- update to 0.23.22 (bsc#1180064, bsc#1180065, bsc#1180066):
* Fix memory-safety issues that affect the RPC protocol
(CVE-2020-29361, CVE-2020-29362, and CVE-2020-29363), discovered
and fixed by David Cook
* anchor: Prefer persistent format when storing anchor [PR#329]
* common: Fix infloop in p11_path_build [PR#326, PR#327]
* proxy: C_CloseAllSessions: Make sure that calloc args are non-zero [PR#325]
* common: Check for a NULL locale before freeing it [PR#321]
* proxy: Do not assign duplicate slot IDs [PR#282]
* common: Get program name based on executable path if possible [PR#307]
* anchor: Exit with non-zero code, if any error occurs [PR#304]
* Build and test fixes
OBS-URL: https://build.opensuse.org/request/show/863932
OBS-URL: https://build.opensuse.org/package/show/Base:System/p11-kit?expand=0&rev=41
- Update to version 0.23.20:
* Revert "Fix RPC when length-s are 0" changes [PR#276]
- Changes for version 0.23.19:
* common: add Russian PKCS#11 extensions to pkcs11x.h header [PR#255]
* Add simple bash completion for provided commands [PR#258]
* Unbreak list matching in enable-in and disable-in [PR#262]
* Fix RPC when length-s are 0 [PR#259]
* rpc: Add vsock transport support [PR#270]
* trust: Support CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER [PR#265]
* Build fixes [PR#271, PR#272, PR#273, ...]
- Changes for version 0.23.18:
* rpc: Allow empty CK_DATE value [PR#253]
* build: Meson fixes [PR#245]
* build: Adjust feature parity between meson and autotools [PR#247]
- Changes for version 0.23.17:
* common: Fix uClibc-ng compilation [PR#237]
* trust: do not allow daylight to invalidate date validation [PR#236]
* build: Port to meson build system [PR#231, PR#234]
* rpc: On UNIX wait on condition variable instead of FD if header is for a different thread [PR#232]
* doc: Add 'server' command in help [PR#229]
* Build and test fixes [PR#230]
- Changes for version 0.23.16:
* proxy: Support C_WaitForSlotEvent() if CKF_DONT_BLOCK is specified [PR#225]
* conf: Ignore user configuration if the program is running as root [PR#226]
* proxy: Refresh slot list on every C_GetSlotList call [PR#224]
* modules: Fix index used in call to p11_dict_remove() [PR#219]
* Fix Win32 p11_dl_error crash [PR#218]
* modules: check gl.modules before iterates on it when freeing [PR#217]
* trust: Ignore unreadable content in anchors [PR#215]
* extract-jks: Prefer _p11_extract_jks_timestamp to SOURCE_DATE_EPOCH [PR#213]
OBS-URL: https://build.opensuse.org/request/show/794036
OBS-URL: https://build.opensuse.org/package/show/Base:System/p11-kit?expand=0&rev=36
- New version 0.23.12
* Fix compile error when PKCS#11 GNU calling convention enabled
- Changelog from version 0.23.11
* trust: Add extractor for edk2/cacerts.bin
* modules: Add option to control module visibility from proxy
* trust: Prevent trust module being loaded by proxy module
* library: Use dedicated locale object for printing error
* Treat CKR_CRYPTOKI_ALREADY_INITIALIZED correctly
* Improve const correctness for P11KitUri
* PKCS#11 URI scheme comparison is now case insensitive
- Drop p11-kit-biarch.patch: Obsolete since 0.23.10
OBS-URL: https://build.opensuse.org/request/show/616962
OBS-URL: https://build.opensuse.org/package/show/Base:System/p11-kit?expand=0&rev=30
* New p11-kit server command
* The trust policy module now recognizes CKA_NSS_MOZILLA_CA_POLICY attribute
* New trust dump command
* New envvar P11_KIT_NO_USER_CONFIG to stop looking at user configurations
* trust: Respect anyExtendedKeyUsage in CA certificates
* Support x-init-reserved argument of C_Initialize() in remote modules
* install private executables in libexecdir, obsoletes p11-kit-biarch.patch
- new server subpackage
- change keyring to new maintainer Daiki Ueno
OBS-URL: https://build.opensuse.org/package/show/Base:System/p11-kit?expand=0&rev=29
* trust-Print-label-of-certificate-when-complaining-.patch
* trust-Dont-use-invalid-public-keys-for-looking-up-.patch
- new version 0.20.7 (stable)
* New public pkcs11x.h header containing extensions [fdo#83495]
* Export necessary defines to lookup attached extensions [fdo#83495]
* Build fixes
- new version 0.20.6 (stable)
* Make the p11-kit-proxy.so module respect critical = no [fdo#83651]
* Build fix for FreeBSD [fdo#75674]
- new version 0.20.5 (stable)
* Don't use invalid keys for looking up stapled extensions [fdo#82328]
* Better error messages when invalid certificate extensions
* Fix parsing of some odd OpenSSL TRUSTED CERTIFICATE files
* Fix some leaks, and memory issues
* Silence some clang scanner warnings
- new version 0.20.4 (stable)
* Don't complain about C_Finalize after a fork
* Fix typo
OBS-URL: https://build.opensuse.org/package/show/Base:System/p11-kit?expand=0&rev=19
* Fix problems reinitializing managed modules after fork
* Fix bad bookeeping when fail initializing one of the modules
* Fix case where module would be unloaded while in use [#74919]
* Remove assertions when module used before initialized [#74919]
* Fix handling of mmap failure and mapping empty files [#74773]
* Stable p11_kit_be_quiet() and p11_kit_be_loud() functions
* Require automake 1.12 or later
* Build fixes for Windows [#76594#74149]
OBS-URL: https://build.opensuse.org/package/show/Base:System/p11-kit?expand=0&rev=15
* Fix bug where blacklist didn't affect extracted ca-anchors if the anchor
and blacklist were not in the same trust path (regression) [fdo#73558]
* Check for race in BasicConstraints stapled extension [fdo#69314]
* Build fixes and cleanup
OBS-URL: https://build.opensuse.org/package/show/Base:System/p11-kit?expand=0&rev=13
- upgrade to 0.20.1 which is 0.19 declared stable
* Extract compat trust data after we've changes
* Skip compat extraction if running as non-root
* Better failure messages when removing anchors
- new version 0.19.4
* 'trust anchor' now adds/removes certificate anchors
* 'trust list' lists trust policy stuff
* 'p11-kit extract' is now 'trust extract'
* 'p11-kit extract-trust' is now 'trust extract-compat'
* Workarounds for working on broken zfsonlinux.org [#68525]
* Add --with-module-config parameter to the configure script [#68122]
* Add support for removing stored PKCS#11 objects in trust module
OBS-URL: https://build.opensuse.org/request/show/198188
OBS-URL: https://build.opensuse.org/package/show/Base:System/p11-kit?expand=0&rev=7
- new version 0.19.3
* Fix up problems with automake testing
* Fix a bunch of memory leaks in newly refactored code
* Don't use _GNU_SOURCE and the unportability it brings
* Add basic 'trust anchor' command to store a new anchor
* Support for writing out trust token objects
* Port to use CKA_PUBLIC_KEY_INFO and updated trust store spec
* Add option to use freebl for hashing
* Implement reloading of token data
* Fix warnings and possible minor bugs higlighted by code scanners
* Don't load configs in home directories when running setuid or setgid
* Support treating ~/.config as $XDG_CONFIG_HOME
* Use $XDG_DATA_HOME/pkcs11 as default user config directory
* Use $TMPDIR instead of $TEMP while testing
* Open files and fds with O_CLOEXEC
* Abort initialization if a critical module fails to load
* Don't use thread-unsafe functions: strerror, getpwuid
* Fix p11_kit_space_strlen() result when empty string
* Refactoring of where various components live
OBS-URL: https://build.opensuse.org/request/show/196078
OBS-URL: https://build.opensuse.org/package/show/Base:System/p11-kit?expand=0&rev=4
