Change logs for opencryptoki source package in Noble

opencryptoki (3.23.0+dfsg-0ubuntu3) noble; urgency=medium

  * No-change rebuild for CVE-2024-3094

 -- Steve Langasek <email address hidden>  Sun, 31 Mar 2024 20:23:07 +0000

opencryptoki (3.23.0+dfsg-0ubuntu2) noble; urgency=medium

  * No-change rebuild against libssl3t64

 -- Steve Langasek <email address hidden>  Mon, 04 Mar 2024 20:29:43 +0000

opencryptoki (3.23.0+dfsg-0ubuntu1) noble; urgency=medium

  * New upstream release (LP: #2050014)
    - Solves 'EP11 token support for FIPS 2021-session bound EP11 keys'.
    - Adjust d/p/01-disable-testcases.patch due to changed context.
    - Add 'Pre-Depends: ${misc:Pre-Depends}' to d/control to fix
      lintian warning 'skip-systemd-native-flag-missing-pre-depends'.

 -- Frank Heimes <email address hidden>  Thu, 15 Feb 2024 11:31:50 +0100

opencryptoki (3.22.0+dfsg-0ubuntu1) noble; urgency=medium

  * New upstream release (LP: #2050023), incl. support for:
    - CCA token: PKCS #11 3.0 supporting AES_XTS (LP: #2025924)
    - Adjust d/p/01-disable-testcases.patch due to slightly changed context.
    - Refresh d/p/03-dlopen-soname.patch due to fuzz.
    - Remove the following patches, since they are all incl. in upstream 3.22:
      - d/p/lp-2026732-common-Correctly-set-default-attributes-for-*.patch
      - d/p/lp-2026732-p11sak-Fix-user-confirmation-prompt-behavior-*.patch
      - d/p/lp-2026732-pkcsstats-Fix-handling-of-user-name.patch
      - d/p/lp-2026732-p11sak-fix-length-handling-when-importing-and-*.patch
      - d/p/lp-2026732-p11sak-Fix-listing-of-key-objects-when-other-*.patch
      - d/p/lp-2026732-p11sak-Fix-parsing-of-slot-number-0.patch
  * Update 'Standards-Version' in d/control from 4.6.1.0 to latest 4.6.2.
  * Change 'Forwarded' field from "no" or "not-needed" in
    d/p/lp-1982842-move-pkcs11-group-assigment-from-makefile-to-postinst.patch.

 -- Frank Heimes <email address hidden>  Fri, 02 Feb 2024 16:15:29 +0100

opencryptoki (3.21.0+dfsg-0ubuntu2) noble; urgency=medium

  * Fix opencryptoki package install issue (LP: #2039783)
    - Remove d/opencryptoki.tmpfile since upstream opencryptoki.conf
      from build output should be used.
    - Leave the handling of non-persistent file and folders
      (like /run/opencryptoki/ and /var/lock/opencryptoki) entirely
      to systemd-tmpfiles and tmpfiles.d/opencryptoki.conf, means:
      - remove them from d/openstack.dirs
      - and instead call systemd-tmpfiles in d/openstack.postinst
      - this also allows to consolidate and remove commands from postinst
    - Ensure that pkcs11 is a supplementary group for root.
    - Modify d/opencryptoki.postrm and remove pkcsslotd user before
      removing pkcs11 group (otherwise it'll never be empty).
    - Remove obsolete Depends on lsb-base to avoid a lintian error report.

 -- Frank Heimes <email address hidden>  Fri, 01 Dec 2023 16:32:47 +0100

opencryptoki (3.21.0+dfsg-0ubuntu1) mantic; urgency=medium

  * New upstream release (LP: #2026732), incl. support for:
    - concurrent MK rotation for ep11 token (LP: #2025917)
    - concurrent MK rotation for cca token (LP: #2025926)
    - cca token: protected key support (LP: #2025923)
    - pkcsslotd hardening (LP: #2025922)
    Required modifications:
    - add libcap-dev to Build-Depends
    - adjust and refresh d/p/01-disable-testcases.patch due to changed context
    - adjust and refresh d/p/04-pkcsslotd-cmdline-args.patch due to changed
      context and fuzz
    - adjust, expand and refresh
      d/p/lp-1982842-move-pkcs11-group-assigment-from-makefile-to-postinst.patch
      due to changed context and changes around pkcsslotd, which req. folders
      added to d/opencryptoki.dirs and modifications in d/opencryptoki.postinst
      and d/opencryptoki.postrm to work properly.
    Fix selected issues on top of v3.21 and add:
    - d/p/lp-2026732-common-Correctly-set-default-attributes-for-certific.patch
    - d/p/lp-2026732-p11sak-Fix-user-confirmation-prompt-behavior-when-st.patch
    - d/p/lp-2026732-pkcsstats-Fix-handling-of-user-name.patch
    - d/p/lp-2026732-p11sak-fix-length-handling-when-importing-and-export.patch
    - d/p/lp-2026732-p11sak-Fix-listing-of-key-objects-when-other-object-.patch
    - d/p/lp-2026732-p11sak-Fix-parsing-of-slot-number-0.patch
  * According to LP: #2022088 comment #4, revert d/rules, d/triggers
    d/libopencryptoki0.{install,links} back, but do not instead add
    d/p/lp-2022088-fix-p11sak-failure-to-find-libopencryptoki.so.patch
    to fix 'failure that p11sak is not able to find libopencryptoki',
    since the p11sak code was refactored and changed significantly in v3.21.
    To fix this now expand d/p/03-dlopen-soname.patch with hunks for
    usr/sbin/p11sak/p11sak.h, usr/sbin/pkcshsm_mk_change/pkcshsm_mk_change.c,
    usr/sbin/pkcsstats/pkcsstats.c, testcases/common/common.c and
    testcases/policy/policytest.c
  * d/libopencryptoki0.links{.s390x} Merge files, since the content of the
    s390x version of this file applies to all platforms.
  * d/*: changes due to wrap-and-sort run

 -- Frank Heimes <email address hidden>  Fri, 07 Jul 2023 12:15:35 +0200