Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libp11-kit0-0.24.1-1.1 RPM for ppc64

From OpenSuSE Ports Tumbleweed for ppc64

Name: libp11-kit0 Distribution: openSUSE Tumbleweed
Version: 0.24.1 Vendor: openSUSE
Release: 1.1 Build date: Fri Mar 18 16:49:34 2022
Group: System/Libraries Build host: obs-power8-05
Size: 2682598 Source RPM: p11-kit-0.24.1-1.1.src.rpm
Summary: Library to work with PKCS#11 modules
p11-kit provides a way to load and enumerate PKCS#11 modules, as well
as a standard configuration setup for installing PKCS#11 modules in
such a way that they're discoverable.






* Wed Mar 09 2022 Ludwig Nussel <>
  - make sure p11-kit components have matching versions (boo#1196812)
* Tue Jan 25 2022 Bjørn Lie <>
  - Update to version 0.24.1:
    * rpc: Support protocol version negotiation.
    * proxy: Support copying attribute array recursively.
    * Link libp11-kit so that it cannot unload.
    * Translation improvements.
    * Build fixes.
* Fri Dec 17 2021 Bjørn Lie <>
  - Update to version 0.24.0:
    * Use inclusive language on certificate distrust. Note: This
      changes the directory and attribute names to distrust certain
      CAs to "blocklist".
    * Fix issues spotted by coverity and ASan.
    * Integrate gettext with tools more tightly.
    * rpc: Forbid use of array of attributes.
    * Build fixes.
  - Change dirs from blacklist to blocklist ref upstream changes.
* Mon Dec 13 2021 Ludwig Nussel <>
  - Enable systemd support
* Sun Jan 17 2021 Dirk Müller <>
  - update to 0.23.22 (bsc#1180064, bsc#1180065, bsc#1180066, jsc#SLE-18495):
    * Fix memory-safety issues that affect the RPC protocol
    (CVE-2020-29361, CVE-2020-29362, and CVE-2020-29363), discovered
    and fixed by David Cook
    * anchor: Prefer persistent format when storing anchor [PR#329]
    * common: Fix infloop in p11_path_build [PR#326, PR#327]
    * proxy: C_CloseAllSessions: Make sure that calloc args are non-zero [PR#325]
    * common: Check for a NULL locale before freeing it [PR#321]
    * proxy: Do not assign duplicate slot IDs [PR#282]
    * common: Get program name based on executable path if possible [PR#307]
    * anchor: Exit with non-zero code, if any error occurs [PR#304]
    * Build and test fixes
* Mon Oct 05 2020 Ludwig Nussel <>
  - avoid bareword to fix build failure
* Wed Apr 15 2020 Martin Pluskal <>
  - Update to version 0.23.20:
    * Revert "Fix RPC when length-s are 0" changes [PR#276]
  - Changes for version 0.23.19:
    * common: add Russian PKCS#11 extensions to pkcs11x.h header [PR#255]
    * Add simple bash completion for provided commands [PR#258]
    * Unbreak list matching in enable-in and disable-in [PR#262]
    * Fix RPC when length-s are 0 [PR#259]
    * rpc: Add vsock transport support [PR#270]
    * trust: Support CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER [PR#265]
    * Build fixes [PR#271, PR#272, PR#273, ...]
  - Changes for version 0.23.18:
    * rpc: Allow empty CK_DATE value [PR#253]
    * build: Meson fixes [PR#245]
    * build: Adjust feature parity between meson and autotools [PR#247]
  - Changes for version 0.23.17:
    * common: Fix uClibc-ng compilation [PR#237]
    * trust: do not allow daylight to invalidate date validation [PR#236]
    * build: Port to meson build system [PR#231, PR#234]
    * rpc: On UNIX wait on condition variable instead of FD if header is for a different thread [PR#232]
    * doc: Add 'server' command in help [PR#229]
    * Build and test fixes [PR#230]
  - Changes for version 0.23.16:
    * proxy: Support C_WaitForSlotEvent() if CKF_DONT_BLOCK is specified [PR#225]
    * conf: Ignore user configuration if the program is running as root [PR#226]
    * proxy: Refresh slot list on every C_GetSlotList call [PR#224]
    * modules: Fix index used in call to p11_dict_remove() [PR#219]
    * Fix Win32 p11_dl_error crash [PR#218]
    * modules: check gl.modules before iterates on it when freeing [PR#217]
    * trust: Ignore unreadable content in anchors [PR#215]
    * extract-jks: Prefer _p11_extract_jks_timestamp to SOURCE_DATE_EPOCH [PR#213]
  - Changes for version 0.23.15:
    * trust: Improve error handling if backed trust file is corrupted [PR#206]
    * url: Prefer upper-case letters in hex characters when encoding [PR#193]
    * trust/extract-jks.c: also honor SOURCE_DATE_EPOCH time [PR#202]
    * virtual: Prefer fixed closures to libffi closures [PR#196]
    * Fix issues spotted by coverity and cppcheck [PR#194, PR#204]
    * Build and test fixes [PR#164, PR#191, PR#199, PR#201]
  - Changes for version 0.23.14:
    * proxy: Avoid invalid memory access when unloading proxy module [PR#180]
    * Update pkcs11 header to allow SoftHSMv2 to compile [PR#181]
    * build: Restore libpthread dependency [PR#183]
    * Build fixes [PR#188]
  - Changes for version 0.23.13:
    * server: Enable socket activation through systemd [PR#173]
    * rpc-server: p11_kit_remote_serve_tokens: Allow exporting all modules [PR#174]
    * proxy: Fail early if there is no slot mapping [PR#175]
    * Remove hard dependency on libpthread [PR#177]
    * Build fixes [PR#170, PR#176]
  - Remove obsolete patches:
    * 0001-Support-loading-new-NSS-attribute-CKA_NSS_MOZILLA_CA.patch
    * 0001-Fix-a-typo-in-x-cetrificate-value-see-also-https-bug.patch
* Mon Dec 23 2019 Ludwig Nussel <>
  - Also build documentation (boo#1013125)
* Fri Nov 15 2019 Ludwig Nussel <>
  - support loading NSS attribute CKA_NSS_MOZILLA_CA_POLICY so Firefox
    detects built in certificates (boo#1154871,
* Fri May 10 2019 Dominique Leuenberger <>
  - Move RPM macros to %_rpmmacrodir.
* Fri Jun 15 2018
  - New version 0.23.12
    * Fix compile error when PKCS#11 GNU calling convention enabled
  - Changelog from version 0.23.11
    * trust: Add extractor for edk2/cacerts.bin
    * modules: Add option to control module visibility from proxy
    * trust: Prevent trust module being loaded by proxy module
    * library: Use dedicated locale object for printing error
    * Improve const correctness for P11KitUri
    * PKCS#11 URI scheme comparison is now case insensitive
  - Drop p11-kit-biarch.patch: Obsolete since 0.23.10
* Tue Mar 27 2018
  - New version 0.23.10
    * New p11-kit server command
    * The trust policy module now recognizes CKA_NSS_MOZILLA_CA_POLICY attribute
    * New trust dump command
    * New envvar P11_KIT_NO_USER_CONFIG to stop looking at user configurations
    * trust: Respect anyExtendedKeyUsage in CA certificates
    * Support x-init-reserved argument of C_Initialize() in remote modules
    * install private executables in libexecdir, obsoletes p11-kit-biarch.patch
  - new server subpackage
  - change keyring to new maintainer Daiki Ueno
  - Changes for version 0.23.9
    * Fix p11-kit server regressions [PR#103, PR#104]
    * trust: Respect anyExtendedKeyUsage in CA certificates [PR#99]
    * Build fixes related to reallocarray [PR#96, PR#98, PR#100]
  - Changes for version 0.23.8
    * Improve vendor query attributes handling in PKCS#11 URI [PR#92]
    * Add OTP and GOST mechanisms to pkcs11.h [PR#90, PR#91]
    * New envvar P11_KIT_NO_USER_CONFIG to stop looking at user
      configurations [PR#87]
    * Build fixes for Solaris and 32-bit big-endian platforms [PR#81, PR#86]
  - Changes for version 0.23.7
    * Fix memory issues with "p11-kit server" [PR#78]
    * Build fixes [PR#77 ...]
  - Changes for version 0.23.6
    * Port "p11-kit server" to Windows and portability fixes of the RPC
      protocol [PR#67, PR#72, PR#74]
    * Recover the old behavior of "trust anchor --remove" [PR#70, PR#71]
    * Build fixes [PR#63 ...]
  - Changes for version 0.23.5
    * Fix license notice of common/unix-peer.c [PR#58]
    * Remove systemd unit files for now [PR#60]
    * Build fixes for FreeBSD [PR#56]
  - Changes for version 0.23.4
    * Recognize query attributes defined in PKCS#11 URI (RFC7512) [PR#31,
      PR#37, PR#52]
    * The trust policy module now recognizes CKA_NSS_MOZILLA_CA_POLICY
      attribute, used by Firefox [#99453, PR#46]
    * Add 'trust dump' command to dump all PKCS#11 objects in the
      persistence format [PR#44]
    * New experimental 'p11-kit server' command that allows PKCS#11
      forwarding through a Unix domain socket.  A client-side module is also provided [PR#15]
    * Add systemd unit files for exporting the proxy module through a
      Unix domain socket [PR#35]
    * New P11KitIter API to iterate over slots, tokens, and modules in
      addition to objects [PR#28]
    * libffi dependency is now optional [PR#9]
    * Build fixes for FreeBSD, macOS, and Windows [PR#32, PR#39, PR#45]
  - Changes for version 0.23.3
    * Install private executables in libexecdir [fdo#98817]
    * Fix link error of proxy module on macOS [fdo#98022]
    * Use new PKCS#11 URI specification for URIs [fdo#97245]
    * Support x-init-reserved argument of C_Initialize() in remote modules
    * Incorporate changes from PKCS#11 2.40 specification
    * Bump libtool library version
    * Documentation fixes
    * Build fixes [fdo#87192 ...]
* Tue Mar 20 2018
  - Use %license instead of %doc [bsc#1082318]
* Tue Nov 22 2016
  - 32-bit compatibility fixes:
    * Add PKCS11 module to p11-kit-32bit (bsc#996047#c39)
    * Add p11-kit-nss-trust-32bit NSS module
    * Fix potential bi-arch issue with private binaries
      (fdo#98817, p11-kit-biarch.patch)
* Mon Feb 08 2016
  - Update to 0.23.2
    * Fix forking issues with libffi
    * Fix various crashes in corner cases
    * Updated translations
    * Build fixes
  - Make building more verbose
  - Enable tests
  - Small spec file cleanup with spec-cleaner
* Sun Mar 08 2015
  - Update to version 0.23.1 (stable)
    * Use new PKCS#11 URI draft fields for URIs [fdo#86474 fdo#87582]
    * Add pem-directory-hash extract format
    * Build fixes
  - Remove 0001-trust-allow-to-also-add-openssl-style-hashes-to-pem-d.diff;
    fixed on upstream release
  - Remove autoconf, automake and libtool require; unneeded dependencies
  - Add gtk-doc require; needed to build html documentation
  - Remove redundant %clean section
* Mon Oct 13 2014
  - remove patches:
    * trust-Print-label-of-certificate-when-complaining-.patch
    * trust-Dont-use-invalid-public-keys-for-looking-up-.patch
  - new version 0.20.7 (stable)
    * New public pkcs11x.h header containing extensions [fdo#83495]
    * Export necessary defines to lookup attached extensions [fdo#83495]
    * Build fixes
  - new version 0.20.6 (stable)
    * Make the module respect critical = no [fdo#83651]
    * Build fix for FreeBSD [fdo#75674]
  - new version 0.20.5 (stable)
    * Don't use invalid keys for looking up stapled extensions [fdo#82328]
    * Better error messages when invalid certificate extensions
    * Fix parsing of some odd OpenSSL TRUSTED CERTIFICATE files
    * Fix some leaks, and memory issues
    * Silence some clang scanner warnings
  - new version 0.20.4 (stable)
    * Don't complain about C_Finalize after a fork
    * Fix typo
* Fri Aug 29 2014
  - new version 0.20.3
    * Fix problems reinitializing managed modules after fork
    * Fix bad bookeeping when fail initializing one of the modules
    * Fix case where module would be unloaded while in use [#74919]
    * Remove assertions when module used before initialized [#74919]
    * Fix handling of mmap failure and mapping empty files [#74773]
    * Stable p11_kit_be_quiet() and p11_kit_be_loud() functions
    * Require automake 1.12 or later
    * Build fixes for Windows [#76594 #74149]
  - apply patches to avoid errors from certificates with invalid public key
    (fdo#82328, bnc#890908,
* Mon May 19 2014
  - New version 0.20.2
    * Fix bug where blacklist didn't affect extracted ca-anchors if the anchor
      and blacklist were not in the same trust path (regression) [fdo#73558]
    * Check for race in BasicConstraints stapled extension [fdo#69314]
    * Build fixes and cleanup
* Tue Feb 11 2014
  - added .sig file. trying to locate source of the keyring.
* Fri Dec 06 2013
  - trust: allow to also add openssl style hashes to pem-directory
* Tue Sep 10 2013
  - upgrade to 0.20.1 which is 0.19 declared stable
    * Extract compat trust data after we've changes
    * Skip compat extraction if running as non-root
    * Better failure messages when removing anchors
* Fri Aug 30 2013
  - new version 0.19.4
    * 'trust anchor' now adds/removes certificate anchors
    * 'trust list' lists trust policy stuff
    * 'p11-kit extract' is now 'trust extract'
    * 'p11-kit extract-trust' is now 'trust extract-compat'
    * Workarounds for working on broken [#68525]
    * Add --with-module-config parameter to the configure script [#68122]
    * Add support for removing stored PKCS#11 objects in trust module
* Thu Jul 25 2013
  - new version 0.19.3
    * Fix up problems with automake testing
    * Fix a bunch of memory leaks in newly refactored code
    * Don't use _GNU_SOURCE and the unportability it brings
    * Add basic 'trust anchor' command to store a new anchor
    * Support for writing out trust token objects
    * Port to use CKA_PUBLIC_KEY_INFO and updated trust store spec
    * Add option to use freebl for hashing
    * Implement reloading of token data
    * Fix warnings and possible minor bugs higlighted by code scanners
    * Don't load configs in home directories when running setuid or setgid
    * Support treating ~/.config as $XDG_CONFIG_HOME
    * Use $XDG_DATA_HOME/pkcs11 as default user config directory
    * Use $TMPDIR instead of $TEMP while testing
    * Open files and fds with O_CLOEXEC
    * Abort initialization if a critical module fails to load
    * Don't use thread-unsafe functions: strerror, getpwuid
    * Fix p11_kit_space_strlen() result when empty string
    * Refactoring of where various components live
* Fri Jul 05 2013
  - fix 32bit provides of
  - repace p11-kit-extract-trust with update-ca-certificates
* Fri Jun 28 2013
  - provide to replace mozilla-nss-certs
* Mon Jun 24 2013
  - add p11-kit-nss-trust subpackage that serves as drop-in
    replacement for mozilla-nss-certs
* Wed Jun 19 2013
  - use /etc/pki/trust and /usr/share/pki/trust as system CA
    certificate store
* Mon May 27 2013
  - Update to version 0.19.1:
    + Refactor API to be able to handle managed modules.
    + Deprecate much of old p11-kit API.
    + Implement concept of managed modules.
    + Make C_CloseAllSessions function work for multiple callers.
    + New dependency on libffi.
    + Fix possible threading problems reported by hellgrind.
    + Add log-calls option.
    + Mark p11_kit_message() as a stable function.
    + Use our own unit testing framework.
  - Add pkgconfig(libffi) BuildRequires: new dependency.
* Tue May 14 2013
  - Update to version 0.18.2:
    + Build fixes (fdo#64378)
* Mon May 13 2013
  - Also provide p11-kit-32bit (in fact, the pkcs#11 modules)
* Mon Apr 15 2013
  - Update to version 0.18.1:
    + Put the external tools in $libdir/p11-kit.
    + Documentation build fixes.
* Thu Apr 04 2013
  - Update to version 0.18.0:
    + Fix use of trust module with gcr and empathy (fdo#62896).
    + Further tweaks to trust module date parsing.
    + Fix unaligned memory reads (fdo#62819).
    + Win32 fixes (fdo#63062, fdo#63046).
    + Debug and logging tweaks (fdo#62874).
    + Other build fixes.
* Thu Mar 28 2013
  - Update to version 0.17.5:
    + Don't try to guess at overflowing time values on 32-bit
      systems (fdo#62825).
    + Test fixes (fdo#927394).
* Thu Mar 21 2013
  - Update to version 0.17.4:
    + Check for duplicate certificates in a token, warn and discard
    + Implement a proper index so we have decent load performance.
* Wed Mar 20 2013
  - Update to version 0.17.3:
    + Use descriptive labels for the trust module tokens (fdo#62534).
    + Remove the temporary built in distrust objects.
    + Make extracted output directories and files read-only
    + Don't export unneccessary ABI.
    + Build fixes (fdo#62479).
* Tue Mar 19 2013
  - Update to version 0.17.2:
    + Fix build on 32-bit linux.
    + Fix several crashers.
  - Changes from version 0.17.1:
    + Support a p11-kit specific PKCS#11 attribute persistance format
    + Use the SHA1 hash of SPKI as the CKA_ID in the trust module by
      default (fdo#62329).
    + Refactor a trust builder which builds objects out of parsed
      data (fdo#62329).
    + Combine trust policy when extracting certificates (fdo#61497).
    + The extract --comment option adds comments to PEM bundles
    + A new 'priority' config option for ordering modules
    + Make each configured path its own trust module token
    + Use --with-trust-paths to configure trust module (fdo#62327).
    + Fix bug decoding some PEM files.
    + Better debug output for trust module lookups.
    + Work around bug in NSS when doing serial number lookups.
    + Work around broken strndup() function in firefox.
    + Fix the nickname for the distrusted attribute.
    + Build fixes.
  - Add ca-certificates BuildRequires: needed to find the location of
    the root certificates.
* Thu Mar 14 2013
  - Update to version 0.16.4:
    + Display per command help again (fdo#62153).
    + Don't always print tools debug output (fdo#62152).
  - Changes from version 0.16.3:
    + When iterating don't skip tokens without the
    + Hardcode some distrust records for NSS temporarily.
    + Parse global options better in the p11-kit command.
    + Better debugging.
  - Changes from version 0.16.2:
    + Fix regression in 'p11-kit extract --purpose' option
    + Documentation updates
    + Build fixes (fdo#62001).
  - Changes from version 0.16.1:
    + Don't break when cA field of BasicConstraints is missing
    + Documentation fixes and updates.
    + p11-kit extract-trust is a placeholder script now.
* Tue Mar 05 2013
  - Update to version 0.16.0:
    + Update the pkcs11.h header for new mechanisms
    + Fix build and tests on mingw64 (ie: win32)
    + Relicense LGPL code to BSD license
    + Documentation tweaks
    + Bugs fixed: fdo#61739, fdo#60894, fdo#61740, fdo#60792
    + Updated translations.
  - Changes from version 0.15.2:
    + Better define the libtasn1 dependency.
    + Crasher and bug fixes.
    + Build fixes.
    + Updated translations.
  - Changes from version 0.15.1:
    + Fix some memory leaks.
    + Add a location for packages to drop module configs.
    + Documentation updates and fixes.
    + Add command line tool manual page.
    + Remove unused err() function and friends.
    + Move more code into common/ directory and refactor.
    + Add a system trust policy module.
    + Refactor how the p11-kit command line tool works.
    + Add p11-kit extract and extract-trust commands.
    + Don't complain if we cannot access ~/.pkcs11/pkcs11.conf.
    + Refuse to load the as a registered module.
    + Don't fail initialization if last initialized module fails.
* Fri Sep 07 2012
  - Update to version 0.14:
    + Change default for user-config to merge
    + Always URI-encode the 'id' attribute in PKCS#11 URIs
    + Expect a .module extension on module configs
    + Windows compatibility fixes
    + Testing fixes
    + Build fixes
* Mon Jul 23 2012
  - Update to version 0.13:
    + Don't allow reading of PIN files larger than 4096 bytes
    + If a module is not marked as critical then ignore init failure
    + Use preconditions to check for input problems and out of memory
    + Add enable-in and disable-in options to module config
    + Fix the flags in pin.h
    + Use gcc extensions to check varargs during compile
    + Fix crasher when a duplicate module is present
    + Fix broken hashmap behavior
    + Testing fixes
    + Win32 build fixes
    + 'p11-kit -h' now works
    + Documentation fixes
* Fri Mar 09 2012
  - Update to version 0.12:
    + Build fix.
* Fri Feb 10 2012
  - Update to version 0.11:
    + Remove automatic reinitialization of PKCS#11 after fork
* Wed Jan 04 2012
  - Update to version 0.10:
    + Build fixes, for windows, gcc 4.6.1.
* Tue Nov 15 2011
  - Update to version 0.9:
    + p11-kit can't be used as a static library.
    + Fix problems crashing when freeing TLS on windows.
    + Add debug output to windows init and uninit of library.
    +.Build fixes, especially for windows
* Thu Oct 27 2011
  - Update to version 0.8:
    + Rename non-static functions to have a _p11_xxx prefix
    + No concurrent calling of C_Initialize and C_Finalize
    + Print more information in 'p11-kit -l'
    + Initial port to win32
    + Build and testing fixes.
* Tue Sep 27 2011
  - Update to version 0.7:
    + Expand p11-kit config variables correctly in various build
    + Add test tool to print out error messages
    + Build fix on FreeBSD
* Thu Sep 15 2011
  - Update to version 0.6:
    + Add concept of a default module directory from which modules
      with relative paths are loaded.
    + Renamed pkg-config variables to make it clearer what's what.
* Fri Sep 02 2011
  - Update to version 0.5:
    + Fix crasher in p11_kit_registered_modules()
    + Add 'critical' setting for modules, which defaults to 'no'
    + Fix initialization issues in the proxy module
* Fri Aug 19 2011
  - Update to version 0.4:
    + Fix endless loop if module forks during initialization
    + Update PKCS#11 URI code for new draft of spec
    + Don't fail when duplicate modules are configured
    + Better debug output
    + Add example configuration documentation
    + Support whitespace in PKCS#11 URIs
  - Move the p11-kit.conf.example to the doc folder.
* Sat Jul 30 2011
  - Update to version 0.3:
    + Rewrite hash table, and simplify licensing.
    + Correct paths for p11-kit config files.
    + Many build fixes and tweaks.
  - Remove Apache-2 part from License tag, as the code was rewritten.
* Mon Jul 25 2011
  - Initial package (version 0.2).



Generated by rpm2html 1.8.1

Fabrice Bellet, Tue May 31 23:46:03 2022