Navigation:
Browse pkgsrc
(this page)
security opensc
CVSweb ] [ 
Homepage ] [ 
RSS ] [ 
Required by ] [ 
Add to tracker ] 2024-04-05 15:46:22 by Adam Ciarcinski | Files touched by this commit (2) |  |
Log message: opensc: updated to 0.25.1 OpenSC 0.25.1 General improvements Add missing file to dist tarball to build documentation minidriver Fix RSA decryption with PKCS#1 v1.5 padding Fix crash when app is not set |
| 2024-03-07 11:00:27 by Adam Ciarcinski | Files touched by this commit (3) | |
Log message: opensc: updated to 0.25.0 New in 0.25.0; 2024-03-06 Security CVE-2023-5992: Side-channel leaks while stripping encryption PKCS#1.5 padding in \ OpenSC CVE-2024-1454: Potential use-after-free in AuthentIC driver during card \ enrollment in pkcs15init General improvements Update OpenSSL 1.1.1 to 3.0 in MacOS build Remove support for old card drivers Akis, GPK, Incrypto34 and Westcos, disable \ Cyberflex driver Fix 64b to 32b conversions Improvements for the p11test Fix reader initialization without SCardControl Make RSA PKCS#1 v1.5 depadding constant-time Add option for disabling PKCS#1 v1.5 depadding (type 01 and 02) on the card Enable MSI signing via Signpath CI integration for Windows Fixed various issues reported by OSS-Fuzz and Coverity in drivers, PKCS#11 and \ PKCS#15 layer minidriver Fix wrong hash selection pkcs11-tool Simplify printing EC keys parameters Add option to import GENERIC key Add support for importing Ed25518/448 keys drust-tool Add tool for D-Trust cards IDPrime Support uncompressed certificates on IDPrime 940 Enhance IDPrime logging Add SafeNet 5110+ FIPS token support D-Trust Signature Cards Add support for RSA D-Trust Signature Card 4.1 and 4.4 EstEID Remove expired EstEID 3.* card support ePass2003 Allow SW implementation with more SHA2 hashes and ECDSA Fix EC key generation SmartCard-HSM Fix SELECT APDU command MyEID Update for PKCS#15 profile Rutoken Support for RSA 4096 key algorithm OpenPGP Fix decryption requiting Manage Security Environment for authentication key |
| 2024-02-01 15:19:15 by Adam Ciarcinski | Files touched by this commit (3) | |
Log message: opensc: updated to 0.24.0 New in 0.24.0; 2023-12-13 Security CVE-2023-40660: Fix Potential PIN bypass CVE-2023-40661: Important dynamic analyzers reports CVE-2023-4535: Out-of-bounds read in MyEID driver handling encryption using \ symmetric keys (f1993dc) General improvements Fix compatibility of EAC with OpenSSL 3.0 Enable use_file_cache by default Use custom libctx with OpenSSL >= 3.0 Fix record-based files Fix several race conditions Run tests under Valgrind Test signing of data bigger than 512 bytes Update to OpenPACE 1.1.3 Implement logout for some of the card drivers Fix wrong popup position of opensc-notify Fixed various issues reported by OSS-Fuzz and Coverity regarding card drivers, \ PKCS#11 and PKCS#15 init PKCS#11 Check card presence state in C_GetSessionInfo Remove onepin-opensc-pkcs11 module Do not use colons in the token info label Present profile objects in all slots with the CKA_TOKEN attribute to resolve \ issues with NSS Use secure memory for PUK Don't logout to preserve concurrent access from different processes Add more examples to manual page Present profile objects in all virtual slots Provide CKA_TOKEN attribute for profile objects Improve --slot parameter documentation PKCS#15 Honor cache offsets when writing file cache Prevent needless amount of PIN prompts from pkcs15init layer Propagate CKA_EXTRACTABLE and SC_PKCS15_PRKEY_ACCESS_SENSITIVE from and back to \ PKCS#11 Minidriver Fix for private keys that do not need a PIN Unbreak decipher when the first null byte of PKCS#1.5 padding is missing pkcs11-tool Fix RSA key import with OpenSSL 3.0 Add support for attribute filtering when listing objects Add support for --private flag when writing certificates Add support for non-AEAD ciphers to the test mode Show CKA_SIGN attribute for secret keys Do not attempt to read CKA_ALWAYS_AUTHENTICATE on secret keys Show Sign/VerifyRecover attributes Add option to import generic keys westcos-tool Generate 2k RSA keys by default (b53fc5c) pkcs11-register Disable autostart on Linux by default IDPrime Add support for IDPrime MD 830, 930 and 940 Add support for SafeNet eToken 5110 token Process index even without keyrefmap and use correct label for second PIN Add support for Gemalto IDPrime 940C EPass2003 Change of PIN requires verification of the PIN Fix incorrect CMAC computation for subkeys Use true random number for mutual authentication for SM Add verification of data coming from the token in the secure messaging mode Avoid success when using unsupported digest and fix data length for RAW ECDSA \ signatures OpenPGP Fix select data command Unbreak ed/curve25519 support eOI Add support for Slovenian eID card (eOI) Italian CNS Add support for IDEMIA (Oberthur) tokens PIV Add support for Swissbit iShield FIDO2 Authenticator Implement PIV secure messaging SkeID Add support for Slovak eID cards isoApplet Support ECDSA with off-card hashing MyEID Fix WRAP operation when using T0 Identify changes on the card and enable use_file_cache Workaround for unwrapping using 2K RSA key SC-HSM Add support for opensc-tool --serial Fix unwrapping of 4096 keys with handling reader limits Indicate supported hashes and MGF1s |
| 2023-11-08 14:21:43 by Thomas Klausner | Files touched by this commit (2377) |
Log message: *: recursive bump for icu 74.1 |
| 2023-10-25 00:11:51 by Thomas Klausner | Files touched by this commit (2298) |
Log message: *: bump for openssl 3 |
| 2023-08-14 18:08:32 by Emmanuel Dreyfus | Files touched by this commit (3) | |
Log message: Fix for security/opensc regression When security/opensc was updated to 0.23.0, it gained a --enable-notify configure flag. The feature adds a libopensc dependency on libglib, which in turns brings libpthread into the game. When using the opensc-pkcs11.so module with a non threaded program such as ssh(1), libopensc will load some thread-enabled glib function that attemps to initialize pthread stuff. That would require libpthread to be linked in, and if it is not the case, module load aborts. Here is the crash in action: Program received signal SIGABRT, Aborted. 0x000072403899c46a in _lwp_kill () from /lib/libc.so.12 (gdb) bt #0 0x000072403899c46a in _lwp_kill () from /lib/libc.so.12 #1 0x0000724038849223 in __libc_thr_create_stub () from /lib/libc.so.12 #2 0x0000724036a9c3ee in ?? () #3 0x0000000000000000 in ?? () This change turns the notify feature into a disabled by default option so that opensc-pkcs11.so can work agan with ssh(1). |
| 2023-06-06 14:42:56 by Taylor R Campbell | Files touched by this commit (1319) |
Log message: Mass-change BUILD_DEPENDS to TOOL_DEPENDS outside mk/. Almost all uses, if not all of them, are wrong, according to the semantics of BUILD_DEPENDS (packages built for target available for use _by_ tools at build-time) and TOOL_DEPEPNDS (packages built for host available for use _as_ tools at build-time). No change to BUILD_DEPENDS as used correctly inside buildlink3. As proposed on tech-pkg: https://mail-index.netbsd.org/tech-pkg/2023/06/03/msg027632.html |
| 2023-04-19 10:12:01 by Adam Ciarcinski | Files touched by this commit (2359) | |
Log message: revbump after textproc/icu update |
New packages: