diff options
| author | manu <manu@pkgsrc.org> | 2020-04-16 12:37:50 +0000 |
|---|---|---|
| committer | manu <manu@pkgsrc.org> | 2020-04-16 12:37:50 +0000 |
| commit | 3dfb3f2334dbaa677ca177caada7e947e206dcde (patch) | |
| tree | 18b3be39d0be0c76ea98add1e8706d670c5b7b21 /security/opensc | |
| parent | a0956ba98d8823655081b5796fbfb7f8d06a3f98 (diff) | |
| download | pkgsrc-3dfb3f2334dbaa677ca177caada7e947e206dcde.tar.gz | |
Update OpenSC to 0.20.0
This is required to workround a crash in pam-p11 on NetBSD 9.0
Also fixes CVE-2019-6502 CVE-2019-15946 CVE-2019-15945 CVE-2019-19480
CVE-2019-19481 CVE-2019-19479
Change since last version in pkgsrc
## General Improvements
* fixed security problems
* CVE-2019-6502 (#1586)
* CVE-2019-15946 (a3fc769)
* CVE-2019-15945 (412a614)
* CVE-2019-19480 (6ce6152284c47ba9b1d4fe8ff9d2e6a3f5ee02c7)
* CVE-2019-19481 (b75c002cfb1fd61cd20ec938ff4937d7b1a94278)
* CVE-2019-19479 (c3f23b836e5a1766c36617fe1da30d22f7b63de2)
* Support RSA-PSS signature mechanisms using RSA-RAW (#1435)
* Added memory locking for secrets (#1491)
* added support for terminal colors (#1534)
* PC/SC driver: Fixed error handling in case of changing (#1537) or removing the card reader (#1615)
* macOS installer
* Add installer option to deselect tokend (#1607)
* Make OpenSCToken available on 10.12+ and the default on 10.15+ (2017626ed237dbdd4683a4b9410fc610618200c5)
* Configuration
* rename `md_read_only` to `read_only` and use it for PKCS#11 and Minidriver (#1467)
* allow global use of ignore_private_certificate (#1623)
* Build Environment
* Bump openssl requirement to 0.9.8 (##1459)
* Added support for fuzzing with AFL (#1580) and libFuzzer/OSS-Fuzz (#1697)
* Added CI tests for simulating GIDS, OpenPGP, PIV, IsoApplet (#1568) and MyEID (#1677) and CAC (#1757)
* Integrate clang-tidy with `make check` (#1673)
* Added support for reproducible builds (#1839)
## PKCS#11
* Implement write protection (CKF_WRITE_PROTECTED) based on the card profile (#1467)
* Added C_WrapKey and C_UnwrapKey implementations (#1393)
* Handle CKA_ALWAYS_AUTHENTICATE when creating key objects. (#1539)
* Truncate long PKCS#11 labels with ... (#1629)
* Fixed recognition of a token when being unplugged and reinserted (#1875)
## Minidriver
* Register for CardOS5 cards (#1750)
* Add support for RSA-PSS (263b945)
## OpenSC tools
* Harmonize the use of option `-r`/`--reader` (#1548)
* `goid-tool`: GoID personalization with fingerprint
* `openpgp-tool`
* replace the options `-L`/` --key-length` with `-t`/`--key-type` (#1508)
* added options `-C`/`--card-info` and `-K`/`--key-info` (#1508)
* `opensc-explorer`
* add command `pin_info` (#1487)
* extend `random` to allow writing to a file (#1487)
* `opensc-minidriver-test.exe`: Tests for Microsoft CryptoAPI (#1510)
* `opensc-notify`: Autostart on Windows
* `pkcs11-register`:
* Auto-configuration of applications for use of OpenSC PKCS#11 (#1644)
* Autostart on Windows, macOS and Linux (#1644)
* `opensc-tool`: Show ATR also for cards not recognized by OpenSC (#1625)
* `pkcs11-spy`:
* parse CKM_AES_GCM
* Add support for CKA_OTP_* and CKM_*_PSS values
* parse EC Derive parameters (#1677)
* `pkcs11-tool`
* Support for signature verification via `--verify` (#1435)
* Add object type `secrkey` for `--type` option (#1575)
* Implement Secret Key write object (#1648)
* Add GOSTR3410-2012 support (#1654)
* Add support for testing CKM_RSA_PKCS_OAEP (#1600)
* Add extractable option to key import (#1674)
* list more key access flags when listing keys (#1653)
* Add support for `CKA_ALLOWED_MECHANISMS` when creating new objects and listing keys (#1628)
* `pkcs15-crypt`: * Handle keys with user consent (#1529)
## CAC1
New separate CAC1 driver using the old CAC specification (#1502)
## CardOS
* Add support for 4K RSA keys in CardOS 5 (#1776)
* Fixed decryption with CardOS 5 (#1867)
## Coolkey
* Enable CoolKey driver to handle 2048-bit keys. (#1532)
## EstEID
* adds support for a minimalistic, small and fast card profile based on IAS-ECC issued since December 2018 (#1635)
## GIDS
* GIDS Decipher fix (#1881)
* Allow RSA 4K support (#1891)
## MICARDO
* Remove long expired EstEID 1.0/1.1 card support (#1470)
## MyEID
* Add support for unwrapping a secret key with an RSA key or secret key (#1393)
* Add support for wrapping a secret key with a secret key (#1393)
* Support for MyEID 4K RSA (#1657)
* Support for OsEID (#1677).
## Gemalto GemSafe
* add new PTeID ATRs (#1683)
* Add support for 4K RSA keys (#1863, #1872)
## OpenPGP
* OpenPGP Card v3 ECC support (#1506)
## Rutoken
* Add Rutoken ECP SC (#1652)
* Add Rutoken Lite (#1728)
## SC-HSM
* Add SmartCard-HSM 4K ATR (#1681)
* Add missing secp384r1 curve parameter (#1696)
## Starcos
* Fixed decipher with 2.3 (#1496)
* Added ATR for 2nd gen. eGK (#1668)
* Added new ATR for 3.5 (#1882)
* Detect and allow Globalplatform PIN encoding (#1882)
## TCOS
* Fix TCOS IDKey support (#1880)
* add encryption certificate for IDKey (#1892)
## Infocamere, Postecert, Cnipa
* Removed profiles (#1584)
## ACS ACOS5
* Remove incomplete acos5 driver (#1622).
Diffstat (limited to 'security/opensc')
| -rw-r--r-- | security/opensc/Makefile | 6 | ||||
| -rw-r--r-- | security/opensc/PLIST | 6 | ||||
| -rw-r--r-- | security/opensc/distinfo | 14 | ||||
| -rw-r--r-- | security/opensc/patches/patch-src_libopensc_log.c | 33 |
4 files changed, 32 insertions, 27 deletions
diff --git a/security/opensc/Makefile b/security/opensc/Makefile index 7a89433af54..79eb0cb33cf 100644 --- a/security/opensc/Makefile +++ b/security/opensc/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.29 2020/01/25 10:45:11 jperkin Exp $ +# $NetBSD: Makefile,v 1.30 2020/04/16 12:37:51 manu Exp $ -OPENSC_PKG_VERSION= 0.19.0 +OPENSC_PKG_VERSION= 0.20.0 DISTNAME= opensc-${OPENSC_PKG_VERSION} -PKGREVISION= 1 +#PKGREVISION= 1 CATEGORIES= security MASTER_SITES= ${MASTER_SITE_GITHUB:=opensc/} diff --git a/security/opensc/PLIST b/security/opensc/PLIST index 78162578350..282c69dbb33 100644 --- a/security/opensc/PLIST +++ b/security/opensc/PLIST @@ -1,10 +1,11 @@ -@comment $NetBSD: PLIST,v 1.10 2018/10/13 10:54:04 mlelstv Exp $ +@comment $NetBSD: PLIST,v 1.11 2020/04/16 12:37:51 manu Exp $ bin/cardos-tool bin/cryptoflex-tool bin/dnie-tool bin/egk-tool bin/eidenv bin/gids-tool +bin/goid-tool bin/iasecc-tool bin/netkey-tool bin/npa-tool @@ -14,6 +15,7 @@ bin/opensc-explorer bin/opensc-notify bin/opensc-tool bin/piv-tool +bin/pkcs11-register bin/pkcs11-tool bin/pkcs15-crypt bin/pkcs15-init @@ -21,6 +23,7 @@ bin/pkcs15-tool bin/sc-hsm-tool bin/westcos-tool lib/libopensc.la +etc/xdg/autostart/pkcs11-register.desktop lib/libsmm-local.la lib/onepin-opensc-pkcs11.la lib/opensc-pkcs11.la @@ -82,6 +85,7 @@ share/opensc/openpgp.profile share/opensc/pkcs15.profile share/opensc/rutoken.profile share/opensc/rutoken_ecp.profile +share/opensc/rutoken_lite.profile share/opensc/sc-hsm.profile share/opensc/setcos.profile share/opensc/starcos.profile diff --git a/security/opensc/distinfo b/security/opensc/distinfo index 2be3a7dea0c..e305f031229 100644 --- a/security/opensc/distinfo +++ b/security/opensc/distinfo @@ -1,13 +1,11 @@ -$NetBSD: distinfo,v 1.15 2018/10/13 10:54:04 mlelstv Exp $ +$NetBSD: distinfo,v 1.16 2020/04/16 12:37:51 manu Exp $ -SHA1 (opensc-0.19.0.tar.gz) = 7e4e52c15407b5e1642418068ae52a38b01cdaec -RMD160 (opensc-0.19.0.tar.gz) = d589dc2d4371958e7e35e282c0f970b29eb18fbb -SHA512 (opensc-0.19.0.tar.gz) = a54161b72e6ecea9d61d8bdf0fe0dbd0f97dd8fff0ce6ce344442d9dd9218779851054f8a9049c95c4276e69d3ab96afd0906ebb3278739c8f8e32ad3dbf2d4b -Size (opensc-0.19.0.tar.gz) = 1607290 bytes +SHA1 (opensc-0.20.0.tar.gz) = a03dab062dd033c5662f11ee39e53b84106c2c0d +RMD160 (opensc-0.20.0.tar.gz) = 71003565bee88d9fb20723ad6b5ad68c627eff3b +SHA512 (opensc-0.20.0.tar.gz) = 1360ee35f579cbeecf368777bb60d6c23ec2a80a2983328ea2c193530cc9b101a807ff1e2982ad34bfcc2bae2c867feecf300b6229d15057e796bd31ecffb02d +Size (opensc-0.20.0.tar.gz) = 1653931 bytes SHA1 (patch-aa) = 5ca9245c763a9f8a8aa273e7e76c75168c52d0cd SHA1 (patch-ab) = 5ea2a3e623df6bc2c814c37ce89fed491149f8b4 SHA1 (patch-configure.ac) = 9031a51162d883b3e3118820d400e07ef99dbad9 SHA1 (patch-doc_tools_Makefile.am) = 4535988c6fbe4b9f45838362f2f9604c91fecd53 -SHA1 (patch-src_common_compat__getopt.h) = a9c4fad2d1fd73f5b2c245a364cfd37d838f51eb -SHA1 (patch-src_common_compat__getopt__main.c) = 96d51499ea6d48bd53a17e3849c44ae4e0c9b669 -SHA1 (patch-src_libopensc_log.c) = e272654963cf03a459369fa512a79b46daa30720 +SHA1 (patch-src_libopensc_log.c) = 00acff447b1890b05cd3bea10ece8d42e7b6cf26 diff --git a/security/opensc/patches/patch-src_libopensc_log.c b/security/opensc/patches/patch-src_libopensc_log.c index 4d591664607..2ae04d5c9bc 100644 --- a/security/opensc/patches/patch-src_libopensc_log.c +++ b/security/opensc/patches/patch-src_libopensc_log.c @@ -1,19 +1,22 @@ -$NetBSD: patch-src_libopensc_log.c,v 1.4 2018/10/13 10:54:05 mlelstv Exp $ +$NetBSD: patch-src_libopensc_log.c,v 1.5 2020/04/16 12:37:51 manu Exp $ ---- src/libopensc/log.c.orig 2018-09-13 11:47:21.000000000 +0000 -+++ src/libopensc/log.c -@@ -93,7 +93,13 @@ static void sc_do_log_va(sc_context_t *c - gettimeofday (&tv, NULL); - tm = localtime (&tv.tv_sec); - strftime (time_string, sizeof(time_string), "%H:%M:%S", tm); -- r = snprintf(p, left, "0x%lx %s.%03ld ", (unsigned long)pthread_self(), time_string, (long)tv.tv_usec / 1000); -+ r = snprintf(p, left, "0x%lx %s.%03ld ", +Build without pthread + +--- src/libopensc/log.c.orig 2019-12-29 12:42:06.000000000 +0000 ++++ src/libopensc/log.c 2020-04-15 13:00:39.853594605 +0000 +@@ -112,9 +112,14 @@ + sc_color_fprintf(SC_COLOR_FG_GREEN|SC_COLOR_BOLD, + ctx, ctx->debug_file, + "P:%lu; T:0x%lu", + (unsigned long)getpid(), +- (unsigned long)pthread_self()); +#ifdef HAVE_PTHREAD -+ (unsigned long)pthread_self(), ++ (unsigned long)pthread_self() +#else -+ (unsigned long) 0, ++ 0UL +#endif -+ time_string, (long) tv.tv_usec / 1000); - #endif - p += r; - left -= r; ++ ); + gettimeofday (&tv, NULL); + tm = localtime (&tv.tv_sec); + strftime (time_string, sizeof(time_string), "%H:%M:%S", tm); + sc_color_fprintf(SC_COLOR_FG_GREEN, |