diff --git a/CVE-2019-6502.patch b/CVE-2019-6502.patch new file mode 100644 index 0000000..8a4943f --- /dev/null +++ b/CVE-2019-6502.patch @@ -0,0 +1,29 @@ +From 0d7967549751b7032f22b437106b41444aff0ba9 Mon Sep 17 00:00:00 2001 +From: Scott Gayou +Date: Fri, 1 Mar 2019 13:11:06 -0600 +Subject: [PATCH] Small memory leak fix (CVE-2019-6502 in #1586) + +CVE-2019-6502 was assigned to what appears to be a very minor +memory leak that only occurs on an error-case in a CLI tool. +If util_connect_card fails, we still need to release the sc +context previously allocated by sc_context_create else memory +will leak. +--- + src/tools/eidenv.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/tools/eidenv.c b/src/tools/eidenv.c +index d8a7be6..d96ad4e 100644 +--- a/src/tools/eidenv.c ++++ b/src/tools/eidenv.c +@@ -403,6 +403,7 @@ int main(int argc, char **argv) + r = util_connect_card(ctx, &card, opt_reader, opt_wait, 0); + if (r) { + fprintf(stderr, "Failed to connect to card: %s\n", sc_strerror(r)); ++ sc_release_context(ctx); + return 1; + } + +-- +1.7.12.4 + diff --git a/opensc.spec b/opensc.spec index 366eb1b..fe4d834 100644 --- a/opensc.spec +++ b/opensc.spec @@ -1,25 +1,23 @@ %define opensc_module "OpenSC PKCS #11 Module" %define nssdb %{_sysconfdir}/pki/nssdb -Name: opensc -Version: 0.19.0 -Release: 3 -License: LGPLv2.1+ -URL: https://github.com/OpenSC/OpenSC/wiki -Source0: https://github.com/OpenSC/OpenSC/releases/download/%{version}/%{name}-%{version}.tar.gz -Source1: opensc.module -Patch0: opensc-0.19.0-rsa-pss.patch -Summary: Smart card library and applications +Name: opensc +Version: 0.19.0 +Release: 4 +License: LGPLv2.1+ +Summary: Smart card library and applications +URL: https://github.com/OpenSC/OpenSC/wiki +Source0: https://github.com/OpenSC/OpenSC/releases/download/%{version}/%{name}-%{version}.tar.gz +Source1: opensc.module +Patch0: opensc-0.19.0-rsa-pss.patch +Patch6000: CVE-2019-6502.patch -BuildRequires: openssl-devel pcsc-lite-devel bash-completion -BuildRequires: docbook-style-xsl readline-devel -BuildRequires: desktop-file-utils -BuildRequires: /usr/bin/xsltproc -BuildRequires: autoconf automake libtool gcc -Requires: pcsc-lite -Obsoletes: coolkey <= 1.1.0-36 -Obsoletes: mozilla-opensc-signer < 0.12.0 -Obsoletes: opensc-devel < 0.12.0 +BuildRequires: openssl-devel pcsc-lite-devel bash-completion docbook-style-xsl readline-devel +BuildRequires: desktop-file-utils /usr/bin/xsltproc autoconf automake libtool gcc +Requires: pcsc-lite +Obsoletes: coolkey <= 1.1.0-36 +Obsoletes: mozilla-opensc-signer < 0.12.0 +Obsoletes: opensc-devel < 0.12.0 %description OpenSC provides a set of libraries and utilities to work with smart cards. @@ -29,15 +27,10 @@ mail encryption and digital signatures. OpenSC implements the standard APIs to smart cards, e.g. PKCS#11 API, Windows’ Smart Card Minidriver and macOS Tokend. -%package help -Summary: Include man page in help package. - -%description help -This package provides INFO, HTML and user manual for opensc. +%package_help %prep -%setup -q -%patch0 -p1 -b .pss +%autosetup -n %{name}-%{version} -p1 sed -i -e 's|/usr/local/towitoko/lib/|/usr/lib/ctapi/|' etc/opensc.conf.example.in cp -p src/pkcs15init/README ./README.pkcs15init @@ -137,6 +130,9 @@ desktop-file-validate %{buildroot}/%{_datadir}/applications/org.opensc.notify.de %{_datadir}/p11-kit/modules/opensc.module %changelog +* Mon Dec 16 2019 openEuler Buildteam - 0.19.0-4 +- Fix CVE-2019-6502 + * Fri Sep 27 2019 openEuler Buildteam - 0.19.0-3 - Adjust requires