Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openCryptoki for openSUSE:Factory checked in at 2024-09-20 17:12:26 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openCryptoki (Old) and /work/SRC/openSUSE:Factory/.openCryptoki.new.29891 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openCryptoki" Fri Sep 20 17:12:26 2024 rev:77 rq:1202163 version:3.24.0 Changes: -------- --- /work/SRC/openSUSE:Factory/openCryptoki/openCryptoki.changes 2024-07-19 15:28:15.193374065 +0200 +++ /work/SRC/openSUSE:Factory/.openCryptoki.new.29891/openCryptoki.changes 2024-09-20 17:13:36.235710831 +0200 @@ -1,0 +2,36 @@ +Fri Sep 20 08:33:19 UTC 2024 - Nikolay Gueorguiev <nikolay.gueorgu...@suse.com> + +- Upgrade openCrytoki to version 3.24 + (jsc#PED-10291, jsc#PED-10290, jsc#PED-10241) + * Add support for building Opencryptoki on the IBM AIX platform + * Add support for the CCA token on non-IBM Z platforms (x86_64, ppc64) + * Add support for protecting tokens with a token specific user group + * EP11: Add support for combined CKA_EXTRACTABLE and CKA_IBM_PROTKEY_EXTRACTABLE + * CCA: Add support for Koblitz curve secp256k1. Requires CCA v7.2 or later + * CCA: Add support for IBM Dilithium (CKM_IBM_DILITHIUM). + - On Linux on IBM Z: Requires CCA v7.1 or later for Round2-65, and + CCA v8.0 for the Round 3 variants. + - On other platforms: + Requires CCA v7.2.43 or later for Round2-65, the Round 3 variants are currently not supported + * CCA: Add support for RSA-OAEP with SHA224, SHA384, and SHA512 on en-/decrypt. + - Requires CCA v8.1 or later on Linux on IBM Z, not supported on other platforms + * CCA: Add support for PKCS#11 v3.0 SHA3 mechanisms. + - Requires CCA v8.1 on Linux on IBM Z, not supported on other platforms + * ICA: Support new libica AES-GCM api using the KMA instruction on z14 and later + * ICA/Soft/ICSF: Add support for PKCS#11 v3.0 SHA3 mechanisms + * ICA/Soft: Add support for SHA based key derivation mechanisms + * ICA/Soft: Add support for CKD_*_SP800 KDFs for ECDH + * EP11/CCA/ICA/Soft: Add support for CKA_ALWAYS_AUTHENTICATE + * EP11/CCA: Support live guest relocation for protected key (PKEY) operations + * Soft: Experimental support for IBM Dilithium via OpenSSL OQS provider + * ICSF: Add support for SHA-2 mechanisms + * ICSF: Performance improvements for attribute retrieval + * p11sak: Add support for exporting a key or certificate as URI-PEM file + * p11sak: Import/export of IBM Dilithium keys in 'oqsprovider' format PEM files + * p11sak: Add option to show the master key verification patterns of secure keys + * Bug fixes +- Amended the .spec file +- Removed obsolete patch ocki-3.23-remove-make-install-chgrp.patchi +- Added a new patch ocki-3.24-remove-make-install-chgrp.patch + +------------------------------------------------------------------- Old: ---- ocki-3.23-remove-make-install-chgrp.patch openCryptoki-3.23.0.tar.gz New: ---- ocki-3.24-remove-make-install-chgrp.patch openCryptoki-3.24.0.tar.gz BETA DEBUG BEGIN: Old:- Amended the .spec file - Removed obsolete patch ocki-3.23-remove-make-install-chgrp.patchi - Added a new patch ocki-3.24-remove-make-install-chgrp.patch BETA DEBUG END: BETA DEBUG BEGIN: New:- Removed obsolete patch ocki-3.23-remove-make-install-chgrp.patchi - Added a new patch ocki-3.24-remove-make-install-chgrp.patch BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openCryptoki.spec ++++++ --- /var/tmp/diff_new_pack.pkFZ9q/_old 2024-09-20 17:13:36.763732826 +0200 +++ /var/tmp/diff_new_pack.pkFZ9q/_new 2024-09-20 17:13:36.763732826 +0200 @@ -27,7 +27,7 @@ %define oc_cvs_tag opencryptoki Name: openCryptoki -Version: 3.23.0 +Version: 3.24.0 Release: 0 Summary: An Implementation of PKCS#11 (Cryptoki) v2.11 for IBM Cryptographic Hardware License: CPL-1.0 @@ -39,7 +39,7 @@ Source3: openCryptoki-rpmlintrc # Patch 0 is needed because group pkcs11 doesn't exist in the build environment # and because we don't want(?) various file and directory permissions to be 0700. -Patch000: ocki-3.23-remove-make-install-chgrp.patch +Patch000: ocki-3.24-remove-make-install-chgrp.patch # # BuildRequires: bison @@ -136,7 +136,7 @@ %prep # setup -q -n %{oc_cvs_tag}-%{version} -%autosetup -p 0 -n %{oc_cvs_tag}-%{version} +%autosetup -p 1 -n %{oc_cvs_tag}-%{version} cp %{SOURCE2} . @@ -250,8 +250,6 @@ # configuration directory %dir %{_sysconfdir}/opencryptoki %config %{_sysconfdir}/opencryptoki/opencryptoki.conf -%config %attr(640,root,%{pkcs_group}) %{_sysconfdir}/opencryptoki/strength.conf -%config %attr(640,root,%{pkcs_group}) %{_sysconfdir}/opencryptoki/p11sak_defined_attrs.conf %ifarch s390 s390x %config %{_sysconfdir}/opencryptoki/ccatok.conf %config %{_sysconfdir}/opencryptoki/ep11cpfilter.conf @@ -272,6 +270,7 @@ %{_sbindir}/pkcsicsf %{_sbindir}/pkcsstats %{_sbindir}/pkcstok_migrate +%{_sbindir}/pkcstok_admin %dir %{_libdir}/opencryptoki %dir %{_libdir}/opencryptoki/stdll # State and lock directories ++++++ ocki-3.23-remove-make-install-chgrp.patch -> ocki-3.24-remove-make-install-chgrp.patch ++++++ --- /work/SRC/openSUSE:Factory/openCryptoki/ocki-3.23-remove-make-install-chgrp.patch 2024-02-07 18:52:00.182494475 +0100 +++ /work/SRC/openSUSE:Factory/.openCryptoki.new.29891/ocki-3.24-remove-make-install-chgrp.patch 2024-09-20 17:13:36.203709499 +0200 @@ -1,21 +1,26 @@ ---- Makefile.am 2023-05-15 14:42:55.000000000 +0200 -+++ Makefile-3.21.am 2023-05-25 17:13:36.266936832 +0200 -@@ -39,14 +39,9 @@ +--- a/Makefile.am 2024-09-11 08:46:18.000000000 +0200 ++++ b/Makefile.am 2024-09-20 11:31:30.709823171 +0200 +@@ -51,19 +51,9 @@ include doc/doc.mk install-data-hook: +-if AIX +- lsgroup $(pkcs_group) > /dev/null || $(GROUPADD) -a pkcs11 +- lsuser $(pkcsslotd_user) > /dev/null || $(USERADD) -g $(pkcs_group) -d $(DESTDIR)$(RUN_PATH)/opencryptoki -c "Opencryptoki pkcsslotd user" $(pkcsslotd_user) +-else - getent group $(pkcs_group) > /dev/null || $(GROUPADD) -r $(pkcs_group) -- getent passwd $(pkcsslotd_user) >/dev/null || $(USERADD) -r -g $(pkcs_group) -d /run/opencryptoki -s /sbin/nologin -c "Opencryptoki pkcsslotd user" $(pkcsslotd_user) - $(MKDIR_P) $(DESTDIR)/run/opencryptoki/ -- $(CHOWN) $(pkcsslotd_user):$(pkcs_group) $(DESTDIR)/run/opencryptoki/ -- $(CHGRP) $(pkcs_group) $(DESTDIR)/run/opencryptoki/ - $(CHMOD) 0710 $(DESTDIR)/run/opencryptoki/ +- getent passwd $(pkcsslotd_user) >/dev/null || $(USERADD) -r -g $(pkcs_group) -d $(RUN_PATH)/opencryptoki -s /sbin/nologin -c "Opencryptoki pkcsslotd user" $(pkcsslotd_user) +-endif + $(MKDIR_P) $(DESTDIR)$(RUN_PATH)/opencryptoki/ +- $(CHOWN) $(pkcsslotd_user):$(pkcs_group) $(DESTDIR)$(RUN_PATH)/opencryptoki/ +- $(CHGRP) $(pkcs_group) $(DESTDIR)$(RUN_PATH)/opencryptoki/ + $(CHMOD) 0710 $(DESTDIR)$(RUN_PATH)/opencryptoki/ $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki - $(CHGRP) $(pkcs_group) $(DESTDIR)$(localstatedir)/lib/opencryptoki $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki if ENABLE_LIBRARY $(MKDIR_P) $(DESTDIR)$(libdir)/opencryptoki/stdll -@@ -66,19 +61,15 @@ +@@ -83,19 +73,15 @@ endif if ENABLE_PKCSHSM_MK_CHANGE $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/HSM_MK_CHANGE @@ -24,7 +29,7 @@ endif if ENABLE_CCATOK cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ - ln -fs libpkcs11_cca.so PKCS11_CCA.so + ln -fs libpkcs11_cca.$(SHLIBEXT) PKCS11_CCA.$(SHLIBEXT) $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ - $(CHGRP) $(pkcs_group) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ - $(CHGRP) $(pkcs_group) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok @@ -35,9 +40,9 @@ $(CHMOD) 0770 $(DESTDIR)$(lockdir)/ccatok test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true test -f $(DESTDIR)$(sysconfdir)/opencryptoki/ccatok.conf || $(INSTALL) -m 644 $(srcdir)/usr/lib/cca_stdll/ccatok.conf $(DESTDIR)$(sysconfdir)/opencryptoki/ccatok.conf || true -@@ -87,12 +78,9 @@ +@@ -104,12 +90,9 @@ cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ - ln -fs libpkcs11_ep11.so PKCS11_EP11.so + ln -fs libpkcs11_ep11.$(SHLIBEXT) PKCS11_EP11.$(SHLIBEXT) $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok/TOK_OBJ - $(CHGRP) $(pkcs_group) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok/TOK_OBJ - $(CHGRP) $(pkcs_group) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok @@ -48,16 +53,9 @@ $(CHMOD) 0770 $(DESTDIR)$(lockdir)/ep11tok test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true test -f $(DESTDIR)$(sysconfdir)/opencryptoki/ep11tok.conf || $(INSTALL) -m 644 $(srcdir)/usr/lib/ep11_stdll/ep11tok.conf $(DESTDIR)$(sysconfdir)/opencryptoki/ep11tok.conf || true -@@ -100,30 +88,24 @@ - endif - if ENABLE_P11SAK - test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true -- test -f $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || $(INSTALL) -g $(pkcs_group) -m 0640 $(srcdir)/usr/sbin/p11sak/p11sak_defined_attrs.conf $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || true -+ test -f $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || $(INSTALL) -m 0640 $(srcdir)/usr/sbin/p11sak/p11sak_defined_attrs.conf $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || true - endif - if ENABLE_ICATOK +@@ -123,24 +106,18 @@ cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ - ln -fs libpkcs11_ica.so PKCS11_ICA.so + ln -fs libpkcs11_ica.$(SHLIBEXT) PKCS11_ICA.$(SHLIBEXT) $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ - $(CHGRP) $(pkcs_group) $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ - $(CHGRP) $(pkcs_group) $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite @@ -69,7 +67,7 @@ endif if ENABLE_SWTOK cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ - ln -fs libpkcs11_sw.so PKCS11_SW.so + ln -fs libpkcs11_sw.$(SHLIBEXT) PKCS11_SW.$(SHLIBEXT) $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ - $(CHGRP) $(pkcs_group) $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ - $(CHGRP) $(pkcs_group) $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok @@ -80,9 +78,9 @@ $(CHMOD) 0770 $(DESTDIR)$(lockdir)/swtok endif if ENABLE_TPMTOK -@@ -131,10 +113,8 @@ +@@ -148,10 +125,8 @@ cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ - ln -fs libpkcs11_tpm.so PKCS11_TPM.so + ln -fs libpkcs11_tpm.$(SHLIBEXT) PKCS11_TPM.$(SHLIBEXT) $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm - $(CHGRP) $(pkcs_group) $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm @@ -91,9 +89,9 @@ $(CHMOD) 0770 $(DESTDIR)$(lockdir)/tpm endif if ENABLE_ICSFTOK -@@ -142,16 +122,14 @@ +@@ -159,10 +134,8 @@ cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ - ln -fs libpkcs11_icsf.so PKCS11_ICSF.so + ln -fs libpkcs11_icsf.$(SHLIBEXT) PKCS11_ICSF.$(SHLIBEXT) $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf - $(CHGRP) $(pkcs_group) $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf $(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf @@ -102,16 +100,9 @@ $(CHMOD) 0770 $(DESTDIR)$(lockdir)/icsf endif if ENABLE_DAEMON - test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true - test -f $(DESTDIR)$(sysconfdir)/opencryptoki/opencryptoki.conf || $(INSTALL) -m 644 $(srcdir)/usr/sbin/pkcsslotd/opencryptoki.conf $(DESTDIR)$(sysconfdir)/opencryptoki/opencryptoki.conf || true -- test -f $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || $(INSTALL) -m 640 -o root -g $(pkcs_group) -T $(srcdir)/doc/strength-example.conf $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || true -+ test -f $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || $(INSTALL) -m 640 -o root -T $(srcdir)/doc/strength-example.conf $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || true - endif - $(MKDIR_P) $(DESTDIR)/etc/ld.so.conf.d - echo "$(libdir)/opencryptoki" >\ -@@ -162,7 +140,6 @@ - @echo "Remember you must run ldconfig before using the above settings" +@@ -181,7 +154,6 @@ @echo "--------------------------------------------------------------" + endif $(MKDIR_P) $(DESTDIR)$(lockdir) $(DESTDIR)$(logdir) - $(CHGRP) $(pkcs_group) $(DESTDIR)$(lockdir) $(DESTDIR)$(logdir) $(CHMOD) 0770 $(DESTDIR)$(lockdir) $(DESTDIR)$(logdir) ++++++ openCryptoki-3.23.0.tar.gz -> openCryptoki-3.24.0.tar.gz ++++++ ++++ 36036 lines of diff (skipped)