Subject: CVS commit: pkgsrc/security/opensc
From: Adam Ciarcinski
Date: 2024-12-28 09:56:21
Message id: 20241228085621.98DFCFC1D@cvs.NetBSD.org
Log Message:
opensc: updated to 0.26.0

New in 0.26.0; 2024-11-13

Security
* CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init
* CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU \ 
response values in libopensc
* CVE-2024-45617: Uninitialized values after incorrect or missing checking \ 
return values of functions in libopensc
* CVE-2024-45618: Uninitialized values after incorrect or missing checking \ 
return values of functions in pkcs15init
* CVE-2024-45619: Incorrect handling length of buffers or files in libopensc
* CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init
* CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key

General improvements
* Fix reselection of DF after error in PKCS#15 layer
* Unify OpenSSL logging throughout code
* Extend the p11test to support kryoptic
* Fix for error in PCSC reconnection
* Fixed various issues reported by OSS-Fuzz and Coverity in drivers, PKCS#11 and \ 
PKCS#15 layer

PKCS#15
* Documentation for PKCS#15 profile files

minidriver
* Support PinCacheAlwaysPrompt usable for PIV cards

pkcs11-tool
* Show URI when listing token information
* Do not limit size of objects to 5000 bytes
* Add support for AES CMAC
* Add support for AES GCM encryption
* Add support for RSA OAEP encryption
* Add support for HKDF
* Implement better support for wrapping and unwrapping
* Add support for EdDSA sign and verify

pkcs15-crypt
* Fix PKCS#1 encoding function to correctly detect padding type

piv-tool
* Fix RSA key generation
* Avoid possible state change when matching unknown card

sc-hsm-tool
* Cleanse buffer with plaintext key share

pkcs11-register
* Fix pkcs11-register defaults on macOS and Windows

IDPrime
* Fix identification of IDPrime 840 cards
* Fix container mapping for IDPrime 940 cards
* Reorder ATRs for matching cards

OpenPGP
* Fix state tracking after erasing card

Belpic
* Disable Applet V1.8

MICARDO
* Deactivate driver

SmartCard-HSM
* Fix signing with secp521r1 signature

eOI
* Set model via `sc_card_ctl` function

Rutoken
* increase the minimum PIN size to support Rutoken ECP BIO

JPKI
* Adjust parameters for public key in PKCS#15 emulator

D-Trust
* Add support for ECDSA signatures and ECDH key agreement for D-Trust Signatures \ 
Cards 4.1/4.4
Files:
RevisionActionfile
1.51modifypkgsrc/security/opensc/Makefile
1.25modifypkgsrc/security/opensc/distinfo