From 63a2e562735e243794caf0509c45af0e17e24c5d1fb599fa3dd89049ba8b0ff0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= <adrian@suse.de>
Date: Fri, 3 May 2024 17:37:57 +0200
Subject: [PATCH] Sync from SUSE:SLFO:Main p11-kit revision
 6971e67d18439e0ba628019b9bf55f91

---
 .gitattributes            |  23 ++
 baselibs.conf             |   9 +
 p11-kit-0.25.3.tar.xz     |   3 +
 p11-kit-0.25.3.tar.xz.sig | Bin 0 -> 119 bytes
 p11-kit.changes           | 728 ++++++++++++++++++++++++++++++++++++++
 p11-kit.keyring           | Bin 0 -> 11688 bytes
 p11-kit.spec              | 210 +++++++++++
 7 files changed, 973 insertions(+)
 create mode 100644 .gitattributes
 create mode 100644 baselibs.conf
 create mode 100644 p11-kit-0.25.3.tar.xz
 create mode 100644 p11-kit-0.25.3.tar.xz.sig
 create mode 100644 p11-kit.changes
 create mode 100644 p11-kit.keyring
 create mode 100644 p11-kit.spec

diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..9b03811
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
diff --git a/baselibs.conf b/baselibs.conf
new file mode 100644
index 0000000..3da805e
--- /dev/null
+++ b/baselibs.conf
@@ -0,0 +1,9 @@
+libp11-kit0
+p11-kit
+    +/usr/lib(64)?/pkcs11/*.so
+    requires "p11-kit = <version>"
+p11-kit-nss-trust
+    +/usr/lib(64)?/*.so
+    requires "p11-kit = <version>"
+    conflicts "mozilla-nss-certs-<targettype>"
+    provides "libnssckbi.so"
diff --git a/p11-kit-0.25.3.tar.xz b/p11-kit-0.25.3.tar.xz
new file mode 100644
index 0000000..acd60d1
--- /dev/null
+++ b/p11-kit-0.25.3.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d8ddce1bb7e898986f9d250ccae7c09ce14d82f1009046d202a0eb1b428b2adc
+size 991528
diff --git a/p11-kit-0.25.3.tar.xz.sig b/p11-kit-0.25.3.tar.xz.sig
new file mode 100644
index 0000000000000000000000000000000000000000000000000000000000000000..517af526be9b9f77d4578cd225a78c7e3b0f3c7bc9ca9600880c034e1e43a033
GIT binary patch
literal 119
zcmeAuWnmEGVvrS6WQlb<&0l81x}4QC>`PVYGLOwam3Ua0QbYFXFmQ1Sz(maUF#Kkj
z_cHtNzcn|e{gn(?G?;Mw>Lwee)V&LLEGg8EjX3h&oRQ(y#n<OKu3!I9C-76>^yB=l
Vgsq&)VpG|VMTB=e%gOIz2LOkPGEo2k

literal 0
HcmV?d00001

diff --git a/p11-kit.changes b/p11-kit.changes
new file mode 100644
index 0000000..5975a28
--- /dev/null
+++ b/p11-kit.changes
@@ -0,0 +1,728 @@
+-------------------------------------------------------------------
+Fri Nov 17 10:11:56 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 0.25.3:
+  * rpc: fix serialization of NULL mechanism pointer [#601]
+  * fix meson build failure in macOS (appleframeworks not found) [#603]
+
+-------------------------------------------------------------------
+Thu Nov  2 08:58:08 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 0.25.2:
+  * fix error code checking of readpassphrase for --login option [#595]
+  * build fixes [#594]
+  * test fixes [#596]
+
+-------------------------------------------------------------------
+Fri Oct 27 12:05:22 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 0.25.1:
+  * fix probing of C_GetInterface [#535]
+  * p11-kit: add command to list tokens [#581]
+  * p11-kit: add command to list mechanisms supported by a token [#576]
+  * p11-kit: add command to generate private-public keypair on a token
+    [#551, #582]
+  * p11-kit: add commands to import/export certificates and public
+    keys into/from a token [#543, #549, #568, #588]
+  * p11-kit: add commands to list and delete objects of a token
+    [#533, #544, #571]
+  * p11-kit: add --login option to login into a token with object
+    and profile management commands [#587]
+  * p11-kit: adjust behavior of PKCS#11 profile management commands
+    [#558, #560, #583, #591]
+  * p11-kit: print PKCS#11 URIs in list-modules [#532]
+  * bug and build fixes [#528 #529, #534, #537, #540, #541, #545,
+    #547, #550, #557, #572, #575, #579, #585, #586, #590]
+  * test fixes [#553, #580]
+  * Remove patch fixed upstream:
+    - d1d4b0ac316a27c739ff91e6c4153f1154e96e5a.patch
+
+-------------------------------------------------------------------
+Wed Sep 20 21:26:03 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>
+
+- Add d1d4b0ac316a27c739ff91e6c4153f1154e96e5a.patch: Fix probing
+  of C_GetInterface.
+
+-------------------------------------------------------------------
+Wed Sep 20 08:49:47 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 0.25.0:
+  * add PKCS#11 3.0 support
+  * add support for profile objects
+  * add ability to adjust module and config paths at run-time via
+    system environmental exports
+  * make terminal output nicer
+  * p11-kit: add command to print merged configuration
+  * p11-kit: add commands to list, add and delete profiles of a token
+  * trust: add command to check format of .p11-kit files
+  * virtual: fix libffi type signatures for PKCS#11 3.0 functions
+  * server: fix umask setting when --group is specified
+  * server: check SHELL only when neither --sh nor --csh is specified
+  * rpc: use space string in C_InitToken
+  * rpc: fix two off-by-one errors identified by asan
+  * modules: make logging message more translatable
+  * pkcs11.h: support CRYPTOKI_GNU for IBM vendor mechanisms
+  * pkcs11.h: add IBM specific mechanism and attributes
+  * pkcs11.h: add ChaCha20/Salsa20 and Poly1305 mechanisms
+  * pkcs11.h: add AES-GCM mechanism parameters for message-based encryption
+  * po: update translations from Transifex
+- Update upstream p11-kit.keyring file
+- Add missing lang files
+- Switch to using Meson as the build system
+
+-------------------------------------------------------------------
+Mon Aug  8 16:03:57 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- skip testsuite on qemu arches, it fails 
+
+-------------------------------------------------------------------
+Wed Mar  9 16:19:28 UTC 2022 - Ludwig Nussel <lnussel@suse.de>
+
+- make sure p11-kit components have matching versions (boo#1196812)
+
+-------------------------------------------------------------------
+Tue Jan 25 10:42:15 UTC 2022 - Bjørn Lie <bjorn.lie@gmail.com>
+
+- Update to version 0.24.1:
+  * rpc: Support protocol version negotiation.
+  * proxy: Support copying attribute array recursively.
+  * Link libp11-kit so that it cannot unload.
+  * Translation improvements.
+  * Build fixes.
+
+-------------------------------------------------------------------
+Fri Dec 17 13:47:17 UTC 2021 - Bjørn Lie <bjorn.lie@gmail.com>
+
+- Update to version 0.24.0:
+  * Use inclusive language on certificate distrust. Note: This
+    changes the directory and attribute names to distrust certain
+    CAs to "blocklist".
+  * Fix issues spotted by coverity and ASan.
+  * Integrate gettext with tools more tightly.
+  * rpc: Forbid use of array of attributes.
+  * Build fixes.
+- Change dirs from blacklist to blocklist ref upstream changes.
+
+-------------------------------------------------------------------
+Mon Dec 13 11:11:31 UTC 2021 - Ludwig Nussel <lnussel@suse.de>
+
+- Enable systemd support
+
+-------------------------------------------------------------------
+Sun Jan 17 23:39:49 UTC 2021 - Dirk Müller <dmueller@suse.com>
+
+- update to 0.23.22 (bsc#1180064, bsc#1180065, bsc#1180066, jsc#SLE-18495):
+ * Fix memory-safety issues that affect the RPC protocol
+   (CVE-2020-29361, CVE-2020-29362, and CVE-2020-29363), discovered
+   and fixed by David Cook
+ * anchor: Prefer persistent format when storing anchor [PR#329]
+ * common: Fix infloop in p11_path_build [PR#326, PR#327]
+ * proxy: C_CloseAllSessions: Make sure that calloc args are non-zero [PR#325]
+ * common: Check for a NULL locale before freeing it [PR#321]
+ * proxy: Do not assign duplicate slot IDs [PR#282]
+ * common: Get program name based on executable path if possible [PR#307]
+ * anchor: Exit with non-zero code, if any error occurs [PR#304]
+ * Build and test fixes
+
+-------------------------------------------------------------------
+Mon Oct  5 13:19:09 UTC 2020 - Ludwig Nussel <lnussel@suse.de>
+
+- avoid bareword to fix build failure
+
+-------------------------------------------------------------------
+Wed Apr 15 07:01:38 UTC 2020 - Martin Pluskal <mpluskal@suse.com>
+
+- Update to version 0.23.20:
+  * Revert "Fix RPC when length-s are 0" changes [PR#276]
+- Changes for version 0.23.19:
+  * common: add Russian PKCS#11 extensions to pkcs11x.h header [PR#255]
+  * Add simple bash completion for provided commands [PR#258]
+  * Unbreak list matching in enable-in and disable-in [PR#262]
+  * Fix RPC when length-s are 0 [PR#259]
+  * rpc: Add vsock transport support [PR#270]
+  * trust: Support CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER [PR#265]
+  * Build fixes [PR#271, PR#272, PR#273, ...]
+- Changes for version 0.23.18:
+  * rpc: Allow empty CK_DATE value [PR#253]
+  * build: Meson fixes [PR#245]
+  * build: Adjust feature parity between meson and autotools [PR#247]
+- Changes for version 0.23.17:
+  * common: Fix uClibc-ng compilation [PR#237]
+  * trust: do not allow daylight to invalidate date validation [PR#236]
+  * build: Port to meson build system [PR#231, PR#234]
+  * rpc: On UNIX wait on condition variable instead of FD if header is for a different thread [PR#232]
+  * doc: Add 'server' command in help [PR#229]
+  * Build and test fixes [PR#230]
+- Changes for version 0.23.16:
+  * proxy: Support C_WaitForSlotEvent() if CKF_DONT_BLOCK is specified [PR#225]
+  * conf: Ignore user configuration if the program is running as root [PR#226]
+  * proxy: Refresh slot list on every C_GetSlotList call [PR#224]
+  * modules: Fix index used in call to p11_dict_remove() [PR#219]
+  * Fix Win32 p11_dl_error crash [PR#218]
+  * modules: check gl.modules before iterates on it when freeing [PR#217]
+  * trust: Ignore unreadable content in anchors [PR#215]
+  * extract-jks: Prefer _p11_extract_jks_timestamp to SOURCE_DATE_EPOCH [PR#213]
+- Changes for version 0.23.15:
+  * trust: Improve error handling if backed trust file is corrupted [PR#206]
+  * url: Prefer upper-case letters in hex characters when encoding [PR#193]
+  * trust/extract-jks.c: also honor SOURCE_DATE_EPOCH time [PR#202]
+  * virtual: Prefer fixed closures to libffi closures [PR#196]
+  * Fix issues spotted by coverity and cppcheck [PR#194, PR#204]
+  * Build and test fixes [PR#164, PR#191, PR#199, PR#201]
+- Changes for version 0.23.14:
+  * proxy: Avoid invalid memory access when unloading proxy module [PR#180]
+  * Update pkcs11 header to allow SoftHSMv2 to compile [PR#181]
+  * build: Restore libpthread dependency [PR#183]
+  * Build fixes [PR#188]
+- Changes for version 0.23.13:
+  * server: Enable socket activation through systemd [PR#173]
+  * rpc-server: p11_kit_remote_serve_tokens: Allow exporting all modules [PR#174]
+  * proxy: Fail early if there is no slot mapping [PR#175]
+  * Remove hard dependency on libpthread [PR#177]
+  * Build fixes [PR#170, PR#176]
+- Remove obsolete patches:
+  * 0001-Support-loading-new-NSS-attribute-CKA_NSS_MOZILLA_CA.patch
+  * 0001-Fix-a-typo-in-x-cetrificate-value-see-also-https-bug.patch
+
+-------------------------------------------------------------------
+Mon Dec 23 11:00:15 UTC 2019 - Ludwig Nussel <lnussel@suse.de>
+
+- Also build documentation (boo#1013125)
+
+-------------------------------------------------------------------
+Fri Nov 15 11:02:43 UTC 2019 - Ludwig Nussel <lnussel@suse.de>
+
+- support loading NSS attribute CKA_NSS_MOZILLA_CA_POLICY so Firefox
+  detects built in certificates (boo#1154871,
+  0001-Fix-a-typo-in-x-cetrificate-value-see-also-https-bug.patch,
+  0001-Support-loading-new-NSS-attribute-CKA_NSS_MOZILLA_CA.patch)
+
+
+-------------------------------------------------------------------
+Fri May 10 09:28:21 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Move RPM macros to %_rpmmacrodir.
+
+-------------------------------------------------------------------
+Fri Jun 15 04:09:24 UTC 2018 - fezhang@suse.com
+
+- New version 0.23.12
+  * Fix compile error when PKCS#11 GNU calling convention enabled
+- Changelog from version 0.23.11
+  * trust: Add extractor for edk2/cacerts.bin
+  * modules: Add option to control module visibility from proxy
+  * trust: Prevent trust module being loaded by proxy module
+  * library: Use dedicated locale object for printing error
+  * Treat CKR_CRYPTOKI_ALREADY_INITIALIZED correctly
+  * Improve const correctness for P11KitUri
+  * PKCS#11 URI scheme comparison is now case insensitive
+- Drop p11-kit-biarch.patch: Obsolete since 0.23.10
+
+-------------------------------------------------------------------
+Tue Mar 27 08:33:43 UTC 2018 - lnussel@suse.de
+
+- New version 0.23.10
+  * New p11-kit server command
+  * The trust policy module now recognizes CKA_NSS_MOZILLA_CA_POLICY attribute
+  * New trust dump command
+  * New envvar P11_KIT_NO_USER_CONFIG to stop looking at user configurations
+  * trust: Respect anyExtendedKeyUsage in CA certificates
+  * Support x-init-reserved argument of C_Initialize() in remote modules
+  * install private executables in libexecdir, obsoletes p11-kit-biarch.patch
+- new server subpackage
+- change keyring to new maintainer Daiki Ueno
+
+- Changes for version 0.23.9
+  * Fix p11-kit server regressions [PR#103, PR#104]
+  * trust: Respect anyExtendedKeyUsage in CA certificates [PR#99]
+  * Build fixes related to reallocarray [PR#96, PR#98, PR#100]
+
+- Changes for version 0.23.8
+  * Improve vendor query attributes handling in PKCS#11 URI [PR#92]
+  * Add OTP and GOST mechanisms to pkcs11.h [PR#90, PR#91]
+  * New envvar P11_KIT_NO_USER_CONFIG to stop looking at user
+    configurations [PR#87]
+  * Build fixes for Solaris and 32-bit big-endian platforms [PR#81, PR#86]
+
+- Changes for version 0.23.7
+  * Fix memory issues with "p11-kit server" [PR#78]
+  * Build fixes [PR#77 ...]
+
+- Changes for version 0.23.6
+  * Port "p11-kit server" to Windows and portability fixes of the RPC
+    protocol [PR#67, PR#72, PR#74]
+  * Recover the old behavior of "trust anchor --remove" [PR#70, PR#71]
+  * Build fixes [PR#63 ...]
+
+- Changes for version 0.23.5
+  * Fix license notice of common/unix-peer.c [PR#58]
+  * Remove systemd unit files for now [PR#60]
+  * Build fixes for FreeBSD [PR#56]
+
+- Changes for version 0.23.4
+  * Recognize query attributes defined in PKCS#11 URI (RFC7512) [PR#31,
+    PR#37, PR#52]
+  * The trust policy module now recognizes CKA_NSS_MOZILLA_CA_POLICY
+    attribute, used by Firefox [#99453, PR#46]
+  * Add 'trust dump' command to dump all PKCS#11 objects in the
+    persistence format [PR#44]
+  * New experimental 'p11-kit server' command that allows PKCS#11
+    forwarding through a Unix domain socket.  A client-side module
+    p11-kit-client.so is also provided [PR#15]
+  * Add systemd unit files for exporting the proxy module through a
+    Unix domain socket [PR#35]
+  * New P11KitIter API to iterate over slots, tokens, and modules in
+    addition to objects [PR#28]
+  * libffi dependency is now optional [PR#9]
+  * Build fixes for FreeBSD, macOS, and Windows [PR#32, PR#39, PR#45]
+
+- Changes for version 0.23.3
+  * Install private executables in libexecdir [fdo#98817]
+  * Fix link error of proxy module on macOS [fdo#98022]
+  * Use new PKCS#11 URI specification for URIs [fdo#97245]
+  * Support x-init-reserved argument of C_Initialize() in remote modules
+    [fdo#80519]
+  * Incorporate changes from PKCS#11 2.40 specification
+  * Bump libtool library version
+  * Documentation fixes
+  * Build fixes [fdo#87192 ...]
+
+-------------------------------------------------------------------
+Tue Mar 20 13:26:02 CET 2018 - kukuk@suse.de
+
+- Use %license instead of %doc [bsc#1082318]
+
+-------------------------------------------------------------------
+Tue Nov 22 14:57:50 CET 2016 - sbrabec@suse.com
+
+- 32-bit compatibility fixes:
+  * Add PKCS11 module to p11-kit-32bit (bsc#996047#c39)
+  * Add p11-kit-nss-trust-32bit NSS module
+  * Fix potential bi-arch issue with private binaries
+    (fdo#98817, p11-kit-biarch.patch)
+
+-------------------------------------------------------------------
+Mon Feb  8 21:25:45 UTC 2016 - mpluskal@suse.com
+
+- Update to 0.23.2
+ * Fix forking issues with libffi
+ * Fix various crashes in corner cases
+ * Updated translations
+ * Build fixes
+- Make building more verbose
+- Enable tests
+- Small spec file cleanup with spec-cleaner
+
+-------------------------------------------------------------------
+Sun Mar  8 18:56:55 UTC 2015 - p.drouand@gmail.com
+
+- Update to version 0.23.1 (stable)
+  * Use new PKCS#11 URI draft fields for URIs [fdo#86474 fdo#87582]
+  * Add pem-directory-hash extract format
+  * Build fixes
+- Remove 0001-trust-allow-to-also-add-openssl-style-hashes-to-pem-d.diff;
+  fixed on upstream release
+- Remove autoconf, automake and libtool require; unneeded dependencies
+- Add gtk-doc require; needed to build html documentation
+- Remove redundant %clean section
+
+-------------------------------------------------------------------
+Mon Oct 13 16:09:09 UTC 2014 - lnussel@suse.de
+
+- remove patches:
+ * trust-Print-label-of-certificate-when-complaining-.patch
+ * trust-Dont-use-invalid-public-keys-for-looking-up-.patch
+
+- new version 0.20.7 (stable)
+ * New public pkcs11x.h header containing extensions [fdo#83495]
+ * Export necessary defines to lookup attached extensions [fdo#83495]
+ * Build fixes
+
+- new version 0.20.6 (stable)
+ * Make the p11-kit-proxy.so module respect critical = no [fdo#83651]
+ * Build fix for FreeBSD [fdo#75674]
+
+- new version 0.20.5 (stable)
+ * Don't use invalid keys for looking up stapled extensions [fdo#82328]
+ * Better error messages when invalid certificate extensions
+ * Fix parsing of some odd OpenSSL TRUSTED CERTIFICATE files
+ * Fix some leaks, and memory issues
+ * Silence some clang scanner warnings
+
+- new version 0.20.4 (stable)
+ * Don't complain about C_Finalize after a fork
+ * Fix typo
+
+-------------------------------------------------------------------
+Fri Aug 29 06:47:50 UTC 2014 - lnussel@suse.de
+
+- new version 0.20.3
+  * Fix problems reinitializing managed modules after fork
+  * Fix bad bookeeping when fail initializing one of the modules
+  * Fix case where module would be unloaded while in use [#74919]
+  * Remove assertions when module used before initialized [#74919]
+  * Fix handling of mmap failure and mapping empty files [#74773]
+  * Stable p11_kit_be_quiet() and p11_kit_be_loud() functions
+  * Require automake 1.12 or later
+  * Build fixes for Windows [#76594 #74149]
+- apply patches to avoid errors from certificates with invalid public key
+  (fdo#82328, bnc#890908,
+   trust-Dont-use-invalid-public-keys-for-looking-up-.patch,
+   trust-Print-label-of-certificate-when-complaining-.patch)
+
+-------------------------------------------------------------------
+Mon May 19 07:04:38 UTC 2014 - lnussel@suse.de
+
+- New version 0.20.2
+  * Fix bug where blacklist didn't affect extracted ca-anchors if the anchor
+    and blacklist were not in the same trust path (regression) [fdo#73558]
+  * Check for race in BasicConstraints stapled extension [fdo#69314]
+  * Build fixes and cleanup
+
+-------------------------------------------------------------------
+Tue Feb 11 12:53:06 UTC 2014 - meissner@suse.com
+
+- added .sig file. trying to locate source of the keyring.
+
+-------------------------------------------------------------------
+Fri Dec  6 09:31:32 UTC 2013 - lnussel@suse.de
+
+- trust: allow to also add openssl style hashes to pem-directory
+  0001-trust-allow-to-also-add-openssl-style-hashes-to-pem-d.diff
+
+-------------------------------------------------------------------
+Tue Sep 10 09:02:33 UTC 2013 - lnussel@suse.de
+
+- upgrade to 0.20.1 which is 0.19 declared stable
+ * Extract compat trust data after we've changes
+ * Skip compat extraction if running as non-root
+ * Better failure messages when removing anchors
+
+-------------------------------------------------------------------
+Fri Aug 30 12:33:32 UTC 2013 - lnussel@suse.de
+
+- new version 0.19.4
+ * 'trust anchor' now adds/removes certificate anchors
+ * 'trust list' lists trust policy stuff
+ * 'p11-kit extract' is now 'trust extract'
+ * 'p11-kit extract-trust' is now 'trust extract-compat'
+ * Workarounds for working on broken zfsonlinux.org [#68525]
+ * Add --with-module-config parameter to the configure script [#68122]
+ * Add support for removing stored PKCS#11 objects in trust module
+
+-------------------------------------------------------------------
+Thu Jul 25 09:06:51 UTC 2013 - lnussel@suse.de
+
+- new version 0.19.3
+ * Fix up problems with automake testing
+ * Fix a bunch of memory leaks in newly refactored code
+ * Don't use _GNU_SOURCE and the unportability it brings
+ * Add basic 'trust anchor' command to store a new anchor
+ * Support for writing out trust token objects
+ * Port to use CKA_PUBLIC_KEY_INFO and updated trust store spec
+ * Add option to use freebl for hashing
+ * Implement reloading of token data
+ * Fix warnings and possible minor bugs higlighted by code scanners
+ * Don't load configs in home directories when running setuid or setgid
+ * Support treating ~/.config as $XDG_CONFIG_HOME
+ * Use $XDG_DATA_HOME/pkcs11 as default user config directory
+ * Use $TMPDIR instead of $TEMP while testing
+ * Open files and fds with O_CLOEXEC
+ * Abort initialization if a critical module fails to load
+ * Don't use thread-unsafe functions: strerror, getpwuid
+ * Fix p11_kit_space_strlen() result when empty string
+ * Refactoring of where various components live
+
+-------------------------------------------------------------------
+Fri Jul  5 08:09:46 UTC 2013 - lnussel@suse.de
+
+- fix 32bit provides of libnssckbi.so
+- repace p11-kit-extract-trust with update-ca-certificates
+
+-------------------------------------------------------------------
+Fri Jun 28 09:30:03 UTC 2013 - lnussel@suse.de
+
+- provide libnssckbi.so to replace mozilla-nss-certs
+
+-------------------------------------------------------------------
+Mon Jun 24 13:08:21 UTC 2013 - lnussel@suse.de
+
+- add p11-kit-nss-trust subpackage that serves as drop-in
+  replacement for mozilla-nss-certs
+
+-------------------------------------------------------------------
+Wed Jun 19 09:24:45 UTC 2013 - lnussel@suse.de
+
+- use /etc/pki/trust and /usr/share/pki/trust as system CA
+  certificate store
+
+-------------------------------------------------------------------
+Mon May 27 14:40:57 UTC 2013 - dimstar@opensuse.org
+
+- Update to version 0.19.1:
+  + Refactor API to be able to handle managed modules.
+  + Deprecate much of old p11-kit API.
+  + Implement concept of managed modules.
+  + Make C_CloseAllSessions function work for multiple callers.
+  + New dependency on libffi.
+  + Fix possible threading problems reported by hellgrind.
+  + Add log-calls option.
+  + Mark p11_kit_message() as a stable function.
+  + Use our own unit testing framework.
+- Add pkgconfig(libffi) BuildRequires: new dependency.
+
+-------------------------------------------------------------------
+Tue May 14 18:27:52 UTC 2013 - dimstar@opensuse.org
+
+- Update to version 0.18.2:
+  + Build fixes (fdo#64378)
+
+-------------------------------------------------------------------
+Mon May 13 21:13:20 UTC 2013 - dimstar@opensuse.org
+
+- Also provide p11-kit-32bit (in fact, the pkcs#11 modules)
+  (bnc#819246).
+
+-------------------------------------------------------------------
+Mon Apr 15 18:46:10 UTC 2013 - dimstar@opensuse.org
+
+- Update to version 0.18.1:
+  + Put the external tools in $libdir/p11-kit.
+  + Documentation build fixes.
+
+-------------------------------------------------------------------
+Thu Apr  4 13:34:40 UTC 2013 - dimstar@opensuse.org
+
+- Update to version 0.18.0:
+  + Fix use of trust module with gcr and empathy (fdo#62896).
+  + Further tweaks to trust module date parsing.
+  + Fix unaligned memory reads (fdo#62819).
+  + Win32 fixes (fdo#63062, fdo#63046).
+  + Debug and logging tweaks (fdo#62874).
+  + Other build fixes.
+
+-------------------------------------------------------------------
+Thu Mar 28 21:42:55 UTC 2013 - zaitor@opensuse.org
+
+- Update to version 0.17.5:
+  + Don't try to guess at overflowing time values on 32-bit
+    systems (fdo#62825).
+  + Test fixes (fdo#927394).
+
+-------------------------------------------------------------------
+Thu Mar 21 08:10:37 UTC 2013 - dimstar@opensuse.org
+
+- Update to version 0.17.4:
+  + Check for duplicate certificates in a token, warn and discard
+    (fdo#62548).
+  + Implement a proper index so we have decent load performance.
+
+-------------------------------------------------------------------
+Wed Mar 20 19:09:13 UTC 2013 - dimstar@opensuse.org
+
+- Update to version 0.17.3:
+  + Use descriptive labels for the trust module tokens (fdo#62534).
+  + Remove the temporary built in distrust objects.
+  + Make extracted output directories and files read-only
+    (fdo#61898).
+  + Don't export unneccessary ABI.
+  + Build fixes (fdo#62479).
+
+-------------------------------------------------------------------
+Tue Mar 19 20:39:24 UTC 2013 - dimstar@opensuse.org
+
+- Update to version 0.17.2:
+  + Fix build on 32-bit linux.
+  + Fix several crashers.
+- Changes from version 0.17.1:
+  + Support a p11-kit specific PKCS#11 attribute persistance format
+    (fdo#62156).
+  + Use the SHA1 hash of SPKI as the CKA_ID in the trust module by
+    default (fdo#62329).
+  + Refactor a trust builder which builds objects out of parsed
+    data (fdo#62329).
+  + Combine trust policy when extracting certificates (fdo#61497).
+  + The extract --comment option adds comments to PEM bundles
+    (fdo#62029).
+  + A new 'priority' config option for ordering modules
+    (fdo#61978).
+  + Make each configured path its own trust module token
+    (fdo#61499).
+  + Use --with-trust-paths to configure trust module (fdo#62327).
+  + Fix bug decoding some PEM files.
+  + Better debug output for trust module lookups.
+  + Work around bug in NSS when doing serial number lookups.
+  + Work around broken strndup() function in firefox.
+  + Fix the nickname for the distrusted attribute.
+  + Build fixes.
+- Add ca-certificates BuildRequires: needed to find the location of
+  the root certificates.
+
+-------------------------------------------------------------------
+Thu Mar 14 12:26:18 UTC 2013 - dimstar@opensuse.org
+
+- Update to version 0.16.4:
+  + Display per command help again (fdo#62153).
+  + Don't always print tools debug output (fdo#62152).
+- Changes from version 0.16.3:
+  + When iterating don't skip tokens without the
+    CKF_TOKEN_INITIALIZED flag.
+  + Hardcode some distrust records for NSS temporarily.
+  + Parse global options better in the p11-kit command.
+  + Better debugging.
+- Changes from version 0.16.2:
+  + Fix regression in 'p11-kit extract --purpose' option
+    (fdo#62009)
+  + Documentation updates
+  + Build fixes (fdo#62001).
+- Changes from version 0.16.1:
+  + Don't break when cA field of BasicConstraints is missing
+    (fdo#61975).
+  + Documentation fixes and updates.
+  + p11-kit extract-trust is a placeholder script now.
+
+-------------------------------------------------------------------
+Tue Mar  5 13:36:20 UTC 2013 - dimstar@opensuse.org
+
+- Update to version 0.16.0:
+  + Update the pkcs11.h header for new mechanisms
+  + Fix build and tests on mingw64 (ie: win32)
+  + Relicense LGPL code to BSD license
+  + Documentation tweaks
+  + Bugs fixed: fdo#61739, fdo#60894, fdo#61740, fdo#60792
+  + Updated translations.
+- Changes from version 0.15.2:
+  + Better define the libtasn1 dependency.
+  + Crasher and bug fixes.
+  + Build fixes.
+  + Updated translations.
+- Changes from version 0.15.1:
+  + Fix some memory leaks.
+  + Add a location for packages to drop module configs.
+  + Documentation updates and fixes.
+  + Add command line tool manual page.
+  + Remove unused err() function and friends.
+  + Move more code into common/ directory and refactor.
+  + Add a system trust policy module.
+  + Refactor how the p11-kit command line tool works.
+  + Add p11-kit extract and extract-trust commands.
+  + Don't complain if we cannot access ~/.pkcs11/pkcs11.conf.
+  + Refuse to load the p11-kit-proxy.so as a registered module.
+  + Don't fail initialization if last initialized module fails.
+
+-------------------------------------------------------------------
+Fri Sep  7 11:04:40 UTC 2012 - dimstar@opensuse.org
+
+- Update to version 0.14:
+  + Change default for user-config to merge
+  + Always URI-encode the 'id' attribute in PKCS#11 URIs
+  + Expect a .module extension on module configs
+  + Windows compatibility fixes
+  + Testing fixes
+  + Build fixes
+
+-------------------------------------------------------------------
+Mon Jul 23 06:26:02 UTC 2012 - zaitor@opensuse.org
+
+- Update to version 0.13:
+  + Don't allow reading of PIN files larger than 4096 bytes
+  + If a module is not marked as critical then ignore init failure
+  + Use preconditions to check for input problems and out of memory
+  + Add enable-in and disable-in options to module config
+  + Fix the flags in pin.h
+  + Use gcc extensions to check varargs during compile
+  + Fix crasher when a duplicate module is present
+  + Fix broken hashmap behavior
+  + Testing fixes
+  + Win32 build fixes
+  + 'p11-kit -h' now works
+  + Documentation fixes
+
+-------------------------------------------------------------------
+Fri Mar  9 19:37:44 UTC 2012 - dimstar@opensuse.org
+
+- Update to version 0.12:
+  + Build fix.
+
+-------------------------------------------------------------------
+Fri Feb 10 08:05:27 UTC 2012 - vuntz@opensuse.org
+
+- Update to version 0.11:
+  + Remove automatic reinitialization of PKCS#11 after fork
+
+-------------------------------------------------------------------
+Wed Jan  4 09:08:59 UTC 2012 - vuntz@opensuse.org
+
+- Update to version 0.10:
+  + Build fixes, for windows, gcc 4.6.1.
+
+-------------------------------------------------------------------
+Tue Nov 15 10:18:49 UTC 2011 - dimstar@opensuse.org
+
+- Update to version 0.9:
+  + p11-kit can't be used as a static library.
+  + Fix problems crashing when freeing TLS on windows.
+  + Add debug output to windows init and uninit of library.
+  +.Build fixes, especially for windows
+
+-------------------------------------------------------------------
+Thu Oct 27 21:53:33 UTC 2011 - dimstar@opensuse.org
+
+- Update to version 0.8:
+  + Rename non-static functions to have a _p11_xxx prefix
+  + No concurrent calling of C_Initialize and C_Finalize
+  + Print more information in 'p11-kit -l'
+  + Initial port to win32
+  + Build and testing fixes.
+
+-------------------------------------------------------------------
+Tue Sep 27 19:24:59 UTC 2011 - vuntz@opensuse.org
+
+- Update to version 0.7:
+  + Expand p11-kit config variables correctly in various build
+    scenarios
+  + Add test tool to print out error messages
+  + Build fix on FreeBSD
+
+-------------------------------------------------------------------
+Thu Sep 15 05:02:07 UTC 2011 - vuntz@opensuse.org
+
+- Update to version 0.6:
+  + Add concept of a default module directory from which modules
+    with relative paths are loaded.
+  + Renamed pkg-config variables to make it clearer what's what.
+
+-------------------------------------------------------------------
+Fri Sep  2 08:20:47 UTC 2011 - vuntz@opensuse.org
+
+- Update to version 0.5:
+  + Fix crasher in p11_kit_registered_modules()
+  + Add 'critical' setting for modules, which defaults to 'no'
+  + Fix initialization issues in the proxy module
+
+-------------------------------------------------------------------
+Fri Aug 19 19:37:44 CEST 2011 - dimstar@opensuse.org
+
+- Update to version 0.4:
+  + Fix endless loop if module forks during initialization
+  + Update PKCS#11 URI code for new draft of spec
+  + Don't fail when duplicate modules are configured
+  + Better debug output
+  + Add example configuration documentation
+  + Support whitespace in PKCS#11 URIs
+- Move the p11-kit.conf.example to the doc folder.
+
+-------------------------------------------------------------------
+Sat Jul 30 15:04:36 CEST 2011 - vuntz@opensuse.org
+
+- Update to version 0.3:
+  + Rewrite hash table, and simplify licensing.
+  + Correct paths for p11-kit config files.
+  + Many build fixes and tweaks.
+- Remove Apache-2 part from License tag, as the code was rewritten.
+
+-------------------------------------------------------------------
+Mon Jul 25 15:35:57 CEST 2011 - vuntz@opensuse.org
+
+- Initial package (version 0.2).
+
diff --git a/p11-kit.keyring b/p11-kit.keyring
new file mode 100644
index 0000000000000000000000000000000000000000000000000000000000000000..c3d2b3bb2dbf63cba4680651b531283b46b51fc01998a4409deca99dfbd68f86
GIT binary patch
literal 11688
zcmb8VWo#U6x24_PW`>xVq0Nq&nPX;VW{Q~^W2VFyGcz+Y#O#<EVuqL}dCqyid5%75
zM)RjsDydf0YF+EzclF-sA0dqfv<tA{=%9g+z*R{UAP`1qUjgJ0CTB=<4y>vynah&I
zycr#6ifEslv?8-Ly!SnCpwxD-bv3dlk#M#$b+$6GB;oTi|F2UaXERevBUeTf2Rng?
zOvn#d@Bk4kQb;|CaTIqpsA4E~^;<8uBB}aEGDIlQ-zS6cA)w$O`YZrY2yn14AP6!L
z5E>I64i*6fi3NfHf{0*1*Z}}|IMn~#X0;3i<g085dPLJ&@Lg%>ACIZm0c7ttrtHCw
z5(O%hOBCg%K)@AJIe^66jYrilw3*&+f+Ci3!R6sgFQX>2@y98MRZt7pKfcl7|M8us
z288-+e4vD9Jb>r^`?Gt<Vf6G3c&ARNaDW?21@@<@v(JN@7X%O%Cc+OA=Z`C@|BEZc
z|8n*3H=iB=ykc@rE%p`=a6;>jg+sp(8|)fL<+HF{h~6*<2q!-<fB^53Pnqd(7C``r
zDbq$iQlDqDHuPozLcP?tUtPV*_7_MQAS6f`i*rUGDj@F%P=A@|v$8Ua<{oEXU9((F
zc#-YvG&v|?4&{PS=OWBs7E9=ClaWVWScGth9(P$D-R$Q;Di<uReRLgp0_oj*orQf*
zE-tFmCY;A-3fuN21hfvEo8pDBL?~It`t!;b2Oj#^)7Cj<aIe<t_N}$40VRoW4%KP?
zM5`P3<DN0xPplKI#U#P@SWHv7DaK%kc=MY{Qflj}Y}o*A|C4LkvBFz>3Tkuj6>PIf
zvzuOPTwzLAO3m*MiLo=Gf-^;?$(kYh$*pK}W<HS$Nb0QCwCB*|%X%~NV}##c_3yTJ
z+h0<Px#M9%1K?Lrc{@G|=;YKMi?c-y_Y+l)$=>*>r^_Q{Rry;MnX3S%HjF%klX@UK
z_WOdhTa-K!@n)?G0IKS%$hg3LDTc<&<C)O{$Qs5zYv?;P_zd>O!_I!pi9Q0ozHm$u
z)GB#D(i;__6N*b^EIq4^Pobiv%Cwpy!2uq(f-orBtEOSxh9s}-Hd)nG&$s=mC(BFZ
zjG4|Rv`6Sy__)^OiRY9flvr+t2={(QKLZL!P|IBXky)2y*DbSfB28@%vGktNeygFu
zzv<UQpn=q7+F3V`V}hqr)pW>9y!Qwm86nd8{Im{u1<GTof!`WhDP<VAHVZYuCmxCL
zA2vu}j8p=fMH)67e+79{t;iXp5oa&0<7fcTfB;|vk(iN{jTMQSnY{xEpWC0Kkej`g
zhntI;GoypEg+L@o74icR1Q7U>G!PN+Pn!No8U)loDTDeOGQb~}CCDiI8ywieb4H|X
z7okGpmJZULpg=n1c<oSdc%_U;e?k7w_46W>S3<#DdZd_1hRPi=rbc#H=y;StIi8Mv
ztOqVSA}gvYHOAl%MS8}Gh~Hmo@HsS6-4R95XQ2Iqb;wt)M)f1ZjhJ!i5&W+fz(h_b
z;x%GprP6VqoI$q2Td?`8DsxB81Q3p#_$Q8meKn6Fu~cJ`%aDl%(|8n-@poi`H<A0_
zAWBMj!<yaiJTO~6z|!_A8qkpuzI1V3s0!EqawscEY)LSM_Mq(g!q@>jF&4!YY_j}A
zrWx%HSVlk4AW%3?C5AL5bTgKeX(uFq`$!xYVLoX0h_Ef2AH*dGe7DZbG-ma&zK3IY
zQ~u=vR>4el$J}|%Agj9Db&Wk^_Egg~Tc(=3GjHvps%j;ONGQB)Zgxv(uKgxsOuKgi
znPn7@PeHw0;MYa<o#nQ)4hV|Y7-9|t7828UpIoiD_s`ZHQAtYbn2KLji;KOGaU4l{
zUH{4$S|d<fE7#gJs?i!PjE6|&$h(53{&Fx|Tyu>&2u4|gK&Ugzgt5MQ=p+fgQeEl~
z@Xk7cb=#le)tgs`G16OXR~D6%dmH1dyn(11hg(ZlNvPoosCPaLmY;vQAIf56azRK@
zavjhRA$=Q1*>H%G{HYh05Sj0oO)_`f+NgMpC&>l<7AKB|(T-NFTY$h)Ku|hbGwgYF
zE8_Q?I@bew84~6*i65C{jON@VCsBk1Bq|yR01X9_vA9+HO9vzoceT^PEl<fOKyG^E
zukGvJ1w_$VlO$`+4y4^#AQ+H4R0Y(LbB}vo+O6OX8d+<0ul8Gx1abU>C&^!-bH+cA
zLjNrU5FkiQ5G=%h*MPs&{u@C1UX*t^bJe`YcRiCNN@TL8$UTzMJ8dIF#J2(>O`bHk
z2u4x$`(M%6)b{nsTwS4_-Ds_BMFJ-0X5g<zKbH#oP}yZk;bTjZQ*m_$uo;u38l2SA
z5Rf9YSq;$bmDI?e+bBD=#@I5Tib-?cq<ReEv*0g<4oK4BExRB!txp$^8Tr=0ts;HU
z>B)L+zxCp4%LBX7L(1b>+=@Kr5Bd<kvw~o=Dgm{^wnMDt%?b<(zk}-FxU-4W&j;74
zjWx3eV!6P!r0`?!t-k0dLqyF!l%myqfgv~jS-iVsVuL>3wF)ehiZpuY#&wSLGS08R
zDtnmA2iEsP=DbHFTr=F`NVxTDS<M?a8b1QJ_wIOL9c<yk9+ZZ;v-nQ{v!=*(FjUMk
z;-*{bdx4^%<6fIxqT}w@GH+4}Dqb6VUyvE_!)xWskk|4=m_MyOHMXSDHSW*%H5$r&
z={7`I^Vu2<FUP2pRbeZT!E|eqZ~JTn2m8f*qYrj75ZGE}WJ)l=sBk%uSB?8^A(XtL
z?+bVvio5b4L=7p+N63}41Shsk!(rCmbCmRo<w4D?z8pSY&utOIK!PIe$EON`_@(%W
zuMMK1-E_SazCE&VYzlGDA8gp4q%Wx*op8indb(hMwr9JD!`F1#j>TDN4!;cIds2E8
zb->TBsQcyqF#<o{Lq{61{x^WK{x2DS>CoGePSt_X%<qZ<e8c$oWeH#MIo8uKaWpRl
zVzY>bmKBg=s$Bc%JQ$np-DVb$L-rw;f=m_SkIskx0$J7*e&nx?PW>IOCYC22H8S8U
z5?qw_Oy8^fdED}#KhgZt&z^{5KyKiL#t%p3WBAwzQ<9@5)vk*v#qEFVU{n9qamKIg
zvO-g&kl+I3IB6x7yQK9Q3N^Z#2>iyupZ9w<24vG(oXcc@la;?W;(?44UX4w)1EnL>
z{{#!+Z?OL3>$)<uf=Hy^LaYd|=|jLlo!~iiYIn6msg9n+UPD8C&hEa8w708*1K1Qk
zu9pRml{HGEp7Gt>+J4*Y;2%OI^Nu34FOm4?_k#ULH?Mu~@B7W~|ElQ0;Ac=V1>|_k
zCK29%&7$9~YelAWi~ARY)v^J(-F>&W4eaGL!n-|G*TSeFW}@bwBS8d^sKEaSz5Nvm
zXL6+fWKUUAA%XJ7F1Z}vVp+iJYDwD?(jGWLI>XdTuoqXKNa>4B)zAM7p8UN)<#n`L
zKE|t^7AWUMBb<m*Ce*(sC=BMy*J3gslXw)cJu9J-@LJZ__<9y+r-Oa=6DphOGf#n)
z6D;Olo{i9MQC2?*hq~Lz1tg757!TDKXvgR1=64p??=Np<yV(a9-=|>d4=VL@taOs9
zX>8(?7?h@pS864LbSjd@VWgw8mIu0^UCfQ+H$lVc82*~u6pBZZhLS1gg9dN8sjx^1
zokufZW6g6JfK%@q=%?SiwE}u6wAVuJLE15dsa`>iLMvk!nkS{$qWGh)i$ELtk;`o~
zL{-j|Df=TdC(4Z?@D7a0*47M9&{;USIab*}?fZ@VXK-DlzbZVzh4V+LV(3nVIPZ2k
z453)kGOL!6P*c%d7r~Ba5wTe*`L}(;ug&$&I`~Alr7jv(31Wz|2t!(AXa~)HIjfA*
zt4S_tPHngNT$*<c4t<}(tD%tPoTVnm7#Ay9wT4<mqm8y3-=Q(B5R(u1n7nxu2T2;a
zcI#4@(N(9R@fEToTdIx;*RL#Jz-S%>AKSG~VRS;oE3%gxr<dW3gHr|?$Tv3Z+okqy
z0i&t55(!b6#NB?MDeuQpCrmc?j2;Q|zS**yVl?>n2wr-crl<1oXf2xxorI}HhiW15
z64D>fM2P>v7yiF7OZ!X5H|USsO_Xq<i5q}4A(=t6jQN9zi?VsP{WktPe9b>);b5yD
zF*lM8w}>Q7a%?b~05WT=;U8N6BSZdIW}lir-DY=yoWKf@o6N2}31lF1G$&q6eW#PE
z<$s?<{gcYeAV>)fO4oj6eYu_FC^lfTRrWtR|CA}&e3-?*I*al>)$>!YoNdT}+(l;1
zN@eu9ZJ6-8fegXfWgWem?|-N_@tDR+tRemqztu5M#My#*==SBmsQ+&v*xY}7K{|F8
zO%7;;m!Q16Zh40(l)^cDKq7r5_-Hd#{n2tNsA^QBuTdy91MPP$E7o53J7q<({txbO
zXgs+Qtc$~FvQf^!-D>S`3d{kIDXHZ_aXp$pV-4eJXpQc2riEIiy0^}NCFYOHMnu9s
zXIxREez=Dcaf@cXpi^55>B1$D2oG0!Gy6iLcD{%-B4*8Vg5kG1^8Ioto4~Z3Pv&$o
zkRMiCP8sy$uHe8!ppct_=Meu#>636u*((gFFOHYhq#oeDKzrK+bsjoTm6D}TFCn=0
zEwf||2aix)uXtD5YSh04sG}34_+J+f=6UKh^7U`kNt$BZ<#{cmv?xqtSgQP!`e@oG
zYn{#8NanvY^&d~!SF)lVddBR$W4-sKpHN?add$@6w5^9{RIvFCQo5AOF}h$}g9dg^
ze~`Jx3{o&<dE}&DVHUjV8b)@&yvq|MeT9{%jY%-{h86>J=Bcc~gbcV#mwkgzPbGPb
zPq1TZ9rdw5V>LEIqFWTuMnhX=$r6X!aHu9_#5V4>@XwBZ22Tt!y<zNH=j?O5TV90#
z>xRjz?TEjw!rCrG`ONrqpB#I2I->Hrg<uHUXI89F(Rak`QfqiFpITUatQ+4TClQyR
z9q+xUHn_2-(ydRPn=pV6?ygLSY6TfyH;dccWDi=W>R@<0JVG)lYSaeP5*${hCcTg8
z{trAZN&ezdwMJ@c5R5G2Qi1ZWl5k(-7vinV>gjgcDqeGjUYV5Z2V3mQwmHOeG8Q6A
zu|xV5A(%~~sWmr_OWpocIYRH#+}yW#PQx#LUhz&NM*F<BlPx&9s;Z|{L<AZwN`-<{
z;%<l&w@m#7vM1kt$?MvRfJl~w*2FoMUD3P9jC<}I5})PZ1Yo)v0A4qebVzaVk6wcb
zp*o6DLC9_j=$tihkW(;e<j=j}MeWb+kq_O!OxyYA#Bv)~W{|14<{Km~IgH<8$F%M&
z#CLq0FVqK%2+cLWQaQc^*QxXhUP`S)-3T3&u&EHwolvFnF=JKV9KZR7#2C${uPVC?
zaj1WvPeE1V7vaP0j!Z1ElQtE>)67njnkObBp`P?{2?0ikPC!67JzQCF1@N+>Qxy@T
z#ToYBp=`NH&MITEf4SM=U|%NZAn1+4ql3v7II}x~Koj@5S3;G{pV?77u<VI{Ko!-*
zCsm+BTwp;bU0o3i!>=T1S3hPY&xo_8oTFa;Jj`t$7hdm6K`)QnSYxwK86g>|_h1~P
z)YIs+F8Vux45^iyfH{KcJxgu!LPes{7O9Tapz%p+Bi-#jZ|S>rO#7m4jqOL}9sBE-
z2b?YO+sH61sta!hH*^sjqFTP0CEZtGfkLE2C9l1e_kN5&*Z$Q@`f#1{@acB$ITztz
zN)S=;r9-yV&rZ2Cx&ML3z29Fvd>y(|&xA=t*Y8o@I0?T=V<D=L+{`qHS$$Wu#dM2l
zhpqK%Q`^r^R`+>R?;a2y7wrtYA*7VU^EDS7k^1pnN%L@Y;gi;Mlr(PL;UU2^RXwrY
z4#kHfw*8KiMGxW-;f5ipj>SF)QoI2*^fHD#!Lmk=W#XKEdBgX$3pV*ftnDD=ujV`}
zLj@c4o2Qb>;ECWAbjzs$sA4_zfT+sxbnB{KJE5=&>5n9<j#X#x8mTFhDVRo787F8~
z38f?TIq?WL3f6Klw4Ng&fBqAxq*RXO&@8cHEUPAh$-sm^55+4^(t)*ocX(`~>uo$^
z;Rx{L67<AhvpCm(l2%>!D$Il=X;%q+F1lDxg;^KYjVR^RO=&WL+r>xHWbmGtgn_?%
zMj)7XAI`0VQl|<uZ{DCpGK?Y~Z-9shySKyiTVPZwEE`6OQ}wWo|Cpufwy~3N*Jkk)
zYglVqhE{OCh%x#?bv0(|>%bBkd|bKM!~c7ogRYtIQ}R_SOhO$w_NxAhZg;@j@fM$6
zJgU{?c9#w-1XH!3!;j!sl!P`T7}X>ZSNVP&yuf5X#t1<@@&#^HH8Q%xAOp%>Tb*rt
ze#)+&(+Njj^hl}wGU)j3a?(N{SNz{51}w5|98c5Dzm6MFwtQfI4Tg6s?kHQs=qyTk
z?yj?43V`*2FNk2rSoc>w%>68}#*B?uLxcWrJPOz;{^Frs?;hC1d`z;ci1IGQOdtRF
zfs?_BbjQHy8DjgZ!hB^_6gy{bUAnf2M7rv=(D``ZJ&yWIjNcr-mUI*;<9%kmV!59Y
z5?IHz4@Q#BrpA&$uX@V-EsPj~8&yx@#DrVR?KsaRtEB5Er)R02<dgPDgz$nznR-6u
z)x9yksF_08M+*<?$rcXY+&mX8JGgO#vTF315S{@SLCbP-S^Cwrp`GVD^z?n(hf&f%
zxE~db440=u5PGgWK4Oc>EFE6nMK*T>7_ep12q+JP4s^Xi+u@&&e9y5f!*P?S<HRD}
z=+X-SP>j>5W)!o)^a#^q36>epfdLQd$5G*UyWOO-^e-^ReO{l^w<kh|7csRr*^@Xk
zJkK7C?bP{S1k6_>XAN;*SxoS<ycxdN=YD@o!4SnToWB|8OWI6r;31I95`AxRV3Q2P
z=kMnT#8uRnt=;do1t_S6j{22jw}qGSB1z01xZ9UI%@jZUwv9P$2v|iuZ(hHXyN+ok
z#{3~PnJ9SV<FiSRbr-L_k9}>^E0C=HyXAaUY0~Rd^LsriKCJqqMfD5poVZn1qI&bn
zWA^z&iS61G$;T45=<)bxH3Ao38w(xXR>`mdpXuN(2fSDR>j}=WXPP=K*PaA#&iW~-
zgkYga^HT9>H1~K}qmx|F%V2)`=FG_gA#nyiykexw8q^B_i^czc>^%y&?Em87z-YMW
zuVen8qKOKqRscP~_{%o&iX2_%slvJoDuKOV{Oj?sr~~s0nmCQ7)gw?V#l1hDvP|`~
zlE&`VBYD)#kP<D5?Y40k-Xc+PLS8q{{P;Z?xX-`K9B_h_=yDTy6R><BI|z31+v7Za
zSg#pqh(&RQ!`maD9YBw(Pjh8IJSxe`7c82awxBRle6wyix=xczaz5&X6Ubc)W@PP}
zBASlWI!+T9Zy7^*6=b2+q~`zL-I9HL`7*mq_XTk}{&)AICuilwr*gd?i%xoTKJJNX
zI7XYdU4{xO;K$$m7#O}SN((Yr?MEWLQj;dCj*5Ez+Wn<qdikcrE3cJ8s`gGZ{$G%=
zEE*+{D!z>_bFW_Sn^6W;T&oPNBNp#_Nm+7e$;<swLL_xLz9o{0jKxgy&*A>AkhCT!
z1D=RD2T>!5s3JeXEG4C$RU(?xOCAg%zS?PCG|AYofRFd{r90n4X9sT4RK){Kg*N=#
zS0U&?gB-<4Ri@rGOK{joOmkfPgc5S;v_AW?38AEr^J4U2l{MQ4IUoIl``rct4}vy)
zM&TYhq=pS}tu3a%wMvDk*U6d^yl1q>2wnKzRSc6Cai<c(Ify=R@g+KP8wBINnjOzK
zEt5d7%6(OQoRNR~@Vmj-+)*`v7HYX-e)CyLgIXPMxi%<?vAHu#a8l`B9gC%=mdB(i
z`tQ{v|JCX*9@|Ph8N^eE6paz6fY^5QH*SLXXq&zeLUUlssxwUw`CtZSzOt+n=sK?D
z;Fip`Z83Z2`q-e{<Q|ImnJN71nq;yxEQdlay+?MxYjJtwGMyGj%n!9xXxUO;kU=Sx
zu`jjP^^*QRcJ%K~YdJyE`-E_wAbdN(IWsdOM@>O422p~<oUET0V$Po(eEpBUmXIx1
z*~+~nbo;R`iT+PMkH(E%!sc)^B|IoSIC*8t3uNb<m@=3Bp-lxVEw6AwDcf5Q(nS&}
zGI89?1L-6yLuTy@{4fOSO<I$sayNOjzs<>?SCCGj%cx^9?XEZR4o$FJ5oXu|>jGO3
zDVB0`)AunWHZ-SfcEIo-F05I`v-ELe&<78+tB5OD-jf%zhG%WHMI$i>e-Kok=51*j
zCuO*mn9d=+e_w}s@FE`8%bH>EQ(EQu+L*jMY=~^1!PYUt2J2Jf%(@C48T#XcnZH|t
zMX{En9C=fUn5Ln33~R{g+bzMz-gG+xqF6IUybFV)k0@r$ESRh;J@dvwkn+yUU=E=A
z5-XOwi!vpxE;>w?jj;kKE-ZL3WZTpKm0IvyGD~doj!05)A?;yN5ySOfY|s5vNBWQ+
zq<2KqHwKHh;34kY-!p`&fc_h{%T+6tk3&863Zh+1O}g&2)chY~cUvw?QFpm1bu^c*
zQ2OU*;3M&I11|~v%GCdjM}aKgUp!3L1?P*i26M{@P~HR>ekRmAv5f1-CNcZIP#Mlf
zY{J{Bd-tq?1S&l%AkqkbiB+CA*zS8crH$~EDCdQEDUuuR-$e1`Gv0jINeJA;T_~@8
z(@p6VmZCoiweV`)`;u)>x%gpp9xCR0b{KLt<t}GetXQbf+K=&uT+G#GMswQ>sB8K4
z-WF5gth_g{!0FedpKxD3i9jwkqoHV02|!pLtm$ME&S4`wrW&H0TzyLwVYizv&Uqo3
z>P#|j-P#Uk!4%01Ho(>Q<M4ZIo-Q-YBGY8#oX<e-u)3sYYZ;sKS94CVj<m7N*(@gW
z;Sn-L0LLMY)OkX;OLKYg80|cUMNCnR5i=v|S_UKA2x$dXbYP_)(6*3CsNfh(o~C@;
zUm$$Hh!N~wh|oaR9~ZmlxM;+P^fa(BfP{R!EHPkHhvW4_`oz+BzqN1C&Z|}dfS8&8
z5v85P(A=qzF*Of7Qze@Sa9g8k&)41H=l;R*MN0-#S2}!fWY-SsKBY)wUOP|dqI2l{
zU>K_g$I1`CViF8}M7cL;OLOK#EhasMbmCb%mxlO`OCz49owu+SB&VS2)O(-yHSZp}
zS8%vc84hQ`SiXs&+0>ReK6B!#4Nt?pWz8;`Dlk*$Eab?U6<8R_j(QS(xzvLlwOFP&
zA=QOBd1H1*?Q6<DhUti5S4Hs5a_DwQ8}yj_uMgzH>4d*@lp)TZ&qPbUB?|&_^JBv(
zyok*;={_B;FYF5_#xm@{1G3qMrsN-RYNz*{5}M3h3d0aQ*!cgAS>X)qU!nZds@bMT
zkgzm5$}15OPem-7QS1bkieK%5_D@G2L?zmTV%%gcr5xGY12AXmv;l;=c36VtG=oHt
z>{A3i6kLJkwCtdYjsi!+^gL3%1TNczHUuHFwmm^omh8uCHrhI%>NP2vBf;EpFZ*mO
z%ai9h21$OU|7F<<Z@I8|0(Mo>6FI7Nw+mxnp7L09=PfbjWz@pNJRBHqSpFD7h}YPX
zKPUfN3eNB+Hkc<Ltc<9BQW9y*P|;JmE8a`*H7y9IFeS?o<+GWm6~2O>z^&T0qjH61
znm8&uV~)$DViS9yLg#HZdD~trX$g14T;yQ?lHN2)H0JVXdO341{k)?INy`Y!aHfkc
zQG#6k3I2X$m(+m4)Ki<?zF{rV(QZol!#BgYiNG*|5z0uM!%{o$Sf-Q6@W9%hr67m4
zDQb^Y%<uTkh0cyfWBYOC<b#lD#s||^K$KG@3;i@bIfH~v#hX0*(7W4lzaj8aeUJQ9
zs;vrLG1hIvVFj0nkl<C?nmSzo;q|wAIjjR_OH~Y;S{jB6qmZDQ-!TyQFf5}duDsg9
z%|LGhLPp1NDM+H=8@><mUW|Ose9LG)US??XtqZ{)s`n`oYhn2VH21`Z`q`Op#X1n4
zi@?p|6gAm$Vv$pU3N&R@2_+R<Hv4j}#dkDEW3nW5V;!Xe77uK;KlUjbD)8EOI@11)
zM+IfuUp#E6I!`LmNoBkmPyuZX@$dX}7>tzn4rPKFEjBG_yCrOOFw%Y~WAHC=H~Nr6
zgePRAXYdD8nl`G8&e^h^W)fR6;nMq8^Dch+aNQsJj|;U$2XS=w&N_1^6gAx@QPp>l
zBjCD{k5TihCE;MGnd1FU8rV<6=pqG8Kz7u)DbEXnxWOUKeVadCSUPks=~#iQLzc$c
zC%GxAthMdRC@B|Q8o`TA;ZNbe_e;QO<F7ps$ZAf-&>=M9UPc?CTws|2fL%Dhf+O2-
z{+TH5Z;K3&hiXB=v>YzzS0VvAru0I4EK1>M@0G6ZRvRTLVGf}{gSe%6>B*){{4K(Q
z3fj1Z1FdGw#%Hs4N{HsF&0ule>A+V(%=qYnT?ukkmio-Y+m#<0RgR}JQ`(7RLXbL&
zJ;Bz6O&{2u`a}YWGqFo&LypO(-)~S*xRigom=WF0@ZzC8WG_SNX=4foG*wG#TA50@
zai`H4KDnOHiFUZjX^3b)7WvVj5T|C0qf<_jNjs1<KExH=NG`!{DBTZ4S}4hK)by_2
zhWMEEY}bJ^s`+IF;945C!COmY=MVml3+eTP@>p>=gbmeADYfjT8d^VnvgHyuAb8B+
zjmo!0sU}|Uw?3?gX`;Xe^J9$>N_=^9zWlP5Fvoza7tYr-iqny>ytyQN9m~%p>`3$s
z*#%Wn=-3lNnVI)5Jd_n-uKwadZ)#c%j*|l&c%r=VH^t#Eup8Q_XQ#myOK$p5Xegi^
zYr%vVa~;cD%pLs@_<)-C{T46YleeT$d^9zjB8Rp&c=ikH<aq^Cpn>qXuH^uJc`*i2
z;(FDZmuutzc+4VHBkEks9jbIikyU~2Ys{H4n}hrQc0$$gioktgxO={0-?C8;K1PU_
zQClpbpza{+*Ce3tNUlXG&;<G*dCdH@CA@fytP>tk*k758lKKXR+2JruWVMEUu*7TU
zn$Hxaxy&cw89b4;Pi{~XF+^bEQ!`jYN58kq35A)GXzBo}Ri@x<zD+8Y&nK`KCt;9@
zyi>i37AbYUd+n<BjDLYo#qHsHOZg2J^L42E+&2_t4V^f`>+{9C8ySaloV%m}cV*4&
zh6<rkcM%2DD*e$a+lyn=2*Zlow9hXiP0V~>E_kboUUEv4_ct6_^j6%M;ER&S`oZAE
zWpjK3(rmVc%}<xP%QwM|`~2<OMK?``?l3YH9+okJx^P{CD~VtPN5Kd?&xbiqygNQE
z8^-5>OrCnk42cbe_p*5?njbr*M_ok$rRlLdceI8CDD*;5+wq-v>kZW<czU5F>X~7c
zl>C~vj5rGv(Qps@*Qj6;{De=7?S{>9UKb@RvtJ9vA!LV%3uAarpzdEGo@9b><gdq*
zW8w27wv{;7&P`>so@vHbaz@CH)2-$8B7y&3&q4J(+2t=DfCl|ex#G62dwG~AP}!H!
zFxf6*-tN{4GdMr7c=fQBq%b=x)eo5Ox3Of1*pd3LW#1(U6`o1vFZS-WcpdZVnH2Sr
zM_eAcw6Y;Zd8Axinbkw1d<uJ~`KK>%Kh?B~WMb;gX7IDc)nH(BqaG=(4G6dN&^_}h
zpE4hlV);9V_}f9;`woIOxFqRUEi%1pS(p$~#=P#evR2Y&Vv}=&M#T^nmfJ$a44W<E
zx#cZRuHX6Bb`>~I{bG)E9Nq?R)0|aRiYZN{h!P{Z4vQukrz-s4TWNKZ22cGFKP`pb
zt@_n`H9trs5jsaKaVdW4ak{p1ebBT9#{F6=`xq;}cl@?evPZV$7oCnU(t!K_8v(Ge
zcl+<|zuG_TRl)z=ScS%f1;N21{HwM4|JeQ~CPsOI6)Eo5q&fUO25~Ng-D|K?T)ivR
zIS-FmSZMe;;57PBVgc>gQM&P0XJlP2+^!PM5N?WtO^U56(G@l{d7c(^f*zKi?!p8_
z&RFUVHedA7UV2~{d_qfUzXK1S=x*~uA92vP9Fkq$pQto2GF$BvM`;#tVESxi*xg->
zb8Klv>N3v`aHj<rJfvtALjo{pW{zY__6+G<%`Q5WT!qS@ZH(c@d`94W@wA4B=?iQ`
zv0%HOqDqrc=}~S@!t%|}$A~0|j<}s+i`0)Qkx^pSc{@;p2FXgWcp?+7BXK}Atn@gQ
z&{tC=G&$H>%Hh}7v|;OuDBQlW(tdA)avj1pNjpl9jI}6=;QKBoBsiW~Yy&*;ed4%T
zY|&an=+8L&Q=g3pjT0|EYYypW0<<-Q?Htccb+XZ9M`$g@m+_`e0(RUza_dagk!0GT
zQ$KSI?AH<5M!2juD!JfG6T(k$6-@K4Nrefu(g`y)(P(sHR(>VUQiihl6kSF~_&Fh>
z`y2DlkC1#Ty7UuiW~+UPT}yXygO)OAIsN6z1>^>m%iFl*7qz)dxfVo|P|YA)Du%9y
zZTtMO=X)8r{?+Ur(Wk{{rl@#++-T;~D@s;XR{w=2tjtrckNB2+mJ+cuxCU}z922Wf
zS7`SE4xP2WY}U~fuV17?DCHRhg>}Pr{tpYb?f}ZWs8adBe&gYR1l%(M+*J2DZAWPj
z@w7^J2<7Lt5_=oSF><SmYWRkzZ|<m>p6gC=OkH5%P2T54ZHnZ9=iy^}9)Wck%pGC=
z>#XmiSgi>v!8DYGUoh>x7a4rOu%_5tgGUV(o8RPUbKFdwEOAQ!N(f5cpAK)$bGD*7
zOCG`Ms|1Kxmd$DED?dniY(8y)XQz1>N1kbV+;vW-O5Urv9l01-Hpdp*df$koa))dy
z5z+~x>)Y*qQBAS;{r=*k&;S&j_3kvj-7u$~G@n$AZoiWtp1TtkA}3|5<L%1kE4!r+
z!p<pd?2+p{ZJ@>)G-Et{_0xtYV3wiyopvGPiUcLQ3f(hdWWEt~;Ik))ci#CJbv=hJ
zbe2VPSR&JB>ow<2F;IUCRU=$9v~I&45OS=6?*HwRrE&TU&X4)eE?vPkaklWfA3wzo
z8w&X;E6|&XWzepQtT*;S(qL5DA`ahJMQC*28ZHrRsdmlRIivg2M=k$Sn+Il-D_0XO
zw*_28O4S75iNFVQSlb<U3skL03Igu%g6CO;jRdqtf6nM{M7M()J4LZcYe9?#9|bgl
zCdG__V*1$o%uSb*#A1$wA1^vAKF@F_m~u<lHE0zsjSQimH1B>Hfk|jDgPlrpY8!p_
zahJ!(q^`veP{agiueC|H-X6ieUL*wPn*1LY>^F9pH{S9z(G>PCqTieHIP8zDEPHfg
zI<>$_0&oU4w3G+j6A(|iED}u^cx|bg9BBy8BYx;yoO!Jm9})!#pZSv2giv9qw>6O3
zR<f%<IN5u^jao;YLkZ5Z*6$zF<Ya!ToF^9085+06%>l4qy%K<G2dQC_D0dzY1v4><
zxdcLalkp;X{eC%zDOmAlCaxmAWe_-d?j46ZKADVsx*x$SHM!|dE}qZe$0Y|VHT{YK
z!aChw%QiaTUt5Gao+36gxqGSQsyz?I1?W}YGn|z>8RHbRk*hcV0`r3Wn93ty!}q6t
zRUDwOw0_PyQ-W%)UKQVNHWGhTHbek0h5!ZU`C9+X@X6XJbo`m&E0A!J(N7P4TU?MK
z{cKN-TlfZ=Pmn@>9wmepYpHycDGu;{R{h??Y>U06lLa{_1N=$fm@Lu+&0xw~oBXsw
z2<u^d!t;|MA||*2+xi~&^<bG$V_Pk@8t+4-h5$HAVX+hX!_O0GnX>*xwl`pd6$+Z^
zJz)^!3wu?7P58ixVMPSjhq-#trJ%eNSi$HQJ!-bWS);3NNIj<I*cg-V!b+Q#R2))c
zgtU<D(%IEQ-5Z=CY8u?OQV7VAz9Z4cgcIqr5IjC|+-!-%GuBN|^?oqVLGM*2PUY52
zYe6E58r-kWu((=|9PGI`gyG!$afKR4C&eGeA?8ffDbbhnO}$WZ+9L_f)!ia}ZG58G
zIgH?kV>v!Ut)lIGC-J8%bXaQI9!vL1_o$vZG-V_Z=3tBHCm0)O&q`nV&+Fm7jOwXR
zfi4@tcD169XUT|Ne(&PJ=%IVoO`6JF+cO%M>)d!8Fgkgk4fk7<>T7jhuH)}LbM!(k
z02RxM5-GVZMC;|puxGl-#3F>%NS!78BMLW%sC$DqQAcUQ1J)3C1?<9`R&*2rvmzQv
z8S_U$^G~<x2t>}EzEOLNcGFIiKeW2<_^1gS*CAHWMbfP3#=pXSCdyrDY41a3=u4Ka
z!)c90L!kgbb27@&pp@kM1)o4)_WXDlI(vVgQJsN;F#2bPFA_uyiSuVh5AM&<#~&;}
z_=tbEIR6>9W3E62<P-#L)Nu7g59^*uFdPq<qL$a1t0qYseRHRfac`+<44-AYGRPEm
z*FR4^`WmUx%^4AL>?NsMG<{t(7U_J;q(X)-7bam-k4I2N75%Y}h4iv&T&fuB`PEj2
z1eRQFK-)w^ak{o2QwjY`5XYo&U-mRvoN^T}3An>!!!e`kK2ujojX+h-qjeoj;oGg*
z)}lt#j5U0P&O&rUNKzBGG;_MddvOpU_m##;y*5Q$(U2swgFJ8%8Y1rVBewq5GfNl(
z@;c}E))pbxbxiIRPU2U%*i{{m$cGa?C>52lodGt9M0h7-ata)3?GhjK_TwtJYHq-^
z&7E<ZW^{s()b{d?t-L~EV`&n@l`4WP@^^<0hEvf+bWSMKQa{MYZ=>_#qX*XBWNQ4-
z<DD1$pWozss7<1KOfuOF*3VWaa*+I1BwA#HMS<Y6caH!idKT?IsblY72S~w~1*(n6
z>Ac39uw9CSB5DcAAyxUXh`UpfLQA`D47d@}?CBA!yC`UetnOIydCno;hvD1i3kZQe
z12bY0R-DIJN>w`?sacfy35)el;g3K<{`6KaFlumHz8k}nWg?8eVsOpi#nT1GV?Svs
z-Nt52Lcx9}j|Q5!f6=hT*n&D{Z!O^>8yiZ(>p77(#daWe<=%9|^UV2}$2$OQpk2K_
K=)Nd^|GxlO@OVi8

literal 0
HcmV?d00001

diff --git a/p11-kit.spec b/p11-kit.spec
new file mode 100644
index 0000000..042e36d
--- /dev/null
+++ b/p11-kit.spec
@@ -0,0 +1,210 @@
+#
+# spec file for package p11-kit
+#
+# Copyright (c) 2023 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+%define pkidir_cfg       %{_sysconfdir}/pki
+%define pkidir_static    %{_datadir}/pki
+%define trustdir_cfg     %{pkidir_cfg}/trust
+%define trustdir_static  %{pkidir_static}/trust
+Name:           p11-kit
+Version:        0.25.3
+Release:        0
+Summary:        Library to work with PKCS#11 modules
+License:        BSD-3-Clause
+Group:          Development/Libraries/C and C++
+URL:            https://p11-glue.freedesktop.org/p11-kit.html
+Source0:        https://github.com/p11-glue/%{name}/releases/download/%{version}/%{name}-%{version}.tar.xz
+Source1:        https://github.com/p11-glue/%{name}/releases/download/%{version}/p11-kit-%{version}.tar.xz.sig
+Source98:       https://p11-glue.github.io/p11-glue/%{name}/%{name}-release-keyring.gpg#/%{name}.keyring
+Source99:       baselibs.conf
+BuildRequires:  gtk-doc
+%if 0%{?suse_version} >= 1600
+BuildRequires:  libtasn1-tools
+%else
+BuildRequires:  libtasn1
+%endif
+BuildRequires:  meson >= 0.59.0
+BuildRequires:  pkgconfig
+BuildRequires:  pkgconfig(libffi) >= 3.0.0
+BuildRequires:  pkgconfig(libsystemd)
+BuildRequires:  pkgconfig(libtasn1) >= 2.3
+BuildRequires:  pkgconfig(systemd)
+
+%description
+p11-kit provides a way to load and enumerate PKCS#11 modules, as well
+as a standard configuration setup for installing PKCS#11 modules in
+such a way that they're discoverable.
+
+%package -n libp11-kit0
+Summary:        Library to work with PKCS#11 modules
+Group:          System/Libraries
+Conflicts:      p11-kit < %{version}-%{release}
+
+%description -n libp11-kit0
+p11-kit provides a way to load and enumerate PKCS#11 modules, as well
+as a standard configuration setup for installing PKCS#11 modules in
+such a way that they're discoverable.
+
+%package tools
+Summary:        Library to work with PKCS#11 modules -- Tools
+Group:          Development/Libraries/C and C++
+Conflicts:      p11-kit < %{version}-%{release}
+
+%description tools
+p11-kit provides a way to load and enumerate PKCS#11 modules, as well
+as a standard configuration setup for installing PKCS#11 modules in
+such a way that they're discoverable.
+
+%package devel
+Summary:        Library to work with PKCS#11 modules -- Development Files
+Group:          Development/Libraries/C and C++
+Requires:       libp11-kit0 = %{version}
+
+%description devel
+p11-kit provides a way to load and enumerate PKCS#11 modules, as well
+as a standard configuration setup for installing PKCS#11 modules in
+such a way that they're discoverable.
+
+%package nss-trust
+Summary:        Adaptor to make NSS read the p11-kit trust store
+Group:          Productivity/Networking/Security
+Requires:       p11-kit = %{version}
+Conflicts:      mozilla-nss-certs
+%if "%{_lib}" == "lib64"
+Provides:       libnssckbi.so()(64bit)
+%else
+Provides:       libnssckbi.so
+%endif
+
+%description nss-trust
+Adaptor library to make NSS read the p11-kit trust store. It has
+to be installed intead of mozilla-nss-certs.
+
+%package server
+Summary:        Server and client commands for p11-kit
+Group:          Development/Libraries/C and C++
+Requires:       %{name}%{?_isa} = %{version}-%{release}
+
+%description server
+Command line tools that enable to export PKCS#11 modules through a
+Unix domain socket.  Note that this feature is still experimental.
+
+%prep
+%autosetup -p1
+
+%build
+%meson -Dtrust_paths=%{trustdir_cfg}:%{trustdir_static} \
+       -Dbash_completion=disabled \
+       -Dgtk_doc=true -Dman=true
+%meson_build
+
+%install
+%meson_install
+#
+install -d m 755 %{buildroot}%{trustdir_cfg}/{anchors,blocklist}
+install -d m 755 %{buildroot}%{trustdir_static}/{anchors,blocklist}
+# Create pkcs11 config directory
+test ! -e %{buildroot}%{_sysconfdir}/pkcs11/modules
+install -d %{buildroot}%{_sysconfdir}/pkcs11/modules
+# Remove sample config away to doc folder. Having the sample there would conflict
+# with future versions of the library on file level. As replacement, we package
+# the file as documentation file.
+install -d m 755 %{buildroot}%{_docdir}/libp11-kit0
+mv %{buildroot}%{_sysconfdir}/pkcs11/pkcs11.conf.example %{buildroot}%{_docdir}/libp11-kit0
+find %{buildroot} -type f -name "*.la" -delete -print
+#
+install -d -m 755 %{buildroot}%{_rpmmacrodir}
+cat <<'FIN' >%{buildroot}%{_rpmmacrodir}/macros.%{name}
+# Macros from p11-kit package
+%%pkidir_cfg             %{pkidir_cfg}
+%%pkidir_static          %{pkidir_static}
+%%trustdir_cfg           %{trustdir_cfg}
+%%trustdir_static        %{trustdir_static}
+FIN
+#
+# nss compat lib
+ln -s %{_libdir}/pkcs11/p11-kit-trust.so %{buildroot}%{_libdir}/libnssckbi.so
+#
+# call update-ca-certificates when trust changes
+rm %{buildroot}%{_libexecdir}/%{name}/trust-extract-compat
+ln -s ../../sbin/update-ca-certificates %{buildroot}%{_libexecdir}/%{name}/p11-kit-extract-trust
+export NO_BRP_STALE_LINK_ERROR=yes # *grr*
+%find_lang %{name}
+
+%if !0%{?qemu_user_space_build}
+%check
+%meson_test
+%endif
+
+%post -n libp11-kit0 -p /sbin/ldconfig
+%postun -n libp11-kit0 -p /sbin/ldconfig
+
+%files -f %{name}.lang
+%dir %{_libdir}/pkcs11
+%dir %{_datadir}/%{name}
+%dir %{_datadir}/%{name}/modules
+%dir %{pkidir_cfg}
+%dir %{trustdir_cfg}
+%dir %{trustdir_cfg}/anchors
+%dir %{trustdir_cfg}/blocklist
+%dir %{pkidir_static}
+%dir %{trustdir_static}
+%dir %{trustdir_static}/anchors
+%dir %{trustdir_static}/blocklist
+%{_datadir}/%{name}/modules/p11-kit-trust.module
+%{_libdir}/pkcs11/p11-kit-trust.so
+%dir %{_libexecdir}/%{name}
+%{_libexecdir}/%{name}/p11-kit-remote
+%{_libexecdir}/%{name}/p11-kit-extract-trust
+
+%files -n libp11-kit0
+%license COPYING
+# Package the example conf file as documentation. Like this we're sure that we will
+# not introduce conflicts with this version of the library and future ones.
+%doc pkcs11.conf.example
+%doc AUTHORS ChangeLog NEWS README
+%dir %{_sysconfdir}/pkcs11
+%dir %{_sysconfdir}/pkcs11/modules/
+%{_libdir}/libp11-kit.so.*
+%{_libdir}/p11-kit-proxy.so
+
+%files tools
+%{_bindir}/p11-kit
+%{_bindir}/trust
+%{_mandir}/man1/trust.1%{?ext_man}
+%{_mandir}/man5/pkcs11.conf.5%{?ext_man}
+%{_mandir}/man8/p11-kit.8%{?ext_man}
+
+%files devel
+%{_rpmmacrodir}/macros.%{name}
+%{_includedir}/p11-kit-1/
+%{_libdir}/libp11-kit.so
+%{_libdir}/pkgconfig/p11-kit-1.pc
+%doc %dir %{_datadir}/gtk-doc
+%doc %dir %{_datadir}/gtk-doc/html
+%doc %{_datadir}/gtk-doc/html/p11-kit/
+
+%files nss-trust
+%{_libdir}/libnssckbi.so
+
+%files server
+%{_libdir}/pkcs11/p11-kit-client.so
+%{_libexecdir}/p11-kit/p11-kit-server
+%{_userunitdir}/p11-kit-server.service
+%{_userunitdir}/p11-kit-server.socket
+
+%changelog