Path to this page:
Subject: CVS commit: pkgsrc/security/p11-kit
From: Ryo ONODERA
Date: 2016-03-13 04:10:36
Message id: 20160313031036.7BF59FBB7@cvs.NetBSD.org
Log Message:
Update to 0.22.1
Changelog:
0.22.1 (stable)
* Use SubjectKeyIdentifier for CKA_ID when available [#84761]
* Allow 'BEGIN PuBLIC KEY' PEM blocks in .p11-kit files
* Bump libtool library version
* Build fixes [#84665 ...]
0.22.0 (stable)
* Remove the 'isolated = yes' option due to unclear semantics
replacement forth coming in later versions.
* Use secure_getenv() where necessary
* Run separate binary for 'p11-kit remote' command
0.21.3 (unstable)
* New public pkcs11x.h header containing extensions [#83495]
* Export necessary defines to lookup attached extensions [#83495]
* Use term 'attached extensions' rather than 'stabled extensions'
* Make proxy module respect 'critical = no' [#83651]
* Show public-key-info in 'trust list --details'
* Build fixes [#75674 ...]
0.21.2 (unstable)
* Don't use invalid keys for looking up stapled extensions [#82328]
* Better error messages when invalid certificate extensions
* Fix parsing of some odd OpenSSL TRUSTED CERTIFICATE files
* Fix some leaks, and memory issues
* Silence some clang scanner warnings
* Fix build against older pthread implementations [#82617]
* Move to a non-recursive Makefile
* Can now specify which tests to run on command line
0.21.1 (unstable)
* Add new 'isolate' pkcs11 config option [#80472]
* Add 'p11-kit remote' command for isolating modules [#54105]
* Don't complain about C_Finalize after a fork
* Other minor fixes
0.20.3 (stable)
* Fix problems reinitializing managed modules after fork
* Fix bad bookeeping when fail initializing one of the modules
* Fix case where module would be unloaded while in use [#74919]
* Remove assertions when module used before initialized [#74919]
* Fix handling of mmap failure and mapping empty files [#74773]
* Stable p11_kit_be_quiet() and p11_kit_be_loud() functions
* Require automake 1.12 or later
* Build fixes for Windows [#76594 #74149]
0.20.2 (stable)
* Fix bug where blacklist didn't affect extracted ca-anchors if the anchor
and blacklist were not in the same trust path (regression) [#73558]
* Check for race in BasicConstraints stapled extension [#69314]
* autogen.sh now runs configure as srcdir != builddir by default
* Build fixes and cleanup
0.20.1 (stable)
* Extract compat trust data after we've changes
* Skip compat extraction if running as non-root
* Better failure messages when removing anchors
* Build cleanup
0.20.0 (stable)
* Doc fixes
0.19.4 (unstable)
* 'trust anchor' now adds/removes certificate anchors
* 'trust list' lists trust policy stuff
* 'p11-kit extract' is now 'trust extract'
* 'p11-kit extract-trust' is now 'trust extract-compat'
* Workarounds for working on broken zfsonlinux.org [#68525]
* Add --with-module-config parameter to the configure script [#68122]
* Add support for removing stored PKCS#11 objects in trust module
* Various debugging tweaks
0.19.3 (unstable)
* Fix up problems with automake testing
* Fix a bunch of memory leaks in newly refactored code
* Don't use _GNU_SOURCE and the unportability it brings
* Testing fixes
0.19.2 (unstable)
* Add basic 'trust anchor' command to store a new anchor
* Support for writing out trust token objects
* Port to use CKA_PUBLIC_KEY_INFO and updated trust store spec
* Add option to use freebl for hashing
* Implement reloading of token data
* Fix warnings and possible minor bugs higlighted by code scanners
* Don't load configs in home directories when running setuid or setgid
* Support treating ~/.config as $XDG_CONFIG_HOME
* Use $XDG_DATA_HOME/pkcs11 as default user config directory
* Use $TMPDIR instead of $TEMP while testing
* Open files and fds with O_CLOEXEC
* Abort initialization if a critical module fails to load
* Don't use thread-unsafe functions: strerror, getpwuid
* Fix p11_kit_space_strlen() result when empty string
* Refactoring of where various components live
* Build fixes
0.19.1 (unstable)
* Refactor API to be able to handle managed modules
* Deprecate much of old p11-kit API
* Implement concept of managed modules
* Make C_CloseAllSessions function work for multiple callers
* New dependency on libffi
* Fix possible threading problems reported by hellgrind
* Add log-calls option
* Mark p11_kit_message() as a stable function
* Use our own unit testing framework
0.18.3 (stable)
* Fix reinitialization of trust module [#65401]
* Fix crash in trust module C_Initialize
* Mac OS fixes [#57714]
0.18.2 (stable)
* Build fixes [#64378 ...]
0.18.1 (stable)
* Put the external tools in $libdir/p11-kit
* Documentation build fixes
0.18.0 (stable)
* Fix use of trust module with gcr and empathy [#62896]
* Further tweaks to trust module date parsing
* Fix unaligned memory reads [#62819]
* Win32 fixes [#63062, #63046]
* Debug and logging tweaks [#62874]
* Other build fixes
0.17.5 (unstable)
* Don't try to guess at overflowing time values on 32-bit systems [#62825]
* Test fixes [#927394]
0.17.4 (unstable)
* Check for duplicate certificates in a token, warn and discard [#62548]
* Implement a proper index so we have decent load performance
0.17.3 (unstable)
* Use descriptive labels for the trust module tokens [#62534]
* Remove the temporary built in distrust objects
* Make extracted output directories and files read-only [#61898]
* Don't export unneccessary ABI
* Build fixes [#62479]
0.17.2 (unstable)
* Fix build on 32-bit linux
* Fix several crashers
0.17.1 (unstable)
* Support a p11-kit specific PKCS#11 attribute persistance format [#62156]
* Use the SHA1 hash of SPKI as the CKA_ID in the trust module by default [#62329]
* Refactor a trust builder which builds objects out of parsed data [#62329]
* Combine trust policy when extracting certificates [#61497]
* The extract --comment option adds comments to PEM bundles [#62029]
* A new 'priority' config option for ordering modules [#61978]
* Make each configured path its own trust module token [#61499]
* Use --with-trust-paths to configure trust module [#62327]
* Fix bug decoding some PEM files
* Better debug output for trust module lookups
* Work around bug in NSS when doing serial number lookups
* Work around broken strndup() function in firefox
* Fix the nickname for the distrusted attribute
* Build fixes
0.16.4 (stable)
* Display per command help again [#62153]
* Don't always print tools debug output [#62152]
0.16.3 (stable)
* When iterating don't skip tokens without the CKF_TOKEN_INITIALIZED flag
* Hardcode some distrust records for NSS temporarily
* Parse global options better in the p11-kit command
* Better debugging
0.16.2 (stable)
* Fix regression in 'p11-kit extract --purpose' option [#62009]
* Documentation updates
* Build fixes [#62001, ...]
0.16.1 (stable)
* Don't break when cA field of BasicConstraints is missing [#61975]
* Documentation fixes and updates
* p11-kit extract-trust is a placeholder script now
0.16.0 (stable)
* Update the pkcs11.h header for new mechanisms
* Fix build and tests on mingw64 (ie: win32)
* Relicense LGPL code to BSD license
* Documentation tweaks
* Pull translations from Transifex [#60792]
* Build fixes [#61739, #60894, #61740]
0.15.2 (unstable)
* Add German and Finish translations
* Better define the libtasn1 dependency
* Crasher and bug fixes
* Build fixes
0.15.1 (unstable)
* Fix some memory leaks
* Add a location for packages to drop module configs
* Documentation updates and fixes
* Add command line tool manual page
* Remove unused err() function and friends
* Move more code into common/ directory and refactor
* Add a system trust policy module
* Refactor how the p11-kit command line tool works
* Add p11-kit extract and extract-trust commands
* Don't complain if we cannot access ~/.pkcs11/pkcs11.conf
* Refuse to load the p11-kit-proxy.so as a registered module
* Don't fail initialization if last initialized module fails
0.14
* Change default for user-config to merge
* Always URI-encode the 'id' attribute in PKCS#11 URIs
* Expect a .module extension on module configs
* Windows compatibility fixes
* Testing fixes
* Build fixes
0.13
* Don't allow reading of PIN files larger than 4096 bytes
* If a module is not marked as critical then ignore init failure
* Use preconditions to check for input problems and out of memory
* Add enable-in and disable-in options to module config
* Fix the flags in pin.h
* Use gcc extensions to check varargs during compile
* Fix crasher when a duplicate module is present
* Fix broken hashmap behavior
* Testing fixes
* Win32 build fixes
* 'p11-kit -h' now works
* Documentation fixes
0.12
* Build fix
0.11
* Remove automatic reinitialization of PKCS#11 after fork
Files: