From 25dd5a5f8a904615851e5f379f04bdfd58c04ea3a866364629977f3a9ba094f2 Mon Sep 17 00:00:00 2001
From: Wolfgang Rosenauer <wolfgang@rosenauer.org>
Date: Sun, 25 Feb 2024 21:28:25 +0000
Subject: [PATCH 1/2] Accepting request 1150515 from
 home:mschreiner:branches:security:chipcard

- Add CVE-2024-1454.patch.
  Fix for CVE-2024-1454 / bnc#1219868.

OBS-URL: https://build.opensuse.org/request/show/1150515
OBS-URL: https://build.opensuse.org/package/show/security:chipcard/opensc?expand=0&rev=79
---
 CVE-2024-1454.patch | 25 +++++++++++++++++++++++++
 opensc.changes      |  6 ++++++
 opensc.spec         |  4 +++-
 3 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2024-1454.patch

diff --git a/CVE-2024-1454.patch b/CVE-2024-1454.patch
new file mode 100644
index 0000000..7f8ff1a
--- /dev/null
+++ b/CVE-2024-1454.patch
@@ -0,0 +1,25 @@
+From 5835f0d4f6c033bd58806d33fa546908d39825c9 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Mon, 18 Dec 2023 11:09:50 +0100
+Subject: [PATCH] authentic: Avoid use after free
+
+Thanks oss-fuzz
+
+https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64898
+---
+ src/pkcs15init/pkcs15-authentic.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/pkcs15init/pkcs15-authentic.c b/src/pkcs15init/pkcs15-authentic.c
+index a6d8b8ffad..798bc44138 100644
+--- a/src/pkcs15init/pkcs15-authentic.c
++++ b/src/pkcs15init/pkcs15-authentic.c
+@@ -868,7 +868,7 @@ authentic_emu_update_tokeninfo(struct sc_profile *profile, struct sc_pkcs15_card
+ 	rv = sc_select_file(p15card->card, &path, &file);
+ 	if (!rv) {
+ 		rv = sc_get_challenge(p15card->card, buffer, sizeof(buffer));
+-		if (!rv) {
++		if (rv < 0) {
+ 			sc_file_free(file);
+ 			LOG_TEST_RET(ctx, rv, "Get challenge error");
+ 		}
diff --git a/opensc.changes b/opensc.changes
index d0907c0..e748cd6 100644
--- a/opensc.changes
+++ b/opensc.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Sun Feb 25 20:35:05 UTC 2024 - Martin Schreiner <martin.schreiner@suse.com>
+
+- Add CVE-2024-1454.patch.
+  Fix for CVE-2024-1454 / bnc#1219868.
+
 -------------------------------------------------------------------
 Wed Dec 13 12:27:34 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>
 
diff --git a/opensc.spec b/opensc.spec
index aa0232e..b5fcafa 100644
--- a/opensc.spec
+++ b/opensc.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package opensc
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -31,6 +31,8 @@ Source2:        %{name}-rpmlintrc
 # https://web.archive.org/web/20111225073733/http://www.opensc-project.org/opensc/ticket/390
 Source3:        opensc.module
 Patch0:         opensc-gcc11.patch
+# PATCH-FIX-UPSTREAM martin.schreiner@suse.com CVE-2024-1454 bnc#1219868
+Patch1:         CVE-2024-1454.patch
 BuildRequires:  docbook-xsl-stylesheets
 BuildRequires:  libxslt
 BuildRequires:  pkgconfig

From 25a0c615134979e36dd1084b0a4884ff8142e4e3aac098fd90242654127a6eb4 Mon Sep 17 00:00:00 2001
From: Otto Hollmann <otto.hollmann@suse.com>
Date: Thu, 29 Feb 2024 10:19:44 +0000
Subject: [PATCH 2/2] Accepting request 1152250 from home:dimstar:Factory

bnc => bsc... it's been many moons that SUSE was not part of
Novell anymore and we are not using Novell's bugzilla instance

  Fix for CVE-2024-1454 / bsc#1219868.

OBS-URL: https://build.opensuse.org/request/show/1152250
OBS-URL: https://build.opensuse.org/package/show/security:chipcard/opensc?expand=0&rev=80
---
 opensc.changes | 2 +-
 opensc.spec    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/opensc.changes b/opensc.changes
index e748cd6..84be1ab 100644
--- a/opensc.changes
+++ b/opensc.changes
@@ -2,7 +2,7 @@
 Sun Feb 25 20:35:05 UTC 2024 - Martin Schreiner <martin.schreiner@suse.com>
 
 - Add CVE-2024-1454.patch.
-  Fix for CVE-2024-1454 / bnc#1219868.
+  Fix for CVE-2024-1454 / bsc#1219868.
 
 -------------------------------------------------------------------
 Wed Dec 13 12:27:34 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>
diff --git a/opensc.spec b/opensc.spec
index b5fcafa..f7c4320 100644
--- a/opensc.spec
+++ b/opensc.spec
@@ -31,7 +31,7 @@ Source2:        %{name}-rpmlintrc
 # https://web.archive.org/web/20111225073733/http://www.opensc-project.org/opensc/ticket/390
 Source3:        opensc.module
 Patch0:         opensc-gcc11.patch
-# PATCH-FIX-UPSTREAM martin.schreiner@suse.com CVE-2024-1454 bnc#1219868
+# PATCH-FIX-UPSTREAM martin.schreiner@suse.com CVE-2024-1454 bsc#1219868
 Patch1:         CVE-2024-1454.patch
 BuildRequires:  docbook-xsl-stylesheets
 BuildRequires:  libxslt