From 49eb8e86b9ac36639c4742f41cc2635fd9acdd30 Mon Sep 17 00:00:00 2001
From: Daniel Golle <daniel@makrotopia.org>
Date: Wed, 5 Jun 2024 02:09:21 +0100
Subject: [PATCH] opensc: update to version 0.25.1

* New in 0.25.1; 2024-04-05
** General improvements
* Add missing file to dist tarball to build documentation (#3063)

** minidriver
* Fix RSA decryption with PKCS#1 v1.5 padding (#3077)
* Fix crash when app is not set (#3084)

* New in 0.25.0; 2024-03-06
** Security
* [CVE-2023-5992](https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992): Side-channel leaks while stripping encryption PKCS#1.5 padding in OpenSC (#2948)
* [CVE-2024-1454](https://github.com/OpenSC/OpenSC/wiki/CVE-2024-1454): Potential use-after-free in AuthentIC driver during card enrollment in pkcs15init (#2962)

** General improvements
* Update OpenSSL 1.1.1 to 3.0 in MacOS build (#2930)
* Remove support for old card drivers Akis, GPK, Incrypto34 and Westcos, disable Cyberflex driver (#2885)
* Fix 64b to 32b conversions (#2993)
* Improvements for the p11test (#2991)
* Fix reader initialization without SCardControl (#3007)
* Make RSA PKCS#1 v1.5 depadding constant-time (#2948)
* Add option for disabling PKCS#1 v1.5 depadding (type 01 and 02) on the card (#2975)
* Enable MSI signing via Signpath CI integration for Windows (#2799)
* Fixed various issues reported by OSS-Fuzz and Coverity in drivers, PKCS#11 and PKCS#15 layer

** minidriver
* Fix wrong hash selection (#2932)

** pkcs11-tool
* Simplify printing EC keys parameters (#2960)
* Add option to import GENERIC key (#2955)
* Add support for importing Ed25518/448 keys (#2985)
** drust-tool
* Add tool for D-Trust cards (#3026, #3051)
** IDPrime
* Support uncompressed certificates on IDPrime 940 (#2958)
* Enhance IDPrime logging (#3003)
* Add SafeNet 5110+ FIPS token support (#3048)
** D-Trust Signature Cards
* Add support for RSA D-Trust Signature Card 4.1 and 4.4 (#2943)
** EstEID
* Remove expired EstEID 3.* card support (#2950)
** ePass2003
* Allow SW implementation with more SHA2 hashes and ECDSA (#3012)
* Fix EC key generation (#3045)
** SmartCard-HSM
* Fix SELECT APDU command (#2978)
** MyEID
* Update for PKCS#15 profile (#2965)
** Rutoken
* Support for RSA 4096 key algorithm (#3011)
** OpenPGP

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
---
 utils/opensc/Makefile                    | 13 ++++-----
 utils/opensc/patches/001-fix-build.patch | 36 ++++++++++++++++++++++++
 2 files changed, 42 insertions(+), 7 deletions(-)
 create mode 100644 utils/opensc/patches/001-fix-build.patch

diff --git a/utils/opensc/Makefile b/utils/opensc/Makefile
index 61dece7385..04fabe5e8a 100644
--- a/utils/opensc/Makefile
+++ b/utils/opensc/Makefile
@@ -8,9 +8,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=opensc
-PKG_VERSION:=0.24.0
+PKG_VERSION:=0.25.1
 PKG_RELEASE:=1
-PKG_HASH:=24d03c69287291da32a30c4c38a304ad827f56cb85d83619e1f5403ab6480ef8
+PKG_HASH:=23cbaae8bd7c8eb589b68c0a961dfb0d02007bea3165a3fc5efe2621d549b37b
 
 PKG_LICENSE:=LGPL-2.1-or-later
 PKG_LICENSE_FILES:=COPYING
@@ -108,6 +108,7 @@ TOOLS:= \
 	cardos-tool \
 	cryptoflex-tool \
 	dnie-tool \
+	dtrust-tool \
 	egk-tool \
 	eidenv \
 	gids-tool \
@@ -115,8 +116,9 @@ TOOLS:= \
 	iasecc-tool \
 	netkey-tool \
 	openpgp-tool \
-	opensc-tool \
+	opensc-asn1 \
 	opensc-explorer:+libncurses:+libreadline \
+	opensc-tool \
 	piv-tool \
 	pkcs11-register \
 	pkcs11-tool \
@@ -135,7 +137,6 @@ PROFILES:= \
 	epass2003 \
 	flex \
 	gids \
-	gpk \
 	ias_adele_admin1 \
 	ias_adele_admin2 \
 	ias_adele_common \
@@ -143,7 +144,6 @@ PROFILES:= \
 	iasecc_generic_oberthur \
 	iasecc_generic_pki \
 	iasecc \
-	incrypto34 \
 	isoApplet \
 	muscle \
 	myeid \
@@ -155,8 +155,7 @@ PROFILES:= \
 	rutoken \
 	sc-hsm \
 	setcos \
-	starcos \
-	westcos
+	starcos
 
 $(foreach file,$(TOOLS),$(eval $(call ToolGen,$(file))))
 $(foreach file,$(PROFILES),$(eval $(call ProfileGen,$(file))))
diff --git a/utils/opensc/patches/001-fix-build.patch b/utils/opensc/patches/001-fix-build.patch
new file mode 100644
index 0000000000..8624aed4b9
--- /dev/null
+++ b/utils/opensc/patches/001-fix-build.patch
@@ -0,0 +1,36 @@
+--- a/src/libopensc/pkcs15-din-66291.c
++++ b/src/libopensc/pkcs15-din-66291.c
+@@ -23,12 +23,12 @@
+ #include <config.h>
+ #endif
+ 
++#include <stdlib.h>
++#include <string.h>
+ #include "internal.h"
+ #include "common/compat_strlcpy.h"
+ #include "log.h"
+ #include "pkcs15.h"
+-#include <stdlib.h>
+-#include <string.h>
+ 
+ static const unsigned char aid_CIA[] = {0xE8, 0x28, 0xBD, 0x08, 0x0F,
+     0xA0, 0x00, 0x00, 0x01, 0x67, 0x45, 0x53, 0x49, 0x47, 0x4E};
+--- a/src/libopensc/pkcs15-starcos-esign.c
++++ b/src/libopensc/pkcs15-starcos-esign.c
+@@ -23,14 +23,14 @@
+ #include <config.h>
+ #endif
+ 
++#include <stdlib.h>
++#include <string.h>
+ #include "common/compat_strlcpy.h"
+ #include "internal.h"
+ #include "log.h"
+ #include "pkcs15.h"
+ #include "cards.h"
+ 
+-#include <stdlib.h>
+-#include <string.h>
+ 
+ /* compile time option: define ENABLE_ESIGN_ISSUER_CONTAINERS to enable containers holding the issuer certificates */
+ 
-- 
2.30.2