SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for p11-kit-tools-0.23.22-3.1.i586.rpm :

* Sun Jan 17 2021 Dirk Müller - update to 0.23.22 (bsc#1180064, bsc#1180065, bsc#1180066):
* Fix memory-safety issues that affect the RPC protocol (CVE-2020-29361, CVE-2020-29362, and CVE-2020-29363), discovered and fixed by David Cook
* anchor: Prefer persistent format when storing anchor [PR#329]
* common: Fix infloop in p11_path_build [PR#326, PR#327]
* proxy: C_CloseAllSessions: Make sure that calloc args are non-zero [PR#325]
* common: Check for a NULL locale before freeing it [PR#321]
* proxy: Do not assign duplicate slot IDs [PR#282]
* common: Get program name based on executable path if possible [PR#307]
* anchor: Exit with non-zero code, if any error occurs [PR#304]
* Build and test fixes
* Mon Oct 05 2020 Ludwig Nussel - avoid bareword to fix build failure
* Wed Apr 15 2020 Martin Pluskal - Update to version 0.23.20:
* Revert \"Fix RPC when length-s are 0\" changes [PR#276]- Changes for version 0.23.19:
* common: add Russian PKCS#11 extensions to pkcs11x.h header [PR#255]
* Add simple bash completion for provided commands [PR#258]
* Unbreak list matching in enable-in and disable-in [PR#262]
* Fix RPC when length-s are 0 [PR#259]
* rpc: Add vsock transport support [PR#270]
* trust: Support CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER [PR#265]
* Build fixes [PR#271, PR#272, PR#273, ...]- Changes for version 0.23.18:
* rpc: Allow empty CK_DATE value [PR#253]
* build: Meson fixes [PR#245]
* build: Adjust feature parity between meson and autotools [PR#247]- Changes for version 0.23.17:
* common: Fix uClibc-ng compilation [PR#237]
* trust: do not allow daylight to invalidate date validation [PR#236]
* build: Port to meson build system [PR#231, PR#234]
* rpc: On UNIX wait on condition variable instead of FD if header is for a different thread [PR#232]
* doc: Add \'server\' command in help [PR#229]
* Build and test fixes [PR#230]- Changes for version 0.23.16:
* proxy: Support C_WaitForSlotEvent() if CKF_DONT_BLOCK is specified [PR#225]
* conf: Ignore user configuration if the program is running as root [PR#226]
* proxy: Refresh slot list on every C_GetSlotList call [PR#224]
* modules: Fix index used in call to p11_dict_remove() [PR#219]
* Fix Win32 p11_dl_error crash [PR#218]
* modules: check gl.modules before iterates on it when freeing [PR#217]
* trust: Ignore unreadable content in anchors [PR#215]
* extract-jks: Prefer _p11_extract_jks_timestamp to SOURCE_DATE_EPOCH [PR#213]- Changes for version 0.23.15:
* trust: Improve error handling if backed trust file is corrupted [PR#206]
* url: Prefer upper-case letters in hex characters when encoding [PR#193]
* trust/extract-jks.c: also honor SOURCE_DATE_EPOCH time [PR#202]
* virtual: Prefer fixed closures to libffi closures [PR#196]
* Fix issues spotted by coverity and cppcheck [PR#194, PR#204]
* Build and test fixes [PR#164, PR#191, PR#199, PR#201]- Changes for version 0.23.14:
* proxy: Avoid invalid memory access when unloading proxy module [PR#180]
* Update pkcs11 header to allow SoftHSMv2 to compile [PR#181]
* build: Restore libpthread dependency [PR#183]
* Build fixes [PR#188]- Changes for version 0.23.13:
* server: Enable socket activation through systemd [PR#173]
* rpc-server: p11_kit_remote_serve_tokens: Allow exporting all modules [PR#174]
* proxy: Fail early if there is no slot mapping [PR#175]
* Remove hard dependency on libpthread [PR#177]
* Build fixes [PR#170, PR#176]
* Mon Dec 23 2019 Ludwig Nussel - Also build documentation (boo#1013125)
* Fri May 10 2019 Dominique Leuenberger - Move RPM macros to %_rpmmacrodir.
* Fri Jun 15 2018 fezhangAATTsuse.com- New version 0.23.12
* Fix compile error when PKCS#11 GNU calling convention enabled- Changelog from version 0.23.11
* trust: Add extractor for edk2/cacerts.bin
* modules: Add option to control module visibility from proxy
* trust: Prevent trust module being loaded by proxy module
* library: Use dedicated locale object for printing error
* Treat CKR_CRYPTOKI_ALREADY_INITIALIZED correctly
* Improve const correctness for P11KitUri
* PKCS#11 URI scheme comparison is now case insensitive- Drop p11-kit-biarch.patch: Obsolete since 0.23.10
* Tue Mar 27 2018 lnusselAATTsuse.de- New version 0.23.10
* New p11-kit server command
* The trust policy module now recognizes CKA_NSS_MOZILLA_CA_POLICY attribute
* New trust dump command
* New envvar P11_KIT_NO_USER_CONFIG to stop looking at user configurations
* trust: Respect anyExtendedKeyUsage in CA certificates
* Support x-init-reserved argument of C_Initialize() in remote modules
* install private executables in libexecdir, obsoletes p11-kit-biarch.patch- new server subpackage- change keyring to new maintainer Daiki Ueno
* Tue Mar 20 2018 kukukAATTsuse.de- Use %license instead of %doc [bsc#1082318]
* Tue Nov 22 2016 sbrabecAATTsuse.com- 32-bit compatibility fixes:
* Add PKCS11 module to p11-kit-32bit (bsc#996047#c39)
* Add p11-kit-nss-trust-32bit NSS module
* Fix potential bi-arch issue with private binaries (fdo#98817, p11-kit-biarch.patch)
* Mon Feb 08 2016 mpluskalAATTsuse.com- Update to 0.23.2
* Fix forking issues with libffi
* Fix various crashes in corner cases
* Updated translations
* Build fixes- Make building more verbose- Enable tests- Small spec file cleanup with spec-cleaner
* Sun Mar 08 2015 p.drouandAATTgmail.com- Update to version 0.23.1 (stable)
* Use new PKCS#11 URI draft fields for URIs [fdo#86474 fdo#87582]
* Add pem-directory-hash extract format
* Build fixes- Remove 0001-trust-allow-to-also-add-openssl-style-hashes-to-pem-d.diff; fixed on upstream release- Remove autoconf, automake and libtool require; unneeded dependencies- Add gtk-doc require; needed to build html documentation- Remove redundant %clean section
* Mon Oct 13 2014 lnusselAATTsuse.de- remove patches:
* trust-Print-label-of-certificate-when-complaining-.patch
* trust-Dont-use-invalid-public-keys-for-looking-up-.patch- new version 0.20.7 (stable)
* New public pkcs11x.h header containing extensions [fdo#83495]
* Export necessary defines to lookup attached extensions [fdo#83495]
* Build fixes- new version 0.20.6 (stable)
* Make the p11-kit-proxy.so module respect critical = no [fdo#83651]
* Build fix for FreeBSD [fdo#75674]- new version 0.20.5 (stable)
* Don\'t use invalid keys for looking up stapled extensions [fdo#82328]
* Better error messages when invalid certificate extensions
* Fix parsing of some odd OpenSSL TRUSTED CERTIFICATE files
* Fix some leaks, and memory issues
* Silence some clang scanner warnings- new version 0.20.4 (stable)
* Don\'t complain about C_Finalize after a fork
* Fix typo
* Fri Aug 29 2014 lnusselAATTsuse.de- new version 0.20.3
* Fix problems reinitializing managed modules after fork
* Fix bad bookeeping when fail initializing one of the modules
* Fix case where module would be unloaded while in use [#74919]
* Remove assertions when module used before initialized [#74919]
* Fix handling of mmap failure and mapping empty files [#74773]
* Stable p11_kit_be_quiet() and p11_kit_be_loud() functions
* Require automake 1.12 or later
* Build fixes for Windows [#76594 #74149]- apply patches to avoid errors from certificates with invalid public key (fdo#82328, bnc#890908, trust-Dont-use-invalid-public-keys-for-looking-up-.patch, trust-Print-label-of-certificate-when-complaining-.patch)
* Mon May 19 2014 lnusselAATTsuse.de- New version 0.20.2
* Fix bug where blacklist didn\'t affect extracted ca-anchors if the anchor and blacklist were not in the same trust path (regression) [fdo#73558]
* Check for race in BasicConstraints stapled extension [fdo#69314]
* Build fixes and cleanup
* Tue Feb 11 2014 meissnerAATTsuse.com- added .sig file. trying to locate source of the keyring.
* Fri Dec 06 2013 lnusselAATTsuse.de- trust: allow to also add openssl style hashes to pem-directory 0001-trust-allow-to-also-add-openssl-style-hashes-to-pem-d.diff
* Tue Sep 10 2013 lnusselAATTsuse.de- upgrade to 0.20.1 which is 0.19 declared stable
* Extract compat trust data after we\'ve changes
* Skip compat extraction if running as non-root
* Better failure messages when removing anchors
* Fri Aug 30 2013 lnusselAATTsuse.de- new version 0.19.4
* \'trust anchor\' now adds/removes certificate anchors
* \'trust list\' lists trust policy stuff
* \'p11-kit extract\' is now \'trust extract\'
* \'p11-kit extract-trust\' is now \'trust extract-compat\'
* Workarounds for working on broken zfsonlinux.org [#68525]
* Add --with-module-config parameter to the configure script [#68122]
* Add support for removing stored PKCS#11 objects in trust module
* Thu Jul 25 2013 lnusselAATTsuse.de- new version 0.19.3
* Fix up problems with automake testing
* Fix a bunch of memory leaks in newly refactored code
* Don\'t use _GNU_SOURCE and the unportability it brings
* Add basic \'trust anchor\' command to store a new anchor
* Support for writing out trust token objects
* Port to use CKA_PUBLIC_KEY_INFO and updated trust store spec
* Add option to use freebl for hashing
* Implement reloading of token data
* Fix warnings and possible minor bugs higlighted by code scanners
* Don\'t load configs in home directories when running setuid or setgid
* Support treating ~/.config as $XDG_CONFIG_HOME
* Use $XDG_DATA_HOME/pkcs11 as default user config directory
* Use $TMPDIR instead of $TEMP while testing
* Open files and fds with O_CLOEXEC
* Abort initialization if a critical module fails to load
* Don\'t use thread-unsafe functions: strerror, getpwuid
* Fix p11_kit_space_strlen() result when empty string
* Refactoring of where various components live
* Fri Jul 05 2013 lnusselAATTsuse.de- fix 32bit provides of libnssckbi.so- repace p11-kit-extract-trust with update-ca-certificates
* Fri Jun 28 2013 lnusselAATTsuse.de- provide libnssckbi.so to replace mozilla-nss-certs
* Mon Jun 24 2013 lnusselAATTsuse.de- add p11-kit-nss-trust subpackage that serves as drop-in replacement for mozilla-nss-certs
* Wed Jun 19 2013 lnusselAATTsuse.de- use /etc/pki/trust and /usr/share/pki/trust as system CA certificate store
* Mon May 27 2013 dimstarAATTopensuse.org- Update to version 0.19.1: + Refactor API to be able to handle managed modules. + Deprecate much of old p11-kit API. + Implement concept of managed modules. + Make C_CloseAllSessions function work for multiple callers. + New dependency on libffi. + Fix possible threading problems reported by hellgrind. + Add log-calls option. + Mark p11_kit_message() as a stable function. + Use our own unit testing framework.- Add pkgconfig(libffi) BuildRequires: new dependency.
* Tue May 14 2013 dimstarAATTopensuse.org- Update to version 0.18.2: + Build fixes (fdo#64378)
* Mon May 13 2013 dimstarAATTopensuse.org- Also provide p11-kit-32bit (in fact, the pkcs#11 modules) (bnc#819246).
* Mon Apr 15 2013 dimstarAATTopensuse.org- Update to version 0.18.1: + Put the external tools in $libdir/p11-kit. + Documentation build fixes.
* Thu Apr 04 2013 dimstarAATTopensuse.org- Update to version 0.18.0: + Fix use of trust module with gcr and empathy (fdo#62896). + Further tweaks to trust module date parsing. + Fix unaligned memory reads (fdo#62819). + Win32 fixes (fdo#63062, fdo#63046). + Debug and logging tweaks (fdo#62874). + Other build fixes.
* Thu Mar 28 2013 zaitorAATTopensuse.org- Update to version 0.17.5: + Don\'t try to guess at overflowing time values on 32-bit systems (fdo#62825). + Test fixes (fdo#927394).
* Thu Mar 21 2013 dimstarAATTopensuse.org- Update to version 0.17.4: + Check for duplicate certificates in a token, warn and discard (fdo#62548). + Implement a proper index so we have decent load performance.
* Wed Mar 20 2013 dimstarAATTopensuse.org- Update to version 0.17.3: + Use descriptive labels for the trust module tokens (fdo#62534). + Remove the temporary built in distrust objects. + Make extracted output directories and files read-only (fdo#61898). + Don\'t export unneccessary ABI. + Build fixes (fdo#62479).
* Tue Mar 19 2013 dimstarAATTopensuse.org- Update to version 0.17.2: + Fix build on 32-bit linux. + Fix several crashers.- Changes from version 0.17.1: + Support a p11-kit specific PKCS#11 attribute persistance format (fdo#62156). + Use the SHA1 hash of SPKI as the CKA_ID in the trust module by default (fdo#62329). + Refactor a trust builder which builds objects out of parsed data (fdo#62329). + Combine trust policy when extracting certificates (fdo#61497). + The extract --comment option adds comments to PEM bundles (fdo#62029). + A new \'priority\' config option for ordering modules (fdo#61978). + Make each configured path its own trust module token (fdo#61499). + Use --with-trust-paths to configure trust module (fdo#62327). + Fix bug decoding some PEM files. + Better debug output for trust module lookups. + Work around bug in NSS when doing serial number lookups. + Work around broken strndup() function in firefox. + Fix the nickname for the distrusted attribute. + Build fixes.- Add ca-certificates BuildRequires: needed to find the location of the root certificates.
* Thu Mar 14 2013 dimstarAATTopensuse.org- Update to version 0.16.4: + Display per command help again (fdo#62153). + Don\'t always print tools debug output (fdo#62152).- Changes from version 0.16.3: + When iterating don\'t skip tokens without the CKF_TOKEN_INITIALIZED flag. + Hardcode some distrust records for NSS temporarily. + Parse global options better in the p11-kit command. + Better debugging.- Changes from version 0.16.2: + Fix regression in \'p11-kit extract --purpose\' option (fdo#62009) + Documentation updates + Build fixes (fdo#62001).- Changes from version 0.16.1: + Don\'t break when cA field of BasicConstraints is missing (fdo#61975). + Documentation fixes and updates. + p11-kit extract-trust is a placeholder script now.
* Tue Mar 05 2013 dimstarAATTopensuse.org- Update to version 0.16.0: + Update the pkcs11.h header for new mechanisms + Fix build and tests on mingw64 (ie: win32) + Relicense LGPL code to BSD license + Documentation tweaks + Bugs fixed: fdo#61739, fdo#60894, fdo#61740, fdo#60792 + Updated translations.- Changes from version 0.15.2: + Better define the libtasn1 dependency. + Crasher and bug fixes. + Build fixes. + Updated translations.- Changes from version 0.15.1: + Fix some memory leaks. + Add a location for packages to drop module configs. + Documentation updates and fixes. + Add command line tool manual page. + Remove unused err() function and friends. + Move more code into common/ directory and refactor. + Add a system trust policy module. + Refactor how the p11-kit command line tool works. + Add p11-kit extract and extract-trust commands. + Don\'t complain if we cannot access ~/.pkcs11/pkcs11.conf. + Refuse to load the p11-kit-proxy.so as a registered module. + Don\'t fail initialization if last initialized module fails.
* Fri Sep 07 2012 dimstarAATTopensuse.org- Update to version 0.14: + Change default for user-config to merge + Always URI-encode the \'id\' attribute in PKCS#11 URIs + Expect a .module extension on module configs + Windows compatibility fixes + Testing fixes + Build fixes
* Mon Jul 23 2012 zaitorAATTopensuse.org- Update to version 0.13: + Don\'t allow reading of PIN files larger than 4096 bytes + If a module is not marked as critical then ignore init failure + Use preconditions to check for input problems and out of memory + Add enable-in and disable-in options to module config + Fix the flags in pin.h + Use gcc extensions to check varargs during compile + Fix crasher when a duplicate module is present + Fix broken hashmap behavior + Testing fixes + Win32 build fixes + \'p11-kit -h\' now works + Documentation fixes
* Fri Mar 09 2012 dimstarAATTopensuse.org- Update to version 0.12: + Build fix.
* Fri Feb 10 2012 vuntzAATTopensuse.org- Update to version 0.11: + Remove automatic reinitialization of PKCS#11 after fork
* Wed Jan 04 2012 vuntzAATTopensuse.org- Update to version 0.10: + Build fixes, for windows, gcc 4.6.1.
* Tue Nov 15 2011 dimstarAATTopensuse.org- Update to version 0.9: + p11-kit can\'t be used as a static library. + Fix problems crashing when freeing TLS on windows. + Add debug output to windows init and uninit of library. +.Build fixes, especially for windows
* Thu Oct 27 2011 dimstarAATTopensuse.org- Update to version 0.8: + Rename non-static functions to have a _p11_xxx prefix + No concurrent calling of C_Initialize and C_Finalize + Print more information in \'p11-kit -l\' + Initial port to win32 + Build and testing fixes.
* Tue Sep 27 2011 vuntzAATTopensuse.org- Update to version 0.7: + Expand p11-kit config variables correctly in various build scenarios + Add test tool to print out error messages + Build fix on FreeBSD
* Thu Sep 15 2011 vuntzAATTopensuse.org- Update to version 0.6: + Add concept of a default module directory from which modules with relative paths are loaded. + Renamed pkg-config variables to make it clearer what\'s what.
* Fri Sep 02 2011 vuntzAATTopensuse.org- Update to version 0.5: + Fix crasher in p11_kit_registered_modules() + Add \'critical\' setting for modules, which defaults to \'no\' + Fix initialization issues in the proxy module
* Fri Aug 19 2011 dimstarAATTopensuse.org- Update to version 0.4: + Fix endless loop if module forks during initialization + Update PKCS#11 URI code for new draft of spec + Don\'t fail when duplicate modules are configured + Better debug output + Add example configuration documentation + Support whitespace in PKCS#11 URIs- Move the p11-kit.conf.example to the doc folder.
* Sat Jul 30 2011 vuntzAATTopensuse.org- Update to version 0.3: + Rewrite hash table, and simplify licensing. + Correct paths for p11-kit config files. + Many build fixes and tweaks.- Remove Apache-2 part from License tag, as the code was rewritten.
* Mon Jul 25 2011 vuntzAATTopensuse.org- Initial package (version 0.2).
  
ICM