Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package openCryptoki for openSUSE:Factory 
checked in at 2024-09-20 17:12:26
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/openCryptoki (Old)
 and      /work/SRC/openSUSE:Factory/.openCryptoki.new.29891 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "openCryptoki"

Fri Sep 20 17:12:26 2024 rev:77 rq:1202163 version:3.24.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/openCryptoki/openCryptoki.changes        
2024-07-19 15:28:15.193374065 +0200
+++ /work/SRC/openSUSE:Factory/.openCryptoki.new.29891/openCryptoki.changes     
2024-09-20 17:13:36.235710831 +0200
@@ -1,0 +2,36 @@
+Fri Sep 20 08:33:19 UTC 2024 - Nikolay Gueorguiev <nikolay.gueorgu...@suse.com>
+
+- Upgrade openCrytoki to version 3.24
+   (jsc#PED-10291, jsc#PED-10290, jsc#PED-10241)
+  * Add support for building Opencryptoki on the IBM AIX platform
+  * Add support for the CCA token on non-IBM Z platforms (x86_64, ppc64)
+  * Add support for protecting tokens with a token specific user group
+  * EP11: Add support for combined CKA_EXTRACTABLE and 
CKA_IBM_PROTKEY_EXTRACTABLE
+  * CCA: Add support for Koblitz curve secp256k1. Requires CCA v7.2 or later
+  * CCA: Add support for IBM Dilithium (CKM_IBM_DILITHIUM). 
+    - On Linux on IBM Z: Requires CCA v7.1 or later for Round2-65, and 
+    CCA v8.0 for the Round 3 variants. 
+    - On other platforms: 
+    Requires CCA v7.2.43 or later for Round2-65, the Round 3 variants are 
currently not supported
+  * CCA: Add support for RSA-OAEP with SHA224, SHA384, and SHA512 on 
en-/decrypt. 
+    - Requires CCA v8.1 or later on Linux on IBM Z, not supported on other 
platforms
+  * CCA: Add support for PKCS#11 v3.0 SHA3 mechanisms. 
+    - Requires CCA v8.1 on Linux on IBM Z, not supported on other platforms
+  * ICA: Support new libica AES-GCM api using the KMA instruction on z14 and 
later
+  * ICA/Soft/ICSF: Add support for PKCS#11 v3.0 SHA3 mechanisms
+  * ICA/Soft: Add support for SHA based key derivation mechanisms
+  * ICA/Soft: Add support for CKD_*_SP800 KDFs for ECDH
+  * EP11/CCA/ICA/Soft: Add support for CKA_ALWAYS_AUTHENTICATE
+  * EP11/CCA: Support live guest relocation for protected key (PKEY) operations
+  * Soft: Experimental support for IBM Dilithium via OpenSSL OQS provider
+  * ICSF: Add support for SHA-2 mechanisms
+  * ICSF: Performance improvements for attribute retrieval
+  * p11sak: Add support for exporting a key or certificate as URI-PEM file
+  * p11sak: Import/export of IBM Dilithium keys in 'oqsprovider' format PEM 
files
+  * p11sak: Add option to show the master key verification patterns of secure 
keys
+  * Bug fixes
+- Amended the .spec file
+- Removed obsolete patch ocki-3.23-remove-make-install-chgrp.patchi
+- Added a new patch ocki-3.24-remove-make-install-chgrp.patch
+
+-------------------------------------------------------------------

Old:
----
  ocki-3.23-remove-make-install-chgrp.patch
  openCryptoki-3.23.0.tar.gz

New:
----
  ocki-3.24-remove-make-install-chgrp.patch
  openCryptoki-3.24.0.tar.gz

BETA DEBUG BEGIN:
  Old:- Amended the .spec file
- Removed obsolete patch ocki-3.23-remove-make-install-chgrp.patchi
- Added a new patch ocki-3.24-remove-make-install-chgrp.patch
BETA DEBUG END:

BETA DEBUG BEGIN:
  New:- Removed obsolete patch ocki-3.23-remove-make-install-chgrp.patchi
- Added a new patch ocki-3.24-remove-make-install-chgrp.patch
BETA DEBUG END:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ openCryptoki.spec ++++++
--- /var/tmp/diff_new_pack.pkFZ9q/_old  2024-09-20 17:13:36.763732826 +0200
+++ /var/tmp/diff_new_pack.pkFZ9q/_new  2024-09-20 17:13:36.763732826 +0200
@@ -27,7 +27,7 @@
 %define oc_cvs_tag opencryptoki
 
 Name:           openCryptoki
-Version:        3.23.0
+Version:        3.24.0
 Release:        0
 Summary:        An Implementation of PKCS#11 (Cryptoki) v2.11 for IBM 
Cryptographic Hardware
 License:        CPL-1.0
@@ -39,7 +39,7 @@
 Source3:        openCryptoki-rpmlintrc
 # Patch 0 is needed because group pkcs11 doesn't exist in the build environment
 # and because we don't want(?) various file and directory permissions to be 
0700.
-Patch000:       ocki-3.23-remove-make-install-chgrp.patch
+Patch000:       ocki-3.24-remove-make-install-chgrp.patch
 #
 #
 BuildRequires:  bison
@@ -136,7 +136,7 @@
 
 %prep
 # setup -q -n %{oc_cvs_tag}-%{version}
-%autosetup -p 0 -n %{oc_cvs_tag}-%{version}
+%autosetup -p 1 -n %{oc_cvs_tag}-%{version}
 
 cp %{SOURCE2} .
 
@@ -250,8 +250,6 @@
   # configuration directory
 %dir %{_sysconfdir}/opencryptoki
 %config %{_sysconfdir}/opencryptoki/opencryptoki.conf
-%config %attr(640,root,%{pkcs_group}) %{_sysconfdir}/opencryptoki/strength.conf
-%config %attr(640,root,%{pkcs_group}) 
%{_sysconfdir}/opencryptoki/p11sak_defined_attrs.conf
 %ifarch s390 s390x
 %config %{_sysconfdir}/opencryptoki/ccatok.conf
 %config %{_sysconfdir}/opencryptoki/ep11cpfilter.conf
@@ -272,6 +270,7 @@
 %{_sbindir}/pkcsicsf
 %{_sbindir}/pkcsstats
 %{_sbindir}/pkcstok_migrate
+%{_sbindir}/pkcstok_admin
 %dir %{_libdir}/opencryptoki
 %dir %{_libdir}/opencryptoki/stdll
   # State and lock directories

++++++ ocki-3.23-remove-make-install-chgrp.patch -> 
ocki-3.24-remove-make-install-chgrp.patch ++++++
--- 
/work/SRC/openSUSE:Factory/openCryptoki/ocki-3.23-remove-make-install-chgrp.patch
   2024-02-07 18:52:00.182494475 +0100
+++ 
/work/SRC/openSUSE:Factory/.openCryptoki.new.29891/ocki-3.24-remove-make-install-chgrp.patch
        2024-09-20 17:13:36.203709499 +0200
@@ -1,21 +1,26 @@
---- Makefile.am        2023-05-15 14:42:55.000000000 +0200
-+++ Makefile-3.21.am   2023-05-25 17:13:36.266936832 +0200
-@@ -39,14 +39,9 @@
+--- a/Makefile.am      2024-09-11 08:46:18.000000000 +0200
++++ b/Makefile.am      2024-09-20 11:31:30.709823171 +0200
+@@ -51,19 +51,9 @@
  include doc/doc.mk
  
  install-data-hook:
+-if AIX
+-      lsgroup $(pkcs_group) > /dev/null || $(GROUPADD) -a pkcs11
+-      lsuser $(pkcsslotd_user) > /dev/null || $(USERADD) -g $(pkcs_group) -d 
$(DESTDIR)$(RUN_PATH)/opencryptoki -c "Opencryptoki pkcsslotd user" 
$(pkcsslotd_user)
+-else
 -      getent group $(pkcs_group) > /dev/null || $(GROUPADD) -r $(pkcs_group)
--      getent passwd $(pkcsslotd_user) >/dev/null || $(USERADD) -r -g 
$(pkcs_group) -d /run/opencryptoki -s /sbin/nologin -c "Opencryptoki pkcsslotd 
user" $(pkcsslotd_user)
-       $(MKDIR_P) $(DESTDIR)/run/opencryptoki/
--      $(CHOWN) $(pkcsslotd_user):$(pkcs_group) $(DESTDIR)/run/opencryptoki/
--      $(CHGRP) $(pkcs_group) $(DESTDIR)/run/opencryptoki/
-       $(CHMOD) 0710 $(DESTDIR)/run/opencryptoki/
+-      getent passwd $(pkcsslotd_user) >/dev/null || $(USERADD) -r -g 
$(pkcs_group) -d $(RUN_PATH)/opencryptoki -s /sbin/nologin -c "Opencryptoki 
pkcsslotd user" $(pkcsslotd_user)
+-endif
+       $(MKDIR_P) $(DESTDIR)$(RUN_PATH)/opencryptoki/
+-      $(CHOWN) $(pkcsslotd_user):$(pkcs_group) 
$(DESTDIR)$(RUN_PATH)/opencryptoki/
+-      $(CHGRP) $(pkcs_group) $(DESTDIR)$(RUN_PATH)/opencryptoki/
+       $(CHMOD) 0710 $(DESTDIR)$(RUN_PATH)/opencryptoki/
        $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki
 -      $(CHGRP) $(pkcs_group) $(DESTDIR)$(localstatedir)/lib/opencryptoki
        $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki
  if ENABLE_LIBRARY
        $(MKDIR_P) $(DESTDIR)$(libdir)/opencryptoki/stdll
-@@ -66,19 +61,15 @@
+@@ -83,19 +73,15 @@
  endif
  if ENABLE_PKCSHSM_MK_CHANGE
        $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/HSM_MK_CHANGE
@@ -24,7 +29,7 @@
  endif
  if ENABLE_CCATOK
        cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
-               ln -fs libpkcs11_cca.so PKCS11_CCA.so
+               ln -fs libpkcs11_cca.$(SHLIBEXT) PKCS11_CCA.$(SHLIBEXT)
        $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ
 -      $(CHGRP) $(pkcs_group) 
$(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ
 -      $(CHGRP) $(pkcs_group) 
$(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok
@@ -35,9 +40,9 @@
        $(CHMOD) 0770 $(DESTDIR)$(lockdir)/ccatok
        test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) 
$(DESTDIR)$(sysconfdir)/opencryptoki || true
        test -f $(DESTDIR)$(sysconfdir)/opencryptoki/ccatok.conf || $(INSTALL) 
-m 644 $(srcdir)/usr/lib/cca_stdll/ccatok.conf 
$(DESTDIR)$(sysconfdir)/opencryptoki/ccatok.conf || true
-@@ -87,12 +78,9 @@
+@@ -104,12 +90,9 @@
        cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
-               ln -fs libpkcs11_ep11.so PKCS11_EP11.so
+               ln -fs libpkcs11_ep11.$(SHLIBEXT) PKCS11_EP11.$(SHLIBEXT)
        $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok/TOK_OBJ
 -      $(CHGRP) $(pkcs_group) 
$(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok/TOK_OBJ
 -      $(CHGRP) $(pkcs_group) 
$(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok
@@ -48,16 +53,9 @@
        $(CHMOD) 0770 $(DESTDIR)$(lockdir)/ep11tok
        test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) 
$(DESTDIR)$(sysconfdir)/opencryptoki || true
        test -f $(DESTDIR)$(sysconfdir)/opencryptoki/ep11tok.conf || $(INSTALL) 
-m 644 $(srcdir)/usr/lib/ep11_stdll/ep11tok.conf 
$(DESTDIR)$(sysconfdir)/opencryptoki/ep11tok.conf || true
-@@ -100,30 +88,24 @@
- endif
- if ENABLE_P11SAK
-       test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) 
$(DESTDIR)$(sysconfdir)/opencryptoki || true
--      test -f $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf 
|| $(INSTALL) -g $(pkcs_group) -m 0640 
$(srcdir)/usr/sbin/p11sak/p11sak_defined_attrs.conf 
$(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || true
-+      test -f $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf 
|| $(INSTALL)  -m 0640 $(srcdir)/usr/sbin/p11sak/p11sak_defined_attrs.conf 
$(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || true
- endif
- if ENABLE_ICATOK
+@@ -123,24 +106,18 @@
        cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
-               ln -fs libpkcs11_ica.so PKCS11_ICA.so
+               ln -fs libpkcs11_ica.$(SHLIBEXT) PKCS11_ICA.$(SHLIBEXT)
        $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ
 -      $(CHGRP) $(pkcs_group) 
$(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ
 -      $(CHGRP) $(pkcs_group) $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite
@@ -69,7 +67,7 @@
  endif
  if ENABLE_SWTOK
        cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
-               ln -fs libpkcs11_sw.so PKCS11_SW.so
+               ln -fs libpkcs11_sw.$(SHLIBEXT) PKCS11_SW.$(SHLIBEXT)
        $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ
 -      $(CHGRP) $(pkcs_group) 
$(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ
 -      $(CHGRP) $(pkcs_group) $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok
@@ -80,9 +78,9 @@
        $(CHMOD) 0770 $(DESTDIR)$(lockdir)/swtok
  endif
  if ENABLE_TPMTOK
-@@ -131,10 +113,8 @@
+@@ -148,10 +125,8 @@
        cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
-               ln -fs libpkcs11_tpm.so PKCS11_TPM.so
+               ln -fs libpkcs11_tpm.$(SHLIBEXT) PKCS11_TPM.$(SHLIBEXT)
        $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm
 -      $(CHGRP) $(pkcs_group) $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm
        $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm
@@ -91,9 +89,9 @@
        $(CHMOD) 0770 $(DESTDIR)$(lockdir)/tpm
  endif
  if ENABLE_ICSFTOK
-@@ -142,16 +122,14 @@
+@@ -159,10 +134,8 @@
        cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
-               ln -fs libpkcs11_icsf.so PKCS11_ICSF.so
+               ln -fs libpkcs11_icsf.$(SHLIBEXT) PKCS11_ICSF.$(SHLIBEXT)
        $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf
 -      $(CHGRP) $(pkcs_group) $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf
        $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf
@@ -102,16 +100,9 @@
        $(CHMOD) 0770 $(DESTDIR)$(lockdir)/icsf
  endif
  if ENABLE_DAEMON
-       test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) 
$(DESTDIR)$(sysconfdir)/opencryptoki || true
-       test -f $(DESTDIR)$(sysconfdir)/opencryptoki/opencryptoki.conf || 
$(INSTALL) -m 644 $(srcdir)/usr/sbin/pkcsslotd/opencryptoki.conf 
$(DESTDIR)$(sysconfdir)/opencryptoki/opencryptoki.conf || true
--      test -f $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || 
$(INSTALL) -m 640 -o root -g $(pkcs_group) -T 
$(srcdir)/doc/strength-example.conf 
$(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || true
-+      test -f $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || 
$(INSTALL) -m 640 -o root -T $(srcdir)/doc/strength-example.conf 
$(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || true
- endif
-       $(MKDIR_P) $(DESTDIR)/etc/ld.so.conf.d
-       echo "$(libdir)/opencryptoki" >\
-@@ -162,7 +140,6 @@
-       @echo "Remember you must run ldconfig before using the above settings"
+@@ -181,7 +154,6 @@
        @echo "--------------------------------------------------------------"
+ endif
        $(MKDIR_P) $(DESTDIR)$(lockdir) $(DESTDIR)$(logdir)
 -      $(CHGRP) $(pkcs_group) $(DESTDIR)$(lockdir) $(DESTDIR)$(logdir)
        $(CHMOD) 0770 $(DESTDIR)$(lockdir) $(DESTDIR)$(logdir)

++++++ openCryptoki-3.23.0.tar.gz -> openCryptoki-3.24.0.tar.gz ++++++
++++ 36036 lines of diff (skipped)

Reply via email to