{"id":2225891,"url":"http://patchwork.ozlabs.org/api/1.2/patches/2225891/?format=json","web_url":"http://patchwork.ozlabs.org/project/buildroot/patch/20260421184831.2576691-1-bernd@kuhls.net/","project":{"id":27,"url":"http://patchwork.ozlabs.org/api/1.2/projects/27/?format=json","name":"Buildroot development","link_name":"buildroot","list_id":"buildroot.buildroot.org","list_email":"buildroot@buildroot.org","web_url":"","scm_url":"","webscm_url":"","list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20260421184831.2576691-1-bernd@kuhls.net>","list_archive_url":null,"date":"2026-04-21T18:48:29","name":"[1/2] package/opensc: security bump version to 0.27.1","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"6cd3e4df5dbef1a2bdeccb218a5425805f2426a4","submitter":{"id":86624,"url":"http://patchwork.ozlabs.org/api/1.2/people/86624/?format=json","name":"Bernd Kuhls","email":"bernd@kuhls.net"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/buildroot/patch/20260421184831.2576691-1-bernd@kuhls.net/mbox/","series":[{"id":500870,"url":"http://patchwork.ozlabs.org/api/1.2/series/500870/?format=json","web_url":"http://patchwork.ozlabs.org/project/buildroot/list/?series=500870","date":"2026-04-21T18:48:29","name":"[1/2] package/opensc: security bump version to 0.27.1","version":1,"mbox":"http://patchwork.ozlabs.org/series/500870/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2225891/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2225891/checks/","tags":{},"related":[],"headers":{"Return-Path":"<buildroot-bounces@buildroot.org>","X-Original-To":["incoming-buildroot@patchwork.ozlabs.org","buildroot@buildroot.org"],"Delivered-To":["patchwork-incoming-buildroot@legolas.ozlabs.org","buildroot@buildroot.org"],"Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=buildroot.org header.i=@buildroot.org\n header.a=rsa-sha256 header.s=default header.b=HdQB/bhS;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=buildroot.org\n (client-ip=2605:bc80:3010::137; helo=smtp4.osuosl.org;\n envelope-from=buildroot-bounces@buildroot.org; receiver=patchwork.ozlabs.org)"],"Received":["from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g0WbC4zlkz1yGt\n\tfor <incoming-buildroot@patchwork.ozlabs.org>;\n Wed, 22 Apr 2026 04:48:39 +1000 (AEST)","from localhost (localhost [127.0.0.1])\n\tby smtp4.osuosl.org (Postfix) with ESMTP id B8C2941410;\n\tTue, 21 Apr 2026 18:48:37 +0000 (UTC)","from smtp4.osuosl.org ([127.0.0.1])\n by localhost (smtp4.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id ebvBE0NKgPqF; Tue, 21 Apr 2026 18:48:37 +0000 (UTC)","from lists1.osuosl.org (lists1.osuosl.org [140.211.166.142])\n\tby smtp4.osuosl.org (Postfix) with ESMTP id E0B0041418;\n\tTue, 21 Apr 2026 18:48:36 +0000 (UTC)","from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137])\n by lists1.osuosl.org (Postfix) with ESMTP id C72EB183\n for <buildroot@buildroot.org>; Tue, 21 Apr 2026 18:48:34 +0000 (UTC)","from localhost (localhost [127.0.0.1])\n by smtp4.osuosl.org (Postfix) with ESMTP id B929041418\n for <buildroot@buildroot.org>; Tue, 21 Apr 2026 18:48:34 +0000 (UTC)","from smtp4.osuosl.org ([127.0.0.1])\n by localhost (smtp4.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id RWpPD5xG6wRk for <buildroot@buildroot.org>;\n Tue, 21 Apr 2026 18:48:34 +0000 (UTC)","from dd20012.kasserver.com (dd20012.kasserver.com [85.13.140.57])\n by smtp4.osuosl.org (Postfix) with ESMTPS id B5CC441410\n for <buildroot@buildroot.org>; Tue, 21 Apr 2026 18:48:33 +0000 (UTC)","from fli4l.lan.fli4l (p5b3a0177.dip0.t-ipconnect.de [91.58.1.119])\n by dd20012.kasserver.com (Postfix) with ESMTPSA id 81D5EA4C0602;\n Tue, 21 Apr 2026 20:48:31 +0200 (CEST)","from bruckner.lan.fli4l ([192.168.1.1]:46052)\n by fli4l.lan.fli4l with esmtp (Exim 4.99.1)\n (envelope-from <bernd@kuhls.net>) id 1wFG99-000000001Di-0WUc;\n Tue, 21 Apr 2026 18:48:31 +0000"],"X-Virus-Scanned":["amavis at osuosl.org","amavis at osuosl.org"],"X-Comment":"SPF check N/A for local connections - client-ip=140.211.166.142;\n helo=lists1.osuosl.org; envelope-from=buildroot-bounces@buildroot.org;\n receiver=<UNKNOWN> ","DKIM-Filter":["OpenDKIM Filter v2.11.0 smtp4.osuosl.org E0B0041418","OpenDKIM Filter v2.11.0 smtp4.osuosl.org B5CC441410"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=buildroot.org;\n\ts=default; t=1776797317;\n\tbh=5DI7ckQnQX4oFe95NL9caTK9/vk7BUPb9YCHCPT/m1g=;\n\th=From:To:Cc:Date:Subject:List-Id:List-Unsubscribe:List-Archive:\n\t List-Post:List-Help:List-Subscribe:From;\n\tb=HdQB/bhSs+MslJ21WNptyKRGcuM87i6C2sXjOZd/WFTsRwhNZ/VPqdelvx5xsVW9S\n\t ENYTlqSOYSWQz3eCtF5yrCGC8pFTUGMV1LbBKsUK554vM4PDTynuOucG366wzcGPsB\n\t 3xCcO4iJ9KZlPNz+Q8YovL+4pzBw06NiP9MqmEYCM4XSOkxUsYkRmGU9Sm/P4pOD2U\n\t 2Yc0e400Wxj7ySbWUCQmFUHZ8bxdxDAN9tojYcsi7h3Cf+e4KaDFeRMNtqMbywWEW7\n\t RYLZwea8GoNopppdj4IhkMyJ6SnyYboUtWT3sJhh7MUc1kD6oI8IMheFAExKcHoYGp\n\t 30m0dIAfVAZWg==","Received-SPF":"Pass (mailfrom) identity=mailfrom; client-ip=85.13.140.57;\n helo=dd20012.kasserver.com; envelope-from=bernd@kuhls.net;\n receiver=<UNKNOWN>","DMARC-Filter":"OpenDMARC Filter v1.4.2 smtp4.osuosl.org B5CC441410","From":"Bernd Kuhls <bernd@kuhls.net>","To":"buildroot@buildroot.org","Cc":"=?utf-8?q?Alexis_Lothor=C3=A9?= <alexis.lothore@bootlin.com>","Date":"Tue, 21 Apr 2026 20:48:29 +0200","Message-ID":"<20260421184831.2576691-1-bernd@kuhls.net>","X-Mailer":"git-send-email 2.47.3","MIME-Version":"1.0","X-Spamd-Bar":"-","X-Mailman-Original-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=kuhls.net;\n s=kas202511301023; t=1776797311;\n bh=6dHn5i2QwCv6EgxvVYj5+2pPrVF6qYFF5dALrpDz42M=;\n h=From:To:Cc:Subject:Date:From;\n b=QUydXSHcMhyZrqM1jv8OnguQKqvQ1fVfCBh9RtUXmYLeXiCx7ld+M9Hr9JFVuSF6F\n oIr6MHUbQcVZ/T4hJ/2e+fDF0GUUDfuCKtlh9VKkeDLfF/tfdpWB0HdNm9wnfZkw66\n YPkmLjDEuRzuTj7wdfChpdCVZn4kY/oAEvk8STOSWogp/Zl+nJjkkO2Kttx8XIB3HM\n ag5ifVABIy3E3efxUlagAE+HazW56V/BmrxEfIaWnk6XcwttH3reM4tNRpLcnnaC2B\n mz9Mx8KLh811lmYKFnN4NOzd0xTzgVcH6n62xnIiWaT6y9E4CsEyqkjjtc1ntjkOds\n 4VX9O2xBT/DNA==","X-Mailman-Original-Authentication-Results":["smtp4.osuosl.org;\n dmarc=pass (p=none dis=none)\n header.from=kuhls.net","smtp4.osuosl.org;\n dkim=pass (2048-bit key,\n unprotected) header.d=kuhls.net header.i=@kuhls.net header.a=rsa-sha256\n header.s=kas202511301023 header.b=QUydXSHc"],"Subject":"[Buildroot] [PATCH 1/2] package/opensc: security bump version to\n 0.27.1","X-BeenThere":"buildroot@buildroot.org","X-Mailman-Version":"2.1.30","Precedence":"list","List-Id":"Discussion and development of buildroot <buildroot.buildroot.org>","List-Unsubscribe":"<https://lists.buildroot.org/mailman/options/buildroot>,\n <mailto:buildroot-request@buildroot.org?subject=unsubscribe>","List-Archive":"<http://lists.buildroot.org/pipermail/buildroot/>","List-Post":"<mailto:buildroot@buildroot.org>","List-Help":"<mailto:buildroot-request@buildroot.org?subject=help>","List-Subscribe":"<https://lists.buildroot.org/mailman/listinfo/buildroot>,\n <mailto:buildroot-request@buildroot.org?subject=subscribe>","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Errors-To":"buildroot-bounces@buildroot.org","Sender":"\"buildroot\" <buildroot-bounces@buildroot.org>"},"content":"https://github.com/OpenSC/OpenSC/blob/0.27.1/NEWS\n\nSwitched to sha256 tarball hash provided by upstream.\n\nRemoved patch which is included in this release.\n\nFixes the following CVEs:\n* CVE-2025-13763: Several uses of potentially uninitialized memory\n                  detected by fuzzers\n* CVE-2025-49010: Possible write beyond buffer bounds during processing\n                  of GET RESPONSE APDU\n* CVE-2025-66215: Possible write beyond buffer bounds in oberthur driver\n* CVE-2025-66038: Possible read beyond buffer bounds when parsing\n                  historical bytes in PIV driver\n* CVE-2025-66037: Possible buffer overrun while parsing SPKI\n\nSigned-off-by: Bernd Kuhls <bernd@kuhls.net>\n---\n ...ble-wrap-unwrap-test-until-OpenSC-17.patch | 41 -------------------\n package/opensc/opensc.hash                    |  4 +-\n package/opensc/opensc.mk                      |  2 +-\n 3 files changed, 3 insertions(+), 44 deletions(-)\n delete mode 100644 package/opensc/0001-pkcs11-tool-disable-wrap-unwrap-test-until-OpenSC-17.patch","diff":"diff --git a/package/opensc/0001-pkcs11-tool-disable-wrap-unwrap-test-until-OpenSC-17.patch b/package/opensc/0001-pkcs11-tool-disable-wrap-unwrap-test-until-OpenSC-17.patch\ndeleted file mode 100644\nindex 9bf601370a..0000000000\n--- a/package/opensc/0001-pkcs11-tool-disable-wrap-unwrap-test-until-OpenSC-17.patch\n+++ /dev/null\n@@ -1,41 +0,0 @@\n-From 768c9bfcd91206f0d85cd4757fde48e00850a014 Mon Sep 17 00:00:00 2001\n-From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>\n-Date: Mon, 6 Jan 2025 22:36:10 +0100\n-Subject: [PATCH] pkcs11-tool: disable wrap/unwrap test until OpenSC#1796 is\n- resolved\n-\n-Similar to ab74fae4d71d1705b77b9459141987a95dcfc91e (\"pkcs11-tool:\n-disable wrap/unwrap test until OpenSC#1796 is resolved\"), but for\n-0.26, since OpenSC#1796 is still open.\n-\n-Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>\n-Upstream: https://github.com/OpenSC/OpenSC/pull/3303\n----\n- src/tools/pkcs11-tool.c | 4 ++--\n- 1 file changed, 2 insertions(+), 2 deletions(-)\n-\n-diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c\n-index d701d76d6..871a39977 100644\n---- a/src/tools/pkcs11-tool.c\n-+++ b/src/tools/pkcs11-tool.c\n-@@ -7681,7 +7681,7 @@ static int test_verify(CK_SESSION_HANDLE sess)\n- \treturn errors;\n- }\n- \n--#if OPENSC_VERSION_MAJOR == 0 && OPENSC_VERSION_MINOR <= 25\n-+#if OPENSC_VERSION_MAJOR == 0 && OPENSC_VERSION_MINOR <= 26\n- #else\n- #ifdef ENABLE_OPENSSL\n- static int wrap_unwrap(CK_SESSION_HANDLE session,\n-@@ -7805,7 +7805,7 @@ static int wrap_unwrap(CK_SESSION_HANDLE session,\n-  */\n- static int test_unwrap(CK_SESSION_HANDLE sess)\n- {\n--#if OPENSC_VERSION_MAJOR == 0 && OPENSC_VERSION_MINOR <= 25\n-+#if OPENSC_VERSION_MAJOR == 0 && OPENSC_VERSION_MINOR <= 26\n- \t/* temporarily disable test, see https://github.com/OpenSC/OpenSC/issues/1796 */\n- \treturn 0;\n- #else\n--- \n-2.47.1\n-\ndiff --git a/package/opensc/opensc.hash b/package/opensc/opensc.hash\nindex e12d2d4bfa..b24a6bca98 100644\n--- a/package/opensc/opensc.hash\n+++ b/package/opensc/opensc.hash\n@@ -1,5 +1,5 @@\n-# Computed locally from https://https://github.com/OpenSC/OpenSC/releases/\n-sha256  837baead45e1505260d868871056150ede6e73d35460a470f2595a9e5e75f82b  opensc-0.26.0.tar.gz\n+# From https://github.com/OpenSC/OpenSC/releases/tag/0.27.1\n+sha256  976f4a23eaf3397a1a2c3a7aac80bf971a8c3d829c9a79f06145bfaeeae5eca7  opensc-0.27.1.tar.gz\n \n # Computed locally\n sha256  376b54d4c5f4aa99421823fa4da93e3ab73096fce2400e89858632aa7da24a14  COPYING\ndiff --git a/package/opensc/opensc.mk b/package/opensc/opensc.mk\nindex 11d1507d45..dbc83c2b0e 100644\n--- a/package/opensc/opensc.mk\n+++ b/package/opensc/opensc.mk\n@@ -4,7 +4,7 @@\n #\n ################################################################################\n \n-OPENSC_VERSION = 0.26.0\n+OPENSC_VERSION = 0.27.1\n OPENSC_SITE = https://github.com/OpenSC/OpenSC/releases/download/$(OPENSC_VERSION)\n OPENSC_LICENSE = LGPL-2.1+\n OPENSC_LICENSE_FILES = COPYING\n","prefixes":["1/2"]}