Hello community, here is the log from the commit of package softhsm for openSUSE:Factory checked in at 2018-01-13 21:44:33 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/softhsm (Old) and /work/SRC/openSUSE:Factory/.softhsm.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "softhsm" Sat Jan 13 21:44:33 2018 rev:4 rq:557872 version:2.3.0 Changes: -------- --- /work/SRC/openSUSE:Factory/softhsm/softhsm.changes 2017-05-08 19:04:37.458495614 +0200 +++ /work/SRC/openSUSE:Factory/.softhsm.new/softhsm.changes 2018-01-13 21:44:38.098500662 +0100 @@ -1,0 +2,102 @@ +Sun Dec 17 19:16:24 UTC 2017 - [email protected] + +- Update to version 2.3.0 + * Upgraded to PKCS#11 v2.40. + * Minor changes to some return values. + * Added CKA_DESTROYABLE to all objects. Used by C_DestroyObject(). + * Added CKA_PUBLIC_KEY_INFO to certificates, private, and public key + objects. Will be accepted from application, but SoftHSM will + currently not calculate it. + * Support for CKM_AES_CTR. + * Add unit tests for SessionManager. + * C_DigestKey returns CKR_KEY_INDIGESTIBLE when key + attribute CKA_EXTRACTABLE = false. Whitelist SHA algorithms to allow + C_DigestKey in this case. + * Show slot id after initialization. + * Run AppVeyor (Windows CI) for each PR and merge. + * Set CKA_DECRYPT/CKA_ENCRYPT flags on key import to true. + * Add support for libeaycompat lib for FIPS on Windows. + * Support importing ECDSA P-521 in softhsm-util. + * Support for Botan 2.0. + * Editorial changes from Mountain Lion to Sierra. + * More detailed error messages when initializing SoftHSM. + * Support for LibreSSL. + * Change to enable builds and reports on new Jenkinks environment. + * Detect cppunit in autoconf. + * CKO_CERTIFICATE and CKO_PUBLIC_KEY now defaults to CKA_PRIVATE=false. + * Update README with information about logging. + * Adjust log levels for failing to enumerate object store. + * Better handling of CRYPTO_set_locking_callback() for OpenSSL. + * Fix deriving shared secret with ECC. + * HMAC with sizes less than L bytes is strongly discouraged. + Set a lower bound equal to L bytes in ulMinKeySize and check it when + initializing the operation. + * Fix test of p11 shared library. + * Minor fix of 'EVP_CipherFinal_ex'. + * Fix build with cppunit. + * Export PKCS#11 symbols from the library. + * Zero pad key to fit the block in CKM_AES_KEY_WRAP. + * Detecting CppUnit when using Macports. + +- Update to version 2.2.0 + * Delete a token using softhsm2-util. + * Change access mode bits for /var/lib/softhsm/tokens/ + to 1777. All users can now create tokens, but only access their own. + * Reinitializing a token will now keep the token, but all + token objects are deleted, the user PIN is removed and the token + label is updated. + * Support for OpenSSL 1.1.0. + * Calling C_GetSlotList with NULL_PTR will make sure that + there is always a slot with an uninitialized token available. + * The token serial number will be used when setting the slot + number. The serial number is set after the token has been initialized. + * Update the command utils to use the token label or serial + to find the token and its slot number. + * Possibility to test other PKCS#11 implementations with the CppUnit test. + * Mark public key as non private by default. + * Install p11-kit module, to disable use --disable-p11-kit. + * Add windows continuous integration build. + * Missing new source file and test configuration in the + Windows build project. + * ECDSA P-521 support for OpenSSL and better test coverage. + * Fix segmentation faults in loadLibrary function. + * Crash on module unload with OpenSSL. + * C++11 not detected. + * API changes in Botan 1.11.27. + * Fix include guard to check WITH_FIPS. + * p11test fails on 32-bit systems. + * Build warning about "converting a string constant". + * Fix C++11 check to look for unique_ptr. + +- Update to version 2.1.0 + * Improved guide and build scripts for Windows. + * The password prompt in softhsm2-util can now be + interrupted (ctrl-c). + * Add slots.removable config option. + * Prioritize the return values in C_GetAttributeValue. + * Handle the CKA_CHECK_VALUE correctly for certificates + and symmetric key objects. + * Not possible to create certificate objects containing + CKA_CERTIFICATE_CATEGORY, CKA_NAME_HASH_ALGORITHM, or + CKA_JAVA_MIDP_SECURITY_DOMAIN. + * Do not attempt decryption of empty byte strings. + * Minor changes after a PVS-Studio code analysis, and + C_EncryptUpdate crash if no ciphered data is produced. + * One-byte buffer overflow in call to EVP_DecryptUpdate. + * Problem while closing library that is initialized but + improperly finalized. + * Adjust return values for the template parsing. + * C_DeriveKey() error with leading zero bytes. + * CKA_NEVER_EXTRACTABLE set to CK_FALSE on objects + created with C_CreateObject. + * Stop discarding the global OpenSSL libcrypto state. + +- Drop not longer needed patches (fixed upstream): + * softhsm-v2.0.0b1-aes-key-wrap.patch + * softhsm-v2.0.0b1-ckm-rsa-pkcs-oaep-key-wrap.patch + * softhsm-newcppunit.patch +- Rebase patches: + * softhsm-rsakeys.patch +- Fix URL + +------------------------------------------------------------------- Old: ---- softhsm-2.0.0b1.tar.gz softhsm-newcppunit.patch softhsm-v2.0.0b1-aes-key-wrap.patch softhsm-v2.0.0b1-ckm-rsa-pkcs-oaep-key-wrap.patch New: ---- softhsm-2.3.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ softhsm.spec ++++++ --- /var/tmp/diff_new_pack.KVjHx6/_old 2018-01-13 21:44:38.818467103 +0100 +++ /var/tmp/diff_new_pack.KVjHx6/_new 2018-01-13 21:44:38.822466917 +0100 @@ -20,18 +20,14 @@ License: BSD-2-Clause Group: Applications/System Name: softhsm -Version: 2.0.0b1 +Version: 2.3.0 Release: 0 Url: http://www.opendnssec.org/ -Source: http://dist.opendnssec.org/source/testing/%{name}-%{version}.tar.gz +Source: https://dist.opendnssec.org/source/%{name}-%{version}.tar.gz Source1: softhsm.module # taken from coolkey which is not build on all arches we build on Source2: softhsm2-pk11install.c -Patch1: softhsm-v2.0.0b1-aes-key-wrap.patch -Patch2: softhsm-v2.0.0b1-ckm-rsa-pkcs-oaep-key-wrap.patch Patch3: softhsm-rsakeys.patch -Patch4: softhsm-newcppunit.patch - BuildRequires: automake BuildRequires: cppunit-devel BuildRequires: gcc-c++ @@ -66,10 +62,7 @@ %prep %setup -q -%patch1 -p1 -%patch2 -p1 %patch3 -p1 -%patch4 -p1 # remove softhsm/ subdir auto-added to --libdir sed -i "s:full_libdir/softhsm:full_libdir:g" configure @@ -120,6 +113,7 @@ %{_libdir}/pkcs11/libsofthsm2.so %{_libdir}/softhsm/libsofthsm.so %attr(0664,root,root) %{_datadir}/p11-kit/modules/softhsm.module +%attr(0664,root,root) %{_datadir}/p11-kit/modules/softhsm2.module %attr(0770,ods,ods) %dir %{_var}/lib/softhsm %attr(0770,ods,ods) %dir %{_var}/lib/softhsm/tokens %{_mandir}/*/* ++++++ softhsm-2.0.0b1.tar.gz -> softhsm-2.3.0.tar.gz ++++++ ++++ 58188 lines of diff (skipped) ++++++ softhsm-rsakeys.patch ++++++ --- /var/tmp/diff_new_pack.KVjHx6/_old 2018-01-13 21:44:39.262446409 +0100 +++ /var/tmp/diff_new_pack.KVjHx6/_new 2018-01-13 21:44:39.262446409 +0100 @@ -1,13 +1,14 @@ -Index: softhsm-2.0.0b1/src/lib/crypto/test/RSATests.cpp -=================================================================== ---- softhsm-2.0.0b1.orig/src/lib/crypto/test/RSATests.cpp -+++ softhsm-2.0.0b1/src/lib/crypto/test/RSATests.cpp -@@ -79,9 +79,10 @@ void RSATests::testKeyGeneration() - // Key sizes to test +diff --git a/src/lib/crypto/test/RSATests.cpp b/src/lib/crypto/test/RSATests.cpp +index 9ac5b26..fe090f4 100644 +--- a/src/lib/crypto/test/RSATests.cpp ++++ b/src/lib/crypto/test/RSATests.cpp +@@ -80,10 +80,11 @@ void RSATests::testKeyGeneration() std::vector<size_t> keySizes; keySizes.push_back(1024); + #ifndef WITH_FIPS - keySizes.push_back(1025); + //keySizes.push_back(1025); + #endif keySizes.push_back(1280); keySizes.push_back(2048); + keySizes.push_back(3072);
