CVS commit: pkgsrc

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc
From: "Emmanuel Dreyfus" <manu%netbsd.org@localhost>
Date: Thu, 16 Apr 2020 12:37:51 +0000

Module Name:    pkgsrc
Committed By:   manu
Date:           Thu Apr 16 12:37:51 UTC 2020

Modified Files:
        pkgsrc/doc: CHANGES-2020
        pkgsrc/security/opensc: Makefile PLIST distinfo
        pkgsrc/security/opensc/patches: patch-src_libopensc_log.c

Log Message:
Update OpenSC to 0.20.0

This is required to workround a crash in pam-p11 on NetBSD 9.0
Also fixes CVE-2019-6502 CVE-2019-15946 CVE-2019-15945 CVE-2019-19480
CVE-2019-19481 CVE-2019-19479

Change since last version in pkgsrc

## General Improvements
* fixed security problems
    * CVE-2019-6502 (#1586)
    * CVE-2019-15946 (a3fc769)
    * CVE-2019-15945 (412a614)
    * CVE-2019-19480 (6ce6152284c47ba9b1d4fe8ff9d2e6a3f5ee02c7)
    * CVE-2019-19481 (b75c002cfb1fd61cd20ec938ff4937d7b1a94278)
    * CVE-2019-19479 (c3f23b836e5a1766c36617fe1da30d22f7b63de2)
* Support RSA-PSS signature mechanisms using RSA-RAW (#1435)
* Added memory locking for secrets (#1491)
* added support for terminal colors (#1534)
* PC/SC driver: Fixed error handling in case of changing (#1537) or removing the card reader (#1615)
* macOS installer
    * Add installer option to deselect tokend (#1607)
    * Make OpenSCToken available on 10.12+ and the default on 10.15+ (2017626ed237dbdd4683a4b9410fc610618200c5)
* Configuration
    * rename `md_read_only` to `read_only` and use it for PKCS#11 and Minidriver (#1467)
    * allow global use of ignore_private_certificate (#1623)
* Build Environment
    * Bump openssl requirement to 0.9.8 (##1459)
    * Added support for fuzzing with AFL (#1580) and libFuzzer/OSS-Fuzz (#1697)
    * Added CI tests for simulating GIDS, OpenPGP, PIV, IsoApplet (#1568) and MyEID (#1677) and CAC (#1757)
    * Integrate clang-tidy with `make check` (#1673)
    * Added support for reproducible builds (#1839)
## PKCS#11
* Implement write protection (CKF_WRITE_PROTECTED) based on the card profile (#1467)
* Added C_WrapKey and C_UnwrapKey implementations (#1393)
* Handle CKA_ALWAYS_AUTHENTICATE when creating key objects. (#1539)
* Truncate long PKCS#11 labels with ... (#1629)
* Fixed recognition of a token when being unplugged and reinserted (#1875)
## Minidriver
* Register for CardOS5 cards (#1750)
* Add support for RSA-PSS (263b945)
## OpenSC tools
* Harmonize the use of option `-r`/`--reader` (#1548)
* `goid-tool`: GoID personalization with fingerprint
* `openpgp-tool`
    * replace the options `-L`/` --key-length` with `-t`/`--key-type` (#1508)
    * added options `-C`/`--card-info` and `-K`/`--key-info` (#1508)
* `opensc-explorer`
    * add command `pin_info` (#1487)
    * extend `random` to allow writing to a file (#1487)
* `opensc-minidriver-test.exe`: Tests for Microsoft CryptoAPI (#1510)
* `opensc-notify`: Autostart on Windows
* `pkcs11-register`:
    * Auto-configuration of applications for use of OpenSC PKCS#11 (#1644)
    * Autostart on Windows, macOS and Linux (#1644)
* `opensc-tool`: Show ATR also for cards not recognized by OpenSC (#1625)
* `pkcs11-spy`:
    * parse CKM_AES_GCM
    * Add support for CKA_OTP_* and CKM_*_PSS values
    * parse EC Derive parameters (#1677)
* `pkcs11-tool`
    * Support for signature verification via `--verify` (#1435)
    * Add object type `secrkey` for `--type` option (#1575)
    * Implement Secret Key write object (#1648)
    * Add GOSTR3410-2012 support (#1654)
    * Add support for testing CKM_RSA_PKCS_OAEP (#1600)
    * Add extractable option to key import (#1674)
    * list more key access flags when listing keys (#1653)
    * Add support for `CKA_ALLOWED_MECHANISMS` when creating new objects and listing keys (#1628)
* `pkcs15-crypt`: * Handle keys with user consent (#1529)
## CAC1
New separate CAC1 driver using the old CAC specification (#1502)
## CardOS
* Add support for 4K RSA keys in CardOS 5 (#1776)
* Fixed decryption with CardOS 5 (#1867)
## Coolkey
* Enable CoolKey driver to handle 2048-bit keys. (#1532)
## EstEID
* adds support for a minimalistic, small and fast card profile based on IAS-ECC issued since December 2018 (#1635)
## GIDS
* GIDS Decipher fix (#1881)
* Allow RSA 4K support (#1891)
## MICARDO
* Remove long expired EstEID 1.0/1.1 card support (#1470)
## MyEID
* Add support for unwrapping a secret key with an RSA key or secret key (#1393)
* Add support for wrapping a secret key with a secret key (#1393)
* Support for MyEID 4K RSA (#1657)
* Support for OsEID (#1677).
## Gemalto GemSafe
* add new PTeID ATRs (#1683)
* Add support for 4K RSA keys (#1863, #1872)
## OpenPGP
* OpenPGP Card v3 ECC support (#1506)
## Rutoken
* Add Rutoken ECP SC (#1652)
* Add Rutoken Lite (#1728)
## SC-HSM
* Add SmartCard-HSM 4K ATR (#1681)
* Add missing secp384r1 curve parameter (#1696)
## Starcos
* Fixed decipher with 2.3 (#1496)
* Added ATR for 2nd gen. eGK (#1668)
* Added new ATR for 3.5 (#1882)
* Detect and allow Globalplatform PIN encoding (#1882)
## TCOS
* Fix TCOS IDKey support (#1880)
* add encryption certificate for IDKey (#1892)
## Infocamere, Postecert, Cnipa
* Removed profiles (#1584)
## ACS ACOS5
* Remove incomplete acos5 driver (#1622).


To generate a diff of this commit:
cvs rdiff -u -r1.2314 -r1.2315 pkgsrc/doc/CHANGES-2020
cvs rdiff -u -r1.29 -r1.30 pkgsrc/security/opensc/Makefile
cvs rdiff -u -r1.10 -r1.11 pkgsrc/security/opensc/PLIST
cvs rdiff -u -r1.15 -r1.16 pkgsrc/security/opensc/distinfo
cvs rdiff -u -r1.4 -r1.5 \
    pkgsrc/security/opensc/patches/patch-src_libopensc_log.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/doc/CHANGES-2020
diff -u pkgsrc/doc/CHANGES-2020:1.2314 pkgsrc/doc/CHANGES-2020:1.2315
--- pkgsrc/doc/CHANGES-2020:1.2314      Thu Apr 16 11:57:25 2020
+++ pkgsrc/doc/CHANGES-2020     Thu Apr 16 12:37:50 2020
@@ -1,4 +1,4 @@
-$NetBSD: CHANGES-2020,v 1.2314 2020/04/16 11:57:25 tsutsui Exp $
+$NetBSD: CHANGES-2020,v 1.2315 2020/04/16 12:37:50 manu Exp $
 
 Changes to the packages collection and infrastructure in 2020:
 
@@ -3170,3 +3170,4 @@ Changes to the packages collection and i
        Updated devel/gnustep-base to 1.27.0 [manu 2020-04-16]
        Updated lang/openjdk11 to 1.11.0.7.10 [ryoon 2020-04-16]
        Updated multimedia/adobe-flash-player to 32.0.0.363 [tsutsui 2020-04-16]
+       Updated security/opensc to 0.20.0 [manu 2020-04-16]

Index: pkgsrc/security/opensc/Makefile
diff -u pkgsrc/security/opensc/Makefile:1.29 pkgsrc/security/opensc/Makefile:1.30
--- pkgsrc/security/opensc/Makefile:1.29        Sat Jan 25 10:45:11 2020
+++ pkgsrc/security/opensc/Makefile     Thu Apr 16 12:37:51 2020
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.29 2020/01/25 10:45:11 jperkin Exp $
+# $NetBSD: Makefile,v 1.30 2020/04/16 12:37:51 manu Exp $
 
-OPENSC_PKG_VERSION=    0.19.0
+OPENSC_PKG_VERSION=    0.20.0
 DISTNAME=              opensc-${OPENSC_PKG_VERSION}
-PKGREVISION=           1
+#PKGREVISION=          1
 CATEGORIES=            security
 MASTER_SITES=          ${MASTER_SITE_GITHUB:=opensc/}
 

Index: pkgsrc/security/opensc/PLIST
diff -u pkgsrc/security/opensc/PLIST:1.10 pkgsrc/security/opensc/PLIST:1.11
--- pkgsrc/security/opensc/PLIST:1.10   Sat Oct 13 10:54:04 2018
+++ pkgsrc/security/opensc/PLIST        Thu Apr 16 12:37:51 2020
@@ -1,10 +1,11 @@
-@comment $NetBSD: PLIST,v 1.10 2018/10/13 10:54:04 mlelstv Exp $
+@comment $NetBSD: PLIST,v 1.11 2020/04/16 12:37:51 manu Exp $
 bin/cardos-tool
 bin/cryptoflex-tool
 bin/dnie-tool
 bin/egk-tool
 bin/eidenv
 bin/gids-tool
+bin/goid-tool
 bin/iasecc-tool
 bin/netkey-tool
 bin/npa-tool
@@ -14,6 +15,7 @@ bin/opensc-explorer
 bin/opensc-notify
 bin/opensc-tool
 bin/piv-tool
+bin/pkcs11-register
 bin/pkcs11-tool
 bin/pkcs15-crypt
 bin/pkcs15-init
@@ -21,6 +23,7 @@ bin/pkcs15-tool
 bin/sc-hsm-tool
 bin/westcos-tool
 lib/libopensc.la
+etc/xdg/autostart/pkcs11-register.desktop
 lib/libsmm-local.la
 lib/onepin-opensc-pkcs11.la
 lib/opensc-pkcs11.la
@@ -82,6 +85,7 @@ share/opensc/openpgp.profile
 share/opensc/pkcs15.profile
 share/opensc/rutoken.profile
 share/opensc/rutoken_ecp.profile
+share/opensc/rutoken_lite.profile
 share/opensc/sc-hsm.profile
 share/opensc/setcos.profile
 share/opensc/starcos.profile

Index: pkgsrc/security/opensc/distinfo
diff -u pkgsrc/security/opensc/distinfo:1.15 pkgsrc/security/opensc/distinfo:1.16
--- pkgsrc/security/opensc/distinfo:1.15        Sat Oct 13 10:54:04 2018
+++ pkgsrc/security/opensc/distinfo     Thu Apr 16 12:37:51 2020
@@ -1,13 +1,11 @@
-$NetBSD: distinfo,v 1.15 2018/10/13 10:54:04 mlelstv Exp $
+$NetBSD: distinfo,v 1.16 2020/04/16 12:37:51 manu Exp $
 
-SHA1 (opensc-0.19.0.tar.gz) = 7e4e52c15407b5e1642418068ae52a38b01cdaec
-RMD160 (opensc-0.19.0.tar.gz) = d589dc2d4371958e7e35e282c0f970b29eb18fbb
-SHA512 (opensc-0.19.0.tar.gz) = a54161b72e6ecea9d61d8bdf0fe0dbd0f97dd8fff0ce6ce344442d9dd9218779851054f8a9049c95c4276e69d3ab96afd0906ebb3278739c8f8e32ad3dbf2d4b
-Size (opensc-0.19.0.tar.gz) = 1607290 bytes
+SHA1 (opensc-0.20.0.tar.gz) = a03dab062dd033c5662f11ee39e53b84106c2c0d
+RMD160 (opensc-0.20.0.tar.gz) = 71003565bee88d9fb20723ad6b5ad68c627eff3b
+SHA512 (opensc-0.20.0.tar.gz) = 1360ee35f579cbeecf368777bb60d6c23ec2a80a2983328ea2c193530cc9b101a807ff1e2982ad34bfcc2bae2c867feecf300b6229d15057e796bd31ecffb02d
+Size (opensc-0.20.0.tar.gz) = 1653931 bytes
 SHA1 (patch-aa) = 5ca9245c763a9f8a8aa273e7e76c75168c52d0cd
 SHA1 (patch-ab) = 5ea2a3e623df6bc2c814c37ce89fed491149f8b4
 SHA1 (patch-configure.ac) = 9031a51162d883b3e3118820d400e07ef99dbad9
 SHA1 (patch-doc_tools_Makefile.am) = 4535988c6fbe4b9f45838362f2f9604c91fecd53
-SHA1 (patch-src_common_compat__getopt.h) = a9c4fad2d1fd73f5b2c245a364cfd37d838f51eb
-SHA1 (patch-src_common_compat__getopt__main.c) = 96d51499ea6d48bd53a17e3849c44ae4e0c9b669
-SHA1 (patch-src_libopensc_log.c) = e272654963cf03a459369fa512a79b46daa30720
+SHA1 (patch-src_libopensc_log.c) = 00acff447b1890b05cd3bea10ece8d42e7b6cf26

Index: pkgsrc/security/opensc/patches/patch-src_libopensc_log.c
diff -u pkgsrc/security/opensc/patches/patch-src_libopensc_log.c:1.4 pkgsrc/security/opensc/patches/patch-src_libopensc_log.c:1.5
--- pkgsrc/security/opensc/patches/patch-src_libopensc_log.c:1.4        Sat Oct 13 10:54:05 2018
+++ pkgsrc/security/opensc/patches/patch-src_libopensc_log.c    Thu Apr 16 12:37:51 2020
@@ -1,19 +1,22 @@
-$NetBSD: patch-src_libopensc_log.c,v 1.4 2018/10/13 10:54:05 mlelstv Exp $
+$NetBSD: patch-src_libopensc_log.c,v 1.5 2020/04/16 12:37:51 manu Exp $
 
---- src/libopensc/log.c.orig   2018-09-13 11:47:21.000000000 +0000
-+++ src/libopensc/log.c
-@@ -93,7 +93,13 @@ static void sc_do_log_va(sc_context_t *c
-       gettimeofday (&tv, NULL);
-       tm = localtime (&tv.tv_sec);
-       strftime (time_string, sizeof(time_string), "%H:%M:%S", tm);
--      r = snprintf(p, left, "0x%lx %s.%03ld ", (unsigned long)pthread_self(), time_string, (long)tv.tv_usec / 1000);
-+      r = snprintf(p, left, "0x%lx %s.%03ld ",
+Build without pthread
+
+--- src/libopensc/log.c.orig   2019-12-29 12:42:06.000000000 +0000
++++ src/libopensc/log.c        2020-04-15 13:00:39.853594605 +0000
+@@ -112,9 +112,14 @@
+       sc_color_fprintf(SC_COLOR_FG_GREEN|SC_COLOR_BOLD,
+                       ctx, ctx->debug_file,
+                       "P:%lu; T:0x%lu",
+                       (unsigned long)getpid(),
+-                      (unsigned long)pthread_self());
 +#ifdef HAVE_PTHREAD
-+                   (unsigned long)pthread_self(),
++                      (unsigned long)pthread_self()
 +#else
-+                   (unsigned long) 0,
++                      0UL
 +#endif
-+                   time_string, (long) tv.tv_usec / 1000);
- #endif
-       p += r;
-       left -= r;
++      );
+       gettimeofday (&tv, NULL);
+       tm = localtime (&tv.tv_sec);
+       strftime (time_string, sizeof(time_string), "%H:%M:%S", tm);
+       sc_color_fprintf(SC_COLOR_FG_GREEN,

Prev by Date: CVS commit: pkgsrc/devel/p5-Sub-HandlesVia
Next by Date: CVS commit: pkgsrc
Previous by Thread: CVS commit: pkgsrc/devel/p5-Sub-HandlesVia
Next by Thread: CVS commit: pkgsrc
Indexes:

Home | Main Index | Thread Index | Old Index