| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 0001-Use-sysconfdir-opensc-for-opensc.conf.patch | Use $sysconfdir/opensc for opensc.conf | Eric Dorland <eric@debian.org> | no | 2020-01-26 | ||
| 0002-Fix-private-key-import.patch | pkcs11-tool: Fix private key import | Jakub Jelen <jjelen@redhat.com> | no | upstream, 9294183e07ff4944e3f5e590f343f5727636767e | 2022-12-01 | |
| 0003-Log-OpenSSL-errors.patch | pkcs11-tool: Log more information on OpenSSL errors | Jakub Jelen <jjelen@redhat.com> | no | upstream, cff91cf6167743bdd59285150c4ef19802ed2644 | 2022-12-01 | |
| 0004-pkcs15init-correct-left-length-calculation.patch | pkcs15init: correct left length calculation to fix buffer overrun bug. Fixes #2785 From https://github.com/OpenSC/OpenSC/issues/2785: The newly found issue exists in pkcs15-init module. Like the original bug in libopensc, cardos_have_verifyrc_package in pkcs15-cardos.c scans an ans1 buffer for 2 tags. The pointer p is moved after each sc_asn1_find_tag invocation, which results in the miscalculation of the length of left bytes in buffer and hence reading beyond the end of the buffer. CVE-2023-2977 was assigned for this issue. |
fullwaywang <fullwaywang@tencent.com> | no | https://github.com/OpenSC/OpenSC/commit/81944d1529202bd28359bede57c0a15deb65ba8a | 2023-05-29 | |
| 0006-CVE-2023-4535.patch | NULL pointer fix Thanks to the clang analyzer: Null pointer passed to 2nd parameter expecting 'nonnull' [clang-analyzer-core.NonNullParamChecker] modified: src/libopensc/card-myeid.c |
Peter Popovec <popovec.peter@gmail.com> | no | https://github.com/OpenSC/OpenSC/commit/cde2e050ec4f2f1b7db38429aa4e9c0f4656308c | 2023-04-26 | |
| 0007-CVE-2023-4535.patch | myeid: fixed CID 380538 Out-of-bounds read (OVERRUN) also fixes output buffer size checking |
Peter Popovec <popovec.peter@gmail.com> | no | https://github.com/OpenSC/OpenSC/commit/f1993dc4e0b33050b8f72a3558ee88b24c4063b2 | 2023-06-27 | |
| 0008-CVE-2023-40660.patch | Fixed PIN authentication bypass If two processes are accessing a token, then one process may leave the card usable with an authenticated PIN so that a key may sign/decrypt any data. This is especially the case if the token does not support a way of resetting the authentication status (logout). We have some tracking of the authentication status in software via PKCS#11, Minidriver (os-wise) and CryptoTokenKit, which is why a PIN-prompt will appear even though the card may technically be unlocked as described in the above example. However, before this change, an empty PIN was not verified (likely yielding an error during PIN-verification), but it was just checked whether the PIN is authenticated. This defeats the purpose of the PIN verification, because an empty PIN is not the correct one. Especially during OS Logon, we don't want that kind of shortcut, but we want the user to verify the correct PIN (even though the token was left unattended and authentication at the computer). This essentially reverts commit e6f7373ef066cfab6e3162e8b5f692683db23864. |
Frank Morgner <frankmorgner@gmail.com> | no | https://github.com/OpenSC/OpenSC/commit/868f76fb31255fd3fdacfc3e476452efeb61c3e7 | 2023-06-21 | |
| 0009-CVE-2023-40661.patch | pkcs15: Avoid buffer overflow when getting last update Thanks oss-fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60769 |
Jakub Jelen <jjelen@redhat.com> | no | https://github.com/OpenSC/OpenSC/commit/245efe608d083fd4e4ec96793fdefd218e26fde7 | 2023-08-17 | |
| 0010-CVE-2023-40661.patch | setcos: Avoid buffer underflow Thanks oss-fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60672 |
Jakub Jelen <jjelen@redhat.com> | no | https://github.com/OpenSC/OpenSC/commit/440ca666eff10cc7011901252d20f3fc4ea23651 | 2023-08-17 | |
| 0011-CVE-2023-40661.patch | oberthur: Avoid buffer overflow Thanks oss-fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60650 |
Jakub Jelen <jjelen@redhat.com> | no | https://github.com/OpenSC/OpenSC/commit/41d61da8481582e12710b5858f8b635e0a71ab5e | 2023-09-20 | |
| 0012-CVE-2023-40661.patch | sc_pkcs15init_rmdir: prevent out of bounds write fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53927 |
Frank Morgner <frankmorgner@gmail.com> | no | https://github.com/OpenSC/OpenSC/commit/578aed8391ef117ca64a9e0cba8e5c264368a0ec | 2022-12-08 | |
| 0013-CVE-2023-40661.patch | pkcs15-cflex: check path length to prevent underflow Thanks OSS-Fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58932 |
=?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com> | no | https://github.com/OpenSC/OpenSC/commit/c449a181a6988cc1e8dc8764d23574e48cdc3fa6 | 2023-06-19 | |
| 0014-CVE-2023-40661.patch | Check array bounds Thanks OSS-Fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54312 |
Veronika Hanulikova <xhanulik@fi.muni.cz> | no | https://github.com/OpenSC/OpenSC/commit/df5a176bfdf8c52ba89c7fef1f82f6f3b9312bc1 | 2023-02-10 | |
| 0015-CVE-2023-40661.patch | Check length of string before making copy Thanks OSS-Fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55851 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55998 |
Veronika Hanulikova <xhanulik@fi.muni.cz> | no | https://github.com/OpenSC/OpenSC/commit/5631e9843c832a99769def85b7b9b68b4e3e3959 | 2023-03-03 |