From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1527526-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id D137015810F
	for <garchives@archives.gentoo.org>; Sat, 10 Jun 2023 19:07:06 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 1F897E087D;
	Sat, 10 Jun 2023 19:07:06 +0000 (UTC)
Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id DCFCCE087D
	for <gentoo-commits@lists.gentoo.org>; Sat, 10 Jun 2023 19:07:05 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id E2FA53411E7
	for <gentoo-commits@lists.gentoo.org>; Sat, 10 Jun 2023 19:07:04 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 7AA0BA80
	for <gentoo-commits@lists.gentoo.org>; Sat, 10 Jun 2023 19:07:03 +0000 (UTC)
From: "David Seifert" <soap@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "David Seifert" <soap@gentoo.org>
Message-ID: <1686424000.cc922f70f70016cf7fd197a8f492e654e0556f50.soap@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: dev-libs/opensc/, dev-libs/opensc/files/
X-VCS-Repository: repo/gentoo
X-VCS-Files: dev-libs/opensc/files/opensc-0.23.0-CVE-2023-2977.patch dev-libs/opensc/opensc-0.23.0-r1.ebuild
X-VCS-Directories: dev-libs/opensc/files/ dev-libs/opensc/
X-VCS-Committer: soap
X-VCS-Committer-Name: David Seifert
X-VCS-Revision: cc922f70f70016cf7fd197a8f492e654e0556f50
X-VCS-Branch: master
Date: Sat, 10 Jun 2023 19:07:03 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: 5772f7f1-657c-4e28-a092-77c0f0e5d769
X-Archives-Hash: 908aaf4c18642c9dd732a2fd238989ed

commit:     cc922f70f70016cf7fd197a8f492e654e0556f50
Author:     David Seifert <soap <AT> gentoo <DOT> org>
AuthorDate: Sat Jun 10 19:06:40 2023 +0000
Commit:     David Seifert <soap <AT> gentoo <DOT> org>
CommitDate: Sat Jun 10 19:06:40 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cc922f70

dev-libs/opensc: add patch for CVE-2023-2977

Bug: https://bugs.gentoo.org/907930
Signed-off-by: David Seifert <soap <AT> gentoo.org>

 .../opensc/files/opensc-0.23.0-CVE-2023-2977.patch | 49 +++++++++++++
 dev-libs/opensc/opensc-0.23.0-r1.ebuild            | 83 ++++++++++++++++++++++
 2 files changed, 132 insertions(+)

diff --git a/dev-libs/opensc/files/opensc-0.23.0-CVE-2023-2977.patch b/dev-libs/opensc/files/opensc-0.23.0-CVE-2023-2977.patch
new file mode 100644
index 000000000000..ad3bc1fadc93
--- /dev/null
+++ b/dev-libs/opensc/files/opensc-0.23.0-CVE-2023-2977.patch
@@ -0,0 +1,49 @@
+From 81944d1529202bd28359bede57c0a15deb65ba8a Mon Sep 17 00:00:00 2001
+From: fullwaywang <fullwaywang@tencent.com>
+Date: Mon, 29 May 2023 10:38:48 +0800
+Subject: [PATCH] pkcs15init: correct left length calculation to fix buffer
+ overrun bug. Fixes #2785
+
+---
+ src/pkcs15init/pkcs15-cardos.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/src/pkcs15init/pkcs15-cardos.c b/src/pkcs15init/pkcs15-cardos.c
+index 9715cf390f..f41f73c349 100644
+--- a/src/pkcs15init/pkcs15-cardos.c
++++ b/src/pkcs15init/pkcs15-cardos.c
+@@ -872,7 +872,7 @@ static int cardos_have_verifyrc_package(sc_card_t *card)
+ 	sc_apdu_t apdu;
+         u8        rbuf[SC_MAX_APDU_BUFFER_SIZE];
+         int       r;
+-	const u8  *p = rbuf, *q;
++	const u8  *p = rbuf, *q, *pp;
+ 	size_t    len, tlen = 0, ilen = 0;
+ 
+ 	sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0xca, 0x01, 0x88);
+@@ -888,13 +888,13 @@ static int cardos_have_verifyrc_package(sc_card_t *card)
+ 		return 0;
+ 
+ 	while (len != 0) {
+-		p = sc_asn1_find_tag(card->ctx, p, len, 0xe1, &tlen);
+-		if (p == NULL)
++		pp = sc_asn1_find_tag(card->ctx, p, len, 0xe1, &tlen);
++		if (pp == NULL)
+ 			return 0;
+ 		if (card->type == SC_CARD_TYPE_CARDOS_M4_3)	{
+ 			/* the verifyRC package on CardOS 4.3B use Manufacturer ID 0x01	*/
+ 			/* and Package Number 0x07					*/
+-			q = sc_asn1_find_tag(card->ctx, p, tlen, 0x01, &ilen);
++			q = sc_asn1_find_tag(card->ctx, pp, tlen, 0x01, &ilen);
+ 			if (q == NULL || ilen != 4)
+ 				return 0;
+ 			if (q[0] == 0x07)
+@@ -902,7 +902,7 @@ static int cardos_have_verifyrc_package(sc_card_t *card)
+ 		} else if (card->type == SC_CARD_TYPE_CARDOS_M4_4)	{
+ 			/* the verifyRC package on CardOS 4.4 use Manufacturer ID 0x03	*/
+ 			/* and Package Number 0x02					*/
+-			q = sc_asn1_find_tag(card->ctx, p, tlen, 0x03, &ilen);
++			q = sc_asn1_find_tag(card->ctx, pp, tlen, 0x03, &ilen);
+ 			if (q == NULL || ilen != 4)
+ 				return 0;
+ 			if (q[0] == 0x02)

diff --git a/dev-libs/opensc/opensc-0.23.0-r1.ebuild b/dev-libs/opensc/opensc-0.23.0-r1.ebuild
new file mode 100644
index 000000000000..9162e0939fc4
--- /dev/null
+++ b/dev-libs/opensc/opensc-0.23.0-r1.ebuild
@@ -0,0 +1,83 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit bash-completion-r1 libtool
+
+DESCRIPTION="Libraries and applications to access smartcards"
+HOMEPAGE="https://github.com/OpenSC/OpenSC/wiki"
+
+if [[ ${PV} == *9999 ]]; then
+	inherit autotools git-r3
+	EGIT_REPO_URI="https://github.com/OpenSC/OpenSC.git"
+else
+	SRC_URI="https://github.com/OpenSC/OpenSC/releases/download/${PV}/${P}.tar.gz"
+	KEYWORDS="~amd64 ~ppc64 ~x86"
+fi
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+IUSE="ctapi doc openct notify pace +pcsc-lite readline secure-messaging ssl test zlib"
+RESTRICT="!test? ( test )"
+
+RDEPEND="zlib? ( sys-libs/zlib )
+	readline? ( sys-libs/readline:0= )
+	ssl? ( dev-libs/openssl:0= )
+	openct? ( >=dev-libs/openct-0.5.0 )
+	pace? ( dev-libs/openpace:= )
+	pcsc-lite? ( >=sys-apps/pcsc-lite-1.3.0 )
+	notify? ( dev-libs/glib:2 )"
+DEPEND="${RDEPEND}
+	app-text/docbook-xsl-stylesheets
+	dev-libs/libxslt
+	test? ( dev-util/cmocka )"
+BDEPEND="virtual/pkgconfig"
+
+REQUIRED_USE="
+	pcsc-lite? ( !openct !ctapi )
+	openct? ( !pcsc-lite !ctapi )
+	ctapi? ( !pcsc-lite !openct )
+	|| ( pcsc-lite openct ctapi )"
+
+PATCHES=( "${FILESDIR}"/${P}-CVE-2023-2977.patch )
+
+src_prepare() {
+	default
+
+	if [[ ${PV} == *9999 ]]; then
+		eautoreconf
+	else
+		elibtoolize
+	fi
+}
+
+src_configure() {
+	# don't want to run upstream's clang-tidy checks
+	export ac_cv_path_CLANGTIDY=""
+
+	econf \
+		--with-completiondir="$(get_bashcompdir)" \
+		--disable-strict \
+		--enable-man \
+		$(use_enable ctapi) \
+		$(use_enable doc) \
+		$(use_enable notify) \
+		$(use_enable openct) \
+		$(use_enable pace openpace) \
+		$(use_enable pcsc-lite pcsc) \
+		$(use_enable readline) \
+		$(use_enable secure-messaging sm) \
+		$(use_enable ssl openssl) \
+		$(use_enable test cmocka) \
+		$(use_enable zlib)
+}
+
+src_install() {
+	default
+
+	insinto /etc/pkcs11/modules/
+	doins "${FILESDIR}"/opensc.module
+
+	find "${ED}" -name '*.la' -delete || die
+}