summaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-support/opensc/opensc_0.22.0.bb
Commit message (Collapse)AuthorAgeFilesLines
* opensc: fix CVE-2024-45620Zhang Peng2025-01-221-0/+3
| | | | | | | | | | | | | | | | | | | CVE-2024-45620: A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-45620] Upstream patches: [https://github.com/OpenSC/OpenSC/commit/a1bcc6516f43d570899820d259b71c53f8049168] [https://github.com/OpenSC/OpenSC/commit/6baa19596598169d652659863470a60c5ed79ecd] [https://github.com/OpenSC/OpenSC/commit/468a314d76b26f724a551f2eb339dd17c856cf18] Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* opensc: fix CVE-2024-45619Zhang Peng2025-01-221-0/+6
| | | | | | | | | | | | | | | | | | | | | | CVE-2024-45619: A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-45619] Upstream patches: [https://github.com/OpenSC/OpenSC/commit/f01bfbd19b9c8243a40f7f17d554fe0eb9e89d0d] [https://github.com/OpenSC/OpenSC/commit/a1d8c01c1cabd115dda8c298941d1786fb4c5c2f] [https://github.com/OpenSC/OpenSC/commit/673065630bf4aaf03c370fc791ef6a6239431214] [https://github.com/OpenSC/OpenSC/commit/e20ca25204c9c5e36f53ae92ddf017cd17d07e31] [https://github.com/OpenSC/OpenSC/commit/2b6cd52775b5448f6a993922a30c7a38d9626134] [https://github.com/OpenSC/OpenSC/commit/dd554a2e1e31e6cb75c627c653652696d61e8de8] Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* opensc: fix CVE-2024-45618Zhang Peng2025-01-221-0/+2
| | | | | | | | | | | | | | | | | | CVE-2024-45618: A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-45618] Upstream patches: [https://github.com/OpenSC/OpenSC/commit/8632ec172beda894581d67eaa991e519a7874f7d] [https://github.com/OpenSC/OpenSC/commit/f9d68660f032ad4d7803431d5fc7577ea8792ac3] Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* opensc: fix CVE-2024-45617Zhang Peng2025-01-221-0/+3
| | | | | | | | | | | | | | | | | | | CVE-2024-45617: A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-45617] Upstream patches: [https://github.com/OpenSC/OpenSC/commit/fdb9e903eb124b6b18a5a9350a26eceb775585bc] [https://github.com/OpenSC/OpenSC/commit/fdb9e903eb124b6b18a5a9350a26eceb775585bc] [https://github.com/OpenSC/OpenSC/commit/efbc14ffa190e3e0ceecceb479024bb778b0ab68] Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* opensc: fix CVE-2024-45616Zhang Peng2025-01-221-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | CVE-2024-45616: A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were caused by insufficient control of the response APDU buffer and its length when communicating with the card. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-45616] Upstream patches: [https://github.com/OpenSC/OpenSC/commit/1d3b410e06d33cfc4c70e8a25386e456cfbd7bd1] [https://github.com/OpenSC/OpenSC/commit/265b28344d036a462f38002d957a0636fda57614] [https://github.com/OpenSC/OpenSC/commit/e7177c7ca00200afea820d155dca67f38b232967] [https://github.com/OpenSC/OpenSC/commit/ef7b10a18e6a4d4f03f0c47ea81aa8136f3eca60] [https://github.com/OpenSC/OpenSC/commit/76115e34799906a64202df952a8a9915d30bc89d] [https://github.com/OpenSC/OpenSC/commit/16ada9dc7cddf1cb99516aea67b6752c251c94a2] [https://github.com/OpenSC/OpenSC/commit/3562969c90a71b0bcce979f0e6d627546073a7fc] [https://github.com/OpenSC/OpenSC/commit/cccdfc46b10184d1eea62d07fe2b06240b7fafbc] [https://github.com/OpenSC/OpenSC/commit/5fa758767e517779fc5398b6b4faedc4e36d3de5] [https://github.com/OpenSC/OpenSC/commit/aa102cd9abe1b0eaf537d9dd926844a46060d8bc] Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* opensc: fix CVE-2024-45615Zhang Peng2025-01-221-0/+5
| | | | | | | | | | | | | | | | | | | | CVE-2024-45615: A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. The problem is missing initialization of variables expected to be initialized (as arguments to other functions, etc.). Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-45615] Upstream patches: [https://github.com/OpenSC/OpenSC/commit/5e4f26b510b04624386c54816bf26aacea0fe4a1] [https://github.com/OpenSC/OpenSC/commit/7d68a7f442e38e16625270a0fdc6942c9e9437e6] [https://github.com/OpenSC/OpenSC/commit/bb3dedb71e59bd17f96fd4e807250a5cf2253cb7] [https://github.com/OpenSC/OpenSC/commit/42d718dfccd2a10f6d26705b8c991815c855fa3b] [https://github.com/OpenSC/OpenSC/commit/bde991b0fe4f0250243b0e4960978b1043c13b03] Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* opensc: fix CVE-2024-8443Zhang Peng2025-01-221-0/+2
| | | | | | | | | | | | | | | | | | | | | CVE-2024-8443: The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘themehunk_megamenu_bg_image' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Please note that this was partially fixed in 1.1.0 due to the missing authorization protection that was added. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-8433] Upstream patches: [https://github.com/OpenSC/OpenSC/commit/02e847458369c08421fd2d5e9a16a5f272c2de9e] [https://github.com/OpenSC/OpenSC/commit/b28a3cef416fcfb92fbb9ea7fd3c71df52c6c9fc] Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* opensc: fix CVE-2024-1454Zhang Peng2025-01-221-0/+1
| | | | | | | | | | | | | | | | | | | CVE-2024-1454: The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or smart card to present the system with specially crafted responses to the APDUs, which are considered high complexity and low severity. This manipulation can allow for compromised card management operations during enrolment. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-1454] Upstream patches: [https://github.com/OpenSC/OpenSC/commit/5835f0d4f6c033bd58806d33fa546908d39825c9] Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* opensc: Fix LICENSE declarationNiko Mauno2024-09-221-1/+1
| | | | | | | | | | According to https://github.com/OpenSC/OpenSC/wiki#license OpenSC is licensed under LGPL-2.1 or later, which seems to be affirmed also by the comments in the source code files, as well as the COPYING file. Signed-off-by: Niko Mauno <niko.mauno@vaisala.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* opensc: Fix CVE-2023-40661virendra thakur2024-02-071-0/+7
| | | | | | | | | Add patch file to fix CVE Upstream-Status: Backport[https://salsa.debian.org/opensc-team/opensc/-/commit/8026fb4ca0ed53d970c6c497252eb264d4192d50] Signed-off-by: virendra thakur <virendrak@kpit.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* opensc: Fix CVE-2023-40660virendra thakur2024-02-071-0/+1
| | | | | | | | | Add patch file to fix CVE Upstream-Status: Backport [https://salsa.debian.org/opensc-team/opensc/-/commit/940e8bc764047c873f88bb1396933a5368d03533] Signed-off-by: virendra thakur <virendrak@kpit.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* opensc: ignore CVE-2021-34193Jose Quaresma2023-09-191-0/+5
| | | | | | | | | The CVE-2021-34193 is a duplicate CVE covering the 5 individual already fixed. https://github.com/OpenSC/OpenSC/pull/2855 Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* opensc: Fix CVE-2023-2977Soumya2023-07-021-0/+1
| | | | | | | | | | | | | A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags, where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is possible. Signed-off-by: Soumya <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* recipes: Update LICENSE variable to use SPDX license identifiersKhem Raj2022-03-041-1/+1
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* recipes: Update SRC_URI branch and protocolsRichard Purdie2021-11-031-1/+1
| | | | | | | | | This patch updates SRC_URIs using git to include branch=master if no branch is set and also to use protocol=https for github urls as generated by the conversion script in OE-Core. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* opensc: do not use -WerrorAlexander Kanavin2021-10-141-0/+1
| | | | | Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* opensc: upgrade 0.21.0 -> 0.22.0wangmy2021-08-231-0/+48
Use standard paths for file cache on Linux and OSX Various issues of memory/buffer handling in legacy drivers mostly reported by oss-fuzz and coverity (tcos, oberthur, isoapplet, iasecc, westcos, gpk, flex, dnie, mcrd, authentic, belpic) Add threading test to pkcs11-tool Add support to generate generic secret keys opensc-explorer: Print information about LCS (Life cycle status byte) Add support for Apple's arm64 (M1) binaries, removed TokenD. A seperate installer with TokenD (and without arm64 binaries) will be available. Support for gcc11 and its new strict aliasing rules Initial support for building with OpenSSL 3.0 pkcs15-tool: Write data objects in binary mode Avoid limited size of log messages Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-08-07 17:36:54 +0000