From ef83ec30ad4ed19b13328cf13bcd6e11b04912e0 Mon Sep 17 00:00:00 2001
From: eabdullin <ed.abdullin.1@gmail.com>
Date: Mon, 15 Sep 2025 12:28:22 +0000
Subject: [PATCH] import CS opensc-0.23.0-6.el9

---
 SOURCES/opensc-0.23.0-generic-genkey.patch    | 29 +++++++++++++++++
 .../opensc-0.23.0-pkcs11-read-object.patch    | 32 +++++++++++++++++++
 SPECS/opensc.spec                             | 10 +++++-
 3 files changed, 70 insertions(+), 1 deletion(-)
 create mode 100644 SOURCES/opensc-0.23.0-generic-genkey.patch
 create mode 100644 SOURCES/opensc-0.23.0-pkcs11-read-object.patch

diff --git a/SOURCES/opensc-0.23.0-generic-genkey.patch b/SOURCES/opensc-0.23.0-generic-genkey.patch
new file mode 100644
index 0000000..2b20b19
--- /dev/null
+++ b/SOURCES/opensc-0.23.0-generic-genkey.patch
@@ -0,0 +1,29 @@
+From 6a1ff88d5c45e0b927922928cd947a95caccd4ed Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Thu, 18 May 2023 14:25:56 +0200
+Subject: [PATCH] tests: Fix the secret key test that never worked
+
+---
+ tests/common.sh                       | 6 +++++-
+ tests/test-pkcs11-tool-sign-verify.sh | 6 ++++--
+ 2 files changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/tests/common.sh b/tests/common.sh
+index 9466c8fd6d..ba7b797826 100644
+--- a/tests/common.sh
++++ b/tests/common.sh
+@@ -78,8 +78,12 @@ function card_setup() {
+ 	# Generate 521b ECC Key pair
+ 	generate_key "EC:secp521r1" "04" "ECC521"
+ 	# Generate an HMAC:SHA256 key
+-	$PKCS11_TOOL --keypairgen --key-type="GENERIC:64" --login --pin=$PIN \
++	$PKCS11_TOOL --keygen --key-type="GENERIC:64" --login --pin=$PIN \
+ 		--module="$P11LIB" --label="HMAC-SHA256"
++	if [[ "$?" -ne "0" ]]; then
++		echo "Couldn't generate GENERIC key"
++		return 1
++	fi
+ }
+ 
+ function softhsm_cleanup() {
+ 
diff --git a/SOURCES/opensc-0.23.0-pkcs11-read-object.patch b/SOURCES/opensc-0.23.0-pkcs11-read-object.patch
new file mode 100644
index 0000000..1e1c337
--- /dev/null
+++ b/SOURCES/opensc-0.23.0-pkcs11-read-object.patch
@@ -0,0 +1,32 @@
+From 63d4bd3d3900682c8d2511e259abec63ce904895 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Mon, 22 May 2023 14:58:40 +0200
+Subject: [PATCH] pkcs11-tool: Avoid dereferencing freed members when reading
+ public keys
+
+---
+ src/tools/pkcs11-tool.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
+index 85c500e223..1e9bf4bff5 100644
+--- a/src/tools/pkcs11-tool.c
++++ b/src/tools/pkcs11-tool.c
+@@ -5739,8 +5739,6 @@ static int read_object(CK_SESSION_HANDLE session)
+ 					util_fatal("cannot set OSSL_PARAM");
+ 			}
+ 			OSSL_PARAM_BLD_free(bld);
+-			OSSL_PARAM_free(old);
+-			OSSL_PARAM_free(new);
+ 			if (success)
+ 				ASN1_STRING_free(os);
+ 			free(value);
+@@ -5758,6 +5756,8 @@ static int read_object(CK_SESSION_HANDLE session)
+ 					EVP_PKEY_CTX_free(ctx);
+ 					util_fatal("cannot create EVP_PKEY");
+ 			}
++			OSSL_PARAM_free(old);
++			OSSL_PARAM_free(new);
+ 
+ #endif
+ 			if (!i2d_PUBKEY_bio(pout, pkey))
diff --git a/SPECS/opensc.spec b/SPECS/opensc.spec
index 22d4d3f..f8b1959 100644
--- a/SPECS/opensc.spec
+++ b/SPECS/opensc.spec
@@ -3,7 +3,7 @@
 
 Name:           opensc
 Version:        0.23.0
-Release:        5%{?dist}
+Release:        6%{?dist}
 Summary:        Smart card library and applications
 
 License:        LGPLv2+
@@ -59,6 +59,9 @@ Patch17:        %{name}-0.23.0-constant-time-pkcs1.5.patch
 # https://github.com/OpenSC/OpenSC/pull/3125
 # https://github.com/OpenSC/OpenSC/pull/3130
 Patch18:        %{name}-0.23.0-pkcs11-uri.patch
+# https://github.com/OpenSC/OpenSC/pull/2756
+Patch19:        %{name}-0.23.0-pkcs11-read-object.patch
+Patch20:        %{name}-0.23.0-generic-genkey.patch
 
 BuildRequires:  make
 BuildRequires:  pcsc-lite-devel
@@ -108,6 +111,8 @@ every software/card that does so, too.
 %patch16 -p1 -b .myeid-sym
 %patch17 -p1 -b .constant-time-pkcs1
 %patch18 -p1 -b .pkcs11-uri
+%patch19 -p1 -b .pkcs11-read-object
+%patch20 -p1 -b .generic-genkey
 
 cp -p src/pkcs15init/README ./README.pkcs15init
 cp -p src/scconf/README.scconf .
@@ -249,6 +254,9 @@ rm %{buildroot}%{_mandir}/man1/opensc-notify.1*
 
 
 %changelog
+* Thu Jul 21 2025 Veronika Hanulikova <vhanulik@redhat.com> - 0.23.0-6
+- Fix free before dereference when reading public key (RHEL-96029)
+
 * Thu Oct 24 2024 Veronika Hanulikova <vhanulik@redhat.com> - 0.23.0-5
 - Add URI in PKCS#11 objects and pkcs11-tool (RHEL-53115)