Log message:
Update to 0.22.1

Changelog:
0.22.1 (stable)
 * Use SubjectKeyIdentifier for CKA_ID when available [#84761]
 * Allow 'BEGIN PuBLIC KEY' PEM blocks in .p11-kit files
 * Bump libtool library version
 * Build fixes [#84665 ...]

0.22.0 (stable)
 * Remove the 'isolated = yes' option due to unclear semantics
   replacement forth coming in later versions.
 * Use secure_getenv() where necessary
 * Run separate binary for 'p11-kit remote' command

0.21.3 (unstable)
 * New public pkcs11x.h header containing extensions [#83495]
 * Export necessary defines to lookup attached extensions [#83495]
 * Use term 'attached extensions' rather than 'stabled extensions'
 * Make proxy module respect 'critical = no' [#83651]
 * Show public-key-info in 'trust list --details'
 * Build fixes [#75674 ...]

0.21.2 (unstable)
 * Don't use invalid keys for looking up stapled extensions [#82328]
 * Better error messages when invalid certificate extensions
 * Fix parsing of some odd OpenSSL TRUSTED CERTIFICATE files
 * Fix some leaks, and memory issues
 * Silence some clang scanner warnings
 * Fix build against older pthread implementations [#82617]
 * Move to a non-recursive Makefile
 * Can now specify which tests to run on command line

0.21.1 (unstable)
 * Add new 'isolate' pkcs11 config option [#80472]
 * Add 'p11-kit remote' command for isolating modules [#54105]
 * Don't complain about C_Finalize after a fork
 * Other minor fixes

0.20.3 (stable)
 * Fix problems reinitializing managed modules after fork
 * Fix bad bookeeping when fail initializing one of the modules
 * Fix case where module would be unloaded while in use [#74919]
 * Remove assertions when module used before initialized [#74919]
 * Fix handling of mmap failure and mapping empty files [#74773]
 * Stable p11_kit_be_quiet() and p11_kit_be_loud() functions
 * Require automake 1.12 or later
 * Build fixes for Windows [#76594 #74149]

0.20.2 (stable)
 * Fix bug where blacklist didn't affect extracted ca-anchors if the anchor
   and blacklist were not in the same trust path (regression) [#73558]
 * Check for race in BasicConstraints stapled extension [#69314]
 * autogen.sh now runs configure as srcdir != builddir by default
 * Build fixes and cleanup

0.20.1 (stable)
 * Extract compat trust data after we've changes
 * Skip compat extraction if running as non-root
 * Better failure messages when removing anchors
 * Build cleanup

0.20.0 (stable)
 * Doc fixes

0.19.4 (unstable)
 * 'trust anchor' now adds/removes certificate anchors
 * 'trust list' lists trust policy stuff
 * 'p11-kit extract' is now 'trust extract'
 * 'p11-kit extract-trust' is now 'trust extract-compat'
 * Workarounds for working on broken zfsonlinux.org [#68525]
 * Add --with-module-config parameter to the configure script [#68122]
 * Add support for removing stored PKCS#11 objects in trust module
 * Various debugging tweaks

0.19.3 (unstable)
 * Fix up problems with automake testing
 * Fix a bunch of memory leaks in newly refactored code
 * Don't use _GNU_SOURCE and the unportability it brings
 * Testing fixes

0.19.2 (unstable)
 * Add basic 'trust anchor' command to store a new anchor
 * Support for writing out trust token objects
 * Port to use CKA_PUBLIC_KEY_INFO and updated trust store spec
 * Add option to use freebl for hashing
 * Implement reloading of token data
 * Fix warnings and possible minor bugs higlighted by code scanners
 * Don't load configs in home directories when running setuid or setgid
 * Support treating ~/.config as $XDG_CONFIG_HOME
 * Use $XDG_DATA_HOME/pkcs11 as default user config directory
 * Use $TMPDIR instead of $TEMP while testing
 * Open files and fds with O_CLOEXEC
 * Abort initialization if a critical module fails to load
 * Don't use thread-unsafe functions: strerror, getpwuid
 * Fix p11_kit_space_strlen() result when empty string
 * Refactoring of where various components live
 * Build fixes

0.19.1 (unstable)
 * Refactor API to be able to handle managed modules
 * Deprecate much of old p11-kit API
 * Implement concept of managed modules
 * Make C_CloseAllSessions function work for multiple callers
 * New dependency on libffi
 * Fix possible threading problems reported by hellgrind
 * Add log-calls option
 * Mark p11_kit_message() as a stable function
 * Use our own unit testing framework

0.18.3 (stable)
 * Fix reinitialization of trust module [#65401]
 * Fix crash in trust module C_Initialize
 * Mac OS fixes [#57714]

0.18.2 (stable)
 * Build fixes [#64378 ...]

0.18.1 (stable)
 * Put the external tools in $libdir/p11-kit
 * Documentation build fixes

0.18.0 (stable)
 * Fix use of trust module with gcr and empathy [#62896]
 * Further tweaks to trust module date parsing
 * Fix unaligned memory reads [#62819]
 * Win32 fixes [#63062, #63046]
 * Debug and logging tweaks [#62874]
 * Other build fixes

0.17.5 (unstable)
 * Don't try to guess at overflowing time values on 32-bit systems [#62825]
 * Test fixes [#927394]

0.17.4 (unstable)
 * Check for duplicate certificates in a token, warn and discard [#62548]
 * Implement a proper index so we have decent load performance

0.17.3 (unstable)
 * Use descriptive labels for the trust module tokens [#62534]
 * Remove the temporary built in distrust objects
 * Make extracted output directories and files read-only [#61898]
 * Don't export unneccessary ABI
 * Build fixes [#62479]

0.17.2 (unstable)
 * Fix build on 32-bit linux
 * Fix several crashers

0.17.1 (unstable)
 * Support a p11-kit specific PKCS#11 attribute persistance format [#62156]
 * Use the SHA1 hash of SPKI as the CKA_ID in the trust module by default [#62329]
 * Refactor a trust builder which builds objects out of parsed data [#62329]
 * Combine trust policy when extracting certificates [#61497]
 * The extract --comment option adds comments to PEM bundles [#62029]
 * A new 'priority' config option for ordering modules [#61978]
 * Make each configured path its own trust module token [#61499]
 * Use --with-trust-paths to configure trust module [#62327]
 * Fix bug decoding some PEM files
 * Better debug output for trust module lookups
 * Work around bug in NSS when doing serial number lookups
 * Work around broken strndup() function in firefox
 * Fix the nickname for the distrusted attribute
 * Build fixes

0.16.4 (stable)
 * Display per command help again [#62153]
 * Don't always print tools debug output [#62152]

0.16.3 (stable)
 * When iterating don't skip tokens without the CKF_TOKEN_INITIALIZED flag
 * Hardcode some distrust records for NSS temporarily
 * Parse global options better in the p11-kit command
 * Better debugging

0.16.2 (stable)
 * Fix regression in 'p11-kit extract --purpose' option [#62009]
 * Documentation updates
 * Build fixes [#62001, ...]

0.16.1 (stable)
 * Don't break when cA field of BasicConstraints is missing [#61975]
 * Documentation fixes and updates
 * p11-kit extract-trust is a placeholder script now

0.16.0 (stable)
 * Update the pkcs11.h header for new mechanisms
 * Fix build and tests on mingw64 (ie: win32)
 * Relicense LGPL code to BSD license
 * Documentation tweaks
 * Pull translations from Transifex [#60792]
 * Build fixes [#61739, #60894, #61740]

0.15.2 (unstable)
 * Add German and Finish translations
 * Better define the libtasn1 dependency
 * Crasher and bug fixes
 * Build fixes

0.15.1 (unstable)
 * Fix some memory leaks
 * Add a location for packages to drop module configs
 * Documentation updates and fixes
 * Add command line tool manual page
 * Remove unused err() function and friends
 * Move more code into common/ directory and refactor
 * Add a system trust policy module
 * Refactor how the p11-kit command line tool works
 * Add p11-kit extract and extract-trust commands
 * Don't complain if we cannot access ~/.pkcs11/pkcs11.conf
 * Refuse to load the p11-kit-proxy.so as a registered module
 * Don't fail initialization if last initialized module fails

0.14
 * Change default for user-config to merge
 * Always URI-encode the 'id' attribute in PKCS#11 URIs
 * Expect a .module extension on module configs
 * Windows compatibility fixes
 * Testing fixes
 * Build fixes

0.13
 * Don't allow reading of PIN files larger than 4096 bytes
 * If a module is not marked as critical then ignore init failure
 * Use preconditions to check for input problems and out of memory
 * Add enable-in and disable-in options to module config
 * Fix the flags in pin.h
 * Use gcc extensions to check varargs during compile
 * Fix crasher when a duplicate module is present
 * Fix broken hashmap behavior
 * Testing fixes
 * Win32 build fixes
 * 'p11-kit -h' now works
 * Documentation fixes

0.12
 * Build fix

0.11
 * Remove automatic reinitialization of PKCS#11 after fork

Log message:
Add SHA512 digests for distfiles for security category

Problems found locating distfiles:
	Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
	Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
	Package libidea: missing distfile libidea-0.8.2b.tar.gz
	Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
	Package uvscan: missing distfile vlp4510e.tar.Z

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.

Log message:
Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.

Log message:
add p11-kit-0.10, a PKCS#11 module manager, needed by gnome3 components