Auto sync2gitlab import of opensc-0.20.0-4.el8.src.rpm
This commit is contained in:
parent
7f18aa32f8
commit
321a518128
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
||||
/opensc-0.20.0.tar.gz
|
1848
opensc-0.19.0-idprime.patch
Normal file
1848
opensc-0.19.0-idprime.patch
Normal file
File diff suppressed because it is too large
Load Diff
13
opensc-0.19.0-pinpad.patch
Normal file
13
opensc-0.19.0-pinpad.patch
Normal file
@ -0,0 +1,13 @@
|
||||
diff -up opensc-0.19.0/etc/opensc.conf.pinpad opensc-0.19.0/etc/opensc.conf
|
||||
--- opensc-0.19.0/etc/opensc.conf.pinpad 2018-10-22 14:31:12.082963540 +0200
|
||||
+++ opensc-0.19.0/etc/opensc.conf 2018-10-22 14:33:59.939410701 +0200
|
||||
@@ -4,4 +4,9 @@ app default {
|
||||
framework pkcs15 {
|
||||
# use_file_caching = true;
|
||||
}
|
||||
+ reader_driver pcsc {
|
||||
+ # The pinpad is disabled by default,
|
||||
+ # because of many broken readers out there
|
||||
+ enable_pinpad = false;
|
||||
+ }
|
||||
}
|
31
opensc-0.20.0-CVE-2020-26570.patch
Normal file
31
opensc-0.20.0-CVE-2020-26570.patch
Normal file
@ -0,0 +1,31 @@
|
||||
commit 6903aebfddc466d966c7b865fae34572bf3ed23e
|
||||
Author: Frank Morgner <frankmorgner@gmail.com>
|
||||
Date: Thu Jul 30 02:21:17 2020 +0200
|
||||
|
||||
Heap-buffer-overflow WRITE
|
||||
|
||||
fixes https://oss-fuzz.com/testcase-detail/5088104168554496
|
||||
|
||||
diff --git a/src/libopensc/pkcs15-oberthur.c b/src/libopensc/pkcs15-oberthur.c
|
||||
index a873aaa0..2fb32b8d 100644
|
||||
--- a/src/libopensc/pkcs15-oberthur.c
|
||||
+++ b/src/libopensc/pkcs15-oberthur.c
|
||||
@@ -271,11 +271,15 @@ sc_oberthur_read_file(struct sc_pkcs15_card *p15card, const char *in_path,
|
||||
rv = sc_read_binary(card, 0, *out, sz, 0);
|
||||
}
|
||||
else {
|
||||
- int rec;
|
||||
- int offs = 0;
|
||||
- int rec_len = file->record_length;
|
||||
+ size_t rec;
|
||||
+ size_t offs = 0;
|
||||
+ size_t rec_len = file->record_length;
|
||||
|
||||
for (rec = 1; ; rec++) {
|
||||
+ if (rec > file->record_count) {
|
||||
+ rv = 0;
|
||||
+ break;
|
||||
+ }
|
||||
rv = sc_read_record(card, rec, *out + offs + 2, rec_len, SC_RECORD_BY_REC_NR);
|
||||
if (rv == SC_ERROR_RECORD_NOT_FOUND) {
|
||||
rv = 0;
|
42
opensc-0.20.0-CVE-2020-26571.patch
Normal file
42
opensc-0.20.0-CVE-2020-26571.patch
Normal file
@ -0,0 +1,42 @@
|
||||
commit ed55fcd2996930bf58b9bb57e9ba7b1f3a753c43
|
||||
Author: Frank Morgner <frankmorgner@gmail.com>
|
||||
Date: Mon May 18 17:25:32 2020 +0200
|
||||
|
||||
fixed invalid read
|
||||
|
||||
fixes https://oss-fuzz.com/testcase-detail/5765246676631552
|
||||
|
||||
diff --git a/src/libopensc/pkcs15-gemsafeGPK.c b/src/libopensc/pkcs15-gemsafeGPK.c
|
||||
index e13f3b87..4b80daf2 100644
|
||||
--- a/src/libopensc/pkcs15-gemsafeGPK.c
|
||||
+++ b/src/libopensc/pkcs15-gemsafeGPK.c
|
||||
@@ -205,7 +205,7 @@ static int sc_pkcs15emu_gemsafeGPK_init(sc_pkcs15_card_t *p15card)
|
||||
|
||||
u8 sysrec[7];
|
||||
int num_keyinfo = 0;
|
||||
- keyinfo kinfo[8]; /* will loook for 8 keys */
|
||||
+ keyinfo kinfo[9]; /* will look for 9 keys */
|
||||
u8 modulus_buf[ 1 + 1024 / 8]; /* tag+modulus */
|
||||
u8 *cp;
|
||||
char buf[256];
|
||||
@@ -255,9 +255,9 @@ static int sc_pkcs15emu_gemsafeGPK_init(sc_pkcs15_card_t *p15card)
|
||||
|
||||
/* There may be more then one key in the directory. */
|
||||
/* we need to find them so we can associate them with the */
|
||||
- /* the certificate. The files are 0007 to 000f */
|
||||
+ /* the certificate. The files are 0007 to 000F */
|
||||
|
||||
- for (i = 7; i < 16; i++) {
|
||||
+ for (i = 0x7; i <= 0xF; i++) {
|
||||
path.value[0] = 0x00;
|
||||
path.value[1] = i;
|
||||
path.len = 2;
|
||||
@@ -297,7 +297,7 @@ static int sc_pkcs15emu_gemsafeGPK_init(sc_pkcs15_card_t *p15card)
|
||||
while (j--)
|
||||
*cp++ = modulus_buf[j + 1];
|
||||
num_keyinfo++;
|
||||
- }
|
||||
+ }
|
||||
|
||||
/* Get the gemsafe data with the cert */
|
||||
sc_format_path("3F000200004", &path);
|
21
opensc-0.20.0-CVE-2020-26572.patch
Normal file
21
opensc-0.20.0-CVE-2020-26572.patch
Normal file
@ -0,0 +1,21 @@
|
||||
commit 9d294de90d1cc66956389856e60b6944b27b4817
|
||||
Author: Frank Morgner <frankmorgner@gmail.com>
|
||||
Date: Thu Jun 4 10:04:10 2020 +0200
|
||||
|
||||
prevent out of bounds write
|
||||
|
||||
fixes https://oss-fuzz.com/testcase-detail/5226571123392512
|
||||
|
||||
diff --git a/src/libopensc/card-tcos.c b/src/libopensc/card-tcos.c
|
||||
index 673c2493..e88c80bd 100644
|
||||
--- a/src/libopensc/card-tcos.c
|
||||
+++ b/src/libopensc/card-tcos.c
|
||||
@@ -623,6 +623,8 @@ static int tcos_decipher(sc_card_t *card, const u8 * crgram, size_t crgram_len,
|
||||
apdu.data = sbuf;
|
||||
apdu.lc = apdu.datalen = crgram_len+1;
|
||||
sbuf[0] = tcos3 ? 0x00 : ((data->pad_flags & SC_ALGORITHM_RSA_PAD_PKCS1) ? 0x81 : 0x02);
|
||||
+ if (sizeof sbuf - 1 < crgram_len)
|
||||
+ return SC_ERROR_INVALID_ARGUMENTS;
|
||||
memcpy(sbuf+1, crgram, crgram_len);
|
||||
|
||||
r = sc_transmit_apdu(card, &apdu);
|
102
opensc-0.20.0-cac-pin-change.patch
Normal file
102
opensc-0.20.0-cac-pin-change.patch
Normal file
@ -0,0 +1,102 @@
|
||||
diff --git a/src/libopensc/card-cac.c b/src/libopensc/card-cac.c
|
||||
index 099923e5..61e69c88 100644
|
||||
--- a/src/libopensc/card-cac.c
|
||||
+++ b/src/libopensc/card-cac.c
|
||||
@@ -1793,7 +1793,7 @@ static int cac_find_and_initialize(sc_card_t *card, int initialize)
|
||||
}
|
||||
r = cac_process_ACA(card, priv);
|
||||
if (r == SC_SUCCESS) {
|
||||
- card->type = SC_CARD_TYPE_CAC_II;
|
||||
+ card->type = SC_CARD_TYPE_CAC_ALT_HID;
|
||||
card->drv_data = priv;
|
||||
return r;
|
||||
}
|
||||
@@ -1869,6 +1869,8 @@ static int cac_pin_cmd(sc_card_t *card, struct sc_pin_cmd_data *data, int *tries
|
||||
* FIPS 201 4.1.6.1 (numeric only) and * FIPS 140-2
|
||||
* (6 character minimum) requirements.
|
||||
*/
|
||||
+ sc_apdu_t apdu;
|
||||
+ u8 sbuf[SC_MAX_APDU_BUFFER_SIZE];
|
||||
struct sc_card_driver *iso_drv = sc_get_iso7816_driver();
|
||||
|
||||
if (data->cmd == SC_PIN_CMD_CHANGE) {
|
||||
@@ -1881,6 +1883,18 @@ static int cac_pin_cmd(sc_card_t *card, struct sc_pin_cmd_data *data, int *tries
|
||||
return SC_ERROR_INVALID_DATA;
|
||||
}
|
||||
}
|
||||
+
|
||||
+ /* We can change the PIN of Giesecke & Devrient CAC ALT tokens
|
||||
+ * with a bit non-standard APDU */
|
||||
+ if (card->type == SC_CARD_TYPE_CAC_ALT_HID) {
|
||||
+ int r = 0;
|
||||
+ r = iso7816_build_pin_apdu(card, &apdu, data, sbuf, sizeof(sbuf));
|
||||
+ if (r < 0)
|
||||
+ return r;
|
||||
+ /* it requires P1 = 0x01 completely against the ISO specs */
|
||||
+ apdu.p1 = 0x01;
|
||||
+ data->apdu = &apdu;
|
||||
+ }
|
||||
}
|
||||
|
||||
return iso_drv->ops->pin_cmd(card, data, tries_left);
|
||||
diff --git a/src/libopensc/cards.h b/src/libopensc/cards.h
|
||||
index 0ec25a46..16846d15 100644
|
||||
--- a/src/libopensc/cards.h
|
||||
+++ b/src/libopensc/cards.h
|
||||
@@ -244,6 +244,7 @@ enum {
|
||||
SC_CARD_TYPE_CAC_GENERIC,
|
||||
SC_CARD_TYPE_CAC_I,
|
||||
SC_CARD_TYPE_CAC_II,
|
||||
+ SC_CARD_TYPE_CAC_ALT_HID,
|
||||
|
||||
/* nPA cards */
|
||||
SC_CARD_TYPE_NPA = 34000,
|
||||
diff --git a/src/libopensc/iso7816.c b/src/libopensc/iso7816.c
|
||||
index b1a0e88f..d41613b2 100644
|
||||
--- a/src/libopensc/iso7816.c
|
||||
+++ b/src/libopensc/iso7816.c
|
||||
@@ -1017,7 +1017,7 @@ iso7816_decipher(struct sc_card *card,
|
||||
}
|
||||
|
||||
|
||||
-static int
|
||||
+int
|
||||
iso7816_build_pin_apdu(struct sc_card *card, struct sc_apdu *apdu,
|
||||
struct sc_pin_cmd_data *data, u8 *buf, size_t buf_len)
|
||||
{
|
||||
diff --git a/src/libopensc/opensc.h b/src/libopensc/opensc.h
|
||||
index b519c5d5..8ebf9fbd 100644
|
||||
--- a/src/libopensc/opensc.h
|
||||
+++ b/src/libopensc/opensc.h
|
||||
@@ -1664,6 +1664,19 @@ int iso7816_update_binary_sfid(sc_card_t *card, unsigned char sfid,
|
||||
* */
|
||||
int iso7816_logout(sc_card_t *card, unsigned char pin_reference);
|
||||
|
||||
+/*
|
||||
+ * @brief Format PIN APDU for modifiction by card driver
|
||||
+ *
|
||||
+ * @param[in] card card
|
||||
+ * @param[in] apdu apdu structure to update with PIN APDU
|
||||
+ * @param[in] data pin command data to set into the APDU
|
||||
+ * @param[in] buf buffer for APDU data field
|
||||
+ * @param[in] buf_len maximum buffer length
|
||||
+ */
|
||||
+int
|
||||
+iso7816_build_pin_apdu(struct sc_card *card, struct sc_apdu *apdu,
|
||||
+ struct sc_pin_cmd_data *data, u8 *buf, size_t buf_len);
|
||||
+
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
diff --git a/src/libopensc/pkcs15-cac.c b/src/libopensc/pkcs15-cac.c
|
||||
index ccb27994..05056ea9 100644
|
||||
--- a/src/libopensc/pkcs15-cac.c
|
||||
+++ b/src/libopensc/pkcs15-cac.c
|
||||
@@ -79,6 +79,7 @@ static const char * cac_get_name(int type)
|
||||
switch (type) {
|
||||
case SC_CARD_TYPE_CAC_I: return ("CAC I");
|
||||
case SC_CARD_TYPE_CAC_II: return ("CAC II");
|
||||
+ case SC_CARD_TYPE_CAC_ALT_HID: return ("CAC ALT HID");
|
||||
default: break;
|
||||
}
|
||||
return ("CAC");
|
102
opensc-0.20.0-calloc0.patch
Normal file
102
opensc-0.20.0-calloc0.patch
Normal file
@ -0,0 +1,102 @@
|
||||
From f1bcadfbe9d156adbe509b0860511ee41add0c67 Mon Sep 17 00:00:00 2001
|
||||
From: Frank Morgner <frankmorgner@gmail.com>
|
||||
Date: Tue, 10 Mar 2020 12:13:29 +0100
|
||||
Subject: [PATCH] pkcs11: don't try to allocate 0 byte with calloc
|
||||
|
||||
fixes #1978
|
||||
---
|
||||
src/pkcs11/pkcs11-global.c | 7 ++++++-
|
||||
win32/Make.rules.mak | 4 ++--
|
||||
win32/winconfig.h.in | 2 ++
|
||||
3 files changed, 10 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/pkcs11/pkcs11-global.c b/src/pkcs11/pkcs11-global.c
|
||||
index a3260314f8..671890309f 100644
|
||||
--- a/src/pkcs11/pkcs11-global.c
|
||||
+++ b/src/pkcs11/pkcs11-global.c
|
||||
@@ -456,6 +456,13 @@ CK_RV C_GetSlotList(CK_BBOOL tokenPresent, /* only slots with token prese
|
||||
|
||||
card_detect_all();
|
||||
|
||||
+ if (list_empty(&virtual_slots)) {
|
||||
+ sc_log(context, "returned 0 slots\n");
|
||||
+ *pulCount = 0;
|
||||
+ rv = CKR_OK;
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
found = calloc(list_size(&virtual_slots), sizeof(CK_SLOT_ID));
|
||||
|
||||
if (found == NULL) {
|
||||
diff --git a/win32/Make.rules.mak b/win32/Make.rules.mak
|
||||
index 4f4971a72d..c6b1aac340 100644
|
||||
--- a/win32/Make.rules.mak
|
||||
+++ b/win32/Make.rules.mak
|
||||
@@ -1,7 +1,7 @@
|
||||
OPENSC_FEATURES = pcsc
|
||||
|
||||
#Include support for minidriver
|
||||
-MINIDRIVER_DEF = /DENABLE_MINIDRIVER
|
||||
+#MINIDRIVER_DEF = /DENABLE_MINIDRIVER
|
||||
|
||||
#Build MSI with the Windows Installer XML (WIX) toolkit, requires WIX >= 3.9
|
||||
!IF "$(WIX)" == ""
|
||||
@@ -33,7 +33,7 @@ WIX_LIBS = "$(WIX)\SDK\$(WIXVSVER)\lib\$(PLATFORM)\dutil.lib" "$(WIX)\SDK\$(WIXV
|
||||
SM_DEF = /DENABLE_SM
|
||||
|
||||
#Build with debugging support
|
||||
-#DEBUG_DEF = /DDEBUG
|
||||
+DEBUG_DEF = /DDEBUG
|
||||
|
||||
# If you want support for OpenSSL (needed for pkcs15-init tool, software hashing in PKCS#11 library and verification):
|
||||
# - download and build OpenSSL
|
||||
diff --git a/win32/winconfig.h.in b/win32/winconfig.h.in
|
||||
index 94ed9b5475..fa682c5bcc 100644
|
||||
--- a/win32/winconfig.h.in
|
||||
+++ b/win32/winconfig.h.in
|
||||
@@ -103,6 +103,8 @@
|
||||
#define DEFAULT_ONEPIN_PKCS11_PROVIDER "@DEFAULT_ONEPIN_PKCS11_PROVIDER@"
|
||||
#endif
|
||||
|
||||
+#define PKCS11_THREAD_LOCKING
|
||||
+
|
||||
#ifndef DEFAULT_SM_MODULE
|
||||
#define DEFAULT_SM_MODULE "@DEFAULT_SM_MODULE@"
|
||||
#endif
|
||||
|
||||
commit 500ecd3d127975379e2310626c3ce94c3e7035ea
|
||||
Author: Jakub Jelen <jjelen@redhat.com>
|
||||
Date: Wed Nov 25 13:49:08 2020 +0100
|
||||
|
||||
pkcs11-tool: Avoid calloc with 0 argument
|
||||
|
||||
diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
|
||||
index 4015aaf1..89244795 100644
|
||||
--- a/src/tools/pkcs11-tool.c
|
||||
+++ b/src/tools/pkcs11-tool.c
|
||||
@@ -1270,15 +1270,18 @@ static void list_slots(int tokens, int refresh, int print)
|
||||
if (rv != CKR_OK)
|
||||
p11_fatal("C_GetSlotList(NULL)", rv);
|
||||
free(p11_slots);
|
||||
- p11_slots = calloc(p11_num_slots, sizeof(CK_SLOT_ID));
|
||||
- if (p11_slots == NULL) {
|
||||
- perror("calloc failed");
|
||||
- exit(1);
|
||||
+ p11_slots = NULL;
|
||||
+ if (p11_num_slots > 0) {
|
||||
+ p11_slots = calloc(p11_num_slots, sizeof(CK_SLOT_ID));
|
||||
+ if (p11_slots == NULL) {
|
||||
+ perror("calloc failed");
|
||||
+ exit(1);
|
||||
+ }
|
||||
+ rv = p11->C_GetSlotList(tokens, p11_slots, &p11_num_slots);
|
||||
+ if (rv != CKR_OK)
|
||||
+ p11_fatal("C_GetSlotList()", rv);
|
||||
}
|
||||
|
||||
- rv = p11->C_GetSlotList(tokens, p11_slots, &p11_num_slots);
|
||||
- if (rv != CKR_OK)
|
||||
- p11_fatal("C_GetSlotList()", rv);
|
||||
}
|
||||
|
||||
if (!print)
|
1338
opensc-0.20.0-cardos.patch
Normal file
1338
opensc-0.20.0-cardos.patch
Normal file
File diff suppressed because it is too large
Load Diff
85
opensc-0.20.0-file-cache.patch
Normal file
85
opensc-0.20.0-file-cache.patch
Normal file
@ -0,0 +1,85 @@
|
||||
From 2a28dcd3f6e4af7a5b2d7d7810b26b6321dd1bf1 Mon Sep 17 00:00:00 2001
|
||||
From: Jakub Jelen <jjelen@redhat.com>
|
||||
Date: Tue, 10 Nov 2020 14:44:43 +0100
|
||||
Subject: [PATCH 1/3] ctx: Use more standard cache directory
|
||||
|
||||
https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html
|
||||
---
|
||||
src/libopensc/ctx.c | 9 +++++++--
|
||||
1 file changed, 7 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/libopensc/ctx.c b/src/libopensc/ctx.c
|
||||
index 6b57170f01..d6058c070e 100644
|
||||
--- a/src/libopensc/ctx.c
|
||||
+++ b/src/libopensc/ctx.c
|
||||
@@ -1008,7 +1008,12 @@ int sc_get_cache_dir(sc_context_t *ctx, char *buf, size_t bufsize)
|
||||
}
|
||||
|
||||
#ifndef _WIN32
|
||||
- cache_dir = ".eid/cache";
|
||||
+ cache_dir = getenv("XDG_CACHE_HOME");
|
||||
+ if (cache_dir != NULL && cache_dir[0] != '\0') {
|
||||
+ snprintf(buf, bufsize, "%s/%s", cache_dir, "opensc");
|
||||
+ return SC_SUCCESS;
|
||||
+ }
|
||||
+ cache_dir = ".cache/opensc";
|
||||
homedir = getenv("HOME");
|
||||
#else
|
||||
cache_dir = "eid-cache";
|
||||
@@ -1020,7 +1025,7 @@ int sc_get_cache_dir(sc_context_t *ctx, char *buf, size_t bufsize)
|
||||
homedir = temp_path;
|
||||
}
|
||||
#endif
|
||||
- if (homedir == NULL)
|
||||
+ if (homedir == NULL || homedir[0] == '\0')
|
||||
return SC_ERROR_INTERNAL;
|
||||
if (snprintf(buf, bufsize, "%s/%s", homedir, cache_dir) < 0)
|
||||
return SC_ERROR_BUFFER_TOO_SMALL;
|
||||
|
||||
From 7c1c6f6be47f55693647827259edcacc98761371 Mon Sep 17 00:00:00 2001
|
||||
From: Jakub Jelen <jjelen@redhat.com>
|
||||
Date: Tue, 10 Nov 2020 15:07:42 +0100
|
||||
Subject: [PATCH 3/3] doc: Update documentation about the cache location
|
||||
|
||||
---
|
||||
doc/files/opensc.conf.5.xml.in | 9 +++++++--
|
||||
2 files changed, 11 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/doc/files/opensc.conf.5.xml.in b/doc/files/opensc.conf.5.xml.in
|
||||
index 118922a877..791f11669a 100644
|
||||
--- a/doc/files/opensc.conf.5.xml.in
|
||||
+++ b/doc/files/opensc.conf.5.xml.in
|
||||
@@ -1116,12 +1116,17 @@ app <replaceable>application</replaceable> {
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
- <filename><envar>HOME</envar>/.eid/cache/</filename> (Unix)
|
||||
+ <filename><envar>$XDG_CACHE_HOME</envar>/opensc/</filename> (If <envar>$XDG_CACHE_HOME</envar> is defined)
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
- <filename><envar>USERPROFILE</envar>\.eid-cache\</filename> (Windows)
|
||||
+ <filename><envar>$HOME</envar>/.cache/opensc/</filename> (Unix)
|
||||
+ </para>
|
||||
+ </listitem>
|
||||
+ <listitem>
|
||||
+ <para>
|
||||
+ <filename><envar>$USERPROFILE</envar>\.eid-cache\</filename> (Windows)
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
diff -up opensc-0.20.0/etc/opensc.conf.file-cache opensc-0.20.0/etc/opensc.conf
|
||||
--- opensc-0.20.0/etc/opensc.conf.file-cache 2020-11-20 16:49:30.995526825 +0100
|
||||
+++ opensc-0.20.0/etc/opensc.conf 2020-11-20 16:50:07.665053280 +0100
|
||||
@@ -2,7 +2,7 @@ app default {
|
||||
# debug = 3;
|
||||
# debug_file = opensc-debug.txt;
|
||||
framework pkcs15 {
|
||||
- # use_file_caching = true;
|
||||
+ use_file_caching = true;
|
||||
}
|
||||
reader_driver pcsc {
|
||||
# The pinpad is disabled by default,
|
||||
|
24
opensc-0.20.0-label-padding.patch
Normal file
24
opensc-0.20.0-label-padding.patch
Normal file
@ -0,0 +1,24 @@
|
||||
commit 8d4af9eb0b799f22b25783e8e1b7af329b5a917b
|
||||
Author: Frank Morgner <frankmorgner@gmail.com>
|
||||
Date: Fri Jan 31 12:15:53 2020 +0100
|
||||
|
||||
pkcs11: fixed right padding of token label with ' '
|
||||
|
||||
fixes https://github.com/OpenSC/OpenSC/issues/1922
|
||||
|
||||
diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c
|
||||
index e94eeeff..a1951c2e 100644
|
||||
--- a/src/pkcs11/framework-pkcs15.c
|
||||
+++ b/src/pkcs11/framework-pkcs15.c
|
||||
@@ -1122,9 +1122,10 @@ pkcs15_init_slot(struct sc_pkcs15_card *p15card, struct sc_pkcs11_slot *slot,
|
||||
max_tokeninfo_len);
|
||||
slot->token_info.label[max_tokeninfo_len] = ' ';
|
||||
slot->token_info.label[max_tokeninfo_len+1] = '(';
|
||||
- slot->token_info.label[max_tokeninfo_len+2+pin_len] = ')';
|
||||
strcpy_bp(slot->token_info.label+max_tokeninfo_len+2,
|
||||
auth->label, pin_len);
|
||||
+ strcpy_bp(slot->token_info.label+max_tokeninfo_len+2+pin_len,
|
||||
+ ")", 32 - max_tokeninfo_len-2-pin_len);
|
||||
}
|
||||
} else {
|
||||
/* PIN label is empty or just says non-useful "PIN",
|
8
opensc.module
Normal file
8
opensc.module
Normal file
@ -0,0 +1,8 @@
|
||||
# This file describes how to load the opensc module
|
||||
# See: http://p11-glue.freedesktop.org/doc/p11-kit/config.html
|
||||
|
||||
# This is a relative path, which means it will be loaded from
|
||||
# the p11-kit default path which is usually $(libdir)/pkcs11.
|
||||
# Doing it this way allows for packagers to package opensc for
|
||||
# 32-bit and 64-bit and make them parallel installable
|
||||
module: opensc-pkcs11.so
|
716
opensc.spec
Normal file
716
opensc.spec
Normal file
@ -0,0 +1,716 @@
|
||||
%define opensc_module "OpenSC PKCS #11 Module"
|
||||
%define nssdb %{_sysconfdir}/pki/nssdb
|
||||
|
||||
Name: opensc
|
||||
Version: 0.20.0
|
||||
Release: 4%{?dist}
|
||||
Summary: Smart card library and applications
|
||||
|
||||
Group: System Environment/Libraries
|
||||
License: LGPLv2+
|
||||
URL: https://github.com/OpenSC/OpenSC/wiki
|
||||
Source0: https://github.com/OpenSC/OpenSC/releases/download/%{version}/%{name}-%{version}.tar.gz
|
||||
Source1: opensc.module
|
||||
Patch6: opensc-0.19.0-pinpad.patch
|
||||
# https://github.com/OpenSC/OpenSC/pull/1772
|
||||
Patch8: opensc-0.19.0-idprime.patch
|
||||
# https://github.com/OpenSC/OpenSC/pull/1987
|
||||
Patch9: opensc-0.20.0-cardos.patch
|
||||
# https://github.com/OpenSC/OpenSC/pull/2129
|
||||
Patch10: opensc-0.20.0-cac-pin-change.patch
|
||||
# https://github.com/OpenSC/OpenSC/commit/6903aebf
|
||||
Patch11: opensc-0.20.0-CVE-2020-26570.patch
|
||||
# https://github.com/OpenSC/OpenSC/commit/ed55fcd2
|
||||
Patch12: opensc-0.20.0-CVE-2020-26571.patch
|
||||
# https://github.com/OpenSC/OpenSC/commit/9d294de9
|
||||
Patch13: opensc-0.20.0-CVE-2020-26572.patch
|
||||
# https://github.com/OpenSC/OpenSC/commit/8d4af9eb
|
||||
Patch14: opensc-0.20.0-label-padding.patch
|
||||
# https://github.com/OpenSC/OpenSC/commit/f1bcadfb
|
||||
# https://github.com/OpenSC/OpenSC/pull/2166
|
||||
Patch15: opensc-0.20.0-calloc0.patch
|
||||
# https://github.com/OpenSC/OpenSC/pull/2148
|
||||
# + configuration change by default
|
||||
Patch16: opensc-0.20.0-file-cache.patch
|
||||
|
||||
|
||||
BuildRequires: pcsc-lite-devel
|
||||
BuildRequires: readline-devel
|
||||
BuildRequires: openssl-devel
|
||||
BuildRequires: /usr/bin/xsltproc
|
||||
BuildRequires: docbook-style-xsl
|
||||
BuildRequires: autoconf automake libtool gcc
|
||||
BuildRequires: desktop-file-utils
|
||||
BuildRequires: bash-completion
|
||||
BuildRequires: zlib-devel
|
||||
Requires: pcsc-lite-libs%{?_isa}
|
||||
Requires: pcsc-lite
|
||||
Obsoletes: mozilla-opensc-signer < 0.12.0
|
||||
Obsoletes: opensc-devel < 0.12.0
|
||||
Obsoletes: coolkey <= 1.1.0-36
|
||||
|
||||
%description
|
||||
OpenSC provides a set of libraries and utilities to work with smart cards. Its
|
||||
main focus is on cards that support cryptographic operations, and facilitate
|
||||
their use in security applications such as authentication, mail encryption and
|
||||
digital signatures. OpenSC implements the PKCS#11 API so applications
|
||||
supporting this API (such as Mozilla Firefox and Thunderbird) can use it. On
|
||||
the card OpenSC implements the PKCS#15 standard and aims to be compatible with
|
||||
every software/card that does so, too.
|
||||
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch6 -p1 -b .pinpad
|
||||
%patch8 -p1 -b .idprime
|
||||
%patch9 -p1 -b .cardos
|
||||
%patch10 -p1 -b .cac-pin-change
|
||||
%patch11 -p1 -b .CVE-2020-26570
|
||||
%patch12 -p1 -b .CVE-2020-26571
|
||||
%patch13 -p1 -b .CVE-2020-26572
|
||||
%patch14 -p1 -b .padding
|
||||
%patch15 -p1 -b .calloc0
|
||||
%patch16 -p1 -b .file-cache
|
||||
|
||||
cp -p src/pkcs15init/README ./README.pkcs15init
|
||||
cp -p src/scconf/README.scconf .
|
||||
# No {_libdir} here to avoid multilib conflicts; it's just an example
|
||||
sed -i -e 's|/usr/local/towitoko/lib/|/usr/lib/ctapi/|' etc/opensc.conf.example.in
|
||||
|
||||
|
||||
%build
|
||||
autoreconf -fvi
|
||||
%ifarch %{ix86} ppc s390
|
||||
sed -i -e 's/opensc.conf/opensc-%{_arch}.conf/g' src/libopensc/Makefile.in
|
||||
%endif
|
||||
sed -i -e 's|"/lib /usr/lib\b|"/%{_lib} %{_libdir}|' configure # lib64 rpaths
|
||||
%configure --disable-static \
|
||||
--disable-autostart-items \
|
||||
--disable-assert \
|
||||
--enable-pcsc \
|
||||
--disable-tests \
|
||||
--enable-sm \
|
||||
--with-pcsc-provider=libpcsclite.so.1
|
||||
make %{?_smp_mflags} V=1
|
||||
|
||||
|
||||
%install
|
||||
make install DESTDIR=$RPM_BUILD_ROOT
|
||||
install -Dpm 644 %{SOURCE1} $RPM_BUILD_ROOT%{_datadir}/p11-kit/modules/opensc.module
|
||||
|
||||
%ifarch %{ix86} ppc s390
|
||||
# To avoid multilib issues, move these files on 32b intel architectures
|
||||
rm -f $RPM_BUILD_ROOT%{_sysconfdir}/opensc.conf
|
||||
install -Dpm 644 etc/opensc.conf $RPM_BUILD_ROOT%{_sysconfdir}/opensc-%{_arch}.conf
|
||||
rm -f $RPM_BUILD_ROOT%{_mandir}/man5/opensc.conf.5
|
||||
install -Dpm 644 doc/files/opensc.conf.5 $RPM_BUILD_ROOT%{_mandir}/man5/opensc-%{_arch}.conf.5
|
||||
# use NEWS file timestamp as reference for configuration file
|
||||
touch -r NEWS $RPM_BUILD_ROOT%{_sysconfdir}/opensc-%{_arch}.conf
|
||||
touch -r NEWS $RPM_BUILD_ROOT%{_mandir}/man5/opensc-%{_arch}.conf.5
|
||||
%else
|
||||
# For backward compatibility, symlink the old location to the new files
|
||||
ln -s %{_sysconfdir}/opensc.conf $RPM_BUILD_ROOT%{_sysconfdir}/opensc-%{_arch}.conf
|
||||
%endif
|
||||
|
||||
find $RPM_BUILD_ROOT%{_libdir} -type f -name "*.la" | xargs rm
|
||||
|
||||
rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/opensc
|
||||
|
||||
# Upstream considers libopensc API internal and no longer ships
|
||||
# public headers and pkgconfig files.
|
||||
# Remove the symlink as nothing is supposed to link against libopensc.
|
||||
rm -f $RPM_BUILD_ROOT%{_libdir}/libopensc.so
|
||||
rm -f $RPM_BUILD_ROOT%{_libdir}/libsmm-local.so
|
||||
%if 0%{?rhel} && 0%{?rhel} < 7
|
||||
rm -rf %{buildroot}%{_datadir}/bash-completion/
|
||||
%endif
|
||||
|
||||
# the npa-tool builds to nothing since we do not have OpenPACE library
|
||||
rm -rf %{buildroot}%{_bindir}/npa-tool
|
||||
rm -rf %{buildroot}%{_mandir}/man1/npa-tool.1*
|
||||
|
||||
# We use p11-kit for pkcs11 modules registration
|
||||
rm -rf %{buildroot}%{_bindir}/pkcs11-register
|
||||
# It is even missing the manual page
|
||||
#rm -rf %{buildroot}%{_mandir}/man1/pkcs11-register.1*
|
||||
|
||||
desktop-file-validate %{buildroot}/%{_datadir}/applications/org.opensc.notify.desktop
|
||||
|
||||
%post
|
||||
/sbin/ldconfig
|
||||
# Remove our PKCS#11 module from NSS DB, if there is NSS installed, because
|
||||
# it is already loaded by p11-kit-proxy. Using both of them can cause
|
||||
# race conditions and hard-to-debug problems
|
||||
# TODO Remove with F30 or so
|
||||
if [ -x /usr/bin/modutil ]; then
|
||||
isThere=`modutil -rawlist -dbdir %{nssdb} | grep %{opensc_module} || echo NO`
|
||||
if [ ! "$isThere" == "NO" ]; then
|
||||
modutil -delete %{opensc_module} -dbdir %{nssdb} -force || :
|
||||
|
||||
fi
|
||||
isThere=`modutil -rawlist -dbdir sql:%{nssdb} | grep %{opensc_module} || echo NO`
|
||||
if [ ! "$isThere" == "NO" ]; then
|
||||
modutil -delete %{opensc_module} -dbdir sql:%{nssdb} -force || :
|
||||
fi
|
||||
fi
|
||||
|
||||
%postun
|
||||
/sbin/ldconfig
|
||||
|
||||
%files
|
||||
%doc COPYING NEWS README*
|
||||
|
||||
%if ! 0%{?rhel} || 0%{?rhel} >= 7
|
||||
%{_datadir}/bash-completion/*
|
||||
%endif
|
||||
|
||||
%ifarch %{ix86} ppc s390
|
||||
%{_mandir}/man5/opensc-%{_arch}.conf.5*
|
||||
%else
|
||||
%config(noreplace) %{_sysconfdir}/opensc.conf
|
||||
%{_mandir}/man5/opensc.conf.5*
|
||||
%endif
|
||||
|
||||
%config(noreplace) %{_sysconfdir}/opensc-%{_arch}.conf
|
||||
%{_datadir}/p11-kit/modules/opensc.module
|
||||
%{_bindir}/cardos-tool
|
||||
%{_bindir}/cryptoflex-tool
|
||||
%{_bindir}/eidenv
|
||||
%{_bindir}/iasecc-tool
|
||||
%{_bindir}/gids-tool
|
||||
%{_bindir}/netkey-tool
|
||||
%{_bindir}/openpgp-tool
|
||||
%{_bindir}/opensc-explorer
|
||||
%{_bindir}/opensc-tool
|
||||
%{_bindir}/opensc-asn1
|
||||
%{_bindir}/opensc-notify
|
||||
%{_bindir}/piv-tool
|
||||
%{_bindir}/pkcs11-tool
|
||||
%{_bindir}/pkcs15-crypt
|
||||
%{_bindir}/pkcs15-init
|
||||
%{_bindir}/pkcs15-tool
|
||||
%{_bindir}/sc-hsm-tool
|
||||
%{_bindir}/dnie-tool
|
||||
%{_bindir}/westcos-tool
|
||||
%{_bindir}/egk-tool
|
||||
%{_datadir}/applications/org.opensc.notify.desktop
|
||||
%{_bindir}/goid-tool
|
||||
%{_libdir}/lib*.so.*
|
||||
%{_libdir}/opensc-pkcs11.so
|
||||
%{_libdir}/pkcs11-spy.so
|
||||
%{_libdir}/onepin-opensc-pkcs11.so
|
||||
%{_libdir}/pkgconfig/*.pc
|
||||
%%dir %{_libdir}/pkcs11
|
||||
%{_libdir}/pkcs11/opensc-pkcs11.so
|
||||
%{_libdir}/pkcs11/onepin-opensc-pkcs11.so
|
||||
%{_libdir}/pkcs11/pkcs11-spy.so
|
||||
%{_datadir}/opensc/
|
||||
%{_mandir}/man1/cardos-tool.1*
|
||||
%{_mandir}/man1/cryptoflex-tool.1*
|
||||
%{_mandir}/man1/eidenv.1*
|
||||
%{_mandir}/man1/gids-tool.1*
|
||||
%{_mandir}/man1/iasecc-tool.1*
|
||||
%{_mandir}/man1/netkey-tool.1*
|
||||
%{_mandir}/man1/openpgp-tool.1*
|
||||
%{_mandir}/man1/opensc-explorer.*
|
||||
%{_mandir}/man1/opensc-tool.1*
|
||||
%{_mandir}/man1/opensc-asn1.1*
|
||||
%{_mandir}/man1/opensc-notify.1*
|
||||
%{_mandir}/man1/piv-tool.1*
|
||||
%{_mandir}/man1/pkcs11-tool.1*
|
||||
%{_mandir}/man1/pkcs15-crypt.1*
|
||||
%{_mandir}/man1/pkcs15-init.1*
|
||||
%{_mandir}/man1/pkcs15-tool.1*
|
||||
%{_mandir}/man1/sc-hsm-tool.1*
|
||||
%{_mandir}/man1/westcos-tool.1*
|
||||
%{_mandir}/man1/dnie-tool.1*
|
||||
%{_mandir}/man1/egk-tool.1*
|
||||
%{_mandir}/man5/pkcs15-profile.5*
|
||||
|
||||
|
||||
%changelog
|
||||
* Fri Nov 20 2020 Jakub Jelen <jjelen@redhat.com> - 0.20.0-4
|
||||
- Use file cache by default (#1892810)
|
||||
- Avoid calloc with 0 argument (#1895401)
|
||||
|
||||
* Tue Oct 20 2020 Jakub Jelen <jjelen@redhat.com> - 0.20.0-3
|
||||
- Support PIN change for HID Alt tokens (#1830901)
|
||||
- Fix CVE-2020-26570, CVE-2020-26571 and CVE-2020-26572
|
||||
- Fix right padding of token labels of some cards (#1877973)
|
||||
|
||||
* Wed May 27 2020 Jakub Jelen <jjelen@redhat.com> - 0.20.0-2
|
||||
- Unbreak different CardOS 5 configurations supporting raw RSA (#1830856)
|
||||
|
||||
* Wed Apr 22 2020 Jakub Jelen <jjelen@redhat.com> - 0.20.0-1
|
||||
- Rebase to current upstream release (#1810660)
|
||||
|
||||
* Mon Nov 25 2019 Jakub Jelen <jjelen@redhat.com> - 0.19.0-7
|
||||
- Unbreak RSA-PSS mechanisms in -6 release (#1775673)
|
||||
|
||||
* Thu Nov 14 2019 Jakub Jelen <jjelen@redhat.com> - 0.19.0-6
|
||||
- Add support for Gemalto IDPrime smart cards (#1657970)
|
||||
- Fix 2k RSA key operations with Coolkey (#1766712)
|
||||
|
||||
* Thu Apr 18 2019 Jakub Jelen <jjelen@redhat.com> - 0.19.0-5
|
||||
- Avoid multilib issues (#1693380)
|
||||
|
||||
* Wed Dec 12 2018 Jakub Jelen <jjelen@redhat.com> - 0.19.0-4
|
||||
- Unbreak the Dual CAC cards in PIV driver (#1651748)
|
||||
- Fix few more corner cases for handling different types of padding (#1595626)
|
||||
- Unbreak signature verification in pkcs11-tool (#1651748)
|
||||
|
||||
* Wed Oct 31 2018 Jakub Jelen <jjelen@redhat.com> - 0.19.0-3
|
||||
- Unbreak the RSA-PSS mechanisms (#1595626)
|
||||
- Unbreak the signing using hashed mechanisms in CardOS and others (#1644338)
|
||||
|
||||
* Mon Oct 22 2018 Jakub Jelen <jjelen@redhat.com> - 0.19.0-2
|
||||
- Avoid mismatching coolkey cards for muscle ones (#1588722)
|
||||
- Implement legacy CAC1 driver (#1638052)
|
||||
- Disable pinpad
|
||||
- Fixup verification after RSA-PSS implementation
|
||||
|
||||
* Tue Sep 25 2018 Jakub Jelen <jjelen@redhat.com> - 0.19.0-1
|
||||
- New upstream release fixing various CVE-2018-16418 - 16421, 16423 - 16427
|
||||
- Add support for RSA-PSS signatures
|
||||
|
||||
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.18.0-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||
|
||||
* Thu Jul 12 2018 Jakub Jelen <jjelen@redhat.com> - 0.18.0-3
|
||||
- Do not add pkcs11 module to NSS after installation
|
||||
(NSS is loading p11-kit modules by default)
|
||||
- Remove pkcs11-switch since there is nothing to switch to
|
||||
|
||||
* Mon May 21 2018 Jakub Jelen <jjelen@redhat.com> - 0.18.0-2
|
||||
- Backport a fix for C_WaitForSlotEvent crash (#1579933)
|
||||
|
||||
* Thu May 17 2018 Jakub Jelen <jjelen@redhat.com> - 0.18.0-1
|
||||
- New upstream release (#1567503)
|
||||
|
||||
* Wed Apr 04 2018 Jakub Jelen <jjelen@redhat.com> - 0.17.0-10
|
||||
- Install the PKCS#11 modules also to the new NSS DB
|
||||
- Drop the pkcs11-switch as the coolkey is gone
|
||||
|
||||
* Tue Apr 03 2018 Jakub Jelen <jjelen@redhat.com> - 0.17.0-9
|
||||
- Improved support for CloudHSM (#1562572)
|
||||
|
||||
* Mon Mar 19 2018 Jakub Jelen <jjelen@redhat.com> - 0.17.0-8
|
||||
- Build requires gcc
|
||||
- Backport a fix for feitian tokens (#1558099)
|
||||
|
||||
* Fri Mar 02 2018 Jakub Jelen <jjelen@redhat.com> - 0.17.0-7
|
||||
- Obsolete coolkey
|
||||
- Do not report bogus errors from pkcs11-switch
|
||||
- Do not delete nonexisting modules during uninstall (#1526670)
|
||||
|
||||
* Wed Feb 21 2018 Jakub Jelen <jjelen@redhat.com> - 0.17.0-6
|
||||
- PIV: Use Cardholder name in the token label
|
||||
- Avoid infinite loop when reading CAC cards
|
||||
- Properly parse multi-byte length in SimpleTLV
|
||||
- Support CAC Alt tokens
|
||||
|
||||
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.17.0-5
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||
|
||||
* Mon Dec 04 2017 Jakub Jelen <jjelen@redhat.com> - 0.17.0-4
|
||||
- Allow functionality of a new Estonia ID cards (#1519751)
|
||||
|
||||
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.17.0-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
||||
|
||||
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.17.0-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
||||
|
||||
* Wed Jul 19 2017 Jakub Jelen <jjelen@redhat.com> - 0.17.0-1
|
||||
- New upstream release including support for Coolkey and CAC cards
|
||||
|
||||
* Tue Feb 28 2017 Jakub Jelen <jjelen@redhat.com> - 0.16.0-5.20161016git0362439
|
||||
- Add PKCS#11 library to the NSS DB (#1421692)
|
||||
|
||||
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.16.0-4.20161016git0362439
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
||||
|
||||
* Thu Jan 12 2017 Igor Gnatenko <ignatenko@redhat.com> - 0.16.0-3.20161016git0362439
|
||||
- Rebuild for readline 7.x
|
||||
|
||||
* Mon Oct 31 2016 Jakub Jelen <jjelen@redhat.com> - 0.16.0-2.20161016git0362439
|
||||
- Updated to latest git to address openssl 1.1.0 compilation issues (#1388895)
|
||||
- Do not own /etc/bash_completion.d directory (#1303441)
|
||||
|
||||
* Tue Aug 02 2016 Jakub Jelen <jjelen@redhat.com> - 0.16.0-1
|
||||
- New upstream release 0.16.0 (#1306071)
|
||||
|
||||
* Tue Jul 12 2016 Jakub Jelen <jjelen@redhat.com> - 0.15.0-6
|
||||
- Add support for 2048 key length (#1350588)
|
||||
- Explicitly set CKA_PRIVATE to false when writing certificates (#1272127)
|
||||
|
||||
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.15.0-5
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
||||
|
||||
* Mon Jan 18 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.15.0-4
|
||||
- Fix a crash in accessing public key (#1298669)
|
||||
|
||||
* Thu Nov 19 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.15.0-3
|
||||
- Export PKCS#11 symbols from spy library (#1283306)
|
||||
|
||||
* Tue Aug 4 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.15.0-2
|
||||
- Updated fix for issue with C_Initialize after fork() (#1218797)
|
||||
|
||||
* Tue Jul 14 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.15.0-1
|
||||
- Update to 0.15.0 (#1209682)
|
||||
- Solve issue with C_Initialize after fork() (#1218797)
|
||||
|
||||
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.14.0-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
||||
|
||||
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.14.0-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
|
||||
|
||||
* Tue Jul 01 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.14.0-1
|
||||
- new upstream version
|
||||
|
||||
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.13.0-13
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
||||
|
||||
* Fri Feb 28 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.13.0-12
|
||||
- Added fix for crash when calling pkcs11-tool with an invalid module (#1071368)
|
||||
- Added fix for invalid parameters passed to module by pkcs11-tool
|
||||
when importing a private key (#1071369)
|
||||
- Configuration file opensc.conf was renamed to opensc-arch.conf to
|
||||
avoid multi-arch issues.
|
||||
|
||||
* Fri Jan 31 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.13.0-11
|
||||
- Corrected installation path of opensc.module (#1060053)
|
||||
|
||||
* Mon Jan 06 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.13.0-10
|
||||
- Applied myeid related patch (#1048576)
|
||||
|
||||
* Thu Jan 02 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.13.0-9
|
||||
- Applied epass2003 related patch (#981462)
|
||||
|
||||
* Mon Dec 23 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.13.0-8
|
||||
- Compile using the --enable-sm option (related but does not fix #981462)
|
||||
|
||||
* Wed Dec 18 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.13.0-7
|
||||
- Ensure that pcsc-lite is depended on (#1029133)
|
||||
|
||||
* Mon Sep 23 2013 Stef Walter <stefw@redhat.com> - 0.13.0-6
|
||||
- Install p11-kit config file to the right place (#999190)
|
||||
|
||||
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.13.0-5
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
|
||||
|
||||
* Fri Mar 08 2013 Stef Walter <stefw@redhat.com> - 0.13.0-4
|
||||
- Use the standard name format for p11-kit module configs
|
||||
- Put the p11-kit module config is the system location
|
||||
|
||||
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.13.0-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
|
||||
|
||||
* Sun Jan 13 2013 Kalev Lember <kalevlember@gmail.com> - 0.13.0-2
|
||||
- Backport an upstream patch for fixing pkcs15 cert length calculation
|
||||
|
||||
* Thu Jan 03 2013 Milan Broz <mbroz@redhat.com> - 0.13.0-1
|
||||
- Update to 0.13.0 (#890770)
|
||||
- Remove no longer provided onepin-opensc-pkcs11.so.
|
||||
- Add iasecc-tool, openpgp-tool and sc-hsm-tool.
|
||||
|
||||
* Fri Jul 27 2012 Tomas Mraz <tmraz@redhat.com> - 0.12.2-6
|
||||
- Add a configuration file for p11-kit (#840504)
|
||||
|
||||
* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.12.2-5
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
||||
|
||||
* Sun Mar 4 2012 Peter Robinson <pbrobinson@fedoraproject.org> - 0.12.2-4
|
||||
- Add patch for dso
|
||||
|
||||
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.12.2-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
||||
|
||||
* Wed Aug 17 2011 Tomas Mraz <tmraz@redhat.com> - 0.12.2-2
|
||||
- Rebuilt to fix trailing slashes in filelist from rpmbuild bug
|
||||
|
||||
* Tue Jul 19 2011 Kalev Lember <kalevlember@gmail.com> - 0.12.2-1
|
||||
- Update to 0.12.2 (#722659)
|
||||
|
||||
* Wed May 18 2011 Kalev Lember <kalev@smartlink.ee> - 0.12.1-1
|
||||
- Update to 0.12.1 (#705743)
|
||||
- Removed BR libtool-ltdl-devel to build with glibc's libdl instead
|
||||
|
||||
* Tue Apr 12 2011 Tomas Mraz <tmraz@redhat.com> - 0.12.0-4
|
||||
- drop multilib conflicting and duplicated doc file (#695368)
|
||||
|
||||
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.12.0-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
||||
|
||||
* Mon Jan 03 2011 Kalev Lember <kalev@smartlink.ee> - 0.12.0-2
|
||||
- Disabled asserts
|
||||
|
||||
* Mon Jan 03 2011 Kalev Lember <kalev@smartlink.ee> - 0.12.0-1
|
||||
- Update to 0.12.0
|
||||
- Removed and obsoleted mozilla-opensc-signer and opensc-devel subpackages
|
||||
- Dropped patches which are now upstreamed
|
||||
- It is no longer possible to build in both pcsc-lite and openct support,
|
||||
so opensc now gets built exclusively with pcsc-lite.
|
||||
|
||||
* Tue Dec 21 2010 Tomas Mraz <tmraz@redhat.com> - 0.11.13-6
|
||||
- fix buffer overflow on rogue card serial numbers
|
||||
|
||||
* Tue Oct 19 2010 Tomas Mraz <tmraz@redhat.com> - 0.11.13-5
|
||||
- own the _libdir/pkcs11 subdirectory (#644527)
|
||||
|
||||
* Tue Sep 7 2010 Tomas Mraz <tmraz@redhat.com> - 0.11.13-4
|
||||
- fix build with new pcsc-lite
|
||||
|
||||
* Wed Aug 11 2010 Rex Dieter <rdieter@fedoraproject.org> - 0.11.13-3
|
||||
- build against libassuan1 (f14+)
|
||||
|
||||
* Wed Jun 9 2010 Tomas Mraz <tmraz@redhat.com> - 0.11.13-2
|
||||
- replace file dependency (#601943)
|
||||
|
||||
* Tue Feb 16 2010 Kalev Lember <kalev@smartlink.ee> - 0.11.13-1
|
||||
- new upstream version
|
||||
|
||||
* Sun Feb 14 2010 Kalev Lember <kalev@smartlink.ee> - 0.11.12-2
|
||||
- Added patch to fix linking with the new --no-add-needed default (#564758)
|
||||
|
||||
* Mon Dec 21 2009 Kalev Lember <kalev@smartlink.ee> - 0.11.12-1
|
||||
- new upstream version
|
||||
- replaced %%define with %%global
|
||||
- BR clean up from items not applicable to current Fedora releases
|
||||
|
||||
* Tue Dec 8 2009 Michael Schwendt <mschwendt@fedoraproject.org> - 0.11.11-2
|
||||
- Explicitly BR libassuan-static in accordance with the Packaging
|
||||
Guidelines (libassuan-devel is still static-only).
|
||||
|
||||
* Thu Nov 19 2009 Tomas Mraz <tmraz@redhat.com> - 0.11.11-1
|
||||
- new upstream version
|
||||
|
||||
* Tue Sep 29 2009 Tomas Mraz <tmraz@redhat.com> - 0.11.9-2
|
||||
- fix multilib conflict in the configuration file (#526269)
|
||||
|
||||
* Wed Sep 09 2009 Tomas Mraz <tmraz@redhat.com> - 0.11.9-1
|
||||
- new upstream version
|
||||
|
||||
* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 0.11.8-5
|
||||
- rebuilt with new openssl
|
||||
|
||||
* Mon Jul 27 2009 Tomas Mraz <tmraz@redhat.com> - 0.11.8-4
|
||||
- Depend on specific arch of pcsc-lite-libs (reported by Kalev Lember)
|
||||
|
||||
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.11.8-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
|
||||
|
||||
* Mon Jun 15 2009 Tomas Mraz <tmraz@redhat.com> - 0.11.8-2
|
||||
- Rebuilt with new openct
|
||||
|
||||
* Mon May 11 2009 Tomas Mraz <tmraz@redhat.com> - 0.11.8-1
|
||||
- new upstream version - fixes security issue
|
||||
|
||||
* Fri Feb 27 2009 Tomas Mraz <tmraz@redhat.com> - 0.11.7-1
|
||||
- new upstream version - fixes CVE-2009-0368
|
||||
|
||||
* Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.11.6-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
|
||||
|
||||
* Thu Jan 15 2009 Tomas Mraz <tmraz@redhat.com> - 0.11.6-2
|
||||
- Add explicit requires for pcsc-lite-libs. Dlopen libpcsclite with the full
|
||||
soname.
|
||||
|
||||
* Tue Sep 2 2008 Tomas Mraz <tmraz@redhat.com> - 0.11.6-1
|
||||
- Update to latest upstream, fixes CVE-2008-2235
|
||||
|
||||
* Thu Apr 10 2008 Hans de Goede <j.w.r.degoede@hhs.nl> - 0.11.4-5
|
||||
- BuildRequire libassuan-devel instead of libassuan-static (bz 441812)
|
||||
|
||||
* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 0.11.4-4
|
||||
- Autorebuild for GCC 4.3
|
||||
|
||||
* Wed Dec 05 2007 Release Engineering <rel-eng at fedoraproject dot org> - 0.11.4-3
|
||||
- Rebuild for deps
|
||||
|
||||
* Wed Dec 5 2007 Ville Skyttä <ville.skytta at iki.fi> - 0.11.4-2
|
||||
- Rebuild.
|
||||
|
||||
* Mon Sep 10 2007 Ville Skyttä <ville.skytta at iki.fi> - 0.11.4-1
|
||||
- 0.11.4.
|
||||
|
||||
* Mon Aug 20 2007 Ville Skyttä <ville.skytta at iki.fi> - 0.11.4-0.1.rc1
|
||||
- 0.11.4-rc1, pkcs11-tool usage message fix applied upstream.
|
||||
- License: LGPLv2+
|
||||
|
||||
* Thu Jul 26 2007 Ville Skyttä <ville.skytta at iki.fi> - 0.11.3-2
|
||||
- Fix pkcs11-tool usage message crash (#249702).
|
||||
|
||||
* Tue Jul 17 2007 Ville Skyttä <ville.skytta at iki.fi> - 0.11.3-1
|
||||
- 0.11.3.
|
||||
|
||||
* Sat Jun 30 2007 Ville Skyttä <ville.skytta at iki.fi> - 0.11.3-0.1.pre2
|
||||
- 0.11.3-pre2.
|
||||
|
||||
* Thu Jun 21 2007 Ville Skyttä <ville.skytta at iki.fi> - 0.11.3-0.1.pre1
|
||||
- 0.11.3-pre1.
|
||||
|
||||
* Sun May 6 2007 Ville Skyttä <ville.skytta at iki.fi> - 0.11.2-2
|
||||
- Add explicit build dependency on ncurses-devel.
|
||||
|
||||
* Sat May 5 2007 Ville Skyttä <ville.skytta at iki.fi> - 0.11.2-1
|
||||
- 0.11.2.
|
||||
|
||||
* Tue Apr 24 2007 Ville Skyttä <ville.skytta at iki.fi> - 0.11.2-0.3.rc2
|
||||
- 0.11.2-rc2.
|
||||
|
||||
* Fri Mar 23 2007 Ville Skyttä <ville.skytta at iki.fi> - 0.11.2-0.3.rc1
|
||||
- 0.11.2-rc1.
|
||||
|
||||
* Thu Mar 15 2007 Ville Skyttä <ville.skytta at iki.fi> - 0.11.2-0.2.pre6
|
||||
- 0.11.2-pre6.
|
||||
|
||||
* Tue Mar 6 2007 Ville Skyttä <ville.skytta at iki.fi> - 0.11.2-0.2.pre4
|
||||
- 0.11.2-pre4.
|
||||
- Require pinentry-gui instead of the pinentry executable in signer.
|
||||
|
||||
* Sun Dec 3 2006 Ville Skyttä <ville.skytta at iki.fi> - 0.11.2-0.1.pre3
|
||||
- 0.11.2-pre3.
|
||||
- Build with new libassuan.
|
||||
- Don't run autotools during build.
|
||||
- Adjust to readline/termcap/ncurses changes.
|
||||
|
||||
* Sat Oct 14 2006 Ville Skyttä <ville.skytta at iki.fi> - 0.11.1-6
|
||||
- Rebuild with new libassuan.
|
||||
|
||||
* Sun Oct 8 2006 Ville Skyttä <ville.skytta at iki.fi> - 0.11.1-5
|
||||
- Rebuild with new libassuan.
|
||||
|
||||
* Mon Oct 2 2006 Ville Skyttä <ville.skytta at iki.fi> - 0.11.1-4
|
||||
- Rebuild.
|
||||
|
||||
* Tue Sep 26 2006 Ville Skyttä <ville.skytta at iki.fi> - 0.11.1-3
|
||||
- Rebuild with new libassuan.
|
||||
|
||||
* Sat Sep 2 2006 Ville Skyttä <ville.skytta at iki.fi> - 0.11.1-2
|
||||
- Rebuild.
|
||||
|
||||
* Wed May 31 2006 Ville Skyttä <ville.skytta at iki.fi> - 0.11.1-1
|
||||
- 0.11.1.
|
||||
- Avoid some multilib conflicts.
|
||||
|
||||
* Sun May 7 2006 Ville Skyttä <ville.skytta at iki.fi> - 0.11.0-2
|
||||
- Sync example paths in openct.conf with ctapi-common.
|
||||
- Update URL.
|
||||
|
||||
* Thu May 4 2006 Ville Skyttä <ville.skytta at iki.fi> - 0.11.0-1
|
||||
- 0.11.0.
|
||||
|
||||
* Thu Apr 27 2006 Ville Skyttä <ville.skytta at iki.fi> - 0.11.0-0.1.rc2
|
||||
- 0.11.0-rc2.
|
||||
|
||||
* Sat Apr 22 2006 Ville Skyttä <ville.skytta at iki.fi> - 0.11.0-0.1.rc1
|
||||
- 0.11.0-rc1.
|
||||
|
||||
* Mon Mar 6 2006 Ville Skyttä <ville.skytta at iki.fi> - 0.10.1-3
|
||||
- Rebuild.
|
||||
|
||||
* Wed Feb 15 2006 Ville Skyttä <ville.skytta at iki.fi> - 0.10.1-2
|
||||
- Avoid standard rpaths on lib64 archs.
|
||||
|
||||
* Sun Jan 8 2006 Ville Skyttä <ville.skytta at iki.fi> - 0.10.1-1
|
||||
- 0.10.1.
|
||||
|
||||
* Wed Nov 9 2005 Ville Skyttä <ville.skytta at iki.fi> - 0.10.0-1
|
||||
- 0.10.0.
|
||||
- Adapt to modularized X.Org.
|
||||
|
||||
* Wed Oct 26 2005 Ville Skyttä <ville.skytta at iki.fi> - 0.10.0-0.1.rc2
|
||||
- 0.10.0-rc2.
|
||||
- Install signer plugin only to plugin dir.
|
||||
|
||||
* Sat Oct 22 2005 Ville Skyttä <ville.skytta at iki.fi> - 0.10.0-0.1.rc1
|
||||
- 0.10.0-rc1.
|
||||
|
||||
* Wed Oct 19 2005 Ville Skyttä <ville.skytta at iki.fi> - 0.10.0-0.1.beta2.rc1
|
||||
- 0.10.0-beta2-rc1.
|
||||
- Specfile cleanups.
|
||||
|
||||
* Tue Apr 26 2005 Ville Skyttä <ville.skytta at iki.fi> - 0.9.6-2
|
||||
- 0.9.6, build patch applied upstream.
|
||||
- Package summary and description improvements.
|
||||
- Drop explicit openct dependency.
|
||||
|
||||
* Fri Mar 18 2005 Ville Skyttä <ville.skytta at iki.fi> - 0.9.4-3
|
||||
- Fix FC4 build.
|
||||
- Rename opensc-pam to pam_opensc per package naming guidelines.
|
||||
|
||||
* Wed Feb 9 2005 Michael Schwendt <mschwendt[AT]users.sf.net> - 0.9.4-2
|
||||
- Substitute hardcoded 'lib' in OpenSSL checks for multi-lib platforms.
|
||||
- Use --with-plugin-dir instead of --with-plugin-path (fixes x86_64).
|
||||
|
||||
* Thu Feb 3 2005 Ville Skyttä <ville.skytta at iki.fi> - 0.9.4-1
|
||||
- Drop unnecessary Epochs, pre-FC1 compat cruft, and no longer relevant
|
||||
--with(out) rpmbuild options.
|
||||
- Exclude *.la.
|
||||
|
||||
* Wed Nov 3 2004 Ville Skyttä <ville.skytta at iki.fi> - 0:0.9.4-0.fdr.1
|
||||
- Update to 0.9.4, parallel build patch applied upstream.
|
||||
- Patch to fix library paths and LDFLAGS.
|
||||
- Don't require mozilla, but the plugin dir in signer.
|
||||
- Build with dependency tracking disabled.
|
||||
|
||||
* Tue Jul 27 2004 Ville Skyttä <ville.skytta at iki.fi> - 0:0.9.2-0.fdr.2
|
||||
- Building the signer plugin can be disabled with "--without signer".
|
||||
Thanks to Fritz Elfert for the idea.
|
||||
- Update description.
|
||||
|
||||
* Sun Jul 25 2004 Ville Skyttä <ville.skytta at iki.fi> - 0:0.9.2-0.fdr.1
|
||||
- Update to 0.9.2, old patches applied upstream.
|
||||
- Add patch to fix parallel builds.
|
||||
- Convert man pages to UTF-8.
|
||||
|
||||
* Thu Jul 22 2004 Ville Skyttä <ville.skytta at iki.fi> - 0:0.9.1-0.fdr.1
|
||||
- Update to 0.9.1 (preview).
|
||||
|
||||
* Thu Jul 1 2004 Ville Skyttä <ville.skytta at iki.fi> - 0:0.9.0-0.fdr.0.1.alpha
|
||||
- Update to 0.9.0-alpha.
|
||||
|
||||
* Sat May 1 2004 Ville Skyttä <ville.skytta at iki.fi> - 0:0.8.1-0.fdr.8
|
||||
- Rebuild with libassuan 0.6.5.
|
||||
|
||||
* Sat Jan 31 2004 Ville Skyttä <ville.skytta at iki.fi> - 0:0.8.1-0.fdr.7
|
||||
- Rebuild with libassuan 0.6.3.
|
||||
- Add gdm example to PAM quickstart.
|
||||
|
||||
* Mon Jan 19 2004 Ville Skyttä <ville.skytta at iki.fi> - 0:0.8.1-0.fdr.6
|
||||
- Use /%%{_lib} instead of hardcoding /lib.
|
||||
|
||||
* Sat Dec 20 2003 Ville Skyttä <ville.skytta at iki.fi> - 0:0.8.1-0.fdr.5
|
||||
- Split PAM support into a subpackage.
|
||||
- Rebuild with libassuan 0.6.2.
|
||||
|
||||
* Sun Nov 23 2003 Ville Skyttä <ville.skytta at iki.fi> - 0:0.8.1-0.fdr.4
|
||||
- Rebuild with libassuan 0.6.1.
|
||||
- Include PAM quickstart doc snippet.
|
||||
|
||||
* Fri Nov 14 2003 Ville Skyttä <ville.skytta at iki.fi> - 0:0.8.1-0.fdr.3
|
||||
- Require OpenCT.
|
||||
|
||||
* Fri Oct 17 2003 Ville Skyttä <ville.skytta at iki.fi> - 0:0.8.1-0.fdr.2
|
||||
- Install example config files as documentation.
|
||||
|
||||
* Tue Oct 14 2003 Ville Skyttä <ville.skytta at iki.fi> - 0:0.8.1-0.fdr.1
|
||||
- Update to 0.8.1.
|
||||
|
||||
* Wed Aug 27 2003 Ville Skyttä <ville.skytta at iki.fi> - 0:0.8.0-0.fdr.2
|
||||
- Signer can be built with oldssl too.
|
||||
|
||||
* Wed Aug 27 2003 Ville Skyttä <ville.skytta at iki.fi> - 0:0.8.0-0.fdr.1
|
||||
- Update to 0.8.0.
|
||||
|
||||
* Wed Jul 30 2003 Ville Skyttä <ville.skytta at iki.fi> - 0:0.8.0-0.fdr.0.2.cvs20030730
|
||||
- Update to 20030730.
|
||||
- Clean up %%docs.
|
||||
- Include *.la (uses ltdl).
|
||||
- Own the %%{_libdir}/pkcs11 directory.
|
||||
- Disable signer; assuan has disappeared from the tarball :(
|
||||
|
||||
* Fri May 23 2003 Ville Skyttä <ville.skytta at iki.fi> - 0:0.8.0-0.fdr.0.1.rc1
|
||||
- First build.
|
Loading…
Reference in New Issue
Block a user