pam_pkcs11-32bit-0.6.10-150600.16.8.1<>,3hOp9|OU z33n* ;;T<{dBsJ YxBkK BՒ5h5`Brp$љ0qgey9Oy27%ˠUrT_/QrlOq8rxr?Ӈ&F˂&9k-PgH M͸L En:XrR,bu=4]Oq$*a@E0.<>Ah?Xd ( <&8 Nd     2Px <  (8 9  : >ZGdH|IXY\]^<bpc.defluvw<xTyl] TCpam_pkcs11-32bit0.6.10150600.16.8.1PKCS #11 PAM ModuleThis Linux PAM module allows X.509 a certificate-based user authentication. The certificate and its dedicated private key are thereby accessed by means of an appropriate PKCS #11 module. For the verification of the users' certificates, locally stored CA certificates as well as online or locally accessible CRLs are used. Additionally, the package includes pam_pkcs11-related tools: * pkcs11_eventmgr: Generates actions on card insert, removal, or time-out events * pklogin_finder: Gets the login name that maps to a certificate * pkcs11_inspect: Inspects the contents of a certificate * make_hash_links: Creates hash link directories for storing CAs and CRLshOh01-ch2cSUSE Linux Enterprise 15SUSE LLC LGPL-2.1-or-laterhttps://www.suse.com/Productivity/Securityhttps://github.com/OpenSC/pam_pkcs11linuxx86_64/sbin/ldconfigp0AAhOhOhOhOhOhOce9d888a8084c2c3a047db5cfca41ce9b301b5e8fd51ee3b868e7c649b2eebf89ba4cbc962dfb27f16c344c22d6b654fc094201daf6586a5979fc381640dacd2eb453fc0acb359a0106f30acc5a7ed47e51134252dc822a2d8e88e5e01eb2b4d9fd4d0adcb7e6e0247730bfd889d37eee9d47050bc5f4dd98457fe94651add4crootrootrootrootrootrootrootrootrootrootrootrootpam_pkcs11-0.6.10-150600.16.8.1.src.rpmpam_pkcs11-32bitpam_pkcs11-32bit(x86-32)@@@@@@@@@@@@@@@@@@@@@@@@@@@    /bin/shlibc.so.6libc.so.6(GLIBC_2.0)libc.so.6(GLIBC_2.1)libc.so.6(GLIBC_2.1.3)libc.so.6(GLIBC_2.3)libc.so.6(GLIBC_2.3.4)libc.so.6(GLIBC_2.33)libc.so.6(GLIBC_2.34)libc.so.6(GLIBC_2.4)libc.so.6(GLIBC_2.7)libcurl.so.4libldap_r-2.4.so.2libnspr4.solibnss3.solibnss3.so(NSS_3.10)libnss3.so(NSS_3.2)libnss3.so(NSS_3.3)libnss3.so(NSS_3.4)libnss3.so(NSS_3.6)libnss3.so(NSS_3.7)libnss3.so(NSS_3.8)libnss3.so(NSS_3.9.2)libnss3.so(NSS_3.9.3)libpam.so.0libpam.so.0(LIBPAM_1.0)libpam.so.0(LIBPAM_EXTENSION_1.0)libplc4.sorpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-15.2-14.14.3h+@gf:\P@@[v[U@Y)@Y@Yp@Vvalentin.lefebvre@suse.comangel.yankov@suse.comdavide.benini@suse.comsbrabec@suse.comvcizek@suse.comsbrabec@suse.comjengelh@inai.deastieger@suse.comsbrabec@suse.comantoine.belvire@laposte.net- Removes pam_env from auth stack for security reason [bsc#1243226, CVE-2025-6018]- Security update fix [bsc#1237062, CVE-2025-24032], [bsc#1237058, CVE-2025-24031] * Fix CVE-2025-24032: vulnerable to authentication bypass with default value for `cert_policy` (`none`) * Fix CVE-2025-24031: vulnerable to segmentation fault on ctrl-c/ctrl-d when asked for PIN * Add pam_pkcs11-CVE-2025-24032.patch * Add pam_pkcs11-CVE-2025-24031.patch * spec: set noarch for doc pkg, add %check section- Fix for bsc#1221255: * Add patch 0001-Set-slot_num-configuration-parameter-to-0-by-default.patch- Update to version 0.6.10: * Fix some security issues (thx @frankmorgner): https://www.x41-dsec.de/lab/advisories/x41-2018-003-pam_pkcs11/ (drop 0001-verify-using-a-nonce-from-the-system-not-the-card.patch, 0002-fixed-buffer-overflow-with-long-home-directory.patch, 0003-fixed-wiping-secrets-with-OpenSSL_cleanse.patch). * Fix buffer overflow with long home directory. * Fix wiping secrets (now using OpenSSL_cleanse()). * Verify using a nonce from the system, not the card. * Fix segfalt when checking CRLs (drop pam_pkcs11-crl-check.patch). - Add rcpkcs11_eventmgr service symlink.- Address security issues found by X41 D-Sec audit (bsc#1105012) * Authentication Replay * Buffer Overflow * Memory not cleaned properly before free() - add patches: * 0001-verify-using-a-nonce-from-the-system-not-the-card.patch * 0002-fixed-buffer-overflow-with-long-home-directory.patch * 0003-fixed-wiping-secrets-with-OpenSSL_cleanse.patch- Fix segfault and fetch problems when checking CRLs (pam_pkcs11-crl-check.patch).- Repair bulletpoint that skidded in description. Trim description of %name-devel-doc, it does not cotain the programs.- add service file bsc#1049219- Updated to version 0.6.9: * Upstream web moved. * pkcs11_listcerts: Do not fail on certificate error. * Do not fail if card was already unlocked. * Other bug fixes. * Translation updates. - Drop upstreamed pam_pkcs11-0.6.8-fix-crypto-cflags.patch. - Work around incorrect upstream release process not calling "make dist". - Split API documentation into a separate package pam_pkcs11-devel-doc. - Add pam_pkcs11-fsf-address.patch.- Fix build for Tumbleweed: * Add pam_pkcs11-0.6.8-fix-crypto-cflags.patch * Rebuild configure with the bootstrap script (add libtool as build dependency)/bin/sh0.6.10-150600.16.8.10.6.10-150600.16.8.1securitypam_pkcs11.sopam_pkcs11ldap_mapper.soopensc_mapper.soopenssh_mapper.so/lib//lib/security//usr/lib//usr/lib/pam_pkcs11/-fomit-frame-pointer -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:38821/SUSE_SLE-15-SP6_Update/ccb54b8152a4531969b6e4c51545deaf-pam_pkcs11.SUSE_SLE-15-SP6_Updatedrpmxz5x86_64-suse-linuxdirectoryELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=6127273e8ac60d6a8bd576a003360269f8ef818e, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=1ba7cf336c4603ada1a70aeed45f3bee851a551b, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=9712ed94de2d1b05946b3a548630837742090e4e, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=03b02dd9eb2c32d5e9a013de64c25ea736e3c787, stripped1GRRRRRRRRRRRRRR RRR RRRRRR RR RRRRRRRRRRRRR RRR RRRRR R R RRRRRRRRRRRRR RRR RRRRR R RRRRRRRRRRRRR RRR RRRRR R Rpackageand(pam_pkcs11:pam-32bit)utf-8557e093beb8849e6dd826710f6f2f46c1dfa1d16e748d93f171eae225dffeef6?7zXZ !t/# ]"k%46]p]bI2-^n鸹hSb~"r_1k#_>fE.*0*oF//-F?4P .R߳2l٤E& `qѕDV" QBD4F?}ӠCG5()}[8F1WqˇV^4+5;N&S@PGqq@:#TTe@fu3;AlEp s199zjqV#"lr!xPyZ= "oر~x3)&k!*{[Fj@n*`ABRʼ**HuHh=kaPvˢ+~x?'^hK}U 2(N9d4Ֆ[y,1ĥ'0&yPgf/]Ouֺ W%V<=NQ;k'@pʁJO`bƶloaUSy36v>*HlI~7ge-v˙"x{5zM "UFh*d>2hd7֤."`'cjWUZ ҍc VԂP Lc{DV%P7.jp;~N4M$A<2]>埲W`;gY˪`y"x|]%2o:VNpR((_m~g xفgi{:K̎}񜏁Zѱ:,h%XjBcYF1Y>ILA:)Y_ๆHFנ9"4xyWCz8QV=(!&NF`Qd[qEψs:HUs#$+LYiD } SMC/A l<a1cH]Ue vjð\h S~{B:Mr3\JVNfxSTګOƢۀ )*9Lsp0_e&,Kn;Ŀv}&|W@IӜGՖtљfxpMU@\-Ԝ?VW3ƇUaNT7 7 u7BtW3)b9h1B'i0[Z74~ঘ [fqV ]PފNZŝUTS)ۑ#WZOk ZX[߁%b-0lJ,,I/ӝކ9"*r֏lLAdvW1D( ][vPW&U%'.mT2l:ʇ{nTWY+.6ICz{8+pBӑwIGɠXK3Ӌvff#yc ^bZ/}~dޘ+bX14Uy VX[9SHWiK7O{7Tṇ:Ĭ\1@9C3!E@6}ϷXĭi@kmNj_#e-DMQ8lowdx 3-7R%Y1ăe\z@@:By7Ryo *]b2¦ܩaA\Aֵxzf w)<gAV.P#ff{M%gM9+<,u~U%/ۙԼsmA?3Ct̿GI_rQ ^8u4ppj~YØI?T9A! b QI Z ~K׊8@$a%|y]0Mծq7slv5[U)@12KaT4 "ӫ(pW%u[Vuh|Si0:#9fŬɳ3jwՇ*`,̜FvɯU P*;RڥZ4kE=1_U[\!&"/,f#U"?9)\r/v@Ifva/=۹rh0Kش.LkunX F5oBM^!NSQK$ZyZGƙw6ڥz2cB6"? KcNbxl%~ {%)\3E]V.+RrY+њbz+?}뒋>QFrPPc~W dI4GP26B"Ԓ;O*tΜ|X39agq0^n0Y0bI"~L"٨߼.Şd4Dl.|8$;v m / _-&M*C.|>s.2.pŊ`:yjuxb\7b!*jýZI,Tn~@:p "i{(uYBJj,"zޙB Pc}Q`l5u21rzY1obfRg_O2D ɽԴ?ԜmW2@}R1CvXk/88j S0g:/֑;mQa?5x#bHh,\}2JrKþ#YS'Mr1BWя[d[{Չw\ϞD-Wun6jB|{;oQ;j2O}!O,yZ^Aӊ1ҧZΧJ^^KRV'X9)O-@"#-L,N l. 8zUriL2WS&R *B'9,D$ȹ ȷ-CVSОD)y70n(j]9Jot]^c0V,Ԫ0nD*ra'ҟ(DHu`>8Rc/0$,#L8L+v*u Ȑo#.1-!9!3Xqq 5b%jg>kT->(>}«8mOc6 G 19U@9 1 ,aGQGI6[B|->zWԝ=2$PA/>YDq٦lK$*GM&ґ%̆h^o B jK $ [\v`DUHpHF+oI,WEd k&ltegɦ7[&F0Gyt<Έ'i즏yDmLE .w\02msEid~#P4G`P۬t]d\*;Ty>-NeroBy9 ƆLB|̩yDST6.(ohE~{FwmΡ GlZ/g=5Dل'NһZ凿%kϰţUyœ&g( 73y-mӏG>.@Rpb| +"|qCj׸Uk"4rj"j`@~#ׅt4kګȾxfQcgԓٽ7[.[yRxR&V0c`(-65vGkwie0F3qM@$9eBC  '!֖n:!; i$O>\>OljVծ*< #t] X/.ˤ;l7^])׆|bC8]bН鶢޽>)5hk,BΥ}yWz ~D_ϦaThБtW4ҿzo۸hC*fz2qoݹ+f6O\^aF[:5f\/؉`gbQ.ݳp >0l΄y3pˠݻ ҕEɵؘ׆2c>ϔтlZcn`GO Q`}Q_CVcJFrV"1'hnB=0ss|_>cg P)oU}\d5[WuEۉC׏8x %Xd^CsK?.Xä[|8)) gOLf/wREeb !Xig,n-(FyP YZ