Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: opensc | Distribution: openSUSE Tumbleweed |
Version: 0.25.1 | Vendor: openSUSE |
Release: 2.1 | Build date: Tue Oct 1 08:30:06 2024 |
Group: Productivity/Security | Build host: reproducible |
Size: 3499770 | Source RPM: opensc-0.25.1-2.1.src.rpm |
Packager: https://bugs.opensuse.org | |
Url: https://github.com/OpenSC/OpenSC/wiki | |
Summary: Smart Card Utilities |
OpenSC provides a set of utilities to access smart cards. It mainly focuses on cards that support cryptographic operations. It facilitates their use in security applications such as mail encryption, authentication, and digital signature. OpenSC implements the PKCS#11 API. Applications supporting this API, such as Mozilla Firefox and Thunderbird, can use it. OpenSC implements the PKCS#15 standard and aims to be compatible with every software that does so, too. Before purchasing any cards, please read carefully documentation on the web pageonly some cards are supported. Not only card type matters, but also card version, card OS version and preloaded applet. Only subset of possible operations may be supported for your card. Card initialization may require third party proprietary software.
LGPL-2.1-or-later
* Tue Oct 01 2024 Angel Yankov <angel.yankov@suse.com> - - Security fix: [CVE-2024-8443, bsc#1230364] * opensc: heap buffer overflow in OpenPGP driver when generating key * Added patch: opensc-CVE-2024-8443.patch * Tue Oct 01 2024 Angel Yankov <angel.yankov@suse.com> - Security fix: [opensc-CVE-2024-45620, bsc#1230076] - Security fix: [opensc-CVE-2024-45619, bsc#1230075] - Security fix: [opensc-CVE-2024-45618, bsc#1230074] - Security fix: [opensc-CVE-2024-45617, bsc#1230073] - Security fix: [opensc-CVE-2024-45616, bsc#1230072] - Security fix: [opensc-CVE-2024-45615, bsc#1230071] * opensc: pkcs15init: Usage of uninitialized values in libopensc and pkcs15init * opensc: Uninitialized values after incorrect check or usage of APDU response values in libopensc * opensc: Uninitialized values after incorrect or missing checking return values of functions in libopensc * opensc: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init * opensc: Incorrect handling length of buffers or files in libopensc * opensc: Incorrect handling of the length of buffers or files in pkcs15init * Added patches: - opensc-CVE-2024-45615.patch - opensc-CVE-2024-45616.patch - opensc-CVE-2024-45617.patch - opensc-CVE-2024-45618.patch - opensc-CVE-2024-45619.patch - opensc-CVE-2024-45620.patch * Fri Apr 05 2024 Martin Hauke <mardnh@gmx.de> - Update to verion 0.25.1 General improvements * Add missing file to dist tarball to build documentation. minidriver * Fix RSA decryption with PKCS#1 v1.5 padding. * Fix crash when app is not set. * Wed Mar 13 2024 Martin Hauke <mardnh@gmx.de> - Build with support for libeac (OpenPACE) * Sat Mar 09 2024 Martin Hauke <mardnh@gmx.de> - Update to version 0.25.0 Security * CVE-2023-5992: Fix Side-channel leaks while stripping encryption PKCS#1.5 padding in OpenSC. * CVE-2024-1454: Fix Potential use-after-free in AuthentIC driver during card enrollment in pkcs15init. General improvements * Remove support for old card drivers Akis, GPK, Incrypto34 and Westcos, disable Cyberflex driver. * Fix 64b to 32b conversions. * Improvements for the p11test. * Fix reader initialization without SCardControl. * Make RSA PKCS#1 v1.5 depadding constant-time. * Add option for disabling PKCS#1 v1.5 depadding (type 01 and 02) on the card. * Fixed various issues reported by OSS-Fuzz and Coverity in drivers, PKCS#11 and PKCS#15 layer. - Add patch: * opensc-docbook-xsl-fix.patch - Drop not longer needed patches: * CVE-2024-1454.patch - Introduce subpackage for bash-completion * Sun Feb 25 2024 Martin Schreiner <martin.schreiner@suse.com> - Add CVE-2024-1454.patch. Fix for CVE-2024-1454 / bsc#1219868. * Wed Dec 13 2023 Otto Hollmann <otto.hollmann@suse.com> - Update to OpenSC 0.24.0: * Security - CVE-2023-40660: Fix Potential PIN bypass (#2806, frankmorgner/OpenSCToken#50, #2807) - CVE-2023-40661: Important dynamic analyzers reports - CVE-2023-4535: Out-of-bounds read in MyEID driver handling encryption using symmetric keys (f1993dc) * General improvements - Fix compatibility of EAC with OpenSSL 3.0 (#2674) - Enable use_file_cache by default (#2501) - Use custom libctx with OpenSSL >= 3.0 (#2712, #2715) - Fix record-based files (#2604) - Fix several race conditions (#2735) - Run tests under Valgrind (#2756) - Test signing of data bigger than 512 bytes (#2789) - Update to OpenPACE 1.1.3 (#2796) - Implement logout for some of the card drivers (#2807) - Fix wrong popup position of opensc-notify (#2901) - Fixed various issues reported by OSS-Fuzz and Coverity regarding card drivers, PKCS#11 and PKCS#15 init * PKCS#11 - Check card presence state in C_GetSessionInfo (#2740) - Remove onepin-opensc-pkcs11 module (#2681) - Do not use colons in the token info label (#2760) - Present profile objects in all slots with the CKA_TOKEN attribute to resolve issues with NSS (#2928, #2924) - Use secure memory for PUK (#2906) - Don't logout to preserve concurrent access from different processes (#2907) - Add more examples to manual page (#2936) - Present profile objects in all virtual slots (#2928) - Provide CKA_TOKEN attribute for profile objects (#2924) - Improve --slot parameter documentation (#2951) * PKCS#15 - Honor cache offsets when writing file cache (#2858) - Prevent needless amount of PIN prompts from pkcs15init layer (#2916) - Propagate CKA_EXTRACTABLE and SC_PKCS15_PRKEY_ACCESS_SENSITIVE from and back to PKCS#11 (#2936) * Minidriver - Fix for private keys that do not need a PIN (#2722) - Unbreak decipher when the first null byte of PKCS#1.5 padding is missing (#2939* * pkcs11-tool - Fix RSA key import with OpenSSL 3.0 (#2656) - Add support for attribute filtering when listing objects (#2687) - Add support for --private flag when writing certificates (#2768) - Add support for non-AEAD ciphers to the test mode (#2780) - Show CKA_SIGN attribute for secret keys (#2862) - Do not attempt to read CKA_ALWAYS_AUTHENTICATE on secret keys (#2864, #2913) - Show Sign/VerifyRecover attributes (#2888) - Add option to import generic keys (#2955) * westcos-tool - Generate 2k RSA keys by default (b53fc5c) * pkcs11-register - Disable autostart on Linux by default (#2680) * IDPrime - Add support for IDPrime MD 830, 930 and 940 (#2666) - Add support for SafeNet eToken 5110 token (#2812) - Process index even without keyrefmap and use correct label for second PIN (#2878) - Add support for Gemalto IDPrime 940C (#2941) * EPass2003 - Change of PIN requires verification of the PIN (#2759) - Fix incorrect CMAC computation for subkeys (#2759, issue #2734) - Use true random number for mutual authentication for SM (#2766) - Add verification of data coming from the token in the secure messaging mode (#2772) - Avoid success when using unsupported digest and fix data length for RAW ECDSA signatures (#2845) * OpenPGP - Fix select data command (#2753, issue #2752) - Unbreak ed/curve25519 support (#2892) * eOI - Add support for Slovenian eID card (eOI) (#2646) * Italian CNS - Add support for IDEMIA (Oberthur) tokens (#2483) * PIV - Add support for Swissbit iShield FIDO2 Authenticator (#2671) - Implement PIV secure messaging (#2053) * SkeID - Add support for Slovak eID cards (#2672) * isoApplet - Support ECDSA with off-card hashing (#2642) * MyEID - Fix WRAP operation when using T0 (#2695) - Identify changes on the card and enable use_file_cache (#2798) - Workaround for unwrapping using 2K RSA key (#2921) * SC-HSM - Add support for opensc-tool --serial (#2675) - Fix unwrapping of 4096 keys with handling reader limits (#2682) - Indicate supported hashes and MGF1s (#2827) - Remove patches: * opensc-CVE-2023-40660-1of2.patch * opensc-CVE-2023-40660-2of2.patch * opensc-CVE-2023-40661-1of12.patch * opensc-CVE-2023-40661-2of12.patch * opensc-CVE-2023-40661-3of12.patch * opensc-CVE-2023-40661-4of12.patch * opensc-CVE-2023-40661-5of12.patch * opensc-CVE-2023-40661-6of12.patch * opensc-CVE-2023-40661-7of12.patch * opensc-CVE-2023-40661-8of12.patch * opensc-CVE-2023-40661-9of12.patch * opensc-CVE-2023-40661-10of12.patch * opensc-CVE-2023-40661-11of12.patch * opensc-CVE-2023-40661-12of12.patch * opensc-CVE-2023-4535.patch * opensc-CVE-2023-2977.patch * opensc-NULL_pointer_fix.patch * Fri Oct 06 2023 Otto Hollmann <otto.hollmann@suse.com> - Security Fix: [CVE-2023-40661, bsc#1215761] * opensc: multiple memory issues with pkcs15-init (enrollment tool) * Add patches: - opensc-CVE-2023-40661-1of12.patch - opensc-CVE-2023-40661-2of12.patch - opensc-CVE-2023-40661-3of12.patch - opensc-CVE-2023-40661-4of12.patch - opensc-CVE-2023-40661-5of12.patch - opensc-CVE-2023-40661-6of12.patch - opensc-CVE-2023-40661-7of12.patch - opensc-CVE-2023-40661-8of12.patch - opensc-CVE-2023-40661-9of12.patch - opensc-CVE-2023-40661-10of12.patch - opensc-CVE-2023-40661-11of12.patch - opensc-CVE-2023-40661-12of12.patch * Thu Oct 05 2023 Otto Hollmann <otto.hollmann@suse.com> - Security Fix: [CVE-2023-4535, bsc#1215763] * Add patches: - opensc-CVE-2023-4535.patch - opensc-NULL_pointer_fix.patch * Wed Oct 04 2023 Otto Hollmann <otto.hollmann@suse.com> - Security Fix: [CVE-2023-40660, bsc#1215762] * opensc: PIN bypass when card tracks its own login state * Add patches: - opensc-CVE-2023-40660-1of2.patch - opensc-CVE-2023-40660-2of2.patch * Thu Jun 01 2023 Otto Hollmann <otto.hollmann@suse.com> - Security Fix: [CVE-2023-2977, bsc#1211894] * opensc: out of bounds read in pkcs15 cardos_have_verifyrc_package() * Add opensc-CVE-2023-2977.patch * Tue Nov 29 2022 Michael Ströder <michael@stroeder.com> - Update to OpenSC 0.23.0: * General improvements - Support signing of data with a length of more than 512 bytes (#2314) - By default, disable support for old card drivers (#2391) and remove support for old drivers MioCOS and JCOP (#2374) - Bump minimal required OpenSSL version to 1.1.1 and add support for OpenSSL 3.0 (#2438, #2506) - Compatibility with LibreSSL (#2495, #2595) - Remove support for DSA (#2503) - Extend p11test to support symmetric keys (#2430) - Notice detached reader on macOS (#2418) - Support for OAEP padding (#2475, #2484) - Fix for PSS salt length (#2478) - Improve fuzzing by adding new tests (#2417, #2500, #2520, #2550, #2637) - Fixed various issues reported by OSS-Fuzz and Coverity regarding card drivers, PKCS#11 and PKCS#15 init - Fix issues with OpenPACE (#2472) - Containers support for local testing - Add support for encryption and decryption using symmetric keys (#2473, #2607) - Stop building support for Gost algorithms with OpenSSL 3.0 as they require deprecated API (#2586) - Fix detection of disconnected readers in PCSC (#2600) - Add configuration option for on-disk caching of private data (#2588) - Skip building empty binaries when dependencies are missing and remove needless linking (#2617) - Define arm64 as a supported architecture in the Installer package (#2610) * PKCS#11 - Implement C_CreateObject for EC keys and fix signature verification for CKM_ECDSA_SHAx cards (#2420) * pkcs11-tool - Add more elliptic curves (#2301) - Add support for symmetric encrypt and decrypt, wrap and unwrap operations, and initialization vector (#2268) - Fix consistent handling of secret key attributes (#2497) - Add support for signing and verifying with HMAC (#2385) - Add support for SHA3 (#2467) - Make object selectable via label (#2570) - Do not require an R/W session for some operations and add --session-rw option (#2579) - Print more information: CKA_UNIQUE_ID attribute, SHA3 HMACs and serial number for certificates (#2644, #2643, #2641) - Add new option --undestroyable to create keys with CKA_DESTROYABLE=FALSE (#2645) * sc-hsm-tool - Add options for public key authentication (#2301) * Minidriver - Fix reinit of the card (#2525) - Add an entry for Italian CNS (e) (#2548) - Fix detection of ECC mechanisms (#2523) - Fix ATRs before adding them to the windows registry (#2628) * NQ-Applet - Add support for the JCOP4 Cards with NQ-Applet (#2425) * ItaCNS - Add support for ItaCMS v1.1 (key length 2048) (#2371) * Belpic - Add support for applet v1.8 (#2455) * Starcos - Add ATR for V3.4 (#2464) - Add PKCS#15 emulator for 3.x cards with eSign app (#2544) * ePass2003 - Fix PKCS#15 initialization (#2403) - Add support for FIPS (#2543) - Fix matching with newer versions and tokens initialized with OpenSC (#2575) * MyEID - Support logout operation (#2557) - Support for symmetric encryption and decryption (#2473, #2607) * GIDS - Fix decipher for TPM (#1881) * OpenPGP - Get the list of supported algorithms from algorithm information on the card (#2287) - Support for 3 certificates with OpenPGP 3+ (#2103) * nPA - Fix card detection (#2463) * Rutoken - Fix formatting rtecp cards (#2599) * PIV - Add new PIVKey ATRs for current cards (#2602) * Mon Oct 04 2021 Daniel Donisa <daniel.donisa@suse.com> - Update to OpenSC 0.22.0: * Removed changes in opensc-gcc11.patch already present in upstream. - See https://github.com/OpenSC/OpenSC/pull/2241/commits/e549e9c62eb4fcd2260800e2665071e4dd9bbbda * Removed some false positives from the openrc-rpmlintrc file. * Use standard paths for file cache on Linux (#2148) and OSX (#2214) * Various issues of memory/buffer handling in legacy drivers mostly reported by oss-fuzz and coverity (tcos, oberthur, isoapplet, iasecc, westcos, gpk, flex, dnie, mcrd, authentic, belpic) * Add threading test to `pkcs11-tool` (#2067) * Add support to generate generic secret keys (#2140) * `opensc-explorer`: Print information about LCS (Life cycle status byte) (#2195) * Add support for Apple's arm64 (M1) binaries, removed TokenD. A seperate installer with TokenD (and without arm64 binaries) will be available (#2179). * Support for gcc11 and its new strict aliasing rules (#2241, #2260) * Initial support for building with OpenSSL 3.0 (#2343) * pkcs15-tool: Write data objects in binary mode (#2324) * Avoid limited size of log messages (#2352) * Support for ECDSA verification (#2211) * Support for ECDSA with different SHA hashes (#2190) * Prevent issues in p11-kit by not returning unexpected return codes (#2207) * Add support for PKCS#11 3.0: The new interfaces, profile objects and functions (#2096, #2293) * Standardize the version 2 on 2.20 in the code (#2096) * Fix CKA_MODIFIABLE and CKA_EXTRACTABLE (#2176) * Copy arguments of C_Initialize (#2350) * Fix RSA-PSS signing (#2234) * Fix DO deletion (#2215) * Add support for (X)EdDSA keys (#1960) * Add support for applet version 3 and fix RSA-PSS mechanisms (#2205) * Add support for applet version 4 (#2332) * New configuration option for opensc.conf to disable pkcs1_padding (#2193) * Add support for ECDSA with different hashes (#2190) * Enable more mechanisms (#2178) * Fixed asking for a user pin when formatting a card (#1737) * Added support for French CPx Healthcare cards (#2217) * Added ATR for new CardOS 5.4 version (#2296) * Fixes security issues: * tcos: use after return (bsc#1192005, CVE-2021-42780) * oberthur: use after free (bsc#1191992, CVE-2021-42779) * oberthur: multiple heap buffer overflows (bsc#1192000, CVE-2021-42781) * multiple stack buffer overflow issues (bsc#1191957, CVE-2021-42782) * Sun Jun 27 2021 Predrag Ivanović <predivan@mts.rs> - Fix build on GCC11 * Add opensc-gcc11.patch from Fedora (https://github.com/OpenSC/OpenSC/pull/2241/) * Fri Mar 12 2021 Dirk Müller <dmueller@suse.com> - move licenses to licensedir
/etc/eac/cvc/DESCHSMCVCA00001 /etc/eac/cvc/DESRCACC100001 /etc/opensc.conf /etc/pkcs11 /etc/pkcs11/modules /etc/pkcs11/modules/opensc.module /usr/bin/cardos-tool /usr/bin/cryptoflex-tool /usr/bin/dnie-tool /usr/bin/dtrust-tool /usr/bin/egk-tool /usr/bin/eidenv /usr/bin/gids-tool /usr/bin/goid-tool /usr/bin/iasecc-tool /usr/bin/netkey-tool /usr/bin/npa-tool /usr/bin/openpgp-tool /usr/bin/opensc-asn1 /usr/bin/opensc-explorer /usr/bin/opensc-tool /usr/bin/piv-tool /usr/bin/pkcs11-register /usr/bin/pkcs11-tool /usr/bin/pkcs15-crypt /usr/bin/pkcs15-init /usr/bin/pkcs15-tool /usr/bin/sc-hsm-tool /usr/bin/westcos-tool /usr/lib64/libopensc.la /usr/lib64/libopensc.so.11 /usr/lib64/libopensc.so.11.0.2 /usr/lib64/libsmm-local.la /usr/lib64/libsmm-local.so /usr/lib64/libsmm-local.so.11 /usr/lib64/libsmm-local.so.11.0.2 /usr/lib64/onepin-opensc-pkcs11.so /usr/lib64/opensc-pkcs11.la /usr/lib64/opensc-pkcs11.so /usr/lib64/pkcs11 /usr/lib64/pkcs11-spy.la /usr/lib64/pkcs11-spy.so /usr/lib64/pkcs11/onepin-opensc-pkcs11.so /usr/lib64/pkcs11/opensc-pkcs11.so /usr/lib64/pkcs11/pkcs11-spy.so /usr/lib64/pkgconfig/opensc-pkcs11.pc /usr/share/applications/org.opensc.notify.desktop /usr/share/doc/packages/opensc /usr/share/doc/packages/opensc/NEWS /usr/share/doc/packages/opensc/README /usr/share/doc/packages/opensc/files.html /usr/share/doc/packages/opensc/opensc.conf /usr/share/doc/packages/opensc/tools.html /usr/share/licenses/opensc /usr/share/licenses/opensc/COPYING /usr/share/man/man1/cardos-tool.1.gz /usr/share/man/man1/cryptoflex-tool.1.gz /usr/share/man/man1/dnie-tool.1.gz /usr/share/man/man1/dtrust-tool.1.gz /usr/share/man/man1/egk-tool.1.gz /usr/share/man/man1/eidenv.1.gz /usr/share/man/man1/gids-tool.1.gz /usr/share/man/man1/goid-tool.1.gz /usr/share/man/man1/iasecc-tool.1.gz /usr/share/man/man1/netkey-tool.1.gz /usr/share/man/man1/npa-tool.1.gz /usr/share/man/man1/openpgp-tool.1.gz /usr/share/man/man1/opensc-asn1.1.gz /usr/share/man/man1/opensc-explorer.1.gz /usr/share/man/man1/opensc-notify.1.gz /usr/share/man/man1/opensc-tool.1.gz /usr/share/man/man1/piv-tool.1.gz /usr/share/man/man1/pkcs11-register.1.gz /usr/share/man/man1/pkcs11-tool.1.gz /usr/share/man/man1/pkcs15-crypt.1.gz /usr/share/man/man1/pkcs15-init.1.gz /usr/share/man/man1/pkcs15-tool.1.gz /usr/share/man/man1/sc-hsm-tool.1.gz /usr/share/man/man1/westcos-tool.1.gz /usr/share/man/man5/opensc.conf.5.gz /usr/share/man/man5/pkcs15-profile.5.gz /usr/share/opensc /usr/share/opensc/asepcos.profile /usr/share/opensc/authentic.profile /usr/share/opensc/cardos.profile /usr/share/opensc/cyberflex.profile /usr/share/opensc/entersafe.profile /usr/share/opensc/epass2003.profile /usr/share/opensc/flex.profile /usr/share/opensc/gids.profile /usr/share/opensc/ias_adele_admin1.profile /usr/share/opensc/ias_adele_admin2.profile /usr/share/opensc/ias_adele_common.profile /usr/share/opensc/iasecc.profile /usr/share/opensc/iasecc_admin_eid.profile /usr/share/opensc/iasecc_generic_oberthur.profile /usr/share/opensc/iasecc_generic_pki.profile /usr/share/opensc/isoApplet.profile /usr/share/opensc/muscle.profile /usr/share/opensc/myeid.profile /usr/share/opensc/oberthur.profile /usr/share/opensc/openpgp.profile /usr/share/opensc/pkcs15.profile /usr/share/opensc/rutoken.profile /usr/share/opensc/rutoken_ecp.profile /usr/share/opensc/rutoken_lite.profile /usr/share/opensc/sc-hsm.profile /usr/share/opensc/setcos.profile /usr/share/opensc/starcos.profile
Generated by rpm2html 1.8.1
Fabrice Bellet, Wed Nov 13 00:41:02 2024