Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

opensc-0.22.0-150400.3.6.1 RPM for aarch64

From OpenSuSE Leap 15.6 for aarch64

Name: opensc Distribution: SUSE Linux Enterprise 15
Version: 0.22.0 Vendor: SUSE LLC <>
Release: 150400.3.6.1 Build date: Wed Oct 11 10:09:04 2023
Group: Productivity/Security Build host: h04-armsrv1
Size: 5304337 Source RPM: opensc-0.22.0-150400.3.6.1.src.rpm
Summary: Smart Card Utilities
OpenSC provides a set of utilities to access smart cards. It mainly
focuses on cards that support cryptographic operations. It facilitates
their use in security applications such as mail encryption,
authentication, and digital signature. OpenSC implements the PKCS#11
API. Applications supporting this API, such as Mozilla Firefox and
Thunderbird, can use it. OpenSC implements the PKCS#15 standard and aims
to be compatible with every software that does so, too.

Before purchasing any cards, please read carefully documentation on the
web pageonly some cards are supported. Not only card type matters, but
also card version, card OS version and preloaded applet. Only subset of
possible operations may be supported for your card. Card initialization
may require third party proprietary software.






* Fri Oct 06 2023
  - Security Fix: [CVE-2023-40661, bsc#1215761]
    * opensc: multiple memory issues with pkcs15-init (enrollment tool)
    * Add patches:
    - opensc-CVE-2023-40661-1of12.patch
    - opensc-CVE-2023-40661-2of12.patch
    - opensc-CVE-2023-40661-3of12.patch
    - opensc-CVE-2023-40661-4of12.patch
    - opensc-CVE-2023-40661-5of12.patch
    - opensc-CVE-2023-40661-6of12.patch
    - opensc-CVE-2023-40661-7of12.patch
    - opensc-CVE-2023-40661-8of12.patch
    - opensc-CVE-2023-40661-9of12.patch
    - opensc-CVE-2023-40661-10of12.patch
    - opensc-CVE-2023-40661-11of12.patch
    - opensc-CVE-2023-40661-12of12.patch
* Wed Oct 04 2023
  - Security Fix: [CVE-2023-40660, bsc#1215762]
    * opensc: PIN bypass when card tracks its own login state
    * Add patches:
    - patches/opensc-0_22_0-CVE-2023-40660-1of2.patch
    - patches/opensc-0_22_0-CVE-2023-40660-2of2.patch
* Thu Jun 01 2023
  - Security Fix: [CVE-2023-2977, bsc#1211894]
    * opensc: out of bounds read in pkcs15 cardos_have_verifyrc_package()
    * Add opensc-CVE-2023-2977.patch
* Mon Oct 04 2021
  - Update to OpenSC 0.22.0:
    * Removed changes in opensc-gcc11.patch already present in upstream.
    - See
    * Removed some false positives from the openrc-rpmlintrc file.
    * Use standard paths for file cache on Linux (#2148) and OSX (#2214)
    * Various issues of memory/buffer handling in legacy drivers mostly reported by oss-fuzz and coverity (tcos, oberthur, isoapplet, iasecc, westcos, gpk, flex, dnie, mcrd, authentic, belpic)
    * Add threading test to `pkcs11-tool` (#2067)
    * Add support to generate generic secret keys (#2140)
    * `opensc-explorer`: Print information about LCS (Life cycle status byte) (#2195)
    * Add support for Apple's arm64 (M1) binaries, removed TokenD. A seperate installer with TokenD (and without arm64 binaries) will be available (#2179).
    * Support for gcc11 and its new strict aliasing rules (#2241, #2260)
    * Initial support for building with OpenSSL 3.0 (#2343)
    * pkcs15-tool: Write data objects in binary mode (#2324)
    * Avoid limited size of log messages (#2352)
    * Support for ECDSA verification (#2211)
    * Support for ECDSA with different SHA hashes (#2190)
    * Prevent issues in p11-kit by not returning unexpected return codes (#2207)
    * Add support for PKCS#11 3.0: The new interfaces, profile objects and functions (#2096, #2293)
    * Standardize the version 2 on 2.20 in the code (#2096)
    * Copy arguments of C_Initialize (#2350)
    * Fix RSA-PSS signing (#2234)
    * Fix DO deletion (#2215)
    * Add support for (X)EdDSA keys (#1960)
    * Add support for applet version 3 and fix RSA-PSS mechanisms (#2205)
    * Add support for applet version 4 (#2332)
    * New configuration option for opensc.conf to disable pkcs1_padding (#2193)
    * Add support for ECDSA with different hashes (#2190)
    * Enable more mechanisms (#2178)
    * Fixed asking for a user pin when formatting a card (#1737)
    * Added support for French CPx Healthcare cards (#2217)
    * Added ATR for new CardOS 5.4 version (#2296)
    * Fixes security issues:
    * tcos: use after return (bsc#1192005, CVE-2021-42780)
    * oberthur: use after free (bsc#1191992, CVE-2021-42779)
    * oberthur: multiple heap buffer overflows (bsc#1192000,
    * multiple stack buffer overflow issues (bsc#1191957,
* Sun Jun 27 2021
  - Fix build on GCC11
    * Add opensc-gcc11.patch from Fedora
* Fri Mar 12 2021
  - move licenses to licensedir
* Fri Nov 27 2020
  - OpenSC 0.21.0:
    * CVE-2020-26571: stack-based buffer overflow in the gemsafe GPK
      smart card software driver (boo#1177380)
    * CVE-2020-26572: stack-based buffer overflow in the TCOS smart
      card software driver (boo#1177378)
    * CVE-2020-26570: heap-based buffer overflow in the Oberthur
      smart card software driver (boo#1177364)
    * CardOS 5.x support boo#1179291
    * Support for OAEP encryption, make SHA256 default
    * New separate debug level for PIN commands
    * Fix handling of card/reader insertion/removal events in pcscd
    * Fixes of removed readers handling
    * Fix Firefox crash because of invalid pcsc context
    * PKCS#11: Return CKR_TOKEN_NOT_RECOGNIZED for not recognized cards
    * Propagate ignore_user_content to PKCS#11 layer not to confuse applications
    * Minidriver: Fix check of ATR length (2-to 33 characters inclusive)
    * pkcs11-tool: allow using SW tokens
    * opensc-explorer asn1 accepts offsets and decode records
    * opensc-explorer cat accepts records
    * OpenPGP: Add new ec curves supported by GNUK
    * First steps supporting OpenPGP 3.4
    * OpenPGP: Add support for EC key import
    * Rutoken: Add ATR for Rutoken ECP SC NFC
    * Improve detection of various CardOS 5 configurations
    * DNIe: Add new DNIe CA structure for the secure channel
    * ePass2003: Improve ECC support
    * ePass2003: Fix erase sequence
    * IAS-ECC: Fix support for Idemia Cosmo cards
    * IAS-ECC: PIN padding settings are now used from PKCS#15 info when available
    * IAS-ECC: Added PIN-pad support for PIN unblock
    * New driver for Gemalto IDPrime (only some types)
    * eDo: New driver with initial support for Polish eID card (e-dowód, eDO)
    * MCRD: Remove unused and broken RSA EstEID support
    * TCOS: Add missing encryption certificates
    * PIV: Add ATR of DOD Yubikey
    * fixed PIV global pin bug
    * CAC1: Support changing PIN with CAC Alt tokens
  - includes changes from 0.20.0
    * CVE-2019-6502: memory leak in libopensc (boo#1122756)
    * CVE-2019-15946: out-of-bounds access of an ASN.1 Octet string (boo#1149747)
    * CVE-2019-15945: out-of-bounds access of an ASN.1 Bitstring (boo#1149746)
    * CVE-2019-19479: incorrect read operation during parsing of a SETCOS file attribute (boo#1158256)
    * CVE-2019-19480: improper free operation in sc_pkcs15_decode_prkdf_entry (boo#1158307)
    * CVE-2019-20792: double free in coolkey_free_private_dat (bsc#1170809)
    * Support RSA-PSS signature mechanisms using RSA-RAW
    * Added memory locking for secrets
    * added support for terminal colors
    * PC/SC driver: Fixed error handling in case of changing or removing the card reader
    * rename md_read_only to read_only and use it for PKCS#11 and Minidriver
    * allow global use of ignore_private_certificate
    * PKCS#11: Implement write protection (CKF_WRITE_PROTECTED) based on the card profile
    * PKCS#11: Add C_WrapKey and C_UnwrapKey implementations
    * PKCS#11: Handle CKA_ALWAYS_AUTHENTICATE when creating key objects
    * PKCS#11: Truncate long PKCS#11 labels with ...
    * PKCS#11: Fixed recognition of a token when being unplugged and reinserted
    * Minidriver: Register for CardOS5 cards
    * Minidriver: Add support for RSA-PSS
    * tools: Harmonize the use of option -r/--reader
    * goid-tool: GoID personalization with fingerprint
    * openpgp-tool: replace the options -L/--key-length with -t/--key-type
    * openpgp-tool: add options -C/--card-info and -K/--key-info
    * opensc-explorer: add command pin_info, extend random
    * pkcs11-register: Auto-configuration of applications for use of OpenSC PKCS#11
    * pkcd11-register: Autostart
    * opensc-tool: Show ATR also for cards not recognized by OpenSC
    * pkcs11-spy: parse CKM_AES_GCM, EC Derive parameters
    * pkcs11-spy: Add support for CKA_OTP_* and CKM_*_PSS values
    * pkcs11-tool: Support for signature verification via --verify
    * pkcs11-tool: Add object type secrkey for --type option
    * pkcs11-tool: Implement Secret Key write object
    * pkcs11-tool: Add GOSTR3410-2012 support
    * pkcs11-tool: Add support for testing CKM_RSA_PKCS_OAEP
    * pkcs11-tool: Add extractable option to key import
    * pkcs11-tool: list more key access flags when listing keys
    * pkcs11-tool: Add support for CKA_ALLOWED_MECHANISMS when creating new objects and listing keys
    * pkcs15-crypt: *Handle keys with user consent
    * New separate CAC1 driver using the old CAC specification (#1502)
    * CardOS: Add support for 4K RSA keys in CardOS 5
    * CardOS: Fixed decryption with CardOS 5
    * Enable CoolKey driver to handle 2048-bit keys
    * EstEID: add support for a minimalistic, small and fast card profile based on IAS-ECC issued since December 2018
    * GIDS Decipher fix (#1881)
    * GIDS: Allow RSA 4K support
    * MICARDO: Remove long expired EstEID 1.0/1.1 card support
    * MyEID: Add support for unwrapping a secret key with an RSA key or secret key
    * MyEID Add support for wrapping a secret key with a secret key
    * Support for MyEID 4K RSA
    * Support for OsEID
    * Gemalto GemSafe: add new PTeID ATRs, add support for 4K RSA keys
    * OpenPGP Card v3 ECC support
    * Add Rutoken ECP SC
    * Add Rutoken Lite
    * Add SmartCard-HSM 4K ATR
    * Add missing secp384r1 curve parameter
    * Stacros: Fix decipher with 2.3
    * Stacros: Add ATR for 2nd gen. eGK
    * Stacros: Add new ATR for 3.5
    * Stacros: Detect and allow Globalplatform PIN encoding
    * Fix TCOS IDKey support
    * TCOS: add encryption certificate for IDKey
    * Infocamere, Postecert, Cnipa: Remove profiles
    * Remove incomplete acos5 driver
  - drop patches now upstream:
    * opensc-0.19.0-piv_card_matching.patch
    * opensc-0.19.0-redundant_logging.patch
    * opensc-0.19.0-rsa-pss.patch
* Sun Aug 18 2019
  - added opensc-0.19.0-piv_card_matching.patch
    * Improve Card Matching for Dual CAC/PIV and PIVKEY cards.
    * sourced from
* Tue Jul 30 2019
  - added opensc-0.19.0-rsa-pss.patch
    * Fixes the pkcs11-tool example
    * Added missing CKM_SHA224_RSA_PKCS_PSS
    * Add support for PSS padding to RSA signatures
    * Support for signature verification in pkcs11-tool
    * Switch cleanup steps to avoid segfaults on errors and more sanity checking
  - added opensc-0.19.0-redundant_logging.patch
    * Remove redundant debug output
* Tue Jul 23 2019
  - add explicit BuildRequires: zlib-devel
* Thu Sep 13 2018
  - Update to version 0.19.0
    * Fixed multiple security problems (out of bound writes/reads):
    * bsc#1104812
    * CVE-2018-16391 (bsc#1106998)
    * CVE-2018-16392 (bsc#1106999)
    * CVE-2018-16393 (bsc#1108318)
    * CVE-2018-16418 (bsc#1107039)
    * CVE-2018-16419 (bsc#1107107)
    * CVE-2018-16420 (bsc#1107097)
    * CVE-2018-16421 (bsc#1107049)
    * CVE-2018-16422 (bsc#1107038)
    * CVE-2018-16423 (bsc#1107037)
    * CVE-2018-16424 (bsc#1107036)
    * CVE-2018-16425 (bsc#1107035)
    * CVE-2018-16426 (bsc#1107034)
    * CVE-2018-16427 (bsc#1107033)
    * Workaround cards returning short signatures without leading zeroes
    * Distribute minimal opensc.conf
    * `pkcs11_enable_InitToken made` global configuration option
    * Modify behavior of `OPENSC_DRIVER` environment variable to restrict driver
      list instead of forcing one driver and skipping vital parts of
    * Removed configuration options `zero_ckaid_for_ca_certs`,
      `force_card_driver`, `reopen_debug_file`, `paranoid-memory`
    * Generalized configuration option `ignored_readers`
    * If card initialization fails, continue card detection with other card
    * reader-pcsc: allow fixing the length of a PIN
    * fixed crash during `C_WaitForSlotEvent`
    * Allow cancelling the PIN pad prompt before starting the reader transaction.
      Whether to start the transaction immediately or not is user-configurable
      for each application
    * opensc-notify
    * add Exit button to tray icon
    * User better description (GenericName) and a generic application icon
    * Do not display in the application list
  - Removed patches included upstream now:
    * opensc-desktop.patch
    * opensc-desktop2.patch
    * opensc-bash-completions.patch
  - Applied spec-cleaner
* Tue Jul 10 2018
  - Update to version 0.18.0:
    * Further improvements of PIN support.
    * Large number of improvements and fixes
      (boo#1097951, boo#1100501).
    * See /usr/share/doc/packages/opensc/NEWS for complete list.
  - Add opensc-desktop.patch, opensc-desktop2.patch and
* Mon Jan 01 2018
  - update to version 0.17.0:
    * support for new cards
    * PIN support enhancemets
    * added .pc file
    * builds with OpenSSL 1.1.0 (1074799)
    * See /usr/share/doc/packages/opensc/NEWS for complete list.
* Tue Jul 18 2017
  - Switch to tarball fetching from github
  - Few small cleanups
* Tue Nov 22 2016
  - Add baselibs.conf to provide 32-bit PKCS11 plugins (bsc#996047).
  - Drop opensc-ADVISORIES. There is no new advisory since 2009.
* Tue Jul 05 2016
  - update to version 0.16.0
  - remove fix (issue 505)
  - clean up spec-file
* Thu Jul 30 2015
  - update to version 0.15.0
  - register with p11-kit
* Mon Feb 16 2015
  - update to version 0.14.0



Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Feb 13 23:53:43 2024