|
|
|
|
Changelog for p11-kit-tools-0.25.3-lp154.69.1.x86_64.rpm :
* Fri Jul 26 2024 Martin Jambor - Added a backport of an upstream commit in p11-kit-d938f4a8a3a2.patch to avoid passing an incompatible pointer type to a function which is an error by default in GCC 14. * Fri Nov 17 2023 Pedro Monreal - Update to 0.25.3: * rpc: fix serialization of NULL mechanism pointer [#601] * fix meson build failure in macOS (appleframeworks not found) [#603] * Thu Nov 02 2023 Pedro Monreal - Update to 0.25.2: * fix error code checking of readpassphrase for --login option [#595] * build fixes [#594] * test fixes [#596] * Fri Oct 27 2023 Pedro Monreal - Update to 0.25.1: * fix probing of C_GetInterface [#535] * p11-kit: add command to list tokens [#581] * p11-kit: add command to list mechanisms supported by a token [#576] * p11-kit: add command to generate private-public keypair on a token [#551, #582] * p11-kit: add commands to import/export certificates and public keys into/from a token [#543, #549, #568, #588] * p11-kit: add commands to list and delete objects of a token [#533, #544, #571] * p11-kit: add --login option to login into a token with object and profile management commands [#587] * p11-kit: adjust behavior of PKCS#11 profile management commands [#558, #560, #583, #591] * p11-kit: print PKCS#11 URIs in list-modules [#532] * bug and build fixes [#528 #529, #534, #537, #540, #541, #545, [#547], #550, #557, #572, #575, #579, #585, #586, #590] * test fixes [#553, #580] * Remove patch fixed upstream: - d1d4b0ac316a27c739ff91e6c4153f1154e96e5a.patch * Wed Sep 20 2023 Bjørn Lie - Add d1d4b0ac316a27c739ff91e6c4153f1154e96e5a.patch: Fix probing of C_GetInterface. * Wed Sep 20 2023 Pedro Monreal - Update to 0.25.0: * add PKCS#11 3.0 support * add support for profile objects * add ability to adjust module and config paths at run-time via system environmental exports * make terminal output nicer * p11-kit: add command to print merged configuration * p11-kit: add commands to list, add and delete profiles of a token * trust: add command to check format of .p11-kit files * virtual: fix libffi type signatures for PKCS#11 3.0 functions * server: fix umask setting when --group is specified * server: check SHELL only when neither --sh nor --csh is specified * rpc: use space string in C_InitToken * rpc: fix two off-by-one errors identified by asan * modules: make logging message more translatable * pkcs11.h: support CRYPTOKI_GNU for IBM vendor mechanisms * pkcs11.h: add IBM specific mechanism and attributes * pkcs11.h: add ChaCha20/Salsa20 and Poly1305 mechanisms * pkcs11.h: add AES-GCM mechanism parameters for message-based encryption * po: update translations from Transifex- Update upstream p11-kit.keyring file- Add missing lang files- Switch to using Meson as the build system * Mon Aug 08 2022 Dirk Müller - skip testsuite on qemu arches, it fails * Wed Mar 09 2022 Ludwig Nussel - make sure p11-kit components have matching versions (boo#1196812) * Tue Jan 25 2022 Bjørn Lie - Update to version 0.24.1: * rpc: Support protocol version negotiation. * proxy: Support copying attribute array recursively. * Link libp11-kit so that it cannot unload. * Translation improvements. * Build fixes. * Fri Dec 17 2021 Bjørn Lie - Update to version 0.24.0: * Use inclusive language on certificate distrust. Note: This changes the directory and attribute names to distrust certain CAs to \"blocklist\". * Fix issues spotted by coverity and ASan. * Integrate gettext with tools more tightly. * rpc: Forbid use of array of attributes. * Build fixes.- Change dirs from blacklist to blocklist ref upstream changes. * Mon Dec 13 2021 Ludwig Nussel - Enable systemd support * Sun Jan 17 2021 Dirk Müller - update to 0.23.22 (bsc#1180064, bsc#1180065, bsc#1180066, jsc#SLE-18495): * Fix memory-safety issues that affect the RPC protocol (CVE-2020-29361, CVE-2020-29362, and CVE-2020-29363), discovered and fixed by David Cook * anchor: Prefer persistent format when storing anchor [PR#329] * common: Fix infloop in p11_path_build [PR#326, PR#327] * proxy: C_CloseAllSessions: Make sure that calloc args are non-zero [PR#325] * common: Check for a NULL locale before freeing it [PR#321] * proxy: Do not assign duplicate slot IDs [PR#282] * common: Get program name based on executable path if possible [PR#307] * anchor: Exit with non-zero code, if any error occurs [PR#304] * Build and test fixes * Mon Oct 05 2020 Ludwig Nussel - avoid bareword to fix build failure * Wed Apr 15 2020 Martin Pluskal - Update to version 0.23.20: * Revert \"Fix RPC when length-s are 0\" changes [PR#276]- Changes for version 0.23.19: * common: add Russian PKCS#11 extensions to pkcs11x.h header [PR#255] * Add simple bash completion for provided commands [PR#258] * Unbreak list matching in enable-in and disable-in [PR#262] * Fix RPC when length-s are 0 [PR#259] * rpc: Add vsock transport support [PR#270] * trust: Support CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER [PR#265] * Build fixes [PR#271, PR#272, PR#273, ...]- Changes for version 0.23.18: * rpc: Allow empty CK_DATE value [PR#253] * build: Meson fixes [PR#245] * build: Adjust feature parity between meson and autotools [PR#247]- Changes for version 0.23.17: * common: Fix uClibc-ng compilation [PR#237] * trust: do not allow daylight to invalidate date validation [PR#236] * build: Port to meson build system [PR#231, PR#234] * rpc: On UNIX wait on condition variable instead of FD if header is for a different thread [PR#232] * doc: Add \'server\' command in help [PR#229] * Build and test fixes [PR#230]- Changes for version 0.23.16: * proxy: Support C_WaitForSlotEvent() if CKF_DONT_BLOCK is specified [PR#225] * conf: Ignore user configuration if the program is running as root [PR#226] * proxy: Refresh slot list on every C_GetSlotList call [PR#224] * modules: Fix index used in call to p11_dict_remove() [PR#219] * Fix Win32 p11_dl_error crash [PR#218] * modules: check gl.modules before iterates on it when freeing [PR#217] * trust: Ignore unreadable content in anchors [PR#215] * extract-jks: Prefer _p11_extract_jks_timestamp to SOURCE_DATE_EPOCH [PR#213]- Changes for version 0.23.15: * trust: Improve error handling if backed trust file is corrupted [PR#206] * url: Prefer upper-case letters in hex characters when encoding [PR#193] * trust/extract-jks.c: also honor SOURCE_DATE_EPOCH time [PR#202] * virtual: Prefer fixed closures to libffi closures [PR#196] * Fix issues spotted by coverity and cppcheck [PR#194, PR#204] * Build and test fixes [PR#164, PR#191, PR#199, PR#201]- Changes for version 0.23.14: * proxy: Avoid invalid memory access when unloading proxy module [PR#180] * Update pkcs11 header to allow SoftHSMv2 to compile [PR#181] * build: Restore libpthread dependency [PR#183] * Build fixes [PR#188]- Changes for version 0.23.13: * server: Enable socket activation through systemd [PR#173] * rpc-server: p11_kit_remote_serve_tokens: Allow exporting all modules [PR#174] * proxy: Fail early if there is no slot mapping [PR#175] * Remove hard dependency on libpthread [PR#177] * Build fixes [PR#170, PR#176]- Remove obsolete patches: * 0001-Support-loading-new-NSS-attribute-CKA_NSS_MOZILLA_CA.patch * 0001-Fix-a-typo-in-x-cetrificate-value-see-also-https-bug.patch * Mon Dec 23 2019 Ludwig Nussel - Also build documentation (boo#1013125) * Fri Nov 15 2019 Ludwig Nussel - support loading NSS attribute CKA_NSS_MOZILLA_CA_POLICY so Firefox detects built in certificates (boo#1154871, 0001-Fix-a-typo-in-x-cetrificate-value-see-also-https-bug.patch, 0001-Support-loading-new-NSS-attribute-CKA_NSS_MOZILLA_CA.patch) * Fri May 10 2019 Dominique Leuenberger - Move RPM macros to %_rpmmacrodir. * Fri Jun 15 2018 fezhangAATTsuse.com- New version 0.23.12 * Fix compile error when PKCS#11 GNU calling convention enabled- Changelog from version 0.23.11 * trust: Add extractor for edk2/cacerts.bin * modules: Add option to control module visibility from proxy * trust: Prevent trust module being loaded by proxy module * library: Use dedicated locale object for printing error * Treat CKR_CRYPTOKI_ALREADY_INITIALIZED correctly * Improve const correctness for P11KitUri * PKCS#11 URI scheme comparison is now case insensitive- Drop p11-kit-biarch.patch: Obsolete since 0.23.10 * Tue Mar 27 2018 lnusselAATTsuse.de- New version 0.23.10 * New p11-kit server command * The trust policy module now recognizes CKA_NSS_MOZILLA_CA_POLICY attribute * New trust dump command * New envvar P11_KIT_NO_USER_CONFIG to stop looking at user configurations * trust: Respect anyExtendedKeyUsage in CA certificates * Support x-init-reserved argument of C_Initialize() in remote modules * install private executables in libexecdir, obsoletes p11-kit-biarch.patch- new server subpackage- change keyring to new maintainer Daiki Ueno- Changes for version 0.23.9 * Fix p11-kit server regressions [PR#103, PR#104] * trust: Respect anyExtendedKeyUsage in CA certificates [PR#99] * Build fixes related to reallocarray [PR#96, PR#98, PR#100]- Changes for version 0.23.8 * Improve vendor query attributes handling in PKCS#11 URI [PR#92] * Add OTP and GOST mechanisms to pkcs11.h [PR#90, PR#91] * New envvar P11_KIT_NO_USER_CONFIG to stop looking at user configurations [PR#87] * Build fixes for Solaris and 32-bit big-endian platforms [PR#81, PR#86]- Changes for version 0.23.7 * Fix memory issues with \"p11-kit server\" [PR#78] * Build fixes [PR#77 ...]- Changes for version 0.23.6 * Port \"p11-kit server\" to Windows and portability fixes of the RPC protocol [PR#67, PR#72, PR#74] * Recover the old behavior of \"trust anchor --remove\" [PR#70, PR#71] * Build fixes [PR#63 ...]- Changes for version 0.23.5 * Fix license notice of common/unix-peer.c [PR#58] * Remove systemd unit files for now [PR#60] * Build fixes for FreeBSD [PR#56]- Changes for version 0.23.4 * Recognize query attributes defined in PKCS#11 URI (RFC7512) [PR#31, PR#37, PR#52] * The trust policy module now recognizes CKA_NSS_MOZILLA_CA_POLICY attribute, used by Firefox [#99453, PR#46] * Add \'trust dump\' command to dump all PKCS#11 objects in the persistence format [PR#44] * New experimental \'p11-kit server\' command that allows PKCS#11 forwarding through a Unix domain socket. A client-side module p11-kit-client.so is also provided [PR#15] * Add systemd unit files for exporting the proxy module through a Unix domain socket [PR#35] * New P11KitIter API to iterate over slots, tokens, and modules in addition to objects [PR#28] * libffi dependency is now optional [PR#9] * Build fixes for FreeBSD, macOS, and Windows [PR#32, PR#39, PR#45]- Changes for version 0.23.3 * Install private executables in libexecdir [fdo#98817] * Fix link error of proxy module on macOS [fdo#98022] * Use new PKCS#11 URI specification for URIs [fdo#97245] * Support x-init-reserved argument of C_Initialize() in remote modules [fdo#80519] * Incorporate changes from PKCS#11 2.40 specification * Bump libtool library version * Documentation fixes * Build fixes [fdo#87192 ...] * Tue Mar 20 2018 kukukAATTsuse.de- Use %license instead of %doc [bsc#1082318] * Tue Nov 22 2016 sbrabecAATTsuse.com- 32-bit compatibility fixes: * Add PKCS11 module to p11-kit-32bit (bsc#996047#c39) * Add p11-kit-nss-trust-32bit NSS module * Fix potential bi-arch issue with private binaries (fdo#98817, p11-kit-biarch.patch) * Mon Feb 08 2016 mpluskalAATTsuse.com- Update to 0.23.2 * Fix forking issues with libffi * Fix various crashes in corner cases * Updated translations * Build fixes- Make building more verbose- Enable tests- Small spec file cleanup with spec-cleaner * Sun Mar 08 2015 p.drouandAATTgmail.com- Update to version 0.23.1 (stable) * Use new PKCS#11 URI draft fields for URIs [fdo#86474 fdo#87582] * Add pem-directory-hash extract format * Build fixes- Remove 0001-trust-allow-to-also-add-openssl-style-hashes-to-pem-d.diff; fixed on upstream release- Remove autoconf, automake and libtool require; unneeded dependencies- Add gtk-doc require; needed to build html documentation- Remove redundant %clean section * Mon Oct 13 2014 lnusselAATTsuse.de- remove patches: * trust-Print-label-of-certificate-when-complaining-.patch * trust-Dont-use-invalid-public-keys-for-looking-up-.patch- new version 0.20.7 (stable) * New public pkcs11x.h header containing extensions [fdo#83495] * Export necessary defines to lookup attached extensions [fdo#83495] * Build fixes- new version 0.20.6 (stable) * Make the p11-kit-proxy.so module respect critical = no [fdo#83651] * Build fix for FreeBSD [fdo#75674]- new version 0.20.5 (stable) * Don\'t use invalid keys for looking up stapled extensions [fdo#82328] * Better error messages when invalid certificate extensions * Fix parsing of some odd OpenSSL TRUSTED CERTIFICATE files * Fix some leaks, and memory issues * Silence some clang scanner warnings- new version 0.20.4 (stable) * Don\'t complain about C_Finalize after a fork * Fix typo
|
|
|