- remove patches:

* trust-Print-label-of-certificate-when-complaining-.patch
 * trust-Dont-use-invalid-public-keys-for-looking-up-.patch
- new version 0.20.7 (stable)
 * New public pkcs11x.h header containing extensions [fdo#83495]
 * Export necessary defines to lookup attached extensions [fdo#83495]
 * Build fixes
- new version 0.20.6 (stable)
 * Make the p11-kit-proxy.so module respect critical = no [fdo#83651]
 * Build fix for FreeBSD [fdo#75674]
- new version 0.20.5 (stable)
 * Don't use invalid keys for looking up stapled extensions [fdo#82328]
 * Better error messages when invalid certificate extensions
 * Fix parsing of some odd OpenSSL TRUSTED CERTIFICATE files
 * Fix some leaks, and memory issues
 * Silence some clang scanner warnings
- new version 0.20.4 (stable)
 * Don't complain about C_Finalize after a fork
 * Fix typo

OBS-URL: https://build.opensuse.org/package/show/Base:System/p11-kit?expand=0&rev=19

p11-kit-0.20.3.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:b77032bc68c24e6c3cfd8cb340a4a3bb8b7d62a7c659dae08e9b6bb7287193c3
-size 1171155

p11-kit-0.20.7.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:68405492fe466b33927d461302aa98e703db3b8a596411585508bc33084484d2
+size 986731

p11-kit.changes

@@ -1,3 +1,30 @@
+-------------------------------------------------------------------
+Mon Oct 13 16:09:09 UTC 2014 - lnussel@suse.de
+
+- remove patches:
+ * trust-Print-label-of-certificate-when-complaining-.patch
+ * trust-Dont-use-invalid-public-keys-for-looking-up-.patch
+
+- new version 0.20.7 (stable)
+ * New public pkcs11x.h header containing extensions [fdo#83495]
+ * Export necessary defines to lookup attached extensions [fdo#83495]
+ * Build fixes
+
+- new version 0.20.6 (stable)
+ * Make the p11-kit-proxy.so module respect critical = no [fdo#83651]
+ * Build fix for FreeBSD [fdo#75674]
+
+- new version 0.20.5 (stable)
+ * Don't use invalid keys for looking up stapled extensions [fdo#82328]
+ * Better error messages when invalid certificate extensions
+ * Fix parsing of some odd OpenSSL TRUSTED CERTIFICATE files
+ * Fix some leaks, and memory issues
+ * Silence some clang scanner warnings
+
+- new version 0.20.4 (stable)
+ * Don't complain about C_Finalize after a fork
+ * Fix typo
+
 -------------------------------------------------------------------
 Fri Aug 29 06:47:50 UTC 2014 - lnussel@suse.de
 

p11-kit.spec

@@ -22,7 +22,7 @@
 %define trustdir_static  %{pkidir_static}/trust
 
 Name:           p11-kit
-Version:        0.20.3
+Version:        0.20.7
 Release:        0
 Summary:        Library to work with PKCS#11 modules
 License:        BSD-3-Clause
@@ -35,12 +35,6 @@ Source99:       baselibs.conf
 # patch proposed upstream. If it gets rejected, need to implement
 # this in ca-certificates.
 Patch0:         0001-trust-allow-to-also-add-openssl-style-hashes-to-pem-d.diff
-# PATCH-FIX-OPENSUSE
-# trust-Print-label-of-certificate-when-complaining-.patch bnc#890908 lnussel@suse.de
-Patch1:         trust-Print-label-of-certificate-when-complaining-.patch
-# PATCH-FIX-OPENSUSE
-# trust-Dont-use-invalid-public-keys-for-looking-up-.patch bnc#890908 lnussel@suse.de
-Patch2:         trust-Dont-use-invalid-public-keys-for-looking-up-.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  libtool
@@ -98,10 +92,7 @@ Adaptor library to make NSS read the p11-kit trust store. It has
 to be installed intead of mozilla-nss-certs.
 
 %prep
-%setup -q
-%patch0 -p1
-%patch1 -p1
-%patch2 -p1
+%autosetup -p1
 
 %build
 # just because of patch0

trust-Dont-use-invalid-public-keys-for-looking-up-.patch

@@ -1,26 +0,0 @@
-From 244e885d3e9aae7f7b286f1115a220eb16fa0530 Mon Sep 17 00:00:00 2001
-From: Stef Walter <stefw@redhat.com>
-Date: Fri, 8 Aug 2014 08:47:54 +0200
-Subject: [PATCH] trust: Don't use invalid public keys for looking up stapled
- extensions
-
-https://bugs.freedesktop.org/show_bug.cgi?id=82328
----
- trust/builder.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/trust/builder.c b/trust/builder.c
-index f7ea86a..fd7a662 100644
---- a/trust/builder.c
-+++ b/trust/builder.c
-@@ -125,7 +125,7 @@ lookup_extension (p11_builder *builder,
- 		{ CKA_INVALID },
- 	};
- 
--	if (public_key == NULL)
-+	if (public_key == NULL || public_key->type == CKA_INVALID)
- 		public_key = p11_attrs_find_valid (cert, CKA_X_PUBLIC_KEY_INFO);
- 
- 	/* Look for a stapled certificate extension */
--- 
-1.9.3

trust-Print-label-of-certificate-when-complaining-.patch

@@ -1,37 +0,0 @@
-From 70228770eb96e7121e12632a85e603727ed42431 Mon Sep 17 00:00:00 2001
-From: Stef Walter <stefw@redhat.com>
-Date: Fri, 8 Aug 2014 08:47:23 +0200
-Subject: [PATCH] trust: Print label of certificate when complaining about
- basic constraints
-
-https://bugs.freedesktop.org/show_bug.cgi?id=82328
----
- trust/builder.c | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/trust/builder.c b/trust/builder.c
-index 18c09ad..f7ea86a 100644
---- a/trust/builder.c
-+++ b/trust/builder.c
-@@ -551,6 +551,7 @@ calc_certificate_category (p11_builder *builder,
-                            CK_ATTRIBUTE *public_key,
-                            CK_ULONG *category)
- {
-+	CK_ATTRIBUTE *label;
- 	unsigned char *ext;
- 	size_t ext_len;
- 	bool is_ca = 0;
-@@ -570,7 +571,10 @@ calc_certificate_category (p11_builder *builder,
- 		ret = p11_x509_parse_basic_constraints (builder->asn1_defs, ext, ext_len, &is_ca);
- 		free (ext);
- 		if (!ret) {
--			p11_message ("invalid basic constraints certificate extension");
-+			label = p11_attrs_find_valid (cert, CKA_LABEL);
-+			p11_message ("%.*s: invalid basic constraints certificate extension",
-+				     label ? (int)label->ulValueLen : 7,
-+				     label ? (char *)label->pValue : "unknown");
- 			return false;
- 		}
- 
--- 
-1.9.3