security/opensc: update to 0.24.0

Mon, 18 Dec 2023 14:19:30 -0800 

https://github.com/OpenSC/OpenSC/releases/tag/0.24.0

Security
    CVE-2023-40660: Fix Potential PIN bypass (#2806, 
frankmorgner/OpenSCToken#50, #2807)
    CVE-2023-40661: Important dynamic analyzers reports
    CVE-2023-4535: Out-of-bounds read in MyEID driver handling encryption using 
symmetric keys (f1993dc)

General improvements
    Fix compatibility of EAC with OpenSSL 3.0 (#2674)
    Enable use_file_cache by default (#2501)
    Use custom libctx with OpenSSL >= 3.0 (#2712, #2715)
    Fix record-based files (#2604)
    Fix several race conditions (#2735)
    Run tests under Valgrind (#2756)
    Test signing of data bigger than 512 bytes (#2789)
    Update to OpenPACE 1.1.3 (#2796)
    Implement logout for some of the card drivers (#2807)
    Fix wrong popup position of opensc-notify (#2901)
    Fixed various issues reported by OSS-Fuzz and Coverity regarding card 
drivers, PKCS#11 and PKCS#15 init


Upstream also dropped the onepin module.
Regular .so loaded in iridium and handled via qdigidoc4 keeps working.

I bumped automake to 1.16 since comments in the tarball already mention
that version, i.e. no reason to stick to older 1.15.

Feedback? OK?

Index: Makefile
===================================================================
RCS file: /cvs/ports/security/opensc/Makefile,v
diff -u -p -r1.67 Makefile
--- Makefile    27 Sep 2023 16:34:34 -0000      1.67
+++ Makefile    18 Dec 2023 21:50:14 -0000
@@ -1,10 +1,9 @@
 COMMENT=       set of libraries and utilities to access smart cards
 
-V=             0.23.0
+V=             0.24.0
 DISTNAME=      opensc-${V}
-REVISION=      0
 
-SHARED_LIBS += opensc 8.0      # 9.0
+SHARED_LIBS += opensc 8.1      # 10.1
 SHARED_LIBS += smm-local 3.1
 
 CATEGORIES=    security
@@ -14,7 +13,8 @@ HOMEPAGE=     https://github.com/OpenSC/Open
 # LGPLv2.1+
 PERMIT_PACKAGE=        Yes
 
-WANTLIB=       c crypto curses gio-2.0 gobject-2.0 iconv pthread readline z
+WANTLIB += c crypto curses gio-2.0 gobject-2.0 iconv intl pthread
+WANTLIB += readline z
 
 SITES=         https://github.com/OpenSC/OpenSC/releases/download/${V}/
 
@@ -48,7 +48,7 @@ FAKE_FLAGS=   mandir="${PREFIX}/man/" \
                sysconfdir="${PREFIX}/share/examples/opensc/"
 
 AUTOCONF_VERSION = 2.69
-AUTOMAKE_VERSION = 1.15
+AUTOMAKE_VERSION = 1.16
 
 # Allow building with base-gcc
 CFLAGS +=      -Wno-error
Index: distinfo
===================================================================
RCS file: /cvs/ports/security/opensc/distinfo,v
diff -u -p -r1.18 distinfo
--- distinfo    28 Jun 2023 22:21:26 -0000      1.18
+++ distinfo    18 Dec 2023 20:51:52 -0000
@@ -1,2 +1,2 @@
-SHA256 (opensc-0.23.0.tar.gz) = pIRKbqA6Ui7PNeSWWXFtrLa+A/fAEKGlg6rz65Fe0uA=
-SIZE (opensc-0.23.0.tar.gz) = 2366469
+SHA256 (opensc-0.24.0.tar.gz) = JNA8aShykdoyowxMOKMErYJ/VsuF2DYZ4fVAOrZIDvg=
+SIZE (opensc-0.24.0.tar.gz) = 2440952
Index: patches/patch-configure_ac
===================================================================
RCS file: /cvs/ports/security/opensc/patches/patch-configure_ac,v
diff -u -p -r1.15 patch-configure_ac
--- patches/patch-configure_ac  28 Jun 2023 22:21:26 -0000      1.15
+++ patches/patch-configure_ac  18 Dec 2023 20:56:43 -0000
@@ -1,7 +1,7 @@
 Index: configure.ac
 --- configure.ac.orig
 +++ configure.ac
-@@ -427,7 +427,7 @@ AC_FUNC_STAT
+@@ -444,7 +444,7 @@ AC_FUNC_STAT
  AC_FUNC_VPRINTF
  AC_CHECK_FUNCS([ \
        getpass gettimeofday getline memset mkdir \
Index: patches/patch-src_libopensc_card-iasecc_c
===================================================================
RCS file: patches/patch-src_libopensc_card-iasecc_c
diff -N patches/patch-src_libopensc_card-iasecc_c
--- patches/patch-src_libopensc_card-iasecc_c   1 Jul 2023 10:26:43 -0000       
1.2
+++ /dev/null   1 Jan 1970 00:00:00 -0000
@@ -1,18 +0,0 @@
-merged da01e5fab9be9865db1aac203e574e0edbfd6584
-"fixed compatibility with LibreSSL >= 3.5.0"
-fixes https://github.com/OpenSC/OpenSC/issues/2664
-
-Index: src/libopensc/card-iasecc.c
---- src/libopensc/card-iasecc.c.orig
-+++ src/libopensc/card-iasecc.c
-@@ -45,10 +45,6 @@
-  * LibreSSL
-  */
- 
--#if defined(LIBRESSL_VERSION_NUMBER)
--# define  EVP_MD_CTX_md_data(x)  (x->md_data)
--#endif
--
- #include "internal.h"
- #include "asn1.h"
- #include "cardctl.h"
Index: patches/patch-src_libopensc_sc-ossl-compat_h
===================================================================
RCS file: patches/patch-src_libopensc_sc-ossl-compat_h
diff -N patches/patch-src_libopensc_sc-ossl-compat_h
--- patches/patch-src_libopensc_sc-ossl-compat_h        14 Aug 2023 07:50:02 
-0000      1.9
+++ /dev/null   1 Jan 1970 00:00:00 -0000
@@ -1,18 +0,0 @@
-merged "LibreSSL fixes" https://github.com/OpenSC/OpenSC/pull/2816
-
-Index: src/libopensc/sc-ossl-compat.h
---- src/libopensc/sc-ossl-compat.h.orig
-+++ src/libopensc/sc-ossl-compat.h
-@@ -49,12 +49,6 @@ extern "C" {
- #if LIBRESSL_VERSION_NUMBER < 0x30500000L
- #define FIPS_mode()                             (0)
- #endif
--#define EVP_sha3_224()                          (NULL)
--#define EVP_sha3_256()                          (NULL)
--#define EVP_sha3_384()                          (NULL)
--#define EVP_sha3_512()                          (NULL)
--#define EVP_PKEY_new_raw_public_key(t, e, p, l) (NULL)
--#define EVP_PKEY_get_raw_public_key(p, pu, l)   (0)
- #endif
- 
- /* OpenSSL 1.1.1 has FIPS_mode function */
Index: patches/patch-src_pkcs11_Makefile_am
===================================================================
RCS file: /cvs/ports/security/opensc/patches/patch-src_pkcs11_Makefile_am,v
diff -u -p -r1.7 patch-src_pkcs11_Makefile_am
--- patches/patch-src_pkcs11_Makefile_am        28 Jun 2023 22:21:26 -0000      
1.7
+++ patches/patch-src_pkcs11_Makefile_am        18 Dec 2023 20:56:43 -0000
@@ -10,7 +10,7 @@ Index: src/pkcs11/Makefile.am
 +override libdir = $(prefix)/lib/pkcs11
 +
  MAINTAINERCLEANFILES = $(srcdir)/Makefile.in $(srcdir)/versioninfo-pkcs11.rc 
$(srcdir)/versioninfo-pkcs11-spy.rc
- EXTRA_DIST = Makefile.mak versioninfo-pkcs11.rc.in 
versioninfo-pkcs11-spy.rc.in opensc-pkcs11.pc.in opensc-pkcs11.dll.manifest 
onepin-opensc-pkcs11.dll.manifest
+ EXTRA_DIST = Makefile.mak versioninfo-pkcs11.rc.in 
versioninfo-pkcs11-spy.rc.in opensc-pkcs11.pc.in opensc-pkcs11.dll.manifest
  
 @@ -27,10 +29,6 @@ if WIN32
  OPENSC_PKCS11_LIBS += -lshlwapi
@@ -23,11 +23,11 @@ Index: src/pkcs11/Makefile.am
  opensc_pkcs11_la_SOURCES = $(OPENSC_PKCS11_SRC) $(OPENSC_PKCS11_INC)
  opensc_pkcs11_la_CFLAGS = $(OPENSC_PKCS11_CFLAGS)
  opensc_pkcs11_la_LIBADD = $(OPENSC_PKCS11_LIBS)
-@@ -81,6 +79,7 @@ uninstall-hook:
+@@ -74,6 +72,7 @@ uninstall-hook:
  else
  # see http://wiki.cacert.org/wiki/Pkcs11TaskForce
  install-exec-hook:
 +we-dont-do-that-here:
-       $(MKDIR_P) "$(DESTDIR)$(pkcs11dir)"
-       for l in opensc-pkcs11$(DYN_LIB_EXT) onepin-opensc-pkcs11$(DYN_LIB_EXT) 
pkcs11-spy$(DYN_LIB_EXT); do \
-               rm -f "$(DESTDIR)$(pkcs11dir)/$$l"; \
+       cd $(DESTDIR)$(libdir) && \
+         rm -f "onepin-opensc-pkcs11$(DYN_LIB_EXT)" && \
+         $(LN_S) "opensc-pkcs11$(DYN_LIB_EXT)" 
"onepin-opensc-pkcs11$(DYN_LIB_EXT)"
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/security/opensc/pkg/PLIST,v
diff -u -p -r1.17 PLIST
--- pkg/PLIST   28 Jun 2023 22:21:26 -0000      1.17
+++ pkg/PLIST   18 Dec 2023 21:07:30 -0000
@@ -25,7 +25,6 @@ lib/libopensc.la
 lib/libsmm-local.la
 @lib lib/libsmm-local.so.${LIBsmm-local_VERSION}
 lib/pkcs11/
-@so lib/pkcs11/onepin-opensc-pkcs11.so
 @so lib/pkcs11/opensc-pkcs11.so
 @so lib/pkcs11/pkcs11-spy.so
 lib/pkgconfig/libopensc.pc
@@ -83,9 +82,6 @@ share/examples/opensc/opensc.conf
 @mode 644
 @sample ${SYSCONFDIR}/opensc.conf
 @mode
-share/examples/opensc/xdg/
-share/examples/opensc/xdg/autostart/
-share/examples/opensc/xdg/autostart/pkcs11-register.desktop
 share/opensc/
 share/opensc/asepcos.profile
 share/opensc/authentic.profile

Reply via email to