diff --git a/.appveyor.yml b/.appveyor.yml index ba42032c0d..ff8f80016c 100644 --- a/.appveyor.yml +++ b/.appveyor.yml @@ -1,4 +1,4 @@ -version: 0.23.0.{build} +version: 0.24.0.{build} platform: - x86 diff --git a/NEWS b/NEWS index ba19f1cc92..df5d3f0052 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,68 @@ NEWS for OpenSC -- History of user visible changes +# New in 0.24.0; 2023-10-XX +## Security +* CVE-2023-40660: Fix Potential PIN bypass (#2806, frankmorgner/OpenSCToken#50, #2807) +* CVE-2023-40661: Important dynamic analyzers reports +* CVE-2023-4535: Out-of-bounds read in MyEID driver handling encryption using symmetric keys (f1993dc4) +## General improvements +* Fix compatibility of EAC with OpenSSL 3.0 (#2674) +* Enable `use_file_cache` by default (#2501) +* Use custom libctx with OpenSSL >= 3.0 (#2712, #2715) +* Fix record-based files (#2604) +* Fix several race conditions (#2735) +* Run tests under Valgrind (#2756) +* Test signing of data bigger than 512 bytes (#2789) +* Update to OpenPACE 1.1.3 (#2796) +* Implement logout for some of the card drivers (#2807) +* Fixed various issues reported by OSS-Fuzz and Coverity regarding card drivers, PKCS#11 and PKCS#15 init +## PKCS#11 +* Check card presence state in `C_GetSessionInfo` (#2740) +* Remove `onepin-opensc-pkcs11` module (#2681) +* Do not use colons in the token info label (#2760) +## PKCS#15 +* Honor cache offsets when writing file cache (#2858) +## Minidriver +* Fix for private keys that do not need a PIN (#2722) +## pkcs11-tool +* Fix RSA key import with OpenSSL 3.0 (#2656) +* Add support for attribute filtering when listing objects (#2687) +* Add support for `--private` flag when writing certificates (#2768) +* Add support for non-AEAD ciphers to the test mode (#2780) +* Show CKA_SIGN attribute for secret keys (#2862) +## westcos-tool +* Generate 2k RSA keys by default (b53fc5cd) +## pkcs11-register +* Disable autostart on Linux by default (#2680) +## IDPrime +* Add support for IDPrime MD 830, 930 and 940 (#2666) +* Add support for SafeNet eToken 5110 token (#2812) +## EPass2003 +* Change of PIN requires verification of the PIN (#2759) +* Fix incorrect CMAC computation for subkeys (#2759, issue #2734) +* Use true random number for mutual authentication for SM (#2766) +* Add verification of data coming from the token in the secure messaging mode (#2772) +## OpenPGP +* Fix select data command (#2753, issue #2752) +## eOI +* Add support for Slovenian eID card (eOI) (#2646) +## Italian CNS +* Add support for IDEMIA (Oberthur) tokens (#2483) +## PIV +* Add support for Swissbit iShield FIDO2 Authenticator (#2671) +* Implement PIV secure messaging (#2053) +## SkeID +* Add support for Slovak eID cards (#2672) +## isoApplet +* Support ECDSA with off-card hashing (#2642) +## MyEID +* Fix WRAP operation when using T0 (#2695) +* Identify changes on the card and enable `use_file_cache` (#2798) +## SC-HSM +* Add support for `opensc-tool --serial` (#2675) +* Fix unwrapping of 4096 keys with handling reader limits (#2682) +* Indicate supported hashes and MGF1s (#2827) + # Addendum for 0.22.0; 2023-09-01 * fixed security problems * CVE-2021-42778 Heap double free in sc_pkcs15_free_tokeninfo diff --git a/configure.ac b/configure.ac index 414d9a67a8..6926017081 100644 --- a/configure.ac +++ b/configure.ac @@ -7,9 +7,9 @@ define([PRODUCT_TARNAME], [opensc]) define([PRODUCT_BUGREPORT], [https://github.com/OpenSC/OpenSC/issues]) define([PRODUCT_URL], [https://github.com/OpenSC/OpenSC]) define([PACKAGE_VERSION_MAJOR], [0]) -define([PACKAGE_VERSION_MINOR], [23]) +define([PACKAGE_VERSION_MINOR], [24]) define([PACKAGE_VERSION_FIX], [0]) -define([PACKAGE_SUFFIX], []) +define([PACKAGE_SUFFIX], [-rc1]) define([VS_FF_LEGAL_COPYRIGHT], [OpenSC Project]) define([VS_FF_LEGAL_COMPANY_NAME], [OpenSC Project]) @@ -46,7 +46,7 @@ OPENSC_VS_FF_PRODUCT_URL="VS_FF_PRODUCT_URL" # (Code changed: REVISION++) # (Oldest interface changed/removed: OLDEST++) # (Interfaces added: CURRENT++, REVISION=0) -OPENSC_LT_CURRENT="9" +OPENSC_LT_CURRENT="10" OPENSC_LT_OLDEST="8" OPENSC_LT_REVISION="0" OPENSC_LT_AGE="0"