SHA256
1
0
forked from pool/openCryptoki
Commit Graph

124 Commits

Author SHA256 Message Date
Dominique Leuenberger
aa124905ea Accepting request 866674 from security
OBS-URL: https://build.opensuse.org/request/show/866674
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openCryptoki?expand=0&rev=59
2021-01-26 13:46:44 +00:00
Mark Post
a15ba93dba Accepting request 866673 from home:markkp:branches:security
- Added the following patches for bsc#1179319
  * Fix compiling with C++:
    ocki-3.15.1-Fix-compiling-with-c.patch
  * Added error message handling for p11sak remove-key command.
    ocki-3.15.1-Added-error-message-handling-for-p11sak-remove-key-c.patch

OBS-URL: https://build.opensuse.org/request/show/866673
OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=114
2021-01-25 20:49:50 +00:00
Dominique Leuenberger
c901ea9431 Accepting request 865508 from security
- Don't require pwdutils for build, dropped long ago and not needed

OBS-URL: https://build.opensuse.org/request/show/865508
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openCryptoki?expand=0&rev=58
2021-01-22 20:52:07 +00:00
Mark Post
247e91e02d OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=112 2021-01-21 21:07:16 +00:00
Mark Post
b05ff947e8 Accepting request 865419 from home:kukuk:branches:security
- Don't require pwdutils for build, dropped long ago and not needed

OBS-URL: https://build.opensuse.org/request/show/865419
OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=111
2021-01-21 21:06:37 +00:00
Dominique Leuenberger
939afd4257 Accepting request 844928 from security
OBS-URL: https://build.opensuse.org/request/show/844928
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openCryptoki?expand=0&rev=57
2020-10-30 10:49:31 +00:00
Mark Post
5d9c7f380f Accepting request 844927 from home:markkp:branches:security
- Upgraded to version 3.15.1 (jsc#SLE-13749, jsc#SLE-13666,
  jsc#SLE-13813, jsc#SLE-13812, jsc#SLE-13723, jsc#SLE-13714,
  jsc#SLE-13715, jsc#SLE-13710, jsc#SLE-13774, jsc#SLE-13786)
  * openCryptoki 3.15.1
    - Bug fixes
  * openCryptoki 3.15.0
    - common: conform to PKCS 11 3.0 Baseline Provider profile
    - Introduce new vendor defined interface named "Vendor IBM"
    - Support C_IBM_ReencryptSingle via "Vendor IBM" interface
    - CCA: support key wrapping
    - SOFT: support ECC
    - p11sak tool: add remove-key command
    - Bug fixes
  * openCryptoki 3.14.0
    - EP11: Dilitium support stage 2
    - Common: Rework on process and thread locking
    - Common: Rework on btree and object locking
    - ICSF: minor fixes
    - TPM, ICA, ICSF: support multiple token instances
    - new tool p11sak
  * openCryptoki 3.13.0
    - EP11: Dilithium support
    - EP11: EdDSA support
    - EP11: support RSA-OAEP with non-SHA1 hash and MGF
- Removed obsolete oki-3.12-EP11-Fix-EC-uncompress-buffer-length.patch
- Added oki-3.12-EP11-Fix-EC-uncompress-buffer-length.patch (bsc#1159114)
  The EP11 token may fail to import an ECC public key. Function
   C_CreateObject returns CKR_BUFFER_TOO_SMALL in this case.
- Upgraded to version 3.12.1 (bsc#1157863)
  * Fix pkcsep11_migrate tool
- Upgraded to version 3.12.0 (jsc#SLE-7647, jsc#SLE-7915, jsc#SLE-7918)
  * Update token pin and data store encryption for soft,ica,cca and ep11
  * EP11: Allow importing of compressed EC public keys
  * EP11: Add support for the CMAC mechanisms
  * EP11: Add support for the IBM-SHA3 mechanisms
  * SOFT: Add AES-CMAC and 3DES-CMAC support to the soft token
  * ICA: Add AES-CMAC and 3DES-CMAC support to the ICA token
  * EP11: Add config option USE_PRANDOM
  * CCA: Use Random Number Generate Long for token_specific_rng()
  * Common rng function: Prefer /dev/prandom over /dev/urandom
  * ICA: add SHA*_RSA_PKCS_PSS mechanisms
  * Bug fixes
- Removed obsolete ocki-3.11.1-EP11-Support-tolerated-new-crypto-cards.patch
- Added ocki-3.11.1-EP11-Support-tolerated-new-crypto-cards.patch
  (bsc#1152015)
  Add support for new IBM crypto card.
- Upgraded to version 3.11.1 (Fate#327837)
  Bug fixes.
- Dropped obsolete ocki-3.11-Fix-target_list-passing-for-EP11-session.patch
- Added ocki-3.11-Fix-target_list-passing-for-EP11-session.patch
  (bsc#1123988)
- Do not ignore errors from groupadd. If groupadd fails,
  installation ought not to proceed because files would have the
  wrong ownership.
- Don't hide error messages from the groupadd command. To eliminate
  a potentially common one, check to see if the pkcs11 group is
  already defined before trying to add it.
- Update the summary for the -devel package.
- Changed several PreReq entries to Requires(pre) as a result of
  the output from spec-cleaner. Removed a couple of obsolete lines.
- Removed obsolete check for whether systemd is in use or not.
- Upgraded to version 3.11.0 (Fate#325685)
  * opencryptoki 3.11.0
    EP11 enhancements
    A lot of bug fixes
- Reworked the ocki-3.1-remove-make-install-chgrp.patch to apply
  properly to 3.11, and renamed it to
  ocki-3.11-remove-make-install-chgrp.patch
- Removed obsolete patch ocki-3.5-icsf-coverity-memoryleakfix.patch
- Upgraded to version 3.10.0 (Fate#325685)
  * opencryptoki 3.10.0
    Add support to ECC on ICA token and to common code.
    Add SHA224 support to SOFT token.
    Improve pkcsslotd logging.
    Fix sha512_hmac_sign and rsa_x509_verify for ICA token.
    Fix tracing of session id.
    Fix and improve testcases.
    Fix spec file permission for log directory.
    Fix build warnings.
  * opencryptoki 3.9.0
    Fix token reinitialization
    Fix conditional man pages
    EP11 enhancements
    EP11 EC Key import
    Increase RSA max key length
    Fix broken links on documentation
    Define CK_FALSE and CK_TRUE macros
    Improve build flags
- Dropped obsolete patch ocki-3.8.2-Fix-Hardware-Feature-Object-validation-and-tests.patch
- Made multiple changes to the spec file based on spec-cleaner output.
- Added an rpmlintrc file to squelch warnings about adding ghost
  entries for files under /var/lock/opencryptoki/
- Added ocki-3.8.2-Fix-Hardware-Feature-Object-validation-and-tests.patch
  (bsc#1086678)
- Re-enabled ARM architectures now that gcc6 is in SLE15. (bsc#1084617)
- Upgraded to version 3.8.2 (fate#323295, bsc#1066412)
  * v3.8.2
    Update man pages.
    Improve ock_tests for parallel execution.
    Fix FindObjectsInit for hidden HW-feature.
    Fix to allow vendor defined hardware features.
    Fix unresolved symbols.
    Fix tracing.
    Code/project cleanup.
  * v3.8.1
    Fix TPM data-structure reset function.
    Fix error message when dlsym fails.
    Update configure.ac
    Update travis.
  * v3.8.0
    Multi token instance feature.
    Added possibility to run opencryptoki with transactional memory or locks
      (--enable-locks on configure step).
    Updated documentation.
    Fix segfault on ec_test.
    Bunch of small fixes.
- Removed ARM architectures from the build list until gcc6 becomes
  available for SLES. (bsc#1039510).
- Updated to version 3.7.0 (Fate#321451) (bsc#1036640)
  - Update example spec file
  - Performance improvement. Moving from mutexes to transactional memory.
  - Add ECDSA SHA2 support for EP11 and CCA.
  - Fix declaration of inline functions.
  - Fix wrong testcase and ber en/decoding for integers.
  - Check for 'flex' and 'YACC' on configure.
  - EP11 config file rework.
  - Add enable-debug on travis build.
  - Add testcase for C_GetOperationState/C_SetOperationState.
  - Upgrade License to CPL-1.0
  - Ica token: fix openssh/ibmpkcs11 engine/libica crash.
  - Fix segfault and logic in hardware feature test.
  - Fix spelling of documentation and manuals.
  - Fix the retrieval of p from a generated rsa key.
  - Coverity scan fixes - incompatible pointer type and unused variables.
- Added libica-tools to the BuildRequires due to repackaging of libica.
- Modified the spec file
  - Changed libca3-devel BuildRequires to just libica-devel
  - Check for systemd in the 32bit postun scriptlet.
- Upgraded to version 3.6.2 (fate#321451)
  - Support OpenSSL-1.1.
  - Add Travis CI support.
  - Update autotools scripts and documentation.
  - Fix SegFault when a invalid session handle is passed in
    SC_EncryptUpdate and SC_DecryptUpdate.
- Updated spec file to use libica3-devel instead of libica2-devel.
- Upgraded to version 3.6.1 (fate#321451)
  - opencryptoki 3.6.1
    - Fix SOFT token implementation of digest functions.
    - Replace deprecated OpenSSL interfaces.
  - opencryptoki 3.6
    - Replace deprecated libica interfaces.
    - Performance improvement for ICA.
    - Improvement in documentation on system resources.
    - Improvement in testcases.
    - Added support for rc=8, reasoncode=2028 in icsf token.
    - Fix for session handle not set in session issue.
    - Multiple fixes for lock and log directories.
    - Downgraded a syslog error to warning.
    - Multiple fixes based on coverity scan results.
    - Added pkcs11 mapping for icsf reason code 72 for return code 8.
  - opencryptoki 3.5.1
    - Fix Illegal Intruction on pkcscca tool.
  - Removed the following obsolete patches:
    - ocki-3.5-sanity-checking.patch
    - ocki-3.5-icsf-reasoncode72-support.patch
    - ocki-3.5-downgrade-syslogerror.patch
    - ocki-3.5-icsf-sessionhandle-missing-fix.patch
    - ocki-3.5-icsf-reasoncode-2028-added.patch
    - ocki-3.5-added-NULLreturn-check.patch
    - ocki-3.5-create-missing-tpm-token-lock-directory.patch
    - ocki-3.5-fix-pkcscca-calls.patch
- Removed reference to pkcs1_startup from pkcsslotd (bsc#1007081)
- Added ocki-3.5-fix-pkcscca-calls.patch (bsc#996867).
- Added %doc FAQ to the spec file (bsc#991168).
- Added ocki-3.5-create-missing-tpm-token-lock-directory.patch
  (bsc#989602).
- Added the following patches (bsc#986854)
  - ocki-3.5-icsf-reasoncode72-support.patch
  - ocki-3.5-icsf-coverity-memoryleakfix.patch
  - ocki-3.5-downgrade-syslogerror.patch
  - ocki-3.5-icsf-sessionhandle-missing-fix.patch
  - ocki-3.5-icsf-reasoncode-2028-added.patch
  - ocki-3.5-added-NULLreturn-check.patch
- Added ocki-3.5-sanity-checking.patch (bsc#983496).
- Added %dir entry for %{_localstatedir}/log/opencryptoki/
  (bsc#983990)
- Upgraded to openCryptoki 3.5 (bsc#978005).
  - Full Coverity scan fixes.
  - Fixes for compiler warnings.
  - Added support for C_GetObjectSize in icsf token.
  - Various bug fixes and memory leak fixes.
  - Removed global read permissions from token files
  - Added missing PKCS#11v2.2 constants.
  - Fix for symbol resolution issue seen in Fedora 22 and 23 for
    ep11 and cca tokens.
  - Improvements in socket read operation when a token comes up.
  - Replaced 32 bit CCA API declarations with latest header from
    version 5.0 libsculcca rpm.
- Upgraded to openCryptoki v3.4.1 (Fate#319576, 319585, 319592, 319938).
- Changed BuildRequires for libica_2_3_0-devel to libica2-devel.
- Changed BuildRequires for openssl-devel to specify >= 1.0
  Contrary to what the README says, version 0.9.7 isn't
  sufficient.
- Removed the redundant DESTDIR= parameter from the %make_install
- Removed the following obsolete patches
  opencryptoki-run-lock.patch (/var/lock and run/lock are actually the
    same place) Also reverted the changed to openCryptoki-tmp.conf to match.
  ocki-3.1_10_0001-ica-sha-update-empty-msg.patch
  ocki-3.1-fix-implicit-decl.patch
  ocki-3.1-fix-init_d-path.patch
  ocki-3.1-fix-libica-link.patch
  ocki-3.2_01_fix-return-type-error.patch
  ocki-3.2_02_ep11-token-incorrectly-copied-the-public-key-object-.patch
  ocki-3.2_03_ICSF-Token-C_SignUpdate-was-sometimes-segfaulting-an.patch
  ocki-3.2_04_CKA_EC_POINT-is-not-required-in-the-ECDSA-private-ke.patch
  ocki-3.2_05_icsf_ldap_handles.patch
  ocki-3.2_06_icsf_sign_verify.patch
- renamed: ocki-3.1-remove-make-install-chgrp-chmod.patch to
  ocki-3.1-remove-make-install-chgrp.patch
- Get a new ldap handle for each session opened in the icsf token,
    once the user has authenticated. (bsc#953347,LTC#130078)
  - ocki-3.2_05_icsf_ldap_handles.patch
  - ocki-3.2_06_icsf_sign_verify.patch
- Added /var/lib/opencryptoki/lite/TOK_OBJ token directory (bsc#943070)
- Added ocki-3.2_02_ep11-token-incorrectly-copied-the-public-key-object-.patch
  - Fixed two public key object inclusion in EP11 token (bsc#946808)
- Added ocki-3.2_03_ICSF-Token-C_SignUpdate-was-sometimes-segfaulting-an.patch
  - Fixed GPF when calling C_SignUpdate using ICFS toekn (bsc#946172)
- Added ocki-3.2_04_CKA_EC_POINT-is-not-required-in-the-ECDSA-private-ke.patch
  - Fixed failure to import ECDSA because of lack of attribute (bsc#948114)
- Fixed BuildRequires: libica2-devel
- Added ocki-3.2_01_fix-return-type-error.patch
- Changing doc/README.ep11_stdll to unix-style EOL
  - Added BuildRequires: dos2unix
- Removed globbing in %files and specified libraries to include (bsc#942162)
- Updated to openCryptoki v3.2 (FATE#318240)
- Removed unnecessary patches:
  - ocki-3.1_01_ep11_makefile.patch
  - ocki-3.1_02_ep11_m_init.patch
  - ocki-3.1_03_ock_obj_mgr.patch
  - ocki-3.1_04_ep11_opaque2blob_error_handl.patch
  - ocki-3.1_05_ep11_readme_update.patch
  - ocki-3.1_06_0001-print_mechanism-ignored-bad-returncodes-from-the-cal.patch
  - ocki-3.1_06_0002-Fix-failure-when-confname-is-not-given-use-default-e.patch
  - ocki-3.1_06_0003-Configure-was-checking-for-the-ep11-lib-and-the-m_in.patch
  - ocki-3.1_06_0004-The-asm-zcrypt.h-header-file-uses-some-std-int-types.patch
  - ocki-3.1_06_0005-Small-reworks.patch
  - ocki-3.1_06_0006-The-31-bit-build-on-s390-showed-an-build-error-at-in.patch
  - ocki-3.1_06_0007-ep11-is-not-building-because-not-setting-with_zcrypt.patch
  - ocki-3.1_07_0001-Man-page-corrections.patch
  - ocki-3.1_08_0001-Add-a-pkcscca-tool-to-help-migrate-cca-private-token.patch
  - ocki-3.1_08_0002-Add-documentation-pkcscca-manpage-and-README.cca_std.patch
  - ocki-3.1_09_0001-Fix-EOL-encoding-in-README.patch
- Also create parent directory /run/lock/opencryptoki in 
  tmpfiles snippet if it does not exists.
- spec: do not use -D__USE_BSD, a glibc-internal macro
  which no longer has any meaning.
- spec: use %{_unitdir}  %{_tmpfilesdir)
- spec: call tmpfiles_create macro, if defined in %post
- opencryptoki-run-lock.patch, openCryptoki-tmp.conf: use
  /run/lock instead of /var/lock.
- Update to version 3.2
  +New pkcscca tool. Currently it assists in migrating cca private token
   objects from opencryptoki version 2 to the clear key encryption method 
   used in opencryptoki version 3. Includes a manpage for pkcscca tool.
   Changes to README.cca_stdll to assist in using the CCA token and
   migrating the private token objects.
  + Support for CKM_RSA_PKCS_OAEP and CKM_RSA_PKCS_PSS algorithms.
  + Various bugfixes.
  + New testcases for various crypto algorithms.
- Only depend on insserv if builded with sysvinit support
- Remove obsolete patches; merged on upstream release
  + ocki-3.1_01_ep11_makefile.patch
  + ocki-3.1_02_ep11_m_init.patch
  + ocki-3.1_03_ock_obj_mgr.patch
  + ocki-3.1_04_ep11_opaque2blob_error_handl.patch
  + ocki-3.1_05_ep11_readme_update.patch
  + ocki-3.1_06_0001-print_mechanism-ignored-bad-returncodes-from-the-cal.patch
  + ocki-3.1_06_0002-Fix-failure-when-confname-is-not-given-use-default-e.patch
  + ocki-3.1_06_0003-Configure-was-checking-for-the-ep11-lib-and-the-m_in.patch
  + ocki-3.1_06_0004-The-asm-zcrypt.h-header-file-uses-some-std-int-types.patch
  + ocki-3.1_06_0005-Small-reworks.patch
  + ocki-3.1_06_0006-The-31-bit-build-on-s390-showed-an-build-error-at-in.patch
  + ocki-3.1_06_0007-ep11-is-not-building-because-not-setting-with_zcrypt.patch
  + ocki-3.1_07_0001-Man-page-corrections.patch
  + ocki-3.1_08_0001-Add-a-pkcscca-tool-to-help-migrate-cca-private-token.patch
  + ocki-3.1_08_0002-Add-documentation-pkcscca-manpage-and-README.cca_std.patch
  + ocki-3.1_09_0001-Fix-EOL-encoding-in-README.patch
  + ocki-3.1_10_0001-ica-sha-update-empty-msg.patch
- Project is now hosted on sourceforge; fix the Url
- Remove cvs related stuff; tarball is produced by upstream
- Use %configure macro instead of manually defined options
- Build with parallel support; use %{?_smp_mflags} macro
- Fixed ica token's SHA update function when passing zero message
  size (bnc#892644)
- Added patch ocki-3.1_10_0001-ica-sha-update-empty-msg.patch
- Fixed README.ep11_stdll to have Unix-style EOL characters.
- Added patch ocki-3.1_09_0001-Fix-EOL-encoding-in-README.patch
- Added all files from %src/doc as rpm %doc (bnc#894780)
- Added pkcscca utility and documentation to convert private
  token objects from v2 to v3. (bnc#893757)
- Added patches:
  - ocki-3.1_08_0001-Add-a-pkcscca-tool-to-help-migrate-cca-private-token.patch
  - ocki-3.1_08_0002-Add-documentation-pkcscca-manpage-and-README.cca_std.patch
- Fixed pkcsslotd and opencryptoki.conf man pages (bnc#889183)
- Added patch ocki-3.1_07_0001-Man-page-corrections.patch
- Specfile Cleanup, Added directory macros in appropriate places 
- Several package changes as per bnc#880217
  - Added openCryptoki-tmp.conf for lock directory management
  - Added 'lite' token support
  - Changed from init.d daemon to systemd service
    - Updated macros in %pre %post %preun and %postun sections
  - Added missing icsf and ep11tok directories to %files section
    ocki-3.1_01_ep11_makefile.patch
    ocki-3.1_02_ep11_m_init.patch
- Patches added:
  ocki-3.1-fix-libica-link.patch
  ocki-3.1_03_ock_obj_mgr.patch
  ocki-3.1_04_ep11_opaque2blob_error_handl.patch
  ocki-3.1_05_ep11_readme_update.patch
  ocki-3.1_06_0001-print_mechanism-ignored-bad-returncodes-from-the-cal.patch
  ocki-3.1_06_0002-Fix-failure-when-confname-is-not-given-use-default-e.patch
  ocki-3.1_06_0003-Configure-was-checking-for-the-ep11-lib-and-the-m_in.patch
  ocki-3.1_06_0004-The-asm-zcrypt.h-header-file-uses-some-std-int-types.patch
  ocki-3.1_06_0005-Small-reworks.patch
  ocki-3.1_06_0006-The-31-bit-build-on-s390-showed-an-build-error-at-in.patch
  ocki-3.1_06_0007-ep11-is-not-building-because-not-setting-with_zcrypt.patch
- Moved libpkcs11_icsf 32-bit out of s390-specific files
- Made ep11tok.conf and pkcsep11_migrate specific to s390/s390x
- Added libpkcs11_ep11.so and libpkcs11_icsf.so to 32-bit s390/s390x
- EP11 token available in the opencryptoki V3.1 package  (bnc#879303)
  - Specfile changed to include ep11tok.conf
  - Specfile changed to include pkcsep11_migrate and pkcsicsf tools
  - Specfile changed to BuildRequires openldap2-devel
  - ocki-3.1_06_0001-print_mechanism-ignored-bad-returncodes-from-the-cal.patch
    - print_mechanism() ignored bad returncodes from the called
      function token_specific_get_mechanism_list()
  - ocki-3.1_06_0002-Fix-failure-when-confname-is-not-given-use-default-e.patch
    - Fix failure when confname is not given, use default
      ep11tok.conf instead
  - ocki-3.1_06_0003-Configure-was-checking-for-the-ep11-lib-and-the-m_in.patch
    - Removed check for ep11 lib at configure
  - ocki-3.1_06_0004-The-asm-zcrypt.h-header-file-uses-some-std-int-types.patch
    - Move stdint.h before zcrypt.h to resolve dependencies
  - ocki-3.1_06_0005-Small-reworks.patch
    - testcase fixes and file permission changes
  - ocki-3.1_06_0006-The-31-bit-build-on-s390-showed-an-build-error-at-in.patch
    - Fix for s390 31-bit build error
  - ocki-3.1_06_0007-ep11-is-not-building-because-not-setting-with_zcrypt.patch
    - zcrypt library included in build by default
- Patches applied (bnc#865549)
  - Fixed Makefile to complement common code dependencies
  - switched to official m_init() function based on library change
  - checking the global token object count
  - catch the return code from object_mgr_find_in_map1
  - some README updates about usage and restrictions
- fix build on x86 (add CCA and TPM to filelist) 
- fix libica detection on s390/s390x to get ICA module built
- Updated to openCryptoki v3.1: See ChangeLog for complete details
  (FATE#315426)
  - opencryptoki-3.1
    - New ep11 token to support IBM Crypto Express adpaters
      (starting with Crypto Express 4S adapters) configured with
      Enterprise PKCS#11(EP11) firmware. (FATE#315330)
  - opencryptoki-3.0
    - New opencryptoki.conf file to replace pk_config_data and
      pkcs11_starup.  The opencryptoki.conf contains slot entry
      information for tokens.
    - Removed pkcs_slot and pkcs11_startup shell scripts.
    - ICA token supports CKM_DES_OFB64, CKM_DES_CFB8, CKM_DES_CFB6
      mechanisms using 3DES keys. (FATE#315323)
    - ICA token supports CKM_DES3_MAC and CKM_DES3_MAC_GENERAL
      mechanisms. (FATE#315323)
    - ICA token supports CKM_AES_OFB, CKM_AES_CFB8, CKM_AES_CFB64,
      CKM_AES_CFB128, CKM_AES_MAC, and CKM_AES_MAC_GENERAL
      mechanisms. (FATE#315323)
  - opencryptoki-2.4.1 (21 Feb 2012)
    - SHA256 support added for CCA token (FATE#315289)
- Using insserv macros in %post, %preun and %postun sections
- Cleaned up spec file
- removed patches:
  - ocki-2.2.6-PIN-backspace.patch
- added patches:
  - ocki-3.1-fix-implicit-decl.patch
  - ocki-3.1-remove-make-install-chgrp-chmod.patch
  - ocki-3.1-fix-init_d-path.patch
- add aarch64 to 64bit archs 
- enable ppc64le 
- remove -o from groupadd
- fixed sed script to not a grouplist with leading ,
- don't package man pages twice
- add libtool as buildrequire to avoid implicit dependency
- enable TPM support (bnc#641919)
- pkcsslotd: Updated to use new pidfile location (bnc#475800)
- Added fix to allow backspacing during PIN entry (bnc#448089)
- run ldconfig in postinstall [bnc#417925]
- Enable build on x86_64 [bnc#417925]
- Overhaul of the specfile.  All platforms build the base package
  and each architecture builds the appropriate 32 or 64 bit package
- Updated to openCryptoki v2.2.6
- fix init script 
- added pwdutils to buildreq 
- fix missing return values from non-void funcs 
- pkcsslotd: create PID file in the right place, delete it on
  exit (bug #164664)
- added 64-bit patches from IBM (bug #145666)
- added small change missing from patch for bug #156651 
- fixed location of pkcs11_startup in init script (bug #162372)
- fixed proc_t structure mixup (bug #156651) 
- initialize head pointer (bug #156229)
- %ghost symlinks that are generated in %post (bug #154961)
- stuffed memleak (patch by IBM, bug #147036)
- changed RPM layout to meet IBM's demands (based on patch by IBM,
  bug #145666)
- removed mmap, per-user data store support (patch by IBM, bug
  #145666)
- converted neededforbuild to BuildRequires
- Update to 2.2.2-rc2
- Update to 2.2.1-rc2
- Fixed build errors
- Cleaned up spec file.
- copy TFAQ to build directory (fix build) 
- Update to 2.1.6-rc5.
- Port fixes from SLES9 SP3.
- enabled for ARM
- fix #50050:
  - ./configure.in: wrong test against $host makes ppc(64) miss
    -DPKCS64 in CFLAGS
  - corrected: S390 flag was set for ppc in this conditional
- run full autoreconf / simplify specfile a little
- Print correct error message (#37427 again).
- Check for the correct module on startup (#37427)
- update to openCryptoki-2.1.5, ppc64 version (#39026)
- adapt filelist on ppc
- Fix owner/group of files/directories
- no need to specify "root" as supplementary group for root,
  it's already primary
- Update to openCryptoki-2.1.3
- Fixed configure errors.
- added directories to filelist 
- remove CVS subdirs
- remove unpackaged files from buildroot 
- removed duplicates from configure.in 
- exclude ppc64 from the architectures, the package is built for.
  64bit mode is not supported by IBM yet; dlopen wrappers are also
  missing 64bit filename handling. (#20380)
- actually compress the openCryptoki-1.4*.tar.bz2
- make it even build ... 
- make openCryptoki-XXbit PreReq: openCryptoki to enforce pkcs11 group
  creation before package installation (#20079)
- correct version number (the patch actiually lifts openCryptoki to 1.5)
- fix groupadd call to no longer silently ignore errors in all cases
  using (hopefully) posix exit codes.  alternative would be to use
  undocumented '-f' option of groupadd.
- add user root to group pkcs11 to enable root to administrate the
  crypto hardware support (#19566)
- misc security fixes (#18377)
- replaced openCryptoki-tools with openCryptoki-32bit and
  openCryptoki-64bit
- moved dlopen objects that are available for non-x86 out of the
  ifarch ix86
- moved postun to tools subpackge (which contains the daemon)
- removed include files.  no development support for now.
- replaced %%ix86, etc by appropriate generic %%openCryptoki_tools_arch
  and %%openCryptoki_no_tools_arch
- replaced all i386 occurrences with %ix86 
- changed filelist to what's really built
- split package to openCryptoki and openCryptoki-tools to allow
  parallel installation of 32bit tools with 64bit dlopen objects for
  foreign middleware.
- removed automatical insserv on install, because the package needs
  manual configuration (#18031)
- added missing %post before insserv (Bug #17600)
- Fix path in PreReq.
- add groupadd pkcs11 in %pre install
- updated to current version
- removed old START_ variable
- always use macros when calling insserv
 
- add lib64 support
- Added openssl to #neededforbuild, which is needed in addition to
  openssl-devel
- initial version

OBS-URL: https://build.opensuse.org/request/show/844927
OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=109
2020-10-29 21:42:20 +00:00
Dominique Leuenberger
726ec042cb Accepting request 843292 from security
- Upgraded to version 3.15.0 (jsc#SLE-13749, jsc#SLE-13666,
  jsc#SLE-13813, jsc#SLE-13812, jsc#SLE-13723, jsc#SLE-13714,
  jsc#SLE-13715, jsc#SLE-13710, jsc#SLE-13774, jsc#SLE-13786)
  * openCryptoki 3.15.0
    - common: conform to PKCS 11 3.0 Baseline Provider profile
    - Introduce new vendor defined interface named "Vendor IBM"
    - Support C_IBM_ReencryptSingle via "Vendor IBM" interface
    - CCA: support key wrapping
    - SOFT: support ECC
    - p11sak tool: add remove-key command
    - Bug fixes
  * openCryptoki 3.14.0
    - EP11: Dilitium support stage 2
    - Common: Rework on process and thread locking
    - Common: Rework on btree and object locking
    - ICSF: minor fixes
    - TPM, ICA, ICSF: support multiple token instances
    - new tool p11sak
  * openCryptoki 3.13.0
    - EP11: Dilithium support
    - EP11: EdDSA support
    - EP11: support RSA-OAEP with non-SHA1 hash and MGF
- Removed obsolete oki-3.12-EP11-Fix-EC-uncompress-buffer-length.patch

OBS-URL: https://build.opensuse.org/request/show/843292
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openCryptoki?expand=0&rev=56
2020-10-27 17:58:57 +00:00
Mark Post
18f1af0cf7 Accepting request 843291 from home:markkp:branches:security
- Upgraded to version 3.15.0 (jsc#SLE-13749, jsc#SLE-13666,
  jsc#SLE-13813, jsc#SLE-13812, jsc#SLE-13723, jsc#SLE-13714,
  jsc#SLE-13715, jsc#SLE-13710, jsc#SLE-13774, jsc#SLE-13786)
  * openCryptoki 3.15.0
    - common: conform to PKCS 11 3.0 Baseline Provider profile
    - Introduce new vendor defined interface named "Vendor IBM"
    - Support C_IBM_ReencryptSingle via "Vendor IBM" interface
    - CCA: support key wrapping
    - SOFT: support ECC
    - p11sak tool: add remove-key command
    - Bug fixes
  * openCryptoki 3.14.0
    - EP11: Dilitium support stage 2
    - Common: Rework on process and thread locking
    - Common: Rework on btree and object locking
    - ICSF: minor fixes
    - TPM, ICA, ICSF: support multiple token instances
    - new tool p11sak
  * openCryptoki 3.13.0
    - EP11: Dilithium support
    - EP11: EdDSA support
    - EP11: support RSA-OAEP with non-SHA1 hash and MGF
- Removed obsolete oki-3.12-EP11-Fix-EC-uncompress-buffer-length.patch
- Added oki-3.12-EP11-Fix-EC-uncompress-buffer-length.patch (bsc#1159114)
  The EP11 token may fail to import an ECC public key. Function
   C_CreateObject returns CKR_BUFFER_TOO_SMALL in this case.
- Upgraded to version 3.12.1 (bsc#1157863)
  * Fix pkcsep11_migrate tool
- Upgraded to version 3.12.0 (jsc#SLE-7647, jsc#SLE-7915, jsc#SLE-7918)
  * Update token pin and data store encryption for soft,ica,cca and ep11
  * EP11: Allow importing of compressed EC public keys
  * EP11: Add support for the CMAC mechanisms
  * EP11: Add support for the IBM-SHA3 mechanisms
  * SOFT: Add AES-CMAC and 3DES-CMAC support to the soft token
  * ICA: Add AES-CMAC and 3DES-CMAC support to the ICA token
  * EP11: Add config option USE_PRANDOM
  * CCA: Use Random Number Generate Long for token_specific_rng()
  * Common rng function: Prefer /dev/prandom over /dev/urandom
  * ICA: add SHA*_RSA_PKCS_PSS mechanisms
  * Bug fixes
- Removed obsolete ocki-3.11.1-EP11-Support-tolerated-new-crypto-cards.patch
- Added ocki-3.11.1-EP11-Support-tolerated-new-crypto-cards.patch
  (bsc#1152015)
  Add support for new IBM crypto card.
- Upgraded to version 3.11.1 (Fate#327837)
  Bug fixes.
- Dropped obsolete ocki-3.11-Fix-target_list-passing-for-EP11-session.patch
- Added ocki-3.11-Fix-target_list-passing-for-EP11-session.patch
  (bsc#1123988)
- Do not ignore errors from groupadd. If groupadd fails,
  installation ought not to proceed because files would have the
  wrong ownership.
- Don't hide error messages from the groupadd command. To eliminate
  a potentially common one, check to see if the pkcs11 group is
  already defined before trying to add it.
- Update the summary for the -devel package.
- Changed several PreReq entries to Requires(pre) as a result of
  the output from spec-cleaner. Removed a couple of obsolete lines.
- Removed obsolete check for whether systemd is in use or not.
- Upgraded to version 3.11.0 (Fate#325685)
  * opencryptoki 3.11.0
    EP11 enhancements
    A lot of bug fixes
- Reworked the ocki-3.1-remove-make-install-chgrp.patch to apply
  properly to 3.11, and renamed it to
  ocki-3.11-remove-make-install-chgrp.patch
- Removed obsolete patch ocki-3.5-icsf-coverity-memoryleakfix.patch
- Upgraded to version 3.10.0 (Fate#325685)
  * opencryptoki 3.10.0
    Add support to ECC on ICA token and to common code.
    Add SHA224 support to SOFT token.
    Improve pkcsslotd logging.
    Fix sha512_hmac_sign and rsa_x509_verify for ICA token.
    Fix tracing of session id.
    Fix and improve testcases.
    Fix spec file permission for log directory.
    Fix build warnings.
  * opencryptoki 3.9.0
    Fix token reinitialization
    Fix conditional man pages
    EP11 enhancements
    EP11 EC Key import
    Increase RSA max key length
    Fix broken links on documentation
    Define CK_FALSE and CK_TRUE macros
    Improve build flags
- Dropped obsolete patch ocki-3.8.2-Fix-Hardware-Feature-Object-validation-and-tests.patch
- Made multiple changes to the spec file based on spec-cleaner output.
- Added an rpmlintrc file to squelch warnings about adding ghost
  entries for files under /var/lock/opencryptoki/
- Added ocki-3.8.2-Fix-Hardware-Feature-Object-validation-and-tests.patch
  (bsc#1086678)
- Re-enabled ARM architectures now that gcc6 is in SLE15. (bsc#1084617)
- Upgraded to version 3.8.2 (fate#323295, bsc#1066412)
  * v3.8.2
    Update man pages.
    Improve ock_tests for parallel execution.
    Fix FindObjectsInit for hidden HW-feature.
    Fix to allow vendor defined hardware features.
    Fix unresolved symbols.
    Fix tracing.
    Code/project cleanup.
  * v3.8.1
    Fix TPM data-structure reset function.
    Fix error message when dlsym fails.
    Update configure.ac
    Update travis.
  * v3.8.0
    Multi token instance feature.
    Added possibility to run opencryptoki with transactional memory or locks
      (--enable-locks on configure step).
    Updated documentation.
    Fix segfault on ec_test.
    Bunch of small fixes.
- Removed ARM architectures from the build list until gcc6 becomes
  available for SLES. (bsc#1039510).
- Updated to version 3.7.0 (Fate#321451) (bsc#1036640)
  - Update example spec file
  - Performance improvement. Moving from mutexes to transactional memory.
  - Add ECDSA SHA2 support for EP11 and CCA.
  - Fix declaration of inline functions.
  - Fix wrong testcase and ber en/decoding for integers.
  - Check for 'flex' and 'YACC' on configure.
  - EP11 config file rework.
  - Add enable-debug on travis build.
  - Add testcase for C_GetOperationState/C_SetOperationState.
  - Upgrade License to CPL-1.0
  - Ica token: fix openssh/ibmpkcs11 engine/libica crash.
  - Fix segfault and logic in hardware feature test.
  - Fix spelling of documentation and manuals.
  - Fix the retrieval of p from a generated rsa key.
  - Coverity scan fixes - incompatible pointer type and unused variables.
- Added libica-tools to the BuildRequires due to repackaging of libica.
- Modified the spec file
  - Changed libca3-devel BuildRequires to just libica-devel
  - Check for systemd in the 32bit postun scriptlet.
- Upgraded to version 3.6.2 (fate#321451)
  - Support OpenSSL-1.1.
  - Add Travis CI support.
  - Update autotools scripts and documentation.
  - Fix SegFault when a invalid session handle is passed in
    SC_EncryptUpdate and SC_DecryptUpdate.
- Updated spec file to use libica3-devel instead of libica2-devel.
- Upgraded to version 3.6.1 (fate#321451)
  - opencryptoki 3.6.1
    - Fix SOFT token implementation of digest functions.
    - Replace deprecated OpenSSL interfaces.
  - opencryptoki 3.6
    - Replace deprecated libica interfaces.
    - Performance improvement for ICA.
    - Improvement in documentation on system resources.
    - Improvement in testcases.
    - Added support for rc=8, reasoncode=2028 in icsf token.
    - Fix for session handle not set in session issue.
    - Multiple fixes for lock and log directories.
    - Downgraded a syslog error to warning.
    - Multiple fixes based on coverity scan results.
    - Added pkcs11 mapping for icsf reason code 72 for return code 8.
  - opencryptoki 3.5.1
    - Fix Illegal Intruction on pkcscca tool.
  - Removed the following obsolete patches:
    - ocki-3.5-sanity-checking.patch
    - ocki-3.5-icsf-reasoncode72-support.patch
    - ocki-3.5-downgrade-syslogerror.patch
    - ocki-3.5-icsf-sessionhandle-missing-fix.patch
    - ocki-3.5-icsf-reasoncode-2028-added.patch
    - ocki-3.5-added-NULLreturn-check.patch
    - ocki-3.5-create-missing-tpm-token-lock-directory.patch
    - ocki-3.5-fix-pkcscca-calls.patch
- Removed reference to pkcs1_startup from pkcsslotd (bsc#1007081)
- Added ocki-3.5-fix-pkcscca-calls.patch (bsc#996867).
- Added %doc FAQ to the spec file (bsc#991168).
- Added ocki-3.5-create-missing-tpm-token-lock-directory.patch
  (bsc#989602).
- Added the following patches (bsc#986854)
  - ocki-3.5-icsf-reasoncode72-support.patch
  - ocki-3.5-icsf-coverity-memoryleakfix.patch
  - ocki-3.5-downgrade-syslogerror.patch
  - ocki-3.5-icsf-sessionhandle-missing-fix.patch
  - ocki-3.5-icsf-reasoncode-2028-added.patch
  - ocki-3.5-added-NULLreturn-check.patch
- Added ocki-3.5-sanity-checking.patch (bsc#983496).
- Added %dir entry for %{_localstatedir}/log/opencryptoki/
  (bsc#983990)
- Upgraded to openCryptoki 3.5 (bsc#978005).
  - Full Coverity scan fixes.
  - Fixes for compiler warnings.
  - Added support for C_GetObjectSize in icsf token.
  - Various bug fixes and memory leak fixes.
  - Removed global read permissions from token files
  - Added missing PKCS#11v2.2 constants.
  - Fix for symbol resolution issue seen in Fedora 22 and 23 for
    ep11 and cca tokens.
  - Improvements in socket read operation when a token comes up.
  - Replaced 32 bit CCA API declarations with latest header from
    version 5.0 libsculcca rpm.
- Upgraded to openCryptoki v3.4.1 (Fate#319576, 319585, 319592, 319938).
- Changed BuildRequires for libica_2_3_0-devel to libica2-devel.
- Changed BuildRequires for openssl-devel to specify >= 1.0
  Contrary to what the README says, version 0.9.7 isn't
  sufficient.
- Removed the redundant DESTDIR= parameter from the %make_install
- Removed the following obsolete patches
  opencryptoki-run-lock.patch (/var/lock and run/lock are actually the
    same place) Also reverted the changed to openCryptoki-tmp.conf to match.
  ocki-3.1_10_0001-ica-sha-update-empty-msg.patch
  ocki-3.1-fix-implicit-decl.patch
  ocki-3.1-fix-init_d-path.patch
  ocki-3.1-fix-libica-link.patch
  ocki-3.2_01_fix-return-type-error.patch
  ocki-3.2_02_ep11-token-incorrectly-copied-the-public-key-object-.patch
  ocki-3.2_03_ICSF-Token-C_SignUpdate-was-sometimes-segfaulting-an.patch
  ocki-3.2_04_CKA_EC_POINT-is-not-required-in-the-ECDSA-private-ke.patch
  ocki-3.2_05_icsf_ldap_handles.patch
  ocki-3.2_06_icsf_sign_verify.patch
- renamed: ocki-3.1-remove-make-install-chgrp-chmod.patch to
  ocki-3.1-remove-make-install-chgrp.patch
- Get a new ldap handle for each session opened in the icsf token,
    once the user has authenticated. (bsc#953347,LTC#130078)
  - ocki-3.2_05_icsf_ldap_handles.patch
  - ocki-3.2_06_icsf_sign_verify.patch
- Added /var/lib/opencryptoki/lite/TOK_OBJ token directory (bsc#943070)
- Added ocki-3.2_02_ep11-token-incorrectly-copied-the-public-key-object-.patch
  - Fixed two public key object inclusion in EP11 token (bsc#946808)
- Added ocki-3.2_03_ICSF-Token-C_SignUpdate-was-sometimes-segfaulting-an.patch
  - Fixed GPF when calling C_SignUpdate using ICFS toekn (bsc#946172)
- Added ocki-3.2_04_CKA_EC_POINT-is-not-required-in-the-ECDSA-private-ke.patch
  - Fixed failure to import ECDSA because of lack of attribute (bsc#948114)
- Fixed BuildRequires: libica2-devel
- Added ocki-3.2_01_fix-return-type-error.patch
- Changing doc/README.ep11_stdll to unix-style EOL
  - Added BuildRequires: dos2unix
- Removed globbing in %files and specified libraries to include (bsc#942162)
- Updated to openCryptoki v3.2 (FATE#318240)
- Removed unnecessary patches:
  - ocki-3.1_01_ep11_makefile.patch
  - ocki-3.1_02_ep11_m_init.patch
  - ocki-3.1_03_ock_obj_mgr.patch
  - ocki-3.1_04_ep11_opaque2blob_error_handl.patch
  - ocki-3.1_05_ep11_readme_update.patch
  - ocki-3.1_06_0001-print_mechanism-ignored-bad-returncodes-from-the-cal.patch
  - ocki-3.1_06_0002-Fix-failure-when-confname-is-not-given-use-default-e.patch
  - ocki-3.1_06_0003-Configure-was-checking-for-the-ep11-lib-and-the-m_in.patch
  - ocki-3.1_06_0004-The-asm-zcrypt.h-header-file-uses-some-std-int-types.patch
  - ocki-3.1_06_0005-Small-reworks.patch
  - ocki-3.1_06_0006-The-31-bit-build-on-s390-showed-an-build-error-at-in.patch
  - ocki-3.1_06_0007-ep11-is-not-building-because-not-setting-with_zcrypt.patch
  - ocki-3.1_07_0001-Man-page-corrections.patch
  - ocki-3.1_08_0001-Add-a-pkcscca-tool-to-help-migrate-cca-private-token.patch
  - ocki-3.1_08_0002-Add-documentation-pkcscca-manpage-and-README.cca_std.patch
  - ocki-3.1_09_0001-Fix-EOL-encoding-in-README.patch
- Also create parent directory /run/lock/opencryptoki in 
  tmpfiles snippet if it does not exists.
- spec: do not use -D__USE_BSD, a glibc-internal macro
  which no longer has any meaning.
- spec: use %{_unitdir}  %{_tmpfilesdir)
- spec: call tmpfiles_create macro, if defined in %post
- opencryptoki-run-lock.patch, openCryptoki-tmp.conf: use
  /run/lock instead of /var/lock.
- Update to version 3.2
  +New pkcscca tool. Currently it assists in migrating cca private token
   objects from opencryptoki version 2 to the clear key encryption method 
   used in opencryptoki version 3. Includes a manpage for pkcscca tool.
   Changes to README.cca_stdll to assist in using the CCA token and
   migrating the private token objects.
  + Support for CKM_RSA_PKCS_OAEP and CKM_RSA_PKCS_PSS algorithms.
  + Various bugfixes.
  + New testcases for various crypto algorithms.
- Only depend on insserv if builded with sysvinit support
- Remove obsolete patches; merged on upstream release
  + ocki-3.1_01_ep11_makefile.patch
  + ocki-3.1_02_ep11_m_init.patch
  + ocki-3.1_03_ock_obj_mgr.patch
  + ocki-3.1_04_ep11_opaque2blob_error_handl.patch
  + ocki-3.1_05_ep11_readme_update.patch
  + ocki-3.1_06_0001-print_mechanism-ignored-bad-returncodes-from-the-cal.patch
  + ocki-3.1_06_0002-Fix-failure-when-confname-is-not-given-use-default-e.patch
  + ocki-3.1_06_0003-Configure-was-checking-for-the-ep11-lib-and-the-m_in.patch
  + ocki-3.1_06_0004-The-asm-zcrypt.h-header-file-uses-some-std-int-types.patch
  + ocki-3.1_06_0005-Small-reworks.patch
  + ocki-3.1_06_0006-The-31-bit-build-on-s390-showed-an-build-error-at-in.patch
  + ocki-3.1_06_0007-ep11-is-not-building-because-not-setting-with_zcrypt.patch
  + ocki-3.1_07_0001-Man-page-corrections.patch
  + ocki-3.1_08_0001-Add-a-pkcscca-tool-to-help-migrate-cca-private-token.patch
  + ocki-3.1_08_0002-Add-documentation-pkcscca-manpage-and-README.cca_std.patch
  + ocki-3.1_09_0001-Fix-EOL-encoding-in-README.patch
  + ocki-3.1_10_0001-ica-sha-update-empty-msg.patch
- Project is now hosted on sourceforge; fix the Url
- Remove cvs related stuff; tarball is produced by upstream
- Use %configure macro instead of manually defined options
- Build with parallel support; use %{?_smp_mflags} macro
- Fixed ica token's SHA update function when passing zero message
  size (bnc#892644)
- Added patch ocki-3.1_10_0001-ica-sha-update-empty-msg.patch
- Fixed README.ep11_stdll to have Unix-style EOL characters.
- Added patch ocki-3.1_09_0001-Fix-EOL-encoding-in-README.patch
- Added all files from %src/doc as rpm %doc (bnc#894780)
- Added pkcscca utility and documentation to convert private
  token objects from v2 to v3. (bnc#893757)
- Added patches:
  - ocki-3.1_08_0001-Add-a-pkcscca-tool-to-help-migrate-cca-private-token.patch
  - ocki-3.1_08_0002-Add-documentation-pkcscca-manpage-and-README.cca_std.patch
- Fixed pkcsslotd and opencryptoki.conf man pages (bnc#889183)
- Added patch ocki-3.1_07_0001-Man-page-corrections.patch
- Specfile Cleanup, Added directory macros in appropriate places 
- Several package changes as per bnc#880217
  - Added openCryptoki-tmp.conf for lock directory management
  - Added 'lite' token support
  - Changed from init.d daemon to systemd service
    - Updated macros in %pre %post %preun and %postun sections
  - Added missing icsf and ep11tok directories to %files section
    ocki-3.1_01_ep11_makefile.patch
    ocki-3.1_02_ep11_m_init.patch
- Patches added:
  ocki-3.1-fix-libica-link.patch
  ocki-3.1_03_ock_obj_mgr.patch
  ocki-3.1_04_ep11_opaque2blob_error_handl.patch
  ocki-3.1_05_ep11_readme_update.patch
  ocki-3.1_06_0001-print_mechanism-ignored-bad-returncodes-from-the-cal.patch
  ocki-3.1_06_0002-Fix-failure-when-confname-is-not-given-use-default-e.patch
  ocki-3.1_06_0003-Configure-was-checking-for-the-ep11-lib-and-the-m_in.patch
  ocki-3.1_06_0004-The-asm-zcrypt.h-header-file-uses-some-std-int-types.patch
  ocki-3.1_06_0005-Small-reworks.patch
  ocki-3.1_06_0006-The-31-bit-build-on-s390-showed-an-build-error-at-in.patch
  ocki-3.1_06_0007-ep11-is-not-building-because-not-setting-with_zcrypt.patch
- Moved libpkcs11_icsf 32-bit out of s390-specific files
- Made ep11tok.conf and pkcsep11_migrate specific to s390/s390x
- Added libpkcs11_ep11.so and libpkcs11_icsf.so to 32-bit s390/s390x
- EP11 token available in the opencryptoki V3.1 package  (bnc#879303)
  - Specfile changed to include ep11tok.conf
  - Specfile changed to include pkcsep11_migrate and pkcsicsf tools
  - Specfile changed to BuildRequires openldap2-devel
  - ocki-3.1_06_0001-print_mechanism-ignored-bad-returncodes-from-the-cal.patch
    - print_mechanism() ignored bad returncodes from the called
      function token_specific_get_mechanism_list()
  - ocki-3.1_06_0002-Fix-failure-when-confname-is-not-given-use-default-e.patch
    - Fix failure when confname is not given, use default
      ep11tok.conf instead
  - ocki-3.1_06_0003-Configure-was-checking-for-the-ep11-lib-and-the-m_in.patch
    - Removed check for ep11 lib at configure
  - ocki-3.1_06_0004-The-asm-zcrypt.h-header-file-uses-some-std-int-types.patch
    - Move stdint.h before zcrypt.h to resolve dependencies
  - ocki-3.1_06_0005-Small-reworks.patch
    - testcase fixes and file permission changes
  - ocki-3.1_06_0006-The-31-bit-build-on-s390-showed-an-build-error-at-in.patch
    - Fix for s390 31-bit build error
  - ocki-3.1_06_0007-ep11-is-not-building-because-not-setting-with_zcrypt.patch
    - zcrypt library included in build by default
- Patches applied (bnc#865549)
  - Fixed Makefile to complement common code dependencies
  - switched to official m_init() function based on library change
  - checking the global token object count
  - catch the return code from object_mgr_find_in_map1
  - some README updates about usage and restrictions
- fix build on x86 (add CCA and TPM to filelist) 
- fix libica detection on s390/s390x to get ICA module built
- Updated to openCryptoki v3.1: See ChangeLog for complete details
  (FATE#315426)
  - opencryptoki-3.1
    - New ep11 token to support IBM Crypto Express adpaters
      (starting with Crypto Express 4S adapters) configured with
      Enterprise PKCS#11(EP11) firmware. (FATE#315330)
  - opencryptoki-3.0
    - New opencryptoki.conf file to replace pk_config_data and
      pkcs11_starup.  The opencryptoki.conf contains slot entry
      information for tokens.
    - Removed pkcs_slot and pkcs11_startup shell scripts.
    - ICA token supports CKM_DES_OFB64, CKM_DES_CFB8, CKM_DES_CFB6
      mechanisms using 3DES keys. (FATE#315323)
    - ICA token supports CKM_DES3_MAC and CKM_DES3_MAC_GENERAL
      mechanisms. (FATE#315323)
    - ICA token supports CKM_AES_OFB, CKM_AES_CFB8, CKM_AES_CFB64,
      CKM_AES_CFB128, CKM_AES_MAC, and CKM_AES_MAC_GENERAL
      mechanisms. (FATE#315323)
  - opencryptoki-2.4.1 (21 Feb 2012)
    - SHA256 support added for CCA token (FATE#315289)
- Using insserv macros in %post, %preun and %postun sections
- Cleaned up spec file
- removed patches:
  - ocki-2.2.6-PIN-backspace.patch
- added patches:
  - ocki-3.1-fix-implicit-decl.patch
  - ocki-3.1-remove-make-install-chgrp-chmod.patch
  - ocki-3.1-fix-init_d-path.patch
- add aarch64 to 64bit archs 
- enable ppc64le 
- remove -o from groupadd
- fixed sed script to not a grouplist with leading ,
- don't package man pages twice
- add libtool as buildrequire to avoid implicit dependency
- enable TPM support (bnc#641919)
- pkcsslotd: Updated to use new pidfile location (bnc#475800)
- Added fix to allow backspacing during PIN entry (bnc#448089)
- run ldconfig in postinstall [bnc#417925]
- Enable build on x86_64 [bnc#417925]
- Overhaul of the specfile.  All platforms build the base package
  and each architecture builds the appropriate 32 or 64 bit package
- Updated to openCryptoki v2.2.6
- fix init script 
- added pwdutils to buildreq 
- fix missing return values from non-void funcs 
- pkcsslotd: create PID file in the right place, delete it on
  exit (bug #164664)
- added 64-bit patches from IBM (bug #145666)
- added small change missing from patch for bug #156651 
- fixed location of pkcs11_startup in init script (bug #162372)
- fixed proc_t structure mixup (bug #156651) 
- initialize head pointer (bug #156229)
- %ghost symlinks that are generated in %post (bug #154961)
- stuffed memleak (patch by IBM, bug #147036)
- changed RPM layout to meet IBM's demands (based on patch by IBM,
  bug #145666)
- removed mmap, per-user data store support (patch by IBM, bug
  #145666)
- converted neededforbuild to BuildRequires
- Update to 2.2.2-rc2
- Update to 2.2.1-rc2
- Fixed build errors
- Cleaned up spec file.
- copy TFAQ to build directory (fix build) 
- Update to 2.1.6-rc5.
- Port fixes from SLES9 SP3.
- enabled for ARM
- fix #50050:
  - ./configure.in: wrong test against $host makes ppc(64) miss
    -DPKCS64 in CFLAGS
  - corrected: S390 flag was set for ppc in this conditional
- run full autoreconf / simplify specfile a little
- Print correct error message (#37427 again).
- Check for the correct module on startup (#37427)
- update to openCryptoki-2.1.5, ppc64 version (#39026)
- adapt filelist on ppc
- Fix owner/group of files/directories
- no need to specify "root" as supplementary group for root,
  it's already primary
- Update to openCryptoki-2.1.3
- Fixed configure errors.
- added directories to filelist 
- remove CVS subdirs
- remove unpackaged files from buildroot 
- removed duplicates from configure.in 
- exclude ppc64 from the architectures, the package is built for.
  64bit mode is not supported by IBM yet; dlopen wrappers are also
  missing 64bit filename handling. (#20380)
- actually compress the openCryptoki-1.4*.tar.bz2
- make it even build ... 
- make openCryptoki-XXbit PreReq: openCryptoki to enforce pkcs11 group
  creation before package installation (#20079)
- correct version number (the patch actiually lifts openCryptoki to 1.5)
- fix groupadd call to no longer silently ignore errors in all cases
  using (hopefully) posix exit codes.  alternative would be to use
  undocumented '-f' option of groupadd.
- add user root to group pkcs11 to enable root to administrate the
  crypto hardware support (#19566)
- misc security fixes (#18377)
- replaced openCryptoki-tools with openCryptoki-32bit and
  openCryptoki-64bit
- moved dlopen objects that are available for non-x86 out of the
  ifarch ix86
- moved postun to tools subpackge (which contains the daemon)
- removed include files.  no development support for now.
- replaced %%ix86, etc by appropriate generic %%openCryptoki_tools_arch
  and %%openCryptoki_no_tools_arch
- replaced all i386 occurrences with %ix86 
- changed filelist to what's really built
- split package to openCryptoki and openCryptoki-tools to allow
  parallel installation of 32bit tools with 64bit dlopen objects for
  foreign middleware.
- removed automatical insserv on install, because the package needs
  manual configuration (#18031)
- added missing %post before insserv (Bug #17600)
- Fix path in PreReq.
- add groupadd pkcs11 in %pre install
- updated to current version
- removed old START_ variable
- always use macros when calling insserv
 
- add lib64 support
- Added openssl to #neededforbuild, which is needed in addition to
  openssl-devel
- initial version

OBS-URL: https://build.opensuse.org/request/show/843291
OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=107
2020-10-21 23:18:53 +00:00
Mark Post
dbe3a3a7ff Accepting request 843288 from home:markkp:branches:security
- Upgraded to version 3.15.0 (jsc#SLE-13749, jsc#SLE-13666,
  jsc#SLE-13813, jsc#SLE-13812, jsc#SLE-13723, jsc#SLE-13714
  jsc#SLE-13715, jsc#SLE-13710, jsc#SLE-13774, jsc#SLE-13786)
  * openCryptoki 3.15.0
    - common: conform to PKCS 11 3.0 Baseline Provider profile
    - Introduce new vendor defined interface named "Vendor IBM"
    - Support C_IBM_ReencryptSingle via "Vendor IBM" interface
    - CCA: support key wrapping
    - SOFT: support ECC
    - p11sak tool: add remove-key command
    - Bug fixes
  * openCryptoki 3.14.0
    - EP11: Dilitium support stage 2
    - Common: Rework on process and thread locking
    - Common: Rework on btree and object locking
    - ICSF: minor fixes
    - TPM, ICA, ICSF: support multiple token instances
    - new tool p11sak
  * openCryptoki 3.13.0
    - EP11: Dilithium support
    - EP11: EdDSA support
    - EP11: support RSA-OAEP with non-SHA1 hash and MGF
- Removed obsolete oki-3.12-EP11-Fix-EC-uncompress-buffer-length.patch

OBS-URL: https://build.opensuse.org/request/show/843288
OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=106
2020-10-21 23:12:00 +00:00
Dominique Leuenberger
3535ace4c8 Accepting request 761262 from security
OBS-URL: https://build.opensuse.org/request/show/761262
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openCryptoki?expand=0&rev=55
2020-01-07 22:52:36 +00:00
Mark Post
22f37498e5 Accepting request 761261 from home:markkp:branches:security
- Added oki-3.12-EP11-Fix-EC-uncompress-buffer-length.patch (bsc#1159114)
  The EP11 token may fail to import an ECC public key. Function
   C_CreateObject returns CKR_BUFFER_TOO_SMALL in this case.

OBS-URL: https://build.opensuse.org/request/show/761261
OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=104
2020-01-06 19:39:12 +00:00
Dominique Leuenberger
5a672f85f2 Accepting request 753057 from security
- Upgraded to version 3.12.1 (bsc#1157863)
  * Fix pkcsep11_migrate tool

OBS-URL: https://build.opensuse.org/request/show/753057
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openCryptoki?expand=0&rev=54
2019-12-03 11:42:46 +00:00
Mark Post
1470911ed6 OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=102 2019-12-02 21:42:49 +00:00
Mark Post
c0154ab939 - Upgraded to version 3.12.0 (jsc#SLE-7647, jsc#SLE-7915, jsc#SLE-7918)
* Update token pin and data store encryption for soft,ica,cca and ep11
  * EP11: Allow importing of compressed EC public keys
  * EP11: Add support for the CMAC mechanisms
  * EP11: Add support for the IBM-SHA3 mechanisms
  * SOFT: Add AES-CMAC and 3DES-CMAC support to the soft token
  * ICA: Add AES-CMAC and 3DES-CMAC support to the ICA token
  * EP11: Add config option USE_PRANDOM
  * CCA: Use Random Number Generate Long for token_specific_rng()
  * Common rng function: Prefer /dev/prandom over /dev/urandom
  * ICA: add SHA*_RSA_PKCS_PSS mechanisms
  * Bug fixes
- Removed obsolete ocki-3.11.1-EP11-Support-tolerated-new-crypto-cards.patch

- Added ocki-3.11.1-EP11-Support-tolerated-new-crypto-cards.patch
  (bsc#1152015)
  Add support for new IBM crypto card.

OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=101
2019-12-02 21:40:41 +00:00
Dominique Leuenberger
cbd45d26e5 Accepting request 747496 from security
- Upgraded to version 3.12.0 (jsc#SLE-7647, jsc#SLE-7915, jsc#SLE-7918)
  * Update token pin and data store encryption for soft,ica,cca and ep11
  * EP11: Allow importing of compressed EC public keys
  * EP11: Add support for the CMAC mechanisms
  * EP11: Add support for the IBM-SHA3 mechanisms
  * SOFT: Add AES-CMAC and 3DES-CMAC support to the soft token
  * ICA: Add AES-CMAC and 3DES-CMAC support to the ICA token
  * EP11: Add config option USE_PRANDOM
  * CCA: Use Random Number Generate Long for token_specific_rng()
  * Common rng function: Prefer /dev/prandom over /dev/urandom
  * ICA: add SHA*_RSA_PKCS_PSS mechanisms
  * Bug fixes
- Removed obsolete ocki-3.11.1-EP11-Support-tolerated-new-crypto-cards.patch
- Added ocki-3.11.1-EP11-Support-tolerated-new-crypto-cards.patch
  (bsc#1152015)
  Add support for new IBM crypto card.

OBS-URL: https://build.opensuse.org/request/show/747496
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openCryptoki?expand=0&rev=53
2019-11-12 10:56:28 +00:00
Mark Post
e32a01b2c9 OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=99 2019-11-12 06:10:24 +00:00
Mark Post
c1dc5b2de9 OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=98 2019-11-12 06:09:22 +00:00
Mark Post
013583e4c0 OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=97 2019-11-12 06:08:06 +00:00
Mark Post
b8166a529f OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=96 2019-11-12 06:02:35 +00:00
Mark Post
fa64604504 OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=95 2019-11-12 06:02:02 +00:00
Mark Post
be04f8e20e - Upgraded to version 3.12.0 (jsc#SLE-7647, jsc#SLE-7915, jsc#SLE-7918)
* Update token pin and data store encryption for soft,ica,cca and ep11
  * EP11: Allow importing of compressed EC public keys
  * EP11: Add support for the CMAC mechanisms
  * EP11: Add support for the IBM-SHA3 mechanisms
  * SOFT: Add AES-CMAC and 3DES-CMAC support to the soft token
  * ICA: Add AES-CMAC and 3DES-CMAC support to the ICA token
  * EP11: Add config option USE_PRANDOM
  * CCA: Use Random Number Generate Long for token_specific_rng()
  * Common rng function: Prefer /dev/prandom over /dev/urandom
  * ICA: add SHA*_RSA_PKCS_PSS mechanisms
  * Bug fixes
- Removed obsolete ocki-3.11.1-EP11-Support-tolerated-new-crypto-cards.patch

- Added ocki-3.11.1-EP11-Support-tolerated-new-crypto-cards.patch
  (bsc#1152015)
  Add support for new IBM crypto card.

- Upgraded to version 3.11.1 (Fate#327837)
  Bug fixes.
- Dropped obsolete ocki-3.11-Fix-target_list-passing-for-EP11-session.patch

- Added ocki-3.11-Fix-target_list-passing-for-EP11-session.patch
  (bsc#1123988)

- Do not ignore errors from groupadd. If groupadd fails,
  installation ought not to proceed because files would have the
  wrong ownership.

- Don't hide error messages from the groupadd command. To eliminate

OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=94
2019-11-12 06:00:01 +00:00
Mark Post
f819296223 OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=93 2019-11-12 05:57:00 +00:00
Mark Post
125bf08e32 OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=92 2019-11-12 05:40:48 +00:00
Mark Post
d6fbf12ace Accepting request 747465 from home:markkp:branches:security
- Upgraded to version 3.12.0 (jsc#SLE-7647, jsc#SLE-7894, jsc#SLE-7915, jsc#SLE-7918)
  * Update token pin and data store encryption for soft,ica,cca and ep11
  * EP11: Allow importing of compressed EC public keys
  * EP11: Add support for the CMAC mechanisms
  * EP11: Add support for the IBM-SHA3 mechanisms
  * SOFT: Add AES-CMAC and 3DES-CMAC support to the soft token
  * ICA: Add AES-CMAC and 3DES-CMAC support to the ICA token
  * EP11: Add config option USE_PRANDOM
  * CCA: Use Random Number Generate Long for token_specific_rng()
  * Common rng function: Prefer /dev/prandom over /dev/urandom
  * ICA: add SHA*_RSA_PKCS_PSS mechanisms
  * Bug fixes
- Removed obsolete ocki-3.11.1-EP11-Support-tolerated-new-crypto-cards.patch
- Added ocki-3.11.1-EP11-Support-tolerated-new-crypto-cards.patch
  (bsc#1152015)
  Add support for new IBM crypto card.

OBS-URL: https://build.opensuse.org/request/show/747465
OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=91
2019-11-12 05:07:33 +00:00
Dominique Leuenberger
9a0779e2dd Accepting request 728363 from security
OBS-URL: https://build.opensuse.org/request/show/728363
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openCryptoki?expand=0&rev=52
2019-09-05 10:46:48 +00:00
Mark Post
b9b0c3bdde Accepting request 728362 from home:markkp:branches:security
Upgrade to 3.11.1

OBS-URL: https://build.opensuse.org/request/show/728362
OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=89
2019-09-04 22:38:50 +00:00
Dominique Leuenberger
83aa39444a Accepting request 676277 from security
OBS-URL: https://build.opensuse.org/request/show/676277
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openCryptoki?expand=0&rev=51
2019-02-15 09:04:16 +00:00
Mark Post
61fa2dac51 Accepting request 676276 from home:markkp:branches:security
- Added ocki-3.11-Fix-target_list-passing-for-EP11-session.patch
  (bsc#1123988)

OBS-URL: https://build.opensuse.org/request/show/676276
OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=87
2019-02-15 05:33:31 +00:00
Dominique Leuenberger
273033a82d Accepting request 655691 from security
OBS-URL: https://build.opensuse.org/request/show/655691
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openCryptoki?expand=0&rev=50
2018-12-07 13:35:57 +00:00
4008088d68 Accepting request 652754 from home:jengelh:branches:security
- Do not ignore errors from groupadd. If groupadd fails,
  installation ought not to proceed because files would have the
  wrong ownership.

OBS-URL: https://build.opensuse.org/request/show/652754
OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=85
2018-12-06 13:55:44 +00:00
Mark Post
521acbf5c9 OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=84 2018-11-30 18:20:32 +00:00
Dominique Leuenberger
3087c3c1ce Accepting request 652748 from security
OBS-URL: https://build.opensuse.org/request/show/652748
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openCryptoki?expand=0&rev=49
2018-11-30 15:32:50 +00:00
Mark Post
78bf8e7c8a Accepting request 652747 from home:markkp:branches:security
Misc changes

OBS-URL: https://build.opensuse.org/request/show/652747
OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=82
2018-11-29 23:15:22 +00:00
Mark Post
482abee6f9 OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=81 2018-11-29 22:50:26 +00:00
Mark Post
f072b8698a - Don't hide error messages from the groupadd command. To eliminate
a potentially common one, check to see if the pkcs11 group is
  already defined before trying to add it.
- Update the summary for the -devel package.
- Changed several PreReq entries to Requires(pre) as a result of
  the output from spec-cleaner. Removed a couple of obsolete lines.

OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=80
2018-11-29 22:49:07 +00:00
Dominique Leuenberger
bc9b0c7ad7 Accepting request 649627 from security
OBS-URL: https://build.opensuse.org/request/show/649627
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openCryptoki?expand=0&rev=48
2018-11-20 21:42:30 +00:00
Mark Post
e7f80fc66d Accepting request 649626 from home:markkp:branches:security
- Upgraded to version 3.11.0 (Fate#325685)
  * opencryptoki 3.11.0
    EP11 enhancements
    A lot of bug fixes
- Reworked the ocki-3.1-remove-make-install-chgrp.patch to apply
  properly to 3.11, and renamed it to
  ocki-3.11-remove-make-install-chgrp.patch
- Removed obsolete patch ocki-3.5-icsf-coverity-memoryleakfix.patch
- Upgraded to version 3.10.0 (Fate#325685)
  * opencryptoki 3.10.0
    Add support to ECC on ICA token and to common code.
    Add SHA224 support to SOFT token.
    Improve pkcsslotd logging.
    Fix sha512_hmac_sign and rsa_x509_verify for ICA token.
    Fix tracing of session id.
    Fix and improve testcases.
    Fix spec file permission for log directory.
    Fix build warnings.
* opencryptoki 3.9.0
    Fix token reinitialization
    Fix conditional man pages
    EP11 enhancements
    EP11 EC Key import
    Increase RSA max key length
    Fix broken links on documentation
    Define CK_FALSE and CK_TRUE macros
    Improve build flags
- Dropped obsolete patch ocki-3.8.2-Fix-Hardware-Feature-Object-validation-and-tests.patch
- Made multiple changes to the spec file based on spec-cleaner output.
- Added an rpmlintrc file to squelch warnings about adding ghost
  entries for files under /var/log/opencryptoki/

OBS-URL: https://build.opensuse.org/request/show/649626
OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=78
2018-11-16 16:33:50 +00:00
Dominique Leuenberger
aa50de6dc7 Accepting request 597603 from security
- Added ocki-3.8.2-Fix-Hardware-Feature-Object-validation-and-tests.patch
  (bsc#1086678)

OBS-URL: https://build.opensuse.org/request/show/597603
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openCryptoki?expand=0&rev=47
2018-04-19 13:31:21 +00:00
Mark Post
4866a500c9 Accepting request 597601 from home:markkp:branches:security
- Added ocki-3.8.2-Fix-Hardware-Feature-Object-validation-and-tests.patch
  (bsc#1086678)

OBS-URL: https://build.opensuse.org/request/show/597601
OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=76
2018-04-17 23:10:57 +00:00
Dominique Leuenberger
9a4d74717d Accepting request 585158 from security
OBS-URL: https://build.opensuse.org/request/show/585158
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openCryptoki?expand=0&rev=46
2018-03-11 14:25:39 +00:00
Mark Post
4539918c49 Accepting request 585157 from home:markkp:branches:security
- Re-enabled ARM architectures now that gcc6 is in SLE15. (bsc#1084617)

OBS-URL: https://build.opensuse.org/request/show/585157
OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=74
2018-03-09 20:17:11 +00:00
Dominique Leuenberger
cd7943207e Accepting request 546864 from security
OBS-URL: https://build.opensuse.org/request/show/546864
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openCryptoki?expand=0&rev=45
2017-12-03 09:12:49 +00:00
Mark Post
cfbd8bf303 Accepting request 546863 from home:markkp:branches:security
- Upgraded to version 3.8.2 (fate#323295, bsc#1066412)
  * v3.8.2
    Update man pages.
    Improve ock_tests for parallel execution.
    Fix FindObjectsInit for hidden HW-feature.
    Fix to allow vendor defined hardware features.
    Fix unresolved symbols.
    Fix tracing.
    Code/project cleanup.
  * v3.8.1
    Fix TPM data-structure reset function.
    Fix error message when dlsym fails.
    Update configure.ac
    Update travis.
  * v3.8.0
    Multi token instance feature.
    Added possibility to run opencryptoki with transactional memory or locks
      (--enable-locks on configure step).
    Updated documentation.
    Fix segfault on ec_test.
    Bunch of small fixes.

OBS-URL: https://build.opensuse.org/request/show/546863
OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=72
2017-12-01 02:02:32 +00:00
Dominique Leuenberger
6165f39b1f Accepting request 500232 from security
Fix for bsc#1039510

OBS-URL: https://build.opensuse.org/request/show/500232
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openCryptoki?expand=0&rev=44
2017-06-01 14:34:51 +00:00
Mark Post
3d264fa667 Accepting request 500228 from home:markkp:branches:security
Fix for bsc#1039510

OBS-URL: https://build.opensuse.org/request/show/500228
OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=70
2017-05-31 20:09:13 +00:00
Dominique Leuenberger
0c6c511ab1 Accepting request 494813 from security
Updated to version 3.7.0 (Fate#321451) (bsc#1036640)

OBS-URL: https://build.opensuse.org/request/show/494813
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openCryptoki?expand=0&rev=43
2017-05-16 12:45:19 +00:00
Mark Post
cd6812de23 - Updated to version 3.7.0 (Fate#321451) (bsc#1036640)
- Update example spec file
  - Performance improvement. Moving from mutexes to transactional memory.
  - Add ECDSA SHA2 support for EP11 and CCA.
  - Fix declaration of inline functions.
  - Fix wrong testcase and ber en/decoding for integers.
  - Check for 'flex' and 'YACC' on configure.
  - EP11 config file rework.
  - Add enable-debug on travis build.
  - Add testcase for C_GetOperationState/C_SetOperationState.
  - Upgrade License to CPL-1.0
  - Ica token: fix openssh/ibmpkcs11 engine/libica crash.
  - Fix segfault and logic in hardware feature test.
  - Fix spelling of documentation and manuals.
  - Fix the retrieval of p from a generated rsa key.
  - Coverity scan fixes - incompatible pointer type and unused variables.

OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=67
2017-05-12 09:06:41 +00:00
Dominique Leuenberger
bfbc78d27e Accepting request 491366 from security
1

OBS-URL: https://build.opensuse.org/request/show/491366
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openCryptoki?expand=0&rev=42
2017-04-28 07:14:00 +00:00
Mark Post
5f9d2f2ce9 Accepting request 491365 from home:markkp:branches:security
Added libica-tools to the BuildRequires due to repackaging of libica.

OBS-URL: https://build.opensuse.org/request/show/491365
OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=65
2017-04-26 20:28:06 +00:00