Accepting request 390331 from security

- Upgraded to openCryptoki v3.4.1 (Fate#319576, 319585, 319592, 319938). - Changed BuildRequires for libica_2_3_0-devel to libica2-devel. - Changed BuildRequires for openssl-devel to specify >= 1.0 Contrary to what the README says, version 0.9.7 isn't sufficient. - Removed the redundant DESTDIR= parameter from the %make_install - Removed the following obsolete patches opencryptoki-run-lock.patch (/var/lock and run/lock are actually the same place) Also reverted the changed to openCryptoki-tmp.conf to match. ocki-3.1_10_0001-ica-sha-update-empty-msg.patch ocki-3.1-fix-implicit-decl.patch ocki-3.1-fix-init_d-path.patch ocki-3.1-fix-libica-link.patch ocki-3.2_01_fix-return-type-error.patch ocki-3.2_02_ep11-token-incorrectly-copied-the-public-key-object-.patch ocki-3.2_03_ICSF-Token-C_SignUpdate-was-sometimes-segfaulting-an.patch ocki-3.2_04_CKA_EC_POINT-is-not-required-in-the-ECDSA-private-ke.patch ocki-3.2_05_icsf_ldap_handles.patch ocki-3.2_06_icsf_sign_verify.patch - renamed: ocki-3.1-remove-make-install-chgrp-chmod.patch to ocki-3.1-remove-make-install-chgrp.patch - Get a new ldap handle for each session opened in the icsf token, once the user has authenticated. (bsc#953347,LTC#130078) - ocki-3.2_05_icsf_ldap_handles.patch - ocki-3.2_06_icsf_sign_verify.patch - Added /var/lib/opencryptoki/lite/TOK_OBJ token directory (bsc#943070) - Added ocki-3.2_02_ep11-token-incorrectly-copied-the-public-key-object-.patch - Fixed two public key object inclusion in EP11 token (bsc#946808) OBS-URL: https://build.opensuse.org/request/show/390331 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openCryptoki?expand=0&rev=31
2016-04-28 14:54:32 +00:00 · 2016-04-28 14:54:32 +00:00 · b1973cba38
commit b1973cba38
parent 6156f42135 1e173dfe5e
10 changed files with 140 additions and 183 deletions
--- a/ocki-3.1-fix-implicit-decl.patch
+++ b/ocki-3.1-fix-implicit-decl.patch
@ -1,66 +0,0 @@
--- opencryptoki/usr/lib/pkcs11/common/loadsave.c
-+++ opencryptoki/usr/lib/pkcs11/common/loadsave.c
-@@ -287,6 +287,9 @@
- //
- //
- 
-+/* _GNU_SOURCE necessary for asprintf */
-+#define _GNU_SOURCE
-+
- #include <pthread.h>
- #include <stdio.h>
- #include <stdlib.h>
--- opencryptoki/usr/lib/pkcs11/common/mech_rng.c
-+++ opencryptoki/usr/lib/pkcs11/common/mech_rng.c
-@@ -301,6 +301,7 @@
- #include <sys/types.h>
- #include <sys/stat.h>
- #include <fcntl.h>
-+#include <unistd.h>
- 
- 
- #include "pkcs11types.h"
--- opencryptoki/usr/lib/pkcs11/tpm_stdll/tpm_specific.c
-+++ opencryptoki/usr/lib/pkcs11/tpm_stdll/tpm_specific.c
-@@ -31,6 +31,9 @@
-  *
-  */
- 
-+#define _GNU_SOURCE
-+#include <stdio.h>
-+
- #include <pthread.h>
- #include <string.h>
- #include <stdlib.h>
--- opencryptoki/usr/sbin/pkcsslotd/garbage_linux.c
-+++ opencryptoki/usr/sbin/pkcsslotd/garbage_linux.c
-@@ -294,6 +294,7 @@
- #include <string.h>
- #include <sys/types.h>
- #include <fcntl.h>
-+#include <unistd.h>
- 
- #include "log.h"
- #include "slotmgr.h"
--- opencryptoki/usr/sbin/pkcsslotd/mutex.c
-+++ opencryptoki/usr/sbin/pkcsslotd/mutex.c
-@@ -293,6 +293,9 @@
- #include <sys/types.h>
- #include <sys/file.h>
- #include <grp.h>
-+#include <sys/stat.h>
-+#include <string.h>
-+#include <unistd.h>
- 
- #include "log.h"
- #include "slotmgr.h"
--- opencryptoki/usr/sbin/pkcsslotd/slotmgr.c
-+++ opencryptoki/usr/sbin/pkcsslotd/slotmgr.c
-@@ -292,6 +292,7 @@
- #include <stdio.h>
- #include <stdlib.h>
- #include <errno.h>
-+#include <unistd.h>
- 
- #include "log.h"
- #include "slotmgr.h"
--- a/ocki-3.1-fix-init_d-path.patch
+++ b/ocki-3.1-fix-init_d-path.patch
@ -1,11 +0,0 @@
--- opencryptoki.orig/misc/Makefile.am	2014-01-27 15:01:57.000000000 -0700
-+++ opencryptoki/misc/Makefile.am	2014-01-31 09:15:15.816980000 -0700
-@@ -11,7 +11,7 @@ pkcsslotd.service: pkcsslotd.service.in
- 	@SED@ -e s!\@sbindir\@!"@sbindir@"!g < $< > $@-t
- 	mv $@-t $@
- else
-initddir = $(sysconfdir)/rc.d/init.d
-+initddir = $(sysconfdir)/init.d
- initd_SCRIPTS = pkcsslotd
- 
- CLEANFILES = pkcsslotd
--- a/ocki-3.1-fix-libica-link.patch
+++ b/ocki-3.1-fix-libica-link.patch
@ -1,11 +0,0 @@
--- opencryptoki/configure.in
-+++ opencryptoki/configure.in
-@@ -328,7 +328,7 @@
- 	old_cflags="$CFLAGS"
- 	old_libs="$LIBS"
- 	CFLAGS="$CFLAGS $LIBICA_CFLAGS"
-	LIBS="$LIBS $LIBICA_LIBS"
-+	LIBS="$LIBS $LIBICA_LIBS -lrt -lcrypto -lpthread"
- 	AC_CHECK_HEADER([ica_api.h], [], [
- 		if test "x$with_libica" != "xcheck"; then
- 			AC_MSG_ERROR([Build with Libica requested but Libica headers couldn't be found])
--- a/ocki-3.1-remove-make-install-chgrp-chmod.patch
+++ b/ocki-3.1-remove-make-install-chgrp-chmod.patch
@ -1,100 +1,94 @@
 --- opencryptoki/usr/Makefile.am
 +++ opencryptoki/usr/Makefile.am
-@@ -6,5 +6,3 @@
+@@ -6,5 +6,4 @@
 
 install-data-hook:
- 	$(MKDIR_P) $(DESTDIR)$(lockdir)
-	$(CHGRP) pkcs11 $(DESTDIR)$(lockdir)
-	$(CHMOD) 0770 $(DESTDIR)$(lockdir)
+ 	$(MKDIR_P) $(DESTDIR)$(lockdir) $(DESTDIR)$(logdir)
+-	$(CHGRP) pkcs11 $(DESTDIR)$(lockdir) $(DESTDIR)$(logdir)
+ 	$(CHMOD) 0770 $(DESTDIR)$(lockdir) $(DESTDIR)$(logdir)
 --- opencryptoki/usr/lib/pkcs11/cca_stdll/Makefile.am
 +++ opencryptoki/usr/lib/pkcs11/cca_stdll/Makefile.am
-@@ -66,13 +66,7 @@
+@@ -66,12 +66,9 @@
 	cd $(DESTDIR)/$(libdir)/opencryptoki/stdll && \
 		ln -sf libpkcs11_cca.so PKCS11_CCA.so
 	$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ
 -	$(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ
 -	$(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok
-	$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ
-	$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok
+ 	$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok/TOK_OBJ
+ 	$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ccatok
 	$(MKDIR_P) $(DESTDIR)$(lockdir)/ccatok
 -	$(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/ccatok
-	$(CHMOD) 0770 $(DESTDIR)$(lockdir)/ccatok
+ 	$(CHMOD) 0770 $(DESTDIR)$(lockdir)/ccatok
 
 uninstall-hook:
- 	if test -d $(DESTDIR)/$(libdir)/opencryptoki/stdll; then \
 --- opencryptoki/usr/lib/pkcs11/ep11_stdll/Makefile.am
 +++ opencryptoki/usr/lib/pkcs11/ep11_stdll/Makefile.am
-@@ -54,13 +54,7 @@
+@@ -49,12 +49,9 @@
 	cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
 		ln -sf libpkcs11_ep11.so PKCS11_EP11.so
 	$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok/TOK_OBJ
 -	$(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok/TOK_OBJ
 -	$(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok
-	$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok/TOK_OBJ
-	$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok
+ 	$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok/TOK_OBJ
+ 	$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/ep11tok
 	$(MKDIR_P) $(DESTDIR)$(lockdir)/ep11tok
 -	$(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/ep11tok
-	$(CHMOD) 0770 $(DESTDIR)$(lockdir)/ep11tok
+ 	$(CHMOD) 0770 $(DESTDIR)$(lockdir)/ep11tok
 
 uninstall-hook:
- 	if test -d $(DESTDIR)$(libdir)/opencryptoki/stdll; then \
 --- opencryptoki/usr/lib/pkcs11/ica_s390_stdll/Makefile.am
 +++ opencryptoki/usr/lib/pkcs11/ica_s390_stdll/Makefile.am
-@@ -62,13 +62,7 @@
+@@ -64,12 +64,9 @@
 	cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
 		ln -sf libpkcs11_ica.so PKCS11_ICA.so
 	$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ
 -	$(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ
 -	$(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite
-	$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ
-	$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite
+ 	$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite/TOK_OBJ
+ 	$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/lite
 	$(MKDIR_P) $(DESTDIR)$(lockdir)/lite
 -	$(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/lite
-	$(CHMOD) 0770 $(DESTDIR)$(lockdir)/lite
+ 	$(CHMOD) 0770 $(DESTDIR)$(lockdir)/lite
 
 uninstall-hook:
- 	if test -d $(DESTDIR)$(libdir)/opencryptoki/stdll; then \
 --- opencryptoki/usr/lib/pkcs11/icsf_stdll/Makefile.am
 +++ opencryptoki/usr/lib/pkcs11/icsf_stdll/Makefile.am
-@@ -76,11 +76,7 @@
+@@ -79,10 +79,8 @@
 	cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
 		ln -sf libpkcs11_icsf.so PKCS11_ICSF.so
 	$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf
 -	$(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf
-	$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf
+ 	$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/icsf
 	$(MKDIR_P) $(DESTDIR)$(lockdir)/icsf
 -	$(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/icsf 
-	$(CHMOD) 0770 $(DESTDIR)$(lockdir)/icsf
+ 	$(CHMOD) 0770 $(DESTDIR)$(lockdir)/icsf
 
 uninstall-hook:
- 	if test -d $(DESTDIR)$(libdir)/opencryptoki/stdll; then \
 --- opencryptoki/usr/lib/pkcs11/soft_stdll/Makefile.am
 +++ opencryptoki/usr/lib/pkcs11/soft_stdll/Makefile.am
-@@ -54,13 +54,7 @@
+@@ -56,12 +56,9 @@
 	cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
 		ln -sf libpkcs11_sw.so PKCS11_SW.so
 	$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ
 -	$(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ
 -	$(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok
-	$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ
-	$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok
+ 	$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok/TOK_OBJ
+ 	$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/swtok
 	$(MKDIR_P) $(DESTDIR)$(lockdir)/swtok
 -	$(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/swtok
-	$(CHMOD) 0770 $(DESTDIR)$(lockdir)/swtok
+ 	$(CHMOD) 0770 $(DESTDIR)$(lockdir)/swtok
 
 uninstall-hook:
- 	if test -d $(DESTDIR)$(libdir)/opencryptoki/stdll; then \
 --- opencryptoki/usr/lib/pkcs11/tpm_stdll/Makefile.am
 +++ opencryptoki/usr/lib/pkcs11/tpm_stdll/Makefile.am
-@@ -69,11 +69,7 @@
+@@ -71,10 +71,8 @@
 	cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
 		ln -sf libpkcs11_tpm.so PKCS11_TPM.so
 	$(MKDIR_P) $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm
 -	$(CHGRP) pkcs11 $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm
-	$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm
+ 	$(CHMOD) 0770 $(DESTDIR)$(localstatedir)/lib/opencryptoki/tpm
 	$(MKDIR_P) $(DESTDIR)$(lockdir)/tpm
 -	$(CHGRP) pkcs11 $(DESTDIR)$(lockdir)/tpm 
-	$(CHMOD) 0770 $(DESTDIR)$(lockdir)/tpm
+ 	$(CHMOD) 0770 $(DESTDIR)$(lockdir)/tpm
 
 uninstall-hook:
- 	if test -d $(DESTDIR)$(libdir)/opencryptoki/stdll; then \
--- a/openCryptoki-tmp.conf
+++ b/openCryptoki-tmp.conf
@ -1,8 +1,7 @@
 # Lock directories needed by openCryptoki
-D   /run/lock/opencryptoki 0770 root pkcs11
-D   /run/lock/opencryptoki/swtok 0770 root pkcs11
-D   /run/lock/opencryptoki/lite 0770 root pkcs11
-D   /run/lock/opencryptoki/tpm 0770 root pkcs11
-D   /run/lock/opencryptoki/ccatok 0770 root pkcs11
-D   /run/lock/opencryptoki/icsf 0770 root pkcs11
-D   /run/lock/opencryptoki/ep11tok 0770 root pkcs11
+D   /var/lock/opencryptoki/swtok 0770 root pkcs11
+D   /var/lock/opencryptoki/lite 0770 root pkcs11
+D   /var/lock/opencryptoki/tpm 0770 root pkcs11
+D   /var/lock/opencryptoki/ccatok 0770 root pkcs11
+D   /var/lock/opencryptoki/icsf 0770 root pkcs11
+D   /var/lock/opencryptoki/ep11tok 0770 root pkcs11
--- a/openCryptoki.changes
+++ b/openCryptoki.changes
@ -1,3 +1,79 @@
+-------------------------------------------------------------------
+Thu Apr 14 01:47:08 UTC 2016 - mpost@suse.com
+
+- Upgraded to openCryptoki v3.4.1 (Fate#319576, 319585, 319592, 319938).
+- Changed BuildRequires for libica_2_3_0-devel to libica2-devel.
+- Changed BuildRequires for openssl-devel to specify >= 1.0
+  Contrary to what the README says, version 0.9.7 isn't
+  sufficient.
+- Removed the redundant DESTDIR= parameter from the %make_install
+- Removed the following obsolete patches
+  opencryptoki-run-lock.patch (/var/lock and run/lock are actually the
+    same place) Also reverted the changed to openCryptoki-tmp.conf to match.
+  ocki-3.1_10_0001-ica-sha-update-empty-msg.patch
+  ocki-3.1-fix-implicit-decl.patch
+  ocki-3.1-fix-init_d-path.patch
+  ocki-3.1-fix-libica-link.patch
+  ocki-3.2_01_fix-return-type-error.patch
+  ocki-3.2_02_ep11-token-incorrectly-copied-the-public-key-object-.patch
+  ocki-3.2_03_ICSF-Token-C_SignUpdate-was-sometimes-segfaulting-an.patch
+  ocki-3.2_04_CKA_EC_POINT-is-not-required-in-the-ECDSA-private-ke.patch
+  ocki-3.2_05_icsf_ldap_handles.patch
+  ocki-3.2_06_icsf_sign_verify.patch
+
+- renamed: ocki-3.1-remove-make-install-chgrp-chmod.patch to
+  ocki-3.1-remove-make-install-chgrp.patch
+
+-------------------------------------------------------------------
+Fri Nov  6 14:00:42 UTC 2015 - jjolly@suse.com
+
+- Get a new ldap handle for each session opened in the icsf token,
+    once the user has authenticated. (bsc#953347,LTC#130078)
+  - ocki-3.2_05_icsf_ldap_handles.patch
+  - ocki-3.2_06_icsf_sign_verify.patch
+
+-------------------------------------------------------------------
+Fri Oct  2 04:05:45 UTC 2015 - jjolly@suse.com
+
+- Added /var/lib/opencryptoki/lite/TOK_OBJ token directory (bsc#943070)
+- Added ocki-3.2_02_ep11-token-incorrectly-copied-the-public-key-object-.patch
+  - Fixed two public key object inclusion in EP11 token (bsc#946808)
+- Added ocki-3.2_03_ICSF-Token-C_SignUpdate-was-sometimes-segfaulting-an.patch
+  - Fixed GPF when calling C_SignUpdate using ICFS toekn (bsc#946172)
+- Added ocki-3.2_04_CKA_EC_POINT-is-not-required-in-the-ECDSA-private-ke.patch
+  - Fixed failure to import ECDSA because of lack of attribute (bsc#948114)
+
+-------------------------------------------------------------------
+Thu Aug 20 00:49:21 UTC 2015 - jjolly@suse.com
+
+- Fixed BuildRequires: libica2-devel
+- Added ocki-3.2_01_fix-return-type-error.patch
+- Changing doc/README.ep11_stdll to unix-style EOL
+  - Added BuildRequires: dos2unix
+- Removed globbing in %files and specified libraries to include (bsc#942162)
+
+-------------------------------------------------------------------
+Tue Aug 18 02:50:08 UTC 2015 - jjolly@suse.com
+
+- Updated to openCryptoki v3.2 (FATE#318240)
+- Removed unnecessary patches:
+  - ocki-3.1_01_ep11_makefile.patch
+  - ocki-3.1_02_ep11_m_init.patch
+  - ocki-3.1_03_ock_obj_mgr.patch
+  - ocki-3.1_04_ep11_opaque2blob_error_handl.patch
+  - ocki-3.1_05_ep11_readme_update.patch
+  - ocki-3.1_06_0001-print_mechanism-ignored-bad-returncodes-from-the-cal.patch
+  - ocki-3.1_06_0002-Fix-failure-when-confname-is-not-given-use-default-e.patch
+  - ocki-3.1_06_0003-Configure-was-checking-for-the-ep11-lib-and-the-m_in.patch
+  - ocki-3.1_06_0004-The-asm-zcrypt.h-header-file-uses-some-std-int-types.patch
+  - ocki-3.1_06_0005-Small-reworks.patch
+  - ocki-3.1_06_0006-The-31-bit-build-on-s390-showed-an-build-error-at-in.patch
+  - ocki-3.1_06_0007-ep11-is-not-building-because-not-setting-with_zcrypt.patch
+  - ocki-3.1_07_0001-Man-page-corrections.patch
+  - ocki-3.1_08_0001-Add-a-pkcscca-tool-to-help-migrate-cca-private-token.patch
+  - ocki-3.1_08_0002-Add-documentation-pkcscca-manpage-and-README.cca_std.patch
+  - ocki-3.1_09_0001-Fix-EOL-encoding-in-README.patch
+
 -------------------------------------------------------------------
 Tue Apr  7 21:22:57 UTC 2015 - crrodriguez@opensuse.org

--- a/openCryptoki.spec
+++ b/openCryptoki.spec
@ -1,7 +1,7 @@
 #
 # spec file for package openCryptoki
 #
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -36,34 +36,34 @@ BuildRequires:  bison
 BuildRequires:  flex
 BuildRequires:  gcc-c++
 %ifarch s390 s390x
-BuildRequires:  libica-2_3_0-devel
+BuildRequires:  libica2-devel
 %endif
 BuildRequires:  libtool
 BuildRequires:  openldap2-devel
-BuildRequires:  openssl-devel
+BuildRequires:  openssl-devel >= 1.0
 BuildRequires:  pwdutils
 BuildRequires:  trousers-devel
 %if %{uses_systemd}
 BuildRequires:  pkgconfig(systemd)
 %{?systemd_requires}
 %else
-%insserv_prereq
+BuildRequires:  %insserv_prereq
 %endif
+BuildRequires:  dos2unix
+
 Summary:        An Implementation of PKCS#11 (Cryptoki) v2.11 for IBM Cryptographic Hardware
 License:        IPL-1.0
 Group:          Productivity/Security
-Version:        3.2
+Version:        3.4.1
 Release:        0
-Source:         http://downloads.sourceforge.net/project/opencryptoki/opencryptoki/v3.2/opencryptoki-v3.2.tgz
+Source:         %{oc_cvs_tag}-v%{version}.tgz
 Source1:        openCryptoki.pkcsslotd
 Source2:        openCryptoki-TFAQ.html
 Source3:        openCryptoki-tmp.conf
-Patch1:         ocki-3.1-remove-make-install-chgrp-chmod.patch
-Patch2:         ocki-3.1-fix-init_d-path.patch
-Patch3:         ocki-3.1-fix-implicit-decl.patch
-Patch4:         ocki-3.1-fix-libica-link.patch
-Patch5:         opencryptoki-run-lock.patch
-Url:            http://sourceforge.net/projects/opencryptoki/
+# Patch 1 is needed because group pkcs11 doesn't exist in the build environment
+# and because we don't want(?) various file and directory permissions to be 0700.
+Patch1:         ocki-3.1-remove-make-install-chgrp.patch
+Url:            https://sourceforge.net/projects/opencryptoki/
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 PreReq:         /usr/sbin/groupadd /usr/bin/id /usr/sbin/usermod /bin/sed
 # IBM maintains openCryptoki on these architectures:
@ -77,13 +77,16 @@ coprocessor (with the PKCS#11 firmware loaded) and the IBM eServer
 Cryptographic Accelerator (FC 4960 on pSeries).


-
 %package devel
 Summary:        An Implementation of PKCS#11 (Cryptoki) v2.01 for IBM Cryptographic Hardware
 Group:          Development/Languages/C and C++
 Requires:       glibc-devel
-Requires:       openCryptoki = %{version}-%{release}
-Requires:       openssl-devel
+%ifarch s390 s390x
+Requires:       libica2-devel
+%endif
+Requires:       libopenssl-devel
+Requires:       openldap2-devel
+Requires:       trousers-devel

 %description devel
 The PKCS#11 version 2.01 API implemented for the IBM cryptographic
@ -92,7 +95,6 @@ co-processor (with the PKCS#11 firmware loaded) and the IBM eServer
 Cryptographic Accelerator (FC 4960 on pSeries).


-
 %ifarch %openCryptoki_32bit_arch

 %package 32bit
@ -113,7 +115,6 @@ coprocessor (with the PKCS#11 firmware loaded) and the IBM eServer
 Cryptographic Accelerator (FC 4960 on pSeries).


-
 %endif
 %ifarch %openCryptoki_64bit_arch

@ -135,16 +136,11 @@ coprocessor (with the PKCS#11 firmware loaded) and the IBM eServer
 Cryptographic Accelerator (FC 4960 on pSeries).


-
 %endif

 %prep
 %setup -q -n %{oc_cvs_tag}
 %patch1 -p1
-%patch2 -p1
-%patch3 -p1
-%patch4 -p1
-%patch5 -p1
 cp %{SOURCE2} .

 %build
@ -155,9 +151,10 @@ autoreconf --force --install
 	--with-systemd=%{_unitdir}
 %endif
 make %{?_smp_mflags}
+dos2unix doc/README.ep11_stdll

 %install
-%make_install DESTDIR=$RPM_BUILD_ROOT INSROOT=$RPM_BUILD_ROOT
+%make_install
 install -d $RPM_BUILD_ROOT/usr/include
 install -d $RPM_BUILD_ROOT/var/lib/opencryptoki
 install -d $RPM_BUILD_ROOT/etc/init.d
@ -172,8 +169,8 @@ ln -sfv ../../etc/init.d/pkcsslotd $RPM_BUILD_ROOT/usr/sbin/rcpkcsslotd
 %endif
 rm -rf $RPM_BUILD_ROOT/tmp
 # Remove all development files
-rm -f $RPM_BUILD_ROOT${_libdir}/opencryptoki/libopencryptoki.la
-rm -f $RPM_BUILD_ROOT/%_libdir/opencryptoki/methods
+find $RPM_BUILD_ROOT%{_libdir} -type f -name "*.la" -delete
+rm -f $RPM_BUILD_ROOT%{_libdir}/opencryptoki/methods

 %pre
 %if %{uses_systemd}
@ -182,15 +179,7 @@ rm -f $RPM_BUILD_ROOT/%_libdir/opencryptoki/methods
 # autobuild:/work/cd/lib/misc/group
 # openCryptoki    pkcs11:x:64:
 /usr/sbin/groupadd -g %pkcs11_group_id -r pkcs11 2>/dev/null || true
-/usr/sbin/usermod -G $(/usr/bin/id --groups --name root | /bin/sed \
-e 's/root//' -e '
-# add the pkcs group if it is missing
-/(^| )pkcs11( |$)/!s/$/ pkcs11/
-# replace spaces by commas
-y/ /,/
-# remove leading , if present
-s/^,//
-'),pkcs11  root
+/usr/sbin/usermod -a -G pkcs11 root

 %preun
 %if %{uses_systemd}
@ -295,10 +284,10 @@ ln -sf %{_libdir}/opencryptoki/libopencryptoki.so /usr/lib/pkcs11/PKCS11_API.so6
 %dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/tpm
 %dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/icsf
 %ifarch s390 s390x
-%dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/lite
-%dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/lite/TOK_OBJ
 %dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/ep11tok
 %dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/ep11tok/TOK_OBJ
+%dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/lite
+%dir %attr(770,root,pkcs11) %{_localstatedir}/lib/opencryptoki/lite/TOK_OBJ
 %endif
 %{_mandir}/man*/*

@ -306,11 +295,9 @@ ln -sf %{_libdir}/opencryptoki/libopencryptoki.so /usr/lib/pkcs11/PKCS11_API.so6
 %defattr(-,root,root)
 %dir %{_libdir}/opencryptoki
 %dir %{_libdir}/opencryptoki/stdll
-%{_libdir}/opencryptoki/*.la
-%{_libdir}/opencryptoki/stdll/*.la
 %{_includedir}/opencryptoki
-%ifarch %openCryptoki_32bit_arch

+%ifarch %openCryptoki_32bit_arch
 %files 32bit
 %defattr(-,root,root)
  # these don't conflict because they only exist as 64bit binaries if
@ -339,14 +326,14 @@ ln -sf %{_libdir}/opencryptoki/libopencryptoki.so /usr/lib/pkcs11/PKCS11_API.so6
 %{_libdir}/pkcs11/*.so
 %{_sysconfdir}/ld.so.conf.d/*
 %endif
-%ifarch %openCryptoki_64bit_arch

+%ifarch %openCryptoki_64bit_arch
 %files 64bit
 %defattr(-,root,root)
-%dir %_libdir/opencryptoki
+%dir %{_libdir}/opencryptoki
 %{_libdir}/opencryptoki/*.so
 %{_libdir}/opencryptoki/*.0
-%dir %_libdir/opencryptoki/stdll
+%dir %{_libdir}/opencryptoki/stdll
 %{_libdir}/opencryptoki/stdll/*.so
 %{_libdir}/opencryptoki/stdll/*.0
 %{_libdir}/pkcs11
--- a/opencryptoki-run-lock.patch
+++ b/opencryptoki-run-lock.patch
@ -1,11 +0,0 @@
--- opencryptoki.orig/configure.in
-+++ opencryptoki/configure.in
-@@ -40,7 +40,7 @@ AC_PROG_YACC
- 
- dnl Define custom variables
- 
-lockdir=$localstatedir/lock/opencryptoki
-+lockdir=/run/lock/opencryptoki
- AC_SUBST(lockdir)
- 
- dnl ---
--- a/opencryptoki-v3.2.tgz
+++ b/opencryptoki-v3.2.tgz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d0b4676766753449f4d9001436cf8371812ddff7b59869e8d5adef94c4fd261b
-size 911965
--- a/opencryptoki-v3.4.1.tgz
+++ b/opencryptoki-v3.4.1.tgz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:018ea402f3a1b38b203282fb047dfac209d94bf2988f2c29793eca65455452c4
+size 1014416