baserev update by copy to link target

• Files Changed
• Browse Source

- Update to version 0.26.0
  Security
  * CVE-2024-45615: Usage of uninitialized values in libopensc#
    and pkcs15init (#3225).
  * CVE-2024-45616: Uninitialized values after incorrect check or 
    usage of APDU response values in libopensc (#3225)
  * CVE-2024-45617: Uninitialized values after incorrect or missing
    checking return values of functions in libopensc (#3225)
  * CVE-2024-45618: Uninitialized values after incorrect or missing
    checking return values of functions in pkcs15init (#3225)
  * CVE-2024-45619: Incorrect handling length of buffers or files
    in libopensc (#3225)
  * CVE-2024-45620: Incorrect handling of the length of buffers or
    files in pkcs15init (#3225)
  * CVE-2024-8443: Heap buffer overflow in OpenPGP driver when
    generating key (#3219)
  General improvements
  * Fix reselection of DF after error in PKCS#15 layer (#3067)
  * Unify OpenSSL logging throughout code (#2922)
  * Extend the p11test to support kryoptic (#3141)
  * Fix for error in PCSC reconnection (#3150)
  * Fixed various issues reported by OSS-Fuzz and Coverity in
    drivers, PKCS#11 and PKCS#15 layer
  PKCS#15
  * Documentation for PKCS#15 profile files (#3132)
  minidriver
  * Support PinCacheAlwaysPrompt usable for PIV cards (#3167)
  pkcs11-tool
  * Show URI when listing token information (#3125) and objects
  * Do not limit size of objects to 5000 bytes (#3174)

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- - Security fix: [CVE-2024-8443, bsc#1230364]
    * opensc: heap buffer overflow in OpenPGP driver when generating key
    * Added patch: opensc-CVE-2024-8443.patch

- Security fix: [opensc-CVE-2024-45620, bsc#1230076]
- Security fix: [opensc-CVE-2024-45619, bsc#1230075]
- Security fix: [opensc-CVE-2024-45618, bsc#1230074]
- Security fix: [opensc-CVE-2024-45617, bsc#1230073]
- Security fix: [opensc-CVE-2024-45616, bsc#1230072]
- Security fix: [opensc-CVE-2024-45615, bsc#1230071]
  * opensc: pkcs15init: Usage of uninitialized values in libopensc and pkcs15init
  * opensc: Uninitialized values after incorrect check or usage of APDU response values in libopensc
  * opensc: Uninitialized values after incorrect or missing checking return values of functions in libopensc
  * opensc: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init
  * opensc: Incorrect handling length of buffers or files in libopensc
  * opensc: Incorrect handling of the length of buffers or files in pkcs15init
  * Added patches:
    - opensc-CVE-2024-45615.patch
    - opensc-CVE-2024-45616.patch
    - opensc-CVE-2024-45617.patch
    - opensc-CVE-2024-45618.patch
    - opensc-CVE-2024-45619.patch
    - opensc-CVE-2024-45620.patch

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- Update to verion 0.25.1
  General improvements
  * Add missing file to dist tarball to build documentation.
  minidriver
  * Fix RSA decryption with PKCS#1 v1.5 padding.
  * Fix crash when app is not set.

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- Build with support for libeac (OpenPACE)

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- Update to version 0.25.0
  Security
  * CVE-2023-5992: Fix Side-channel leaks while stripping
    encryption PKCS#1.5 padding in OpenSC.
  * CVE-2024-1454: Fix Potential use-after-free in AuthentIC driver
    during card enrollment in pkcs15init.
  General improvements
  * Remove support for old card drivers Akis, GPK, Incrypto34 and
    Westcos, disable Cyberflex driver.
  * Fix 64b to 32b conversions.
  * Improvements for the p11test.
  * Fix reader initialization without SCardControl.
  * Make RSA PKCS#1 v1.5 depadding constant-time.
  * Add option for disabling PKCS#1 v1.5 depadding (type 01 and 02)
    on the card.
  * Fixed various issues reported by OSS-Fuzz and Coverity in
    drivers, PKCS#11 and PKCS#15 layer.
- Add patch:
  * opensc-docbook-xsl-fix.patch
- Drop not longer needed patches:
  * CVE-2024-1454.patch
- Introduce subpackage for bash-completion

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

bnc => bsc... it's been many moons that SUSE was not part of
Novell anymore and we are not using Novell's bugzilla instance

  Fix for CVE-2024-1454 / bsc#1219868.

• Files Changed
• Browse Source

- Add CVE-2024-1454.patch.
  Fix for CVE-2024-1454 / bnc#1219868.

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- Update to OpenSC 0.24.0:
  * Security
    - CVE-2023-40660: Fix Potential PIN bypass
      (#2806, frankmorgner/OpenSCToken#50, #2807)
    - CVE-2023-40661: Important dynamic analyzers reports
    - CVE-2023-4535: Out-of-bounds read in MyEID driver handling encryption
      using symmetric keys (f1993dc)
  * General improvements
    - Fix compatibility of EAC with OpenSSL 3.0 (#2674)
    - Enable use_file_cache by default (#2501)
    - Use custom libctx with OpenSSL >= 3.0 (#2712, #2715)
    - Fix record-based files (#2604)
    - Fix several race conditions (#2735)
    - Run tests under Valgrind (#2756)
    - Test signing of data bigger than 512 bytes (#2789)
    - Update to OpenPACE 1.1.3 (#2796)
    - Implement logout for some of the card drivers (#2807)
    - Fix wrong popup position of opensc-notify (#2901)
    - Fixed various issues reported by OSS-Fuzz and Coverity regarding card
      drivers, PKCS#11 and PKCS#15 init
  * PKCS#11
    - Check card presence state in C_GetSessionInfo (#2740)
    - Remove onepin-opensc-pkcs11 module (#2681)
    - Do not use colons in the token info label (#2760)
    - Present profile objects in all slots with the CKA_TOKEN attribute to
      resolve issues with NSS (#2928, #2924)
    - Use secure memory for PUK (#2906)
    - Don't logout to preserve concurrent access from different processes
      (#2907)
    - Add more examples to manual page (#2936)

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- Security Fix: [CVE-2023-40661, bsc#1215761]
  * opensc: multiple memory issues with pkcs15-init (enrollment tool)
  * Add patches:
    - opensc-CVE-2023-40661-1of12.patch
    - opensc-CVE-2023-40661-2of12.patch
    - opensc-CVE-2023-40661-3of12.patch
    - opensc-CVE-2023-40661-4of12.patch
    - opensc-CVE-2023-40661-5of12.patch
    - opensc-CVE-2023-40661-6of12.patch
    - opensc-CVE-2023-40661-7of12.patch
    - opensc-CVE-2023-40661-8of12.patch
    - opensc-CVE-2023-40661-9of12.patch
    - opensc-CVE-2023-40661-10of12.patch
    - opensc-CVE-2023-40661-11of12.patch
    - opensc-CVE-2023-40661-12of12.patch

- Security Fix: [CVE-2023-4535, bsc#1215763]
  * Add patches:
    - opensc-CVE-2023-4535.patch
    - opensc-NULL_pointer_fix.patch

- Security Fix: [CVE-2023-40660, bsc#1215762]
  * opensc: PIN bypass when card tracks its own login state
  * Add patches:
    - opensc-CVE-2023-40660-1of2.patch
    - opensc-CVE-2023-40660-2of2.patch

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- Security Fix: [CVE-2023-2977, bsc#1211894]
  * opensc: out of bounds read in pkcs15 cardos_have_verifyrc_package()
  * Add opensc-CVE-2023-2977.patch

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source