Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package opensc for openSUSE:Factory checked in at 2023-12-13 18:36:41 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/opensc (Old) and /work/SRC/openSUSE:Factory/.opensc.new.25432 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "opensc" Wed Dec 13 18:36:41 2023 rev:55 rq:1132880 version:0.24.0 Changes: -------- --- /work/SRC/openSUSE:Factory/opensc/opensc.changes 2023-10-10 21:02:47.823514863 +0200 +++ /work/SRC/openSUSE:Factory/.opensc.new.25432/opensc.changes 2023-12-13 18:36:49.766543123 +0100 @@ -1,0 +2,114 @@ +Wed Dec 13 12:27:34 UTC 2023 - Otto Hollmann <[email protected]> + +- Update to OpenSC 0.24.0: + * Security + - CVE-2023-40660: Fix Potential PIN bypass + (#2806, frankmorgner/OpenSCToken#50, #2807) + - CVE-2023-40661: Important dynamic analyzers reports + - CVE-2023-4535: Out-of-bounds read in MyEID driver handling encryption + using symmetric keys (f1993dc) + * General improvements + - Fix compatibility of EAC with OpenSSL 3.0 (#2674) + - Enable use_file_cache by default (#2501) + - Use custom libctx with OpenSSL >= 3.0 (#2712, #2715) + - Fix record-based files (#2604) + - Fix several race conditions (#2735) + - Run tests under Valgrind (#2756) + - Test signing of data bigger than 512 bytes (#2789) + - Update to OpenPACE 1.1.3 (#2796) + - Implement logout for some of the card drivers (#2807) + - Fix wrong popup position of opensc-notify (#2901) + - Fixed various issues reported by OSS-Fuzz and Coverity regarding card + drivers, PKCS#11 and PKCS#15 init + * PKCS#11 + - Check card presence state in C_GetSessionInfo (#2740) + - Remove onepin-opensc-pkcs11 module (#2681) + - Do not use colons in the token info label (#2760) + - Present profile objects in all slots with the CKA_TOKEN attribute to + resolve issues with NSS (#2928, #2924) + - Use secure memory for PUK (#2906) + - Don't logout to preserve concurrent access from different processes + (#2907) + - Add more examples to manual page (#2936) + - Present profile objects in all virtual slots (#2928) + - Provide CKA_TOKEN attribute for profile objects (#2924) + - Improve --slot parameter documentation (#2951) + * PKCS#15 + - Honor cache offsets when writing file cache (#2858) + - Prevent needless amount of PIN prompts from pkcs15init layer (#2916) + - Propagate CKA_EXTRACTABLE and SC_PKCS15_PRKEY_ACCESS_SENSITIVE from and + back to PKCS#11 (#2936) + * Minidriver + - Fix for private keys that do not need a PIN (#2722) + - Unbreak decipher when the first null byte of PKCS#1.5 padding is + missing (#2939* + * pkcs11-tool + - Fix RSA key import with OpenSSL 3.0 (#2656) + - Add support for attribute filtering when listing objects (#2687) + - Add support for --private flag when writing certificates (#2768) + - Add support for non-AEAD ciphers to the test mode (#2780) + - Show CKA_SIGN attribute for secret keys (#2862) + - Do not attempt to read CKA_ALWAYS_AUTHENTICATE on secret keys + (#2864, #2913) + - Show Sign/VerifyRecover attributes (#2888) + - Add option to import generic keys (#2955) + * westcos-tool + - Generate 2k RSA keys by default (b53fc5c) + * pkcs11-register + - Disable autostart on Linux by default (#2680) + * IDPrime + - Add support for IDPrime MD 830, 930 and 940 (#2666) + - Add support for SafeNet eToken 5110 token (#2812) + - Process index even without keyrefmap and use correct label for second + PIN (#2878) + - Add support for Gemalto IDPrime 940C (#2941) + * EPass2003 + - Change of PIN requires verification of the PIN (#2759) + - Fix incorrect CMAC computation for subkeys (#2759, issue #2734) + - Use true random number for mutual authentication for SM (#2766) + - Add verification of data coming from the token in the secure messaging + mode (#2772) + - Avoid success when using unsupported digest and fix data length for RAW + ECDSA signatures (#2845) + * OpenPGP + - Fix select data command (#2753, issue #2752) + - Unbreak ed/curve25519 support (#2892) + * eOI + - Add support for Slovenian eID card (eOI) (#2646) + * Italian CNS + - Add support for IDEMIA (Oberthur) tokens (#2483) + * PIV + - Add support for Swissbit iShield FIDO2 Authenticator (#2671) + - Implement PIV secure messaging (#2053) + * SkeID + - Add support for Slovak eID cards (#2672) + * isoApplet + - Support ECDSA with off-card hashing (#2642) + * MyEID + - Fix WRAP operation when using T0 (#2695) + - Identify changes on the card and enable use_file_cache (#2798) + - Workaround for unwrapping using 2K RSA key (#2921) + * SC-HSM + - Add support for opensc-tool --serial (#2675) + - Fix unwrapping of 4096 keys with handling reader limits (#2682) + - Indicate supported hashes and MGF1s (#2827) +- Remove patches: + * opensc-CVE-2023-40660-1of2.patch + * opensc-CVE-2023-40660-2of2.patch + * opensc-CVE-2023-40661-1of12.patch + * opensc-CVE-2023-40661-2of12.patch + * opensc-CVE-2023-40661-3of12.patch + * opensc-CVE-2023-40661-4of12.patch + * opensc-CVE-2023-40661-5of12.patch + * opensc-CVE-2023-40661-6of12.patch + * opensc-CVE-2023-40661-7of12.patch + * opensc-CVE-2023-40661-8of12.patch + * opensc-CVE-2023-40661-9of12.patch + * opensc-CVE-2023-40661-10of12.patch + * opensc-CVE-2023-40661-11of12.patch + * opensc-CVE-2023-40661-12of12.patch + * opensc-CVE-2023-4535.patch + * opensc-CVE-2023-2977.patch + * opensc-NULL_pointer_fix.patch + +------------------------------------------------------------------- Old: ---- opensc-0.23.0.tar.gz opensc-CVE-2023-2977.patch opensc-CVE-2023-40660-1of2.patch opensc-CVE-2023-40660-2of2.patch opensc-CVE-2023-40661-10of12.patch opensc-CVE-2023-40661-11of12.patch opensc-CVE-2023-40661-12of12.patch opensc-CVE-2023-40661-1of12.patch opensc-CVE-2023-40661-2of12.patch opensc-CVE-2023-40661-3of12.patch opensc-CVE-2023-40661-4of12.patch opensc-CVE-2023-40661-5of12.patch opensc-CVE-2023-40661-6of12.patch opensc-CVE-2023-40661-7of12.patch opensc-CVE-2023-40661-8of12.patch opensc-CVE-2023-40661-9of12.patch opensc-CVE-2023-4535.patch opensc-NULL_pointer_fix.patch New: ---- opensc-0.24.0.tar.gz BETA DEBUG BEGIN: Old: * opensc-CVE-2023-4535.patch * opensc-CVE-2023-2977.patch * opensc-NULL_pointer_fix.patch Old:- Remove patches: * opensc-CVE-2023-40660-1of2.patch * opensc-CVE-2023-40660-2of2.patch Old: * opensc-CVE-2023-40660-1of2.patch * opensc-CVE-2023-40660-2of2.patch * opensc-CVE-2023-40661-1of12.patch Old: * opensc-CVE-2023-40661-9of12.patch * opensc-CVE-2023-40661-10of12.patch * opensc-CVE-2023-40661-11of12.patch Old: * opensc-CVE-2023-40661-10of12.patch * opensc-CVE-2023-40661-11of12.patch * opensc-CVE-2023-40661-12of12.patch Old: * opensc-CVE-2023-40661-11of12.patch * opensc-CVE-2023-40661-12of12.patch * opensc-CVE-2023-4535.patch Old: * opensc-CVE-2023-40660-2of2.patch * opensc-CVE-2023-40661-1of12.patch * opensc-CVE-2023-40661-2of12.patch Old: * opensc-CVE-2023-40661-1of12.patch * opensc-CVE-2023-40661-2of12.patch * opensc-CVE-2023-40661-3of12.patch Old: * opensc-CVE-2023-40661-2of12.patch * opensc-CVE-2023-40661-3of12.patch * opensc-CVE-2023-40661-4of12.patch Old: * opensc-CVE-2023-40661-3of12.patch * opensc-CVE-2023-40661-4of12.patch * opensc-CVE-2023-40661-5of12.patch Old: * opensc-CVE-2023-40661-4of12.patch * opensc-CVE-2023-40661-5of12.patch * opensc-CVE-2023-40661-6of12.patch Old: * opensc-CVE-2023-40661-5of12.patch * opensc-CVE-2023-40661-6of12.patch * opensc-CVE-2023-40661-7of12.patch Old: * opensc-CVE-2023-40661-6of12.patch * opensc-CVE-2023-40661-7of12.patch * opensc-CVE-2023-40661-8of12.patch Old: * opensc-CVE-2023-40661-7of12.patch * opensc-CVE-2023-40661-8of12.patch * opensc-CVE-2023-40661-9of12.patch Old: * opensc-CVE-2023-40661-8of12.patch * opensc-CVE-2023-40661-9of12.patch * opensc-CVE-2023-40661-10of12.patch Old: * opensc-CVE-2023-40661-12of12.patch * opensc-CVE-2023-4535.patch * opensc-CVE-2023-2977.patch Old: * opensc-CVE-2023-2977.patch * opensc-NULL_pointer_fix.patch BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ opensc.spec ++++++ --- /var/tmp/diff_new_pack.eyINbU/_old 2023-12-13 18:36:50.862583619 +0100 +++ /var/tmp/diff_new_pack.eyINbU/_new 2023-12-13 18:36:50.862583619 +0100 @@ -18,7 +18,7 @@ %define completionsdir %(pkg-config --variable completionsdir bash-completion) Name: opensc -Version: 0.23.0 +Version: 0.24.0 Release: 0 Summary: Smart Card Utilities License: LGPL-2.1-or-later @@ -31,27 +31,6 @@ # https://web.archive.org/web/20111225073733/http://www.opensc-project.org/opensc/ticket/390 Source3: opensc.module Patch0: opensc-gcc11.patch -# PATCH-FIX-UPSTREAM: bsc#1211894, CVE-2023-2977 out of bounds read in pkcs15 cardos_have_verifyrc_package() -Patch1: opensc-CVE-2023-2977.patch -# PATCH-FIX-UPSTREAM: bsc#1215762 CVE-2023-40660: PIN bypass when card tracks its own login state -Patch2: opensc-CVE-2023-40660-1of2.patch -Patch3: opensc-CVE-2023-40660-2of2.patch -# PATCH-FIX-UPSTREAM: bsc#1215763 CVE-2023-4535: out-of-bounds read in MyEID driver handling encryption using symmetric keys -Patch4: opensc-NULL_pointer_fix.patch -Patch5: opensc-CVE-2023-4535.patch -# PATCH-FIX-UPSTREAM: bsc#1215761 CVE-2023-40661: multiple memory issues with pkcs15-init (enrollment tool) -Patch6: opensc-CVE-2023-40661-1of12.patch -Patch7: opensc-CVE-2023-40661-2of12.patch -Patch8: opensc-CVE-2023-40661-3of12.patch -Patch9: opensc-CVE-2023-40661-4of12.patch -Patch10: opensc-CVE-2023-40661-5of12.patch -Patch11: opensc-CVE-2023-40661-6of12.patch -Patch12: opensc-CVE-2023-40661-7of12.patch -Patch13: opensc-CVE-2023-40661-8of12.patch -Patch14: opensc-CVE-2023-40661-9of12.patch -Patch15: opensc-CVE-2023-40661-10of12.patch -Patch16: opensc-CVE-2023-40661-11of12.patch -Patch17: opensc-CVE-2023-40661-12of12.patch BuildRequires: docbook-xsl-stylesheets BuildRequires: libxslt BuildRequires: pkgconfig @@ -107,7 +86,6 @@ %doc %{_docdir}/%{name}/opensc.conf %{_bindir}/* %{_datadir}/applications/*.desktop -%{_sysconfdir}/xdg/autostart/pkcs11-register.desktop %{_datadir}/opensc # Note: .la and .so must be in the main package, required by ltdl: %{_libdir}/*.la ++++++ opensc-0.23.0.tar.gz -> opensc-0.24.0.tar.gz ++++++ ++++ 59904 lines of diff (skipped)
