-
opencryptoki (3.23.0+dfsg-0ubuntu3) noble; urgency=medium
* No-change rebuild for CVE-2024-3094
-- Steve Langasek <email address hidden> Sun, 31 Mar 2024 20:23:07 +0000
-
opencryptoki (3.23.0+dfsg-0ubuntu2) noble; urgency=medium
* No-change rebuild against libssl3t64
-- Steve Langasek <email address hidden> Mon, 04 Mar 2024 20:29:43 +0000
-
opencryptoki (3.23.0+dfsg-0ubuntu1) noble; urgency=medium
* New upstream release (LP: #2050014)
- Solves 'EP11 token support for FIPS 2021-session bound EP11 keys'.
- Adjust d/p/01-disable-testcases.patch due to changed context.
- Add 'Pre-Depends: ${misc:Pre-Depends}' to d/control to fix
lintian warning 'skip-systemd-native-flag-missing-pre-depends'.
-- Frank Heimes <email address hidden> Thu, 15 Feb 2024 11:31:50 +0100
-
opencryptoki (3.22.0+dfsg-0ubuntu1) noble; urgency=medium
* New upstream release (LP: #2050023), incl. support for:
- CCA token: PKCS #11 3.0 supporting AES_XTS (LP: #2025924)
- Adjust d/p/01-disable-testcases.patch due to slightly changed context.
- Refresh d/p/03-dlopen-soname.patch due to fuzz.
- Remove the following patches, since they are all incl. in upstream 3.22:
- d/p/lp-2026732-common-Correctly-set-default-attributes-for-*.patch
- d/p/lp-2026732-p11sak-Fix-user-confirmation-prompt-behavior-*.patch
- d/p/lp-2026732-pkcsstats-Fix-handling-of-user-name.patch
- d/p/lp-2026732-p11sak-fix-length-handling-when-importing-and-*.patch
- d/p/lp-2026732-p11sak-Fix-listing-of-key-objects-when-other-*.patch
- d/p/lp-2026732-p11sak-Fix-parsing-of-slot-number-0.patch
* Update 'Standards-Version' in d/control from 4.6.1.0 to latest 4.6.2.
* Change 'Forwarded' field from "no" or "not-needed" in
d/p/lp-1982842-move-pkcs11-group-assigment-from-makefile-to-postinst.patch.
-- Frank Heimes <email address hidden> Fri, 02 Feb 2024 16:15:29 +0100
-
opencryptoki (3.21.0+dfsg-0ubuntu2) noble; urgency=medium
* Fix opencryptoki package install issue (LP: #2039783)
- Remove d/opencryptoki.tmpfile since upstream opencryptoki.conf
from build output should be used.
- Leave the handling of non-persistent file and folders
(like /run/opencryptoki/ and /var/lock/opencryptoki) entirely
to systemd-tmpfiles and tmpfiles.d/opencryptoki.conf, means:
- remove them from d/openstack.dirs
- and instead call systemd-tmpfiles in d/openstack.postinst
- this also allows to consolidate and remove commands from postinst
- Ensure that pkcs11 is a supplementary group for root.
- Modify d/opencryptoki.postrm and remove pkcsslotd user before
removing pkcs11 group (otherwise it'll never be empty).
- Remove obsolete Depends on lsb-base to avoid a lintian error report.
-- Frank Heimes <email address hidden> Fri, 01 Dec 2023 16:32:47 +0100
-
opencryptoki (3.21.0+dfsg-0ubuntu1) mantic; urgency=medium
* New upstream release (LP: #2026732), incl. support for:
- concurrent MK rotation for ep11 token (LP: #2025917)
- concurrent MK rotation for cca token (LP: #2025926)
- cca token: protected key support (LP: #2025923)
- pkcsslotd hardening (LP: #2025922)
Required modifications:
- add libcap-dev to Build-Depends
- adjust and refresh d/p/01-disable-testcases.patch due to changed context
- adjust and refresh d/p/04-pkcsslotd-cmdline-args.patch due to changed
context and fuzz
- adjust, expand and refresh
d/p/lp-1982842-move-pkcs11-group-assigment-from-makefile-to-postinst.patch
due to changed context and changes around pkcsslotd, which req. folders
added to d/opencryptoki.dirs and modifications in d/opencryptoki.postinst
and d/opencryptoki.postrm to work properly.
Fix selected issues on top of v3.21 and add:
- d/p/lp-2026732-common-Correctly-set-default-attributes-for-certific.patch
- d/p/lp-2026732-p11sak-Fix-user-confirmation-prompt-behavior-when-st.patch
- d/p/lp-2026732-pkcsstats-Fix-handling-of-user-name.patch
- d/p/lp-2026732-p11sak-fix-length-handling-when-importing-and-export.patch
- d/p/lp-2026732-p11sak-Fix-listing-of-key-objects-when-other-object-.patch
- d/p/lp-2026732-p11sak-Fix-parsing-of-slot-number-0.patch
* According to LP: #2022088 comment #4, revert d/rules, d/triggers
d/libopencryptoki0.{install,links} back, but do not instead add
d/p/lp-2022088-fix-p11sak-failure-to-find-libopencryptoki.so.patch
to fix 'failure that p11sak is not able to find libopencryptoki',
since the p11sak code was refactored and changed significantly in v3.21.
To fix this now expand d/p/03-dlopen-soname.patch with hunks for
usr/sbin/p11sak/p11sak.h, usr/sbin/pkcshsm_mk_change/pkcshsm_mk_change.c,
usr/sbin/pkcsstats/pkcsstats.c, testcases/common/common.c and
testcases/policy/policytest.c
* d/libopencryptoki0.links{.s390x} Merge files, since the content of the
s390x version of this file applies to all platforms.
* d/*: changes due to wrap-and-sort run
-- Frank Heimes <email address hidden> Fri, 07 Jul 2023 12:15:35 +0200