From: Thomas Perale via buildroot <buildroot@buildroot.org>
To: Bernd Kuhls <bernd@kuhls.net>
Cc: Thomas Perale <thomas.perale@mind.be>, buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH 1/2] package/opensc: security bump version to 0.27.1
Date: Fri, 15 May 2026 15:34:01 +0200 [thread overview]
Message-ID: <20260515133401.316013-1-thomas.perale@mind.be> (raw)
In-Reply-To: <20260421184831.2576691-1-bernd@kuhls.net>
In reply of:
> https://github.com/OpenSC/OpenSC/blob/0.27.1/NEWS
>
> Switched to sha256 tarball hash provided by upstream.
>
> Removed patch which is included in this release.
>
> Fixes the following CVEs:
> * CVE-2025-13763: Several uses of potentially uninitialized memory
> detected by fuzzers
> * CVE-2025-49010: Possible write beyond buffer bounds during processing
> of GET RESPONSE APDU
> * CVE-2025-66215: Possible write beyond buffer bounds in oberthur driver
> * CVE-2025-66038: Possible read beyond buffer bounds when parsing
> historical bytes in PIV driver
> * CVE-2025-66037: Possible buffer overrun while parsing SPKI
>
> Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Applied to 2025.02.x & 2026.02.x. Thanks
> ---
> ...ble-wrap-unwrap-test-until-OpenSC-17.patch | 41 -------------------
> package/opensc/opensc.hash | 4 +-
> package/opensc/opensc.mk | 2 +-
> 3 files changed, 3 insertions(+), 44 deletions(-)
> delete mode 100644 package/opensc/0001-pkcs11-tool-disable-wrap-unwrap-test-until-OpenSC-17.patch
>
> diff --git a/package/opensc/0001-pkcs11-tool-disable-wrap-unwrap-test-until-OpenSC-17.patch b/package/opensc/0001-pkcs11-tool-disable-wrap-unwrap-test-until-OpenSC-17.patch
> deleted file mode 100644
> index 9bf601370a..0000000000
> --- a/package/opensc/0001-pkcs11-tool-disable-wrap-unwrap-test-until-OpenSC-17.patch
> +++ /dev/null
> @@ -1,41 +0,0 @@
> -From 768c9bfcd91206f0d85cd4757fde48e00850a014 Mon Sep 17 00:00:00 2001
> -From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
> -Date: Mon, 6 Jan 2025 22:36:10 +0100
> -Subject: [PATCH] pkcs11-tool: disable wrap/unwrap test until OpenSC#1796 is
> - resolved
> -
> -Similar to ab74fae4d71d1705b77b9459141987a95dcfc91e ("pkcs11-tool:
> -disable wrap/unwrap test until OpenSC#1796 is resolved"), but for
> -0.26, since OpenSC#1796 is still open.
> -
> -Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
> -Upstream: https://github.com/OpenSC/OpenSC/pull/3303
> ----
> - src/tools/pkcs11-tool.c | 4 ++--
> - 1 file changed, 2 insertions(+), 2 deletions(-)
> -
> -diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
> -index d701d76d6..871a39977 100644
> ---- a/src/tools/pkcs11-tool.c
> -+++ b/src/tools/pkcs11-tool.c
> -@@ -7681,7 +7681,7 @@ static int test_verify(CK_SESSION_HANDLE sess)
> - return errors;
> - }
> -
> --#if OPENSC_VERSION_MAJOR == 0 && OPENSC_VERSION_MINOR <= 25
> -+#if OPENSC_VERSION_MAJOR == 0 && OPENSC_VERSION_MINOR <= 26
> - #else
> - #ifdef ENABLE_OPENSSL
> - static int wrap_unwrap(CK_SESSION_HANDLE session,
> -@@ -7805,7 +7805,7 @@ static int wrap_unwrap(CK_SESSION_HANDLE session,
> - */
> - static int test_unwrap(CK_SESSION_HANDLE sess)
> - {
> --#if OPENSC_VERSION_MAJOR == 0 && OPENSC_VERSION_MINOR <= 25
> -+#if OPENSC_VERSION_MAJOR == 0 && OPENSC_VERSION_MINOR <= 26
> - /* temporarily disable test, see https://github.com/OpenSC/OpenSC/issues/1796 */
> - return 0;
> - #else
> ---
> -2.47.1
> -
> diff --git a/package/opensc/opensc.hash b/package/opensc/opensc.hash
> index e12d2d4bfa..b24a6bca98 100644
> --- a/package/opensc/opensc.hash
> +++ b/package/opensc/opensc.hash
> @@ -1,5 +1,5 @@
> -# Computed locally from https://https://github.com/OpenSC/OpenSC/releases/
> -sha256 837baead45e1505260d868871056150ede6e73d35460a470f2595a9e5e75f82b opensc-0.26.0.tar.gz
> +# From https://github.com/OpenSC/OpenSC/releases/tag/0.27.1
> +sha256 976f4a23eaf3397a1a2c3a7aac80bf971a8c3d829c9a79f06145bfaeeae5eca7 opensc-0.27.1.tar.gz
>
> # Computed locally
> sha256 376b54d4c5f4aa99421823fa4da93e3ab73096fce2400e89858632aa7da24a14 COPYING
> diff --git a/package/opensc/opensc.mk b/package/opensc/opensc.mk
> index 11d1507d45..dbc83c2b0e 100644
> --- a/package/opensc/opensc.mk
> +++ b/package/opensc/opensc.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -OPENSC_VERSION = 0.26.0
> +OPENSC_VERSION = 0.27.1
> OPENSC_SITE = https://github.com/OpenSC/OpenSC/releases/download/$(OPENSC_VERSION)
> OPENSC_LICENSE = LGPL-2.1+
> OPENSC_LICENSE_FILES = COPYING
> --
> 2.47.3
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
prev parent reply other threads:[~2026-05-15 13:34 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-21 18:48 [Buildroot] [PATCH 1/2] package/opensc: security bump version to 0.27.1 Bernd Kuhls
2026-04-21 18:48 ` [Buildroot] [PATCH 2/2] package/openscap: bump version to 1.4.4 Bernd Kuhls
2026-04-22 7:32 ` Alexis Lothoré via buildroot
2026-05-05 19:19 ` Marcus Hoffmann via buildroot
2026-04-22 7:00 ` [Buildroot] [PATCH 1/2] package/opensc: security bump version to 0.27.1 Alexis Lothoré via buildroot
2026-04-22 7:02 ` Alexis Lothoré via buildroot
2026-04-29 8:46 ` Marcus Hoffmann via buildroot
2026-05-15 13:34 ` Thomas Perale via buildroot [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260515133401.316013-1-thomas.perale@mind.be \
--to=buildroot@buildroot.org \
--cc=bernd@kuhls.net \
--cc=thomas.perale@mind.be \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox