diff --git a/SPECS-EXTENDED/opencryptoki/opencryptoki.signatures.json b/SPECS-EXTENDED/opencryptoki/opencryptoki.signatures.json index 8bc0c74ae5a..1a619d0289b 100644 --- a/SPECS-EXTENDED/opencryptoki/opencryptoki.signatures.json +++ b/SPECS-EXTENDED/opencryptoki/opencryptoki.signatures.json @@ -1,6 +1,6 @@ { - "Signatures": { - "opencryptoki.module": "d335359abeb5d4d1e684841f055ac99b98e8fcc77578e480ef86ef2621ab363d", - "opencryptoki-3.17.0.tar.gz": "785596925738855b33b29bdff2399f613b892e7c6000d9ffbf79fe32c2aeaeee" - } -} + "Signatures": { + "opencryptoki-3.24.0.tar.gz": "36873a867853b2327ca42ec231be8603d83cac2008ead23296b522fe64443764", + "opencryptoki.module": "d335359abeb5d4d1e684841f055ac99b98e8fcc77578e480ef86ef2621ab363d" + } +} \ No newline at end of file diff --git a/SPECS-EXTENDED/opencryptoki/opencryptoki.spec b/SPECS-EXTENDED/opencryptoki/opencryptoki.spec index 51fc60e70b6..003d201ec29 100644 --- a/SPECS-EXTENDED/opencryptoki/opencryptoki.spec +++ b/SPECS-EXTENDED/opencryptoki/opencryptoki.spec @@ -1,56 +1,60 @@ -Summary: Implementation of the PKCS#11 (Cryptoki) specification v2.11 -Name: opencryptoki -Version: 3.17.0 -Release: 2%{?dist} -License: CPL +Name: opencryptoki +Summary: Implementation of the PKCS#11 (Cryptoki) specification v3.0 +Version: 3.24.0 +Release: 3%{?dist} +License: CPL-1.0 Vendor: Microsoft Corporation Distribution: Azure Linux -URL: https://github.com/opencryptoki/opencryptoki -Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz -Source1: opencryptoki.module -# https://bugzilla.redhat.com/show_bug.cgi?id=732756 -Patch0: opencryptoki-3.11.0-group.patch -# bz#1373833, change tmpfiles snippets from /var/lock/* to /run/lock/* -Patch1: opencryptoki-3.11.0-lockdir.patch -BuildRequires: autoconf -BuildRequires: automake -BuildRequires: bison -BuildRequires: expect -BuildRequires: flex -BuildRequires: gcc -BuildRequires: libtool -BuildRequires: openldap-devel -BuildRequires: openssl-devel -BuildRequires: systemd -%if !0%{?azl} -# Azure Linux only supports tpm 2.0, so drop tpm 1.2 support -BuildRequires: trousers-devel +URL: https://github.com/opencryptoki/opencryptoki +Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz +Source1: opencryptoki.module +# fix install problem in buildroot +Patch1: opencryptoki-3.24.0-p11sak.patch +# upstream patches +Patch2: opencryptoki-3.24.0-compile-error-due-to-incompatible-pointer-types.patch + +Requires(pre): coreutils +Requires: (selinux-policy >= 34.9-1 if selinux-policy-targeted) +BuildRequires: gcc gcc-c++ +BuildRequires: openssl-devel >= 1.1.1 +%if 0%{?tmptok} +BuildRequires: trousers-devel %endif -Requires: %{name}(token) -Requires: %{name}-libs%{?_isa} = %{version}-%{release} -Requires(post): systemd -Requires(postun): systemd -Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release} -Requires(pre): coreutils -Requires(preun): systemd +BuildRequires: openldap-devel +BuildRequires: autoconf automake libtool +BuildRequires: bison flex +BuildRequires: libcap-devel +BuildRequires: expect +BuildRequires: make +BuildRequires: systemd-rpm-macros %ifarch s390 s390x -BuildRequires: libica-devel >= 2.3 +BuildRequires: libica-devel >= 3.3 +# for /usr/include/libudev.h +BuildRequires: systemd-devel %endif +Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release} +Requires: %{name}-libs%{?_isa} = %{version}-%{release} +Requires: %{name}(token) +Requires(post): systemd diffutils +Requires(preun): systemd +Requires(postun): systemd + %description -Opencryptoki implements the PKCS#11 specification v2.11 for a set of +Opencryptoki implements the PKCS#11 specification v2.20 for a set of cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the Trusted Platform Module (TPM) chip. Opencryptoki also brings a software token implementation that can be used without any cryptographic hardware. This package contains the Slot Daemon (pkcsslotd) and general utilities. + %package libs -Summary: The run-time libraries for opencryptoki package -Requires(pre): shadow-utils +Summary: The run-time libraries for opencryptoki package +Requires(pre): shadow-utils %description libs -Opencryptoki implements the PKCS#11 specification v2.11 for a set of +Opencryptoki implements the PKCS#11 specification v2.20 for a set of cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the Trusted Platform Module (TPM) chip. Opencryptoki also brings a software token implementation that can be used without any cryptographic @@ -59,22 +63,24 @@ This package contains the PKCS#11 library implementation, and requires at least one token implementation (packaged separately) to be fully functional. + %package devel -Summary: Development files for openCryptoki -Requires: %{name}-libs%{?_isa} = %{version}-%{release} +Summary: Development files for openCryptoki +Requires: %{name}-libs%{?_isa} = %{version}-%{release} %description devel This package contains the development header files for building opencryptoki and PKCS#11 based applications + %package swtok -Summary: The software token implementation for opencryptoki -Requires: %{name}-libs%{?_isa} = %{version}-%{release} -Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release} -Provides: %{name}(token) +Summary: The software token implementation for opencryptoki +Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release} +Requires: %{name}-libs%{?_isa} = %{version}-%{release} +Provides: %{name}(token) %description swtok -Opencryptoki implements the PKCS#11 specification v2.11 for a set of +Opencryptoki implements the PKCS#11 specification v2.20 for a set of cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the Trusted Platform Module (TPM) chip. Opencryptoki also brings a software token implementation that can be used without any cryptographic @@ -82,31 +88,31 @@ hardware. This package brings the software token implementation to use opencryptoki without any specific cryptographic hardware. -%if !0%{?azl} + %package tpmtok -Summary: Trusted Platform Module (TPM) device support for opencryptoki -Requires: %{name}-libs%{?_isa} = %{version}-%{release} -Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release} -Provides: %{name}(token) +Summary: Trusted Platform Module (TPM) device support for opencryptoki +Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release} +Requires: %{name}-libs%{?_isa} = %{version}-%{release} +Provides: %{name}(token) %description tpmtok -Opencryptoki implements the PKCS#11 specification v2.11 for a set of +Opencryptoki implements the PKCS#11 specification v2.20 for a set of cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the Trusted Platform Module (TPM) chip. Opencryptoki also brings a software token implementation that can be used without any cryptographic hardware. This package brings the necessary libraries and files to support Trusted Platform Module (TPM) devices in the opencryptoki stack. -%endif + %package icsftok -Summary: ICSF token support for opencryptoki -Requires: %{name}-libs%{?_isa} = %{version}-%{release} -Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release} -Provides: %{name}(token) +Summary: ICSF token support for opencryptoki +Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release} +Requires: %{name}-libs%{?_isa} = %{version}-%{release} +Provides: %{name}(token) %description icsftok -Opencryptoki implements the PKCS#11 specification v2.11 for a set of +Opencryptoki implements the PKCS#11 specification v2.20 for a set of cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the Trusted Platform Module (TPM) chip. Opencryptoki also brings a software token implementation that can be used without any cryptographic @@ -114,15 +120,15 @@ hardware. This package brings the necessary libraries and files to support ICSF token in the opencryptoki stack. -%ifarch s390 s390x + %package icatok -Summary: ICA cryptographic devices (clear-key) support for opencryptoki -Requires: %{name}-libs%{?_isa} = %{version}-%{release} -Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release} -Provides: %{name}(token) +Summary: ICA cryptographic devices (clear-key) support for opencryptoki +Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release} +Requires: %{name}-libs%{?_isa} = %{version}-%{release} +Provides: %{name}(token) %description icatok -Opencryptoki implements the PKCS#11 specification v2.11 for a set of +Opencryptoki implements the PKCS#11 specification v2.20 for a set of cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the Trusted Platform Module (TPM) chip. Opencryptoki also brings a software token implementation that can be used without any cryptographic @@ -133,13 +139,13 @@ cryptographic hardware such as IBM 4764 or 4765 that uses the "accelerator" or "clear-key" path. %package ccatok -Summary: CCA cryptographic devices (secure-key) support for opencryptoki -Requires: %{name}-libs%{?_isa} = %{version}-%{release} -Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release} -Provides: %{name}(token) +Summary: CCA cryptographic devices (secure-key) support for opencryptoki +Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release} +Requires: %{name}-libs%{?_isa} = %{version}-%{release} +Provides: %{name}(token) %description ccatok -Opencryptoki implements the PKCS#11 specification v2.11 for a set of +Opencryptoki implements the PKCS#11 specification v2.20 for a set of cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the Trusted Platform Module (TPM) chip. Opencryptoki also brings a software token implementation that can be used without any cryptographic @@ -150,13 +156,13 @@ cryptographic hardware such as IBM 4764 or 4765 that uses the "co-processor" or "secure-key" path. %package ep11tok -Summary: CCA cryptographic devices (secure-key) support for opencryptoki -Requires: %{name}-libs%{?_isa} = %{version}-%{release} -Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release} -Provides: %{name}(token) +Summary: EP11 cryptographic devices (secure-key) support for opencryptoki +Requires(pre): %{name}-libs%{?_isa} = %{version}-%{release} +Requires: %{name}-libs%{?_isa} = %{version}-%{release} +Provides: %{name}(token) %description ep11tok -Opencryptoki implements the PKCS#11 specification v2.11 for a set of +Opencryptoki implements the PKCS#11 specification v2.20 for a set of cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the Trusted Platform Module (TPM) chip. Opencryptoki also brings a software token implementation that can be used without any cryptographic @@ -165,7 +171,6 @@ This package brings the necessary libraries and files to support EP11 tokens in the opencryptoki stack. The EP11 token is a token that uses the IBM Crypto Express adapters (starting with Crypto Express 4S adapters) configured with Enterprise PKCS#11 (EP11) firmware. -%endif %prep @@ -176,28 +181,53 @@ configured with Enterprise PKCS#11 (EP11) firmware. ./bootstrap.sh %configure --with-systemd=%{_unitdir} --enable-testcases \ -%if 0%{?azl} + --with-pkcsslotd-user=pkcsslotd --with-pkcs-group=pkcs11 \ +%if 0%{?tpmtok} + --enable-tpmtok \ +%else --disable-tpmtok \ %endif +%ifarch s390 s390x x86_64 ppc64le + --enable-ccatok \ +%else + --disable-ccatok \ +%endif %ifarch s390 s390x - --enable-icatok --enable-ccatok --enable-ep11tok --enable-pkcsep11_migrate + --enable-icatok --enable-ep11tok --enable-pkcsep11_migrate %else - --disable-icatok --disable-ccatok --disable-ep11tok --disable-pkcsep11_migrate + --disable-icatok --disable-ep11tok --disable-pkcsep11_migrate --enable-pkcscca_migrate %endif -make %{?_smp_mflags} CHGRP=/bin/true +%make_build CHGRP=/bin/true %install -make install DESTDIR=%{buildroot} CHGRP=/bin/true -install -Dpm 644 %{SOURCE1} %{buildroot}%{_datadir}/p11-kit/modules/opencryptoki.module +%make_install CHGRP=/bin/true + +%pre +# don't touch opencryptoki.conf even if it is unchanged due to new tokversion +# backup config file. bz#2044179 +%global cfile /etc/opencryptoki/opencryptoki.conf +%global csuffix .rpmsave.XyoP +if test $1 -gt 1 && test -f %{cfile} ; then + cp -p %{cfile} %{cfile}%{csuffix} +fi %pre libs getent group pkcs11 >/dev/null || groupadd -r pkcs11 +getent passwd pkcsslotd >/dev/null || useradd -r -g pkcs11 -d /run/opencryptoki -s /sbin/nologin -c "Opencryptoki pkcsslotd user" pkcsslotd exit 0 %post +# restore the config file from %pre +if test $1 -gt 1 && test -f %{cfile} ; then + if ( ! cmp -s %{cfile} %{cfile}%{csuffix} ) ; then + cp -p %{cfile} %{cfile}.rpmnew + fi + cp -p %{cfile}%{csuffix} %{cfile} && rm -f %{cfile}%{csuffix} +fi + %systemd_post pkcsslotd.service if test $1 -eq 1; then %tmpfiles_create %{name}.conf @@ -209,21 +239,33 @@ fi %postun %systemd_postun_with_restart pkcsslotd.service + %files %doc ChangeLog FAQ README.md %doc doc/opencryptoki-howto.md %doc doc/README.token_data +%doc %{_docdir}/%{name}/*.conf %dir %{_sysconfdir}/%{name} -%config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf +%verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf +%attr(0640, root, pkcs11) %config(noreplace) %{_sysconfdir}/%{name}/p11sak_defined_attrs.conf +%attr(0640, root, pkcs11) %config(noreplace) %{_sysconfdir}/%{name}/strength.conf %{_tmpfilesdir}/%{name}.conf %{_unitdir}/pkcsslotd.service -%{_sbindir}/pkcsconf -%{_sbindir}/pkcsslotd %{_sbindir}/p11sak %{_sbindir}/pkcstok_migrate -%{_mandir}/man1/pkcsconf.1* +%{_sbindir}/pkcsconf +%{_sbindir}/pkcsslotd +%{_sbindir}/pkcsstats +%{_sbindir}/pkcshsm_mk_change +%{_sbindir}/pkcstok_admin %{_mandir}/man1/p11sak.1* %{_mandir}/man1/pkcstok_migrate.1* +%{_mandir}/man1/pkcsconf.1* +%{_mandir}/man1/pkcsstats.1* +%{_mandir}/man1/pkcshsm_mk_change.1* +%{_mandir}/man1/pkcstok_admin.1* +%{_mandir}/man5/policy.conf.5* +%{_mandir}/man5/strength.conf.5* %{_mandir}/man5/%{name}.conf.5* %{_mandir}/man5/p11sak_defined_attrs.conf.5* %{_mandir}/man7/%{name}.7* @@ -231,16 +273,17 @@ fi %{_libdir}/opencryptoki/methods %{_libdir}/pkcs11/methods %dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name} +%dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/HSM_MK_CHANGE %ghost %dir %attr(770,root,pkcs11) %{_rundir}/lock/%{name} %ghost %dir %attr(770,root,pkcs11) %{_rundir}/lock/%{name}/* -%dir %attr(770,root,pkcs11) %{_localstatedir}/log/opencryptoki +%dir %attr(710,pkcsslotd,pkcs11) /run/%{name} %files libs %license LICENSE %{_sysconfdir}/ld.so.conf.d/* # Unversioned .so symlinks usually belong to -devel packages, but opencryptoki # needs them in the main package, because: -# documentation suggests that programs should dlopen "PKCS11_API.so". +# documentation suggests that programs should dlopen "PKCS11_API.so". %dir %{_libdir}/opencryptoki %{_libdir}/opencryptoki/libopencryptoki.* %{_libdir}/opencryptoki/PKCS11_API.so @@ -249,13 +292,11 @@ fi %{_libdir}/pkcs11/libopencryptoki.so %{_libdir}/pkcs11/PKCS11_API.so %{_libdir}/pkcs11/stdll -# Co-owned with p11-kit -%dir %{_datadir}/p11-kit/ -%dir %{_datadir}/p11-kit/modules/ -%{_datadir}/p11-kit/modules/opencryptoki.module +%dir %attr(770,root,pkcs11) %{_localstatedir}/log/opencryptoki %files devel %{_includedir}/%{name}/ +%{_libdir}/pkgconfig/%{name}.pc %files swtok %{_libdir}/opencryptoki/stdll/libpkcs11_sw.* @@ -263,7 +304,7 @@ fi %dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/swtok/ %dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/swtok/TOK_OBJ/ -%if !0%{?azl} +%if 0%{?tmptok} %files tpmtok %doc doc/README.tpm_stdll %{_libdir}/opencryptoki/stdll/libpkcs11_tpm.* @@ -285,16 +326,21 @@ fi %{_libdir}/opencryptoki/stdll/PKCS11_ICA.so %dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/lite/ %dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/lite/TOK_OBJ/ +%endif +%ifarch s390 s390x x86_64 ppc64le %files ccatok %doc doc/README.cca_stdll +%config(noreplace) %{_sysconfdir}/%{name}/ccatok.conf %{_sbindir}/pkcscca %{_mandir}/man1/pkcscca.1* %{_libdir}/opencryptoki/stdll/libpkcs11_cca.* %{_libdir}/opencryptoki/stdll/PKCS11_CCA.so %dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/ccatok/ %dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}/ccatok/TOK_OBJ/ +%endif +%ifarch s390 s390x %files ep11tok %doc doc/README.ep11_stdll %config(noreplace) %{_sysconfdir}/%{name}/ep11tok.conf @@ -311,17 +357,199 @@ fi %changelog -* Fri Mar 29 2024 Chris Co <chrco@microsoft.com> - 3.17.0-2 -- Drop tpm 1.2 support - -* Mon Sep 04 2023 Muhammad Falak <mwani@microsoft.com> - 3.17.0-1 -- Upgrade version to address CVE-2021-3798 -- Lint spec +* Wed Jan 15 2025 Durga Jagadeesh Palli <v-dpalli@microsoft.com> - 3.24.0-3 +- Update to 3.24.0 - License verified -* Thu Mar 18 2021 Henry Li <lihl@microsoft.com> - 3.13.0-2 -- Initial CBL-Mariner import from Fedora 32 (license: MIT). -- Remove libitm-devel from build requirement because gcc already includes the necessary binaries it covers +* Fri Sep 13 2024 Than Ngo <than@redhat.com> - 3.24.0-2 +- build with --enable-pkcscca_migrate +- fix build error due to incompatible pointer types + +* Fri Sep 13 2024 Than Ngo <than@redhat.com> - 3.24.0-1 +- Update to 3.24.0 + * Add support for building Opencryptoki on the IBM AIX platform + * Add support for the CCA token on non-IBM Z platforms (x86_64, ppc64) + * Add support for protecting tokens with a token specific user group + * EP11: Add support for combined CKA_EXTRACTABLE and CKA_IBM_PROTKEY_EXTRACTABLE + * CCA: Add support for Koblitz curve secp256k1. Requires CCA v7.2 or later + * CCA: Add support for IBM Dilithium (CKM_IBM_DILITHIUM). + On Linux on IBM Z: Requires CCA v7.1 or later for Round2-65, and CCA v8.0 for the Round 3 variants. + On other platforms: Requires CCA v7.2.43 or later for Round2-65, the Round 3 variants are currently not supported + * CCA: Add support for RSA-OAEP with SHA224, SHA384, and SHA512 on en-/decrypt. Requires CCA v8.1 or later on Linux on IBM Z, not supported on other platforms + * CCA: Add support for PKCS#11 v3.0 SHA3 mechanisms. Requires CCA v8.1 on Linux on IBM Z, not supported on other platforms + * ICA: Support new libica AES-GCM api using the KMA instruction on z14 and later + * ICA/Soft/ICSF: Add support for PKCS#11 v3.0 SHA3 mechanisms + * ICA/Soft: Add support for SHA based key derivation mechanisms + * ICA/Soft: Add support for CKD_*_SP800 KDFs for ECDH + * EP11/CCA/ICA/Soft: Add support for CKA_ALWAYS_AUTHENTICATE + * EP11/CCA: Support live guest relocation for protected key (PKEY) operations + * Soft: Experimental support for IBM Dilithium via OpenSSL OQS provider + * ICSF: Add support for SHA-2 mechanisms + * ICSF: Performance improvements for attribute retrieval + * p11sak: Add support for exporting a key or certificate as URI-PEM file + * p11sak: Import/export of IBM Dilithium keys in 'oqsprovider' format PEM files + * p11sak: Add option to show the master key verification patterns of secure keys + * Bug fixes +- Remove i686 support as upsrtream will get rid of 32-bit support, https://github.com/opencryptoki/opencryptoki/issues/174 +- Remove lockdir.patch + +* Thu Jul 18 2024 Fedora Release Engineering <releng@fedoraproject.org> - 3.23.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + +* Wed Feb 07 2024 Than Ngo <than@redhat.com> - 3.23.0-1 +- 3.23.0 + * EP11: Add support for FIPS-session mode + * Updates to harden against RSA timing attacks + * Bug fixes + +* Tue Jan 30 2024 Dan Horák <dan[at]danny.cz> - 3.22.0-4 +- fix all errors and warnings (rhbz#2261419) + +* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 3.22.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 3.22.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Thu Sep 21 2023 Than Ngo <than@redhat.com> - 3.22.0-1 +- update to 3.22.0 + +* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.21.0-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Mon Jul 17 2023 Than Ngo <than@redhat.com> - 3.21.0-5 +- p11sak tool: slot option does not accept argument 0 for slot index 0 +- p11sak fails as soon as there reside non-key objects + +* Thu May 25 2023 Than Ngo <than@redhat.com> - 3.21.0-4 +- add verify attributes for opencryptoki.conf to ignore the + verification + +* Mon May 22 2023 Than Ngo <than@redhat.com> - 3.21.0-3 +- drop p11_kit_support +- fix handling of user name +- fix user confirmation prompt behavior when stdin is closed + +* Tue May 16 2023 Than Ngo <than@redhat.com> - 3.21.0-2 +- add missing /var/lib/opencryptoki/HSM_MK_CHANGE + +* Mon May 15 2023 Than Ngo <than@redhat.com> - 3.21.0-1 +- update to 3.21.0 + +* Tue Feb 14 2023 Than Ngo <than@redhat.com> - 3.20.0-2 +- migrated to SPDX license + +* Mon Feb 13 2023 Than Ngo <than@redhat.com> - 3.20.0-1 +- update to 3.20.0 +- drop unnecessary opencryptoki-3.11.0-group.patch + +* Wed Feb 08 2023 Than Ngo <than@redhat.com> - 3.19.0-3 +- Add support of ep11 token for new IBM Z Hardware (IBM z16) + +* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.19.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Tue Oct 11 2022 Than Ngo <than@redhat.com> - 3.19.0-1 +- update to 3.19.0 + +* Wed Sep 14 2022 Florian Weimer <fweimer@redhat.com> - 3.18.0-5 +- Add missing build dependency on systemd-rpm-macros + +* Mon Aug 01 2022 Than Ngo <than@redhat.com> - 3.18.0-4 +- fix json output +- do not touch opencryptoki.conf if it is in place already and even if it is unchanged + +* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.18.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Mon May 09 2022 Than Ngo <than@redhat.com> - 3.18.0-2 +- add missing strength.conf + +* Mon May 02 2022 Than Ngo <than@redhat.com> - 3.18.0-1 +- 3.18.0 + +* Wed Apr 20 2022 Dan Horák <dan[at]danny.cz> - 3.17.0-7 +- fix initialization (#2075851, #2074587) + +* Wed Apr 06 2022 Than Ngo <than@redhat.com> - 3.17.0-6 +- add tokversion + +* Wed Apr 06 2022 Than Ngo <than@redhat.com> - 3.17.0-5 +- upstream fixes - openssl cleanup for opencryptoki, Avoid deadlock when stopping event thread + +* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.17.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Thu Nov 25 2021 Than Ngo <than@redhat.com> - 3.17.0-3 +- fix covscan issues + +* Tue Nov 09 2021 Than Ngo <than@redhat.com> - 3.17.0-2 +- add missing config file p11sak_defined_attrs.conf + +* Tue Oct 19 2021 Than Ngo <than@redhat.com> - 3.17.0-1 +- rebase to 3.17.0 + +* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 3.16.0-5 +- Rebuilt with OpenSSL 3.0.0 + +* Fri Sep 03 2021 Than Ngo <than@redhat.com> - 3.16.0-4 +- Resolves: #1987186, pkcstok_migrate leaves options with multiple strings in opencryptoki.conf options without double-quotes +- Resolves: #1974365, Fix detection if pkcsslotd is still running + +* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.16.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Wed Jun 30 2021 Than Ngo <than@redhat.com> - 3.16.0-2 +- Added Event Notification Support +- Added conditional requirement on selinux-policy >= 34.10-1 +- pkcsslotd PIDfile below legacy directory +- Added BR on systemd-devel + +* Wed Mar 31 2021 Dan Horák <dan[at]danny.cz> - 3.16.0-1 +- Rebase to 3.16.0 + +* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 3.15.1-6 +- Rebuilt for updated systemd-rpm-macros + See https://pagure.io/fesco/issue/2583. + +* Fri Feb 12 2021 Than Ngo <than@redhat.com> - 3.15.1-5 +- Added upstream patch, a slot ID has nothing to do with the number of slots + +* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.15.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Tue Dec 22 2020 Than Ngo <than@redhat.com> - 3.15.1-3 +- Drop tpm1.2 support by default + +* Tue Dec 22 2020 Than Ngo <than@redhat.com> - 3.15.1-2 +- Fix compiling with c++ +- Added error message handling for p11sak remove-key command +- Add BR on make + +* Mon Nov 02 2020 Than Ngo <than@redhat.com> - 3.15.1-1 +- Rebase to 3.15.1 + +* Mon Oct 19 2020 Dan Horák <dan[at]danny.cz> - 3.15.0-1 +- Rebase to 3.15.0 + +* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.14.0-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue Jul 14 2020 Tom Stellard <tstellar@redhat.com> - 3.14.0-5 +- Use make macros +- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro + +* Wed Jul 08 2020 Than Ngo <than@redhat.com> - 3.14.0-4 +- added PIN conversion tool + +* Wed Jul 01 2020 Than Ngo <than@redhat.com> - 3.14.0-3 +- upstream fix - handle early error cases in C_Initialize + +* Wed May 27 2020 Than Ngo <than@redhat.com> - 3.14.0-2 +- fix regression, segfault in C_SetPin + +* Fri May 15 2020 Dan Horák <dan[at]danny.cz> - 3.14.0-1 +- Rebase to 3.14.0 * Fri Mar 06 2020 Dan Horák <dan[at]danny.cz> - 3.13.0-1 - Rebase to 3.13.0 diff --git a/cgmanifest.json b/cgmanifest.json index 5832a4ca3ec..ba2e03d32dc 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -15093,8 +15093,8 @@ "type": "other", "other": { "name": "opencryptoki", - "version": "3.17.0", - "downloadUrl": "https://github.com/opencryptoki/opencryptoki/archive/v3.17.0/opencryptoki-3.17.0.tar.gz" + "version": "3.24.0", + "downloadUrl": "https://github.com/opencryptoki/opencryptoki/archive/v3.24.0/opencryptoki-3.24.0.tar.gz" } } },