Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openCryptoki for openSUSE:Factory checked in at 2026-05-15 23:55:18 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openCryptoki (Old) and /work/SRC/openSUSE:Factory/.openCryptoki.new.1966 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openCryptoki" Fri May 15 23:55:18 2026 rev:95 rq:1353337 version:3.27.0 Changes: -------- --- /work/SRC/openSUSE:Factory/openCryptoki/openCryptoki.changes 2026-05-04 12:58:59.354992460 +0200 +++ /work/SRC/openSUSE:Factory/.openCryptoki.new.1966/openCryptoki.changes 2026-05-15 23:56:14.231844295 +0200 @@ -1,0 +2,36 @@ +Fri May 15 07:24:02 UTC 2026 - Nikolay Gueorguiev <[email protected]> + +- Upgrade openCryptoki to version 3.27 (jsc#PED-14609) + * Add base support for PKCS#11 v3.2. + * Add support for PKCS#11 v3.2 C_VerifySignature[Init|Update|Final]. + * Add support for PKCS#11 v3.2 C_EncapsulateKey/C_DecapsulateKey. + * Soft/ICA/CCA/EP11: Add support for PKCS#11 v3.2 en-/decapsulate with RSA-PKCS and RSA-OAEP mechanisms. + * Soft/ICA/CCA/EP11: Add support for PKCS#11 v3.2 en-/decapsulate with the ECDH mechanism. + * Soft/EP11: Add support for PKCS#11 v3.2 en-/decapsulate with the DH-PKCS mechanism. + * Soft: Add support for PKCS#11 v3.2 ML-DSA and ML-KEM key types and mechanisms (requires OpenSSL 3.5 or later, or + the OQS-provider must be configured). + * CCA: Add support for PKCS#11 v3.2 ML-DSA key type and mechanisms (requires CCA v8.4 or later) + * EP11: Add support for PKCS#11 v3.2 ML-DSA and ML-KEM key types and mechanisms (requires an EP11 host library v4.2 or later, + and a CEX8P crypto card with firmware v9.6 or later on IBM z17, and v8.39 or later on IBM z16). + * p11sak: Add support for PKCS#11 v3.2 ML-DSA and ML-KEM key types. + * Soft/ICA: Add support for PKCS#11 v3.2 mechanisms CKM_ECDH_X_AES_KEY_WRAP and CKM_ECDH_COF_AES_KEY_WRAP. + * p11sak: Add support for key wrapping with PKCS#11 v3.2 mechanisms CKM_ECDH_X_AES_KEY_WRAP and CKM_ECDH_COF_AES_KEY_WRAP. + * Soft/ICA/CCA/EP11: Add support for PKCS#11 v3.2 mechanism CKM_PUB_KEY_FROM_PRIV_KEY. + * Soft/ICA/CCA/EP11: Add support for PKCS#11 v3.0 Edwards and Montgomery key types and mechanisms. + * Soft/ICA: Support CKM_ECDH_AES_KEY_WRAP also for Montgomery keys. + * p11sak: Add support for PKCS#11 v3.0 Edwards and Montgomery key types. + * Soft: Add support for CKM_ECDH1_COFACTOR_DERIVE. + * CCA: Add support for additional RSA public exponent values 5, 17, or 257. + * p11sak: Add option to list-key command to show EP11 session IDs. + * Make the maximum number of token objects supported configurable. + * Fixes for CVE-2026-40253, CVE-2026-23893, and CVE-2026-22791. + * Bug fixes. +- Removed obsolete patches: + * ocki-3.26-remove-make-install-chgrp.patch + * openCryptoki-CVE-2026-22791-commit-e37e912.patch + * openCryptoki-CVE-2026-23893-commit-5e6e4b4.patch + * openCryptoki-CVE-2026-40253-commit-ed378f4.patch +Added a new patch for ver 3.27: + * ocki-3.27-remove-make-install-chgrp.patch + +------------------------------------------------------------------- Old: ---- ocki-3.26-remove-make-install-chgrp.patch openCryptoki-3.26.0.tar.gz openCryptoki-CVE-2026-22791-commit-e37e912.patch openCryptoki-CVE-2026-23893-commit-5e6e4b4.patch openCryptoki-CVE-2026-40253-commit-ed378f4.patch New: ---- ocki-3.27-remove-make-install-chgrp.patch openCryptoki-3.27.0.tar.gz ----------(Old B)---------- Old:- Removed obsolete patches: * ocki-3.26-remove-make-install-chgrp.patch * openCryptoki-CVE-2026-22791-commit-e37e912.patch Old: * ocki-3.26-remove-make-install-chgrp.patch * openCryptoki-CVE-2026-22791-commit-e37e912.patch * openCryptoki-CVE-2026-23893-commit-5e6e4b4.patch Old: * openCryptoki-CVE-2026-22791-commit-e37e912.patch * openCryptoki-CVE-2026-23893-commit-5e6e4b4.patch * openCryptoki-CVE-2026-40253-commit-ed378f4.patch Old: * openCryptoki-CVE-2026-23893-commit-5e6e4b4.patch * openCryptoki-CVE-2026-40253-commit-ed378f4.patch Added a new patch for ver 3.27: ----------(Old E)---------- ----------(New B)---------- New:Added a new patch for ver 3.27: * ocki-3.27-remove-make-install-chgrp.patch ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openCryptoki.spec ++++++ --- /var/tmp/diff_new_pack.fewTi0/_old 2026-05-15 23:56:15.387891884 +0200 +++ /var/tmp/diff_new_pack.fewTi0/_new 2026-05-15 23:56:15.391892048 +0200 @@ -37,7 +37,7 @@ %endif Name: openCryptoki -Version: 3.26.0 +Version: 3.27.0 Release: 0 Summary: An Implementation of PKCS#11 (Cryptoki) v2.11 for IBM Cryptographic Hardware License: CPL-1.0 @@ -49,14 +49,11 @@ Source3: openCryptoki-rpmlintrc # Patch 0 is needed because group pkcs11 doesn't exist in the build environment # and because we don't want(?) various file and directory permissions to be 0700. -Patch000: ocki-3.26-remove-make-install-chgrp.patch -# -Patch010: openCryptoki-CVE-2026-22791-commit-e37e912.patch -Patch011: openCryptoki-CVE-2026-23893-commit-5e6e4b4.patch -Patch012: openCryptoki-CVE-2026-40253-commit-ed378f4.patch +Patch000: ocki-3.27-remove-make-install-chgrp.patch # BuildRequires: bison BuildRequires: dos2unix +BuildRequires: fdupes BuildRequires: flex BuildRequires: gcc-c++ BuildRequires: libcap-devel @@ -152,7 +149,7 @@ %endif %prep -# setup -q -n %{oc_cvs_tag}-%{version} +# setup -q -n %%{oc_cvs_tag}-%%{version} %autosetup -p 1 -n %{oc_cvs_tag}-%{version} cp %{SOURCE2} . @@ -238,7 +235,7 @@ L+ /etc/pkcs11 - - - - /var/lib/opencryptoki EOF -# Remove manual directory creation in %install that belongs in /var +# Remove manual directory creation in %%install that belongs in /var rm -rf %{buildroot}%{_localstatedir}/lib/opencryptoki rm -rf %{buildroot}%{_localstatedir}/log/opencryptoki # @@ -279,6 +276,11 @@ cd - %endif +%fdupes %{buildroot} + +%check +# No checks, for now... + %pre -f opencryptoki.pre %{service_add_pre pkcsslotd.service} ++++++ ocki-3.26-remove-make-install-chgrp.patch -> ocki-3.27-remove-make-install-chgrp.patch ++++++ --- /work/SRC/openSUSE:Factory/openCryptoki/ocki-3.26-remove-make-install-chgrp.patch 2025-11-12 21:15:35.041143388 +0100 +++ /work/SRC/openSUSE:Factory/.openCryptoki.new.1966/ocki-3.27-remove-make-install-chgrp.patch 2026-05-15 23:56:13.427811198 +0200 @@ -1,5 +1,6 @@ ---- a/Makefile.am 2025-11-11 08:58:19.000000000 +0100 -+++ b/Makefile.am 2025-11-12 10:21:00.563936369 +0100 +diff -Naur a/Makefile.am b/Makefile.am +--- a/Makefile.am 2026-05-13 13:19:05.000000000 +0200 ++++ b/Makefile.am 2026-05-15 09:38:26.931516571 +0200 @@ -51,19 +51,9 @@ include doc/doc.mk ++++++ openCryptoki-3.26.0.tar.gz -> openCryptoki-3.27.0.tar.gz ++++++ ++++ 47927 lines of diff (skipped) ++++++ openCryptoki-rpmlintrc ++++++ --- /var/tmp/diff_new_pack.fewTi0/_old 2026-05-15 23:56:16.279928604 +0200 +++ /var/tmp/diff_new_pack.fewTi0/_new 2026-05-15 23:56:16.287928933 +0200 @@ -1,2 +1,5 @@ addFilter("openCryptoki.* tmpfile-not-in-filelist /var/lock/opencryptoki") +addFilter("tmpfile-not-in-filelist /run/opencryptoki.*") +addFilter("tmpfile-not-in-filelist /var/lib/opencryptoki.*") +addFilter("tmpfile-not-in-filelist /var/log/opencryptoki.*")
