opensc: updated to 0.25.0

New in 0.25.0; 2024-03-06

Security

CVE-2023-5992: Side-channel leaks while stripping encryption PKCS#1.5 padding in OpenSC
CVE-2024-1454: Potential use-after-free in AuthentIC driver during card enrollment in pkcs15init

General improvements

Update OpenSSL 1.1.1 to 3.0 in MacOS build
Remove support for old card drivers Akis, GPK, Incrypto34 and Westcos, disable Cyberflex driver
Fix 64b to 32b conversions
Improvements for the p11test
Fix reader initialization without SCardControl
Make RSA PKCS#1 v1.5 depadding constant-time
Add option for disabling PKCS#1 v1.5 depadding (type 01 and 02) on the card
Enable MSI signing via Signpath CI integration for Windows
Fixed various issues reported by OSS-Fuzz and Coverity in drivers, PKCS#11 and PKCS#15 layer

minidriver

Fix wrong hash selection

pkcs11-tool

Simplify printing EC keys parameters
Add option to import GENERIC key
Add support for importing Ed25518/448 keys

drust-tool

Add tool for D-Trust cards

IDPrime

Support uncompressed certificates on IDPrime 940
Enhance IDPrime logging
Add SafeNet 5110+ FIPS token support

D-Trust Signature Cards

Add support for RSA D-Trust Signature Card 4.1 and 4.4

EstEID

Remove expired EstEID 3.* card support

ePass2003

Allow SW implementation with more SHA2 hashes and ECDSA
Fix EC key generation

SmartCard-HSM

Fix SELECT APDU command

MyEID

Update for PKCS#15 profile

Rutoken

Support for RSA 4096 key algorithm

OpenPGP

Fix decryption requiting Manage Security Environment for authentication key

security/opensc/Makefile

@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.44 2024/02/01 14:19:15 adam Exp $
+# $NetBSD: Makefile,v 1.45 2024/03/07 10:00:27 adam Exp $
 
-DISTNAME=	opensc-0.24.0
+DISTNAME=	opensc-0.25.0
 CATEGORIES=	security
 MASTER_SITES=	${MASTER_SITE_GITHUB:=OpenSC/}
 

security/opensc/PLIST

@@ -1,7 +1,8 @@
-@comment $NetBSD: PLIST,v 1.16 2024/02/01 14:19:15 adam Exp $
+@comment $NetBSD: PLIST,v 1.17 2024/03/07 10:00:27 adam Exp $
 bin/cardos-tool
 bin/cryptoflex-tool
 bin/dnie-tool
+bin/dtrust-tool
 bin/egk-tool
 bin/eidenv
 bin/gids-tool
@@ -33,6 +34,7 @@ lib/pkgconfig/opensc-pkcs11.pc
 man/man1/cardos-tool.1
 man/man1/cryptoflex-tool.1
 man/man1/dnie-tool.1
+man/man1/dtrust-tool.1
 man/man1/egk-tool.1
 man/man1/eidenv.1
 man/man1/gids-tool.1
@@ -66,7 +68,6 @@ share/opensc/entersafe.profile
 share/opensc/epass2003.profile
 share/opensc/flex.profile
 share/opensc/gids.profile
-share/opensc/gpk.profile
 share/opensc/ias_adele_admin1.profile
 share/opensc/ias_adele_admin2.profile
 share/opensc/ias_adele_common.profile
@@ -74,7 +75,6 @@ share/opensc/iasecc.profile
 share/opensc/iasecc_admin_eid.profile
 share/opensc/iasecc_generic_oberthur.profile
 share/opensc/iasecc_generic_pki.profile
-share/opensc/incrypto34.profile
 share/opensc/isoApplet.profile
 share/opensc/muscle.profile
 share/opensc/myeid.profile
@@ -87,4 +87,3 @@ share/opensc/rutoken_lite.profile
 share/opensc/sc-hsm.profile
 share/opensc/setcos.profile
 share/opensc/starcos.profile
-share/opensc/westcos.profile

security/opensc/distinfo

@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.22 2024/02/01 14:19:15 adam Exp $
+$NetBSD: distinfo,v 1.23 2024/03/07 10:00:27 adam Exp $
 
-BLAKE2s (opensc-0.24.0.tar.gz) = 96380fde65acc7c487b7f302fa59630ee2487a9337f5fcdee32d1b1b3ba1e115
-SHA512 (opensc-0.24.0.tar.gz) = acc47117216df5d4ed1296673082e61ee91c08ca2fd3e718858f77ad0fca77ba7cebcf4ab1c7c26f9a8c80b48df567112a1cc5c4cd4b655f10c60db508e08a8f
-Size (opensc-0.24.0.tar.gz) = 2030987 bytes
+BLAKE2s (opensc-0.25.0.tar.gz) = 13e827cd594fad88466e6f4e5afb457f388c151ed6bad5a35954fdb60d1609d9
+SHA512 (opensc-0.25.0.tar.gz) = 112ab456151ec30e45329e93b385f8666730808280dbaf847c8934ab86c7610106a664974b9a238ace60a29c4d8e1f9b242db9a5fcd8a73b42854ed05d3f8f3a
+Size (opensc-0.25.0.tar.gz) = 2004813 bytes
 SHA1 (patch-configure.ac) = 37fbb6eab0eb19299ce1feefd08c18a73f688150
 SHA1 (patch-doc_tools_Makefile.am) = bc70d3371cde940f2352e1d9a9e8c3c2c49658ed
 SHA1 (patch-etc_Makefile.am) = 5ca9245c763a9f8a8aa273e7e76c75168c52d0cd