Bug 1818877

Summary: [Rebase] Rebase to softhsm 2.6.0+
Product: Red Hat Enterprise Linux 8 Reporter: Alexander Bokovoy <abokovoy>
Component: softhsmAssignee: Alexander Bokovoy <abokovoy>
Status: CLOSED ERRATA QA Contact: Kaleem <ksiddiqu>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.3CC: sumenon
Target Milestone: rcKeywords: Rebase
Target Release: 8.0Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: softhsm-2.6.0-1.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-11-04 02:50:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Alexander Bokovoy 2020-03-30 15:23:54 UTC 
SoftHSMv2 2.6.0 was released on March 17th 2020: https://github.com/opendnssec/SoftHSMv2/releases/tag/2.6.0

Rebase SoftHSM to 2.6.0 to pick up fixes and features expected. For example, RFE from bugzilla 1701233 is implemented there.

SoftHSM 2.6.0 - 2020-03-17

* Issue #493: Upgrade to Botan 2.
* Issue #530: Update appveyor build.
* Issue #438: Detect crypto algorithms by default.
  (Patch from Alon Bar-Lev)
* Issue #455: Provide a new configuration option to allow enabling and
  disabling various mechanisms (slots.mechanisms in the softhsm2.conf).
  (Thanks to Jakub Jelen)
* Issue #479: Increase SQLite busy timeout from 15 seconds to 3 minutes.
  (Patch from Jan Luebbe)
* Issue #513: Add configuration option to reset state on fork closing all
  sessions rather than keeping all sessions open in duplicate process.
  (Thanks to Anderson Toshiyuki Sasaki)
* Issue #500: C_WaitForSlotEvent implementation.
  (Patch from massey101)
* Issue #445: Add wrap support with CKM_AES_CBC.

Bugfixes:
* Issue #418: Set fields to NULL to avoid double free.
  (Patch from Brian J Murray)
* Issue #423: ENGINE_load_rdrand is not supported with older openssl.
  (Patch from Alon Bar-Lev)
* Issue #429: Updated prerequisite to build from repository.
  (Patch from Dharmesh Khandelwal)
* Issue #434: Fix build issues with CMake.
  (Patch from Peter Wu)
* Issue #435: Fix botan build without EDDSA.
  (Patch from Peter Wu)
* Issue #442: Release resources from OSSLEVPSymmetricAlgorithm.
  (Patch from Petr Menšík)
* Issue #449/#502: Do not copy zero sized buffer avoid null pointer reference.
  (Patch from space88man)
* Issue #464: Race condition with multiple threads closing last session and
  opening a newer sessions.
  (Patch from Takarth)
* Issue #452: Fixes to automake build fir undefined macros.
* Issue #462: User PIN count wrongly calculated.
  (Patch from Ondřej Hlavatý)
* Issue #516: Fix memory leak in OSSLCryptoFactory.
  (Patch from Anderson Sasaki)
* Issue #494: Allow null pointers as arguments when count is zero.
  (Patch from Yunjong Jeong)
* Issue #518: Sporadic problem in closing sessions because of lookup of
  object without prior locking.
* Issue #506: Check key type for C_EncryptInit and C_DecryptInit.
  (Patch from Yunjong Jeong)
* Issue #526: Adjust EDDSA code to return valid EC_PARAMS.
  (Patch from Jakub Jelen)
* Issue #452: Autogen failure on undefined macro AC_MSG_ERROR.
* Issue #527: Fixed some build errors for GCC 10.
* Issue #470: Null pointer arguments validation for C_EncryptFinal, etc.
Comment 1 Alexander Bokovoy 2020-03-30 16:57:36 UTC 
I'm testing FreeIPA against softhsm 2.6.0 here: https://github.com/abbra/freeipa/pull/27
The test doesn't require any special changes in FreeIPA itself.
Comment 3 Alexander Bokovoy 2020-04-01 07:34:26 UTC 
The update to softhsm 2.6.0 is committed and will be built as part of idm:DL1 module stream build.
Comment 6 Kaleem 2020-06-30 07:17:39 UTC 
no automated required, so setting qe_test_coverage to -
Comment 10 errata-xmlrpc 2020-11-04 02:50:41 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:4670