Log message:
opensc: updated to 0.26.1

0.26.1

General improvements

Align allocations of sc_mem_secure_alloc
Fix -O3 gcc optimization failure on amd64 and ppc64el

pkcs11-spy

Avoid crash while spying C_GetInterface()

TCOS

Fix reading certificate

Log message:
opensc: updated to 0.26.0

New in 0.26.0; 2024-11-13

Security
* CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init
* CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU \ 
response values in libopensc
* CVE-2024-45617: Uninitialized values after incorrect or missing checking \ 
return values of functions in libopensc
* CVE-2024-45618: Uninitialized values after incorrect or missing checking \ 
return values of functions in pkcs15init
* CVE-2024-45619: Incorrect handling length of buffers or files in libopensc
* CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init
* CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key

General improvements
* Fix reselection of DF after error in PKCS#15 layer
* Unify OpenSSL logging throughout code
* Extend the p11test to support kryoptic
* Fix for error in PCSC reconnection
* Fixed various issues reported by OSS-Fuzz and Coverity in drivers, PKCS#11 and \ 
PKCS#15 layer

PKCS#15
* Documentation for PKCS#15 profile files

minidriver
* Support PinCacheAlwaysPrompt usable for PIV cards

pkcs11-tool
* Show URI when listing token information
* Do not limit size of objects to 5000 bytes
* Add support for AES CMAC
* Add support for AES GCM encryption
* Add support for RSA OAEP encryption
* Add support for HKDF
* Implement better support for wrapping and unwrapping
* Add support for EdDSA sign and verify

pkcs15-crypt
* Fix PKCS#1 encoding function to correctly detect padding type

piv-tool
* Fix RSA key generation
* Avoid possible state change when matching unknown card

sc-hsm-tool
* Cleanse buffer with plaintext key share

pkcs11-register
* Fix pkcs11-register defaults on macOS and Windows

IDPrime
* Fix identification of IDPrime 840 cards
* Fix container mapping for IDPrime 940 cards
* Reorder ATRs for matching cards

OpenPGP
* Fix state tracking after erasing card

Belpic
* Disable Applet V1.8

MICARDO
* Deactivate driver

SmartCard-HSM
* Fix signing with secp521r1 signature

eOI
* Set model via `sc_card_ctl` function

Rutoken
* increase the minimum PIN size to support Rutoken ECP BIO

JPKI
* Adjust parameters for public key in PKCS#15 emulator

D-Trust
* Add support for ECDSA signatures and ECDH key agreement for D-Trust Signatures \ 
Cards 4.1/4.4

Log message:
*: recursive bump for icu 76 shlib major version bump

Log message:
*: revbump for icu downgrade

Log message:
*: recursive bump for icu 76.1 shlib bump

Log message:
revbump after icu and protobuf updates

Log message:
opensc: updated to 0.25.1

OpenSC 0.25.1

General improvements

Add missing file to dist tarball to build documentation

minidriver

Fix RSA decryption with PKCS#1 v1.5 padding
Fix crash when app is not set

Log message:
opensc: updated to 0.25.0

New in 0.25.0; 2024-03-06

Security

CVE-2023-5992: Side-channel leaks while stripping encryption PKCS#1.5 padding in \ 
OpenSC
CVE-2024-1454: Potential use-after-free in AuthentIC driver during card \ 
enrollment in pkcs15init

General improvements

Update OpenSSL 1.1.1 to 3.0 in MacOS build
Remove support for old card drivers Akis, GPK, Incrypto34 and Westcos, disable \ 
Cyberflex driver
Fix 64b to 32b conversions
Improvements for the p11test
Fix reader initialization without SCardControl
Make RSA PKCS#1 v1.5 depadding constant-time
Add option for disabling PKCS#1 v1.5 depadding (type 01 and 02) on the card
Enable MSI signing via Signpath CI integration for Windows
Fixed various issues reported by OSS-Fuzz and Coverity in drivers, PKCS#11 and \ 
PKCS#15 layer

minidriver

Fix wrong hash selection

pkcs11-tool

Simplify printing EC keys parameters
Add option to import GENERIC key
Add support for importing Ed25518/448 keys

drust-tool

Add tool for D-Trust cards

IDPrime

Support uncompressed certificates on IDPrime 940
Enhance IDPrime logging
Add SafeNet 5110+ FIPS token support

D-Trust Signature Cards

Add support for RSA D-Trust Signature Card 4.1 and 4.4

EstEID

Remove expired EstEID 3.* card support

ePass2003

Allow SW implementation with more SHA2 hashes and ECDSA
Fix EC key generation

SmartCard-HSM

Fix SELECT APDU command

MyEID

Update for PKCS#15 profile

Rutoken

Support for RSA 4096 key algorithm

OpenPGP

Fix decryption requiting Manage Security Environment for authentication key

Log message:
opensc: updated to 0.24.0

New in 0.24.0; 2023-12-13

Security

CVE-2023-40660: Fix Potential PIN bypass
CVE-2023-40661: Important dynamic analyzers reports
CVE-2023-4535: Out-of-bounds read in MyEID driver handling encryption using \ 
symmetric keys (f1993dc)
General improvements

Fix compatibility of EAC with OpenSSL 3.0
Enable use_file_cache by default
Use custom libctx with OpenSSL >= 3.0
Fix record-based files
Fix several race conditions
Run tests under Valgrind
Test signing of data bigger than 512 bytes
Update to OpenPACE 1.1.3
Implement logout for some of the card drivers
Fix wrong popup position of opensc-notify
Fixed various issues reported by OSS-Fuzz and Coverity regarding card drivers, \ 
PKCS#11 and PKCS#15 init
PKCS#11

Check card presence state in C_GetSessionInfo
Remove onepin-opensc-pkcs11 module
Do not use colons in the token info label
Present profile objects in all slots with the CKA_TOKEN attribute to resolve \ 
issues with NSS
Use secure memory for PUK
Don't logout to preserve concurrent access from different processes
Add more examples to manual page
Present profile objects in all virtual slots
Provide CKA_TOKEN attribute for profile objects
Improve --slot parameter documentation
PKCS#15

Honor cache offsets when writing file cache
Prevent needless amount of PIN prompts from pkcs15init layer
Propagate CKA_EXTRACTABLE and SC_PKCS15_PRKEY_ACCESS_SENSITIVE from and back to \ 
PKCS#11
Minidriver

Fix for private keys that do not need a PIN
Unbreak decipher when the first null byte of PKCS#1.5 padding is missing
pkcs11-tool

Fix RSA key import with OpenSSL 3.0
Add support for attribute filtering when listing objects
Add support for --private flag when writing certificates
Add support for non-AEAD ciphers to the test mode
Show CKA_SIGN attribute for secret keys
Do not attempt to read CKA_ALWAYS_AUTHENTICATE on secret keys
Show Sign/VerifyRecover attributes
Add option to import generic keys
westcos-tool

Generate 2k RSA keys by default (b53fc5c)
pkcs11-register

Disable autostart on Linux by default
IDPrime

Add support for IDPrime MD 830, 930 and 940
Add support for SafeNet eToken 5110 token
Process index even without keyrefmap and use correct label for second PIN
Add support for Gemalto IDPrime 940C
EPass2003

Change of PIN requires verification of the PIN
Fix incorrect CMAC computation for subkeys
Use true random number for mutual authentication for SM
Add verification of data coming from the token in the secure messaging mode
Avoid success when using unsupported digest and fix data length for RAW ECDSA \ 
signatures
OpenPGP

Fix select data command
Unbreak ed/curve25519 support
eOI

Add support for Slovenian eID card (eOI)
Italian CNS

Add support for IDEMIA (Oberthur) tokens
PIV

Add support for Swissbit iShield FIDO2 Authenticator
Implement PIV secure messaging
SkeID

Add support for Slovak eID cards
isoApplet

Support ECDSA with off-card hashing
MyEID

Fix WRAP operation when using T0
Identify changes on the card and enable use_file_cache
Workaround for unwrapping using 2K RSA key
SC-HSM

Add support for opensc-tool --serial
Fix unwrapping of 4096 keys with handling reader limits
Indicate supported hashes and MGF1s

Log message:
*: recursive bump for icu 74.1