linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

	Commit message (Collapse)	Author	Age	Files	Lines
*	opensc: upgrade 0.23.0 -> 0.24.0	alperak	2024-01-08	3	-141/+0
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	* All patches dropped because fixed in the new version. 0001-pkcs11-tool-Fix-private-key-import.patch -> https://github.com/OpenSC/OpenSC/blob/0.24.0/src/tools/pkcs11-tool.c#L3710 0002-pkcs11-tool-Log-more-information-on-OpenSSL-errors.patch -> https://github.com/OpenSC/OpenSC/blob/0.24.0/src/tools/pkcs11-tool.c#L3686 CVE-2023-2977.patch -> https://github.com/OpenSC/OpenSC/commit/81944d1529202bd28359bede57c0a15deb65ba8a * Fix -> ERROR: opensc-0.24.0-r0 do_package_qa: QA Issue: non -dev/-dbg/nativesdk- package opensc contains symlink .so '/usr/lib/onepin-opensc-pkcs11.so' [dev-so] Changelog: * CVE-2023-40660: Fix Potential PIN bypass (#2806, frankmorgner/OpenSCToken#50, #2807) * CVE-2023-40661: Important dynamic analyzers reports * CVE-2023-4535: Out-of-bounds read in MyEID driver handling encryption using symmetric keys (f1993dc4) * Fix compatibility of EAC with OpenSSL 3.0 (#2674) * Enable `use_file_cache` by default (#2501) * Use custom libctx with OpenSSL >= 3.0 (#2712, #2715) * Fix record-based files (#2604) * Fix several race conditions (#2735) * Run tests under Valgrind (#2756) * Test signing of data bigger than 512 bytes (#2789) * Update to OpenPACE 1.1.3 (#2796) * Implement logout for some of the card drivers (#2807) * Fix wrong popup position of opensc-notify (#2901) * Fixed various issues reported by OSS-Fuzz and Coverity regarding card drivers, PKCS#11 and PKCS#15 init * Check card presence state in `C_GetSessionInfo` (#2740) * Remove `onepin-opensc-pkcs11` module (#2681) * Do not use colons in the token info label (#2760) * Present profile objects in all slots with the CKA_TOKEN attribute to resolve issues with NSS (#2928, #2924) * Use secure memory for PUK (#2906) * Don't logout to preserve concurrent access from different processes (#2907) * Add more examples to manual page (#2936) * Present profile objects in all virtual slots (#2928) * Provide CKA_TOKEN attribute for profile objects (#2924) * Improve --slot parameter documentation (#2951) * Honor cache offsets when writing file cache (#2858) * Prevent needless amount of PIN prompts from pkcs15init layer (#2916) * Propagate CKA_EXTRACTABLE and SC_PKCS15_PRKEY_ACCESS_SENSITIVE from and back to PKCS#11 (#2936) * Fix for private keys that do not need a PIN (#2722) * Unbreak decipher when the first null byte of PKCS#1.5 padding is missing (#2939) * Fix RSA key import with OpenSSL 3.0 (#2656) * Add support for attribute filtering when listing objects (#2687) * Add support for `--private` flag when writing certificates (#2768) * Add support for non-AEAD ciphers to the test mode (#2780) * Show CKA_SIGN attribute for secret keys (#2862) * Do not attempt to read CKA_ALWAYS_AUTHENTICATE on secret keys (#2864, #2913) * Show Sign/VerifyRecover attributes (#2888) * Add option to import generic keys (#2955) * Generate 2k RSA keys by default (b53fc5cd) * Disable autostart on Linux by default (#2680) * Add support for IDPrime MD 830, 930 and 940 (#2666) * Add support for SafeNet eToken 5110 token (#2812) * Process index even without keyrefmap and use correct label for second PIN (#2878) * Add support for Gemalto IDPrime 940C (#2941) * Change of PIN requires verification of the PIN (#2759) * Fix incorrect CMAC computation for subkeys (#2759, issue #2734) * Use true random number for mutual authentication for SM (#2766) * Add verification of data coming from the token in the secure messaging mode (#2772) * Avoid success when using unsupported digest and fix data length for RAW ECDSA signatures (#2845) * Fix select data command (#2753, issue #2752) * Unbreak ed/curve25519 support (#2892) * Add support for Slovenian eID card (eOI) (#2646) * Add support for IDEMIA (Oberthur) tokens (#2483) * Add support for Swissbit iShield FIDO2 Authenticator (#2671) * Implement PIV secure messaging (#2053) * Add support for Slovak eID cards (#2672) * Support ECDSA with off-card hashing (#2642) * Fix WRAP operation when using T0 (#2695) * Identify changes on the card and enable `use_file_cache` (#2798) * Workaround for unwrapping using 2K RSA key (#2921) * Add support for `opensc-tool --serial` (#2675) * Fix unwrapping of 4096 keys with handling reader limits (#2682) * Indicate supported hashes and MGF1s (#2827) Signed-off-by: alperak <alperyasinak1@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
*	opensc: fix CVE-2023-2977	Lee Chee Yang	2023-09-22	1	-0/+54
\| \| \| \| \|	Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
*	opensc: fix private key import	Jan Luebbe	2023-02-02	2	-0/+87
	Importing private keys into a PKCS#11 token is broken with OpenSC 0.23.0 and OpenSSL 3. Fix it by backporting the corresponding upstream fixes. Signed-off-by: Jan Luebbe <jlu@pengutronix.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>