diff --git a/opencryptoki-3.10.0.tar.gz b/opencryptoki-3.10.0.tar.gz
deleted file mode 100644
index 1f7f6935501079b3058c079d9f0d9cd1d0e5a9c0..0000000000000000000000000000000000000000
Binary files a/opencryptoki-3.10.0.tar.gz and /dev/null differ
diff --git a/opencryptoki-3.11.0-group.patch b/opencryptoki-3.11.0-group.patch
new file mode 100644
index 0000000000000000000000000000000000000000..e88b3916d76f6bc8023e3d084163b2abfa0dfbb5
--- /dev/null
+++ b/opencryptoki-3.11.0-group.patch
@@ -0,0 +1,31 @@
+diff -up opencryptoki-3.11.0/usr/lib/api/shrd_mem.c.in.me opencryptoki-3.11.0/usr/lib/api/shrd_mem.c.in
+--- opencryptoki-3.11.0/usr/lib/api/shrd_mem.c.in.me	2019-01-31 10:42:23.325797012 +0100
++++ opencryptoki-3.11.0/usr/lib/api/shrd_mem.c.in	2019-01-31 10:52:17.585191667 +0100
+@@ -55,9 +55,11 @@ void *attach_shared_memory()
+     int shmid;
+     char *shmp;
+     struct stat statbuf;
++#if 0
+     struct group *grp;
+     struct passwd *pw, *epw;
+     uid_t uid, euid;
++#endif
+ 
+ #if !(MMAP)
+     // Really should fstat the tok_path, since it will be the actual
+@@ -69,6 +71,7 @@ void *attach_shared_memory()
+         return NULL;
+     }
+ 
++#if 0
+     uid = getuid();
+     euid = geteuid();
+     // only check group membership if not root user
+@@ -102,6 +105,7 @@ void *attach_shared_memory()
+             return NULL;
+         }
+     }
++#endif
+ 
+     Anchor->shm_tok = ftok(TOK_PATH, 'b');
+ 
diff --git a/opencryptoki-3.11.0-lockdir.patch b/opencryptoki-3.11.0-lockdir.patch
new file mode 100644
index 0000000000000000000000000000000000000000..936a65493b2557e45875e5bfce011e728038a995
--- /dev/null
+++ b/opencryptoki-3.11.0-lockdir.patch
@@ -0,0 +1,12 @@
+diff -up opencryptoki-3.11.0/configure.ac.me opencryptoki-3.11.0/configure.ac
+--- opencryptoki-3.11.0/configure.ac.me	2019-01-30 17:10:19.660952694 +0100
++++ opencryptoki-3.11.0/configure.ac	2019-01-30 17:13:54.150089964 +0100
+@@ -62,7 +62,7 @@ AC_SUBST([OPENLDAP_LIBS])
+ 
+ dnl Define custom variables
+ 
+-lockdir=$localstatedir/lock/opencryptoki
++lockdir=/run/lock/opencryptoki
+ AC_SUBST(lockdir)
+ 
+ logdir=$localstatedir/log/opencryptoki
diff --git a/opencryptoki-3.18.0-p11sak.patch b/opencryptoki-3.18.0-p11sak.patch
new file mode 100644
index 0000000000000000000000000000000000000000..f8f9f1c27d935b417b87437d8522693f1354a707
--- /dev/null
+++ b/opencryptoki-3.18.0-p11sak.patch
@@ -0,0 +1,21 @@
+diff -up opencryptoki-3.18.0/Makefile.am.me opencryptoki-3.18.0/Makefile.am
+--- opencryptoki-3.18.0/Makefile.am.me	2022-05-09 22:25:07.980238715 +0200
++++ opencryptoki-3.18.0/Makefile.am	2022-05-09 22:25:29.292722755 +0200
+@@ -78,7 +78,7 @@ if ENABLE_EP11TOK
+ endif
+ if ENABLE_P11SAK
+ 	test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true
+-	test -f $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || $(INSTALL) -g pkcs11 -m 0640 $(srcdir)/usr/sbin/p11sak/p11sak_defined_attrs.conf $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || true
++	test -f $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || $(INSTALL) -m 0640 $(srcdir)/usr/sbin/p11sak/p11sak_defined_attrs.conf $(DESTDIR)$(sysconfdir)/opencryptoki/p11sak_defined_attrs.conf || true
+ endif
+ if ENABLE_ICATOK
+ 	cd $(DESTDIR)$(libdir)/opencryptoki/stdll && \
+@@ -129,7 +129,7 @@ endif
+ if ENABLE_DAEMON
+ 	test -f $(DESTDIR)$(sysconfdir)/opencryptoki || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/opencryptoki || true
+ 	test -f $(DESTDIR)$(sysconfdir)/opencryptoki/opencryptoki.conf || $(INSTALL) -m 644 $(srcdir)/usr/sbin/pkcsslotd/opencryptoki.conf $(DESTDIR)$(sysconfdir)/opencryptoki/opencryptoki.conf || true
+-	test -f $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || $(INSTALL) -m 640 -o root -g pkcs11 -T $(srcdir)/doc/strength-example.conf $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || true
++	test -f $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || $(INSTALL) -m 640 -o root -T $(srcdir)/doc/strength-example.conf $(DESTDIR)$(sysconfdir)/opencryptoki/strength.conf || true
+ if ENABLE_SYSTEMD
+ 	mkdir -p $(DESTDIR)/usr/lib/tmpfiles.d
+ 	cp $(srcdir)/misc/tmpfiles.conf $(DESTDIR)/usr/lib/tmpfiles.d/opencryptoki.conf
diff --git a/opencryptoki-3.19.0.tar.gz b/opencryptoki-3.19.0.tar.gz
new file mode 100644
index 0000000000000000000000000000000000000000..cfa1289f2ed22f49324d68a38ace6d00f9f01156
Binary files /dev/null and b/opencryptoki-3.19.0.tar.gz differ
diff --git a/opencryptoki.module b/opencryptoki.module
new file mode 100644
index 0000000000000000000000000000000000000000..4720c045dce29f683170390060a9b100d4dc20d2
--- /dev/null
+++ b/opencryptoki.module
@@ -0,0 +1,8 @@
+# This file describes how to load the opensc module
+# See: http://p11-glue.freedesktop.org/doc/p11-kit/config.html
+
+# This is a relative path, which means it will be loaded from
+# the p11-kit default path which is usually $(libdir)/pkcs11.
+# Doing it this way allows for packagers to package opensc for
+# 32-bit and 64-bit and make them parallel installable
+module: libopencryptoki.so
diff --git a/opencryptoki.spec b/opencryptoki.spec
index 3437cba3de63ab12ff5da136280a58c26df877e8..be46ee47052a1c3cea995c5ba51c2fd19b3d6ba6 100644
--- a/opencryptoki.spec
+++ b/opencryptoki.spec
@@ -1,16 +1,24 @@
-Name:               opencryptoki
-Version:            3.10.0
-Release:            3
-Summary:            PKCS#11 library and tools for Linux
-License:            CPL
-URL:                http://sourceforge.net/projects/opencryptoki
-Source0:            https://github.com/opencryptoki/opencryptoki/archive/v%{version}/opencryptoki-%{version}.tar.gz
-BuildRequires:      openssl-devel trousers-devel openldap-devel autoconf automake libtool
-BuildRequires:      bison flex systemd libitm-devel
-Requires(pre):      coreutils shadow-utils
-Requires(post):     systemd
-Requires(preun):    systemd
-Requires(postun):   systemd
+Name:			opencryptoki
+Summary:		Implementation of the PKCS#11 (Cryptoki) specification v3.0
+Version:		3.19.0
+Release:		1
+License:		CPL
+URL:			https://github.com/opencryptoki/opencryptoki
+Source0:		https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
+# https://bugzilla.redhat.com/show_bug.cgi?id=732756
+Patch0:		opencryptoki-3.11.0-group.patch
+# bz#1373833, change tmpfiles snippets from /var/lock/* to /run/lock/*
+Patch1:		opencryptoki-3.11.0-lockdir.patch
+# add missing config file
+Patch2:		opencryptoki-3.18.0-p11sak.patch
+# upstream patches
+BuildRequires:      gcc gcc-c++  trousers-devel openldap-devel autoconf automake libtool
+BuildRequires:      openssl-devel >= 1.1.1
+BuildRequires:      bison flex libitm-devel expect make systemd
+Requires(pre):		coreutils shadow-utils
+Requires(post):	        systemd 
+Requires(preun):	systemd
+Requires(postun):	systemd
 
 Provides:           opencryptoki-libs = %{version}-%{release}
 Obsoletes:          opencryptoki-libs < %{version}-%{release}
@@ -23,13 +31,12 @@ Provides:           opencryptoki-icsftok = %{version}-%{release}
 Obsoletes:          opencryptoki-icsftok < %{version}-%{release}
 
 %description
-openCryptoki is an implementation of the PKCS #11 API that allows interfacing to devices
-that hold cryptographic information and perform cryptographic functions.
-openCryptoki provides application portability by isolating the application
-from the details of the cryptographic device.
-Isolating the application also provides an added level of security.
-The openCryptoki API provides a standard programming interface between applications
-and all kinds of portable cryptographic devices.
+Opencryptoki implements the PKCS#11 specification v2.20 for a set of
+cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the
+Trusted Platform Module (TPM) chip. Opencryptoki also brings a software
+token implementation that can be used without any cryptographic
+hardware.
+This package contains the Slot Daemon (pkcsslotd) and general utilities.
 
 
 %package            devel
@@ -52,6 +59,7 @@ Document for openCryptoki.
 
 %build
 ./bootstrap.sh
+
 %configure --with-systemd=%{_unitdir} --enable-locks\
     --disable-icatok --disable-ccatok --disable-ep11tok --disable-pkcsep11_migrate --disable-pkcscca_migrate
 
@@ -75,7 +83,6 @@ exit 0
 %postun
 %systemd_postun_with_restart pkcsslotd.service
 
-
 %files
 %license LICENSE
 %dir %{_sysconfdir}/opencryptoki
@@ -87,12 +94,16 @@ exit 0
 %{_libdir}/pkcs11/*
 %{_localstatedir}/log/opencryptoki
 %config(noreplace) %{_sysconfdir}/opencryptoki/opencryptoki.conf
+%attr(0640, root, pkcs11) %config(noreplace) %{_sysconfdir}/%{name}/p11sak_defined_attrs.conf
+%attr(0640, root, pkcs11) %config(noreplace) %{_sysconfdir}/%{name}/strength.conf
 %{_prefix}/lib/tmpfiles.d/opencryptoki.conf
 %{_unitdir}/pkcsslotd.service
 %{_sbindir}/*
+%{_libdir}/opencryptoki/methods
+%{_libdir}/pkcs11/methods
+%ghost %dir %attr(770,root,pkcs11) %{_rundir}/lock/%{name}
+%ghost %dir %attr(770,root,pkcs11) %{_rundir}/lock/%{name}/*
 %dir %attr(770,root,pkcs11) %{_sharedstatedir}/opencryptoki
-%dir %attr(770,root,pkcs11) %{_localstatedir}/lock/opencryptoki
-%dir %attr(770,root,pkcs11) %{_localstatedir}/lock/opencryptoki/*
 %dir %attr(770,root,pkcs11) %{_sharedstatedir}/opencryptoki/swtok/
 %dir %attr(770,root,pkcs11) %{_sharedstatedir}/opencryptoki/swtok/TOK_OBJ/
 %dir %attr(770,root,pkcs11) %{_sharedstatedir}/opencryptoki/tpm/
@@ -100,9 +111,9 @@ exit 0
 %exclude %{_libdir}/opencryptoki/*.la
 %exclude %{_libdir}/opencryptoki/stdll/*.la
 
-
 %files devel
 %{_includedir}/opencryptoki/
+%{_libdir}/pkgconfig/%{name}.pc
 
 %files help
 %doc ChangeLog FAQ README.md
@@ -110,9 +121,13 @@ exit 0
 %doc doc/README.token_data
 %doc doc/README.tpm_stdll
 %doc doc/README.icsf_stdll
+%doc %{_docdir}/%{name}/*.conf
 %{_mandir}/*
 
 
 %changelog
+* Tue Jan 31 2023 songxiumiao <songxm2@chinatelecom.cn - 3.19.0-1
+- update to 3.19.0
+
 * Fri Feb 28 2020 zhujunhao <zhujunhao5@huawei.com> - 3.10.0-3
 - Package init