8 changed files with 86 additions and 353 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,2 @@
-SOURCES/softhsm-2.6.0.tar.gz
+/softhsm-2.4.0.tar.gz
+/softhsm-2.4.0.tar.gz.sig
--- a/.softhsm.metadata
+++ b/.softhsm.metadata
@ -1 +0,0 @@
-da4220189c358741a42a63442561ec07996badaf SOURCES/softhsm-2.6.0.tar.gz
--- a/SOURCES/softhsm-2.6.0.tar.gz.sig
+++ b/SOURCES/softhsm-2.6.0.tar.gz.sig
--- a/SOURCES/softhsm-2.6.1-rh1834909-exit.patch
+++ b/SOURCES/softhsm-2.6.1-rh1834909-exit.patch
@ -1,72 +0,0 @@
-diff --git a/src/lib/crypto/OSSLCryptoFactory.cpp b/src/lib/crypto/OSSLCryptoFactory.cpp
-index 32daca2..ace4bcb 100644
--- a/src/lib/crypto/OSSLCryptoFactory.cpp
-+++ b/src/lib/crypto/OSSLCryptoFactory.cpp
-@@ -226,31 +226,49 @@ err:
- // Destructor
- OSSLCryptoFactory::~OSSLCryptoFactory()
- {
-#ifdef WITH_GOST
-	// Finish the GOST engine
-	if (eg != NULL)
-+	bool ossl_shutdown = false;
-+
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
-+	// OpenSSL 1.1.0+ will register an atexit() handler to run
-+	// OPENSSL_cleanup(). If that has already happened we must
-+	// not attempt to free any ENGINEs because they'll already
-+	// have been destroyed and the use-after-free would cause
-+	// a deadlock or crash.
-+	//
-+	// Detect that situation because reinitialisation will fail
-+	// after OPENSSL_cleanup() has run.
-+	(void)ERR_set_mark();
-+	ossl_shutdown = !OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_RDRAND, NULL);
-+	(void)ERR_pop_to_mark();
-+#endif
-+	if (!ossl_shutdown)
- 	{
-		ENGINE_finish(eg);
-		ENGINE_free(eg);
-		eg = NULL;
-	}
-+#ifdef WITH_GOST
-+		// Finish the GOST engine
-+		if (eg != NULL)
-+		{
-+			ENGINE_finish(eg);
-+			ENGINE_free(eg);
-+			eg = NULL;
-+		}
- #endif
- 
-	// Finish the rd_rand engine
-	ENGINE_finish(rdrand_engine);
-	ENGINE_free(rdrand_engine);
-	rdrand_engine = NULL;
-+		// Finish the rd_rand engine
-+		ENGINE_finish(rdrand_engine);
-+		ENGINE_free(rdrand_engine);
-+		rdrand_engine = NULL;
- 
-+		// Recycle locks
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-+		if (setLockingCallback)
-+		{
-+			CRYPTO_set_locking_callback(NULL);
-+		}
-+#endif
-+	}
- 	// Destroy the one-and-only RNG
- 	delete rng;
- 
-	// Recycle locks
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-	if (setLockingCallback)
-	{
-		CRYPTO_set_locking_callback(NULL);
-	}
-#endif
- 	for (unsigned i = 0; i < nlocks; i++)
- 	{
- 		MutexFactory::i()->recycleMutex(locks[i]);
--- a/SOURCES/softhsm-2.6.1-rh1857272-negatives.patch
+++ b/SOURCES/softhsm-2.6.1-rh1857272-negatives.patch
@ -1,230 +0,0 @@
-From cfe1f7fdd12e202fa2d056c7fd731cfeee378a98 Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jjelen@redhat.com>
-Date: Wed, 15 Jul 2020 18:12:32 +0200
-Subject: [PATCH] Unbreak negative mechanism lists in slots.mechanisms +
- testcase
-
-Previously, when the list for slots.mechanisms was prefixed with
-minus sign "-", the first mechanism was skipped as invalid and
-therefore the tool was presenting wrong list of algorithms.
-
-This fixes the initial index for selection of first algorithm
-and adds unit test for this scenario.
---
- .gitignore                                    |  1 +
- configure.ac                                  |  1 +
- src/lib/SoftHSM.cpp                           |  9 ++-
- src/lib/test/InfoTests.cpp                    | 70 ++++++++++++++++++-
- src/lib/test/InfoTests.h                      |  2 +
- src/lib/test/Makefile.am                      |  1 +
- src/lib/test/softhsm2-negative-mech.conf.in   |  8 +++
- .../test/softhsm2-negative-mech.conf.win32    |  7 ++
- win32/p11test/p11test.vcxproj.in              |  2 +
- 9 files changed, 97 insertions(+), 4 deletions(-)
- create mode 100644 src/lib/test/softhsm2-negative-mech.conf.in
- create mode 100644 src/lib/test/softhsm2-negative-mech.conf.win32
-
-diff --git a/configure.ac b/configure.ac
-index d4dad435..c6a51c7a 100644
--- a/configure.ac
-+++ b/configure.ac
-@@ -217,6 +217,7 @@ AC_CONFIG_FILES([
- 	src/lib/test/softhsm2-alt.conf
- 	src/lib/test/softhsm2-reset-on-fork.conf
- 	src/lib/test/softhsm2-mech.conf
-+	src/lib/test/softhsm2-negative-mech.conf
- 	src/lib/test/tokens/dummy
- 	src/bin/Makefile
- 	src/bin/common/Makefile
-diff --git a/src/lib/SoftHSM.cpp b/src/lib/SoftHSM.cpp
-index 0a0c32cc..cac724e6 100644
--- a/src/lib/SoftHSM.cpp
-+++ b/src/lib/SoftHSM.cpp
-@@ -791,12 +791,17 @@ void SoftHSM::prepareSupportedMecahnisms(std::map<std::string, CK_MECHANISM_TYPE
- 	if (mechs != "ALL")
- 	{
- 		bool negative = (mechs[0] == '-');
-		if (!negative)
-+		size_t pos = 0, prev = 0;
-+		if (negative)
-+		{
-+			/* Skip the minus sign */
-+			prev = 1;
-+		}
-+		else
- 		{
- 			/* For positive list, we remove everything */
- 			supportedMechanisms.clear();
- 		}
-		size_t pos = 0, prev = 0;
- 		std::string token;
- 		do
- 		{
-diff --git a/src/lib/test/InfoTests.cpp b/src/lib/test/InfoTests.cpp
-index a07956fb..d2218e34 100644
--- a/src/lib/test/InfoTests.cpp
-+++ b/src/lib/test/InfoTests.cpp
-@@ -328,9 +328,9 @@ void InfoTests::testGetMechanismListConfig()
- 	CK_MECHANISM_TYPE_PTR pMechanismList;
- 
- #ifndef _WIN32
-    setenv("SOFTHSM2_CONF", "./softhsm2-mech.conf", 1);
-+	setenv("SOFTHSM2_CONF", "./softhsm2-mech.conf", 1);
- #else
-    setenv("SOFTHSM2_CONF", ".\\softhsm2-mech.conf", 1);
-+	setenv("SOFTHSM2_CONF", ".\\softhsm2-mech.conf", 1);
- #endif
- 
- 	// Just make sure that we finalize any previous failed tests
-@@ -363,6 +363,72 @@ void InfoTests::testGetMechanismListConfig()
- #endif
- }
- 
-+void InfoTests::testGetMechanismNegativeListConfig()
-+{
-+	CK_RV rv;
-+	CK_ULONG ulMechCount = 0;
-+	CK_MECHANISM_TYPE_PTR pMechanismList;
-+	CK_ULONG allMechsCount = 0;
-+
-+	// Just make sure that we finalize any previous failed tests
-+	CRYPTOKI_F_PTR( C_Finalize(NULL_PTR) );
-+
-+	// First of all, try to get the default list
-+	rv = CRYPTOKI_F_PTR( C_GetMechanismList(m_initializedTokenSlotID, NULL_PTR, &ulMechCount) );
-+	CPPUNIT_ASSERT(rv == CKR_CRYPTOKI_NOT_INITIALIZED);
-+
-+	rv = CRYPTOKI_F_PTR( C_Initialize(NULL_PTR) );
-+	CPPUNIT_ASSERT(rv == CKR_OK);
-+
-+	// Get the size of the buffer
-+	rv = CRYPTOKI_F_PTR( C_GetMechanismList(m_initializedTokenSlotID, NULL_PTR, &ulMechCount) );
-+	CPPUNIT_ASSERT(rv == CKR_OK);
-+	pMechanismList = (CK_MECHANISM_TYPE_PTR)malloc(ulMechCount * sizeof(CK_MECHANISM_TYPE_PTR));
-+	/* Remember how many mechanisms are supported */
-+	allMechsCount = ulMechCount;
-+
-+	// Get the mechanism list
-+	rv = CRYPTOKI_F_PTR( C_GetMechanismList(m_initializedTokenSlotID, pMechanismList, &ulMechCount) );
-+	CPPUNIT_ASSERT(rv == CKR_OK);
-+	CPPUNIT_ASSERT_EQUAL(allMechsCount, ulMechCount);
-+	free(pMechanismList);
-+
-+	CRYPTOKI_F_PTR( C_Finalize(NULL_PTR) );
-+	/* Now try with configuration having negative list */
-+#ifndef _WIN32
-+	setenv("SOFTHSM2_CONF", "./softhsm2-negative-mech.conf", 1);
-+#else
-+	setenv("SOFTHSM2_CONF", ".\\softhsm2-negative-mech.conf", 1);
-+#endif
-+
-+	rv = CRYPTOKI_F_PTR( C_Initialize(NULL_PTR) );
-+	CPPUNIT_ASSERT(rv == CKR_OK);
-+
-+	// Get the size of the buffer
-+	rv = CRYPTOKI_F_PTR( C_GetMechanismList(m_initializedTokenSlotID, NULL_PTR, &ulMechCount) );
-+	CPPUNIT_ASSERT(rv == CKR_OK);
-+	/* We should get 2 shorter */
-+	//CPPUNIT_ASSERT_EQUAL(allMechsCount - 2, ulMechCount);
-+	pMechanismList = (CK_MECHANISM_TYPE_PTR)malloc(ulMechCount * sizeof(CK_MECHANISM_TYPE_PTR));
-+
-+	// Get the mechanism list
-+	rv = CRYPTOKI_F_PTR( C_GetMechanismList(m_initializedTokenSlotID, pMechanismList, &ulMechCount) );
-+	CPPUNIT_ASSERT(rv == CKR_OK);
-+	//CPPUNIT_ASSERT_EQUAL(allMechsCount - 2, ulMechCount);
-+	for (unsigned long i = 0; i < ulMechCount; i++) {
-+		CPPUNIT_ASSERT(pMechanismList[i] != CKM_RSA_X_509);
-+		CPPUNIT_ASSERT(pMechanismList[i] != CKM_RSA_PKCS);
-+	}
-+	free(pMechanismList);
-+
-+	CRYPTOKI_F_PTR( C_Finalize(NULL_PTR) );
-+#ifndef _WIN32
-+	setenv("SOFTHSM2_CONF", "./softhsm2.conf", 1);
-+#else
-+	setenv("SOFTHSM2_CONF", ".\\softhsm2.conf", 1);
-+#endif
-+}
-+
- void InfoTests::testWaitForSlotEvent()
- {
- 	CK_RV rv;
-diff --git a/src/lib/test/InfoTests.h b/src/lib/test/InfoTests.h
-index dfd02953..1cc99ccb 100644
--- a/src/lib/test/InfoTests.h
-+++ b/src/lib/test/InfoTests.h
-@@ -49,6 +49,7 @@ class InfoTests : public TestsNoPINInitBase
- 	CPPUNIT_TEST(testGetMechanismInfo);
- 	CPPUNIT_TEST(testGetSlotInfoAlt);
- 	CPPUNIT_TEST(testGetMechanismListConfig);
-+	CPPUNIT_TEST(testGetMechanismNegativeListConfig);
- 	CPPUNIT_TEST(testWaitForSlotEvent);
- 	CPPUNIT_TEST_SUITE_END();
- 
-@@ -62,6 +63,7 @@ class InfoTests : public TestsNoPINInitBase
- 	void testGetMechanismInfo();
- 	void testGetSlotInfoAlt();
- 	void testGetMechanismListConfig();
-+	void testGetMechanismNegativeListConfig();
- 	void testWaitForSlotEvent();
- };
- 
-diff --git a/src/lib/test/Makefile.am b/src/lib/test/Makefile.am
-index 17887dd4..a22ce668 100644
--- a/src/lib/test/Makefile.am
-+++ b/src/lib/test/Makefile.am
-@@ -39,6 +39,7 @@ EXTRA_DIST =			$(srcdir)/CMakeLists.txt \
- 				$(srcdir)/*.h \
- 				$(srcdir)/softhsm2-alt.conf.win32 \
- 				$(srcdir)/softhsm2-reset-on-fork.conf.win32 \
-+				$(srcdir)/softhsm2-negative-mech.conf.win32 \
- 				$(srcdir)/softhsm2-mech.conf.win32 \
- 				$(srcdir)/softhsm2.conf.win32 \
- 				$(srcdir)/tokens/dummy.in
-diff --git a/src/lib/test/softhsm2-negative-mech.conf.in b/src/lib/test/softhsm2-negative-mech.conf.in
-new file mode 100644
-index 00000000..51f7e6ac
--- /dev/null
-+++ b/src/lib/test/softhsm2-negative-mech.conf.in
-@@ -0,0 +1,8 @@
-+# SoftHSM v2 configuration file
-+
-+directories.tokendir = @builddir@/tokens
-+objectstore.backend = file
-+log.level = INFO
-+slots.removable = false
-+slots.mechanisms = -CKM_RSA_X_509,CKM_RSA_PKCS
-+
-diff --git a/src/lib/test/softhsm2-negative-mech.conf.win32 b/src/lib/test/softhsm2-negative-mech.conf.win32
-new file mode 100644
-index 00000000..a3aefb96
--- /dev/null
-+++ b/src/lib/test/softhsm2-negative-mech.conf.win32
-@@ -0,0 +1,7 @@
-+# SoftHSM v2 configuration file
-+
-+directories.tokendir = .\tokens
-+objectstore.backend = file
-+log.level = INFO
-+slots.removable = false
-+slots.mechanisms = -CKM_RSA_X_509,CKM_RSA_PKCS
-diff --git a/win32/p11test/p11test.vcxproj.in b/win32/p11test/p11test.vcxproj.in
-index 55dfb087..88859bca 100644
--- a/win32/p11test/p11test.vcxproj.in
-+++ b/win32/p11test/p11test.vcxproj.in
-@@ -67,6 +67,7 @@ copy ..\..\src\lib\test\softhsm2.conf.win32 "$(TargetDir)\softhsm2.conf"
- copy ..\..\src\lib\test\softhsm2-alt.conf.win32 "$(TargetDir)\softhsm2-alt.conf"
- copy ..\..\src\lib\test\softhsm2-reset-on-fork.conf.win32 "$(TargetDir)\softhsm2-reset-on-fork.conf"
- copy ..\..\src\lib\test\softhsm2-mech.conf.win32 "$(TargetDir)\softhsm2-mech.conf"
-+copy ..\..\src\lib\test\softhsm2-negative-mech.conf.win32 "$(TargetDir)\softhsm2-negative-mech.conf"
- mkdir "$(TargetDir)\tokens" 2&gt; nul
- copy ..\..\src\lib\test\tokens\dummy.in "$(TargetDir)\tokens\dummy"
-       </Command>
-@@ -99,6 +100,7 @@ copy ..\..\src\lib\test\softhsm2.conf.win32 "$(TargetDir)\softhsm2.conf"
- copy ..\..\src\lib\test\softhsm2-alt.conf.win32 "$(TargetDir)\softhsm2-alt.conf"
- copy ..\..\src\lib\test\softhsm2-reset-on-fork.conf.win32 "$(TargetDir)\softhsm2-reset-on-fork.conf"
- copy ..\..\src\lib\test\softhsm2-mech.conf.win32 "$(TargetDir)\softhsm2-mech.conf"
-+copy ..\..\src\lib\test\softhsm2-negative-mech.conf.win32 "$(TargetDir)\softhsm2-negative-mech.conf"
- mkdir "$(TargetDir)\tokens" 2&gt; nul
- copy ..\..\src\lib\test\tokens\dummy.in "$(TargetDir)\tokens\dummy"
-       </Command>
--- a/softhsm-2.3.0-reset-mutex-callbacks.patch
+++ b/softhsm-2.3.0-reset-mutex-callbacks.patch
@ -0,0 +1,72 @@
+From 16f994e7944a917fa81c8db11c56c594f4e78b40 Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <abokovoy@redhat.com>
+Date: Tue, 31 Jul 2018 14:59:03 +0300
+Subject: [PATCH] Reset mutex callbacks to the default version when finished
+
+If a PKCS11 API caller provided own mutex handling callbacks,
+we need to ensure they aren't used after C_Finalize is called
+and SoftHSM instance is recycled.
+
+Inability to do so may lead to a situation where callbacks might
+be provided by a different dynamically loaded object which is removed
+after C_Finalize() call. Thus, callback pointers become invalid and
+calling them leads to crashes.
+
+Fixes: https://github.com/opendnssec/SoftHSMv2/issues/408
+
+Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
+---
+ src/lib/SoftHSM.cpp | 16 ++++++++++++----
+ 1 file changed, 12 insertions(+), 4 deletions(-)
+
+diff --git a/src/lib/SoftHSM.cpp b/src/lib/SoftHSM.cpp
+index ee94d3f..e4cc044 100644
+--- a/src/lib/SoftHSM.cpp
+++ b/src/lib/SoftHSM.cpp
+@@ -314,6 +314,15 @@ static CK_ATTRIBUTE bsAttribute(CK_ATTRIBUTE_TYPE type, const ByteString &value)
+ /*****************************************************************************
+  Implementation of SoftHSM class specific functions
+  *****************************************************************************/
+static void resetMutexFactoryCallbacks()
+{
+	// Reset MutexFactory callbacks to our versions
+	MutexFactory::i()->setCreateMutex(OSCreateMutex);
+	MutexFactory::i()->setDestroyMutex(OSDestroyMutex);
+	MutexFactory::i()->setLockMutex(OSLockMutex);
+	MutexFactory::i()->setUnlockMutex(OSUnlockMutex);
+}
+
+ 
+ // Return the one-and-only instance
+ SoftHSM* SoftHSM::i()
+@@ -342,6 +351,7 @@ SoftHSM::SoftHSM()
+ 	slotManager = NULL;
+ 	sessionManager = NULL;
+ 	handleManager = NULL;
+	resetMutexFactoryCallbacks();
+ }
+ 
+ // Destructor
+@@ -352,6 +362,7 @@ SoftHSM::~SoftHSM()
+ 	if (slotManager != NULL) delete slotManager;
+ 	if (objectStore != NULL) delete objectStore;
+ 	if (sessionObjectStore != NULL) delete sessionObjectStore;
+	resetMutexFactoryCallbacks();
+ }
+ 
+ /*****************************************************************************
+@@ -402,10 +413,7 @@ CK_RV SoftHSM::C_Initialize(CK_VOID_PTR pInitArgs)
+ 			if (args->flags & CKF_OS_LOCKING_OK)
+ 			{
+ 				// Use our own mutex functions.
+-				MutexFactory::i()->setCreateMutex(OSCreateMutex);
+-				MutexFactory::i()->setDestroyMutex(OSDestroyMutex);
+-				MutexFactory::i()->setLockMutex(OSLockMutex);
+-				MutexFactory::i()->setUnlockMutex(OSUnlockMutex);
+				resetMutexFactoryCallbacks();
+ 				MutexFactory::i()->enable();
+ 			}
+ 			else
+-- 
+2.17.1
+
--- a/SPECS/softhsm.spec
+++ b/SPECS/softhsm.spec
@ -1,18 +1,15 @@
 #global prever rc1
-# Rebuild configure.ac if patches do change it
-%global rebuild_ac 1

 Summary: Software version of a PKCS#11 Hardware Security Module
 Name: softhsm
-Version: 2.6.0
-Release: %{?prever:0.}5%{?prever:.%{prever}}%{?dist}
+Version: 2.4.0
+Release: %{?prever:0.}1%{?prever:.%{prever}}%{?dist}
 License: BSD
 Url: http://www.opendnssec.org/
 Source: http://dist.opendnssec.org/source/%{?prever:testing/}%{name}-%{version}.tar.gz
 Source1: http://dist.opendnssec.org/source/%{?prever:testing/}%{name}-%{version}.tar.gz.sig

-Patch1: softhsm-2.6.1-rh1834909-exit.patch
-Patch2: softhsm-2.6.1-rh1857272-negatives.patch
+Patch1: softhsm-2.3.0-reset-mutex-callbacks.patch

 Group: Applications/System
 BuildRequires: openssl-devel >= 1.0.1k-6, sqlite-devel >= 3.4.2, cppunit-devel
@ -36,7 +33,7 @@ with other cryptographic products because of the PKCS#11 interface.
 Summary: Development package of softhsm that includes the header files
 Group: Development/Libraries
 Requires: %{name} = %{version}-%{release}, openssl-devel, sqlite-devel
-%if 0%{?prever:!} || 0%{?rebuild_ac}
+%if 0%{?prever:1}
 BuildRequires: autoconf, libtool, automake
 %endif

@ -45,26 +42,20 @@ The devel package contains the libsofthsm include files

 %prep
 %setup -q -n %{name}-%{version}%{?prever}
+
 %patch1 -p1
-%patch2 -p1
+
+%if 0%{?prever:1}
+autoreconf -fiv
+%endif

 # remove softhsm/ subdir auto-added to --libdir
 sed -i "s:full_libdir/softhsm:full_libdir:g" configure
-%if 0%{?prever:1} || 0%{?rebuild_ac}
+%if 0%{?prever:1}
 sed -i 's:^full_libdir=":#full_libdir=":g' configure.ac
 %endif
 sed -i "s:libdir)/@PACKAGE@:libdir):" Makefile.in

-sed -i 's:$full_libdir/libsofthsm2\.so:libsofthsm2\.so:g' configure
-
-%if 0%{?prever:1} || 0%{?rebuild_ac}
-sed -i 's:$full_libdir/libsofthsm2\.so:libsofthsm2\.so:g' configure.ac
-%endif
-
-%if 0%{?prever:1} || 0%{?rebuild_ac}
-autoreconf -fiv
-%endif
-
 %build
 %configure --libdir=%{_libdir}/pkcs11 --with-openssl=%{_prefix} --enable-ecc --disable-gost \
           --with-migrate --enable-visibility --with-p11-kit=%{_datadir}/p11-kit/modules/
@ -125,36 +116,6 @@ if [ -f /var/softhsm/slot0.db ]; then
 fi

 %changelog
-* Mon Feb 15 2021 Thomas Woerner <twoerner@redhat.com> - 2.6.0-5
- Install prever devel package requirements for new negative option patch
-  Related: RHBZ#1857272
-
-* Mon Feb 15 2021 Alexander Bokovoy <abokovoy@redhat.com> - 2.6.0-4
- Fixes: rhbz#1857272 - negative option for token.mechanism not working correctly
-
-* Thu Jun 04 2020 Alexander Bokovoy <abokovoy@redhat.com> - 2.6.0-3
- Fixes: rhbz#1834909 - softhsm use-after-free on process exit
- Synchronize the final fix with Fedora
-
-* Thu May 14 2020 Paul Wouters <pwouters@redhat.com> - 2.6.0-2
- Fixes: rhbz#1834909 - softhsm use-after-free on process exit
-
-* Wed Apr 01 2020 Alexander Bokovoy <abokovoy@redhat.com> - 2.6.0-1
- Fixes: rhbz#1818877 - rebase to softhsm 2.6.0+
- Fixes: rhbz#1701233 - support setting supported signature methods on the token
-
-* Mon Feb 17 2020 Alexander Bokovoy <abokovoy@redhat.com> - 2.4.0-4
- Provide specific version libsofthsm2.so for p11-kit
- Fixes: rhbz#1727065
-
-* Tue Feb 11 2020 Alexander Bokovoy <abokovoy@redhat.com> - 2.4.0-3
- Remove architecture-specific path from softhsm2.module definition
- Fixes: rhbz#1727065
-
-* Fri Aug 17 2018 Alexander Bokovoy <abokovoy@redhat.com> - 2.4.0-2
- Replace PKCS11 headers by a more liberal version from p11-kit
- Fixes: rhbz#1615766
-
 * Sat Aug 11 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 2.4.0-1
 - Updated to latest upstream release

--- a/2
+++ b/2
@ -0,0 +1,2 @@
+SHA512 (softhsm-2.4.0.tar.gz) = f14f65de32206500f708523ee88d8d5e3d1fd40175f1a9cd24c7760c829e2de9dbcb05453022df8186836c49a57e4eae7f2e75ce6a5346a426114f4d610a8a84
+SHA512 (softhsm-2.4.0.tar.gz.sig) = a8f616e2a5ab7fdb09c0d2a850bda833be889aea0aa1e5e2bcb0012351dcf3c870e496918ba16bb0bb942bb13350ff1030b25feab29914d07897b39c30526624
				`@ -1 +0,0 @@`
				`da4220189c358741a42a63442561ec07996badaf SOURCES/softhsm-2.6.0.tar.gz`