src/libopensc/card-dnie.c | 42 31 + 11 - 0 !
1 file changed, 31 insertions(+), 11 deletions(-)

 fix interaction with dnie ui

The interaction with the DNIe UI does not work on Firefox because an alarm
interrupts the read operations, aborting the confirmation. This is fixed by
using nointr_fgets(). There are side issues:
* Forked process should abort on failure instead of continuing with OpenSC.
* Useless initializations with memset().
* Size adjustments in read and write operations.

src/libopensc/card-iasecc.c | 10 5 + 5 - 0 !
1 file changed, 5 insertions(+), 5 deletions(-)

 iasecc: fixed unbound recursion

src/libopensc/asn1.c | 1 1 + 0 - 0 !
src/libopensc/card-asepcos.c | 2 1 + 1 - 0 !
src/libopensc/card-authentic.c | 5 4 + 1 - 0 !
src/libopensc/card-entersafe.c | 8 5 + 3 - 0 !
src/libopensc/card-epass2003.c | 35 19 + 16 - 0 !
src/libopensc/card-gpk.c | 3 3 + 0 - 0 !
src/libopensc/card-iasecc.c | 2 1 + 1 - 0 !
src/libopensc/card-oberthur.c | 7 7 + 0 - 0 !
src/libopensc/card-openpgp.c | 6 6 + 0 - 0 !
src/libopensc/card-piv.c | 4 2 + 2 - 0 !
src/libopensc/card-rtecp.c | 2 1 + 1 - 0 !
src/libopensc/card-setcos.c | 18 16 + 2 - 0 !
src/libopensc/pkcs15-itacns.c | 1 1 + 0 - 0 !
src/libopensc/pkcs15-tcos.c | 8 5 + 3 - 0 !
src/tools/opensc-tool.c | 21 11 + 10 - 0 !
15 files changed, 83 insertions(+), 40 deletions(-)

 fixed out of bounds reads

Thanks to Eric Sesterhenn from X41 D-SEC GmbH
for reporting and suggesting security fixes.

src/libopensc/card-epass2003.c | 3 2 + 1 - 0 !
src/libopensc/card-muscle.c | 7 5 + 2 - 0 !
src/libopensc/card-tcos.c | 6 3 + 3 - 0 !
src/libopensc/pkcs15-esteid.c | 2 1 + 1 - 0 !
src/libopensc/pkcs15-gemsafeV1.c | 2 1 + 1 - 0 !
src/libopensc/sc.c | 2 1 + 1 - 0 !
src/tools/cryptoflex-tool.c | 5 3 + 2 - 0 !
src/tools/util.c | 5 3 + 2 - 0 !
8 files changed, 19 insertions(+), 13 deletions(-)

 fixed out of bounds writes

Thanks to Eric Sesterhenn from X41 D-SEC GmbH
for reporting the problems.