7 changed files with 288 additions and 1110 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,2 @@
-SOURCES/softhsm-2.6.1.tar.gz
+SOURCES/softhsm-2.6.0.tar.gz
+SOURCES/softhsm-2.6.0.tar.gz.sig
--- a/.softhsm.metadata
+++ b/.softhsm.metadata
@ -1 +1,2 @@
-c6fd316df6366960b8c8cda92408d7e02c3fb434 SOURCES/softhsm-2.6.1.tar.gz
+da4220189c358741a42a63442561ec07996badaf SOURCES/softhsm-2.6.0.tar.gz
+9cf81d11bb957120f9cf8be6de1d429baca09215 SOURCES/softhsm-2.6.0.tar.gz.sig
--- a/SOURCES/softhsm-2.6.1-rh1834909-exit.patch
+++ b/SOURCES/softhsm-2.6.1-rh1834909-exit.patch
--- a/SOURCES/softhsm-2.6.1-rh1857272-negatives.patch
+++ b/SOURCES/softhsm-2.6.1-rh1857272-negatives.patch
@ -0,0 +1,230 @@
+From cfe1f7fdd12e202fa2d056c7fd731cfeee378a98 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Wed, 15 Jul 2020 18:12:32 +0200
+Subject: [PATCH] Unbreak negative mechanism lists in slots.mechanisms +
+ testcase
+
+Previously, when the list for slots.mechanisms was prefixed with
+minus sign "-", the first mechanism was skipped as invalid and
+therefore the tool was presenting wrong list of algorithms.
+
+This fixes the initial index for selection of first algorithm
+and adds unit test for this scenario.
+---
+ .gitignore                                    |  1 +
+ configure.ac                                  |  1 +
+ src/lib/SoftHSM.cpp                           |  9 ++-
+ src/lib/test/InfoTests.cpp                    | 70 ++++++++++++++++++-
+ src/lib/test/InfoTests.h                      |  2 +
+ src/lib/test/Makefile.am                      |  1 +
+ src/lib/test/softhsm2-negative-mech.conf.in   |  8 +++
+ .../test/softhsm2-negative-mech.conf.win32    |  7 ++
+ win32/p11test/p11test.vcxproj.in              |  2 +
+ 9 files changed, 97 insertions(+), 4 deletions(-)
+ create mode 100644 src/lib/test/softhsm2-negative-mech.conf.in
+ create mode 100644 src/lib/test/softhsm2-negative-mech.conf.win32
+
+diff --git a/configure.ac b/configure.ac
+index d4dad435..c6a51c7a 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -217,6 +217,7 @@ AC_CONFIG_FILES([
+ 	src/lib/test/softhsm2-alt.conf
+ 	src/lib/test/softhsm2-reset-on-fork.conf
+ 	src/lib/test/softhsm2-mech.conf
+	src/lib/test/softhsm2-negative-mech.conf
+ 	src/lib/test/tokens/dummy
+ 	src/bin/Makefile
+ 	src/bin/common/Makefile
+diff --git a/src/lib/SoftHSM.cpp b/src/lib/SoftHSM.cpp
+index 0a0c32cc..cac724e6 100644
+--- a/src/lib/SoftHSM.cpp
+++ b/src/lib/SoftHSM.cpp
+@@ -791,12 +791,17 @@ void SoftHSM::prepareSupportedMecahnisms(std::map<std::string, CK_MECHANISM_TYPE
+ 	if (mechs != "ALL")
+ 	{
+ 		bool negative = (mechs[0] == '-');
+-		if (!negative)
+		size_t pos = 0, prev = 0;
+		if (negative)
+		{
+			/* Skip the minus sign */
+			prev = 1;
+		}
+		else
+ 		{
+ 			/* For positive list, we remove everything */
+ 			supportedMechanisms.clear();
+ 		}
+-		size_t pos = 0, prev = 0;
+ 		std::string token;
+ 		do
+ 		{
+diff --git a/src/lib/test/InfoTests.cpp b/src/lib/test/InfoTests.cpp
+index a07956fb..d2218e34 100644
+--- a/src/lib/test/InfoTests.cpp
+++ b/src/lib/test/InfoTests.cpp
+@@ -328,9 +328,9 @@ void InfoTests::testGetMechanismListConfig()
+ 	CK_MECHANISM_TYPE_PTR pMechanismList;
+ 
+ #ifndef _WIN32
+-    setenv("SOFTHSM2_CONF", "./softhsm2-mech.conf", 1);
+	setenv("SOFTHSM2_CONF", "./softhsm2-mech.conf", 1);
+ #else
+-    setenv("SOFTHSM2_CONF", ".\\softhsm2-mech.conf", 1);
+	setenv("SOFTHSM2_CONF", ".\\softhsm2-mech.conf", 1);
+ #endif
+ 
+ 	// Just make sure that we finalize any previous failed tests
+@@ -363,6 +363,72 @@ void InfoTests::testGetMechanismListConfig()
+ #endif
+ }
+ 
+void InfoTests::testGetMechanismNegativeListConfig()
+{
+	CK_RV rv;
+	CK_ULONG ulMechCount = 0;
+	CK_MECHANISM_TYPE_PTR pMechanismList;
+	CK_ULONG allMechsCount = 0;
+
+	// Just make sure that we finalize any previous failed tests
+	CRYPTOKI_F_PTR( C_Finalize(NULL_PTR) );
+
+	// First of all, try to get the default list
+	rv = CRYPTOKI_F_PTR( C_GetMechanismList(m_initializedTokenSlotID, NULL_PTR, &ulMechCount) );
+	CPPUNIT_ASSERT(rv == CKR_CRYPTOKI_NOT_INITIALIZED);
+
+	rv = CRYPTOKI_F_PTR( C_Initialize(NULL_PTR) );
+	CPPUNIT_ASSERT(rv == CKR_OK);
+
+	// Get the size of the buffer
+	rv = CRYPTOKI_F_PTR( C_GetMechanismList(m_initializedTokenSlotID, NULL_PTR, &ulMechCount) );
+	CPPUNIT_ASSERT(rv == CKR_OK);
+	pMechanismList = (CK_MECHANISM_TYPE_PTR)malloc(ulMechCount * sizeof(CK_MECHANISM_TYPE_PTR));
+	/* Remember how many mechanisms are supported */
+	allMechsCount = ulMechCount;
+
+	// Get the mechanism list
+	rv = CRYPTOKI_F_PTR( C_GetMechanismList(m_initializedTokenSlotID, pMechanismList, &ulMechCount) );
+	CPPUNIT_ASSERT(rv == CKR_OK);
+	CPPUNIT_ASSERT_EQUAL(allMechsCount, ulMechCount);
+	free(pMechanismList);
+
+	CRYPTOKI_F_PTR( C_Finalize(NULL_PTR) );
+	/* Now try with configuration having negative list */
+#ifndef _WIN32
+	setenv("SOFTHSM2_CONF", "./softhsm2-negative-mech.conf", 1);
+#else
+	setenv("SOFTHSM2_CONF", ".\\softhsm2-negative-mech.conf", 1);
+#endif
+
+	rv = CRYPTOKI_F_PTR( C_Initialize(NULL_PTR) );
+	CPPUNIT_ASSERT(rv == CKR_OK);
+
+	// Get the size of the buffer
+	rv = CRYPTOKI_F_PTR( C_GetMechanismList(m_initializedTokenSlotID, NULL_PTR, &ulMechCount) );
+	CPPUNIT_ASSERT(rv == CKR_OK);
+	/* We should get 2 shorter */
+	//CPPUNIT_ASSERT_EQUAL(allMechsCount - 2, ulMechCount);
+	pMechanismList = (CK_MECHANISM_TYPE_PTR)malloc(ulMechCount * sizeof(CK_MECHANISM_TYPE_PTR));
+
+	// Get the mechanism list
+	rv = CRYPTOKI_F_PTR( C_GetMechanismList(m_initializedTokenSlotID, pMechanismList, &ulMechCount) );
+	CPPUNIT_ASSERT(rv == CKR_OK);
+	//CPPUNIT_ASSERT_EQUAL(allMechsCount - 2, ulMechCount);
+	for (unsigned long i = 0; i < ulMechCount; i++) {
+		CPPUNIT_ASSERT(pMechanismList[i] != CKM_RSA_X_509);
+		CPPUNIT_ASSERT(pMechanismList[i] != CKM_RSA_PKCS);
+	}
+	free(pMechanismList);
+
+	CRYPTOKI_F_PTR( C_Finalize(NULL_PTR) );
+#ifndef _WIN32
+	setenv("SOFTHSM2_CONF", "./softhsm2.conf", 1);
+#else
+	setenv("SOFTHSM2_CONF", ".\\softhsm2.conf", 1);
+#endif
+}
+
+ void InfoTests::testWaitForSlotEvent()
+ {
+ 	CK_RV rv;
+diff --git a/src/lib/test/InfoTests.h b/src/lib/test/InfoTests.h
+index dfd02953..1cc99ccb 100644
+--- a/src/lib/test/InfoTests.h
+++ b/src/lib/test/InfoTests.h
+@@ -49,6 +49,7 @@ class InfoTests : public TestsNoPINInitBase
+ 	CPPUNIT_TEST(testGetMechanismInfo);
+ 	CPPUNIT_TEST(testGetSlotInfoAlt);
+ 	CPPUNIT_TEST(testGetMechanismListConfig);
+	CPPUNIT_TEST(testGetMechanismNegativeListConfig);
+ 	CPPUNIT_TEST(testWaitForSlotEvent);
+ 	CPPUNIT_TEST_SUITE_END();
+ 
+@@ -62,6 +63,7 @@ class InfoTests : public TestsNoPINInitBase
+ 	void testGetMechanismInfo();
+ 	void testGetSlotInfoAlt();
+ 	void testGetMechanismListConfig();
+	void testGetMechanismNegativeListConfig();
+ 	void testWaitForSlotEvent();
+ };
+ 
+diff --git a/src/lib/test/Makefile.am b/src/lib/test/Makefile.am
+index 17887dd4..a22ce668 100644
+--- a/src/lib/test/Makefile.am
+++ b/src/lib/test/Makefile.am
+@@ -39,6 +39,7 @@ EXTRA_DIST =			$(srcdir)/CMakeLists.txt \
+ 				$(srcdir)/*.h \
+ 				$(srcdir)/softhsm2-alt.conf.win32 \
+ 				$(srcdir)/softhsm2-reset-on-fork.conf.win32 \
+				$(srcdir)/softhsm2-negative-mech.conf.win32 \
+ 				$(srcdir)/softhsm2-mech.conf.win32 \
+ 				$(srcdir)/softhsm2.conf.win32 \
+ 				$(srcdir)/tokens/dummy.in
+diff --git a/src/lib/test/softhsm2-negative-mech.conf.in b/src/lib/test/softhsm2-negative-mech.conf.in
+new file mode 100644
+index 00000000..51f7e6ac
+--- /dev/null
+++ b/src/lib/test/softhsm2-negative-mech.conf.in
+@@ -0,0 +1,8 @@
+# SoftHSM v2 configuration file
+
+directories.tokendir = @builddir@/tokens
+objectstore.backend = file
+log.level = INFO
+slots.removable = false
+slots.mechanisms = -CKM_RSA_X_509,CKM_RSA_PKCS
+
+diff --git a/src/lib/test/softhsm2-negative-mech.conf.win32 b/src/lib/test/softhsm2-negative-mech.conf.win32
+new file mode 100644
+index 00000000..a3aefb96
+--- /dev/null
+++ b/src/lib/test/softhsm2-negative-mech.conf.win32
+@@ -0,0 +1,7 @@
+# SoftHSM v2 configuration file
+
+directories.tokendir = .\tokens
+objectstore.backend = file
+log.level = INFO
+slots.removable = false
+slots.mechanisms = -CKM_RSA_X_509,CKM_RSA_PKCS
+diff --git a/win32/p11test/p11test.vcxproj.in b/win32/p11test/p11test.vcxproj.in
+index 55dfb087..88859bca 100644
+--- a/win32/p11test/p11test.vcxproj.in
+++ b/win32/p11test/p11test.vcxproj.in
+@@ -67,6 +67,7 @@ copy ..\..\src\lib\test\softhsm2.conf.win32 "$(TargetDir)\softhsm2.conf"
+ copy ..\..\src\lib\test\softhsm2-alt.conf.win32 "$(TargetDir)\softhsm2-alt.conf"
+ copy ..\..\src\lib\test\softhsm2-reset-on-fork.conf.win32 "$(TargetDir)\softhsm2-reset-on-fork.conf"
+ copy ..\..\src\lib\test\softhsm2-mech.conf.win32 "$(TargetDir)\softhsm2-mech.conf"
+copy ..\..\src\lib\test\softhsm2-negative-mech.conf.win32 "$(TargetDir)\softhsm2-negative-mech.conf"
+ mkdir "$(TargetDir)\tokens" 2&gt; nul
+ copy ..\..\src\lib\test\tokens\dummy.in "$(TargetDir)\tokens\dummy"
+       </Command>
+@@ -99,6 +100,7 @@ copy ..\..\src\lib\test\softhsm2.conf.win32 "$(TargetDir)\softhsm2.conf"
+ copy ..\..\src\lib\test\softhsm2-alt.conf.win32 "$(TargetDir)\softhsm2-alt.conf"
+ copy ..\..\src\lib\test\softhsm2-reset-on-fork.conf.win32 "$(TargetDir)\softhsm2-reset-on-fork.conf"
+ copy ..\..\src\lib\test\softhsm2-mech.conf.win32 "$(TargetDir)\softhsm2-mech.conf"
+copy ..\..\src\lib\test\softhsm2-negative-mech.conf.win32 "$(TargetDir)\softhsm2-negative-mech.conf"
+ mkdir "$(TargetDir)\tokens" 2&gt; nul
+ copy ..\..\src\lib\test\tokens\dummy.in "$(TargetDir)\tokens\dummy"
+       </Command>
--- a/SOURCES/softhsm-2.6.1.tar.gz.sig
+++ b/SOURCES/softhsm-2.6.1.tar.gz.sig
--- a/SOURCES/softhsm-openssl3-tests.patch
+++ b/SOURCES/softhsm-openssl3-tests.patch
--- a/SPECS/softhsm.spec
+++ b/SPECS/softhsm.spec
@ -1,24 +1,25 @@
 #global prever rc1
-#global prerelease yes
+# Rebuild configure.ac if patches do change it
+%global rebuild_ac 1

 Summary: Software version of a PKCS#11 Hardware Security Module
 Name: softhsm
-Version: 2.6.1
-Release: %{?prever:0.}7%{?prever:.%{prever}}%{?dist}.2
+Version: 2.6.0
+Release: %{?prever:0.}5%{?prever:.%{prever}}%{?dist}
 License: BSD
 Url: http://www.opendnssec.org/
 Source: http://dist.opendnssec.org/source/%{?prever:testing/}%{name}-%{version}.tar.gz
 Source1: http://dist.opendnssec.org/source/%{?prever:testing/}%{name}-%{version}.tar.gz.sig

-Patch1: softhsm-2.6.1-rh1831086-exit.patch
-Patch2: softhsm-openssl3-tests.patch
+Patch1: softhsm-2.6.1-rh1834909-exit.patch
+Patch2: softhsm-2.6.1-rh1857272-negatives.patch

-BuildRequires: make
+Group: Applications/System
 BuildRequires: openssl-devel >= 1.0.1k-6, sqlite-devel >= 3.4.2, cppunit-devel
-BuildRequires: gcc-c++, pkgconfig, p11-kit-devel
+BuildRequires: gcc-c++, pkgconfig, p11-kit-devel, nss-devel

 Requires(pre): shadow-utils
-Requires: p11-kit
+Requires: p11-kit, nss-tools
 Requires: openssl-libs >= 1.0.1k-6

 %global _hardened_build 1
@ -33,8 +34,9 @@ with other cryptographic products because of the PKCS#11 interface.

 %package devel
 Summary: Development package of softhsm that includes the header files
+Group: Development/Libraries
 Requires: %{name} = %{version}-%{release}, openssl-devel, sqlite-devel
-%if 0%{?prever:1} || 0%{?prerelease:1}
+%if 0%{?prever:!} || 0%{?rebuild_ac}
 BuildRequires: autoconf, libtool, automake
 %endif

@ -46,32 +48,37 @@ The devel package contains the libsofthsm include files
 %patch1 -p1
 %patch2 -p1

-%if 0%{?prever:1} || 0%{?prerelease:1}
-   # pre-release or post-release snapshots fixup
-   sed -i 's:^full_libdir=":#full_libdir=":g' configure.ac
-   sed -i "s:libdir)/@PACKAGE@:libdir):" Makefile.in
+# remove softhsm/ subdir auto-added to --libdir
+sed -i "s:full_libdir/softhsm:full_libdir:g" configure
+%if 0%{?prever:1} || 0%{?rebuild_ac}
+sed -i 's:^full_libdir=":#full_libdir=":g' configure.ac
+%endif
+sed -i "s:libdir)/@PACKAGE@:libdir):" Makefile.in
+
+sed -i 's:$full_libdir/libsofthsm2\.so:libsofthsm2\.so:g' configure
+
+%if 0%{?prever:1} || 0%{?rebuild_ac}
+sed -i 's:$full_libdir/libsofthsm2\.so:libsofthsm2\.so:g' configure.ac
+%endif
+
+%if 0%{?prever:1} || 0%{?rebuild_ac}
 autoreconf -fiv
-%else
-   # remove softhsm/ subdir auto-added to --libdir
-   sed -i 's:full_libdir/softhsm:full_libdir:g' configure
 %endif

 %build
-# This package fails its testsuite with LTO enabled and needs further
-# investigation
-%define _lto_cflags %{nil}
-
-%configure --libdir=%{_libdir}/pkcs11 --with-openssl=%{_prefix} --enable-ecc --enable-eddsa --disable-gost \
+%configure --libdir=%{_libdir}/pkcs11 --with-openssl=%{_prefix} --enable-ecc --disable-gost \
           --with-migrate --enable-visibility --with-p11-kit=%{_datadir}/p11-kit/modules/

-%make_build
+make %{?_smp_mflags}
+# install our copy of pk11install taken from coolkey package

 %check
-make check
+# skip while cppunit is broken
+#make check

 %install
 rm -rf %{buildroot}
-%make_install
+make DESTDIR=%{buildroot} install

 rm %{buildroot}/%{_sysconfdir}/softhsm2.conf.sample
 rm -f %{buildroot}/%{_libdir}/pkcs11/*a
@ -118,91 +125,41 @@ if [ -f /var/softhsm/slot0.db ]; then
 fi

 %changelog
-* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 2.6.1-7.2
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
-  Related: rhbz#1991688
-
-* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.6.1-7.1
- Rebuilt for RHEL 9 BETA for openssl 3.0
-  Related: rhbz#1971065
-
-* Wed Jun 02 2021 Alexander Bokovoy <abokovoy@redhat.com> - 2.6.1-7
- Fix tests against OpenSSL 3.0: improve p11test
- Resolves: rhbz#1964838
-
-* Thu May 27 2021 Alexander Bokovoy <abokovoy@redhat.com> - 2.6.1-6
- Fix tests against OpenSSL 3.0
- Resolves: rhbz#1964838
-
-* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.6.1-5.2
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
-
-* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.1-5.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
-
-* Tue Dec  8 20:45:53 EST 2020 Paul Wouters <pwouters@redhat.com> - 2.6.1-5
- rebuilt to fixup numbering clobbered by automatic bumps
+* Mon Feb 15 2021 Thomas Woerner <twoerner@redhat.com> - 2.6.0-5
+- Install prever devel package requirements for new negative option patch
+  Related: RHBZ#1857272

-* Mon Aug 11 2020 Jeff Law <law@redhat.org> - 2.6.1-3.4
- Disable LTO
+* Mon Feb 15 2021 Alexander Bokovoy <abokovoy@redhat.com> - 2.6.0-4
+- Fixes: rhbz#1857272 - negative option for token.mechanism not working correctly

-* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.1-3.3
- Second attempt - Rebuilt for
-  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+* Thu Jun 04 2020 Alexander Bokovoy <abokovoy@redhat.com> - 2.6.0-3
+- Fixes: rhbz#1834909 - softhsm use-after-free on process exit
+- Synchronize the final fix with Fedora

-* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.1-3.2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+* Thu May 14 2020 Paul Wouters <pwouters@redhat.com> - 2.6.0-2
+- Fixes: rhbz#1834909 - softhsm use-after-free on process exit

-* Tue Jul 14 2020 Tom Stellard <tstellar@redhat.com> - 2.6.1-3.1
- Use make macros
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
+* Wed Apr 01 2020 Alexander Bokovoy <abokovoy@redhat.com> - 2.6.0-1
+- Fixes: rhbz#1818877 - rebase to softhsm 2.6.0+
+- Fixes: rhbz#1701233 - support setting supported signature methods on the token

-* Wed May 13 2020 David Woodhouse <dwmw2@infradead.org> - 2.6.1-3
- Resolves: rhbz#1831086 softhsm use-after-free on process exit
-  Fix crash introduced by initial patch
+* Mon Feb 17 2020 Alexander Bokovoy <abokovoy@redhat.com> - 2.4.0-4
+- Provide specific version libsofthsm2.so for p11-kit
+- Fixes: rhbz#1727065

-* Tue May 12 2020 Paul Wouters <pwouters@redhat.com> - 2.6.1-2
- Resolves: rhbz#1831086 softhsm use-after-free on process exit
+* Tue Feb 11 2020 Alexander Bokovoy <abokovoy@redhat.com> - 2.4.0-3
+- Remove architecture-specific path from softhsm2.module definition
+- Fixes: rhbz#1727065

-* Thu Apr 30 2020 Paul Wouters <pwouters@redhat.com> - 2.6.1-1
- Resolves: rhbz#1814324 -softhsm-2.6.1 is available
-
-* Mon Mar 30 2020 Alexander Bokovoy <abokovoy@redhat.com> - 2.6.0-1
- Resolves: rhbz#1814324 softhsm-2.6.0 is available
-
-* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.0-4.3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
-
-* Sat Dec 14 2019 Jeff Law <law@redhat.com> - 2.5.0-4.2
- Fix missing #includes for gcc-10
-
-* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.0-4.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
-
-* Fri May 31 2019 Paul Wouters <pwouters@redhat.com> - 2.5.0-4
- Pull in git master fixes to address assertion failure in make check
- Re-enable testing
-
-* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.0-3.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
-
-* Wed Nov 14 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 2.5.0-3
- Removed dependency on NSS; it was not necessary.
-
-* Mon Nov 05 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 2.5.0-2
- Rebuilt to match f29 version
-
-* Mon Oct 29 2018 Simo Sorce <simo@redhat.com> - 2.5.0-1
- Updated to latest upstream release
+* Fri Aug 17 2018 Alexander Bokovoy <abokovoy@redhat.com> - 2.4.0-2
+- Replace PKCS11 headers by a more liberal version from p11-kit
+- Fixes: rhbz#1615766

 * Sat Aug 11 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 2.4.0-1
 - Updated to latest upstream release

 * Tue Jul 31 2018 Alexander Bokovoy <abokovoy@redhat.com> - 2.3.0-4
- Fix crash when used via p11-kit (#1607635)
-
-* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.0-3.2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+- Fix crash when used as a PKCS11 library via p11-kit (#1608690)

 * Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.0-3.1
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild