diff --git a/SOURCES/opensc-0.16.0-cardos5.patch b/SOURCES/opensc-0.16.0-cardos5.patch
new file mode 100644
index 0000000..648c351
--- /dev/null
+++ b/SOURCES/opensc-0.16.0-cardos5.patch
@@ -0,0 +1,126 @@
+From 60dbebf511cf6112e5fc2c3549ce38881847b121 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Tue, 22 Aug 2017 10:46:26 +0200
+Subject: [PATCH] Parse the ECC parameters from TokenInfo (CHOICE in
+ AlgorithmInfo)
+
+Fixes #1134
+---
+ src/libopensc/opensc.h |  1 +
+ src/libopensc/pkcs15.c | 40 +++++++++++++++++++++++++++++++++-------
+ 2 files changed, 34 insertions(+), 7 deletions(-)
+
+diff --git a/src/libopensc/opensc.h b/src/libopensc/opensc.h
+index f81f27e3a..688c14003 100644
+--- a/src/libopensc/opensc.h
++++ b/src/libopensc/opensc.h
+@@ -163,6 +163,7 @@ extern "C" {
+ struct sc_supported_algo_info {
+ 	unsigned int reference;
+ 	unsigned int mechanism;
++	struct sc_object_id *parameters; /* OID for ECC, NULL for RSA */
+ 	unsigned int operations;
+ 	struct sc_object_id algo_id;
+ 	unsigned int algo_ref;
+diff --git a/src/libopensc/pkcs15.c b/src/libopensc/pkcs15.c
+index 05fe03061..ba99c8af9 100644
+--- a/src/libopensc/pkcs15.c
++++ b/src/libopensc/pkcs15.c
+@@ -50,13 +50,19 @@ static const struct sc_asn1_entry c_asn1_twlabel[] = {
+ static const struct sc_asn1_entry c_asn1_algorithm_info[7] = {
+ 	{ "reference",		SC_ASN1_INTEGER,	SC_ASN1_TAG_INTEGER,	0, NULL, NULL },
+ 	{ "algorithmPKCS#11",	SC_ASN1_INTEGER,	SC_ASN1_TAG_INTEGER,	0, NULL, NULL },
+-	{ "parameters",		SC_ASN1_NULL,		SC_ASN1_TAG_NULL,	0, NULL, NULL },
++	{ "parameters",		SC_ASN1_CHOICE,		0,			0, NULL, NULL },
+ 	{ "supportedOperations",SC_ASN1_BIT_FIELD,	SC_ASN1_TAG_BIT_STRING,	0, NULL, NULL },
+ 	{ "objId",		SC_ASN1_OBJECT,		SC_ASN1_TAG_OBJECT,	SC_ASN1_OPTIONAL, NULL, NULL },
+ 	{ "algRef",		SC_ASN1_INTEGER,	SC_ASN1_TAG_INTEGER,	SC_ASN1_OPTIONAL, NULL, NULL },
+ 	{ NULL, 0, 0, 0, NULL, NULL }
+ };
+ 
++static const struct sc_asn1_entry c_asn1_algorithm_info_parameters[3] = {
++	{ "PKCS15RSAParameters",SC_ASN1_NULL,		SC_ASN1_TAG_NULL,	0, NULL, NULL },
++	{ "PKCS15ECParameters",	SC_ASN1_OBJECT,		SC_ASN1_TAG_OBJECT,	0, NULL, NULL },
++	{ NULL, 0, 0, 0, NULL, NULL }
++};
++
+ /*
+  * in src/libopensc/types.h SC_MAX_SUPPORTED_ALGORITHMS  defined as 8
+  */
+@@ -134,9 +140,11 @@ int sc_pkcs15_parse_tokeninfo(sc_context_t *ctx,
+ 	u8 preferred_language[3];
+ 	size_t lang_length = sizeof(preferred_language);
+ 	struct sc_asn1_entry asn1_supported_algorithms[SC_MAX_SUPPORTED_ALGORITHMS + 1],
+-			asn1_algo_infos[SC_MAX_SUPPORTED_ALGORITHMS][7];
++			asn1_algo_infos[SC_MAX_SUPPORTED_ALGORITHMS][7],
++			asn1_algo_infos_parameters[SC_MAX_SUPPORTED_ALGORITHMS][3];
+ 	size_t reference_len = sizeof(ti->supported_algos[0].reference);
+ 	size_t mechanism_len = sizeof(ti->supported_algos[0].mechanism);
++	size_t parameter_len = sizeof(ti->supported_algos[0].parameters);
+ 	size_t operations_len = sizeof(ti->supported_algos[0].operations);
+ 	size_t algo_ref_len = sizeof(ti->supported_algos[0].algo_ref);
+ 
+@@ -152,14 +160,22 @@ int sc_pkcs15_parse_tokeninfo(sc_context_t *ctx,
+ 	sc_format_asn1_entry(asn1_twlabel, label, &label_len, 0);
+ 	sc_copy_asn1_entry(c_asn1_profile_indication, asn1_profile_indication);
+ 
+-	for (ii=0; ii<SC_MAX_SUPPORTED_ALGORITHMS; ii++)
++	for (ii=0; ii<SC_MAX_SUPPORTED_ALGORITHMS; ii++) {
+ 		sc_copy_asn1_entry(c_asn1_algorithm_info, asn1_algo_infos[ii]);
++		sc_copy_asn1_entry(c_asn1_algorithm_info_parameters,
++			asn1_algo_infos_parameters[ii]);
++	}
+ 	sc_copy_asn1_entry(c_asn1_supported_algorithms, asn1_supported_algorithms);
+ 
+ 	for (ii=0; ii<SC_MAX_SUPPORTED_ALGORITHMS; ii++)   {
+ 		sc_format_asn1_entry(asn1_algo_infos[ii] + 0, &ti->supported_algos[ii].reference, &reference_len, 0);
+ 		sc_format_asn1_entry(asn1_algo_infos[ii] + 1, &ti->supported_algos[ii].mechanism, &mechanism_len, 0);
+-		sc_format_asn1_entry(asn1_algo_infos[ii] + 2, NULL, NULL, 0);
++		sc_format_asn1_entry(asn1_algo_infos[ii] + 2,
++			asn1_algo_infos_parameters[ii], NULL, 0);
++		sc_format_asn1_entry(asn1_algo_infos_parameters[ii] + 0,
++			NULL, NULL, 0);
++		sc_format_asn1_entry(asn1_algo_infos_parameters[ii] + 1,
++			&ti->supported_algos[ii].parameters, &parameter_len, 0);
+ 		sc_format_asn1_entry(asn1_algo_infos[ii] + 3, &ti->supported_algos[ii].operations, &operations_len, 0);
+ 		sc_format_asn1_entry(asn1_algo_infos[ii] + 4, &ti->supported_algos[ii].algo_id, NULL, 1);
+ 		sc_format_asn1_entry(asn1_algo_infos[ii] + 5, &ti->supported_algos[ii].algo_ref, &algo_ref_len, 0);
+@@ -270,9 +286,11 @@ sc_pkcs15_encode_tokeninfo(sc_context_t *ctx, sc_pkcs15_tokeninfo_t *ti,
+ 	struct sc_asn1_entry asn1_toki_attrs[C_ASN1_TOKI_ATTRS_SIZE];
+ 	struct sc_asn1_entry asn1_tokeninfo[2];
+ 	struct sc_asn1_entry asn1_supported_algorithms[SC_MAX_SUPPORTED_ALGORITHMS + 1],
+-			asn1_algo_infos[SC_MAX_SUPPORTED_ALGORITHMS][7];
++			asn1_algo_infos[SC_MAX_SUPPORTED_ALGORITHMS][7],
++			asn1_algo_infos_parameters[SC_MAX_SUPPORTED_ALGORITHMS][3];
+ 	size_t reference_len = sizeof(ti->supported_algos[0].reference);
+ 	size_t mechanism_len = sizeof(ti->supported_algos[0].mechanism);
++	size_t parameter_len = sizeof(ti->supported_algos[0].parameters);
+ 	size_t operations_len = sizeof(ti->supported_algos[0].operations);
+ 	size_t algo_ref_len = sizeof(ti->supported_algos[0].algo_ref);
+ 	struct sc_asn1_entry asn1_last_update[C_ASN1_LAST_UPDATE_SIZE];
+@@ -283,14 +301,22 @@ sc_pkcs15_encode_tokeninfo(sc_context_t *ctx, sc_pkcs15_tokeninfo_t *ti,
+ 	sc_copy_asn1_entry(c_asn1_last_update, asn1_last_update);
+ 	sc_copy_asn1_entry(c_asn1_profile_indication, asn1_profile_indication);
+ 
+-	for (ii=0; ii<SC_MAX_SUPPORTED_ALGORITHMS && ti->supported_algos[ii].reference; ii++)
++	for (ii=0; ii<SC_MAX_SUPPORTED_ALGORITHMS && ti->supported_algos[ii].reference; ii++) {
+ 		sc_copy_asn1_entry(c_asn1_algorithm_info, asn1_algo_infos[ii]);
++		sc_copy_asn1_entry(c_asn1_algorithm_info_parameters,
++			asn1_algo_infos_parameters[ii]);
++	}
+ 	sc_copy_asn1_entry(c_asn1_supported_algorithms, asn1_supported_algorithms);
+ 
+ 	for (ii=0; ii<SC_MAX_SUPPORTED_ALGORITHMS && ti->supported_algos[ii].reference; ii++)   {
+ 		sc_format_asn1_entry(asn1_algo_infos[ii] + 0, &ti->supported_algos[ii].reference, &reference_len, 1);
+ 		sc_format_asn1_entry(asn1_algo_infos[ii] + 1, &ti->supported_algos[ii].mechanism, &mechanism_len, 1);
+-		sc_format_asn1_entry(asn1_algo_infos[ii] + 2, NULL, NULL, 0);
++		sc_format_asn1_entry(asn1_algo_infos[ii] + 2,
++			asn1_algo_infos_parameters[ii], NULL, 0);
++		sc_format_asn1_entry(asn1_algo_infos_parameters[ii] + 0,
++			NULL, NULL, 0);
++		sc_format_asn1_entry(asn1_algo_infos_parameters[ii] + 1,
++			&ti->supported_algos[ii].parameters, &parameter_len, 0);
+ 		sc_format_asn1_entry(asn1_algo_infos[ii] + 3, &ti->supported_algos[ii].operations, &operations_len, 1);
+ 		sc_format_asn1_entry(asn1_algo_infos[ii] + 4, &ti->supported_algos[ii].algo_id, NULL, 1);
+ 		sc_format_asn1_entry(asn1_algo_infos[ii] + 5, &ti->supported_algos[ii].algo_ref, &algo_ref_len, 1);
+
diff --git a/SOURCES/opensc-0.16.0-ecdsa-ec-point.patch b/SOURCES/opensc-0.16.0-ecdsa-ec-point.patch
new file mode 100644
index 0000000..3930bb1
--- /dev/null
+++ b/SOURCES/opensc-0.16.0-ecdsa-ec-point.patch
@@ -0,0 +1,27 @@
+From ea4baf50d57a7a41164fedcd1b10fdb0438305c5 Mon Sep 17 00:00:00 2001
+From: AnthonyA <ascanio.alba7@gmail.com>
+Date: Mon, 19 Mar 2018 15:58:21 +0800
+Subject: [PATCH] pkcs11-tool: make ECPoint behaviour standards compliant by
+ default
+
+Fixes #1286. The behaviour of pkcs11-tool will follow the standard -
+send DER. If EC_POINT_NO_ASN1_OCTET_STRING is defined then it will
+write plain bytes.
+---
+ src/tools/pkcs11-tool.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
+index 876bba2dc..63e5c5f7f 100644
+--- a/src/tools/pkcs11-tool.c
++++ b/src/tools/pkcs11-tool.c
+@@ -2632,7 +2632,7 @@ parse_ec_pkey(EVP_PKEY *pkey, int private, struct gostkey_info *gost)
+ 		header_len = point-gost->public.value;
+ 		memcpy(point, buf, point_len);
+ 		gost->public.len = header_len+point_len;
+-#ifndef EC_POINT_NO_ASN1_OCTET_STRING // workaround for non-compliant cards not expecting DER encoding
++#ifdef EC_POINT_NO_ASN1_OCTET_STRING // workaround for non-compliant cards not expecting DER encoding
+ 		gost->public.len   -= header_len;
+ 		gost->public.value += header_len;
+ #endif
+
diff --git a/SOURCES/opensc-0.16.0-hexadecimal-mechanism.patch b/SOURCES/opensc-0.16.0-hexadecimal-mechanism.patch
new file mode 100644
index 0000000..2e30934
--- /dev/null
+++ b/SOURCES/opensc-0.16.0-hexadecimal-mechanism.patch
@@ -0,0 +1,50 @@
+From 74885fb1c174468cc0a505cd7404e228d465efd8 Mon Sep 17 00:00:00 2001
+From: AnthonyA <ascanio.alba7@gmail.com>
+Date: Tue, 27 Mar 2018 00:48:05 +0000
+Subject: [PATCH] pkcs11-tool: allow mechanism to be specified in hexadecimal
+
+To support vendor mechanisms, let -m accept hexadecimal strings,
+e.g., -m 0x80001234
+---
+ doc/tools/pkcs11-tool.1.xml | 3 ++-
+ src/tools/pkcs11-tool.c     | 5 ++++-
+ 2 files changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/doc/tools/pkcs11-tool.1.xml b/doc/tools/pkcs11-tool.1.xml
+index f8d638b45..e78570b10 100644
+--- a/doc/tools/pkcs11-tool.1.xml
++++ b/doc/tools/pkcs11-tool.1.xml
+@@ -231,7 +231,8 @@
+ 					</term>
+ 					<listitem><para>Use the specified <replaceable>mechanism</replaceable>
+ 					for token operations. See <option>-M</option> for a list
+-					of mechanisms supported by your token.</para></listitem>
++					of mechanisms supported by your token. The mechanism can also be specified in
++					hexadecimal, e.g., <replaceable>0x80001234</replaceable>.</para></listitem>
+ 				</varlistentry>
+ 
+ 				<varlistentry>
+diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
+index 63e5c5f7f..484c019d8 100644
+--- a/src/tools/pkcs11-tool.c
++++ b/src/tools/pkcs11-tool.c
+@@ -234,7 +234,7 @@ static const char *option_help[] = {
+ 	"Hash some data",
+ 	"Derive a secret key using another key and some data",
+ 	"Derive ECDHpass DER encoded pubkey for compatibility with some PKCS#11 implementations",
+-	"Specify mechanism (use -M for a list of supported mechanisms)",
++	"Specify mechanism (use -M for a list of supported mechanisms), or by hexadecimal, e.g., 0x80001234",
+ 
+ 	"Log into the token first",
+ 	"Specify login type ('so', 'user', 'context-specific'; default:'user')",
+@@ -6076,6 +6076,9 @@ static CK_MECHANISM_TYPE p11_name_to_mechanism(const char *name)
+ {
+ 	struct mech_info *mi;
+ 
++	if (strncasecmp("0x", name, 2) == 0) {
++		return strtoul(name, NULL, 0);
++	}
+ 	for (mi = p11_mechanisms; mi->name; mi++) {
+ 		if (!strcasecmp(mi->name, name)
+ 		 || (mi->short_name && !strcasecmp(mi->short_name, name)))
+
diff --git a/SOURCES/opensc-0.16.0-pinpad.patch b/SOURCES/opensc-0.16.0-pinpad.patch
new file mode 100644
index 0000000..5611c93
--- /dev/null
+++ b/SOURCES/opensc-0.16.0-pinpad.patch
@@ -0,0 +1,13 @@
+diff -up OpenSC-777e2a3751e3f6d53f056c98e9e20e42af674fb1/etc/opensc.conf.in.pinpad OpenSC-777e2a3751e3f6d53f056c98e9e20e42af674fb1/etc/opensc.conf.in
+--- OpenSC-777e2a3751e3f6d53f056c98e9e20e42af674fb1/etc/opensc.conf.in.pinpad	2018-05-28 14:30:05.605085241 +0200
++++ OpenSC-777e2a3751e3f6d53f056c98e9e20e42af674fb1/etc/opensc.conf.in	2018-05-28 14:31:00.963495548 +0200
+@@ -101,7 +101,8 @@ app default {
+ 		#
+ 		# Enable pinpad if detected (PC/SC v2.0.2 Part 10)
+ 		# Default: true
+-		# enable_pinpad = false;
++		# RHEL 7.6: Disabled by default, because of many broken readers
++		enable_pinpad = false;
+ 		#
+ 		# Use specific pcsc provider.
+ 		# Default: @DEFAULT_PCSC_PROVIDER@
diff --git a/SPECS/opensc.spec b/SPECS/opensc.spec
index db1479f..e8de4b6 100644
--- a/SPECS/opensc.spec
+++ b/SPECS/opensc.spec
@@ -3,7 +3,7 @@
 
 Name:           opensc
 Version:        0.16.0
-Release:        8.20170227git%{shortcommit0}%{?dist}
+Release:        10.20170227git%{shortcommit0}%{?dist}
 Summary:        Smart card library and applications
 
 Group:          System Environment/Libraries
@@ -27,6 +27,14 @@ Patch6:		opensc-0.16.0-cac-alt.patch
 Patch7:		opensc-0.16.0-coolkey-labels.patch
 # Properly parse multi-byte length (#1473418)
 Patch8:		opensc-0.16.0-simpletlv.patch
+# Disable pinpad by default (#1547117, #1547744)
+Patch9:		opensc-0.16.0-pinpad.patch
+# https://github.com/OpenSC/OpenSC/commit/74885fb
+Patch10:	opensc-0.16.0-hexadecimal-mechanism.patch
+# https://github.com/OpenSC/OpenSC/commit/ea4baf5
+Patch11:	opensc-0.16.0-ecdsa-ec-point.patch
+# https://github.com/OpenSC/OpenSC/commit/60dbebf
+Patch12:	opensc-0.16.0-cardos5.patch
 
 BuildRequires:  pcsc-lite-devel
 BuildRequires:  readline-devel
@@ -60,6 +68,10 @@ every software/card that does so, too.
 %patch6 -p1 -b .cac-alt
 %patch7 -p1 -b .coolkey-labels
 %patch8 -p1 -b .simpletlv
+%patch9 -p1 -b .pinpad
+%patch10 -p1 -b .hex-mech
+%patch11 -p1 -b .ec-point
+%patch12 -p1 -b .cardos5
 
 cp -p src/pkcs15init/README ./README.pkcs15init
 cp -p src/scconf/README.scconf .
@@ -166,6 +178,14 @@ rm -rf %{buildroot}%{_sysconfdir}/bash_completion.d/
 
 
 %changelog
+* Tue Jul 03 2018 Jakub Jelen <jjelen@redhat.com> - 0.16.0-10.20170227git
+- Improve support for ECC-enabled CardOS 5.3 card (#1562277)
+
+* Tue Jun 19 2018 Jakub Jelen <jjelen@redhat.com> - 0.16.0-9.20170227git
+- make ECPoint behavior standards compliant by default (#1562572)
+- allow mechanism to be specified in hexadecimal (#1562572)
+- Disable pinpad by default (#1547117, #1547744)
+
 * Wed Jan 03 2018 Jakub Jelen <jjelen@redhat.com> - 0.16.0-8.20170227git
 - Copy labels from certificate (#1448555)
 - Avoid infinite loop in CAC driver when reading non-CAC cards (#1473335)