@frankmorgner frankmorgner released this Sep 13, 2018 · 31 commits to master since this release

Assets 12

New in 0.19.0; 2018-09-13

General Improvements

  • fixed multiple security problems (out of bound writes/reads, #1447):
    • CVE-2018-16391
    • CVE-2018-16392
    • CVE-2018-16393
    • CVE-2018-16418
    • CVE-2018-16419
    • CVE-2018-16420
    • CVE-2018-16421
    • CVE-2018-16422
    • CVE-2018-16423
    • CVE-2018-16424
    • CVE-2018-16425
    • CVE-2018-16426
    • CVE-2018-16427
  • Improved documentation:
    • New manual page for opensc.conf(5)
    • Added several missing switches in manual pages and fixed formatting
  • Win32 installer:
    • automatically start SCardSvr
    • added newer OpenPGP ATRs
  • macOS installer: use HFS+ for backward compatibility
  • Remove outdated solaris files
  • PC/SC driver:
    • Workaround OMNIKEY 3x21 and 6121 Smart Card Readers wrongly identified as pinpad readers in macOS
  • Workaround cards returning short signatures without leading zeroes
  • bash completion
    • make location directory configurable
    • Use a new correct path by default
  • build: support for libressl-2.7+
  • Configuration
    • Distribute minimal opensc.conf
    • pkcs11_enable_InitToken made global configuration option
    • Modify behavior of OPENSC_DRIVER environment variable to restrict driver list instead of forcing one driver and skipping vital parts of configuration
    • Removed configuration options zero_ckaid_for_ca_certs, force_card_driver, reopen_debug_file, paranoid-memory
    • Generalized configuration option ignored_readers
  • If card initialization fails, continue card detection with other card drivers (#1251)
  • Fixed long term card operations on Windows 8 and later (#1043)
  • reader-pcsc: allow fixing the length of a PIN
  • fixed multithreading issue on Window with OpenPACE OIDs


  • fixed crash during C_WaitForSlotEvent (#1335)


  • Allow cancelling the PIN pad prompt before starting the reader transaction. Whether to start the transaction immediately or not is user-configurable for each application

OpenSC tools

  • opensc-notify
    • add Exit button to tray icon
    • User better description (GenericName) and a generic application icon
    • Do not display in the application list
  • pkcs15-tool
    • added support for reading ECDSA ssh keys
  • p11test
    • Filter certificates other than CKC_X_509
  • opengpg-tool
    • allow calling -d multiple times
    • clarify usage text


  • Implement RSA PSS
  • Add support for SmartCard-HSM 4K (V3.0)


  • Remove support for CAC1 cards
  • Ignore unknown tags in properties buffer
  • Use GET PROPERTIES to recognize buffer formats
  • Unbreak encoding last tag-len-value in the data objects
  • Support HID Alt tokens without CCC
    • They present certificates in OIDs of first AID and use other undocumented applets
    • Inspect the tokens through the ACA applet and GET ACR APDU


  • Unbreak Get Challenge functionality
  • Make uninitialized cards working as expected with ESC


  • add serial number to card name
  • include detailed version into card name
  • define & set LCS (lifecycle support) as extended capability
  • extend manufacturer list in pkcs15-openpgp.c
  • correctly parse hist_bytes
  • Make deciphering with AUT-key possible for OpenPGP Card >v3.2 (fixes #1352)
  • Add supported algorithms for OpenPGP Card (Fixes #1432)


  • added support for 2nd generation eGK (#1451)


  • create PIN in MF (pkcs15init)

German ID card

  • fixed identifying unknown card as German ID card (#1360)


  • Context Specific Login Using Pin Pad Reader Fix
  • Better Handling of Reset using Discovery Object