commit opensc for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package opensc for openSUSE:Factory checked
in at 2024-03-14 17:45:13
Comparing /work/SRC/openSUSE:Factory/opensc (Old)
and /work/SRC/openSUSE:Factory/.opensc.new.1905 (New)
Package is "opensc"
Thu Mar 14 17:45:13 2024 rev:58 rq:1157879 version:0.25.0
Changes:
--- /work/SRC/openSUSE:Factory/opensc/opensc.changes2024-03-11
15:42:31.209396259 +0100
+++ /work/SRC/openSUSE:Factory/.opensc.new.1905/opensc.changes 2024-03-14
17:46:49.541301229 +0100
@@ -1,0 +2,5 @@
+Wed Mar 13 21:56:31 UTC 2024 - Martin Hauke
+
+- Build with support for libeac (OpenPACE)
+
+---
Other differences:
--
++ opensc.spec ++
--- /var/tmp/diff_new_pack.GuOXvk/_old 2024-03-14 17:46:51.309368522 +0100
+++ /var/tmp/diff_new_pack.GuOXvk/_new 2024-03-14 17:46:51.313368674 +0100
@@ -16,6 +16,7 @@
#
+%define sover 11
%define completionsdir %(pkg-config --variable completionsdir bash-completion)
Name: opensc
Version:0.25.0
@@ -39,6 +40,7 @@
BuildRequires: readline-devel
BuildRequires: zlib-devel
BuildRequires: pkgconfig(bash-completion)
+BuildRequires: pkgconfig(libeac) >= 0.9
BuildRequires: pkgconfig(libpcsclite) >= 1.8.22
BuildRequires: pkgconfig(openssl) >= 1.0.1
Requires: pcsc-lite
@@ -89,8 +91,7 @@
rm %{buildroot}%{_libdir}/libopensc.so
install -D -m 644 %{SOURCE3}
%{buildroot}%{_sysconfdir}/pkcs11/modules/opensc.module
-%post -p /sbin/ldconfig
-%postun -p /sbin/ldconfig
+%ldconfig_scriptlets
%files
%license COPYING
@@ -98,12 +99,23 @@
%doc %{_docdir}/%{name}/tools.html
%doc %{_docdir}/%{name}/files.html
%doc %{_docdir}/%{name}/opensc.conf
+#
+%config(noreplace) %{_sysconfdir}/eac/cvc/DESCHSMCVCA1
+%config(noreplace) %{_sysconfdir}/eac/cvc/DESRCACC11
+#
%{_bindir}/*
%{_datadir}/applications/*.desktop
%{_datadir}/opensc
# Note: .la and .so must be in the main package, required by ltdl:
%{_libdir}/*.la
-%{_libdir}/*.so*
+%{_libdir}/libsmm-local.so
+%{_libdir}/onepin-opensc-pkcs11.so
+%{_libdir}/opensc-pkcs11.so
+%{_libdir}/pkcs11-spy.so
+# This is a private library. There is no reason to split it to libopensc*
package.
+%{_libdir}/libsmm-local.so.%{sover}*
+%{_libdir}/libopensc.so.%{sover}*
+#
%dir %{_libdir}/pkcs11
%{_libdir}/pkcs11/*.so
%{_libdir}/pkgconfig/opensc-pkcs11.pc
@@ -111,8 +123,6 @@
%config %{_sysconfdir}/opensc.conf
%dir %{_sysconfdir}/pkcs11
%config %{_sysconfdir}/pkcs11/modules/
-# This is a private library. There is no reason to split it to libopensc*
package.
-%{_libdir}/libopensc.so.*
%files bash-completion
%{completionsdir}/*
commit opensc for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package opensc for openSUSE:Factory checked
in at 2024-03-11 15:34:52
Comparing /work/SRC/openSUSE:Factory/opensc (Old)
and /work/SRC/openSUSE:Factory/.opensc.new.1770 (New)
Package is "opensc"
Mon Mar 11 15:34:52 2024 rev:57 rq:1156889 version:0.25.0
Changes:
--- /work/SRC/openSUSE:Factory/opensc/opensc.changes2024-02-29
21:50:41.138718115 +0100
+++ /work/SRC/openSUSE:Factory/.opensc.new.1770/opensc.changes 2024-03-11
15:42:31.209396259 +0100
@@ -1,0 +2,26 @@
+Sat Mar 9 12:06:03 UTC 2024 - Martin Hauke
+
+- Update to version 0.25.0
+ Security
+ * CVE-2023-5992: Fix Side-channel leaks while stripping
+encryption PKCS#1.5 padding in OpenSC.
+ * CVE-2024-1454: Fix Potential use-after-free in AuthentIC driver
+during card enrollment in pkcs15init.
+ General improvements
+ * Remove support for old card drivers Akis, GPK, Incrypto34 and
+Westcos, disable Cyberflex driver.
+ * Fix 64b to 32b conversions.
+ * Improvements for the p11test.
+ * Fix reader initialization without SCardControl.
+ * Make RSA PKCS#1 v1.5 depadding constant-time.
+ * Add option for disabling PKCS#1 v1.5 depadding (type 01 and 02)
+on the card.
+ * Fixed various issues reported by OSS-Fuzz and Coverity in
+drivers, PKCS#11 and PKCS#15 layer.
+- Add patch:
+ * opensc-docbook-xsl-fix.patch
+- Drop not longer needed patches:
+ * CVE-2024-1454.patch
+- Introduce subpackage for bash-completion
+
+---
Old:
CVE-2024-1454.patch
opensc-0.24.0.tar.gz
New:
opensc-0.25.0.tar.gz
opensc-docbook-xsl-fix.patch
BETA DEBUG BEGIN:
Old:- Drop not longer needed patches:
* CVE-2024-1454.patch
- Introduce subpackage for bash-completion
BETA DEBUG END:
BETA DEBUG BEGIN:
New:- Add patch:
* opensc-docbook-xsl-fix.patch
- Drop not longer needed patches:
BETA DEBUG END:
Other differences:
--
++ opensc.spec ++
--- /var/tmp/diff_new_pack.1VbnHp/_old 2024-03-11 15:42:31.801418080 +0100
+++ /var/tmp/diff_new_pack.1VbnHp/_new 2024-03-11 15:42:31.805418228 +0100
@@ -18,7 +18,7 @@
%define completionsdir %(pkg-config --variable completionsdir bash-completion)
Name: opensc
-Version:0.24.0
+Version:0.25.0
Release:0
Summary:Smart Card Utilities
License:LGPL-2.1-or-later
@@ -31,8 +31,8 @@
#
https://web.archive.org/web/20111225073733/http://www.opensc-project.org/opensc/ticket/390
Source3:opensc.module
Patch0: opensc-gcc11.patch
-# PATCH-FIX-UPSTREAM martin.schrei...@suse.com CVE-2024-1454 bsc#1219868
-Patch1: CVE-2024-1454.patch
+Patch1: opensc-docbook-xsl-fix.patch
+BuildRequires: automake
BuildRequires: docbook-xsl-stylesheets
BuildRequires: libxslt
BuildRequires: pkgconfig
@@ -60,8 +60,20 @@
possible operations may be supported for your card. Card initialization
may require third party proprietary software.
+%package bash-completion
+Summary:Bash Completion for %{name}
+Group: Productivity/Security
+Requires: %{name} = %{version}
+Requires: bash-completion
+Supplements:(%{name} and bash-completion)
+BuildArch: noarch
+
+%description bash-completion
+Bash completion script for %{name}.
+
%prep
-%autosetup -p1
+%setup -q
+%autopatch -p1
%build
%configure \
@@ -101,5 +113,7 @@
%config %{_sysconfdir}/pkcs11/modules/
# This is a private library. There is no reason to split it to libopensc*
package.
%{_libdir}/libopensc.so.*
+
+%files bash-completion
%{completionsdir}/*
++ opensc-0.24.0.tar.gz -> opensc-0.25.0.tar.gz ++
31326 lines of diff (skipped)
++ opensc-docbook-xsl-fix.patch ++
diff --git a/doc/html.xsl b/doc/html.xsl
index 665d45f..734fa98 100644
--- a/doc/html.xsl
+++ b/doc/html.xsl
@@ -3,7 +3,7 @@
]>
http://www.w3.org/1999/XSL/Transform; version="1.0">
-
+
commit opensc for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package opensc for openSUSE:Factory checked
in at 2024-02-29 21:50:21
Comparing /work/SRC/openSUSE:Factory/opensc (Old)
and /work/SRC/openSUSE:Factory/.opensc.new.1770 (New)
Package is "opensc"
Thu Feb 29 21:50:21 2024 rev:56 rq:1153161 version:0.24.0
Changes:
--- /work/SRC/openSUSE:Factory/opensc/opensc.changes2023-12-13
18:36:49.766543123 +0100
+++ /work/SRC/openSUSE:Factory/.opensc.new.1770/opensc.changes 2024-02-29
21:50:41.138718115 +0100
@@ -1,0 +2,6 @@
+Sun Feb 25 20:35:05 UTC 2024 - Martin Schreiner
+
+- Add CVE-2024-1454.patch.
+ Fix for CVE-2024-1454 / bsc#1219868.
+
+---
New:
CVE-2024-1454.patch
BETA DEBUG BEGIN:
New:
- Add CVE-2024-1454.patch.
Fix for CVE-2024-1454 / bsc#1219868.
BETA DEBUG END:
Other differences:
--
++ opensc.spec ++
--- /var/tmp/diff_new_pack.dZAUvK/_old 2024-02-29 21:50:42.798779314 +0100
+++ /var/tmp/diff_new_pack.dZAUvK/_new 2024-02-29 21:50:42.814779904 +0100
@@ -1,7 +1,7 @@
#
# spec file for package opensc
#
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -31,6 +31,8 @@
#
https://web.archive.org/web/20111225073733/http://www.opensc-project.org/opensc/ticket/390
Source3:opensc.module
Patch0: opensc-gcc11.patch
+# PATCH-FIX-UPSTREAM martin.schrei...@suse.com CVE-2024-1454 bsc#1219868
+Patch1: CVE-2024-1454.patch
BuildRequires: docbook-xsl-stylesheets
BuildRequires: libxslt
BuildRequires: pkgconfig
++ CVE-2024-1454.patch ++
>From 5835f0d4f6c033bd58806d33fa546908d39825c9 Mon Sep 17 00:00:00 2001
From: Jakub Jelen
Date: Mon, 18 Dec 2023 11:09:50 +0100
Subject: [PATCH] authentic: Avoid use after free
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64898
---
src/pkcs15init/pkcs15-authentic.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/pkcs15init/pkcs15-authentic.c
b/src/pkcs15init/pkcs15-authentic.c
index a6d8b8ffad..798bc44138 100644
--- a/src/pkcs15init/pkcs15-authentic.c
+++ b/src/pkcs15init/pkcs15-authentic.c
@@ -868,7 +868,7 @@ authentic_emu_update_tokeninfo(struct sc_profile *profile,
struct sc_pkcs15_card
rv = sc_select_file(p15card->card, , );
if (!rv) {
rv = sc_get_challenge(p15card->card, buffer, sizeof(buffer));
- if (!rv) {
+ if (rv < 0) {
sc_file_free(file);
LOG_TEST_RET(ctx, rv, "Get challenge error");
}
commit opensc for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package opensc for openSUSE:Factory checked in at 2023-12-13 18:36:41 Comparing /work/SRC/openSUSE:Factory/opensc (Old) and /work/SRC/openSUSE:Factory/.opensc.new.25432 (New) Package is "opensc" Wed Dec 13 18:36:41 2023 rev:55 rq:1132880 version:0.24.0 Changes: --- /work/SRC/openSUSE:Factory/opensc/opensc.changes2023-10-10 21:02:47.823514863 +0200 +++ /work/SRC/openSUSE:Factory/.opensc.new.25432/opensc.changes 2023-12-13 18:36:49.766543123 +0100 @@ -1,0 +2,114 @@ +Wed Dec 13 12:27:34 UTC 2023 - Otto Hollmann + +- Update to OpenSC 0.24.0: + * Security +- CVE-2023-40660: Fix Potential PIN bypass + (#2806, frankmorgner/OpenSCToken#50, #2807) +- CVE-2023-40661: Important dynamic analyzers reports +- CVE-2023-4535: Out-of-bounds read in MyEID driver handling encryption + using symmetric keys (f1993dc) + * General improvements +- Fix compatibility of EAC with OpenSSL 3.0 (#2674) +- Enable use_file_cache by default (#2501) +- Use custom libctx with OpenSSL >= 3.0 (#2712, #2715) +- Fix record-based files (#2604) +- Fix several race conditions (#2735) +- Run tests under Valgrind (#2756) +- Test signing of data bigger than 512 bytes (#2789) +- Update to OpenPACE 1.1.3 (#2796) +- Implement logout for some of the card drivers (#2807) +- Fix wrong popup position of opensc-notify (#2901) +- Fixed various issues reported by OSS-Fuzz and Coverity regarding card + drivers, PKCS#11 and PKCS#15 init + * PKCS#11 +- Check card presence state in C_GetSessionInfo (#2740) +- Remove onepin-opensc-pkcs11 module (#2681) +- Do not use colons in the token info label (#2760) +- Present profile objects in all slots with the CKA_TOKEN attribute to + resolve issues with NSS (#2928, #2924) +- Use secure memory for PUK (#2906) +- Don't logout to preserve concurrent access from different processes + (#2907) +- Add more examples to manual page (#2936) +- Present profile objects in all virtual slots (#2928) +- Provide CKA_TOKEN attribute for profile objects (#2924) +- Improve --slot parameter documentation (#2951) + * PKCS#15 +- Honor cache offsets when writing file cache (#2858) +- Prevent needless amount of PIN prompts from pkcs15init layer (#2916) +- Propagate CKA_EXTRACTABLE and SC_PKCS15_PRKEY_ACCESS_SENSITIVE from and + back to PKCS#11 (#2936) + * Minidriver +- Fix for private keys that do not need a PIN (#2722) +- Unbreak decipher when the first null byte of PKCS#1.5 padding is + missing (#2939* + * pkcs11-tool +- Fix RSA key import with OpenSSL 3.0 (#2656) +- Add support for attribute filtering when listing objects (#2687) +- Add support for --private flag when writing certificates (#2768) +- Add support for non-AEAD ciphers to the test mode (#2780) +- Show CKA_SIGN attribute for secret keys (#2862) +- Do not attempt to read CKA_ALWAYS_AUTHENTICATE on secret keys + (#2864, #2913) +- Show Sign/VerifyRecover attributes (#2888) +- Add option to import generic keys (#2955) + * westcos-tool +- Generate 2k RSA keys by default (b53fc5c) + * pkcs11-register +- Disable autostart on Linux by default (#2680) + * IDPrime +- Add support for IDPrime MD 830, 930 and 940 (#2666) +- Add support for SafeNet eToken 5110 token (#2812) +- Process index even without keyrefmap and use correct label for second + PIN (#2878) +- Add support for Gemalto IDPrime 940C (#2941) + * EPass2003 +- Change of PIN requires verification of the PIN (#2759) +- Fix incorrect CMAC computation for subkeys (#2759, issue #2734) +- Use true random number for mutual authentication for SM (#2766) +- Add verification of data coming from the token in the secure messaging + mode (#2772) +- Avoid success when using unsupported digest and fix data length for RAW + ECDSA signatures (#2845) + * OpenPGP +- Fix select data command (#2753, issue #2752) +- Unbreak ed/curve25519 support (#2892) + * eOI +- Add support for Slovenian eID card (eOI) (#2646) + * Italian CNS +- Add support for IDEMIA (Oberthur) tokens (#2483) + * PIV +- Add support for Swissbit iShield FIDO2 Authenticator (#2671) +- Implement PIV secure messaging (#2053) + * SkeID +- Add support for Slovak eID cards (#2672) + * isoApplet +- Support ECDSA with off-card hashing (#2642) + * MyEID +- Fix WRAP operation when using T0 (#2695) +- Identify changes on the card and enable use_file_cache (#2798) +- Workaround for unwrapping using 2K RSA key (#2921) + * SC-HSM +- Add support for opensc-tool --serial (#2675) +- Fix unwrapping of 4096 keys with handling reader
commit opensc for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package opensc for openSUSE:Factory checked in at 2023-10-10 21:01:14 Comparing /work/SRC/openSUSE:Factory/opensc (Old) and /work/SRC/openSUSE:Factory/.opensc.new.28202 (New) Package is "opensc" Tue Oct 10 21:01:14 2023 rev:54 rq:1116670 version:0.23.0 Changes: --- /work/SRC/openSUSE:Factory/opensc/opensc.changes2023-06-01 17:21:22.194818201 +0200 +++ /work/SRC/openSUSE:Factory/.opensc.new.28202/opensc.changes 2023-10-10 21:02:47.823514863 +0200 @@ -1,0 +2,36 @@ +Fri Oct 6 06:49:24 UTC 2023 - Otto Hollmann + +- Security Fix: [CVE-2023-40661, bsc#1215761] + * opensc: multiple memory issues with pkcs15-init (enrollment tool) + * Add patches: +- opensc-CVE-2023-40661-1of12.patch +- opensc-CVE-2023-40661-2of12.patch +- opensc-CVE-2023-40661-3of12.patch +- opensc-CVE-2023-40661-4of12.patch +- opensc-CVE-2023-40661-5of12.patch +- opensc-CVE-2023-40661-6of12.patch +- opensc-CVE-2023-40661-7of12.patch +- opensc-CVE-2023-40661-8of12.patch +- opensc-CVE-2023-40661-9of12.patch +- opensc-CVE-2023-40661-10of12.patch +- opensc-CVE-2023-40661-11of12.patch +- opensc-CVE-2023-40661-12of12.patch + +--- +Thu Oct 5 13:45:16 UTC 2023 - Otto Hollmann + +- Security Fix: [CVE-2023-4535, bsc#1215763] + * Add patches: +- opensc-CVE-2023-4535.patch +- opensc-NULL_pointer_fix.patch + +--- +Wed Oct 4 13:26:11 UTC 2023 - Otto Hollmann + +- Security Fix: [CVE-2023-40660, bsc#1215762] + * opensc: PIN bypass when card tracks its own login state + * Add patches: +- opensc-CVE-2023-40660-1of2.patch +- opensc-CVE-2023-40660-2of2.patch + +--- New: opensc-CVE-2023-40660-1of2.patch opensc-CVE-2023-40660-2of2.patch opensc-CVE-2023-40661-10of12.patch opensc-CVE-2023-40661-11of12.patch opensc-CVE-2023-40661-12of12.patch opensc-CVE-2023-40661-1of12.patch opensc-CVE-2023-40661-2of12.patch opensc-CVE-2023-40661-3of12.patch opensc-CVE-2023-40661-4of12.patch opensc-CVE-2023-40661-5of12.patch opensc-CVE-2023-40661-6of12.patch opensc-CVE-2023-40661-7of12.patch opensc-CVE-2023-40661-8of12.patch opensc-CVE-2023-40661-9of12.patch opensc-CVE-2023-4535.patch opensc-NULL_pointer_fix.patch Other differences: -- ++ opensc.spec ++ --- /var/tmp/diff_new_pack.Exyf44/_old 2023-10-10 21:02:49.307568678 +0200 +++ /var/tmp/diff_new_pack.Exyf44/_new 2023-10-10 21:02:49.307568678 +0200 @@ -33,6 +33,25 @@ Patch0: opensc-gcc11.patch # PATCH-FIX-UPSTREAM: bsc#1211894, CVE-2023-2977 out of bounds read in pkcs15 cardos_have_verifyrc_package() Patch1: opensc-CVE-2023-2977.patch +# PATCH-FIX-UPSTREAM: bsc#1215762 CVE-2023-40660: PIN bypass when card tracks its own login state +Patch2: opensc-CVE-2023-40660-1of2.patch +Patch3: opensc-CVE-2023-40660-2of2.patch +# PATCH-FIX-UPSTREAM: bsc#1215763 CVE-2023-4535: out-of-bounds read in MyEID driver handling encryption using symmetric keys +Patch4: opensc-NULL_pointer_fix.patch +Patch5: opensc-CVE-2023-4535.patch +# PATCH-FIX-UPSTREAM: bsc#1215761 CVE-2023-40661: multiple memory issues with pkcs15-init (enrollment tool) +Patch6: opensc-CVE-2023-40661-1of12.patch +Patch7: opensc-CVE-2023-40661-2of12.patch +Patch8: opensc-CVE-2023-40661-3of12.patch +Patch9: opensc-CVE-2023-40661-4of12.patch +Patch10:opensc-CVE-2023-40661-5of12.patch +Patch11:opensc-CVE-2023-40661-6of12.patch +Patch12:opensc-CVE-2023-40661-7of12.patch +Patch13:opensc-CVE-2023-40661-8of12.patch +Patch14:opensc-CVE-2023-40661-9of12.patch +Patch15:opensc-CVE-2023-40661-10of12.patch +Patch16:opensc-CVE-2023-40661-11of12.patch +Patch17:opensc-CVE-2023-40661-12of12.patch BuildRequires: docbook-xsl-stylesheets BuildRequires: libxslt BuildRequires: pkgconfig ++ opensc-CVE-2023-40660-1of2.patch ++ >From 74ddc3636db18ae78de62922a74bfdefae015c76 Mon Sep 17 00:00:00 2001 From: Frank Morgner Date: Wed, 21 Jun 2023 12:27:23 +0200 Subject: [PATCH] Fixed PIN authentication bypass If two processes are accessing a token, then one process may leave the card usable with an authenticated PIN so that a key may sign/decrypt any data. This is especially the case if the token does not support a way of resetting the authentication status (logout). We have some tracking of the authentication status in software via PKCS#11, Minidriver (os-wise) and CryptoTokenKit, which is why
commit opensc for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package opensc for openSUSE:Factory checked
in at 2023-06-01 17:21:21
Comparing /work/SRC/openSUSE:Factory/opensc (Old)
and /work/SRC/openSUSE:Factory/.opensc.new.2531 (New)
Package is "opensc"
Thu Jun 1 17:21:21 2023 rev:53 rq:1090293 version:0.23.0
Changes:
--- /work/SRC/openSUSE:Factory/opensc/opensc.changes2022-12-01
16:59:12.355154460 +0100
+++ /work/SRC/openSUSE:Factory/.opensc.new.2531/opensc.changes 2023-06-01
17:21:22.194818201 +0200
@@ -1,0 +2,7 @@
+Thu Jun 1 12:55:19 UTC 2023 - Otto Hollmann
+
+- Security Fix: [CVE-2023-2977, bsc#1211894]
+ * opensc: out of bounds read in pkcs15 cardos_have_verifyrc_package()
+ * Add opensc-CVE-2023-2977.patch
+
+---
New:
opensc-CVE-2023-2977.patch
Other differences:
--
++ opensc.spec ++
--- /var/tmp/diff_new_pack.FX6U8W/_old 2023-06-01 17:21:22.718821307 +0200
+++ /var/tmp/diff_new_pack.FX6U8W/_new 2023-06-01 17:21:22.722821331 +0200
@@ -1,7 +1,7 @@
#
# spec file for package opensc
#
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -31,6 +31,8 @@
#
https://web.archive.org/web/20111225073733/http://www.opensc-project.org/opensc/ticket/390
Source3:opensc.module
Patch0: opensc-gcc11.patch
+# PATCH-FIX-UPSTREAM: bsc#1211894, CVE-2023-2977 out of bounds read in pkcs15
cardos_have_verifyrc_package()
+Patch1: opensc-CVE-2023-2977.patch
BuildRequires: docbook-xsl-stylesheets
BuildRequires: libxslt
BuildRequires: pkgconfig
@@ -59,8 +61,7 @@
may require third party proprietary software.
%prep
-%setup -q
-%patch0 -p1
+%autosetup -p1
%build
%configure \
++ opensc-CVE-2023-2977.patch ++
>From 3bf3ab2f9091f984cda6dd910654ccbbe3f06a40 Mon Sep 17 00:00:00 2001
From: fullwaywang
Date: Mon, 29 May 2023 10:38:48 +0800
Subject: [PATCH] pkcs15init: correct left length calculation to fix buffer
overrun bug. Fixes #2785
---
src/pkcs15init/pkcs15-cardos.c | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/pkcs15init/pkcs15-cardos.c b/src/pkcs15init/pkcs15-cardos.c
index 9715cf390f..f41f73c349 100644
--- a/src/pkcs15init/pkcs15-cardos.c
+++ b/src/pkcs15init/pkcs15-cardos.c
@@ -872,7 +872,7 @@ static int cardos_have_verifyrc_package(sc_card_t *card)
sc_apdu_t apdu;
u8rbuf[SC_MAX_APDU_BUFFER_SIZE];
int r;
- const u8 *p = rbuf, *q;
+ const u8 *p = rbuf, *q, *pp;
size_tlen, tlen = 0, ilen = 0;
sc_format_apdu(card, , SC_APDU_CASE_2_SHORT, 0xca, 0x01, 0x88);
@@ -888,13 +888,13 @@ static int cardos_have_verifyrc_package(sc_card_t *card)
return 0;
while (len != 0) {
- p = sc_asn1_find_tag(card->ctx, p, len, 0xe1, );
- if (p == NULL)
+ pp = sc_asn1_find_tag(card->ctx, p, len, 0xe1, );
+ if (pp == NULL)
return 0;
if (card->type == SC_CARD_TYPE_CARDOS_M4_3) {
/* the verifyRC package on CardOS 4.3B use Manufacturer
ID 0x01 */
/* and Package Number 0x07
*/
- q = sc_asn1_find_tag(card->ctx, p, tlen, 0x01, );
+ q = sc_asn1_find_tag(card->ctx, pp, tlen, 0x01, );
if (q == NULL || ilen != 4)
return 0;
if (q[0] == 0x07)
@@ -902,7 +902,7 @@ static int cardos_have_verifyrc_package(sc_card_t *card)
} else if (card->type == SC_CARD_TYPE_CARDOS_M4_4) {
/* the verifyRC package on CardOS 4.4 use Manufacturer
ID 0x03 */
/* and Package Number 0x02
*/
- q = sc_asn1_find_tag(card->ctx, p, tlen, 0x03, );
+ q = sc_asn1_find_tag(card->ctx, pp, tlen, 0x03, );
if (q == NULL || ilen != 4)
return 0;
if (q[0] == 0x02)
commit opensc for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package opensc for openSUSE:Factory checked in at 2022-12-01 16:58:52 Comparing /work/SRC/openSUSE:Factory/opensc (Old) and /work/SRC/openSUSE:Factory/.opensc.new.1835 (New) Package is "opensc" Thu Dec 1 16:58:52 2022 rev:52 rq:1039187 version:0.23.0 Changes: --- /work/SRC/openSUSE:Factory/opensc/opensc.changes2021-11-22 23:04:43.345823642 +0100 +++ /work/SRC/openSUSE:Factory/.opensc.new.1835/opensc.changes 2022-12-01 16:59:12.355154460 +0100 @@ -1,0 +2,80 @@ +Tue Nov 29 17:52:46 UTC 2022 - Michael Ströder + +- Update to OpenSC 0.23.0: + * General improvements +- Support signing of data with a length of more than 512 bytes (#2314) +- By default, disable support for old card drivers (#2391) and remove + support for old drivers MioCOS and JCOP (#2374) +- Bump minimal required OpenSSL version to 1.1.1 and add support for OpenSSL 3.0 (#2438, #2506) +- Compatibility with LibreSSL (#2495, #2595) +- Remove support for DSA (#2503) +- Extend p11test to support symmetric keys (#2430) +- Notice detached reader on macOS (#2418) +- Support for OAEP padding (#2475, #2484) +- Fix for PSS salt length (#2478) +- Improve fuzzing by adding new tests (#2417, #2500, #2520, #2550, #2637) +- Fixed various issues reported by OSS-Fuzz and Coverity regarding + card drivers, PKCS#11 and PKCS#15 init +- Fix issues with OpenPACE (#2472) +- Containers support for local testing +- Add support for encryption and decryption using symmetric keys (#2473, #2607) +- Stop building support for Gost algorithms with OpenSSL 3.0 as they + require deprecated API (#2586) +- Fix detection of disconnected readers in PCSC (#2600) +- Add configuration option for on-disk caching of private data (#2588) +- Skip building empty binaries when dependencies are missing and + remove needless linking (#2617) +- Define arm64 as a supported architecture in the Installer package (#2610) + * PKCS#11 +- Implement C_CreateObject for EC keys and fix signature verification + for CKM_ECDSA_SHAx cards (#2420) + * pkcs11-tool +- Add more elliptic curves (#2301) +- Add support for symmetric encrypt and decrypt, wrap and unwrap operations, + and initialization vector (#2268) +- Fix consistent handling of secret key attributes (#2497) +- Add support for signing and verifying with HMAC (#2385) +- Add support for SHA3 (#2467) +- Make object selectable via label (#2570) +- Do not require an R/W session for some operations and + add --session-rw option (#2579) +- Print more information: CKA_UNIQUE_ID attribute, SHA3 HMACs and + serial number for certificates (#2644, #2643, #2641) +- Add new option --undestroyable to create keys with CKA_DESTROYABLE=FALSE (#2645) + * sc-hsm-tool +- Add options for public key authentication (#2301) + * Minidriver +- Fix reinit of the card (#2525) +- Add an entry for Italian CNS (e) (#2548) +- Fix detection of ECC mechanisms (#2523) +- Fix ATRs before adding them to the windows registry (#2628) + * NQ-Applet +- Add support for the JCOP4 Cards with NQ-Applet (#2425) + * ItaCNS +- Add support for ItaCMS v1.1 (key length 2048) (#2371) + * Belpic +- Add support for applet v1.8 (#2455) + * Starcos +- Add ATR for V3.4 (#2464) +- Add PKCS#15 emulator for 3.x cards with eSign app (#2544) + * ePass2003 +- Fix PKCS#15 initialization (#2403) +- Add support for FIPS (#2543) +- Fix matching with newer versions and tokens initialized with OpenSC (#2575) + * MyEID +- Support logout operation (#2557) +- Support for symmetric encryption and decryption (#2473, #2607) + * GIDS +- Fix decipher for TPM (#1881) + * OpenPGP +- Get the list of supported algorithms from algorithm information + on the card (#2287) +- Support for 3 certificates with OpenPGP 3+ (#2103) + * nPA +- Fix card detection (#2463) + * Rutoken +- Fix formatting rtecp cards (#2599) + * PIV +- Add new PIVKey ATRs for current cards (#2602) + +--- Old: opensc-0.22.0.tar.gz New: opensc-0.23.0.tar.gz Other differences: -- ++ opensc.spec ++ --- /var/tmp/diff_new_pack.zonLI7/_old 2022-12-01 16:59:12.859157226 +0100 +++ /var/tmp/diff_new_pack.zonLI7/_new 2022-12-01 16:59:12.867157270 +0100 @@ -1,7 +1,7 @@ # # spec file for package opensc # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of
commit opensc for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package opensc for openSUSE:Factory checked in at 2021-11-22 23:04:01 Comparing /work/SRC/openSUSE:Factory/opensc (Old) and /work/SRC/openSUSE:Factory/.opensc.new.1895 (New) Package is "opensc" Mon Nov 22 23:04:01 2021 rev:51 rq:932930 version:0.22.0 Changes: --- /work/SRC/openSUSE:Factory/opensc/opensc.changes2021-11-08 17:25:18.732737752 +0100 +++ /work/SRC/openSUSE:Factory/.opensc.new.1895/opensc.changes 2021-11-22 23:04:43.345823642 +0100 @@ -101,0 +102 @@ + * CVE-2019-20792: double free in coolkey_free_private_dat (bsc#1170809) @@ -193,0 +195 @@ +* bsc#1104812 Other differences: --
commit opensc for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package opensc for openSUSE:Factory checked in at 2021-11-08 17:24:30 Comparing /work/SRC/openSUSE:Factory/opensc (Old) and /work/SRC/openSUSE:Factory/.opensc.new.1890 (New) Package is "opensc" Mon Nov 8 17:24:30 2021 rev:50 rq:930103 version:0.22.0 Changes: --- /work/SRC/openSUSE:Factory/opensc/opensc.changes2021-10-06 19:49:56.536057470 +0200 +++ /work/SRC/openSUSE:Factory/.opensc.new.1890/opensc.changes 2021-11-08 17:25:18.732737752 +0100 @@ -35,0 +36,7 @@ + * Fixes security issues: +* tcos: use after return (bsc#1192005, CVE-2021-42780) +* oberthur: use after free (bsc#1191992, CVE-2021-42779) +* oberthur: multiple heap buffer overflows (bsc#1192000, + CVE-2021-42781) +* multiple stack buffer overflow issues (bsc#1191957, + CVE-2021-42782) Other differences: --
commit opensc for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package opensc for openSUSE:Factory checked
in at 2021-10-06 19:49:51
Comparing /work/SRC/openSUSE:Factory/opensc (Old)
and /work/SRC/openSUSE:Factory/.opensc.new.2443 (New)
Package is "opensc"
Wed Oct 6 19:49:51 2021 rev:49 rq:923365 version:0.22.0
Changes:
--- /work/SRC/openSUSE:Factory/opensc/opensc.changes2021-06-28
15:33:54.507206539 +0200
+++ /work/SRC/openSUSE:Factory/.opensc.new.2443/opensc.changes 2021-10-06
19:49:56.536057470 +0200
@@ -1,0 +2,36 @@
+Mon Oct 4 12:59:24 UTC 2021 - Daniel Donisa
+
+- Update to OpenSC 0.22.0:
+ * Removed changes in opensc-gcc11.patch already present in upstream.
+- See
https://github.com/OpenSC/OpenSC/pull/2241/commits/e549e9c62eb4fcd2260800e2665071e4dd9bbbda
+ * Removed some false positives from the openrc-rpmlintrc file.
+ * Use standard paths for file cache on Linux (#2148) and OSX (#2214)
+ * Various issues of memory/buffer handling in legacy drivers mostly reported
by oss-fuzz and coverity (tcos, oberthur, isoapplet, iasecc, westcos, gpk,
flex, dnie, mcrd, authentic, belpic)
+ * Add threading test to `pkcs11-tool` (#2067)
+ * Add support to generate generic secret keys (#2140)
+ * `opensc-explorer`: Print information about LCS (Life cycle status byte)
(#2195)
+ * Add support for Apple's arm64 (M1) binaries, removed TokenD. A seperate
installer with TokenD (and without arm64 binaries) will be available (#2179).
+ * Support for gcc11 and its new strict aliasing rules (#2241, #2260)
+ * Initial support for building with OpenSSL 3.0 (#2343)
+ * pkcs15-tool: Write data objects in binary mode (#2324)
+ * Avoid limited size of log messages (#2352)
+ * Support for ECDSA verification (#2211)
+ * Support for ECDSA with different SHA hashes (#2190)
+ * Prevent issues in p11-kit by not returning unexpected return codes (#2207)
+ * Add support for PKCS#11 3.0: The new interfaces, profile objects and
functions (#2096, #2293)
+ * Standardize the version 2 on 2.20 in the code (#2096)
+ * Fix CKA_MODIFIABLE and CKA_EXTRACTABLE (#2176)
+ * Copy arguments of C_Initialize (#2350)
+ * Fix RSA-PSS signing (#2234)
+ * Fix DO deletion (#2215)
+ * Add support for (X)EdDSA keys (#1960)
+ * Add support for applet version 3 and fix RSA-PSS mechanisms (#2205)
+ * Add support for applet version 4 (#2332)
+ * New configuration option for opensc.conf to disable pkcs1_padding (#2193)
+ * Add support for ECDSA with different hashes (#2190)
+ * Enable more mechanisms (#2178)
+ * Fixed asking for a user pin when formatting a card (#1737)
+ * Added support for French CPx Healthcare cards (#2217)
+ * Added ATR for new CardOS 5.4 version (#2296)
+
+---
Old:
opensc-0.21.0.tar.gz
New:
opensc-0.22.0.tar.gz
Other differences:
--
++ opensc.spec ++
--- /var/tmp/diff_new_pack.5lRhwF/_old 2021-10-06 19:49:57.228057732 +0200
+++ /var/tmp/diff_new_pack.5lRhwF/_new 2021-10-06 19:49:57.228057732 +0200
@@ -18,7 +18,7 @@
%define completionsdir %(pkg-config --variable completionsdir bash-completion)
Name: opensc
-Version:0.21.0
+Version:0.22.0
Release:0
Summary:Smart Card Utilities
License:LGPL-2.1-or-later
++ opensc-0.21.0.tar.gz -> opensc-0.22.0.tar.gz ++
16822 lines of diff (skipped)
++ opensc-gcc11.patch ++
--- /var/tmp/diff_new_pack.5lRhwF/_old 2021-10-06 19:49:57.732057923 +0200
+++ /var/tmp/diff_new_pack.5lRhwF/_new 2021-10-06 19:49:57.732057923 +0200
@@ -29,333 +29,3 @@
https://bugzilla.redhat.com/show_bug.cgi?id=1930652
-diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c
-index 18803b83..c65ec3ed 100644
a/src/pkcs11/framework-pkcs15.c
-+++ b/src/pkcs11/framework-pkcs15.c
-@@ -670,6 +670,7 @@ __pkcs15_create_cert_object(struct pkcs15_fw_data
*fw_data, struct sc_pkcs15_obj
- {
- struct sc_pkcs15_cert_info *p15_info = NULL;
- struct sc_pkcs15_cert *p15_cert = NULL;
-+ struct pkcs15_any_object *any_object = NULL;
- struct pkcs15_cert_object *object = NULL;
- struct pkcs15_pubkey_object *obj2 = NULL;
- int rv;
-@@ -686,8 +687,9 @@ __pkcs15_create_cert_object(struct pkcs15_fw_data
*fw_data, struct sc_pkcs15_obj
- }
-
- /* Certificate object */
-- rv = __pkcs15_create_object(fw_data, (struct pkcs15_any_object **)
,
-+ rv = __pkcs15_create_object(fw_data, _object,
- cert, _cert_ops, sizeof(struct
pkcs15_cert_object));
-+ object = (struct pkcs15_cert_object *) any_object;
- if (rv < 0) {
- if (p15_cert !=
commit opensc for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package opensc for openSUSE:Factory checked
in at 2021-06-28 15:33:33
Comparing /work/SRC/openSUSE:Factory/opensc (Old)
and /work/SRC/openSUSE:Factory/.opensc.new.2625 (New)
Package is "opensc"
Mon Jun 28 15:33:33 2021 rev:48 rq:902669 version:0.21.0
Changes:
--- /work/SRC/openSUSE:Factory/opensc/opensc.changes2020-12-09
22:21:59.295709877 +0100
+++ /work/SRC/openSUSE:Factory/.opensc.new.2625/opensc.changes 2021-06-28
15:33:54.507206539 +0200
@@ -1,0 +2,12 @@
+Sun Jun 27 16:48:49 UTC 2021 - Predrag Ivanovi??
+
+- Fix build on GCC11
+* Add opensc-gcc11.patch from Fedora
+(https://github.com/OpenSC/OpenSC/pull/2241/)
+
+---
+Fri Mar 12 22:58:46 UTC 2021 - Dirk M??ller
+
+- move licenses to licensedir
+
+---
New:
opensc-gcc11.patch
Other differences:
--
++ opensc.spec ++
--- /var/tmp/diff_new_pack.GVc7vo/_old 2021-06-28 15:33:55.015207160 +0200
+++ /var/tmp/diff_new_pack.GVc7vo/_new 2021-06-28 15:33:55.019207165 +0200
@@ -1,7 +1,7 @@
#
# spec file for package opensc
#
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -30,6 +30,7 @@
# Register with p11-kit
#
https://web.archive.org/web/20111225073733/http://www.opensc-project.org/opensc/ticket/390
Source3:opensc.module
+Patch0: opensc-gcc11.patch
BuildRequires: docbook-xsl-stylesheets
BuildRequires: libxslt
BuildRequires: pkgconfig
@@ -59,6 +60,7 @@
%prep
%setup -q
+%patch0 -p1
%build
%configure \
@@ -70,7 +72,6 @@
%install
%make_install
-cp COPYING NEWS README %{buildroot}%{_docdir}/%{name}
# Private library.
rm %{buildroot}%{_libdir}/libopensc.so
install -D -m 644 %{SOURCE3}
%{buildroot}%{_sysconfdir}/pkcs11/modules/opensc.module
@@ -79,10 +80,8 @@
%postun -p /sbin/ldconfig
%files
-%doc %dir %{_docdir}/%{name}
-%license %{_docdir}/%{name}/COPYING
-%doc %{_docdir}/%{name}/NEWS
-%doc %{_docdir}/%{name}/README
+%license COPYING
+%doc NEWS README
%doc %{_docdir}/%{name}/tools.html
%doc %{_docdir}/%{name}/files.html
%doc %{_docdir}/%{name}/opensc.conf
++ opensc-gcc11.patch ++
diff --git a/src/tools/opensc-explorer.c b/src/tools/opensc-explorer.c
index 41e620a..57f8a79 100644
--- a/src/tools/opensc-explorer.c
+++ b/src/tools/opensc-explorer.c
@@ -1839,6 +1839,12 @@ static int do_apdu(int argc, char **argv)
if (argc < 1)
return usage(do_apdu);
+ /* gcc-11 complains about BUF potentially being used without being
+ initialized. I can't convince myself that the calls to
+ parse_string_or_hexdata will fully initialize it, so we just
+ initialize it here. */
+ memset (buf, 0, sizeof (buf));
+
/* loop over the args and parse them, making sure the result fits into
buf[] */
for (i = 0, len = 0; i < (unsigned) argc && len < sizeof(buf); i++) {
size_t len0 = sizeof(buf) - len;
commit 1680b3a1fb15319e41dbe3214ef8c4a4c215d529
Author: Jakub Jelen
Date: Tue Feb 23 19:57:02 2021 +0100
Fix build on gcc11
This made most of the applications crashing in Fedora 34 when
smart card was plugged in.
The suggested patch makes the code path more obvious for gcc to
handle.
https://bugzilla.redhat.com/show_bug.cgi?id=1930652
diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c
index 18803b83..c65ec3ed 100644
--- a/src/pkcs11/framework-pkcs15.c
+++ b/src/pkcs11/framework-pkcs15.c
@@ -670,6 +670,7 @@ __pkcs15_create_cert_object(struct pkcs15_fw_data *fw_data,
struct sc_pkcs15_obj
{
struct sc_pkcs15_cert_info *p15_info = NULL;
struct sc_pkcs15_cert *p15_cert = NULL;
+ struct pkcs15_any_object *any_object = NULL;
struct pkcs15_cert_object *object = NULL;
struct pkcs15_pubkey_object *obj2 = NULL;
int rv;
@@ -686,8 +687,9 @@ __pkcs15_create_cert_object(struct pkcs15_fw_data *fw_data,
struct sc_pkcs15_obj
}
/* Certificate object */
- rv = __pkcs15_create_object(fw_data, (struct pkcs15_any_object **)
,
+ rv = __pkcs15_create_object(fw_data, _object,
cert, _cert_ops, sizeof(struct
pkcs15_cert_object));
+ object = (struct pkcs15_cert_object *) any_object;
if (rv < 0) {
if (p15_cert != NULL)
sc_pkcs15_free_certificate(p15_cert);
@@ -720,7 +722,7 @@
commit opensc for openSUSE:Factory
Hello community, here is the log from the commit of package opensc for openSUSE:Factory checked in at 2020-12-09 22:21:58 Comparing /work/SRC/openSUSE:Factory/opensc (Old) and /work/SRC/openSUSE:Factory/.opensc.new.2328 (New) Package is "opensc" Wed Dec 9 22:21:58 2020 rev:47 rq:854174 version:0.21.0 Changes: --- /work/SRC/openSUSE:Factory/opensc/opensc.changes2019-08-19 21:41:55.960284058 +0200 +++ /work/SRC/openSUSE:Factory/.opensc.new.2328/opensc.changes 2020-12-09 22:21:59.295709877 +0100 @@ -1,0 +2,109 @@ +Fri Nov 27 19:27:30 UTC 2020 - Andreas Stieger + +- OpenSC 0.21.0: + * CVE-2020-26571: stack-based buffer overflow in the gemsafe GPK +smart card software driver (boo#1177380) + * CVE-2020-26572: stack-based buffer overflow in the TCOS smart +card software driver (boo#1177378) + * CVE-2020-26570: heap-based buffer overflow in the Oberthur +smart card software driver (boo#1177364) + * CardOS 5.x support boo#1179291 + * Support for OAEP encryption, make SHA256 default + * New separate debug level for PIN commands + * Fix handling of card/reader insertion/removal events in pcscd + * Fixes of removed readers handling + * Fix Firefox crash because of invalid pcsc context + * PKCS#11: Return CKR_TOKEN_NOT_RECOGNIZED for not recognized cards + * Propagate ignore_user_content to PKCS#11 layer not to confuse applications + * Minidriver: Fix check of ATR length (2-to 33 characters inclusive) + * pkcs11-tool: allow using SW tokens + * opensc-explorer asn1 accepts offsets and decode records + * opensc-explorer cat accepts records + * OpenPGP: Add new ec curves supported by GNUK + * First steps supporting OpenPGP 3.4 + * OpenPGP: Add support for EC key import + * Rutoken: Add ATR for Rutoken ECP SC NFC + * Improve detection of various CardOS 5 configurations + * DNIe: Add new DNIe CA structure for the secure channel + * ePass2003: Improve ECC support + * ePass2003: Fix erase sequence + * IAS-ECC: Fix support for Idemia Cosmo cards + * IAS-ECC: PIN padding settings are now used from PKCS#15 info when available + * IAS-ECC: Added PIN-pad support for PIN unblock + * New driver for Gemalto IDPrime (only some types) + * eDo: New driver with initial support for Polish eID card (e-dowód, eDO) + * MCRD: Remove unused and broken RSA EstEID support + * TCOS: Add missing encryption certificates + * PIV: Add ATR of DOD Yubikey + * fixed PIV global pin bug + * CAC1: Support changing PIN with CAC Alt tokens +- includes changes from 0.20.0 + * CVE-2019-6502: memory leak in libopensc (boo#1122756) + * CVE-2019-15946: out-of-bounds access of an ASN.1 Octet string (boo#1149747) + * CVE-2019-15945: out-of-bounds access of an ASN.1 Bitstring (boo#1149746) + * CVE-2019-19479: incorrect read operation during parsing of a SETCOS file attribute (boo#1158256) + * CVE-2019-19480: improper free operation in sc_pkcs15_decode_prkdf_entry (boo#1158307) + * Support RSA-PSS signature mechanisms using RSA-RAW + * Added memory locking for secrets + * added support for terminal colors + * PC/SC driver: Fixed error handling in case of changing or removing the card reader + * rename md_read_only to read_only and use it for PKCS#11 and Minidriver + * allow global use of ignore_private_certificate + * PKCS#11: Implement write protection (CKF_WRITE_PROTECTED) based on the card profile + * PKCS#11: Add C_WrapKey and C_UnwrapKey implementations + * PKCS#11: Handle CKA_ALWAYS_AUTHENTICATE when creating key objects + * PKCS#11: Truncate long PKCS#11 labels with ... + * PKCS#11: Fixed recognition of a token when being unplugged and reinserted + * Minidriver: Register for CardOS5 cards + * Minidriver: Add support for RSA-PSS + * tools: Harmonize the use of option -r/--reader + * goid-tool: GoID personalization with fingerprint + * openpgp-tool: replace the options -L/--key-length with -t/--key-type + * openpgp-tool: add options -C/--card-info and -K/--key-info + * opensc-explorer: add command pin_info, extend random + * pkcs11-register: Auto-configuration of applications for use of OpenSC PKCS#11 + * pkcd11-register: Autostart + * opensc-tool: Show ATR also for cards not recognized by OpenSC + * pkcs11-spy: parse CKM_AES_GCM, EC Derive parameters + * pkcs11-spy: Add support for CKA_OTP_* and CKM_*_PSS values + * pkcs11-tool: Support for signature verification via --verify + * pkcs11-tool: Add object type secrkey for --type option + * pkcs11-tool: Implement Secret Key write object + * pkcs11-tool: Add GOSTR3410-2012 support + * pkcs11-tool: Add support for testing CKM_RSA_PKCS_OAEP + * pkcs11-tool: Add extractable option to key import + * pkcs11-tool: list more key access flags when listing keys + * pkcs11-tool: Add support for CKA_ALLOWED_MECHANISMS when creating new objects and listing keys + *
