SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for opensc-debugsource-0.24.0-4.1.x86_64.rpm :

* Sun Feb 25 2024 Martin Schreiner - Add CVE-2024-1454.patch. Fix for CVE-2024-1454 / bsc#1219868.
* Wed Dec 13 2023 Otto Hollmann - Update to OpenSC 0.24.0:
* Security - CVE-2023-40660: Fix Potential PIN bypass (#2806, frankmorgner/OpenSCToken#50, #2807) - CVE-2023-40661: Important dynamic analyzers reports - CVE-2023-4535: Out-of-bounds read in MyEID driver handling encryption using symmetric keys (f1993dc)
* General improvements - Fix compatibility of EAC with OpenSSL 3.0 (#2674) - Enable use_file_cache by default (#2501) - Use custom libctx with OpenSSL >= 3.0 (#2712, #2715) - Fix record-based files (#2604) - Fix several race conditions (#2735) - Run tests under Valgrind (#2756) - Test signing of data bigger than 512 bytes (#2789) - Update to OpenPACE 1.1.3 (#2796) - Implement logout for some of the card drivers (#2807) - Fix wrong popup position of opensc-notify (#2901) - Fixed various issues reported by OSS-Fuzz and Coverity regarding card drivers, PKCS#11 and PKCS#15 init
* PKCS#11 - Check card presence state in C_GetSessionInfo (#2740) - Remove onepin-opensc-pkcs11 module (#2681) - Do not use colons in the token info label (#2760) - Present profile objects in all slots with the CKA_TOKEN attribute to resolve issues with NSS (#2928, #2924) - Use secure memory for PUK (#2906) - Don\'t logout to preserve concurrent access from different processes (#2907) - Add more examples to manual page (#2936) - Present profile objects in all virtual slots (#2928) - Provide CKA_TOKEN attribute for profile objects (#2924) - Improve --slot parameter documentation (#2951)
* PKCS#15 - Honor cache offsets when writing file cache (#2858) - Prevent needless amount of PIN prompts from pkcs15init layer (#2916) - Propagate CKA_EXTRACTABLE and SC_PKCS15_PRKEY_ACCESS_SENSITIVE from and back to PKCS#11 (#2936)
* Minidriver - Fix for private keys that do not need a PIN (#2722) - Unbreak decipher when the first null byte of PKCS#1.5 padding is missing (#2939
*
* pkcs11-tool - Fix RSA key import with OpenSSL 3.0 (#2656) - Add support for attribute filtering when listing objects (#2687) - Add support for --private flag when writing certificates (#2768) - Add support for non-AEAD ciphers to the test mode (#2780) - Show CKA_SIGN attribute for secret keys (#2862) - Do not attempt to read CKA_ALWAYS_AUTHENTICATE on secret keys (#2864, #2913) - Show Sign/VerifyRecover attributes (#2888) - Add option to import generic keys (#2955)
* westcos-tool - Generate 2k RSA keys by default (b53fc5c)
* pkcs11-register - Disable autostart on Linux by default (#2680)
* IDPrime - Add support for IDPrime MD 830, 930 and 940 (#2666) - Add support for SafeNet eToken 5110 token (#2812) - Process index even without keyrefmap and use correct label for second PIN (#2878) - Add support for Gemalto IDPrime 940C (#2941)
* EPass2003 - Change of PIN requires verification of the PIN (#2759) - Fix incorrect CMAC computation for subkeys (#2759, issue #2734) - Use true random number for mutual authentication for SM (#2766) - Add verification of data coming from the token in the secure messaging mode (#2772) - Avoid success when using unsupported digest and fix data length for RAW ECDSA signatures (#2845)
* OpenPGP - Fix select data command (#2753, issue #2752) - Unbreak ed/curve25519 support (#2892)
* eOI - Add support for Slovenian eID card (eOI) (#2646)
* Italian CNS - Add support for IDEMIA (Oberthur) tokens (#2483)
* PIV - Add support for Swissbit iShield FIDO2 Authenticator (#2671) - Implement PIV secure messaging (#2053)
* SkeID - Add support for Slovak eID cards (#2672)
* isoApplet - Support ECDSA with off-card hashing (#2642)
* MyEID - Fix WRAP operation when using T0 (#2695) - Identify changes on the card and enable use_file_cache (#2798) - Workaround for unwrapping using 2K RSA key (#2921)
* SC-HSM - Add support for opensc-tool --serial (#2675) - Fix unwrapping of 4096 keys with handling reader limits (#2682) - Indicate supported hashes and MGF1s (#2827)- Remove patches:
* opensc-CVE-2023-40660-1of2.patch
* opensc-CVE-2023-40660-2of2.patch
* opensc-CVE-2023-40661-1of12.patch
* opensc-CVE-2023-40661-2of12.patch
* opensc-CVE-2023-40661-3of12.patch
* opensc-CVE-2023-40661-4of12.patch
* opensc-CVE-2023-40661-5of12.patch
* opensc-CVE-2023-40661-6of12.patch
* opensc-CVE-2023-40661-7of12.patch
* opensc-CVE-2023-40661-8of12.patch
* opensc-CVE-2023-40661-9of12.patch
* opensc-CVE-2023-40661-10of12.patch
* opensc-CVE-2023-40661-11of12.patch
* opensc-CVE-2023-40661-12of12.patch
* opensc-CVE-2023-4535.patch
* opensc-CVE-2023-2977.patch
* opensc-NULL_pointer_fix.patch
* Fri Oct 06 2023 Otto Hollmann - Security Fix: [CVE-2023-40661, bsc#1215761]
* opensc: multiple memory issues with pkcs15-init (enrollment tool)
* Add patches: - opensc-CVE-2023-40661-1of12.patch - opensc-CVE-2023-40661-2of12.patch - opensc-CVE-2023-40661-3of12.patch - opensc-CVE-2023-40661-4of12.patch - opensc-CVE-2023-40661-5of12.patch - opensc-CVE-2023-40661-6of12.patch - opensc-CVE-2023-40661-7of12.patch - opensc-CVE-2023-40661-8of12.patch - opensc-CVE-2023-40661-9of12.patch - opensc-CVE-2023-40661-10of12.patch - opensc-CVE-2023-40661-11of12.patch - opensc-CVE-2023-40661-12of12.patch
* Thu Oct 05 2023 Otto Hollmann - Security Fix: [CVE-2023-4535, bsc#1215763]
* Add patches: - opensc-CVE-2023-4535.patch - opensc-NULL_pointer_fix.patch
* Wed Oct 04 2023 Otto Hollmann - Security Fix: [CVE-2023-40660, bsc#1215762]
* opensc: PIN bypass when card tracks its own login state
* Add patches: - opensc-CVE-2023-40660-1of2.patch - opensc-CVE-2023-40660-2of2.patch
* Thu Jun 01 2023 Otto Hollmann - Security Fix: [CVE-2023-2977, bsc#1211894]
* opensc: out of bounds read in pkcs15 cardos_have_verifyrc_package()
* Add opensc-CVE-2023-2977.patch
* Tue Nov 29 2022 Michael Ströder - Update to OpenSC 0.23.0:
* General improvements - Support signing of data with a length of more than 512 bytes (#2314) - By default, disable support for old card drivers (#2391) and remove support for old drivers MioCOS and JCOP (#2374) - Bump minimal required OpenSSL version to 1.1.1 and add support for OpenSSL 3.0 (#2438, #2506) - Compatibility with LibreSSL (#2495, #2595) - Remove support for DSA (#2503) - Extend p11test to support symmetric keys (#2430) - Notice detached reader on macOS (#2418) - Support for OAEP padding (#2475, #2484) - Fix for PSS salt length (#2478) - Improve fuzzing by adding new tests (#2417, #2500, #2520, #2550, #2637) - Fixed various issues reported by OSS-Fuzz and Coverity regarding card drivers, PKCS#11 and PKCS#15 init - Fix issues with OpenPACE (#2472) - Containers support for local testing - Add support for encryption and decryption using symmetric keys (#2473, #2607) - Stop building support for Gost algorithms with OpenSSL 3.0 as they require deprecated API (#2586) - Fix detection of disconnected readers in PCSC (#2600) - Add configuration option for on-disk caching of private data (#2588) - Skip building empty binaries when dependencies are missing and remove needless linking (#2617) - Define arm64 as a supported architecture in the Installer package (#2610)
* PKCS#11 - Implement C_CreateObject for EC keys and fix signature verification for CKM_ECDSA_SHAx cards (#2420)
* pkcs11-tool - Add more elliptic curves (#2301) - Add support for symmetric encrypt and decrypt, wrap and unwrap operations, and initialization vector (#2268) - Fix consistent handling of secret key attributes (#2497) - Add support for signing and verifying with HMAC (#2385) - Add support for SHA3 (#2467) - Make object selectable via label (#2570) - Do not require an R/W session for some operations and add --session-rw option (#2579) - Print more information: CKA_UNIQUE_ID attribute, SHA3 HMACs and serial number for certificates (#2644, #2643, #2641) - Add new option --undestroyable to create keys with CKA_DESTROYABLE=FALSE (#2645)
* sc-hsm-tool - Add options for public key authentication (#2301)
* Minidriver - Fix reinit of the card (#2525) - Add an entry for Italian CNS (e) (#2548) - Fix detection of ECC mechanisms (#2523) - Fix ATRs before adding them to the windows registry (#2628)
* NQ-Applet - Add support for the JCOP4 Cards with NQ-Applet (#2425)
* ItaCNS - Add support for ItaCMS v1.1 (key length 2048) (#2371)
* Belpic - Add support for applet v1.8 (#2455)
* Starcos - Add ATR for V3.4 (#2464) - Add PKCS#15 emulator for 3.x cards with eSign app (#2544)
* ePass2003 - Fix PKCS#15 initialization (#2403) - Add support for FIPS (#2543) - Fix matching with newer versions and tokens initialized with OpenSC (#2575)
* MyEID - Support logout operation (#2557) - Support for symmetric encryption and decryption (#2473, #2607)
* GIDS - Fix decipher for TPM (#1881)
* OpenPGP - Get the list of supported algorithms from algorithm information on the card (#2287) - Support for 3 certificates with OpenPGP 3+ (#2103)
* nPA - Fix card detection (#2463)
* Rutoken - Fix formatting rtecp cards (#2599)
* PIV - Add new PIVKey ATRs for current cards (#2602)
* Mon Oct 04 2021 Daniel Donisa - Update to OpenSC 0.22.0:
* Removed changes in opensc-gcc11.patch already present in upstream. - See https://github.com/OpenSC/OpenSC/pull/2241/commits/e549e9c62eb4fcd2260800e2665071e4dd9bbbda
* Removed some false positives from the openrc-rpmlintrc file.
* Use standard paths for file cache on Linux (#2148) and OSX (#2214)
* Various issues of memory/buffer handling in legacy drivers mostly reported by oss-fuzz and coverity (tcos, oberthur, isoapplet, iasecc, westcos, gpk, flex, dnie, mcrd, authentic, belpic)
* Add threading test to `pkcs11-tool` (#2067)
* Add support to generate generic secret keys (#2140)
* `opensc-explorer`: Print information about LCS (Life cycle status byte) (#2195)
* Add support for Apple\'s arm64 (M1) binaries, removed TokenD. A seperate installer with TokenD (and without arm64 binaries) will be available (#2179).
* Support for gcc11 and its new strict aliasing rules (#2241, #2260)
* Initial support for building with OpenSSL 3.0 (#2343)
* pkcs15-tool: Write data objects in binary mode (#2324)
* Avoid limited size of log messages (#2352)
* Support for ECDSA verification (#2211)
* Support for ECDSA with different SHA hashes (#2190)
* Prevent issues in p11-kit by not returning unexpected return codes (#2207)
* Add support for PKCS#11 3.0: The new interfaces, profile objects and functions (#2096, #2293)
* Standardize the version 2 on 2.20 in the code (#2096)
* Fix CKA_MODIFIABLE and CKA_EXTRACTABLE (#2176)
* Copy arguments of C_Initialize (#2350)
* Fix RSA-PSS signing (#2234)
* Fix DO deletion (#2215)
* Add support for (X)EdDSA keys (#1960)
* Add support for applet version 3 and fix RSA-PSS mechanisms (#2205)
* Add support for applet version 4 (#2332)
* New configuration option for opensc.conf to disable pkcs1_padding (#2193)
* Add support for ECDSA with different hashes (#2190)
* Enable more mechanisms (#2178)
* Fixed asking for a user pin when formatting a card (#1737)
* Added support for French CPx Healthcare cards (#2217)
* Added ATR for new CardOS 5.4 version (#2296)
* Fixes security issues:
* tcos: use after return (bsc#1192005, CVE-2021-42780)
* oberthur: use after free (bsc#1191992, CVE-2021-42779)
* oberthur: multiple heap buffer overflows (bsc#1192000, CVE-2021-42781)
* multiple stack buffer overflow issues (bsc#1191957, CVE-2021-42782)
* Sun Jun 27 2021 Predrag Ivanović - Fix build on GCC11
* Add opensc-gcc11.patch from Fedora (https://github.com/OpenSC/OpenSC/pull/2241/)
* Fri Mar 12 2021 Dirk Müller - move licenses to licensedir
  
ICM