Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openCryptoki for openSUSE:Factory checked in at 2022-10-06 07:42:40 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openCryptoki (Old) and /work/SRC/openSUSE:Factory/.openCryptoki.new.2275 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openCryptoki" Thu Oct 6 07:42:40 2022 rev:64 rq:1008259 version:3.19.0 Changes: -------- --- /work/SRC/openSUSE:Factory/openCryptoki/openCryptoki.changes 2022-03-23 20:21:18.514562226 +0100 +++ /work/SRC/openSUSE:Factory/.openCryptoki.new.2275/openCryptoki.changes 2022-10-06 07:42:49.944771233 +0200 @@ -1,0 +2,50 @@ +Fri Sep 30 19:14:38 UTC 2022 - Mark Post <[email protected]> + +- Upgrade to version 3.19.0 (jsc#PED-616) + + openCryptoki 3.19 + - CCA: check for expected master key verification patterns at token init + - CCA: check master key verification pattern of created keys to be as expected + - EP11: check for expected wrapping key verification pattern at token init + - EP11: check wrapping key verification pattern of created keys to be as expected + - p11sak/pkcsconf: display PKCS#11 URIs + - p11sak: add support for IBM specific Dilithium keys + - p11sak: allow to list keys filtered by label + - common: add support for dual-function cryptographic functions + - Add support for C_SessionCancel function (PKCS#11 v3.0) + - EP11: add support for schnorr signatures (mechanism CKM_IBM_ECDSA_OTHER) + - EP11: add support for Bitcoin key derivation (mechanism CKM_IBM_BTC_DERIVE) + - Bug fixes + + openCryptoki 3.18 + - Default to FIPS compliant token data format (tokversion = 3.12) + - Add support for restricting usage of mechanisms and keys via a global policy + - Add support for statistics counting of mechanism usage + - ICA/EP11: Support libica version 4 + - p11sak tool: Allow to set different attributes for public and private keys +- Replaced ocki-3.17-remove-make-install-chgrp.patch with an updated + version named ocki-3.19-remove-make-install-chgrp.patch to fit + the current state of the source. +- Removed the following obsolete patches: + openCryptoki-sles15-sp4-EP11-Dilithium-Specify-OID-of-key-strength-at-key-ge.patch + openCryptoki-sles15-sp4-EP11-Fix-host-library-version-query.patch + ocki-3.17-EP11-Fix-C_GetMechanismList-returning-CKR_BUFFER_TOO.patch + +------------------------------------------------------------------- +Wed Aug 10 16:34:10 UTC 2022 - Mark Post <[email protected]> + +- Added ocki-3.17-EP11-Fix-C_GetMechanismList-returning-CKR_BUFFER_TOO.patch + for bsc#1202106. One test of the gen_purpose test cases fails with + C_GetMechanismList #2 rc=CKR_BUFFER_TOO_SMALL" error on the EP11 Token. + +------------------------------------------------------------------- +Thu Jun 2 16:21:54 UTC 2022 - Mark Post <[email protected]> + +- Made the following changes for bsc#1199862 "Please install + p11sak_defined_attrs.conf." + * Replaced ocki-3.11-remove-make-install-chgrp.patch with + ocki-3.17-remove-make-install-chgrp.patch to remove the + "-g pkcs11" parameter from the install command in the Makefile + * Updated the spec file to include + /etc/opencryptoki/p11sak_defined_attrs.conf as a %config file + with the necessary permissions and group ownership. + +------------------------------------------------------------------- Old: ---- ocki-3.11-remove-make-install-chgrp.patch openCryptoki-3.17.0.tar.gz openCryptoki-sles15-sp4-EP11-Dilithium-Specify-OID-of-key-strength-at-key-ge.patch openCryptoki-sles15-sp4-EP11-Fix-host-library-version-query.patch New: ---- ocki-3.19-remove-make-install-chgrp.patch openCryptoki-3.19.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openCryptoki.spec ++++++ --- /var/tmp/diff_new_pack.hOIymK/_old 2022-10-06 07:42:50.488772444 +0200 +++ /var/tmp/diff_new_pack.hOIymK/_new 2022-10-06 07:42:50.492772453 +0200 @@ -26,7 +26,7 @@ %define oc_cvs_tag opencryptoki Name: openCryptoki -Version: 3.17.0 +Version: 3.19.0 Release: 0 Summary: An Implementation of PKCS#11 (Cryptoki) v2.11 for IBM Cryptographic Hardware License: CPL-1.0 @@ -38,9 +38,7 @@ Source3: openCryptoki-rpmlintrc # Patch 1 is needed because group pkcs11 doesn't exist in the build environment # and because we don't want(?) various file and directory permissions to be 0700. -Patch1: ocki-3.11-remove-make-install-chgrp.patch -Patch2: openCryptoki-sles15-sp4-EP11-Dilithium-Specify-OID-of-key-strength-at-key-ge.patch -Patch3: openCryptoki-sles15-sp4-EP11-Fix-host-library-version-query.patch +Patch1: ocki-3.19-remove-make-install-chgrp.patch BuildRequires: bison BuildRequires: dos2unix BuildRequires: flex @@ -130,8 +128,6 @@ %prep %setup -q -n %{oc_cvs_tag}-%{version} %patch1 -p1 -%patch2 -p1 -%patch3 -p1 cp %{SOURCE2} . @@ -230,10 +226,16 @@ %files %doc openCryptoki-TFAQ.html FAQ %doc doc/* +%dir %{_datadir}/doc/opencryptoki +%{_datadir}/doc/opencryptoki/policy-example.conf +%{_datadir}/doc/opencryptoki/strength-example.conf # configuration directory %dir %{_sysconfdir}/opencryptoki %config %{_sysconfdir}/opencryptoki/opencryptoki.conf +%config %{_sysconfdir}/opencryptoki/strength.conf +%config %attr(640,root,pkcs11) %{_sysconfdir}/opencryptoki/p11sak_defined_attrs.conf %ifarch s390 s390x +%config %{_sysconfdir}/opencryptoki/ccatok.conf %config %{_sysconfdir}/opencryptoki/ep11cpfilter.conf %config %{_sysconfdir}/opencryptoki/ep11tok.conf %{_sbindir}/pkcsep11_migrate @@ -250,6 +252,7 @@ %{_sbindir}/pkcsslotd %{_sbindir}/pkcsconf %{_sbindir}/pkcsicsf +%{_sbindir}/pkcsstats %{_sbindir}/pkcstok_migrate %dir %{_libdir}/opencryptoki %dir %{_libdir}/opencryptoki/stdll @@ -276,6 +279,7 @@ %dir %{_libdir}/opencryptoki %dir %{_libdir}/opencryptoki/stdll %{_includedir}/opencryptoki +%{_libdir}/pkgconfig/opencryptoki.pc %ifarch %{openCryptoki_32bit_arch} %files 32bit ++++++ ocki-3.11-remove-make-install-chgrp.patch -> ocki-3.19-remove-make-install-chgrp.patch ++++++ --- /work/SRC/openSUSE:Factory/openCryptoki/ocki-3.11-remove-make-install-chgrp.patch 2018-11-20 22:42:35.658279506 +0100 +++ /work/SRC/openSUSE:Factory/.openCryptoki.new.2275/ocki-3.19-remove-make-install-chgrp.patch 2022-10-06 07:42:49.892771117 +0200 @@ -1,6 +1,6 @@ ---- opencryptoki-3.11.0/Makefile.am 2018-11-16 09:53:03.000000000 -0500 -+++ opencryptoki-3.11.0/Makefile.am 2018-11-16 10:28:35.114837306 -0500 -@@ -51,24 +51,18 @@ +--- opencryptoki-3.19.0/Makefile.am 2022-09-30 03:45:52.000000000 -0400 ++++ opencryptoki-3.19.0/Makefile.am 2022-09-30 15:28:53.032877773 -0400 +@@ -61,12 +61,9 @@ cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ ln -fs libpkcs11_cca.so PKCS11_CCA.so $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ @@ -11,8 +11,9 @@ $(MKDIR_P) $(DESTDIR)$(lockdir)/ccatok - $(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/ccatok $(CHMOD) 0770 $(DESTDIR)$(lockdir)/ccatok - endif - if ENABLE_EP11TOK + test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true + test -f $(DESTDIR)$(sysconfdir)/opencryptoki/ccatok.conf || $(INSTALL) -m 644 $(srcdir)/usr/lib/cca_stdll/ccatok.conf $(DESTDIR)$(sysconfdir)/opencryptoki/ccatok.conf || true +@@ -75,12 +72,9 @@ cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ ln -fs libpkcs11_ep11.so PKCS11_EP11.so $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok/TOK_OBJ @@ -25,7 +26,14 @@ $(CHMOD) 0770 $(DESTDIR)$(lockdir)/ep11tok test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true test -f $(DESTDIR)$(sysconfdir)/opencryptoki/ep11tok.conf || $(INSTALL) -m 644 $(srcdir)/usr/lib/ep11_stdll/ep11tok.conf $(DESTDIR)$(sysconfdir)/opencryptoki/ep11tok.conf || true -@@ -78,24 +72,18 @@ +@@ -88,30 +82,24 @@ + endif + if ENABLE_P11SAK + test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true +- test -f $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || $(INSTALL) -g pkcs11 -m 0640 $(srcdir)/usr/sbin/p11sak/p11sak_defined_attrs.conf $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || true ++ test -f $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || $(INSTALL) -m 0640 $(srcdir)/usr/sbin/p11sak/p11sak_defined_attrs.conf $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || true + endif + if ENABLE_ICATOK cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ ln -fs libpkcs11_ica.so PKCS11_ICA.so $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ @@ -50,7 +58,7 @@ $(CHMOD) 0770 $(DESTDIR)$(lockdir)/swtok endif if ENABLE_TPMTOK -@@ -103,10 +91,8 @@ +@@ -119,10 +107,8 @@ cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ ln -fs libpkcs11_tpm.so PKCS11_TPM.so $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm @@ -61,7 +69,7 @@ $(CHMOD) 0770 $(DESTDIR)$(lockdir)/tpm endif if ENABLE_ICSFTOK -@@ -114,10 +100,8 @@ +@@ -130,16 +116,14 @@ cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \ ln -fs libpkcs11_icsf.so PKCS11_ICSF.so $(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf @@ -72,7 +80,14 @@ $(CHMOD) 0770 $(DESTDIR)$(lockdir)/icsf endif if ENABLE_DAEMON -@@ -139,7 +123,6 @@ + test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true + test -f $(DESTDIR)$(sysconfdir)/opencryptoki/opencryptoki.conf || $(INSTALL) -m 644 $(srcdir)/usr/sbin/pkcsslotd/opencryptoki.conf $(DESTDIR)$(sysconfdir)/opencryptoki/opencryptoki.conf || true +- test -f $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || $(INSTALL) -m 640 -o root -g pkcs11 -T $(srcdir)/doc/strength-example.conf $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || true ++ test -f $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || $(INSTALL) -m 640 -o root -T $(srcdir)/doc/strength-example.conf $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || true + if ENABLE_SYSTEMD + mkdir -p $(DESTDIR)/usr/lib/tmpfiles.d + cp $(srcdir)/misc/tmpfiles.conf $(DESTDIR)/usr/lib/tmpfiles.d/opencryptoki.conf +@@ -156,7 +140,6 @@ @echo "Remember you must run ldconfig before using the above settings" @echo "--------------------------------------------------------------" $(MKDIR_P) $(DESTDIR)$(lockdir) $(DESTDIR)$(logdir) ++++++ openCryptoki-3.17.0.tar.gz -> openCryptoki-3.19.0.tar.gz ++++++ ++++ 56173 lines of diff (skipped)
