Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

openCryptoki-devel-3.23.0-slfo.1.2.10 RPM for s390x

From OpenSuSE Leap 16.0 for s390x

Name: openCryptoki-devel Distribution: SUSE Linux Framework One
Version: 3.23.0 Vendor: SUSE LLC <https://www.suse.com/>
Release: slfo.1.2.10 Build date: Thu Jul 18 08:07:40 2024
Group: Development/Languages/C and C++ Build host: reproducible
Size: 172309 Source RPM: openCryptoki-3.23.0-slfo.1.2.10.src.rpm
Packager: https://www.suse.com/
Url: https://github.com/opencryptoki/opencryptoki
Summary: Development files for openCryptoki, a PKCS#11 implementation for IBM hardware
The PKCS#11 version 2.01 API implemented for the IBM cryptographic
cards. This package includes support for the IBM 4758 cryptographic
co-processor (with the PKCS#11 firmware loaded) and the IBM eServer
Cryptographic Accelerator (FC 4960 on pSeries).

Provides

Requires

License

CPL-1.0

Changelog

* Thu Jul 18 2024 nikolay.gueorguiev@suse.com
  - Amended the .spec file accorinding to the recommendation in (bsc#1225876)
* Thu Jul 11 2024 nikolay.gueorguiev@suse.com
  - Updated the .spec file (bsc#1225876, bsc#1227280)
    * Amended for group %{pkcs_group} and user pkcsslotd
    * Copying example script files from /usr/share/doc/opencryptoki to
      /usr/share/opencryptoki (policy-example.conf and strength-example.conf)
      in case that there is 'rpm.install.excludedocs=yes' set in the
      zypper.conf(zypp.conf)
* Wed Feb 07 2024 nikolay.gueorguiev@suse.com
  - Upgrade openCryptoki to version 3.23 (jsc#PED-3360, jsc#PED-3361)
    * EP11: Add support for FIPS-session mode
    * Updates to harden against RSA timing attacks (bsc#1219217,CVE-2024-0914)
    * Bug fixes
  - Renamed ocki-3.22-remove-make-install-chgrp.patch to
      ocki-3.23-remove-make-install-chgrp.patch
* Mon Feb 05 2024 meissner@suse.com
  - provide user(pkcs11) and group(pkcs11)
* Mon Dec 04 2023 nikolay.gueorguiev@suse.com
  - Amended the .spec file  for pkcsslotd (jsc#1217703)
    * Renamed the patch ocki-3.21-remove-make-install-chgrp.patch to
      ocki-3.22-remove-make-install-chgrp.patch
* Thu Sep 21 2023 nikolay.gueorguiev@suse.com
  - Upgrade to version 3.22 (jsc#PED-3361)
    * openCryptoki 3.22
    - CCA: Add support for the AES-XTS key type using CPACF protected keys
    - p11sak: Add support for managing certificate objects
    - p11sak: Add support for public sessions (no-login option)
    - p11sak: Add support for logging in as SO (security Officer)
    - p11sak: Add support for importing/exporting Edwards and Montgomery keys
    - p11sak: Add support for importing of RSA-PSS keys and certificates
    - CCA/EP11/Soft/ICA: Ensure that the 2 key parts of an AES-XTS key are different
    * Bug fixes
* Fri May 26 2023 nikolay.gueorguiev@suse.com
  - Update to version 3.21 (jsc#PED-3360, jsc#PED-3361)
    * openCryptoki 3.21
    - EP11 and CCA: Support concurrent HSM master key changes
    - CCA: protected-key option
    - pkcsslotd: no longer run as root user and further hardening
    - p11sak: Add support for additional key types (DH, DSA, generic secret)
    - p11sak: Allow wildcards in label filter
    - p11sak: Allow to specify hex value for CKA_ID attribute
    - p11sak: Support sorting when listing keys
    - p11sak: New commands: set-key-attr, copy-key to modify and copy keys
    - p11sak: New commands: import-key, export-key to import and export keys
    - Remove support for --disable-locks (transactional memory)
    - Updates to harden against RSA timing attacks
    - Bug fixes
  - Amended a new patch to fit the version 3.21
    * ocki-3.21-remove-make-install-chgrp.patch
  - Removed the old patch for the version 3.20
    * ocki-3.20-remove-make-install-chgrp.patch
* Thu Feb 16 2023 nikolay.gueorguiev@suse.com
  - Updated package to openCryptoki 3.20 (bsc#1207760,
      jsc#PED-3376, jsc#PED-2870, jsc#PED-2869 )
  - Removed the following obsolite patches:
    * ocki-3.19.0-0001-EP11-Unify-key-pair-generation-functions.patch
    * ocki-3.19.0-0002-EP11-Do-not-report-DSA-DH-parameter-generation-as-be.patch
    * ocki-3.19.0-0003-EP11-Do-not-pass-empty-CKA_PUBLIC_KEY_INFO-to-EP11-h.patch
    * ocki-3.19.0-0004-Mechtable-CKM_IBM_DILITHIUM-can-also-be-used-for-key.patch
    * ocki-3.19.0-0005-EP11-Remove-DSA-DH-parameter-generation-mechanisms-f.patch
    * ocki-3.19.0-0006-EP11-Pass-back-chain-code-for-CKM_IBM_BTC_DERIVE.patch
    * ocki-3.19.0-0007-EP11-Supply-CKA_PUBLIC_KEY_INFO-with-CKM_IBM_BTC_DER.patch
    * ocki-3.19.0-0008-EP11-Supply-CKA_PUBLIC_KEY_INFO-when-importing-priva.patch
    * ocki-3.19.0-0009-EP11-Fix-memory-leak-introduced-with-recent-commit.patch
    * ocki-3.19.0-0010-p11sak-Fix-segfault-when-dilithium-version-is-not-sp.patch
    * ocki-3.19.0-0011-EP11-remove-dead-code-and-unused-variables.patch
    * ocki-3.19.0-0012-EP11-Update-EP11-host-library-header-files.patch
    * ocki-3.19.0-0013-EP11-Support-EP11-host-library-version-4.patch
    * ocki-3.19.0-0014-EP11-Add-new-control-points.patch
    * ocki-3.19.0-0015-EP11-Default-unknown-CPs-to-ON.patch
    * ocki-3.19.0-0016-COMMON-Add-defines-for-Dilithium-round-2-and-3-varia.patch
    * ocki-3.19.0-0017-COMMON-Add-defines-for-Kyber.patch
    * ocki-3.19.0-0018-COMMON-Add-post-quantum-algorithm-OIDs.patch
    * ocki-3.19.0-0019-COMMON-Dilithium-key-BER-encoding-decoding-allow-dif.patch
    * ocki-3.19.0-0020-COMMON-EP11-Add-CKA_VALUE-holding-SPKI-PKCS-8-of-key.patch
    * ocki-3.19.0-0021-COMMON-EP11-Allow-to-select-Dilithium-variant-via-mo.patch
    * ocki-3.19.0-0022-EP11-Query-supported-PQC-variants-and-restrict-usage.patch
    * ocki-3.19.0-0023-POLICY-Dilithium-strength-and-signature-size-depends.patch
    * ocki-3.19.0-0024-TESTCASES-Test-Dilithium-variants.patch
    * ocki-3.19.0-0025-COMMON-EP11-Add-Kyber-key-type-and-mechanism.patch
    * ocki-3.19.0-0026-EP11-Add-support-for-generating-and-importing-Kyber-.patch
    * ocki-3.19.0-0027-EP11-Add-support-for-encrypt-decrypt-and-KEM-operati.patch
    * ocki-3.19.0-0028-POLICY-STATISTICS-Check-for-Kyber-KEM-KDFs-and-count.patch
    * ocki-3.19.0-0029-TESTCASES-Add-tests-for-CKM_IBM_KYBER.patch
    * ocki-3.19.0-0030-p11sak-Support-additional-Dilithium-variants.patch
    * ocki-3.19.0-0031-p11sak-Add-support-for-IBM-Kyber-key-type.patch
    * ocki-3.19.0-0032-testcase-Enhance-p11sak-testcase-to-generate-IBM-Kyb.patch
    * ocki-3.19.0-0033-EP11-Supply-CKA_PUBLIC_KEY_INFO-with-CKM_IBM_BTC_DER.patch
    * ocki-3.19.0-0034-EP11-Fix-setting-unknown-CPs-to-ON.patch
    * ocki-3.19.0-0035-Fix-compile-error-error-initializer-element-is-not-c.patch
  - Reworked ocki-3.19-remove-make-install-chgrp.patch to fit the current version of
    the package and renamed it to  ocki-3.20-remove-make-install-chgrp.patch.
* Tue Feb 07 2023 nikolay.gueorguiev@suse.com
  - Added patch for compile errors
    * ocki-3.19.0-0035-Fix-compile-error-error-initializer-element-is-not-c.patch
  -- Changed spec file to use %autosetup instead of %setup.
* Mon Feb 06 2023 nikolay.gueorguiev@suse.com
  - Updated the package openCryptoki 3.19.0 (jsc#PED-616, bsc#1207760), added the
    following patches:
    * ocki-3.19.0-0001-EP11-Unify-key-pair-generation-functions.patch
    * ocki-3.19.0-0002-EP11-Do-not-report-DSA-DH-parameter-generation-as-be.patch
    * ocki-3.19.0-0003-EP11-Do-not-pass-empty-CKA_PUBLIC_KEY_INFO-to-EP11-h.patch
    * ocki-3.19.0-0004-Mechtable-CKM_IBM_DILITHIUM-can-also-be-used-for-key.patch
    * ocki-3.19.0-0005-EP11-Remove-DSA-DH-parameter-generation-mechanisms-f.patch
    * ocki-3.19.0-0006-EP11-Pass-back-chain-code-for-CKM_IBM_BTC_DERIVE.patch
    * ocki-3.19.0-0007-EP11-Supply-CKA_PUBLIC_KEY_INFO-with-CKM_IBM_BTC_DER.patch
    * ocki-3.19.0-0008-EP11-Supply-CKA_PUBLIC_KEY_INFO-when-importing-priva.patch
    * ocki-3.19.0-0009-EP11-Fix-memory-leak-introduced-with-recent-commit.patch
    * ocki-3.19.0-0010-p11sak-Fix-segfault-when-dilithium-version-is-not-sp.patch
    * ocki-3.19.0-0011-EP11-remove-dead-code-and-unused-variables.patch
    * ocki-3.19.0-0012-EP11-Update-EP11-host-library-header-files.patch
    * ocki-3.19.0-0013-EP11-Support-EP11-host-library-version-4.patch
    * ocki-3.19.0-0014-EP11-Add-new-control-points.patch
    * ocki-3.19.0-0015-EP11-Default-unknown-CPs-to-ON.patch
    * ocki-3.19.0-0016-COMMON-Add-defines-for-Dilithium-round-2-and-3-varia.patch
    * ocki-3.19.0-0017-COMMON-Add-defines-for-Kyber.patch
    * ocki-3.19.0-0018-COMMON-Add-post-quantum-algorithm-OIDs.patch
    * ocki-3.19.0-0019-COMMON-Dilithium-key-BER-encoding-decoding-allow-dif.patch
    * ocki-3.19.0-0020-COMMON-EP11-Add-CKA_VALUE-holding-SPKI-PKCS-8-of-key.patch
    * ocki-3.19.0-0021-COMMON-EP11-Allow-to-select-Dilithium-variant-via-mo.patch
    * ocki-3.19.0-0022-EP11-Query-supported-PQC-variants-and-restrict-usage.patch
    * ocki-3.19.0-0023-POLICY-Dilithium-strength-and-signature-size-depends.patch
    * ocki-3.19.0-0024-TESTCASES-Test-Dilithium-variants.patch
    * ocki-3.19.0-0025-COMMON-EP11-Add-Kyber-key-type-and-mechanism.patch
    * ocki-3.19.0-0026-EP11-Add-support-for-generating-and-importing-Kyber-.patch
    * ocki-3.19.0-0027-EP11-Add-support-for-encrypt-decrypt-and-KEM-operati.patch
    * ocki-3.19.0-0028-POLICY-STATISTICS-Check-for-Kyber-KEM-KDFs-and-count.patch
    * ocki-3.19.0-0029-TESTCASES-Add-tests-for-CKM_IBM_KYBER.patch
    * ocki-3.19.0-0030-p11sak-Support-additional-Dilithium-variants.patch
    * ocki-3.19.0-0031-p11sak-Add-support-for-IBM-Kyber-key-type.patch
    * ocki-3.19.0-0032-testcase-Enhance-p11sak-testcase-to-generate-IBM-Kyb.patch
    * ocki-3.19.0-0033-EP11-Supply-CKA_PUBLIC_KEY_INFO-with-CKM_IBM_BTC_DER.patch
    * ocki-3.19.0-0034-EP11-Fix-setting-unknown-CPs-to-ON.patch
* Mon Nov 28 2022 mpost@suse.com
  - Updated spec file to set permissions on /etc/opencryptoki/strength.conf
    to be owned by root:pkcs11 with permissions of 640. (bsc#1205566)
* Fri Sep 30 2022 mpost@suse.com
  - Upgrade to version 3.19.0 (jsc#PED-616)
    + openCryptoki 3.19
    - CCA: check for expected master key verification patterns at token init
    - CCA: check master key verification pattern of created keys to be as expected
    - EP11: check for expected wrapping key verification pattern at token init
    - EP11: check wrapping key verification pattern of created keys to be as expected
    - p11sak/pkcsconf: display PKCS#11 URIs
    - p11sak: add support for IBM specific Dilithium keys
    - p11sak: allow to list keys filtered by label
    - common: add support for dual-function cryptographic functions
    - Add support for C_SessionCancel function (PKCS#11 v3.0)
    - EP11: add support for schnorr signatures (mechanism CKM_IBM_ECDSA_OTHER)
    - EP11: add support for Bitcoin key derivation (mechanism CKM_IBM_BTC_DERIVE)
    - Bug fixes
    + openCryptoki 3.18
    - Default to FIPS compliant token data format (tokversion = 3.12)
    - Add support for restricting usage of mechanisms and keys via a global policy
    - Add support for statistics counting of mechanism usage
    - ICA/EP11: Support libica version 4
    - p11sak tool: Allow to set different attributes for public and private keys
  - Replaced ocki-3.17-remove-make-install-chgrp.patch with an updated
    version named ocki-3.19-remove-make-install-chgrp.patch to fit
    the current state of the source.
  - Removed the following obsolete patches:
    openCryptoki-sles15-sp4-EP11-Dilithium-Specify-OID-of-key-strength-at-key-ge.patch
    openCryptoki-sles15-sp4-EP11-Fix-host-library-version-query.patch
    ocki-3.17-EP11-Fix-C_GetMechanismList-returning-CKR_BUFFER_TOO.patch
* Wed Aug 10 2022 mpost@suse.com
  - Added ocki-3.17-EP11-Fix-C_GetMechanismList-returning-CKR_BUFFER_TOO.patch
    for bsc#1202106. One test of the gen_purpose test cases fails with
    C_GetMechanismList #2 rc=CKR_BUFFER_TOO_SMALL" error on the EP11 Token.
* Thu Jun 02 2022 mpost@suse.com
  - Made the following changes for bsc#1199862 "Please install
    p11sak_defined_attrs.conf."
    * Replaced ocki-3.11-remove-make-install-chgrp.patch with
      ocki-3.17-remove-make-install-chgrp.patch to remove the
      "-g pkcs11" parameter from the install command in the Makefile
    * Updated the spec file to include
      /etc/opencryptoki/p11sak_defined_attrs.conf as a %config file
      with the necessary permissions and group ownership.
* Wed Mar 23 2022 mpost@suse.com
  - Added the following two patches for bac#1197395. The CKM_IBM_DILITHIUM
    mechanism does not show up as supported by the EP11 token when an
    upgraded EP11 host library is used.
    * openCryptoki-sles15-sp4-EP11-Dilithium-Specify-OID-of-key-strength-at-key-ge.patch
    * openCryptoki-sles15-sp4-EP11-Fix-host-library-version-query.patch
* Thu Oct 21 2021 mpost@suse.com
  - Upgraded to version 3.17.0 (jsc#SLE-18326)
    + openCryptoki 3.17
    - tools: added function to list keys to p11sak
    - common: added support for OpenSSL 3.0
    - common: added support for event notifications
    - ICA: added SW fallbacks
    * openCryptoki 3.16
    - EP11: protected-key option
    - EP11: support attribute-bound keys
    - CCA: import and export of secure key objects
    - Bug fixes
  - Removed the following obsolete patches:
    ocki-3.15.1-Added-error-message-handling-for-p11sak-remove-key-c.patch
    ocki-3.15.1-Fix-compiling-with-c.patch
    ocki-3.15.1-A-slot-ID-has-nothing-to-do-with-the-number-of-slots.patch
    ocki-3.15.1-SOFT-Fix-problem-with-C_Get-SetOperationState-and-di.patch
    ocki-3.15.1-Added-NULL-pointer-to-avoid-double-free-for-the-list.patch
    ocki-3.15.1-SOFT-Check-the-EC-Key-on-C_CreateObject-and-C_Derive.patch
    ocki-3.15.1-Fixed-p11sak-and-corresponding-test-case.patch
    ocki-3.15.1-p11sak-Fix-CKA_LABEL-handling.patch
    ocki-3.15.1-pkcstok_migrate-Quote-strings-with-spaces-in-opencry.patch
    ocki-3.15.1-pkcstok_migrate-Don-t-remove-tokversion-x.y-during-m.patch
    ocki-3.15.1-pkcstok_migrate-Fix-detection-if-pkcsslotd-is-still-.patch
    ocki-3.15.1-pkcstok_migrate-Rework-string-quoting-for-opencrypto.patch
* Thu Aug 05 2021 mpost@suse.com
  - Added the following patches for bsc#1188879:
    * ocki-3.15.1-pkcstok_migrate-Quote-strings-with-spaces-in-opencry.patch
      When modifying opencryptoki.conf during token migration, put quotes
      around strings that contain spaces, e.g. for the slot description and
      manufacturer.
    * ocki-3.15.1-pkcstok_migrate-Don-t-remove-tokversion-x.y-during-m.patch
      When migrating a slot the opencryptoki.conf file is modified. If it
      contains slots that already contain the 'tokversion = x.y' keyword,
      this is accidentally removed when migrating another slot.
    * ocki-3.15.1-pkcstok_migrate-Fix-detection-if-pkcsslotd-is-still-.patch
      Change the code to use the pid file that pkcsslotd creates, and check
      if the process with the pid contained in the pid file still exists and
      runs pkcsslotd.
    * ocki-3.15.1-pkcstok_migrate-Rework-string-quoting-for-opencrypto.patch
      Always quote the value of 'description' and 'manufacturer'. Quote the
      value of 'stdll', 'confname', and 'tokname' if it contains spaces, and
      never quote the value of 'hwversion', 'firmwareversion', and 'tokversion'.
* Tue Jun 22 2021 mpost@suse.com
  - Added the following patches for bsc#1182726 " p11sak list-key segfault"
    * ocki-3.15.1-Added-NULL-pointer-to-avoid-double-free-for-the-list.patch
      Added NULL pointer to avoid double free() for the list-key and
      remove-key commands.
    * ocki-3.15.1-Fixed-p11sak-and-corresponding-test-case.patch
      Note that two hunks that were unrelated to fixing the running
      code were removed from this patch.
    * ocki-3.15.1-p11sak-Fix-CKA_LABEL-handling.patch
* Tue Jun 15 2021 mpost@suse.com
  - Added ocki-3.15.1-SOFT-Check-the-EC-Key-on-C_CreateObject-and-C_Derive.patch
    When constructing an OpenSSL EC public or private key from PKCS#11
    attributes or ECDH public data, check that the key is valid, i.e. that
    the point is on the curve.
    (bsc#1185976)
* Tue Feb 16 2021 mpost@suse.com
  - Added ocki-3.15.1-A-slot-ID-has-nothing-to-do-with-the-number-of-slots.patch
    (bsc#1182120)
    Fix pkcscca migration fails with usr/sb2 is not a valid slot ID
  - Added ocki-3.15.1-SOFT-Fix-problem-with-C_Get-SetOperationState-and-di.patch
    (bsc#1182190)
    Fix a segmentation fault of the sess_opstate test on the Soft Token
* Mon Jan 25 2021 mpost@suse.com
  - Added the following patches for bsc#1179319
    * Fix compiling with C++:
      ocki-3.15.1-Fix-compiling-with-c.patch
    * Added error message handling for p11sak remove-key command.
      ocki-3.15.1-Added-error-message-handling-for-p11sak-remove-key-c.patch
* Thu Jan 21 2021 kukuk@suse.com
  - Don't require pwdutils for build, dropped long ago and not needed
* Wed Oct 21 2020 mpost@suse.com
  - Upgraded to version 3.15.1 (jsc#SLE-13749, jsc#SLE-13666,
    jsc#SLE-13813, jsc#SLE-13812, jsc#SLE-13723, jsc#SLE-13714,
    jsc#SLE-13715, jsc#SLE-13710, jsc#SLE-13774, jsc#SLE-13786)
    * openCryptoki 3.15.1
    - Bug fixes
    * openCryptoki 3.15.0
    - common: conform to PKCS 11 3.0 Baseline Provider profile
    - Introduce new vendor defined interface named "Vendor IBM"
    - Support C_IBM_ReencryptSingle via "Vendor IBM" interface
    - CCA: support key wrapping
    - SOFT: support ECC
    - p11sak tool: add remove-key command
    - Bug fixes
    * openCryptoki 3.14.0
    - EP11: Dilitium support stage 2
    - Common: Rework on process and thread locking
    - Common: Rework on btree and object locking
    - ICSF: minor fixes
    - TPM, ICA, ICSF: support multiple token instances
    - new tool p11sak
    * openCryptoki 3.13.0
    - EP11: Dilithium support
    - EP11: EdDSA support
    - EP11: support RSA-OAEP with non-SHA1 hash and MGF
  - Removed obsolete oki-3.12-EP11-Fix-EC-uncompress-buffer-length.patch
* Mon Jan 06 2020 mpost@suse.com
  - Added oki-3.12-EP11-Fix-EC-uncompress-buffer-length.patch (bsc#1159114)
    The EP11 token may fail to import an ECC public key. Function
    C_CreateObject returns CKR_BUFFER_TOO_SMALL in this case.
* Mon Dec 02 2019 mpost@suse.com
  - Upgraded to version 3.12.1 (bsc#1157863)
    * Fix pkcsep11_migrate tool
* Tue Nov 12 2019 mpost@suse.com
  - Upgraded to version 3.12.0 (jsc#SLE-7647, jsc#SLE-7915, jsc#SLE-7918)
    * Update token pin and data store encryption for soft,ica,cca and ep11
    * EP11: Allow importing of compressed EC public keys
    * EP11: Add support for the CMAC mechanisms
    * EP11: Add support for the IBM-SHA3 mechanisms
    * SOFT: Add AES-CMAC and 3DES-CMAC support to the soft token
    * ICA: Add AES-CMAC and 3DES-CMAC support to the ICA token
    * EP11: Add config option USE_PRANDOM
    * CCA: Use Random Number Generate Long for token_specific_rng()
    * Common rng function: Prefer /dev/prandom over /dev/urandom
    * ICA: add SHA*_RSA_PKCS_PSS mechanisms
    * Bug fixes
  - Removed obsolete ocki-3.11.1-EP11-Support-tolerated-new-crypto-cards.patch
* Thu Oct 10 2019 mpost@suse.com
  - Added ocki-3.11.1-EP11-Support-tolerated-new-crypto-cards.patch
    (bsc#1152015)
    Add support for new IBM crypto card.
* Tue Sep 03 2019 mpost@suse.com
  - Upgraded to version 3.11.1 (Fate#327837)
    Bug fixes.
  - Dropped obsolete ocki-3.11-Fix-target_list-passing-for-EP11-session.patch
* Fri Feb 15 2019 mpost@suse.com
  - Added ocki-3.11-Fix-target_list-passing-for-EP11-session.patch
    (bsc#1123988)
* Fri Nov 30 2018 jengelh@inai.de
  - Do not ignore errors from groupadd. If groupadd fails,
    installation ought not to proceed because files would have the
    wrong ownership.
* Thu Nov 29 2018 mpost@suse.com
  - Don't hide error messages from the groupadd command. To eliminate
    a potentially common one, check to see if the pkcs11 group is
    already defined before trying to add it.
  - Update the summary for the -devel package.
  - Changed several PreReq entries to Requires(pre) as a result of
    the output from spec-cleaner. Removed a couple of obsolete lines.
  - Removed obsolete check for whether systemd is in use or not.
* Fri Nov 16 2018 mpost@suse.com
  - Upgraded to version 3.11.0 (Fate#325685)
    * opencryptoki 3.11.0
      EP11 enhancements
      A lot of bug fixes
  - Reworked the ocki-3.1-remove-make-install-chgrp.patch to apply
    properly to 3.11, and renamed it to
    ocki-3.11-remove-make-install-chgrp.patch
  - Removed obsolete patch ocki-3.5-icsf-coverity-memoryleakfix.patch
* Thu Nov 15 2018 mpost@suse.com
  - Upgraded to version 3.10.0 (Fate#325685)
    * opencryptoki 3.10.0
      Add support to ECC on ICA token and to common code.
      Add SHA224 support to SOFT token.
      Improve pkcsslotd logging.
      Fix sha512_hmac_sign and rsa_x509_verify for ICA token.
      Fix tracing of session id.
      Fix and improve testcases.
      Fix spec file permission for log directory.
      Fix build warnings.
    * opencryptoki 3.9.0
      Fix token reinitialization
      Fix conditional man pages
      EP11 enhancements
      EP11 EC Key import
      Increase RSA max key length
      Fix broken links on documentation
      Define CK_FALSE and CK_TRUE macros
      Improve build flags
  - Dropped obsolete patch ocki-3.8.2-Fix-Hardware-Feature-Object-validation-and-tests.patch
  - Made multiple changes to the spec file based on spec-cleaner output.
  - Added an rpmlintrc file to squelch warnings about adding ghost
    entries for files under /var/lock/opencryptoki/
* Tue Apr 17 2018 mpost@suse.com
  - Added ocki-3.8.2-Fix-Hardware-Feature-Object-validation-and-tests.patch
    (bsc#1086678)
* Fri Mar 09 2018 mpost@suse.com
  - Re-enabled ARM architectures now that gcc6 is in SLE15. (bsc#1084617)
* Thu Nov 30 2017 mpost@suse.com
  - Upgraded to version 3.8.2 (fate#323295, bsc#1066412)
    * v3.8.2
      Update man pages.
      Improve ock_tests for parallel execution.
      Fix FindObjectsInit for hidden HW-feature.
      Fix to allow vendor defined hardware features.
      Fix unresolved symbols.
      Fix tracing.
      Code/project cleanup.
    * v3.8.1
      Fix TPM data-structure reset function.
      Fix error message when dlsym fails.
      Update configure.ac
      Update travis.
    * v3.8.0
      Multi token instance feature.
      Added possibility to run opencryptoki with transactional memory or locks
      (--enable-locks on configure step).
      Updated documentation.
      Fix segfault on ec_test.
      Bunch of small fixes.
* Wed May 31 2017 mpost@suse.com
  - Removed ARM architectures from the build list until gcc6 becomes
    available for SLES. (bsc#1039510).
* Fri May 12 2017 mpost@suse.com
  - Updated to version 3.7.0 (Fate#321451) (bsc#1036640)
    - Update example spec file
    - Performance improvement. Moving from mutexes to transactional memory.
    - Add ECDSA SHA2 support for EP11 and CCA.
    - Fix declaration of inline functions.
    - Fix wrong testcase and ber en/decoding for integers.
    - Check for 'flex' and 'YACC' on configure.
    - EP11 config file rework.
    - Add enable-debug on travis build.
    - Add testcase for C_GetOperationState/C_SetOperationState.
    - Upgrade License to CPL-1.0
    - Ica token: fix openssh/ibmpkcs11 engine/libica crash.
    - Fix segfault and logic in hardware feature test.
    - Fix spelling of documentation and manuals.
    - Fix the retrieval of p from a generated rsa key.
    - Coverity scan fixes - incompatible pointer type and unused variables.
* Tue Apr 11 2017 mpost@suse.com
  - Added libica-tools to the BuildRequires due to repackaging of libica.
* Mon Mar 20 2017 mpost@suse.com
  - Modified the spec file
    - Changed libca3-devel BuildRequires to just libica-devel
    - Check for systemd in the 32bit postun scriptlet.
* Mon Feb 20 2017 mpost@suse.com
  - Upgraded to version 3.6.2 (fate#321451)
    - Support OpenSSL-1.1.
    - Add Travis CI support.
    - Update autotools scripts and documentation.
    - Fix SegFault when a invalid session handle is passed in
      SC_EncryptUpdate and SC_DecryptUpdate.
  - Updated spec file to use libica3-devel instead of libica2-devel.
* Tue Jan 17 2017 mpost@suse.com
  - Upgraded to version 3.6.1 (fate#321451)
    - opencryptoki 3.6.1
    - Fix SOFT token implementation of digest functions.
    - Replace deprecated OpenSSL interfaces.
    - opencryptoki 3.6
    - Replace deprecated libica interfaces.
    - Performance improvement for ICA.
    - Improvement in documentation on system resources.
    - Improvement in testcases.
    - Added support for rc=8, reasoncode=2028 in icsf token.
    - Fix for session handle not set in session issue.
    - Multiple fixes for lock and log directories.
    - Downgraded a syslog error to warning.
    - Multiple fixes based on coverity scan results.
    - Added pkcs11 mapping for icsf reason code 72 for return code 8.
    - opencryptoki 3.5.1
    - Fix Illegal Intruction on pkcscca tool.
    - Removed the following obsolete patches:
    - ocki-3.5-sanity-checking.patch
    - ocki-3.5-icsf-reasoncode72-support.patch
    - ocki-3.5-downgrade-syslogerror.patch
    - ocki-3.5-icsf-sessionhandle-missing-fix.patch
    - ocki-3.5-icsf-reasoncode-2028-added.patch
    - ocki-3.5-added-NULLreturn-check.patch
    - ocki-3.5-create-missing-tpm-token-lock-directory.patch
    - ocki-3.5-fix-pkcscca-calls.patch
* Mon Oct 31 2016 jjolly@suse.com
  - Removed reference to pkcs1_startup from pkcsslotd (bsc#1007081)
* Thu Sep 01 2016 mpost@suse.com
  - Added ocki-3.5-fix-pkcscca-calls.patch (bsc#996867).
* Fri Jul 29 2016 mpost@suse.com
  - Added %doc FAQ to the spec file (bsc#991168).
* Tue Jul 19 2016 mpost@suse.com
  - Added ocki-3.5-create-missing-tpm-token-lock-directory.patch
    (bsc#989602).
* Fri Jul 08 2016 mpost@suse.com
  - Added the following patches (bsc#986854)
    - ocki-3.5-icsf-reasoncode72-support.patch
    - ocki-3.5-icsf-coverity-memoryleakfix.patch
    - ocki-3.5-downgrade-syslogerror.patch
    - ocki-3.5-icsf-sessionhandle-missing-fix.patch
    - ocki-3.5-icsf-reasoncode-2028-added.patch
    - ocki-3.5-added-NULLreturn-check.patch
* Mon Jun 13 2016 mpost@suse.com
  - Added ocki-3.5-sanity-checking.patch (bsc#983496).
  - Added %dir entry for %{_localstatedir}/log/opencryptoki/
    (bsc#983990)
* Wed May 25 2016 mpost@suse.com
  - Upgraded to openCryptoki 3.5 (bsc#978005).
    - Full Coverity scan fixes.
    - Fixes for compiler warnings.
    - Added support for C_GetObjectSize in icsf token.
    - Various bug fixes and memory leak fixes.
    - Removed global read permissions from token files
    - Added missing PKCS#11v2.2 constants.
    - Fix for symbol resolution issue seen in Fedora 22 and 23 for
      ep11 and cca tokens.
    - Improvements in socket read operation when a token comes up.
    - Replaced 32 bit CCA API declarations with latest header from
      version 5.0 libsculcca rpm.
* Thu Apr 14 2016 mpost@suse.com
  - Upgraded to openCryptoki v3.4.1 (Fate#319576, 319585, 319592, 319938).
  - Changed BuildRequires for libica_2_3_0-devel to libica2-devel.
  - Changed BuildRequires for openssl-devel to specify >= 1.0
    Contrary to what the README says, version 0.9.7 isn't
    sufficient.
  - Removed the redundant DESTDIR= parameter from the %make_install
  - Removed the following obsolete patches
    opencryptoki-run-lock.patch (/var/lock and run/lock are actually the
      same place) Also reverted the changed to openCryptoki-tmp.conf to match.
    ocki-3.1_10_0001-ica-sha-update-empty-msg.patch
    ocki-3.1-fix-implicit-decl.patch
    ocki-3.1-fix-init_d-path.patch
    ocki-3.1-fix-libica-link.patch
    ocki-3.2_01_fix-return-type-error.patch
    ocki-3.2_02_ep11-token-incorrectly-copied-the-public-key-object-.patch
    ocki-3.2_03_ICSF-Token-C_SignUpdate-was-sometimes-segfaulting-an.patch
    ocki-3.2_04_CKA_EC_POINT-is-not-required-in-the-ECDSA-private-ke.patch
    ocki-3.2_05_icsf_ldap_handles.patch
    ocki-3.2_06_icsf_sign_verify.patch
  - renamed: ocki-3.1-remove-make-install-chgrp-chmod.patch to
    ocki-3.1-remove-make-install-chgrp.patch
* Fri Nov 06 2015 jjolly@suse.com
  - Get a new ldap handle for each session opened in the icsf token,
      once the user has authenticated. (bsc#953347,LTC#130078)
    - ocki-3.2_05_icsf_ldap_handles.patch
    - ocki-3.2_06_icsf_sign_verify.patch
* Fri Oct 02 2015 jjolly@suse.com
  - Added /var/lib/opencryptoki/lite/TOK_OBJ token directory (bsc#943070)
  - Added ocki-3.2_02_ep11-token-incorrectly-copied-the-public-key-object-.patch
    - Fixed two public key object inclusion in EP11 token (bsc#946808)
  - Added ocki-3.2_03_ICSF-Token-C_SignUpdate-was-sometimes-segfaulting-an.patch
    - Fixed GPF when calling C_SignUpdate using ICFS toekn (bsc#946172)
  - Added ocki-3.2_04_CKA_EC_POINT-is-not-required-in-the-ECDSA-private-ke.patch
    - Fixed failure to import ECDSA because of lack of attribute (bsc#948114)
* Thu Aug 20 2015 jjolly@suse.com
  - Fixed BuildRequires: libica2-devel
  - Added ocki-3.2_01_fix-return-type-error.patch
  - Changing doc/README.ep11_stdll to unix-style EOL
    - Added BuildRequires: dos2unix
  - Removed globbing in %files and specified libraries to include (bsc#942162)
* Tue Aug 18 2015 jjolly@suse.com
  - Updated to openCryptoki v3.2 (FATE#318240)
  - Removed unnecessary patches:
    - ocki-3.1_01_ep11_makefile.patch
    - ocki-3.1_02_ep11_m_init.patch
    - ocki-3.1_03_ock_obj_mgr.patch
    - ocki-3.1_04_ep11_opaque2blob_error_handl.patch
    - ocki-3.1_05_ep11_readme_update.patch
    - ocki-3.1_06_0001-print_mechanism-ignored-bad-returncodes-from-the-cal.patch
    - ocki-3.1_06_0002-Fix-failure-when-confname-is-not-given-use-default-e.patch
    - ocki-3.1_06_0003-Configure-was-checking-for-the-ep11-lib-and-the-m_in.patch
    - ocki-3.1_06_0004-The-asm-zcrypt.h-header-file-uses-some-std-int-types.patch
    - ocki-3.1_06_0005-Small-reworks.patch
    - ocki-3.1_06_0006-The-31-bit-build-on-s390-showed-an-build-error-at-in.patch
    - ocki-3.1_06_0007-ep11-is-not-building-because-not-setting-with_zcrypt.patch
    - ocki-3.1_07_0001-Man-page-corrections.patch
    - ocki-3.1_08_0001-Add-a-pkcscca-tool-to-help-migrate-cca-private-token.patch
    - ocki-3.1_08_0002-Add-documentation-pkcscca-manpage-and-README.cca_std.patch
    - ocki-3.1_09_0001-Fix-EOL-encoding-in-README.patch
* Tue Apr 07 2015 crrodriguez@opensuse.org
  - Also create parent directory /run/lock/opencryptoki in
    tmpfiles snippet if it does not exists.
* Tue Apr 07 2015 crrodriguez@opensuse.org
  - spec: do not use -D__USE_BSD, a glibc-internal macro
    which no longer has any meaning.
* Tue Apr 07 2015 crrodriguez@opensuse.org
  - spec: use %{_unitdir}  %{_tmpfilesdir)
  - spec: call tmpfiles_create macro, if defined in %post
  - opencryptoki-run-lock.patch, openCryptoki-tmp.conf: use
    /run/lock instead of /var/lock.
* Wed Dec 17 2014 p.drouand@gmail.com
  - Update to version 3.2
    +New pkcscca tool. Currently it assists in migrating cca private token
    objects from opencryptoki version 2 to the clear key encryption method
    used in opencryptoki version 3. Includes a manpage for pkcscca tool.
    Changes to README.cca_stdll to assist in using the CCA token and
    migrating the private token objects.
    + Support for CKM_RSA_PKCS_OAEP and CKM_RSA_PKCS_PSS algorithms.
    + Various bugfixes.
    + New testcases for various crypto algorithms.
  - Only depend on insserv if builded with sysvinit support
  - Remove obsolete patches; merged on upstream release
    + ocki-3.1_01_ep11_makefile.patch
    + ocki-3.1_02_ep11_m_init.patch
    + ocki-3.1_03_ock_obj_mgr.patch
    + ocki-3.1_04_ep11_opaque2blob_error_handl.patch
    + ocki-3.1_05_ep11_readme_update.patch
    + ocki-3.1_06_0001-print_mechanism-ignored-bad-returncodes-from-the-cal.patch
    + ocki-3.1_06_0002-Fix-failure-when-confname-is-not-given-use-default-e.patch
    + ocki-3.1_06_0003-Configure-was-checking-for-the-ep11-lib-and-the-m_in.patch
    + ocki-3.1_06_0004-The-asm-zcrypt.h-header-file-uses-some-std-int-types.patch
    + ocki-3.1_06_0005-Small-reworks.patch
    + ocki-3.1_06_0006-The-31-bit-build-on-s390-showed-an-build-error-at-in.patch
    + ocki-3.1_06_0007-ep11-is-not-building-because-not-setting-with_zcrypt.patch
    + ocki-3.1_07_0001-Man-page-corrections.patch
    + ocki-3.1_08_0001-Add-a-pkcscca-tool-to-help-migrate-cca-private-token.patch
    + ocki-3.1_08_0002-Add-documentation-pkcscca-manpage-and-README.cca_std.patch
    + ocki-3.1_09_0001-Fix-EOL-encoding-in-README.patch
    + ocki-3.1_10_0001-ica-sha-update-empty-msg.patch
  - Project is now hosted on sourceforge; fix the Url
  - Remove cvs related stuff; tarball is produced by upstream
  - Use %configure macro instead of manually defined options
  - Build with parallel support; use %{?_smp_mflags} macro
* Fri Sep 05 2014 jjolly@suse.com
  - Fixed ica token's SHA update function when passing zero message
    size (bnc#892644)
  - Added patch ocki-3.1_10_0001-ica-sha-update-empty-msg.patch
* Fri Sep 05 2014 jjolly@suse.com
  - Fixed README.ep11_stdll to have Unix-style EOL characters.
  - Added patch ocki-3.1_09_0001-Fix-EOL-encoding-in-README.patch
* Thu Sep 04 2014 jjolly@suse.com
  - Added all files from %src/doc as rpm %doc (bnc#894780)
* Thu Sep 04 2014 jjolly@suse.com
  - Added pkcscca utility and documentation to convert private
    token objects from v2 to v3. (bnc#893757)
  - Added patches:
    - ocki-3.1_08_0001-Add-a-pkcscca-tool-to-help-migrate-cca-private-token.patch
    - ocki-3.1_08_0002-Add-documentation-pkcscca-manpage-and-README.cca_std.patch
* Thu Sep 04 2014 jjolly@suse.com
  - Fixed pkcsslotd and opencryptoki.conf man pages (bnc#889183)
  - Added patch ocki-3.1_07_0001-Man-page-corrections.patch
* Fri Aug 15 2014 sfalken@opensuse.org
  - Specfile Cleanup, Added directory macros in appropriate places
* Thu Jun 26 2014 jjolly@suse.com
  - Several package changes as per bnc#880217
    - Added openCryptoki-tmp.conf for lock directory management
    - Added 'lite' token support
    - Changed from init.d daemon to systemd service
    - Updated macros in %pre %post %preun and %postun sections
    - Added missing icsf and ep11tok directories to %files section
      ocki-3.1_01_ep11_makefile.patch
      ocki-3.1_02_ep11_m_init.patch
  - Patches added:
    ocki-3.1-fix-libica-link.patch
    ocki-3.1_03_ock_obj_mgr.patch
    ocki-3.1_04_ep11_opaque2blob_error_handl.patch
    ocki-3.1_05_ep11_readme_update.patch
    ocki-3.1_06_0001-print_mechanism-ignored-bad-returncodes-from-the-cal.patch
    ocki-3.1_06_0002-Fix-failure-when-confname-is-not-given-use-default-e.patch
    ocki-3.1_06_0003-Configure-was-checking-for-the-ep11-lib-and-the-m_in.patch
    ocki-3.1_06_0004-The-asm-zcrypt.h-header-file-uses-some-std-int-types.patch
    ocki-3.1_06_0005-Small-reworks.patch
    ocki-3.1_06_0006-The-31-bit-build-on-s390-showed-an-build-error-at-in.patch
    ocki-3.1_06_0007-ep11-is-not-building-because-not-setting-with_zcrypt.patch
* Thu Jun 05 2014 jjolly@suse.com
  - Moved libpkcs11_icsf 32-bit out of s390-specific files
* Thu Jun 05 2014 jjolly@suse.com
  - Made ep11tok.conf and pkcsep11_migrate specific to s390/s390x
  - Added libpkcs11_ep11.so and libpkcs11_icsf.so to 32-bit s390/s390x
* Thu Jun 05 2014 jjolly@suse.com
  - EP11 token available in the opencryptoki V3.1 package  (bnc#879303)
    - Specfile changed to include ep11tok.conf
    - Specfile changed to include pkcsep11_migrate and pkcsicsf tools
    - Specfile changed to BuildRequires openldap2-devel
    - ocki-3.1_06_0001-print_mechanism-ignored-bad-returncodes-from-the-cal.patch
    - print_mechanism() ignored bad returncodes from the called
      function token_specific_get_mechanism_list()
    - ocki-3.1_06_0002-Fix-failure-when-confname-is-not-given-use-default-e.patch
    - Fix failure when confname is not given, use default
      ep11tok.conf instead
    - ocki-3.1_06_0003-Configure-was-checking-for-the-ep11-lib-and-the-m_in.patch
    - Removed check for ep11 lib at configure
    - ocki-3.1_06_0004-The-asm-zcrypt.h-header-file-uses-some-std-int-types.patch
    - Move stdint.h before zcrypt.h to resolve dependencies
    - ocki-3.1_06_0005-Small-reworks.patch
    - testcase fixes and file permission changes
    - ocki-3.1_06_0006-The-31-bit-build-on-s390-showed-an-build-error-at-in.patch
    - Fix for s390 31-bit build error
    - ocki-3.1_06_0007-ep11-is-not-building-because-not-setting-with_zcrypt.patch
    - zcrypt library included in build by default
* Fri Mar 07 2014 jjolly@suse.com
  - Patches applied (bnc#865549)
    - Fixed Makefile to complement common code dependencies
    - switched to official m_init() function based on library change
    - checking the global token object count
    - catch the return code from object_mgr_find_in_map1
    - some README updates about usage and restrictions
* Wed Mar 05 2014 ro@suse.de
  - fix build on x86 (add CCA and TPM to filelist)
  - fix libica detection on s390/s390x to get ICA module built
* Tue Feb 04 2014 jjolly@suse.com
  - Updated to openCryptoki v3.1: See ChangeLog for complete details
    (FATE#315426)
    - opencryptoki-3.1
    - New ep11 token to support IBM Crypto Express adpaters
      (starting with Crypto Express 4S adapters) configured with
      Enterprise PKCS#11(EP11) firmware. (FATE#315330)
    - opencryptoki-3.0
    - New opencryptoki.conf file to replace pk_config_data and
      pkcs11_starup.  The opencryptoki.conf contains slot entry
      information for tokens.
    - Removed pkcs_slot and pkcs11_startup shell scripts.
    - ICA token supports CKM_DES_OFB64, CKM_DES_CFB8, CKM_DES_CFB6
      mechanisms using 3DES keys. (FATE#315323)
    - ICA token supports CKM_DES3_MAC and CKM_DES3_MAC_GENERAL
      mechanisms. (FATE#315323)
    - ICA token supports CKM_AES_OFB, CKM_AES_CFB8, CKM_AES_CFB64,
      CKM_AES_CFB128, CKM_AES_MAC, and CKM_AES_MAC_GENERAL
      mechanisms. (FATE#315323)
    - opencryptoki-2.4.1 (21 Feb 2012)
    - SHA256 support added for CCA token (FATE#315289)
  - Using insserv macros in %post, %preun and %postun sections
  - Cleaned up spec file
  - removed patches:
    - ocki-2.2.6-PIN-backspace.patch
  - added patches:
    - ocki-3.1-fix-implicit-decl.patch
    - ocki-3.1-remove-make-install-chgrp-chmod.patch
    - ocki-3.1-fix-init_d-path.patch
* Tue Feb 04 2014 ro@suse.de
  - add aarch64 to 64bit archs
* Tue Dec 10 2013 dvaleev@suse.com
  - enable ppc64le
* Sat Dec 08 2012 meissner@suse.com
  - remove -o from groupadd
  - fixed sed script to not a grouplist with leading ,
* Sun Nov 27 2011 coolo@suse.com
  - don't package man pages twice
* Sun Nov 27 2011 coolo@suse.com
  - add libtool as buildrequire to avoid implicit dependency
* Mon Sep 27 2010 meissner@suse.de
  - enable TPM support (bnc#641919)
* Fri Feb 20 2009 jjolly@suse.de
  - pkcsslotd: Updated to use new pidfile location (bnc#475800)
* Fri Jan 23 2009 jjolly@suse.de
  - Added fix to allow backspacing during PIN entry (bnc#448089)
* Fri Jan 23 2009 olh@suse.de
  - run ldconfig in postinstall [bnc#417925]
* Tue Dec 09 2008 kukuk@suse.de
  - Enable build on x86_64 [bnc#417925]
* Thu Nov 06 2008 jjolly@suse.de
  - Overhaul of the specfile.  All platforms build the base package
    and each architecture builds the appropriate 32 or 64 bit package
* Fri Sep 12 2008 jjolly@suse.de
  - Updated to openCryptoki v2.2.6
* Thu Aug 28 2008 ro@suse.de
  - fix init script
* Thu Mar 29 2007 ro@suse.de
  - added pwdutils to buildreq
* Fri Oct 20 2006 ro@suse.de
  - fix missing return values from non-void funcs
* Fri Apr 21 2006 uli@suse.de
  - pkcsslotd: create PID file in the right place, delete it on
    exit (bug #164664)
* Tue Apr 11 2006 uli@suse.de
  - added 64-bit patches from IBM (bug #145666)
* Mon Apr 10 2006 uli@suse.de
  - added small change missing from patch for bug #156651
* Mon Apr 03 2006 uli@suse.de
  - fixed location of pkcs11_startup in init script (bug #162372)
* Mon Mar 13 2006 uli@suse.de
  - fixed proc_t structure mixup (bug #156651)
* Thu Mar 09 2006 uli@suse.de
  - initialize head pointer (bug #156229)
* Mon Mar 06 2006 uli@suse.de
  - %ghost symlinks that are generated in %post (bug #154961)
* Thu Feb 02 2006 uli@suse.de
  - stuffed memleak (patch by IBM, bug #147036)
* Wed Feb 01 2006 uli@suse.de
  - changed RPM layout to meet IBM's demands (based on patch by IBM,
    bug #145666)
  - removed mmap, per-user data store support (patch by IBM, bug
    [#145666])
* Wed Jan 25 2006 mls@suse.de
  - converted neededforbuild to BuildRequires
* Thu Jan 12 2006 hare@suse.de
  - Update to 2.2.2-rc2
* Wed Jan 11 2006 hare@suse.de
  - Update to 2.2.1-rc2
  - Fixed build errors
  - Cleaned up spec file.
* Wed Dec 14 2005 ro@suse.de
  - copy TFAQ to build directory (fix build)
* Mon Dec 12 2005 hare@suse.de
  - Update to 2.1.6-rc5.
  - Port fixes from SLES9 SP3.
* Tue Nov 15 2005 uli@suse.de
  - enabled for ARM
* Thu Feb 17 2005 od@suse.de
  - fix #50050:
    - ./configure.in: wrong test against $host makes ppc(64) miss
    - DPKCS64 in CFLAGS
    - corrected: S390 flag was set for ppc in this conditional
* Mon Aug 16 2004 ro@suse.de
  - run full autoreconf / simplify specfile a little
* Tue Apr 27 2004 hare@suse.de
  - Print correct error message (#37427 again).
* Fri Apr 23 2004 hare@suse.de
  - Check for the correct module on startup (#37427)
* Sun Apr 18 2004 olh@suse.de
  - update to openCryptoki-2.1.5, ppc64 version (#39026)
* Wed Feb 18 2004 ro@suse.de
  - adapt filelist on ppc
* Thu Feb 12 2004 kukuk@suse.de
  - Fix owner/group of files/directories
* Fri Dec 05 2003 ro@suse.de
  - no need to specify "root" as supplementary group for root,
    it's already primary
* Wed Jul 30 2003 hare@suse.de
  - Update to openCryptoki-2.1.3
  - Fixed configure errors.
* Mon Jun 23 2003 ro@suse.de
  - added directories to filelist
* Tue Jun 03 2003 ro@suse.de
  - remove CVS subdirs
  - remove unpackaged files from buildroot
* Thu Nov 21 2002 ro@suse.de
  - removed duplicates from configure.in
* Tue Oct 01 2002 froh@suse.de
  - exclude ppc64 from the architectures, the package is built for.
    64bit mode is not supported by IBM yet; dlopen wrappers are also
    missing 64bit filename handling. (#20380)
  - actually compress the openCryptoki-1.4*.tar.bz2
* Tue Sep 24 2002 ro@suse.de
  - make it even build ...
* Tue Sep 24 2002 froh@suse.de
  - make openCryptoki-XXbit PreReq: openCryptoki to enforce pkcs11 group
    creation before package installation (#20079)
  - correct version number (the patch actiually lifts openCryptoki to 1.5)
  - fix groupadd call to no longer silently ignore errors in all cases
    using (hopefully) posix exit codes.  alternative would be to use
    undocumented '-f' option of groupadd.
* Fri Sep 20 2002 froh@suse.de
  - add user root to group pkcs11 to enable root to administrate the
    crypto hardware support (#19566)
* Mon Aug 26 2002 okir@suse.de
  - misc security fixes (#18377)
* Fri Aug 23 2002 froh@suse.de
  - replaced openCryptoki-tools with openCryptoki-32bit and
    openCryptoki-64bit
* Thu Aug 22 2002 froh@suse.de
  - moved dlopen objects that are available for non-x86 out of the
    ifarch ix86
  - moved postun to tools subpackge (which contains the daemon)
  - removed include files.  no development support for now.
  - replaced %%ix86, etc by appropriate generic %%openCryptoki_tools_arch
    and %%openCryptoki_no_tools_arch
* Wed Aug 21 2002 ro@suse.de
  - replaced all i386 occurrences with %ix86
  - changed filelist to what's really built
* Tue Aug 20 2002 froh@suse.de
  - split package to openCryptoki and openCryptoki-tools to allow
    parallel installation of 32bit tools with 64bit dlopen objects for
    foreign middleware.
  - removed automatical insserv on install, because the package needs
    manual configuration (#18031)
* Mon Aug 12 2002 froh@suse.de
  - added missing %post before insserv (Bug #17600)
* Fri Aug 09 2002 kukuk@suse.de
  - Fix path in PreReq.
* Wed Aug 07 2002 froh@suse.de
  - add groupadd pkcs11 in %pre install
* Mon Jul 29 2002 froh@suse.de
  - updated to current version
  - removed old START_ variable
* Thu Jun 13 2002 ro@suse.de
  - always use macros when calling insserv
* Tue Apr 09 2002 bk@suse.de
  - add lib64 support
* Tue Feb 05 2002 froh@suse.de
  - Added openssl to #neededforbuild, which is needed in addition to
    openssl-devel
* Wed Jan 30 2002 froh@suse.de
  - initial version

Files

/usr/include/opencryptoki
/usr/include/opencryptoki/apiclient.h
/usr/include/opencryptoki/ec_curves.h
/usr/include/opencryptoki/pkcs11.h
/usr/include/opencryptoki/pkcs11types.h
/usr/include/opencryptoki/pqc_oids.h
/usr/lib64/opencryptoki
/usr/lib64/opencryptoki/stdll
/usr/lib64/pkgconfig/opencryptoki.pc
/usr/sbin/pkcshsm_mk_change


Generated by rpm2html 1.8.1

Fabrice Bellet, Mon Sep 16 00:17:41 2024