softhsm-2.6.1-1.1 RPM for x86_64

From OpenSuSE Tumbleweed for x86_64

OpenDNSSEC is providing a software implementation of a generic
cryptographic device with a PKCS#11 interface, the SoftHSM. SoftHSM is
designed to meet the requirements of OpenDNSSEC, but can also work together
with other cryptographic products because of the PKCS#11 interface.

Provides

• softhsm
• config(softhsm)
• group(ods)
• libsofthsm2.so()(64bit)
• softhsm(x86-64)
• user(ods)

Requires

• /bin/sh
• /bin/sh
• config(softhsm) = 2.6.1-1.1
• group(ods)
• libc.so.6()(64bit)
• libc.so.6(GLIBC_2.14)(64bit)
• libc.so.6(GLIBC_2.2.5)(64bit)
• libc.so.6(GLIBC_2.27)(64bit)
• libc.so.6(GLIBC_2.3)(64bit)
• libc.so.6(GLIBC_2.3.4)(64bit)
• libc.so.6(GLIBC_2.33)(64bit)
• libc.so.6(GLIBC_2.34)(64bit)
• libc.so.6(GLIBC_2.38)(64bit)
• libc.so.6(GLIBC_2.4)(64bit)
• libcrypto.so.3()(64bit)
• libcrypto.so.3(OPENSSL_3.0.0)(64bit)
• libgcc_s.so.1()(64bit)
• libgcc_s.so.1(GCC_3.0)(64bit)
• libnspr4.so()(64bit)
• libnss3.so()(64bit)
• libnssutil3.so()(64bit)
• libplc4.so()(64bit)
• libplds4.so()(64bit)
• libsmime3.so()(64bit)
• libsoftokn3.so()(64bit)
• libsoftokn3.so(NSS_3.4)(64bit)
• libsqlite3.so.0()(64bit)
• libssl3.so()(64bit)
• libstdc++.so.6()(64bit)
• libstdc++.so.6(CXXABI_1.3)(64bit)
• libstdc++.so.6(CXXABI_1.3.9)(64bit)
• libstdc++.so.6(GLIBCXX_3.4)(64bit)
• libstdc++.so.6(GLIBCXX_3.4.15)(64bit)
• libstdc++.so.6(GLIBCXX_3.4.20)(64bit)
• libstdc++.so.6(GLIBCXX_3.4.21)(64bit)
• libstdc++.so.6(GLIBCXX_3.4.29)(64bit)
• libstdc++.so.6(GLIBCXX_3.4.32)(64bit)
• libstdc++.so.6(GLIBCXX_3.4.9)(64bit)
• libz.so.1()(64bit)
• mozilla-nss-tools
• p11-kit
• rpmlib(CompressedFileNames) <= 3.0.4-1
• rpmlib(FileDigests) <= 4.6.0-1
• rpmlib(PayloadFilesHavePrefix) <= 4.0-1
• rpmlib(PayloadIsZstd) <= 5.4.18-1
• shadow
• sysuser-shadow >= 3.2
• user(ods)

License

BSD-2-Clause

Changelog

* Sat May 11 2024 Matej Cepl <mcepl@cepl.eu>
  - We actually don't need any hard Requires for OpenSSL at all
    (and yes, rpmlint is right, we shouldn't use it at all).
* Tue May 07 2024 Matej Cepl <mcepl@cepl.eu>
  - Add creation of ods user.
* Mon Apr 15 2024 Matej Cepl <mcepl@cepl.eu>
  - Rebuild with inspiration (and patches) from the Fedora package.
  - Remove obsolete patch softhsm-rsakeys.patch
  - Add Fedora patches (comments in SPEC indicate their true origin):
    - softhsm-openssl3-tests.patch
    - softhsm-prevent-global-deleted-objects-access.patch
    - softhsm-2.6.1-rh1831086-exit.patch
    - softhsm-2.6.1-uninitialized.patch
* Thu Apr 21 2022 Marcus Meissner <meissner@suse.com>
  - switched URL to https
* Thu Apr 30 2020 Martin Hauke <mardnh@gmx.de>
  - Update to version 2.6.1
    * Issue #542: Support Ed448/X448 for OpenSSL
    * Issue #538: Improved warning and compilation issues for GCC10
* Tue Mar 17 2020 Martin Hauke <mardnh@gmx.de>
  - Update to version 2.6.0
    Changes:
    * Issue #493: Upgrade to Botan 2.
    * Issue #530: Update appveyor build.
    * Issue #438: Detect crypto algorithms by default.
    * Issue #455: Provide a new configuration option to allow enabling and
      disabling various mechanisms (slots.mechanisms in the softhsm2.conf).
    * Issue #479: Increase SQLite busy timeout from 15 seconds to 3 minutes.
    * Issue #513: Add configuration option to reset state on fork closing all
      sessions rather than keeping all sessions open in duplicate process.
    * Issue #500: C_WaitForSlotEvent implementation.
    * Issue #445: Add wrap support with CKM_AES_CBC.
    Bugfixes:
    * Issue #418: Set fields to NULL to avoid double free.
    * Issue #423: ENGINE_load_rdrand is not supported with older openssl.
    * Issue #429: Updated prerequisite to build from repository.
    * Issue #434: Fix build issues with CMake.
    * Issue #435: Fix botan build without EDDSA.
    * Issue #442: Release resources from OSSLEVPSymmetricAlgorithm.
    * Issue #449/#502: Do not copy zero sized buffer avoid null pointer reference.
    * Issue #464: Race condition with multiple threads closing last session and
      opening a newer sessions.
    * Issue #452: Fixes to automake build fir undefined macros.
    * Issue #462: User PIN count wrongly calculated.
    * Issue #516: Fix memory leak in OSSLCryptoFactory.
    * Issue #494: Allow null pointers as arguments when count is zero.
    * Issue #518: Sporadic problem in closing sessions because of lookup of
      object without prior locking.
    * Issue #506: Check key type for C_EncryptInit and C_DecryptInit.
    * Issue #526: Adjust EDDSA code to return valid EC_PARAMS.
    * Issue #452: Autogen failure on undefined macro AC_MSG_ERROR.
    * Issue #527: Fixed some build errors for GCC 10.
    * Issue #470: Null pointer arguments validation for C_EncryptFinal, etc.
* Mon May 20 2019 Christophe Giboudeaux <christophe@krop.fr>
  - Add the missing zlib requirement.
* Mon Sep 24 2018 Michael Ströder <michael@stroeder.com>
  - Update to version 2.5.0
    Updates:
    * Issue #323: Support for EDDSA with vendor defined mechanisms.
    * Issue #362: CMake Build System Support for SoftHSM.
    * Issue #368: Support migrating 32-bit SoftHSMv1 DB on 64-bit system (LP64).
    * Issue #385: Default is not to build EDDSA since it has not been released in OpenSSL.
    * Issue #387: Windows: Add VS2017 detection to Configure.py.
    * Issue #412: Replace PKCS11 headers with a version from p11-kit.
    Bugfixes:
    * Issue #366: Support cross-compilation.
    * Issue #377: Duplicate symbol error with custom p11test.
    * Issue #386: Use RDRAND in OpenSSL if that engine is available.
    * Issue #388: Update DBTests.cpp to fix x86 test failure.
    * Issue #393: Not setting CKA_PUBLIC_KEY_INFO correctly.
    * Issue #401: Wrong key and keyserver mentioned in installation documentation.
    * Issue #408: Remove mutex callbacks after C_Finalize().
* Tue Feb 27 2018 mardnh@gmx.de
  - Update to version 2.4.0
    * Support PKCS#8 for GOST.
    * Support for CKA_ALLOWED_MECHANISMS.
    * Support CKA_ALWAYS_AUTHENTICATE for private key objects.
    * Support for CKM_DES3_CMAC and CKM_AES_CMAC.
    * Support for CKM_AES_GCM.
    * Document that initialized tokens will be reassigned to another
      slot (based on the token serial number).
    * Support for CKM_RSA_PKCS_PSS.
    * Import AES keys with softhsm2-util.
    * softhsm2-util will check the configuration and report any
      issues before loading the PKCS#11 library.
* Sun Dec 17 2017 mardnh@gmx.de
  - Update to version 2.3.0
    * Upgraded to PKCS#11 v2.40.
    * Minor changes to some return values.
    * Added CKA_DESTROYABLE to all objects. Used by C_DestroyObject().
    * Added CKA_PUBLIC_KEY_INFO to certificates, private, and public key
      objects. Will be accepted from application, but SoftHSM will
      currently not calculate it.
    * Support for CKM_AES_CTR.
    * Add unit tests for SessionManager.
    * C_DigestKey returns CKR_KEY_INDIGESTIBLE when key
      attribute CKA_EXTRACTABLE = false. Whitelist SHA algorithms to allow
      C_DigestKey in this case.
    * Show slot id after initialization.
    * Run AppVeyor (Windows CI) for each PR and merge.
    * Set CKA_DECRYPT/CKA_ENCRYPT flags on key import to true.
    * Add support for libeaycompat lib for FIPS on Windows.
    * Support importing ECDSA P-521 in softhsm-util.
    * Support for Botan 2.0.
    * Editorial changes from Mountain Lion to Sierra.
    * More detailed error messages when initializing SoftHSM.
    * Support for LibreSSL.
    * Change to enable builds and reports on new Jenkinks environment.
    * Detect cppunit in autoconf.
    * CKO_CERTIFICATE and CKO_PUBLIC_KEY now defaults to CKA_PRIVATE=false.
    * Update README with information about logging.
    * Adjust log levels for failing to enumerate object store.
    * Better handling of CRYPTO_set_locking_callback() for OpenSSL.
    * Fix deriving shared secret with ECC.
    * HMAC with sizes less than L bytes is strongly discouraged.
      Set a lower bound equal to L bytes in ulMinKeySize and check it when
      initializing the operation.
    * Fix test of p11 shared library.
    * Minor fix of 'EVP_CipherFinal_ex'.
    * Fix build with cppunit.
    * Export PKCS#11 symbols from the library.
    * Zero pad key to fit the block in CKM_AES_KEY_WRAP.
    * Detecting CppUnit when using Macports.
  - Update to version 2.2.0
    * Delete a token using softhsm2-util.
    * Change access mode bits for /var/lib/softhsm/tokens/
      to 1777. All users can now create tokens, but only access their own.
    * Reinitializing a token will now keep the token, but all
      token objects are deleted, the user PIN is removed and the token
      label is updated.
    * Support for OpenSSL 1.1.0.
    * Calling C_GetSlotList with NULL_PTR will make sure that
      there is always a slot with an uninitialized token available.
    * The token serial number will be used when setting the slot
      number. The serial number is set after the token has been initialized.
    * Update the command utils to use the token label or serial
      to find the token and its slot number.
    * Possibility to test other PKCS#11 implementations with the CppUnit test.
    * Mark public key as non private by default.
    * Install p11-kit module, to disable use --disable-p11-kit.
    * Add windows continuous integration build.
    * Missing new source file and test configuration in the
      Windows build project.
    * ECDSA P-521 support for OpenSSL and better test coverage.
    * Fix segmentation faults in loadLibrary function.
    * Crash on module unload with OpenSSL.
    * C++11 not detected.
    * API changes in Botan 1.11.27.
    * Fix include guard to check WITH_FIPS.
    * p11test fails on 32-bit systems.
    * Build warning about "converting a string constant".
    * Fix C++11 check to look for unique_ptr.
  - Update to version 2.1.0
    * Improved guide and build scripts for Windows.
    * The password prompt in softhsm2-util can now be
      interrupted (ctrl-c).
    * Add slots.removable config option.
    * Prioritize the return values in C_GetAttributeValue.
    * Handle the CKA_CHECK_VALUE correctly for certificates
      and symmetric key objects.
    * Not possible to create certificate objects containing
      CKA_CERTIFICATE_CATEGORY, CKA_NAME_HASH_ALGORITHM, or
      CKA_JAVA_MIDP_SECURITY_DOMAIN.
    * Do not attempt decryption of empty byte strings.
    * Minor changes after a PVS-Studio code analysis, and
      C_EncryptUpdate crash if no ciphered data is produced.
    * One-byte buffer overflow in call to EVP_DecryptUpdate.
    * Problem while closing library that is initialized but
      improperly finalized.
    * Adjust return values for the template parsing.
    * C_DeriveKey() error with leading zero bytes.
    * CKA_NEVER_EXTRACTABLE set to CK_FALSE on objects
      created with C_CreateObject.
    * Stop discarding the global OpenSSL libcrypto state.
  - Drop not longer needed patches (fixed upstream):
    * softhsm-v2.0.0b1-aes-key-wrap.patch
    * softhsm-v2.0.0b1-ckm-rsa-pkcs-oaep-key-wrap.patch
    * softhsm-newcppunit.patch
  - Rebase patches:
    * softhsm-rsakeys.patch
  - Fix URL

Files

/etc/softhsm2.conf
/usr/bin/softhsm2-dump-file
/usr/bin/softhsm2-keyconv
/usr/bin/softhsm2-migrate
/usr/bin/softhsm2-pk11install
/usr/bin/softhsm2-util
/usr/lib/sysusers.d/ods-user.conf
/usr/lib64/pkcs11/libsofthsm2.so
/usr/lib64/softhsm
/usr/lib64/softhsm/libsofthsm.so
/usr/share/doc/packages/softhsm
/usr/share/doc/packages/softhsm/FIPS-NOTES.md
/usr/share/doc/packages/softhsm/NEWS
/usr/share/doc/packages/softhsm/README.md
/usr/share/doc/packages/softhsm/fedora.changelog
/usr/share/licenses/softhsm
/usr/share/licenses/softhsm/LICENSE
/usr/share/man/man1/softhsm2-dump-file.1.gz
/usr/share/man/man1/softhsm2-keyconv.1.gz
/usr/share/man/man1/softhsm2-migrate.1.gz
/usr/share/man/man1/softhsm2-util.1.gz
/usr/share/man/man5/softhsm2.conf.5.gz
/usr/share/p11-kit/modules/softhsm.module
/usr/share/p11-kit/modules/softhsm2.module
/var/lib/softhsm
/var/lib/softhsm/tokens

Generated by rpm2html 1.8.1

Fabrice Bellet, Wed May 22 00:17:41 2024