summaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-support/opensc
Commit message (Collapse)AuthorAgeFilesLines
* opensc: fix CVE-2024-45620Zhang Peng2025-01-224-0/+129
| | | | | | | | | | | | | | | | | | | CVE-2024-45620: A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-45620] Upstream patches: [https://github.com/OpenSC/OpenSC/commit/a1bcc6516f43d570899820d259b71c53f8049168] [https://github.com/OpenSC/OpenSC/commit/6baa19596598169d652659863470a60c5ed79ecd] [https://github.com/OpenSC/OpenSC/commit/468a314d76b26f724a551f2eb339dd17c856cf18] Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* opensc: fix CVE-2024-45619Zhang Peng2025-01-227-0/+359
| | | | | | | | | | | | | | | | | | | | | | CVE-2024-45619: A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-45619] Upstream patches: [https://github.com/OpenSC/OpenSC/commit/f01bfbd19b9c8243a40f7f17d554fe0eb9e89d0d] [https://github.com/OpenSC/OpenSC/commit/a1d8c01c1cabd115dda8c298941d1786fb4c5c2f] [https://github.com/OpenSC/OpenSC/commit/673065630bf4aaf03c370fc791ef6a6239431214] [https://github.com/OpenSC/OpenSC/commit/e20ca25204c9c5e36f53ae92ddf017cd17d07e31] [https://github.com/OpenSC/OpenSC/commit/2b6cd52775b5448f6a993922a30c7a38d9626134] [https://github.com/OpenSC/OpenSC/commit/dd554a2e1e31e6cb75c627c653652696d61e8de8] Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* opensc: fix CVE-2024-45618Zhang Peng2025-01-223-0/+86
| | | | | | | | | | | | | | | | | | CVE-2024-45618: A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-45618] Upstream patches: [https://github.com/OpenSC/OpenSC/commit/8632ec172beda894581d67eaa991e519a7874f7d] [https://github.com/OpenSC/OpenSC/commit/f9d68660f032ad4d7803431d5fc7577ea8792ac3] Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* opensc: fix CVE-2024-45617Zhang Peng2025-01-224-0/+107
| | | | | | | | | | | | | | | | | | | CVE-2024-45617: A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-45617] Upstream patches: [https://github.com/OpenSC/OpenSC/commit/fdb9e903eb124b6b18a5a9350a26eceb775585bc] [https://github.com/OpenSC/OpenSC/commit/fdb9e903eb124b6b18a5a9350a26eceb775585bc] [https://github.com/OpenSC/OpenSC/commit/efbc14ffa190e3e0ceecceb479024bb778b0ab68] Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* opensc: fix CVE-2024-45616Zhang Peng2025-01-2211-0/+510
| | | | | | | | | | | | | | | | | | | | | | | | | | | CVE-2024-45616: A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were caused by insufficient control of the response APDU buffer and its length when communicating with the card. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-45616] Upstream patches: [https://github.com/OpenSC/OpenSC/commit/1d3b410e06d33cfc4c70e8a25386e456cfbd7bd1] [https://github.com/OpenSC/OpenSC/commit/265b28344d036a462f38002d957a0636fda57614] [https://github.com/OpenSC/OpenSC/commit/e7177c7ca00200afea820d155dca67f38b232967] [https://github.com/OpenSC/OpenSC/commit/ef7b10a18e6a4d4f03f0c47ea81aa8136f3eca60] [https://github.com/OpenSC/OpenSC/commit/76115e34799906a64202df952a8a9915d30bc89d] [https://github.com/OpenSC/OpenSC/commit/16ada9dc7cddf1cb99516aea67b6752c251c94a2] [https://github.com/OpenSC/OpenSC/commit/3562969c90a71b0bcce979f0e6d627546073a7fc] [https://github.com/OpenSC/OpenSC/commit/cccdfc46b10184d1eea62d07fe2b06240b7fafbc] [https://github.com/OpenSC/OpenSC/commit/5fa758767e517779fc5398b6b4faedc4e36d3de5] [https://github.com/OpenSC/OpenSC/commit/aa102cd9abe1b0eaf537d9dd926844a46060d8bc] Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* opensc: fix CVE-2024-45615Zhang Peng2025-01-226-0/+213
| | | | | | | | | | | | | | | | | | | | CVE-2024-45615: A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. The problem is missing initialization of variables expected to be initialized (as arguments to other functions, etc.). Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-45615] Upstream patches: [https://github.com/OpenSC/OpenSC/commit/5e4f26b510b04624386c54816bf26aacea0fe4a1] [https://github.com/OpenSC/OpenSC/commit/7d68a7f442e38e16625270a0fdc6942c9e9437e6] [https://github.com/OpenSC/OpenSC/commit/bb3dedb71e59bd17f96fd4e807250a5cf2253cb7] [https://github.com/OpenSC/OpenSC/commit/42d718dfccd2a10f6d26705b8c991815c855fa3b] [https://github.com/OpenSC/OpenSC/commit/bde991b0fe4f0250243b0e4960978b1043c13b03] Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* opensc: fix CVE-2024-8443Zhang Peng2025-01-223-0/+117
| | | | | | | | | | | | | | | | | | | | | CVE-2024-8443: The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘themehunk_megamenu_bg_image' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Please note that this was partially fixed in 1.1.0 due to the missing authorization protection that was added. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-8433] Upstream patches: [https://github.com/OpenSC/OpenSC/commit/02e847458369c08421fd2d5e9a16a5f272c2de9e] [https://github.com/OpenSC/OpenSC/commit/b28a3cef416fcfb92fbb9ea7fd3c71df52c6c9fc] Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* opensc: fix CVE-2024-1454Zhang Peng2025-01-222-0/+38
| | | | | | | | | | | | | | | | | | | CVE-2024-1454: The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or smart card to present the system with specially crafted responses to the APDUs, which are considered high complexity and low severity. This manipulation can allow for compromised card management operations during enrolment. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-1454] Upstream patches: [https://github.com/OpenSC/OpenSC/commit/5835f0d4f6c033bd58806d33fa546908d39825c9] Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* opensc: Fix LICENSE declarationNiko Mauno2024-09-221-1/+1
| | | | | | | | | | According to https://github.com/OpenSC/OpenSC/wiki#license OpenSC is licensed under LGPL-2.1 or later, which seems to be affirmed also by the comments in the source code files, as well as the COPYING file. Signed-off-by: Niko Mauno <niko.mauno@vaisala.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* opensc: Fix CVE-2023-40661virendra thakur2024-02-078-0/+245
| | | | | | | | | Add patch file to fix CVE Upstream-Status: Backport[https://salsa.debian.org/opensc-team/opensc/-/commit/8026fb4ca0ed53d970c6c497252eb264d4192d50] Signed-off-by: virendra thakur <virendrak@kpit.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* opensc: Fix CVE-2023-40660virendra thakur2024-02-072-0/+56
| | | | | | | | | Add patch file to fix CVE Upstream-Status: Backport [https://salsa.debian.org/opensc-team/opensc/-/commit/940e8bc764047c873f88bb1396933a5368d03533] Signed-off-by: virendra thakur <virendrak@kpit.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* opensc: ignore CVE-2021-34193Jose Quaresma2023-09-191-0/+5
| | | | | | | | | The CVE-2021-34193 is a duplicate CVE covering the 5 individual already fixed. https://github.com/OpenSC/OpenSC/pull/2855 Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* opensc: Fix CVE-2023-2977Soumya2023-07-022-0/+54
| | | | | | | | | | | | | A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags, where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is possible. Signed-off-by: Soumya <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* recipes: Update LICENSE variable to use SPDX license identifiersKhem Raj2022-03-041-1/+1
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* recipes: Update SRC_URI branch and protocolsRichard Purdie2021-11-031-1/+1
| | | | | | | | | This patch updates SRC_URIs using git to include branch=master if no branch is set and also to use protocol=https for github urls as generated by the conversion script in OE-Core. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* opensc: do not use -WerrorAlexander Kanavin2021-10-141-0/+1
| | | | | Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* opensc: upgrade 0.21.0 -> 0.22.0wangmy2021-08-231-1/+1
| | | | | | | | | | | | | | | | | | | Use standard paths for file cache on Linux and OSX Various issues of memory/buffer handling in legacy drivers mostly reported by oss-fuzz and coverity (tcos, oberthur, isoapplet, iasecc, westcos, gpk, flex, dnie, mcrd, authentic, belpic) Add threading test to pkcs11-tool Add support to generate generic secret keys opensc-explorer: Print information about LCS (Life cycle status byte) Add support for Apple's arm64 (M1) binaries, removed TokenD. A seperate installer with TokenD (and without arm64 binaries) will be available. Support for gcc11 and its new strict aliasing rules Initial support for building with OpenSSL 3.0 pkcs15-tool: Write data objects in binary mode Avoid limited size of log messages Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Convert to new override syntaxMartin Jansa2021-08-031-3/+3
| | | | | | | | | | This is the result of automated script (0.9.1) conversion: oe-core/scripts/contrib/convert-overrides.py . converting the metadata to use ":" as the override character instead of "_". Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* opensc: Fix the wrong version number.Zheng Ruoqin2021-01-121-0/+0
| | | | | | | The corresponding version number of commit 30180986a08cf71fe4af4b50251a8bb5b1ab95af is 0.21.0. Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* opensc: upgrade 0.20.0 -> 0.20.1Zang Ruochen2020-12-031-3/+3
| | | | | | | | | | -License-Update: The address is updated as follows You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* opensc: Upgrade to 0.20.0Khem Raj2020-01-173-106/+1
| | | | | | Drop all patches as they are already included in 0.20.0 release Signed-off-by: Khem Raj <raj.khem@gmail.com>
* opensc: Fix misaligned indentationKhem Raj2019-12-282-0/+70
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* opensc: fix RDEPENDS in pcsc PACKAGECONFIGLaurent Bonnans2019-12-051-1/+1
| | | | | | | | OpenSC depends on pcsc-lite's systemd service and pkcs11 library at runtime. Signed-off-by: Laurent Bonnans <laurent.bonnans@here.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* opensc: add support for native buildsJan Luebbe2019-11-221-0/+2
| | | | | | | | This is needed as a dependency when using SoftHSM from the PKCS#11 OpenSSL engine for code singing. Signed-off-by: Jan Luebbe <jlu@pengutronix.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* opensc: use pcsc-lite instead of openct by defaultJan Luebbe2019-11-221-3/+6
| | | | | | | | | | | | OpenCT upstream maintenance seems to have stopped and OpenSC upstream uses pcsc-lite by default in their configure script. Add PACKAGECONFIGs for each and select pcsc by default. As the openct package depends on pcsc-lite by itself, this avoids an unnecessary package in the default case. Signed-off-by: Jan Luebbe <jlu@pengutronix.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* opensc: Upgrade to 0.19.0Khem Raj2018-12-183-84/+42
| | | | | | | | | Switch fetcher to use github Add patch to build with gcc9 Remove upstreamed patch Inherit bash-completion Signed-off-by: Khem Raj <raj.khem@gmail.com>
* opensc: 0.18.0 version fix fetch errorArmin Kuster2018-11-161-1/+1
| | | | | | | | | | ERROR: opensc-0.18.0-r0 do_fetch: Fetcher failure for URL: 'http://ftp.debian.org/debian/pool/main/o/opensc/opensc_0.18.0.orig.tar.gz'. Unable to fetch URL from any source. This version is no longer hosted on the main debian URL so use the archive URL Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* opensc: Upgrade to 0.18.0Khem Raj2018-09-082-3/+79
| | | | | | | * Fixes build with OpenSSL 1.1.x * Fix build with gcc8 Signed-off-by: Khem Raj <raj.khem@gmail.com>
* opensc: update to version 0.16.0Derek Straka2016-08-221-3/+2
| | | | | Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* opensc: upgrade 0.14.0 -> 0.15.0Li xin2015-07-301-2/+2
| | | | | Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* opensc: add new recipeLi xin2015-02-121-0/+45
OpenSC provides a set of libraries and utilities to work with smart cards. Its main focus is on cards that support cryptographic operations, and facilitate their use in security applications such as authentication, mail encryption and digital signatures. Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-08-08 17:05:55 +0000