979c716e03Accepting request 1188413 from security
factory
Ana Guerrero
2024-07-19 13:28:08 +0000
26cdc6eb56Removed "Requires" for getent command.
Nikolay Gueorguiev
2024-07-18 13:34:26 +0000
18d764e160- Amended the .spec file accorinding to the recommendation in (bsc#1225876)
Nikolay Gueorguiev
2024-07-18 06:18:42 +0000
9a9c04005dAccepting request 1187558 from security
Ana Guerrero
2024-07-15 17:46:41 +0000
ca14227cab- Updated the .spec file (bsc#1225876, bsc#1227280) * Amended for group %{pkcs_group} and user pkcsslotd * Copying example script files from /usr/share/doc/opencryptoki to /usr/share/opencryptoki (policy-example.conf and strength-example.conf) in case that there is 'rpm.install.excludedocs=yes' set in the zypper.conf(zypp.conf) - Upgrade openCryptoki to version 3.23 (jsc#PED-3360, jsc#PED-3361) * EP11: Add support for FIPS-session mode * Updates to harden against RSA timing attacks (bsc#1219217,CVE-2024-0914) * Bug fixes - Renamed ocki-3.22-remove-make-install-chgrp.patch to ocki-3.23-remove-make-install-chgrp.patch - provide user(pkcs11) and group(pkcs11) - Amended the .spec file for pkcsslotd (jsc#1217703) * Renamed the patch ocki-3.21-remove-make-install-chgrp.patch to ocki-3.22-remove-make-install-chgrp.patch - Upgrade to version 3.22 (jsc#PED-3361) * openCryptoki 3.22 - CCA: Add support for the AES-XTS key type using CPACF protected keys - p11sak: Add support for managing certificate objects - p11sak: Add support for public sessions (no-login option) - p11sak: Add support for logging in as SO (security Officer) - p11sak: Add support for importing/exporting Edwards and Montgomery keys - p11sak: Add support for importing of RSA-PSS keys and certificates - CCA/EP11/Soft/ICA: Ensure that the 2 key parts of an AES-XTS key are different * Bug fixes - Update to version 3.21 (jsc#PED-3360, jsc#PED-3361) * openCryptoki 3.21 - EP11 and CCA: Support concurrent HSM master key changes - CCA: protected-key option - pkcsslotd: no longer run as root user and further hardening - p11sak: Add support for additional key types (DH, DSA, generic secret) - p11sak: Allow wildcards in label filter - p11sak: Allow to specify hex value for CKA_ID attribute - p11sak: Support sorting when listing keys - p11sak: New commands: set-key-attr, copy-key to modify and copy keys - p11sak: New commands: import-key, export-key to import and export keys - Remove support for --disable-locks (transactional memory) - Updates to harden against RSA timing attacks - Bug fixes - Amended a new patch to fit the version 3.21 * ocki-3.21-remove-make-install-chgrp.patch - Removed the old patch for the version 3.20 * ocki-3.20-remove-make-install-chgrp.patch - Updated package to openCryptoki 3.20 (bsc#1207760, jsc#PED-3376, jsc#PED-2870, jsc#PED-2869 ) - Removed the following obsolite patches: * ocki-3.19.0-0001-EP11-Unify-key-pair-generation-functions.patch * ocki-3.19.0-0002-EP11-Do-not-report-DSA-DH-parameter-generation-as-be.patch * ocki-3.19.0-0003-EP11-Do-not-pass-empty-CKA_PUBLIC_KEY_INFO-to-EP11-h.patch * ocki-3.19.0-0004-Mechtable-CKM_IBM_DILITHIUM-can-also-be-used-for-key.patch * ocki-3.19.0-0005-EP11-Remove-DSA-DH-parameter-generation-mechanisms-f.patch * ocki-3.19.0-0006-EP11-Pass-back-chain-code-for-CKM_IBM_BTC_DERIVE.patch * ocki-3.19.0-0007-EP11-Supply-CKA_PUBLIC_KEY_INFO-with-CKM_IBM_BTC_DER.patch * ocki-3.19.0-0008-EP11-Supply-CKA_PUBLIC_KEY_INFO-when-importing-priva.patch * ocki-3.19.0-0009-EP11-Fix-memory-leak-introduced-with-recent-commit.patch * ocki-3.19.0-0010-p11sak-Fix-segfault-when-dilithium-version-is-not-sp.patch * ocki-3.19.0-0011-EP11-remove-dead-code-and-unused-variables.patch * ocki-3.19.0-0012-EP11-Update-EP11-host-library-header-files.patch * ocki-3.19.0-0013-EP11-Support-EP11-host-library-version-4.patch * ocki-3.19.0-0014-EP11-Add-new-control-points.patch * ocki-3.19.0-0015-EP11-Default-unknown-CPs-to-ON.patch * ocki-3.19.0-0016-COMMON-Add-defines-for-Dilithium-round-2-and-3-varia.patch * ocki-3.19.0-0017-COMMON-Add-defines-for-Kyber.patch * ocki-3.19.0-0018-COMMON-Add-post-quantum-algorithm-OIDs.patch * ocki-3.19.0-0019-COMMON-Dilithium-key-BER-encoding-decoding-allow-dif.patch * ocki-3.19.0-0020-COMMON-EP11-Add-CKA_VALUE-holding-SPKI-PKCS-8-of-key.patch * ocki-3.19.0-0021-COMMON-EP11-Allow-to-select-Dilithium-variant-via-mo.patch * ocki-3.19.0-0022-EP11-Query-supported-PQC-variants-and-restrict-usage.patch * ocki-3.19.0-0023-POLICY-Dilithium-strength-and-signature-size-depends.patch * ocki-3.19.0-0024-TESTCASES-Test-Dilithium-variants.patch * ocki-3.19.0-0025-COMMON-EP11-Add-Kyber-key-type-and-mechanism.patch * ocki-3.19.0-0026-EP11-Add-support-for-generating-and-importing-Kyber-.patch * ocki-3.19.0-0027-EP11-Add-support-for-encrypt-decrypt-and-KEM-operati.patch * ocki-3.19.0-0028-POLICY-STATISTICS-Check-for-Kyber-KEM-KDFs-and-count.patch * ocki-3.19.0-0029-TESTCASES-Add-tests-for-CKM_IBM_KYBER.patch * ocki-3.19.0-0030-p11sak-Support-additional-Dilithium-variants.patch * ocki-3.19.0-0031-p11sak-Add-support-for-IBM-Kyber-key-type.patch * ocki-3.19.0-0032-testcase-Enhance-p11sak-testcase-to-generate-IBM-Kyb.patch * ocki-3.19.0-0033-EP11-Supply-CKA_PUBLIC_KEY_INFO-with-CKM_IBM_BTC_DER.patch * ocki-3.19.0-0034-EP11-Fix-setting-unknown-CPs-to-ON.patch * ocki-3.19.0-0035-Fix-compile-error-error-initializer-element-is-not-c.patch - Reworked ocki-3.19-remove-make-install-chgrp.patch to fit the current version of the package and renamed it to ocki-3.20-remove-make-install-chgrp.patch.
Nikolay Gueorguiev
2024-07-15 13:15:34 +0000
dfcb5e44daAccepting request 1187028 from security
Ana Guerrero
2024-07-12 15:04:51 +0000
6adf9fe8e7- Updated the .spec file (bsc#1225876, bsc#1227280) * Amended for group %{pkcs_group} and user pkcsslotd * Copying example script files from /usr/share/doc/opencryptoki to /usr/share/opencryptoki (policy-example.conf and strength-example.conf) in case that there is 'rpm.install.excludedocs=yes' set in the zypper.conf(zypp.conf) - Upgrade openCryptoki to version 3.23 (jsc#PED-3360, jsc#PED-3361) * EP11: Add support for FIPS-session mode * Updates to harden against RSA timing attacks (bsc#1219217) * Bug fixes - Renamed ocki-3.22-remove-make-install-chgrp.patch to ocki-3.23-remove-make-install-chgrp.patch - provide user(pkcs11) and group(pkcs11) - Amended the .spec file for pkcsslotd (jsc#1217703) * Renamed the patch ocki-3.21-remove-make-install-chgrp.patch to ocki-3.22-remove-make-install-chgrp.patch - Upgrade to version 3.22 (jsc#PED-3361) * openCryptoki 3.22 - CCA: Add support for the AES-XTS key type using CPACF protected keys - p11sak: Add support for managing certificate objects - p11sak: Add support for public sessions (no-login option) - p11sak: Add support for logging in as SO (security Officer) - p11sak: Add support for importing/exporting Edwards and Montgomery keys - p11sak: Add support for importing of RSA-PSS keys and certificates - CCA/EP11/Soft/ICA: Ensure that the 2 key parts of an AES-XTS key are different * Bug fixes - Update to version 3.21 (jsc#PED-3360, jsc#PED-3361) * openCryptoki 3.21 - EP11 and CCA: Support concurrent HSM master key changes - CCA: protected-key option - pkcsslotd: no longer run as root user and further hardening - p11sak: Add support for additional key types (DH, DSA, generic secret) - p11sak: Allow wildcards in label filter - p11sak: Allow to specify hex value for CKA_ID attribute - p11sak: Support sorting when listing keys - p11sak: New commands: set-key-attr, copy-key to modify and copy keys - p11sak: New commands: import-key, export-key to import and export keys - Remove support for --disable-locks (transactional memory) - Updates to harden against RSA timing attacks - Bug fixes - Amended a new patch to fit the version 3.21 * ocki-3.21-remove-make-install-chgrp.patch - Removed the old patch for the version 3.20 * ocki-3.20-remove-make-install-chgrp.patch - Updated package to openCryptoki 3.20 (bsc#1207760, jsc#PED-3376, jsc#PED-2870, jsc#PED-2869 ) - Removed the following obsolite patches: * ocki-3.19.0-0001-EP11-Unify-key-pair-generation-functions.patch * ocki-3.19.0-0002-EP11-Do-not-report-DSA-DH-parameter-generation-as-be.patch * ocki-3.19.0-0003-EP11-Do-not-pass-empty-CKA_PUBLIC_KEY_INFO-to-EP11-h.patch * ocki-3.19.0-0004-Mechtable-CKM_IBM_DILITHIUM-can-also-be-used-for-key.patch * ocki-3.19.0-0005-EP11-Remove-DSA-DH-parameter-generation-mechanisms-f.patch * ocki-3.19.0-0006-EP11-Pass-back-chain-code-for-CKM_IBM_BTC_DERIVE.patch * ocki-3.19.0-0007-EP11-Supply-CKA_PUBLIC_KEY_INFO-with-CKM_IBM_BTC_DER.patch * ocki-3.19.0-0008-EP11-Supply-CKA_PUBLIC_KEY_INFO-when-importing-priva.patch * ocki-3.19.0-0009-EP11-Fix-memory-leak-introduced-with-recent-commit.patch * ocki-3.19.0-0010-p11sak-Fix-segfault-when-dilithium-version-is-not-sp.patch * ocki-3.19.0-0011-EP11-remove-dead-code-and-unused-variables.patch * ocki-3.19.0-0012-EP11-Update-EP11-host-library-header-files.patch * ocki-3.19.0-0013-EP11-Support-EP11-host-library-version-4.patch * ocki-3.19.0-0014-EP11-Add-new-control-points.patch * ocki-3.19.0-0015-EP11-Default-unknown-CPs-to-ON.patch * ocki-3.19.0-0016-COMMON-Add-defines-for-Dilithium-round-2-and-3-varia.patch * ocki-3.19.0-0017-COMMON-Add-defines-for-Kyber.patch * ocki-3.19.0-0018-COMMON-Add-post-quantum-algorithm-OIDs.patch * ocki-3.19.0-0019-COMMON-Dilithium-key-BER-encoding-decoding-allow-dif.patch * ocki-3.19.0-0020-COMMON-EP11-Add-CKA_VALUE-holding-SPKI-PKCS-8-of-key.patch * ocki-3.19.0-0021-COMMON-EP11-Allow-to-select-Dilithium-variant-via-mo.patch * ocki-3.19.0-0022-EP11-Query-supported-PQC-variants-and-restrict-usage.patch * ocki-3.19.0-0023-POLICY-Dilithium-strength-and-signature-size-depends.patch * ocki-3.19.0-0024-TESTCASES-Test-Dilithium-variants.patch * ocki-3.19.0-0025-COMMON-EP11-Add-Kyber-key-type-and-mechanism.patch * ocki-3.19.0-0026-EP11-Add-support-for-generating-and-importing-Kyber-.patch * ocki-3.19.0-0027-EP11-Add-support-for-encrypt-decrypt-and-KEM-operati.patch * ocki-3.19.0-0028-POLICY-STATISTICS-Check-for-Kyber-KEM-KDFs-and-count.patch * ocki-3.19.0-0029-TESTCASES-Add-tests-for-CKM_IBM_KYBER.patch * ocki-3.19.0-0030-p11sak-Support-additional-Dilithium-variants.patch * ocki-3.19.0-0031-p11sak-Add-support-for-IBM-Kyber-key-type.patch * ocki-3.19.0-0032-testcase-Enhance-p11sak-testcase-to-generate-IBM-Kyb.patch * ocki-3.19.0-0033-EP11-Supply-CKA_PUBLIC_KEY_INFO-with-CKM_IBM_BTC_DER.patch * ocki-3.19.0-0034-EP11-Fix-setting-unknown-CPs-to-ON.patch * ocki-3.19.0-0035-Fix-compile-error-error-initializer-element-is-not-c.patch - Reworked ocki-3.19-remove-make-install-chgrp.patch to fit the current version of the package and renamed it to ocki-3.20-remove-make-install-chgrp.patch.
Nikolay Gueorguiev
2024-07-12 08:23:44 +0000
c45457d1b7Accepting request 1186784 from security
Ana Guerrero
2024-07-11 18:33:09 +0000
5a473c2505- Updated the .spec file (bsc#1225876, bsc#1227280) * Amended for group %{pkcs_group} and user pkcsslotd * Copying example script files from /usr/share/doc/opencryptoki to /usr/share/opencryptoki (policy-example.conf and strength-example.conf) in case that there is 'rpm.install.excludedocs=yes' set in the zypper.conf(zypp.conf)
Nikolay Gueorguiev
2024-07-11 08:09:59 +0000
b58c7a82eeAccepting request 1144813 from security
Ana Guerrero
2024-02-07 17:49:51 +0000
2724046aa7Accepting request 1144812 from home:ngueorguiev:branches:security
Nikolay Gueorguiev
2024-02-07 07:52:33 +0000
e643acdba0Accepting request 1144144 from security
Ana Guerrero
2024-02-05 21:01:37 +0000
dc5f0e29cfAccepting request 1144142 from home:msmeissn:branches:security
Nikolay Gueorguiev
2024-02-05 09:04:37 +0000
6e0c8bdcc5Accepting request 1130787 from security
Ana Guerrero
2023-12-04 22:02:10 +0000
1ec37d5138Accepting request 1130784 from home:ngueorguiev:branches:security
Nikolay Gueorguiev
2023-12-04 13:55:51 +0000
8547c44c9dAccepting request 1130765 from home:ngueorguiev:branches:security
Nikolay Gueorguiev
2023-12-04 13:12:20 +0000
d8a4f57221Accepting request 1112796 from security
Ana Guerrero
2023-09-21 20:23:34 +0000
a44a3cdeebAccepting request 1112795 from home:ngueorguiev:branches:security
Nikolay Gueorguiev
2023-09-21 11:13:54 +0000
36a196394bAccepting request 1089152 from security
Dominique Leuenberger
2023-05-26 18:15:43 +0000
7aa2bb9da2Accepting request 1089151 from home:ngueorguiev:branches:security
Nikolay Gueorguiev
2023-05-26 07:50:50 +0000
788aa4046aAccepting request 1089144 from home:ngueorguiev:branches:security
Nikolay Gueorguiev
2023-05-26 06:46:11 +0000
1c939703a3Accepting request 1066182 from security
Dominique Leuenberger
2023-02-16 15:57:19 +0000
8c6d50ec24Accepting request 1066181 from home:ngueorguiev:branches:security
Nikolay Gueorguiev
2023-02-16 13:33:42 +0000
d227b6f7d5Accepting request 1063654 from security
Dominique Leuenberger
2023-02-07 17:50:57 +0000
407ecfdaa4- Added the following patches for bsc#1182726 " p11sak list-key segfault" * ocki-3.15.1-Added-NULL-pointer-to-avoid-double-free-for-the-list.patch Added NULL pointer to avoid double free() for the list-key and remove-key commands. * ocki-3.15.1-Fixed-p11sak-and-corresponding-test-case.patch Note that two hunks that were unrelated to fixing the running code were removed from this patch. * ocki-3.15.1-p11sak-Fix-CKA_LABEL-handling.patch
Mark Post
2021-09-15 14:29:40 +0000
45d43aadc0Accepting request 872977 from security
Dominique Leuenberger
2021-02-17 17:12:21 +0000
6e14030074Accepting request 872976 from home:markkp:branches:security
Mark Post
2021-02-16 21:24:55 +0000
aa124905eaAccepting request 866674 from security
Dominique Leuenberger
2021-01-26 13:46:44 +0000
a15ba93dbaAccepting request 866673 from home:markkp:branches:security
Mark Post
2021-01-25 20:49:50 +0000
c901ea9431Accepting request 865508 from security
Dominique Leuenberger
2021-01-22 20:52:07 +0000
c0154ab939- Upgraded to version 3.12.0 (jsc#SLE-7647, jsc#SLE-7915, jsc#SLE-7918) * Update token pin and data store encryption for soft,ica,cca and ep11 * EP11: Allow importing of compressed EC public keys * EP11: Add support for the CMAC mechanisms * EP11: Add support for the IBM-SHA3 mechanisms * SOFT: Add AES-CMAC and 3DES-CMAC support to the soft token * ICA: Add AES-CMAC and 3DES-CMAC support to the ICA token * EP11: Add config option USE_PRANDOM * CCA: Use Random Number Generate Long for token_specific_rng() * Common rng function: Prefer /dev/prandom over /dev/urandom * ICA: add SHA*_RSA_PKCS_PSS mechanisms * Bug fixes - Removed obsolete ocki-3.11.1-EP11-Support-tolerated-new-crypto-cards.patch
Mark Post
2019-12-02 21:40:41 +0000
cbd45d26e5Accepting request 747496 from security
Dominique Leuenberger
2019-11-12 10:56:28 +0000
be04f8e20e- Upgraded to version 3.12.0 (jsc#SLE-7647, jsc#SLE-7915, jsc#SLE-7918) * Update token pin and data store encryption for soft,ica,cca and ep11 * EP11: Allow importing of compressed EC public keys * EP11: Add support for the CMAC mechanisms * EP11: Add support for the IBM-SHA3 mechanisms * SOFT: Add AES-CMAC and 3DES-CMAC support to the soft token * ICA: Add AES-CMAC and 3DES-CMAC support to the ICA token * EP11: Add config option USE_PRANDOM * CCA: Use Random Number Generate Long for token_specific_rng() * Common rng function: Prefer /dev/prandom over /dev/urandom * ICA: add SHA*_RSA_PKCS_PSS mechanisms * Bug fixes - Removed obsolete ocki-3.11.1-EP11-Support-tolerated-new-crypto-cards.patch
Mark Post
2019-11-12 06:00:01 +0000
f072b8698a- Don't hide error messages from the groupadd command. To eliminate a potentially common one, check to see if the pkcs11 group is already defined before trying to add it. - Update the summary for the -devel package. - Changed several PreReq entries to Requires(pre) as a result of the output from spec-cleaner. Removed a couple of obsolete lines.
Mark Post
2018-11-29 22:49:07 +0000
bc9b0c7ad7Accepting request 649627 from security
Dominique Leuenberger
2018-11-20 21:42:30 +0000
e7f80fc66dAccepting request 649626 from home:markkp:branches:security
Mark Post
2018-11-16 16:33:50 +0000
aa50de6dc7Accepting request 597603 from security
Dominique Leuenberger
2018-04-19 13:31:21 +0000
4866a500c9Accepting request 597601 from home:markkp:branches:security
Mark Post
2018-04-17 23:10:57 +0000
9a4d74717dAccepting request 585158 from security
Dominique Leuenberger
2018-03-11 14:25:39 +0000
4539918c49Accepting request 585157 from home:markkp:branches:security
Mark Post
2018-03-09 20:17:11 +0000
cd7943207eAccepting request 546864 from security
Dominique Leuenberger
2017-12-03 09:12:49 +0000
cfbd8bf303Accepting request 546863 from home:markkp:branches:security
Mark Post
2017-12-01 02:02:32 +0000
6165f39b1fAccepting request 500232 from security
Dominique Leuenberger
2017-06-01 14:34:51 +0000
3d264fa667Accepting request 500228 from home:markkp:branches:security
Mark Post
2017-05-31 20:09:13 +0000
0c6c511ab1Accepting request 494813 from security
Dominique Leuenberger
2017-05-16 12:45:19 +0000
cd6812de23- Updated to version 3.7.0 (Fate#321451) (bsc#1036640) - Update example spec file - Performance improvement. Moving from mutexes to transactional memory. - Add ECDSA SHA2 support for EP11 and CCA. - Fix declaration of inline functions. - Fix wrong testcase and ber en/decoding for integers. - Check for 'flex' and 'YACC' on configure. - EP11 config file rework. - Add enable-debug on travis build. - Add testcase for C_GetOperationState/C_SetOperationState. - Upgrade License to CPL-1.0 - Ica token: fix openssh/ibmpkcs11 engine/libica crash. - Fix segfault and logic in hardware feature test. - Fix spelling of documentation and manuals. - Fix the retrieval of p from a generated rsa key. - Coverity scan fixes - incompatible pointer type and unused variables.
Mark Post
2017-05-12 09:06:41 +0000
bfbc78d27eAccepting request 491366 from security
Dominique Leuenberger
2017-04-28 07:14:00 +0000
5f9d2f2ce9Accepting request 491365 from home:markkp:branches:security
Mark Post
2017-04-26 20:28:06 +0000
399e119092Accepting request 481629 from security
Dominique Leuenberger
2017-03-24 01:21:54 +0000
f168c8daedAccepting request 481628 from home:markkp:branches:security
Mark Post
2017-03-20 21:54:09 +0000
18e79c3575Accepting request 481620 from home:markkp:branches:security
Mark Post
2017-03-20 21:47:43 +0000
294be4d5edAccepting request 480952 from security
Dominique Leuenberger
2017-03-18 19:51:04 +0000
4d86d0db29Accepting request 480951 from home:markkp:branches:security
Mark Post
2017-03-17 22:23:40 +0000
9b51cd5951Accepting request 480948 from home:markkp:branches:security
Mark Post
2017-03-17 22:13:25 +0000
3ff97425b0Accepting request 460935 from security
Dominique Leuenberger
2017-03-03 16:44:34 +0000
1e158a83bfAccepting request 460930 from home:markkp:branches:security
Mark Post
2017-02-28 17:15:00 +0000
d71451abdeAccepting request 451674 from security
Dominique Leuenberger
2017-01-24 09:38:17 +0000
e9742235f7- Removed reference to pkcs1_startup from pkcsslotd (bsc#1007081)
Mark Post
2017-01-17 20:14:46 +0000