc#466430).
-------------------------------------------------------------------
Thu May 7 17:52:06 CEST 2009 - sbrabec@suse.cz
- Updated to version 0.11.8:
* Fix security problem in pkcs11-tool gen_keypair
(PublicExponent 1) (bnc#501726)
See http://en.opensuse.org/Smart_Cards/Advisories for more.
* updated and improve entersafe driver. FTCOS/PK-01C cards are
supported now, compatible with cards writen by Feitian's
software on windows.
-------------------------------------------------------------------
Thu Apr 9 11:32:23 CEST 2009 - sbrabec@suse.cz
- Fixed undefined code (bnc#440853).
- Don't call autoreconf on older products.
-------------------------------------------------------------------
Tue Mar 17 18:01:29 CET 2009 - sbrabec@suse.cz
- Updated to version 0.11.7:
* hide_empty_slots now on by default? small logic change?
* ruToken driver was updated.
* openct virtual readers reduced to 2 by default.
* Security issue: Fix private data support. (bnc#480262,
CVE-2009-0368)
See http://en.opensuse.org/Smart_Cards/Advisories for more.
* Enable lock_login by default.
* Disable allow_soft_keygen by default.
-------------------------------------------------------------------
Wed Dec 10 12:34:56 CET 2008 - olh@suse.de
- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade
(bnc#437293)
-------------------------------------------------------------------
Thu Oct 30 12:34:56 CET 2008 - olh@suse.de
- obsolete old -XXbit packages (bnc#437293)
-------------------------------------------------------------------
Wed Sep 10 13:46:44 CEST 2008 - sbrabec@suse.cz
- Updated to version 0.11.6:
* New support for Feitian ePass3000.
* GemSafeV1 improved to handle key_ref other than 3.
* Build system rewritten.
* ruToken now supported.
* Allow specifying application name for data objects.
* Basic reader hotplug support.
* PC/SC library is dynamically linked.
* PKCS#11 provider is now installed at LIBDIR/pkcs11.
* PKCS#11 - Number of virtual slots moved into configuration.
* PKCS#11 - Fix fork() compliance.
* make sign_with_decrypt hack configureable for siemens cards.
-------------------------------------------------------------------
Mon Sep 1 14:06:17 CEST 2008 - sbrabec@suse.cz
- Check validity of SSL certificates for all Siemens CardOS M4
cards (SCA and SCB are affected as well, bnc#413496#c6).
-------------------------------------------------------------------
Thu Jul 31 12:45:11 CEST 2008 - sbrabec@suse.cz
- Fixed initialization access rights for Siemens CardOS M4, added
a security check to pkcs15-tool (bnc#413496, CVE-2008-2235)
-------------------------------------------------------------------
Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de
- added baselibs.conf file to build xxbit packages
for multilib support
-------------------------------------------------------------------
Thu Feb 7 17:12:02 CET 2008 - sbrabec@suse.cz
- Updated to version 0.11.4:
* Browser plugin support
* Support Siemens CardOS initialized cards (signing with
decryption)
* Add Siemens CardOS M4.2B support (experimental)
* Support for AKIS cards added (partial)
-------------------------------------------------------------------
Thu Jul 26 13:40:30 CEST 2007 - sbrabec@suse.cz
- Updated to version 0.11.3:
* make lots of internal functions and variables static.
* fix 0 vs NULL in many places. fix ansi c style (void).
* avoid variable names used also as glibc function (random etc.).
* new code for deleting objects.
* special hack for firefox.
* suport for Athena APCOS cards added.
* piv driver now supports bigger rsa keys too.
* enabled pin caching by default.
* use max_send_size 255 / max_recv_size 256 bytes by default.
* increase pin buffer size to allow longer pin codes.
* Added --read-ssk-key option to pkcs15-tool
* use pkg-config for finding openct
* use strlcpy function
* use new pkcs11.h from scute with an open source license
* add support for sha2 to pkcs15-crypt
* add piv-tool for managing piv cards
* add muscle driver
* improved oberthur driver
* add support for pcsc v2 part10
* convert source files to utf-8
- Split package according to shared library packaging policy.
-------------------------------------------------------------------
Tue Feb 27 12:12:30 CET 2007 - mvaner@suse.cz
- Fixing dodgy use of sizeof (#238660)
- sizeof.patch
-------------------------------------------------------------------
Mon Oct 2 18:49:35 CEST 2006 - sbrabec@suse.cz
- Updated to version 0.11.1:
* Update for piv pkcs#15 emulation
* Improved TCOS driver for Uni Giesen Card
* Handle size_t printf with "%lu" and (unsigned long) cast
* Add support for d-trust cards / improve micardo 2.1 driver
-------------------------------------------------------------------
Thu May 25 16:13:02 CEST 2006 - sbrabec@suse.cz
- Fixed build for old SuSE Linux versions.
-------------------------------------------------------------------
Thu May 11 13:00:00 CEST 2006 - sbrabec@suse.cz
- Fixed devel dependencies.
-------------------------------------------------------------------
Wed May 10 16:58:12 CEST 2006 - sbrabec@suse.cz
- Updated to version 0.11.0.
-------------------------------------------------------------------
Wed Jan 25 21:39:06 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Thu Jan 5 02:05:11 CET 2006 - ro@suse.de
- added unpackaged so-links to devel filelist
-------------------------------------------------------------------
Tue Oct 25 15:30:04 CEST 2005 - rhafer@suse.de
- added LDAP_DEPRECATED to CFLAGS to build correctly with·
OpenLDAP 2.3
-------------------------------------------------------------------
Fri Sep 2 12:56:14 CEST 2005 - okir@suse.de
- Removed +x permissions on opensc.conf (#114849)
-------------------------------------------------------------------
Thu Jul 14 16:11:56 CEST 2005 - okir@suse.de
- Updated to latest upstream version
- Added missing documentation files (#75425)
-------------------------------------------------------------------
Fri Mar 4 11:06:48 CET 2005 - meissner@suse.de
- fixed gcc4 compilation.
-------------------------------------------------------------------
Fri Jan 21 14:43:23 CET 2005 - okir@suse.de
- Updated to latest upstream version (0.9.4)
-------------------------------------------------------------------
Thu Nov 18 15:49:34 CET 2004 - ro@suse.de
- use kerberos-devel-packages
-------------------------------------------------------------------
Mon Jul 19 14:06:10 CEST 2004 - adrian@suse.de
- fix file list
-------------------------------------------------------------------
Mon Jul 12 17:26:31 CEST 2004 - adrian@suse.de
- update to version 0.8.1
-------------------------------------------------------------------
Fri Mar 19 11:10:13 CET 2004 - okir@suse.de
- Fixed permissions and path names of some include files (#36432)
-------------------------------------------------------------------
Fri Jan 16 13:19:16 CET 2004 - kukuk@suse.de
- Add pam-devel to neededforbuild
-------------------------------------------------------------------
Sat Jan 10 15:47:57 CET 2004 - adrian@suse.de
- add %run_ldconfig and %defattr
-------------------------------------------------------------------
Mon Aug 4 11:00:27 CEST 2003 - okir@suse.de
- Build fixes for x86_64/ppc64
- use a version string other than "CVS" (#28423)
-------------------------------------------------------------------
Fri Aug 1 12:04:29 CEST 2003 - okir@suse.de
- Updated to most recent upstream snapshot
-------------------------------------------------------------------
Thu Jun 12 13:28:31 CEST 2003 - kukuk@suse.de
- Fix filelist and permissions
-------------------------------------------------------------------
Wed Jun 4 00:39:12 CEST 2003 - ro@suse.de
- added rest of static libs to devel filelist
- remove unpackaged files from buildroot
-------------------------------------------------------------------
Wed Jan 15 17:34:58 CET 2003 - ro@suse.de
- use sasl2
-------------------------------------------------------------------
Thu Dec 5 11:22:44 CET 2002 - okir@suse.de
- fixed x86_64 build problem
- updated to latest upstream
-------------------------------------------------------------------
Fri Nov 29 10:01:14 CET 2002 - okir@suse.de
- updated to current CVS snapshot
-------------------------------------------------------------------
Fri Aug 9 21:35:43 CEST 2002 - okir@suse.de
- added missing libs to files list
-------------------------------------------------------------------
Thu Jul 4 17:48:11 CEST 2002 - ro@suse.de
- added heimdal-devel to neededforbuild to make libtool happy
-------------------------------------------------------------------
Fri Jun 28 17:34:49 CEST 2002 - schwab@suse.de
- Fix bootstrap script.
- Use correct libtool macros.
-------------------------------------------------------------------
Mon May 27 19:10:07 CEST 2002 - sf@suse.de
- @libdir@ added to Makefile.am to use correct dirs for
*/lib */lib64
-------------------------------------------------------------------
Tue Apr 30 16:05:12 CEST 2002 - okir@suse.de
- Initial check-in