pam_pkcs11-32bit-0.6.10-150600.16.3.1<>,2gp9|T bwsľN]׋t.Oh\ד_r6Ow µqSrƼGQk^: u+t6kcz'͓/'*]F-xB c"9&;~[?nELVx0HWѓF%l23iODcU:M;?)G^"7N2D÷qn#$=2VC.YԽZ9^j"G$'GȶU CbV>Jj9>A\?Ld ( <&8 Nd     2Px <  (8 9  : >PGXHpIXY\]^0bdc"defluvw0xHy`]HCpam_pkcs11-32bit0.6.10150600.16.3.1PKCS #11 PAM ModuleThis Linux PAM module allows X.509 a certificate-based user authentication. The certificate and its dedicated private key are thereby accessed by means of an appropriate PKCS #11 module. For the verification of the users' certificates, locally stored CA certificates as well as online or locally accessible CRLs are used. Additionally, the package includes pam_pkcs11-related tools: * pkcs11_eventmgr: Generates actions on card insert, removal, or time-out events * pklogin_finder: Gets the login name that maps to a certificate * pkcs11_inspect: Inspects the contents of a certificate * make_hash_links: Creates hash link directories for storing CAs and CRLsgh01-ch4dSUSE Linux Enterprise 15SUSE LLC LGPL-2.1-or-laterhttps://www.suse.com/Productivity/Securityhttps://github.com/OpenSC/pam_pkcs11linuxx86_64/sbin/ldconfigp0AAggggggca014929385eb1c2fbeaa81dba8fcc1eb6d502049905084047eee09a89a35a154bf8eb0cbfa299a48697b661e6a093707b27e152433245ef8c87225f236760690ddf9aadb0168d92a818a8a59a885b0b4f3dd1c105f64e0ab736b2755041ec680054c35fab0e96030cbbacb6f1121fbf913eff1554e32896358e3c7cdfffd772rootrootrootrootrootrootrootrootrootrootrootrootpam_pkcs11-0.6.10-150600.16.3.1.src.rpmpam_pkcs11-32bitpam_pkcs11-32bit(x86-32)@@@@@@@@@@@@@@@@@@@@@@@@@@@    /bin/shlibc.so.6libc.so.6(GLIBC_2.0)libc.so.6(GLIBC_2.1)libc.so.6(GLIBC_2.1.3)libc.so.6(GLIBC_2.3)libc.so.6(GLIBC_2.3.4)libc.so.6(GLIBC_2.33)libc.so.6(GLIBC_2.34)libc.so.6(GLIBC_2.4)libc.so.6(GLIBC_2.7)libcurl.so.4libldap_r-2.4.so.2libnspr4.solibnss3.solibnss3.so(NSS_3.10)libnss3.so(NSS_3.2)libnss3.so(NSS_3.3)libnss3.so(NSS_3.4)libnss3.so(NSS_3.6)libnss3.so(NSS_3.7)libnss3.so(NSS_3.8)libnss3.so(NSS_3.9.2)libnss3.so(NSS_3.9.3)libpam.so.0libpam.so.0(LIBPAM_1.0)libpam.so.0(LIBPAM_EXTENSION_1.0)libplc4.sorpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-15.2-14.14.3gf:\P@@[v[U@Y)@Y@Yp@VO@angel.yankov@suse.comdavide.benini@suse.comsbrabec@suse.comvcizek@suse.comsbrabec@suse.comjengelh@inai.deastieger@suse.comsbrabec@suse.comantoine.belvire@laposte.netsbrabec@suse.cz- Security update fix [bsc#1237062, CVE-2025-24032], [bsc#1237058, CVE-2025-24031] * Fix CVE-2025-24032: vulnerable to authentication bypass with default value for `cert_policy` (`none`) * Fix CVE-2025-24031: vulnerable to segmentation fault on ctrl-c/ctrl-d when asked for PIN * Add pam_pkcs11-CVE-2025-24032.patch * Add pam_pkcs11-CVE-2025-24031.patch * spec: set noarch for doc pkg, add %check section- Fix for bsc#1221255: * Add patch 0001-Set-slot_num-configuration-parameter-to-0-by-default.patch- Update to version 0.6.10: * Fix some security issues (thx @frankmorgner): https://www.x41-dsec.de/lab/advisories/x41-2018-003-pam_pkcs11/ (drop 0001-verify-using-a-nonce-from-the-system-not-the-card.patch, 0002-fixed-buffer-overflow-with-long-home-directory.patch, 0003-fixed-wiping-secrets-with-OpenSSL_cleanse.patch). * Fix buffer overflow with long home directory. * Fix wiping secrets (now using OpenSSL_cleanse()). * Verify using a nonce from the system, not the card. * Fix segfalt when checking CRLs (drop pam_pkcs11-crl-check.patch). - Add rcpkcs11_eventmgr service symlink.- Address security issues found by X41 D-Sec audit (bsc#1105012) * Authentication Replay * Buffer Overflow * Memory not cleaned properly before free() - add patches: * 0001-verify-using-a-nonce-from-the-system-not-the-card.patch * 0002-fixed-buffer-overflow-with-long-home-directory.patch * 0003-fixed-wiping-secrets-with-OpenSSL_cleanse.patch- Fix segfault and fetch problems when checking CRLs (pam_pkcs11-crl-check.patch).- Repair bulletpoint that skidded in description. Trim description of %name-devel-doc, it does not cotain the programs.- add service file bsc#1049219- Updated to version 0.6.9: * Upstream web moved. * pkcs11_listcerts: Do not fail on certificate error. * Do not fail if card was already unlocked. * Other bug fixes. * Translation updates. - Drop upstreamed pam_pkcs11-0.6.8-fix-crypto-cflags.patch. - Work around incorrect upstream release process not calling "make dist". - Split API documentation into a separate package pam_pkcs11-devel-doc. - Add pam_pkcs11-fsf-address.patch.- Fix build for Tumbleweed: * Add pam_pkcs11-0.6.8-fix-crypto-cflags.patch * Rebuild configure with the bootstrap script (add libtool as build dependency)- Updated to version 0.6.8: * Code cleanup. * Bug fixes. * Translation updates./bin/sh0.6.10-150600.16.3.10.6.10-150600.16.3.1securitypam_pkcs11.sopam_pkcs11ldap_mapper.soopensc_mapper.soopenssh_mapper.so/lib//lib/security//usr/lib//usr/lib/pam_pkcs11/-fomit-frame-pointer -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:37553/SUSE_SLE-15-SP6_Update/ec9dad8a377133eb626d3e2304474659-pam_pkcs11.SUSE_SLE-15-SP6_Updatedrpmxz5x86_64-suse-linuxdirectoryELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=73af66cd863d3e8266163f43abdddcce04c045a6, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=37a14ca64040f3a219a805b50afb8913158421e6, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=b692c349b4a44a67e3b642ac0d634ffc478ebdbc, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=ae6d7e9d8154494865084e70d4894f1cc0fc5300, stripped1GRRRRRRRRRRRRRR RRR RRRRRR RR RRRRRRRRRRRRR RRR RRRRR R R RRRRRRRRRRRRR RRR RRRRR R RRRRRRRRRRRRR RRR RRRRR R Rpackageand(pam_pkcs11:pam-32bit)utf-84c6c014dd54a64874b8287e944a45392873879e1be2d39f7ebc0d12a6ee98ebe?7zXZ !t/"]"k%46]p]bI2-^n鸹hSb~"r_1k)>Pwu)58 ͘7$KN>͇ .u[*k)@͒bJ@  S|3DP&vC03> ٗ"r y8/S _627BxX-+wn%9\l&txA`ѬWw5_ȕ;NORX$[1Tb'@*J蜓mةlLLҙ }*iQŨ i$ Mst0mJƏM7.-1(5ۣMa/Nf*`HV#j竸¹`dqr~T'S6\Ih*?3JCn oĝte\HP?7|zlp[OO&L;pd&6ѽ8e4I7Eݛ=U?˶{ME4zE{ϨDuwT^g~qL DO^jcE^ͩEG&6Ti;qFk`եCss3l5+F~wƪ \珃xO[ G"pK~pw3bde~]@|yP7#DZ^[y]44E > FEb!BTbBc9iLi zCX].3-p'$31e d,P0x @voE\ٜwOH{ݰgm wO6 E^g&M6,r DՀ~}!Xtd@~t+!J"vr}/ @'OW9qUQx 꽲);/a-}Q\9ϯ]&BWjVl/if6z_9=}u_= ]vxOz"CId8VjV xIuIvO<%y^6H0]gMzMmbҾSf𾖑4\xɹm>mn% 13*gVw-M]zMϬs4}El[Ѝ1;@hcm15*m'ÆZK)n'^Rҙy[Xk#3G6À2RѰ*QxqߥxZ;dZ;QM`Q6^*ñgxKhOWH;@)lKD0xNl[5/庯<܃M8M#I?y`UU 7jXEsniv mhO 62k^hY2`/- YEqca!A]~1c[B!s=Zۀ}ݳ =f]͕x:CFk~E~د@ T+]QpxM-ESdUlП{V8/?8{=k47 .ByG+ɜZ%C+ǐ ۶6`\"ƨ\B}G4|R hB 9AMvzY֩lpJJް"3 V'aL+.dC\BW| cIGRBWL )E]4mqo76:ZgBQv*)HSl_Rƫ*P kHvoF웶g*Rxa;b]~5hr3mI~|k=A~7Y ~)fii\|Y!nv̸Ym >EeB3_[@X VX#WƄ$a{Ͼ[zV}TRvWO]:ҚZ+oU*_`1yU T`6/I6b9E6nkʬ"L`B }]j$ \HhB[5exyH!]Gtk4KJ)QQskKbxQuT_߾<ʴ\4#A 'p!]țѨ[_ig^\x4)\7YD,֚겗9Xm>@q1:CӸ~)}ݽn$yQ9Ԧ@1߂܏Ǧ ssS ˥>[yɧx\:ݯ<'m; < i\3PD hz6QEEֶi+3ޙ譵gO.KYh֪ӡ34?8RWR.K @GEdÔFOgHE]ˍ̢8;N8hÖ,qWp*=V/"?llO,(Fr#P nպ><憿#: hd&Z EjܷzS.)DSR{8&e⤰вVwӰb-zqFM餇1'Ѳn3sl6^sj0>[riҽ~*mU<Ӂ$Ql"vD#Kl- }o돹NQkIZҬ4TBcjqئa(BI%Y(}r$r^x?NnF?G  j#3里hʖqԖ #♲kON'Π@ӆ?V6[R(w-fFDL-'R)bz@VZ8hxѯ//~ƫhE|rz?%ThY\L gU&p2[D_