[ubuntu/mantic-proposed] opencryptoki 3.21.0+dfsg-0ubuntu1 (Accepted)
Frank Heimes
frank.heimes at canonical.com
Mon Jul 24 16:56:14 UTC 2023
opencryptoki (3.21.0+dfsg-0ubuntu1) mantic; urgency=medium
* New upstream release (LP: #2026732), incl. support for:
- concurrent MK rotation for ep11 token (LP: #2025917)
- concurrent MK rotation for cca token (LP: #2025926)
- cca token: protected key support (LP: #2025923)
- pkcsslotd hardening (LP: #2025922)
Required modifications:
- add libcap-dev to Build-Depends
- adjust and refresh d/p/01-disable-testcases.patch due to changed context
- adjust and refresh d/p/04-pkcsslotd-cmdline-args.patch due to changed
context and fuzz
- adjust, expand and refresh
d/p/lp-1982842-move-pkcs11-group-assigment-from-makefile-to-postinst.patch
due to changed context and changes around pkcsslotd, which req. folders
added to d/opencryptoki.dirs and modifications in d/opencryptoki.postinst
and d/opencryptoki.postrm to work properly.
Fix selected issues on top of v3.21 and add:
- d/p/lp-2026732-common-Correctly-set-default-attributes-for-certific.patch
- d/p/lp-2026732-p11sak-Fix-user-confirmation-prompt-behavior-when-st.patch
- d/p/lp-2026732-pkcsstats-Fix-handling-of-user-name.patch
- d/p/lp-2026732-p11sak-fix-length-handling-when-importing-and-export.patch
- d/p/lp-2026732-p11sak-Fix-listing-of-key-objects-when-other-object-.patch
- d/p/lp-2026732-p11sak-Fix-parsing-of-slot-number-0.patch
* According to LP: #2022088 comment #4, revert d/rules, d/triggers
d/libopencryptoki0.{install,links} back, but do not instead add
d/p/lp-2022088-fix-p11sak-failure-to-find-libopencryptoki.so.patch
to fix 'failure that p11sak is not able to find libopencryptoki',
since the p11sak code was refactored and changed significantly in v3.21.
To fix this now expand d/p/03-dlopen-soname.patch with hunks for
usr/sbin/p11sak/p11sak.h, usr/sbin/pkcshsm_mk_change/pkcshsm_mk_change.c,
usr/sbin/pkcsstats/pkcsstats.c, testcases/common/common.c and
testcases/policy/policytest.c
* d/libopencryptoki0.links{.s390x} Merge files, since the content of the
s390x version of this file applies to all platforms.
* d/*: changes due to wrap-and-sort run
Date: Fri, 07 Jul 2023 12:15:35 +0200
Changed-By: Frank Heimes <frank.heimes at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/opencryptoki/3.21.0+dfsg-0ubuntu1
-------------- next part --------------
Format: 1.8
Date: Fri, 07 Jul 2023 12:15:35 +0200
Source: opencryptoki
Architecture: source
Version: 3.21.0+dfsg-0ubuntu1
Distribution: mantic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Frank Heimes <frank.heimes at canonical.com>
Launchpad-Bugs-Fixed: 2022088 2025917 2025922 2025923 2025926 2026732
Changes:
opencryptoki (3.21.0+dfsg-0ubuntu1) mantic; urgency=medium
.
* New upstream release (LP: #2026732), incl. support for:
- concurrent MK rotation for ep11 token (LP: #2025917)
- concurrent MK rotation for cca token (LP: #2025926)
- cca token: protected key support (LP: #2025923)
- pkcsslotd hardening (LP: #2025922)
Required modifications:
- add libcap-dev to Build-Depends
- adjust and refresh d/p/01-disable-testcases.patch due to changed context
- adjust and refresh d/p/04-pkcsslotd-cmdline-args.patch due to changed
context and fuzz
- adjust, expand and refresh
d/p/lp-1982842-move-pkcs11-group-assigment-from-makefile-to-postinst.patch
due to changed context and changes around pkcsslotd, which req. folders
added to d/opencryptoki.dirs and modifications in d/opencryptoki.postinst
and d/opencryptoki.postrm to work properly.
Fix selected issues on top of v3.21 and add:
- d/p/lp-2026732-common-Correctly-set-default-attributes-for-certific.patch
- d/p/lp-2026732-p11sak-Fix-user-confirmation-prompt-behavior-when-st.patch
- d/p/lp-2026732-pkcsstats-Fix-handling-of-user-name.patch
- d/p/lp-2026732-p11sak-fix-length-handling-when-importing-and-export.patch
- d/p/lp-2026732-p11sak-Fix-listing-of-key-objects-when-other-object-.patch
- d/p/lp-2026732-p11sak-Fix-parsing-of-slot-number-0.patch
* According to LP: #2022088 comment #4, revert d/rules, d/triggers
d/libopencryptoki0.{install,links} back, but do not instead add
d/p/lp-2022088-fix-p11sak-failure-to-find-libopencryptoki.so.patch
to fix 'failure that p11sak is not able to find libopencryptoki',
since the p11sak code was refactored and changed significantly in v3.21.
To fix this now expand d/p/03-dlopen-soname.patch with hunks for
usr/sbin/p11sak/p11sak.h, usr/sbin/pkcshsm_mk_change/pkcshsm_mk_change.c,
usr/sbin/pkcsstats/pkcsstats.c, testcases/common/common.c and
testcases/policy/policytest.c
* d/libopencryptoki0.links{.s390x} Merge files, since the content of the
s390x version of this file applies to all platforms.
* d/*: changes due to wrap-and-sort run
Checksums-Sha1:
1b882d69d320ac604d4f1272ed5db7aa2c1489c8 1857 opencryptoki_3.21.0+dfsg-0ubuntu1.dsc
5c62a4bd17e3dc07080f3eef59244c328a9ed928 1117352 opencryptoki_3.21.0+dfsg.orig.tar.xz
9630694e97473d6052c407996f193958f650d3d0 22988 opencryptoki_3.21.0+dfsg-0ubuntu1.debian.tar.xz
346dd984f414cccaa9ade51fd39f9e85c3e9e8f7 6627 opencryptoki_3.21.0+dfsg-0ubuntu1_source.buildinfo
Checksums-Sha256:
eb31cc4cc23d524de5ad4df77cc77e0a6c3bc83894a99002d65d8ee9b688f75c 1857 opencryptoki_3.21.0+dfsg-0ubuntu1.dsc
50ce50ce26d731cde80bcaea100e60426ff6cbae644fd1b0e7dee570cd7d80ea 1117352 opencryptoki_3.21.0+dfsg.orig.tar.xz
67daa8d1a4230bb8f0ec1650edf5a1d4eabb75323d4592f1254d72917ee5cee3 22988 opencryptoki_3.21.0+dfsg-0ubuntu1.debian.tar.xz
6381aaf89e2f08bf3c1f42a00793d2d9e378ce47f494da82f3ddcf1ac92b7f91 6627 opencryptoki_3.21.0+dfsg-0ubuntu1_source.buildinfo
Files:
d4a1f9094eba8de91d044daee5fafb7d 1857 admin optional opencryptoki_3.21.0+dfsg-0ubuntu1.dsc
e10de53a40ec88d1d5d8be7cfca05a57 1117352 admin optional opencryptoki_3.21.0+dfsg.orig.tar.xz
1e21d0b8e69adc19f76233be738dd6aa 22988 admin optional opencryptoki_3.21.0+dfsg-0ubuntu1.debian.tar.xz
3dee5b47917384b902c690bc20f02bf1 6627 admin optional opencryptoki_3.21.0+dfsg-0ubuntu1_source.buildinfo
Original-Maintainer: Paulo Vital <pvital at gmail.com>
More information about the mantic-changes
mailing list