Changelog for
openCryptoki-64bit-3.15.1-3.5.x86_64.rpm :
* Tue Feb 16 2021 mpostAATTsuse.com- Added ocki-3.15.1-A-slot-ID-has-nothing-to-do-with-the-number-of-slots.patch (bsc#1182120) Fix pkcscca migration fails with usr/sb2 is not a valid slot ID- Added ocki-3.15.1-SOFT-Fix-problem-with-C_Get-SetOperationState-and-di.patch (bsc#1182190) Fix a segmentation fault of the sess_opstate test on the Soft Token
* Mon Jan 25 2021 mpostAATTsuse.com- Added the following patches for bsc#1179319
* Fix compiling with C++: ocki-3.15.1-Fix-compiling-with-c.patch
* Added error message handling for p11sak remove-key command. ocki-3.15.1-Added-error-message-handling-for-p11sak-remove-key-c.patch
* Thu Jan 21 2021 kukukAATTsuse.com- Don\'t require pwdutils for build, dropped long ago and not needed
* Wed Oct 21 2020 mpostAATTsuse.com- Upgraded to version 3.15.1 (jsc#SLE-13749, jsc#SLE-13666, jsc#SLE-13813, jsc#SLE-13812, jsc#SLE-13723, jsc#SLE-13714, jsc#SLE-13715, jsc#SLE-13710, jsc#SLE-13774, jsc#SLE-13786)
* openCryptoki 3.15.1 - Bug fixes
* openCryptoki 3.15.0 - common: conform to PKCS 11 3.0 Baseline Provider profile - Introduce new vendor defined interface named \"Vendor IBM\" - Support C_IBM_ReencryptSingle via \"Vendor IBM\" interface - CCA: support key wrapping - SOFT: support ECC - p11sak tool: add remove-key command - Bug fixes
* openCryptoki 3.14.0 - EP11: Dilitium support stage 2 - Common: Rework on process and thread locking - Common: Rework on btree and object locking - ICSF: minor fixes - TPM, ICA, ICSF: support multiple token instances - new tool p11sak
* openCryptoki 3.13.0 - EP11: Dilithium support - EP11: EdDSA support - EP11: support RSA-OAEP with non-SHA1 hash and MGF- Removed obsolete oki-3.12-EP11-Fix-EC-uncompress-buffer-length.patch
* Mon Jan 06 2020 mpostAATTsuse.com- Added oki-3.12-EP11-Fix-EC-uncompress-buffer-length.patch (bsc#1159114) The EP11 token may fail to import an ECC public key. Function C_CreateObject returns CKR_BUFFER_TOO_SMALL in this case.
* Mon Dec 02 2019 mpostAATTsuse.com- Upgraded to version 3.12.1 (bsc#1157863)
* Fix pkcsep11_migrate tool
* Tue Nov 12 2019 mpostAATTsuse.com- Upgraded to version 3.12.0 (jsc#SLE-7647, jsc#SLE-7915, jsc#SLE-7918)
* Update token pin and data store encryption for soft,ica,cca and ep11
* EP11: Allow importing of compressed EC public keys
* EP11: Add support for the CMAC mechanisms
* EP11: Add support for the IBM-SHA3 mechanisms
* SOFT: Add AES-CMAC and 3DES-CMAC support to the soft token
* ICA: Add AES-CMAC and 3DES-CMAC support to the ICA token
* EP11: Add config option USE_PRANDOM
* CCA: Use Random Number Generate Long for token_specific_rng()
* Common rng function: Prefer /dev/prandom over /dev/urandom
* ICA: add SHA
*_RSA_PKCS_PSS mechanisms
* Bug fixes- Removed obsolete ocki-3.11.1-EP11-Support-tolerated-new-crypto-cards.patch
* Thu Oct 10 2019 mpostAATTsuse.com- Added ocki-3.11.1-EP11-Support-tolerated-new-crypto-cards.patch (bsc#1152015) Add support for new IBM crypto card.
* Tue Sep 03 2019 mpostAATTsuse.com- Upgraded to version 3.11.1 (Fate#327837) Bug fixes.- Dropped obsolete ocki-3.11-Fix-target_list-passing-for-EP11-session.patch
* Fri Feb 15 2019 mpostAATTsuse.com- Added ocki-3.11-Fix-target_list-passing-for-EP11-session.patch (bsc#1123988)
* Fri Nov 30 2018 jengelhAATTinai.de- Do not ignore errors from groupadd. If groupadd fails, installation ought not to proceed because files would have the wrong ownership.
* Thu Nov 29 2018 mpostAATTsuse.com- Don\'t hide error messages from the groupadd command. To eliminate a potentially common one, check to see if the pkcs11 group is already defined before trying to add it.- Update the summary for the -devel package.- Changed several PreReq entries to Requires(pre) as a result of the output from spec-cleaner. Removed a couple of obsolete lines.- Removed obsolete check for whether systemd is in use or not.
* Fri Nov 16 2018 mpostAATTsuse.com- Upgraded to version 3.11.0 (Fate#325685)
* opencryptoki 3.11.0 EP11 enhancements A lot of bug fixes- Reworked the ocki-3.1-remove-make-install-chgrp.patch to apply properly to 3.11, and renamed it to ocki-3.11-remove-make-install-chgrp.patch- Removed obsolete patch ocki-3.5-icsf-coverity-memoryleakfix.patch
* Thu Nov 15 2018 mpostAATTsuse.com- Upgraded to version 3.10.0 (Fate#325685)
* opencryptoki 3.10.0 Add support to ECC on ICA token and to common code. Add SHA224 support to SOFT token. Improve pkcsslotd logging. Fix sha512_hmac_sign and rsa_x509_verify for ICA token. Fix tracing of session id. Fix and improve testcases. Fix spec file permission for log directory. Fix build warnings.
* opencryptoki 3.9.0 Fix token reinitialization Fix conditional man pages EP11 enhancements EP11 EC Key import Increase RSA max key length Fix broken links on documentation Define CK_FALSE and CK_TRUE macros Improve build flags- Dropped obsolete patch ocki-3.8.2-Fix-Hardware-Feature-Object-validation-and-tests.patch- Made multiple changes to the spec file based on spec-cleaner output.- Added an rpmlintrc file to squelch warnings about adding ghost entries for files under /var/lock/opencryptoki/
* Tue Apr 17 2018 mpostAATTsuse.com- Added ocki-3.8.2-Fix-Hardware-Feature-Object-validation-and-tests.patch (bsc#1086678)
* Fri Mar 09 2018 mpostAATTsuse.com- Re-enabled ARM architectures now that gcc6 is in SLE15. (bsc#1084617)
* Thu Nov 30 2017 mpostAATTsuse.com- Upgraded to version 3.8.2 (fate#323295, bsc#1066412)
* v3.8.2 Update man pages. Improve ock_tests for parallel execution. Fix FindObjectsInit for hidden HW-feature. Fix to allow vendor defined hardware features. Fix unresolved symbols. Fix tracing. Code/project cleanup.
* v3.8.1 Fix TPM data-structure reset function. Fix error message when dlsym fails. Update configure.ac Update travis.
* v3.8.0 Multi token instance feature. Added possibility to run opencryptoki with transactional memory or locks (--enable-locks on configure step). Updated documentation. Fix segfault on ec_test. Bunch of small fixes.
* Wed May 31 2017 mpostAATTsuse.com- Removed ARM architectures from the build list until gcc6 becomes available for SLES. (bsc#1039510).
* Fri May 12 2017 mpostAATTsuse.com- Updated to version 3.7.0 (Fate#321451) (bsc#1036640) - Update example spec file - Performance improvement. Moving from mutexes to transactional memory. - Add ECDSA SHA2 support for EP11 and CCA. - Fix declaration of inline functions. - Fix wrong testcase and ber en/decoding for integers. - Check for \'flex\' and \'YACC\' on configure. - EP11 config file rework. - Add enable-debug on travis build. - Add testcase for C_GetOperationState/C_SetOperationState. - Upgrade License to CPL-1.0 - Ica token: fix openssh/ibmpkcs11 engine/libica crash. - Fix segfault and logic in hardware feature test. - Fix spelling of documentation and manuals. - Fix the retrieval of p from a generated rsa key. - Coverity scan fixes - incompatible pointer type and unused variables.
* Tue Apr 11 2017 mpostAATTsuse.com- Added libica-tools to the BuildRequires due to repackaging of libica.
* Mon Mar 20 2017 mpostAATTsuse.com- Modified the spec file - Changed libca3-devel BuildRequires to just libica-devel - Check for systemd in the 32bit postun scriptlet.
* Mon Feb 20 2017 mpostAATTsuse.com- Upgraded to version 3.6.2 (fate#321451) - Support OpenSSL-1.1. - Add Travis CI support. - Update autotools scripts and documentation. - Fix SegFault when a invalid session handle is passed in SC_EncryptUpdate and SC_DecryptUpdate.- Updated spec file to use libica3-devel instead of libica2-devel.
* Tue Jan 17 2017 mpostAATTsuse.com- Upgraded to version 3.6.1 (fate#321451) - opencryptoki 3.6.1 - Fix SOFT token implementation of digest functions. - Replace deprecated OpenSSL interfaces. - opencryptoki 3.6 - Replace deprecated libica interfaces. - Performance improvement for ICA. - Improvement in documentation on system resources. - Improvement in testcases. - Added support for rc=8, reasoncode=2028 in icsf token. - Fix for session handle not set in session issue. - Multiple fixes for lock and log directories. - Downgraded a syslog error to warning. - Multiple fixes based on coverity scan results. - Added pkcs11 mapping for icsf reason code 72 for return code 8. - opencryptoki 3.5.1 - Fix Illegal Intruction on pkcscca tool. - Removed the following obsolete patches: - ocki-3.5-sanity-checking.patch - ocki-3.5-icsf-reasoncode72-support.patch - ocki-3.5-downgrade-syslogerror.patch - ocki-3.5-icsf-sessionhandle-missing-fix.patch - ocki-3.5-icsf-reasoncode-2028-added.patch - ocki-3.5-added-NULLreturn-check.patch - ocki-3.5-create-missing-tpm-token-lock-directory.patch - ocki-3.5-fix-pkcscca-calls.patch
* Mon Oct 31 2016 jjollyAATTsuse.com- Removed reference to pkcs1_startup from pkcsslotd (bsc#1007081)
* Thu Sep 01 2016 mpostAATTsuse.com- Added ocki-3.5-fix-pkcscca-calls.patch (bsc#996867).
* Fri Jul 29 2016 mpostAATTsuse.com- Added %doc FAQ to the spec file (bsc#991168).
* Tue Jul 19 2016 mpostAATTsuse.com- Added ocki-3.5-create-missing-tpm-token-lock-directory.patch (bsc#989602).
* Fri Jul 08 2016 mpostAATTsuse.com- Added the following patches (bsc#986854) - ocki-3.5-icsf-reasoncode72-support.patch - ocki-3.5-icsf-coverity-memoryleakfix.patch - ocki-3.5-downgrade-syslogerror.patch - ocki-3.5-icsf-sessionhandle-missing-fix.patch - ocki-3.5-icsf-reasoncode-2028-added.patch - ocki-3.5-added-NULLreturn-check.patch
* Mon Jun 13 2016 mpostAATTsuse.com- Added ocki-3.5-sanity-checking.patch (bsc#983496).- Added %dir entry for %{_localstatedir}/log/opencryptoki/ (bsc#983990)
* Wed May 25 2016 mpostAATTsuse.com- Upgraded to openCryptoki 3.5 (bsc#978005). - Full Coverity scan fixes. - Fixes for compiler warnings. - Added support for C_GetObjectSize in icsf token. - Various bug fixes and memory leak fixes. - Removed global read permissions from token files - Added missing PKCS#11v2.2 constants. - Fix for symbol resolution issue seen in Fedora 22 and 23 for ep11 and cca tokens. - Improvements in socket read operation when a token comes up. - Replaced 32 bit CCA API declarations with latest header from version 5.0 libsculcca rpm.
* Thu Apr 14 2016 mpostAATTsuse.com- Upgraded to openCryptoki v3.4.1 (Fate#319576, 319585, 319592, 319938).- Changed BuildRequires for libica_2_3_0-devel to libica2-devel.- Changed BuildRequires for openssl-devel to specify >= 1.0 Contrary to what the README says, version 0.9.7 isn\'t sufficient.- Removed the redundant DESTDIR= parameter from the %make_install- Removed the following obsolete patches opencryptoki-run-lock.patch (/var/lock and run/lock are actually the same place) Also reverted the changed to openCryptoki-tmp.conf to match. ocki-3.1_10_0001-ica-sha-update-empty-msg.patch ocki-3.1-fix-implicit-decl.patch ocki-3.1-fix-init_d-path.patch ocki-3.1-fix-libica-link.patch ocki-3.2_01_fix-return-type-error.patch ocki-3.2_02_ep11-token-incorrectly-copied-the-public-key-object-.patch ocki-3.2_03_ICSF-Token-C_SignUpdate-was-sometimes-segfaulting-an.patch ocki-3.2_04_CKA_EC_POINT-is-not-required-in-the-ECDSA-private-ke.patch ocki-3.2_05_icsf_ldap_handles.patch ocki-3.2_06_icsf_sign_verify.patch- renamed: ocki-3.1-remove-make-install-chgrp-chmod.patch to ocki-3.1-remove-make-install-chgrp.patch
* Fri Nov 06 2015 jjollyAATTsuse.com- Get a new ldap handle for each session opened in the icsf token, once the user has authenticated. (bsc#953347,LTC#130078) - ocki-3.2_05_icsf_ldap_handles.patch - ocki-3.2_06_icsf_sign_verify.patch
* Fri Oct 02 2015 jjollyAATTsuse.com- Added /var/lib/opencryptoki/lite/TOK_OBJ token directory (bsc#943070)- Added ocki-3.2_02_ep11-token-incorrectly-copied-the-public-key-object-.patch - Fixed two public key object inclusion in EP11 token (bsc#946808)- Added ocki-3.2_03_ICSF-Token-C_SignUpdate-was-sometimes-segfaulting-an.patch - Fixed GPF when calling C_SignUpdate using ICFS toekn (bsc#946172)- Added ocki-3.2_04_CKA_EC_POINT-is-not-required-in-the-ECDSA-private-ke.patch - Fixed failure to import ECDSA because of lack of attribute (bsc#948114)
* Thu Aug 20 2015 jjollyAATTsuse.com- Fixed BuildRequires: libica2-devel- Added ocki-3.2_01_fix-return-type-error.patch- Changing doc/README.ep11_stdll to unix-style EOL - Added BuildRequires: dos2unix- Removed globbing in %files and specified libraries to include (bsc#942162)
* Tue Aug 18 2015 jjollyAATTsuse.com- Updated to openCryptoki v3.2 (FATE#318240)- Removed unnecessary patches: - ocki-3.1_01_ep11_makefile.patch - ocki-3.1_02_ep11_m_init.patch - ocki-3.1_03_ock_obj_mgr.patch - ocki-3.1_04_ep11_opaque2blob_error_handl.patch - ocki-3.1_05_ep11_readme_update.patch - ocki-3.1_06_0001-print_mechanism-ignored-bad-returncodes-from-the-cal.patch - ocki-3.1_06_0002-Fix-failure-when-confname-is-not-given-use-default-e.patch - ocki-3.1_06_0003-Configure-was-checking-for-the-ep11-lib-and-the-m_in.patch - ocki-3.1_06_0004-The-asm-zcrypt.h-header-file-uses-some-std-int-types.patch - ocki-3.1_06_0005-Small-reworks.patch - ocki-3.1_06_0006-The-31-bit-build-on-s390-showed-an-build-error-at-in.patch - ocki-3.1_06_0007-ep11-is-not-building-because-not-setting-with_zcrypt.patch - ocki-3.1_07_0001-Man-page-corrections.patch - ocki-3.1_08_0001-Add-a-pkcscca-tool-to-help-migrate-cca-private-token.patch - ocki-3.1_08_0002-Add-documentation-pkcscca-manpage-and-README.cca_std.patch - ocki-3.1_09_0001-Fix-EOL-encoding-in-README.patch
* Tue Apr 07 2015 crrodriguezAATTopensuse.org- Also create parent directory /run/lock/opencryptoki in tmpfiles snippet if it does not exists.
* Tue Apr 07 2015 crrodriguezAATTopensuse.org- spec: do not use -D__USE_BSD, a glibc-internal macro which no longer has any meaning.
* Tue Apr 07 2015 crrodriguezAATTopensuse.org- spec: use %{_unitdir} %{_tmpfilesdir)- spec: call tmpfiles_create macro, if defined in %post- opencryptoki-run-lock.patch, openCryptoki-tmp.conf: use /run/lock instead of /var/lock.
* Wed Dec 17 2014 p.drouandAATTgmail.com- Update to version 3.2 +New pkcscca tool. Currently it assists in migrating cca private token objects from opencryptoki version 2 to the clear key encryption method used in opencryptoki version 3. Includes a manpage for pkcscca tool. Changes to README.cca_stdll to assist in using the CCA token and migrating the private token objects. + Support for CKM_RSA_PKCS_OAEP and CKM_RSA_PKCS_PSS algorithms. + Various bugfixes. + New testcases for various crypto algorithms.- Only depend on insserv if builded with sysvinit support- Remove obsolete patches; merged on upstream release + ocki-3.1_01_ep11_makefile.patch + ocki-3.1_02_ep11_m_init.patch + ocki-3.1_03_ock_obj_mgr.patch + ocki-3.1_04_ep11_opaque2blob_error_handl.patch + ocki-3.1_05_ep11_readme_update.patch + ocki-3.1_06_0001-print_mechanism-ignored-bad-returncodes-from-the-cal.patch + ocki-3.1_06_0002-Fix-failure-when-confname-is-not-given-use-default-e.patch + ocki-3.1_06_0003-Configure-was-checking-for-the-ep11-lib-and-the-m_in.patch + ocki-3.1_06_0004-The-asm-zcrypt.h-header-file-uses-some-std-int-types.patch + ocki-3.1_06_0005-Small-reworks.patch + ocki-3.1_06_0006-The-31-bit-build-on-s390-showed-an-build-error-at-in.patch + ocki-3.1_06_0007-ep11-is-not-building-because-not-setting-with_zcrypt.patch + ocki-3.1_07_0001-Man-page-corrections.patch + ocki-3.1_08_0001-Add-a-pkcscca-tool-to-help-migrate-cca-private-token.patch + ocki-3.1_08_0002-Add-documentation-pkcscca-manpage-and-README.cca_std.patch + ocki-3.1_09_0001-Fix-EOL-encoding-in-README.patch + ocki-3.1_10_0001-ica-sha-update-empty-msg.patch- Project is now hosted on sourceforge; fix the Url- Remove cvs related stuff; tarball is produced by upstream- Use %configure macro instead of manually defined options- Build with parallel support; use %{?_smp_mflags} macro