File softhsm.changes of Package softhsm
-------------------------------------------------------------------
Sun Dec 29 21:55:30 UTC 2024 - Richard Rahl <rrahl0@opensuse.org>
- readd %sysusers_requires, as otherwise the %pre script fails to install
-------------------------------------------------------------------
Fri Nov 29 13:56:56 UTC 2024 - mcepl@cepl.eu
- Update to version 2.6.1+git.1732869438.f7883c2:
* init
* add libtool for macos
* upgrade to macos-14
* build on selected branches push only
* tweek
* Minor README.md fixes
* Add macOS to CI
* Build and run tests in CI for Windows
* Add GitHub Actions CI
- Update softhsm2-pk11install.c from
https://github.com/dogtagpki/coolkey/blob/master/src/install/pk11install.c
-------------------------------------------------------------------
Mon Sep 16 20:57:39 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
- Update to version 2.6.1+git.1700562855.913e7bf:
* fix typo
* Move cmake modules into own/clearer directory
* avoid unnecessary check for sqlite3 binary
* Fix memory leak in SoftHSM::UnwrapKeySym.
* doc add CMAKE build for windows
* fix check minimal botan version
* fix db backend tools compilation errors
* feat enable DB backend for windows
* fix compilation warnings
* fix cmake minimal version (CMP0054)
* feat make test output more verbose
* feat enable openssl build
* feat make ctest ouput more verbose
* feat disable openssl backend
* fix cppunit handlemanager
* fix remove getopt from cache
* fix cppunit path
* fix cmake minimal version 3.20
* fix unreferenced formal parameter warning
* fix missing cppunit include
* fix cppUnit path
* fix remove windows getopt component under GNU license
* fix appveyor build script
* Update .appveyor.yml
* fix appveyor build script
* fix appveyor build script
* fix update vcpkg build tool
* Update .appveyor.yml
* fix update appveyor vcpkg build tool
* fix update appveyor vcpkg build tool
* fix cmake MSVC flags
* fix vcpkg options
* fix compile options
* feat add console output for test executable
* feat add windows compile options
* feat make tests more verbose
* fix disable ECB test
* fix build script for CppUnit
* fix disable ECB Tests
* fix enable appveyor cache on error
* fix enable appveyor cache on error
* fix cppunit vcpkg autodetect
* fix remove cppunit path
* fix enable post build tests
* fix windows duplicate define
* fix windows execution
* feat add a message if cppunit library is missing
* fix add Softhsm2-negative-mech.conf for p11test
* fix cmake windows static lib
* fix Botan ECB mode dropped
* fix set warning level to W4 for softhsm test binaries
* fix set warning level to W4 for softhsm libraries
* feat change compile crypto backend order
* fix add cmake windows compatibility files
* fix DEFAULT_UMASK missing
* fix set windows compile warning level W4
* fix set windows compiler warning W4
* fix ECC & GOST are now disabled by default
* Fix issue 585 by resetting en/decrypt op on input validation
* Enforce attributes becoming read-only once set to CK_TRUE on CKA_WRAP_WITH_TRUSTED and CKA_SENSITIVE
- Remove upstreamed patches:
* softhsm-2.6.1-rh1831086-exit.patch
* softhsm-2.6.1-uninitialized.patch
-------------------------------------------------------------------
Tue May 21 07:24:23 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
- Use correct SOURCE for
/usr/share/p11-kit/modules/softhsm.module (fix bsc#1224356).
-------------------------------------------------------------------
Sat May 11 16:00:16 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
- We actually don't need any hard Requires for OpenSSL at all
(and yes, rpmlint is right, we shouldn't use it at all).
-------------------------------------------------------------------
Tue May 7 15:59:43 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
- Add creation of ods user.
-------------------------------------------------------------------
Mon Apr 15 12:26:57 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
- Rebuild with inspiration (and patches) from the Fedora package.
- Remove obsolete patch softhsm-rsakeys.patch
- Add Fedora patches (comments in SPEC indicate their true origin):
- softhsm-openssl3-tests.patch
- softhsm-prevent-global-deleted-objects-access.patch
- softhsm-2.6.1-rh1831086-exit.patch
- softhsm-2.6.1-uninitialized.patch
-------------------------------------------------------------------
Thu Apr 21 09:51:16 UTC 2022 - Marcus Meissner <meissner@suse.com>
- switched URL to https
-------------------------------------------------------------------
Thu Apr 30 15:31:19 UTC 2020 - Martin Hauke <mardnh@gmx.de>
- Update to version 2.6.1
* Issue #542: Support Ed448/X448 for OpenSSL
* Issue #538: Improved warning and compilation issues for GCC10
-------------------------------------------------------------------
Tue Mar 17 19:58:51 UTC 2020 - Martin Hauke <mardnh@gmx.de>
- Update to version 2.6.0
Changes:
* Issue #493: Upgrade to Botan 2.
* Issue #530: Update appveyor build.
* Issue #438: Detect crypto algorithms by default.
* Issue #455: Provide a new configuration option to allow enabling and
disabling various mechanisms (slots.mechanisms in the softhsm2.conf).
* Issue #479: Increase SQLite busy timeout from 15 seconds to 3 minutes.
* Issue #513: Add configuration option to reset state on fork closing all
sessions rather than keeping all sessions open in duplicate process.
* Issue #500: C_WaitForSlotEvent implementation.
* Issue #445: Add wrap support with CKM_AES_CBC.
Bugfixes:
* Issue #418: Set fields to NULL to avoid double free.
* Issue #423: ENGINE_load_rdrand is not supported with older openssl.
* Issue #429: Updated prerequisite to build from repository.
* Issue #434: Fix build issues with CMake.
* Issue #435: Fix botan build without EDDSA.
* Issue #442: Release resources from OSSLEVPSymmetricAlgorithm.
* Issue #449/#502: Do not copy zero sized buffer avoid null pointer reference.
* Issue #464: Race condition with multiple threads closing last session and
opening a newer sessions.
* Issue #452: Fixes to automake build fir undefined macros.
* Issue #462: User PIN count wrongly calculated.
* Issue #516: Fix memory leak in OSSLCryptoFactory.
* Issue #494: Allow null pointers as arguments when count is zero.
* Issue #518: Sporadic problem in closing sessions because of lookup of
object without prior locking.
* Issue #506: Check key type for C_EncryptInit and C_DecryptInit.
* Issue #526: Adjust EDDSA code to return valid EC_PARAMS.
* Issue #452: Autogen failure on undefined macro AC_MSG_ERROR.
* Issue #527: Fixed some build errors for GCC 10.
* Issue #470: Null pointer arguments validation for C_EncryptFinal, etc.
-------------------------------------------------------------------
Mon May 20 13:38:34 UTC 2019 - Christophe Giboudeaux <christophe@krop.fr>
- Add the missing zlib requirement.
-------------------------------------------------------------------
Mon Sep 24 18:05:44 UTC 2018 - Michael Ströder <michael@stroeder.com>
- Update to version 2.5.0
Updates:
* Issue #323: Support for EDDSA with vendor defined mechanisms.
* Issue #362: CMake Build System Support for SoftHSM.
* Issue #368: Support migrating 32-bit SoftHSMv1 DB on 64-bit system (LP64).
* Issue #385: Default is not to build EDDSA since it has not been released in OpenSSL.
* Issue #387: Windows: Add VS2017 detection to Configure.py.
* Issue #412: Replace PKCS11 headers with a version from p11-kit.
Bugfixes:
* Issue #366: Support cross-compilation.
* Issue #377: Duplicate symbol error with custom p11test.
* Issue #386: Use RDRAND in OpenSSL if that engine is available.
* Issue #388: Update DBTests.cpp to fix x86 test failure.
* Issue #393: Not setting CKA_PUBLIC_KEY_INFO correctly.
* Issue #401: Wrong key and keyserver mentioned in installation documentation.
* Issue #408: Remove mutex callbacks after C_Finalize().
-------------------------------------------------------------------
Tue Feb 27 18:50:20 UTC 2018 - mardnh@gmx.de
- Update to version 2.4.0
* Support PKCS#8 for GOST.
* Support for CKA_ALLOWED_MECHANISMS.
* Support CKA_ALWAYS_AUTHENTICATE for private key objects.
* Support for CKM_DES3_CMAC and CKM_AES_CMAC.
* Support for CKM_AES_GCM.
* Document that initialized tokens will be reassigned to another
slot (based on the token serial number).
* Support for CKM_RSA_PKCS_PSS.
* Import AES keys with softhsm2-util.
* softhsm2-util will check the configuration and report any
issues before loading the PKCS#11 library.
-------------------------------------------------------------------
Sun Dec 17 19:16:24 UTC 2017 - mardnh@gmx.de
- Update to version 2.3.0
* Upgraded to PKCS#11 v2.40.
* Minor changes to some return values.
* Added CKA_DESTROYABLE to all objects. Used by C_DestroyObject().
* Added CKA_PUBLIC_KEY_INFO to certificates, private, and public key
objects. Will be accepted from application, but SoftHSM will
currently not calculate it.
* Support for CKM_AES_CTR.
* Add unit tests for SessionManager.
* C_DigestKey returns CKR_KEY_INDIGESTIBLE when key
attribute CKA_EXTRACTABLE = false. Whitelist SHA algorithms to allow
C_DigestKey in this case.
* Show slot id after initialization.
* Run AppVeyor (Windows CI) for each PR and merge.
* Set CKA_DECRYPT/CKA_ENCRYPT flags on key import to true.
* Add support for libeaycompat lib for FIPS on Windows.
* Support importing ECDSA P-521 in softhsm-util.
* Support for Botan 2.0.
* Editorial changes from Mountain Lion to Sierra.
* More detailed error messages when initializing SoftHSM.
* Support for LibreSSL.
* Change to enable builds and reports on new Jenkinks environment.
* Detect cppunit in autoconf.
* CKO_CERTIFICATE and CKO_PUBLIC_KEY now defaults to CKA_PRIVATE=false.
* Update README with information about logging.
* Adjust log levels for failing to enumerate object store.
* Better handling of CRYPTO_set_locking_callback() for OpenSSL.
* Fix deriving shared secret with ECC.
* HMAC with sizes less than L bytes is strongly discouraged.
Set a lower bound equal to L bytes in ulMinKeySize and check it when
initializing the operation.
* Fix test of p11 shared library.
* Minor fix of 'EVP_CipherFinal_ex'.
* Fix build with cppunit.
* Export PKCS#11 symbols from the library.
* Zero pad key to fit the block in CKM_AES_KEY_WRAP.
* Detecting CppUnit when using Macports.
- Update to version 2.2.0
* Delete a token using softhsm2-util.
* Change access mode bits for /var/lib/softhsm/tokens/
to 1777. All users can now create tokens, but only access their own.
* Reinitializing a token will now keep the token, but all
token objects are deleted, the user PIN is removed and the token
label is updated.
* Support for OpenSSL 1.1.0.
* Calling C_GetSlotList with NULL_PTR will make sure that
there is always a slot with an uninitialized token available.
* The token serial number will be used when setting the slot
number. The serial number is set after the token has been initialized.
* Update the command utils to use the token label or serial
to find the token and its slot number.
* Possibility to test other PKCS#11 implementations with the CppUnit test.
* Mark public key as non private by default.
* Install p11-kit module, to disable use --disable-p11-kit.
* Add windows continuous integration build.
* Missing new source file and test configuration in the
Windows build project.
* ECDSA P-521 support for OpenSSL and better test coverage.
* Fix segmentation faults in loadLibrary function.
* Crash on module unload with OpenSSL.
* C++11 not detected.
* API changes in Botan 1.11.27.
* Fix include guard to check WITH_FIPS.
* p11test fails on 32-bit systems.
* Build warning about "converting a string constant".
* Fix C++11 check to look for unique_ptr.
- Update to version 2.1.0
* Improved guide and build scripts for Windows.
* The password prompt in softhsm2-util can now be
interrupted (ctrl-c).
* Add slots.removable config option.
* Prioritize the return values in C_GetAttributeValue.
* Handle the CKA_CHECK_VALUE correctly for certificates
and symmetric key objects.
* Not possible to create certificate objects containing
CKA_CERTIFICATE_CATEGORY, CKA_NAME_HASH_ALGORITHM, or
CKA_JAVA_MIDP_SECURITY_DOMAIN.
* Do not attempt decryption of empty byte strings.
* Minor changes after a PVS-Studio code analysis, and
C_EncryptUpdate crash if no ciphered data is produced.
* One-byte buffer overflow in call to EVP_DecryptUpdate.
* Problem while closing library that is initialized but
improperly finalized.
* Adjust return values for the template parsing.
* C_DeriveKey() error with leading zero bytes.
* CKA_NEVER_EXTRACTABLE set to CK_FALSE on objects
created with C_CreateObject.
* Stop discarding the global OpenSSL libcrypto state.
- Drop not longer needed patches (fixed upstream):
* softhsm-v2.0.0b1-aes-key-wrap.patch
* softhsm-v2.0.0b1-ckm-rsa-pkcs-oaep-key-wrap.patch
* softhsm-newcppunit.patch
- Rebase patches:
* softhsm-rsakeys.patch
- Fix URL
-------------------------------------------------------------------
Sun May 7 17:08:43 UTC 2017 - meissner@suse.com
- softhsm-newcppunit.patch: new cppunit uses pkg-config now, not
cppunit-config
-------------------------------------------------------------------
Thu Oct 8 14:00:49 UTC 2015 - meissner@suse.com
- softhsm-rsakeys.patch: do not test odd bit RSA keys, this breaks
with the FIPS enabled openssl from leap/sle12, as thats rounds
up the keylength to the next even number. bsc#949492
-------------------------------------------------------------------
Fri May 8 11:32:00 UTC 2015 - hguo@suse.com
- Source extracted from Fedora 21 release SRPM with minor modifications.
-------------------------------------------------------------------
Tue Sep 30 00:00:00 UTC 2014 - pwouters@redhat.com
- Add support for CKM_RSA_PKCS_OAEP key un/wrapping [Petr Spacek]
- Use OpenSSL EVP interface for AES key wrapping [Petr Spacek]
- Fix softhsm2-pk11install buid and post call
- Do not use --with-objectstore-backend-db (causes issues on i686)
- Change install directory to /usr/lib*/pkcs11/
- Install pkcs11 module file
- Use official upstream tar ball
- Create ods user to own softhsm/token files
- Enable migration tools (for softhsm-v1 installs)
- Add softlink for softhsm-v1 .so (needed for opendnssec's conf.xml)
- Require p11-kit, nss-tools, for SoftHSM PKCS #11 Module file
- Copy pk11install.c from coolkey package
- Enable hardened build
- Add upstream official source url
-------------------------------------------------------------------
Fri Apr 18 00:00:00 UTC 2014 - pwouters@redhat.com
- Updated to 1.3.6 (rhbz#1070196)
- Provide a p11-kit module file (rhbz#1085327)
-------------------------------------------------------------------
Sun Nov 3 00:00:00 UTC 2013 - pwouters@redhat.com
- Updated to 1.3.5 (rhbz#987721)
-------------------------------------------------------------------
Mon Jun 4 00:00:00 UTC 2012 - pwouters@redhat.com
- Updated to 1.3.3
-------------------------------------------------------------------
Tue Apr 3 00:00:00 UTC 2012 - pwouters@redhat.com
- Updated to 1.3.2.
- Changed user from opendnssec to ods, as used in the opendnssec package
-------------------------------------------------------------------
Thu Oct 27 00:00:00 UTC 2011 - paul@xelerance.com
- Initial Fedora package
- Do not install the .a file
- Use a separate "opendnssec" user to own /var/sofhsm
-------------------------------------------------------------------
Tue Oct 25 00:00:00 UTC 2011 - paul@xelerance.com
- Fix description texts w.r.t. include files
-------------------------------------------------------------------
Wed Oct 5 00:00:00 UTC 2011 - paul@xelerance.com
- Upgraded to 1.3.0
-------------------------------------------------------------------
Thu Mar 3 00:00:00 UTC 2011 - paul@xelerance.com
- Initial package for Fedora
