Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

opensc-0.23.0-3.1 RPM for s390x

From OpenSuSE Ports Tumbleweed for s390x

Name: opensc Distribution: openSUSE:Factory:zSystems
Version: 0.23.0 Vendor: openSUSE
Release: 3.1 Build date: Wed Oct 11 17:51:35 2023
Group: Productivity/Security Build host: s390zl28
Size: 4247318 Source RPM: opensc-0.23.0-3.1.src.rpm
Summary: Smart Card Utilities
OpenSC provides a set of utilities to access smart cards. It mainly
focuses on cards that support cryptographic operations. It facilitates
their use in security applications such as mail encryption,
authentication, and digital signature. OpenSC implements the PKCS#11
API. Applications supporting this API, such as Mozilla Firefox and
Thunderbird, can use it. OpenSC implements the PKCS#15 standard and aims
to be compatible with every software that does so, too.

Before purchasing any cards, please read carefully documentation on the
web pageonly some cards are supported. Not only card type matters, but
also card version, card OS version and preloaded applet. Only subset of
possible operations may be supported for your card. Card initialization
may require third party proprietary software.






* Fri Oct 06 2023 Otto Hollmann <>
  - Security Fix: [CVE-2023-40661, bsc#1215761]
    * opensc: multiple memory issues with pkcs15-init (enrollment tool)
    * Add patches:
    - opensc-CVE-2023-40661-1of12.patch
    - opensc-CVE-2023-40661-2of12.patch
    - opensc-CVE-2023-40661-3of12.patch
    - opensc-CVE-2023-40661-4of12.patch
    - opensc-CVE-2023-40661-5of12.patch
    - opensc-CVE-2023-40661-6of12.patch
    - opensc-CVE-2023-40661-7of12.patch
    - opensc-CVE-2023-40661-8of12.patch
    - opensc-CVE-2023-40661-9of12.patch
    - opensc-CVE-2023-40661-10of12.patch
    - opensc-CVE-2023-40661-11of12.patch
    - opensc-CVE-2023-40661-12of12.patch
* Thu Oct 05 2023 Otto Hollmann <>
  - Security Fix: [CVE-2023-4535, bsc#1215763]
    * Add patches:
    - opensc-CVE-2023-4535.patch
    - opensc-NULL_pointer_fix.patch
* Wed Oct 04 2023 Otto Hollmann <>
  - Security Fix: [CVE-2023-40660, bsc#1215762]
    * opensc: PIN bypass when card tracks its own login state
    * Add patches:
    - opensc-CVE-2023-40660-1of2.patch
    - opensc-CVE-2023-40660-2of2.patch
* Thu Jun 01 2023 Otto Hollmann <>
  - Security Fix: [CVE-2023-2977, bsc#1211894]
    * opensc: out of bounds read in pkcs15 cardos_have_verifyrc_package()
    * Add opensc-CVE-2023-2977.patch
* Tue Nov 29 2022 Michael Ströder <>
  - Update to OpenSC 0.23.0:
    * General improvements
    - Support signing of data with a length of more than 512 bytes (#2314)
    - By default, disable support for old card drivers (#2391) and remove
      support for old drivers MioCOS and JCOP (#2374)
    - Bump minimal required OpenSSL version to 1.1.1 and add support for OpenSSL 3.0 (#2438, #2506)
    - Compatibility with LibreSSL (#2495, #2595)
    - Remove support for DSA (#2503)
    - Extend p11test to support symmetric keys (#2430)
    - Notice detached reader on macOS (#2418)
    - Support for OAEP padding (#2475, #2484)
    - Fix for PSS salt length (#2478)
    - Improve fuzzing by adding new tests (#2417, #2500, #2520, #2550, #2637)
    - Fixed various issues reported by OSS-Fuzz and Coverity regarding
      card drivers, PKCS#11 and PKCS#15 init
    - Fix issues with OpenPACE (#2472)
    - Containers support for local testing
    - Add support for encryption and decryption using symmetric keys (#2473, #2607)
    - Stop building support for Gost algorithms with OpenSSL 3.0 as they
      require deprecated API (#2586)
    - Fix detection of disconnected readers in PCSC (#2600)
    - Add configuration option for on-disk caching of private data (#2588)
    - Skip building empty binaries when dependencies are missing and
      remove needless linking (#2617)
    - Define arm64 as a supported architecture in the Installer package (#2610)
    * PKCS#11
    - Implement C_CreateObject for EC keys and fix signature verification
      for CKM_ECDSA_SHAx cards (#2420)
    * pkcs11-tool
    - Add more elliptic curves (#2301)
    - Add support for symmetric encrypt and decrypt, wrap and unwrap operations,
      and initialization vector (#2268)
    - Fix consistent handling of secret key attributes (#2497)
    - Add support for signing and verifying with HMAC (#2385)
    - Add support for SHA3 (#2467)
    - Make object selectable via label (#2570)
    - Do not require an R/W session for some operations and
      add --session-rw option (#2579)
    - Print more information: CKA_UNIQUE_ID attribute, SHA3 HMACs and
      serial number for certificates (#2644, #2643, #2641)
    - Add new option --undestroyable to create keys with CKA_DESTROYABLE=FALSE (#2645)
    * sc-hsm-tool
    - Add options for public key authentication (#2301)
    * Minidriver
    - Fix reinit of the card (#2525)
    - Add an entry for Italian CNS (e) (#2548)
    - Fix detection of ECC mechanisms (#2523)
    - Fix ATRs before adding them to the windows registry (#2628)
    * NQ-Applet
    - Add support for the JCOP4 Cards with NQ-Applet (#2425)
    * ItaCNS
    - Add support for ItaCMS v1.1 (key length 2048) (#2371)
    * Belpic
    - Add support for applet v1.8 (#2455)
    * Starcos
    - Add ATR for V3.4 (#2464)
    - Add PKCS#15 emulator for 3.x cards with eSign app (#2544)
    * ePass2003
    - Fix PKCS#15 initialization (#2403)
    - Add support for FIPS (#2543)
    - Fix matching with newer versions and tokens initialized with OpenSC (#2575)
    * MyEID
    - Support logout operation (#2557)
    - Support for symmetric encryption and decryption (#2473, #2607)
    * GIDS
    - Fix decipher for TPM (#1881)
    * OpenPGP
    - Get the list of supported algorithms from algorithm information
      on the card (#2287)
    - Support for 3 certificates with OpenPGP 3+ (#2103)
    * nPA
    - Fix card detection (#2463)
    * Rutoken
    - Fix formatting rtecp cards (#2599)
    * PIV
    - Add new PIVKey ATRs for current cards (#2602)
* Mon Oct 04 2021 Daniel Donisa <>
  - Update to OpenSC 0.22.0:
    * Removed changes in opensc-gcc11.patch already present in upstream.
    - See
    * Removed some false positives from the openrc-rpmlintrc file.
    * Use standard paths for file cache on Linux (#2148) and OSX (#2214)
    * Various issues of memory/buffer handling in legacy drivers mostly reported by oss-fuzz and coverity (tcos, oberthur, isoapplet, iasecc, westcos, gpk, flex, dnie, mcrd, authentic, belpic)
    * Add threading test to `pkcs11-tool` (#2067)
    * Add support to generate generic secret keys (#2140)
    * `opensc-explorer`: Print information about LCS (Life cycle status byte) (#2195)
    * Add support for Apple's arm64 (M1) binaries, removed TokenD. A seperate installer with TokenD (and without arm64 binaries) will be available (#2179).
    * Support for gcc11 and its new strict aliasing rules (#2241, #2260)
    * Initial support for building with OpenSSL 3.0 (#2343)
    * pkcs15-tool: Write data objects in binary mode (#2324)
    * Avoid limited size of log messages (#2352)
    * Support for ECDSA verification (#2211)
    * Support for ECDSA with different SHA hashes (#2190)
    * Prevent issues in p11-kit by not returning unexpected return codes (#2207)
    * Add support for PKCS#11 3.0: The new interfaces, profile objects and functions (#2096, #2293)
    * Standardize the version 2 on 2.20 in the code (#2096)
    * Copy arguments of C_Initialize (#2350)
    * Fix RSA-PSS signing (#2234)
    * Fix DO deletion (#2215)
    * Add support for (X)EdDSA keys (#1960)
    * Add support for applet version 3 and fix RSA-PSS mechanisms (#2205)
    * Add support for applet version 4 (#2332)
    * New configuration option for opensc.conf to disable pkcs1_padding (#2193)
    * Add support for ECDSA with different hashes (#2190)
    * Enable more mechanisms (#2178)
    * Fixed asking for a user pin when formatting a card (#1737)
    * Added support for French CPx Healthcare cards (#2217)
    * Added ATR for new CardOS 5.4 version (#2296)
    * Fixes security issues:
    * tcos: use after return (bsc#1192005, CVE-2021-42780)
    * oberthur: use after free (bsc#1191992, CVE-2021-42779)
    * oberthur: multiple heap buffer overflows (bsc#1192000,
    * multiple stack buffer overflow issues (bsc#1191957,
* Sun Jun 27 2021 Predrag Ivanović <>
  - Fix build on GCC11
    * Add opensc-gcc11.patch from Fedora
* Fri Mar 12 2021 Dirk Müller <>
  - move licenses to licensedir
* Fri Nov 27 2020 Andreas Stieger <>
  - OpenSC 0.21.0:
    * CVE-2020-26571: stack-based buffer overflow in the gemsafe GPK
      smart card software driver (boo#1177380)
    * CVE-2020-26572: stack-based buffer overflow in the TCOS smart
      card software driver (boo#1177378)
    * CVE-2020-26570: heap-based buffer overflow in the Oberthur
      smart card software driver (boo#1177364)
    * CardOS 5.x support boo#1179291
    * Support for OAEP encryption, make SHA256 default
    * New separate debug level for PIN commands
    * Fix handling of card/reader insertion/removal events in pcscd
    * Fixes of removed readers handling
    * Fix Firefox crash because of invalid pcsc context
    * PKCS#11: Return CKR_TOKEN_NOT_RECOGNIZED for not recognized cards
    * Propagate ignore_user_content to PKCS#11 layer not to confuse applications
    * Minidriver: Fix check of ATR length (2-to 33 characters inclusive)
    * pkcs11-tool: allow using SW tokens
    * opensc-explorer asn1 accepts offsets and decode records
    * opensc-explorer cat accepts records
    * OpenPGP: Add new ec curves supported by GNUK
    * First steps supporting OpenPGP 3.4
    * OpenPGP: Add support for EC key import
    * Rutoken: Add ATR for Rutoken ECP SC NFC
    * Improve detection of various CardOS 5 configurations
    * DNIe: Add new DNIe CA structure for the secure channel
    * ePass2003: Improve ECC support
    * ePass2003: Fix erase sequence
    * IAS-ECC: Fix support for Idemia Cosmo cards
    * IAS-ECC: PIN padding settings are now used from PKCS#15 info when available
    * IAS-ECC: Added PIN-pad support for PIN unblock
    * New driver for Gemalto IDPrime (only some types)
    * eDo: New driver with initial support for Polish eID card (e-dowód, eDO)
    * MCRD: Remove unused and broken RSA EstEID support
    * TCOS: Add missing encryption certificates
    * PIV: Add ATR of DOD Yubikey
    * fixed PIV global pin bug
    * CAC1: Support changing PIN with CAC Alt tokens
  - includes changes from 0.20.0
    * CVE-2019-6502: memory leak in libopensc (boo#1122756)
    * CVE-2019-15946: out-of-bounds access of an ASN.1 Octet string (boo#1149747)
    * CVE-2019-15945: out-of-bounds access of an ASN.1 Bitstring (boo#1149746)
    * CVE-2019-19479: incorrect read operation during parsing of a SETCOS file attribute (boo#1158256)
    * CVE-2019-19480: improper free operation in sc_pkcs15_decode_prkdf_entry (boo#1158307)
    * CVE-2019-20792: double free in coolkey_free_private_dat (bsc#1170809)
    * Support RSA-PSS signature mechanisms using RSA-RAW
    * Added memory locking for secrets
    * added support for terminal colors
    * PC/SC driver: Fixed error handling in case of changing or removing the card reader
    * rename md_read_only to read_only and use it for PKCS#11 and Minidriver
    * allow global use of ignore_private_certificate
    * PKCS#11: Implement write protection (CKF_WRITE_PROTECTED) based on the card profile
    * PKCS#11: Add C_WrapKey and C_UnwrapKey implementations
    * PKCS#11: Handle CKA_ALWAYS_AUTHENTICATE when creating key objects
    * PKCS#11: Truncate long PKCS#11 labels with ...
    * PKCS#11: Fixed recognition of a token when being unplugged and reinserted
    * Minidriver: Register for CardOS5 cards
    * Minidriver: Add support for RSA-PSS
    * tools: Harmonize the use of option -r/--reader
    * goid-tool: GoID personalization with fingerprint
    * openpgp-tool: replace the options -L/--key-length with -t/--key-type
    * openpgp-tool: add options -C/--card-info and -K/--key-info
    * opensc-explorer: add command pin_info, extend random
    * pkcs11-register: Auto-configuration of applications for use of OpenSC PKCS#11
    * pkcd11-register: Autostart
    * opensc-tool: Show ATR also for cards not recognized by OpenSC
    * pkcs11-spy: parse CKM_AES_GCM, EC Derive parameters
    * pkcs11-spy: Add support for CKA_OTP_* and CKM_*_PSS values
    * pkcs11-tool: Support for signature verification via --verify
    * pkcs11-tool: Add object type secrkey for --type option
    * pkcs11-tool: Implement Secret Key write object
    * pkcs11-tool: Add GOSTR3410-2012 support
    * pkcs11-tool: Add support for testing CKM_RSA_PKCS_OAEP
    * pkcs11-tool: Add extractable option to key import
    * pkcs11-tool: list more key access flags when listing keys
    * pkcs11-tool: Add support for CKA_ALLOWED_MECHANISMS when creating new objects and listing keys
    * pkcs15-crypt: *Handle keys with user consent
    * New separate CAC1 driver using the old CAC specification (#1502)
    * CardOS: Add support for 4K RSA keys in CardOS 5
    * CardOS: Fixed decryption with CardOS 5
    * Enable CoolKey driver to handle 2048-bit keys
    * EstEID: add support for a minimalistic, small and fast card profile based on IAS-ECC issued since December 2018
    * GIDS Decipher fix (#1881)
    * GIDS: Allow RSA 4K support
    * MICARDO: Remove long expired EstEID 1.0/1.1 card support
    * MyEID: Add support for unwrapping a secret key with an RSA key or secret key
    * MyEID Add support for wrapping a secret key with a secret key
    * Support for MyEID 4K RSA
    * Support for OsEID
    * Gemalto GemSafe: add new PTeID ATRs, add support for 4K RSA keys
    * OpenPGP Card v3 ECC support
    * Add Rutoken ECP SC
    * Add Rutoken Lite
    * Add SmartCard-HSM 4K ATR
    * Add missing secp384r1 curve parameter
    * Stacros: Fix decipher with 2.3
    * Stacros: Add ATR for 2nd gen. eGK
    * Stacros: Add new ATR for 3.5
    * Stacros: Detect and allow Globalplatform PIN encoding
    * Fix TCOS IDKey support
    * TCOS: add encryption certificate for IDKey
    * Infocamere, Postecert, Cnipa: Remove profiles
    * Remove incomplete acos5 driver
  - drop patches now upstream:
    * opensc-0.19.0-piv_card_matching.patch
    * opensc-0.19.0-redundant_logging.patch
    * opensc-0.19.0-rsa-pss.patch
* Sun Aug 18 2019 Jason Sikes <>
  - added opensc-0.19.0-piv_card_matching.patch
    * Improve Card Matching for Dual CAC/PIV and PIVKEY cards.
    * sourced from



Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Jan 9 12:49:40 2024