diff --git a/SOURCES/0001-use-warning-messages-for-failing-to-enumerate-store.patch b/SOURCES/0001-use-warning-messages-for-failing-to-enumerate-store.patch new file mode 100644 index 0000000..534e951 --- /dev/null +++ b/SOURCES/0001-use-warning-messages-for-failing-to-enumerate-store.patch @@ -0,0 +1,64 @@ +From a04a9acd5d399b700da17f90430c7efbf6719c25 Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos +Date: Mon, 26 Jun 2017 13:11:40 +0200 +Subject: [PATCH] use warning messages for failing to enumerate store + +In systems which use p11-kit to register all available PKCS#11 +modules, an unconfigured softhsm will always fail to load and +print the following to syslog: +Jun 26 13:29:05 host wget[6407]: ObjectStore.cpp(59): Failed to enumerate object in /var/lib/softhsm/tokens +Jun 26 13:29:05 host wget[6407]: SoftHSM.cpp(476): Could not load the object store + +That can be output to any command utilizing p11-kit (e.g., applications +using gnutls or engine_pkcs11 applications). + +To avoid that unnecessary print, I decreased the log level of +the message to warning and set the default configuration to +print only error messages to syslog. + +Signed-off-by: Nikos Mavrogiannopoulos +--- + src/lib/SoftHSM.cpp | 2 +- + src/lib/common/softhsm2.conf.in | 2 +- + src/lib/object_store/ObjectStore.cpp | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/lib/SoftHSM.cpp b/src/lib/SoftHSM.cpp +index 26dd6e5..bed5aa6 100644 +--- a/src/lib/SoftHSM.cpp ++++ b/src/lib/SoftHSM.cpp +@@ -473,7 +473,7 @@ CK_RV SoftHSM::C_Initialize(CK_VOID_PTR pInitArgs) + objectStore = new ObjectStore(Configuration::i()->getString("directories.tokendir", DEFAULT_TOKENDIR)); + if (!objectStore->isValid()) + { +- ERROR_MSG("Could not load the object store"); ++ WARNING_MSG("Could not load the object store"); + delete objectStore; + objectStore = NULL; + delete sessionObjectStore; +diff --git a/src/lib/common/softhsm2.conf.in b/src/lib/common/softhsm2.conf.in +index b208cb6..bd0a60b 100644 +--- a/src/lib/common/softhsm2.conf.in ++++ b/src/lib/common/softhsm2.conf.in +@@ -4,4 +4,4 @@ directories.tokendir = @softhsmtokendir@ + objectstore.backend = file + + # ERROR, WARNING, INFO, DEBUG +-log.level = INFO ++log.level = ERROR +diff --git a/src/lib/object_store/ObjectStore.cpp b/src/lib/object_store/ObjectStore.cpp +index 171cede..3cde15f 100644 +--- a/src/lib/object_store/ObjectStore.cpp ++++ b/src/lib/object_store/ObjectStore.cpp +@@ -56,7 +56,7 @@ ObjectStore::ObjectStore(std::string inStorePath) + + if (!storeDir.isValid()) + { +- ERROR_MSG("Failed to enumerate object store in %s", storePath.c_str()); ++ WARNING_MSG("Failed to enumerate object store in %s", storePath.c_str()); + + return; + } +-- +2.13.6 + diff --git a/SOURCES/0002-Issue-239-Crash-on-module-unload-with-OpenSSL.patch b/SOURCES/0002-Issue-239-Crash-on-module-unload-with-OpenSSL.patch new file mode 100644 index 0000000..7424859 --- /dev/null +++ b/SOURCES/0002-Issue-239-Crash-on-module-unload-with-OpenSSL.patch @@ -0,0 +1,62 @@ +From 371686fb68eff02020ddd80a702c39f31a849b8e Mon Sep 17 00:00:00 2001 +From: David Woodhouse +Date: Wed, 21 Sep 2016 08:20:29 +0100 +Subject: [PATCH] Issue #239: Crash on module unload with OpenSSL + +We use CRYPTO_set_id_callback() to set a callback, but we don't ever +remove it again on unload. So OpenSSL crashes the next time it needs a +thread-id. + +CRYPTO_set_id_callback() has been deprecated since OpenSSL 1.0.0, the +oldest we support. And redundant too, since OpenSSL has fallbacks which +include the address of errno. Which is going to work on any platform +with pthreads... and we were only calling CRYPTO_set_id_callback() on +platforms with pthreads. + +So just rip it out. +--- + src/lib/crypto/OSSLCryptoFactory.cpp | 14 -------------- + 1 file changed, 14 deletions(-) + +diff --git a/src/lib/crypto/OSSLCryptoFactory.cpp b/src/lib/crypto/OSSLCryptoFactory.cpp +index 3aa8dcd..fc059ae 100644 +--- a/src/lib/crypto/OSSLCryptoFactory.cpp ++++ b/src/lib/crypto/OSSLCryptoFactory.cpp +@@ -55,9 +55,6 @@ + #include "OSSLGOST.h" + #endif + +-#ifdef HAVE_PTHREAD_H +-#include +-#endif + #include + #include + #include +@@ -72,14 +69,6 @@ + bool OSSLCryptoFactory::FipsSelfTestStatus = false; + #endif + +-// Thread ID callback +-#ifdef HAVE_PTHREAD_H +-static unsigned long id_callback() +-{ +- return (unsigned long) pthread_self(); +-} +-#endif +- + static unsigned nlocks; + static Mutex** locks; + +@@ -116,9 +105,6 @@ OSSLCryptoFactory::OSSLCryptoFactory() + { + locks[i] = MutexFactory::i()->getMutex(); + } +-#ifdef HAVE_PTHREAD_H +- CRYPTO_set_id_callback(id_callback); +-#endif + CRYPTO_set_locking_callback(lock_callback); + + #ifdef WITH_FIPS +-- +2.25.1 + diff --git a/SPECS/softhsm.spec b/SPECS/softhsm.spec index 8c2639d..1db3025 100644 --- a/SPECS/softhsm.spec +++ b/SPECS/softhsm.spec @@ -2,7 +2,7 @@ Summary: Software version of a PKCS#11 Hardware Security Module Name: softhsm Version: 2.1.0 -Release: %{?prever:0.}2%{?prever:.%{prever}}%{?dist} +Release: %{?prever:0.}3%{?prever:.%{prever}}%{?dist} License: BSD Url: http://www.opendnssec.org/ Source: http://dist.opendnssec.org/source/%{?prever:testing/}%{name}-%{version}.tar.gz @@ -10,6 +10,8 @@ Source1: http://dist.opendnssec.org/source/%{?prever:testing/}%{name}-%{version} Source2: softhsm.module # taken from coolkey which is not build on all arches we build on Source3: softhsm2-pk11install.c +Patch1: 0001-use-warning-messages-for-failing-to-enumerate-store.patch +Patch2: 0002-Issue-239-Crash-on-module-unload-with-OpenSSL.patch Group: Applications/System # which version of openssl contains backport of aes wrapping support? @@ -45,7 +47,7 @@ BuildRequires: autoconf, libtool, automake The devel package contains the libsofthsm include files %prep -%setup -q -n %{name}-%{version}%{?prever} +%autosetup -n %{name}-%{version}%{?prever} -p1 %if 0%{?prever:1} autoreconf -fiv @@ -119,6 +121,10 @@ if [ $1 -eq 0 ]; then fi %changelog +* Tue Mar 31 2020 Alexander Bokovoy - 2.1.0-3 +- Resolves: rhbz#1507409 ObjectStore.cpp(59): Failed to enumerate object store in /var/lib/softhsm/tokens/ +- Resolves: rhbz#1540010 gnome-settings-daemon: gnome-settings-daemon killed by SIGSEGV + * Thu Jun 23 2016 Paul Wouters - 2.1.0-2 - Re-add note this package is only supported for IdM