diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..f395ec7 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +SOURCES/gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg +SOURCES/p11-kit-0.23.21.tar.xz diff --git a/.p11-kit.metadata b/.p11-kit.metadata new file mode 100644 index 0000000..48f5635 --- /dev/null +++ b/.p11-kit.metadata @@ -0,0 +1,2 @@ +526f07b62624739ba318a171bab3352af91d0134 SOURCES/gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg +5c550cc2a192d5a3ede74862b22ef0b139c911a4 SOURCES/p11-kit-0.23.21.tar.xz diff --git a/SOURCES/p11-kit-0.23.21.tar.xz.sig b/SOURCES/p11-kit-0.23.21.tar.xz.sig new file mode 100644 index 0000000..599cbca Binary files /dev/null and b/SOURCES/p11-kit-0.23.21.tar.xz.sig differ diff --git a/SOURCES/p11-kit-client.service b/SOURCES/p11-kit-client.service new file mode 100644 index 0000000..c9b8e30 --- /dev/null +++ b/SOURCES/p11-kit-client.service @@ -0,0 +1,11 @@ +[Unit] +Description=p11-kit client + +[Service] +Type=oneshot +RemainAfterExit=true +RuntimeDirectory=p11-kit +ExecStart=/usr/bin/true + +[Install] +WantedBy=default.target diff --git a/SOURCES/p11-kit-invalid-config.patch b/SOURCES/p11-kit-invalid-config.patch new file mode 100644 index 0000000..d0f84df --- /dev/null +++ b/SOURCES/p11-kit-invalid-config.patch @@ -0,0 +1,331 @@ +From de661c41a1e7e52296c91b9caa0bff8e4885c751 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Thu, 22 Oct 2020 14:06:53 +0200 +Subject: [PATCH 1/4] common: Fix infloop in p11_path_build + +If p11_path_build is called with 2 or more arguments and the non-first +argument is an empty string (""), it previously fell into an infloop. + +Reported by Karel Srot. +--- + common/path.c | 4 +++- + common/test-path.c | 4 ++++ + 2 files changed, 7 insertions(+), 1 deletion(-) + +diff --git a/common/path.c b/common/path.c +index 17a6230..53d394f 100644 +--- a/common/path.c ++++ b/common/path.c +@@ -241,8 +241,10 @@ p11_path_build (const char *path, + num--; + + if (at != 0) { +- if (num == 0) ++ if (num == 0) { ++ path = va_arg (va, const char *); + continue; ++ } + built[at++] = delim; + } + +diff --git a/common/test-path.c b/common/test-path.c +index 2eb5444..f137a0c 100644 +--- a/common/test-path.c ++++ b/common/test-path.c +@@ -88,6 +88,8 @@ static void + test_build (void) + { + #ifdef OS_UNIX ++ assert_str_eq_free ("/root", ++ p11_path_build ("/root", "", NULL)); + assert_str_eq_free ("/root/second", + p11_path_build ("/root", "second", NULL)); + assert_str_eq_free ("/root/second", +@@ -99,6 +101,8 @@ test_build (void) + assert_str_eq_free ("/root/second/third", + p11_path_build ("/root", "/second/third", NULL)); + #else /* OS_WIN32 */ ++ assert_str_eq_free ("C:\\root", ++ p11_path_build ("C:\\root", "", NULL)); + assert_str_eq_free ("C:\\root\\second", + p11_path_build ("C:\\root", "second", NULL)); + assert_str_eq_free ("C:\\root\\second", +-- +2.26.2 + + +From 1eac9a1c41828d5da4b640746e0002c7ab964e8e Mon Sep 17 00:00:00 2001 +From: Alexander Sosedkin +Date: Tue, 27 Oct 2020 11:08:53 +0100 +Subject: [PATCH 2/4] Remove more duplicate separators in p11_path_build + +Makes p11_path_build remove duplicate separators more thoroughly, +e.g., after a "" or in the first argument. +--- + common/path.c | 26 +++++++++++++++++++------- + common/test-path.c | 22 ++++++++++++++++++++++ + 2 files changed, 41 insertions(+), 7 deletions(-) + +diff --git a/common/path.c b/common/path.c +index 53d394f..0ad176c 100644 +--- a/common/path.c ++++ b/common/path.c +@@ -94,15 +94,21 @@ p11_path_base (const char *path) + } + + static inline bool +-is_path_component_or_null (char ch) ++is_path_component (char ch) + { +- return (ch == '\0' || ch == '/' ++ return (ch == '/' + #ifdef OS_WIN32 + || ch == '\\' + #endif + ); + } + ++static inline bool ++is_path_component_or_null (char ch) ++{ ++ return is_path_component (ch) || ch == '\0'; ++} ++ + static char * + expand_homedir (const char *remainder) + { +@@ -235,6 +241,15 @@ p11_path_build (const char *path, + while (path != NULL) { + num = strlen (path); + ++ /* Trim beginning of path */ ++ while (is_path_component (path[0])) { ++ /* But preserve the leading path component */ ++ if (!at && !is_path_component (path[1])) ++ break; ++ path++; ++ num--; ++ } ++ + /* Trim end of the path */ + until = (at > 0) ? 0 : 1; + while (num > until && is_path_component_or_null (path[num - 1])) +@@ -245,7 +260,8 @@ p11_path_build (const char *path, + path = va_arg (va, const char *); + continue; + } +- built[at++] = delim; ++ if (built[at - 1] != delim) ++ built[at++] = delim; + } + + assert (at + num < len); +@@ -253,10 +269,6 @@ p11_path_build (const char *path, + at += num; + + path = va_arg (va, const char *); +- +- /* Trim beginning of path */ +- while (path && path[0] && is_path_component_or_null (path[0])) +- path++; + } + va_end (va); + +diff --git a/common/test-path.c b/common/test-path.c +index f137a0c..cf4a8e3 100644 +--- a/common/test-path.c ++++ b/common/test-path.c +@@ -88,6 +88,16 @@ static void + test_build (void) + { + #ifdef OS_UNIX ++ assert_str_eq_free ("/", ++ p11_path_build ("/", NULL)); ++ assert_str_eq_free ("/", ++ p11_path_build ("", "//", NULL)); ++ assert_str_eq_free ("/root", ++ p11_path_build ("///root///", NULL)); ++ assert_str_eq_free ("/root", ++ p11_path_build ("/", "root", NULL)); ++ assert_str_eq_free ("/root", ++ p11_path_build ("", "/root", NULL)); + assert_str_eq_free ("/root", + p11_path_build ("/root", "", NULL)); + assert_str_eq_free ("/root/second", +@@ -96,11 +106,19 @@ test_build (void) + p11_path_build ("/root", "/second", NULL)); + assert_str_eq_free ("/root/second", + p11_path_build ("/root/", "second", NULL)); ++ assert_str_eq_free ("/root/second", ++ p11_path_build ("/root//", "//second/", NULL)); ++ assert_str_eq_free ("/root/second", ++ p11_path_build ("/root//", "", "//second/", NULL)); + assert_str_eq_free ("/root/second/third", + p11_path_build ("/root", "second", "third", NULL)); + assert_str_eq_free ("/root/second/third", + p11_path_build ("/root", "/second/third", NULL)); + #else /* OS_WIN32 */ ++ assert_str_eq_free ("C:\\root", ++ p11_path_build ("C:\\", "root", NULL)); ++ assert_str_eq_free ("C:\\root", ++ p11_path_build ("", "C:\\root", NULL)); + assert_str_eq_free ("C:\\root", + p11_path_build ("C:\\root", "", NULL)); + assert_str_eq_free ("C:\\root\\second", +@@ -109,6 +127,10 @@ test_build (void) + p11_path_build ("C:\\root", "\\second", NULL)); + assert_str_eq_free ("C:\\root\\second", + p11_path_build ("C:\\root\\", "second", NULL)); ++ assert_str_eq_free ("C:\\root\\second", ++ p11_path_build ("C:\\root\\\\", "\\\\second", NULL)); ++ assert_str_eq_free ("C:\\root\\second", ++ p11_path_build ("C:\\root\\\\", "", "\\\\second", NULL)); + assert_str_eq_free ("C:\\root\\second\\third", + p11_path_build ("C:\\root", "second", "third", NULL)); + assert_str_eq_free ("C:\\root\\second/third", +-- +2.26.2 + + +From e5a1f444b7d299e77dd57862f3cc5783e697a10e Mon Sep 17 00:00:00 2001 +From: Alexander Sosedkin +Date: Tue, 27 Oct 2020 13:33:34 +0100 +Subject: [PATCH 3/4] Use is_path_component in one more place + +--- + common/path.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/common/path.c b/common/path.c +index 0ad176c..8f57ec6 100644 +--- a/common/path.c ++++ b/common/path.c +@@ -119,7 +119,7 @@ expand_homedir (const char *remainder) + return NULL; + } + +- while (remainder[0] && is_path_component_or_null (remainder[0])) ++ while (is_path_component (remainder[0])) + remainder++; + if (remainder[0] == '\0') + remainder = NULL; +-- +2.26.2 + + +From ce66cf00b6b207c1d452af23cb062ca0adf57dac Mon Sep 17 00:00:00 2001 +From: Alexander Sosedkin +Date: Tue, 27 Oct 2020 16:01:32 +0100 +Subject: [PATCH 4/4] Rename is_path_component to is_path_separator + +Thanks to Daiki Ueno for noticing the misnaming. +--- + common/path.c | 26 +++++++++++++------------- + 1 file changed, 13 insertions(+), 13 deletions(-) + +diff --git a/common/path.c b/common/path.c +index 8f57ec6..d0d1893 100644 +--- a/common/path.c ++++ b/common/path.c +@@ -94,7 +94,7 @@ p11_path_base (const char *path) + } + + static inline bool +-is_path_component (char ch) ++is_path_separator (char ch) + { + return (ch == '/' + #ifdef OS_WIN32 +@@ -104,9 +104,9 @@ is_path_component (char ch) + } + + static inline bool +-is_path_component_or_null (char ch) ++is_path_separator_or_null (char ch) + { +- return is_path_component (ch) || ch == '\0'; ++ return is_path_separator (ch) || ch == '\0'; + } + + static char * +@@ -119,7 +119,7 @@ expand_homedir (const char *remainder) + return NULL; + } + +- while (is_path_component (remainder[0])) ++ while (is_path_separator (remainder[0])) + remainder++; + if (remainder[0] == '\0') + remainder = NULL; +@@ -127,7 +127,7 @@ expand_homedir (const char *remainder) + /* Expand $XDG_CONFIG_HOME */ + if (remainder != NULL && + strncmp (remainder, ".config", 7) == 0 && +- is_path_component_or_null (remainder[7])) { ++ is_path_separator_or_null (remainder[7])) { + env = getenv ("XDG_CONFIG_HOME"); + if (env && env[0]) + return p11_path_build (env, remainder + 8, NULL); +@@ -180,7 +180,7 @@ p11_path_expand (const char *path) + return_val_if_fail (path != NULL, NULL); + + if (strncmp (path, "~", 1) == 0 && +- is_path_component_or_null (path[1])) { ++ is_path_separator_or_null (path[1])) { + return expand_homedir (path + 1); + + } else { +@@ -242,9 +242,9 @@ p11_path_build (const char *path, + num = strlen (path); + + /* Trim beginning of path */ +- while (is_path_component (path[0])) { ++ while (is_path_separator (path[0])) { + /* But preserve the leading path component */ +- if (!at && !is_path_component (path[1])) ++ if (!at && !is_path_separator (path[1])) + break; + path++; + num--; +@@ -252,7 +252,7 @@ p11_path_build (const char *path, + + /* Trim end of the path */ + until = (at > 0) ? 0 : 1; +- while (num > until && is_path_component_or_null (path[num - 1])) ++ while (num > until && is_path_separator_or_null (path[num - 1])) + num--; + + if (at != 0) { +@@ -288,17 +288,17 @@ p11_path_parent (const char *path) + + /* Find the end of the last component */ + e = path + strlen (path); +- while (e != path && is_path_component_or_null (*e)) ++ while (e != path && is_path_separator_or_null (*e)) + e--; + + /* Find the beginning of the last component */ +- while (e != path && !is_path_component_or_null (*e)) { ++ while (e != path && !is_path_separator_or_null (*e)) { + had = true; + e--; + } + + /* Find the end of the last component */ +- while (e != path && is_path_component_or_null (*e)) ++ while (e != path && is_path_separator_or_null (*e)) + e--; + + if (e == path) { +@@ -327,7 +327,7 @@ p11_path_prefix (const char *string, + + return a > b && + strncmp (string, prefix, b) == 0 && +- is_path_component_or_null (string[b]); ++ is_path_separator_or_null (string[b]); + } + + void +-- +2.26.2 + diff --git a/SOURCES/trust-extract-compat b/SOURCES/trust-extract-compat new file mode 100755 index 0000000..1976f22 --- /dev/null +++ b/SOURCES/trust-extract-compat @@ -0,0 +1,15 @@ +#!/usr/bin/bash + +set -e + +if test "$UID" != "0"; then + echo "p11-kit: the 'extract-trust' command must be run as root" >&2 + exit 2 +fi + +if test $# -gt 1; then + echo "p11-kit: no additional arguments are supported for this command" >&2 + exit 2 +fi + +exec /usr/bin/update-ca-trust diff --git a/SPECS/p11-kit.spec b/SPECS/p11-kit.spec new file mode 100644 index 0000000..e69b253 --- /dev/null +++ b/SPECS/p11-kit.spec @@ -0,0 +1,412 @@ +# This spec file has been automatically updated +Version: 0.23.21 +Release: 3%{?dist} +Name: p11-kit +Summary: Library for loading and sharing PKCS#11 modules + +License: BSD +URL: http://p11-glue.freedesktop.org/p11-kit.html +Source0: https://github.com/p11-glue/p11-kit/releases/download/%{version}/p11-kit-%{version}.tar.xz +Source1: https://github.com/p11-glue/p11-kit/releases/download/%{version}/p11-kit-%{version}.tar.xz.sig +Source2: gpgkey-462225C3B46F34879FC8496CD605848ED7E69871.gpg +Source3: trust-extract-compat +Source4: p11-kit-client.service + +Patch1: p11-kit-invalid-config.patch + +BuildRequires: gcc +BuildRequires: libtasn1-devel >= 2.3 +BuildRequires: libtasn1-tools +BuildRequires: libffi-devel +BuildRequires: gettext +BuildRequires: gtk-doc +BuildRequires: meson +BuildRequires: systemd-devel +BuildRequires: bash-completion +# Work around for https://bugzilla.redhat.com/show_bug.cgi?id=1497147 +# Remove this once it is fixed +BuildRequires: pkgconfig(glib-2.0) +BuildRequires: gnupg2 + +%description +p11-kit provides a way to load and enumerate PKCS#11 modules, as well +as a standard configuration setup for installing PKCS#11 modules in +such a way that they're discoverable. + + +%package devel +Summary: Development files for %{name} +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description devel +The %{name}-devel package contains libraries and header files for +developing applications that use %{name}. + + +%package trust +Summary: System trust module from %{name} +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires(post): %{_sbindir}/update-alternatives +Requires(postun): %{_sbindir}/update-alternatives +Conflicts: nss < 3.14.3-9 + +%description trust +The %{name}-trust package contains a system trust PKCS#11 module which +contains certificate anchors and black lists. + + +%package server +Summary: Server and client commands for %{name} +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description server +The %{name}-server package contains command line tools that enable to +export PKCS#11 modules through a Unix domain socket. Note that this +feature is still experimental. + + +# solution taken from icedtea-web.spec +%define multilib_arches ppc64 sparc64 x86_64 ppc64le +%ifarch %{multilib_arches} +%define alt_ckbi libnssckbi.so.%{_arch} +%else +%define alt_ckbi libnssckbi.so +%endif + + +%prep +gpgv2 --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0} + +%autosetup -p1 + +%build +# These paths are the source paths that come from the plan here: +# https://fedoraproject.org/wiki/Features/SharedSystemCertificates:SubTasks +%meson -Dgtk_doc=true -Dman=true -Dtrust_paths=%{_sysconfdir}/pki/ca-trust/source:%{_datadir}/pki/ca-trust-source +%meson_build + +%install +%meson_install +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pkcs11/modules +install -p -m 755 %{SOURCE3} $RPM_BUILD_ROOT%{_libexecdir}/p11-kit/ +# Install the example conf with %%doc instead +mkdir -p $RPM_BUILD_ROOT%{_docdir}/%{name} +mv $RPM_BUILD_ROOT%{_sysconfdir}/pkcs11/pkcs11.conf.example $RPM_BUILD_ROOT%{_docdir}/%{name}/pkcs11.conf.example +mkdir -p $RPM_BUILD_ROOT%{_userunitdir} +install -p -m 644 %{SOURCE4} $RPM_BUILD_ROOT%{_userunitdir} +%find_lang %{name} + +%check +%meson_test + + +%post trust +%{_sbindir}/update-alternatives --install %{_libdir}/libnssckbi.so \ + %{alt_ckbi} %{_libdir}/pkcs11/p11-kit-trust.so 30 + +%postun trust +if [ $1 -eq 0 ] ; then + # package removal + %{_sbindir}/update-alternatives --remove %{alt_ckbi} %{_libdir}/pkcs11/p11-kit-trust.so +fi + + +%files -f %{name}.lang +%{!?_licensedir:%global license %%doc} +%license COPYING +%doc AUTHORS NEWS README +%{_docdir}/%{name}/pkcs11.conf.example +%dir %{_sysconfdir}/pkcs11 +%dir %{_sysconfdir}/pkcs11/modules +%dir %{_datadir}/p11-kit +%dir %{_datadir}/p11-kit/modules +%dir %{_libexecdir}/p11-kit +%{_bindir}/p11-kit +%{_libdir}/libp11-kit.so.* +%{_libdir}/p11-kit-proxy.so +%{_libexecdir}/p11-kit/p11-kit-remote +%{_mandir}/man1/trust.1.gz +%{_mandir}/man8/p11-kit.8.gz +%{_mandir}/man5/pkcs11.conf.5.gz +%{_datadir}/bash-completion/completions/p11-kit + +%files devel +%{_includedir}/p11-kit-1/ +%{_libdir}/libp11-kit.so +%{_libdir}/pkgconfig/p11-kit-1.pc +%doc %{_datadir}/gtk-doc/ + +%files trust +%{_bindir}/trust +%dir %{_libdir}/pkcs11 +%ghost %{_libdir}/libnssckbi.so +%{_libdir}/pkcs11/p11-kit-trust.so +%{_datadir}/p11-kit/modules/p11-kit-trust.module +%{_libexecdir}/p11-kit/trust-extract-compat +%{_datadir}/bash-completion/completions/trust + +%files server +%{_libdir}/pkcs11/p11-kit-client.so +%{_userunitdir}/p11-kit-client.service +%{_libexecdir}/p11-kit/p11-kit-server +%{_userunitdir}/p11-kit-server.service +%{_userunitdir}/p11-kit-server.socket + + +%changelog +* Tue Nov 3 2020 Daiki Ueno - 0.23.21-3 +- Restore clobbered changelog entry + +* Mon Nov 2 2020 Daiki Ueno - 0.23.21-2 +- Update p11-kit-invalid-config.patch to be more thorough (thanks to + Alexander Sosedkin) + +* Tue Oct 20 2020 Daiki Ueno - 0.23.21-1 +- Update to upstream 0.23.21 release + +* Fri Mar 29 2019 Daiki Ueno - 0.23.14-5 +- Fix crash on unloading the library, when it is both linked and dlopen'ed + +* Mon Oct 29 2018 Daiki Ueno - 0.23.14-4 +- Prefer fixed closures to libffi closures + +* Wed Oct 17 2018 Daiki Ueno - 0.23.14-3 +- Update p11-kit-coverity.patch + +* Tue Oct 16 2018 Daiki Ueno - 0.23.14-2 +- Fix issues spotted by coverity + +* Wed Oct 10 2018 Daiki Ueno - 0.23.14-1 +- Update to upstream 0.23.14 release + +* Wed May 30 2018 Daiki Ueno - 0.23.12-1 +- Update to upstream 0.23.11 release + +* Wed Feb 28 2018 Daiki Ueno - 0.23.10-1 +- Update to upstream 0.23.10 release + +* Thu Feb 08 2018 Fedora Release Engineering - 0.23.9-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Thu Oct 05 2017 Daiki Ueno - 0.23.9-2 +- server: Make it possible to eval envvar settings + +* Wed Oct 04 2017 Daiki Ueno - 0.23.9-1 +- Update to upstream 0.23.9 + +* Fri Aug 25 2017 Kai Engert - 0.23.8-2 +- Fix a regression caused by a recent nss.rpm change, add a %%ghost file + for %%{_libdir}/libnssckbi.so that p11-kit-trust scripts install. + +* Tue Aug 15 2017 Daiki Ueno - 0.23.8-1 +- Update to 0.23.8 release + +* Thu Aug 03 2017 Fedora Release Engineering - 0.23.7-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 0.23.7-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri Jun 2 2017 Daiki Ueno - 0.23.7-1 +- Update to 0.23.7 release + +* Thu May 18 2017 Daiki Ueno - 0.23.5-3 +- Update p11-kit-modifiable.patch to simplify the logic + +* Thu May 18 2017 Daiki Ueno - 0.23.5-2 +- Make "trust anchor --remove" work again + +* Thu Mar 2 2017 Daiki Ueno - 0.23.5-1 +- Update to 0.23.5 release +- Rename -tools subpackage to -server and remove systemd unit files + +* Fri Feb 24 2017 Daiki Ueno - 0.23.4-3 +- Move p11-kit command back to main package + +* Fri Feb 24 2017 Daiki Ueno - 0.23.4-2 +- Split out command line tools to -tools subpackage, to avoid a + multilib issue with the main package. Suggested by Yanko Kaneti. + +* Wed Feb 22 2017 Daiki Ueno - 0.23.4-1 +- Update to 0.23.4 release + +* Sat Feb 11 2017 Fedora Release Engineering - 0.23.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Fri Jan 6 2017 Daiki Ueno - 0.23.3-2 +- Use internal hash implementation instead of NSS (#1390598) + +* Tue Dec 20 2016 Daiki Ueno - 0.23.3-1 +- Update to 0.23.3 release +- Adjust executables location from %%libdir to %%libexecdir + +* Thu Feb 04 2016 Fedora Release Engineering - 0.23.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Tue Jan 12 2016 Martin Preisler - 0.23.2-1 +- Update to stable 0.23.2 release + +* Tue Jun 30 2015 Martin Preisler - 0.23.1-4 +- In proxy module don't call C_Finalize on a forked process [#1217915] +- Do not deinitialize libffi's wrapper functions [#1217915] + +* Thu Jun 18 2015 Fedora Release Engineering - 0.23.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Sat Feb 21 2015 Till Maas - 0.23.1-2 +- Rebuilt for Fedora 23 Change + https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code + +* Fri Feb 20 2015 Stef Walter - 0.23.1-1 +- Update to 0.23.1 release + +* Thu Oct 09 2014 Stef Walter - 0.22.1-1 +- Update to 0.22.1 release +- Use SubjectKeyIdentifier as a CKA_ID if possible rhbz#1148895 + +* Sat Oct 04 2014 Stef Walter 0.22.0-1 +- Update to 0.22.0 release + +* Wed Sep 17 2014 Stef Walter 0.21.3-1 +- Update to 0.21.3 release +- Includes definitions for trust extensions rhbz#1136817 + +* Fri Sep 05 2014 Stef Walter 0.21.2-1 +- Update to 0.21.2 release +- Fix problems with erroneous messages printed rhbz#1133857 + +* Sun Aug 17 2014 Fedora Release Engineering - 0.21.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Thu Aug 07 2014 Stef Walter - 0.21.1-1 +- Update to 0.21.1 release + +* Wed Jul 30 2014 Tom Callaway - 0.20.3-3 +- fix license handling + +* Fri Jul 04 2014 Stef Walter - 0.20.3-2 +- Update to stable 0.20.3 release + +* Fri Jun 06 2014 Fedora Release Engineering - 0.20.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Sat Jan 25 2014 Ville Skyttä - 0.20.2-2 +- Own the %%{_libdir}/pkcs11 dir in -trust. + +* Tue Jan 14 2014 Stef Walter - 0.20.2-1 +- Update to upstream stable 0.20.2 release +- Fix regression involving blacklisted anchors [#1041328] +- Support ppc64le in build [#1052707] + +* Mon Sep 09 2013 Stef Walter - 0.20.1-1 +- Update to upstream stable 0.20.1 release +- Extract compat trust data after we've changes +- Skip compat extraction if running as non-root +- Better failure messages when removing anchors + +* Thu Aug 29 2013 Stef Walter - 0.19.4-1 +- Update to new upstream 0.19.4 release + +* Sat Aug 03 2013 Fedora Release Engineering - 0.19.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Wed Jul 24 2013 Stef Walter - 0.19.3-1 +- Update to new upstream 0.19.3 release (#967822) + +* Wed Jun 05 2013 Stef Walter - 0.18.3-1 +- Update to new upstream stable release +- Fix intermittent firefox cert validation issues (#960230) +- Include the manual pages in the package + +* Tue May 14 2013 Stef Walter - 0.18.2-1 +- Update to new upstream stable release +- Reduce the libtasn1 dependency minimum version + +* Thu May 02 2013 Stef Walter - 0.18.1-1 +- Update to new upstream stable release +- 'p11-kit extract-trust' lives in libdir + +* Thu Apr 04 2013 Stef Walter - 0.18.0-1 +- Update to new upstream stable release +- Various logging tweaks (#928914, #928750) +- Make the 'p11-kit extract-trust' explicitly reject + additional arguments + +* Thu Mar 28 2013 Stef Walter - 0.17.5-1 +- Make 'p11-kit extract-trust' call update-ca-trust +- Work around 32-bit oveflow of certificate dates +- Build fixes + +* Tue Mar 26 2013 Stef Walter - 0.17.4-2 +- Pull in patch from upstream to fix build on ppc (#927394) + +* Wed Mar 20 2013 Stef Walter - 0.17.4-1 +- Update to upstream version 0.17.4 + +* Mon Mar 18 2013 Stef Walter - 0.17.3-1 +- Update to upstream version 0.17.3 +- Put the trust input paths in the right order + +* Tue Mar 12 2013 Stef Walter - 0.16.4-1 +- Update to upstream version 0.16.4 + +* Fri Mar 08 2013 Stef Walter - 0.16.3-1 +- Update to upstream version 0.16.3 +- Split out system trust module into its own package. +- p11-kit-trust provides an alternative to an nss module + +* Tue Mar 05 2013 Stef Walter - 0.16.1-1 +- Update to upstream version 0.16.1 +- Setup source directories as appropriate for Shared System Certificates feature + +* Tue Mar 05 2013 Stef Walter - 0.16.0-1 +- Update to upstream version 0.16.0 + +* Thu Feb 14 2013 Fedora Release Engineering - 0.14-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Mon Sep 17 2012 Kalev Lember - 0.14-1 +- Update to 0.14 + +* Fri Jul 20 2012 Fedora Release Engineering - 0.13-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Mon Jul 16 2012 Kalev Lember - 0.13-1 +- Update to 0.13 + +* Tue Mar 27 2012 Kalev Lember - 0.12-1 +- Update to 0.12 +- Run self tests in %%check + +* Sat Feb 11 2012 Kalev Lember - 0.11-1 +- Update to 0.11 + +* Fri Jan 13 2012 Fedora Release Engineering - 0.9-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Tue Dec 20 2011 Matthias Clasen - 0.9-1 +- Update to 0.9 + +* Wed Oct 26 2011 Kalev Lember - 0.8-1 +- Update to 0.8 + +* Mon Sep 19 2011 Matthias Clasen - 0.6-1 +- Update to 0.6 + +* Sun Sep 04 2011 Kalev Lember - 0.5-1 +- Update to 0.5 + +* Sun Aug 21 2011 Kalev Lember - 0.4-1 +- Update to 0.4 +- Install the example config file to documentation directory + +* Wed Aug 17 2011 Kalev Lember - 0.3-2 +- Tighten -devel subpackage deps (#725905) + +* Fri Jul 29 2011 Kalev Lember - 0.3-1 +- Update to 0.3 +- Upstream rewrote the ASL 2.0 bits, which makes the whole package + BSD-licensed + +* Tue Jul 12 2011 Kalev Lember - 0.2-1 +- Initial RPM release