2019-09-30 11:10:46 -04:00
|
|
|
|
%define opensc_module "OpenSC PKCS #11 Module"
|
|
|
|
|
|
%define nssdb %{_sysconfdir}/pki/nssdb
|
|
|
|
|
|
|
2019-12-25 16:00:09 +08:00
|
|
|
|
Name: opensc
|
2020-01-11 17:48:18 +08:00
|
|
|
|
Version: 0.20.0
|
2024-10-07 17:55:06 +08:00
|
|
|
|
Release: 15
|
2019-12-25 16:00:09 +08:00
|
|
|
|
License: LGPLv2.1+
|
|
|
|
|
|
Summary: Smart card library and applications
|
|
|
|
|
|
URL: https://github.com/OpenSC/OpenSC/wiki
|
|
|
|
|
|
Source0: https://github.com/OpenSC/OpenSC/releases/download/%{version}/%{name}-%{version}.tar.gz
|
|
|
|
|
|
|
2020-09-21 10:43:01 +08:00
|
|
|
|
Patch0: myeid-fixed-memory-leak.patch
|
2020-12-31 11:09:47 +08:00
|
|
|
|
Patch1: backport-CVE-2020-26570-Heap-buffer-overflow-WRITE.patch
|
2021-01-23 10:38:23 +08:00
|
|
|
|
Patch2: backport-CVE-2020-26571-fixed-invalid-read.patch
|
2021-02-03 14:58:31 +08:00
|
|
|
|
Patch3: backport-CVE-2020-26572-prevent-out-of-bounds-write.patch
|
2021-08-19 15:49:49 +08:00
|
|
|
|
Patch4: iasecc-Avoid-another-memory-leak.patch
|
|
|
|
|
|
Patch5: card-Correctly-free-pointers-durint-cache-invalidati.patch
|
|
|
|
|
|
Patch6: oberthur-Free-another-read-data-on-failure-paths.patch
|
|
|
|
|
|
Patch7: oberthur-Avoid-two-buffer-overflows.patch
|
|
|
|
|
|
Patch8: oberthur-Handle-more-memory-issues-during-initializa.patch
|
|
|
|
|
|
Patch9: oberthur-Fix-memory-leaks.patch
|
|
|
|
|
|
Patch10: oberthur-Avoid-memory-leaks.patch
|
|
|
|
|
|
Patch11: oberthur-fixed-Heap-buffer-overflow.patch
|
|
|
|
|
|
Patch12: oberthur-One-more-overlooked-buffer-overflow.patch
|
2022-05-09 20:20:32 +08:00
|
|
|
|
Patch13: oberthur-Handle-1B-OIDs.patch
|
|
|
|
|
|
Patch14: Fix-ACLs-support.patch
|
|
|
|
|
|
Patch15: backport-tcos-Reformat-insert_pin-for-readability.patch
|
|
|
|
|
|
Patch16: backport-CVE-2021-42780-tcos-Check-bounds-in-insert_pin.patch
|
|
|
|
|
|
Patch17: backport-simplify-PIV-IO.patch
|
|
|
|
|
|
Patch18: backport-tcos-Reformat-insert_key.patch
|
|
|
|
|
|
Patch19: backport-0001-CVE-2021-42782-tcos-prevent-out-of-bounds-read.patch
|
|
|
|
|
|
Patch20: backport-0002-CVE-2021-42782-coolkey-Initialize-potentially.patch
|
|
|
|
|
|
Patch21: backport-0003-CVE-2021-42782-cardos-Correctly-calculate-the-left.patch
|
|
|
|
|
|
Patch22: backport-0004-CVE-2021-42782-iasecc-Prevent-stack-buffer.patch
|
|
|
|
|
|
Patch23: backport-0005-CVE-2021-42782-PIV-Improved-parsing.patch
|
2023-09-18 17:14:11 +08:00
|
|
|
|
Patch24: backport-0006-CVE-2023-2977-correct_left_length_calculation_to_fix_buffer.patch
|
2023-10-23 15:44:49 +08:00
|
|
|
|
Patch25: 0003-opensc-CVE-2023-40660-1of2.patch
|
|
|
|
|
|
Patch26: 0004-opensc-CVE-2023-40660-2of2.patch
|
2023-11-08 17:54:33 +08:00
|
|
|
|
Patch27: 0007-opensc-CVE-2023-40661-1of12.patch
|
|
|
|
|
|
Patch28: 0008-opensc-CVE-2023-40661-2of12.patch
|
|
|
|
|
|
Patch29: 0009-opensc-CVE-2023-40661-3of12.patch
|
|
|
|
|
|
Patch30: 0010-opensc-CVE-2023-40661-4of12.patch
|
|
|
|
|
|
Patch31: 0011-opensc-CVE-2023-40661-5of12.patch
|
|
|
|
|
|
Patch32: 0012-opensc-CVE-2023-40661-6of12.patch
|
|
|
|
|
|
Patch33: 0013-opensc-CVE-2023-40661-7of12.patch
|
|
|
|
|
|
Patch34: 0014-opensc-CVE-2023-40661-8of12.patch
|
|
|
|
|
|
Patch35: 0015-opensc-CVE-2023-40661-9of12.patch
|
|
|
|
|
|
Patch36: 0016-opensc-CVE-2023-40661-10of12.patch
|
|
|
|
|
|
Patch37: 0017-opensc-CVE-2023-40661-11of12.patch
|
|
|
|
|
|
Patch38: 0018-opensc-CVE-2023-40661-12of12.patch
|
2024-07-01 15:38:10 +08:00
|
|
|
|
# https://github.com/OpenSC/OpenSC/pull/2948
|
|
|
|
|
|
# https://github.com/OpenSC/OpenSC/pull/3016
|
|
|
|
|
|
Patch39: backport-opensc-CVE-2023-5992.patch
|
2024-10-07 17:55:06 +08:00
|
|
|
|
Patch40: opensc-CVE-2024-45615.patch
|
|
|
|
|
|
Patch41: opensc-CVE-2024-45616.patch
|
|
|
|
|
|
Patch42: opensc-CVE-2024-45617.patch
|
|
|
|
|
|
Patch43: opensc-CVE-2024-45618.patch
|
|
|
|
|
|
Patch44: opensc-CVE-2024-45619.patch
|
|
|
|
|
|
Patch45: opensc-CVE-2024-45620.patch
|
|
|
|
|
|
Patch46: opensc-CVE-2024-8443.patch
|
2020-09-21 10:43:01 +08:00
|
|
|
|
|
2019-12-25 16:00:09 +08:00
|
|
|
|
BuildRequires: openssl-devel pcsc-lite-devel bash-completion docbook-style-xsl readline-devel
|
|
|
|
|
|
BuildRequires: desktop-file-utils /usr/bin/xsltproc autoconf automake libtool gcc
|
|
|
|
|
|
Requires: pcsc-lite
|
|
|
|
|
|
Obsoletes: coolkey <= 1.1.0-36
|
|
|
|
|
|
Obsoletes: mozilla-opensc-signer < 0.12.0
|
|
|
|
|
|
Obsoletes: opensc-devel < 0.12.0
|
2019-09-30 11:10:46 -04:00
|
|
|
|
|
|
|
|
|
|
%description
|
|
|
|
|
|
OpenSC provides a set of libraries and utilities to work with smart cards.
|
|
|
|
|
|
Its main focus is on cards that support cryptographic operations, and
|
|
|
|
|
|
facilitate their use in security applications such as authentication,
|
|
|
|
|
|
mail encryption and digital signatures. OpenSC implements the standard
|
|
|
|
|
|
APIs to smart cards, e.g. PKCS#11 API, Windows’ Smart Card Minidriver
|
|
|
|
|
|
and macOS Tokend.
|
|
|
|
|
|
|
2019-12-25 16:00:09 +08:00
|
|
|
|
%package_help
|
2019-09-30 11:10:46 -04:00
|
|
|
|
|
|
|
|
|
|
%prep
|
2019-12-25 16:00:09 +08:00
|
|
|
|
%autosetup -n %{name}-%{version} -p1
|
2019-09-30 11:10:46 -04:00
|
|
|
|
|
|
|
|
|
|
sed -i -e 's|/usr/local/towitoko/lib/|/usr/lib/ctapi/|' etc/opensc.conf.example.in
|
|
|
|
|
|
cp -p src/pkcs15init/README ./README.pkcs15init
|
|
|
|
|
|
cp -p src/scconf/README.scconf .
|
|
|
|
|
|
|
|
|
|
|
|
%build
|
|
|
|
|
|
autoreconf -fvi
|
|
|
|
|
|
sed -i -e 's/opensc.conf/opensc-%{_arch}.conf/g' src/libopensc/Makefile.in
|
|
|
|
|
|
sed -i -e 's|"/lib /usr/lib\b|"/%{_lib} %{_libdir}|' configure # lib64 rpaths
|
|
|
|
|
|
%configure --disable-static \
|
|
|
|
|
|
--disable-assert \
|
|
|
|
|
|
--disable-tests \
|
|
|
|
|
|
--enable-sm \
|
|
|
|
|
|
--enable-pcsc \
|
|
|
|
|
|
--with-pcsc-provider=libpcsclite.so.1
|
|
|
|
|
|
make %{?_smp_mflags} V=1
|
|
|
|
|
|
|
|
|
|
|
|
%install
|
|
|
|
|
|
make install DESTDIR=$RPM_BUILD_ROOT
|
|
|
|
|
|
rm -f $RPM_BUILD_ROOT%{_sysconfdir}/opensc.conf
|
|
|
|
|
|
install -Dpm 644 etc/opensc.conf $RPM_BUILD_ROOT%{_sysconfdir}/opensc-%{_arch}.conf
|
|
|
|
|
|
touch -r NEWS $RPM_BUILD_ROOT%{_sysconfdir}/opensc-%{_arch}.conf
|
|
|
|
|
|
find $RPM_BUILD_ROOT%{_libdir} -type f -name "*.la" | xargs rm
|
|
|
|
|
|
rm -rf %{buildroot}%{_mandir}/man1/npa-tool.1*
|
|
|
|
|
|
rm -f $RPM_BUILD_ROOT%{_libdir}/libsmm-local.so
|
|
|
|
|
|
rm -rf %{buildroot}%{_bindir}/npa-tool
|
|
|
|
|
|
rm -f $RPM_BUILD_ROOT%{_libdir}/libopensc.so
|
|
|
|
|
|
rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/opensc
|
|
|
|
|
|
|
|
|
|
|
|
desktop-file-validate %{buildroot}/%{_datadir}/applications/org.opensc.notify.desktop
|
|
|
|
|
|
|
2020-02-14 16:25:20 +08:00
|
|
|
|
%check
|
|
|
|
|
|
make check
|
|
|
|
|
|
|
2019-09-30 11:10:46 -04:00
|
|
|
|
%post
|
|
|
|
|
|
/sbin/ldconfig
|
|
|
|
|
|
|
|
|
|
|
|
%postun
|
|
|
|
|
|
/sbin/ldconfig
|
|
|
|
|
|
|
|
|
|
|
|
%files help
|
|
|
|
|
|
%{_mandir}/man1/cardos-tool.1*
|
|
|
|
|
|
%{_mandir}/man1/cryptoflex-tool.1*
|
|
|
|
|
|
%{_mandir}/man1/dnie-tool.1*
|
|
|
|
|
|
%{_mandir}/man1/egk-tool.1*
|
|
|
|
|
|
%{_mandir}/man1/eidenv.1*
|
|
|
|
|
|
%{_mandir}/man1/gids-tool.1*
|
|
|
|
|
|
%{_mandir}/man1/iasecc-tool.1*
|
|
|
|
|
|
%{_mandir}/man1/netkey-tool.1*
|
|
|
|
|
|
%{_mandir}/man1/openpgp-tool.1*
|
|
|
|
|
|
%{_mandir}/man1/opensc-explorer.*
|
|
|
|
|
|
%{_mandir}/man1/opensc-tool.1*
|
|
|
|
|
|
%{_mandir}/man1/opensc-asn1.1*
|
|
|
|
|
|
%{_mandir}/man1/opensc-notify.1*
|
|
|
|
|
|
%{_mandir}/man1/piv-tool.1*
|
|
|
|
|
|
%{_mandir}/man1/pkcs11-tool.1*
|
|
|
|
|
|
%{_mandir}/man1/pkcs15-crypt.1*
|
|
|
|
|
|
%{_mandir}/man1/pkcs15-init.1*
|
|
|
|
|
|
%{_mandir}/man1/pkcs15-tool.1*
|
|
|
|
|
|
%{_mandir}/man1/sc-hsm-tool.1*
|
|
|
|
|
|
%{_mandir}/man1/westcos-tool.1*
|
|
|
|
|
|
%{_mandir}/man5/*.5*
|
|
|
|
|
|
|
|
|
|
|
|
%files
|
|
|
|
|
|
%doc COPYING NEWS README*
|
|
|
|
|
|
%{_datadir}/bash-completion/*
|
|
|
|
|
|
%config(noreplace) %{_sysconfdir}/opensc-%{_arch}.conf
|
|
|
|
|
|
%{_bindir}/cardos-tool
|
|
|
|
|
|
%{_bindir}/cryptoflex-tool
|
|
|
|
|
|
%{_bindir}/dnie-tool
|
|
|
|
|
|
%{_bindir}/egk-tool
|
|
|
|
|
|
%{_bindir}/eidenv
|
|
|
|
|
|
%{_bindir}/iasecc-tool
|
|
|
|
|
|
%{_bindir}/gids-tool
|
2020-01-11 17:48:18 +08:00
|
|
|
|
%{_bindir}/goid-tool
|
2019-09-30 11:10:46 -04:00
|
|
|
|
%{_bindir}/netkey-tool
|
|
|
|
|
|
%{_bindir}/openpgp-tool
|
|
|
|
|
|
%{_bindir}/opensc-explorer
|
|
|
|
|
|
%{_bindir}/opensc-tool
|
|
|
|
|
|
%{_bindir}/opensc-asn1
|
|
|
|
|
|
%{_bindir}/opensc-notify
|
|
|
|
|
|
%{_bindir}/piv-tool
|
|
|
|
|
|
%{_bindir}/pkcs11-tool
|
2020-01-11 17:48:18 +08:00
|
|
|
|
%{_bindir}/pkcs11-register
|
2019-09-30 11:10:46 -04:00
|
|
|
|
%{_bindir}/pkcs15-crypt
|
|
|
|
|
|
%{_bindir}/pkcs15-init
|
|
|
|
|
|
%{_bindir}/pkcs15-tool
|
|
|
|
|
|
%{_bindir}/sc-hsm-tool
|
|
|
|
|
|
%{_bindir}/westcos-tool
|
|
|
|
|
|
%{_libdir}/lib*.so.*
|
|
|
|
|
|
%{_libdir}/opensc-pkcs11.so
|
|
|
|
|
|
%{_libdir}/onepin-opensc-pkcs11.so
|
|
|
|
|
|
%{_libdir}/pkcs11-spy.so
|
|
|
|
|
|
%{_libdir}/pkgconfig/*.pc
|
|
|
|
|
|
%{_libdir}/pkcs11/opensc-pkcs11.so
|
|
|
|
|
|
%{_libdir}/pkcs11/onepin-opensc-pkcs11.so
|
|
|
|
|
|
%{_libdir}/pkcs11/pkcs11-spy.so
|
2020-01-11 17:48:18 +08:00
|
|
|
|
%dir %{_libdir}/pkcs11
|
2019-09-30 11:10:46 -04:00
|
|
|
|
%{_datadir}/applications/org.opensc.notify.desktop
|
|
|
|
|
|
%{_datadir}/opensc/
|
2020-01-11 17:48:18 +08:00
|
|
|
|
%{_sysconfdir}/xdg/autostart/pkcs11-register.desktop
|
2019-09-30 11:10:46 -04:00
|
|
|
|
|
|
|
|
|
|
%changelog
|
2024-10-07 17:55:06 +08:00
|
|
|
|
* Mon Oct 07 2024 Funda Wang <fundawang@yeah.net> - 0.20.0-15
|
|
|
|
|
|
- fix CVE-2024-8443, CVE-2024-45615, CVE-2024-45616,
|
|
|
|
|
|
CVE-2024-45617, CVE-2024-45618, CVE-2024-45619, CVE-2024-45620
|
|
|
|
|
|
|
2024-07-01 15:38:10 +08:00
|
|
|
|
* Mon Jul 1 2024 dillon chen <dillon.chen@gmail.com> - 0.20.0-14
|
|
|
|
|
|
- fix CVE-2023-5992
|
|
|
|
|
|
|
2023-11-08 17:54:33 +08:00
|
|
|
|
* Wed Nov 8 2023 dillon chen <dillon.chen@gmail.com> - 0.20.0-13
|
|
|
|
|
|
- fix CVE-2023-40661
|
|
|
|
|
|
|
2023-10-23 15:44:49 +08:00
|
|
|
|
* Mon Oct 23 2023 dillon chen <dillon.chen@gmail.com> - 0.20.0-12
|
|
|
|
|
|
- fix CVE-2023-40660
|
|
|
|
|
|
|
2023-09-18 17:14:11 +08:00
|
|
|
|
* Mon Sep 18 2023 dillon chen <dillon.chen@gmail.com> - 0.20.0-11
|
|
|
|
|
|
- fix CVE-2023-2977
|
|
|
|
|
|
|
2022-05-09 20:20:32 +08:00
|
|
|
|
* Mon May 9 2022 Hugel <gengqihu1@h-partners.com> - 0.20.0-10
|
|
|
|
|
|
- fix CVE-2021-42782
|
|
|
|
|
|
|
2022-05-09 15:30:23 +08:00
|
|
|
|
* Mon May 9 2022 Hugel <gengqihu1@h-partners.com> - 0.20.0-9
|
|
|
|
|
|
- fix CVE-2021-42780
|
|
|
|
|
|
|
2021-08-24 15:17:44 +08:00
|
|
|
|
* Tue Aug 24 2021 wangjie <wangjie375@huawei.com> - 0.20.0-8
|
|
|
|
|
|
- fix oss-fuzz
|
|
|
|
|
|
|
2021-08-19 15:49:49 +08:00
|
|
|
|
* Thu Aug 19 2021 zoulin <zoulin13@huawei.com> - 0.20.0-7
|
|
|
|
|
|
- fix more oss-fuzz
|
|
|
|
|
|
|
|
|
|
|
|
* Wed Feb 3 2021 Hugel <gengqihu1@huawei.com> - 0.20.0-6
|
2021-02-03 14:58:31 +08:00
|
|
|
|
- fix CVE-2020-26572
|
|
|
|
|
|
|
2021-01-23 10:38:23 +08:00
|
|
|
|
* Sat Jan 23 2021 zoulin <zoulin13@huawei.com> - 0.20.0-5
|
|
|
|
|
|
- fix CVE-2020-26571
|
|
|
|
|
|
|
2020-12-31 11:09:47 +08:00
|
|
|
|
* Thu Dec 31 2020 yangzhuangzhuang <yangzhuangzhuang1@huawei.com> - 0.20.0-4
|
|
|
|
|
|
- fix CVE-2020-26570
|
|
|
|
|
|
|
2020-09-21 10:43:01 +08:00
|
|
|
|
* Mon Sep 21 2020 liquor <lirui130@huawei.com> - 0.20.0-3
|
|
|
|
|
|
- myeid: fixed memory leak
|
|
|
|
|
|
|
2020-02-14 16:25:20 +08:00
|
|
|
|
* Fri Feb 14 2020 openEuler Buildteam <buildteam@openeuler.org> - 0.20.0-2
|
|
|
|
|
|
- Make check after installation
|
|
|
|
|
|
|
2020-01-11 17:48:18 +08:00
|
|
|
|
* Sat Jan 11 2020 openEuler Buildteam <buildteam@openeuler.org> - 0.20.0-1
|
|
|
|
|
|
- Update to 0.20.0
|
|
|
|
|
|
|
2019-12-25 16:00:09 +08:00
|
|
|
|
* Mon Dec 16 2019 openEuler Buildteam <buildteam@openeuler.org> - 0.19.0-4
|
|
|
|
|
|
- Fix CVE-2019-6502
|
|
|
|
|
|
|
2019-09-30 11:10:46 -04:00
|
|
|
|
* Fri Sep 27 2019 openEuler Buildteam <buildteam@openeuler.org> - 0.19.0-3
|
|
|
|
|
|
- Adjust requires
|
|
|
|
|
|
|
|
|
|
|
|
* Fri Sep 27 2019 openEuler Buildteam <buildteam@openeuler.org> - 0.19.0-2
|
|
|
|
|
|
- Format patch
|
|
|
|
|
|
|
|
|
|
|
|
* Mon Aug 26 2019 openEuler Buildteam <buildteam@openeuler.org> - 0.19.0-1
|
|
|
|
|
|
- Package init
|
