<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-openembedded.git/meta-oe/recipes-support/opensc, branch styhead-next</title>
<subtitle>Mirror of git.openembedded.org/meta-openembedded</subtitle>
<id>https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=styhead-next</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=styhead-next'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/'/>
<updated>2024-08-21T15:47:07+00:00</updated>
<entry>
<title>opensc: Cosmetic fixes</title>
<updated>2024-08-21T15:47:07+00:00</updated>
<author>
<name>Niko Mauno</name>
<email>niko.mauno@vaisala.com</email>
</author>
<published>2024-08-21T15:34:16+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=990955ba0941f207b5f4c9ead9f316c4afb5c6b9'/>
<id>urn:sha1:990955ba0941f207b5f4c9ead9f316c4afb5c6b9</id>
<content type='text'>
Apply some suggestions from oe-stylize.py and sort configure options
alphabetically, and remove stale version comment line which has not
been updated for some time.

Signed-off-by: Niko Mauno &lt;niko.mauno@vaisala.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>opensc: Fix LICENSE declaration</title>
<updated>2024-08-21T15:47:06+00:00</updated>
<author>
<name>Niko Mauno</name>
<email>niko.mauno@vaisala.com</email>
</author>
<published>2024-08-21T15:34:15+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=cef49b830fe765457072e956cf3a5916d60bf2ce'/>
<id>urn:sha1:cef49b830fe765457072e956cf3a5916d60bf2ce</id>
<content type='text'>
According to https://github.com/OpenSC/OpenSC/wiki#license OpenSC is
licensed under LGPL-2.1 or later, which seems to be affirmed also by
the comments in the source code files, as well as the COPYING file.

Signed-off-by: Niko Mauno &lt;niko.mauno@vaisala.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>opensc: Drop virtual/libiconv from DEPENDS</title>
<updated>2024-08-21T15:47:06+00:00</updated>
<author>
<name>Niko Mauno</name>
<email>niko.mauno@vaisala.com</email>
</author>
<published>2024-08-21T15:34:14+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=f70274aa2b1b7303a9cf7e66b05b0972d30002be'/>
<id>urn:sha1:f70274aa2b1b7303a9cf7e66b05b0972d30002be</id>
<content type='text'>
According to
https://github.com/OpenSC/OpenSC/blob/0.25.1/NEWS#L1124-L1125
since version 0.12.0 the iconv dependency has been removed.

Signed-off-by: Niko Mauno &lt;niko.mauno@vaisala.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>opensc: Add 'readline' PACKAGECONFIG option</title>
<updated>2024-08-21T15:47:06+00:00</updated>
<author>
<name>Niko Mauno</name>
<email>niko.mauno@vaisala.com</email>
</author>
<published>2024-08-21T15:34:13+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=c066a6ff83cf0170a3d8770024ad45ff1c1eaec9'/>
<id>urn:sha1:c066a6ff83cf0170a3d8770024ad45ff1c1eaec9</id>
<content type='text'>
This helps us to also get rid of associated RDEPENDS declaration which
implicitly pulled readline to rootfs, even configure resolved readline
as not enabled.

Signed-off-by: Niko Mauno &lt;niko.mauno@vaisala.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>opensc: Amend FILES:${PN} declaration</title>
<updated>2024-08-21T15:47:06+00:00</updated>
<author>
<name>Niko Mauno</name>
<email>niko.mauno@vaisala.com</email>
</author>
<published>2024-08-21T15:34:12+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=dac59629e9c44e075cce813c21bdde48516d4153'/>
<id>urn:sha1:dac59629e9c44e075cce813c21bdde48516d4153</id>
<content type='text'>
Commit da68f807bd718fb848acc792fd9326df719e0880 added the symlink .so
path to FILES:${PN}-dev to fix QA error, complement the operation by
removing identical line from FILES:${PN}

Signed-off-by: Niko Mauno &lt;niko.mauno@vaisala.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>opensc: upgrade 0.25.0 -&gt; 0.25.1</title>
<updated>2024-04-18T06:47:24+00:00</updated>
<author>
<name>Wang Mingyu</name>
<email>wangmy@fujitsu.com</email>
</author>
<published>2024-04-17T01:40:26+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=89af1300cfce9e720d122454e6b6f0b72502b5bd'/>
<id>urn:sha1:89af1300cfce9e720d122454e6b6f0b72502b5bd</id>
<content type='text'>
Changelog:
============
* Add missing file to dist tarball to build documentation
* Fix RSA decryption with PKCS#1 v1.5 padding
* Fix crash when app is not set

Signed-off-by: Wang Mingyu &lt;wangmy@fujitsu.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>opensc: upgrade 0.24.0 -&gt; 0.25.0</title>
<updated>2024-03-20T16:28:06+00:00</updated>
<author>
<name>Wang Mingyu</name>
<email>wangmy@fujitsu.com</email>
</author>
<published>2024-03-19T05:45:04+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=fc996b19289f69b16f34e84f45fc06ea13749759'/>
<id>urn:sha1:fc996b19289f69b16f34e84f45fc06ea13749759</id>
<content type='text'>
Changelog:
============
## Security
* [CVE-2023-5992]: Side-channel leaks while stripping encryption PKCS#1.5 padding in OpenSC
* [CVE-2024-1454]: Potential use-after-free in AuthentIC driver during card enrollment in pkcs15init

## General improvements
* Update OpenSSL 1.1.1 to 3.0 in MacOS build
* Remove support for old card drivers Akis, GPK, Incrypto34 and Westcos, disable Cyberflex driver
* Fix 64b to 32b conversions
* Improvements for the p11test
* Fix reader initialization without SCardControl
* Make RSA PKCS#1 v1.5 depadding constant-time
* Add option for disabling PKCS#1 v1.5 depadding (type 01 and 02) on the card
* Enable MSI signing via Signpath CI integration for Windows
* Fixed various issues reported by OSS-Fuzz and Coverity in drivers

Signed-off-by: Wang Mingyu &lt;wangmy@fujitsu.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>opensc: upgrade 0.23.0 -&gt; 0.24.0</title>
<updated>2024-01-09T03:54:38+00:00</updated>
<author>
<name>alperak</name>
<email>alperyasinak1@gmail.com</email>
</author>
<published>2024-01-06T07:33:30+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=da68f807bd718fb848acc792fd9326df719e0880'/>
<id>urn:sha1:da68f807bd718fb848acc792fd9326df719e0880</id>
<content type='text'>
* All patches dropped because fixed in the new version.

0001-pkcs11-tool-Fix-private-key-import.patch -&gt; https://github.com/OpenSC/OpenSC/blob/0.24.0/src/tools/pkcs11-tool.c#L3710
0002-pkcs11-tool-Log-more-information-on-OpenSSL-errors.patch -&gt; https://github.com/OpenSC/OpenSC/blob/0.24.0/src/tools/pkcs11-tool.c#L3686
CVE-2023-2977.patch -&gt; https://github.com/OpenSC/OpenSC/commit/81944d1529202bd28359bede57c0a15deb65ba8a

* Fix -&gt; ERROR: opensc-0.24.0-r0 do_package_qa: QA Issue: non -dev/-dbg/nativesdk- package opensc contains symlink .so '/usr/lib/onepin-opensc-pkcs11.so' [dev-so]

Changelog:

* CVE-2023-40660: Fix Potential PIN bypass (#2806, frankmorgner/OpenSCToken#50, #2807)
* CVE-2023-40661: Important dynamic analyzers reports
* CVE-2023-4535: Out-of-bounds read in MyEID driver handling encryption using symmetric keys (f1993dc4)
* Fix compatibility of EAC with OpenSSL 3.0 (#2674)
* Enable `use_file_cache` by default (#2501)
* Use custom libctx with OpenSSL &gt;= 3.0 (#2712, #2715)
* Fix record-based files (#2604)
* Fix several race conditions (#2735)
* Run tests under Valgrind (#2756)
* Test signing of data bigger than 512 bytes (#2789)
* Update to OpenPACE 1.1.3 (#2796)
* Implement logout for some of the card drivers (#2807)
* Fix wrong popup position of opensc-notify (#2901)
* Fixed various issues reported by OSS-Fuzz and Coverity regarding card drivers, PKCS#11 and PKCS#15 init
* Check card presence state in `C_GetSessionInfo` (#2740)
* Remove `onepin-opensc-pkcs11` module (#2681)
* Do not use colons in the token info label (#2760)
* Present profile objects in all slots with the CKA_TOKEN attribute to resolve issues with NSS (#2928, #2924)
* Use secure memory for PUK (#2906)
* Don't logout to preserve concurrent access from different processes (#2907)
* Add more examples to manual page (#2936)
* Present profile objects in all virtual slots (#2928)
* Provide CKA_TOKEN attribute for profile objects (#2924)
* Improve --slot parameter documentation (#2951)
* Honor cache offsets when writing file cache (#2858)
* Prevent needless amount of PIN prompts from pkcs15init layer (#2916)
* Propagate CKA_EXTRACTABLE and SC_PKCS15_PRKEY_ACCESS_SENSITIVE from and back to PKCS#11 (#2936)
* Fix for private keys that do not need a PIN (#2722)
* Unbreak decipher when the first null byte of PKCS#1.5 padding is missing (#2939)
* Fix RSA key import with OpenSSL 3.0 (#2656)
* Add support for attribute filtering when listing objects (#2687)
* Add support for `--private` flag when writing certificates (#2768)
* Add support for non-AEAD ciphers to the test mode (#2780)
* Show CKA_SIGN attribute for secret keys (#2862)
* Do not attempt to read CKA_ALWAYS_AUTHENTICATE on secret keys (#2864, #2913)
* Show Sign/VerifyRecover attributes (#2888)
* Add option to import generic keys (#2955)
* Generate 2k RSA keys by default (b53fc5cd)
* Disable autostart on Linux by default (#2680)
* Add support for IDPrime MD 830, 930 and 940 (#2666)
* Add support for SafeNet eToken 5110 token (#2812)
* Process index even without keyrefmap and use correct label for second PIN (#2878)
* Add support for Gemalto IDPrime 940C (#2941)
* Change of PIN requires verification of the PIN (#2759)
* Fix incorrect CMAC computation for subkeys (#2759, issue #2734)
* Use true random number for mutual authentication for SM (#2766)
* Add verification of data coming from the token in the secure messaging mode (#2772)
* Avoid success when using unsupported digest and fix data length for RAW ECDSA signatures (#2845)
* Fix select data command (#2753, issue #2752)
* Unbreak ed/curve25519 support (#2892)
* Add support for Slovenian eID card (eOI) (#2646)
* Add support for IDEMIA (Oberthur) tokens (#2483)
* Add support for Swissbit iShield FIDO2 Authenticator (#2671)
* Implement PIV secure messaging (#2053)
* Add support for Slovak eID cards (#2672)
* Support ECDSA with off-card hashing (#2642)
* Fix WRAP operation when using T0 (#2695)
* Identify changes on the card and enable `use_file_cache` (#2798)
* Workaround for unwrapping using 2K RSA key (#2921)
* Add support for `opensc-tool --serial` (#2675)
* Fix unwrapping of 4096 keys with handling reader limits (#2682)
* Indicate supported hashes and MGF1s (#2827)

Signed-off-by: alperak &lt;alperyasinak1@gmail.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>opensc: fix CVE-2023-2977</title>
<updated>2023-09-22T14:36:16+00:00</updated>
<author>
<name>Lee Chee Yang</name>
<email>chee.yang.lee@intel.com</email>
</author>
<published>2023-09-22T09:59:39+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=44b00373094f845e71575d9d6f5c54b038f3a21a'/>
<id>urn:sha1:44b00373094f845e71575d9d6f5c54b038f3a21a</id>
<content type='text'>
Signed-off-by: Lee Chee Yang &lt;chee.yang.lee@intel.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>opensc: fix private key import</title>
<updated>2023-02-02T18:25:33+00:00</updated>
<author>
<name>Jan Luebbe</name>
<email>jlu@pengutronix.de</email>
</author>
<published>2023-02-02T11:31:25+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=cc5082d5d1569b9088f97cc4eeadf6d5f7044eaa'/>
<id>urn:sha1:cc5082d5d1569b9088f97cc4eeadf6d5f7044eaa</id>
<content type='text'>
Importing private keys into a PKCS#11 token is broken with OpenSC 0.23.0
and OpenSSL 3. Fix it by backporting the corresponding upstream fixes.

Signed-off-by: Jan Luebbe &lt;jlu@pengutronix.de&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
</feed>
