Subject: CVS commit: pkgsrc/security/p11-kit
From: Ryo ONODERA
Date: 2016-03-13 04:10:36
Message id: 20160313031036.7BF59FBB7@cvs.NetBSD.org

Log Message:
Update to 0.22.1

Changelog:
0.22.1 (stable)
 * Use SubjectKeyIdentifier for CKA_ID when available [#84761]
 * Allow 'BEGIN PuBLIC KEY' PEM blocks in .p11-kit files
 * Bump libtool library version
 * Build fixes [#84665 ...]

0.22.0 (stable)
 * Remove the 'isolated = yes' option due to unclear semantics
   replacement forth coming in later versions.
 * Use secure_getenv() where necessary
 * Run separate binary for 'p11-kit remote' command

0.21.3 (unstable)
 * New public pkcs11x.h header containing extensions [#83495]
 * Export necessary defines to lookup attached extensions [#83495]
 * Use term 'attached extensions' rather than 'stabled extensions'
 * Make proxy module respect 'critical = no' [#83651]
 * Show public-key-info in 'trust list --details'
 * Build fixes [#75674 ...]

0.21.2 (unstable)
 * Don't use invalid keys for looking up stapled extensions [#82328]
 * Better error messages when invalid certificate extensions
 * Fix parsing of some odd OpenSSL TRUSTED CERTIFICATE files
 * Fix some leaks, and memory issues
 * Silence some clang scanner warnings
 * Fix build against older pthread implementations [#82617]
 * Move to a non-recursive Makefile
 * Can now specify which tests to run on command line

0.21.1 (unstable)
 * Add new 'isolate' pkcs11 config option [#80472]
 * Add 'p11-kit remote' command for isolating modules [#54105]
 * Don't complain about C_Finalize after a fork
 * Other minor fixes

0.20.3 (stable)
 * Fix problems reinitializing managed modules after fork
 * Fix bad bookeeping when fail initializing one of the modules
 * Fix case where module would be unloaded while in use [#74919]
 * Remove assertions when module used before initialized [#74919]
 * Fix handling of mmap failure and mapping empty files [#74773]
 * Stable p11_kit_be_quiet() and p11_kit_be_loud() functions
 * Require automake 1.12 or later
 * Build fixes for Windows [#76594 #74149]

0.20.2 (stable)
 * Fix bug where blacklist didn't affect extracted ca-anchors if the anchor
   and blacklist were not in the same trust path (regression) [#73558]
 * Check for race in BasicConstraints stapled extension [#69314]
 * autogen.sh now runs configure as srcdir != builddir by default
 * Build fixes and cleanup

0.20.1 (stable)
 * Extract compat trust data after we've changes
 * Skip compat extraction if running as non-root
 * Better failure messages when removing anchors
 * Build cleanup

0.20.0 (stable)
 * Doc fixes

0.19.4 (unstable)
 * 'trust anchor' now adds/removes certificate anchors
 * 'trust list' lists trust policy stuff
 * 'p11-kit extract' is now 'trust extract'
 * 'p11-kit extract-trust' is now 'trust extract-compat'
 * Workarounds for working on broken zfsonlinux.org [#68525]
 * Add --with-module-config parameter to the configure script [#68122]
 * Add support for removing stored PKCS#11 objects in trust module
 * Various debugging tweaks

0.19.3 (unstable)
 * Fix up problems with automake testing
 * Fix a bunch of memory leaks in newly refactored code
 * Don't use _GNU_SOURCE and the unportability it brings
 * Testing fixes

0.19.2 (unstable)
 * Add basic 'trust anchor' command to store a new anchor
 * Support for writing out trust token objects
 * Port to use CKA_PUBLIC_KEY_INFO and updated trust store spec
 * Add option to use freebl for hashing
 * Implement reloading of token data
 * Fix warnings and possible minor bugs higlighted by code scanners
 * Don't load configs in home directories when running setuid or setgid
 * Support treating ~/.config as $XDG_CONFIG_HOME
 * Use $XDG_DATA_HOME/pkcs11 as default user config directory
 * Use $TMPDIR instead of $TEMP while testing
 * Open files and fds with O_CLOEXEC
 * Abort initialization if a critical module fails to load
 * Don't use thread-unsafe functions: strerror, getpwuid
 * Fix p11_kit_space_strlen() result when empty string
 * Refactoring of where various components live
 * Build fixes

0.19.1 (unstable)
 * Refactor API to be able to handle managed modules
 * Deprecate much of old p11-kit API
 * Implement concept of managed modules
 * Make C_CloseAllSessions function work for multiple callers
 * New dependency on libffi
 * Fix possible threading problems reported by hellgrind
 * Add log-calls option
 * Mark p11_kit_message() as a stable function
 * Use our own unit testing framework

0.18.3 (stable)
 * Fix reinitialization of trust module [#65401]
 * Fix crash in trust module C_Initialize
 * Mac OS fixes [#57714]

0.18.2 (stable)
 * Build fixes [#64378 ...]

0.18.1 (stable)
 * Put the external tools in $libdir/p11-kit
 * Documentation build fixes

0.18.0 (stable)
 * Fix use of trust module with gcr and empathy [#62896]
 * Further tweaks to trust module date parsing
 * Fix unaligned memory reads [#62819]
 * Win32 fixes [#63062, #63046]
 * Debug and logging tweaks [#62874]
 * Other build fixes

0.17.5 (unstable)
 * Don't try to guess at overflowing time values on 32-bit systems [#62825]
 * Test fixes [#927394]

0.17.4 (unstable)
 * Check for duplicate certificates in a token, warn and discard [#62548]
 * Implement a proper index so we have decent load performance

0.17.3 (unstable)
 * Use descriptive labels for the trust module tokens [#62534]
 * Remove the temporary built in distrust objects
 * Make extracted output directories and files read-only [#61898]
 * Don't export unneccessary ABI
 * Build fixes [#62479]

0.17.2 (unstable)
 * Fix build on 32-bit linux
 * Fix several crashers

0.17.1 (unstable)
 * Support a p11-kit specific PKCS#11 attribute persistance format [#62156]
 * Use the SHA1 hash of SPKI as the CKA_ID in the trust module by default [#62329]
 * Refactor a trust builder which builds objects out of parsed data [#62329]
 * Combine trust policy when extracting certificates [#61497]
 * The extract --comment option adds comments to PEM bundles [#62029]
 * A new 'priority' config option for ordering modules [#61978]
 * Make each configured path its own trust module token [#61499]
 * Use --with-trust-paths to configure trust module [#62327]
 * Fix bug decoding some PEM files
 * Better debug output for trust module lookups
 * Work around bug in NSS when doing serial number lookups
 * Work around broken strndup() function in firefox
 * Fix the nickname for the distrusted attribute
 * Build fixes

0.16.4 (stable)
 * Display per command help again [#62153]
 * Don't always print tools debug output [#62152]

0.16.3 (stable)
 * When iterating don't skip tokens without the CKF_TOKEN_INITIALIZED flag
 * Hardcode some distrust records for NSS temporarily
 * Parse global options better in the p11-kit command
 * Better debugging

0.16.2 (stable)
 * Fix regression in 'p11-kit extract --purpose' option [#62009]
 * Documentation updates
 * Build fixes [#62001, ...]

0.16.1 (stable)
 * Don't break when cA field of BasicConstraints is missing [#61975]
 * Documentation fixes and updates
 * p11-kit extract-trust is a placeholder script now

0.16.0 (stable)
 * Update the pkcs11.h header for new mechanisms
 * Fix build and tests on mingw64 (ie: win32)
 * Relicense LGPL code to BSD license
 * Documentation tweaks
 * Pull translations from Transifex [#60792]
 * Build fixes [#61739, #60894, #61740]

0.15.2 (unstable)
 * Add German and Finish translations
 * Better define the libtasn1 dependency
 * Crasher and bug fixes
 * Build fixes

0.15.1 (unstable)
 * Fix some memory leaks
 * Add a location for packages to drop module configs
 * Documentation updates and fixes
 * Add command line tool manual page
 * Remove unused err() function and friends
 * Move more code into common/ directory and refactor
 * Add a system trust policy module
 * Refactor how the p11-kit command line tool works
 * Add p11-kit extract and extract-trust commands
 * Don't complain if we cannot access ~/.pkcs11/pkcs11.conf
 * Refuse to load the p11-kit-proxy.so as a registered module
 * Don't fail initialization if last initialized module fails

0.14
 * Change default for user-config to merge
 * Always URI-encode the 'id' attribute in PKCS#11 URIs
 * Expect a .module extension on module configs
 * Windows compatibility fixes
 * Testing fixes
 * Build fixes

0.13
 * Don't allow reading of PIN files larger than 4096 bytes
 * If a module is not marked as critical then ignore init failure
 * Use preconditions to check for input problems and out of memory
 * Add enable-in and disable-in options to module config
 * Fix the flags in pin.h
 * Use gcc extensions to check varargs during compile
 * Fix crasher when a duplicate module is present
 * Fix broken hashmap behavior
 * Testing fixes
 * Win32 build fixes
 * 'p11-kit -h' now works
 * Documentation fixes

0.12
 * Build fix

0.11
 * Remove automatic reinitialization of PKCS#11 after fork

Files:
RevisionActionfile
1.3modifypkgsrc/security/p11-kit/Makefile
1.2modifypkgsrc/security/p11-kit/PLIST
1.3modifypkgsrc/security/p11-kit/distinfo
1.1addpkgsrc/security/p11-kit/patches/patch-Makefile.in
1.1.1.1removepkgsrc/security/p11-kit/patches/patch-aa