diff mbox series

[2/2] opensc: upgrade 0.25.1 -> 0.27.1

Message ID 20260716080840.19806-2-lianux.wang@processmission.com
State New
Headers show
Series [1/2] wolfssl: upgrade 5.7.2 -> 5.9.2 | expand

Commit Message

Lian Wang July 16, 2026, 8:08 a.m. UTC
- Drop 9 CVE patches and 1 PR patch all fixed upstream in 0.27.0
- CVE-2024-8443, CVE-2025-49010, CVE-2025-66037,
  CVE-2025-66038, CVE-2025-66215 resolved
- Switch to master branch as stable-0.25 is obsolete

Signed-off-by: Lian Wang <lianux.wang@processmission.com>
---
 ...ixes-for-uninitialized-memory-issues.patch | 1268 -----------------
 .../opensc/files/CVE-2024-8443-0001.patch     |   60 -
 .../opensc/files/CVE-2024-8443-0002.patch     |   55 -
 .../opensc/files/CVE-2025-49010.patch         |   72 -
 .../opensc/files/CVE-2025-66037.patch         |   35 -
 .../opensc/files/CVE-2025-66038.patch         |   41 -
 .../opensc/files/CVE-2025-66215-1.patch       |   29 -
 .../opensc/files/CVE-2025-66215-2.patch       |   37 -
 .../opensc/files/CVE-2025-66215-3.patch       |   45 -
 .../opensc/files/CVE-2025-66215-4.patch       |   62 -
 .../{opensc_0.25.1.bb => opensc_0.27.1.bb}    |   16 +-
 11 files changed, 3 insertions(+), 1717 deletions(-)
 delete mode 100644 meta-oe/recipes-support/opensc/files/0001-PR-Fixes-for-uninitialized-memory-issues.patch
 delete mode 100644 meta-oe/recipes-support/opensc/files/CVE-2024-8443-0001.patch
 delete mode 100644 meta-oe/recipes-support/opensc/files/CVE-2024-8443-0002.patch
 delete mode 100644 meta-oe/recipes-support/opensc/files/CVE-2025-49010.patch
 delete mode 100644 meta-oe/recipes-support/opensc/files/CVE-2025-66037.patch
 delete mode 100644 meta-oe/recipes-support/opensc/files/CVE-2025-66038.patch
 delete mode 100644 meta-oe/recipes-support/opensc/files/CVE-2025-66215-1.patch
 delete mode 100644 meta-oe/recipes-support/opensc/files/CVE-2025-66215-2.patch
 delete mode 100644 meta-oe/recipes-support/opensc/files/CVE-2025-66215-3.patch
 delete mode 100644 meta-oe/recipes-support/opensc/files/CVE-2025-66215-4.patch
 rename meta-oe/recipes-support/opensc/{opensc_0.25.1.bb => opensc_0.27.1.bb} (70%)
diff mbox series

Patch

diff --git a/meta-oe/recipes-support/opensc/files/0001-PR-Fixes-for-uninitialized-memory-issues.patch b/meta-oe/recipes-support/opensc/files/0001-PR-Fixes-for-uninitialized-memory-issues.patch
deleted file mode 100644
index 1c45067..0000000
--- a/meta-oe/recipes-support/opensc/files/0001-PR-Fixes-for-uninitialized-memory-issues.patch
+++ /dev/null
@@ -1,1268 +0,0 @@ 
-From: Virendra Thakur <virendrak@kpit.com>
-Date: Tue, 15 Oct 2024 17:29:19 +0000 (-0600)
-Subject: Avoid using uninitialized memory
-
-Avoid using uninitialized memory
-
-37 new use-of-uninitialized-memory bugs were found while testing fuzzing harnesses. The bugs were found in these functions:
-
-cac_read_file()
-cardos_match_card()
-sc_bin_to_hex()
-strcmp(), from gids_get_identifiers()
-do_select()
-bcmp(), from cac_list_compare_path()
-insert_cert()
-cardos_lifecycle_get()
-gids_read_masterfile()
-sc_pkcs15init_parse_info()
-piv_get_challenge()
-asn1_decode()
-malloc(), from cac_read_file()
-sc_asn1_decode_object_id()
-sc_pkcs15emu_sc_hsm_decode_cvc()
-gemsafe_get_cert_len()
-process_fcp()
-dnie_process_fci()
-iso7816_process_fci()
-sc_pkcs15_read_file()
-strlen(), from set_string()
-asn1_encode_path()
-msc_extract_rsa_public_key()
-sc_build_pin()
-DES_set_key_unchecked(), from openssl_enc()
-starcos_write_pukey()
-iasecc_sdo_parse()
-setcos_generate_key()
-iasecc_parse_size()
-iasecc_se_parse()
-sc_hsm_determine_free_id()
-asn1_encode_entry()
-coolkey_rsa_op()
-sc_asn1_read_tag()
-do_init_app()
-sc_pkcs15init_create_pin()
-sc_asn1_clear_algorithm_id()
-Reported by Matteo Marini (@Heinzeen)
-
-Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/pull/3225/files/ab476044a009003262991c065b792baa053c7be5]
-
-CVE: CVE-2024-45615 CVE-2024-45616 CVE-2024-45617 CVE-2024-45618 CVE-2024-45619 CVE-2024-45620
-Hunk present in card-entersafe.c and card-gids.c are refresehed base on codebase.
-
-From f25c61dae98ebfc7eb81b48f002621663cfcf9cb Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jjelen@redhat.com>
-Date: Mon, 20 May 2024 21:19:15 +0200
-Subject: [PATCH 01/30] gids: Avoid using uninitialized memory
-
-Thanks Matteo Marini for report
-
-https://github.com/OpenSC/OpenSC/security/advisories/GHSA-h5f7-rjr5-vx54
-
-Signed-off-by: Jakub Jelen <jjelen@redhat.com>
----
- src/libopensc/card-gids.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/libopensc/card-gids.c b/src/libopensc/card-gids.c
-index aa63035097..90c98b557d 100644
---- a/src/libopensc/card-gids.c
-+++ b/src/libopensc/card-gids.c
-@@ -251,7 +251,7 @@ static int gids_get_DO(sc_card_t* card,
- 	LOG_TEST_RET(card->ctx, r, "gids get data failed");
- 	LOG_TEST_RET(card->ctx,  sc_check_sw(card, apdu.sw1, apdu.sw2), "invalid return");
- 
--	p = sc_asn1_find_tag(card->ctx, buffer, sizeof(buffer), dataObjectIdentifier, &datasize);
-+       p = sc_asn1_find_tag(card->ctx, buffer, apdu.resplen, dataObjectIdentifier, &datasize);
- 	if (!p) {
- 		LOG_FUNC_RETURN(card->ctx, SC_ERROR_FILE_NOT_FOUND);
- 	}
-
-From a905ad4600ab13f36ec1d0c909b18ca016d91a5a Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jjelen@redhat.com>
-Date: Mon, 20 May 2024 21:31:38 +0200
-Subject: [PATCH 02/30] pkcs15init: Avoid using uninitialized memory
-
-Thanks Matteo Marini for report
-
-https://github.com/OpenSC/OpenSC/security/advisories/GHSA-h5f7-rjr5-vx54
-
-Signed-off-by: Jakub Jelen <jjelen@redhat.com>
----
- src/pkcs15init/profile.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/pkcs15init/profile.c b/src/pkcs15init/profile.c
-index 5113af6ef6..72963e2f9c 100644
---- a/src/pkcs15init/profile.c
-+++ b/src/pkcs15init/profile.c
-@@ -1809,7 +1809,7 @@ do_pin_storedlength(struct state *cur, int argc, char **argv)
- static int
- do_pin_flags(struct state *cur, int argc, char **argv)
- {
--	unsigned int	flags;
-+	unsigned int	flags = 0;
- 	int		i, r;
- 
- 	if (cur->pin->pin.auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
-
-From 4ca050b83c8f265280059697c3764460ad8aac9b Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com>
-Date: Tue, 3 Sep 2024 09:15:22 +0200
-Subject: [PATCH 03/30] pkcs15init: Remove tab indentation
-
----
- src/pkcs15init/profile.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/pkcs15init/profile.c b/src/pkcs15init/profile.c
-index 72963e2f9c..4fbc3e7e1f 100644
---- a/src/pkcs15init/profile.c
-+++ b/src/pkcs15init/profile.c
-@@ -1809,7 +1809,7 @@ do_pin_storedlength(struct state *cur, int argc, char **argv)
- static int
- do_pin_flags(struct state *cur, int argc, char **argv)
- {
--	unsigned int	flags = 0;
-+	unsigned int flags = 0;
- 	int		i, r;
- 
- 	if (cur->pin->pin.auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
-
-From 5580be58f2dc88f8b75a60d213a57014333c6b17 Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jjelen@redhat.com>
-Date: Mon, 20 May 2024 22:14:48 +0200
-Subject: [PATCH 04/30] cac: Correctly calculate certificate length based on
- the resplen
-
-Thanks Matteo Marini for report
-
-https://github.com/OpenSC/OpenSC/security/advisories/GHSA-h5f7-rjr5-vx54
-
-Signed-off-by: Jakub Jelen <jjelen@redhat.com>
----
- src/libopensc/card-cac1.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/src/libopensc/card-cac1.c b/src/libopensc/card-cac1.c
-index 5ddacc4565..06b2671f43 100644
---- a/src/libopensc/card-cac1.c
-+++ b/src/libopensc/card-cac1.c
-@@ -92,12 +92,12 @@ static int cac_cac1_get_certificate(sc_card_t *card, u8 **out_buf, size_t *out_l
- 		if (apdu.sw1 != 0x63 || apdu.sw2 < 1)  {
- 			/* we've either finished reading, or hit an error, break */
- 			r = sc_check_sw(card, apdu.sw1, apdu.sw2);
--			left -= len;
-+			left -= apdu.resplen;
- 			break;
- 		}
- 		/* Adjust the lengths */
--		left -= len;
--		out_ptr += len;
-+		left -= apdu.resplen;
-+		out_ptr += apdu.resplen;
- 		len = MIN(left, apdu.sw2);
- 	}
- 	if (r < 0) {
-
-From 9da37a80ed3b3ceaf472e1a43a4672f4e30637d1 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com>
-Date: Thu, 11 Jul 2024 14:58:25 +0200
-Subject: [PATCH 05/30] cac: Fix uninitialized values
-
-Thanks Matteo Marini for report
-https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8
-
-fuzz_card/1,fuzz_pkcs11/6
----
- src/libopensc/card-cac.c | 12 ++++++------
- 1 file changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/src/libopensc/card-cac.c b/src/libopensc/card-cac.c
-index 898fce8aa5..412f22644d 100644
---- a/src/libopensc/card-cac.c
-+++ b/src/libopensc/card-cac.c
-@@ -252,7 +252,7 @@ static int cac_apdu_io(sc_card_t *card, int ins, int p1, int p2,
- 	size_t * recvbuflen)
- {
- 	int r;
--	sc_apdu_t apdu;
-+	sc_apdu_t apdu = {0};
- 	u8 rbufinitbuf[CAC_MAX_SIZE];
- 	u8 *rbuf;
- 	size_t rbuflen;
-@@ -389,13 +389,13 @@ cac_get_acr(sc_card_t *card, int acr_type, u8 **out_buf, size_t *out_len)
- static int cac_read_file(sc_card_t *card, int file_type, u8 **out_buf, size_t *out_len)
- {
- 	u8 params[2];
--	u8 count[2];
-+	u8 count[2] = {0};
- 	u8 *out = NULL;
--	u8 *out_ptr;
-+	u8 *out_ptr = NULL;
- 	size_t offset = 0;
- 	size_t size = 0;
- 	size_t left = 0;
--	size_t len;
-+	size_t len = 0;
- 	int r;
- 
- 	params[0] = file_type;
-@@ -458,7 +458,7 @@ static int cac_read_binary(sc_card_t *card, unsigned int idx,
- 	const u8 *tl_ptr, *val_ptr, *tl_start;
- 	u8 *tlv_ptr;
- 	const u8 *cert_ptr;
--	size_t tl_len, val_len, tlv_len;
-+	size_t tl_len = 0, val_len = 0, tlv_len;
- 	size_t len, tl_head_len, cert_len;
- 	u8 cert_type, tag;
- 
-@@ -1519,7 +1519,7 @@ static int cac_parse_CCC(sc_card_t *card, cac_private_data_t *priv, const u8 *tl
- static int cac_process_CCC(sc_card_t *card, cac_private_data_t *priv, int depth)
- {
- 	u8 *tl = NULL, *val = NULL;
--	size_t tl_len, val_len;
-+	size_t tl_len = 0, val_len = 0;
- 	int r;
- 
- 	if (depth > CAC_MAX_CCC_DEPTH) {
-
-From 39a55ef0a44cb34b22e585281b1e1eee30eb79a5 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com>
-Date: Thu, 11 Jul 2024 15:27:19 +0200
-Subject: [PATCH 06/30] cardos: Fix uninitialized values
-
-Thanks Matteo Marini for report
-https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8
-
-fuzz_card/2
----
- src/libopensc/card-cardos.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/src/libopensc/card-cardos.c b/src/libopensc/card-cardos.c
-index 2e2d524333..a0e2322478 100644
---- a/src/libopensc/card-cardos.c
-+++ b/src/libopensc/card-cardos.c
-@@ -94,14 +94,14 @@ static void fixup_transceive_length(const struct sc_card *card,
- 
- static int cardos_match_card(sc_card_t *card)
- {
--	unsigned char atr[SC_MAX_ATR_SIZE];
-+	unsigned char atr[SC_MAX_ATR_SIZE] = { 0 };
- 	int i;
- 
- 	i = _sc_match_atr(card, cardos_atrs, &card->type);
- 	if (i < 0)
- 		return 0;
- 
--	memcpy(atr, card->atr.value, sizeof(atr));
-+	memcpy(atr, card->atr.value, card->atr.len);
- 
- 	/* Do not change card type for CIE! */
- 	if (card->type == SC_CARD_TYPE_CARDOS_CIE_V1)
-@@ -114,8 +114,8 @@ static int cardos_match_card(sc_card_t *card)
- 		return 1;
- 	if (card->type == SC_CARD_TYPE_CARDOS_M4_2) {
- 		int rv;
--		sc_apdu_t apdu;
--		u8 rbuf[SC_MAX_APDU_BUFFER_SIZE];
-+		sc_apdu_t apdu = { 0 };
-+		u8 rbuf[SC_MAX_APDU_BUFFER_SIZE] = { 0 };
- 		/* first check some additional ATR bytes */
- 		if ((atr[4] != 0xff && atr[4] != 0x02) ||
- 		    (atr[6] != 0x10 && atr[6] != 0x0a) ||
-
-From e66619fadb3fd666e3359886fe18e387de068799 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com>
-Date: Fri, 12 Jul 2024 13:16:56 +0200
-Subject: [PATCH 07/30] card-dnie: Check APDU response length and ASN1 lengths
-
-Thanks Matteo Marini for report
-https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8
-
-fuzz_pkcs15_decode/10, fuzz_pkcs15_encode/12
----
- src/libopensc/asn1.c      | 4 +++-
- src/libopensc/card-dnie.c | 8 ++++++--
- 2 files changed, 9 insertions(+), 3 deletions(-)
-
-diff --git a/src/libopensc/asn1.c b/src/libopensc/asn1.c
-index 08ef56149c..548263a2da 100644
---- a/src/libopensc/asn1.c
-+++ b/src/libopensc/asn1.c
-@@ -68,7 +68,7 @@ int sc_asn1_read_tag(const u8 ** buf, size_t buflen, unsigned int *cla_out,
- 
- 	*buf = NULL;
- 
--	if (left == 0 || !p)
-+	if (left == 0 || !p || buflen == 0)
- 		return SC_ERROR_INVALID_ASN1_OBJECT;
- 	if (*p == 0xff || *p == 0) {
- 		/* end of data reached */
-@@ -83,6 +83,8 @@ int sc_asn1_read_tag(const u8 ** buf, size_t buflen, unsigned int *cla_out,
- 	 */
- 	cla = (*p & SC_ASN1_TAG_CLASS) | (*p & SC_ASN1_TAG_CONSTRUCTED);
- 	tag = *p & SC_ASN1_TAG_PRIMITIVE;
-+	if (left < 1)
-+		return SC_ERROR_INVALID_ASN1_OBJECT;
- 	p++;
- 	left--;
- 	if (tag == SC_ASN1_TAG_PRIMITIVE) {
-diff --git a/src/libopensc/card-dnie.c b/src/libopensc/card-dnie.c
-index 464670f096..d8b90e8439 100644
---- a/src/libopensc/card-dnie.c
-+++ b/src/libopensc/card-dnie.c
-@@ -1172,12 +1172,16 @@ static int dnie_compose_and_send_apdu(sc_card_t *card, const u8 *path, size_t pa
- 
- 	if (file_out) {
- 		/* finally process FCI response */
-+		size_t len = apdu.resp[1];
- 		sc_file_free(*file_out);
- 		*file_out = sc_file_new();
- 		if (*file_out == NULL) {
- 			LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY);
- 		}
--		res = card->ops->process_fci(card, *file_out, apdu.resp + 2, apdu.resp[1]);
-+		if (apdu.resplen - 2 < len || len < 1) {
-+			LOG_FUNC_RETURN(ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED);
-+		}
-+		res = card->ops->process_fci(card, *file_out, apdu.resp + 2, len);
- 	}
- 	LOG_FUNC_RETURN(ctx, res);
- }
-@@ -1935,7 +1939,7 @@ static int dnie_process_fci(struct sc_card *card,
- 	int *op = df_acl;
- 	int n = 0;
- 	sc_context_t *ctx = NULL;
--	if ((card == NULL) || (card->ctx == NULL) || (file == NULL))
-+	if ((card == NULL) || (card->ctx == NULL) || (file == NULL) || buflen == 0)
- 		return SC_ERROR_INVALID_ARGUMENTS;
- 	ctx = card->ctx;
- 	LOG_FUNC_CALLED(ctx);
-
-From 737931e6edaaa2142e1e71a2b76159f6ce458bb8 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com>
-Date: Fri, 12 Jul 2024 14:03:59 +0200
-Subject: [PATCH 08/30] muscle: Report invalid SW when reading object
-
-Thanks Matteo Marini for report
-https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8
-
-fuzz_pkcs11/20, fuzz_pkcs15init/10
----
- src/libopensc/muscle.c | 19 ++++++++++---------
- 1 file changed, 10 insertions(+), 9 deletions(-)
-
-diff --git a/src/libopensc/muscle.c b/src/libopensc/muscle.c
-index 46a9f66b88..89dfcbbcba 100644
---- a/src/libopensc/muscle.c
-+++ b/src/libopensc/muscle.c
-@@ -92,33 +92,34 @@ int msc_partial_read_object(sc_card_t *card, msc_id objectId, int offset, u8 *da
- 	apdu.resp = data;
- 	r = sc_transmit_apdu(card, &apdu);
- 	LOG_TEST_RET(card->ctx, r, "APDU transmit failed");
--	if(apdu.sw1 == 0x90 && apdu.sw2 == 0x00)
-+	if (apdu.sw1 == 0x90 && apdu.sw2 == 0x00 && dataLength <= apdu.resplen)
- 		return (int)dataLength;
--	if(apdu.sw1 == 0x9C) {
--		if(apdu.sw2 == 0x07) {
-+	if (apdu.sw1 == 0x9C) {
-+		if (apdu.sw2 == 0x07) {
- 			SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_FILE_NOT_FOUND);
--		} else if(apdu.sw2 == 0x06) {
-+		} else if (apdu.sw2 == 0x06) {
- 			SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_NOT_ALLOWED);
--		} else if(apdu.sw2 == 0x0F) {
-+		} else if (apdu.sw2 == 0x0F) {
- 			/* GUESSED */
- 			SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS);
- 		}
- 	}
- 	sc_log(card->ctx,
- 		"got strange SWs: 0x%02X 0x%02X\n", apdu.sw1, apdu.sw2);
--	return (int)dataLength;
--
-+	SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_UNKNOWN_DATA_RECEIVED);
- }
- 
- int msc_read_object(sc_card_t *card, msc_id objectId, int offset, u8 *data, size_t dataLength)
- {
--	int r;
-+	int r = 0;
- 	unsigned int i;
- 	size_t max_read_unit = MSC_MAX_READ;
- 
--	for(i = 0; i < dataLength; i += max_read_unit) {
-+	for (i = 0; i < dataLength; i += r) {
- 		r = msc_partial_read_object(card, objectId, offset + i, data + i, MIN(dataLength - i, max_read_unit));
- 		LOG_TEST_RET(card->ctx, r, "Error in partial object read");
-+		if (r == 0)
-+			break;
- 	}
- 	return (int)dataLength;
- }
-
-From e7f6a24b7e9ac849d0242ce9e183c8160e5e9e8c Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com>
-Date: Fri, 12 Jul 2024 14:16:24 +0200
-Subject: [PATCH 09/30] card-mcrd: Check length of response buffer in select
-
-Thanks Matteo Marini for report
-https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8
-
-fuzz_pkcs11/5,12 fuzz_pkcs15_crypt/9
----
- src/libopensc/card-mcrd.c | 11 +++++++----
- 1 file changed, 7 insertions(+), 4 deletions(-)
-
-diff --git a/src/libopensc/card-mcrd.c b/src/libopensc/card-mcrd.c
-index 3a549999eb..911e9f0a07 100644
---- a/src/libopensc/card-mcrd.c
-+++ b/src/libopensc/card-mcrd.c
-@@ -587,20 +587,23 @@ do_select(sc_card_t * card, u8 kind,
- 		}
- 	}
- 
--	if (p2 == 0x04 && apdu.resp[0] == 0x62) {
-+	if (p2 == 0x04 && apdu.resplen > 2 && apdu.resp[0] == 0x62) {
- 		*file = sc_file_new();
- 		if (!*file)
- 			LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY);
-+		if (apdu.resp[1] > apdu.resplen - 2)
-+			LOG_FUNC_RETURN(card->ctx, SC_ERROR_INVALID_DATA);
- 		process_fcp(card, *file, apdu.resp + 2, apdu.resp[1]);
- 		return SC_SUCCESS;
- 	}
- 
--	if (p2 != 0x0C && apdu.resp[0] == 0x6F) {
-+	if (p2 != 0x0C && apdu.resplen > 2 && apdu.resp[0] == 0x6F) {
- 		*file = sc_file_new();
- 		if (!*file)
- 			LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY);
--		if (apdu.resp[1] <= apdu.resplen)
--			process_fcp(card, *file, apdu.resp + 2, apdu.resp[1]);
-+		if (apdu.resp[1] > apdu.resplen - 2)
-+			LOG_FUNC_RETURN(card->ctx, SC_ERROR_INVALID_DATA);
-+		process_fcp(card, *file, apdu.resp + 2, apdu.resp[1]);
- 		return SC_SUCCESS;
- 	}
- 	return SC_SUCCESS;
-
-From d18a07ea891c7bd7dff0d187fbb4df5169fd9698 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com>
-Date: Fri, 12 Jul 2024 14:35:47 +0200
-Subject: [PATCH 10/30] pkcs15-cert.c: Initialize OID length
-
-In case it is not set later.
-
-Thanks Matteo Marini for report
-https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8
-
-fuzz_pkcs11/7
----
- src/libopensc/pkcs15-cert.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/libopensc/pkcs15-cert.c b/src/libopensc/pkcs15-cert.c
-index 1777a85835..5e2dbb89d0 100644
---- a/src/libopensc/pkcs15-cert.c
-+++ b/src/libopensc/pkcs15-cert.c
-@@ -169,7 +169,7 @@ sc_pkcs15_get_name_from_dn(struct sc_context *ctx, const u8 *dn, size_t dn_len,
- 	for (next_ava = rdn, next_ava_len = rdn_len; next_ava_len; ) {
- 		const u8 *ava, *dummy, *oidp;
- 		struct sc_object_id oid;
--		size_t ava_len, dummy_len, oid_len;
-+		size_t ava_len = 0, dummy_len, oid_len = 0;
- 
- 		/* unwrap the set and point to the next ava */
- 		ava = sc_asn1_skip_tag(ctx, &next_ava, &next_ava_len, SC_ASN1_TAG_SET | SC_ASN1_CONS, &ava_len);
-
-From c65e6f004d99187d63d68e4a9a9d5ada770b7b8d Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com>
-Date: Fri, 12 Jul 2024 15:04:19 +0200
-Subject: [PATCH 11/30] card-gids: Use actual length of reponse buffer
-
-Thanks Matteo Marini for report
-https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8
-
-fuzz_pkcs11/11
----
- src/libopensc/card-gids.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/src/libopensc/card-gids.c b/src/libopensc/card-gids.c
-index 90c98b557d..5fb0d4acb4 100644
---- a/src/libopensc/card-gids.c
-+++ b/src/libopensc/card-gids.c
-@@ -231,6 +231,7 @@ static int gids_get_DO(sc_card_t* card,
- 	size_t datasize = 0;
- 	const u8* p;
- 	u8 buffer[MAX_GIDS_FILE_SIZE];
-+        size_t buffer_len = sizeof(buffer);
- 
- 	SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
- 	sc_log(card->ctx,
-@@ -244,14 +245,15 @@ static int gids_get_DO(sc_card_t* card,
- 	apdu.data = data;
- 	apdu.datalen = 04;
- 	apdu.resp = buffer;
--	apdu.resplen = sizeof(buffer);
-+        apdu.resplen = buffer_len;
- 	apdu.le = 256;
- 
- 	r = sc_transmit_apdu(card, &apdu);
- 	LOG_TEST_RET(card->ctx, r, "gids get data failed");
- 	LOG_TEST_RET(card->ctx,  sc_check_sw(card, apdu.sw1, apdu.sw2), "invalid return");
-+        buffer_len = apdu.resplen;
- 
--       p = sc_asn1_find_tag(card->ctx, buffer, apdu.resplen, dataObjectIdentifier, &datasize);
-+       p = sc_asn1_find_tag(card->ctx, buffer, buffer_len, dataObjectIdentifier, &datasize);
- 	if (!p) {
- 		LOG_FUNC_RETURN(card->ctx, SC_ERROR_FILE_NOT_FOUND);
- 	}
-
-From 3b242c5d7160a66fb94efabef9318ebf03ebc63f Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com>
-Date: Tue, 16 Jul 2024 14:05:36 +0200
-Subject: [PATCH 12/30]  cac: Check return value when selecting AID
-
-Thanks Matteo Marini for report
-https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8
-
-fuzz_pkcs11/14
----
- src/libopensc/card-cac.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/src/libopensc/card-cac.c b/src/libopensc/card-cac.c
-index 412f22644d..71ab7e482f 100644
---- a/src/libopensc/card-cac.c
-+++ b/src/libopensc/card-cac.c
-@@ -1293,10 +1293,10 @@ static int cac_parse_aid(sc_card_t *card, cac_private_data_t *priv, const u8 *ai
- 	/* Call without OID set will just select the AID without subsequent
- 	 * OID selection, which we need to figure out just now
- 	 */
--	cac_select_file_by_type(card, &new_object.path, NULL);
-+	r = cac_select_file_by_type(card, &new_object.path, NULL);
-+	LOG_TEST_RET(card->ctx, r, "Cannot select AID");
- 	r = cac_get_properties(card, &prop);
--	if (r < 0)
--		return SC_ERROR_INTERNAL;
-+	LOG_TEST_RET(card->ctx, r, "Cannot get CAC properties");
- 
- 	for (i = 0; i < prop.num_objects; i++) {
- 		/* don't fail just because we have more certs than we can support */
-
-From 19d55573fcb638d02acc378cf638da9b4e481cd7 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com>
-Date: Tue, 16 Jul 2024 14:22:02 +0200
-Subject: [PATCH 13/30] pkcs15-tcos: Check number of read bytes for cert
-
-Thanks Matteo Marini for report
-https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8
-
-fuzz_pkcs11/15
----
- src/libopensc/pkcs15-tcos.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/libopensc/pkcs15-tcos.c b/src/libopensc/pkcs15-tcos.c
-index a84001e122..4d02a98ee1 100644
---- a/src/libopensc/pkcs15-tcos.c
-+++ b/src/libopensc/pkcs15-tcos.c
-@@ -62,7 +62,8 @@ static int insert_cert(
- 			"Select(%s) failed\n", path);
- 		return 1;
- 	}
--	if(sc_read_binary(card, 0, cert, sizeof(cert), 0)<0){
-+	r = sc_read_binary(card, 0, cert, sizeof(cert), 0);
-+	if (r <= 0){
- 		sc_log(ctx, 
- 			"ReadBinary(%s) failed\n", path);
- 		return 2;
-
-From 74d42f32fd6f96f190ee7dd188f873115dcb5af2 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com>
-Date: Tue, 16 Jul 2024 14:29:01 +0200
-Subject: [PATCH 14/30] cardos: Return error when response length is 0
-
-Thanks Matteo Marini for report
-https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8
-
-fuzz_pkcs11/18
----
- src/libopensc/card-cardos.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/libopensc/card-cardos.c b/src/libopensc/card-cardos.c
-index a0e2322478..124752d78b 100644
---- a/src/libopensc/card-cardos.c
-+++ b/src/libopensc/card-cardos.c
-@@ -1281,7 +1281,7 @@ cardos_lifecycle_get(sc_card_t *card, int *mode)
- 	LOG_TEST_RET(card->ctx, r, "Card returned error");
- 
- 	if (apdu.resplen < 1) {
--		LOG_TEST_RET(card->ctx, r, "Lifecycle byte not in response");
-+		LOG_TEST_RET(card->ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Lifecycle byte not in response");
- 	}
- 
- 	r = SC_SUCCESS;
-
-From 2e6333f2024765bbd0e384cadce6d6c6496339a2 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com>
-Date: Tue, 16 Jul 2024 15:51:51 +0200
-Subject: [PATCH 15/30] card-piv: Initialize variables for tag and CLA
-
-In case they are not later initialize later by
-sc_asn1_read_tag() function.
-
-Thanks Matteo Marini for report
-https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8
-
-fuzz_pkcs11/21
----
- src/libopensc/card-piv.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/libopensc/card-piv.c b/src/libopensc/card-piv.c
-index f4eafe47a4..034635d898 100644
---- a/src/libopensc/card-piv.c
-+++ b/src/libopensc/card-piv.c
-@@ -4428,7 +4428,7 @@ static int piv_get_challenge(sc_card_t *card, u8 *rnd, size_t len)
- 	const u8 *p;
- 	size_t out_len = 0;
- 	int r;
--	unsigned int tag_out, cla_out;
-+	unsigned int tag_out = 0, cla_out = 0;
- 	piv_private_data_t * priv = PIV_DATA(card);
- 
- 	LOG_FUNC_CALLED(card->ctx);
-
-From 95815e45fb9f764d6e820a287ebc242e5a3155ec Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com>
-Date: Tue, 16 Jul 2024 16:32:45 +0200
-Subject: [PATCH 16/30] pkcs15-sc-hsm: Initialize variables for tag and CLA
-
-In case they are not later initialize later by
-sc_asn1_read_tag() function.
-
-Thanks Matteo Marini for report
-https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8
-
-fuzz_pkcs15_crypt/12
----
- src/libopensc/pkcs15-sc-hsm.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/libopensc/pkcs15-sc-hsm.c b/src/libopensc/pkcs15-sc-hsm.c
-index 315cd74482..acdbee7054 100644
---- a/src/libopensc/pkcs15-sc-hsm.c
-+++ b/src/libopensc/pkcs15-sc-hsm.c
-@@ -386,7 +386,7 @@ int sc_pkcs15emu_sc_hsm_decode_cvc(sc_pkcs15_card_t * p15card,
- 	struct sc_asn1_entry asn1_cvcert[C_ASN1_CVCERT_SIZE];
- 	struct sc_asn1_entry asn1_cvc_body[C_ASN1_CVC_BODY_SIZE];
- 	struct sc_asn1_entry asn1_cvc_pubkey[C_ASN1_CVC_PUBKEY_SIZE];
--	unsigned int cla,tag;
-+	unsigned int cla = 0, tag = 0;
- 	size_t taglen;
- 	const u8 *tbuf;
- 	int r;
-
-From 16e0af0a310e4f611b88ea29ec53e02928d5ba35 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com>
-Date: Wed, 17 Jul 2024 09:15:43 +0200
-Subject: [PATCH 17/30] pkcs15-gemsafeV1: Check length of buffer for object
-
-Number of actually read bytes may differ from
-the stated object length.
-
-Thanks Matteo Marini for report
-https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8
-
-fuzz_pkcs15_crypt/15
----
- src/libopensc/pkcs15-gemsafeV1.c | 20 +++++++++++++++-----
- 1 file changed, 15 insertions(+), 5 deletions(-)
-
-diff --git a/src/libopensc/pkcs15-gemsafeV1.c b/src/libopensc/pkcs15-gemsafeV1.c
-index 25140503fa..9fb8956fe9 100644
---- a/src/libopensc/pkcs15-gemsafeV1.c
-+++ b/src/libopensc/pkcs15-gemsafeV1.c
-@@ -169,6 +169,7 @@ static int gemsafe_get_cert_len(sc_card_t *card)
- 	size_t objlen;
- 	int certlen;
- 	unsigned int ind, i=0;
-+	int read_len;
- 
- 	sc_format_path(GEMSAFE_PATH, &path);
- 	r = sc_select_file(card, &path, &file);
-@@ -177,9 +178,11 @@ static int gemsafe_get_cert_len(sc_card_t *card)
- 	sc_file_free(file);
- 
- 	/* Initial read */
--	r = sc_read_binary(card, 0, ibuf, GEMSAFE_READ_QUANTUM, 0);
--	if (r < 0)
-+	read_len = sc_read_binary(card, 0, ibuf, GEMSAFE_READ_QUANTUM, 0);
-+	if (read_len <= 2) {
-+		sc_log(card->ctx, "Invalid size of object data: %d", read_len);
- 		return SC_ERROR_INTERNAL;
-+	}
- 
- 	/* Actual stored object size is encoded in first 2 bytes
- 	 * (allocated EF space is much greater!)
-@@ -208,7 +211,7 @@ static int gemsafe_get_cert_len(sc_card_t *card)
- 	 * the private key.
- 	 */
- 	ind = 2; /* skip length */
--	while (ibuf[ind] == 0x01 && i < gemsafe_cert_max) {
-+	while (ind + 1 < (size_t)read_len && ibuf[ind] == 0x01 && i < gemsafe_cert_max) {
- 		if (ibuf[ind+1] == 0xFE) {
- 			gemsafe_prkeys[i].ref = ibuf[ind+4];
- 			sc_log(card->ctx, "Key container %d is allocated and uses key_ref %d",
-@@ -235,7 +238,7 @@ static int gemsafe_get_cert_len(sc_card_t *card)
- 	/* Read entire file, then dissect in memory.
- 	 * Gemalto ClassicClient seems to do it the same way.
- 	 */
--	iptr = ibuf + GEMSAFE_READ_QUANTUM;
-+	iptr = ibuf + read_len;
- 	while ((size_t)(iptr - ibuf) < objlen) {
- 		r = sc_read_binary(card, (unsigned)(iptr - ibuf), iptr,
- 				   MIN(GEMSAFE_READ_QUANTUM, objlen - (iptr - ibuf)), 0);
-@@ -243,7 +246,14 @@ static int gemsafe_get_cert_len(sc_card_t *card)
- 			sc_log(card->ctx, "Could not read cert object");
- 			return SC_ERROR_INTERNAL;
- 		}
--		iptr += GEMSAFE_READ_QUANTUM;
-+		if (r == 0)
-+			break;
-+		read_len += r;
-+		iptr += r;
-+	}
-+	if ((size_t)read_len < objlen) {
-+		sc_log(card->ctx, "Could not read cert object");
-+		return SC_ERROR_INTERNAL;
- 	}
- 
- 	/* Search buffer for certificates, they start with 0x3082. */
-
-From 5aad7762d144a39ef11bd6f0881fc7e992161bb5 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com>
-Date: Wed, 17 Jul 2024 10:39:52 +0200
-Subject: [PATCH 18/30] card-jpki: Check number of read bytes
-
-Thanks Matteo Marini for report
-https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8
-
-fuzz_pkcs15_encode/18
----
- src/libopensc/card-jpki.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/src/libopensc/card-jpki.c b/src/libopensc/card-jpki.c
-index 6e4d0f3165..71339491d1 100644
---- a/src/libopensc/card-jpki.c
-+++ b/src/libopensc/card-jpki.c
-@@ -195,6 +195,8 @@ jpki_select_file(struct sc_card *card,
- 		u8 buf[4];
- 		rc = sc_read_binary(card, 0, buf, 4, 0);
- 		LOG_TEST_RET(card->ctx, rc, "SW Check failed");
-+		if (rc < 4)
-+			LOG_TEST_RET(card->ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Received data too short");
- 		file = sc_file_new();
- 		if (!file) {
- 			LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY);
-
-From 535e9d62f94b496bb5214edf0ee6f431ae6d94cb Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com>
-Date: Wed, 17 Jul 2024 11:18:52 +0200
-Subject: [PATCH 19/30] pkcs15-tcos: Check return value of serial num
- conversion
-
-Thanks Matteo Marini for report
-https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8
-
-fuzz_pkcs15_encode/21
----
- src/libopensc/pkcs15-tcos.c | 9 +++++++--
- 1 file changed, 7 insertions(+), 2 deletions(-)
-
-diff --git a/src/libopensc/pkcs15-tcos.c b/src/libopensc/pkcs15-tcos.c
-index 4d02a98ee1..2bd275c4f4 100644
---- a/src/libopensc/pkcs15-tcos.c
-+++ b/src/libopensc/pkcs15-tcos.c
-@@ -531,10 +531,15 @@ int sc_pkcs15emu_tcos_init_ex(
- 	/* get the card serial number */
- 	r = sc_card_ctl(card, SC_CARDCTL_GET_SERIALNR, &serialnr);
- 	if (r < 0) {
--		sc_log(ctx,  "unable to get ICCSN\n");
-+		sc_log(ctx, "unable to get ICCSN");
- 		return SC_ERROR_WRONG_CARD;
- 	}
--	sc_bin_to_hex(serialnr.value, serialnr.len , serial, sizeof(serial), 0);
-+	r = sc_bin_to_hex(serialnr.value, serialnr.len, serial, sizeof(serial), 0);
-+	if (r != SC_SUCCESS) {
-+		sc_log(ctx, "serial number invalid");
-+		return SC_ERROR_INTERNAL;
-+	}
-+
- 	serial[19] = '\0';
- 	set_string(&p15card->tokeninfo->serial_number, serial);
- 
-
-From 230a783a0476ef1b387818ba5dd9c1c73978744f Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com>
-Date: Wed, 17 Jul 2024 12:53:52 +0200
-Subject: [PATCH 20/30] pkcs15-tcos: Check certificate length before accessing
-
-Thanks Matteo Marini for report
-https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8
-
-fuzz_pkcs15_encode/8
----
- src/libopensc/pkcs15-tcos.c | 35 +++++++++++++++++++++--------------
- 1 file changed, 21 insertions(+), 14 deletions(-)
-
-diff --git a/src/libopensc/pkcs15-tcos.c b/src/libopensc/pkcs15-tcos.c
-index 2bd275c4f4..ecaa66edf2 100644
---- a/src/libopensc/pkcs15-tcos.c
-+++ b/src/libopensc/pkcs15-tcos.c
-@@ -45,6 +45,7 @@ static int insert_cert(
- 	struct sc_pkcs15_cert_info cert_info;
- 	struct sc_pkcs15_object cert_obj;
- 	unsigned char cert[20];
-+	size_t cert_len = 0;
- 	int r;
- 
- 	memset(&cert_info, 0, sizeof(cert_info));
-@@ -57,25 +58,31 @@ static int insert_cert(
- 	strlcpy(cert_obj.label, label, sizeof(cert_obj.label));
- 	cert_obj.flags = writable ? SC_PKCS15_CO_FLAG_MODIFIABLE : 0;
- 
--	if(sc_select_file(card, &cert_info.path, NULL)!=SC_SUCCESS){
--		sc_log(ctx, 
--			"Select(%s) failed\n", path);
-+	if (sc_select_file(card, &cert_info.path, NULL) != SC_SUCCESS) {
-+		sc_log(ctx, "Select(%s) failed", path);
- 		return 1;
- 	}
- 	r = sc_read_binary(card, 0, cert, sizeof(cert), 0);
--	if (r <= 0){
--		sc_log(ctx, 
--			"ReadBinary(%s) failed\n", path);
-+	if (r <= 0) {
-+		sc_log(ctx, "ReadBinary(%s) failed\n", path);
- 		return 2;
- 	}
--	if(cert[0]!=0x30 || cert[1]!=0x82){
--		sc_log(ctx, 
--			"Invalid Cert: %02X:%02X:...\n", cert[0], cert[1]);
-+	cert_len = r; /* actual number of read bytes */
-+	if (cert_len < 7 || (size_t)(7 + cert[5]) > cert_len) {
-+		sc_log(ctx, "Invalid certificate length");
-+		return 3;
-+	}
-+	if (cert[0] != 0x30 || cert[1] != 0x82) {
-+		sc_log(ctx, "Invalid Cert: %02X:%02X:...\n", cert[0], cert[1]);
- 		return 3;
- 	}
- 
- 	/* some certificates are prefixed by an OID */
--	if(cert[4]==0x06 && cert[5]<10 && cert[6+cert[5]]==0x30 && cert[7+cert[5]]==0x82){
-+	if (cert[4] == 0x06 && cert[5] < 10 && cert[6 + cert[5]] == 0x30 && cert[7 + cert[5]] == 0x82) {
-+		if ((size_t)(9 + cert[5]) > cert_len) {
-+			sc_log(ctx, "Invalid certificate length");
-+			return 3;
-+		}
- 		cert_info.path.index=6+cert[5];
- 		cert_info.path.count=(cert[8+cert[5]]<<8) + cert[9+cert[5]] + 4;
- 	} else {
-@@ -83,12 +90,12 @@ static int insert_cert(
- 		cert_info.path.count=(cert[2]<<8) + cert[3] + 4;
- 	}
- 
--	r=sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, &cert_info);
--	if(r!=SC_SUCCESS){
--		sc_log(ctx,  "sc_pkcs15emu_add_x509_cert(%s) failed\n", path);
-+	r = sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, &cert_info);
-+	if (r != SC_SUCCESS) {
-+		sc_log(ctx, "sc_pkcs15emu_add_x509_cert(%s) failed", path);
- 		return 4;
- 	}
--	sc_log(ctx,  "%s: OK, Index=%d, Count=%d\n", path, cert_info.path.index, cert_info.path.count);
-+	sc_log(ctx, "%s: OK, Index=%d, Count=%d", path, cert_info.path.index, cert_info.path.count);
- 	return 0;
- }
- 
-
-From afb1bba4f1966a5b78fdba44b6e7c4dd115cfb29 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com>
-Date: Wed, 17 Jul 2024 14:56:22 +0200
-Subject: [PATCH 21/30] pkcs15-lib: Report transport key error
-
-Thanks Matteo Marini for report
-https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8
-
-fuzz_pkcs15init/17, fuzz_pkcs15init/18
----
- src/pkcs15init/pkcs15-lib.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/src/pkcs15init/pkcs15-lib.c b/src/pkcs15init/pkcs15-lib.c
-index 6574e8025d..943d53e987 100644
---- a/src/pkcs15init/pkcs15-lib.c
-+++ b/src/pkcs15init/pkcs15-lib.c
-@@ -3831,13 +3831,15 @@ sc_pkcs15init_get_transport_key(struct sc_profile *profile, struct sc_pkcs15_car
- 	if (callbacks.get_key)   {
- 		rv = callbacks.get_key(profile, type, reference, defbuf, defsize, pinbuf, pinsize);
- 		LOG_TEST_RET(ctx, rv, "Cannot get key");
--	}
--	else if (rv >= 0)  {
-+	} else if (rv >= 0) {
- 		if (*pinsize < defsize)
- 			LOG_TEST_RET(ctx, SC_ERROR_BUFFER_TOO_SMALL, "Get transport key error");
- 
- 		memcpy(pinbuf, data.key_data, data.len);
- 		*pinsize = data.len;
-+	} else {
-+		/* pinbuf and pinsize were not filled */
-+		LOG_TEST_RET(ctx, SC_ERROR_INTERNAL, "Get transport key error");
- 	}
- 
- 	memset(&auth_info, 0, sizeof(auth_info));
-
-From 60f08c6fca2f87f30480589d00922599c8189555 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com>
-Date: Thu, 18 Jul 2024 09:23:20 +0200
-Subject: [PATCH 22/30] pkcs15-starcos: Check length of file to be non-zero
-
-Thanks Matteo Marini for report
-https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8
-
-fuzz_pkcs15init/20
----
- src/pkcs15init/pkcs15-starcos.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/src/pkcs15init/pkcs15-starcos.c b/src/pkcs15init/pkcs15-starcos.c
-index bde7413a46..267ad2b04a 100644
---- a/src/pkcs15init/pkcs15-starcos.c
-+++ b/src/pkcs15init/pkcs15-starcos.c
-@@ -670,6 +670,8 @@ static int starcos_write_pukey(sc_profile_t *profile, sc_card_t *card,
- 		return r;
- 	len = tfile->size;
- 	sc_file_free(tfile);
-+	if (len == 0)
-+		return SC_ERROR_INTERNAL;
- 	buf = malloc(len);
- 	if (!buf)
- 		return SC_ERROR_OUT_OF_MEMORY;
-@@ -684,7 +686,7 @@ static int starcos_write_pukey(sc_profile_t *profile, sc_card_t *card,
- 	if (num_keys == 0xff)
- 		num_keys = 0;
- 	/* encode public key */
--	keylen  = starcos_encode_pukey(rsa, NULL, kinfo);
-+	keylen = starcos_encode_pukey(rsa, NULL, kinfo);
- 	if (!keylen) {
- 		free(buf);
- 		return SC_ERROR_INTERNAL;
-
-From 513d3fdeed6b07f05c8d3bf9532d0b54dcbc3488 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com>
-Date: Thu, 18 Jul 2024 09:35:23 +0200
-Subject: [PATCH 23/30] iasecc-sdo: Check length of data before dereferencing
-
-Thanks Matteo Marini for report
-https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8
-
-fuzz_pkcs15init/21
----
- src/libopensc/iasecc-sdo.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/src/libopensc/iasecc-sdo.c b/src/libopensc/iasecc-sdo.c
-index 417b6dd57d..98402a4e3f 100644
---- a/src/libopensc/iasecc-sdo.c
-+++ b/src/libopensc/iasecc-sdo.c
-@@ -760,6 +760,9 @@ iasecc_sdo_parse(struct sc_card *card, unsigned char *data, size_t data_len, str
- 
- 	LOG_FUNC_CALLED(ctx);
- 
-+	if (data == NULL || data_len < 2)
-+		LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_DATA);
-+
- 	if (*data == IASECC_SDO_TEMPLATE_TAG)   {
- 		size_size = iasecc_parse_size(data + 1, data_len - 1, &size);
- 		LOG_TEST_RET(ctx, size_size, "parse error: invalid size data of IASECC_SDO_TEMPLATE");
-
-From b1cdaf4b820d6ba6e3f42acd289ef3e6540bb9f3 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com>
-Date: Thu, 18 Jul 2024 15:39:15 +0200
-Subject: [PATCH 24/30] card-oberthur: Check length of serial number
-
-Thanks Matteo Marini for report
-https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8
-
-fuzz_pkcs11/1, fuzz_pkcs15init/2
----
- src/libopensc/card-oberthur.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/src/libopensc/card-oberthur.c b/src/libopensc/card-oberthur.c
-index f344d5901f..5920c2c417 100644
---- a/src/libopensc/card-oberthur.c
-+++ b/src/libopensc/card-oberthur.c
-@@ -145,7 +145,7 @@ auth_select_aid(struct sc_card *card)
- {
- 	struct sc_apdu apdu;
- 	unsigned char apdu_resp[SC_MAX_APDU_BUFFER_SIZE];
--	struct auth_private_data *data =  (struct auth_private_data *) card->drv_data;
-+	struct auth_private_data *data = (struct auth_private_data *)card->drv_data;
- 	int rv, ii;
- 	struct sc_path tmp_path;
- 
-@@ -162,6 +162,9 @@ auth_select_aid(struct sc_card *card)
- 
- 	rv = sc_transmit_apdu(card, &apdu);
- 	LOG_TEST_RET(card->ctx, rv, "APDU transmit failed");
-+	if (apdu.resplen < 20) {
-+		LOG_TEST_RET(card->ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Serial number has incorrect length");
-+	}
- 	card->serialnr.len = 4;
- 	memcpy(card->serialnr.value, apdu.resp+15, 4);
- 
-
-From 67064f41b5dd0947a7fcbc78b7c46d35439c6458 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com>
-Date: Thu, 18 Jul 2024 10:16:39 +0200
-Subject: [PATCH 25/30] pkcs15-setcos: Check length of generated key
-
-Thanks Matteo Marini for report
-https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8
-
-fuzz_pkcs15init/26
----
- src/pkcs15init/pkcs15-setcos.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/src/pkcs15init/pkcs15-setcos.c b/src/pkcs15init/pkcs15-setcos.c
-index a445513901..6525541f5a 100644
---- a/src/pkcs15init/pkcs15-setcos.c
-+++ b/src/pkcs15init/pkcs15-setcos.c
-@@ -507,6 +507,9 @@ setcos_generate_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
- 		r = sc_card_ctl(p15card->card, SC_CARDCTL_SETCOS_GETDATA, &data_obj);
- 		LOG_TEST_RET(ctx, r, "Cannot get key modulus: 'SETCOS_GETDATA' failed");
- 
-+		if (data_obj.DataLen < 3 || data_obj.DataLen < pubkey->u.rsa.modulus.len)
-+			LOG_TEST_RET(ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Cannot get key modulus: wrong length of raw key");
-+
- 		keybits = ((raw_pubkey[0] * 256) + raw_pubkey[1]);  /* modulus bit length */
- 		if (keybits != key_info->modulus_length)  {
- 			sc_log(ctx,
-@@ -514,7 +517,7 @@ setcos_generate_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
- 				 keybits, key_info->modulus_length);
- 			LOG_TEST_RET(ctx, SC_ERROR_PKCS15INIT, "Failed to generate key");
- 		}
--		memcpy (pubkey->u.rsa.modulus.data, &raw_pubkey[2], pubkey->u.rsa.modulus.len);
-+		memcpy(pubkey->u.rsa.modulus.data, &raw_pubkey[2], pubkey->u.rsa.modulus.len);
- 	} else {
- 		sc_file_free(file);
- 	}
-
-From c911e5fca9184b16f94669ca0fa5227aaf0b590e Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com>
-Date: Thu, 18 Jul 2024 11:03:46 +0200
-Subject: [PATCH 26/30] iasecc-sdo: Check length of data when parsing
-
-Thanks Matteo Marini for report
-https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8
-
-fuzz_pkcs15init/27,29
----
- src/libopensc/iasecc-sdo.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/src/libopensc/iasecc-sdo.c b/src/libopensc/iasecc-sdo.c
-index 98402a4e3f..dbd5b9f08c 100644
---- a/src/libopensc/iasecc-sdo.c
-+++ b/src/libopensc/iasecc-sdo.c
-@@ -318,16 +318,25 @@ iasecc_se_parse(struct sc_card *card, unsigned char *data, size_t data_len, stru
- 
- 	LOG_FUNC_CALLED(ctx);
- 
-+	if (data_len < 1)
-+		LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_DATA);
-+
- 	if (*data == IASECC_SDO_TEMPLATE_TAG)   {
- 		size_size = iasecc_parse_size(data + 1, data_len - 1, &size);
- 		LOG_TEST_RET(ctx, size_size, "parse error: invalid size data of IASECC_SDO_TEMPLATE");
- 
-+		if (data_len - 1 < size)
-+			LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_DATA);
-+
- 		data += size_size + 1;
- 		data_len = size;
- 		sc_log(ctx,
- 		       "IASECC_SDO_TEMPLATE: size %"SC_FORMAT_LEN_SIZE_T"u, size_size %d",
- 		       size, size_size);
- 
-+		if (data_len < 3)
-+			LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_DATA);
-+
- 		if (*data != IASECC_SDO_TAG_HEADER)
- 			LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_DATA);
- 
-
-From 755448b802a3631724eaf9a3cdece327afd127b7 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com>
-Date: Thu, 18 Jul 2024 11:38:25 +0200
-Subject: [PATCH 27/30] pkcs15-sc-hsm: Properly check length of file list
-
-Thanks Matteo Marini for report
-https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8
-
-fuzz_pkcs15init/8
----
- src/pkcs15init/pkcs15-sc-hsm.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/pkcs15init/pkcs15-sc-hsm.c b/src/pkcs15init/pkcs15-sc-hsm.c
-index 71f96cfc56..db1a2b518f 100644
---- a/src/pkcs15init/pkcs15-sc-hsm.c
-+++ b/src/pkcs15init/pkcs15-sc-hsm.c
-@@ -140,7 +140,7 @@ static int sc_hsm_determine_free_id(struct sc_pkcs15_card *p15card, u8 range)
- 	LOG_TEST_RET(card->ctx, filelistlength, "Could not enumerate file and key identifier");
- 
- 	for (j = 0; j < 256; j++) {
--		for (i = 0; i < filelistlength; i += 2) {
-+		for (i = 0; i + 1 < filelistlength; i += 2) {
- 			if ((filelist[i] == range) && (filelist[i + 1] == j)) {
- 				break;
- 			}
-
-From 9c8c25a82e1ef4b26a1828e430f6efe07f002b8c Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com>
-Date: Thu, 18 Jul 2024 12:33:31 +0200
-Subject: [PATCH 28/30] card-coolkey: Check length of buffer before conversion
-
-Thanks Matteo Marini for report
-https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8
-
-fuzz_pkcs15_reader/3
----
- src/libopensc/card-coolkey.c | 11 ++++++++---
- 1 file changed, 8 insertions(+), 3 deletions(-)
-
-diff --git a/src/libopensc/card-coolkey.c b/src/libopensc/card-coolkey.c
-index 9192aac092..5d547bc960 100644
---- a/src/libopensc/card-coolkey.c
-+++ b/src/libopensc/card-coolkey.c
-@@ -1688,6 +1688,7 @@ static int coolkey_rsa_op(sc_card_t *card, const u8 * data, size_t datalen,
- 	u8 key_number;
- 	size_t params_len;
- 	u8 buf[MAX_COMPUTE_BUF + 2];
-+	size_t buf_len;
- 	u8 *buf_out;
- 
- 	SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
-@@ -1728,8 +1729,6 @@ static int coolkey_rsa_op(sc_card_t *card, const u8 * data, size_t datalen,
- 		ushort2bebytes(params.init.buf_len, 0);
- 	} else {
- 		/* The data fits in APDU. Copy it to the params object */
--		size_t buf_len;
--
- 		params.init.location = COOLKEY_CRYPT_LOCATION_APDU;
- 
- 		params_len = sizeof(params.init) + datalen;
-@@ -1749,6 +1748,7 @@ static int coolkey_rsa_op(sc_card_t *card, const u8 * data, size_t datalen,
- 	if (r < 0) {
- 		goto done;
- 	}
-+	buf_len = crypt_out_len_p;
- 
- 	if (datalen > MAX_COMPUTE_BUF) {
- 		u8 len_buf[2];
-@@ -1767,7 +1767,12 @@ static int coolkey_rsa_op(sc_card_t *card, const u8 * data, size_t datalen,
- 					priv->nonce, sizeof(priv->nonce));
- 
- 	} else {
--		size_t out_length = bebytes2ushort(buf);
-+		size_t out_length;
-+		if (buf_len < 2) {
-+			r = SC_ERROR_WRONG_LENGTH;
-+			goto done;
-+		}
-+		out_length = bebytes2ushort(buf);
- 		if (out_length > sizeof buf - 2) {
- 			r = SC_ERROR_WRONG_LENGTH;
- 			goto done;
-
-From b6754eb3b279505c6d4f09cfa1c77dcad9420468 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com>
-Date: Tue, 23 Jul 2024 10:48:32 +0200
-Subject: [PATCH 29/30] card-entersafe: Check length of serial number
-
-Thanks Matteo Marini for report
-https://github.com/OpenSC/OpenSC/security/advisories/GHSA-p3mx-7472-h3j8
-
-fuzz_pkcs15_reader/5
----
- src/libopensc/card-entersafe.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/src/libopensc/card-entersafe.c b/src/libopensc/card-entersafe.c
-index 5f6d8a424d..025ebedc91 100644
---- a/src/libopensc/card-entersafe.c
-+++ b/src/libopensc/card-entersafe.c
-@@ -1479,6 +1479,8 @@ static int entersafe_get_serialnr(sc_car
- 	r=entersafe_transmit_apdu(card, &apdu,0,0,0,0);
- 	LOG_TEST_RET(card->ctx, r, "APDU transmit failed");
- 	LOG_TEST_RET(card->ctx, sc_check_sw(card,apdu.sw1,apdu.sw2),"EnterSafe get SN failed");
-+        if (apdu.resplen != 8)
-+                LOG_TEST_RET(card->ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Invalid length of SN");
- 
- 	card->serialnr.len=serial->len=8;
- 	memcpy(card->serialnr.value,rbuf,8);
-
-From ab476044a009003262991c065b792baa053c7be5 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com>
-Date: Thu, 1 Aug 2024 10:32:40 +0200
-Subject: [PATCH 30/30] card-cardos: Check length of APDU response
-
----
- src/libopensc/card-cardos.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/src/libopensc/card-cardos.c b/src/libopensc/card-cardos.c
-index 124752d78b..595ec099e3 100644
---- a/src/libopensc/card-cardos.c
-+++ b/src/libopensc/card-cardos.c
-@@ -94,7 +94,7 @@ static void fixup_transceive_length(const struct sc_card *card,
- 
- static int cardos_match_card(sc_card_t *card)
- {
--	unsigned char atr[SC_MAX_ATR_SIZE] = { 0 };
-+	unsigned char atr[SC_MAX_ATR_SIZE] = {0};
- 	int i;
- 
- 	i = _sc_match_atr(card, cardos_atrs, &card->type);
-@@ -114,8 +114,8 @@ static int cardos_match_card(sc_card_t *card)
- 		return 1;
- 	if (card->type == SC_CARD_TYPE_CARDOS_M4_2) {
- 		int rv;
--		sc_apdu_t apdu = { 0 };
--		u8 rbuf[SC_MAX_APDU_BUFFER_SIZE] = { 0 };
-+		sc_apdu_t apdu = {0};
-+		u8 rbuf[SC_MAX_APDU_BUFFER_SIZE] = {0};
- 		/* first check some additional ATR bytes */
- 		if ((atr[4] != 0xff && atr[4] != 0x02) ||
- 		    (atr[6] != 0x10 && atr[6] != 0x0a) ||
-@@ -131,7 +131,7 @@ static int cardos_match_card(sc_card_t *card)
- 		apdu.lc = 0;
- 		rv = sc_transmit_apdu(card, &apdu);
- 		LOG_TEST_RET(card->ctx, rv, "APDU transmit failed");
--		if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00)
-+		if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00 || apdu.resplen < 2)
- 			return 0;
- 		if (apdu.resp[0] != atr[10] ||
- 		    apdu.resp[1] != atr[11])
diff --git a/meta-oe/recipes-support/opensc/files/CVE-2024-8443-0001.patch b/meta-oe/recipes-support/opensc/files/CVE-2024-8443-0001.patch
deleted file mode 100644
index 7d80aba..0000000
--- a/meta-oe/recipes-support/opensc/files/CVE-2024-8443-0001.patch
+++ /dev/null
@@ -1,60 +0,0 @@ 
-From b28a3cef416fcfb92fbb9ea7fd3c71df52c6c9fc Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jjelen@redhat.com>
-Date: Mon, 12 Aug 2024 19:02:14 +0200
-Subject: [PATCH] openpgp: Do not accept non-matching key responses
-
-When generating RSA key pair using PKCS#15 init, the driver could accept
-responses relevant to ECC keys, which made further processing in the
-pkcs15-init failing/accessing invalid parts of structures.
-
-Thanks oss-fuzz!
-
-https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=71010
-
-Signed-off-by: Jakub Jelen <jjelen@redhat.com>
-
-CVE: CVE-2024-8443
-Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/commit/b28a3cef416fcfb92fbb9ea7fd3c71df52c6c9fc]
-
-Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
----
- src/libopensc/card-openpgp.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c
-index fad32f0ce..f99ec0db9 100644
---- a/src/libopensc/card-openpgp.c
-+++ b/src/libopensc/card-openpgp.c
-@@ -2877,6 +2877,9 @@ pgp_parse_and_set_pubkey_output(sc_card_t *card, u8* data, size_t data_len,
- 
- 		/* RSA modulus */
- 		if (tag == 0x0081) {
-+			if (key_info->algorithm != SC_OPENPGP_KEYALGO_RSA) {
-+				LOG_FUNC_RETURN(card->ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED);
-+			}
- 			if ((BYTES4BITS(key_info->u.rsa.modulus_len) < len)  /* modulus_len is in bits */
- 				|| key_info->u.rsa.modulus == NULL) {
- 
-@@ -2892,6 +2895,9 @@ pgp_parse_and_set_pubkey_output(sc_card_t *card, u8* data, size_t data_len,
- 		}
- 		/* RSA public exponent */
- 		else if (tag == 0x0082) {
-+			if (key_info->algorithm != SC_OPENPGP_KEYALGO_RSA) {
-+				LOG_FUNC_RETURN(card->ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED);
-+			}
- 			if ((BYTES4BITS(key_info->u.rsa.exponent_len) < len)  /* exponent_len is in bits */
- 				|| key_info->u.rsa.exponent == NULL) {
- 
-@@ -2907,6 +2913,10 @@ pgp_parse_and_set_pubkey_output(sc_card_t *card, u8* data, size_t data_len,
- 		}
- 		/* ECC public key */
- 		else if (tag == 0x0086) {
-+			if (key_info->algorithm != SC_OPENPGP_KEYALGO_ECDSA &&
-+					key_info->algorithm != SC_OPENPGP_KEYALGO_ECDH) {
-+				LOG_FUNC_RETURN(card->ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED);
-+			}
- 			/* set the output data */
- 			/* len is ecpoint length + format byte
- 			 * see section 7.2.14 of 3.3.1 specs */
---
-2.34.1
diff --git a/meta-oe/recipes-support/opensc/files/CVE-2024-8443-0002.patch b/meta-oe/recipes-support/opensc/files/CVE-2024-8443-0002.patch
deleted file mode 100644
index 30a7e63..0000000
--- a/meta-oe/recipes-support/opensc/files/CVE-2024-8443-0002.patch
+++ /dev/null
@@ -1,55 +0,0 @@ 
-From 02e847458369c08421fd2d5e9a16a5f272c2de9e Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jjelen@redhat.com>
-Date: Thu, 15 Aug 2024 11:13:47 +0200
-Subject: [PATCH] openpgp: Avoid buffer overflow when writing fingerprint
-
-Fix also surrounding code to return error (not just log it)
-when some step fails.
-
-Thanks oss-fuzz
-
-https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=70933
-
-Signed-off-by: Jakub Jelen <jjelen@redhat.com>
-
-CVE: CVE-2024-8443
-Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/commit/02e847458369c08421fd2d5e9a16a5f272c2de9e]
-
-Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
----
- src/libopensc/card-openpgp.c | 17 ++++++++++++-----
- 1 file changed, 12 insertions(+), 5 deletions(-)
-
-diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c
-index f99ec0db9..3957440de 100644
---- a/src/libopensc/card-openpgp.c
-+++ b/src/libopensc/card-openpgp.c
-@@ -2756,14 +2756,21 @@ pgp_calculate_and_store_fingerprint(sc_card_t *card, time_t ctime,
- 	/* update the blob containing fingerprints (00C5) */
- 	sc_log(card->ctx, "Updating fingerprint blob 00C5.");
- 	fpseq_blob = pgp_find_blob(card, 0x00C5);
--	if (fpseq_blob == NULL)
--		LOG_TEST_GOTO_ERR(card->ctx, SC_ERROR_OUT_OF_MEMORY, "Cannot find blob 00C5");
-+	if (fpseq_blob == NULL) {
-+		r = SC_ERROR_OUT_OF_MEMORY;
-+		LOG_TEST_GOTO_ERR(card->ctx, r, "Cannot find blob 00C5");
-+	}
-+	if (20 * key_info->key_id > fpseq_blob->len) {
-+		r = SC_ERROR_OBJECT_NOT_VALID;
-+		LOG_TEST_GOTO_ERR(card->ctx, r, "The 00C5 blob is not large enough");
-+	}
- 
- 	/* save the fingerprints sequence */
- 	newdata = malloc(fpseq_blob->len);
--	if (newdata == NULL)
--		LOG_TEST_GOTO_ERR(card->ctx, SC_ERROR_OUT_OF_MEMORY,
--			"Not enough memory to update fingerprint blob 00C5");
-+	if (newdata == NULL) {
-+		r = SC_ERROR_OUT_OF_MEMORY;
-+		LOG_TEST_GOTO_ERR(card->ctx, r, "Not enough memory to update fingerprint blob 00C5");
-+	}
- 
- 	memcpy(newdata, fpseq_blob->data, fpseq_blob->len);
- 	/* move p to the portion holding the fingerprint of the current key */
---
-2.34.1
diff --git a/meta-oe/recipes-support/opensc/files/CVE-2025-49010.patch b/meta-oe/recipes-support/opensc/files/CVE-2025-49010.patch
deleted file mode 100644
index a0ac9fd..0000000
--- a/meta-oe/recipes-support/opensc/files/CVE-2025-49010.patch
+++ /dev/null
@@ -1,72 +0,0 @@ 
-From fd4c54b4571b2e1593a8331906b5f0ca2aa39283 Mon Sep 17 00:00:00 2001
-From: Frank Morgner <frankmorgner@gmail.com>
-Date: Thu, 22 May 2025 00:24:32 +0200
-Subject: [PATCH] fixed Stack-buffer-overflow WRITE in GET RESPONSE
-
-The do-while loop in apdu.c requires the output data to be set in any
-case, otherwise non existent data may be copied to the output data.
-
-fixes https://issues.oss-fuzz.com/issues/416351800
-fixes https://issues.oss-fuzz.com/issues/416295951
-
-(cherry picked from commit 953986f65db61871bbbff72788d861d67d5140c6)
-CVE: CVE-2025-49010
-Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/commit/953986f65db61871bbbff72788d861d67d5140c6]
-Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
----
- src/libopensc/card-nqApplet.c | 11 ++++++-----
- src/libopensc/iso7816.c       |  5 +++--
- 2 files changed, 9 insertions(+), 7 deletions(-)
-
-diff --git a/src/libopensc/card-nqApplet.c b/src/libopensc/card-nqApplet.c
-index f9075b948..90706f4b1 100644
---- a/src/libopensc/card-nqApplet.c
-+++ b/src/libopensc/card-nqApplet.c
-@@ -190,9 +190,10 @@ static int nqapplet_finish(struct sc_card *card)
- 	LOG_FUNC_RETURN(card->ctx, SC_SUCCESS);
- }
- 
--static int nqapplet_get_response(struct sc_card *card, size_t *cb_resp, u8 *resp)
-+static int
-+nqapplet_get_response(struct sc_card *card, size_t *cb_resp, u8 *resp)
- {
--	struct sc_apdu apdu;
-+	struct sc_apdu apdu = {0};
- 	int rv;
- 	size_t resplen;
- 
-@@ -204,12 +205,12 @@ static int nqapplet_get_response(struct sc_card *card, size_t *cb_resp, u8 *resp
- 
- 	rv = sc_transmit_apdu(card, &apdu);
- 	LOG_TEST_RET(card->ctx, rv, "APDU transmit failed");
--	if (apdu.resplen == 0) {
--		LOG_FUNC_RETURN(card->ctx, sc_check_sw(card, apdu.sw1, apdu.sw2));
--	}
- 
- 	*cb_resp = apdu.resplen;
- 
-+	if (apdu.resplen == 0) {
-+		LOG_FUNC_RETURN(card->ctx, sc_check_sw(card, apdu.sw1, apdu.sw2));
-+	}
- 	if (apdu.sw1 == 0x90 && apdu.sw2 == 0x00) {
- 		rv = SC_SUCCESS;
- 	} else if (apdu.sw1 == 0x61) {
-diff --git a/src/libopensc/iso7816.c b/src/libopensc/iso7816.c
-index 2fea84078..dc2f03c00 100644
---- a/src/libopensc/iso7816.c
-+++ b/src/libopensc/iso7816.c
-@@ -920,11 +920,12 @@ iso7816_get_response(struct sc_card *card, size_t *count, u8 *buf)
- 
- 	r = sc_transmit_apdu(card, &apdu);
- 	LOG_TEST_RET(card->ctx, r, "APDU transmit failed");
--	if (apdu.resplen == 0)
--		LOG_FUNC_RETURN(card->ctx, sc_check_sw(card, apdu.sw1, apdu.sw2));
- 
- 	*count = apdu.resplen;
- 
-+	if (apdu.resplen == 0) {
-+		LOG_FUNC_RETURN(card->ctx, sc_check_sw(card, apdu.sw1, apdu.sw2));
-+	}
- 	if (apdu.sw1 == 0x90 && apdu.sw2 == 0x00)
- 		r = 0;					/* no more data to read */
- 	else if (apdu.sw1 == 0x61)
diff --git a/meta-oe/recipes-support/opensc/files/CVE-2025-66037.patch b/meta-oe/recipes-support/opensc/files/CVE-2025-66037.patch
deleted file mode 100644
index 91ffe53..0000000
--- a/meta-oe/recipes-support/opensc/files/CVE-2025-66037.patch
+++ /dev/null
@@ -1,35 +0,0 @@ 
-From b1a6f86298af7dfbaa1110b86662a9d1393a7678 Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jjelen@redhat.com>
-Date: Tue, 25 Nov 2025 15:58:02 +0100
-Subject: [PATCH] pkcs15: Avoid buffer overrun on invalid data
-
-Invalid data can contain zero-length buffer, which after copying
-was dereferenced without length check
-
-Credit: Aldo Ristori
-
-Signed-off-by: Jakub Jelen <jjelen@redhat.com>
-(cherry picked from commit 65fc211015cfcac27b10d0876054156c97225f50)
-
-CVE: CVE-2025-66037
-Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/commit/65fc211015cfcac27b10d0876054156c97225f50]
-Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
----
- src/libopensc/pkcs15-pubkey.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/src/libopensc/pkcs15-pubkey.c b/src/libopensc/pkcs15-pubkey.c
-index a759efa45..48fb08cac 100644
---- a/src/libopensc/pkcs15-pubkey.c
-+++ b/src/libopensc/pkcs15-pubkey.c
-@@ -1328,6 +1328,10 @@ sc_pkcs15_pubkey_from_spki_fields(struct sc_context *ctx, struct sc_pkcs15_pubke
- 	       "sc_pkcs15_pubkey_from_spki_fields() called: %p:%"SC_FORMAT_LEN_SIZE_T"u\n%s",
- 	       buf, buflen, sc_dump_hex(buf, buflen));
- 
-+	if (buflen < 1) {
-+		LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "subjectPublicKeyInfo can not be empty");
-+	}
-+
- 	tmp_buf = malloc(buflen);
- 	if (!tmp_buf) {
- 		r = SC_ERROR_OUT_OF_MEMORY;
diff --git a/meta-oe/recipes-support/opensc/files/CVE-2025-66038.patch b/meta-oe/recipes-support/opensc/files/CVE-2025-66038.patch
deleted file mode 100644
index e5a27de..0000000
--- a/meta-oe/recipes-support/opensc/files/CVE-2025-66038.patch
+++ /dev/null
@@ -1,41 +0,0 @@ 
-From 2f5582340ac3fd2062d0f6561a13aa9b269062dd Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jjelen@redhat.com>
-Date: Tue, 18 Nov 2025 14:13:59 +0100
-Subject: [PATCH] compacttlv: Fix possible buffer overrun
-
-Fixes: GHSA-72x5-fwjx-2459
-
-Signed-off-by: Jakub Jelen <jjelen@redhat.com>
-(cherry picked from commit a20b91adc2fc66785c0df98abc8ef456c0eaab9d)
-
-CVE: CVE-2025-66038
-Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/commit/a20b91adc2fc66785c0df98abc8ef456c0eaab9d]
-Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
----
- src/libopensc/sc.c | 10 ++++++----
- 1 file changed, 6 insertions(+), 4 deletions(-)
-
-diff --git a/src/libopensc/sc.c b/src/libopensc/sc.c
-index 7c9e0d25e..eb88b9abe 100644
---- a/src/libopensc/sc.c
-+++ b/src/libopensc/sc.c
-@@ -1082,13 +1082,15 @@ const u8 *sc_compacttlv_find_tag(const u8 *buf, size_t len, u8 tag, size_t *outl
- 		size_t expected_len = tag & 0x0F;
- 
- 	        for (idx = 0; idx < len; idx++) {
--			if ((buf[idx] & 0xF0) == plain_tag && idx + expected_len < len &&
--			    (expected_len == 0 || expected_len == (buf[idx] & 0x0F))) {
-+			u8 ctag = buf[idx] & 0xF0;
-+			size_t ctag_len = buf[idx] & 0x0F;
-+			if (ctag == plain_tag && idx + ctag_len < len &&
-+					(expected_len == 0 || expected_len == ctag_len)) {
- 				if (outlen != NULL)
--					*outlen = buf[idx] & 0x0F;
-+					*outlen = ctag_len;
- 				return buf + (idx + 1);
- 			}
--			idx += (buf[idx] & 0x0F);
-+			idx += ctag_len;
-                 }
-         }
- 	return NULL;
diff --git a/meta-oe/recipes-support/opensc/files/CVE-2025-66215-1.patch b/meta-oe/recipes-support/opensc/files/CVE-2025-66215-1.patch
deleted file mode 100644
index ac2926b..0000000
--- a/meta-oe/recipes-support/opensc/files/CVE-2025-66215-1.patch
+++ /dev/null
@@ -1,29 +0,0 @@ 
-From 74a72d3a82d1f49d55ef822ededec74738a30ec4 Mon Sep 17 00:00:00 2001
-From: Frank Morgner <frankmorgner@gmail.com>
-Date: Wed, 4 Jun 2025 00:52:13 +0200
-Subject: [PATCH] fixed  Stack-buffer-overflow WRITE
-
-fixes https://issues.oss-fuzz.com/issues/421520684
-
-(cherry picked from commit eab4d17866bb457dd86d067b304294e9f6671d52)
-
-CVE: CVE-2025-66215
-Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/commit/eab4d17866bb457dd86d067b304294e9f6671d52]
-Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
----
- src/libopensc/card-oberthur.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/libopensc/card-oberthur.c b/src/libopensc/card-oberthur.c
-index d5445f01a..a8aba7992 100644
---- a/src/libopensc/card-oberthur.c
-+++ b/src/libopensc/card-oberthur.c
-@@ -1135,7 +1135,7 @@ auth_compute_signature(struct sc_card *card, const unsigned char *in, size_t ile
- 	apdu.lc = ilen;
- 	apdu.le = olen > 256 ? 256 : olen;
- 	apdu.resp = resp;
--	apdu.resplen = olen;
-+	apdu.resplen = SC_MAX_APDU_BUFFER_SIZE;
- 
- 	rv = sc_transmit_apdu(card, &apdu);
- 	LOG_TEST_RET(card->ctx, rv, "APDU transmit failed");
diff --git a/meta-oe/recipes-support/opensc/files/CVE-2025-66215-2.patch b/meta-oe/recipes-support/opensc/files/CVE-2025-66215-2.patch
deleted file mode 100644
index 316ac97..0000000
--- a/meta-oe/recipes-support/opensc/files/CVE-2025-66215-2.patch
+++ /dev/null
@@ -1,37 +0,0 @@ 
-From 5f8c904577cce1a6e21f793ba4aab1c473ff4136 Mon Sep 17 00:00:00 2001
-From: Frank Morgner <frankmorgner@gmail.com>
-Date: Wed, 4 Jun 2025 01:07:56 +0200
-Subject: [PATCH] oberthur: fixed potential Stack-buffer-overflow WRITE
-
-(cherry picked from commit 3402a90d8c9be223d4cf6abe009a4707117d7972)
-
-CVE: CVE-2025-66215
-Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/commit/3402a90d8c9be223d4cf6abe009a4707117d7972]
-Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
----
- src/libopensc/card-oberthur.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/src/libopensc/card-oberthur.c b/src/libopensc/card-oberthur.c
-index a8aba7992..216640ebd 100644
---- a/src/libopensc/card-oberthur.c
-+++ b/src/libopensc/card-oberthur.c
-@@ -2246,14 +2246,16 @@ auth_read_record(struct sc_card *card, unsigned int nr_rec, unsigned int idx,
- 	if (flags & SC_RECORD_BY_REC_NR)
- 		apdu.p2 |= 0x04;
- 
--	apdu.le = count;
--	apdu.resplen = count;
-+	apdu.le = count > SC_MAX_APDU_BUFFER_SIZE ? SC_MAX_APDU_BUFFER_SIZE : count;
-+	apdu.resplen = SC_MAX_APDU_BUFFER_SIZE;
- 	apdu.resp = recvbuf;
- 
- 	rv = sc_transmit_apdu(card, &apdu);
- 	LOG_TEST_RET(card->ctx, rv, "APDU transmit failed");
- 	if (apdu.resplen == 0)
- 		LOG_FUNC_RETURN(card->ctx, sc_check_sw(card, apdu.sw1, apdu.sw2));
-+	if (count < apdu.resplen)
-+		LOG_FUNC_RETURN(card->ctx, SC_ERROR_WRONG_LENGTH);
- 	memcpy(buf, recvbuf, apdu.resplen);
- 
- 	rv = sc_check_sw(card, apdu.sw1, apdu.sw2);
diff --git a/meta-oe/recipes-support/opensc/files/CVE-2025-66215-3.patch b/meta-oe/recipes-support/opensc/files/CVE-2025-66215-3.patch
deleted file mode 100644
index 5857abe..0000000
--- a/meta-oe/recipes-support/opensc/files/CVE-2025-66215-3.patch
+++ /dev/null
@@ -1,45 +0,0 @@ 
-From 4db6d034c9566e903e4c1094beccaf05efc4e7e5 Mon Sep 17 00:00:00 2001
-From: Frank Morgner <frankmorgner@gmail.com>
-Date: Thu, 5 Jun 2025 13:18:15 +0200
-Subject: [PATCH] oberthur: use MIN where possible
-
-(cherry picked from commit a4bbf8a631537a4c0083b264095ed1cd36d307ab)
-
-CVE: CVE-2025-66215
-Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/commit/a4bbf8a631537a4c0083b264095ed1cd36d307ab]
-Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
----
- src/libopensc/card-oberthur.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/src/libopensc/card-oberthur.c b/src/libopensc/card-oberthur.c
-index 216640ebd..3e7a7b6b9 100644
---- a/src/libopensc/card-oberthur.c
-+++ b/src/libopensc/card-oberthur.c
-@@ -606,7 +606,7 @@ auth_list_files(struct sc_card *card, unsigned char *buf, size_t buflen)
- 	if (apdu.resplen == 0x100 && rbuf[0]==0 && rbuf[1]==0)
- 		LOG_FUNC_RETURN(card->ctx, 0);
- 
--	buflen = buflen < apdu.resplen ? buflen : apdu.resplen;
-+	buflen = MIN(buflen, apdu.resplen);
- 	memcpy(buf, rbuf, buflen);
- 
- 	LOG_FUNC_RETURN(card->ctx, (int)buflen);
-@@ -1133,7 +1133,7 @@ auth_compute_signature(struct sc_card *card, const unsigned char *in, size_t ile
- 	apdu.datalen = ilen;
- 	apdu.data = in;
- 	apdu.lc = ilen;
--	apdu.le = olen > 256 ? 256 : olen;
-+	apdu.le = MIN(olen, 256);
- 	apdu.resp = resp;
- 	apdu.resplen = SC_MAX_APDU_BUFFER_SIZE;
- 
-@@ -2246,7 +2246,7 @@ auth_read_record(struct sc_card *card, unsigned int nr_rec, unsigned int idx,
- 	if (flags & SC_RECORD_BY_REC_NR)
- 		apdu.p2 |= 0x04;
- 
--	apdu.le = count > SC_MAX_APDU_BUFFER_SIZE ? SC_MAX_APDU_BUFFER_SIZE : count;
-+	apdu.le = MIN(count, SC_MAX_APDU_BUFFER_SIZE);
- 	apdu.resplen = SC_MAX_APDU_BUFFER_SIZE;
- 	apdu.resp = recvbuf;
- 
diff --git a/meta-oe/recipes-support/opensc/files/CVE-2025-66215-4.patch b/meta-oe/recipes-support/opensc/files/CVE-2025-66215-4.patch
deleted file mode 100644
index 80816aa..0000000
--- a/meta-oe/recipes-support/opensc/files/CVE-2025-66215-4.patch
+++ /dev/null
@@ -1,62 +0,0 @@ 
-From 665871f38aee0d52eba923783d4606becc7628d0 Mon Sep 17 00:00:00 2001
-From: Frank Morgner <frankmorgner@gmail.com>
-Date: Thu, 5 Jun 2025 14:04:35 +0200
-Subject: [PATCH] oberthur: use SC_MAX_APDU_RESP_SIZE where possible
-
-(cherry picked from commit 56bc5e9575965461d99a274be45d71c18ab6eae0)
-
-CVE: CVE-2025-66215
-Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/commit/56bc5e9575965461d99a274be45d71c18ab6eae0]
-Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
----
- src/libopensc/card-oberthur.c | 10 +++++-----
- 1 file changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/src/libopensc/card-oberthur.c b/src/libopensc/card-oberthur.c
-index 3e7a7b6b9..159b84aed 100644
---- a/src/libopensc/card-oberthur.c
-+++ b/src/libopensc/card-oberthur.c
-@@ -1133,7 +1133,7 @@ auth_compute_signature(struct sc_card *card, const unsigned char *in, size_t ile
- 	apdu.datalen = ilen;
- 	apdu.data = in;
- 	apdu.lc = ilen;
--	apdu.le = MIN(olen, 256);
-+	apdu.le = MIN(olen, SC_MAX_APDU_RESP_SIZE);
- 	apdu.resp = resp;
- 	apdu.resplen = SC_MAX_APDU_BUFFER_SIZE;
- 
-@@ -1180,14 +1180,14 @@ auth_decipher(struct sc_card *card, const unsigned char *in, size_t inlen,
- 	}
- 
- 	_inlen = inlen;
--	if (_inlen == 256)   {
-+	if (_inlen == SC_MAX_APDU_RESP_SIZE)   {
- 		apdu.cla |= 0x10;
- 		apdu.data = in;
- 		apdu.datalen = 8;
- 		apdu.resp = resp;
- 		apdu.resplen = SC_MAX_APDU_BUFFER_SIZE;
- 		apdu.lc = 8;
--		apdu.le = 256;
-+		apdu.le = SC_MAX_APDU_RESP_SIZE;
- 
- 		rv = sc_transmit_apdu(card, &apdu);
- 		sc_log(card->ctx, "rv %i", rv);
-@@ -1504,7 +1504,7 @@ auth_read_component(struct sc_card *card, enum SC_CARDCTL_OBERTHUR_KEY_TYPE type
- {
- 	struct sc_apdu apdu;
- 	int rv;
--	unsigned char resp[256];
-+	unsigned char resp[SC_MAX_APDU_RESP_SIZE];
- 
- 	LOG_FUNC_CALLED(card->ctx);
- 	sc_log(card->ctx, "num %i, outlen %"SC_FORMAT_LEN_SIZE_T"u, type %i",
-@@ -2160,7 +2160,7 @@ auth_read_binary(struct sc_card *card, unsigned int offset,
- 	if (auth_current_ef->magic==SC_FILE_MAGIC &&
- 			auth_current_ef->ef_structure == SC_CARDCTL_OBERTHUR_KEY_RSA_PUBLIC)   {
- 		int jj;
--		unsigned char resp[256];
-+		unsigned char resp[SC_MAX_APDU_RESP_SIZE];
- 		size_t resp_len, out_len;
- 		struct sc_pkcs15_pubkey_rsa key;
- 
diff --git a/meta-oe/recipes-support/opensc/opensc_0.25.1.bb b/meta-oe/recipes-support/opensc/opensc_0.27.1.bb
similarity index 70%
rename from meta-oe/recipes-support/opensc/opensc_0.25.1.bb
rename to meta-oe/recipes-support/opensc/opensc_0.27.1.bb
index 5f43826..08182f5 100644
--- a/meta-oe/recipes-support/opensc/opensc_0.25.1.bb
+++ b/meta-oe/recipes-support/opensc/opensc_0.27.1.bb
@@ -11,19 +11,9 @@  SECTION = "System Environment/Libraries"
 LICENSE = "LGPL-2.0-or-later"
 LIC_FILES_CHKSUM = "file://COPYING;md5=cb8aedd3bced19bd8026d96a8b6876d7"
 
-#v0.21.0
-SRCREV = "0a4b772d6fdab9bfaaa3123775a48a7cb6c5e7c6"
-SRC_URI = "git://github.com/OpenSC/OpenSC;branch=stable-0.25;protocol=https \
-           file://0001-PR-Fixes-for-uninitialized-memory-issues.patch \
-           file://CVE-2024-8443-0001.patch \
-           file://CVE-2024-8443-0002.patch \
-           file://CVE-2025-49010.patch \
-           file://CVE-2025-66037.patch \
-           file://CVE-2025-66038.patch \
-           file://CVE-2025-66215-1.patch \
-           file://CVE-2025-66215-2.patch \
-           file://CVE-2025-66215-3.patch \
-           file://CVE-2025-66215-4.patch \
+#v0.27.1
+SRCREV = "19868984dc4dc697af6a86d65ab32a1f19a43ea4"
+SRC_URI = "git://github.com/OpenSC/OpenSC;branch=master;protocol=https \
          "
 DEPENDS = "virtual/libiconv openssl"