openCryptoki-3.15.1-150300.5.12.1<>,bp9|e'q֬,+Q5af\&!@.q1 `4n'p^GI4']"y"I=*!OvPοN19U.onN׿?堌Q"0n옉C`wbZ'g(h_+7sͿd>F~8?~(d $ qlp| !'  T3 3 3 3 3 k3 3t3s33! <!#!(#U8#\,9$ ,:&,=i>i?i@iFiGj3Hj3Ik3XkYk\l(3]l3^obqVcqdrerfrlrur3vspw{3x{3y|Ez}}}}~$CopenCryptoki3.15.1150300.5.12.1An Implementation of PKCS#11 (Cryptoki) v2.11 for IBM Cryptographic HardwareThe PKCS#11 version 2.11 API implemented for the IBM cryptographic cards. This package includes support for the IBM 4758 cryptographic coprocessor (with the PKCS#11 firmware loaded) and the IBM eServer Cryptographic Accelerator (FC 4960 on pSeries).bs390zl36 U4SUSE Linux Enterprise 15SUSE LLC CPL-1.0https://www.suse.com/Productivity/Securityhttps://github.com/opencryptoki/opencryptokilinuxs390x if [ -x /usr/bin/systemctl ]; then test -n "$FIRST_ARG" || FIRST_ARG="$1" [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : for service in pkcsslotd.service ; do sysv_service=${service%.*} if [ ! -e /usr/lib/systemd/system/$service ] && [ ! -e /etc/init.d/$sysv_service ]; then mkdir -p /run/systemd/rpm/needs-preset touch /run/systemd/rpm/needs-preset/$service elif [ -e /etc/init.d/$sysv_service ] && [ ! -e /var/lib/systemd/migrated/$sysv_service ]; then /usr/sbin/systemd-sysv-convert --save $sysv_service || : mkdir -p /run/systemd/rpm/needs-sysv-convert touch /run/systemd/rpm/needs-sysv-convert/$service fi done fi # autobuild:/work/cd/lib/misc/group # openCryptoki pkcs11:x:64: /usr/sbin/groupadd -g 64 -r pkcs11 2>/dev/null || true /usr/sbin/usermod -a -G pkcs11 root# Symlink from /var/lib/opencryptoki to /etc/pkcs11 if [ ! -L /etc/pkcs11 ] ; then if [ -e /etc/pkcs11/pk_config_data ] ; then mv /etc/pkcs11/* /var/lib/opencryptoki cd /etc && rm -rf pkcs11 && \ ln -sf /var/lib/opencryptoki pkcs11 fi fi /sbin/ldconfig [ -z "${TRANSACTIONAL_UPDATE}" -a -x /usr/bin/systemd-tmpfiles ] && /usr/bin/systemd-tmpfiles --create /usr/lib/tmpfiles.d/opencryptoki.conf || : if [ -x /usr/bin/systemctl ]; then test -n "$FIRST_ARG" || FIRST_ARG="$1" [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : if [ "$YAST_IS_RUNNING" != "instsys" ]; then /usr/bin/systemctl daemon-reload || : fi for service in pkcsslotd.service ; do sysv_service=${service%.*} if [ -e /run/systemd/rpm/needs-preset/$service ]; then /usr/bin/systemctl preset $service || : rm "/run/systemd/rpm/needs-preset/$service" || : elif [ -e /run/systemd/rpm/needs-sysv-convert/$service ]; then /usr/sbin/systemd-sysv-convert --apply $sysv_service || : rm "/run/systemd/rpm/needs-sysv-convert/$service" || : touch /var/lib/systemd/migrated/$sysv_service || : fi done fi test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ "$FIRST_ARG" -eq 0 -a -x /usr/bin/systemctl ]; then # Package removal, not upgrade /usr/bin/systemctl --no-reload disable pkcsslotd.service || : ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_STOP_ON_REMOVAL" && . /etc/sysconfig/services test "$DISABLE_STOP_ON_REMOVAL" = yes -o \ "$DISABLE_STOP_ON_REMOVAL" = 1 && exit 0 /usr/bin/systemctl stop pkcsslotd.service ) || : fiif [ -L /etc/pkcs11 ] ; then rm /etc/pkcs11 fi test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ $1 -eq 0 ]; then # Package removal for service in pkcsslotd.service ; do sysv_service="${service%.*}" rm "/var/lib/systemd/migrated/$sysv_service" || : done fi if [ -x /usr/bin/systemctl ]; then /usr/bin/systemctl daemon-reload || : fi if [ "$FIRST_ARG" -ge 1 ]; then # Package upgrade, not uninstall if [ -x /usr/bin/systemctl ]; then ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_RESTART_ON_UPDATE" && . /etc/sysconfig/services test "$DISABLE_RESTART_ON_UPDATE" = yes -o \ "$DISABLE_RESTART_ON_UPDATE" = 1 && exit 0 /usr/bin/systemctl try-restart pkcsslotd.service ) || : fi fi @h((+HM\<#Et+ gznA큤AAA큤AAAAAAAAAAAAbbbbbbbbbbbbbbbbbb__b_____be__bbbbbbbbbbbbbbbbbbbbbb5765521c6cc39d092e6ff963c764f729f2e117d8ac02e095e0fb15b1cf1f8aa0099fd4f4efcc02617a7c70ee9ec70dbf7921c5a31c5162578c50e6c7f02d8268a4169e9847cf0e230795a2006f33cf7d3acfff5d5388fa121f5d710e915e8a46eeb703d64d788c0b59436f118bdce9daaf271e5d6fd1494061c36b8d80d61c62a303e05b32d2960697fb17bd0c94d915fc65dddc1ee6191d2a598143be4588b5f20be9497b0bee711a298ec71d3be64145deaa242eb07929d14bcf6cd3a466c223941f06bf674a5feb8e3a761dee29cee718071fd0f4135e12c0f5d756991e6733d2d6a0405969747a9ecc94e52369158f981a4ae0c679a7e58589e9902bc81aa53797658c010dff93358d50cad5caeae74c833adada84f7d07167b5294465a2c034f1a93c7e81a676e75eb2ffa8854bc2b0630ba27b478157d5cd5d40b276993a582cc629267928690c3e87652deed80a212805aa8abb3dfd488f290c4ad3927e48b2e5f2f7167295a78ed6a75e6a07cd3ee7e192719f29e55f76f683e37b175bbbd978c6d1ed7b244c4720d340b7702fe63eedaf190473468598cbfd56aa13029ef5db4494260773e0c79258a72ce924616c594fcf8f5041b49627eba9bb099631c9b59e8e32a6c472980ede85dbeafa9e3fc0a85b5767f8bba03a5753ce29302d4d0705ee4d21eeddecd0976ed9fa2968fb5c8ac8926053fcebd89d2148b3f45fb846c91c67aaca4ec8b16895cc4e866bdab6aeec4590fab7dff38bf2476956c19832040e616229fccab7722cc257701f49491bfdbcc148fe7a337c78a3beb523efde58ab48bf9296de1d6e653df25e5ece6c46cefc5e784bee35229293cbabdea5371cc35022291b43ea4e71a443537dec87b190405e7824070c0840c29459633e1eaf1f4f4ac317f76ecd9afc63c66519bd97d40f82154037368acea81a6d8001cee4d5deabe400d23363f7e1aa5b958cb355fc6ffe87107ab5e51242a22d6df522305260b2df3067d99231f31a440ddea5d4d28ae5d20b1da2ec01a41ecb1d7d3dda05f44d0effbaa1a6d2c9da5242fb4a707ea0caf6f6625bb66f3dea0ff3dc6d17dfdc122e6b7393d0c0c2c8bb13c522ac7ce33819e972cf5a2dc69c5afb11d3ceec6b474998fd944b892842ae66a40dfcd8ad58c31c2edb4bb969e8c9460157f73206fb3df293f7ca21e4760f58b3936495d5fd8e2abc97cfdf4d39788db6ebad1a905ca80e2cdc41223a522abf6f26dc85dde3c5af2f7020adaeec8ff16fe95c8faa9f61b83ce829a1c05b6853de958c1da5e63831e4861b7acd96f6dbe7b62e2a302e83e407d651ed7e7bed8805d93745aaf6b14a0835b33610396fa803f970660101a04ef0ac974018b6aef165dec7e78e093f1ab503fedf6ea49c23a41660844efb4fcbeb9a15702ad90ce7ea0bda08a44c7489cf8c4d4c95a0738bd6ab69e00b8e9cfa3905afdf59e495dcfefb839d64b9c75b6c8b39bae1f4f9ddffedbac20ccf32a6b49206e8101259b5e420fa6951a8ed178a36c6e9eda6servicerootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootpkcs11pkcs11pkcs11pkcs11pkcs11pkcs11pkcs11pkcs11pkcs11pkcs11pkcs11pkcs11openCryptoki-3.15.1-150300.5.12.1.src.rpmconfig(openCryptoki)openCryptokiopenCryptoki(s390-64) @@@@@@@@@@@@@@@@@@    /bin/sh/bin/sh/bin/sh/bin/sh/usr/sbin/groupadd/usr/sbin/usermodconfig(openCryptoki)libc.so.6()(64bit)libc.so.6(GLIBC_2.15)(64bit)libc.so.6(GLIBC_2.17)(64bit)libc.so.6(GLIBC_2.2)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libc.so.6(GLIBC_2.7)(64bit)libcrypto.so.1.1()(64bit)libcrypto.so.1.1(OPENSSL_1_1_0)(64bit)libdl.so.2()(64bit)libdl.so.2(GLIBC_2.2)(64bit)liblber-2.4.so.2()(64bit)libldap_r-2.4.so.2()(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.2)(64bit)librt.so.1()(64bit)librt.so.1(GLIBC_2.2)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)systemdsystemdsystemdsystemd3.15.1-150300.5.12.13.0.4-14.6.0-14.0-15.2-14.14.3bb; a ``Ȗ@`+`` l_"^!@]]ʞ]@]nU\f\&@[[@[_ZZw@ZY.@YX@X@X@X~@X2@W@WE@W@WW^@WEW@V<@VqU@U@U#U#U#Tp@mpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.comkukuk@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.comjengelh@inai.dempost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.comjjolly@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.commpost@suse.comjjolly@suse.comjjolly@suse.comjjolly@suse.comjjolly@suse.comcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgp.drouand@gmail.com- Added ocki-3.15.1-EP11-Fix-C_GetMechanismList-returning-CKR_BUFFER_TOO.patch for bsc#1202028. One test of the gen_purpose test cases fails with C_GetMechanismList #2 rc=CKR_BUFFER_TOO_SMALL" error on the EP11 Token.- Added the following two patches for bsc#1197396. The CKM_IBM_DILITHIUM mechanism does not show up as supported by the EP11 token when an upgraded EP11 host library is used. * ocki-3.15.1-EP11-Fix-host-library-version-query.patch * ocki-3.15.1-EP11-Dilithium-Specify-OID-of-key-strength-at-key-ge.patch- Added the following patches for bsc#1188879: * ocki-3.15.1-pkcstok_migrate-Quote-strings-with-spaces-in-opencry.patch When modifying opencryptoki.conf during token migration, put quotes around strings that contain spaces, e.g. for the slot description and manufacturer. * ocki-3.15.1-pkcstok_migrate-Don-t-remove-tokversion-x.y-during-m.patch When migrating a slot the opencryptoki.conf file is modified. If it contains slots that already contain the 'tokversion = x.y' keyword, this is accidentally removed when migrating another slot. * ocki-3.15.1-pkcstok_migrate-Fix-detection-if-pkcsslotd-is-still-.patch Change the code to use the pid file that pkcsslotd creates, and check if the process with the pid contained in the pid file still exists and runs pkcsslotd. * ocki-3.15.1-pkcstok_migrate-Rework-string-quoting-for-opencrypto.patch Always quote the value of 'description' and 'manufacturer'. Quote the value of 'stdll', 'confname', and 'tokname' if it contains spaces, and never quote the value of 'hwversion', 'firmwareversion', and 'tokversion'.- Added the following patches for bsc#1182726 " p11sak list-key segfault" * ocki-3.15.1-Added-NULL-pointer-to-avoid-double-free-for-the-list.patch Added NULL pointer to avoid double free() for the list-key and remove-key commands. * ocki-3.15.1-Fixed-p11sak-and-corresponding-test-case.patch Note that two hunks that were unrelated to fixing the running code were removed from this patch. * ocki-3.15.1-p11sak-Fix-CKA_LABEL-handling.patch- Added ocki-3.15.1-SOFT-Check-the-EC-Key-on-C_CreateObject-and-C_Derive.patch When constructing an OpenSSL EC public or private key from PKCS#11 attributes or ECDH public data, check that the key is valid, i.e. that the point is on the curve. (bsc#1185976)- Added ocki-3.15.1-A-slot-ID-has-nothing-to-do-with-the-number-of-slots.patch (bsc#1182120) Fix pkcscca migration fails with usr/sb2 is not a valid slot ID - Added ocki-3.15.1-SOFT-Fix-problem-with-C_Get-SetOperationState-and-di.patch (bsc#1182190) Fix a segmentation fault of the sess_opstate test on the Soft Token- Added the following patches for bsc#1179319 * Fix compiling with C++: ocki-3.15.1-Fix-compiling-with-c.patch * Added error message handling for p11sak remove-key command. ocki-3.15.1-Added-error-message-handling-for-p11sak-remove-key-c.patch- Don't require pwdutils for build, dropped long ago and not needed- Upgraded to version 3.15.1 (jsc#SLE-13749, jsc#SLE-13666, jsc#SLE-13813, jsc#SLE-13812, jsc#SLE-13723, jsc#SLE-13714, jsc#SLE-13715, jsc#SLE-13710, jsc#SLE-13774, jsc#SLE-13786) * openCryptoki 3.15.1 - Bug fixes * openCryptoki 3.15.0 - common: conform to PKCS 11 3.0 Baseline Provider profile - Introduce new vendor defined interface named "Vendor IBM" - Support C_IBM_ReencryptSingle via "Vendor IBM" interface - CCA: support key wrapping - SOFT: support ECC - p11sak tool: add remove-key command - Bug fixes * openCryptoki 3.14.0 - EP11: Dilitium support stage 2 - Common: Rework on process and thread locking - Common: Rework on btree and object locking - ICSF: minor fixes - TPM, ICA, ICSF: support multiple token instances - new tool p11sak * openCryptoki 3.13.0 - EP11: Dilithium support - EP11: EdDSA support - EP11: support RSA-OAEP with non-SHA1 hash and MGF - Removed obsolete oki-3.12-EP11-Fix-EC-uncompress-buffer-length.patch- Added oki-3.12-EP11-Fix-EC-uncompress-buffer-length.patch (bsc#1159114) The EP11 token may fail to import an ECC public key. Function C_CreateObject returns CKR_BUFFER_TOO_SMALL in this case.- Upgraded to version 3.12.1 (bsc#1157863) * Fix pkcsep11_migrate tool- Upgraded to version 3.12.0 (jsc#SLE-7647, jsc#SLE-7915, jsc#SLE-7918) * Update token pin and data store encryption for soft,ica,cca and ep11 * EP11: Allow importing of compressed EC public keys * EP11: Add support for the CMAC mechanisms * EP11: Add support for the IBM-SHA3 mechanisms * SOFT: Add AES-CMAC and 3DES-CMAC support to the soft token * ICA: Add AES-CMAC and 3DES-CMAC support to the ICA token * EP11: Add config option USE_PRANDOM * CCA: Use Random Number Generate Long for token_specific_rng() * Common rng function: Prefer /dev/prandom over /dev/urandom * ICA: add SHA*_RSA_PKCS_PSS mechanisms * Bug fixes - Removed obsolete ocki-3.11.1-EP11-Support-tolerated-new-crypto-cards.patch- Added ocki-3.11.1-EP11-Support-tolerated-new-crypto-cards.patch (bsc#1152015) Add support for new IBM crypto card.- Upgraded to version 3.11.1 (Fate#327837) Bug fixes. - Dropped obsolete ocki-3.11-Fix-target_list-passing-for-EP11-session.patch- Added ocki-3.11-Fix-target_list-passing-for-EP11-session.patch (bsc#1123988)- Do not ignore errors from groupadd. If groupadd fails, installation ought not to proceed because files would have the wrong ownership.- Don't hide error messages from the groupadd command. To eliminate a potentially common one, check to see if the pkcs11 group is already defined before trying to add it. - Update the summary for the -devel package. - Changed several PreReq entries to Requires(pre) as a result of the output from spec-cleaner. Removed a couple of obsolete lines. - Removed obsolete check for whether systemd is in use or not.- Upgraded to version 3.11.0 (Fate#325685) * opencryptoki 3.11.0 EP11 enhancements A lot of bug fixes - Reworked the ocki-3.1-remove-make-install-chgrp.patch to apply properly to 3.11, and renamed it to ocki-3.11-remove-make-install-chgrp.patch - Removed obsolete patch ocki-3.5-icsf-coverity-memoryleakfix.patch- Upgraded to version 3.10.0 (Fate#325685) * opencryptoki 3.10.0 Add support to ECC on ICA token and to common code. Add SHA224 support to SOFT token. Improve pkcsslotd logging. Fix sha512_hmac_sign and rsa_x509_verify for ICA token. Fix tracing of session id. Fix and improve testcases. Fix spec file permission for log directory. Fix build warnings. * opencryptoki 3.9.0 Fix token reinitialization Fix conditional man pages EP11 enhancements EP11 EC Key import Increase RSA max key length Fix broken links on documentation Define CK_FALSE and CK_TRUE macros Improve build flags - Dropped obsolete patch ocki-3.8.2-Fix-Hardware-Feature-Object-validation-and-tests.patch - Made multiple changes to the spec file based on spec-cleaner output. - Added an rpmlintrc file to squelch warnings about adding ghost entries for files under /var/lock/opencryptoki/- Added ocki-3.8.2-Fix-Hardware-Feature-Object-validation-and-tests.patch (bsc#1086678)- Re-enabled ARM architectures now that gcc6 is in SLE15. (bsc#1084617)- Upgraded to version 3.8.2 (fate#323295, bsc#1066412) * v3.8.2 Update man pages. Improve ock_tests for parallel execution. Fix FindObjectsInit for hidden HW-feature. Fix to allow vendor defined hardware features. Fix unresolved symbols. Fix tracing. Code/project cleanup. * v3.8.1 Fix TPM data-structure reset function. Fix error message when dlsym fails. Update configure.ac Update travis. * v3.8.0 Multi token instance feature. Added possibility to run opencryptoki with transactional memory or locks (--enable-locks on configure step). Updated documentation. Fix segfault on ec_test. Bunch of small fixes.- Removed ARM architectures from the build list until gcc6 becomes available for SLES. (bsc#1039510).- Updated to version 3.7.0 (Fate#321451) (bsc#1036640) - Update example spec file - Performance improvement. Moving from mutexes to transactional memory. - Add ECDSA SHA2 support for EP11 and CCA. - Fix declaration of inline functions. - Fix wrong testcase and ber en/decoding for integers. - Check for 'flex' and 'YACC' on configure. - EP11 config file rework. - Add enable-debug on travis build. - Add testcase for C_GetOperationState/C_SetOperationState. - Upgrade License to CPL-1.0 - Ica token: fix openssh/ibmpkcs11 engine/libica crash. - Fix segfault and logic in hardware feature test. - Fix spelling of documentation and manuals. - Fix the retrieval of p from a generated rsa key. - Coverity scan fixes - incompatible pointer type and unused variables.- Added libica-tools to the BuildRequires due to repackaging of libica.- Modified the spec file - Changed libca3-devel BuildRequires to just libica-devel - Check for systemd in the 32bit postun scriptlet.- Upgraded to version 3.6.2 (fate#321451) - Support OpenSSL-1.1. - Add Travis CI support. - Update autotools scripts and documentation. - Fix SegFault when a invalid session handle is passed in SC_EncryptUpdate and SC_DecryptUpdate. - Updated spec file to use libica3-devel instead of libica2-devel.- Upgraded to version 3.6.1 (fate#321451) - opencryptoki 3.6.1 - Fix SOFT token implementation of digest functions. - Replace deprecated OpenSSL interfaces. - opencryptoki 3.6 - Replace deprecated libica interfaces. - Performance improvement for ICA. - Improvement in documentation on system resources. - Improvement in testcases. - Added support for rc=8, reasoncode=2028 in icsf token. - Fix for session handle not set in session issue. - Multiple fixes for lock and log directories. - Downgraded a syslog error to warning. - Multiple fixes based on coverity scan results. - Added pkcs11 mapping for icsf reason code 72 for return code 8. - opencryptoki 3.5.1 - Fix Illegal Intruction on pkcscca tool. - Removed the following obsolete patches: - ocki-3.5-sanity-checking.patch - ocki-3.5-icsf-reasoncode72-support.patch - ocki-3.5-downgrade-syslogerror.patch - ocki-3.5-icsf-sessionhandle-missing-fix.patch - ocki-3.5-icsf-reasoncode-2028-added.patch - ocki-3.5-added-NULLreturn-check.patch - ocki-3.5-create-missing-tpm-token-lock-directory.patch - ocki-3.5-fix-pkcscca-calls.patch- Removed reference to pkcs1_startup from pkcsslotd (bsc#1007081)- Added ocki-3.5-fix-pkcscca-calls.patch (bsc#996867).- Added %doc FAQ to the spec file (bsc#991168).- Added ocki-3.5-create-missing-tpm-token-lock-directory.patch (bsc#989602).- Added the following patches (bsc#986854) - ocki-3.5-icsf-reasoncode72-support.patch - ocki-3.5-icsf-coverity-memoryleakfix.patch - ocki-3.5-downgrade-syslogerror.patch - ocki-3.5-icsf-sessionhandle-missing-fix.patch - ocki-3.5-icsf-reasoncode-2028-added.patch - ocki-3.5-added-NULLreturn-check.patch- Added ocki-3.5-sanity-checking.patch (bsc#983496). - Added %dir entry for %{_localstatedir}/log/opencryptoki/ (bsc#983990)- Upgraded to openCryptoki 3.5 (bsc#978005). - Full Coverity scan fixes. - Fixes for compiler warnings. - Added support for C_GetObjectSize in icsf token. - Various bug fixes and memory leak fixes. - Removed global read permissions from token files - Added missing PKCS#11v2.2 constants. - Fix for symbol resolution issue seen in Fedora 22 and 23 for ep11 and cca tokens. - Improvements in socket read operation when a token comes up. - Replaced 32 bit CCA API declarations with latest header from version 5.0 libsculcca rpm.- Upgraded to openCryptoki v3.4.1 (Fate#319576, 319585, 319592, 319938). - Changed BuildRequires for libica_2_3_0-devel to libica2-devel. - Changed BuildRequires for openssl-devel to specify >= 1.0 Contrary to what the README says, version 0.9.7 isn't sufficient. - Removed the redundant DESTDIR= parameter from the %make_install - Removed the following obsolete patches opencryptoki-run-lock.patch (/var/lock and run/lock are actually the same place) Also reverted the changed to openCryptoki-tmp.conf to match. ocki-3.1_10_0001-ica-sha-update-empty-msg.patch ocki-3.1-fix-implicit-decl.patch ocki-3.1-fix-init_d-path.patch ocki-3.1-fix-libica-link.patch ocki-3.2_01_fix-return-type-error.patch ocki-3.2_02_ep11-token-incorrectly-copied-the-public-key-object-.patch ocki-3.2_03_ICSF-Token-C_SignUpdate-was-sometimes-segfaulting-an.patch ocki-3.2_04_CKA_EC_POINT-is-not-required-in-the-ECDSA-private-ke.patch ocki-3.2_05_icsf_ldap_handles.patch ocki-3.2_06_icsf_sign_verify.patch - renamed: ocki-3.1-remove-make-install-chgrp-chmod.patch to ocki-3.1-remove-make-install-chgrp.patch- Get a new ldap handle for each session opened in the icsf token, once the user has authenticated. (bsc#953347,LTC#130078) - ocki-3.2_05_icsf_ldap_handles.patch - ocki-3.2_06_icsf_sign_verify.patch- Added /var/lib/opencryptoki/lite/TOK_OBJ token directory (bsc#943070) - Added ocki-3.2_02_ep11-token-incorrectly-copied-the-public-key-object-.patch - Fixed two public key object inclusion in EP11 token (bsc#946808) - Added ocki-3.2_03_ICSF-Token-C_SignUpdate-was-sometimes-segfaulting-an.patch - Fixed GPF when calling C_SignUpdate using ICFS toekn (bsc#946172) - Added ocki-3.2_04_CKA_EC_POINT-is-not-required-in-the-ECDSA-private-ke.patch - Fixed failure to import ECDSA because of lack of attribute (bsc#948114)- Fixed BuildRequires: libica2-devel - Added ocki-3.2_01_fix-return-type-error.patch - Changing doc/README.ep11_stdll to unix-style EOL - Added BuildRequires: dos2unix - Removed globbing in %files and specified libraries to include (bsc#942162)- Updated to openCryptoki v3.2 (FATE#318240) - Removed unnecessary patches: - ocki-3.1_01_ep11_makefile.patch - ocki-3.1_02_ep11_m_init.patch - ocki-3.1_03_ock_obj_mgr.patch - ocki-3.1_04_ep11_opaque2blob_error_handl.patch - ocki-3.1_05_ep11_readme_update.patch - ocki-3.1_06_0001-print_mechanism-ignored-bad-returncodes-from-the-cal.patch - ocki-3.1_06_0002-Fix-failure-when-confname-is-not-given-use-default-e.patch - ocki-3.1_06_0003-Configure-was-checking-for-the-ep11-lib-and-the-m_in.patch - ocki-3.1_06_0004-The-asm-zcrypt.h-header-file-uses-some-std-int-types.patch - ocki-3.1_06_0005-Small-reworks.patch - ocki-3.1_06_0006-The-31-bit-build-on-s390-showed-an-build-error-at-in.patch - ocki-3.1_06_0007-ep11-is-not-building-because-not-setting-with_zcrypt.patch - ocki-3.1_07_0001-Man-page-corrections.patch - ocki-3.1_08_0001-Add-a-pkcscca-tool-to-help-migrate-cca-private-token.patch - ocki-3.1_08_0002-Add-documentation-pkcscca-manpage-and-README.cca_std.patch - ocki-3.1_09_0001-Fix-EOL-encoding-in-README.patch- Also create parent directory /run/lock/opencryptoki in tmpfiles snippet if it does not exists.- spec: do not use -D__USE_BSD, a glibc-internal macro which no longer has any meaning.- spec: use %{_unitdir} %{_tmpfilesdir) - spec: call tmpfiles_create macro, if defined in %post - opencryptoki-run-lock.patch, openCryptoki-tmp.conf: use /run/lock instead of /var/lock.- Update to version 3.2 +New pkcscca tool. Currently it assists in migrating cca private token objects from opencryptoki version 2 to the clear key encryption method used in opencryptoki version 3. Includes a manpage for pkcscca tool. Changes to README.cca_stdll to assist in using the CCA token and migrating the private token objects. + Support for CKM_RSA_PKCS_OAEP and CKM_RSA_PKCS_PSS algorithms. + Various bugfixes. + New testcases for various crypto algorithms. - Only depend on insserv if builded with sysvinit support - Remove obsolete patches; merged on upstream release + ocki-3.1_01_ep11_makefile.patch + ocki-3.1_02_ep11_m_init.patch + ocki-3.1_03_ock_obj_mgr.patch + ocki-3.1_04_ep11_opaque2blob_error_handl.patch + ocki-3.1_05_ep11_readme_update.patch + ocki-3.1_06_0001-print_mechanism-ignored-bad-returncodes-from-the-cal.patch + ocki-3.1_06_0002-Fix-failure-when-confname-is-not-given-use-default-e.patch + ocki-3.1_06_0003-Configure-was-checking-for-the-ep11-lib-and-the-m_in.patch + ocki-3.1_06_0004-The-asm-zcrypt.h-header-file-uses-some-std-int-types.patch + ocki-3.1_06_0005-Small-reworks.patch + ocki-3.1_06_0006-The-31-bit-build-on-s390-showed-an-build-error-at-in.patch + ocki-3.1_06_0007-ep11-is-not-building-because-not-setting-with_zcrypt.patch + ocki-3.1_07_0001-Man-page-corrections.patch + ocki-3.1_08_0001-Add-a-pkcscca-tool-to-help-migrate-cca-private-token.patch + ocki-3.1_08_0002-Add-documentation-pkcscca-manpage-and-README.cca_std.patch + ocki-3.1_09_0001-Fix-EOL-encoding-in-README.patch + ocki-3.1_10_0001-ica-sha-update-empty-msg.patch - Project is now hosted on sourceforge; fix the Url - Remove cvs related stuff; tarball is produced by upstream - Use %configure macro instead of manually defined options - Build with parallel support; use %{?_smp_mflags} macro/bin/sh/bin/sh/bin/sh/bin/shs390zl36 1660272321  !"#$%&'()*+,-./01233.15.1-150300.5.12.13.15.1-150300.5.12.13.15.1-150300.5.12.1 opencryptokiep11cpfilter.confep11tok.confopencryptoki.confpkcsslotd.serviceopencryptoki.confopencryptokistdllp11sakpkcsccapkcsconfpkcsep11_migratepkcsep11_sessionpkcsicsfpkcsslotdpkcstok_migratercpkcsslotdopenCryptokiFAQREADME.cca_stdllREADME.ep11_stdllREADME.icsf_stdllREADME.pkcscca_migrateREADME.token_dataREADME.tpm_stdllcoding_style.mdopenCryptoki-TFAQ.htmlopencryptoki-howto.mdsystem_resourcesp11sak.1.gzpkcscca.1.gzpkcsconf.1.gzpkcsep11_migrate.1.gzpkcsep11_session.1.gzpkcsicsf.1.gzpkcstok_migrate.1.gzopencryptoki.conf.5.gzopencryptoki.7.gzpkcsslotd.8.gzopencryptokiccatokTOK_OBJep11tokTOK_OBJicsfliteTOK_OBJswtokTOK_OBJtpmopencryptoki/etc//etc/opencryptoki//usr/lib/systemd/system//usr/lib/tmpfiles.d//usr/lib64//usr/lib64/opencryptoki//usr/sbin//usr/share/doc/packages//usr/share/doc/packages/openCryptoki//usr/share/man/man1//usr/share/man/man5//usr/share/man/man7//usr/share/man/man8//var/lib//var/lib/opencryptoki//var/lib/opencryptoki/ccatok//var/lib/opencryptoki/ep11tok//var/lib/opencryptoki/lite//var/lib/opencryptoki/swtok//var/log/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:25496/SUSE_SLE-15-SP3_Update/ec2ef9ec2f10a20c3f42562e5816045d-openCryptoki.SUSE_SLE-15-SP3_Updatedrpmxz5s390x-suse-linux   directoryASCII text, with very long linesASCII textELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=3ddc0c28d341ccace7af9b1e36d3853b9ed0d7f8, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=207face5de0a3ba4b613574e64221a1a2174cb91, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=cb9e8ce43f63ba0f96cab9854b385238a3000fe8, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=a16288944805c7fb21367bd88b594e5e9de8d0cf, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=778a5342faec64b650251c3a62820d30af081260, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=36b9cb7a8b12b17c70bcb4b77d66a617c2687483, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=965463135101a88a16e0505bc384408cc7322b47, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=740686a19e004c24557a17d59bbfb5cad47c139f, for GNU/Linux 3.2.0, strippedAlgol 68 source, ASCII textHTML document, UTF-8 Unicode textUTF-8 Unicode texttroff or preprocessor input, ASCII text, with very long lines (gzip compressed data, max compression, from Unix)troff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)Algol 68 source, ASCII text (gzip compressed data, max compression, from Unix)"+4=  RR R R R RRRRR R R RRRRRRRR R R RRRRRR R R R R RRRR RR R R R RRRR R RR RRRRRRR RR RRRRRRRR R RRR[T.wsutf-87f79ed5270dc49e2fad76bfb7cac76affba74ec6b7bf4bb5e27b1d46a909dbad?7zXZ !t/7f]"k%IN, V!I?0dD{a!JDy4][He0B~k9I`)!wN%.[fWQAA ÎOO(MW=Vk7DvR3$/)>Էf-?^Wǎڐ Fa,F(HNYab ƖQj~Ln3)aAw ;rw$O ([T2FR 0Roo` DO-Qσa&Hxk1 FI #$wlaubyqvMTx_#`|P"HLrpOPj$\_2@DlyYPl>c,4uX]Ɨtݍb8&. )$}i YqN\ } ĢHxZRNx0C鉆rY9I\f>v&16W?Y s/VN;6 7 bršJ7&hKYVS(ۀ*z<jA 1/SA:JFE r_m:6"hǚ`h 䆳1ھfX n3q ):{+;[dӃYe.ݠi p3. nHyB@8@89ϒ bz0(pH¦V:}AL1\*b!ؙ3O_c\IזM2\k';WV0b'j`¶s\tRiiO5a)!=NSz._޼w[p$T$>g pA gMwp.,Rߴl25 D1%.B{<쵯nK!~ZS/Ori9}FB"瘀5?:΄W)<_5,E1j9t9ؚ  @*>Όn4V$;i**<\&bUvJK)4Jij g{3ȁÞ:tYJCd]sUD )/:>58oCGH{{m'<9 uvKT'3f.+RY5DYH_+ÖaALH7.8BI%(啢.B8 -CG' =Lj1&wg[Mz={$v 8cW "1a4Aݗa+COڈ<4ɗ}L31W)Mшl!0\˲yd>dÐ~F}iZ- ihIKezW!.W53Ep/֐<&-KBcЕ֒+$}YO1!^=Fct`պ~r3lIsG oEj\*{Ge N͔D8^i XE/n8p〗Q&fVȷ~N S)k5jP< A ^׹_7#Џֽ' (uUFh^dǕLUn׊x ,+ [8oUpO6Jc)W1SYĕ.Bݓ>&agO~+qC?7. PDp?c?]2)"'[mӵs!@6\@5SkvxV?PUdַm7$.Zj")h"c29'`6czHcCiarՇt ׉r5`qB[8'Gd=Oꓜںix*F1y6g3sqcl%ɛ;^3i\ #8&շ*9.a$Dd38csfϻbND$ɔWy׸[uH#{+C2z*b9TA󀂥6ZkKp`)`23$}7tlGBޠ6 "(d6,ci\ߠP)qyτvr _``\K>ҡY^l_P8GqiDҢ}Bş\<՘_)siiUy-R4>V-3:\5G֑:dNͳJ&Щaw+q]o S󛰻0v4&HEuP~!%/NQхWf4WTL҉Xz'ݱȯ*1wM{稡uzZGh4pqT)]|`"LeS\׺i7ߚӢ|(y)g:,bH.%Sh:J9&(_>\䧑JO3H XP3IVn(Nnfxȥ &VcLC_ 3` Κ c=7yp력}Z:[ r bšs%[CZ uBB8bö9 EGk7H}x7 uK0fM}n<岦Ej?BÃcӠm1_6` q+AWӓUދoX<@S C7&z9ⶴp0bw>@%td,3;*wȍJ؃ a+ Vf6̈:u*CȒ`գpįE<8^3&S?B/Jw烎 %Эf%A[;9LyQ>UGTګN灦fZR2(0d# ( \6P_dXh9Dc/ΚDZ &xRލʦ}/#/]JB8T^VvGegn o%V$L8!4S20 hVo5Gs[qLUڪY[.!M07B30=Dm9r3?CUP~?v<}TQIz joXLFOI@nedƊvuU_+y; طTF%h[ssѩ >py'~ל-j @ؘ~#]:wBwZ?,# "Z̚Q۵$w3 ִ-dm[kSO7N^lek'K.c?Y( nǶ YZ