From 0ad27ff39c2113c5a21d020c207b0391e5225bac Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Dec 03 2020 08:11:00 +0000 Subject: import opensc-0.20.0-4.el8 --- diff --git a/SOURCES/opensc-0.20.0-calloc0.patch b/SOURCES/opensc-0.20.0-calloc0.patch new file mode 100644 index 0000000..341dc5e --- /dev/null +++ b/SOURCES/opensc-0.20.0-calloc0.patch @@ -0,0 +1,102 @@ +From f1bcadfbe9d156adbe509b0860511ee41add0c67 Mon Sep 17 00:00:00 2001 +From: Frank Morgner +Date: Tue, 10 Mar 2020 12:13:29 +0100 +Subject: [PATCH] pkcs11: don't try to allocate 0 byte with calloc + +fixes #1978 +--- + src/pkcs11/pkcs11-global.c | 7 ++++++- + win32/Make.rules.mak | 4 ++-- + win32/winconfig.h.in | 2 ++ + 3 files changed, 10 insertions(+), 3 deletions(-) + +diff --git a/src/pkcs11/pkcs11-global.c b/src/pkcs11/pkcs11-global.c +index a3260314f8..671890309f 100644 +--- a/src/pkcs11/pkcs11-global.c ++++ b/src/pkcs11/pkcs11-global.c +@@ -456,6 +456,13 @@ CK_RV C_GetSlotList(CK_BBOOL tokenPresent, /* only slots with token prese + + card_detect_all(); + ++ if (list_empty(&virtual_slots)) { ++ sc_log(context, "returned 0 slots\n"); ++ *pulCount = 0; ++ rv = CKR_OK; ++ goto out; ++ } ++ + found = calloc(list_size(&virtual_slots), sizeof(CK_SLOT_ID)); + + if (found == NULL) { +diff --git a/win32/Make.rules.mak b/win32/Make.rules.mak +index 4f4971a72d..c6b1aac340 100644 +--- a/win32/Make.rules.mak ++++ b/win32/Make.rules.mak +@@ -1,7 +1,7 @@ + OPENSC_FEATURES = pcsc + + #Include support for minidriver +-MINIDRIVER_DEF = /DENABLE_MINIDRIVER ++#MINIDRIVER_DEF = /DENABLE_MINIDRIVER + + #Build MSI with the Windows Installer XML (WIX) toolkit, requires WIX >= 3.9 + !IF "$(WIX)" == "" +@@ -33,7 +33,7 @@ WIX_LIBS = "$(WIX)\SDK\$(WIXVSVER)\lib\$(PLATFORM)\dutil.lib" "$(WIX)\SDK\$(WIXV + SM_DEF = /DENABLE_SM + + #Build with debugging support +-#DEBUG_DEF = /DDEBUG ++DEBUG_DEF = /DDEBUG + + # If you want support for OpenSSL (needed for pkcs15-init tool, software hashing in PKCS#11 library and verification): + # - download and build OpenSSL +diff --git a/win32/winconfig.h.in b/win32/winconfig.h.in +index 94ed9b5475..fa682c5bcc 100644 +--- a/win32/winconfig.h.in ++++ b/win32/winconfig.h.in +@@ -103,6 +103,8 @@ + #define DEFAULT_ONEPIN_PKCS11_PROVIDER "@DEFAULT_ONEPIN_PKCS11_PROVIDER@" + #endif + ++#define PKCS11_THREAD_LOCKING ++ + #ifndef DEFAULT_SM_MODULE + #define DEFAULT_SM_MODULE "@DEFAULT_SM_MODULE@" + #endif + +commit 500ecd3d127975379e2310626c3ce94c3e7035ea +Author: Jakub Jelen +Date: Wed Nov 25 13:49:08 2020 +0100 + + pkcs11-tool: Avoid calloc with 0 argument + +diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c +index 4015aaf1..89244795 100644 +--- a/src/tools/pkcs11-tool.c ++++ b/src/tools/pkcs11-tool.c +@@ -1270,15 +1270,18 @@ static void list_slots(int tokens, int refresh, int print) + if (rv != CKR_OK) + p11_fatal("C_GetSlotList(NULL)", rv); + free(p11_slots); +- p11_slots = calloc(p11_num_slots, sizeof(CK_SLOT_ID)); +- if (p11_slots == NULL) { +- perror("calloc failed"); +- exit(1); ++ p11_slots = NULL; ++ if (p11_num_slots > 0) { ++ p11_slots = calloc(p11_num_slots, sizeof(CK_SLOT_ID)); ++ if (p11_slots == NULL) { ++ perror("calloc failed"); ++ exit(1); ++ } ++ rv = p11->C_GetSlotList(tokens, p11_slots, &p11_num_slots); ++ if (rv != CKR_OK) ++ p11_fatal("C_GetSlotList()", rv); + } + +- rv = p11->C_GetSlotList(tokens, p11_slots, &p11_num_slots); +- if (rv != CKR_OK) +- p11_fatal("C_GetSlotList()", rv); + } + + if (!print) diff --git a/SOURCES/opensc-0.20.0-file-cache.patch b/SOURCES/opensc-0.20.0-file-cache.patch new file mode 100644 index 0000000..9dfce70 --- /dev/null +++ b/SOURCES/opensc-0.20.0-file-cache.patch @@ -0,0 +1,85 @@ +From 2a28dcd3f6e4af7a5b2d7d7810b26b6321dd1bf1 Mon Sep 17 00:00:00 2001 +From: Jakub Jelen +Date: Tue, 10 Nov 2020 14:44:43 +0100 +Subject: [PATCH 1/3] ctx: Use more standard cache directory + +https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html +--- + src/libopensc/ctx.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/src/libopensc/ctx.c b/src/libopensc/ctx.c +index 6b57170f01..d6058c070e 100644 +--- a/src/libopensc/ctx.c ++++ b/src/libopensc/ctx.c +@@ -1008,7 +1008,12 @@ int sc_get_cache_dir(sc_context_t *ctx, char *buf, size_t bufsize) + } + + #ifndef _WIN32 +- cache_dir = ".eid/cache"; ++ cache_dir = getenv("XDG_CACHE_HOME"); ++ if (cache_dir != NULL && cache_dir[0] != '\0') { ++ snprintf(buf, bufsize, "%s/%s", cache_dir, "opensc"); ++ return SC_SUCCESS; ++ } ++ cache_dir = ".cache/opensc"; + homedir = getenv("HOME"); + #else + cache_dir = "eid-cache"; +@@ -1020,7 +1025,7 @@ int sc_get_cache_dir(sc_context_t *ctx, char *buf, size_t bufsize) + homedir = temp_path; + } + #endif +- if (homedir == NULL) ++ if (homedir == NULL || homedir[0] == '\0') + return SC_ERROR_INTERNAL; + if (snprintf(buf, bufsize, "%s/%s", homedir, cache_dir) < 0) + return SC_ERROR_BUFFER_TOO_SMALL; + +From 7c1c6f6be47f55693647827259edcacc98761371 Mon Sep 17 00:00:00 2001 +From: Jakub Jelen +Date: Tue, 10 Nov 2020 15:07:42 +0100 +Subject: [PATCH 3/3] doc: Update documentation about the cache location + +--- + doc/files/opensc.conf.5.xml.in | 9 +++++++-- + 2 files changed, 11 insertions(+), 4 deletions(-) + +diff --git a/doc/files/opensc.conf.5.xml.in b/doc/files/opensc.conf.5.xml.in +index 118922a877..791f11669a 100644 +--- a/doc/files/opensc.conf.5.xml.in ++++ b/doc/files/opensc.conf.5.xml.in +@@ -1116,12 +1116,17 @@ app application { + + + +- HOME/.eid/cache/ (Unix) ++ $XDG_CACHE_HOME/opensc/ (If $XDG_CACHE_HOME is defined) + + + + +- USERPROFILE\.eid-cache\ (Windows) ++ $HOME/.cache/opensc/ (Unix) ++ ++ ++ ++ ++ $USERPROFILE\.eid-cache\ (Windows) + + + + +diff -up opensc-0.20.0/etc/opensc.conf.file-cache opensc-0.20.0/etc/opensc.conf +--- opensc-0.20.0/etc/opensc.conf.file-cache 2020-11-20 16:49:30.995526825 +0100 ++++ opensc-0.20.0/etc/opensc.conf 2020-11-20 16:50:07.665053280 +0100 +@@ -2,7 +2,7 @@ app default { + # debug = 3; + # debug_file = opensc-debug.txt; + framework pkcs15 { +- # use_file_caching = true; ++ use_file_caching = true; + } + reader_driver pcsc { + # The pinpad is disabled by default, + diff --git a/SPECS/opensc.spec b/SPECS/opensc.spec index 8291b4f..e7a2759 100644 --- a/SPECS/opensc.spec +++ b/SPECS/opensc.spec @@ -3,7 +3,7 @@ Name: opensc Version: 0.20.0 -Release: 3%{?dist} +Release: 4%{?dist} Summary: Smart card library and applications Group: System Environment/Libraries @@ -26,6 +26,12 @@ Patch12: opensc-0.20.0-CVE-2020-26571.patch Patch13: opensc-0.20.0-CVE-2020-26572.patch # https://github.com/OpenSC/OpenSC/commit/8d4af9eb Patch14: opensc-0.20.0-label-padding.patch +# https://github.com/OpenSC/OpenSC/commit/f1bcadfb +# https://github.com/OpenSC/OpenSC/pull/2166 +Patch15: opensc-0.20.0-calloc0.patch +# https://github.com/OpenSC/OpenSC/pull/2148 +# + configuration change by default +Patch16: opensc-0.20.0-file-cache.patch BuildRequires: pcsc-lite-devel @@ -63,6 +69,8 @@ every software/card that does so, too. %patch12 -p1 -b .CVE-2020-26571 %patch13 -p1 -b .CVE-2020-26572 %patch14 -p1 -b .padding +%patch15 -p1 -b .calloc0 +%patch16 -p1 -b .file-cache cp -p src/pkcs15init/README ./README.pkcs15init cp -p src/scconf/README.scconf . @@ -221,6 +229,10 @@ fi %changelog +* Fri Nov 20 2020 Jakub Jelen - 0.20.0-4 +- Use file cache by default (#1892810) +- Avoid calloc with 0 argument (#1895401) + * Tue Oct 20 2020 Jakub Jelen - 0.20.0-3 - Support PIN change for HID Alt tokens (#1830901) - Fix CVE-2020-26570, CVE-2020-26571 and CVE-2020-26572