Accepting request 635547 from home:kbabioch:branches:security:chipcard

- Update to version 0.19.0 * Fixed multiple security problems (out of bound writes/reads): * CVE-2018-16391 (bsc#1106998) * CVE-2018-16392 (bsc#1106999) * CVE-2018-16393 (bsc#1108318) * CVE-2018-16418 (bsc#1107039) * CVE-2018-16419 (bsc#1107107) * CVE-2018-16420 (bsc#1107097) * CVE-2018-16421 (bsc#1107049) * CVE-2018-16422 (bsc#1107038) * CVE-2018-16423 (bsc#1107037) * CVE-2018-16424 (bsc#1107036) * CVE-2018-16425 (bsc#1107035) * CVE-2018-16426 (bsc#1107034) * CVE-2018-16427 (bsc#1107033) * Workaround cards returning short signatures without leading zeroes * Distribute minimal opensc.conf * `pkcs11_enable_InitToken made` global configuration option * Modify behavior of `OPENSC_DRIVER` environment variable to restrict driver list instead of forcing one driver and skipping vital parts of configuration * Removed configuration options `zero_ckaid_for_ca_certs`, `force_card_driver`, `reopen_debug_file`, `paranoid-memory` * Generalized configuration option `ignored_readers` * If card initialization fails, continue card detection with other card drivers * reader-pcsc: allow fixing the length of a PIN * fixed crash during `C_WaitForSlotEvent` * Allow cancelling the PIN pad prompt before starting the reader transaction. Whether to start the transaction immediately or not is user-configurable OBS-URL: https://build.opensuse.org/request/show/635547 OBS-URL: https://build.opensuse.org/package/show/security:chipcard/opensc?expand=0&rev=55
2018-09-25 14:35:23 +00:00 · 2018-09-25 14:35:23 +00:00 · ff4ec9e2c8
commit ff4ec9e2c8
parent defc0af54f
7 changed files with 53 additions and 108 deletions
--- a/opensc-0.18.0.tar.gz
+++ b/opensc-0.18.0.tar.gz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:9bc0ff030dd1c10f646d54415eae1bb2b1c72dda710378343f027e17cd8c3757
 size 2037073
--- a/opensc-0.19.0.tar.gz
+++ b/opensc-0.19.0.tar.gz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:2c5a0e4df9027635290b9c0f3addbbf0d651db5ddb0ab789cb0e978f02fd5826
 size 2080320
--- a/opensc-bash-completions.patch
+++ b/opensc-bash-completions.patch
@ -1,45 +0,0 @@
 From b0a20fa7ca30dc6c6198954fadc5a7fe812834dc Mon Sep 17 00:00:00 2001
 From: Stanislav Brabec <sbrabec@suse.com>
 Date: Fri, 22 Jun 2018 16:38:38 +0200
 Subject: [PATCH] Use correct bash-completion path
 Recent versions of bash is leaving /etc/bash_completion.d. The correct
 directory is specified by pkg-config --variable completionsdir
 bash-completion.
 Fixes https://github.com/OpenSC/OpenSC/issues/1403
 ---
 configure.ac          | 4 ++++
 doc/tools/Makefile.am | 1 -
 2 files changed, 4 insertions(+), 1 deletion(-)
 diff --git a/configure.ac b/configure.ac
 index 700b14dc..6abad0b7 100644
 --- a/configure.ac
 +++ b/configure.ac
@@ -839,6 +839,10 @@ if test "${enable_cryptotokenkit}" = "yes"; then
 	fi
 	AC_DEFINE([ENABLE_CRYPTOTOKENKIT], [1], [Define if CryptoTokenKit is to be enabled])
 fi
 +PKG_CHECK_MODULES([BASH_COMPLETION], [bash-completion >= 2.0],
 +	[completiondir="`pkg-config --variable=completionsdir bash-completion`"],
 +	[completiondir="${sysconfdir}/bash_completion.d"])
 +AC_SUBST([completiondir])
 AC_SUBST(DYN_LIB_EXT)
 diff --git a/doc/tools/Makefile.am b/doc/tools/Makefile.am
 index 17e4fbf1..4e2d941c 100644
 --- a/doc/tools/Makefile.am
 +++ b/doc/tools/Makefile.am
@@ -15,7 +15,6 @@ man5_MANS = $(patsubst $(srcdir)/%.xml, %, $(wildcard $(srcdir)/*.5.xml))
 endif
 completion_DATA = $(patsubst $(srcdir)/%.1.xml, %, $(wildcard $(srcdir)/*.1.xml))
 -completiondir = $(sysconfdir)/bash_completion.d
 tools.html: $(srcdir)/tools.xml $(wildcard $(srcdir)/*.1.xml) $(wildcard $(srcdir)/*.5.xml)
 	$(XSLTPROC) --nonet --path "$(srcdir)/..:$(xslstylesheetsdir)/html" --xinclude -o $@ html.xsl $<
 -- 
 2.18.0
--- a/opensc-desktop.patch
+++ b/opensc-desktop.patch
@ -1,22 +0,0 @@
 Backport.
 From d831076974f02dc7714f92526e6352ab18aee748 Mon Sep 17 00:00:00 2001
 From: Frank Morgner <frankmorgner@gmail.com>
 Date: Fri, 22 Jun 2018 08:47:06 +0200
 Subject: [PATCH] opensc-notify: use generic icon
 fixes https://github.com/OpenSC/OpenSC/issues/1402
 ---
 src/tools/org.opensc.notify.desktop.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 Index: opensc-0.18.0/src/tools/org.opensc.notify.desktop.in
 ===================================================================
 --- opensc-0.18.0.orig/src/tools/org.opensc.notify.desktop.in
 +++ opensc-0.18.0/src/tools/org.opensc.notify.desktop.in
@@ -3,5 +3,5 @@ Name=OpenSC Notify
 Type=Application
 Comment=Monitor smart card events to send notifications.
 Exec=@bindir@/opensc-notify
 -Icon=preferences-system-notifications
 +Icon=utilities-system-monitor
 Categories=Security;System;
--- a/opensc-desktop2.patch
+++ b/opensc-desktop2.patch
@ -1,25 +0,0 @@
 From 4db9db7403cd5c49efc97ce6eac4ab5b4cd46e66 Mon Sep 17 00:00:00 2001
 From: Stanislav Brabec <sbrabec@suse.com>
 Date: Wed, 27 Jun 2018 21:20:04 +0200
 Subject: [PATCH] Add GenericName to the desktop file
 Add optional GenericName to org.opensc.notify.desktop. GenericName is
 recently widely used for menu rendering in desktop environments.
 ---
 src/tools/org.opensc.notify.desktop.in | 1 +
 1 file changed, 1 insertion(+)
 diff --git a/src/tools/org.opensc.notify.desktop.in b/src/tools/org.opensc.notify.desktop.in
 index 20e217d6..1c8755c4 100644
 --- a/src/tools/org.opensc.notify.desktop.in
 +++ b/src/tools/org.opensc.notify.desktop.in
@@ -1,5 +1,6 @@
 [Desktop Entry]
 Name=OpenSC Notify
 +GenericName=Smard card notification
 Type=Application
 Comment=Monitor smart card events to send notifications.
 Exec=@bindir@/opensc-notify
 -- 
 2.18.0
--- a/opensc.changes
+++ b/opensc.changes
@ -1,3 +1,47 @@
 -------------------------------------------------------------------
 Thu Sep 13 13:46:43 UTC 2018 - Karol Babioch <kbabioch@suse.com>
 - Update to version 0.19.0
  * Fixed multiple security problems (out of bound writes/reads):
    * CVE-2018-16391 (bsc#1106998)
    * CVE-2018-16392 (bsc#1106999)
    * CVE-2018-16393 (bsc#1108318)
    * CVE-2018-16418 (bsc#1107039)
    * CVE-2018-16419 (bsc#1107107)
    * CVE-2018-16420 (bsc#1107097)
    * CVE-2018-16421 (bsc#1107049)
    * CVE-2018-16422 (bsc#1107038)
    * CVE-2018-16423 (bsc#1107037)
    * CVE-2018-16424 (bsc#1107036)
    * CVE-2018-16425 (bsc#1107035)
    * CVE-2018-16426 (bsc#1107034)
    * CVE-2018-16427 (bsc#1107033)
  * Workaround cards returning short signatures without leading zeroes
  * Distribute minimal opensc.conf
  * `pkcs11_enable_InitToken made` global configuration option
  * Modify behavior of `OPENSC_DRIVER` environment variable to restrict driver
    list instead of forcing one driver and skipping vital parts of
    configuration
  * Removed configuration options `zero_ckaid_for_ca_certs`,
    `force_card_driver`, `reopen_debug_file`, `paranoid-memory`
  * Generalized configuration option `ignored_readers`
  * If card initialization fails, continue card detection with other card
    drivers
  * reader-pcsc: allow fixing the length of a PIN
  * fixed crash during `C_WaitForSlotEvent`
  * Allow cancelling the PIN pad prompt before starting the reader transaction.
    Whether to start the transaction immediately or not is user-configurable
    for each application
  * opensc-notify
    * add Exit button to tray icon
    * User better description (GenericName) and a generic application icon
    * Do not display in the application list
 - Removed patches included upstream now:
  * opensc-desktop.patch
  * opensc-desktop2.patch
  * opensc-bash-completions.patch
 - Applied spec-cleaner
 -------------------------------------------------------------------
 Tue Jul 10 16:56:28 CEST 2018 - sbrabec@suse.com
--- a/opensc.spec
+++ b/opensc.spec
@ -16,25 +16,20 @@
 #
 %define completionsdir %(pkg-config --variable completionsdir bash-completion)
 Name:           opensc
-Version:        0.18.0
+Version:        0.19.0
 Release:        0
 Summary:        Smart Card Utilities
 License:        LGPL-2.1-or-later
 Group:          Productivity/Security
-Url:            https://github.com/OpenSC/OpenSC/wiki
+URL:            https://github.com/OpenSC/OpenSC/wiki
 Source:         https://github.com/OpenSC/OpenSC/releases/download/%{version}/%{name}-%{version}.tar.gz
 Source1:        baselibs.conf
 Source2:        %{name}-rpmlintrc
 # Register with p11-kit
 # https://web.archive.org/web/20111225073733/http://www.opensc-project.org/opensc/ticket/390
 Source3:        opensc.module
 # PATCH-FIX-UPSTREAM opensc-desktop.patch https://github.com/OpenSC/OpenSC/issues/1402 sbrabec@suse.com -- Fix desktop file.
 Patch1:         opensc-desktop.patch
 # PATCH-FIX-UPSTREAM opensc-bash-completions.patch sbrabec@suse.com https://github.com/OpenSC/OpenSC/issues/1403 -- Use correct bash-completion path.
 Patch2:         opensc-bash-completions.patch
 # PATCH-FEATURE-OPENSUSE opensc-desktop2.patch https://github.com/OpenSC/OpenSC/issues/1402 sbrabec@suse.com -- Add GenericName to the desktop file.
 Patch3:         opensc-desktop2.patch
 BuildRequires:  docbook-xsl-stylesheets
 BuildRequires:  libtool
 BuildRequires:  libxslt
@ -46,7 +41,6 @@ BuildRequires:  pkgconfig(openssl)
 Requires:       pcsc-lite
 # There is no more devel package.
 Obsoletes:      opensc-devel < %{version}
 %define completionsdir %(pkg-config --variable completionsdir bash-completion)
 %description
 OpenSC provides a set of utilities to access smart cards. It mainly
@ -65,9 +59,6 @@ may require third party proprietary software.
 %prep
 %setup -q
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
 %build
 autoreconf -fvi
@ -90,10 +81,12 @@ install -D -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/pkcs11/modules/opensc.mo
 %files
 %doc %dir %{_docdir}/%{name}
-%doc %{_docdir}/%{name}/COPYING
+%license %{_docdir}/%{name}/COPYING
 %doc %{_docdir}/%{name}/NEWS
 %doc %{_docdir}/%{name}/README
 %doc %{_docdir}/%{name}/tools.html
 %doc %{_docdir}/%{name}/files.html
 %doc %{_docdir}/%{name}/opensc.conf
 %{_bindir}/*
 %{_datadir}/applications/*.desktop
 %{_datadir}/opensc