Accepting request 635547 from home:kbabioch:branches:security:chipcard

- Update to version 0.19.0 * Fixed multiple security problems (out of bound writes/reads): * CVE-2018-16391 (bsc#1106998) * CVE-2018-16392 (bsc#1106999) * CVE-2018-16393 (bsc#1108318) * CVE-2018-16418 (bsc#1107039) * CVE-2018-16419 (bsc#1107107) * CVE-2018-16420 (bsc#1107097) * CVE-2018-16421 (bsc#1107049) * CVE-2018-16422 (bsc#1107038) * CVE-2018-16423 (bsc#1107037) * CVE-2018-16424 (bsc#1107036) * CVE-2018-16425 (bsc#1107035) * CVE-2018-16426 (bsc#1107034) * CVE-2018-16427 (bsc#1107033) * Workaround cards returning short signatures without leading zeroes * Distribute minimal opensc.conf * `pkcs11_enable_InitToken made` global configuration option * Modify behavior of `OPENSC_DRIVER` environment variable to restrict driver list instead of forcing one driver and skipping vital parts of configuration * Removed configuration options `zero_ckaid_for_ca_certs`, `force_card_driver`, `reopen_debug_file`, `paranoid-memory` * Generalized configuration option `ignored_readers` * If card initialization fails, continue card detection with other card drivers * reader-pcsc: allow fixing the length of a PIN * fixed crash during `C_WaitForSlotEvent` * Allow cancelling the PIN pad prompt before starting the reader transaction. Whether to start the transaction immediately or not is user-configurable OBS-URL: https://build.opensuse.org/request/show/635547 OBS-URL: https://build.opensuse.org/package/show/security:chipcard/opensc?expand=0&rev=55
2018-09-25 14:35:23 +00:00 · 2018-09-25 14:35:23 +00:00 · ff4ec9e2c8
commit ff4ec9e2c8
parent defc0af54f
7 changed files with 53 additions and 108 deletions
--- a/opensc-0.18.0.tar.gz
+++ b/opensc-0.18.0.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9bc0ff030dd1c10f646d54415eae1bb2b1c72dda710378343f027e17cd8c3757
-size 2037073
--- a/opensc-0.19.0.tar.gz
+++ b/opensc-0.19.0.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2c5a0e4df9027635290b9c0f3addbbf0d651db5ddb0ab789cb0e978f02fd5826
+size 2080320
--- a/opensc-bash-completions.patch
+++ b/opensc-bash-completions.patch
@ -1,45 +0,0 @@
-From b0a20fa7ca30dc6c6198954fadc5a7fe812834dc Mon Sep 17 00:00:00 2001
-From: Stanislav Brabec <sbrabec@suse.com>
-Date: Fri, 22 Jun 2018 16:38:38 +0200
-Subject: [PATCH] Use correct bash-completion path
-
-Recent versions of bash is leaving /etc/bash_completion.d. The correct
-directory is specified by pkg-config --variable completionsdir
-bash-completion.
-
-Fixes https://github.com/OpenSC/OpenSC/issues/1403
---
- configure.ac          | 4 ++++
- doc/tools/Makefile.am | 1 -
- 2 files changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index 700b14dc..6abad0b7 100644
--- a/configure.ac
-+++ b/configure.ac
-@@ -839,6 +839,10 @@ if test "${enable_cryptotokenkit}" = "yes"; then
- 	fi
- 	AC_DEFINE([ENABLE_CRYPTOTOKENKIT], [1], [Define if CryptoTokenKit is to be enabled])
- fi
-+PKG_CHECK_MODULES([BASH_COMPLETION], [bash-completion >= 2.0],
-+	[completiondir="`pkg-config --variable=completionsdir bash-completion`"],
-+	[completiondir="${sysconfdir}/bash_completion.d"])
-+AC_SUBST([completiondir])
- 
- 
- AC_SUBST(DYN_LIB_EXT)
-diff --git a/doc/tools/Makefile.am b/doc/tools/Makefile.am
-index 17e4fbf1..4e2d941c 100644
--- a/doc/tools/Makefile.am
-+++ b/doc/tools/Makefile.am
-@@ -15,7 +15,6 @@ man5_MANS = $(patsubst $(srcdir)/%.xml, %, $(wildcard $(srcdir)/*.5.xml))
- endif
- 
- completion_DATA = $(patsubst $(srcdir)/%.1.xml, %, $(wildcard $(srcdir)/*.1.xml))
-completiondir = $(sysconfdir)/bash_completion.d
- 
- tools.html: $(srcdir)/tools.xml $(wildcard $(srcdir)/*.1.xml) $(wildcard $(srcdir)/*.5.xml)
- 	$(XSLTPROC) --nonet --path "$(srcdir)/..:$(xslstylesheetsdir)/html" --xinclude -o $@ html.xsl $<
-- 
-2.18.0
-
--- a/opensc-desktop.patch
+++ b/opensc-desktop.patch
@ -1,22 +0,0 @@
-Backport.
-From d831076974f02dc7714f92526e6352ab18aee748 Mon Sep 17 00:00:00 2001
-From: Frank Morgner <frankmorgner@gmail.com>
-Date: Fri, 22 Jun 2018 08:47:06 +0200
-Subject: [PATCH] opensc-notify: use generic icon
-
-fixes https://github.com/OpenSC/OpenSC/issues/1402
---
- src/tools/org.opensc.notify.desktop.in | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-Index: opensc-0.18.0/src/tools/org.opensc.notify.desktop.in
-===================================================================
--- opensc-0.18.0.orig/src/tools/org.opensc.notify.desktop.in
-+++ opensc-0.18.0/src/tools/org.opensc.notify.desktop.in
-@@ -3,5 +3,5 @@ Name=OpenSC Notify
- Type=Application
- Comment=Monitor smart card events to send notifications.
- Exec=@bindir@/opensc-notify
-Icon=preferences-system-notifications
-+Icon=utilities-system-monitor
- Categories=Security;System;
--- a/opensc-desktop2.patch
+++ b/opensc-desktop2.patch
@ -1,25 +0,0 @@
-From 4db9db7403cd5c49efc97ce6eac4ab5b4cd46e66 Mon Sep 17 00:00:00 2001
-From: Stanislav Brabec <sbrabec@suse.com>
-Date: Wed, 27 Jun 2018 21:20:04 +0200
-Subject: [PATCH] Add GenericName to the desktop file
-
-Add optional GenericName to org.opensc.notify.desktop. GenericName is
-recently widely used for menu rendering in desktop environments.
---
- src/tools/org.opensc.notify.desktop.in | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/tools/org.opensc.notify.desktop.in b/src/tools/org.opensc.notify.desktop.in
-index 20e217d6..1c8755c4 100644
--- a/src/tools/org.opensc.notify.desktop.in
-+++ b/src/tools/org.opensc.notify.desktop.in
-@@ -1,5 +1,6 @@
- [Desktop Entry]
- Name=OpenSC Notify
-+GenericName=Smard card notification
- Type=Application
- Comment=Monitor smart card events to send notifications.
- Exec=@bindir@/opensc-notify
-- 
-2.18.0
-
--- a/opensc.changes
+++ b/opensc.changes
@ -1,3 +1,47 @@
+-------------------------------------------------------------------
+Thu Sep 13 13:46:43 UTC 2018 - Karol Babioch <kbabioch@suse.com>
+
+- Update to version 0.19.0
+  * Fixed multiple security problems (out of bound writes/reads):
+    * CVE-2018-16391 (bsc#1106998)
+    * CVE-2018-16392 (bsc#1106999)
+    * CVE-2018-16393 (bsc#1108318)
+    * CVE-2018-16418 (bsc#1107039)
+    * CVE-2018-16419 (bsc#1107107)
+    * CVE-2018-16420 (bsc#1107097)
+    * CVE-2018-16421 (bsc#1107049)
+    * CVE-2018-16422 (bsc#1107038)
+    * CVE-2018-16423 (bsc#1107037)
+    * CVE-2018-16424 (bsc#1107036)
+    * CVE-2018-16425 (bsc#1107035)
+    * CVE-2018-16426 (bsc#1107034)
+    * CVE-2018-16427 (bsc#1107033)
+  * Workaround cards returning short signatures without leading zeroes
+  * Distribute minimal opensc.conf
+  * `pkcs11_enable_InitToken made` global configuration option
+  * Modify behavior of `OPENSC_DRIVER` environment variable to restrict driver
+    list instead of forcing one driver and skipping vital parts of
+    configuration
+  * Removed configuration options `zero_ckaid_for_ca_certs`,
+    `force_card_driver`, `reopen_debug_file`, `paranoid-memory`
+  * Generalized configuration option `ignored_readers`
+  * If card initialization fails, continue card detection with other card
+    drivers
+  * reader-pcsc: allow fixing the length of a PIN
+  * fixed crash during `C_WaitForSlotEvent`
+  * Allow cancelling the PIN pad prompt before starting the reader transaction.
+    Whether to start the transaction immediately or not is user-configurable
+    for each application
+  * opensc-notify
+    * add Exit button to tray icon
+    * User better description (GenericName) and a generic application icon
+    * Do not display in the application list
+- Removed patches included upstream now:
+  * opensc-desktop.patch
+  * opensc-desktop2.patch
+  * opensc-bash-completions.patch
+- Applied spec-cleaner
+
 -------------------------------------------------------------------
 Tue Jul 10 16:56:28 CEST 2018 - sbrabec@suse.com

--- a/opensc.spec
+++ b/opensc.spec
@ -16,25 +16,20 @@
 #


+%define completionsdir %(pkg-config --variable completionsdir bash-completion)
 Name:           opensc
-Version:        0.18.0
+Version:        0.19.0
 Release:        0
 Summary:        Smart Card Utilities
 License:        LGPL-2.1-or-later
 Group:          Productivity/Security
-Url:            https://github.com/OpenSC/OpenSC/wiki
+URL:            https://github.com/OpenSC/OpenSC/wiki
 Source:         https://github.com/OpenSC/OpenSC/releases/download/%{version}/%{name}-%{version}.tar.gz
 Source1:        baselibs.conf
 Source2:        %{name}-rpmlintrc
 # Register with p11-kit
 # https://web.archive.org/web/20111225073733/http://www.opensc-project.org/opensc/ticket/390
 Source3:        opensc.module
-# PATCH-FIX-UPSTREAM opensc-desktop.patch https://github.com/OpenSC/OpenSC/issues/1402 sbrabec@suse.com -- Fix desktop file.
-Patch1:         opensc-desktop.patch
-# PATCH-FIX-UPSTREAM opensc-bash-completions.patch sbrabec@suse.com https://github.com/OpenSC/OpenSC/issues/1403 -- Use correct bash-completion path.
-Patch2:         opensc-bash-completions.patch
-# PATCH-FEATURE-OPENSUSE opensc-desktop2.patch https://github.com/OpenSC/OpenSC/issues/1402 sbrabec@suse.com -- Add GenericName to the desktop file.
-Patch3:         opensc-desktop2.patch
 BuildRequires:  docbook-xsl-stylesheets
 BuildRequires:  libtool
 BuildRequires:  libxslt
@ -46,7 +41,6 @@ BuildRequires:  pkgconfig(openssl)
 Requires:       pcsc-lite
 # There is no more devel package.
 Obsoletes:      opensc-devel < %{version}
-%define completionsdir %(pkg-config --variable completionsdir bash-completion)

 %description
 OpenSC provides a set of utilities to access smart cards. It mainly
@ -65,9 +59,6 @@ may require third party proprietary software.

 %prep
 %setup -q
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1

 %build
 autoreconf -fvi
@ -90,10 +81,12 @@ install -D -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/pkcs11/modules/opensc.mo

 %files
 %doc %dir %{_docdir}/%{name}
-%doc %{_docdir}/%{name}/COPYING
+%license %{_docdir}/%{name}/COPYING
 %doc %{_docdir}/%{name}/NEWS
 %doc %{_docdir}/%{name}/README
 %doc %{_docdir}/%{name}/tools.html
+%doc %{_docdir}/%{name}/files.html
+%doc %{_docdir}/%{name}/opensc.conf
 %{_bindir}/*
 %{_datadir}/applications/*.desktop
 %{_datadir}/opensc