GSP/Panel
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Panel/Agent-Windows/OGP64/usr/share/doc/p11-kit/ChangeLog
iaretechnician 413c315806 Added Cyg-Win
2026-06-06 18:46:40 -04:00

15206 lines
500 KiB
Text
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Generate automatically. Do not edit.
commit ab180d64b909594bdafc9596f67a1913275c6474
Author: Daiki Ueno <dueno@redhat.com>
Date: 2020-01-29
Revert "Fix RPC calls: ATTRIBUTE buf not null but length 0"
This reverts commit 65409c0ebd5d9a4aaf55254256dcc878862a0be1.
p11-kit/rpc-message.c | 8 +-------
p11-kit/rpc-server.c | 22 +++-------------------
2 files changed, 4 insertions(+), 26 deletions(-)
commit 17a26f0948944635453a54d44c2565ed7ba91a14
Author: Daiki Ueno <dueno@redhat.com>
Date: 2020-01-29
Revert "Fix RPC calls: BYTE buffer not null and length 0"
This reverts commit 8cb21a6a09d18156c9002b97687e5ac0bfa0fc92.
p11-kit/rpc-client.c | 2 +-
p11-kit/rpc-message.c | 6 ++----
p11-kit/rpc-message.h | 3 +--
p11-kit/rpc-server.c | 7 ++-----
4 files changed, 6 insertions(+), 12 deletions(-)
commit 83aaa2200bfa141b0c9e1c4f5af98252f8e826cc
Author: Daiki Ueno <dueno@redhat.com>
Date: 2020-01-29
Revert "Fix C_GetSlotList() when length is 0"
This reverts commit 1ede9b8d33c4bc9a4194ffca22ac6d7351f6bcf5.
It turned out that this breaks compatibility of the RPC protocol. The
right fix to the original issue would be probably to add a new call ID
associated with a different signature and add a fallback mechanism in
both client and server.
p11-kit/rpc-client.c | 2 +-
p11-kit/rpc-message.c | 6 ++----
p11-kit/rpc-message.h | 3 +--
p11-kit/rpc-server.c | 7 ++-----
p11-kit/test-server.c | 36 ------------------------------------
5 files changed, 6 insertions(+), 48 deletions(-)
commit 69a420aaa70af5b89508b5140edb0ee4e166605b
Author: Daiki Ueno <dueno@redhat.com>
Date: 2020-01-21
Release 0.23.19
NEWS | 9 +++++++++
configure.ac | 2 +-
meson.build | 2 +-
3 files changed, 11 insertions(+), 2 deletions(-)
commit 251dfdfd765e709b7d54420c685e19f70a5e9803
Author: Daiki Ueno <dueno@redhat.com>
Date: 2020-01-22
travis: Tighten autotools build steps
.travis/autotools/script.sh | 29 ++++++++++++++++++++++++++++-
1 file changed, 28 insertions(+), 1 deletion(-)
commit e9dbeeea96b0b709631d1b6d62f9877f4872993b
Author: Daiki Ueno <dueno@redhat.com>
Date: 2020-01-22
travis: Do 'make distcheck' in autotools build
.travis/autotools/script.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 2a1ee21ca31a62274e0932572f972bf3340f8bde
Author: Daiki Ueno <dueno@redhat.com>
Date: 2020-01-21
build: Add --with-bash-completion configure option
This is needed for 'make distcheck' to not install those files in the
system locations.
Makefile.am | 1 +
configure.ac | 12 +++++++++---
2 files changed, 10 insertions(+), 3 deletions(-)
commit cee7c2ad81d21795783ec28a67247cff740de2ce
Author: Daiki Ueno <dueno@redhat.com>
Date: 2020-01-21
build: Only distribute XZ-compressed tarballs
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 5092f8dd5463b89642e29ca5ae7ea08aa30d5d66
Author: Daiki Ueno <dueno@redhat.com>
Date: 2020-01-21
build: Add more files to .gitignore
.gitignore | 2 ++
1 file changed, 2 insertions(+)
commit a96af650e1ac2f5faecc9354ac30d128a7e93b9f
Author: Daiki Ueno <dueno@redhat.com>
Date: 2020-01-21
meson: Expose only C_GetFunctionList from the mock modules
p11-kit/meson.build | 4 ++++
1 file changed, 4 insertions(+)
commit ba3c7d16760d177be43960c9eb9572817c60c4df
Author: Daiki Ueno <dueno@redhat.com>
Date: 2020-01-21
mock: Handle memory allocation error in C_Initialize
common/mock.c | 4 ++++
1 file changed, 4 insertions(+)
commit 62b09608e3a311c8b8ae924805f936f8af593bfa
Author: Daiki Ueno <dueno@redhat.com>
Date: 2020-01-15
meson: Use cc.has_type for types instead of cc.has_header_symbol
meson.build | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit 45cd66e3a16f0102a50f33ebb4a58aac09f40f92
Author: Daiki Ueno <dueno@redhat.com>
Date: 2020-01-15
meson: Check if <stdbool.h> exists
meson.build | 10 ++++++++++
1 file changed, 10 insertions(+)
commit 5fe875dc598e2dc50ba8e888099c116fe12999d3
Author: Daiki Ueno <dueno@redhat.com>
Date: 2020-01-15
meson: Check program_invocation_short_name declaration
Pointed by Rosen Penev in #268.
meson.build | 5 +++++
1 file changed, 5 insertions(+)
commit 869b657c7bfbd2f91331d5aabcf572cba6043d37
Author: Daiki Ueno <dueno@redhat.com>
Date: 2020-01-15
meson: Check endianness
meson.build | 4 ++++
1 file changed, 4 insertions(+)
commit 1f8d523e5db688deff13329b4cba1dd6181d76a3
Author: Daiki Ueno <dueno@redhat.com>
Date: 2020-01-15
build: Fix type mismatch in reallocarray usage
common/attrs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 1def8077a2bc1fc2a6bd3685a9d94a9a51f40e23
Author: Daiki Ueno <dueno@redhat.com>
Date: 2019-10-31
trust: Support CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER
These new attributes are introduced in:
https://bugzilla.mozilla.org/show_bug.cgi?id=1465613
The value of the attribute can be either false (represented as a
single octed "\x00"), or a UTCTime in a restricted form (i.e.,
"YYMMDDHHMMSSZ"). For future proof, we also support GeneralizedTime
in the form "YYYYMMDDHHMMSSZ".
common/constants.c | 2 ++
common/pkcs11x.h | 2 ++
trust/builder.c | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++++
trust/test-builder.c | 75 ++++++++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 157 insertions(+)
commit e8b453383ace97fc1adfc213dc718e7b62fafd96
Author: Daiki Ueno <dueno@redhat.com>
Date: 2020-01-14
build: Remove auto-generated gettext files from repository
po/en@boldquot.header | 25 -------------------------
po/en@quot.header | 22 ----------------------
po/insert-header.sin | 23 -----------------------
po/remove-potcdate.sin | 19 -------------------
4 files changed, 89 deletions(-)
commit 8d92053df8a2bfed89a6f3e835386e13c7f95b61
Author: Daiki Ueno <dueno@redhat.com>
Date: 2020-01-14
build: Use AM_GNU_GETTEXT_REQUIRE_VERSION
AM_GNU_GETTEXT_REQUIRE_VERSION was introduced a while back to instruct
autopoint to pull the latest version of gettext infrastructure. Use
it instead of hacking around gettextize call in autogen.sh.
autogen.sh | 13 -------------
configure.ac | 4 ++++
2 files changed, 4 insertions(+), 13 deletions(-)
commit 5bb71e914532b8350dfc14697c4fa89e714e5812
Author: David Woodhouse <dwmw@amazon.co.uk>
Date: 2020-01-06
rpc: Add vsock transport
This allows PKCS#11 remoting between virtual machines, so a software
token can be isolated into a microVM.
common/Makefile.am | 1 +
common/meson.build | 3 +-
common/vsock.c | 122 ++++++++++++++++++++++++++++++++++++++++++++++++
common/vsock.h | 46 ++++++++++++++++++
configure.ac | 15 ++++++
meson.build | 9 ++++
p11-kit/rpc-transport.c | 97 ++++++++++++++++++++++++++++++++++++++
p11-kit/server.c | 118 ++++++++++++++++++++++++++++++++++++++++------
8 files changed, 395 insertions(+), 16 deletions(-)
commit 877de5fadaf0067272e8d0eb24893d7c823afe08
Author: David Woodhouse <dwmw@amazon.co.uk>
Date: 2020-01-06
rpc: Check for socket init failure
In some cases, rpc_unix_init() or rpc_exec_init() can return NULL but
p11_rpc_transport_new() doesn't check and may dereference it.
p11-kit/rpc-transport.c | 2 ++
1 file changed, 2 insertions(+)
commit 96af147637f0dc10792c3abdcec1894c361229da
Author: Daiki Ueno <dueno@redhat.com>
Date: 2020-01-09
build: Suppress cppcheck false-positive on tracking array length
p11-kit/proxy.c | 2 ++
1 file changed, 2 insertions(+)
commit e931efd17950786ee61cbfc70ddf94d02ae473ba
Author: Daiki Ueno <dueno@redhat.com>
Date: 2020-01-08
build: Fix realloc usage
As realloc() doesn't touch the original memory block, we need to use a
local variable to avoid potential memory leak in failure cases.
Pointed by David Woodhouse.
common/attrs.c | 6 ++++--
p11-kit/filter.c | 9 +++++----
p11-kit/iter.c | 20 ++++++++++++++------
p11-kit/proxy.c | 7 +++++--
trust/index.c | 12 ++++++++++--
5 files changed, 38 insertions(+), 16 deletions(-)
commit 6563ad8ececec05f2b6269b509d4e12c07d2a87e
Author: Daiki Ueno <dueno@redhat.com>
Date: 2019-10-26
CONTRIBUTING.md: Mention contribution rules and coding style
CONTRIBUTING.md | 35 +++++++++++++++++++++++++++++++++++
HACKING | 16 ----------------
Makefile.am | 2 +-
3 files changed, 36 insertions(+), 17 deletions(-)
commit 65409c0ebd5d9a4aaf55254256dcc878862a0be1
Author: Vincent JARDIN <vjardin@free.fr>
Date: 2019-10-22
Fix RPC calls: ATTRIBUTE buf not null but length 0
Let's add a support for cases when the buffer != NULL but the
length is 0. According to Oasis, buffer = NULL and length = 0
means a query of the length so the subsequent calls with a
buffer != NULL should fill then buffer when length is long enough.
If not, according to Oasis, one should get a CKR_BUFFER_TOO_SMALL.
See the previous commit for IN_ULONG_BUFFER(). This patch is
follow a similar design pattern.
Fix: issue #257
p11-kit/rpc-message.c | 8 +++++++-
p11-kit/rpc-server.c | 22 +++++++++++++++++++---
2 files changed, 26 insertions(+), 4 deletions(-)
commit 8cb21a6a09d18156c9002b97687e5ac0bfa0fc92
Author: Vincent JARDIN <vjardin@free.fr>
Date: 2019-10-22
Fix RPC calls: BYTE buffer not null and length 0
Let's add a support for cases when the buffer != NULL but the
length is 0. According to Oasis, buffer = NULL and length = 0
means a query of the length so the subsequent calls with a
buffer != NULL should fill buffer when length is long enough.
If not, according to Oasis, one should get a CKR_BUFFER_TOO_SMALL.
This current fix is for IN_BYTE_BUFFER(), same
for IN_ATTRIBUTE_BUFFER().
See the previous commit for IN_ULONG_BUFFER(). This patch is
strictly using the same design pattern.
Fix: issue #257
Suggested-by: Daiki Ueno <dueno@redhat.com>
p11-kit/rpc-client.c | 2 +-
p11-kit/rpc-message.c | 6 ++++--
p11-kit/rpc-message.h | 3 ++-
p11-kit/rpc-server.c | 7 +++++--
4 files changed, 12 insertions(+), 6 deletions(-)
commit 1ede9b8d33c4bc9a4194ffca22ac6d7351f6bcf5
Author: Vincent JARDIN <vjardin@free.fr>
Date: 2019-10-21
Fix C_GetSlotList() when length is 0
Let's add a support for cases when the buffer != NULL but the
length is 0. According to Oasis, buffer = NULL and length = 0
means a query of the length so the subsequent calls with a
buffer != NULL should fill buffer when length is long enough.
If not, according to Oasis, one should get a CKR_BUFFER_TOO_SMALL.
This current fix is for IN_ULONG_BUFFER(), same
should be applied for IN_BYTE_BUFFER() and for IN_ATTRIBUTE_BUFFER().
Include a test_no_slots()
Fix: issue #257
Suggested-by: Daiki Ueno <dueno@redhat.com>
p11-kit/rpc-client.c | 2 +-
p11-kit/rpc-message.c | 6 ++++--
p11-kit/rpc-message.h | 3 ++-
p11-kit/rpc-server.c | 7 +++++--
p11-kit/test-server.c | 36 ++++++++++++++++++++++++++++++++++++
5 files changed, 48 insertions(+), 6 deletions(-)
commit 9763fc8edcc5dd41e07ddf068dce6bc429dfe6b6
Author: Jakub Jelen <jjelen@redhat.com>
Date: 2019-10-23
test-proxy: Implement reproducer for bad prefix list matching
p11-kit/test-proxy.c | 7 +++++++
1 file changed, 7 insertions(+)
commit 298ad811540c538fea1906528fe8cf8a6784e5ee
Author: Jakub Jelen <jjelen@redhat.com>
Date: 2019-10-23
modules: Implement correct search in list
The current version of matching was failing, when the list contained
also a searched string with some suffix, for example, when we ran from
p11-kit and the p11-kit-proxy was first in the list and p11-kit later,
it was not matched, because the test did not find a separator after
the first match, decided that it does not match and did not try further.
example program p11-kit
example enable-in: p11-kit-proxy,p11-kit
p11-kit/modules.c | 26 ++++++++++++++++++--------
1 file changed, 18 insertions(+), 8 deletions(-)
commit 7c94eab51d08650eaa66184344325d42e812973c
Author: Daiki Ueno <dueno@redhat.com>
Date: 2019-10-23
autotools: Fix bash-completion installation
Makefile.am | 13 ++++---------
configure.ac | 5 ++++-
p11-kit/Makefile.am | 4 ++++
trust/Makefile.am | 4 ++++
4 files changed, 16 insertions(+), 10 deletions(-)
commit ef2716d18e1098effb8f3a90653c6264b2fec426
Author: Jakub Jelen <jjelen@redhat.com>
Date: 2019-10-22
Install bash completion in the CI
.travis/autotools/before_install.sh | 2 +-
.travis/cppcheck/before_install.sh | 2 +-
.travis/linux/before_install.sh | 2 +-
.travis/osx/before_install.sh | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
commit 387594893ee8d09267a7b788f3dae6905093d3c9
Author: Jakub Jelen <jjelen@redhat.com>
Date: 2019-10-21
Add simple bash completion for provided commands
Makefile.am | 8 ++++++
bash-completion/meson.build | 11 ++++++++
bash-completion/p11-kit | 19 +++++++++++++
bash-completion/trust | 67 +++++++++++++++++++++++++++++++++++++++++++++
configure.ac | 7 +++++
meson.build | 1 +
6 files changed, 113 insertions(+)
commit b879b9b8395d0a99dbc9b8ae8057dc84bdd551e6
Author: Jakub Jelen <jjelen@redhat.com>
Date: 2019-10-22
configure: Fix typo to avoid errors during configure
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 6b33efaa82848bac7fd73888963a106cf4c03151
Author: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Date: 2019-10-07
common: add Russian PKCS#11 extensions to pkcs11x.h header
Add values defined to support Russian GOST cryptography to pkcs11x.h
header.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
common/pkcs11x.h | 36 ++++++++++++++++++++++++++++++++++++
1 file changed, 36 insertions(+)
commit a92894c80d880b6047327a276395b1f88fc733ee
Author: Daiki Ueno <dueno@redhat.com>
Date: 2019-09-30
autotools: Add more files from meson build in distribution
Makefile.am | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
commit b0ebe7555c291808db29377ba79cb8326301f0a6
Author: Daiki Ueno <dueno@redhat.com>
Date: 2019-09-30
autotools: Add more files from meson build in distribution
p11-kit/Makefile.am | 7 +++++++
1 file changed, 7 insertions(+)
commit 3530d4946f9b9233bb0c132f3eda77c5f593fe9a
Author: Daiki Ueno <dueno@redhat.com>
Date: 2019-09-30
build: Fix 'make distcheck'
Makefile.am | 3 ++-
doc/manual/Makefile.am | 1 -
p11-kit/Makefile.am | 1 +
3 files changed, 3 insertions(+), 2 deletions(-)
commit 25df8dfd2fac77d8c00d87a114d6d89dd945055f
Author: Daiki Ueno <dueno@redhat.com>
Date: 2019-09-30
Release 0.23.18
NEWS | 5 +++++
configure.ac | 2 +-
meson.build | 2 +-
3 files changed, 7 insertions(+), 2 deletions(-)
commit fde84c52f4ffd0b274ce92e5f935060e86f0a5f7
Author: Daiki Ueno <dueno@redhat.com>
Date: 2019-09-25
rpc: Allow empty CK_DATE value
Unlike other data types, CK_DATE value may be empty (and that is the
default). Treat it as a valid value and serialize/deserialize
accordingly.
Reported by Vincent JARDIN in:
https://github.com/p11-glue/p11-kit/issues/244
p11-kit/rpc-message.c | 23 +++++++++++++----------
p11-kit/test-rpc.c | 23 +++++++++++++++++++++++
2 files changed, 36 insertions(+), 10 deletions(-)
commit df2b7b0a3c1ad3c6f54ff6c84ecc1f04976e65f7
Author: Daiki Ueno <dueno@redhat.com>
Date: 2019-09-18
build: Fix undefined behavior in left shift
Spotted by UBSan.
p11-kit/rpc-message.c | 2 +-
trust/utf8.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
commit 94179adeebb24f390cad6abed1f1f8f89c41f451
Author: Daiki Ueno <dueno@redhat.com>
Date: 2019-09-11
autotools: Use symbol versioning if possible
The meson build already using it for:
https://github.com/mesonbuild/meson/issues/3047
Suggested by Jan Alexander Steffens
configure.ac | 3 +++
p11-kit/Makefile.am | 9 +++++++--
2 files changed, 10 insertions(+), 2 deletions(-)
commit 783bfcb40bafc7e2b64ec80a99add15112a2e8f9
Author: Daiki Ueno <dueno@redhat.com>
Date: 2019-09-11
build: Import ld-version-script.m4 from gnulib
.gitignore | 1 +
build/m4/ld-version-script.m4 | 48 +++++++++++++++++++++++++++++++++++++++++++
2 files changed, 49 insertions(+)
commit 5240551119b99618aa4de95b88c1c2076d7ec87a
Author: Daiki Ueno <dueno@redhat.com>
Date: 2019-09-10
build: Add meson files in autotools distribution
Makefile.am | 2 +-
common/Makefile.am | 2 ++
doc/manual/Makefile.am | 1 +
p11-kit/Makefile.am | 1 +
trust/Makefile.am | 3 ++-
5 files changed, 7 insertions(+), 2 deletions(-)
commit 201e9d838befb1e4641228a79212a37c81774e8f
Author: Daiki Ueno <dueno@redhat.com>
Date: 2019-09-13
travis: Run ninja install as root
This is to avoid meson calling pkexec, which doesn't work inside docker.
.travis/linux/script.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 17b2edb1354c5d5080172af45ce55408c5e51d59
Author: Jan Alexander Steffens (heftig) <jan.steffens@gmail.com>
Date: 2019-09-10
meson: Add missing prefix to system path defines
p11-kit/meson.build | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
commit 64a7722aeab2eafcbc57c9145b3fb556e4b1a61b
Author: Jan Alexander Steffens (heftig) <jan.steffens@gmail.com>
Date: 2019-09-10
meson: Install p11-kit-server units
p11-kit/meson.build | 11 +++++++++++
1 file changed, 11 insertions(+)
commit e5b0dfc2aca0d22c123a85c6cab96772af1f85fb
Author: Jan Alexander Steffens (heftig) <jan.steffens@gmail.com>
Date: 2019-09-10
meson: Build and install man pages
doc/manual/meson.build | 185 +++++++++++++++++++++++++++++++------------------
meson.build | 5 +-
meson_options.txt | 4 ++
3 files changed, 122 insertions(+), 72 deletions(-)
commit 901749a2039ce5b0e6388295d364b22b80c37e58
Author: Jan Alexander Steffens (heftig) <jan.steffens@gmail.com>
Date: 2019-09-10
meson: Don't prefix p11_user_config
p11-kit/meson.build | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit b1d1fb011fad3e5b21665e6767fc267e0241ecf0
Author: Jan Alexander Steffens (heftig) <jan.steffens@gmail.com>
Date: 2019-09-10
meson: PKCS#11 modules should only export C_GetFunctionList
p11-kit/meson.build | 10 ++++++++++
p11-kit/p11-module.def | 2 ++
p11-kit/p11-module.map | 6 ++++++
trust/meson.build | 6 +++++-
4 files changed, 23 insertions(+), 1 deletion(-)
commit cc38f6aa61f6122f182d7099f5c88548b36a0843
Author: Jan Alexander Steffens (heftig) <jan.steffens@gmail.com>
Date: 2019-09-10
meson: Install p11-kit-client module
p11-kit/meson.build | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
commit f2ee0a01272f4bbd018fb438344615cca8a74185
Author: Daiki Ueno <dueno@redhat.com>
Date: 2019-09-09
meson: Fix dictionary syntax
Reported by Jan Alexander Steffens.
doc/manual/meson.build | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
commit f00183944fad943216ac5842f6b23ab5c4149e50
Author: Daiki Ueno <dueno@redhat.com>
Date: 2019-09-09
Release 0.23.17
NEWS | 8 ++++++++
configure.ac | 2 +-
meson.build | 2 +-
3 files changed, 10 insertions(+), 2 deletions(-)
commit 2dea838a5dc284db29b0f8558cd3e1f1822f47ed
Author: Daiki Ueno <dueno@redhat.com>
Date: 2019-09-09
uri: Supress cppcheck false-positive
p11-kit/uri.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit 8db6d7eee38bbf1f511da6128d108a62833f84d0
Author: Daiki Ueno <dueno@redhat.com>
Date: 2019-09-09
uri: Check return value of insert_attribute
p11-kit/uri.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
commit d6c88b4735284394e73ad0228559fc8aca948318
Author: Daiki Ueno <dueno@redhat.com>
Date: 2019-09-09
meson: Update project version
meson.build | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit ead7a4a28f0505aa5602877538ef8be9970245b2
Author: Daiki Ueno <dueno@redhat.com>
Date: 2019-07-07
build: Fix typo in checking program_invocation_short_name decl
The decl should be in errno.h, not error.h.
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 99cdf3dc86ec7148e08351b63d8ee5f2f2a7f4d3
Author: Rosen Penev <rosenp@gmail.com>
Date: 2019-07-01
common: Fix uClibc-ng compilation
program_invocation_short_name is const under uClibc-ng.
configure.ac | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit 5a89453fafab796d33c37dd6861c102fc28ebde2
Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date: 2019-07-01
trust: do not allow daylight to invalidate date validation
Issue: 235
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
trust/builder.c | 1 +
1 file changed, 1 insertion(+)
commit 787888e181543f5a85eb69d6a3caf14f9a4262b2
Author: Daiki Ueno <dueno@redhat.com>
Date: 2019-06-19
build: Declare dependency chain between static libs in common
In common/ there are sub-libraries namely libp11-common.a,
libp11-library.a, libp11-tool.a, and libp11-test.a.
All the latter 3 libs use the symbols from libp11-common.a, it would
make sense to declare a dependency against it.
common/meson.build | 17 ++++++-----------
p11-kit/meson.build | 22 ++++++++++------------
trust/meson.build | 10 +++-------
3 files changed, 19 insertions(+), 30 deletions(-)
commit eb5eb7aea7fc41a2c15d853cd57c7c030644f4ee
Author: Daiki Ueno <dueno@redhat.com>
Date: 2019-06-19
build: Make threads dependency more explicit
common/meson.build | 6 ++++--
meson.build | 12 ++++--------
p11-kit/meson.build | 4 ++--
3 files changed, 10 insertions(+), 12 deletions(-)
commit daf1a84de39c4cdbd308c6a0b80b437689a222c7
Author: Daiki Ueno <dueno@redhat.com>
Date: 2019-06-02
.travis.yml: Use meson for building
.travis.yml | 12 ++++++------
.travis/autotools/after_failure.sh | 3 +++
.travis/autotools/after_success.sh | 13 +++++++++++++
.travis/autotools/before_install.sh | 9 +++++++++
.travis/autotools/install.sh | 14 ++++++++++++++
.travis/autotools/script.sh | 12 ++++++++++++
.travis/linux/after_failure.sh | 2 +-
.travis/linux/after_success.sh | 10 ++++------
.travis/linux/before_install.sh | 4 +++-
.travis/linux/script.sh | 33 +++++++++++++++++++++++----------
build/cross_file_mingw64.txt | 18 ++++++++++++++++++
11 files changed, 106 insertions(+), 24 deletions(-)
commit 4f956698b64ac6eb8e5e8b7d143ceb11f1133814
Author: Daiki Ueno <dueno@redhat.com>
Date: 2019-05-15
build: Add meson build support
This adds support for meson as an alternative build system.
.dir-locals.el | 3 +-
common/meson.build | 99 ++++++++++++
doc/manual/meson.build | 75 +++++++++
doc/manual/sysdir.xml.in | 1 +
doc/manual/userdir.xml.in | 1 +
doc/manual/version.xml.in | 1 +
meson.build | 368 ++++++++++++++++++++++++++++++++++++++++++
meson_options.txt | 47 ++++++
p11-kit/gen-pkcs11-gnu.sh | 16 ++
p11-kit/gen-virtual-fixed.sh | 28 ++++
p11-kit/libp11-kit-0.dll.def | 101 ++++++++++++
p11-kit/libp11-kit.map | 105 ++++++++++++
p11-kit/meson.build | 299 ++++++++++++++++++++++++++++++++++
p11-kit/meson_post_install.sh | 15 ++
p11-kit/pkcs11-gnu.c | 3 +
po/meson.build | 1 +
trust/meson.build | 162 +++++++++++++++++++
17 files changed, 1324 insertions(+), 1 deletion(-)
commit 411a7a6d31cd5584ff9837260d77d8c306d3b557
Author: Daiki Ueno <dueno@redhat.com>
Date: 2019-06-01
trust: Fix mismatched return values
trust/pem.c | 2 +-
trust/x509.c | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
commit 58481dbb0b0ee1384e62878283a398d96e0ff5f2
Author: Daiki Ueno <dueno@redhat.com>
Date: 2019-06-02
po: Remove en@{,bold}quot from LINGUAS
po/LINGUAS | 2 --
1 file changed, 2 deletions(-)
commit cbdbfaaf255083091decc280058caa87db19aeb9
Author: Daiki Ueno <dueno@redhat.com>
Date: 2019-06-01
build: Don't hardcode module path
Makefile.am | 4 +++-
p11-kit/Makefile.am | 12 ++++++++----
p11-kit/test-deprecated.c | 2 +-
p11-kit/test-init.c | 2 +-
p11-kit/test-server.c | 12 ++++++------
p11-kit/test-server.sh | 4 +++-
p11-kit/test-transport.c | 6 +++---
7 files changed, 25 insertions(+), 17 deletions(-)
commit 084347319f6e832ec2c36d7b27a64c8f2614f084
Author: Daiki Ueno <dueno@redhat.com>
Date: 2019-06-01
build: Move check_PROGRAMS into subdirectories
.gitignore | 12 ++++++------
common/Makefile.am | 12 ++++++------
common/test-compat.c | 4 ++--
p11-kit/Makefile.am | 32 ++++++++++++++++----------------
p11-kit/test-conf.c | 2 +-
p11-kit/test-messages.sh | 2 +-
p11-kit/test-server.c | 4 ++--
p11-kit/test-server.sh | 4 ++--
p11-kit/test-transport.c | 6 +++---
9 files changed, 39 insertions(+), 39 deletions(-)
commit 6bebd5747aa49d4a124d23d4967f65a771799fe5
Author: Daiki Ueno <dueno@redhat.com>
Date: 2019-06-01
tests: Add tmpdir argument to p11_test_copy_setgid
To prevent BUILDDIR being embedded in the library.
common/test-compat.c | 4 ++--
common/test.c | 7 +++++--
common/test.h | 3 ++-
p11-kit/test-conf.c | 2 +-
4 files changed, 10 insertions(+), 6 deletions(-)
commit 51382cd59c89e862443421a9d697a709f2244f36
Author: Daiki Ueno <dueno@redhat.com>
Date: 2019-06-16
tests: Fix memleaks in test-jks.c
trust/test-jks.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
commit 9c2022d292c00ccbe2413b53b7c91cf4ba4d7c14
Author: Daiki Ueno <dueno@redhat.com>
Date: 2019-06-03
tests: Skip tests calling getauxval(AT_SECURE) if binary is on /tmp
common/test-compat.c | 5 +++--
p11-kit/test-conf.c | 5 +++--
2 files changed, 6 insertions(+), 4 deletions(-)
commit fd908a787cc868043067f5fab492f8e05b6d99ce
Author: Daiki Ueno <dueno@redhat.com>
Date: 2019-06-16
tests: Fix temp file permission before deleting
On mingw64/wine, unlink fails if the file has no write bit.
trust/test-module.c | 22 +++++++++++++---------
1 file changed, 13 insertions(+), 9 deletions(-)
commit 2b3581c234f0097a2598395d1e0012b4ddd9a5ba
Author: Daiki Ueno <dueno@redhat.com>
Date: 2019-06-17
tests: Don't assume / is not writable on Windows in test-token.c
trust/test-token.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
commit 6708ccf6126734b4d98cc849bc4542c45ffce191
Author: Daiki Ueno <dueno@redhat.com>
Date: 2019-06-15
conf: Skip root UID check on Windows
p11-kit/conf.c | 2 ++
1 file changed, 2 insertions(+)
commit 1e8ca781b983cb31d62e21a3a61f25be1fcc694f
Author: Daiki Ueno <dueno@redhat.com>
Date: 2019-05-20
virtual: Rename virtual-fixed.c to virtual-fixed-generated.h
Previously the generated .c file was included in another source file,
which is not supported in some build systems (e.g., meson).
.gitignore | 2 +-
.travis/linux/after_success.sh | 2 +-
p11-kit/Makefile.am | 6 +++---
p11-kit/virtual.c | 2 +-
4 files changed, 6 insertions(+), 6 deletions(-)
commit 045d7546fc317deefc2d84d524a211ce6ab4869b
Author: Daiki Ueno <dueno@redhat.com>
Date: 2019-06-03
common: Make issetugid check simpler
common/compat.c | 7 ++-----
configure.ac | 16 +---------------
2 files changed, 3 insertions(+), 20 deletions(-)
commit bbb7f046ff430d33267487cb6f8a0e24d2eab832
Author: Daiki Ueno <dueno@redhat.com>
Date: 2019-06-02
common: Fix vasprintf emulation
va_list must be saved when calling vsnprintf() in a loop.
common/compat.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
commit 5fc2d67b5ebb3daddb350d7ac60ede74dd99fcc6
Author: Simon Haggett <simon.haggett@gmail.com>
Date: 2019-06-13
rpc: On UNIX wait on condition variable instead of FD if header is for a different thread.
If rpc_socket_read() receives a header for a different thread, it tries to yield by
releasing the read mutex and waiting on the socket's read FD. On Linux systems, this has
been observed to cause a performance problem in cases where multiple threads are being
used. Threads expecting a different header can rapidly unlock and relock the read mutex,
as they resume when sock->read_code hasn't changed. This can result in contention on the
read mutex, which delays the thread that is expecting to consume the header.
This fix updates rpc_socket_read() on UNIX to wait on a condition variable instead of the
socket's read FD. The condition variable is signalled when sock->read_code changes. This
allows waiting threads to only resume once the header and payload have been consumed by
their target thread. This fix only targets UNIX platforms, as the Windows version that
p11-kit targets by default (Windows 2000) does not provide support for condition
variables.
Signed-off-by: Simon Haggett <simon.haggett@gmail.com>
common/compat.h | 13 +++++++++++++
p11-kit/rpc-transport.c | 47 +++++++++++++++++++++++++++++++++++------------
2 files changed, 48 insertions(+), 12 deletions(-)
commit c689917b393379d288b868f70b2f7b7f6aafe430
Author: Daiki Ueno <dueno@redhat.com>
Date: 2019-05-23
tests: Avoid uninitialized value in test-proxy.c
p11-kit/test-proxy.c | 4 ++++
1 file changed, 4 insertions(+)
commit 330148bef17a39075a0af5e446c9502bf3a225ff
Author: Daiki Ueno <dueno@redhat.com>
Date: 2019-05-22
build: Suppress compiler warning
Remove unused "global" variable.
p11-kit/proxy.c | 1 -
1 file changed, 1 deletion(-)
commit 0eb1f6782c5315fc6b46861bc9f92a765e229e14
Author: Raphael Medaer <raphael@medaer.me>
Date: 2019-05-22
doc: Add 'server' command in help
'server' is the last common command which is not in CLI help.
IMHO, adding this small documentation could help to promote usage of
pkcs11 forwarding.
p11-kit/p11-kit.c | 1 +
1 file changed, 1 insertion(+)
commit 9a546b4571f20b271058990e94833f35e4ec39c0
Author: Daiki Ueno <dueno@redhat.com>
Date: 2019-05-22
Release 0.23.16
NEWS | 10 ++++++++++
configure.ac | 2 +-
2 files changed, 11 insertions(+), 1 deletion(-)
commit 381d16e651d5bcace316fbab4095c8dea8c43a92
Author: Daiki Ueno <dueno@redhat.com>
Date: 2019-05-16
proxy: Support C_WaitForSlotEvent() if CKF_DONT_BLOCK is specified
While fully implementing C_WaitForSlotEvent() would require a separate
thread to monitor events, it is straightforward to implement the
function if the CKF_DONT_BLOCK flag is given.
Suggested by David Ward.
p11-kit/Makefile.am | 7 ++++-
p11-kit/mock-module-ep7.c | 70 +++++++++++++++++++++++++++++++++++++++++++++++
p11-kit/proxy.c | 64 +++++++++++++++++++++++++++++++++----------
p11-kit/test-proxy.c | 40 +++++++++++++++++++++++++++
4 files changed, 166 insertions(+), 15 deletions(-)
commit 68ce31aae9a22d18b28f4aa44b3e1006b7fe3aa7
Author: Daiki Ueno <dueno@redhat.com>
Date: 2019-05-17
conf: Ignore user configuration if the program is running as root
Suggested by Bastien Nocera:
https://bugzilla.redhat.com/show_bug.cgi?id=1688583
p11-kit/conf.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
commit 58cede114664e839b53d923863bff604ce58b1a7
Author: Daiki Ueno <dueno@redhat.com>
Date: 2019-05-15
proxy: Refresh slot list on every C_GetSlotList call
Previously, the proxy module calculated the slot list only once at the
C_Initialize() call. That was causing a usability limitation when the
user attaches HSM after starting an application.
Suggested by David Ward.
p11-kit/Makefile.am | 7 ++-
p11-kit/mock-module-ep6.c | 76 ++++++++++++++++++++++++++++
p11-kit/proxy.c | 123 +++++++++++++++++++++++++++++-----------------
p11-kit/test-proxy.c | 34 ++++++++++++-
4 files changed, 192 insertions(+), 48 deletions(-)
commit 793cc3b78f17bb5a3c151eba1144b73a5d51be3e
Author: Simon Haggett <simon.haggett@gmail.com>
Date: 2019-03-12
modules: Fix index used in call to p11_dict_remove()
This fixes a call to p11_dict_remove() in managed_steal_sessions_inlock() to use
the correct index in the stolen array (i, rather than at). This avoids an
assert, which was encountered on a host serving a PKCS#11 module to a remote
Linux client.
Signed-off-by: Simon Haggett <simon.haggett@gmail.com>
p11-kit/modules.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit cbe95e35f8309493094c93d882d0c18e8063f292
Author: Tom Sutcliffe <tomsci@me.com>
Date: 2019-03-09
Fix Win32 p11_dl_error crash
Caused by returning a buffer that wasn't allocated with malloc and
needed to be freed with LocalFree() instead. The fix is to strdup
msg_buf so what's returned can be free()d.
common/compat.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
commit 4a925177a81c2566d2a81a0a450607a5ff4d9048
Author: Stefano Garzarella <sgarzare@redhat.com>
Date: 2019-02-27
modules: check gl.modules before iterates on it when freeing
In some circumstances, as described in the BZ, can happen that
free_modules_when_no_refs_unlocked() is called multiple times
when the module destructor is invoked.
We should check gl.modules before iterates on it in the
free_modules_when_no_refs_unlocked() functions, to avoid
a SIGSEGV.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1680963
p11-kit/modules.c | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
commit e2170b295992cb7fdf115227a78028ac3780619f
Author: Daiki Ueno <dueno@redhat.com>
Date: 2019-02-18
trust: Ignore unreadable content in anchors
This amends eb503f3a1467f21a5ecc9ae84ae23b216afc102f. Instead of
failing C_FindObjectsInit, treat any errors internally and accumulates
the successfully loaded certificates.
Reported by Andrej Kvasnica in:
https://bugzilla.redhat.com/show_bug.cgi?id=1675441
trust/module.c | 3 +--
trust/test-module.c | 77 +++++++++++++++++++++++++++++++++++++++++++++++++++++
trust/token.c | 23 +++++++---------
3 files changed, 88 insertions(+), 15 deletions(-)
commit 2a474e1fe8f4bd8b4ed7622e5cf3b2718a202562
Author: Daiki Ueno <dueno@redhat.com>
Date: 2019-01-28
extract-jks: Prefer _p11_extract_jks_timestamp to SOURCE_DATE_EPOCH
Give _p11_extract_jks_timestamp precedence over SOURCE_DATE_EPOCH so
that the test results are not affected by the envvar settings.
trust/extract-jks.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
commit 1ba80c67c492f25581ed97c8c31ffb5f20636d06
Author: Daiki Ueno <dueno@redhat.com>
Date: 2019-01-14
Release 0.23.15
NEWS | 8 ++++++++
configure.ac | 2 +-
2 files changed, 9 insertions(+), 1 deletion(-)
commit f277a1469aef05d3542e8ae9fd3f5dbadbe12463
Author: Daiki Ueno <dueno@redhat.com>
Date: 2019-01-11
pem: Fix assert condition
If the PEM header is "-----BEGIN -----", *type should be an empty
string and the parser shouldn't fail. Reported by Han Han in:
https://bugzilla.redhat.com/show_bug.cgi?id=1665172
trust/pem.c | 2 +-
trust/test-pem.c | 18 ++++++++++++++++++
2 files changed, 19 insertions(+), 1 deletion(-)
commit bebf4f3442ea5cdaa3a9fa2d0fee366e7264a227
Author: Daiki Ueno <dueno@redhat.com>
Date: 2019-01-09
test: Add test that exercises duplicated certs in JKS
trust/extract-jks.c | 2 +-
trust/fixtures/duplicated.jks | Bin 0 -> 2122 bytes
trust/fixtures/duplicated1.der | Bin 0 -> 1010 bytes
trust/fixtures/duplicated2.der | Bin 0 -> 1010 bytes
trust/fixtures/multiple.jks | Bin 2556 -> 2567 bytes
trust/test-jks.c | 58 ++++++++++++++++++++++++++++++++++++++---
6 files changed, 55 insertions(+), 5 deletions(-)
commit 7289639cf41df1840002e865bf700f50afec523c
Author: Daiki Ueno <dueno@redhat.com>
Date: 2019-01-09
trust: Fix alias generation in JKS extractor
When there is a duplicate, the JKS extractor previously assigned
somewhat obscure name "-<digit>" (not "<name>-<digit>").
trust/extract-jks.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
commit 5e6a92b67ddade14a54769b05cc717043bc56b78
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-12-25
trust: Continue parsing if the file cannot be read as persist format
A corrupted file that contains "[p11-kit-object-v1]" can be a valid
PEM certs file. Continue with the next format if it cannot be read as
a persistent format.
trust/parser.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 4aa6ef9e82f6bb14746a47a7d56789d5e982a1f5
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-12-25
trust: p11_token_load: Treat parse error as failure
Those conditions can happen when the trust file is corrupted, so it
makes more sense to treat them as a failure instead of programmer
error.
trust/token.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
commit eb503f3a1467f21a5ecc9ae84ae23b216afc102f
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-12-25
trust: Fail if trust anchors are not loaded from a file
If the trust path is a file, treat parse error as fatal and abort the
C_FindObjectsInit call.
trust/module.c | 11 ++++++++---
trust/token.c | 6 +++---
2 files changed, 11 insertions(+), 6 deletions(-)
commit 0dd62395788ae566d3adef967611bce214a04435
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-12-23
trust: Propagate library verbosity to module through init_args
Previously, even when the -v option is used with the 'trust' command,
the messages from p11-kit-trust.so module were suppressed because the
verbosity setting is not propagated to the module.
common/message.c | 8 ++++----
p11-kit/modules.c | 29 +++++++++++++++++++++++------
p11-kit/p11-kit.h | 3 ++-
trust/enumerate.c | 11 +++++++++--
trust/module.c | 5 +++++
trust/p11-kit-trust.module | 4 ++++
6 files changed, 47 insertions(+), 13 deletions(-)
commit 95faa51a23fc416e718dbd740adfce31f642530b
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-12-29
build: Fix typo spotted by codespell
ChangeLog | 2 +-
NEWS | 8 ++++----
common/pkcs11.h | 2 +-
common/test-lexer.c | 2 +-
doc/manual/Makefile.am | 2 +-
p11-kit/iter.c | 2 +-
p11-kit/modules.c | 2 +-
p11-kit/rpc-message.c | 6 +++---
p11-kit/rpc-server.c | 4 ++--
p11-kit/test-pin.c | 2 +-
p11-kit/test-virtual.c | 2 +-
trust/test-enumerate.c | 2 +-
trust/test-parser.c | 2 +-
trust/test-token.c | 4 ++--
trust/trust-extract-compat.in | 2 +-
15 files changed, 22 insertions(+), 22 deletions(-)
commit 4ee6545d0188e495f195b7fe5abbe9cc382a626d
Author: Jakub Jelen <jjelen@redhat.com>
Date: 2018-12-06
doc: Make log-calls match the rest of the document style
doc/manual/pkcs11.conf.xml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit b9eceda29965af989ad2150082454ae353266fa5
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-11-23
build: Simplify assertions
Let it leak memory when we assert, so not to confuse static analyzers
as if this is the normal case.
common/test.c | 6 ------
1 file changed, 6 deletions(-)
commit b92e8c7f5c082a55073903d53293e6aeecb9d0ed
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-11-22
travis: Add cppcheck profile
.travis.yml | 4 ++++
.travis/cppcheck/after_failure.sh | 3 +++
.travis/cppcheck/before_install.sh | 9 +++++++++
.travis/cppcheck/install.sh | 14 ++++++++++++++
.travis/cppcheck/script.sh | 3 +++
5 files changed, 33 insertions(+)
commit d293fd54c754190da333496df070992e2d803a87
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-11-22
travis: Allow profile override
.travis.yml | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
commit f0c82b07f8b31a4b86de32436cb4f5053de16336
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-11-22
build: Suppress cppcheck errors
common/test-tests.c | 2 ++
common/test.c | 4 ++++
p11-kit/server.c | 8 ++++++--
trust/test-bundle.c | 9 ++++++---
trust/test-openssl.c | 9 ++++++---
trust/test-save.c | 22 +++++++++++++++-------
trust/test-trust.c | 4 +++-
7 files changed, 42 insertions(+), 16 deletions(-)
commit 8287689158403090b5828a568b122b5b3a3ce987
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-10-22
tests: Ensure p11_proxy_module_cleanup is called
Reported and suggested in #197.
p11-kit/test-proxy.c | 2 ++
1 file changed, 2 insertions(+)
commit f758142178b4cc5c650dde75152bfb85ac992178
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-10-15
url: Prefer upper-case letters in hex characters when encoding
This makes it more compliant with RFC 3986, where the use of
upper-case letters is recommended (as "SHOULD").
Suggested by Sumit Bose.
common/test-path.c | 2 +-
common/test-url.c | 28 ++++++++++++++++++++++++++++
common/url.c | 24 +++++++++++++++++-------
p11-kit/test-uri.c | 14 +++++++-------
4 files changed, 53 insertions(+), 15 deletions(-)
commit e81f6af7ed3b39b8df0bb7ce150619ea8178d47c
Author: Harald Hoyer <harald@redhat.com>
Date: 2018-11-02
trust/extract-jks.c: also honor SOURCE_DATE_EPOCH time
For reproducible builds, accept a define timestamp for the java
keystore.
See https://reproducible-builds.org/docs/source-date-epoch/
trust/extract-jks.c | 38 ++++++++++++++++++++++++++++++++++----
1 file changed, 34 insertions(+), 4 deletions(-)
commit 1d6913d5a551b6bd8efaa1705178e49f1527aa7e
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-10-30
build: Require pkg.m4 >= 0.29 at bootstrap
configure.ac | 2 ++
1 file changed, 2 insertions(+)
commit 6e1046de2233fba7875d3d6a1b260192678dd0ad
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-10-19
virtual: Prefer fixed closures to libffi closures
On some circumstances (such as when loading p11-kit-proxy from httpd),
it is known that creation of libffi closure always fails, due to
SELinux policy. Although this is harmless, it pollutes the journal
and gives wrong hints when troubleshooting. This patch changes the
order of preference of libffi vs pre-compiled closures to avoid that.
p11-kit/virtual.c | 19 ++++++++++++++-----
1 file changed, 14 insertions(+), 5 deletions(-)
commit 83e92c2f9575707083d8b0c70ef330e285d70836
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-10-17
trust: Check index->buckets is allocated on cleanup
trust/index.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
commit 6417780ebbbbb0f01ddb001b239347655fb98578
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-10-17
rpc-server: Check calloc failure
p11-kit/rpc-server.c | 4 ++++
1 file changed, 4 insertions(+)
commit da73c2804b3ca962fa51473bb4c303a5ed32d4a1
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-10-16
trust: Set umask before calling mkstemp
trust/save.c | 3 +++
1 file changed, 3 insertions(+)
commit 033cd90806cb1e2eab7e799703757abc2f07052e
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-10-16
proxy: Fix null dereference when reusing slots
p11-kit/proxy.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
commit 1f78cb0b4dd193ec1f1b2b424a497a6c2edec043
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-10-16
rpc-server: p11_kit_remote_serve_tokens: Fix memleak
p11-kit/rpc-server.c | 5 +++++
1 file changed, 5 insertions(+)
commit 213ea0815ef45411bf6c134918b79d2aad69c1dc
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-10-16
build: Check return value of p11_rpc_buffer_get_uint64
p11-kit/rpc-client.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
commit 06323aed926ddc67bd18ed98e5af92035a8e3d39
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-10-16
build: Check return value of p11_dict_set
p11-kit/proxy.c | 3 ++-
p11-kit/rpc-server.c | 6 +++++-
trust/module.c | 3 ++-
3 files changed, 9 insertions(+), 3 deletions(-)
commit b10dadce5a3c921149b2c9fe0dec614f8076ebda
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-10-16
build: Free memory before return{,_val}_if_* macros
p11-kit/iter.c | 5 ++++-
p11-kit/proxy.c | 10 ++++++++--
trust/asn1.c | 15 ++++++++++++---
trust/builder.c | 5 ++++-
trust/index.c | 10 ++++++++--
trust/persist.c | 5 ++++-
trust/save.c | 29 +++++++++++++++++++++++++----
trust/session.c | 10 ++++++++--
trust/token.c | 5 ++++-
9 files changed, 77 insertions(+), 17 deletions(-)
commit c76197ddbbd0c29adc2bceff2ee9f740f71d134d
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-10-16
build: Call va_end() always when leaving the function
common/attrs.c | 4 +++-
common/compat.c | 5 ++++-
common/path.c | 5 ++++-
trust/parser.c | 4 +++-
4 files changed, 14 insertions(+), 4 deletions(-)
commit 8a8db182af533a43b4d478d28af8623035475d68
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-10-16
debug: Work around cppcheck false-positives
https://trac.cppcheck.net/ticket/8794
common/debug.h | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
commit f4a9fa674e17cc470d9280237032f18a70313d8e
Author: Leonardo Brondani Schenkel <leo@tradeshift.com>
Date: 2018-05-28
common: use /proc only on Linux
Non-Linux systems do not have /proc, so do not attempt to open it and
eliminate an unnecessary access() syscall on those systems.
common/compat.c | 2 ++
1 file changed, 2 insertions(+)
commit 7f1df14e041c6de9603a4720753ca8f31e32b4ff
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-08-31
pkcs11: Don't redefine CKM_CAMELLIA_KEY_GEN
Also reorder the CKM_CAMELLIA_* definitions.
common/pkcs11.h | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
commit 3770793f026e46a000d2d8816d56122598289d5c
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-08-28
Release 0.23.14
NEWS | 6 ++++++
configure.ac | 2 +-
2 files changed, 7 insertions(+), 1 deletion(-)
commit c1b565413dae632a4ab78cea08ed103d9418921b
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-08-22
virtual: Tighten error handling when fixed closures are exhausted
p11-kit/virtual.c | 17 ++++++++---------
1 file changed, 8 insertions(+), 9 deletions(-)
commit 347a8793d23036433ab0ba39049f0e832bb05b3d
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-08-22
virtual: Don't be too loud about recoverable failure
p11-kit/virtual.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit 9a7892ef3fd9d4bd70df41fb0200782dc6134c70
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-08-24
trust: Factor out module initialization into separate file
This prevents double call to p11_library_init() in test-module.c, once
from the ELF constructor, and secondly from the test itself.
trust/Makefile.am | 2 +-
trust/module-init.c | 43 ++++++++++++++++++++++++++++++++++++++++++
trust/module.c | 54 -----------------------------------------------------
3 files changed, 44 insertions(+), 55 deletions(-)
commit 0d7fbd5189ba1414d84326ddc8e4cff98f66a44b
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-08-27
common: Factor out common initializer code into a header
common/Makefile.am | 1 +
common/init.h | 94 +++++++++++++++++++++++++++++++++++++++++++++++++++
p11-kit/client-init.c | 60 +++-----------------------------
p11-kit/proxy-init.c | 59 +++-----------------------------
4 files changed, 103 insertions(+), 111 deletions(-)
commit 0961cf527f1414bf5a900d958ee776cdd28f3525
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-08-24
travis: Manually install cpp-coveralls
To accommodate the gcov format change in gcc 8.1:
https://github.com/eddyxu/cpp-coveralls/pull/127
which is not yet available in the pip version.
.travis/linux/after_success.sh | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
commit 2066e7c57a7ae82e35fee3deaa06d89498d749a3
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-08-23
travis: Check valgrind exit code more strictly
.travis/linux/script.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 7a844d8e8c1c87401b161094023cf309ca111095
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-08-21
README.md: Add CII Best Practices badge
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit f2a17c5e1dbc75a0142c6330bab588deb0060151
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-08-21
README.md: Mention contact method for security issues
README.md | 5 +++++
1 file changed, 5 insertions(+)
commit b9ef1c5f4dbdfbab504479fdc899e344ff7bb44a
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-08-17
Revert "build: Explicitly link threaded test programs to libpthread"
This reverts commit dc4a6eaddbb36a344cc6a9c7eb12cab9df4899b0.
configure.ac | 10 ----------
p11-kit/Makefile.am | 8 ++++----
2 files changed, 4 insertions(+), 14 deletions(-)
commit 35b39cb2bf6d50a117a9e4c8e18100d19716ea71
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-08-17
Revert "build: Stop linking the library with libpthread when possible"
This reverts commit 50f8906e63c9413a7687bab6608496d83c29a222.
configure.ac | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
commit 56f3b9370747a7a33a9d56ff9365c89700dd0e67
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-08-17
Revert "common: Prefer __register_atfork() to pthread_atfork() if possible"
This reverts commit ce3cec7f8742254b8627b9db48973b81e91cbfc8.
common/library.c | 19 +------------------
configure.ac | 2 --
2 files changed, 1 insertion(+), 20 deletions(-)
commit a877b0eca3d59f7f8cd126047c0e899df6018858
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-08-17
Revert "build: Link to libpthread, if pthread_atfork() needs to be used"
This reverts commit 541d79cb651cfd3238b9aa41fce70208df8e9496.
NEWS | 2 +-
common/library.c | 10 ++++------
configure.ac | 7 +------
3 files changed, 6 insertions(+), 13 deletions(-)
commit f69746d140cec20516c223825523fb0ade53384a
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date: 2018-08-14
Update pkcs11 header to allow SoftHSMv2 to compile
Replace vendor-specific values with the IDs from PKCS11 v3.0 for those
constants that were already standardized.
common/pkcs11.h | 238 +++++++++++++++++++++++++++++++++++++++++++++++++++-----
1 file changed, 220 insertions(+), 18 deletions(-)
commit abc542bd5abf46c5170f8a0c3dcc62eff0c9cfde
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-08-13
travis: Check that proxy module can be loaded and unloaded
.travis/linux/before_install.sh | 2 +-
.travis/linux/script.sh | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
commit 34416ed787d804e0d293e47f2d10dc62ddea407c
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-08-13
proxy: Avoid invalid memory access when unloading proxy module
When loading and unloading p11-kit-proxy.so with pkcs11-tool, it
accesses already free'd memory area:
$ valgrind pkcs11-tool --module p11-kit-proxy.so -L
==25173== Invalid read of size 8
==25173== at 0x64BF493: p11_proxy_module_cleanup (proxy.c:1724)
==25173== by 0x64BD028: _p11_kit_fini (proxy-init.c:65)
==25173== by 0x401477C: _dl_close_worker (in /usr/lib64/ld-2.27.so)
==25173== by 0x4014E1D: _dl_close (in /usr/lib64/ld-2.27.so)
==25173== by 0x5E08C4E: _dl_catch_exception (in /usr/lib64/libc-2.27.so)
==25173== by 0x5E08CDE: _dl_catch_error (in /usr/lib64/libc-2.27.so)
==25173== by 0x58B1724: _dlerror_run (in /usr/lib64/libdl-2.27.so)
==25173== by 0x58B1113: dlclose (in /usr/lib64/libdl-2.27.so)
==25173== by 0x11E5A7: ??? (in /usr/bin/pkcs11-tool)
==25173== by 0x110023: ??? (in /usr/bin/pkcs11-tool)
==25173== by 0x5CF624A: (below main) (in /usr/lib64/libc-2.27.so)
==25173== Address 0x61231c8 is 552 bytes inside a block of size 584 free'd
==25173== at 0x4C2FDAC: free (vg_replace_malloc.c:530)
==25173== by 0x6548492: p11_virtual_unwrap (virtual.c:2902)
==25173== by 0x64BF492: p11_proxy_module_cleanup (proxy.c:1723)
p11-kit/proxy.c | 17 ++++-------------
1 file changed, 4 insertions(+), 13 deletions(-)
commit 541d79cb651cfd3238b9aa41fce70208df8e9496
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-08-10
build: Link to libpthread, if pthread_atfork() needs to be used
On non-glibc systems (e.g., FreeBSD), pthread_atfork() stub is
provided as a nop and our fork detection mechanism doesn't work. Pull
in the actual implementation from libpthread in that case.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
NEWS | 2 +-
common/library.c | 10 ++++++----
configure.ac | 7 ++++++-
3 files changed, 13 insertions(+), 6 deletions(-)
commit 6a8da20c0432499480731548256294844cade631
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-08-10
build: Don't install systemd unit files when "make distcheck"
Makefile.am | 1 +
1 file changed, 1 insertion(+)
commit ef001069d069df43de029f3b84206676badd8a4e
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-08-10
Release 0.23.13
NEWS | 7 +++++++
configure.ac | 2 +-
2 files changed, 8 insertions(+), 1 deletion(-)
commit ce3cec7f8742254b8627b9db48973b81e91cbfc8
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-08-09
common: Prefer __register_atfork() to pthread_atfork() if possible
common/library.c | 19 ++++++++++++++++++-
configure.ac | 2 ++
2 files changed, 20 insertions(+), 1 deletion(-)
commit 50f8906e63c9413a7687bab6608496d83c29a222
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-07-13
build: Stop linking the library with libpthread when possible
configure.ac | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
commit ebfd7da82d7b9eea81067479861aac2d2c07cc29
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-07-20
common: Use thread-local storage class when possible
This eliminates the unconditional use of pthread_{get,set}specific()
and pthread_key_{create,delete}(), which glibc doesn't provide the stubs.
common/library.c | 22 ++++++++++++++++++++++
configure.ac | 12 ++++++++++++
2 files changed, 34 insertions(+)
commit dc4a6eaddbb36a344cc6a9c7eb12cab9df4899b0
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-07-20
build: Explicitly link threaded test programs to libpthread
Some test programs use pthread_create(), which glibc doesn't provide
the stub. Link those programs with -lpthread.
configure.ac | 10 ++++++++++
p11-kit/Makefile.am | 8 ++++----
2 files changed, 14 insertions(+), 4 deletions(-)
commit f04c2a84ad2a017a778fa2f23719318acb9ca89f
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-07-20
common, p11-kit, trust: Use pthread_once only when necessary
If the ELF constructor is usable, we don't really need the once-init
function because it is guaranteed that the code runs only once in the
constructor.
common/library.c | 4 +++-
common/library.h | 10 ++++++++++
p11-kit/client-init.c | 2 +-
p11-kit/proxy-init.c | 2 +-
trust/module.c | 2 +-
5 files changed, 16 insertions(+), 4 deletions(-)
commit 5b18e77e9dbb6a598812427ba07ad6df63eb7a67
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-07-20
common: Use static mutex initializer when possible
This eliminates the use of pthread_mutexattr_* functions, which glibc
doesn't provide the stubs.
common/compat.c | 4 +++-
common/compat.h | 18 +++++++++++++++++-
common/library.c | 14 ++++++++++----
3 files changed, 30 insertions(+), 6 deletions(-)
commit 22cb49b9105657cafb98624be37f05b169f73dd6
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-08-01
server: Avoid FD leak in error cases
Spotted by coverity.
p11-kit/server.c | 3 +++
1 file changed, 3 insertions(+)
commit 19aaf573580e52265f57f9b7af7a03bfdfaf71e0
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-07-19
trust: Clarify C_Login behavior that returns an error
trust/module.c | 11 +++++++++++
1 file changed, 11 insertions(+)
commit ab27346ceb5d4e856671a033ac1f6521c86514a1
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-07-10
proxy: Fail early if there is no slot mappings
p11-kit/proxy.c | 2 ++
p11-kit/test-proxy.c | 42 ++++++++++++++++++++++++++++++++++++++++++
2 files changed, 44 insertions(+)
commit fb5742cdecfde1c13d9ce610cdec050792cc57ca
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-07-09
travis: Install pip for coveralls
.travis.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit b6d20ac16da7128089031248eed4afe08f6934d3
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-06-27
rpc-server: p11_kit_remote_serve_tokens: Allow exporting all modules
This patch removes the restriction of p11_kit_remote_serve_tokens()
that were not capable of serving tokens across multiple modules.
p11-kit/Makefile.am | 5 +-
p11-kit/remote.h | 2 +-
p11-kit/rpc-server.c | 209 ++++++++++++++++++++++++++++++++++----------------
p11-kit/test-server.c | 83 +++++++++++++++-----
4 files changed, 210 insertions(+), 89 deletions(-)
commit 9d2ce267e6714c6a565a9ded3aa0001918d1ae1d
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-06-27
build: Use separate p11-kit-{remote,server} executable for testing
Otherwise, the p11-kit-remote program called from p11-kit-server would
load the system modules instead of the local fixtures.
.gitignore | 2 ++
p11-kit/Makefile.am | 26 ++++++++++++++++++++++++++
p11-kit/server.c | 2 +-
p11-kit/test-server.c | 4 ++--
4 files changed, 31 insertions(+), 3 deletions(-)
commit 8d8bff0a2edf4659b641dde1333eb6a7c695671c
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-06-25
proxy: Allow proxy to be created from the library
Previously, to aggregate multiple modules into one, there was no other
way than loading the proxy module. From the p11-kit applications,
however, it is not possible to load that module because of the
recursive loading check (p11_proxy_module_check).
This patch adds another means to aggregate modules, through a library
function p11_proxy_module_create.
p11-kit/proxy.c | 40 +++++++++++++++++++++++++++++++++++++++-
p11-kit/proxy.h | 3 +++
2 files changed, 42 insertions(+), 1 deletion(-)
commit a65696b3e79acb602bd0c000f8524d3cc8998187
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-06-25
proxy: Turn global variables module local
p11-kit/proxy.c | 35 ++++++++++++++---------------------
1 file changed, 14 insertions(+), 21 deletions(-)
commit c53888a802eed4baa4aff54060334d2fdbfc7648
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-07-13
build: Make reallocarray detection robuster
On NetBSD, reallocarray is not declared until _OPENBSD_SOURCE is
defined. Reported by Patrick Welche in:
https://lists.freedesktop.org/archives/p11-glue/2018-July/000691.html
common/compat.h | 2 +-
configure.ac | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
commit 53a7e915b2694bc1957d98493a7aee9abfa3c6c5
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-06-20
server: Enable socket activation through systemd
This enables socket activation of "p11-kit server" through systemd.
The feature provided is essentially the same as commit
a4fb2bb5 (reverted), but implemented with "p11-kit server" and
libsystemd API instead of wrapping "p11-kit remote" in the unit file.
Note that, while it exposes all tokens through the socket, it doesn't
increase attack surface beyond the PKCS#11 binary interface provided
by p11-kit-proxy.so, because the service is per-user.
.gitignore | 2 +-
configure.ac | 23 +++++++++++++++++++++++
p11-kit/Makefile.am | 22 ++++++++++++++++++++++
p11-kit/p11-kit-server.service.in | 15 +++++++++++++++
p11-kit/p11-kit-server.socket | 11 +++++++++++
p11-kit/server.c | 33 ++++++++++++++++++++++++---------
6 files changed, 96 insertions(+), 10 deletions(-)
commit d4a4039f97b2e1f67d09d7cd8c05fb2dd129b23c
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-05-31
build: Ease issetugid() check when cross-compiling
When cross-compiling, the configure check for issetugid() aborts,
because of the pessimistic default of AC_RUN_IFELSE. This patch
provides the non-pessimistic default to AC_RUN_IFELSE and wrap the
macro invocation with AC_CACHE_CHECK so that the user can override the
check by setting ac_cv_issetugid_openbsd=yes, as suggested in:
https://www.gnu.org/savannah-checkouts/gnu/autoconf/manual/autoconf-2.69/html_node/Runtime.html#Runtime
configure.ac | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
commit 3dd5810143e51dabdc58069e55b09a950349fa08
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-05-28
Release 0.23.12
NEWS | 5 +++++
configure.ac | 2 +-
2 files changed, 6 insertions(+), 1 deletion(-)
commit f696eddecaa1f1cd1687ab5dbb942128aaca1903
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-05-29
travis: Add build scripts for macOS
.travis.yml | 1 +
.travis/osx/after_failure.sh | 3 +++
.travis/osx/before_install.sh | 5 +++++
.travis/osx/script.sh | 6 ++++++
4 files changed, 15 insertions(+)
commit a21898570d3e713155f0d8048bc6350f069f58ff
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-05-29
travis: Use matrix
.travis.yml | 84 +++++++++++++++++++++--------------------
.travis/linux/after_failure.sh | 3 ++
.travis/linux/after_success.sh | 9 +++++
.travis/linux/before_install.sh | 9 +++++
.travis/linux/install.sh | 14 +++++++
.travis/linux/script.sh | 11 ++++++
6 files changed, 90 insertions(+), 40 deletions(-)
commit 35637892e517d0e8e08dbe214f638317499ea0f5
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-05-29
test: Avoid unnecessary memory allocation
common/test-runtime.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
commit ccb0c207964189742e97acfd817fb3c6b99e5865
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-05-29
common: Fix runtime directory detection when given prefix is long
common/runtime.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
commit 71b62aa1cdbdec3724c8e451f621309994dc59a0
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-05-29
common: Don't rely on issetugid() when it is broken
On macOS and FreeBSD, issetugid() has different semantics from the
original OpenBSD implementation and cannot reliably detect if the
process made setuid/setgid:
https://gist.github.com/nicowilliams/4daf74a3a0c86848d3cbd9d0cdb5e26e
This should fix:
https://bugs.freedesktop.org/show_bug.cgi?id=67451
https://bugs.freedesktop.org/show_bug.cgi?id=100287
common/compat.c | 2 +-
configure.ac | 15 ++++++++++++++-
2 files changed, 15 insertions(+), 2 deletions(-)
commit 79f928492dba6a46c63e77d6b22c17c23e66403b
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-05-28
build: Don't use locale funcs if locale_t is not defined in locale.h
On macOS, locale_t is not defined in <locale.h>. Although it is
defined in <xlocale.h>, we rather not use locales at all for POSIX
compliance.
common/compat.h | 6 ++++++
common/debug.c | 4 ++--
common/library.c | 6 +++---
common/message.c | 4 ++--
common/test-message.c | 6 +++---
configure.ac | 11 ++++++++---
6 files changed, 24 insertions(+), 13 deletions(-)
commit cd0a2de679a81829b7323bc5db46222b9eaab1d9
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-05-28
pkcs11: Exercise GNU calling convention at compile time
.gitignore | 1 +
p11-kit/Makefile.am | 32 ++++++++++++++++++++++++++++++++
p11-kit/iter.h | 10 ++++++++++
p11-kit/uri.h | 4 ++++
4 files changed, 47 insertions(+)
commit e4c5d3b34941bdc433072a492a0a7fdbddba0cc2
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-05-25
build: Simplify README inclusion
Use symlink in the repository, instead of copying.
.gitignore | 1 -
Makefile.am | 7 +------
README | 1 +
3 files changed, 2 insertions(+), 7 deletions(-)
commit 65dd5469ad164465583167c63114478587db59fd
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-05-24
NEWS: Mention latest changes
NEWS | 2 ++
1 file changed, 2 insertions(+)
commit 8b90031aeb495116a87851dca50845b8df0d1e90
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-05-25
build: Delay building mock-six.la until "make check"
p11-kit/Makefile.am | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 8df105871eb5f6bca3e5f4dcf165f2bbf920f106
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-05-24
build: Include README in the distribution
As we removed README from the repository, it is no longer
automatically picked up for the distribution by Automake.
Makefile.am | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
commit 275eed62b5d0e17c092b66af233ffc5b2f45245b
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-05-24
build: Fix ChangeLog generation
Makefile.am | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit bf204ada4685415287b3d03b3d79634c86739b83
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-05-24
build: Remove obsolete upload rules
Makefile.am | 15 ---------------
1 file changed, 15 deletions(-)
commit e2002df5707dd306cea0684706361be72891231b
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-05-24
build: Include p11-kit/test-messages.sh in distribution
p11-kit/Makefile.am | 1 +
1 file changed, 1 insertion(+)
commit 258da75cd606a3653bc414a6ace01c8bfdfabca6
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-05-24
uri: Make scheme comparison case-insensitive
RFC 3986 suggests that implementations should accept uppercase letters
as equivalent to lowercase in scheme names.
p11-kit/test-uri.c | 21 +++++++++++++++++++++
p11-kit/uri.c | 12 +++++++++---
2 files changed, 30 insertions(+), 3 deletions(-)
commit 117b35db99af4331daad4279eadfb9280e0c1325
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-05-24
common: Make case conversion locale independent
The tolower()/toupper() functions take into account of the current
locale settings, which p11-kit doesn't want. Add replacement
functions that work as if they are called under the C locale.
common/compat.c | 16 ++++++++++++++++
common/compat.h | 3 +++
common/mock.c | 4 ++--
common/url.c | 4 ++--
trust/extract-jks.c | 2 +-
trust/extract-openssl.c | 2 +-
6 files changed, 25 insertions(+), 6 deletions(-)
commit e42dcf5283a5537c196147c9a2468ee537b9da7b
Author: Nathaniel McCallum <npmccallum@redhat.com>
Date: 2018-05-14
Improve const correctness for P11KitUri
This does not improve const for the getters. The reason for this is that
they are usually passed into the PKCS#11 APIs directly and these APIs
are not const correct. Trying to force const correctnesss here would
result in pain for library consumers.
This is an API and ABI compatible change.
p11-kit/private.h | 12 ++++++------
p11-kit/uri.c | 34 +++++++++++++++++-----------------
p11-kit/uri.h | 36 ++++++++++++++++++------------------
3 files changed, 41 insertions(+), 41 deletions(-)
commit 6af8234936f805a9c6dceb29a84e73d40ed4b257
Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: 2018-05-18
README: replace by README.md
That is, use README.md as primary source to generate README as
README is required by the GNU guidelines. We don't try to convert
to "real" plain text as markdown is readable, and to avoid introducing
another dependency (e.g., pandoc).
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
.gitignore | 1 +
Makefile.am | 1 +
README | 8 --------
3 files changed, 2 insertions(+), 8 deletions(-)
commit 58c3eb9acf5885069652f1b02edb7aca01580b96
Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: 2018-05-18
NEWS: mark the 0.23 series as stable
Resolves #80
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
NEWS | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 14610d49c4e6c68022be63df1481f74ccb0aa75a
Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: 2018-05-18
README.md: added reference to Daiki's key
Resolves #153
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
README.md | 25 +++++++++++++++++++++++--
1 file changed, 23 insertions(+), 2 deletions(-)
commit f272dd4a1c68125c8f696b1e0eebb15c45c6923a
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-05-07
Release 0.23.11
NEWS | 8 ++++++++
configure.ac | 2 +-
2 files changed, 9 insertions(+), 1 deletion(-)
commit 5f68c96da949b08e2afd109d276d80e42cab68b7
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-05-07
common: Pacify clang-analyzer
common/buffer.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
commit 98fbfc3b6126c809eb44c700871facca6ac7727d
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-05-07
trust: Avoid array overflow
trust/builder.c | 4 ++--
trust/extract-openssl.c | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
commit 34ab20cbf79ca50972bf3088c8b6e9978ff0dc2b
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-05-07
trust: Don't null terminate PKCS #11 string fields
trust/module.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
commit ba006ed40cad2e0d1fe3c3355c18bdfb612c2cd6
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-05-07
proxy: Don't null terminate PKCS #11 string fields
p11-kit/proxy.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit 1b85c62af8146efa0e648a297179db2bbfe59b43
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-05-03
test: Avoid exceeding maximum pathname length of Unix socket
p11-kit/test-server.sh | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
commit a625dfa4f2456b1a866489e5be15fb46578237a5
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-04-27
library: Use dedicated locale object for printing error
common/debug.c | 14 +++++++-------
common/library.c | 13 +++++++++++++
common/message.c | 14 +++++++-------
common/test-message.c | 15 +++++++++++++++
configure.ac | 2 +-
5 files changed, 43 insertions(+), 15 deletions(-)
commit 6202903b261dfae740af3f8e985244bab48470ba
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-04-27
Revert "build: Check strerror_l() and uselocale() seperately"
This reverts commit 173ad93cc54057886b2055f3d73ea64a047127d1.
We should rather use newlocale() when per-thread locale is not set.
Otherwise uselocale() could return LC_GLOBAL_LOCALE on some
platforms (e.g. musl-libc) and calling strerror_l() with it leads to
an undefined behavior.
common/debug.c | 9 ++-------
common/message.c | 9 ++-------
configure.ac | 2 +-
3 files changed, 5 insertions(+), 15 deletions(-)
commit 173ad93cc54057886b2055f3d73ea64a047127d1
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-04-19
build: Check strerror_l() and uselocale() seperately
NetBSD deliberately doesn't support per-thread locale and our
thread-safe replacement of strerror() using strerror_l() cannot be
used. Fallback to strerror_r() in that case.
common/debug.c | 9 +++++++--
common/message.c | 9 +++++++--
configure.ac | 2 +-
3 files changed, 15 insertions(+), 5 deletions(-)
commit a95c7a3e936896349bf925ca7cd47f0a03166249
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-04-10
travis: Optimize dnf install invocation
.travis.yml | 18 +++++++-----------
1 file changed, 7 insertions(+), 11 deletions(-)
commit e4b86e449a83428592e45db28834be950e837d74
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-04-10
test: Add installcheck script to test trust module
Currently it only checks that "disable-in: p11-kit-proxy" properly
prevents the trust module being loaded by the proxy module.
trust/Makefile.am | 4 +++-
trust/test-trust.sh | 21 +++++++++++++++++++++
2 files changed, 24 insertions(+), 1 deletion(-)
commit 5d97643884879d4967d21cb29c9917271a4b65db
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-04-10
trust: Prevent trust module being loaded by proxy module
Otherwise, when the proxy module were registerd in NSS database, the
trust module would be loaded twice and degrade search performance.
trust/p11-kit-trust.module | 3 +++
1 file changed, 3 insertions(+)
commit af71f7961370714112f258c0e404d96bdef9cee9
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-04-10
travis: Run "make installcheck"
.travis.yml | 24 ++++++++++++++++--------
1 file changed, 16 insertions(+), 8 deletions(-)
commit cbef7f5d8a14d46ecdf0c25c3d38d26598a66f8c
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-04-10
trust: Fix memleak in p11_enumerate_opt_filter
p11_kit_iter_add_filter() takes the ownership of given attributes.
Spotted by address sanitizer.
trust/enumerate.c | 1 +
1 file changed, 1 insertion(+)
commit e4a5466e5e3cfe22344e79c6e1a0ad9a7945a602
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-04-10
test: Factor out common harness from test-extract.in
.gitignore | 2 +-
configure.ac | 2 +-
trust/Makefile.am | 7 +-
trust/{test-extract.in => test-extract.sh} | 92 +------------------------
trust/test-init.sh.in | 106 +++++++++++++++++++++++++++++
5 files changed, 114 insertions(+), 95 deletions(-)
commit dcb6ee3fa89e0c9586e2b09e1f60aa076f263123
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-03-31
test: Add test for JKS extractor
Piggybacking commit de963b96, this adds a multi-cert test case for the
Java keystore extractor.
trust/Makefile.am | 5 ++
trust/extract-jks.c | 7 +-
trust/fixtures/multiple.jks | Bin 0 -> 2556 bytes
trust/test-jks.c | 213 ++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 224 insertions(+), 1 deletion(-)
commit af6ab322b1ad9a4f4a0117a79bd566550ec0a0a8
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-04-05
test: Add test for p11_attrs_purge()
common/test-attrs.c | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
commit 843fca9b67b7407a47bcae698f434c975a4a4e91
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-04-05
mock-module-ep: Properly override C_GetFunctionList
p11-kit/mock-module-ep.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit a6d0e490209638605b17b0bdc66ad03d36909dae
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-04-05
modules: Add option to control module visibility from proxy
This enables to control whether a module will be loaded from the proxy
module. The configuration reuses the "enable-in" and "disable-in"
options, with a special literal "p11-kit-proxy" as the value.
doc/manual/pkcs11.conf.xml | 2 ++
p11-kit/modules.c | 35 ++++++++++++++-----
p11-kit/p11-kit.h | 1 +
p11-kit/private.h | 5 +++
p11-kit/proxy.c | 2 +-
p11-kit/test-proxy.c | 83 ++++++++++++++++++++++++++++++++++++++++++++++
6 files changed, 118 insertions(+), 10 deletions(-)
commit de963b96929b9da61916a0c43b4ac4c34a39e238
Author: Laszlo Ersek <lersek@redhat.com>
Date: 2018-03-29
trust: add unit test for the "edk2-cacerts" extractor
Add a multi-cert test case for the edk2 extractor, heavily based on the
"/openssl/test_file_multiple" test case.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1559580
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
trust/Makefile.am | 5 ++
trust/fixtures/multiple.edk2 | Bin 0 -> 2549 bytes
trust/test-edk2.c | 209 +++++++++++++++++++++++++++++++++++++++++++
3 files changed, 214 insertions(+)
commit ee27f9153a14d0c6d75f8745a8c1879a6e4bb2e8
Author: Laszlo Ersek <lersek@redhat.com>
Date: 2018-03-27
trust: implement the "edk2-cacerts" extractor
Extract the DER-encoded X.509 certificates in the EFI_SIGNATURE_LIST
format that is
- defined by the UEFI 2.7 spec (using one inner EFI_SIGNATURE_DATA object
per EFI_SIGNATURE_LIST, as specified for EFI_CERT_X509_GUID),
- and expected by edk2's HttpDxe when it configures the certificate list
for HTTPS boot from EFI_TLS_CA_CERTIFICATE_VARIABLE (see the
TlsConfigCertificate() function in "NetworkPkg/HttpDxe/HttpsSupport.c").
The intended command line is
p11-kit extract \
--format=edk2-cacerts \
--filter=ca-anchors \
--overwrite \
--purpose=server-auth \
$DEST/edk2/cacerts.bin
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1559580
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
trust/extract-edk2.c | 169 ++++++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 168 insertions(+), 1 deletion(-)
commit 59054e4f9fe3e95f8db881973901ab59a0b1ef8a
Author: Laszlo Ersek <lersek@redhat.com>
Date: 2018-03-27
trust: introduce the "edk2-cacerts" extractor skeleton
Introduce the p11_extract_edk2_cacerts() skeleton. At the moment it always
fails, silently.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1559580
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
trust/Makefile.am | 1 +
trust/extract-edk2.c | 44 ++++++++++++++++++++++++++++++++++++++++++++
trust/extract.c | 4 +++-
trust/extract.h | 3 +++
4 files changed, 51 insertions(+), 1 deletion(-)
commit ba6ebb05fc0c8010d8510984ce3c5f908edf13b6
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-03-29
modules: Fix memleak in re-initialization case
p11-kit/modules.c | 1 +
1 file changed, 1 insertion(+)
commit 1ca877e3d3b1315ee9358f7e3c9096e10e14486e
Author: Justin King-Lacroix <justinkl@google.com>
Date: 2018-03-16
Treat CKR_CRYPTOKI_ALREADY_INITIALIZED correctly
In p11_kit_modules_initialize(), treat a return code
of CKR_CRYPTOKI_ALREADY_INITIALIZED as identical to
CKR_OK.
p11-kit/modules.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
commit 46901ab914e3f37e6e7287d47d9ab1281e3d64dc
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-03-29
travis: Disallow failure on mingw
.travis.yml | 4 ----
1 file changed, 4 deletions(-)
commit 41301742772b411eb8b3e819c54b1eb5b9ca82dd
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-03-29
test: Add missing seven.module in Windows fixtures
p11-kit/fixtures/system-modules/win32/seven.module | 4 ++++
1 file changed, 4 insertions(+)
commit a3478f097bff647892c18cbab1e6f5b8bd5a6614
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-03-29
travis: Use LOG_COMPILER to run tests under wine
.travis.yml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
commit a711a578ba7a1775bdc20ea00fbbdb4f10f91d58
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-03-29
build: Enable make check with wine
build/wine-wrapper.sh | 13 +++++++++++++
p11-kit/test-messages.sh | 2 +-
2 files changed, 14 insertions(+), 1 deletion(-)
commit bfdd4372ff381ce234d357bb43636b86e6cc1e8f
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-03-29
common: Fix compilation of runtime.c under mingw
common/runtime.c | 29 ++++++++++++++++++++---------
common/test-runtime.c | 14 +++++++++++++-
2 files changed, 33 insertions(+), 10 deletions(-)
commit 7827e65abacc87018be035a3008a4bb89280a85a
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-03-27
test: Add failing test for CKR_CRYPTOKI_ALREADY_INITIALIZED
p11-kit/Makefile.am | 7 ++-
p11-kit/fixtures/system-modules/seven.module | 4 ++
p11-kit/mock-module-ep5.c | 80 ++++++++++++++++++++++++++++
p11-kit/test-modules.c | 25 +++++++++
4 files changed, 115 insertions(+), 1 deletion(-)
commit e454338dddef9089a3b9998cc8ba33e247ee9f26
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-03-07
test: Add test for error messages
.travis.yml | 2 +-
p11-kit/Makefile.am | 2 +
p11-kit/test-messages.sh | 110 +++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 113 insertions(+), 1 deletion(-)
commit 007023002811469ae3982a0cfcd9a73aed762ad1
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-03-28
test: Use _exit() in child process to immediately close open FDs
p11-kit/test-proxy.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 294c0efda49a623f47eb3c459bb5ed812ebc757c
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-03-28
test: Rewrite test-server.sh in TAP style
p11-kit/test-server.sh | 38 +++++++++++++++++++++++++++-----------
1 file changed, 27 insertions(+), 11 deletions(-)
commit 1eb22867b1123601387b1fa06643077225bd7590
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-03-27
test: Take advantage of TAP test driver
.gitignore | 1 +
Makefile.am | 4 ++++
configure.ac | 1 +
3 files changed, 6 insertions(+)
commit 9abfcd53e922f5c3841061e363e5ac88d92c2433
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-03-27
common: Add assert_skip() and assert_todo()
common/test.c | 121 ++++++++++++++++++++++++++++++++++++++++++++++++++--------
common/test.h | 20 ++++++++++
2 files changed, 126 insertions(+), 15 deletions(-)
commit e8d569045c7d224e94836edd77856823aadf8267
Author: Andreas Metzler <ametzler@bebt.de>
Date: 2018-02-27
test-server.sh: Fix bashism
p11-kit/test-server.sh | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
commit f6b7a992e442218a5afdbf8ae1697c53f3f03991
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-02-27
Release 0.23.10
NEWS | 12 ++++++++++++
configure.ac | 2 +-
2 files changed, 13 insertions(+), 1 deletion(-)
commit 39eb7a3dd16233b16fb1e50fe30d55f5f86fbaa5
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-02-27
maint: Point to the new URLs
HACKING | 6 +++---
configure.ac | 4 ++--
2 files changed, 5 insertions(+), 5 deletions(-)
commit d2318ca31774d6a02eff5d0b3af2f3c89cb58c9d
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-02-27
test-server: Add test for detecting address
p11-kit/test-server.c | 30 +++++++++++++++++++++++++++++-
1 file changed, 29 insertions(+), 1 deletion(-)
commit 264ecf416d6d07c558d80031c077a46a909a6f90
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-02-27
test-server: Fix compilation error on FreeBSD
p11-kit/test-server.c | 1 +
1 file changed, 1 insertion(+)
commit 44c67d90b0448888c784e661b5967204f5b0d47d
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-02-27
common, client: Move runtime directory detection to libp11-common
common/Makefile.am | 5 ++
common/runtime.c | 111 ++++++++++++++++++++++++++++++++++++++++++
common/runtime.h | 42 ++++++++++++++++
common/test-runtime.c | 132 ++++++++++++++++++++++++++++++++++++++++++++++++++
p11-kit/client.c | 67 +------------------------
5 files changed, 292 insertions(+), 65 deletions(-)
commit d8acebf175d727a3e146956fb362c30e7fdec9df
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-02-27
common: Make p11_test_directory_delete() work recursively
common/test.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
commit bcf2c4e0a24303f976dbedc0ef0a564b9808a989
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-02-27
test: Improve temporary directory handling
p11-kit/test-transport.c | 6 ++++--
trust/test-module.c | 2 ++
2 files changed, 6 insertions(+), 2 deletions(-)
commit fb8bf5a5f82e5b4f0afe72e247255f37fc0dedc8
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-02-05
p11_kit_remote_serve_tokens: Read "write-protected" setting from URI
p11-kit/rpc-server.c | 12 ++++++++++++
p11-kit/test-server.c | 30 ++++++++++++++++++++++++++++++
2 files changed, 42 insertions(+)
commit a0984024470218295d74bed364c37862d4c61d60
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-02-05
filter: Respect CKF_WRITE_PROTECTED setting when allowing a token
p11-kit/filter.c | 48 ++++++++++++++++--------
p11-kit/test-filter.c | 102 ++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 134 insertions(+), 16 deletions(-)
commit d3a1498ef9b8a626bbd864a6c90e45a6278a0e75
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-02-26
test: Add test for client-server interaction
The test spawns a process running the server command and connects to
it through p11-kit-client.so. It's is a bit tricky that the child
process requires to preload libasan.so when ASan is in in effect, to
properly load a mock module.
.travis.yml | 10 ++-
build/lsan.supp | 3 +
p11-kit/Makefile.am | 4 +
p11-kit/test-server.c | 199 ++++++++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 213 insertions(+), 3 deletions(-)
commit f73868b710d4463cc0cff6f8ea2f3a171f86c8e2
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-02-26
server: Print envvars even when running in foreground
p11-kit/server.c | 61 ++++++++++++++++++++++++++++++++++++--------------------
1 file changed, 39 insertions(+), 22 deletions(-)
commit adc760e5ce90d49f7c6183c689f95868341f6fb7
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-02-26
test-transport: Make sure to initialize addrlen given to accept
p11-kit/test-transport.c | 1 +
1 file changed, 1 insertion(+)
commit 47297f9785a21af1bb79450bad549aa8bd33a24c
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-02-26
client: Fix memleaks in the module
p11-kit/client.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
commit 7a018706b54e09f1cc7ce8c6d1ceaecf28b7308b
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-02-26
test: Fix unconditional jump in test-proxy.c
p11-kit/test-proxy.c | 1 +
1 file changed, 1 insertion(+)
commit 975f2ccf5dcde210e1da5557eda627c42763e322
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-02-16
doc: Replace links to freedesktop.org to github pages
doc/manual/p11-kit-devel.xml | 8 ++++----
doc/manual/p11-kit.xml | 4 ++--
doc/manual/pkcs11.conf.xml | 2 +-
doc/manual/trust.xml | 6 +++---
4 files changed, 10 insertions(+), 10 deletions(-)
commit 9616790b9ad4147acd5b11de11d6d79bc9ad807f
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-01-19
trust: Forcibly mark "Default Trust" read-only
The "Default Trust" token is typically mounted as $datadir, which is
considered as read-only on modern OSes.
Suggestd by Kai Engert in:
https://bugzilla.redhat.com/show_bug.cgi?id=1523630
trust/Makefile.am | 6 ++++-
trust/frob-token.c | 2 +-
trust/module.c | 12 ++++++----
trust/test-module.c | 69 +++++++++++++++++++++++++++++++++++++++++++++++++++--
trust/test-token.c | 10 ++++----
trust/token.c | 9 ++++++-
trust/token.h | 8 ++++++-
7 files changed, 101 insertions(+), 15 deletions(-)
commit 49d2ededb64197702a8708cb4a453497bc7eaecd
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-01-31
po: Update translations from transifex
po/LINGUAS | 8 +-
po/ast.po | 342 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/ca.po | 171 +++++++++++++++---------------
po/cs.po | 85 +++++++--------
po/da.po | 6 +-
po/de.po | 6 +-
po/el.po | 6 +-
po/en_GB.po | 6 +-
po/eo.po | 6 +-
po/es.po | 12 +--
po/fi.po | 6 +-
po/fr.po | 6 +-
po/fur.po | 343 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/gl.po | 6 +-
po/hr.po | 79 +++++++-------
po/hu.po | 6 +-
po/id.po | 6 +-
po/it.po | 6 +-
po/ja.po | 10 +-
po/ka.po | 6 +-
po/kk.po | 6 +-
po/ko.po | 6 +-
po/lv.po | 6 +-
po/nl.po | 6 +-
po/oc.po | 171 +++++++++++++++---------------
po/pa.po | 8 +-
po/pl.po | 28 ++---
po/pt.po | 171 +++++++++++++++---------------
po/pt_BR.po | 6 +-
po/ru.po | 6 +-
po/sk.po | 6 +-
po/sl.po | 6 +-
po/sr.po | 6 +-
po/sv.po | 6 +-
po/tr.po | 6 +-
po/uk.po | 6 +-
po/zh_CN.po | 8 +-
po/zh_TW.po | 6 +-
38 files changed, 1139 insertions(+), 447 deletions(-)
commit f7387ddea8a5fe609f052a9a40691ebb3ae86372
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-01-31
build: Add more files to .gitignore
.gitignore | 26 +++++++-------------------
1 file changed, 7 insertions(+), 19 deletions(-)
commit bb2b064c9921e7bdcd7335ed3001a5e19512d3e1
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-01-31
travis: Exclude generated files from coverage
.travis.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 3a88f2ed573a5bb04d2397c626f6bcf3b1a814da
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-01-31
build: Split out generated code from p11-kit/virtual.c
.gitignore | 1 +
Makefile.am | 2 +
configure.ac | 13 ++++
p11-kit/Makefile.am | 34 +++++++++
p11-kit/virtual-fixed.h | 3 -
p11-kit/virtual.c | 197 +-----------------------------------------------
6 files changed, 51 insertions(+), 199 deletions(-)
commit 57697eda68a3343c2e54e5f8f3f4ce65a99383f5
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-01-31
trust: Filter out duplicate extensions
The trust policy module keeps all the objects in the database, while
PKIX doesn't allow multiple extensions identified by the same OID can
be attached to a certificate. Add a check to C_FindObjects to exclude
any duplicates and only return the first matching object.
It would be better if the module rejects such duplicates when loading,
but it would make startup slower.
https://bugzilla.redhat.com/show_bug.cgi?id=1141241
trust/input/extensions.p11-kit | 23 +++++++++++++++++++++
trust/input/extensions.pem | 13 ++++++++++++
trust/module.c | 42 ++++++++++++++++++++++++++++++++++++---
trust/test-module.c | 45 +++++++++++++++++++++++++++++++++++++++++-
trust/test-token.c | 2 +-
5 files changed, 120 insertions(+), 5 deletions(-)
commit 14853b1d8466d4e3b5aa23ff14f2abacd4e7e8ef
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-01-25
build: Delay compilation of test-related stuff
Makefile.am | 9 ++++++---
common/Makefile.am | 9 ++++++---
p11-kit/Makefile.am | 15 +++++++++------
trust/Makefile.am | 12 ++++++++----
4 files changed, 29 insertions(+), 16 deletions(-)
commit 05b67a36e2118b4485da7bd26ed3ba85efdeddb4
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-01-25
proxy: Remove dead code
Since the libffi became optional (commit 9f632bed), the fallback code
path in proxy.c has never taken.
p11-kit/proxy.c | 708 --------------------------------------------------------
1 file changed, 708 deletions(-)
commit 3eed501fab5e2a2b19115f4840709c34e9b8ac55
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-01-16
proxy: Reuse the existing slot ID mapping after fork
While the proxy module reassigns slot IDs in C_Initialize(), some
applications assume that valid slot IDs should never change across
multiple calls to C_Initialize(). This patch mitigates this by
preserving the slot IDs, if they are known to the proxy module.
p11-kit/Makefile.am | 7 +++
p11-kit/fixtures/package-modules/six.module | 7 +++
p11-kit/mock-module-ep4.c | 69 +++++++++++++++++++++++++++++
p11-kit/proxy.c | 25 +++++++++--
p11-kit/test-proxy.c | 18 ++++++++
5 files changed, 122 insertions(+), 4 deletions(-)
commit 031d3c74c0ff5da8e9650da0615bbb8107ab1fde
Author: Daiki Ueno <dueno@redhat.com>
Date: 2018-01-17
server: Avoid null-dereference of timespec value on timeout
Spotted by clang-analyzer.
p11-kit/server.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
commit 50b752e081e1ca8b674d05e8ddeaf04451065629
Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: 2017-12-22
Added p11-kit remoting page in manual
doc/manual/Makefile.am | 1 +
doc/manual/p11-kit-docs.xml | 1 +
doc/manual/p11-kit-remoting.xml | 253 ++++++++++++++++++++++++++++++++++++++++
3 files changed, 255 insertions(+)
commit 2c84475ca612c33351d9f311ef24b3b89a7c856c
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-11-29
build: Add README.md to display build status
README.md | 10 ++++++++++
1 file changed, 10 insertions(+)
commit 3b137039f5c222dbc6688bd6c9aec01a6dbeeece
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-11-28
travis: Exclude test programs from coveralls
.travis.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 1163e7e1cd3d8b5b42a1d2b463536a36fa0e77af
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-11-27
travis: Supply necessary envvars to container for coveralls
.travis.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit fda7c32b5796be7cee6a457940110effcd80d7f9
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-11-15
travis: Use in-tree build for coverage
The coverage tools (gcov, cpp-coveralls, etc) cannot detect source
files if the project is built out-of-tree. Use the same directory for
$srcdir and $builddir for the build with --enable-coverage.
.travis.yml | 30 ++++++++++++++++--------------
1 file changed, 16 insertions(+), 14 deletions(-)
commit b889dec9e3493efb72c9903bb4d6007ec00e1c89
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-10-02
test: Improve code coverage of filter.c
p11-kit/test-filter.c | 67 +++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 67 insertions(+)
commit 64b96efca97479a67e2ac1fcbf1492fceab64ba8
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-10-02
travis: Use coveralls for measuring coverage
.travis.yml | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
commit d40d6ca27850a95c4c9df8b66f8a47d80bb1d18a
Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: 2017-10-30
p11_kit_override_system_files: introduced new function
That allows overriding the default module and configuration
locations, for use in test suites, etc.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
p11-kit/modules.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++
p11-kit/p11-kit.h | 5 +++++
p11-kit/test-transport.c | 13 ++++++++-----
3 files changed, 59 insertions(+), 5 deletions(-)
commit 7f919fc1fd8684000d456ead2e65b3fa19ac0adc
Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: 2017-10-30
p11_kit_modules_load*: enhanced documentation on flags
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
p11-kit/modules.c | 6 ++++++
1 file changed, 6 insertions(+)
commit 29b8197e879dc8be8e356f57e6a3a501cdf657f9
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-10-06
build: Take advantage of parallel-tests
.travis.yml | 5 ++++-
Makefile.am | 1 +
configure.ac | 2 +-
3 files changed, 6 insertions(+), 2 deletions(-)
commit 96a3d3e6371785f846bc72c2a701a1eb67c89b77
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-10-06
server: Better shell integration
This adds -k, -c, and -s options to the "p11-kit server" command,
which allows you to terminate the server process, select which C-shell
or Bourne shell command line is printed on startup, respectively.
Makefile.am | 6 ++-
p11-kit/Makefile.am | 5 ++
p11-kit/server.c | 122 +++++++++++++++++++++++++++++++++++++++++--------
p11-kit/test-server.sh | 39 ++++++++++++++++
4 files changed, 152 insertions(+), 20 deletions(-)
commit 031912fa844c4f3da327c8b2578d9d9ce2a6473e
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-10-05
server: Make it possible to eval envvar settings
Previously, calling "eval $(p11-kit server)" from shell hung because
the program didn't properly close stdout before forking.
p11-kit/server.c | 20 +++++++++++---------
1 file changed, 11 insertions(+), 9 deletions(-)
commit bda61680218a4ff5a9f05b5592bb282cbedfd936
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-10-02
Release 0.23.9
NEWS | 5 +++++
configure.ac | 2 +-
2 files changed, 6 insertions(+), 1 deletion(-)
commit 00b829d50389c6a8dd25145355a8e6599a7c378a
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-08-18
trust: Respect anyExtendedKeyUsage in CA certificates
trust/enumerate.c | 5 +++++
trust/oid.h | 9 +++++++++
trust/test-enumerate.c | 31 +++++++++++++++++++++++++++++++
3 files changed, 45 insertions(+)
commit f51ab92f5f81bd08bcf9bd3b0afc545684a6ea7e
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-09-27
rpc: Fix crash when retrieving attribute length
It is possible that NULL is given to the serializers, when
C_GetAttributeValue() just wants to know the size of an attribute.
Previously, this resulted in giving NULL to memcpy().
p11-kit/rpc-message.c | 10 ++++++----
p11-kit/test-rpc.c | 28 ++++++++++++++++++++++++++++
2 files changed, 34 insertions(+), 4 deletions(-)
commit dcd932786c970fc50922ec4f19786b177481570a
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-09-26
server: Make it work only when token URI is provided
Previously, when "p11-kit server" started only with a token URI, it
couldn't properly find and initialize the module which provides the
token. This was because of the wrong order of cleanup of the modules.
p11-kit/rpc-server.c | 88 ++++++++++++++++++++++++----------------------------
1 file changed, 41 insertions(+), 47 deletions(-)
commit 26312a8774b5d113f6e7f904f7b6654449ab7b2e
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-08-18
common: Re-add placeholder definition of p11_debug
This was mistakenly removed in commit efe6dc56c.
Pointed by Lars Wendler in issue #97.
common/debug.h | 4 ++++
1 file changed, 4 insertions(+)
commit 61acf20f26b07e2f3eb253cbfee4c473544df9a7
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-08-16
build: Include <stdint.h> for SIZE_MAX
Fixes issue #95.
common/compat.c | 1 +
1 file changed, 1 insertion(+)
commit 32d6f9d2468ea2851d16ad0e1a2046dfd8cd7fa5
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-08-14
Release 0.23.8
NEWS | 7 +++++++
configure.ac | 2 +-
2 files changed, 8 insertions(+), 1 deletion(-)
commit 6a137c035c2db373b9171cd7e0569edbe9700f9c
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-08-15
build: Include <stdint.h> for SIZE_MAX
common/array.c | 1 +
1 file changed, 1 insertion(+)
commit 5f0a948ebcf659a1f2c3d5fb30991ebdf73b5976
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-08-11
client: Fix order of cleanup
In C_GetFunctionList, state->virt is wrapped with a destroyer function
free(). Thus p11_rpc_transport_free must be called before
p11_virtual_unwrap.
p11-kit/client.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 04da143dce2d430dcc14e8a45c31177a23d7e301
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-08-08
test: Add checks for duplicate vendor attributes
p11-kit/test-uri.c | 10 ++++++++++
1 file changed, 10 insertions(+)
commit 992b6000459b9eb5159cb6826b40d7cdb6c4c412
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-08-08
uri: Make vendor query attribute handling reliable
Previously we used p11_dict to keep track of vendor query attributes.
This had a couple of limitations: duplicate attributes are not allowed
while they are actually allowed in RFC 7512, and the order of
attributes is unpredictable.
This patch switches to using an array instead of p11_dict and ensures
that the attributes are sorted in alphabetical order.
Fixes #88.
p11-kit/uri.c | 104 ++++++++++++++++++++++++++++++++++++++++++++--------------
1 file changed, 80 insertions(+), 24 deletions(-)
commit c29f51ad8ef97a1fae356dd7660e41d81cde0d09
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-08-08
common: New p11_array_insert function
common/array.c | 16 ++++++++++++++++
common/array.h | 4 ++++
2 files changed, 20 insertions(+)
commit a860db364521ca6e9046bbf60fbbb1ca2bc08711
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-08-08
common: Use reallocarray instead of realloc as appropriate
reallocarray is a new POSIX function added in glibc 2.26, with
built-in overflow checks. Take advantage of that function for
internal array allocation.
common/array.c | 9 ++++++---
common/attrs.c | 5 ++++-
common/compat.c | 17 +++++++++++++++++
common/compat.h | 8 ++++++++
configure.ac | 1 +
5 files changed, 36 insertions(+), 4 deletions(-)
commit 53402f9e5296718d22ddf1a77658067c2751f068
Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: 2017-08-01
pkcs11.h: updated information
The scute project no longer exists, and the PKCS#11 standard is
from OASIS group.
common/pkcs11.h | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
commit 2e5f24b195f11b88825ccdd97af4b8456a2c2a88
Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: 2017-08-01
pkcs11.h: added OTP-related mechanisms
common/pkcs11.h | 97 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 97 insertions(+)
commit febad3a45082167a0b882e9b36dc4915d2e0e02c
Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: 2017-08-01
pkcs11.h: added definitions of GOST CKA attributes
common/pkcs11.h | 3 +++
1 file changed, 3 insertions(+)
commit 2915740f447d0c17f8bcf5fdf4eccd82f2d9fd50
Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: 2017-07-31
pkcs11.h: added definitions of GOST mechanisms
This follows the definitions in PKCS#11 v2.40:
http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/os/pkcs11-curr-v2.40-os.html
common/pkcs11.h | 12 ++++++++++++
1 file changed, 12 insertions(+)
commit db1c3cd7eade9ec30163c394b37a4048d2e359af
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-07-03
test: Fix failure on 32-bit big endian platform
The value given to p11_rpc_buffer_add_ulong_value() must be a pointer
of CK_ULONG. Similarly, the value returned from
p11_rpc_buffer_get_ulong_value() must be converted to CK_ULONG before
comparison.
Reported by Andreas Metzler in:
https://lists.freedesktop.org/archives/p11-glue/2017-July/000665.html
p11-kit/test-rpc.c | 29 +++++++++++++++--------------
1 file changed, 15 insertions(+), 14 deletions(-)
commit bc1f7570968043ba732922f633c24474565d66c0
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-07-14
trust: Fix build error with -Werror=return-type
trust/save.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit bc2f4c69bd319313dab9d85a6f8d622501593b0a
Author: Colin Walters <walters@verbum.org>
Date: 2017-07-07
conf: Introduce P11_KIT_NO_USER_CONFIG
Currently `ca-certificates.spec` in Fedora ends up doing in `%post`:
```
/usr/bin/p11-kit extract --format=openssl-bundle --filter=certificates --overwrite --comment $DEST/openssl/ca-bundle.trust.crt
```
etc.
And due to this bit of code in p11-kit, we end up looking for the home
directory for configuration. In this case, `/root`.
It's categorically wrong to do this; the root user is distinct from
"the system". This issue is equivalent to one I fixed in Pango:
https://git.gnome.org/browse/pango/commit/?id=aecbe27c1b08f517c0e05f03308d3ac55cef490c
Fast forward to today, and the reason I'm making this change is I'm working on
`rpm-ostree ex container`, which builds containers as *non-root* (like
gnome-continuous does, but now with RPMs), keeping the invoking uid. And this
bug causes the `ca-certificates` `%post` to fail because it's trying to look for
my uid 1000 which doesn't exist in the target rootfs' password database.
Again, there's no reason to be looking for a home directory for system triggers,
regadless of UID, so once this patch lands, I'll update `ca-certificates` to use
it, and traditional RPM `%post` will stop looking in `/root` too.
p11-kit/conf.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
commit 9dd50249b597109c5956a531e44d46dc344daea5
Author: Fabian Groffen <grobian@gentoo.org>
Date: 2017-06-07
common: always use p11_dl_close wrapper
Solaris doesn't like it when dlclose is referenced using a define,
resulting in a linker error looking for a symbol version. Simply
calling the function in a normal way (instead of storing its address)
solves this linking error.
The error message seen by GNU ld is:
dlclose: invalid version 7 (max 0)
common/compat.c | 17 +++++++++++------
common/compat.h | 6 ++----
2 files changed, 13 insertions(+), 10 deletions(-)
commit 20b9df53cf07c0693257f5f01fa1ff945b4cae4a
Author: Fabian Groffen <grobian@gentoo.org>
Date: 2017-06-07
p11_get_upeer_id: implement case using ucred.h
Solaris can retrieve this information via getpeerucred().
common/unix-peer.c | 19 +++++++++++++++++++
configure.ac | 3 ++-
2 files changed, 21 insertions(+), 1 deletion(-)
commit ca9648c7c1cd38e306d7b3194900e4120eb179a0
Author: Fabian Groffen <grobian@gentoo.org>
Date: 2017-06-07
configure: pull in -lnsl -lsocket for socket functions
Solaris has socket() etc. in these two libs.
configure.ac | 7 +++++++
1 file changed, 7 insertions(+)
commit f992eb64e8cd2925a37ec09d0f5dbd00b5fbb234
Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: 2017-06-23
Be silent by default and do not print messages on stderr
As p11-kit is a library there are cases where it is not desirable
to log on stderr by default. See for example this report
https://bugzilla.redhat.com/show_bug.cgi?id=1464490
where wget prints an error due to an unconfigured pkcs11 module.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
common/message.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit af2050a585ee3f242230f69de22b643f6ad2200c
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-06-12
doc: Use correct PKCS#11 URI syntax
doc/manual/trust.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit b309aea5174d6d3af569c2c54632a35825734579
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-06-09
build: Allow use of _GNU_SOURCE
This reverts commit 6b457ffc, which forbids the use of GNU extension
for the incompatibility of strerror_r. However, now that strerror_l
is used instead on glibc systems, it has no point to do that.
common/compat.h | 4 ----
common/unix-peer.c | 5 -----
configure.ac | 3 +++
3 files changed, 3 insertions(+), 9 deletions(-)
commit efe6dc56c3951c301dda1b548d4cbcd02e074462
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-06-12
debug: Add p11_debug_err to prevent use of strerror
common/debug.c | 35 +++++++++++++++++++++++++++++++++++
common/debug.h | 15 +++++++++++++--
p11-kit/rpc-transport.c | 2 +-
3 files changed, 49 insertions(+), 3 deletions(-)
commit bf3c1a9d8e4ace4c3a92b4af56e4b62657907522
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-06-09
compat: Prefer strerror_l to strerror_r
strerror_r is being obsolete in the next POSIX specification:
http://austingroupbugs.net/view.php?id=655
common/message.c | 15 ++++++++++++++-
configure.ac | 4 ++--
2 files changed, 16 insertions(+), 3 deletions(-)
commit bf168f00e64a0291f5a718eb451915768659c160
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-05-29
Release 0.23.7
NEWS | 4 ++++
configure.ac | 2 +-
2 files changed, 5 insertions(+), 1 deletion(-)
commit fe1faa9d814a180d432e4ee97fa5b097cfb2d294
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-05-29
trust: Suppress dead-assignment warnings from clang-analyzer
trust/digest.c | 1 +
trust/extract-openssl.c | 1 -
2 files changed, 1 insertion(+), 1 deletion(-)
commit b7ba8c625637f3a161cafd81c4a8a30b1f3971b3
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-05-29
rpc: Avoid use-after-free when creating socket base directory
Spotted by clang-analyzer.
p11-kit/server.c | 1 -
1 file changed, 1 deletion(-)
commit a2a2108fce9a5cebaee17f29bda8d9edf6a0fbc8
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-05-29
rpc: Avoid calling memcmp() on NULL buffer
Spotted by clang-analyzer.
p11-kit/rpc-message.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
commit 3e65d8a23b1f0e1a4d132cf04fdbc9d588cbe02f
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-05-29
proxy: Don't call realloc() with size 0
Spotted by clang-analyzer.
p11-kit/proxy.c | 20 +++++++++++---------
1 file changed, 11 insertions(+), 9 deletions(-)
commit 350bd148d3181c564eeb884dadc37aaed7d3fb9b
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-05-29
build: Delay building test programs until "make check"
This is to disable clang-analyzer against test programs, which can
contain several false-positives.
Makefile.am | 7 +++----
common/Makefile.am | 2 +-
p11-kit/Makefile.am | 4 ++--
trust/Makefile.am | 2 +-
4 files changed, 7 insertions(+), 8 deletions(-)
commit 6738ade89f10516b589441282e95d5f13f6c1bdd
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-05-29
travis: Enable clang-analyzer
.travis.yml | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
commit cd64b9a7cb4b9f0030d17917370f50753671b93a
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-05-29
server: Avoid use-after-free
Reported by Mantas Mikulėnas in:
https://bugs.freedesktop.org/show_bug.cgi?id=101212
p11-kit/server.c | 1 -
1 file changed, 1 deletion(-)
commit 9cbf590b468f9596284c5bc34be8add09f3f5bee
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-05-26
Release 0.23.6
NEWS | 6 ++++++
configure.ac | 2 +-
2 files changed, 7 insertions(+), 1 deletion(-)
commit 80e3ce9eff5094c2c40905e2cb8b86c4aaf2329b
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-05-26
test: Check the size of unsigned long
configure.ac | 2 ++
p11-kit/test-rpc.c | 18 +++++++++---------
2 files changed, 11 insertions(+), 9 deletions(-)
commit 4de8f7a9c4f8010069402ce943e5d777cd1f3c28
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-05-26
rpc: Load advapi32.dll on the fly
p11-kit/Makefile.am | 7 -----
p11-kit/server.c | 91 +++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 91 insertions(+), 7 deletions(-)
commit 95b67e71e19a8415808b5ddf14f253561f11466f
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-05-26
remote: Remove unnecessary declaration
p11-kit/remote.h | 4 ----
1 file changed, 4 deletions(-)
commit 036c8fc6492b13eacca7433ca44b91b83abeb961
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-05-26
doc: Clarify p11-kit server documentation
doc/manual/p11-kit.xml | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
commit dd673f20e1ab4916f7565fe055b09433aa88a9b0
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-03-09
server: Port to Windows
Instead of a Unix domain socket on Unix, use a named pipe on Windows.
p11-kit/Makefile.am | 9 +-
p11-kit/server.c | 541 ++++++++++++++++++++++++++++++++++++++++++++++++----
2 files changed, 511 insertions(+), 39 deletions(-)
commit da7f0d65355089f4919bcdffca98bd833258db04
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-03-10
rpc: New p11_kit_remote_serve_tokens function
doc/manual/p11-kit-sections.txt | 1 +
p11-kit/remote.c | 118 +++++++++++++--------------------
p11-kit/remote.h | 14 ++++
p11-kit/rpc-server.c | 142 ++++++++++++++++++++++++++++++++++++++++
p11-kit/server.c | 74 +++++++++++++--------
5 files changed, 248 insertions(+), 101 deletions(-)
commit 7310d92af3b0291ab627fcf3e07800cd5b2983c8
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-03-10
remote: Name command line options consistently
p11-kit/remote.c | 4 +-
p11-kit/server.c | 183 ++++++++++++++++++++++++++++++++++---------------------
2 files changed, 116 insertions(+), 71 deletions(-)
commit dfe606d40c33a6213b89b310df0964392fd6d64d
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-05-23
rpc: Convert mechanism parameters for portability
This is similar to commit ba49b85e, but for mechanism parameters.
p11-kit/rpc-client.c | 153 +---------------------
p11-kit/rpc-message.c | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++
p11-kit/rpc-message.h | 31 +++++
p11-kit/rpc-server.c | 33 +++--
p11-kit/test-rpc.c | 66 ++++++++++
5 files changed, 467 insertions(+), 158 deletions(-)
commit 3b484b87e13e52873ea48f920132ecd96cb79cbc
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-05-23
pkcs11: Define RSA-PSS mechanism parameter
common/pkcs11.h | 11 +++++++++++
1 file changed, 11 insertions(+)
commit c11a951a24b91f80e109951b0fe2ce418ea70f17
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-05-23
pkcs11: Make CK_RSA_PKCS_OAEP_PARAMS useful
common/pkcs11.h | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
commit 9e4ea3ff80b736bddbca834eef7e7f61f4b15c23
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-05-23
rpc: Fix typo in encoding CK_DATE value
p11-kit/rpc-message.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 41b07cdf4210b299dc6c92352475c7c095f6f915
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-05-23
rpc: Factor out attribute value serializer definitions
p11-kit/rpc-message.c | 51 +++++++++++++++++++++++++--------------------------
1 file changed, 25 insertions(+), 26 deletions(-)
commit f6112aa79a251079aef344d77cbe172031db1e8b
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-05-24
rpc: Add a comment why we call _get_attribute() twice
p11-kit/rpc-server.c | 1 +
1 file changed, 1 insertion(+)
commit ba49b85ecf280e7fb6eec96c3ef33c50122e75a6
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-05-11
rpc: Convert attribute value for portability
When using the RPC across multiple architectures, where data models
are different, say LP64 vs ILP32, there can be unwanted truncation of
attribute values.
This patch converts the values into portable format for the known
attributes.
Co-authored-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
p11-kit/rpc-client.c | 63 +++----
p11-kit/rpc-message.c | 509 ++++++++++++++++++++++++++++++++++++++++++++++++--
p11-kit/rpc-message.h | 77 ++++++++
p11-kit/rpc-server.c | 35 ++--
p11-kit/test-rpc.c | 223 +++++++++++++++++++++-
5 files changed, 827 insertions(+), 80 deletions(-)
commit 480337a68446033dc9374e9c4fe4d3cae9d4e972
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-05-22
rpc: Return early if call_id of request is ERROR
Otherwise it will cause assertion failure in a few lines below.
Spotted by amrican fuzzy lop.
p11-kit/rpc-message.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
commit 8b64577c3bb4d5dd60e4939223550f2f2002284b
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-05-22
build: Add fuzzer using AFL
build/fuzz/main.c | 44 ++++++++++++++++++++++++++++++++++++
build/fuzz/rpc.in/transcript | Bin 0 -> 146 bytes
build/fuzz/rpc_fuzzer.c | 52 +++++++++++++++++++++++++++++++++++++++++++
build/fuzz/run-afl.sh | 46 ++++++++++++++++++++++++++++++++++++++
build/fuzz/transcript | Bin 0 -> 5694933 bytes
5 files changed, 142 insertions(+)
commit 723dfeb3dd9b8426c4c1d6236f4b22354c122dae
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-05-18
trust: Simplify the check for the magic
Instead of reusing the CKA_X_GENERATED attribute, check the file
contents directly in the caller side.
trust/parser.c | 7 +++----
trust/persist.c | 19 +++++++++++--------
trust/persist.h | 3 +++
3 files changed, 17 insertions(+), 12 deletions(-)
commit 66c6a7e912d39d66cd4cc91375ac7be418bf7176
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-05-18
trust: Check magic comment in persist file for modifiablity
A persistent file written by the trust module starts with the line "#
This file has been auto-generated and written by p11-kit". This can
be used as a magic word to determine whether the objects read from a
.p11-kit file are read-only.
trust/parser.c | 6 +++++-
trust/persist.c | 9 ++++++++-
trust/test-token.c | 1 +
3 files changed, 14 insertions(+), 2 deletions(-)
commit acf8c4a91a76bf8049f6bfbd95b04e2e36bae4ea
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-05-18
Revert "trust: Honor "modifiable" setting in persist file"
This reverts commit 8eed1e60b0921d05872e2f43eee9088cef038d7e, which
broke "trust anchor --remove".
trust/input/verisign-v1.p11-kit | 1 -
trust/parser.c | 10 +---------
trust/test-parser.c | 1 -
3 files changed, 1 insertion(+), 11 deletions(-)
commit 5a52fe4fa8dffdaf33cd024e1a4b18c8facb451c
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-03-09
remote: Fix typo when writing a credential byte
out_fd is not always 1 when p11_kit_remote_serve_module() is used for
writing a custom server.
p11-kit/rpc-server.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 13160c1f95758387dffc41345e20d89ff9b5a5c0
Author: Daniel Black <danielgb@au.ibm.com>
Date: 2017-03-06
correct text for --user-config option
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 817a1c67c407850ab1756fdacb1c38e4bded5509
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-03-01
Release 0.23.5
NEWS | 5 +++++
configure.ac | 2 +-
2 files changed, 6 insertions(+), 1 deletion(-)
commit a827b55fed09b72ffd0e176c6630cb7b591c6e04
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-02-28
build: Remove systemd unit files for now
Given that the remote proxy service shall be only used by NetworkManager
and not generally useful, revert commit
a4fb2bb587fb1a0146cf97f039b671d3258488f9 for now.
Once the necessary command that runs the proxy module is implemented in
p11-kit, maybe NetworkManager itself could install those files.
p11-kit/Makefile.am | 19 -------------------
p11-kit/p11-kit-remote.socket | 10 ----------
p11-kit/p11-kit-remote@.service.in | 10 ----------
3 files changed, 39 deletions(-)
commit 7053ace4ae5b3e2129e5a8ffe482420bfc14f894
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-02-24
systemd: Fix location of p11-kit-remote
The p11-kit-remote executable is now located under $libexecdir, but we
should use the p11-kit command to launch the subcommand.
Makefile.am | 2 ++
configure.ac | 1 -
p11-kit/Makefile.am | 8 ++++++++
p11-kit/p11-kit-remote@.service.in | 2 +-
4 files changed, 11 insertions(+), 2 deletions(-)
commit 156b0c9249f6da54195d2a6a817ea92552e78bf8
Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: 2017-02-27
fixed license in unix peer file
common/unix-peer.c | 39 +++++++++++++++++++++++++++------------
1 file changed, 27 insertions(+), 12 deletions(-)
commit b674c94029fd2012d8a5cba13a9e7b8dd097ac56
Author: Roman Bogorodskiy <bogorodskiy@gmail.com>
Date: 2017-02-23
build: add missing includes for FreeBSD
Include signal.h for kill(2) and SIGKILL on FreeBSD.
p11-kit/test-transport.c | 1 +
1 file changed, 1 insertion(+)
commit bc6fec4422ddc84541776b6f0cfca1542e28f350
Author: Roman Bogorodskiy <bogorodskiy@gmail.com>
Date: 2017-02-23
build: check for getpeereid
In common/unix-peer.c, we are checking if HAVE_GETPEEREID is defined,
however, we never actually check if getpeereid() is available, so
fix that by checking this function using AC_CHECK_FUNCS().
configure.ac | 1 +
1 file changed, 1 insertion(+)
commit 54d9f0799e32796f8e762d8b58ecd4e3dd3fef82
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-02-17
Release 0.23.4
NEWS | 17 +++++++++++++++++
configure.ac | 6 +++---
2 files changed, 20 insertions(+), 3 deletions(-)
commit 1e80b5858a90497879e1e3faee4c7f76d5cbd6f0
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-02-20
uri: Support vendor query attributes
If an unknown attribute is present in the query part of the PKCS#11 URI,
the parser treated it as unrecognized and subsequent matches failed.
Instead, keep track of such attributes and provide a set of API to deal
with them.
doc/manual/p11-kit-sections.txt | 2 +
p11-kit/test-uri.c | 40 ++++++++++++++++
p11-kit/uri.c | 100 +++++++++++++++++++++++++++++++++++++++-
p11-kit/uri.h | 6 +++
4 files changed, 146 insertions(+), 2 deletions(-)
commit eb65a85a4abfbab489f271c9f074409ba46ce8f5
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-02-21
rpc: Make it less verbose about connection failure
The connection failure here is not fatal. Use p11_debug() instead of
p11_message().
p11-kit/rpc-transport.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit c65752d596e69f48ebe67694cfb2a91697a676bf
Author: Mantas Mikulėnas <grawity@gmail.com>
Date: 2017-02-20
rpc: Try $XDG_CACHE_HOME before ~/.cache
This is unset on most systems, but might as well follow the Base
Directory spec properly.
p11-kit/client.c | 11 +++++++++++
1 file changed, 11 insertions(+)
commit 8eed1e60b0921d05872e2f43eee9088cef038d7e
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-02-17
trust: Honor "modifiable" setting in persist file
Previously, all objects read from p11-kit persist files are marked as
modifiable when parsing, regardless of the explicit "modifiable: false"
setting in the file.
Reported by Kai Engert in:
https://bugs.freedesktop.org/show_bug.cgi?id=99797
trust/input/verisign-v1.p11-kit | 1 +
trust/parser.c | 10 +++++++++-
trust/test-parser.c | 1 +
3 files changed, 11 insertions(+), 1 deletion(-)
commit 0684cd7b7f815b411ea5041c021f92ca5ef42606
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-01-11
rpc: Add PKCS#11 module that connects to socket
This patch adds a PKCS#11 module that connects to the p11-kit server
exposed on the filesystem. The filename of the socket is determined in
the following order:
- $P11_KIT_SERVER_ADDRESS, if the envvar is available
- $XDG_RUNTIME_DIR/p11-kit/pkcs11, if the envvar is available
- /run/$(id -u)/p11-kit/pkcs11, if /run/$(id -u) exists
- /var/run/$(id -u)/p11-kit/pkcs11, if /var/run/$(id -u) exists
- ~/.cache/p11-kit/pkcs11.
Note that the program loading this module may have called setuid() and
secure_getenv() which we use for fetching envvars could return NULL.
Makefile.am | 3 +
doc/manual/Makefile.am | 1 +
doc/manual/p11-kit.xml | 17 ++++
p11-kit/Makefile.am | 58 ++++++++++---
p11-kit/client-init.c | 109 +++++++++++++++++++++++++
p11-kit/client.c | 215 +++++++++++++++++++++++++++++++++++++++++++++++++
p11-kit/client.h | 41 ++++++++++
p11-kit/modules.c | 10 +++
p11-kit/proxy-init.c | 98 ++++++++++++++++++++++
p11-kit/remote.c | 2 +-
p11-kit/util.c | 57 -------------
trust/Makefile.am | 3 +-
12 files changed, 543 insertions(+), 71 deletions(-)
commit c28ff652e5d6c6ddff513716e22064e0e17a58d3
Author: Daiki Ueno <dueno@redhat.com>
Date: 2016-12-25
remote: Add API to serve a token
doc/manual/p11-kit-sections.txt | 1 +
p11-kit/remote.h | 5 +++++
p11-kit/rpc-server.c | 37 +++++++++++++++++++++++++++++++++++++
3 files changed, 43 insertions(+)
commit 426b693aa7fe2e9750abf8cb39f28251a4b54668
Author: Daiki Ueno <dueno@redhat.com>
Date: 2016-12-26
remote, server: Recognize PKCS#11 URI
p11-kit/remote.c | 77 ++++++++++++++++++++++++++++++++++++++++++++++++++------
1 file changed, 69 insertions(+), 8 deletions(-)
commit 4bac7e0e95712a4c7bfd03471c973f491ad81df4
Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: 2016-08-24
p11-kit: Add 'p11-kit server' command
This adds a new tool to the p11-kit command called 'server', which
allows us to access a PKCS#11 module over a Unix domain socket.
Internally, it is implemented as a wrapper around 'p11-kit remote'.
Upon connection it executes 'p11-kit remote' in a forked process.
configure.ac | 3 +
p11-kit/Makefile.am | 14 ++
p11-kit/server.c | 578 ++++++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 595 insertions(+)
commit f2742c72bc29444bcfe63425819506fa42073d64
Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: 2016-08-24
common: New p11_get_upeer_id() function
common/Makefile.am | 6 ++++
common/unix-peer.c | 84 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
common/unix-peer.h | 42 +++++++++++++++++++++++++++
3 files changed, 132 insertions(+)
commit 89fa381ce5573a925b90da973cd8956937d79caa
Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: 2016-08-24
rpc: New rpc_unix transport based on Unix socket
p11-kit/rpc-transport.c | 89 +++++++++++++++++++++++++++++++++++
p11-kit/test-transport.c | 118 +++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 207 insertions(+)
commit 3bab48000c4e61104b30ac379806cad3e1376ea6
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-01-25
common: Add path encoding functions
This adds p11_path_{encode,decode}(), following the escaping rule
described in:
https://dbus.freedesktop.org/doc/dbus-specification.html#addresses
Although they are merely a wrapper around p11_url_{decode,encode}(),
having dedicated functions hides the implementation details.
common/path.c | 33 +++++++++++++++++++++++++++++++++
common/path.h | 4 ++++
common/test-path.c | 22 ++++++++++++++++++++++
3 files changed, 59 insertions(+)
commit 5442b1cfa13da9307cc38a8fd289a67a05fe26ad
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-02-15
travis: Enable mingw64 cross build
.travis.yml | 16 +++++++++++-----
1 file changed, 11 insertions(+), 5 deletions(-)
commit 98f02ef5ebf6966af4937dd2f730d808f13d8a1c
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-02-16
trust: Fix uninitialized value in anchor command
trust/anchor.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 6dfa59954d882971e4516192f18319cbc75b5e4b
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-02-16
library: Initialize p11_virtual_mutex for Windows
common/library.c | 2 ++
1 file changed, 2 insertions(+)
commit 8594841ed349818bb8cb43a57b734a7945427c64
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-02-16
test: Fix modules test for Windows
Synchronize the fixture module to the non-Unix one and enable
"/modules/test_filename".
p11-kit/fixtures/system-modules/win32/one.module | 4 +++-
p11-kit/test-modules.c | 4 +---
2 files changed, 4 insertions(+), 4 deletions(-)
commit 63b31ebfa1a978789cb31635fd95d00d7e398fa2
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-02-15
trust: Fix saving trust file on Windows
trust/save.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
commit 99aabc614cce4e0a9751d9409546c34abc1fe2db
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-02-15
test: Fix Windows test case for p11_path_expand
common/test-path.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit b534f1801d82c565e38305b2ed73dd00dc165f65
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-02-15
rpc: Port exec transport to Windows
On Windows, use _spawnv() to create a subprocess and two unidirectional
pipe created with _pipe() to communicate with it. If we can assume
WinSock, it might be simpler to use a socketpair() replacement from:
https://github.com/ncm/selectable-socketpair.
p11-kit/rpc-transport.c | 275 ++++++++++++++++++++++++++++++++++++++++++------
1 file changed, 245 insertions(+), 30 deletions(-)
commit 46e35810f8e9774bd5984b9fcb6d92450bf6ba0a
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-02-15
build: Adjust executable/module names for Windows
Append EXEEXT or SHLEXT to the filename if needed.
configure.ac | 2 ++
p11-kit/p11-kit.c | 7 ++++++-
p11-kit/test-transport.c | 4 ++--
3 files changed, 10 insertions(+), 3 deletions(-)
commit 69293e9e894c9a3141f8d59e78a81b3fcf2beb28
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-02-01
build: Avoid undefined reference to rpc_exec_init
p11-kit/rpc-transport.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
commit 7b5ad15a68ab7fc0a0cb051f641120c6301694a7
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-02-01
build: Include <unistd.h> for execv
trust/extract.c | 1 +
1 file changed, 1 insertion(+)
commit b78bc9304b21da16312473b1f4dc0f8870fb8df9
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-02-01
build: Check *asprintf on all platforms
configure.ac | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
commit b16500f93407aef72445b03c1ee96c6768917906
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-02-15
argv: Fix misinterpretation of backslash in quotes
Don't append the backslash character twice to the output. It is
interpolated a few lines below, if it is really required.
common/Makefile.am | 4 ++
common/argv.c | 2 +-
common/test-argv.c | 114 +++++++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 119 insertions(+), 1 deletion(-)
commit 873d391fa5015e8c5c82457a0641ed5bb1e2b7e3
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-02-16
compat: Fix character generation in mk{s,d}temp()
common/compat.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit b8f1e4febe31f18bf63a3a9ad0e336ede82dd0f1
Author: Kai Engert <kaie@kuix.de>
Date: 2017-02-02
Fix a typo in "x-cetrificate-value", see also https://bugs.freedesktop.org/show_bug.cgi?id=99600
common/constants.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit dbadd5da6ccbb17ec5c4bbb142fdc244b4903bfb
Author: Kai Engert <kaie@kuix.de>
Date: 2017-02-02
Support loading new NSS attribute CKA_NSS_MOZILLA_CA_POLICY from .p11-kit files.
See also NSS bug https://bugzilla.mozilla.org/show_bug.cgi?id=1334976
and p11-kit bug https://bugs.freedesktop.org/show_bug.cgi?id=99453
common/constants.c | 1 +
common/pkcs11x.h | 1 +
trust/builder.c | 1 +
trust/persist.c | 1 +
4 files changed, 4 insertions(+)
commit ee740e904030c3fb2640f524014474a510dda7eb
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-02-16
library: Deinit p11_virtual_mutex
Follow-up fix for commit 4d228aa0, which forgot to clear
p11_virtual_mutex on library finalization.
common/library.c | 1 +
1 file changed, 1 insertion(+)
commit 4d228aa0129bcafb97d7196d8c18e379b492406d
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-02-14
virtual: Move mutex into p11_library_init()
We used to provide p11_virtual_fixed_{,un}init() to only initialize a
mutex used in virtual.c. That required all the tests calling virtual
functions to call p11_virtual_fixed_{,un}init() in main().
For simplicity, move the mutex variable initialization into
p11_library_init().
common/library.c | 3 +++
common/library.h | 3 +++
p11-kit/util.c | 5 -----
p11-kit/virtual-fixed.h | 3 ---
p11-kit/virtual.c | 27 +++++----------------------
5 files changed, 11 insertions(+), 30 deletions(-)
commit 1ea08989cecee217befd3b964b5a4f0d584e2a29
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-02-13
trust: Revert to the original 'extract' behavior
Since commit f4384a40, due to a missing ex->flags setting, the 'trust
extract' command didn't retrieve correlation between related objects and
that was causing assertion failure when writing PEM files.
https://bugs.freedesktop.org/show_bug.cgi?id=99795
trust/extract.c | 1 +
1 file changed, 1 insertion(+)
commit fd9b5c19485e2b88150696b523d889df2ed41cba
Author: Daiki Ueno <dueno@redhat.com>
Date: 2016-12-13
filter: New virtual wrapper for access control
doc/manual/Makefile.am | 1 +
p11-kit/Makefile.am | 5 +
p11-kit/filter.c | 420 +++++++++++++++++++++++++++++++++++++++++++++++++
p11-kit/filter.h | 55 +++++++
p11-kit/test-filter.c | 143 +++++++++++++++++
5 files changed, 624 insertions(+)
commit 3d54011b0d0bf1b31fbab8d7025b7201722d61c3
Author: Daiki Ueno <dueno@redhat.com>
Date: 2016-12-17
iter: Enable iteration over slots/tokens/modules
While PKCS#11 URI can identify slots/tokens/modules, P11KitIter is only
capable of iterating over objects.
This patch adds new behaviors to P11KitIter to support iterations over
slots/tokens/modules, using the C coroutine trick as described in:
http://www.chiark.greenend.org.uk/~sgtatham/coroutines.html
doc/manual/p11-kit-sections.txt | 2 +
p11-kit/iter.c | 149 +++++++++++++++++++++++++++++++-------
p11-kit/iter.h | 16 +++-
p11-kit/test-iter.c | 157 +++++++++++++++++++++++++++++++++++++++-
4 files changed, 297 insertions(+), 27 deletions(-)
commit 77913af71be81208b4e9af68cd10bc55669543e1
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-01-23
uri: Relax pin-* parsing for compatibility
While 'pin-source' and 'pin-value' are defined as query atttribute, they
were defined as path attribute in earlier drafts, and some
implementations still stick to it.
For backward compatibility, accept those in path attributes when
parsing (but not when formatting).
Reported by Andreas Metzler in:
https://lists.freedesktop.org/archives/p11-glue/2017-January/000637.html
p11-kit/uri.c | 31 ++++++++++++++++++++++++++-----
1 file changed, 26 insertions(+), 5 deletions(-)
commit cfa9fefb2b4c4d8c1d38284817c61dcf5d3f4716
Author: Stef Walter <stefw@redhat.com>
Date: 2017-01-29
trust: Implement a 'trust dump' command
This dumps all the PKCS#11 objects in the internal .p11-kit
persistence format.
This is part of the trust command and tooling, even though
at some point it could go in the p11-kit command. The reason
for this is that the code related to the internal .p11-kit
objects is in the trust code, and consumed solely by the
trust related modules.
doc/manual/trust.xml | 39 +++++++++++
trust/Makefile.am | 1 +
trust/dump.c | 191 +++++++++++++++++++++++++++++++++++++++++++++++++++
trust/dump.h | 43 ++++++++++++
trust/trust.c | 2 +
5 files changed, 276 insertions(+)
commit 2a46d81d84682181e0108ff2e5f973f7a319d25f
Author: Stef Walter <stefw@redhat.com>
Date: 2017-01-29
trust: Don't encode spaces when writing .p11-kit format
These should not be encoded by default for readability in
strings.
trust/persist.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 6caa48db1cab9a4d680062edcd139d9625c5aa7f
Author: Stef Walter <stefw@redhat.com>
Date: 2017-01-29
trust: Add an "all" filter option for trust commands
trust/enumerate.c | 3 +++
1 file changed, 3 insertions(+)
commit f4384a40657e6abde6658ac7600abb879818b493
Author: Stef Walter <stefw@redhat.com>
Date: 2017-01-29
trust: Make extraction and correlation of certificate info optional
This is so that the code can be shared by the upcoming 'trust dump'
command where correlation between related objects is not desired.
trust/enumerate.c | 28 +++++++++++++++-------------
trust/enumerate.h | 1 +
trust/list.c | 1 +
trust/test-bundle.c | 1 +
trust/test-cer.c | 1 +
trust/test-enumerate.c | 16 ++++++++++------
trust/test-openssl.c | 1 +
7 files changed, 30 insertions(+), 19 deletions(-)
commit d5a2d993c8e983290aea33fac2a086240af39c6b
Author: Stef Walter <stefw@redhat.com>
Date: 2017-01-29
trust: Load all attributes for each object when enumerating
We load all known attributes for each object we're enumerating
over in the 'trust list' and 'trust extract' commands.
trust/enumerate.c | 38 +++++++++++++++++++++-----------------
1 file changed, 21 insertions(+), 17 deletions(-)
commit 9bb1613011370b00c7b561d7de30c205a246a586
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-01-25
virtual: Make virtual-fixed internal API cleaner
Add proper inclusion guard to virtual-fixed.h and move the declarations
of the (un)initialization functions there.
p11-kit/util.c | 10 +++++-----
p11-kit/virtual-fixed.h | 9 +++++++++
p11-kit/virtual.c | 4 ++--
p11-kit/virtual.h | 4 ----
4 files changed, 16 insertions(+), 11 deletions(-)
commit 08ecac9deb63904c6482eab64198580aac9e1a4e
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-01-25
test: Release transport mock module
To prevent leaks of fixed closures, p11_kit_module_release() needs to be
called on the mock module itself.
p11-kit/test-transport.c | 1 +
1 file changed, 1 insertion(+)
commit c01b59e5594b395cf084068e513a68f63c9b95a4
Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: 2016-11-30
test: Check exhaustion of fixed closures
p11-kit/test-managed.c | 49 +++++++++++++++++++++++++++++++++++++++++++++----
p11-kit/test-modules.c | 38 +++++++++++++++++++++++++++++++++++++-
2 files changed, 82 insertions(+), 5 deletions(-)
commit 9f632bed73c8800af16a69c97bd4c315bd350f8b
Author: Daiki Ueno <dueno@redhat.com>
Date: 2016-08-26
build: Make libffi closure optional
libffi's closure support is not available on all platforms and may fail
at run time if running under a stricter SELinux policy. Fallback to
pre-compiled closures if it is not usable.
https://bugs.freedesktop.org/show_bug.cgi?id=97611
configure.ac | 11 -
doc/manual/Makefile.am | 1 +
p11-kit/Makefile.am | 5 +-
p11-kit/modules.c | 26 +-
p11-kit/proxy.c | 2 +-
p11-kit/test-init.c | 12 +-
p11-kit/test-virtual.c | 1 -
p11-kit/util.c | 5 +
p11-kit/virtual-fixed.h | 1135 +++++++++++++++++++++++++++++++++++++++++++++++
p11-kit/virtual.c | 614 ++++++++++++++++++++-----
p11-kit/virtual.h | 6 +-
11 files changed, 1662 insertions(+), 156 deletions(-)
commit 91861f634a1299af28a29de70c45f469562123f6
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-01-23
maint: Add .dir-locals.el file for Emacs
.dir-locals.el | 1 +
1 file changed, 1 insertion(+)
commit 7f6488fc95a2cbd3b8012923d6fd522a83ae6bba
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-01-23
travis: Enable strict code compilation
.travis.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 1e0bc1f164ce73f9feeeb14754d09072b3e9bc68
Author: Roman Bogorodskiy <bogorodskiy@gmail.com>
Date: 2017-01-21
Fix compiler warnings on FreeBSD
* common/compat.c: Fix "implicit declaration of function 'issetugid'"
warning. On FreeBSD, it's required to define __BSD_VISIBLE to make
issetugid(2) visible
* common/test-message.c: Fix "implicit declaration of function
'asprintf'" by including <stdio.h>
* p11-kit/test-iter.c: Fix "format '%lu' expects argument of
type 'long unsigned int', but argument 3 has type 'int'" by
changing format string to "%d"
common/compat.c | 4 ++++
common/test-message.c | 1 +
p11-kit/test-iter.c | 2 +-
3 files changed, 6 insertions(+), 1 deletion(-)
commit a4fb2bb587fb1a0146cf97f039b671d3258488f9
Author: Lubomir Rintel <lkundrak@v3.sk>
Date: 2016-12-08
systemd: add per-user remoting socket
This allows daemons outside user's session to use per-user PKCS#11
modules. Useful for letting VPN daemons or wpa_supplicant use
certificates stored in user's GNOME keyring, etc.
.gitignore | 1 +
configure.ac | 1 +
p11-kit/Makefile.am | 11 +++++++++++
p11-kit/p11-kit-remote.socket | 10 ++++++++++
p11-kit/p11-kit-remote@.service.in | 10 ++++++++++
5 files changed, 33 insertions(+)
commit 563606efe17cbf3b84679f5e54f60b8d68ba9015
Author: Lubomir Rintel <lkundrak@v3.sk>
Date: 2015-11-03
common: use recursive pthread mutex for library lock
This allows us to do nested locking within one thread avoiding a lockup
when remoting the p11-kit-proxy.so module:
#0 0x00007f190f35838d in __lll_lock_wait () from /lib64/libpthread.so.0
#1 0x00007f190f351e4d in pthread_mutex_lock () from /lib64/libpthread.so.0
#2 0x00007f190f98657f in C_GetFunctionList (list=0x7ffe7ec3f798) at p11-kit/proxy.c:2355
#3 0x00007f190f993cc9 in dlopen_and_get_function_list (funcs=0x7ffe7ec3f798, path=0x7ffe7ec40926 "/usr/local/lib/p11-kit-proxy.so", mod=0x249e3d0) at p11-kit/modules.c:337
#4 load_module_from_file_inlock (name=name@entry=0x0, path=path@entry=0x7ffe7ec40926 "/usr/local/lib/p11-kit-proxy.so", result=result@entry=0x7ffe7ec3f7e8) at p11-kit/modules.c:382
#5 0x00007f190f99587f in p11_kit_module_load (module_path=module_path@entry=0x7ffe7ec40926 "/usr/local/lib/p11-kit-proxy.so", flags=flags@entry=0) at p11-kit/modules.c:2427
#6 0x0000000000401c4b in serve_module_from_file (file=0x7ffe7ec40926 "/usr/local/lib/p11-kit-proxy.so") at p11-kit/remote.c:105
#7 main (argc=1, argv=<optimized out>) at p11-kit/remote.c:169
The Windows NT mutex is aready recursive by default.
common/compat.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit cfc654b2a532aa1adf3cda4bdee8b1397920f912
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-01-18
uri: Support query attributes to specify module
Accept and produce 'module-name' and 'module-path' query attributes
defined in RFC 7512.
doc/manual/p11-kit-sections.txt | 4 ++
p11-kit/test-uri.c | 115 ++++++++++++++++++++++++++++++++++++++
p11-kit/uri.c | 121 +++++++++++++++++++++++++++++++++++++---
p11-kit/uri.h | 10 ++++
4 files changed, 241 insertions(+), 9 deletions(-)
commit a126365a49547da6b532210a886bb5d5fc531b77
Author: Daiki Ueno <dueno@redhat.com>
Date: 2017-01-16
uri: Avoid typecasting confusion on s390x
Like memcpy(), the 'void *' argument of p11_buffer_add() points to the
memory area ordered in host's endianness. Add typecast of int->char to
avoid the confusion.
Reported by Andreas Metzler in:
https://lists.freedesktop.org/archives/p11-glue/2017-January/000633.html
p11-kit/uri.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
commit 726c08847c263af9c9fd8c74aea738612795dbb6
Author: Lubomir Rintel <lkundrak@v3.sk>
Date: 2016-12-28
uri: fix producing the query attributes
Put the pin-* attributes where they belong: to the query part.
p11-kit/test-uri.c | 2 +-
p11-kit/uri.c | 81 +++++++++++++++++++++++++++++++-----------------------
2 files changed, 48 insertions(+), 35 deletions(-)
commit cbf1e42e39c030edb3e2c72ae9b4d7dd7ccf3eea
Author: Lubomir Rintel <lkundrak@v3.sk>
Date: 2016-12-28
uri: fix the query attribute parsing
The pin-* attributes belong to the query part. We should not parse them
until we see a '?' and they're separated with a '&'.
This might be an important thing -- some of the query attributes may
have security implications reaching outside scope of the token itself, to the
host system itself. E.g. a pin-source may cause the consumer to access a file
or module-path (unimplemented) execute code. The user may want to just chop the
attribute part off if they want the consumer access the token and not take the
security considerations into account.
p11-kit/test-uri.c | 6 +++---
p11-kit/uri.c | 50 +++++++++++++++++++++++++++++++++++++++-----------
2 files changed, 42 insertions(+), 14 deletions(-)
commit 287ae8c14145d9cef55079e4de36b1607176cf89
Author: Roman Bogorodskiy <bogorodskiy@gmail.com>
Date: 2017-01-07
build: improve p11-kit-proxy symlink handling
- Current command for creation of the p11-kit-proxy symlink
uses shell brace expansion that isn't supported by all
the shells (e.g. FreeBSD's /bin/sh does not support that).
Replace it with the old-fashioned 'for' loop
- Match extension of the source and the target, i.e. so links
to so, dylib links to dylib (previously dylib linked to so)
- Add an uninstall-local target to clean up the symlink
p11-kit/Makefile.am | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
commit 794385d24fe794455798946ce9de1e2280e78a8c
Author: Daiki Ueno <dueno@redhat.com>
Date: 2016-12-13
Release version 0.23.3
NEWS | 10 ++++++++++
configure.ac | 6 +++---
2 files changed, 13 insertions(+), 3 deletions(-)
commit 62d7cd6a0e1ce76b2dd6c5a44933cee1bac93c19
Author: Daiki Ueno <dueno@redhat.com>
Date: 2016-12-19
doc: More tweaks for gtk-doc
doc/manual/p11-kit-sections.txt | 7 +++++++
1 file changed, 7 insertions(+)
commit eb6433f0d1406d3dda42c98fa94060cab5d5d0ac
Author: Daiki Ueno <dueno@redhat.com>
Date: 2016-12-19
doc: Mention new API functions
doc/manual/p11-kit-sections.txt | 6 ++++++
1 file changed, 6 insertions(+)
commit 4442748b1cbb4da4f355ece6d498a2272e2c7238
Author: Andreas Metzler <ametzler@bebt.de>
Date: 2016-12-15
rpc: Fix typo flagged by lintian
p11-kit/rpc-server.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 9773fa8ca877d305a5dea26d07cfcfc445232ae2
Author: Daiki Ueno <dueno@redhat.com>
Date: 2016-12-13
test: Remove setgid()ed copy of frob-getenv
Otherwise the file is left in builddir, after make distclean.
common/test-compat.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
commit 5af8da1f4949807925e23b866f6280dcf7d74f87
Author: Daiki Ueno <dueno@redhat.com>
Date: 2016-12-13
test: Fix privatedir substitution in test-extract
Since $privatedir expands to "${libexecdir}/p11-kit", $libexecdir must
be substituted in the script beforehand.
trust/test-extract.in | 1 +
1 file changed, 1 insertion(+)
commit 352d2090628d6a040846508e51de06318b69a475
Author: Daiki Ueno <dueno@redhat.com>
Date: 2016-12-06
pkcs11: Update CRYPTOKI_VERSION to 2.40
common/pkcs11.h | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
commit 5287a57b9e6d96504af4ad0f989328397f845d55
Author: Daiki Ueno <dueno@redhat.com>
Date: 2016-12-06
pkcs11: Add CK_RSA_PKCS_OAEP_PARAMS definition
https://bugzilla.redhat.com/show_bug.cgi?id=1191209
common/pkcs11.h | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
commit 15a28b263f37de4796899dff04bcf3886f9d010e
Author: Daiki Ueno <dueno@redhat.com>
Date: 2016-12-06
pkcs11: Add CKA_COPYABLE definition
https://bugzilla.redhat.com/show_bug.cgi?id=1191231
common/pkcs11.h | 1 +
1 file changed, 1 insertion(+)
commit ccc81bbfaffb5617a509126b8f882b6c930434e3
Author: Daiki Ueno <dueno@redhat.com>
Date: 2016-12-06
pkcs11: Add AES key wrap mechanisms
https://bugzilla.redhat.com/show_bug.cgi?id=1191231
common/pkcs11.h | 3 +++
1 file changed, 3 insertions(+)
commit b034e8601036c41acfcbd39f12fcd4bfb75dfd13
Author: Pankaj <pankaj.s01@samsung.com>
Date: 2016-09-20
proxy: Remove redundant NULL check
https://bugs.freedesktop.org/show_bug.cgi?id=93589
p11-kit/proxy.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit f8ff3bec65e31dad1cabe0bd3e2f1fae9ef77f40
Author: Pankaj <pankaj.s01@samsung.com>
Date: 2016-09-20
modules: Remove redundant NULL check
https://bugs.freedesktop.org/show_bug.cgi?id=93588
p11-kit/modules.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 873e52cc72701f7a5714a5006f15810ba5981d10
Author: Pankaj <pankaj.s01@samsung.com>
Date: 2016-09-20
proxy: Check return value of calloc()
https://bugs.freedesktop.org/show_bug.cgi?id=92815
p11-kit/proxy.c | 1 +
1 file changed, 1 insertion(+)
commit 2cf22900bbcb3a0f3d11b56ad262bef33e997a00
Author: Pankaj <pankaj.s01@samsung.com>
Date: 2016-09-20
mock: Check return value of calloc()
https://bugs.freedesktop.org/show_bug.cgi?id=92813
common/mock.c | 1 +
1 file changed, 1 insertion(+)
commit 694c95d8da89e2f6aae47c7c379b3c0e2b9adbe8
Author: Daiki Ueno <dueno@redhat.com>
Date: 2016-12-06
doc: State 'p11-kit trust' is a deprecated form
https://bugzilla.redhat.com/show_bug.cgi?id=1160783
doc/manual/p11-kit.xml | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
commit b3418c2f0d223955723df7d65a31026ad038d943
Author: Daiki Ueno <dueno@redhat.com>
Date: 2016-09-23
trust: Don't add CKA_TRUSTED to extension object
While 'trust anchor' command tries to add CKA_TRUSTED attribute to any
object, it is only valid for a certificate object.
https://bugzilla.redhat.com/show_bug.cgi?id=1158926
trust/anchor.c | 35 +++++++++++++++++++++++++++++++++--
1 file changed, 33 insertions(+), 2 deletions(-)
commit 65e8ad30e7832f3a979f88f4308cfa4f9a969829
Author: Daiki Ueno <dueno@redhat.com>
Date: 2016-09-22
common, trust: Avoid integer overflow
This fixes issues pointed in:
https://bugzilla.redhat.com/show_bug.cgi?id=985445
except for p11-kit/conf.c:read_config_file(), which was rewritten using
mmap() and thus length calculation is no longer needed.
common/compat.c | 8 ++++++--
common/path.c | 2 ++
common/url.c | 2 +-
trust/base64.c | 5 +++++
4 files changed, 14 insertions(+), 3 deletions(-)
commit 99c3d823fc96c47af4810a5ee091501721159a48
Author: Stanislav Brabec <sbrabec@suse.com>
Date: 2016-11-22
move privatedir from libdir to libexecdir
According to the GNU Coding Standards[1], private executables should be
installed to libexecdir, not libdir.
Move privatedir to libexecdir.
[1] https://www.gnu.org/prep/standards/
https://bugs.freedesktop.org/show_bug.cgi?id=98817
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit c7d33b9fc54d618feda8960f12c71214dc9ec697
Author: Daiki Ueno <dueno@redhat.com>
Date: 2016-09-27
trust: Avoid confusion in DER/PEM decoding
Previously p11-kit-trust.so tried to interpret certificate as PEM format
first. This could cause potential conflict if the certificate were
actually in DER format and contained a PEM marker strings.
https://bugs.freedesktop.org/show_bug.cgi?id=92063
trust/test-token.c | 18 ++++++++++
trust/test-trust.h | 96 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
trust/token.c | 2 +-
3 files changed, 115 insertions(+), 1 deletion(-)
commit 2b86585f1b1d140b73b693c81aac8b4a9af1cb8d
Author: Stef Walter <stefw@redhat.com>
Date: 2016-11-29
doc: Update documentation to point towards GitHub
The p11-kit code has moved to GitHub. The documentation needs
an update.
HACKING | 5 ++++-
doc/manual/p11-kit-devel.xml | 2 +-
2 files changed, 5 insertions(+), 2 deletions(-)
commit 8046370a9d0c8333d84a1294c302d21634729cc8
Author: Lubomir Rintel <lkundrak@v3.sk>
Date: 2016-11-28
test-conf: don't create the setuid copy in /tmp
The temporary directory is often mounted with nosuid, thus whatever runs
from there doesn't get AT_SECURE in auxv.
common/test.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 9cb55d7357db929960dca26b9f22f488b756bac2
Author: Daiki Ueno <dueno@redhat.com>
Date: 2016-09-27
trust: Clarify the error message of 'extract'
https://bugzilla.redhat.com/show_bug.cgi?id=1154693
trust/extract.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
commit d6d0dfd10e360fdcb974e74abe92bb0910bdf172
Author: Daiki Ueno <dueno@redhat.com>
Date: 2016-09-23
trust: Mention anchor --remove option in help
https://bugzilla.redhat.com/show_bug.cgi?id=1158467
trust/anchor.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
commit 1d2276dc20153eb513d67aeb3464cf0c1edf6d38
Author: Daiki Ueno <dueno@redhat.com>
Date: 2016-09-22
trust: Reject invalid UTF-8 input
Merge changes from utf8.c in FreeBSD's libc:
https://svnweb.freebsd.org/base/head/lib/libc/locale/utf8.c?revision=290494&view=markup#l196
https://bugzilla.redhat.com/show_bug.cgi?id=985449
trust/test-utf8.c | 2 ++
trust/utf8.c | 6 ++++++
2 files changed, 8 insertions(+)
commit 3846526ee94f6b4bbc0ea07d9d3cb72ed9f92707
Author: Daiki Ueno <dueno@redhat.com>
Date: 2016-09-22
pkg-config: Expose p11_trust_paths variable
The variable is mentioned in the manual but wasn't exposed from the
pkg-config.
p11-kit/p11-kit-1.pc.in | 1 +
1 file changed, 1 insertion(+)
commit c32a16ce821cf37307e53139027c5939c0b1925b
Author: Daiki Ueno <dueno@redhat.com>
Date: 2016-09-22
build: Remove *.in files from EXTRA_DIST
The files created with AC_CONFIG_FILES are automatically added to the
distribution.
p11-kit/Makefile.am | 2 --
1 file changed, 2 deletions(-)
commit 4965a8b2f150ea6c8dadd7dd22aab718f2814591
Author: Daiki Ueno <dueno@redhat.com>
Date: 2016-10-21
build: Don't update po files on every make run
Update po/Makevars to the latest template and take advantage of
PO_DEPENDS_ON_POT = no.
po/Makevars | 37 +++++++++++++++++++++++++++++++++++++
1 file changed, 37 insertions(+)
commit de5f2e5c59a8811aaea0c19a4a8899e370413851
Author: Daiki Ueno <dueno@redhat.com>
Date: 2016-10-31
travis: Enable GCC sanitizers
.travis.yml | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
commit 09f584cbef43cac2a071b54f0fc97dd318fe88ea
Author: Daiki Ueno <dueno@redhat.com>
Date: 2016-10-31
travis: Disable silent rules
.travis.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit b6305c66bfb607f49c99f820e7123c753364e894
Author: Daiki Ueno <dueno@redhat.com>
Date: 2016-09-21
test: Remove /proxy/deinit-after-fork test
This test hasn't been working since the removal of the pthread_atfork()
deinit code. To properly clean up, the child process needs to call
C_Initialize() and C_Finalize(), and it is already tested by
/proxy/initialize-child.
p11-kit/test-proxy.c | 37 -------------------------------------
1 file changed, 37 deletions(-)
commit bc6469c4fd576c698bab9c8b620de00d7ba1fe1a
Author: Daiki Ueno <dueno@redhat.com>
Date: 2016-09-20
test: Fix memleak in test-token cleanup
GCC's asan spotted this:
Direct leak of 338 byte(s) in 13 object(s) allocated from:
#0 0x7f54f03fee20 in malloc (/lib64/libasan.so.3+0xc6e20)
#1 0x445e8c in p11_path_build ../common/path.c:222
#2 0x4385bd in expand_tempdir ../common/test.c:334
#3 0x43869c in p11_test_directory ../common/test.c:361
#4 0x4033e3 in setup_temp ../trust/test-token.c:79
trust/test-token.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit ecaf79c6a0b35e55b27f465c6d6628f165874b78
Author: Daiki Ueno <dueno@redhat.com>
Date: 2016-09-22
modules: Reset the init count on fork()
Reset mod->init_count when forkid has changed. Otherwise C_Finalize
does not get called.
GCC's asan spotted this:
Direct leak of 48 byte(s) in 1 object(s) allocated from:
#0 0x7f89bc7bfe20 in malloc (/lib64/libasan.so.3+0xc6e20)
#1 0x7f89bc47a1f1 in p11_dict_new ../common/dict.c:278
#2 0x7f89bc42143d in managed_C_Initialize ../p11-kit/modules.c:1477
#3 0x7f89bc464c72 in binding_C_Initialize ../p11-kit/virtual.c:121
#4 0x7f89bc1b0a51 in ffi_closure_unix64_inner (/lib64/libffi.so.6+0x5a51)
#5 0x7f89bc1b0dbf in ffi_closure_unix64 (/lib64/libffi.so.6+0x5dbf)
#6 0x7f89bc44f9e8 in rpc_C_Initialize ../p11-kit/rpc-server.c:691
p11-kit/modules.c | 4 ++++
1 file changed, 4 insertions(+)
commit ae0527969dbb2dea5bf97257c92a65b72ba71db5
Author: Daiki Ueno <dueno@redhat.com>
Date: 2016-09-21
modules: Fix memleak when loading remote module
Make sure to call p11_virtual_uninit() on managed module. Otherwise the
associated lower_module will not be released.
GCC's asan spotted this:
Direct leak of 56 byte(s) in 1 object(s) allocated from:
#0 0x7f6c5368dfe0 in calloc (/lib64/libasan.so.3+0xc6fe0)
#1 0x4436ba in p11_rpc_client_init ../p11-kit/rpc-client.c:2082
#2 0x42c147 in p11_rpc_transport_new ../p11-kit/rpc-transport.c:850
#3 0x415d95 in setup_module_for_remote_inlock ../p11-kit/modules.c:411
p11-kit/modules.c | 2 ++
1 file changed, 2 insertions(+)
commit 7e94bcac88e16c22b8258bcdcb4b2165b198679a
Author: Daiki Ueno <dueno@redhat.com>
Date: 2016-09-21
rpc: Fix memleak in rpc_socket cleanup
GCC's asan spotted this:
Direct leak of 120 byte(s) in 1 object(s) allocated from:
#0 0x7f8d4f221fe0 in calloc (/lib64/libasan.so.3+0xc6fe0)
#1 0x427f55 in rpc_socket_new ../p11-kit/rpc-transport.c:100
#2 0x42bc1b in rpc_exec_connect ../p11-kit/rpc-transport.c:767
p11-kit/rpc-transport.c | 1 +
1 file changed, 1 insertion(+)
commit 07cadc6fd3716f1b2a8265c40b59426847042967
Author: Daiki Ueno <dueno@redhat.com>
Date: 2016-09-23
uri: Port to PKCS#11 GNU calling convention
https://bugs.freedesktop.org/show_bug.cgi?id=97245
p11-kit/uri.h | 2 ++
1 file changed, 2 insertions(+)
commit c30353ec1869024de672731236d9a4acd2f7dd28
Author: Daiki Ueno <dueno@redhat.com>
Date: 2016-09-20
uri: Fix buffer overflow in memcmp()
The commit 63644dc introduced several memcmp() calls without checking
the length of the first argument.
https://bugs.freedesktop.org/show_bug.cgi?id=97245
p11-kit/uri.c | 57 ++++++++++++++++++++++++++++++++-------------------------
1 file changed, 32 insertions(+), 25 deletions(-)
commit dd514f46c880c508f69412850286d70ec8967758
Author: Daiki Ueno <dueno@redhat.com>
Date: 2016-10-06
travis: Enable build on the CI
.travis.yml | 27 +++++++++++++++++++++++++++
1 file changed, 27 insertions(+)
commit a96f354c3068edb6c8ac80ae6d9a6611651145d7
Author: Daiki Ueno <dueno@redhat.com>
Date: 2016-09-19
rpc: Send x-init-reserved to remote module
Signed-off-by: Stef Walter <stefw@redhat.com>
* Fixed up indentation
https://bugs.freedesktop.org/show_bug.cgi?id=80519
p11-kit/Makefile.am | 7 ++++-
p11-kit/mock-module-ep3.c | 68 +++++++++++++++++++++++++++++++++++++++++++++++
p11-kit/modules.c | 30 ++++++++++++---------
p11-kit/rpc-client.c | 16 ++++++++++-
p11-kit/rpc-message.h | 2 +-
p11-kit/rpc-server.c | 13 +++++++++
p11-kit/test-transport.c | 24 +++++++++++++++++
7 files changed, 144 insertions(+), 16 deletions(-)
commit 2fe688e8bd360ce2f364bfb6ef80e07712c9bb86
Author: Daiki Ueno <dueno@redhat.com>
Date: 2016-09-20
test: Fix p11_virtual_init() usage
p11_virtual_init() should take a CK_FUNCTION_LIST as the 3rd argument,
if the 2nd argument is &p11_virtual_base.
https://bugs.freedesktop.org/show_bug.cgi?id=87192
p11-kit/test-virtual.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 6923e8fb56692b20d24398d4746d2399490acdc1
Author: Leonardo Brondani Schenkel <leonardo.schenkel@gmail.com>
Date: 2016-10-03
Fix link of p11-kit-proxy.dylib on Mac OS X
However, on Mac OS X the library is named libp11-kit.dylib so
in the above command the source of the link resolves to nothing,
the destination becomes the source and the link to a non-existent
file is created in the working directory.
https://bugs.freedesktop.org/show_bug.cgi?id=98022
p11-kit/Makefile.am | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit d74e29cf9733a405a0ea254a2d1edf236ae8735e
Author: Daiki Ueno <dueno@redhat.com>
Date: 2016-08-12
test: Make test-module work --without-trust-module
The test-module program currently depends on TRUST_PATHS, which is
determined by the configure script and normally points to a resource
outside of the build tree. To make the test system-independent, use
a crafted path for testing.
https://bugs.freedesktop.org/show_bug.cgi?id=89027
trust/test-module.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
commit 927c8e98f159607acf7fa8b0f5bcf9a4d0497742
Author: Daiki Ueno <dueno@redhat.com>
Date: 2016-08-10
iter: Utilize 'slot-id' URI path attribute
https://bugs.freedesktop.org/show_bug.cgi?id=97245
p11-kit/iter.c | 8 +++++-
p11-kit/test-iter.c | 76 +++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 83 insertions(+), 1 deletion(-)
commit e0c5d429df6ebe2cb88425edf42f65bfb33f0b77
Author: Daiki Ueno <dueno@redhat.com>
Date: 2016-08-10
iter: Utilize slot info URI path attributes
https://bugs.freedesktop.org/show_bug.cgi?id=97245
p11-kit/iter.c | 27 ++++++++++++++
p11-kit/iter.h | 2 +
p11-kit/test-iter.c | 105 ++++++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 134 insertions(+)
commit 31fbc32c41518b93a7b9903d7840378bab55370c
Author: Daiki Ueno <dueno@redhat.com>
Date: 2016-08-08
uri: Support 'slot-id' path attribute
Accept 'slot-id' path attribute defined in RFC 7512.
https://bugs.freedesktop.org/show_bug.cgi?id=97245
p11-kit/test-uri.c | 47 ++++++++++++++++++++++++++++++++
p11-kit/uri.c | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++---
p11-kit/uri.h | 4 +++
3 files changed, 126 insertions(+), 3 deletions(-)
commit 8577e4dc23349ae8d04708190de6d1ae469ab460
Author: Daiki Ueno <dueno@redhat.com>
Date: 2016-08-08
uri: Support slot info path attributes
Accept 'slot-description' and 'slot-manifacturer' path attributes
defined in RFC 7512.
https://bugs.freedesktop.org/show_bug.cgi?id=97245
p11-kit/private.h | 3 ++
p11-kit/test-uri.c | 70 +++++++++++++++++++++++++++++++++++++
p11-kit/uri.c | 101 +++++++++++++++++++++++++++++++++++++++++++++++++++++
p11-kit/uri.h | 6 ++++
4 files changed, 180 insertions(+)
commit 63644dcb6ccf52508f41633945fce9c3a8e46d3d
Author: Daiki Ueno <dueno@redhat.com>
Date: 2016-08-08
uri: Remove whitespace early when parsing
For every path/query component, p11_kit_uri_parse() allocates a small
buffer to strip whitespace out. This patch removes any whitespace in
the URI at the entry of the function to simplify the code.
Note that RFC 7512 actually suggests to ignore whitespace at the
extracting phase rather than the parsing phase.
https://bugs.freedesktop.org/show_bug.cgi?id=97245
p11-kit/uri.c | 144 +++++++++++++++++++++++++++++++---------------------------
1 file changed, 78 insertions(+), 66 deletions(-)
commit d8f90d300eb76e04dec2caba99f78e7f8a99b215
Author: Daiki Ueno <dueno@redhat.com>
Date: 2016-08-12
Fix leak when C_Initialize() is called from child
The test case added for bug 90289 (commit c73edd00) revealed that some
of the C_Initialize() implementations do not consider the case where it
is called from the parent process and then from the child process,
without calling C_Finalize() in between.
common/mock.c | 3 +++
p11-kit/modules.c | 2 ++
2 files changed, 5 insertions(+)
commit 8afd8d92771d279b38acc098c84027b2cf0dd168
Author: Daiki Ueno <dueno@redhat.com>
Date: 2016-08-18
configure: Remove redundant AM_GNU_GETTEXT
There is the same line a few lines below.
configure.ac | 1 -
1 file changed, 1 deletion(-)
commit 8c8c81942038e0068472dd9bab8d57c00b2acee4
Author: Daiki Ueno <dueno@redhat.com>
Date: 2016-08-12
Fix typos flagged by codespell
p11-kit/fixtures/test-system-none.conf | 2 +-
p11-kit/iter.c | 8 ++++----
p11-kit/modules.c | 4 ++--
p11-kit/rpc-server.c | 2 +-
p11-kit/util.c | 2 +-
trust/builder.c | 2 +-
trust/p11-kit-trust.module | 2 +-
trust/parser.c | 2 +-
8 files changed, 12 insertions(+), 12 deletions(-)
commit fb73b3a908d8fa21b0e7f6461fc9e77c1e15f4b3
Author: Stef Walter <stefw@redhat.com>
Date: 2016-08-09
Fix typo in pkcs11.conf
Pointed out by David Woodhouse
doc/manual/pkcs11.conf.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit fedcaf873e4d08741407c7be1db8c2d73dcc1241
Author: Stef Walter <stefw@redhat.com>
Date: 2016-08-09
doc: Fix interpolation of p11-kit configuration paths in documentation
Previously these were expanded based on the home directory of the
one building the documentation (me).
doc/manual/Makefile.am | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
commit 77d0791d0d6baf6fcc7578e0d170d754850c4068
Author: Andreas Metzler <ametzler@bebt.de>
Date: 2016-02-23
Doc: p11_kit_module_load accepts a filename arg.
p11_kit_module_load() hands on the module_path argument to
load_module_from_file_inlock() which accepts relative paths, prepending
P11_MODULE_PATH. Update API documentation accordingly.
https://lists.freedesktop.org/archives/p11-glue/2016-February/000587.html
p11-kit/modules.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
commit 6c4ef3f492d88acca931174519b7aa1215cc1a18
Author: Pankaj <pankaj.s01@samsung.com>
Date: 2016-01-05
Avoiding redundant check
https://bugs.freedesktop.org/show_bug.cgi?id=93587
p11-kit/modules.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
commit 5f6cc6c4c66050069d0db93006299cde44920559
Author: Stef Walter <stefw@redhat.com>
Date: 2015-12-07
Fix distcheck by removing some linguas that don't build
po/LINGUAS | 2 --
1 file changed, 2 deletions(-)
commit 8ccd99b26d5fb2e19ec45ce3dca28bf53b73c70d
Author: Stef Walter <stefw@redhat.com>
Date: 2015-12-07
Bump version number
NEWS | 5 +++++
configure.ac | 2 +-
2 files changed, 6 insertions(+), 1 deletion(-)
commit d0b59f5b155369dd2b933c359c1f81e6199e2c3f
Author: Gustavo Zacarias <gustavo@zacarias.com.ar>
Date: 2015-12-02
rpc-transport.c: include sys/select.h for fd_set
fd_set and friends, according to POSIX.1-2001, needs sys/select.h, so
include it otherwise the build fails for uClibc:
p11-kit/rpc-transport.c: In function rpc_socket_read:
p11-kit/rpc-transport.c:350:2: error: unknown type name fd_set
p11-kit/rpc-transport.c:416:4: warning: implicit declaration of function
FD_ZERO [-Wimplicit-function-declaration]
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
https://bugs.freedesktop.org/show_bug.cgi?id=93211
p11-kit/rpc-transport.c | 1 +
1 file changed, 1 insertion(+)
commit 981f5358988a4c7044aeddd5bd783c28b2665410
Author: Pankaj <pankaj.s01@samsung.com>
Date: 2015-11-04
p11-kit: Fix redundant check for 'signature' is always 'true'
https://bugs.freedesktop.org/show_bug.cgi?id=92807
common/mock.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 957c6d8c610b71665573564f2299d9aca86d2483
Author: Pankaj <pankaj.s01@samsung.com>
Date: 2015-11-06
common: Fix warning about dereferencing NULL pointer
https://bugs.freedesktop.org/show_bug.cgi?id=92842
common/mock.c | 1 +
1 file changed, 1 insertion(+)
commit 4e22ebfda7b51ec978eacf0c3653bb534de97fe3
Author: Pankaj <pankaj.s01@samsung.com>
Date: 2015-11-06
common: Fix in test-code for file descriptor validity check
https://bugs.freedesktop.org/show_bug.cgi?id=92843
common/test-compat.c | 1 +
1 file changed, 1 insertion(+)
commit a512a01e4c2700a6454d024150aa222f64885d59
Author: Stef Walter <stefw@redhat.com>
Date: 2015-11-09
trust: Fix always false comparison of EAGAIN and EINTR
https://bugs.freedesktop.org/show_bug.cgi?id=92864
trust/save.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 6558c7174bc6778f13347fc1a356ed6773cef830
Author: Pankaj <pankaj.s01@samsung.com>
Date: 2015-10-21
p11-kit: Remove unused pointer
https://bugs.freedesktop.org/show_bug.cgi?id=92532
p11-kit/modules.c | 2 --
1 file changed, 2 deletions(-)
commit 478f1065fb6d92fbd4bdf8b0a513f32cf48af170
Author: Stef Walter <stefw@redhat.com>
Date: 2015-10-20
po: Update translations from transifex
build/tx-update | 6 +-
po/ar.po | 4 +-
po/as.po | 4 +-
po/az.po | 6 +-
po/bg.po | 16 ++-
po/bn_IN.po | 4 +-
po/ca.po | 4 +-
po/ca@valencia.po | 4 +-
po/cs.po | 152 ++++++++++++------------
po/cy.po | 4 +-
po/da.po | 4 +-
po/de.po | 30 ++---
po/el.po | 179 ++++++++++++++--------------
po/en_GB.po | 179 ++++++++++++++--------------
po/eo.po | 18 ++-
po/es.po | 21 ++--
po/es_CL.po | 342 ------------------------------------------------------
po/et.po | 2 +-
po/eu.po | 16 ++-
po/fa.po | 16 ++-
po/fi.po | 25 ++--
po/fo.po | 4 +-
po/fr.po | 179 ++++++++++++++--------------
po/ga.po | 4 +-
po/gl.po | 30 +++--
po/gu.po | 4 +-
po/he.po | 4 +-
po/hi.po | 4 +-
po/hr.po | 23 ++--
po/hu.po | 21 ++--
po/ia.po | 16 ++-
po/id.po | 19 ++-
po/it.po | 24 ++--
po/it_IT.po | 342 ------------------------------------------------------
po/ja.po | 19 ++-
po/ka.po | 21 ++--
po/kk.po | 17 +--
po/kn.po | 4 +-
po/ko.po | 23 ++--
po/lt.po | 4 +-
po/lv.po | 24 ++--
po/ml.po | 4 +-
po/mr.po | 4 +-
po/ms.po | 4 +-
po/nb.po | 4 +-
po/nl.po | 21 ++--
po/nn.po | 4 +-
po/oc.po | 6 +-
po/or.po | 4 +-
po/pa.po | 18 ++-
po/pl.po | 22 ++--
po/pt.po | 4 +-
po/pt_BR.po | 21 ++--
po/ro.po | 4 +-
po/ru.po | 184 ++++++++++++++---------------
po/sk.po | 180 ++++++++++++++--------------
po/sl.po | 21 ++--
po/sq.po | 16 ++-
po/sr.po | 24 ++--
po/sr@latin.po | 4 +-
po/sv.po | 171 +++++++++++++--------------
po/ta.po | 4 +-
po/te.po | 16 ++-
po/th.po | 4 +-
po/tr.po | 144 ++++++++++++-----------
po/uk.po | 21 ++--
po/vi.po | 4 +-
po/wa.po | 4 +-
po/zh_CN.po | 179 ++++++++++++++--------------
po/zh_HK.po | 16 ++-
po/zh_TW.po | 19 ++-
71 files changed, 1097 insertions(+), 1856 deletions(-)
commit 5e6336ba0393c9d69be843c432e4c4927caea245
Author: Stef Walter <stefw@redhat.com>
Date: 2015-10-20
Add estonian translation from Transifex
po/LINGUAS | 1 +
po/et.po | 342 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 343 insertions(+)
commit 98dbc98709bb9a5fe1d6e7beea585c39073e528c
Author: Pankaj <pankaj.s01@samsung.com>
Date: 2015-10-20
p11-kit: Fix warnings related to use dangling pointer
https://bugs.freedesktop.org/show_bug.cgi?id=92551
p11-kit/modules.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
commit 29014eab3caf4f70fcd94c8198ca24992b1e5ec6
Author: Stef Walter <stefw@redhat.com>
Date: 2015-10-19
common: Remove compat timegm() implementation
We no longer use timegm()
common/compat.c | 31 -------------------------------
configure.ac | 1 -
2 files changed, 32 deletions(-)
commit 3be562d4d386eddc79489715507d979135d4b74a
Author: Pankaj <pankaj.s01@samsung.com>
Date: 2015-10-19
p11-kit: 'int' comparison with 'unsigned int' in for() for the array index
https://bugs.freedesktop.org/show_bug.cgi?id=92443
common/array.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 2db405ff7781ec43b77bd2592c41eff22e2b362a
Author: Pankaj <pankaj.s01@samsung.com>
Date: 2015-10-19
p11-kit: 'int' comparison with 'unsigned int' in for() for array index
common/dict.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit c57c1d592c82da7f444cde440c5f32930542b43a
Author: Pankaj <pankaj.s01@samsung.com>
Date: 2015-10-19
p11-kit: 'int' comparison with 'unsigned int' in for() for array index
https://bugs.freedesktop.org/show_bug.cgi?id=92445
p11-kit/proxy.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 4286fd792b869e27cc362a8de9334d4686aed539
Author: Ludovic Rousseau <ludovic.rousseau@gmail.com>
Date: 2015-10-19
manual: Fix typos in documentation
https://bugs.freedesktop.org/show_bug.cgi?id=92520
doc/manual/p11-kit-sharing.xml | 4 ++--
doc/manual/pkcs11.conf.xml | 8 ++++----
2 files changed, 6 insertions(+), 6 deletions(-)
commit ee1d48020b24164b5547de2affd0f38dafab8949
Author: Pankaj <pankaj.s01@samsung.com>
Date: 2015-10-12
p11-kit: Fix expression 'call_id < 0' is always false
https://bugs.freedesktop.org/show_bug.cgi?id=92434
p11-kit/rpc-message.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 3a005e75a4e1b63db8e19ea0e73479588ab345a6
Author: Robert Milasan <rmilasan@suse.com>
Date: 2015-07-30
Fix trust command segfaults in expand_homedir() when no matching password record was found
Hello, it looks like under some conditions, command trust segfaults in
expand_homedir() due to no matching password record was found:
Signed-off-by: Robert Milasan <rmilasan@suse.com>
Signed-off-by: Stef Walter <stefw@redhat.com>
* Updated path so message is printed and errno is not overwritten
https://bugs.freedesktop.org/show_bug.cgi?id=91506
common/path.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
commit ac151af6e41242eb46689f326311195b5f7b65fc
Author: Lew Palm <l.palm@m-privacy.de>
Date: 2015-07-14
Fix build on Mingw due to missing EWOULDBLOCK
https://bugs.freedesktop.org/show_bug.cgi?id=89081
p11-kit/rpc-transport.c | 3 +++
1 file changed, 3 insertions(+)
commit 406803044f61fcbd491749a5530b39beed270dd2
Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: 2015-07-10
Added p11_kit_module_get_filename()
That function allows to obtain the filename used by the PKCS #11
module. That is the filename used by dlopen().
Note that we don't provide p11_kit_module_for_filename() because
it would have to deal with filename equivalences.
Signed-off-by: Stef Walter <stefw@redhat.com>
* Fixed up whitespace
p11-kit/modules.c | 45 +++++++++++++++++++++++++++++++++++++++++++++
p11-kit/p11-kit.h | 1 +
p11-kit/test-modules.c | 40 +++++++++++++++++++++++++++++++++++++++-
3 files changed, 85 insertions(+), 1 deletion(-)
commit cacaf8cd0b0a4f2cd61b61b012cd5cbf715fe38f
Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: 2015-06-24
In proxy module don't call C_Finalize on a forked process.
This corrects a deadlock on the forked process. The deadlock
happened because the proxy called C_Finalize prior to a C_Initialize
which is wrong according to PKCS #11 (2.40). This patch eliminates
the C_Finalize call in that case.
This resolves #90289
https://bugs.freedesktop.org/show_bug.cgi?id=90289
Reviewed-by: Stef Walter <stefw@redhat.com>
p11-kit/proxy.c | 19 +++++++++++++------
1 file changed, 13 insertions(+), 6 deletions(-)
commit c73edd002462ca1185de1e9e72d9f68f01c93f32
Author: David Woodhouse <David.Woodhouse@intel.com>
Date: 2015-06-03
Add test case for bug 90289 (deadlock on C_Initialize() in child after fork)
Reviewed-by: Stef Walter <stefw@redhat.com>
p11-kit/test-proxy.c | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 57 insertions(+)
commit ec8a291efb87f1751a18c7e023a67232c15a4ef2
Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: 2015-06-24
Do not deinitialize libffi's wrapper functions
Libffi uses shared memory to store them, and a deallocation
in a child will cause issues for the parent or vice versa.
Signed-off-by: Stef Walter <stefw@redhat.com>
* Use #if to comment out code, avoid compiler warnings
p11-kit/virtual.c | 11 +++++++++++
1 file changed, 11 insertions(+)
commit c9095cb154cfd9937332b1a980316d10a9655d51
Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: 2015-06-23
Added test case for crash after a fork in proxy module
Reviewed-by: Stef Walter <stefw@redhat.com>
p11-kit/test-proxy.c | 46 +++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 45 insertions(+), 1 deletion(-)
commit c562aff333bd73a3fe5c15d2969a4ea70300a426
Author: Pankaj <pankaj.s01@samsung.com>
Date: 2015-06-03
p11-kit: Missing unlock in function rpc_socket_read()
https://bugs.freedesktop.org/show_bug.cgi?id=90827
p11-kit/rpc-transport.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
commit 8768b4611d3268d6fca7fc214ce0a5c7ec7fc332
Author: Pankaj <pankaj.s01@samsung.com>
Date: 2015-06-01
trust: Fix double close()
trust/save.c | 1 -
1 file changed, 1 deletion(-)
commit 6712b49861e3e59534c5e4b6d75146a01b939aff
Author: Stef Walter <stefw@redhat.com>
Date: 2015-04-17
Fix some compiler warnings from GCC 5.x
trust/test-persist.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
commit ec9e2450bafa1cda47525b38a28c8f981f43c1e1
Author: Stef Walter <stefw@redhat.com>
Date: 2015-02-20
Release version 0.23.1
NEWS | 5 +++++
configure.ac | 2 +-
2 files changed, 6 insertions(+), 1 deletion(-)
commit e49fba71493408305b297df7eb4e64d882b778ee
Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: 2014-12-23
Generate URIs compliant to the PKCS#11 URI draft in LC
We continue to accept both the older style 'object-type' field
in addition to the new 'type' field. However we start generating
URIs in the new form.
In other words we have backwards compatibility, but not forwards
compatibility. Given the fact that PKCS#11 URIs are now standardizing
this is an acceptable compromise.
https://bugs.freedesktop.org/show_bug.cgi?id=86474
p11-kit/test-uri.c | 26 +++++++++++++-------------
p11-kit/uri.c | 2 +-
2 files changed, 14 insertions(+), 14 deletions(-)
commit 6fb74150b8c8f957e96fd423beeccd36cf04e1bc
Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: 2014-12-23
Added test for pin-value
https://bugs.freedesktop.org/show_bug.cgi?id=87582
Signed-off-by: Stef Walter <stefw@redhat.com>
* Added test for bad encoded pin-value in uri
p11-kit/test-uri.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 54 insertions(+)
commit d1122aa7587c445b3d03f35258ea46038807bf69
Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: 2014-12-23
Added support for pin-value PKCS#11 URI element
https://bugs.freedesktop.org/show_bug.cgi?id=87582
p11-kit/uri.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++
p11-kit/uri.h | 5 +++++
2 files changed, 57 insertions(+)
commit 890d69d7fde23ea15a082026a4d1c01aba805569
Author: Stef Walter <stefw@redhat.com>
Date: 2015-02-20
p11-kit: Remove duplicate WHITESPACE define
p11-kit/uri.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
commit a6df1f21e42a3b57448eb6897b976ac8883908eb
Author: Adam Williamson <awilliam@redhat.com>
Date: 2015-01-13
trust: Add pem-directory-hash extract format
This allows extraction of a directory of standard PEM files
with the OpenSSL hash symlinks; this is a format used by
some popular platforms (Debian's /etc/ssl/certs is in this
form, and OpenSUSE provides it for compatibility).
Initially by: Ludwig Nussel <ludwig.nussel@suse.de>
Signed-off-by: Stef Walter <stefw@redhat.com>
* Added header, fixed compiler warnings
doc/manual/trust.xml | 6 +++-
trust/extract-openssl.c | 76 ++++++++++++++++++++++++++-----------------------
trust/extract-pem.c | 49 +++++++++++++++++++++++++------
trust/extract.c | 17 ++++++-----
trust/extract.h | 8 ++++++
trust/test-bundle.c | 35 +++++++++++++++++++++++
6 files changed, 139 insertions(+), 52 deletions(-)
commit b65e3148a8ea2d54b17a8be617bbdcb026c49fcd
Author: Stef Walter <stefw@redhat.com>
Date: 2014-11-14
uri: Accept 'type' in additon to 'object-type' in PKCS#11 URIs
This was a later change to the PKCS#11 specification drafts
p11-kit/test-uri.c | 27 +++++++++++++++++++++++++++
p11-kit/uri.c | 5 +++--
2 files changed, 30 insertions(+), 2 deletions(-)
commit 7c2270eaaaf0e60e204cb81dd017bc89394f4f59
Author: Michael Cronenworth <mcronenworth@pdxinc.com>
Date: 2014-11-11
compat: Add definition for setenv for Win32
Signed-off-by: Michael Cronenworth <mike@cchtml.com>
common/compat.h | 4 ++++
configure.ac | 1 +
2 files changed, 5 insertions(+)
commit bfb3bd47aa48983f5349479bca598403097ff81c
Author: Stef Walter <stefw@redhat.com>
Date: 2014-10-09
Release version 0.22.1
NEWS | 6 ++++++
configure.ac | 2 +-
2 files changed, 7 insertions(+), 1 deletion(-)
commit 03d280df9a73aca5cb6eabbcb97ef3ca4e1ae0e5
Author: Stef Walter <stefw@redhat.com>
Date: 2014-10-09
trust: Certificate CKA_ID is SubjectKeyIdentifier if possible
The PKCS#11 spec states that the CKA_ID should match the
SubjectKeyIdentifier if such an extension is present.
We delay the filling of CKA_ID until the builder phase of populating
attributes which allows us to have more control over how this works.
Note that we don't make CKA_ID reflect SubjectKeyIdentifier *attached*
extensions. The CKA_ID isn't supposed to change after object creation.
Making it dependent on attached extensions would be making promises
we cannot keep, since attached extensions can be added/removed at any
time.
This also means the CKA_ID of attached extensions and certificates
won't necessarily match up, but that was never promised, and not how
attached extensions should be matched to their certificate anyway.
Based on a patch and research done by David Woodhouse.
https://bugs.freedesktop.org/show_bug.cgi?id=84761
trust/builder.c | 55 ++++++++++++++++++++++++++++++++++++++++++----------
trust/parser.c | 37 ++++++++++-------------------------
trust/test-builder.c | 2 +-
trust/test-parser.c | 2 --
trust/test-trust.c | 2 ++
trust/x509.c | 32 +++++++++++++++++++++++++-----
trust/x509.h | 7 ++++++-
7 files changed, 91 insertions(+), 46 deletions(-)
commit b3579cb54bd5cd16e9740404408b2505b4b1e26b
Author: Stef Walter <stef@thewalter.net>
Date: 2014-09-12
trust: Allow 'BEGIN PUBLIC KEY' PEM blocks in .p11-kit files
These PEM blocks contribute a CKA_PUBLIC_KEY_INFO to the object
being read/written.
https://bugs.freedesktop.org/show_bug.cgi?id=83799
doc/internal/persist-format.txt | 13 +++++++++----
trust/persist.c | 24 ++++++++++++++++++++++++
trust/test-persist.c | 27 +++++++++++++++++++++++++++
trust/test-trust.h | 22 ++++++++++++++++++++++
4 files changed, 82 insertions(+), 4 deletions(-)
commit c1dd399d265f20bd3df4dc76dcf735aba1ffa515
Author: Roman Bogorodskiy <bogorodskiy@gmail.com>
Date: 2014-10-06
trust: add missing libtasn1 cflags
Add a number of missing LIBTASN1_CFLAGS where it's required
trust/Makefile.am | 39 +++++++++++++++++++++++++++++++++++++++
1 file changed, 39 insertions(+)
commit af8fba2fa90c6d9b98750f7e33c3b0df9f698cfc
Author: Stef Walter <stefw@redhat.com>
Date: 2014-10-06
Bump libtool versioning for added APIs
configure.ac | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit ab778cc54c8671ba79cf4baca7be2608c7cce886
Author: Antoine Jacoutot <ajacoutot@gnome.org>
Date: 2014-10-05
Unbreak build on OpenBSD
Add missing header for strdup(3).
When EPROTO is not available, fallback to EIO.
https://bugs.freedesktop.org/show_bug.cgi?id=84665
p11-kit/rpc-transport.c | 5 +++++
1 file changed, 5 insertions(+)
commit 80e4f6a6e04582fe11c98e6133e3e306e5556d8d
Author: Michael Cronenworth <mike@cchtml.com>
Date: 2014-10-04
makefile: Rename DATADIR to not conflict with Win32 define
Signed-off-by: Michael Cronenworth <mike@cchtml.com>
Makefile.am | 2 +-
trust/module.c | 2 +-
trust/test-module.c | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
commit b785f39384af08c35b08ab74671443234260cccc
Author: Stef Walter <stefw@redhat.com>
Date: 2014-10-02
Release version 0.22.0
NEWS | 6 ++++++
configure.ac | 2 +-
2 files changed, 7 insertions(+), 1 deletion(-)
commit 16e25b2890927108ec15297aabb1d86a49792741
Author: Stef Walter <stefw@redhat.com>
Date: 2014-10-03
p11-kit: Use pthread_atfork() in a safe manner
Instead of trying to perform actions in pthread_atfork() which
are not async-signal-safe, just increment a counter so we can
later tell if the process has forked.
Note this does not make it safe to mix threads and forking without
immediately execing. This is a far broader problem that p11-kit,
however we now do the right thing when fork+exec is used from a
thread.
https://bugs.freedesktop.org/show_bug.cgi?id=84567
common/library.c | 11 ++++++++++
common/library.h | 2 ++
common/mock.c | 1 +
p11-kit/modules.c | 55 ++++++++++------------------------------------
p11-kit/proxy.c | 62 ++++++++++++++++------------------------------------
p11-kit/proxy.h | 2 --
p11-kit/rpc-client.c | 20 ++++++++---------
p11-kit/test-proxy.c | 2 +-
p11-kit/test-rpc.c | 25 +++++++--------------
9 files changed, 63 insertions(+), 117 deletions(-)
commit a3b1e1c2f2c8c1f14293d8158b6dfeb2a6560908
Author: Stef Walter <stefw@redhat.com>
Date: 2014-10-01
remote: Run separate executable binary for 'p11-kit remote'
This allows security frameworks like SELinux or AppArmor to target
it specifically.
Makefile.am | 1 +
p11-kit/Makefile.am | 13 ++++-
p11-kit/p11-kit.c | 69 +-------------------------
p11-kit/remote.c | 137 ++++++++++++++++++---------------------------------
p11-kit/rpc-server.c | 101 +++++++++++++++++++++++++++++++++++++
5 files changed, 164 insertions(+), 157 deletions(-)
commit 76f230ced6e9ca2a598988bc00b7b971208e8f64
Author: Stef Walter <stefw@redhat.com>
Date: 2014-10-02
p11-kit: P11_KIT_PRIVATEDIR env var overrides private binary dir
External binaries are searched for in $(libdir)/p11-kit. The
P11_KIT_PRIVATEDIR can be used to override that, for example during
'make check'
p11-kit/p11-kit.c | 7 ++++++-
p11-kit/test-transport.c | 1 +
2 files changed, 7 insertions(+), 1 deletion(-)
commit 960cb9a7db1950ad1414f70b0e3ec240542601ac
Author: Stef Walter <stefw@redhat.com>
Date: 2014-10-02
common: Use secure_getenv() implementation when setuid
In anything security sensitive, use secure_getenv() implementation
for retrieving environment variables.
common/Makefile.am | 8 ++++++-
common/compat.c | 8 +++++++
common/compat.h | 2 ++
common/debug.c | 3 ++-
common/frob-getenv.c | 65 ++++++++++++++++++++++++++++++++++++++++++++++++++++
common/test-compat.c | 27 ++++++++++++++++++++++
common/test.c | 2 +-
configure.ac | 2 +-
8 files changed, 113 insertions(+), 4 deletions(-)
commit c9474683dd3db5ad87227dd3c3734ab31bfc01e9
Author: Stef Walter <stefw@redhat.com>
Date: 2014-10-02
common: In tests preserve parent environment for children
common/test.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit d3505c2b556b859e1a14062579fd67ec2ab25435
Author: Stef Walter <stefw@redhat.com>
Date: 2014-10-01
p11-kit: Remove the 'isolated' option for now
This option was not completed in time, and as implemented suffers
from limitations that the module is not really completely isolated
as it still runs under the same user id as the calling process.
doc/manual/p11-kit-sharing.xml | 5 +++--
doc/manual/pkcs11.conf.xml | 11 ++---------
p11-kit/modules.c | 13 -------------
3 files changed, 5 insertions(+), 24 deletions(-)
commit c41e0e1d9a4a9a4533bc6f370e5eebe1d6b9752c
Author: Michael Cronenworth <mike@cchtml.com>
Date: 2014-09-12
common: Move unistd include to define getopt and friends
Needed to fix MinGW builds.
Signed-off-by: Michael Cronenworth <mike@cchtml.com>
common/test.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit eeca6f88e1c59543b09df3f9a45224e32d531ef7
Author: Stef Walter <stef@thewalter.net>
Date: 2014-09-17
Release version 2.21.3
NEWS | 8 ++++++++
configure.ac | 2 +-
2 files changed, 9 insertions(+), 1 deletion(-)
commit 800f310dd3f2fcbf3852a42c67b5dd37e4ef4415
Author: Stef Walter <stef@thewalter.net>
Date: 2014-09-10
trust: Use term 'attached extensions' instead of 'stapled'
The term 'stapled extensions' is confusing because it overloads
terminology used with OSCP stapling.
Suggested by Daniel Kahn Gillmor.
trust/builder.c | 4 ++--
trust/enumerate.c | 48 ++++++++++++++++++++++++------------------------
trust/enumerate.h | 2 +-
trust/extract-openssl.c | 8 ++++----
trust/parser.c | 46 +++++++++++++++++++++++-----------------------
trust/test-builder.c | 30 +++++++++++++++---------------
trust/test-enumerate.c | 2 +-
trust/test-parser.c | 4 ++--
8 files changed, 72 insertions(+), 72 deletions(-)
commit eccbcc298f59eb9518b07baf840930cec54c7655
Author: Stef Walter <stefw@redhat.com>
Date: 2014-09-04
common: New public pkcs11x.h header containing extensions
Move our internal stuff to pkcs11i.h, and install the pkcs11x.h
header containing extensions.
https://bugs.freedesktop.org/show_bug.cgi?id=83495
common/Makefile.am | 3 +-
common/attrs.c | 1 +
common/constants.c | 1 +
common/mock.h | 2 +-
common/pkcs11i.h | 505 +++++++++++++++++++++++++++++++++++++++++++++++++
common/pkcs11x.h | 458 +-------------------------------------------
doc/manual/Makefile.am | 1 +
p11-kit/virtual.h | 2 +-
trust/builder.c | 1 +
trust/persist.c | 1 +
trust/test-builder.c | 1 +
trust/test-persist.c | 1 +
12 files changed, 520 insertions(+), 457 deletions(-)
commit b1cd802e4241aa81c12ba4ecccdb17404799ff03
Author: Stef Walter <stefw@redhat.com>
Date: 2014-09-04
common: Change the CKA_X_PUBLIC_KEY_INFO constant to CKA_PUBLIC_KEY_INFO
CKA_PUBLIC_KEY_INFO is defined in the PKCS#11 2.40 draft, so use that
rather than defining our own.
* Fixed up by Nikos Mavrogiannopoulos <nmav@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=83495
common/attrs.c | 2 +-
common/constants.c | 2 +-
common/pkcs11x.h | 6 +++++-
trust/builder.c | 14 +++++++-------
trust/enumerate.c | 16 ++++++++--------
trust/list.c | 2 +-
trust/parser.c | 2 +-
trust/test-builder.c | 28 ++++++++++++++--------------
trust/test-enumerate.c | 8 ++++----
trust/test-openssl.c | 12 ++++++------
trust/test-parser.c | 8 ++++----
11 files changed, 52 insertions(+), 48 deletions(-)
commit 9ba2165ef75c63960ce95c9b1b085a0a630cfb14
Author: Stef Walter <stefw@redhat.com>
Date: 2014-09-04
common: Add support for multiple field names (ie: nicks) per constant
This allows us to have old/new names for a given constant.
https://bugs.freedesktop.org/show_bug.cgi?id=83495
common/constants.c | 31 ++++++++++++++++---------------
common/constants.h | 2 +-
common/test-constants.c | 10 +++++-----
3 files changed, 22 insertions(+), 21 deletions(-)
commit 1ede9a957c5a4f2c44b6bc88ba380a41c145a81b
Author: Michael Cronenworth <mike@cchtml.com>
Date: 2014-09-09
p11-kit: Fix tests when building with MinGW
Signed-off-by: Michael Cronenworth <mike@cchtml.com>
p11-kit/test-managed.c | 9 +++++++++
p11-kit/test-rpc.c | 9 +++++++++
p11-kit/test-transport.c | 12 ++++++++++++
3 files changed, 30 insertions(+)
commit 086c08ceef86825b7b738c2da016915e91896a20
Author: Michael Cronenworth <mike@cchtml.com>
Date: 2014-08-17
trust: Fix token test when building with MinGW
Signed-off-by: Michael Cronenworth <mike@cchtml.com>
trust/test-token.c | 4 ++++
1 file changed, 4 insertions(+)
commit 92ad58dec9a170a128734ea99e532e8a6a7d5499
Author: Roman Bogorodskiy <bogorodskiy@gmail.com>
Date: 2014-09-09
configure: Check for pthread_create() in pthread library
Check for pthread_create() in pthread library instaed of
pthread_mutexattr_init(). This fixes a linking error on FreeBSD.
https://bugs.freedesktop.org/show_bug.cgi?id=75674
configure.ac | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
commit 4dd71231c7b425c44ca231c6c7b1df97545d1501
Author: Stef Walter <stef@thewalter.net>
Date: 2014-09-09
p11-kit: Compilation fixes for previous commit
Pushed the wrong version
p11-kit/proxy.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
commit 50e4702e6c94aeb3c9096661a78f59db96c86226
Author: Stef Walter <stef@thewalter.net>
Date: 2014-09-09
p11-kit: Make proxy module respect critical = no
The p11-kit-proxy.so module would not respect the critical = no setting
in module configuration, and fail if any module failed to initialize.
https://bugs.freedesktop.org/show_bug.cgi?id=83651
p11-kit/proxy.c | 84 ++++++++++++++++++++++++++++++++-------------------------
1 file changed, 47 insertions(+), 37 deletions(-)
commit aff7ac7ef469f96a55063ba423af66fca17c29c7
Author: Roman Bogorodskiy <bogorodskiy@gmail.com>
Date: 2014-08-18
Fix build without debug
When building without debug build fails with:
CCLD p11-kit/p11-kit
./.libs/libp11-kit.so: undefined reference to `P11_RPC_CHECK_CALLS'
cc: error: linker command failed with exit code 1 (use -v to see
invocation)
gmake[2]: *** [p11-kit/p11-kit] Error 1
This happens because P11_RPC_CHECK_CALLS is not defined when
debugging is enabled, so provide a noop macro for that case.
p11-kit/rpc-message.h | 2 ++
1 file changed, 2 insertions(+)
commit c3fc7b49890bef7c28c1315476c6270d8ed1a492
Author: Stef Walter <stef@thewalter.net>
Date: 2014-09-05
trust: Show public-key-info in 'trust list --details'
Since the public-key-info is an important part of the way we
represent trust, show it in 'trust list' if --details is present.
trust/list.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
commit d715fe5312f7b7c1b881cc49847cc15347e286fc
Author: Stef Walter <stefw@redhat.com>
Date: 2014-09-05
Release version 0.21.2
NEWS | 10 ++++++++++
configure.ac | 2 +-
2 files changed, 11 insertions(+), 1 deletion(-)
commit dc55d9d5fc5d904f0bc3c06ba3caf64483b18fa9
Author: Stef Walter <stefw@redhat.com>
Date: 2014-09-05
trust: Produce a proper message for an invalid stapled extension
Previously we would output a line like this:
p11-kit: 'node != NULL' not true at lookup_extension
trust/builder.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
commit 677dee1a04058aefe8c7689f88da52afe3b4b4bb
Author: Stef Walter <stef@thewalter.net>
Date: 2014-08-15
Move to non-recursive Makefile for building bins and libs
Still use recursive for documentation and translation.
Makefile.am | 66 +++--
build/Makefile.decl | 16 --
build/Makefile.tests | 21 --
build/certs/Makefile | 38 +--
common/Makefile.am | 113 ++++++---
common/{tests => }/frob-getauxval.c | 0
common/{tests => }/test-array.c | 0
common/{tests => }/test-attrs.c | 0
common/{tests => }/test-buffer.c | 0
common/{tests => }/test-compat.c | 0
common/{tests => }/test-constants.c | 0
common/{tests => }/test-dict.c | 0
common/{tests => }/test-hash.c | 0
common/{tests => }/test-lexer.c | 0
common/{tests => }/test-message.c | 0
common/{tests => }/test-path.c | 0
common/{tests => }/test-tests.c | 0
common/{tests => }/test-url.c | 0
common/tests/Makefile.am | 39 ---
configure.ac | 8 +-
doc/manual/Makefile.am | 8 +-
p11-kit/Makefile.am | 244 ++++++++++++------
.../files => fixtures}/package-modules/four.module | 0
.../package-modules/win32/four.module | 0
.../files => fixtures}/system-modules/one.module | 0
.../system-modules/two-duplicate.module | 0
.../files => fixtures}/system-modules/two.badname | 0
.../system-modules/win32/one.module | 0
.../system-modules/win32/two-duplicate.module | 0
.../system-modules/win32/two.badname | 0
.../{tests/files => fixtures}/system-pkcs11.conf | 0
p11-kit/{tests/files => fixtures}/test-1.conf | 0
p11-kit/{tests/files => fixtures}/test-pinfile | 0
.../{tests/files => fixtures}/test-pinfile-large | 0
.../files => fixtures}/test-system-invalid.conf | 0
.../files => fixtures}/test-system-merge.conf | 0
.../files => fixtures}/test-system-none.conf | 0
.../files => fixtures}/test-system-only.conf | 0
.../files => fixtures}/test-user-invalid.conf | 0
.../{tests/files => fixtures}/test-user-only.conf | 0
p11-kit/{tests/files => fixtures}/test-user.conf | 0
.../files => fixtures}/user-modules/one.module | 0
.../files => fixtures}/user-modules/three.module | 0
.../user-modules/win32/one.module | 0
.../user-modules/win32/three.module | 0
p11-kit/{tests => }/frob-setuid.c | 0
p11-kit/{tests => }/mock-module-ep.c | 0
p11-kit/{tests => }/mock-module-ep2.c | 0
p11-kit/{tests => }/print-messages.c | 0
p11-kit/{tests => }/test-conf.c | 54 ++--
p11-kit/{tests => }/test-deprecated.c | 0
p11-kit/{tests => }/test-init.c | 0
p11-kit/{tests => }/test-iter.c | 0
p11-kit/{tests => }/test-log.c | 0
p11-kit/{tests => }/test-managed.c | 0
p11-kit/{tests => }/test-mock.c | 0
p11-kit/{tests => }/test-modules.c | 0
p11-kit/{tests => }/test-pin.c | 6 +-
p11-kit/{tests => }/test-progname.c | 0
p11-kit/{tests => }/test-proxy.c | 0
p11-kit/{tests => }/test-rpc.c | 0
p11-kit/{tests => }/test-transport.c | 2 +-
p11-kit/{tests => }/test-uri.c | 0
p11-kit/{tests => }/test-util.c | 0
p11-kit/{tests => }/test-virtual.c | 0
p11-kit/tests/Makefile.am | 91 -------
trust/Makefile.am | 273 +++++++++++++++------
trust/anchor.c | 5 +-
trust/enumerate.h | 5 +-
trust/extract.c | 5 +-
trust/{tests/files => fixtures}/cacert-ca.der | Bin
.../files => fixtures}/cacert3-distrust-all.pem | 0
.../files => fixtures}/cacert3-distrusted-all.pem | 0
.../files => fixtures}/cacert3-not-trusted.pem | 0
.../files => fixtures}/cacert3-trusted-alias.pem | 0
.../files => fixtures}/cacert3-trusted-keyid.pem | 0
.../cacert3-trusted-server-alias.pem | 0
.../{tests/files => fixtures}/cacert3-trusted.pem | 0
trust/{tests/files => fixtures}/cacert3-twice.pem | 0
trust/{tests/files => fixtures}/cacert3.der | Bin
trust/{tests/files => fixtures}/cacert3.pem | 0
trust/{tests/files => fixtures}/distrusted.pem | 0
trust/{tests/files => fixtures}/empty-file | 0
trust/{tests/files => fixtures}/multiple.pem | 0
.../files => fixtures}/openssl-trust-no-trust.pem | 0
trust/{tests/files => fixtures}/redhat-ca.der | Bin
.../files => fixtures}/self-signed-with-eku.der | Bin
.../files => fixtures}/self-signed-with-ku.der | Bin
trust/{tests/files => fixtures}/simple-string | 0
trust/{tests/files => fixtures}/testing-server.der | Bin
trust/{tests/files => fixtures}/thawte.pem | 0
.../files => fixtures}/unrecognized-file.txt | 0
trust/{tests/files => fixtures}/verisign-v1.der | Bin
trust/{tests/files => fixtures}/verisign-v1.pem | 0
trust/{tests => }/frob-bc.c | 0
trust/{tests => }/frob-cert.c | 0
trust/{tests => }/frob-eku.c | 0
trust/{tests => }/frob-ext.c | 0
trust/{tests => }/frob-ku.c | 0
trust/{tests => }/frob-multi-init.c | 0
trust/{tests => }/frob-nss-trust.c | 0
trust/{tests => }/frob-oid.c | 0
trust/{tests => }/frob-pow.c | 0
trust/{tests => }/frob-token.c | 0
trust/{tests => }/input/anchors/cacert3.der | Bin
trust/{tests => }/input/anchors/testing-ca.der | Bin
trust/{tests => }/input/blacklist/self-server.der | Bin
trust/{tests => }/input/cacert-ca.der | Bin
trust/{tests => }/input/distrusted.pem | 0
trust/{tests => }/input/verisign-v1.p11-kit | 0
trust/list.c | 5 +-
trust/{tests => }/test-asn1.c | 0
trust/{tests => }/test-base64.c | 0
trust/{tests => }/test-builder.c | 0
trust/{tests => }/test-bundle.c | 12 +-
trust/{tests => }/test-cer.c | 12 +-
trust/{tests => }/test-digest.c | 0
trust/{tests => }/test-enumerate.c | 2 +
trust/{tests => }/test-extract.in | 0
trust/{tests => }/test-index.c | 0
trust/{tests => }/test-module.c | 16 +-
trust/{tests => }/test-oid.c | 0
trust/{tests => }/test-openssl.c | 20 +-
trust/{tests => }/test-parser.c | 20 +-
trust/{tests => }/test-pem.c | 0
trust/{tests => }/test-persist.c | 0
trust/{tests => }/test-save.c | 14 +-
trust/{tests => }/test-token.c | 4 +-
trust/{tests => }/test-trust.c | 0
trust/{tests => }/test-trust.h | 0
trust/{tests => }/test-utf8.c | 0
trust/{tests => }/test-x509.c | 0
trust/tests/Makefile.am | 122 ---------
133 files changed, 632 insertions(+), 589 deletions(-)
commit 2a35a67923c26cd38839197aee51c274e5c2550e
Author: Stef Walter <stef@thewalter.net>
Date: 2014-08-15
common: Fix regression introduced by last commit
The last commit caused dirfd() to become undefined.
https://bugs.freedesktop.org/show_bug.cgi?id=82617
common/compat.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit bf8dfa9f33c1aa8d76f8d1ae6cf79afb90497cd4
Author: Baruch Siach <baruch@tkos.co.il>
Date: 2014-05-05
Fix build against older pthreads implementations
Older pthreads implementations like glibc NPTL prior to version 2.12, and
uClibc linuxthreads (both), need _XOPEN_SOURCE to expose
pthread_mutexattr_settype() and THREAD_MUTEX_DEFAULT. The value 600 (SuSv3,
POSIX.1-2001) is equivalent to _POSIX_C_SOURCE 200112L.
Fixes the following build error:
CC compat.lo
compat.c: In function 'p11_mutex_init':
compat.c:164:2: warning: implicit declaration of function 'pthread_mutexattr_settype' [-Wimplicit-function-declaration]
compat.c:164:2: warning: nested extern declaration of 'pthread_mutexattr_settype' [-Wnested-externs]
compat.c:164:36: error: 'PTHREAD_MUTEX_DEFAULT' undeclared (first use in this function)
https://bugs.freedesktop.org/show_bug.cgi?id=82617
common/compat.c | 6 ++++++
1 file changed, 6 insertions(+)
commit ea10b26125eff14d5b138ceb0e55994bd38f7381
Author: Stef Walter <stef@thewalter.net>
Date: 2014-08-14
Fix 'make upload-release' target
Makefile.am | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit 6333aedd27b1a9cb81ac2d0556c1a97f726bdb33
Author: Stef Walter <stef@thewalter.net>
Date: 2014-08-11
doc: Fix missing tag in p11-kit-sharing.xml
doc/manual/p11-kit-sharing.xml | 1 +
1 file changed, 1 insertion(+)
commit ea39cf40a881fd28f86e2625dff80fde58f2e08a
Author: Stef Walter <stef@thewalter.net>
Date: 2014-08-11
p11-kit: Fix various noise/issues highlighted by clang
p11-kit/modules.c | 1 -
p11-kit/remote.c | 3 +--
p11-kit/rpc-client.c | 4 ++--
p11-kit/rpc-server.c | 18 ++++++++++--------
4 files changed, 13 insertions(+), 13 deletions(-)
commit a7b012fcfa4fd0c1c53de3006a63a8bad4a08041
Author: Stef Walter <stef@thewalter.net>
Date: 2014-08-08
Ignore clang scanner litter
.gitignore | 1 +
1 file changed, 1 insertion(+)
commit c62ce78b8ae6961c9d1dda092781b6988488a135
Author: Stef Walter <stefw@redhat.com>
Date: 2014-08-08
trust: Don't use invalid public keys for looking up stapled extensions
https://bugs.freedesktop.org/show_bug.cgi?id=82328
trust/builder.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 1576ac9495333d0f285e0ab69f444d3ae0630859
Author: Stef Walter <stefw@redhat.com>
Date: 2014-08-08
trust: Print label of certificate when complaining about basic constraints
https://bugs.freedesktop.org/show_bug.cgi?id=82328
trust/builder.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
commit d9df354fffbbfa42aac796235cf446c63ad2eef8
Author: Stef Walter <stef@thewalter.net>
Date: 2014-08-08
trust: Double check that index bucket is valid before access
trust/index.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit 3748527ed4deb980a2aa0a74893ccb4384951015
Author: Stef Walter <stef@thewalter.net>
Date: 2014-08-08
p11-kit: Remove use after free in debug output code path
p11-kit/modules.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit f1d563400c9747d6c470cba7abfa9a31d92349d3
Author: Stef Walter <stef@thewalter.net>
Date: 2014-08-08
Quiten down scanner warnings about unused variables
p11-kit/lists.c | 5 +----
trust/list.c | 5 +----
2 files changed, 2 insertions(+), 8 deletions(-)
commit 26b3e98f7934bd47ab3d387124135f254bd6f8ba
Author: Stef Walter <stef@thewalter.net>
Date: 2014-08-08
common: Quiet down clang scanner with assertions
Quieten down the clang scanner by telling it to expect
that our test assertions fail
common/test.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 9cd9153a4d4cf78011d2a8f8c7a69aa8f3eda9f3
Author: Stef Walter <stef@thewalter.net>
Date: 2014-08-08
Fix mostly erroneous scanner warnings in tests
common/tests/test-array.c | 1 +
common/tests/test-dict.c | 3 +++
common/tests/test-tests.c | 2 ++
p11-kit/tests/test-deprecated.c | 6 +++++-
p11-kit/tests/test-uri.c | 3 +++
trust/tests/frob-bc.c | 1 +
trust/tests/frob-eku.c | 1 +
trust/tests/frob-ext.c | 1 +
trust/tests/frob-ku.c | 2 ++
trust/tests/frob-oid.c | 2 ++
trust/tests/test-token.c | 2 +-
11 files changed, 22 insertions(+), 2 deletions(-)
commit eb9d1fcc8e0adc38ff494af619db37013ff17cb9
Author: Stef Walter <stef@thewalter.net>
Date: 2014-08-08
trust: Fix leak in token loading error path
trust/token.c | 1 +
1 file changed, 1 insertion(+)
commit 4750c617829b666dd1acb2a12ca61419fa12bc26
Author: Stef Walter <stef@thewalter.net>
Date: 2014-08-08
trust: Fix unlikely use of uninitialized memory in token loading
trust/token.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
commit a35cc9be7a34e4fd012b0fa25a7091acf044a038
Author: Stef Walter <stef@thewalter.net>
Date: 2014-08-08
trust: Fix leak in trust list command
trust/list.c | 1 +
1 file changed, 1 insertion(+)
commit cdf540cefd7e106bc4607584dfa153d847f1a2a9
Author: Stef Walter <stef@thewalter.net>
Date: 2014-08-08
trust: Fix use after free and double free in extract command
trust/extract.c | 11 ++++-------
1 file changed, 4 insertions(+), 7 deletions(-)
commit 29325102bb93239313f4b2928f18a589731bd125
Author: Stef Walter <stef@thewalter.net>
Date: 2014-08-08
trust: Remove dead while condition in anchor commond
trust/anchor.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 2663c834561207b947f6a8e98a7661644b6c9630
Author: Stef Walter <stef@thewalter.net>
Date: 2014-08-08
p11-kit: Fix integer overflow in memset() argument
p11-kit/virtual.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit f8c7ed390672d0749aaf0bbbad2c2af7145ebc01
Author: Stef Walter <stef@thewalter.net>
Date: 2014-08-08
p11-kit: Fix bad check of asprintf() return value
p11-kit/p11-kit.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 3a21a0bc541348803f7da01ef6c5b4baf6bc221a
Author: Stef Walter <stef@thewalter.net>
Date: 2014-08-08
configure.ac: Add subdir-objects to satisfy newer automakes
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 92523973caae8b195c4d39b6cf872ea09d72d497
Author: Stef Walter <stef@thewalter.net>
Date: 2014-08-08
trust: Fix use of invalid memory in PEM parser
trust/pem.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
commit c22e37091278ffb339c692f5c994c3393b12a254
Author: Stef Walter <stef@thewalter.net>
Date: 2014-08-08
trust: Parse TRUSTED CERTIFICATE openssl format even without CertAux
openssl sometimes outputs TRUSTED CERTIFICATE PEM files without the
additional CertAux (ie: trust fields) information. It simply leaves
that block out. This happens with a command like:
$ openssl x509 -in my-cert.pem -out output -trustout
trust/parser.c | 32 ++++----
trust/tests/files/openssl-trust-no-trust.pem | 27 +++++++
trust/tests/test-parser.c | 105 +++++++++++++++++++++++++++
3 files changed, 151 insertions(+), 13 deletions(-)
commit 2e503dccd889a3f83951830fda18c9357377693d
Author: Stef Walter <stef@thewalter.net>
Date: 2014-08-08
common: Allow specifying which tests to run on command line
This modifies our common unit test code so we can specify full
test paths on the command line, and restrict the run tests to
the ones specified. Order is not respected at this time.
common/test.c | 34 +++++++++++++++++++++++++++++++++-
1 file changed, 33 insertions(+), 1 deletion(-)
commit 6a8843b3c5f6d44eb280a54653388a3de316f638
Author: Stef Walter <stef@thewalter.net>
Date: 2014-08-07
Release version 0.21.1
NEWS | 6 ++++++
configure.ac | 2 +-
2 files changed, 7 insertions(+), 1 deletion(-)
commit 3cbe204722e2d5dfa8e8756e0b57b44c67fdd2c4
Author: Stef Walter <stef@thewalter.net>
Date: 2014-08-07
po: Add new translations: oc
Makefile.am | 2 +-
po/LINGUAS | 1 +
po/oc.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 344 insertions(+), 1 deletion(-)
commit 4f2cc97a95733e9ea8f85510b0f1e5c99053ae5e
Author: Stef Walter <stef@thewalter.net>
Date: 2014-08-07
common: Don't do repeated linear reallocation of array memory
Some mallocs (notably on Windows) have really poor behavior when
called repeatedly with a linearly growing buffer.
https://bugzilla.redhat.com/show_bug.cgi?id=985419
common/array.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
commit 08a017dbae88f6e57eee387b5984d0494e62d976
Author: Stef Walter <stef@thewalter.net>
Date: 2014-08-07
p11-kit: Tweak last commit, handle the not-forked case
When we hadn't forked, but were just not initialized, still return
CKR_CRYPTOKI_NOT_INITIALIZED from managed modules.
p11-kit/modules.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
commit c61187f879395bb334edba39ee6dfb91f1a9e59b
Author: Stef Walter <stef@thewalter.net>
Date: 2014-08-07
p11-kit: Don't complain about C_Finalize called in wrong process
When C_Finalize is called in the wrong process, it's often because
of a caller unaware of forking. This is a painful area of PKCS#11,
but at least for C_Finalize, lets not complain loudly about it.
p11-kit/modules.c | 19 +++++++++++++------
1 file changed, 13 insertions(+), 6 deletions(-)
commit 8e132ab21378fb5fa1f44afb38c23f44b1277f7d
Author: Stef Walter <stef@thewalter.net>
Date: 2014-06-24
p11-kit: Add a new 'isolate' pkcs11 config option
This sets 'remote' appropriately to run the module in a separate
process.
https://bugs.freedesktop.org/show_bug.cgi?id=80472
doc/manual/p11-kit-sharing.xml | 4 ++++
doc/manual/pkcs11.conf.xml | 8 ++++++++
p11-kit/modules.c | 44 ++++++++++++++++++++++++++++++------------
3 files changed, 44 insertions(+), 12 deletions(-)
commit 17ea60eaf9d1b4eab9546d6dfc7e7afe83779f91
Author: Stef Walter <stef@thewalter.net>
Date: 2014-06-24
p11-kit: Cleanup and add documentation for 'remote' option
https://bugs.freedesktop.org/show_bug.cgi?id=54105
doc/manual/p11-kit.xml | 15 +++++++++++
doc/manual/pkcs11.conf.xml | 13 ++++++++++
p11-kit/rpc-transport.c | 57 ++++++++++++++++++++++--------------------
p11-kit/tests/test-transport.c | 2 +-
4 files changed, 59 insertions(+), 28 deletions(-)
commit d4289fbe420e19882d94827bd82a667a0132fccf
Author: Stef Walter <stef@thewalter.net>
Date: 2014-06-24
p11-kit: Add 'p11-kit remote' command for isolating modules
This adds a new tool to the p11-kit command called 'remote'. This
is the server side of remoting a PKCS#11 module.
doc/manual/p11-kit-sections.txt | 1 +
p11-kit/Makefile.am | 2 +
p11-kit/p11-kit.c | 69 +++++++++++++++++++++++++
p11-kit/{tests/frob-server.c => remote.c} | 86 ++++++++++++-------------------
p11-kit/remote.h | 56 ++++++++++++++++++++
p11-kit/tests/Makefile.am | 3 --
p11-kit/tests/test-transport.c | 2 +-
7 files changed, 161 insertions(+), 58 deletions(-)
commit 7ec80ff13adb167705a999b7d082c76219adc909
Author: Stef Walter <stefw@gnome.org>
Date: 2013-02-20
rpc: Implement execution of another tool to transport PKCS#11 RPC
p11-kit/Makefile.am | 3 +-
p11-kit/modules.c | 70 +++-
p11-kit/rpc-transport.c | 850 ++++++++++++++++++++++++++++++++++++++++
p11-kit/rpc.h | 36 +-
p11-kit/tests/Makefile.am | 19 +-
p11-kit/tests/frob-server.c | 173 ++++++++
p11-kit/tests/mock-module-ep2.c | 56 +++
p11-kit/tests/test-rpc.c | 156 +++++++-
p11-kit/tests/test-transport.c | 281 +++++++++++++
9 files changed, 1600 insertions(+), 44 deletions(-)
commit 5ecfe2c8aa58a170aac2d9a9c22d7ffb3cc9442a
Author: Stef Walter <stef@thewalter.net>
Date: 2013-10-09
mock: Minor testing tweaks to mock testing
p11-kit/tests/test-mock.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit 989eab4f5886c7455242c04bf359619ac148d5ff
Author: Stef Walter <stef@thewalter.net>
Date: 2013-10-09
modules: Make config file and module configs overridable by tests
p11-kit/modules.c | 15 +++++++++++----
p11-kit/private.h | 7 +++++++
2 files changed, 18 insertions(+), 4 deletions(-)
commit 895f0416448c297a3d06160d748cd0e94eadb366
Author: Stef Walter <stef@thewalter.net>
Date: 2013-10-09
test: Move some file and directory code into general test stuff
common/test.c | 83 ++++++++++++++++++++++++++++++++++++++++++++++++
common/test.h | 10 ++++++
trust/tests/test-token.c | 52 +++++++++++++++---------------
trust/tests/test-trust.c | 75 -------------------------------------------
trust/tests/test-trust.h | 28 ----------------
5 files changed, 119 insertions(+), 129 deletions(-)
commit ccc5e1569b360b54962e7f4cfaded8ab466b021d
Author: Stef Walter <stefw@gnome.org>
Date: 2013-02-20
Add compatibility fdwalk() function
This is used when execing another process to close all open
file descriptors that we don't wish to be inherited.
common/compat.c | 73 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
common/compat.h | 7 ++++++
configure.ac | 3 +++
3 files changed, 83 insertions(+)
commit c785ab66890ad7b73c556d6afdf2bb8a32dd50e2
Author: Stef Walter <stefw@gnome.org>
Date: 2012-08-23
rpc: Implement PKCS#11 messages/client/server code
* This enables passing around bytes which represent PKCS#11 RPC calls.
* Caller is responsible for connecting/disconnecting and so on.
* Client side caller gets a mixin from p11_rpc_client_init() to call
into, which generates callbacks with byte arrays to be transported.
* Server side calls p11_rpc_server_handle() with a CK_FUNCTION_LIST_PTR
on which relevant methods get called.
* Doesn't yet implement the actual daemon or clients etc...
https://bugs.freedesktop.org/show_bug.cgi?id=54105
common/debug.c | 1 +
common/debug.h | 1 +
common/mock.c | 7 +
common/mock.h | 3 +
doc/manual/Makefile.am | 2 +
p11-kit/Makefile.am | 2 +
p11-kit/rpc-client.c | 2092 +++++++++++++++++++++++++++++++++++++++++++++
p11-kit/rpc-message.c | 769 +++++++++++++++++
p11-kit/rpc-message.h | 368 ++++++++
p11-kit/rpc-server.c | 1901 ++++++++++++++++++++++++++++++++++++++++
p11-kit/rpc.h | 69 ++
p11-kit/tests/Makefile.am | 1 +
p11-kit/tests/test-mock.c | 10 +-
p11-kit/tests/test-rpc.c | 939 ++++++++++++++++++++
14 files changed, 6163 insertions(+), 2 deletions(-)
commit 469e75bb8184392cb47b3cb4897589caabe56e70
Author: Andreas Metzler <ametzler@bebt.de>
Date: 2014-01-19
Fix typo: supress - > suppress
p11-kit/lists.c | 2 +-
trust/anchor.c | 2 +-
trust/extract.c | 2 +-
trust/list.c | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
commit 08e4fcd2c7a9b9ea7a46bff5809a7c383f6063a9
Author: Stef Walter <stef@thewalter.net>
Date: 2014-07-04
Release version 0.20.3
NEWS | 10 ++++++++++
configure.ac | 2 +-
2 files changed, 11 insertions(+), 1 deletion(-)
commit 840ec0f54daeb7c3bc37e22b6ec09ea7cfede868
Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: 2014-07-04
Added test for non-null values in empty ID and label URI parts
p11-kit/tests/test-uri.c | 66 ++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 66 insertions(+)
commit d8c064dff11af8537d1c228927c9da82cb6b60e4
Author: Stef Walter <stef@thewalter.net>
Date: 2014-07-04
p11-kit: Mark p11_kit_be_quiet() and p11_kit_be_loud() stable
These are useful functions for callers who want to supress all output
from p11-kit library.
doc/manual/p11-kit-sections.txt | 4 ++--
p11-kit/p11-kit.h | 8 ++++----
2 files changed, 6 insertions(+), 6 deletions(-)
commit 25e8999fd11d0b2c156f3bdd8597142dedd042cb
Author: Stef Walter <stef@thewalter.net>
Date: 2014-07-03
p11-kit: Handle managed modules correctly when forking
Correctly allow reinitialization when a process forks.
We don't yet implement checks on all entry points of a managed
module, but this allows callers to call C_Initialize again
after forking, as outlined by the PKCS#11 v2 spec.
p11-kit/modules.c | 14 ++++++++-----
p11-kit/tests/test-managed.c | 47 ++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 56 insertions(+), 5 deletions(-)
commit a2bd1a8c5ba3c611899f7dfc27d553010899eeec
Author: Pavel A <pavel_a at live.com>
Date: 2014-07-01
common: Fixed implementation of strerror_r for WinXP
ie: when streror_s is missing in msvcrt.dll
https://bugs.freedesktop.org/show_bug.cgi?id=76594
common/compat.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
commit 6527f5d3b24a96369a24281db7593d5c4fc73408
Author: Stef Walter <stef@thewalter.net>
Date: 2014-06-25
p11-kit: Fix corrupted list when initialization of modules fail
This fixes the function call p11_kit_module_initialize() to
correctly rearrange the modules array when initializing a module
fails.
Also fixes p11_kit_modules_load_and_initialize()
p11-kit/modules.c | 2 ++
1 file changed, 2 insertions(+)
commit d21967cdcd18c8fcb749f874c492b7f6c4965817
Author: Milan Crha <mcrha@redhat.com>
Date: 2014-06-20
Don't try to symlink p11-proxy.so on windows
https://bugs.freedesktop.org/show_bug.cgi?id=76594
p11-kit/Makefile.am | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
commit ead043f7f29d7d724f559fc4caab17edd8206d78
Author: Stef Walter <stef@thewalter.net>
Date: 2014-06-20
configure: Require automake 1.12 or later
We can't use automake 1.10 as serial-tests is not supported
there.
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 4faa892e97e59dd6ab01b4cae3e2534663e18ba7
Author: Pavel A <pavel.aronsky@daynix.com>
Date: 2014-06-20
Proposed fix for compiler warnings in common/compat.c
when buliding for Windows (mingw).
This issue has been reported in bug #76594
a. Moved vasprintf before asprintf
b. Added prototypes for each of them
Thanks,
pa
Signed-off-by: Pavel A <pavel.aronsky@daynix.com>
common/compat.c | 42 +++++++++++++++++++++++-------------------
1 file changed, 23 insertions(+), 19 deletions(-)
commit 98292d6bbc21168b517cdfca2635d35f2b47740d
Author: Stef Walter <stef@thewalter.net>
Date: 2014-02-13
proxy: Fix cases where modules are unloaded while in use
The proxy module would unload the PKCS#11 modules it was proxying
when C_Finalize() was called. However if a caller in another thread
was inside of a PKCS#11 function at the time, this would cause
a crash.
Change things around so that underlying modules are finalized during
the proxy C_Finalize() but not released/unloaded until the proxy
module itself is unloaded.
https://bugs.freedesktop.org/show_bug.cgi?id=74919
p11-kit/proxy.c | 53 +++++++++++++++++++++++++++++++----------------------
1 file changed, 31 insertions(+), 22 deletions(-)
commit deca4955a6cce1dd77bbd45b9524b0f7b0825169
Author: Stef Walter <stef@thewalter.net>
Date: 2014-02-13
proxy: Remove assertions when module is not initialized
We should return CKR_CRYPTOKI_NOT_INITIALIZED rather than
assert() when proxy PKCS#11 functions are called before the
module is initialized.
https://bugs.freedesktop.org/show_bug.cgi?id=74919
p11-kit/proxy.c | 2 --
1 file changed, 2 deletions(-)
commit 44beedb8c2b4e30b421b604fb1b044402a1d1ff6
Author: Pascal Terjan <pterjan@google.com>
Date: 2014-02-09
Fix handling of mmap failure and mapping empty files
Check the return value of mmap() correctly.
Empty files cannot be mmap'd so we implement some
work around code for that.
https://bugs.freedesktop.org/show_bug.cgi?id=74773
Signed-off-by: Stef Walter <stef@thewalter.net>
common/compat.c | 11 +++++++++--
common/tests/test-compat.c | 17 +++++++++++++++++
2 files changed, 26 insertions(+), 2 deletions(-)
commit c59a6b577b7ba1990a7dc04a894c3bc4f4671471
Author: Stef Walter <stefw@gnome.org>
Date: 2014-01-29
Support running autogen.sh from srcdir != builddir
autogen.sh | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
commit 73aab81e55a2c2d0161484de756317ad32c80ddc
Author: Stef Walter <stefw@gnome.org>
Date: 2014-01-29
Don't use 'aux' directory name
Because Windows is really properly screwed up.
https://bugs.freedesktop.org/show_bug.cgi?id=74149
build/{aux => litter}/.empty | 0
configure.ac | 2 +-
2 files changed, 1 insertion(+), 1 deletion(-)
commit 43c54570e97c60457ed09ffb18ad8416b640e51d
Author: Stef Walter <stef@thewalter.net>
Date: 2014-01-14
Release version 0.20.2
NEWS | 7 +++++++
configure.ac | 2 +-
2 files changed, 8 insertions(+), 1 deletion(-)
commit 90479889d9ee0c6f64067cb762286e6d25dca4b3
Author: Stef Walter <stef@thewalter.net>
Date: 2014-01-14
distcheck: Build with optimizations so we get proper warnings
Makefile.am | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
commit 426db01ae6c793d59b055e2ff7b14eeb14a48e68
Author: Stef Walter <stef@thewalter.net>
Date: 2014-01-14
test-iter: Fix use of uninitialized variable
p11-kit/tests/test-iter.c | 1 +
1 file changed, 1 insertion(+)
commit 99904e84d9f8f0637f66107807ac4ac9e3339e4a
Author: Stef Walter <stef@thewalter.net>
Date: 2014-01-14
trust: Add installcheck target for testing extract
This is an integration test that the extract and blacklist
functionality basics work.
More integration tests should follow, at which point we should
place the various generic testing bits into their own file.
.gitignore | 2 +
configure.ac | 1 +
trust/tests/Makefile.am | 6 ++
trust/tests/test-extract.in | 189 ++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 198 insertions(+)
commit 1f4f072346e388d7b6b6cf79b111952069c4e95c
Author: Stef Walter <stef@thewalter.net>
Date: 2014-01-14
Build in srcdir != builddir fashion by default
Naturally this doesn't apply to tarballs
.gitignore | 7 +++++++
Makefile.am | 4 ++--
autogen.sh | 3 ++-
automaint.sh | 6 +++---
build/Makefile.am | 9 ---------
build/certs/{Makefile.am => Makefile} | 2 +-
configure.ac | 2 --
doc/manual/Makefile.am | 3 ++-
8 files changed, 17 insertions(+), 19 deletions(-)
commit 9afb6eff85489614d0bc56a3a661473c25f9d892
Author: Stef Walter <stef@thewalter.net>
Date: 2014-01-14
Move gtk-doc.make into build directory
gtk-doc.make => build/gtk-doc.make | 0
doc/manual/Makefile.am | 2 +-
2 files changed, 1 insertion(+), 1 deletion(-)
commit 635c22f4518200c7e106cdf507a4c89072f8b6ca
Author: Stef Walter <stef@thewalter.net>
Date: 2014-01-13
enumerate: Preload and respect blacklist across all tokens
This fixes an issue where a blacklist in one token wasn't properly
skipping anchors being extracted with extract-compat
https://bugs.freedesktop.org/show_bug.cgi?id=73558
trust/enumerate.c | 196 ++++++++++++++++++++++++++++++++-----------
trust/enumerate.h | 3 +
trust/tests/test-enumerate.c | 39 ++++++++-
3 files changed, 186 insertions(+), 52 deletions(-)
commit 6bc661e907f5382dbd9a76fb47a3b554c2ea0028
Author: Stef Walter <stef@thewalter.net>
Date: 2014-01-13
attrs: Allow NULL attribute to be passed to p11_attr_hash()
This allows simpler lookups.
https://bugs.freedesktop.org/show_bug.cgi?id=73558
common/attrs.c | 12 +++++++-----
common/tests/test-attrs.c | 3 +++
2 files changed, 10 insertions(+), 5 deletions(-)
commit 8d5bff64a7050e983c688bb5612bf4046fe96393
Author: Stef Walter <stef@thewalter.net>
Date: 2014-01-13
enumerate: Use p11_enumerate_ready() from tests
This gives a little broader testing of the enumerator
https://bugs.freedesktop.org/show_bug.cgi?id=73558
trust/enumerate.c | 5 +++--
trust/tests/test-enumerate.c | 31 ++++++++++++++++++++-----------
2 files changed, 23 insertions(+), 13 deletions(-)
commit f875bda849626cb5b894fe56985408ab7ee8f9a3
Author: Stef Walter <stef@thewalter.net>
Date: 2014-01-13
iter: Fix return value in rare memory allocation case
p11-kit/iter.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit bc60631d3e327fd97f53c68c5b3134e4cefad7e1
Author: Stef Walter <stef@thewalter.net>
Date: 2014-01-13
iter: Add p11_kit_iter_get_attributes() function
A simple wrapper for C_GetAttributeValue()
p11-kit/iter.c | 35 +++++++++++++++++++++++++
p11-kit/iter.h | 4 +++
p11-kit/tests/test-iter.c | 67 +++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 106 insertions(+)
commit f864a68195a9b8fb25c529f539077691fff924a5
Author: Stef Walter <stef@thewalter.net>
Date: 2014-01-08
Remove straggler file in the tools directory
tools/tests/test.c | 266 -----------------------------------------------------
1 file changed, 266 deletions(-)
commit e96bc57639a8837e5900a85e282dc0d8bd487fc3
Author: Stef Walter <stef@thewalter.net>
Date: 2014-01-08
Update translations from transifex
po/da.po | 169 ++++++++++++++++++++++++++++++++-------------------------------
1 file changed, 85 insertions(+), 84 deletions(-)
commit ae7c79d466deff4c37587f11531327c8fa5f534c
Author: Stef Walter <stef@thewalter.net>
Date: 2014-01-08
Fix typo in mock.c
Reported-by: Tijl Coosemans <tijl@FreeBSD.org>
common/mock.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 157941cbd75492b0c74ff21f95de3093cf6d4aca
Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: 2013-11-26
Check if pthread and nanosleep() are in libc before linking other libs
In recent versions of glibc this is true and prevents linking with
pthreads when it is not necessary.
Tweaked by Stef Walter
Signed-off-by: Stef Walter <stef@thewalter.net>
configure.ac | 21 +++++++++++++++------
1 file changed, 15 insertions(+), 6 deletions(-)
commit ec02489eca1b7b57c35db71bce5a6f7b876e535e
Author: Roman Bogorodskiy <bogorodskiy@gmail.com>
Date: 2013-11-08
Drop unused libtasn1.h include
It's not only unsed, but also causes build fail because CFLAGS
for tests does not contain LIBTASN1_CFLAGS.
Signed-off-by: Stef Walter <stef@thewalter.net>
https://bugs.freedesktop.org/show_bug.cgi?id=71379
common/tests/frob-getauxval.c | 2 --
1 file changed, 2 deletions(-)
commit 5ed8c3d3ede6ef30e4b5a40db1438dd6231d5088
Author: Stef Walter <stef@thewalter.net>
Date: 2013-09-13
trust: Check for race in BasicConstraints stapled extension
Related to the following bug:
https://bugs.freedesktop.org/show_bug.cgi?id=69314
trust/tests/test-builder.c | 49 ++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 49 insertions(+)
commit beb377f7479e834366be60dc6c1da2e53278e091
Author: Andreas Metzler <ametzler@debian.org>
Date: 2013-10-01
Disable tests with setgid binaries when running in fakeroot
We use the FAKED_MODE environment variable as a way to detect
fakeroot.
common/tests/test-compat.c | 5 ++++-
p11-kit/tests/test-conf.c | 5 ++++-
2 files changed, 8 insertions(+), 2 deletions(-)
commit 895327695f141d5bce5e260b80b5ec01796b214a
Author: Stef Walter <stefw@gnome.org>
Date: 2013-09-08
Fix documentation build
doc/manual/Makefile.am | 24 +++++++++++++-----------
1 file changed, 13 insertions(+), 11 deletions(-)
commit b5f7f7023365c31d0d26ce91e29c801fe9bec1ed
Author: Stef Walter <stef@thewalter.net>
Date: 2013-09-09
Update from transifex and string changes
po/LINGUAS | 36 +++++-
po/ar.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/as.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/az.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/bg.po | 4 +-
po/bn_IN.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/ca.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/ca@valencia.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/cs.po | 4 +-
po/cy.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/da.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/de.po | 5 +-
po/el.po | 4 +-
po/en_GB.po | 4 +-
po/eo.po | 4 +-
po/es.po | 5 +-
po/es_CL.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/eu.po | 4 +-
po/fa.po | 4 +-
po/fi.po | 5 +-
po/fo.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/fr.po | 4 +-
po/ga.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/gl.po | 5 +-
po/gu.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/he.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/hi.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/hr.po | 5 +-
po/hu.po | 5 +-
po/ia.po | 4 +-
po/id.po | 5 +-
po/it.po | 5 +-
po/it_IT.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/ja.po | 5 +-
po/ka.po | 5 +-
po/kk.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/kn.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/ko.po | 5 +-
po/lt.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/lv.po | 5 +-
po/ml.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/mr.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/ms.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/nb.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/nl.po | 5 +-
po/nn.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/or.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/pa.po | 4 +-
po/pl.po | 5 +-
po/pt.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/pt_BR.po | 5 +-
po/ro.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/ru.po | 4 +-
po/sk.po | 4 +-
po/sl.po | 5 +-
po/sq.po | 4 +-
po/sr.po | 5 +-
po/sr@latin.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/sv.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/ta.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/te.po | 4 +-
po/th.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/tr.po | 4 +-
po/uk.po | 5 +-
po/vi.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/wa.po | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/zh_CN.po | 4 +-
po/zh_HK.po | 4 +-
po/zh_TW.po | 4 +-
69 files changed, 11068 insertions(+), 74 deletions(-)
commit 247e31c94666fbeab08a5dc67b0b8f7a3edbef27
Author: Stef Walter <stef@thewalter.net>
Date: 2013-09-09
Release version 0.20.1
NEWS | 6 ++++++
configure.ac | 2 +-
2 files changed, 7 insertions(+), 1 deletion(-)
commit 88ac590d2e9786d5b364aac7a23b2b0567e87020
Author: Stef Walter <stef@thewalter.net>
Date: 2013-09-09
Remove unused make variables
common/tests/Makefile.am | 6 ++----
p11-kit/tests/Makefile.am | 1 -
2 files changed, 2 insertions(+), 5 deletions(-)
commit 8d834060b5af54dcc9581840dfb6452a17a7a7d3
Author: Stef Walter <stef@thewalter.net>
Date: 2013-09-05
extract-compat: Skip extraction if running as non-root
trust/trust-extract-compat.in | 6 ++++++
1 file changed, 6 insertions(+)
commit a5713df2c05debd269615226b41e1e0b83de2ba3
Author: Stef Walter <stef@thewalter.net>
Date: 2013-09-05
anchor: Run extract-compat after we've changed something
When the 'trust anchor' tool changes something, run
'trust extract-compat' after that point
trust/anchor.c | 44 +++++++++++++++++++++++++++++++++-----------
1 file changed, 33 insertions(+), 11 deletions(-)
commit 00dc2340eab9f9504ef78006686802eb8e3542ad
Author: Stef Walter <stef@thewalter.net>
Date: 2013-09-05
trust: More appropriate rv when non-modifiable object deleted
This will change once the spec has a specific attribute and code
to signify deletability.
trust/anchor.c | 1 +
trust/module.c | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
commit 3c7553a1fd47671a98a6d496ac7eeedb1b43df7c
Author: Stef Walter <stef@thewalter.net>
Date: 2013-09-05
anchor: Better failure messages when removing anchors
trust/anchor.c | 29 ++++++++++++++++++++++++++---
1 file changed, 26 insertions(+), 3 deletions(-)
commit 2476ecb35e175a45ba72101ddfa38b2d048323bb
Author: Stef Walter <stef@thewalter.net>
Date: 2013-09-05
messages: Better message for CKR_FUNCTION_REJECTED
p11-kit/messages.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 40631193e4979426f10e5244f477d3c411f8e6c3
Author: Stef Walter <stef@thewalter.net>
Date: 2013-09-04
Release version 0.20.0
NEWS | 3 +++
configure.ac | 2 +-
2 files changed, 4 insertions(+), 1 deletion(-)
commit 11619d1ddb682ad8f42676732e2179fdcd810566
Author: Stef Walter <stef@thewalter.net>
Date: 2013-09-04
Documentation tweaks
doc/manual/p11-kit-config.xml | 2 +-
doc/manual/p11-kit-sections.txt | 2 ++
2 files changed, 3 insertions(+), 1 deletion(-)
commit b4faa7f7e17dea909cd4393d27adbc21b2dea9fb
Author: Stef Walter <stef@thewalter.net>
Date: 2013-08-29
Release version 0.19.4
NEWS | 10 ++++++++++
configure.ac | 2 +-
doc/manual/Makefile.am | 3 +++
trust/Makefile.am | 2 +-
trust/anchor.c | 2 +-
trust/extract.c | 4 ++--
6 files changed, 18 insertions(+), 5 deletions(-)
commit c980eb29619edc28610a03ccb62514683604257c
Author: Stef Walter <stef@thewalter.net>
Date: 2013-08-29
Route 'p11-kit extract-trust' over to trust tool
The actual command is 'trust extract-compat'. Make installed placeholder
script reflect this. We still support the old placeholder script
if it is present.
.gitignore | 1 +
configure.ac | 2 +-
p11-kit/p11-kit.c | 58 +++++++++++-----------
trust/Makefile.am | 3 +-
trust/extract.c | 38 ++++++++++++++
trust/extract.h | 3 ++
...it-extract-trust.in => trust-extract-compat.in} | 10 ++--
trust/trust.c | 1 +
8 files changed, 81 insertions(+), 35 deletions(-)
commit f2beacb7c59b9c4b41b00da993c747fd814882a8
Author: Stef Walter <stef@thewalter.net>
Date: 2013-08-29
trust: Document the new command line trust tool
.gitignore | 1 +
doc/manual/Makefile.am | 4 +
doc/manual/p11-kit-docs.xml | 1 +
doc/manual/p11-kit-trust.xml | 5 +-
doc/manual/p11-kit.xml | 145 +----------------
doc/manual/trust.xml | 368 +++++++++++++++++++++++++++++++++++++++++++
6 files changed, 385 insertions(+), 139 deletions(-)
commit 5c19a0e8f5d07a4defb3239a89c224c5f5f9eef4
Author: Stef Walter <stef@thewalter.net>
Date: 2013-08-28
trust: Add 'trust anchor --remove' command
Also prevent --store from storing an anchor multiple times
trust/anchor.c | 417 ++++++++++++++++++++++++++++++++++++++++++++++++++-------
1 file changed, 365 insertions(+), 52 deletions(-)
commit 2e6d7d3a1e03dc2dbcd98c995bd2d6e5906680d9
Author: Stef Walter <stef@thewalter.net>
Date: 2013-08-28
trust: Add a list command to the trust tool
Lists with PKCS#11 URI's and some basic fields.
trust/Makefile.am | 1 +
trust/list.c | 247 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
trust/list.h | 43 ++++++++++
trust/trust.c | 4 +-
4 files changed, 294 insertions(+), 1 deletion(-)
commit dee46ac0c6287fbd57ec9b57ddeade27933fea05
Author: Stef Walter <stef@thewalter.net>
Date: 2013-08-28
trust: Add support for removing trust token objects
trust/tests/test-token.c | 99 ++++++++++++++++++++++++++++++++++++++++++++++++
trust/token.c | 87 +++++++++++++++++++++++++++++++++++++++++-
2 files changed, 185 insertions(+), 1 deletion(-)
commit b693517966b1cbe5b81e39aeefad7b52b6f10492
Author: Stef Walter <stef@thewalter.net>
Date: 2013-08-28
trust: Refactor enumeration of certificates to extract
Because we want to use this same logic for listing trust
trust/Makefile.am | 2 +-
trust/{extract-info.c => enumerate.c} | 228 ++++++++++++++++++-----
trust/enumerate.h | 103 ++++++++++
trust/extract-cer.c | 18 +-
trust/extract-jks.c | 13 +-
trust/extract-openssl.c | 36 ++--
trust/extract-pem.c | 20 +-
trust/extract.c | 180 ++----------------
trust/extract.h | 84 ++-------
trust/tests/Makefile.am | 14 +-
trust/tests/test-bundle.c | 62 +++---
trust/tests/test-cer.c | 62 +++---
trust/tests/{test-extract.c => test-enumerate.c} | 151 +++++++--------
trust/tests/test-openssl.c | 111 ++++++-----
14 files changed, 541 insertions(+), 543 deletions(-)
commit 714e4a22a82295c41360fbfa6019a31b1e2a0f30
Author: Stef Walter <stef@thewalter.net>
Date: 2013-08-27
trust: Do reload object removals inside a loading block
So that validation/storage logic doesn't kick in if a file was
removed outside of p11-kit trust module.
trust/token.c | 4 ++++
1 file changed, 4 insertions(+)
commit 570403f3421b222167196d380c60eb8430eb4cd7
Author: Stef Walter <stef@thewalter.net>
Date: 2013-08-28
trust: Add index callback for when an object is removed
This allows a token to remove the file if desired
trust/index.c | 25 ++++++++++++
trust/index.h | 5 +++
trust/session.c | 2 +-
trust/tests/test-builder.c | 2 +-
trust/tests/test-index.c | 99 ++++++++++++++++++++++++++++++++++++++++++----
trust/token.c | 1 +
6 files changed, 125 insertions(+), 9 deletions(-)
commit 58466648aa84ea10c20213d4665c5c93dbf285e9
Author: Stef Walter <stef@thewalter.net>
Date: 2013-08-27
trust: Prefer parsing the persist format to PEM
This is because the persist format contains PEM, and if the PEM
parser gets it first, then it'll ignore the other non PEM data.
trust/token.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit 619e81b5ffe0677d1d511ef60b8451434c2a32a0
Author: Stef Walter <stef@thewalter.net>
Date: 2013-08-27
trust: Correctly rewrite other objects in a modifiable persist file
There was a bug where we were rewriting the modified object
multiple times.
trust/tests/test-token.c | 74 ++++++++++++++++++++++++++++++++++++++++++++++++
trust/token.c | 2 +-
2 files changed, 75 insertions(+), 1 deletion(-)
commit 8a9a90e197d67c58898e959358b9a13482732d3d
Author: Stef Walter <stef@thewalter.net>
Date: 2013-08-27
Add p11-kit style typedefs for iter and uri
In general we're slowly migrating towards the lower case style
for stuctures/objects.
p11-kit/iter.h | 1 +
p11-kit/uri.h | 1 +
2 files changed, 2 insertions(+)
commit 1fac2b92d6c53655086a2cc3a653b8e78d92a043
Author: Stef Walter <stef@thewalter.net>
Date: 2013-08-27
iter: Add a p11_kit_iter_destroy_object() function
Handy function since this is a common need.
doc/manual/p11-kit-sections.txt | 1 +
p11-kit/iter.c | 18 ++++++++++++++++++
p11-kit/iter.h | 1 +
p11-kit/tests/test-iter.c | 40 ++++++++++++++++++++++++++++++++++++++++
4 files changed, 60 insertions(+)
commit dec3efbaf4a6550bc45d1b9926e4d66b93306802
Author: Stef Walter <stef@thewalter.net>
Date: 2013-08-27
iter: Add p11_kit_iter_set_uri() function
This is so we can set a filtering uri on the iterator after construction
doc/manual/p11-kit-sections.txt | 3 ++-
p11-kit/iter.c | 41 ++++++++++++++++++++++++++++++++++-------
p11-kit/iter.h | 3 +++
p11-kit/tests/test-iter.c | 28 ++++++++++++++++++++++++++++
4 files changed, 67 insertions(+), 8 deletions(-)
commit c15dca006ca69c26ec083a4f2d4aac76b9f30d52
Author: Stef Walter <stef@thewalter.net>
Date: 2013-08-27
iter: Add p11_kit_iter_get_token() call
To get the already loaded CK_TOKEN_INFO during iteration for the
token that the current object is on.
doc/manual/p11-kit-sections.txt | 1 +
p11-kit/iter.c | 25 +++++++++++++++++++++----
p11-kit/iter.h | 2 ++
p11-kit/tests/test-iter.c | 32 ++++++++++++++++++++++++++++++++
4 files changed, 56 insertions(+), 4 deletions(-)
commit 3f357776c15255710997e61ca305aa5a2ce5cf02
Author: Stef Walter <stef@thewalter.net>
Date: 2013-08-27
iter: Add new P11_KIT_ITER_WANT_WRITABLE iterator behavior
This allows us to try to get a RW session, but if not fallback
to a read-only session.
doc/manual/p11-kit-sections.txt | 1 -
p11-kit/iter.c | 36 ++++++++++++++----------------------
p11-kit/iter.h | 4 +---
p11-kit/tests/test-iter.c | 4 +---
4 files changed, 16 insertions(+), 29 deletions(-)
commit 22220bda09585239533b6a9fef6de51c1ddc2ae6
Author: Stef Walter <stef@thewalter.net>
Date: 2013-08-27
tool: Only include debug lines marked 'tool' when --verbose
Otherwise we get all sorts of overwhelming internal debugging
when someone specifies --verbose argument to a tool.
common/tool.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
commit 7f6fd42ea33e09687487e8981e02080c8a6c7b40
Author: Stef Walter <stef@thewalter.net>
Date: 2013-08-27
debug: Allow debug lines longer than 512 characters
Since fprintf (stderr, ...) already doesn't print atomically, we don't
lose any atomicity here. If we want to print atomically this will need
some further reworking anyway.
common/debug.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
commit 095a385ead70651536d29c7ddab53f42592a3ef5
Author: Stef Walter <stef@thewalter.net>
Date: 2013-08-27
debug: Add missing 'tool' flag to debug flags
common/debug.c | 1 +
1 file changed, 1 insertion(+)
commit e835d0f6eae21e1b6f13b8ad585c179bbf1eb946
Author: Stef Walter <stef@thewalter.net>
Date: 2013-08-27
p11-kit: Rename list.c to lists.c to simplify debugging
p11-kit/Makefile.am | 2 +-
p11-kit/{list.c => lists.c} | 0
2 files changed, 1 insertion(+), 1 deletion(-)
commit cdad5bceee79afbf8b3440b39c72890d2e67448d
Author: Stef Walter <stef@thewalter.net>
Date: 2013-08-26
Avoid multiple stat() calls for same file
As a side effect we can also not use the dirent.d_type field
https://bugs.freedesktop.org/show_bug.cgi?id=68525
common/compat.c | 39 ++++++++++++++++++++++++++++-----------
common/compat.h | 3 +++
common/test.c | 2 +-
configure.ac | 1 -
p11-kit/conf.c | 35 ++++++++++++++++-------------------
p11-kit/conf.h | 3 ++-
p11-kit/tests/test-conf.c | 6 +++---
trust/anchor.c | 2 +-
trust/parser.c | 3 ++-
trust/parser.h | 1 +
trust/save.c | 14 ++------------
trust/tests/frob-cert.c | 2 +-
trust/tests/test-module.c | 4 ++--
trust/tests/test-parser.c | 20 ++++++++++----------
trust/tests/test-token.c | 12 +++++++-----
trust/token.c | 2 +-
16 files changed, 80 insertions(+), 69 deletions(-)
commit e1042e93488f2b38abeea58b65440111df69afdc
Author: Stef Walter <stef@thewalter.net>
Date: 2013-08-26
compat: Check return value of mmap() properly
https://bugs.freedesktop.org/show_bug.cgi?id=68525
common/compat.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 2978f8fb27681e9f40575ae2be26012e8a54fc71
Author: Pascal Ernster <bugs.freedesktop.org@hardfalcon.net>
Date: 2013-08-16
Add --with-module-config parameter to the configure script
https://bugs.freedesktop.org/show_bug.cgi?id=68122
configure.ac | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
commit c777194f0a8d00bcb4e1dc89beebcadf2249ddc0
Author: Stef Walter <stef@thewalter.net>
Date: 2013-08-12
trust: Add test tool for creating BasicConstraints
trust/tests/Makefile.am | 1 +
trust/tests/frob-bc.c | 101 ++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 102 insertions(+)
commit 4b1d38759c8cdc85b9ab9ce3a8a24a0dc28f2aa6
Author: Michael Cronenworth <mike@cchtml.com>
Date: 2013-07-30
test-compat calls test_getauxval which is in a UNIX defined block
MinGW builds fail due to this.
https://bugs.freedesktop.org/show_bug.cgi?id=67518
common/tests/test-compat.c | 2 ++
1 file changed, 2 insertions(+)
commit cdb1a88ba117d92991298445e5db51b6e1f5ce3c
Author: Alon Bar-Lev <alon.barlev@gmail.com>
Date: 2013-07-27
do not assume dead code existence in autoconf checks
when compiler optimize source, it removes dead code so a linkage error
in these cases are not visisble.
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
https://bugs.freedesktop.org/show_bug.cgi?id=67413
configure.ac | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit 68beea0bca786730019df002fa625986a4d65d91
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-23
Release version 0.19.3
NEWS | 6 ++++++
configure.ac | 2 +-
2 files changed, 7 insertions(+), 1 deletion(-)
commit 2e7952e62ef205c67175e3e717526e4375ca8325
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-23
Make tests work on file systems with block size directories
On certain file systems the size of the directory does not
change when adding a file. This caused the tests to fail. Make
the tests wait more than a second in certain tests to get the
mtime to change.
https://bugs.freedesktop.org/show_bug.cgi?id=65249
trust/tests/test-token.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
commit 02a3bbd560bdb56501fea1b46c5583582832b008
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-23
Fix uninitialized variables
trust/anchor.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit 6b457ffc260100e0e3e6b2143b00e34bb419665e
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-23
Don't use _GNU_SOURCE and fix strerror_r usage
glibc declares strerror_r completely different if in POSIX or GNU
mode. Nastiness. Stop using _GNU_SOURCE all together.
common/compat.h | 10 ++++---
common/message.c | 6 +++++
common/test.c | 1 +
common/tests/Makefile.am | 1 +
common/tests/test-message.c | 65 +++++++++++++++++++++++++++++++++++++++++++++
configure.ac | 4 +--
trust/token.c | 2 +-
7 files changed, 83 insertions(+), 6 deletions(-)
commit b14fc0351c4dd71c5ca71df77e325d2b2a4c0583
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-23
Fix various memory leaks exposed by 'make leakcheck'
common/tests/test-path.c | 90 ++++++++++++++++++++++++----------------------
p11-kit/modules.c | 2 ++
trust/asn1.c | 4 ++-
trust/builder.c | 6 ++--
trust/extract-openssl.c | 1 +
trust/index.c | 2 +-
trust/parser.c | 1 +
trust/tests/Makefile.am | 12 +++----
trust/tests/test-asn1.c | 3 +-
trust/tests/test-builder.c | 4 +++
trust/token.c | 10 ++++--
11 files changed, 79 insertions(+), 56 deletions(-)
commit b7cc29a78c3c705374ff25223fe14749ddb076b9
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-23
Use simple serial automake test harness
* Add a testing sanity check to see if we're catching errors
* Fix a few other testing issues
build/Makefile.tests | 2 +-
common/test.c | 2 +-
common/tests/Makefile.am | 1 +
common/tests/test-compat.c | 4 +-
common/tests/test-tests.c | 93 +++++++++++++++++++++++++++++++++++++++++
configure.ac | 2 +-
p11-kit/conf.c | 2 +-
p11-kit/tests/test-deprecated.c | 1 +
p11-kit/tests/test-init.c | 1 +
trust/builder.c | 2 +-
trust/tests/test-builder.c | 12 ++++--
trust/token.c | 3 +-
12 files changed, 113 insertions(+), 12 deletions(-)
commit 4d04cfdf2ac078cc4a95ff9a145f0045e074470b
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-23
Use an automake aux directory for storing litter
build/aux/.empty | 1 +
configure.ac | 3 ++-
2 files changed, 3 insertions(+), 1 deletion(-)
commit 884819d4028faa77d38a99d3f63376b2f4fdfcd4
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-18
doc: Add identifiers to doc sections so gtk-doc doesn't autogen them
doc/manual/p11-kit-config.xml | 2 +-
doc/manual/p11-kit.xml | 12 ++++++------
doc/manual/pkcs11.conf.xml | 6 +++---
3 files changed, 10 insertions(+), 10 deletions(-)
commit 86060d6b17fa3848e60aaff9be7768a761c7c428
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-18
Add appropriate const qualifiers
p11-kit/conf.c | 2 +-
trust/extract-openssl.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
commit 263a83278bd305eb2951907faa3fe08a79fcdeec
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-18
Release version 0.19.2
NEWS | 20 +++++++++++++++++++-
configure.ac | 2 +-
2 files changed, 20 insertions(+), 2 deletions(-)
commit d8532de9570fd7501b8b25ff10ab05392f3a1d42
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-18
Fix extract example in documentation
doc/manual/p11-kit.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 91bbe5ad80a760a58d5eba48f65ddd07fa56a953
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-18
Use $XDG_CONFIG_HOME/pkcs11 as default user config directory
By default this evaluates to ~/.config/pkcs11. This is a somewhat
backwards incompatible change. However so far only advanced users
have been exposed to the user p11-kit configuration.
Distributors are able to revert this if necessary with a
--with-user-config='~/.pkcs11' ./configure option.
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit a1a398ae150cee642efaa03f28e8457c75185d55
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-18
Use getpwuid_r() instead of the non-thread-sofe getpwuid()
common/path.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
commit b03be8429847451ddf25508b3dc3c520e96a2cc3
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-18
Fix p11_kit_space_strlen() result when empty string
https://bugzilla.redhat.com/show_bug.cgi?id=985416
p11-kit/tests/Makefile.am | 1 +
p11-kit/tests/test-util.c | 59 +++++++++++++++++++++++++++++++++++++++++++++++
p11-kit/util.c | 6 ++---
3 files changed, 63 insertions(+), 3 deletions(-)
commit 2a69ff5691e114362564a2ab572cd4b3b20dcc27
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-17
Always pass size_t varargs to p11_hash_xxx() functions
https://bugzilla.redhat.com/show_bug.cgi?id=985421
trust/extract-jks.c | 4 ++--
trust/extract-openssl.c | 2 +-
trust/x509.c | 4 +++-
3 files changed, 6 insertions(+), 4 deletions(-)
commit 1548d82560b242579f5ba216b66bd59ccd0f3fd0
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-17
Don't call memdup with zero length or NULL pointer
https://bugzilla.redhat.com/show_bug.cgi?id=985433
common/attrs.c | 9 +++++++--
p11-kit/pin.c | 2 +-
2 files changed, 8 insertions(+), 3 deletions(-)
commit 29a5df009656dc09be781c4939cec3613a0a12cb
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-17
attrs: Check printf formatting in buffer_append_printf()
https://bugzilla.redhat.com/show_bug.cgi?id=985497
common/attrs.c | 5 +++++
1 file changed, 5 insertions(+)
commit 9a1fe66f08149596567fedb4e2338ae786a19ab9
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-17
Avoid using the non-thread-safe strerror() function
https://bugzilla.redhat.com/show_bug.cgi?id=985481
common/compat.c | 16 ++++
common/compat.h | 8 ++
common/message.c | 26 ++++++
common/message.h | 4 +
common/path.c | 3 +-
configure.ac | 2 +-
p11-kit/conf.c | 6 +-
tools/tests/test.c | 266 +++++++++++++++++++++++++++++++++++++++++++++++++++++
trust/parser.c | 2 +-
trust/save.c | 47 ++++------
trust/token.c | 19 ++--
11 files changed, 348 insertions(+), 51 deletions(-)
commit e403f7b33ac35e961c72ed1b6335bbe3084e4642
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-17
Declare static variables const where it makes sense
https://bugzilla.redhat.com/show_bug.cgi?id=985337
common/path.c | 8 ++++----
p11-kit/conf.c | 4 ++--
p11-kit/uri.c | 4 ++--
trust/builder.c | 38 +++++++++++++++++++-------------------
trust/extract-info.c | 2 +-
trust/extract-openssl.c | 2 +-
trust/module.c | 4 ++--
7 files changed, 31 insertions(+), 31 deletions(-)
commit 52a84b84a924a9f1cd8090b0a47b9f7d00ca69f3
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-17
Support expanding $XDG_CONFIG_HOME in user config paths
If ~/.config is specified as a prefix to a configured path,
then it is expanded to the $XDG_CONFIG_HOME if that exists
Add --with-user-config ./configure option to configure a
different user config directory.
Interpolate the right directories into documentation.
.gitignore | 2 ++
common/path.c | 37 ++++++++++++++++++++++++-------------
common/tests/test-path.c | 6 ++++++
configure.ac | 8 ++++++--
doc/manual/Makefile.am | 17 +++++++++++++++--
doc/manual/p11-kit-config.xml | 18 +++++++++++-------
doc/manual/p11-kit-devel.xml | 10 ++++++++++
doc/manual/p11-kit-trust.xml | 10 +++++++---
doc/manual/pkcs11.conf.xml | 14 +++++++++-----
doc/manual/version.xml.in | 1 -
p11-kit/pkcs11.conf.example.in | 2 +-
11 files changed, 91 insertions(+), 34 deletions(-)
commit 936e4c229a4ed205e9981fc4f31acea063701b69
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-17
Don't load configs from user directory when setuid
When running as setuid() or setgid() don't access the user's home
directory, or use $HOME environment variables.
https://bugzilla.redhat.com/show_bug.cgi?id=985014
common/compat.c | 48 +++++++++++++
common/compat.h | 12 ++++
common/path.c | 5 ++
common/test.c | 99 +++++++++++++++++++++++++++
common/test.h | 9 +++
common/tests/Makefile.am | 5 +-
common/tests/frob-getauxval.c | 63 +++++++++++++++++
common/tests/test-compat.c | 30 ++++++++
configure.ac | 3 +
doc/manual/p11-kit-config.xml | 3 +
doc/manual/pkcs11.conf.xml | 3 +
p11-kit/conf.c | 5 ++
p11-kit/tests/Makefile.am | 1 +
p11-kit/tests/files/system-modules/one.module | 3 +-
p11-kit/tests/files/user-modules/one.module | 3 +-
p11-kit/tests/frob-setuid.c | 95 +++++++++++++++++++++++++
p11-kit/tests/test-conf.c | 39 +++++++++++
17 files changed, 423 insertions(+), 3 deletions(-)
commit 81a6e16539e5e4a27c55194ae095cc4a75d08ade
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-17
tools: Use $TMPDIR instead of $TEMP
TMPDIR is a more standard environment variable for locating the
temp directory on Unix. In addition since this is only used in
tests, remove the code from the generic p11_path_expand() func.
In general remove the possibility for forks to put $HOME or $TEMP
environment variables in configured paths. This was possible
due to code in p11_path_expand() but not something we supported.
https://bugzilla.redhat.com/show_bug.cgi?id=985017
common/path.c | 44 -----------------------------------
common/test.c | 57 ++++++++++++++++++++++++++++++++++++++++++++++
common/test.h | 2 ++
common/tests/test-path.c | 31 +------------------------
trust/tests/test-bundle.c | 4 +---
trust/tests/test-cer.c | 4 +---
trust/tests/test-module.c | 4 +---
trust/tests/test-openssl.c | 4 +---
trust/tests/test-save.c | 4 +---
trust/tests/test-token.c | 9 ++------
trust/tests/test-trust.c | 6 +++++
11 files changed, 73 insertions(+), 96 deletions(-)
commit eb8f5859b1349f8147ba47a1da8032df192f2370
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-17
Fix various issues highlighted by coverity scanner
Among others fix possible usage of large stack allocation.
common/hash.c | 1 +
common/lexer.c | 3 ++-
p11-kit/iter.c | 12 ++++++------
p11-kit/p11-kit.c | 6 ++++++
p11-kit/tests/test-init.c | 3 +++
trust/extract.c | 20 ++++++++++----------
trust/index.c | 18 +++++++++---------
trust/parser.c | 2 +-
trust/tests/frob-nss-trust.c | 1 +
trust/tests/test-index.c | 7 ++++---
10 files changed, 43 insertions(+), 30 deletions(-)
commit ab1caffd9e09fd4d6ab92713de29436db0da6dea
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-16
open files with O_CLOEXEC when possible
This helps prevent leaked file descriptors when the library is
used in a process which exec's.
opendir() already uses O_CLOEXEC on platforms that support O_CLOEXEC
so we don't need to make changes there.
In addition read config files using p11_mmap_open() so that we get
the simple benefits of O_CLOEXEC with the open() call there.
https://bugzilla.redhat.com/show_bug.cgi?id=984986
common/compat.c | 18 ++++++++--
common/compat.h | 4 +++
p11-kit/conf.c | 101 +++++++++++++++-----------------------------------------
p11-kit/pin.c | 2 +-
4 files changed, 46 insertions(+), 79 deletions(-)
commit 9886b39e2ebd2f711b5b0c3ca2e24694a9ffd361
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-16
buffer: Check for unlikely integer overflow
If we see an integer overflow here something has gone horribly wrong
(or malicious code is present). So treat this as unrecoverable, and
fail if we're going to overflow.
https://bugzilla.redhat.com/show_bug.cgi?id=985019
common/buffer.c | 6 ++++++
1 file changed, 6 insertions(+)
commit 0ddd67184b65dfde0e5d05a957f01eeca161e384
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-16
Make preconditions abort unconditionally when scanning with coverity
This reflects that preconditions are invalid/unreachable on a
functioning system and with valid input. We do not try to recover
from such conditions.
In addition teach coverity about how our test suite fails
See http://p11-glue.freedesktop.org/doc/p11-kit/devel-building-style.html
https://bugzilla.redhat.com/show_bug.cgi?id=985005
common/debug.c | 4 ++++
common/test.c | 5 +++++
2 files changed, 9 insertions(+)
commit b2e6bc0ea2b2d2b90f6a159a23a4e676b1f302e4
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-16
iter: Document guarantees for filter matches argumet
The matches argument is always initialized to CK_TRUE when a filter
is called, and it's up to filters to set it to CK_FALSE. Filters
don't need to set to CK_TRUE.
https://bugzilla.redhat.com/show_bug.cgi?id=985009
p11-kit/iter.c | 4 ++++
1 file changed, 4 insertions(+)
commit 3f9da410144fd45ee6250dda28cae49300077e29
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-17
Fixes for some recent win32 regressions
common/path.c | 21 ++++++++++++++++++---
trust/save.c | 22 ++++++++++------------
trust/token.c | 10 +++++++++-
3 files changed, 37 insertions(+), 16 deletions(-)
commit 82738fe7d6143cb25fc1cb201a75b8a071043be8
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-16
Remove erroneous comments about readdir() and thread-safety
https://bugzilla.redhat.com/show_bug.cgi?id=984989
p11-kit/conf.c | 1 -
trust/save.c | 1 -
trust/token.c | 1 -
3 files changed, 3 deletions(-)
commit d00f6b24e5349d8d37868b8f4451b1dc9b38767e
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-10
Build with -fno-common to catch definition problems
Fix some global variables not declared as extern
https://bugs.freedesktop.org/show_bug.cgi?id=66015
configure.ac | 2 +-
p11-kit/virtual.h | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
commit fb039d0c292c3cd339179bdc98a09d4103fb9c5f
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-10
Various documentation tweaks and fixes for warnings
doc/manual/p11-kit-devel.xml | 2 +-
doc/manual/p11-kit-sections.txt | 4 ++++
p11-kit/iter.c | 8 ++++++++
3 files changed, 13 insertions(+), 1 deletion(-)
commit edd04b610c1c83f26ed036569ad95b89a41fc558
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-10
Add support for using freebl3 for SHA1 and MD5 hashing
Since we don't want to link freebl3 to libp11-kit.so where it isn't
needed, move the SHA-1 and MD5 digest functionality to the trust/
directory.
common/hash.c | 502 ----------------------------------
common/hash.h | 20 --
common/tests/test-hash.c | 92 -------
configure.ac | 33 +++
doc/manual/p11-kit-devel.xml | 11 +
trust/Makefile.am | 4 +
trust/builder.c | 16 +-
trust/digest.c | 632 +++++++++++++++++++++++++++++++++++++++++++
trust/digest.h | 60 ++++
trust/extract-jks.c | 14 +-
trust/extract-openssl.c | 10 +-
trust/parser.c | 4 +-
trust/tests/Makefile.am | 9 +-
trust/tests/test-builder.c | 6 +-
trust/tests/test-digest.c | 143 ++++++++++
trust/tests/test-module.c | 10 +-
trust/x509.c | 4 +-
17 files changed, 922 insertions(+), 648 deletions(-)
commit eca5a6e491f5f85ba1f06afcea3177c3442ae557
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-09
trust: Fix the 'p11-kit extract' command
This is supposed to call over to 'trust extract' and wasn't
working correctly.
p11-kit/Makefile.am | 1 +
p11-kit/p11-kit.c | 22 ++++++++++++++++++++--
trust/extract.c | 2 +-
3 files changed, 22 insertions(+), 3 deletions(-)
commit a314ab2aa9dbfcbc8d2d9a84554265e498520a20
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-08
trust: Fix bug with load validation failures
trust/index.c | 5 +++--
trust/tests/test-index.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 53 insertions(+), 2 deletions(-)
commit 3c36c7a68dfefdf75f7239dd7e006e7eb1366620
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-08
trust: Add a basic 'anchor' command to store a new anchor
trust/Makefile.am | 3 +
trust/anchor.c | 300 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
trust/anchor.h | 43 ++++++++
trust/trust.c | 2 +
4 files changed, 348 insertions(+)
commit dcca67d72544e394f43a8c62840692c85d5b5b29
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-08
trust: Fix various issues writing objects in trust token
* Create directory before trying to write files to it
* Handle write failures appropriately
Refactor how we build and store objects in the index to handle
the above cases properly.
trust/builder.c | 152 +++++++++--------------------
trust/builder.h | 5 +-
trust/index.c | 129 ++++++++++++++++++++++--
trust/index.h | 11 ++-
trust/session.c | 2 +-
trust/tests/test-builder.c | 238 ++++++++++++++++++++++++++++++++-------------
trust/tests/test-index.c | 32 +++---
trust/token.c | 166 +++++++++++++++++++++----------
8 files changed, 483 insertions(+), 252 deletions(-)
commit 3318c443b7a3660f0aee80cfa0d5e915d3a21734
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-08
trust: Mark CKA_X_DISTRUSTED as a boolean attribute
trust/persist.c | 1 +
1 file changed, 1 insertion(+)
commit c0a2fe9c974b51e7495d0598a925c07744d895de
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-08
trust: Support token directory paths in user's home directory
trust/module.c | 1 +
trust/token.c | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
commit 2c4f5ed657976d868c33f0ddf430477ee2bf0191
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-08
trust: Explicitly specify which formats parser should parse
trust/parser.c | 69 +++++++++++++++++++++++++++++------------------
trust/parser.h | 18 +++++++++++--
trust/tests/test-module.c | 2 ++
trust/tests/test-parser.c | 10 +++++++
trust/token.c | 2 ++
5 files changed, 73 insertions(+), 28 deletions(-)
commit 03787ae83b1911118a7a689c4817bbce1e74dabd
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-08
trust: Support using the parser without an asn1_cache
trust/asn1.c | 11 ++++++++---
trust/parser.c | 15 +++++++++++----
trust/tests/test-parser.c | 22 ++++++++++++++++++++++
3 files changed, 41 insertions(+), 7 deletions(-)
commit 9f7c426d5a6bfb0e60895a690ed835c47e04cb4e
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-08
asn1: In p11_asn1_read() allocate an extra null terminator
As a courtesy for callers.
trust/asn1.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
commit 09ece36663a3672dfa2db97029cfd5f5360188e8
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-08
common: Fix typo, and don't escape '6' in URL encoding
common/url.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 75e2cb73df51a2688ecd2f4b4e3b490ae7b9f5a7
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-04
p11-kit: Add P11_KIT_MODULE_TRUSTED flag
A new flag to pass to p11_kit_modules_load() and related functions
which limits loaded modules to ones with "trust-policy: yes".
p11-kit/modules.c | 48 +++++++++++++++---------
p11-kit/p11-kit.h | 1 +
p11-kit/tests/files/package-modules/four.module | 3 +-
p11-kit/tests/files/system-modules/one.module | 3 +-
p11-kit/tests/test-modules.c | 50 +++++++++++++++++++++++++
trust/extract.c | 49 ++++++------------------
6 files changed, 98 insertions(+), 56 deletions(-)
commit 7d4941715b5afc2ef8ea18716990d28965737c70
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-04
trust: Port to use CKA_PUBLIC_KEY_INFO and updated trust store spec
* Use the concepts and PKCS#11 objects described in the
recently updated (still work in progress) storing trust spec.
* Define our own CKA_X_PUBLIC_KEY_INFO define for now, since the
the CKA_PUBLIC_KEY_INFO isn't defined yet.
* Most notably, the association between certificates and stapled
extensions is by public key.
* Rework some of the tests to take into account the above.
build/certs/Makefile.am | 19 ++--
common/attrs.c | 1 +
common/constants.c | 1 +
common/pkcs11x.h | 1 +
trust/builder.c | 118 +++++++++++++--------
trust/extract-info.c | 112 ++++++++++++-------
trust/extract-openssl.c | 37 ++++---
trust/parser.c | 109 +++++++++++++------
trust/tests/Makefile.am | 1 +
.../{cacert3-trusted-multiple.pem => multiple.pem} | 53 +++------
trust/tests/files/verisign-v1.pem | 15 +++
trust/tests/frob-eku.c | 1 +
trust/tests/frob-ext.c | 118 +++++++++++++++++++++
trust/tests/test-builder.c | 59 ++++++++---
trust/tests/test-extract.c | 7 +-
trust/tests/test-openssl.c | 33 ++++--
trust/tests/test-parser.c | 30 ++++--
trust/tests/test-trust.h | 62 +++++++++++
18 files changed, 561 insertions(+), 216 deletions(-)
commit 2be55821c1ffab99b91c76c43c91dd95db1c21c7
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-04
trust: Add p11_oid_hash() and various oid strings
trust/oid.c | 13 +++++++++++++
trust/oid.h | 7 +++++++
trust/tests/test-oid.c | 19 ++++++++++++++-----
3 files changed, 34 insertions(+), 5 deletions(-)
commit ec7c2ff2011d774217c1e35d664072d0487853c7
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-04
trust: Add p11_asn1_read() and p11_asn1_free() functions
Some helpers for commonly used ASN.1 related stuff.
trust/asn1.c | 38 ++++++++++++++++++++++++++++++++++++++
trust/asn1.h | 6 ++++++
trust/parser.c | 16 +++-------------
trust/persist.c | 11 ++---------
trust/tests/test-asn1.c | 19 +++++++++++++++++++
trust/x509.c | 42 ++++++------------------------------------
6 files changed, 74 insertions(+), 58 deletions(-)
commit a2165fe35e336fd807af053a21a396b020f90a23
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-03
trust: Initial support for writing out token objects
* The objects are written out in the p11-kit persist format
* Parser marks files in p11-kit persist format as modifiable
trust/Makefile.am | 1 +
trust/module.c | 18 ++--
trust/parser.c | 2 +-
trust/tests/test-module.c | 126 +++++++++++++++++++++++++--
trust/tests/test-parser.c | 1 -
trust/tests/test-token.c | 110 ++++++++++++++++++++++-
trust/tests/test-trust.c | 1 -
trust/token.c | 218 +++++++++++++++++++++++++++++++++++++++++-----
trust/token.h | 5 +-
9 files changed, 443 insertions(+), 39 deletions(-)
commit 269c4c2e82543de273fa9415dec1b9b6e00c51af
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-03
trust: If token path is a file, don't try loading subdirectories
trust/token.c | 23 +++++++++++++++--------
1 file changed, 15 insertions(+), 8 deletions(-)
commit 4bbb7038816d3664c92cb442e3d1ccac8f92f83c
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-03
trust: Correctly handle persisting OIDs with zero length
trust/persist.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
commit 6f212d25c6e03705d58137a2ffa0ccb59bf944ff
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-03
trust: Don't write out internal attributes when persisting
trust/Makefile.am | 1 +
trust/index.h | 16 +---------------
trust/persist.c | 7 +++++++
trust/types.h | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 63 insertions(+), 15 deletions(-)
commit e355c6724c6fb8cd604763ad2518751056512b2b
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-03
trust: Add support for saving files with unique file names
trust/extract-cer.c | 4 +-
trust/extract-jks.c | 2 +-
trust/extract-openssl.c | 52 ++++++++------
trust/extract-pem.c | 8 ++-
trust/save.c | 171 +++++++++++++++++++++++++++++++++------------
trust/save.h | 6 +-
trust/tests/test-openssl.c | 1 -
trust/tests/test-save.c | 168 +++++++++++++++++++++++++++++++++-----------
8 files changed, 298 insertions(+), 114 deletions(-)
commit 81431ffd8cbf55175b1b9a9ed130fc67d0d4000b
Author: Stef Walter <stef@thewalter.net>
Date: 2013-07-03
path: Add p11_path_canon() function
Cleans up a filename with readable characters.
common/path.c | 15 +++++++++++++++
common/path.h | 2 ++
common/tests/test-path.c | 17 +++++++++++++++++
trust/extract-info.c | 11 ++---------
4 files changed, 36 insertions(+), 9 deletions(-)
commit 1c4522e5df79bd197feab8448008fc2bf6b4ea2e
Author: Stef Walter <stef@thewalter.net>
Date: 2013-06-28
trust: Rename p11_index_batch() to p11_index_load()
The name makes it clearer what's going on. This is only used
during loading, so we can track whether a change has resulted
from the trust module or from the file storage.
trust/builder.c | 4 ++--
trust/index.c | 4 ++--
trust/index.h | 4 ++--
trust/tests/test-builder.c | 16 ++++++++--------
trust/tests/test-index.c | 12 ++++++------
trust/token.c | 4 ++--
6 files changed, 22 insertions(+), 22 deletions(-)
commit 17bc43cb82320f2aba4ccb804bd8599232524c6a
Author: Stef Walter <stef@thewalter.net>
Date: 2013-06-28
trust: Implement reloading of token data
* Reload token data whenever a new session is opened.
* Only reload files/directories that have changed.
* Move duplicate anchor/blacklist detection logic into
the extract code. This is in line with the approach
being discussed on the mailing lists and spec document.
* New internal attribute CKA_X_ORIGIN set on all objects
so we can track where an object came from, and replace
it when reloaded.
In general this is a prerequisite for modification of objects
reload before modify is necessary to prevent multiple callers
clobbering each other's changes.
trust/builder.c | 3 +-
trust/extract-info.c | 86 ++++++++----
trust/index.c | 18 ++-
trust/index.h | 6 +
trust/module.c | 5 +-
trust/parser.c | 124 +++--------------
trust/parser.h | 7 +-
trust/tests/test-extract.c | 28 ++--
trust/tests/test-parser.c | 184 +++++--------------------
trust/tests/test-token.c | 255 ++++++++++++++++++++++++++++++----
trust/tests/test-trust.c | 75 ++++++++++
trust/tests/test-trust.h | 28 ++++
trust/token.c | 331 +++++++++++++++++++++++++++++++++++----------
trust/token.h | 3 +
14 files changed, 746 insertions(+), 407 deletions(-)
commit 7bb9ad33da0154c9a4317f0123046eee85738349
Author: Stef Walter <stef@thewalter.net>
Date: 2013-06-28
iter: Add iteration mode where session is not busy
In order to use the session we are iterating on for other tasks
such as other C_FindObject() calls, we need to make sure that
it's not in the middle of a find operation. Finish up the
complete find operation in advance of returning objects from
a session.
Make this the default mode. The previous behavior remains
as an option. Add tests.
p11-kit/iter.c | 59 +++++++++++++++--------
p11-kit/iter.h | 7 ++-
p11-kit/tests/test-iter.c | 111 +++++++++++++++++++++++++++++++++----------
trust/extract-info.c | 8 ++--
trust/extract.c | 2 +-
trust/tests/frob-nss-trust.c | 6 +--
trust/tests/test-bundle.c | 2 +-
trust/tests/test-cer.c | 2 +-
trust/tests/test-extract.c | 2 +-
trust/tests/test-openssl.c | 2 +-
10 files changed, 144 insertions(+), 57 deletions(-)
commit 7eabbee227f09cc4ff9e472520f03bba1e35596b
Author: Stef Walter <stef@thewalter.net>
Date: 2013-06-28
path: Add p11_path_prefix() function
Checks if a wellformed path is identical to or a prefix
of another path.
common/path.c | 17 +++++++++++++++++
common/path.h | 3 +++
common/tests/test-path.c | 13 +++++++++++++
3 files changed, 33 insertions(+)
commit 1e777512e554db76ba2f1aba800ee09a9fa074f0
Author: Stef Walter <stef@thewalter.net>
Date: 2013-06-26
trust: Implement validation for creating/modifying objects
trust/builder.c | 277 ++++++++++++++++++++++++-----
trust/tests/test-builder.c | 427 +++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 661 insertions(+), 43 deletions(-)
commit c807b2432bb954caf89f3092b65ea61a1bc6942e
Author: Stef Walter <stef@thewalter.net>
Date: 2013-06-25
Fix dependency between p11-kit command and library
p11-kit/Makefile.am | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 6daeaa08d0e7c7f49392cd9e419c74b6c8721811
Author: Stef Walter <stef@thewalter.net>
Date: 2013-06-25
Fix running trust module tests under distcheck
trust/tests/test-module.c | 22 ++++++++++++----------
1 file changed, 12 insertions(+), 10 deletions(-)
commit 069c52a10cc4c4c06de8a4d83ddb3755e40be7a4
Author: Stef Walter <stef@thewalter.net>
Date: 2013-06-24
Reorganize various components
* p11-kit library and tool in the p11-kit/ subdirectory
* trust module and new trust tool in trust/ subdirectory
* No more tools/ subdirectory
* Lots less in the common/ subdirectory
.gitignore | 2 +
Makefile.am | 1 -
common/Makefile.am | 31 +--
common/tests/Makefile.am | 32 +--
common/tests/test-lexer.c | 35 +--
{tools => common}/tool.c | 76 +++---
{tools => common}/tool.h | 18 +-
configure.ac | 2 -
doc/manual/Makefile.am | 1 -
gtk-doc.make | 2 +-
p11-kit/Makefile.am | 20 ++
{tools => p11-kit}/list.c | 15 +-
p11-kit/p11-kit.c | 102 ++++++++
tools/Makefile.am | 53 -----
tools/tests/Makefile.am | 84 -------
tools/tests/files/cacert3.der | Bin 1885 -> 0 bytes
tools/tests/files/cacert3.pem | 42 ----
tools/tests/test-tools.c | 216 -----------------
tools/tests/test-tools.h | 260 ---------------------
trust/Makefile.am | 56 ++++-
{common => trust}/asn1.c | 0
{common => trust}/asn1.h | 0
{common => trust}/base64.c | 0
{common => trust}/base64.h | 0
{common => trust}/basic.asn | 0
{common => trust}/basic.asn.h | 0
tools/extract-x509.c => trust/extract-cer.c | 0
{tools => trust}/extract-info.c | 0
{tools => trust}/extract-jks.c | 0
{tools => trust}/extract-openssl.c | 0
{tools => trust}/extract-pem.c | 0
{tools => trust}/extract.c | 4 +-
{tools => trust}/extract.h | 3 +
{common => trust}/oid.c | 0
{common => trust}/oid.h | 0
{common => trust}/openssl.asn | 0
{common => trust}/openssl.asn.h | 0
{common => trust}/pem.c | 0
{common => trust}/pem.h | 0
{common => trust}/pkix.asn | 0
{common => trust}/pkix.asn.h | 0
{tools => trust}/save.c | 0
{tools => trust}/save.h | 0
trust/tests/Makefile.am | 70 +++++-
.../tests/files/cacert3-distrust-all.pem | 0
.../tests/files/cacert3-distrusted-all.pem | 0
.../tests/files/cacert3-not-trusted.pem | 0
.../tests/files/cacert3-trusted-alias.pem | 0
.../tests/files/cacert3-trusted-keyid.pem | 0
.../tests/files/cacert3-trusted-multiple.pem | 0
.../tests/files/cacert3-trusted-server-alias.pem | 0
{tools => trust}/tests/files/cacert3-twice.pem | 0
{tools => trust}/tests/files/empty-file | 0
{tools => trust}/tests/files/simple-string | 0
{common => trust}/tests/frob-cert.c | 0
{common => trust}/tests/frob-eku.c | 0
{common => trust}/tests/frob-ku.c | 0
{common => trust}/tests/frob-oid.c | 0
{common => trust}/tests/test-asn1.c | 0
{common => trust}/tests/test-base64.c | 0
.../tests/test-pem.c => trust/tests/test-bundle.c | 5 +-
tools/tests/test-x509.c => trust/tests/test-cer.c | 5 +-
{tools => trust}/tests/test-extract.c | 5 +-
{common => trust}/tests/test-oid.c | 0
{tools => trust}/tests/test-openssl.c | 5 +-
{common => trust}/tests/test-pem.c | 0
{tools => trust}/tests/test-save.c | 5 +-
trust/tests/test-trust.c | 176 +++++++++++++-
trust/tests/test-trust.h | 74 ++++++
{common => trust}/tests/test-utf8.c | 0
{common => trust}/tests/test-x509.c | 0
trust/trust.c | 64 +++++
{common => trust}/utf8.c | 0
{common => trust}/utf8.h | 0
{common => trust}/x509.c | 0
{common => trust}/x509.h | 0
76 files changed, 638 insertions(+), 826 deletions(-)
commit 5489a1456c5a6f320bd2b3aa849f36f10d538e81
Merge: 1caa880 93f1977
Author: Stef Walter <stef@thewalter.net>
Date: 2013-06-17
Merge branch 'stable'
commit 1caa8801f6d888befb3515d24171bf77a172a93c
Author: Stef Walter <stef@thewalter.net>
Date: 2013-06-14
trust: Writable module PKCS#11 token functions
Although we don't actually write anything out yet, make the
various PKCS#11 functions behave properly when faced with
requests to write to token objects
common/test.c | 14 ++++++--
trust/module.c | 88 ++++++++++++++++++++++++++++++++++++-----------
trust/session.h | 1 +
trust/tests/test-module.c | 38 ++++++++++++++++----
4 files changed, 111 insertions(+), 30 deletions(-)
commit 93f197792150ae2e2e3ffafb903dfab6854915cb
Author: Stef Walter <stef@thewalter.net>
Date: 2013-06-17
trust: Move the extract-trust external placeholder command into trust/
.gitignore | 3 ++-
configure.ac | 2 +-
tools/Makefile.am | 4 ----
trust/Makefile.am | 4 ++++
{tools => trust}/p11-kit-extract-trust.in | 0
5 files changed, 7 insertions(+), 6 deletions(-)
commit 41d2a28b89af41799d01d5973d026712d9174f31
Author: Stef Walter <stef@thewalter.net>
Date: 2013-06-17
trust: Print out usage when extract-trust run incorrectly
Also sorta covers --help and -h usage
tools/p11-kit-extract-trust.in | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
commit e32481727387460d5900d0bbb495d3694facf64b
Author: Stef Walter <stef@thewalter.net>
Date: 2013-06-17
tools: Fix passing args to external commands
There were various bugs passing arguments, with duplicates being
passed, as well as certain arguments being skipped.t
tools/tool.c | 4 ++++
1 file changed, 4 insertions(+)
commit b6e065cda1db37a6c8ed52dac3432468e1277323
Author: Stef Walter <stef@thewalter.net>
Date: 2013-06-17
tools: Only use our private path when looking for external commands
Instead of looking for external commands in the path, just look
for them in our private directory.
We want to be conservative early on, and limit what sorta things
we have to maintain later. We can later remove this restriction
if a real use case presents itself.
tools/tool.c | 11 ++++-------
1 file changed, 4 insertions(+), 7 deletions(-)
commit bfe10cd0660fd81d78c8c5ce3eaa7d1f046859e1
Author: Stef Walter <stef@thewalter.net>
Date: 2013-06-14
trust: Correctly reflect the CK_TOKEN_INFO writability flags
Correctly set the CKF_TOKEN_WRITE_PROTECTED flag for paths
which we will be able to write to.
common/compat.h | 3 ++
trust/module.c | 5 +++-
trust/tests/test-module.c | 57 +++++++++++++++++++++++++++++++++--
trust/tests/test-token.c | 76 +++++++++++++++++++++++++++++++++++++++++++++++
trust/token.c | 47 +++++++++++++++++++++++++++++
trust/token.h | 2 ++
6 files changed, 187 insertions(+), 3 deletions(-)
commit 045df29606ea9853b4fc8bdba062a5e4a7a5be95
Author: Stef Walter <stef@thewalter.net>
Date: 2013-06-14
path: Add p11_path_parent() function
Gets the parent element of the path, removing the last component.
Handles trailing and duplicate path separators correctly.
common/path.c | 36 ++++++++++++++++++++++++++++++++++++
common/path.h | 2 ++
common/tests/test-path.c | 17 +++++++++++++++++
3 files changed, 55 insertions(+)
commit 8c6dd48789bdaf2a3dc800df7ed3416ddc3b7e1f
Author: Stef Walter <stef@thewalter.net>
Date: 2013-06-14
path: Fix expanding of paths and tests
common/path.c | 16 +++++++++++-----
common/tests/test-path.c | 46 ++++++++++++++++++++++++++--------------------
2 files changed, 37 insertions(+), 25 deletions(-)
commit 9e03e9950d78b58a91454b494513d1fc0872dcf2
Author: Stef Walter <stef@thewalter.net>
Date: 2013-06-13
common: Abort test cases when one fails
common/test.c | 2 ++
1 file changed, 2 insertions(+)
commit 125aa8b136fa950172c3946ca4768cf4750b697a
Merge: f48e1a2 49e344c
Author: Stef Walter <stef@thewalter.net>
Date: 2013-06-05
Merge branch 'stable'
commit 49e344cfa48d765ccc83a7313b1ba1c30252b84e
Author: Stef Walter <stef@thewalter.net>
Date: 2013-06-05
Release version 0.18.3
NEWS | 5 +++++
configure.ac | 2 +-
2 files changed, 6 insertions(+), 1 deletion(-)
commit 1b61494bb10866841e52956a2b65b75259f64e3c
Author: Stef Walter <stefw@gnome.org>
Date: 2013-06-05
trust: Fix crash when C_Initialize args are NULL
https://bugs.freedesktop.org/show_bug.cgi?id=65401
trust/module.c | 5 ++++-
trust/tests/test-module.c | 18 ++++++++++++++++++
2 files changed, 22 insertions(+), 1 deletion(-)
commit 3dc38f294af5bbe1939d38ec9b3fcd699f97c8ce
Author: Stef Walter <stefw@gnome.org>
Date: 2013-06-05
trust: Fix reinitialization of trust module
Track number of C_Initialize calls, and require similar number
of C_Finalize calls to finalize.
This fixes leaks/disappearing sessions in the trust module.
https://bugs.freedesktop.org/show_bug.cgi?id=65401
trust/module.c | 25 +++++++++++++---
trust/tests/frob-multi-init.c | 69 +++++++++++++++++++++++++++++++++++++++++++
trust/tests/test-module.c | 49 ++++++++++++++++++++++++++++++
3 files changed, 139 insertions(+), 4 deletions(-)
commit f48e1a2a496604a835d0f9230113218951a1ced2
Author: manphiz@gmail.com <manphiz@gmail.com>
Date: 2013-04-24
Fix uninitialized p11_library_once
https://bugs.freedesktop.org/show_bug.cgi?id=57714
common/library.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 6132376b31f6d8c27fa63b219e7330f4489de6cc
Author: Stef Walter <stefw@gnome.org>
Date: 2013-04-05
Force Mac OS shared library extension to .so
Darwin and libtool seem confused about what shared library
extension they actually use.
https://bugs.freedesktop.org/show_bug.cgi?id=57714
configure.ac | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
commit cf91dc6975424e3ba3971e4496e91036e97419e5
Author: manphiz@gmail.com <manphiz@gmail.com>
Date: 2013-04-24
Fix uninitialized p11_library_once
https://bugs.freedesktop.org/show_bug.cgi?id=57714
common/library.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit f358242f0068b280c1478075617288095dd95adc
Author: Stef Walter <stefw@gnome.org>
Date: 2013-04-05
Force Mac OS shared library extension to .so
Darwin and libtool seem confused about what shared library
extension they actually use.
https://bugs.freedesktop.org/show_bug.cgi?id=57714
configure.ac | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
commit 96771f49dc945800ae28c77ff407753cbb995c7f
Author: Stef Walter <stefw@gnome.org>
Date: 2013-05-21
persist: Support for writing out p11-kit persist files
trust/parser.c | 10 +-
trust/persist.c | 458 +++++++++++++++++++++++++++++++++++++++------
trust/persist.h | 4 +
trust/tests/test-persist.c | 203 +++++++++++++++++---
trust/tests/test-trust.c | 2 +-
5 files changed, 587 insertions(+), 90 deletions(-)
commit daf63f2cf66669b3555f2f15498a0aa2db234b2f
Author: Stef Walter <stefw@gnome.org>
Date: 2013-05-21
constants: Tweaks and add mechanisms
common/constants.c | 428 +++++++++++++++++++++---------------------
common/tests/test-constants.c | 70 +++----
2 files changed, 245 insertions(+), 253 deletions(-)
commit 56fec770071713bf800e7e9f3905973703105ec5
Author: Stef Walter <stefw@gnome.org>
Date: 2013-05-21
pem: Write PEM data directly to a buffer
common/pem.c | 38 +++++++++++++++++---------------------
common/pem.h | 7 +++++--
common/tests/test-pem.c | 21 ++++++++++++---------
tools/extract-openssl.c | 29 +++++++++++++++++------------
tools/extract-pem.c | 32 ++++++++++++++++++++------------
5 files changed, 71 insertions(+), 56 deletions(-)
commit cb8f2e3a04d9365121ffea0d76d8b3d47e2cc1ec
Author: Stef Walter <stefw@gnome.org>
Date: 2013-05-21
url: Encode directly to a buffer
common/tests/test-url.c | 30 ++++++++++++++++++------------
common/url.c | 29 ++++++++++-------------------
common/url.h | 5 +++--
p11-kit/uri.c | 32 +++++++++++++++++++-------------
4 files changed, 50 insertions(+), 46 deletions(-)
commit 4fd057258177f4f14bbe78c2d02d5a65eaf3f3dc
Author: Stef Walter <stefw@gnome.org>
Date: 2013-05-27
Release version 0.19.1
NEWS | 11 +++++++++++
configure.ac | 2 +-
2 files changed, 12 insertions(+), 1 deletion(-)
commit e98522ba9e92be79526eba9daee9f60aa30ad942
Author: Stef Walter <stefw@gnome.org>
Date: 2013-05-21
Mark p11_kit_message() as a stable function
doc/manual/p11-kit-sections.txt | 2 +-
p11-kit/p11-kit.h | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
commit 61a9cfa62972678f1cbbad7f4d1a814e9b7f05e2
Author: Stef Walter <stefw@gnome.org>
Date: 2013-05-21
Fix building of applications using CRYPTOKI_GNU style
p11-kit/p11-kit.h | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
commit 435843812ab7b85f97cfdc32ae9412f78242b950
Author: Stef Walter <stefw@gnome.org>
Date: 2013-05-21
Bump the version for deprecated function documentation
p11-kit/modules.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
commit 30830eb693ac2e89f28bb34459db6837031ca795
Author: Stef Walter <stefw@gnome.org>
Date: 2013-04-09
Fix up Makefile.am files for automake 1.13 warnings
common/tests/Makefile.am | 4 ++--
p11-kit/Makefile.am | 2 +-
p11-kit/tests/Makefile.am | 2 +-
tools/Makefile.am | 2 +-
tools/tests/Makefile.am | 2 +-
trust/Makefile.am | 2 +-
trust/tests/Makefile.am | 2 +-
7 files changed, 8 insertions(+), 8 deletions(-)
commit dcabaf1d56d410ba7ddb3dfbab9011bbbea5e6bc
Author: Stef Walter <stefw@gnome.org>
Date: 2013-04-05
Our own unit testing framework
* Support the TAP protocol
* Much cleaner without having to carry around state
* First class support for setup/teardown
* Port the common tests
* Wait on porting other tests until we've merged outstanding code
build/Makefile.am | 8 -
build/Makefile.tests | 5 +-
build/cutest/CuTest.c | 329 -------
build/cutest/CuTest.h | 111 ---
build/cutest/README.txt | 211 ----
build/cutest/license.txt | 38 -
common/Makefile.am | 5 +-
common/debug.h | 2 +
common/test.c | 261 +++++
common/test.h | 131 +++
common/tests/Makefile.am | 3 +-
common/tests/test-array.c | 101 +-
common/tests/test-asn1.c | 53 +-
common/tests/test-attrs.c | 461 +++++----
common/tests/test-base64.c | 67 +-
common/tests/test-buffer.c | 113 +--
common/tests/test-compat.c | 28 +-
common/tests/test-constants.c | 45 +-
common/tests/test-dict.c | 250 +++--
common/tests/test-hash.c | 74 +-
common/tests/test-lexer.c | 126 ++-
common/tests/test-oid.c | 45 +-
common/tests/test-path.c | 68 +-
common/tests/test-pem.c | 76 +-
common/tests/test-url.c | 93 +-
common/tests/test-utf8.c | 60 +-
common/tests/test-x509.c | 106 +-
p11-kit/tests/Makefile.am | 14 +-
p11-kit/tests/{conf-test.c => test-conf.c} | 252 +++--
p11-kit/tests/test-deprecated.c | 187 ++--
p11-kit/tests/test-init.c | 144 ++-
p11-kit/tests/test-iter.c | 481 +++++-----
p11-kit/tests/test-log.c | 41 +-
p11-kit/tests/test-managed.c | 97 +-
p11-kit/tests/test-mock.c | 1012 ++++++++++----------
p11-kit/tests/test-modules.c | 157 ++-
p11-kit/tests/{pin-test.c => test-pin.c} | 104 +-
p11-kit/tests/{progname-test.c => test-progname.c} | 34 +-
p11-kit/tests/test-proxy.c | 75 +-
p11-kit/tests/{uri-test.c => test-uri.c} | 633 ++++++------
p11-kit/tests/test-virtual.c | 70 +-
tools/tests/Makefile.am | 6 +-
tools/tests/test-extract.c | 221 ++---
tools/tests/test-openssl.c | 186 ++--
tools/tests/test-pem.c | 96 +-
tools/tests/test-save.c | 329 +++----
tools/tests/{test.c => test-tools.c} | 65 +-
tools/tests/{test.h => test-tools.h} | 34 +-
tools/tests/test-x509.c | 102 +-
trust/tests/Makefile.am | 5 +-
trust/tests/test-builder.c | 446 +++------
trust/tests/test-index.c | 395 ++++----
trust/tests/test-module.c | 470 ++++-----
trust/tests/test-parser.c | 219 ++---
trust/tests/test-persist.c | 155 ++-
trust/tests/test-token.c | 93 +-
trust/tests/{test-data.c => test-trust.c} | 56 +-
trust/tests/{test-data.h => test-trust.h} | 40 +-
58 files changed, 3901 insertions(+), 5188 deletions(-)
commit 7fd6d89d92b6f1b543bf2aa4b2e578201dad7147
Author: Stef Walter <stefw@gnome.org>
Date: 2013-04-06
Further reorganization of the core module tracking
* Keep the module ownership apart from the tracking of module
function pointers, since these are only relevant for unmanaged
modules.
* Less assumptions that each module has a raw unmanaged module
function pointer.
* More clarity in the naming of dictionaries tracking the modules.
p11-kit/modules.c | 349 +++++++++++++++++++++++++-----------------------------
1 file changed, 161 insertions(+), 188 deletions(-)
commit eb88be6c0b7ea39a74cd2aa8af33371de4aeb74c
Author: Stef Walter <stefw@gnome.org>
Date: 2013-04-07
Pull the argv parsing code into its own file
So it can be used from multiple code paths
common/Makefile.am | 1 +
common/argv.c | 115 +++++++++++++++++++++++++++++++++++++++++++++++++++++
common/argv.h | 44 ++++++++++++++++++++
trust/module.c | 78 ++----------------------------------
4 files changed, 164 insertions(+), 74 deletions(-)
commit 7b848defc704cc1fbb47a16b23727583c14b804d
Author: Stef Walter <stefw@gnome.org>
Date: 2013-04-06
Support /xxx/yyy as an absolute path with Win32
Because win32 code doesn't just run on windows, wine runs
with unix style paths.
common/path.c | 8 ++++----
common/tests/test-path.c | 2 +-
2 files changed, 5 insertions(+), 5 deletions(-)
commit 10d26767fa39f43b0aabb82d73ed88b2c2522397
Author: Stef Walter <stefw@gnome.org>
Date: 2013-05-21
Bump the version number to unstable
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit b73f4ef126bdead47262e29e47d159a89984d65f
Author: Stef Walter <stefw@gnome.org>
Date: 2013-02-19
Add the log-calls module config option
If 'log-calls = yes' is set then all the PKCS#11 modules are logged
to stderr.
common/attrs.c | 22 +-
common/attrs.h | 9 +
common/constants.c | 350 ++++++-
common/constants.h | 8 +
common/tests/test-constants.c | 18 +-
doc/manual/Makefile.am | 1 +
doc/manual/p11-kit-sharing.xml | 5 +
doc/manual/pkcs11.conf.xml | 19 +
p11-kit/Makefile.am | 1 +
p11-kit/log.c | 2022 ++++++++++++++++++++++++++++++++++++++++
p11-kit/log.h | 53 ++
p11-kit/modules.c | 44 +-
p11-kit/tests/Makefile.am | 1 +
p11-kit/tests/test-log.c | 125 +++
p11-kit/tests/test-mock.c | 4 +-
15 files changed, 2646 insertions(+), 36 deletions(-)
commit a14ff781ebf231daa99990fd65c2312f26db93a8
Author: Stef Walter <stefw@gnome.org>
Date: 2013-02-19
Manage C_CloseAllSessions function for multiple callers
Make C_CloseAllSessions work for different callers. Track the sessions
that each caller opens and close just those when C_CloseAllSessiosn is
called.
common/mock.c | 2 +-
doc/manual/p11-kit-sharing.xml | 6 ++
p11-kit/modules.c | 202 ++++++++++++++++++++++++++++++++++++++++-
p11-kit/tests/test-init.c | 9 +-
p11-kit/tests/test-managed.c | 64 ++++++++++++-
5 files changed, 275 insertions(+), 8 deletions(-)
commit 0cb1132469c1e13be64f85cd6566e6617bfe32cc
Author: Stef Walter <stefw@gnome.org>
Date: 2013-02-15
Update the proxy module to use managed PKCS#11 modules
Each time C_GetFunctionList is called on the proxy module, a new
managed PKCS#11 set of functions is returned. These are all cleaned
up when the module is unloaded.
We want the proxy module to continue to work even without the highly
recommended libffi. For that reason we still keep the old behavior of
sharing state in the proxy module.
common/mock.c | 9 -
common/mock.h | 11 +
doc/manual/Makefile.am | 1 +
p11-kit/Makefile.am | 2 +-
p11-kit/modules.c | 5 +-
p11-kit/private.h | 4 -
p11-kit/proxy.c | 1465 +++++++++++++++++++++++++++++++++++++-------
p11-kit/proxy.h | 45 ++
p11-kit/tests/test-mock.c | 26 +-
p11-kit/tests/test-proxy.c | 116 +++-
p11-kit/util.c | 3 +
11 files changed, 1422 insertions(+), 265 deletions(-)
commit 5c19f0cf66495f00ccf69eba1d0915f862a88c8d
Author: Stef Walter <stefw@gnome.org>
Date: 2013-02-06
p11-kit: Managed PKCS#11 module loading
Support a new managed style module loading for PKCS#11 modules. This
allows us to better coordinate between multiple callers of the same
PKCS#11 modules and provide hooks into their behavior.
This meant redoing the public facing API. The old methods are now
deprecated, marked and documented as such.
common/compat.c | 6 +
common/compat.h | 4 +-
common/mock.c | 63 +-
common/mock.h | 6 +-
doc/manual/Makefile.am | 2 +
doc/manual/p11-kit-docs.xml | 2 +
doc/manual/p11-kit-proxy.xml | 29 +
doc/manual/p11-kit-sections.txt | 39 +-
doc/manual/p11-kit-sharing.xml | 94 +-
doc/manual/pkcs11.conf.xml | 24 +
gtk-doc.make | 2 +-
p11-kit/Makefile.am | 7 +-
p11-kit/deprecated.h | 97 ++
p11-kit/docs.h | 38 +
p11-kit/modules.c | 1498 ++++++++++++++++++++----
p11-kit/modules.h | 51 +
p11-kit/p11-kit.h | 63 +-
p11-kit/private.h | 6 -
p11-kit/proxy.c | 231 ++--
p11-kit/tests/Makefile.am | 10 +-
p11-kit/tests/files/system-pkcs11.conf | 5 +-
p11-kit/tests/files/user-modules/one.module | 3 +-
p11-kit/tests/test-deprecated.c | 521 +++++++++
p11-kit/tests/test-init.c | 176 ++-
p11-kit/tests/test-iter.c | 72 +-
p11-kit/tests/test-managed.c | 168 +++
p11-kit/tests/test-mock.c | 1687 +++++++++++++++++++++++++++
p11-kit/tests/test-modules.c | 124 +-
p11-kit/tests/test-proxy.c | 94 ++
tools/extract.c | 15 +-
tools/list.c | 16 +-
tools/tests/test-extract.c | 7 +-
tools/tests/test-openssl.c | 9 +-
tools/tests/test-pem.c | 9 +-
tools/tests/test-x509.c | 9 +-
trust/tests/frob-nss-trust.c | 25 +-
36 files changed, 4660 insertions(+), 552 deletions(-)
commit ff853bd7902e271256cada4a1b20a3d46b519b69
Author: Stef Walter <stefw@gnome.org>
Date: 2013-01-10
Use libffi to implement mixins for managed code
* This allows us to call into subclassed PKCS#11 modules as if
they were plain old PKCS#11 modules
* libffi is an optional dependency
configure.ac | 31 +
doc/manual/Makefile.am | 5 +-
doc/manual/p11-kit-devel.xml | 3 +
p11-kit/Makefile.am | 7 +-
p11-kit/tests/Makefile.am | 7 +
p11-kit/tests/test-virtual.c | 183 +++
p11-kit/virtual.c | 2964 ++++++++++++++++++++++++++++++++++++++++++
p11-kit/virtual.h | 68 +
8 files changed, 3265 insertions(+), 3 deletions(-)
commit a7af75a31010109529a9edddc825538884f326ca
Author: Stef Walter <stefw@gnome.org>
Date: 2013-02-14
Add subclassable CK_X_FUNCTION_LIST
One of the flaws in PKCS#11 for our usage is that each PKCS#11 module
is not passed the pointer to the function list, ie: the vtable
Here we define a new function list vtable, where each PKCS#11 function
takes the vtable itself as the first argument. We use this new
list internally to represent subclassable PKCS#11 modules for
various features.
common/mock.c | 757 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-
common/mock.h | 370 ++++++++++++++++++++++++++-
common/pkcs11x.h | 438 ++++++++++++++++++++++++++++++++
3 files changed, 1561 insertions(+), 4 deletions(-)
commit 06a84bafc7c5f0ac92883e9219a7c00f456df39c
Author: Stef Walter <stefw@gnome.org>
Date: 2013-05-15
Fail early when running automaint.sh
automaint.sh | 2 ++
1 file changed, 2 insertions(+)
commit de8b99e2f04f94313a7748adedf7535603013951
Author: Stef Walter <stefw@gnome.org>
Date: 2013-05-15
Implement valgrind's hellgrind checks for threading problems
And cleanup our locks/locking model. There's no need to use
recursive locks, especially since we can't use them on all
platforms. In addition adjust taking of locks during initialization
so that there's no chance of deadlocking here.
automaint.sh | 2 +-
build/Makefile.decl | 5 +++++
build/Makefile.tests | 5 +++++
common/compat.c | 2 +-
p11-kit/modules.c | 2 +-
5 files changed, 13 insertions(+), 3 deletions(-)
commit 4bd7eda265b94dfcb9a1db4aba756e1e05dd4f87
Author: Stef Walter <stefw@gnome.org>
Date: 2013-05-14
Release version 0.18.2
NEWS | 3 +++
configure.ac | 2 +-
2 files changed, 4 insertions(+), 1 deletion(-)
commit c6793097e6f0d82cfca07aaeb55c7e9b742d2fdf
Author: manphiz@gmail.com <manphiz@gmail.com>
Date: 2013-05-09
Patch to make test-lexer depend on ASN.1
https://bugs.freedesktop.org/show_bug.cgi?id=64378
common/tests/Makefile.am | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit e72df3c2546a79f51e7c203bc5735494d45c5c26
Author: Stef Walter <stefw@redhat.com>
Date: 2013-05-03
Reduce libtasn1 dependency to 2.3
* This passes all checks and is compatible
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 32e26b5c1852fd7b0261929e3a9b39c473621fd2
Author: Stef Walter <stefw@gnome.org>
Date: 2013-04-15
Release version 0.18.1
NEWS | 4 ++++
configure.ac | 2 +-
2 files changed, 5 insertions(+), 1 deletion(-)
commit d4392aef7fa3a3b2c308ad3d05c691569361ee49
Author: Stef Walter <stefw@gnome.org>
Date: 2013-04-04
doc: Use gtk-doc in the no-tmpl flavor
doc/manual/Makefile.am | 6 ++++++
gtk-doc.make | 39 +++++++++------------------------------
2 files changed, 15 insertions(+), 30 deletions(-)
commit 153dc7a750a11d7940f4e4e6e718939d23ee4541
Author: Stef Walter <stefw@gnome.org>
Date: 2013-04-04
manual: Use a consistent docbook version
doc/manual/p11-kit-config.xml | 5 +++--
doc/manual/p11-kit-devel.xml | 5 +++--
doc/manual/p11-kit-sharing.xml | 5 +++--
doc/manual/p11-kit-trust.xml | 5 +++--
doc/manual/p11-kit.xml | 4 ++--
doc/manual/pkcs11.conf.xml | 4 ++--
6 files changed, 16 insertions(+), 12 deletions(-)
commit 3e5916530b995bda1a5deea7ecf9c185a402d463
Author: Stef Walter <stefw@gnome.org>
Date: 2013-04-04
Put the external tools in $libdir/p11-kit
These are possibly architecture specific binaries, so they should be
in $libdir/p11-kit and not in $datadir/p11-kit
configure.ac | 3 +++
tools/Makefile.am | 4 ++--
tools/tool.c | 2 +-
3 files changed, 6 insertions(+), 3 deletions(-)
commit 941ff24161e040fca7382e3f98b0c1b51da21dac
Author: Stef Walter <stefw@gnome.org>
Date: 2013-04-04
Release version 0.18.0
NEWS | 8 ++++++++
configure.ac | 2 +-
2 files changed, 9 insertions(+), 1 deletion(-)
commit 32b0b448d0ac4f1fa5f9143f0c4385066a9b4a76
Author: Stef Walter <stefw@gnome.org>
Date: 2013-04-04
Fix off by one in date parsing code
We didn't treat the two digit year 00 as a valid year, whereas it
actually represents the year 2000. This is in a non-critical code path.
trust/builder.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit d6e0982658acb231333ebfbfb7efff8b762231d0
Author: Stef Walter <stefw@gnome.org>
Date: 2013-04-04
Don't print erroneous debug messages when skipping files
The parser automatically skips over files that it cannot parse. Don't
print confusing debug messages about DER parse failures when it does so.
common/asn1.c | 12 ++++++------
trust/parser.c | 8 +++++---
2 files changed, 11 insertions(+), 9 deletions(-)
commit 032fbd8806333bdaf0201cfd9d7bcaac8ec75184
Author: Stef Walter <stefw@gnome.org>
Date: 2013-04-02
Update to MurmurHash3
This should also fix problems with accessing memory in a non-aligned
fashion on platforms where this causes problems.
https://bugs.freedesktop.org/show_bug.cgi?id=62819
common/attrs.c | 2 +-
common/dict.c | 2 +-
common/hash.c | 149 +++++++++++++++++++++++++----------------------
common/hash.h | 4 +-
common/tests/test-hash.c | 18 +++---
5 files changed, 91 insertions(+), 84 deletions(-)
commit 8c69e467527c5ee484c9a921e9b5fd18c0c49b12
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-29
Don't respect timezones for CKA_START_DATE or CKA_END_DATE
The PKCS#11 specification does not note what timezone these dates
are in. In addition the time values are not represented in PKCS#11.
So don't reinterpret certificate dates, other than filling in the
century for dates that have a two digit year.
Lastly, these are low resolution optional fields so not being all
strict about timezones here is appropriate.
https://bugs.freedesktop.org/show_bug.cgi?id=62825
common/asn1.c | 332 ---------------------------------------------
common/asn1.h | 6 -
trust/builder.c | 100 +++++++++++---
trust/tests/test-builder.c | 14 +-
4 files changed, 81 insertions(+), 371 deletions(-)
commit 91aa0f9623e232fa253308c4f7464dab8902dfea
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-29
trust: Fix logic for matching invalid NSS serial numbers
Sometimes NSS queries for trust objects using invalid serial numbers
that do not have their DER decoding. We fixed this earlier, but want
to make sure there are no corner cases, accidentally not matching
serial numbers that happen to start with the same bytes as a DER
TLV would.
trust/module.c | 120 ++++++++++++++++++++++++++++------------------
trust/tests/test-module.c | 107 +++++++++++++++++++++++++++++++++++++++++
2 files changed, 180 insertions(+), 47 deletions(-)
commit a63311a0f3f2669138d09ff8f618fd4d12fa0c3d
Author: Stef Walter <stefw@redhat.com>
Date: 2013-04-03
More compatible path munging and handling code
Centralize the path handling code, so we can remove unixy assumptions
and have a chance of running on Windows. The current goal is to run
all the tests on Windows.
Includes some code from LRN <lrn1986@gmail.com>
https://bugs.freedesktop.org/show_bug.cgi?id=63062
common/Makefile.am | 1 +
common/compat.c | 34 ------
common/compat.h | 9 +-
common/path.c | 258 +++++++++++++++++++++++++++++++++++++++++++++
common/path.h | 62 +++++++++++
common/tests/Makefile.am | 1 +
common/tests/test-compat.c | 32 ------
common/tests/test-path.c | 202 +++++++++++++++++++++++++++++++++++
p11-kit/conf.c | 60 +----------
p11-kit/modules.c | 38 +------
tools/tests/test-openssl.c | 3 +-
tools/tests/test-pem.c | 3 +-
tools/tests/test-save.c | 3 +-
tools/tests/test-x509.c | 3 +-
tools/tool.c | 3 +-
trust/module.c | 5 +-
trust/parser.c | 3 +-
trust/tests/test-module.c | 10 +-
trust/token.c | 3 +-
19 files changed, 558 insertions(+), 175 deletions(-)
commit c3f1b0a45eb1c28b6f025f8ae56c3b020801b6aa
Author: Stef Walter <stefw@gnome.org>
Date: 2013-04-03
Don't use free() on memory allocated by LocalFree()
ihttps://bugs.freedesktop.org/show_bug.cgi?id=63046
common/library.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit fcc3a83cc4d540bc2c4096524b5e8003046ba561
Author: Stef Walter <stefw@gnome.org>
Date: 2013-04-02
Separate library init from message code
Put library init/uninit code its into their own statically
linked library so that they don't get linked into the p11-kit
executable.
Refactor the message code so that the library initialization can
plug in its per thread message buffer.
https://bugs.freedesktop.org/show_bug.cgi?id=63046
common/Makefile.am | 15 ++---
common/lexer.c | 2 +-
common/library.c | 85 +++++---------------------
common/library.h | 14 -----
common/message.c | 140 +++++++++++++++++++++++++++++++++++++++++++
common/message.h | 62 +++++++++++++++++++
common/mock.c | 2 +-
common/tests/Makefile.am | 3 +-
common/tests/test-base64.c | 5 +-
common/tests/test-lexer.c | 3 +-
common/tests/test-url.c | 5 +-
p11-kit/Makefile.am | 2 +-
p11-kit/conf.c | 2 +-
p11-kit/modules.c | 1 +
p11-kit/pin.c | 1 +
p11-kit/proxy.c | 1 +
p11-kit/tests/Makefile.am | 6 +-
p11-kit/tests/conf-test.c | 31 +++++-----
p11-kit/tests/test-iter.c | 1 +
p11-kit/tests/test-modules.c | 1 +
p11-kit/tests/uri-test.c | 5 +-
p11-kit/uri.c | 2 +-
p11-kit/util.c | 1 +
tools/Makefile.am | 3 +-
tools/extract-info.c | 2 +-
tools/extract-jks.c | 2 +-
tools/extract-openssl.c | 2 +-
tools/extract-pem.c | 2 +-
tools/extract-x509.c | 2 +-
tools/extract.c | 2 +-
tools/list.c | 2 +-
tools/save.c | 2 +-
tools/tests/Makefile.am | 3 +-
tools/tests/test-extract.c | 3 +-
tools/tests/test-openssl.c | 3 +-
tools/tests/test-pem.c | 3 +-
tools/tests/test-save.c | 5 +-
tools/tests/test-x509.c | 3 +-
tools/tool.c | 2 +-
trust/Makefile.am | 2 +-
trust/builder.c | 2 +-
trust/module.c | 1 +
trust/parser.c | 2 +-
trust/session.c | 2 +-
trust/tests/Makefile.am | 5 +-
trust/tests/test-builder.c | 3 +-
trust/tests/test-index.c | 3 +-
trust/tests/test-module.c | 2 -
trust/tests/test-parser.c | 3 +-
trust/tests/test-persist.c | 3 +-
trust/tests/test-token.c | 3 +-
trust/token.c | 2 +-
52 files changed, 294 insertions(+), 170 deletions(-)
commit ae7dd1be6d431f25b101bc7e2b3fa373a8cbb47b
Author: Stef Walter <stefw@gnome.org>
Date: 2013-04-02
Don't use library locks from p11-kit tool
The global library p11_library_mutex is for libraries to use, so don't
use it from any code in common/, which is also used by the p11-kit tool
https://bugs.freedesktop.org/show_bug.cgi?id=63046
common/library.c | 4 ----
p11-kit/util.c | 4 ++++
2 files changed, 4 insertions(+), 4 deletions(-)
commit 2e8f586cd5a0c4cf2471c085e9e0e4fdcc04d996
Author: Stef Walter <stefw@gnome.org>
Date: 2013-04-03
Add new script for setting up p11-kit for a maintainer
Add win32 cross build, and build out of tree
.gitignore | 6 ++++++
automaint.sh | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 56 insertions(+)
commit b7ccd06e1f969a6b86285360234582fe01d3aeaf
Author: Stef Walter <stefw@gnome.org>
Date: 2013-04-03
Fix build on Win32
Don't reference an undefined macro
https://bugs.freedesktop.org/show_bug.cgi?id=63046
tools/tests/test.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit bd6e31c485cd84746f474a64a63c15a7ea87d650
Author: Stef Walter <stefw@gnome.org>
Date: 2013-04-03
Fix documentation so it builds out of tree
doc/manual/Makefile.am | 7 +-
doc/manual/{p11-kit-docs.sgml => p11-kit-docs.xml} | 0
gtk-doc.make | 189 +++++++++++++--------
3 files changed, 123 insertions(+), 73 deletions(-)
commit e67c0e4465607560e0f6af9e9b0395a9ee78adbc
Author: Stef Walter <stefw@gnome.org>
Date: 2013-04-02
Fix build with automake 1.13
Also remove some generated files from the po/ directory.
.gitignore | 5 +
common/tests/Makefile.am | 4 +-
p11-kit/tests/Makefile.am | 2 +-
po/Makefile.in.in | 444 ----------------------------------------------
po/Rules-quot | 47 -----
tools/tests/Makefile.am | 2 +-
trust/tests/Makefile.am | 2 +-
7 files changed, 10 insertions(+), 496 deletions(-)
commit c3c18a1ea9cd84ee35783809c059d1b9c80c5cbe
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-29
Use CKA_X_CERTIFICATE_VALUE for trust assertions
These don't contain the CKA_VALUE attribute for certificate data
but rather the CKA_X_CERTIFICATE_VALUE attribute.
https://bugs.freedesktop.org/show_bug.cgi?id=62896
trust/builder.c | 15 ++++++++++-----
trust/tests/test-builder.c | 6 +++---
2 files changed, 13 insertions(+), 8 deletions(-)
commit 4560373c254473990306c13178b959ccc5d338e4
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-28
Don't complain when applications call C_Logout or C_Login
Some callers erroneously call our C_Logout function, like NSS.
So return appropriate error codes in these cases.
https://bugs.freedesktop.org/show_bug.cgi?id=62874
trust/module.c | 32 ++++++++++++++++++++++++++++++--
trust/tests/test-module.c | 23 +++++++++++++++++++++++
2 files changed, 53 insertions(+), 2 deletions(-)
commit 10d8e6d1836701e311d2b55e116909198932915b
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-28
Release version 0.17.5
NEWS | 4 ++++
configure.ac | 2 +-
2 files changed, 5 insertions(+), 1 deletion(-)
commit 87a0afed5db7e916a6ad6715e14996b2e25641d7
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-27
Don't try to guess at overflowing time values on 32-bit systems
Since CKA_START_DATE and CKA_END_DATE are the only places
where we want to parse out times, and these are optional, just
leave blank if the time overflows what libc can handle on
a 32-bit system.
https://bugs.freedesktop.org/show_bug.cgi?id=62825
build/certs/Makefile.am | 3 ++
build/certs/distant-end-date.der | Bin 0 -> 366 bytes
common/asn1.c | 6 ++--
trust/builder.c | 5 +--
trust/tests/test-builder.c | 71 +++++++++++++++++++++++++++++++++++++++
5 files changed, 80 insertions(+), 5 deletions(-)
commit b0e44f8e1e589726c95506da5121e95a54269fd7
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-25
Fix testing of murmur hash on bigendian systems
The murmur hash produces different output depending on the architecture
https://bugzilla.redhat.com/show_bug.cgi?id=927394
common/tests/test-hash.c | 60 +++++++++++++++++++-----------------------------
1 file changed, 23 insertions(+), 37 deletions(-)
commit 3f74a3b32ce42cc7e38bdbf8349f976000c3af4c
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-20
Release 0.17.4
NEWS | 4 ++++
configure.ac | 2 +-
2 files changed, 5 insertions(+), 1 deletion(-)
commit 4b09d2b4d3958b58b020c1ae21fcd932e1eb6c37
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-20
Fix memory leaks reported by 'make leakcheck'
common/mock.c | 4 +++-
common/pem.c | 1 +
common/tests/test-hash.c | 2 ++
common/tests/test-utf8.c | 4 ++++
common/tests/test-x509.c | 1 +
p11-kit/iter.c | 3 +++
p11-kit/tests/pin-test.c | 1 -
p11-kit/tests/test-iter.c | 1 +
p11-kit/tests/test-modules.c | 2 ++
p11-kit/uri.c | 5 +----
tools/extract-openssl.c | 3 ---
tools/tests/test-openssl.c | 7 ++++++
tools/tests/test-pem.c | 6 +++---
tools/tests/test-save.c | 2 ++
tools/tests/test-x509.c | 3 +++
trust/builder.c | 2 ++
trust/index.c | 7 +++---
trust/module.c | 5 +++--
trust/session.c | 1 +
trust/tests/test-builder.c | 51 +++++++++++++++++++++++++++++++++++---------
trust/tests/test-index.c | 5 +++++
trust/tests/test-module.c | 2 ++
22 files changed, 91 insertions(+), 27 deletions(-)
commit 57d8f36a6cfbde5a9a783f11f2b75f19005c23e1
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-20
Fix invalid memory accesses reported by 'make memcheck'
These are things that showed up in valgrind while running the tests.
common/compat.c | 11 ++++-------
common/tests/test-compat.c | 16 ++++++++++++++++
common/tests/test-hash.c | 22 +++++++++++-----------
trust/index.c | 2 +-
trust/tests/test-index.c | 2 ++
5 files changed, 34 insertions(+), 19 deletions(-)
commit 9cf89e4b43e5e018bb3103be1873a3993769ce4a
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-20
Add a bit of infrastructure for running valgrind
* make memcheck: Runs basic memory checking
* make leakcheck: Also runs leak checking
Makefile.am | 2 ++
build/Makefile.am | 4 ++++
build/Makefile.decl | 11 +++++++++++
build/Makefile.tests | 11 +++++++++++
common/Makefile.am | 3 ++-
common/tests/Makefile.am | 2 --
doc/Makefile.am | 4 ++++
doc/manual/p11-kit-devel.xml | 4 ++++
p11-kit/Makefile.am | 3 ++-
tools/Makefile.am | 3 ++-
tools/tests/Makefile.am | 4 ++--
trust/Makefile.am | 3 ++-
trust/tests/Makefile.am | 2 --
13 files changed, 46 insertions(+), 10 deletions(-)
commit 0ecabc858dd6c1c2055f53202a01251e2ad7d2c2
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-20
trust: Predictable behavior with duplicate certificates in token
If duplicate certificates are present in a token, we warn about this,
and don't really recommend it. However we have predictable behavior
where blacklist is prefered to anchor is preferred to unknown trust.
https://bugs.freedesktop.org/show_bug.cgi?id=62548
trust/parser.c | 94 +++++++++++++++++++++++++++++++++-
trust/tests/test-parser.c | 127 ++++++++++++++++++++++++++++++++++++++++++++++
trust/token.c | 19 ++-----
3 files changed, 224 insertions(+), 16 deletions(-)
commit e075585ef1cffc988894b4efbf3d14d5e55dcdcc
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-20
trust: Rework index to be faster and more usable
The index now uses a sort of cross between a hash table and a bloom
filter internally to select matching items. This is needed for the
massive amount of lookups we want to do during loading.
In addition make p11_index_find() and p11_index_replace() easier
to use.
trust/builder.c | 14 +-
trust/index.c | 439 ++++++++++++++++++++++++++++++++-------------
trust/index.h | 15 +-
trust/tests/Makefile.am | 3 +-
trust/tests/frob-pow.c | 57 ++++++
trust/tests/test-builder.c | 44 ++---
trust/tests/test-index.c | 36 ++--
trust/tests/test-parser.c | 6 +-
trust/tests/test-token.c | 2 +-
9 files changed, 437 insertions(+), 179 deletions(-)
commit fc562261c6bbb35dfed585a78fdec9a408b981c7
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-20
attrs: Print out the CKA_VALUE for certificates when debugging
While it's true that we shouldn't be pritning out CKA_VALUE in
certain cases, like for keys, we obviously can do so for certificates.
We don't have keys anyway, but in the interest of being general
purpose use the class to determine whether CKA_VALUE can be printed
common/attrs.c | 49 ++++++++++++++++++++++++++++++++++++++---------
common/attrs.h | 14 ++++++++++----
common/tests/test-attrs.c | 2 +-
trust/tests/test-data.c | 15 ++++++++++-----
trust/tests/test-data.h | 3 ++-
5 files changed, 63 insertions(+), 20 deletions(-)
commit f45942a4fc3e1c5219e9b5201b82203337ee7280
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-20
hash: Add the murmur2 hash and start using it
Add implementation of the murmur2 hash function, and start using
it for our dictionaries. Our implementation is incremental
like our other hash functions.
Also remove p11_oid_hash() which wasn't being used.
In addition fix several tests whose success was based on the
way that the dictionary hashed. This was a hidden testing bug.
build/certs/Makefile.am | 6 +-
common/attrs.c | 11 +-
common/dict.c | 11 +-
common/hash.c | 126 +++++++++++++++++++++
common/hash.h | 7 ++
common/oid.c | 17 ---
common/oid.h | 2 -
common/tests/test-hash.c | 71 ++++++++++++
tools/tests/files/cacert3-trusted-multiple.pem | 4 +-
...-alias.pem => cacert3-trusted-server-alias.pem} | 4 +-
tools/tests/test-openssl.c | 14 +--
tools/tests/test.h | 5 +-
trust/tests/files/cacert3-trusted.pem | 4 +-
trust/tests/test-parser.c | 3 +-
14 files changed, 234 insertions(+), 51 deletions(-)
commit 1dc227b4fce16fcc721276925492f4ba4db00b4f
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-20
hash: Rename file and functions for hashes
We're going to be adding other hashes. Also build as part of a
different common library.
common/Makefile.am | 2 +-
common/{checksum.c => hash.c} | 22 ++++++++++-----------
common/{checksum.h => hash.h} | 26 ++++++++++++-------------
common/tests/Makefile.am | 2 +-
common/tests/{test-checksum.c => test-hash.c} | 28 +++++++++++++--------------
common/x509.c | 4 ++--
tools/extract-jks.c | 14 +++++++-------
tools/extract-openssl.c | 10 +++++-----
trust/builder.c | 16 +++++++--------
trust/parser.c | 4 ++--
trust/tests/test-builder.c | 6 +++---
trust/tests/test-module.c | 10 +++++-----
12 files changed, 72 insertions(+), 72 deletions(-)
commit ef8c54a355d3f9814cc53a0aad72d61247b169a0
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-19
Release version 0.17.3
NEWS | 7 +++++++
configure.ac | 2 +-
2 files changed, 8 insertions(+), 1 deletion(-)
commit 80303340701c2cba78937193084f3d716b883b55
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-19
trust: Use descriptive labels for tokens
Try to determine which one is the system trust input token,
and which one is the default token by using datadir and sysconfdir
respectively.
https://bugs.freedesktop.org/show_bug.cgi?id=62534
trust/Makefile.am | 2 ++
trust/module.c | 63 +++++++++++++++++++++++++++++++++++++----------
trust/tests/Makefile.am | 2 ++
trust/tests/frob-token.c | 2 +-
trust/tests/test-module.c | 30 +++++++++++++++-------
trust/tests/test-token.c | 13 +++++++++-
trust/token.c | 22 +++++++++++++++--
trust/token.h | 5 +++-
8 files changed, 112 insertions(+), 27 deletions(-)
commit 832015f1fd91a9e94478514d7fe9b21e050f121a
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-19
trust: Remove the temporary built in distrust objects
These should now be loaded from the .p11-kit persist format.
trust/token.c | 148 ----------------------------------------------------------
1 file changed, 148 deletions(-)
commit b6295dd63a8028ae0b239859406c477d779f4d5e
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-19
extract: Make extracted output directories read-only
This is not a security feature or anything like that, but a hint
that the files are managed by the extract tool and should not be
modified manually.
tools/save.c | 60 ++++++++++++++++++++++++++++++++++++-------------
tools/tests/test-save.c | 25 +++++++++------------
tools/tests/test.c | 8 +++++--
3 files changed, 61 insertions(+), 32 deletions(-)
commit 7c27e9fbbe86b3268065f248eab2d6964983a715
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-19
trust: Don't use POSIX or GNU basename()
Both are nasty. Do our own, and test it a bit
https://bugs.freedesktop.org/show_bug.cgi?id=62479
common/compat.c | 44 +++++++++++++---------
common/compat.h | 17 ++++++---
common/tests/Makefile.am | 1 +
common/tests/test-compat.c | 93 ++++++++++++++++++++++++++++++++++++++++++++++
trust/module.c | 5 ++-
trust/parser.c | 4 +-
6 files changed, 137 insertions(+), 27 deletions(-)
commit 535475c238c427cb685b4282997f7bce0876bfdf
Author: Andreas Metzler <ametzler@downhill.at.eu.org>
Date: 2013-03-19
Do not export (de)constructor
Rename p11_kit_init and p11_kit_fini to _p11_kit_init and _p11_kit_fini
respectively to stop them from being exported in the ABI. It does not seem
to be necessary.
p11-kit/util.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
commit 1d60d5a6b8c5784b7ac10098c3d9b513094f49a8
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-18
Release version 0.17.2
NEWS | 4 ++++
configure.ac | 2 +-
2 files changed, 5 insertions(+), 1 deletion(-)
commit 4ad4d5742037f156e07a4e28b202e49984e27a89
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-18
trust: Fix trust tests on 32-bit builds
trust/tests/test-persist.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit ba67d1214f6d9254546997ceec310fce2f675679
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-18
trust: Fix invalid varargs call in the builder
trust/builder.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit caaeaffb86c572f996bec31f67443da2219def84
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-18
Release version 0.17.1
* Fix distcheck bugs surrounding the strndup() workaround
NEWS | 16 ++++++++++++++++
common/compat.c | 22 +++++++++++++++++++++-
configure.ac | 9 ++-------
3 files changed, 39 insertions(+), 8 deletions(-)
commit 6c47831b3bfc66e1e995fb27e80c23085bb41e08
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-18
trust: Provide better debugging of trust module functions
Make C_FindObjects() and C_GetAttributeValue() functions dump the
attributes that they're dealing with when in debug mode.
trust/module.c | 20 +++++++++++++++-----
1 file changed, 15 insertions(+), 5 deletions(-)
commit 128239732a5b7e184d5d9c505402630ee9215080
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-18
attrs: Change p11_attrs_to_string() to allow static templates
Allow passing the number of attributes to print, which lets us use
this directly on templates passed in by callers of the PKCS#11 API.
common/attrs.c | 13 ++++++++-----
common/attrs.h | 3 ++-
common/tests/test-attrs.c | 6 +++++-
trust/tests/frob-nss-trust.c | 2 +-
4 files changed, 16 insertions(+), 8 deletions(-)
commit 1ad9f98b11f3f0d411bf9517f1dc8985ea3dbe2a
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-18
trust: Handle incorrectly encoded CKA_SERIAL_NUMBER lookups
Handle lookups for trust objects (by NSS) which expect CKA_SERIAL_NUMBER
attributes without appropriate DER encoding.
In addition allow creation of NSS trust objects as PKCS#11 session
objects, so that we can test this behavior.
trust/builder.c | 2 +-
trust/module.c | 47 +++++++++++++++++++++++++++++++++
trust/tests/test-module.c | 66 +++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 114 insertions(+), 1 deletion(-)
commit f40e5f7129ece4b74aa2cb23b28b24b381bbe223
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-18
Add workaround for broken strndup() in firefox
Unconditionally use our own strndup() until this issue is resolved
and in the stable versions of various distros.
See: https://bugzilla.mozilla.org/show_bug.cgi?id=826171
configure.ac | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
commit 749c0cdfeb3b7cc86165deb1cc51c32c0768a149
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-18
compat: Fix trivial comment
common/compat.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 64aa734f484f81ac97914b2ddecf68ff76b317c0
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-18
Use the nickname x-distrusted for CKA_X_DISTRUSTED
This is a non-standard PKCS#11 attribute, so has the X prefix
like the other ones we've added.
common/constants.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 6c574777f6ab5996a9ba3bea493e96e4ad53dc69
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-18
trust: Better generation of nss objects and assertions for serial+issuer
In many cases certficates are distrusted by serial+issuer. Make sure
this works, and fix various cases where we weren't generating
compat NSS objects and compat trust assertions for these types
of input.
trust/builder.c | 267 ++++++++++++++++++++++------------------
trust/index.c | 3 +-
trust/tests/test-builder.c | 296 ++++++++++++++++++++++++++++-----------------
3 files changed, 341 insertions(+), 225 deletions(-)
commit a904e98b78b55e7a6213356225e45a04fdc457e1
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-18
Refine looking up of attributes in arrays
There was a class of bugs for looking up invalid or empty
attributes in the internal PKCS#11 attribute arrays.
* Refine what p11_attrs_find_valid() treats as valid
* Rename p11_attrs_is_empty() to p11_attrs_terminator() for clarity
common/attrs.c | 62 ++++++++++++------------------
common/attrs.h | 11 ++----
common/mock.c | 44 +++++++--------------
common/tests/test-attrs.c | 54 ++++++++++++++++++++++++--
tools/extract-info.c | 21 +++-------
tools/extract-jks.c | 2 +-
tools/extract-openssl.c | 8 ++--
tools/tests/test-extract.c | 7 ++--
trust/builder.c | 96 +++++++++++++++++++++-------------------------
trust/index.c | 2 +-
trust/parser.c | 8 ++--
trust/tests/test-data.c | 2 +-
trust/tests/test-module.c | 4 +-
13 files changed, 158 insertions(+), 163 deletions(-)
commit f71baf6adf00626e73326149d55183bc62f827ae
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-17
trust: Remove file that's no longer used
trust/mozilla.c | 301 --------------------------------------------------------
1 file changed, 301 deletions(-)
commit d5b9e3915d75c04c547a0db7fe0c92839a0e78a5
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-15
Bump version number
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 062c09fbcad6945d6c40c5f2ce47894abdf87b07
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-15
Fix distcheck and documentation
common/tests/test-dict.c | 16 ++++++++--------
doc/manual/p11-kit-devel.xml | 15 +++++----------
trust/tests/Makefile.am | 3 +--
trust/tests/test-module.c | 7 +++++--
4 files changed, 19 insertions(+), 22 deletions(-)
commit 57e835d55f6eae39c25b97e35efe0cb58e46b897
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-15
trust: Update frob-nss-tool so it can compare modules for trust info
Can run with two modules now so that it can compare tokens NSS
trust info.
common/attrs.c | 23 ++++++
common/attrs.h | 2 +
trust/tests/frob-nss-trust.c | 174 ++++++++++++++++++++++++++++++++++---------
3 files changed, 164 insertions(+), 35 deletions(-)
commit 7fd74a78fcad81227be3650239669bca5851a1db
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-15
trust: Support a p11-kit specific serialization format
This is documented in doc/internals/ subdirectory
Add tests for the format as well.
https://bugs.freedesktop.org/show_bug.cgi?id=62156
common/Makefile.am | 2 +
common/basic.asn | 12 +
common/basic.asn.h | 13 +
doc/internal/persist-format.txt | 54 ++++
trust/Makefile.am | 1 +
trust/parser.c | 35 +++
trust/persist.c | 401 +++++++++++++++++++++++++++++
trust/persist.h | 59 +++++
trust/tests/Makefile.am | 1 +
trust/tests/input/verisign-v1.p11-kit | 17 ++
trust/tests/test-builder.c | 39 ---
trust/tests/test-data.h | 39 +++
trust/tests/test-module.c | 2 +-
trust/tests/test-parser.c | 32 +++
trust/tests/test-persist.c | 472 ++++++++++++++++++++++++++++++++++
trust/tests/test-token.c | 2 +-
16 files changed, 1140 insertions(+), 41 deletions(-)
commit 48004b92d4c65080ac71f6a48297abd4d83dfdcb
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-11
url: Split out the URL encoding and decoding functions
We want to use these as the format for encoding binary data
in our PKCS#11 attribute persistence
https://bugs.freedesktop.org/show_bug.cgi?id=62156
common/Makefile.am | 1 +
common/tests/Makefile.am | 1 +
common/tests/test-url.c | 166 +++++++++++++++++++++++++++++++++++++++++++++++
common/url.c | 142 ++++++++++++++++++++++++++++++++++++++++
common/url.h | 59 +++++++++++++++++
p11-kit/uri.c | 120 ++++------------------------------
6 files changed, 381 insertions(+), 108 deletions(-)
commit 06bf3da80eb780621e0f1eb0ab8d4716ed7b3478
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-11
lexer: Make a lexer for our config file format
This lexer will be used in our PKCS#11 persistence format as well.
https://bugs.freedesktop.org/show_bug.cgi?id=62156
common/Makefile.am | 1 +
common/lexer.c | 238 +++++++++++++++++++++++++++++++++++++++
common/lexer.h | 84 ++++++++++++++
common/tests/Makefile.am | 1 +
common/tests/test-lexer.c | 281 ++++++++++++++++++++++++++++++++++++++++++++++
p11-kit/conf.c | 131 +++++++--------------
6 files changed, 644 insertions(+), 92 deletions(-)
commit 29af2c1eeca2fb0257e1172753b129d638472f0f
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-15
trust: Use a SHA-1 hash of subjectPublicKeyInfo as CKA_ID by default
This is what's recommended by the spec, and allows stapled extensions
to hang off a predictable CKA_ID.
https://bugs.freedesktop.org/show_bug.cgi?id=62329
common/x509.c | 22 +++++++++++++++++
common/x509.h | 5 ++++
trust/builder.c | 20 +++++++++++-----
trust/parser.c | 48 +++++++++++++++++---------------------
trust/tests/files/verisign-v1.der | Bin 0 -> 576 bytes
trust/tests/test-builder.c | 18 +++++++++++++-
trust/tests/test-module.c | 10 ++++----
trust/tests/test-parser.c | 31 ++++++++++++++++++++++++
8 files changed, 115 insertions(+), 39 deletions(-)
commit 2d75eb32793a569dc3de359bb623713c80393d24
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-14
trust: Add a builder which builds objects out of parsed data
The builder completes the objects from the parsed data and takes
over the responsibilities that the parser and adapter previously
shared.
This is necessary to prepare for arbitrary data coming from
the p11-kit specific input files.
https://bugs.freedesktop.org/show_bug.cgi?id=62329
build/certs/entrust-invalid.der | Bin 0 -> 1120 bytes
build/certs/verisign-v1.der | Bin 0 -> 576 bytes
trust/Makefile.am | 2 +-
trust/adapter.c | 472 ------------
trust/builder.c | 1556 +++++++++++++++++++++++++++++++++++++
trust/{adapter.h => builder.h} | 36 +-
trust/parser.c | 836 +++++---------------
trust/parser.h | 45 +-
trust/session.c | 7 +-
trust/session.h | 2 +
trust/tests/Makefile.am | 1 +
trust/tests/test-builder.c | 1611 +++++++++++++++++++++++++++++++++++++++
trust/tests/test-data.c | 2 -
trust/tests/test-module.c | 28 +-
trust/tests/test-parser.c | 666 +++-------------
trust/tests/test-token.c | 58 +-
trust/token.c | 21 +-
17 files changed, 3593 insertions(+), 1750 deletions(-)
commit d7d68de6c9de9190c85da36b731e61ae3421a811
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-14
attrs: Add info functions for constant names and values
* For retrieving the name and/or nick of constants
* The nick is what we'll use in the file format
https://bugs.freedesktop.org/show_bug.cgi?id=62329
common/Makefile.am | 1 +
common/attrs.c | 242 ++--------------------------
common/constants.c | 363 ++++++++++++++++++++++++++++++++++++++++++
common/constants.h | 74 +++++++++
common/tests/Makefile.am | 1 +
common/tests/test-constants.c | 117 ++++++++++++++
6 files changed, 566 insertions(+), 232 deletions(-)
commit ff009f8a671e6ddd02a684bb1707a2a797fe4600
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-12
trust: Refactor to include concept of the index
* The index holds PKCS#11 objects whether for the token or for the session.
* The index provides hook for a builder to expand or validate objects
being added to the index.
* In addition theres a change hook so that a builder can maintain state
between objects, such as the compat NSS trust objects.
https://bugs.freedesktop.org/show_bug.cgi?id=62329
trust/Makefile.am | 1 +
trust/index.c | 566 +++++++++++++++++++++++
trust/index.h | 126 ++++++
trust/module.c | 111 ++---
trust/session.c | 121 +----
trust/session.h | 19 +-
trust/tests/Makefile.am | 2 +-
trust/tests/frob-token.c | 6 +-
trust/tests/test-index.c | 1063 ++++++++++++++++++++++++++++++++++++++++++++
trust/tests/test-module.c | 238 ++++++++++
trust/tests/test-session.c | 161 -------
trust/tests/test-token.c | 32 +-
trust/token.c | 32 +-
trust/token.h | 3 +-
14 files changed, 2097 insertions(+), 384 deletions(-)
commit 3fc6365093ad07b2eb5ef859093c5c5eb56ee700
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-14
attrs: New p11_attrs_merge() function
This takes one set of attributes and merges them into
another, without copying memory needlessly.
https://bugs.freedesktop.org/show_bug.cgi?id=62329
common/attrs.c | 52 ++++++++++++++++++++---
common/attrs.h | 4 ++
common/tests/test-attrs.c | 103 ++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 153 insertions(+), 6 deletions(-)
commit 5208fc8539aabc626c1699f181e1191d6bb1c787
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-14
asn1: Implement a parsed ASN.1 tree cache
In order to unmarry the parser from the future builder, but still retain
efficiency, we need to be able to cache parsed ASN.1 trees. The ASN.1
cache provides this. In addition it carries around the loaded ASN.1
definitions.
https://bugs.freedesktop.org/show_bug.cgi?id=62329
common/asn1.c | 110 +++++++++++++++++++++++++++++++++++++++++++++++
common/asn1.h | 21 +++++++++
common/tests/test-asn1.c | 46 ++++++++++++++++++++
3 files changed, 177 insertions(+)
commit 07a53cecc3220b3811f9db7514e49235fff32b94
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-15
extract: Combine trust policy when extracting
* Collapse multiple identical certificates coming from different
tokens. Note that if a certificate should not be placed multiple
times on a token. We cannot know which one to respect.
* Add a new extract filter: --trust-policy
This extracts all anchor and blacklist information
https://bugs.freedesktop.org/show_bug.cgi?id=61497
doc/manual/p11-kit.xml | 19 ++++-
tools/extract-info.c | 80 ++++++++++++++++++++-
tools/extract.c | 82 ++++++++++++++--------
tools/extract.h | 4 ++
tools/tests/test-extract.c | 171 +++++++++++++++++++++++++++++++++++++++++++--
5 files changed, 313 insertions(+), 43 deletions(-)
commit 7fc0ecd1ca7840e71958e62163b27d645c936c25
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-15
extract: --comment option adds comments to PEM bundles
* Placed before the certificate, simple one liner
* No need to put comments in PEM files extracted into
directories, as the file names are already descriptive.
https://bugs.freedesktop.org/show_bug.cgi?id=62029
doc/manual/p11-kit.xml | 5 +++++
tools/extract-info.c | 20 ++++++++++++++++++++
tools/extract-openssl.c | 11 ++++++++++-
tools/extract-pem.c | 11 +++++++++--
tools/extract.c | 6 ++++++
tools/extract.h | 8 ++++++++
tools/tests/test-extract.c | 45 +++++++++++++++++++++++++++++++++++++++++++++
7 files changed, 103 insertions(+), 3 deletions(-)
commit 58e1e3764250fbda96c5ef7244e891a6be04d4cb
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-15
extract: Allow p11_save_write() to automatically calculate length
Also if automatically calculating length, then ignore input
that is NULL, as something that shouldn't be written out.
This allows easier chaining of optional output, such as comments.
https://bugs.freedesktop.org/show_bug.cgi?id=62029
tools/save.c | 11 +++++++--
tools/save.h | 4 ++--
tools/tests/files/empty-file | 0
tools/tests/files/simple-string | 1 +
tools/tests/test-save.c | 50 +++++++++++++++++++++++++++++++++++++++++
5 files changed, 62 insertions(+), 4 deletions(-)
commit 8fd55c8089c90b52f00e4ffad572d1b9da72e6ba
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-07
p11-kit: New priority option and change trust-policy option
* Sort loaded modules appropriately using the 'priority' option. This
allows us to have a predictable order for callers, when callers
iterate through modules.
* Modules default to having an 'priority' option of '0'.
* If modules have the same order value, then sort by name.
* The above assumes the role of ordering trust-policy sources.
* Change the trust-policy option to a boolean
* Some of this code will be rearranged when the managed branch
is merged.
https://bugs.freedesktop.org/show_bug.cgi?id=61978
doc/manual/p11-kit-trust.xml | 5 ++-
doc/manual/pkcs11.conf.xml | 20 ++++++---
p11-kit/modules.c | 47 ++++++++++++++++++++++
p11-kit/tests/files/package-modules/four.module | 1 +
.../tests/files/package-modules/win32/four.module | 1 +
.../files/system-modules/two-duplicate.module | 1 +
p11-kit/tests/files/system-modules/two.badname | 1 +
.../tests/files/system-modules/win32/one.module | 3 +-
.../system-modules/win32/two-duplicate.module | 1 +
.../tests/files/system-modules/win32/two.badname | 1 +
p11-kit/tests/files/user-modules/three.module | 3 +-
.../tests/files/user-modules/win32/three.module | 3 +-
p11-kit/tests/test-modules.c | 42 +++++++++++++++++++
tools/extract.c | 47 +++-------------------
trust/p11-kit-trust.module | 14 +++++--
15 files changed, 136 insertions(+), 54 deletions(-)
commit 0e75a5ba8261955d4d75a38a528f79ff4edd5c21
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-06
trust: Make each configured path its own token
* Each source directory or file configured into the module or passed
in as an initialization argument becomes its own token.
Previously there was one token that contained certificates from
all the configured paths.
* These tokens are clearly labeled in the token info as
to the directory or file that they represent.
* Update PKCS#11 module logic to deal with multiple tokens, validate
the slot ids and so on.
* The order in which the paths are configured will become the
order of trust priority. This is the same order in which they
are listed through 'p11-kit list-modules' and C_GetSlotList.
* Update the frob-token internal tool to only play with one path
* Adjust tests where necessary to reflect the new state of things
and add tests for modified trust module code
https://bugs.freedesktop.org/show_bug.cgi?id=61499
trust/module.c | 202 +++++++++++++++++++++++---------
trust/tests/frob-token.c | 4 +-
trust/tests/test-module.c | 283 +++++++++++++++++++++++++++++++++++++++------
trust/tests/test-session.c | 2 +-
trust/tests/test-token.c | 33 +++++-
trust/token.c | 64 ++++------
trust/token.h | 8 +-
7 files changed, 460 insertions(+), 136 deletions(-)
commit d2128c263ea77e4f99bccc6ac46964ad419ec2d1
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-06
dict: Allow removal of current item in a p11_dict iteration
* This was already possible to do safely before
* Document and test this behavior
https://bugs.freedesktop.org/show_bug.cgi?id=61499
common/dict.h | 2 ++
common/tests/test-dict.c | 60 ++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 62 insertions(+)
commit 86e60637394340ef2fa3b3db6b451dac1d73052b
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-14
trust: Rework input path treatment
* Accept a single --with-trust-paths argument to ./configure
which cotnains all the input paths.
* The --with-system-anchors and --with-system-certificates
./configure arguments are no longer supported. Since they were
only present briefly, no provision is made for backwards
compatibility.
* Each input file is treated as containing anchors by default
unless an input certificate contains detailed trust information.
* The files in each input directory are not automatically treated
as anchors unless a certificate contains detailed trust information.
* The files in anchors/ subdirectory of each input directory are
automatically marked as anchors.
* The files in the blacklist/ subdirectory of each input directory
are automatically marked as blacklisted.
* Update tests and move around test certificates so we can
test these changes.
https://bugs.freedesktop.org/show_bug.cgi?id=62327
build/certs/Makefile.am | 13 ++-
build/certs/self-signed-with-ku.der | Bin 501 -> 478 bytes
configure.ac | 74 ++++---------
doc/manual/p11-kit-trust.xml | 61 +++++-----
p11-kit/p11-kit-1.pc.in | 3 -
trust/module.c | 21 ++--
trust/parser.c | 47 +++++++-
trust/tests/certificates/self-signed-with-ku.der | Bin 501 -> 0 bytes
.../self-signed-with-eku.der | Bin
trust/tests/frob-token.c | 2 +-
trust/tests/{ => input}/anchors/cacert3.der | Bin
trust/tests/{ => input}/anchors/testing-ca.der | Bin
.../{files => input/blacklist}/self-server.der | Bin
trust/tests/{certificates => input}/cacert-ca.der | Bin
trust/tests/input/distrusted.pem | 23 ++++
trust/tests/test-module.c | 8 +-
trust/tests/test-session.c | 2 +-
trust/tests/test-token.c | 123 ++++++++++++++++++++-
trust/token.c | 78 ++++++++-----
trust/token.h | 3 +-
20 files changed, 318 insertions(+), 140 deletions(-)
commit bf63f009cd4a1147a3e0684d898f140f46666b0e
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-15
pem: Fix a bug decoding some PEM files
When bringing over the BSD base64 code, there was a regression.
In addition add some tests for the base64 stuff.
common/base64.c | 19 ++--
common/tests/Makefile.am | 1 +
common/tests/test-base64.c | 212 +++++++++++++++++++++++++++++++++++++++++++
trust/tests/files/thawte.pem | 25 +++++
4 files changed, 246 insertions(+), 11 deletions(-)
commit 08f11e4c8fb173ed1341e6e0cf0cb0403df7e547
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-10
Don't overwrite the build directory when uploading documentation
Makefile.am | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 3177cbccb237bfef66721eeb773b574f1d8ba076
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-10
Fix up the system anchors/certificates configure arguments
Double check various combinations, and make sure we don't fail
needlessly when --disable-trust-module. Also check that actual
paths are passed into the arguments.
configure.ac | 35 ++++++++++++++++++++---------------
1 file changed, 20 insertions(+), 15 deletions(-)
commit df29c0dcb6cce6a215dee9dc4e17aff59ae67c5b
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-11
doc: Move manual into doc/manual subdirectory
.gitignore | 34 ++++----
Makefile.am | 2 +-
configure.ac | 7 +-
doc/Makefile.am | 132 +------------------------------
doc/manual/Makefile.am | 132 +++++++++++++++++++++++++++++++
doc/{ => manual}/annotation-glossary.xml | 0
doc/{ => manual}/docbook-params.xsl | 0
doc/{ => manual}/p11-kit-config.xml | 0
doc/{ => manual}/p11-kit-devel.xml | 0
doc/{ => manual}/p11-kit-docs.sgml | 0
doc/{ => manual}/p11-kit-overrides.txt | 0
doc/{ => manual}/p11-kit-sections.txt | 0
doc/{ => manual}/p11-kit-sharing.xml | 0
doc/{ => manual}/p11-kit-trust.xml | 6 +-
doc/{ => manual}/p11-kit.xml | 2 +-
doc/{ => manual}/pkcs11.conf.xml | 0
doc/{ => manual}/style.css | 0
doc/{ => manual}/version.xml.in | 0
18 files changed, 159 insertions(+), 156 deletions(-)
commit 0a6bf1bfad01aae0b707b9e13e6d14deade9cecf
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-12
Release version 0.16.4
NEWS | 4 ++++
configure.ac | 2 +-
2 files changed, 5 insertions(+), 1 deletion(-)
commit 22993290d75bacb33c177be8ee2bc78ea0687ac8
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-11
tools: Display per-command help appropriately
* Fixes a regression
* In addition allows --help to be specified before the command. If
a command is present, command help will be shown
https://bugs.freedesktop.org/show_bug.cgi?id=62153
tools/tool.c | 19 ++++++++++++-------
1 file changed, 12 insertions(+), 7 deletions(-)
commit c80956aef3abaa90fa9ab7c2873a45adbe127dc4
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-11
tools: Initialize local debug code correctly
Unless initialized according to the environment all debug output
is printed.
https://bugs.freedesktop.org/show_bug.cgi?id=62152
tools/tool.c | 3 +++
1 file changed, 3 insertions(+)
commit ee632a4a904f9f16c66a24c97f5724f0c3150b10
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-08
Release version 0.16.3
NEWS | 6 ++++++
configure.ac | 2 +-
2 files changed, 7 insertions(+), 1 deletion(-)
commit b5660380769aa5b1c9b51af7e0fd2f18ed463a7e
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-08
iter: Don't skip tokens that don't have CKF_TOKEN_INITIALIZED
This flag is not required to be set unless C_InitToken has been
called. Many modules, like libnssckbi.so, do not set this flag.
p11-kit/iter.c | 4 ----
p11-kit/tests/test-iter.c | 33 ---------------------------------
2 files changed, 37 deletions(-)
commit ab14d9291df41b27f70ec3158d94f50f68ed80e1
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-08
trust: add a simple frob-nss-token tool to dump distrust
Add a simple tool to dump NSS style distrust attributes from
a module.
trust/tests/Makefile.am | 6 +++
trust/tests/frob-nss-trust.c | 103 +++++++++++++++++++++++++++++++++++++++++++
2 files changed, 109 insertions(+)
commit 6ecf586a1e31f2874c7b185f4f2061aa9e83c08a
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-08
trust: Use the new NSS PKCS#11 extension codes
NSS had subtly changed the values of the distrust CK_TRUST codes
so update them to stay in sync.
common/attrs.c | 76 +++++++++++++++++++++++------------------------
common/pkcs11x.h | 59 ++++++++++++++++++------------------
trust/adapter.c | 22 +++++++-------
trust/tests/test-module.c | 4 +--
trust/tests/test-parser.c | 22 +++++++-------
trust/token.c | 6 ++--
6 files changed, 95 insertions(+), 94 deletions(-)
commit 66fbcf7b6aac7fb808d3146335625cc15d4d2959
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-08
Hard code distrust temporarily.
This is because we have no way to load this data into the trust module.
Working on a real solution.
trust/token.c | 150 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 149 insertions(+), 1 deletion(-)
commit b96095115a17818d3e6107e10bad0fef757611d7
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-08
tools: Parse global options appropriately, even if after command
tools/tool.c | 31 ++++++++++++++++++-------------
1 file changed, 18 insertions(+), 13 deletions(-)
commit 2ce1b21109c90b7dab240806686829e498875d74
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-08
trust: Refactor how we load builtin objects
trust/token.c | 24 +++++++++++++-----------
1 file changed, 13 insertions(+), 11 deletions(-)
commit b06b58b275ebccf6d7360083708b2614dd75e1b5
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-08
Don't shove messages into debug output if they're already displayed
common/library.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit 347ac14998835ee18e5958a8b7c9aa1afec8eaa2
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-08
Release 0.16.2
NEWS | 5 +++++
configure.ac | 2 +-
2 files changed, 6 insertions(+), 1 deletion(-)
commit ba9cb5cab824fa4180355def6bc2e464b4e24ab0
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-08
extract: Use bool instead of int where appropriate
tools/extract-info.c | 30 +++++++++++++++---------------
1 file changed, 15 insertions(+), 15 deletions(-)
commit d7aee0a1ab76fb1299db5cf398088ebec1fe98be
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-08
tools: Add a bit of debugging to the PEM extract handler
common/debug.h | 1 +
tools/extract-pem.c | 3 +++
2 files changed, 4 insertions(+)
commit 082bc5773abe1c003bf34bbb3bf6a6b5282a212c
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-08
extract: Fix regression in --purpose option
The --purpose option would only match certificates that had no
purposes marked on them. Fix it so that it correctly matches
certificates with the given purpose.
https://bugs.freedesktop.org/show_bug.cgi?id=62009
tools/extract-info.c | 13 ++++++++++--
tools/tests/test-extract.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 61 insertions(+), 2 deletions(-)
commit fc383e025f09af70d3eb52fcd7e03c02733b14b0
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-08
Document and put code coverage online
* Document our testing practices
* Put lcov code coverage output online
Makefile.am | 16 ++++++++++++----
doc/p11-kit-devel.xml | 22 ++++++++++++++++++++++
2 files changed, 34 insertions(+), 4 deletions(-)
commit 945585b698b08b6f349e2e104862589b5acce0aa
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-08
Properly detect the stdbool.h header
https://bugs.freedesktop.org/show_bug.cgi?id=62001
configure.ac | 2 ++
1 file changed, 2 insertions(+)
commit cc6189fc4051be33c6f5c86ab767e614633bf831
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-07
Release version 0.16.1
NEWS | 5 +++++
configure.ac | 2 +-
2 files changed, 6 insertions(+), 1 deletion(-)
commit 85eaff1aebb0e6625382fba179164490b6ebb538
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-07
doc: Fix external URLs in documentation
doc/p11-kit-devel.xml | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
commit ae05057c69a6ef9ed49b47db6e9ba2b8acdcfe23
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-07
doc: Add P11_KIT_STRICT=yes debugging tip
doc/p11-kit-devel.xml | 11 +++++++++++
1 file changed, 11 insertions(+)
commit 220d7b027871f79f446c7b3c2db9ef43f24c19cc
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-07
x509: Don't break when cA field of BasicConstraints is missing
The field defaults to FALSE. It sucks that libtasn1 doesn't
fill this in for us.
https://bugs.freedesktop.org/show_bug.cgi?id=61975
common/x509.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
commit 3e532011ac100391315ffa13f537ed130cc45b2e
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-07
tools: Remove extra debugging statement when running external commands
tools/tool.c | 1 -
1 file changed, 1 deletion(-)
commit be5d505fe840836561488bba3d11d8584ca9cb97
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-07
extract-trust: Turn into a placeholder script that does nothing
If the 'p11-kit extract-trust' command is to be used by
distributions, make them customize it appropriately.
tools/p11-kit-extract-trust.in | 36 +++++++++++++++---------------------
1 file changed, 15 insertions(+), 21 deletions(-)
commit 0644bfd4c09c710fec1ed424779919fea7c06fca
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-07
doc: Don't wrap the options in the pkcs11.conf manual page
doc/pkcs11.conf.xml | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
commit 7b3da7d5bdaa97488668a16fcf1ea04b3d9de64e
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-04
Release version 0.16.0
NEWS | 8 ++++++++
configure.ac | 2 +-
2 files changed, 9 insertions(+), 1 deletion(-)
commit 3f13da890649b8cb88e8e2e39872831c13567a1e
Author: Stef Walter <stefw@redhat.com>
Date: 2013-03-04
Build with the libtasn1 CFLAGS properly
Tweaks by: Roman Bogorodskiy <bogorodskiy@gmail.com>
https://bugs.freedesktop.org/show_bug.cgi?id=61739
common/Makefile.am | 3 +++
common/tests/Makefile.am | 4 ++++
tools/Makefile.am | 4 +++-
tools/tests/Makefile.am | 4 +++-
trust/Makefile.am | 1 +
5 files changed, 14 insertions(+), 2 deletions(-)
commit 14b3b3d158bdd874f5bbd626f948d20e78b38f01
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-04
Redo mock.h header in order to relicense
Rewrite the mock.h header to relicense it. It is based on the BSD
licensed mock.c file, so this isn't a big issue.
common/mock.h | 1353 +++++++++++++++++++++++++++++----------------------------
1 file changed, 686 insertions(+), 667 deletions(-)
commit a90cb3cc21fc479434165c8c531e1e49a6de6dd4
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-04
Remove duplicate typedef
https://bugs.freedesktop.org/show_bug.cgi?id=60894
p11-kit/iter.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit 3ccec864bfc57ebdd524a0c9603aca829c64e3dc
Author: Roman Bogorodskiy <bogorodskiy@gmail.com>
Date: 2013-03-03
Fix missing bracket in trust module check
This fixes building --without-libtasn1
https://bugs.freedesktop.org/show_bug.cgi?id=61740
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 205ed0e0e26010150950e9e963a9a36693b5f71e
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-03
Initialize modules correctly in tests
This fixes hangs when running tests on windows
tools/tests/test-extract.c | 2 ++
tools/tests/test-openssl.c | 2 ++
tools/tests/test-pem.c | 2 ++
tools/tests/test-save.c | 2 ++
tools/tests/test-x509.c | 2 ++
trust/tests/test-module.c | 2 +-
trust/tests/test-parser.c | 1 +
trust/tests/test-session.c | 1 +
trust/tests/test-token.c | 1 +
9 files changed, 14 insertions(+), 1 deletion(-)
commit 6c55425a7de23a71d0abc3137f0015e878188bae
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-03
Windows doesn't support symlinks, chmod, or atomic renames
* Don't create symlinks on windows
* No atomic renames, so delete and then rename
* Make sure to close files before unlinking on windows
* No chmod permissions on windows
tools/extract-openssl.c | 14 +++++++++++++-
tools/save.c | 44 ++++++++++++++++++++++++++++++++++++++++++--
tools/save.h | 4 ++++
tools/tests/test-openssl.c | 7 ++++++-
tools/tests/test-save.c | 26 ++++++++++++++++++++++++--
tools/tests/test.c | 4 ++++
tools/tests/test.h | 8 ++++++++
7 files changed, 101 insertions(+), 6 deletions(-)
commit 3acf285916968a05ea42b3ef0f9654a33e308da7
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-03
Use mingw compatible coverage flags
The way that coverage is built and linked is different with mingw
so just use the --coverage flag to represent the correct behavior
when cross compiling.
configure.ac | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit 5868e4aba23b211d8dd35af5061939ee72fe9c41
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-03
Don't use wchar_t for storing unicode characters
On Win32 wchar_t is only 2 bytes, which breaks our UTF-8 conversion
functions.
common/utf8.c | 71 ++++++++++++++++++++++++++++++-----------------------------
1 file changed, 36 insertions(+), 35 deletions(-)
commit bee435e09111f43dcc406160e9c9bdd8645fc86c
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-03
Fix syntax errors in OS_WIN32 ifdefs
common/compat.h | 4 ++--
common/library.c | 6 +++---
p11-kit/conf.c | 2 +-
p11-kit/util.c | 4 ++--
trust/module.c | 6 ++++--
trust/tests/test-module.c | 2 ++
6 files changed, 14 insertions(+), 10 deletions(-)
commit 61e0cb5dddb89ddab1d68791eb28d892c114622f
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-03
Open files in binary mode on windows
So that the Windows' C library doesn't munge line endings
common/compat.h | 4 ++++
p11-kit/conf.c | 2 +-
p11-kit/pin.c | 2 +-
tools/tests/test.c | 11 +++++------
4 files changed, 11 insertions(+), 8 deletions(-)
commit d9076a99c59bb0132b25277a2340f428c9b6c98e
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-03
Add compat gmtime_r() and timegm() functions
Not available on Win32 or ancient unixes
common/compat.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
common/compat.h | 15 +++++++++++++++
configure.ac | 6 ++++++
3 files changed, 76 insertions(+)
commit 2737be8914270275d07ccf4526a4ba8b781c195e
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-03
Add compat mkstemp() and mkdtemp() functions
Not available on Win32 or ancient unixes
common/compat.c | 144 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
common/compat.h | 12 +++++
2 files changed, 156 insertions(+)
commit 193f0043a546e0ef186addb2a0487d09e690d5b1
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-03
Add compat vasprintf() and asprintf() functions
These are not available on Win32 and ancient unixes
common/compat.c | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
common/compat.h | 17 +++++++++++++++
configure.ac | 1 +
3 files changed, 84 insertions(+)
commit 66ee55e5947682d10eed7a36b9da72a8cf6a40f2
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-03
Add compat strndup() function
Not available on Win32 and ancient unixes
common/compat.c | 22 ++++++++++++++++++++++
common/compat.h | 7 +++++++
configure.ac | 1 +
3 files changed, 30 insertions(+)
commit ae76545a0094114ef29dba52df97e69ab28b3dbc
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-03
Abstract mmap() into a compat API
The Win32 for mmap() is very different from Unix, so abstract
this into our own p11_mmap_xxx() functions.
common/compat.c | 158 +++++++++++++++++++++++++++++++++++++----------
common/compat.h | 16 +++++
common/tests/frob-cert.c | 35 ++++-------
tools/tests/test.c | 2 +
trust/parser.c | 28 +++------
5 files changed, 160 insertions(+), 79 deletions(-)
commit 38acf11889c1e1da2610c8e05f1f380f2a2a1ae6
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-03
Use putenv() instead of setenv()
Since older operating systems don't support setenv()
common/tests/test-asn1.c | 2 +-
common/tests/test-attrs.c | 2 +-
common/tests/test-buffer.c | 2 +-
common/tests/test-oid.c | 2 +-
common/tests/test-x509.c | 2 +-
p11-kit/tests/conf-test.c | 2 +-
p11-kit/tests/pin-test.c | 2 +-
p11-kit/tests/progname-test.c | 2 +-
p11-kit/tests/test-init.c | 2 +-
p11-kit/tests/test-iter.c | 2 +-
p11-kit/tests/test-modules.c | 2 +-
p11-kit/tests/uri-test.c | 2 +-
trust/tests/test-module.c | 2 +-
trust/tests/test-parser.c | 2 +-
trust/tests/test-session.c | 2 +-
trust/tests/test-token.c | 2 +-
16 files changed, 16 insertions(+), 16 deletions(-)
commit 7823c9ddcb18b5155b3cc0e9d9f57ad0333d5eba
Author: Stef Walter <stefw@gnome.org>
Date: 2013-03-03
Add compat implementation of basename()
For Win32 and older unixes
common/compat.c | 62 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
common/compat.h | 6 ++++++
configure.ac | 5 +++--
3 files changed, 71 insertions(+), 2 deletions(-)
commit 02d7da2ba2247d017f248dd48e4365bd0a219bff
Author: Stef Walter <stefw@gnome.org>
Date: 2013-02-24
tools: Update comments for cacerts jks format
tools/extract-jks.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
commit b06bee023df6f4f2b004030e86e8ee90579681f5
Author: Stef Walter <stefw@gnome.org>
Date: 2013-02-20
Rename p11_module_xxx() compat functions to p11_dl_xxx()
For clarity. In addition, make p11_dl_close() able to be used
as a destroyer callback.
Also make p11_dl_error() return an allocated string
common/compat.c | 18 +++++++++---------
common/compat.h | 20 ++++++++++----------
p11-kit/modules.c | 15 ++++++++++-----
3 files changed, 29 insertions(+), 24 deletions(-)
commit 6521cccc021530f59f2f5e60a9cbf0c5b458360d
Author: Stef Walter <stefw@gnome.org>
Date: 2013-02-15
Update the pkcs11.h header for missing mechanisms
common/attrs.c | 2 +-
common/pkcs11.h | 25 +++++++++++++++++++++++++
2 files changed, 26 insertions(+), 1 deletion(-)
commit 95ec58961a480c15fe780bbce6d6cd974f478407
Author: Stef Walter <stefw@gnome.org>
Date: 2013-02-06
Only do shared object and DLL initialization in libraries
Don't do library initialization on shared object load when not running
in a library. We'll want to plug into this and do different things
per library in the future.
common/library.c | 60 +++++++++++---------------------------------------------
common/library.h | 2 ++
p11-kit/util.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++
trust/module.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 122 insertions(+), 49 deletions(-)
commit c6ebe7eb68e07e4f22c7b7ede14a1e4f04e893b7
Author: Stef Walter <stefw@gnome.org>
Date: 2013-02-15
Move pkcs11.conf and module documentation to a manual page
.gitignore | 1 +
doc/Makefile.am | 19 ++++-
doc/p11-kit-config.xml | 166 +++------------------------------------
doc/p11-kit-docs.sgml | 3 +-
doc/p11-kit.xml | 5 +-
doc/pkcs11.conf.xml | 207 +++++++++++++++++++++++++++++++++++++++++++++++++
6 files changed, 239 insertions(+), 162 deletions(-)
commit 726e98ed071601770c2724f358eabbbc682f1fdc
Author: Stef Walter <stefw@gnome.org>
Date: 2013-02-13
Pull translations from transifex
* Build a script to help with this
https://bugs.freedesktop.org/show_bug.cgi?id=60792
.gitignore | 1 +
Makefile.am | 3 +
build/tx-update | 68 +++++++++++
po/LINGUAS | 34 ++++++
po/bg.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/cs.po | 343 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/de.po | 24 ++--
po/el.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/en_GB.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/eo.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/es.po | 346 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/eu.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/fa.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/fi.po | 20 ++--
po/fr.po | 343 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/gl.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/hr.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/hu.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/ia.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/id.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/it.po | 346 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/ja.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/ka.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/ko.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/lv.po | 346 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/nl.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/pa.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/pl.po | 346 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/pt_BR.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/ru.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/sk.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/sl.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/sq.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/sr.po | 346 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/te.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/tr.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/uk.po | 345 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/zh_CN.po | 343 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/zh_HK.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
po/zh_TW.po | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
40 files changed, 11845 insertions(+), 21 deletions(-)
commit 380f457ce458e32f1ccc15acfa664df82629981f
Author: Stef Walter <stefw@gnome.org>
Date: 2013-02-12
Relicense the buffer code appropriate for inclusion in p11-kit
* All original lines in this file upon arrival in the p11-kit
project were written by me, and copyright held by me.
common/buffer.c | 57 ++++++++++++++++++++++++++++++++++-----------------------
common/buffer.h | 57 ++++++++++++++++++++++++++++++++++-----------------------
2 files changed, 68 insertions(+), 46 deletions(-)
commit 65e68c88d85d8b6896afe9f9e101aefb618ce6be
Author: Stef Walter <stefw@gnome.org>
Date: 2013-02-12
Release version 0.15.2
* This is an unstable release
NEWS | 6 ++++++
configure.ac | 2 +-
2 files changed, 7 insertions(+), 1 deletion(-)
commit efef089a772f4f05caefebf2a6466b4225dc9b00
Author: Timo Jyrinki <timo.jyrinki@iki.fi>
Date: 2013-02-12
Add finish translation
po/LINGUAS | 1 +
po/fi.po | 343 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 344 insertions(+)
commit 41b3f707906a4f6273f7fdb1174be3343bbf1ea7
Author: Andreas Metzler <ametzler@downhill.at.eu.org>
Date: 2011-09-24
Add and enable German gettext translation
Enable installation of gettext translations and add German translation
by Chris Leick.
.gitignore | 3 +
configure.ac | 3 +
po/LINGUAS | 4 +
po/de.po | 351 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 361 insertions(+)
commit b90410f7c6ef5e1bb73837d7ddbda855a91ac79f
Author: Andreas Metzler <ametzler@downhill.at.eu.org>
Date: 2013-02-12
Respect destdir when creating package module config directory
p11-kit/Makefile.am | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 04781672277a537551c369ae71ecdc8410e31dc3
Author: Stef Walter <stefw@gnome.org>
Date: 2013-02-11
Fix dereference of varargs in p11_attrs_build()
https://bugs.freedesktop.org/show_bug.cgi?id=60473
common/attrs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 077fd91bed34bb6226e0a43a26f9e546372db54a
Author: Stef Walter <stefw@gnome.org>
Date: 2013-02-11
Remove unnecessary code to be more compatible with various libtasn1 versions
https://bugs.freedesktop.org/show_bug.cgi?id=60434
common/asn1.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
commit 828df42b98fa0ffc1695db8af9bd0bd03f2583bc
Author: Andreas Metzler <ametzler@downhill.at.eu.org>
Date: 2013-02-07
Don't require explictly disabling trust module if --without-libtasn1
And provide more intelligent error messages about why to build
with libtasn1
Tweaked by Stef Walter
configure.ac | 28 ++++++++++++++++------------
1 file changed, 16 insertions(+), 12 deletions(-)
commit 2e8ce8c5ecb6d1f1c8f0af244d9f9b75dc6050ea
Author: Stef Walter <stefw@gnome.org>
Date: 2013-02-06
Fix various clang analyzer warnings
* Add annotations to our precondition functions so that they
don't make the analyzer complain
common/compat.h | 13 +++++++++++++
common/debug.h | 3 ++-
p11-kit/conf.c | 2 +-
p11-kit/pin.c | 3 ++-
p11-kit/uri.c | 1 -
tools/extract-openssl.c | 9 +++++++--
tools/extract.c | 3 +++
tools/tool.c | 3 +--
8 files changed, 29 insertions(+), 8 deletions(-)
commit 0c6517104d1306228c31e596b0df6a4fb5af4dd1
Author: Stef Walter <stefw@gnome.org>
Date: 2013-02-05
Our minimum version of libtasn1 is 2.14
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit e7fe6fd2cdde5e15a14abca39303c5049174f4f9
Author: Stef Walter <stefw@gnome.org>
Date: 2013-02-05
Release version 0.15.1
* This is an unstable release
NEWS | 14 ++++++++++++++
configure.ac | 2 +-
2 files changed, 15 insertions(+), 1 deletion(-)
commit f3a3e1e6a413dc93d0a1eb330a32404d803f5307
Author: Stef Walter <stefw@gnome.org>
Date: 2013-02-03
Add a placeholder external 'extract-trust' command
.gitignore | 1 +
configure.ac | 1 +
doc/p11-kit-devel.xml | 23 +++++++++++++++++++++++
doc/p11-kit.xml | 19 +++++++++++++++++++
tools/Makefile.am | 4 ++++
tools/p11-kit-extract-trust.in | 27 +++++++++++++++++++++++++++
6 files changed, 75 insertions(+)
commit 08f1a7f3cfe87bc19ecd564711b4d2beaa603924
Author: Stef Walter <stefw@gnome.org>
Date: 2013-02-01
Implement support for java JKS keystore format
* All aliases must be lower case in order to work with the
default keystore implementation.
doc/p11-kit.xml | 4 +
tools/Makefile.am | 2 +-
tools/extract-jks.c | 331 ++++++++++++++++++++++++++++++++++++++++++++++++++++
tools/extract.c | 4 +-
4 files changed, 339 insertions(+), 2 deletions(-)
commit 32ca4f6d3167d08fc985d66fe48f453954596f87
Author: Stef Walter <stefw@gnome.org>
Date: 2013-02-03
Use the CN, OU or O of certificates to generate a label
* This is in cases where the certificate information does not
already have a friendly name or alias.
common/Makefile.am | 1 +
common/oid.h | 18 +++++
common/tests/Makefile.am | 1 +
{tools => common}/tests/test-utf8.c | 0
common/tests/test-x509.c | 81 +++++++++++++++++++++
{tools => common}/utf8.c | 0
{tools => common}/utf8.h | 0
common/x509.c | 136 ++++++++++++++++++++++++++++++++++++
common/x509.h | 16 +++++
tools/extract-openssl.c | 70 ++++---------------
tools/tests/Makefile.am | 7 --
tools/tests/test-openssl.c | 16 +++--
trust/parser.c | 51 ++++++++------
trust/tests/test-parser.c | 22 +++---
14 files changed, 318 insertions(+), 101 deletions(-)
commit 39e9f190416ecb4260a3b079e1d79fc2e55f5a33
Author: Stef Walter <stefw@gnome.org>
Date: 2013-01-30
Add support for exporting OpenSSL's TRUSTED CERTIFICATE format
build/certs/Makefile.am | 9 +
doc/p11-kit.xml | 8 +
tools/Makefile.am | 2 +
tools/extract-openssl.c | 686 +++++++++++++++++++++
tools/extract.c | 4 +
tools/tests/Makefile.am | 15 +
tools/tests/files/cacert3-distrust-all.pem | 44 ++
tools/tests/files/cacert3-distrusted-all.pem | 43 ++
tools/tests/files/cacert3-not-trusted.pem | 42 ++
tools/tests/files/cacert3-trusted-alias.pem | 42 ++
.../files/cacert3-trusted-client-server-alias.pem | 43 ++
tools/tests/files/cacert3-trusted-keyid.pem | 42 ++
tools/tests/files/cacert3-trusted-multiple.pem | 85 +++
tools/tests/test-openssl.c | 671 ++++++++++++++++++++
tools/tests/test-utf8.c | 252 ++++++++
tools/tests/test.h | 9 +
tools/utf8.c | 328 ++++++++++
tools/utf8.h | 53 ++
18 files changed, 2378 insertions(+)
commit dbcf3c049f4aadc1d25eb952b4feabdec14cf35d
Author: Stef Walter <stefw@gnome.org>
Date: 2013-01-30
Add support for extracting to pem-bundle and pem-directory formats
build/certs/Makefile.am | 2 +
doc/p11-kit.xml | 8 ++
tools/Makefile.am | 1 +
tools/extract-pem.c | 125 +++++++++++++++++
tools/extract.c | 2 +
tools/tests/Makefile.am | 8 ++
tools/tests/files/cacert3-twice.pem | 84 +++++++++++
tools/tests/files/cacert3.pem | 42 ++++++
tools/tests/test-pem.c | 269 ++++++++++++++++++++++++++++++++++++
9 files changed, 541 insertions(+)
commit 5df24bf0fb8532e0ebdf5f2366834848fdf6097d
Author: Stef Walter <stefw@gnome.org>
Date: 2013-01-23
Implement code for writing PEM
* Based on the gcr code
* Bring in base64 output code from BSD
* Make sure to output base64 lines of 64 character length since
this is what OpenSSL expects
common/base64.c | 62 ++++++++++++++++++++++++++
common/base64.h | 6 +++
common/pem.c | 54 ++++++++++++++++++++++-
common/pem.h | 5 +++
common/tests/test-pem.c | 114 ++++++++++++++++++++++++++++++++++++++++++++++--
5 files changed, 237 insertions(+), 4 deletions(-)
commit 722efb88cf12261d705e2a6dfb4aceab9ff7b76f
Author: Stef Walter <stefw@gnome.org>
Date: 2013-01-30
Implement basic extract support
* The only formats supported are x509-file and x509-directory
Allow tool to build without extract
configure.ac | 1 +
doc/Makefile.am | 1 -
doc/p11-kit.xml | 95 ++++++++++
doc/style.css | 4 +
tools/Makefile.am | 20 +-
tools/extract-info.c | 359 +++++++++++++++++++++++++++++++++++
tools/extract-x509.c | 116 ++++++++++++
tools/extract.c | 461 +++++++++++++++++++++++++++++++++++++++++++++
tools/extract.h | 110 +++++++++++
tools/tests/Makefile.am | 15 ++
tools/tests/test-extract.c | 301 +++++++++++++++++++++++++++++
tools/tests/test-x509.c | 276 +++++++++++++++++++++++++++
tools/tests/test.h | 33 ++++
tools/tool.c | 3 +
tools/tool.h | 3 +
15 files changed, 1796 insertions(+), 2 deletions(-)
commit 9a21e6ddf9eb7bb0f13f01cddba9dedd7a6e43b3
Author: Stef Walter <stefw@gnome.org>
Date: 2013-01-23
Support for sane writing to files extracted
* Implement atomic writes of files
* Writing with checks that not overwriting anything unless desired
* Writing and overwriting of directory contents in a robust way
build/certs/Makefile.am | 2 +
configure.ac | 1 +
tools/Makefile.am | 3 +
tools/save.c | 462 +++++++++++++++++++++++++++++++++++++++
tools/save.h | 79 +++++++
tools/tests/Makefile.am | 52 +++++
tools/tests/files/cacert3.der | Bin 0 -> 1885 bytes
tools/tests/test-save.c | 494 ++++++++++++++++++++++++++++++++++++++++++
tools/tests/test.c | 200 +++++++++++++++++
tools/tests/test.h | 211 ++++++++++++++++++
10 files changed, 1504 insertions(+)
commit 3e70ecbab850bcc08ee89e1256d82cca70d80ee7
Author: Stef Walter <stefw@gnome.org>
Date: 2013-01-21
Add public iterator API to p11-kit
common/mock.c | 113 +++-
common/mock.h | 37 ++
doc/Makefile.am | 1 +
doc/annotation-glossary.xml | 67 +++
doc/p11-kit-docs.sgml | 3 +
doc/p11-kit-sections.txt | 17 +
p11-kit/Makefile.am | 2 +
p11-kit/iter.c | 829 +++++++++++++++++++++++++++++
p11-kit/iter.h | 101 ++++
p11-kit/p11-kit.h | 2 +
p11-kit/tests/Makefile.am | 4 +-
p11-kit/tests/mock-module-ep.c | 2 +-
p11-kit/tests/test-iter.c | 1140 ++++++++++++++++++++++++++++++++++++++++
13 files changed, 2308 insertions(+), 10 deletions(-)
commit e5816187231ce27e5f634995e62c1d3ae5c5b2f1
Author: Stef Walter <stefw@gnome.org>
Date: 2013-01-21
Allow internal use of token and module info matching
p11-kit/private.h | 6 ++++++
p11-kit/uri.c | 55 +++++++++++++++++++++++++++++++++++--------------------
2 files changed, 41 insertions(+), 20 deletions(-)
commit 67ce28e9d9ec1528c9b762b0912d6a7e339fbcd5
Author: Stef Walter <stefw@gnome.org>
Date: 2013-01-21
Move the X.509 extension parsing code in common/
* So it can be used by other code, in addition to the trust stuff
common/tests/test-x509.c | 191 +++++++++++++++++++++++++++++++++++++++++++++--
common/x509.c | 67 ++++++++++++++++-
common/x509.h | 9 ++-
trust/adapter.c | 132 ++++++++++++++++++--------------
trust/parser.c | 69 ++---------------
5 files changed, 335 insertions(+), 133 deletions(-)
commit 5e4a3ea9b8f254d99544490eed8e17e88c81f975
Author: Stef Walter <stefw@gnome.org>
Date: 2013-01-18
Add p11_array_clear() function
* Clears an array without freeing the array itself
common/array.c | 21 ++++++++++++++-------
common/array.h | 2 ++
common/tests/test-array.c | 27 +++++++++++++++++++++++++++
3 files changed, 43 insertions(+), 7 deletions(-)
commit 4400d8ecc4525cfc848937dc562c542fc58a533a
Author: Stef Walter <stefw@gnome.org>
Date: 2013-01-04
Implement trust assertion PKCS#11 objects
* Implement trust assertions for anchored and distrusted certs
* Pinned certificate trust assertions are not implemented yet
* Add an internal tool for pulling apart bits of certificates
common/oid.h | 1 -
common/tests/Makefile.am | 1 +
common/tests/test-oid.c | 18 +-
doc/p11-kit-trust.xml | 11 +
trust/Makefile.am | 2 +-
trust/adapter.c | 456 ++++++++++++++++++++++++++++++++++++++++
trust/{mozilla.h => adapter.h} | 8 +-
trust/p11-kit-trust.module | 3 +
trust/parser.c | 5 +-
trust/tests/files/redhat-ca.der | Bin 0 -> 948 bytes
trust/tests/test-parser.c | 352 ++++++++++++++++++++++++++++---
11 files changed, 804 insertions(+), 53 deletions(-)
commit 7e61265ced3f33685b68bb6e2c7505485cfe0177
Author: Stef Walter <stefw@gnome.org>
Date: 2013-01-04
Refactor how parsing of ASN.1 data and certificate extensions work
common/Makefile.am | 2 +
common/asn1.c | 551 ++++++++++++++++++++++++++++++++++++++++++++++
common/asn1.h | 65 ++++++
common/oid.h | 12 +-
common/tests/Makefile.am | 2 +
common/tests/test-asn1.c | 113 ++++++++++
common/tests/test-x509.c | 185 ++++++++++++++++
common/x509.c | 152 +++++++++++++
common/x509.h | 56 +++++
trust/mozilla.c | 31 ++-
trust/parser.c | 546 +++------------------------------------------
trust/parser.h | 14 +-
trust/tests/test-data.h | 28 +--
trust/tests/test-parser.c | 103 ---------
14 files changed, 1193 insertions(+), 667 deletions(-)
commit 8b02ff64b30311a4730b60dd72590435f56fb3a2
Author: Stef Walter <stefw@gnome.org>
Date: 2013-01-03
Fill in certificate authority and trust data correctly
* Fill in CKA_CERTIFICATE_CATEGORY properly for authorities
based on the presence of BasicConstraints and/or v1 certificates
* Fill in CKA_TRUSTED and CKA_X_DISTRUSTED based on whether the
parser is running for anchors or blacklist
* In addition support the concept of blacklisted certificates mixed
in with the anchors (without any purposes) since that's what exists
in the real world.
* We do this after the various hooks have had a chance to mess
with the certificate extensions and such.
common/oid.h | 9 +-
trust/mozilla.c | 74 +++++-----
trust/parser.c | 351 ++++++++++++++++++++++++++++++++++++----------
trust/parser.h | 11 +-
trust/tests/test-data.c | 18 ++-
trust/tests/test-data.h | 9 ++
trust/tests/test-parser.c | 246 ++++++++++++++++++++++++--------
trust/tests/test-token.c | 2 +-
8 files changed, 552 insertions(+), 168 deletions(-)
commit 18bb2582c32f4373f7ed85894fb490f2733cb03b
Author: Stef Walter <stefw@gnome.org>
Date: 2013-01-02
Implement stapled certificate extensions internally
* Use stapled certificate extensions to represent loaded trust policy
* Build NSS trust objects from stapled certificate extensions
* Add further attribute debugging for NSS trust objects
* Use a custom certificate extension for the OpenSSL reject purpose data
* Use SubjectKeyIdentifier for OpenSSL keyid data
* Use ExtendedKeyUsage for OpenSSL trust purpose data
* Implement simple way to handle binary DER OIDs, using the DER TLV
length. DER OIDs are used in the CKA_OBJECT_ID value, and elsewhere.
* Split out the building of NSS trust objects from the main parser
common/Makefile.am | 1 +
common/compat.c | 2 +-
common/compat.h | 2 +-
common/oid.c | 100 +++++
common/oid.h | 209 +++++++++
common/tests/Makefile.am | 2 +
common/tests/frob-ku.c | 28 +-
common/tests/frob-oid.c | 100 +++++
common/tests/test-oid.c | 133 ++++++
trust/Makefile.am | 1 +
trust/mozilla.c | 284 ++++++++++++
trust/mozilla.h | 44 ++
trust/parser.c | 724 +++++++++++++++++-------------
trust/parser.h | 39 +-
trust/tests/files/self-signed-with-ku.der | Bin 0 -> 478 bytes
trust/tests/test-data.c | 9 +-
trust/tests/test-parser.c | 159 +++++--
17 files changed, 1450 insertions(+), 387 deletions(-)
commit 3b482acc47ba971406db526ebddf589ad1a8f16e
Author: Stef Walter <stefw@gnome.org>
Date: 2013-01-02
Better debugging and checks for attribute values
trust/tests/test-data.c | 154 ++++++++++++++++++++++++----------------------
trust/tests/test-data.h | 32 +++++++++-
trust/tests/test-module.c | 13 ++--
trust/tests/test-parser.c | 11 ++--
4 files changed, 124 insertions(+), 86 deletions(-)
commit e46c74aef6eee7da3cdfb17077905811b9e04a61
Author: Stef Walter <stefw@gnome.org>
Date: 2012-12-19
Add tool for testing how fast the token loads
trust/tests/Makefile.am | 1 +
trust/tests/frob-token.c | 64 ++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 65 insertions(+)
commit 83af40091fdc50a1da21d6cd2582ecef759bfb7c
Author: Stef Walter <stefw@gnome.org>
Date: 2012-12-17
Some debug info about which files are being loaded
trust/token.c | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
commit 1f47fbffe1befb30a1bd3dfcec079a8a9f2fd957
Author: Stef Walter <stefw@gnome.org>
Date: 2012-12-17
Test a TRUSTED CERTIFICATE without any trust OIDs
build/certs/Makefile.am | 2 ++
build/certs/redhat-newca.der | Bin 0 -> 948 bytes
trust/tests/files/distrusted.pem | 23 +++++++++++++++++++++++
trust/tests/test-parser.c | 15 +++++++++++++++
4 files changed, 40 insertions(+)
commit 75654253498993ff1638e0e64440c335b54df1db
Author: Stef Walter <stefw@gnome.org>
Date: 2012-12-17
Add the builtin roots NSS specific object
This tells NSS that this is a source of anchors.
doc/p11-kit-trust.xml | 5 ++++-
trust/tests/test-module.c | 27 +++++++++++++++++++++++++++
trust/tests/test-token.c | 6 +++---
trust/token.c | 28 +++++++++++++++++++++++++++-
4 files changed, 61 insertions(+), 5 deletions(-)
commit c2dcd0b3cb1ccac4eff98044d43d3f8696094644
Author: Stef Walter <stefw@gnome.org>
Date: 2012-12-17
Add support for openssl TRUSTED CERTIFICATE PEM files
build/certs/Makefile.am | 3 +
common/Makefile.am | 2 +
common/openssl.asn | 28 ++++
common/openssl.asn.h | 28 ++++
doc/p11-kit-trust.xml | 8 ++
trust/parser.c | 244 ++++++++++++++++++++++++++++------
trust/tests/files/cacert3-trusted.pem | 43 ++++++
trust/tests/test-parser.c | 52 ++++++++
8 files changed, 368 insertions(+), 40 deletions(-)
commit a286df75050db8b306685cb22e491d11be842584
Author: Stef Walter <stefw@gnome.org>
Date: 2012-12-17
Add support for parsing PEM files
build/certs/Makefile.am | 1 +
common/Makefile.am | 2 +
common/base64.c | 192 +++++++++++++++++++++++++++++++
common/base64.h | 53 +++++++++
common/pem.c | 241 +++++++++++++++++++++++++++++++++++++++
common/pem.h | 50 +++++++++
common/tests/Makefile.am | 14 ++-
common/tests/test-pem.c | 254 ++++++++++++++++++++++++++++++++++++++++++
trust/Makefile.am | 3 +-
trust/parser.c | 38 +++++++
trust/tests/files/cacert3.pem | 42 +++++++
trust/tests/test-parser.c | 26 +++++
12 files changed, 910 insertions(+), 6 deletions(-)
commit 5147d71466455b3d087b3f3a7472a35e8216c55a
Author: Stef Walter <stefw@gnome.org>
Date: 2013-01-24
Add basic trust module
This is based off the roots-store from gnome-keyring and loads
certificates from a root directory and exposes them as PKCS#11
objects.
Makefile.am | 7 +
build/Makefile.am | 2 +
build/certs/Makefile.am | 27 +
build/certs/cacert-ca.der | Bin 0 -> 1857 bytes
build/certs/cacert3.der | Bin 0 -> 1885 bytes
build/certs/self-server.der | Bin 0 -> 396 bytes
build/certs/self-signed-with-eku.der | Bin 0 -> 480 bytes
build/certs/self-signed-with-ku.der | Bin 0 -> 501 bytes
build/certs/testing-ca.der | Bin 0 -> 970 bytes
build/certs/testing-server.der | Bin 0 -> 554 bytes
build/certs/with-eku.conf | 19 +
build/certs/with-ku.conf | 19 +
common/Makefile.am | 15 +-
common/compat.c | 107 ++
common/compat.h | 17 +-
common/debug.c | 1 +
common/debug.h | 11 +
common/pkix.asn | 566 ++++++++
common/pkix.asn.h | 408 ++++++
common/tests/Makefile.am | 20 +-
common/tests/frob-cert.c | 147 ++
common/tests/frob-eku.c | 101 ++
common/tests/frob-ku.c | 134 ++
configure.ac | 128 +-
doc/Makefile.am | 2 +
doc/p11-kit-config.xml | 10 +
doc/p11-kit-devel.xml | 24 +
doc/p11-kit-docs.sgml | 1 +
doc/p11-kit-trust.xml | 90 ++
doc/style.css | 6 +-
p11-kit/Makefile.am | 1 +
p11-kit/conf.c | 37 -
p11-kit/p11-kit-1.pc.in | 3 +
trust/Makefile.am | 52 +
trust/module.c | 1517 +++++++++++++++++++++
trust/module.h | 42 +
trust/p11-kit-trust.module | 6 +
trust/parser.c | 1103 +++++++++++++++
trust/parser.h | 108 ++
trust/session.c | 206 +++
trust/session.h | 78 ++
trust/tests/Makefile.am | 44 +
trust/tests/anchors/cacert3.der | Bin 0 -> 1885 bytes
trust/tests/anchors/testing-ca.der | Bin 0 -> 970 bytes
trust/tests/certificates/cacert-ca.der | Bin 0 -> 1857 bytes
trust/tests/certificates/self-signed-with-eku.der | Bin 0 -> 480 bytes
trust/tests/certificates/self-signed-with-ku.der | Bin 0 -> 501 bytes
trust/tests/files/cacert-ca.der | Bin 0 -> 1857 bytes
trust/tests/files/cacert3.der | Bin 0 -> 1885 bytes
trust/tests/files/self-server.der | Bin 0 -> 396 bytes
trust/tests/files/testing-server.der | Bin 0 -> 554 bytes
trust/tests/files/unrecognized-file.txt | 1 +
trust/tests/test-data.c | 128 ++
trust/tests/test-data.h | 220 +++
trust/tests/test-module.c | 331 +++++
trust/tests/test-parser.c | 315 +++++
trust/tests/test-session.c | 160 +++
trust/tests/test-token.c | 106 ++
trust/token.c | 256 ++++
trust/token.h | 51 +
60 files changed, 6580 insertions(+), 47 deletions(-)
commit 603c7d4eb996f51178ccc9d235597497bbb2c7a4
Author: Stef Walter <stefw@gnome.org>
Date: 2013-01-24
Add basic checksum algorithms
The SHA-1 and MD5 digests here are used for checksums in legacy
protocols. We don't use them in cryptographic contexts at all.
These particular algorithms would be poor choices for that.
.gitignore | 4 +-
common/Makefile.am | 9 +
common/checksum.c | 542 +++++++++++++++++++++++++++++++++++++++++++
common/checksum.h | 60 +++++
common/tests/Makefile.am | 2 +
common/tests/test-checksum.c | 151 ++++++++++++
6 files changed, 766 insertions(+), 2 deletions(-)
commit f6db686846480e0611879c5f4751955a53859808
Author: Stef Walter <stefw@gnome.org>
Date: 2013-02-05
Remove the unused err() function and friends
We want to use p11_message in our commands anyway, since that
allows us control with --verbose and --quiet.
common/compat.c | 164 --------------------------------------------------------
common/compat.h | 23 --------
2 files changed, 187 deletions(-)
commit 1ac3edf711b1cdb5e7fb8b1d6321fa855e07c1da
Author: Stef Walter <stefw@gnome.org>
Date: 2013-02-05
Tweak style of the manual
* Unindent the main headings
* Don't wrap options
* Better spacing in table of contents
* Don't have line numbers on code examples
doc/Makefile.am | 5 ++++-
doc/p11-kit-devel.xml | 4 ----
doc/p11-kit.xml | 2 --
doc/style.css | 23 +++++++++++++++++++++++
4 files changed, 27 insertions(+), 7 deletions(-)
commit 866e3204cee593817850f5e5c23a0bcf7af9c591
Author: Stef Walter <stefw@gnome.org>
Date: 2013-02-05
Add documentation about contributing to p11-kit
HACKING | 34 ++------
doc/Makefile.am | 2 +-
doc/p11-kit-config.xml | 4 +-
doc/p11-kit-devel.xml | 223 +++++++++++++++++++++++++++++++++++++++++++++++++
doc/p11-kit-docs.sgml | 13 +--
doc/p11-kit-notes.xml | 48 -----------
6 files changed, 241 insertions(+), 83 deletions(-)
commit 28777eeebf38c13a43d0118a86391d2a487ad15b
Author: Stef Walter <stefw@gnome.org>
Date: 2013-02-05
Add a p11-kit tool manual page
.gitignore | 1 +
configure.ac | 4 ++
doc/Makefile.am | 33 +++++++++++++-
doc/p11-kit-docs.sgml | 5 +++
doc/p11-kit.xml | 122 ++++++++++++++++++++++++++++++++++++--------------
5 files changed, 130 insertions(+), 35 deletions(-)
commit 23b18cb345afe061274ff73cd66fe8e6672fbcd4
Author: Stef Walter <stefw@gnome.org>
Date: 2013-02-05
Change the documentation configure arg to --enable-doc
* We're building more than just the gtk-doc reference
Makefile.am | 2 +-
configure.ac | 41 +++++++++++++++++++++++------------------
2 files changed, 24 insertions(+), 19 deletions(-)
commit 85751aa21dd9b93d8eb51e36767b5564ce6ce005
Author: Stef Walter <stefw@gnome.org>
Date: 2013-01-29
Add a /usr/share/p11-kit/modules directory for package module configs
* Try to make /etc/pkcs11/modules for administrator use
* Override the old pkg-config variables to help packages start
using the new location
configure.ac | 3 +++
doc/p11-kit-notes.xml | 4 ++--
p11-kit/Makefile.am | 4 ++++
p11-kit/conf.c | 8 ++++++--
p11-kit/conf.h | 3 ++-
p11-kit/modules.c | 4 +++-
p11-kit/p11-kit-1.pc.in | 13 +++++++------
p11-kit/tests/conf-test.c | 4 ++++
.../files/{system-modules => package-modules}/four.module | 0
.../{system-modules => package-modules}/win32/four.module | 0
10 files changed, 31 insertions(+), 12 deletions(-)
commit a9790a21302f47016a88ba9a2c904bed11efb388
Author: Stef Walter <stefw@gnome.org>
Date: 2013-01-29
Make the p11-kit tool have distinct commands
* Change the -l argument into the list-modules command.
* Add proper functions for printing usage
* Support for external commands in the path or /usr/share/p11-kit
tools/Makefile.am | 9 +-
tools/{p11-kit.c => list.c} | 99 +++++++------
tools/tool.c | 337 ++++++++++++++++++++++++++++++++++++++++++++
tools/tool.h | 56 ++++++++
4 files changed, 459 insertions(+), 42 deletions(-)
commit 15163fb9b7b03543da02d74d75d0f49c314f1c33
Author: Stef Walter <stefw@gnome.org>
Date: 2013-01-29
Add p11_kit_be_loud() function for use in tests and tools
This does the opposite of p11_kit_be_quiet().
doc/p11-kit-sections.txt | 1 +
p11-kit/p11-kit.h | 2 ++
p11-kit/util.c | 14 ++++++++++++++
3 files changed, 17 insertions(+)
commit cba41e5a46893b16cfbd845d55285894f4a43408
Author: Stef Walter <stefw@gnome.org>
Date: 2012-08-23
Add internal function for turning on messages
To be used from tests
common/library.c | 8 ++++++++
common/library.h | 2 ++
2 files changed, 10 insertions(+)
commit 43a3f5df8124bb85567feb18975d19fa1b639b9f
Author: Stef Walter <stefw@gnome.org>
Date: 2013-01-24
Add more mock-module implementation
* Move mock code into the common/ directory to be used by multiple
components of p11-kit
common/Makefile.am | 5 +
common/mock.c | 3117 ++++++++++++++++++++++++++++++++++++++++
common/mock.h | 696 +++++++++
doc/Makefile.am | 3 +
p11-kit/tests/Makefile.am | 14 +-
p11-kit/tests/mock-module-ep.c | 4 +-
p11-kit/tests/mock-module.c | 898 ------------
p11-kit/tests/mock-module.h | 337 -----
p11-kit/tests/test-init.c | 4 +-
9 files changed, 3835 insertions(+), 1243 deletions(-)
commit 7ddff6795830deff6ec5fb1b8b0c704fbdea2c97
Author: Stef Walter <stefw@gnome.org>
Date: 2013-01-24
Further tweaks and cleanup for functions dealing with PKCS#11 attributes
* Check that the size is correct when looking for a boolean
or a ulong.
* Make sure that the length is not the invalid negative ulong.
* Functions for dumping out attribute contents
* Make it possible to use attributes in hash tables
common/attrs.c | 795 +++++++++++++++++++++++++++++++++++++++++++---
common/attrs.h | 59 +++-
common/tests/test-attrs.c | 126 +++++++-
3 files changed, 910 insertions(+), 70 deletions(-)
commit 322b4739cb51aa45568d9479224f2b07ac82a35f
Author: Stef Walter <stefw@gnome.org>
Date: 2013-01-24
Add generic buffer code
Represents a block of memory that can be added to, parsed and so on
common/Makefile.am | 1 +
common/buffer.c | 180 ++++++++++++++++++++++++++++++++++++++
common/buffer.h | 82 +++++++++++++++++
common/tests/Makefile.am | 1 +
common/tests/test-buffer.c | 214 +++++++++++++++++++++++++++++++++++++++++++++
p11-kit/uri.c | 93 ++++++++------------
6 files changed, 515 insertions(+), 56 deletions(-)
commit b28c936bd281c4b7ff9ed0f621b840f6d5a4b328
Author: Stef Walter <stefw@gnome.org>
Date: 2013-01-23
Use the stdbool.h C99 bool type
It was getting really wild knowing whether a function returning
an int would return -1 on failure or 0 or whether the int return
value was actually a number etc..
common/array.c | 16 +++---
common/array.h | 4 +-
common/attrs.c | 12 ++---
common/compat.h | 8 +++
common/debug.c | 8 +--
common/debug.h | 14 +++---
common/dict.c | 41 +++++++--------
common/dict.h | 26 +++++-----
common/library.c | 4 +-
common/tests/test-dict.c | 90 +++++++++++++++++----------------
configure.ac | 2 +-
p11-kit/conf.c | 58 +++++++++++-----------
p11-kit/conf.h | 6 +--
p11-kit/modules.c | 32 ++++++------
p11-kit/pin.c | 22 ++++-----
p11-kit/tests/conf-test.c | 19 +++++--
p11-kit/tests/mock-module.c | 14 +++---
p11-kit/tests/uri-test.c | 41 +++++++++++++--
p11-kit/uri.c | 118 ++++++++++++++++++++++++++------------------
tools/p11-kit.c | 10 ++--
20 files changed, 311 insertions(+), 234 deletions(-)
commit 4671352fe2a4f56c6707322dcab0015e2e8600c4
Author: Stef Walter <stefw@gnome.org>
Date: 2012-12-17
Only initialize p11-kit libraries once
* Make the gcc constructor call p11_library_init_once()
common/library.c | 14 ++++++++++----
common/library.h | 6 ++++--
2 files changed, 14 insertions(+), 6 deletions(-)
commit b39c9a7792824dfa8a05926261315356d9007098
Author: Stef Walter <stefw@gnome.org>
Date: 2012-12-10
Set strict debug preconditions during testing
common/tests/test-attrs.c | 4 ++++
p11-kit/tests/conf-test.c | 1 +
p11-kit/tests/pin-test.c | 1 +
p11-kit/tests/progname-test.c | 1 +
p11-kit/tests/test-init.c | 1 +
p11-kit/tests/test-modules.c | 1 +
p11-kit/tests/uri-test.c | 1 +
7 files changed, 10 insertions(+)
commit 3ebc9a78d4bca0b630a8b887ab93d6cc654f2cb2
Author: Stef Walter <stefw@gnome.org>
Date: 2013-01-07
Add common functions for manipulating CK_ATTRIBUTE arrays
common/Makefile.am | 1 +
common/attrs.c | 310 +++++++++++++++++++++++++++
common/attrs.h | 86 ++++++++
common/tests/Makefile.am | 1 +
common/tests/test-attrs.c | 518 ++++++++++++++++++++++++++++++++++++++++++++++
configure.ac | 2 +-
p11-kit/tests/uri-test.c | 6 +-
p11-kit/uri.c | 207 +++++-------------
8 files changed, 977 insertions(+), 154 deletions(-)
commit 4a0bd25fcafae57ef2ae0cfe8676eee2332d5951
Author: Stef Walter <stefw@gnome.org>
Date: 2013-01-02
Move the pkcs11.h header files into common directory
* Allows use of them across the whole project
* Put a stub file in the p11-kit/ directory, so we can still refer
to the headers using that path, which is what it will be at
when in the installed includes directory.
common/Makefile.am | 7 +
common/pkcs11.h | 1373 +++++++++++++++++++++++++++++++++++++++++++++++++
common/pkcs11x.h | 155 ++++++
p11-kit/Makefile.am | 3 +-
p11-kit/pkcs11.h | 1413 ++-------------------------------------------------
5 files changed, 1577 insertions(+), 1374 deletions(-)
commit 8fb222266c5bf9181cd934c27528507d45476dad
Author: Stef Walter <stefw@gnome.org>
Date: 2013-01-08
Build common code into noinst libraries
* This is cleaner than building the same source files all over
the place over and over.
* Works better with code coverage.
common/Makefile.am | 12 ++++++++++--
common/tests/Makefile.am | 14 +++++---------
p11-kit/Makefile.am | 34 ++++++++--------------------------
p11-kit/tests/Makefile.am | 8 ++++++--
tools/Makefile.am | 12 ++++++++----
5 files changed, 37 insertions(+), 43 deletions(-)
commit 3d503948450d69293a3fdfec096e398fedf714f2
Author: Stef Walter <stefw@gnome.org>
Date: 2012-12-06
Move debug and library code into the common/ subdirectory
Start using p11_ as our internal prefix rather than _p11_. We explicitly
export p11_kit_ so this is fine as far as visibility.
Move the threading, mutex, and module compat, dict, and array code
into the common directory too.
Take this opportunity to clean up a bit of internal API as well,
since so many lines are being touched internally.
.gitignore | 32 ++-
Makefile.am | 13 +-
build/Makefile.am | 11 +
build/Makefile.tests | 8 +
{tests => build}/cutest/CuTest.c | 0
{tests => build}/cutest/CuTest.h | 0
{tests => build}/cutest/README.txt | 0
{tests => build}/cutest/license.txt | 0
{m4 => build/m4}/.empty | 0
common/Makefile.am | 11 +
p11-kit/ptr-array.c => common/array.c | 89 ++----
p11-kit/ptr-array.h => common/array.h | 35 ++-
common/compat.c | 95 ++++++
common/compat.h | 123 ++++++++
{p11-kit => common}/debug.c | 20 +-
{p11-kit => common}/debug.h | 74 ++---
p11-kit/hashmap.c => common/dict.c | 244 ++++++++--------
p11-kit/hashmap.h => common/dict.h | 101 +++----
common/library.c | 286 ++++++++++++++++++
common/library.h | 80 ++++++
common/tests/Makefile.am | 32 +++
common/tests/test-array.c | 194 +++++++++++++
tests/hash-test.c => common/tests/test-dict.c | 158 +++++-----
configure.ac | 7 +-
doc/Makefile.am | 11 +-
p11-kit/Makefile.am | 54 ++--
p11-kit/conf.c | 116 ++++----
p11-kit/conf.h | 14 +-
p11-kit/modules.c | 318 +++++++++++----------
p11-kit/pin.c | 78 ++---
p11-kit/private.h | 41 ---
p11-kit/proxy.c | 86 +++---
{tests => p11-kit/tests}/Makefile.am | 25 +-
{tests => p11-kit/tests}/conf-test.c | 201 ++++++-------
.../tests}/files/system-modules/four.module | 0
.../tests}/files/system-modules/one.module | 0
.../files/system-modules/two-duplicate.module | 0
.../tests}/files/system-modules/two.badname | 0
.../tests}/files/system-modules/win32/four.module | 0
.../tests}/files/system-modules/win32/one.module | 0
.../system-modules/win32/two-duplicate.module | 0
.../tests}/files/system-modules/win32/two.badname | 0
{tests => p11-kit/tests}/files/system-pkcs11.conf | 0
{tests => p11-kit/tests}/files/test-1.conf | 0
{tests => p11-kit/tests}/files/test-pinfile | 0
{tests => p11-kit/tests}/files/test-pinfile-large | 0
.../tests}/files/test-system-invalid.conf | 0
.../tests}/files/test-system-merge.conf | 0
.../tests}/files/test-system-none.conf | 0
.../tests}/files/test-system-only.conf | 0
.../tests}/files/test-user-invalid.conf | 0
{tests => p11-kit/tests}/files/test-user-only.conf | 0
{tests => p11-kit/tests}/files/test-user.conf | 0
.../tests}/files/user-modules/one.module | 0
.../tests}/files/user-modules/three.module | 0
.../tests}/files/user-modules/win32/one.module | 0
.../tests}/files/user-modules/win32/three.module | 0
{tests => p11-kit/tests}/mock-module-ep.c | 0
{tests => p11-kit/tests}/mock-module.c | 16 +-
{tests => p11-kit/tests}/mock-module.h | 0
{tests => p11-kit/tests}/pin-test.c | 4 +-
{tests => p11-kit/tests}/print-messages.c | 0
{tests => p11-kit/tests}/progname-test.c | 21 +-
{tests => p11-kit/tests}/test-init.c | 31 +-
{tests => p11-kit/tests}/test-modules.c | 25 +-
{tests => p11-kit/tests}/uri-test.c | 4 +-
p11-kit/uri.c | 6 +-
p11-kit/util.c | 318 ++-------------------
p11-kit/util.h | 158 ----------
tests/ptr-array-test.c | 257 -----------------
70 files changed, 1746 insertions(+), 1651 deletions(-)
commit c343f355b6abfe65adc696b57b18dc57c834acbc
Author: Pankaj Sharma <pankaj.cscience@gmail.com>
Date: 2012-12-24
Fix leak when initializing the proxy module
https://bugs.freedesktop.org/show_bug.cgi?id=58704
p11-kit/proxy.c | 2 ++
1 file changed, 2 insertions(+)
commit 8b4c3561d9681096d588d599d049a77bea68470b
Author: Stef Walter <stefw@gnome.org>
Date: 2013-01-09
Documentation fixes for PIN functions
p11-kit/pin.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
commit e8aa2fa8f3a085ca514e7b305ff91e2c77e5e6f4
Author: Pankaj Sharma <pankaj.cscience@gmail.com>
Date: 2012-12-24
Fix file descriptor leak in p11_kit_pin_file_callback()
* Close the file descriptor used to read the the pin file
https://bugs.freedesktop.org/show_bug.cgi?id=58706
p11-kit/pin.c | 2 ++
1 file changed, 2 insertions(+)
commit 488a466935d7995c803880ed258792f8a99095c0
Author: Stef Walter <stefw@gnome.org>
Date: 2013-01-08
Distribute HACKING in the tarball
Makefile.am | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
commit 6ac5af8deece74c383c912f2003b9650c87317b8
Author: Stef Walter <stefw@gnome.org>
Date: 2013-01-07
Fix documentation warnings.
* P11_KIT_URI_NO_MEMORY is an unexpected state, that will probably
never actually be returned. But kept for API compatibility.
* make distcheck doc fix
doc/Makefile.am | 2 +-
doc/p11-kit-sections.txt | 3 ++-
p11-kit/uri.c | 9 ++++++---
3 files changed, 9 insertions(+), 5 deletions(-)
commit e2b5bba185c96bf4ecddfe22d34ace02706122b4
Author: Stef Walter <stefw@gnome.org>
Date: 2013-01-07
Guarantee that the key is freed when replaced
* When setting a key in a map that already exists, then free
the old key and replace with the new one.
* Fix related bug where key was not properly allocated
* Add tests for this
https://bugs.freedesktop.org/show_bug.cgi?id=59087
p11-kit/hashmap.c | 7 ++-
p11-kit/modules.c | 6 ++-
tests/hash-test.c | 124 +++++++++++++++++++++++++++++++++++++++---------------
3 files changed, 102 insertions(+), 35 deletions(-)
commit 1559a3e43637406c8b56e880ba00c96bdd16462c
Author: Stef Walter <stefw@gnome.org>
Date: 2012-11-14
Don't complain if we cannot access ~/.pkcs11/pkcs11.conf
* If a process is running under selinux it may not be able
to access the home directory of the uid that it is running as.
https://bugs.freedesktop.org/show_bug.cgi?id=57115
p11-kit/conf.c | 42 +++++++++++++++++++++++++++++++++---------
p11-kit/conf.h | 1 +
2 files changed, 34 insertions(+), 9 deletions(-)
commit b5de8e1d514794f6ec3e8d79a766a9dae9eab6ea
Author: Stef Walter <stefw@gnome.org>
Date: 2012-09-18
Refuse to load the p11-kit-proxy.so as a registered module
* Since p11-kit-proxy.so is a symlink to the libp11-kit.so library
we check that we are not calling into our known CK_FUNCTION_LIST
for the proxy code.
* Although such a configuration is invalid, detecting this directly
prevents strange initialization loop issues that are hard to debug.
https://bugs.freedesktop.org/show_bug.cgi?id=55052
p11-kit/modules.c | 14 ++++++++++----
p11-kit/private.h | 1 +
p11-kit/proxy.c | 7 ++-----
3 files changed, 13 insertions(+), 9 deletions(-)
commit 3e82c6182d913a3fd5cf904342a9a6fa44aef0d6
Author: Stef Walter <stefw@gnome.org>
Date: 2012-09-18
Don't fail initialization if last initialized module fails
* We weren't resetting the result code after a failure,
so even though failures for critical modules didn't interrupt
the initialization loop, the result still leaked to callers.
* Also print an error message clearly indicating that a module
failed to initialize, regardless of whether critical or not.
https://bugs.freedesktop.org/show_bug.cgi?id=55051
p11-kit/modules.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
commit 37889e5f7ca5e2e45442f98dc84efb70d2acf907
Author: Stef Walter <stefw@gnome.org>
Date: 2012-09-06
Release version 0.14
NEWS | 8 ++++++++
configure.ac | 2 +-
2 files changed, 9 insertions(+), 1 deletion(-)
commit bb6949da2fd071d879a13f8e24389fef697b451a
Author: Stef Walter <stefw@gnome.org>
Date: 2012-09-06
Change the default of 'user-config' to merge.
* This allows user configured PKCS#11 modules by default.
* Admins can change this to 'none' in /etc/pkcs11/pkcs11.conf
to go back to the previous behavior.
* Posted to the mailing list.
doc/p11-kit-config.xml | 4 ++--
p11-kit/conf.c | 2 +-
p11-kit/pkcs11.conf.example.in | 4 ++--
3 files changed, 5 insertions(+), 5 deletions(-)
commit 56860b7f72c444eed5923e11d735b85b630a171d
Author: Antoine Jacoutot <ajacoutot@openbsd.org>
Date: 2012-08-23
configure.ac: Fix bogus comma, and fix up spacing
* Fixes a mistake in the previous commit
https://bugs.freedesktop.org/show_bug.cgi?id=53706
configure.ac | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
commit 359bb15bc83484e4de69fa8dbc9113d97817d01e
Author: Antoine Jacoutot <ajacoutot@openbsd.org>
Date: 2012-08-21
Use AC_LANG_PROGRAM to detect program_invocation_short_name functionality
Were erroneusly detecting program_invocation_short_name on OpenBSD
https://bugs.freedesktop.org/show_bug.cgi?id=53706
configure.ac | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
commit 61abcb61e8b8e988dd03cfd4553f29132a8ca38a
Author: Rob McMahon <Rob.McMahon@warwick.ac.uk>
Date: 2012-07-31
Fix build on solaris
* Conditional inclusion of the errno.h header
* Link librt when appropriate for nanosleep
https://bugs.freedesktop.org/show_bug.cgi?id=52261
common/compat.h | 4 ++++
configure.ac | 4 +++-
2 files changed, 7 insertions(+), 1 deletion(-)
commit 76180db6b326f8c87aef5b3eded9463432ce8d82
Author: Dan Winship <danw@gnome.org>
Date: 2012-07-27
Always encode the "id" attribute in URIs
Per recommendation of the spec.
https://bugs.freedesktop.org/show_bug.cgi?id=52606
p11-kit/uri.c | 24 ++++++++++++++----------
tests/uri-test.c | 2 +-
2 files changed, 15 insertions(+), 11 deletions(-)
commit c6fc7b3ac4c6d4595f17989cff220d6d6dafe620
Author: Stef Walter <stefw@gnome.org>
Date: 2012-07-17
Initialize mutexes correctly in mock module
https://bugzilla.gnome.org/show_bug.cgi?id=44740
tests/mock-module-ep.c | 1 +
tests/mock-module.c | 6 +++++-
2 files changed, 6 insertions(+), 1 deletion(-)
commit 1f428d62a13e481aa51d1fcee0c4652dc9ef7a72
Author: Stef Walter <stefw@gnome.org>
Date: 2012-07-17
Fix warning on windows
https://bugzilla.gnome.org/show_bug.cgi?id=44740
tests/conf-test.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 542cb48951b7c4c21ca3669d07bf936b0fa58b42
Author: Stef Walter <stefw@gnome.org>
Date: 2012-07-17
Don't rely on loading order for duplicate modules
* We had relied on module 'two' loading before 'two-duplicate'
in the conf tests. However this isn't always the case, and the
name of the module can end up as 'two-duplicate'
https://bugzilla.gnome.org/show_bug.cgi?id=44740
tests/Makefile.am | 7 ++++++-
tests/files/system-modules/four.module | 3 +++
tests/files/system-modules/two.badname | 2 --
tests/files/system-modules/win32/four.module | 3 +++
tests/test-modules.c | 6 +++---
5 files changed, 15 insertions(+), 6 deletions(-)
commit 06595e93ff57e97adbb313aebc50a2e32acd6039
Author: Stef Walter <stefw@gnome.org>
Date: 2012-07-17
Use Windows thread ids instead of handles for comparisons
* It seems that the HANDLE's returned from GetCurrentThread
are often equal for two threads. GetCurrentThreadID doesn't
have this problem.
* Separate our cross platform thread_t and thread_id_t types
even though on unix they're the same thing.
https://bugzilla.gnome.org/show_bug.cgi?id=44740
p11-kit/modules.c | 6 +++---
p11-kit/util.h | 11 ++++++++---
2 files changed, 11 insertions(+), 6 deletions(-)
commit 356377709cd1de1308d9d8cf15f528578a360cf3
Author: Stef Walter <stefw@gnome.org>
Date: 2012-07-17
Use correct shared library extension on windows
* The windows shared libraries have the .dll extension
* This means we also need separate directories for the test module
configs on win32
https://bugzilla.gnome.org/show_bug.cgi?id=44740
configure.ac | 4 ++++
p11-kit/Makefile.am | 14 ++++++++++++++
tests/files/system-modules/win32/one.module | 3 +++
tests/files/system-modules/win32/two-duplicate.module | 3 +++
tests/files/system-modules/win32/two.badname | 5 +++++
tests/files/user-modules/win32/one.module | 2 ++
tests/files/user-modules/win32/three.module | 5 +++++
tests/test-init.c | 2 +-
8 files changed, 37 insertions(+), 1 deletion(-)
commit f10d361a5b523ce7f9289ba8d45ccd847510d619
Author: Stef Walter <stefw@gnome.org>
Date: 2012-07-16
Use '.module' extension on module configs
* And want alphanumeric/_.- filenames
* Currently this is just a warning, soon it will be enforced
* The name of a module does not include the extension
Andreas Metzler and Ubuntu both worked on this patch, and I've made
some more changes.
See https://bugs.launchpad.net/ubuntu/+source/p11-kit/+bug/911436
https://bugs.freedesktop.org/show_bug.cgi?id=52158
doc/p11-kit-config.xml | 7 ++-
p11-kit/conf.c | 56 ++++++++++++++++++++--
tests/conf-test.c | 23 ++++++---
tests/files/system-modules/{one => one.module} | 0
tests/files/system-modules/two | 5 --
.../{two-duplicate => two-duplicate.module} | 0
tests/files/system-modules/two.badname | 7 +++
tests/files/user-modules/{one => one.module} | 0
tests/files/user-modules/{three => three.module} | 0
tests/test-modules.c | 4 +-
10 files changed, 82 insertions(+), 20 deletions(-)
commit c0251b132cad98318be0565f676b9fa92dd1b8b4
Author: Stef Walter <stefw@gnome.org>
Date: 2012-07-24
Fix compiler warning about uninitialized variable
p11-kit/modules.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 45c4936ba0d5e3de7813c47811b277bed1c71576
Author: Stef Walter <stefw@gnome.org>
Date: 2012-07-24
Don't use strict aliasing during compilation
* Due to the way in which we pass pointers of different types
to _p11_hash_iter_next()
configure.ac | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
commit 5cd198107374ff1879767679d29df0ce78f9427f
Author: Stef Walter <stefw@gnome.org>
Date: 2012-07-17
Fix getprogname() running under wine
* Wine uses normal slashes instead of backslashes on windows
common/compat.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
commit d51914b6483b7ddc806ee3861084aa98ee97a7fb
Author: Stef Walter <stefw@gnome.org>
Date: 2012-07-17
Use EFBIG as the error code when pin file is too large
* The previous EOVERFLOW was not supported on mingw
p11-kit/pin.c | 2 +-
tests/pin-test.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
commit 4a6a685c03bd92566c1656f1af3662ca7deecefa
Author: Stef Walter <stefw@gnome.org>
Date: 2012-07-16
Don't define duplicate symbols
* clang was giving a build failure here.
tests/mock-module.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 023efacf30a7ae4ee5a76f909f973fa5058bb7b9
Author: Stef Walter <stefw@gnome.org>
Date: 2012-07-16
Release version 0.13
NEWS | 14 ++++++++++++++
configure.ac | 2 +-
2 files changed, 15 insertions(+), 1 deletion(-)
commit 413ca6be40a4f9351f12030c791544edd5a52e16
Author: Stef Walter <stefw@gnome.org>
Date: 2012-06-29
Don't allow reading of pin files larger than 4096 bytes
* p11_kit_pin_file_callback() only returns pins up to 4096 bytes now
p11-kit/pin.c | 19 +++++++++------
tests/files/test-pinfile-large | 53 ++++++++++++++++++++++++++++++++++++++++++
tests/pin-test.c | 26 +++++++++++++++++++++
3 files changed, 91 insertions(+), 7 deletions(-)
commit da2606bfbbdbd36d5e42bf2acf614735dfc515d2
Author: Stef Walter <stefw@gnome.org>
Date: 2012-06-29
Win32 build fixes
* Remove unused functions
* Use getprogname() instead of calc_progname() which no longer exists
* Fix up exporting of functions in the mock module
common/compat.c | 11 +++++++----
configure.ac | 2 ++
p11-kit/util.c | 26 --------------------------
tests/mock-module-ep.c | 1 +
4 files changed, 10 insertions(+), 30 deletions(-)
commit 89602ce99feb7e8c5a37634c3f577532f82eddbd
Author: Stef Walter <stefw@gnome.org>
Date: 2012-06-27
tools: Don't barf when p11-kit -h
tools/p11-kit.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 483db3ee5d0c0e92dd8ecd8bf0cbefaa6254b6eb
Author: Stef Walter <stefw@gnome.org>
Date: 2012-06-27
If a module is not marked 'critical' then ignore failure
* Ignore failure when initializing registered modules when
'critical' is not set on a module.
p11-kit/modules.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
commit 59774b11eb478cc714a6c5da937e89c6089fd833
Author: Stef Walter <stefw@gnome.org>
Date: 2012-06-08
Fix the flags in pin.h
* Due to a brain fart the P11_KIT_PIN_* flags were not
bit flags but decimal numbers.
* This necessarily breaks API/ABI for users of the
P11_KIT_PIN_FLAGS_RETRY, P11_KIT_PIN_FLAGS_MANY_TRIES and
P11_KIT_PIN_FLAGS_FINAL_TRY flags. But those wouldn't have
worked anyway.
p11-kit/pin.h | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
commit caa953cba4d2d0cdd4823eb2f1c4f24bbf18a231
Author: Stef Walter <stefw@gnome.org>
Date: 2012-05-13
Preconditions to check for input probs and out of memory
* We don't try to guarantee completely robust and problem
free behavior in cases where the caller or process isn't
behaving. We consider these to be outside of our control.
HACKING | 31 ++++++++++++
p11-kit/conf.c | 76 +++++++++---------------------
p11-kit/debug.c | 19 ++++++++
p11-kit/debug.h | 30 ++++++++++++
p11-kit/modules.c | 85 +++++++++++++++++----------------
p11-kit/pin.c | 138 ++++++++++++++++++++++++++----------------------------
p11-kit/proxy.c | 27 ++++-------
p11-kit/uri.c | 112 ++++++++++++++++++++------------------------
p11-kit/uri.h | 4 +-
p11-kit/util.c | 9 ----
p11-kit/util.h | 2 -
tests/Makefile.am | 3 +-
tests/test-init.c | 68 ++++++++++++++++++++++++++-
tests/uri-test.c | 12 ++++-
14 files changed, 352 insertions(+), 264 deletions(-)
commit 7bd4114182fcc86cd2515708fdf4d76622e0237d
Author: Stef Walter <stefw@gnome.org>
Date: 2012-05-13
Use gcc extensions to check varargs during compile
* Add macros GNUC_PRINTF and GNUC_NULL_TERMINATED to check
correct printf and NULL terminated style varargs
common/compat.h | 24 ++++++++++++++++++------
p11-kit/conf.c | 11 ++++++++---
p11-kit/debug.h | 4 +++-
p11-kit/modules.c | 7 +++++--
p11-kit/private.h | 4 +++-
tests/Makefile.am | 1 +
6 files changed, 38 insertions(+), 13 deletions(-)
commit 14b0be4353e5c4464cb9f61e419a2f8caf8757d0
Author: Stef Walter <stefw@gnome.org>
Date: 2012-05-01
Fix test modules linking errors
* And display warning messages in the debug output
p11-kit/Makefile.am | 2 ++
p11-kit/util.c | 1 +
2 files changed, 3 insertions(+)
commit fed549ee2049a318081cfce3fde01ae625263d98
Author: Stef Walter <stefw@gnome.org>
Date: 2012-05-01
Provide compat getprogname() implementations on other OS's
* And use them in our replacement err() and p11_kit_set_progname()
common/compat.c | 87 +++++++++++++++++++++++++++++++++++++++--------------
common/compat.h | 10 ++++--
p11-kit/Makefile.am | 7 ++++-
p11-kit/util.c | 38 ++---------------------
tools/Makefile.am | 1 +
tools/p11-kit.c | 2 +-
6 files changed, 81 insertions(+), 64 deletions(-)
commit a3bcb9037ddf6657f79f0aae42aa83dd2b8f6b14
Author: Stef Walter <stefw@gnome.org>
Date: 2012-04-30
Move the compat.[ch] headers into common directory/
* And the compat stuff in the p11-kit directory merged
into util.c and util.h
{tools => common}/compat.c | 0
{tools => common}/compat.h | 0
p11-kit/Makefile.am | 3 +-
p11-kit/compat.c | 114 ----------------------------------
p11-kit/compat.h | 149 ---------------------------------------------
p11-kit/conf.c | 2 +-
p11-kit/debug.c | 1 -
p11-kit/private.h | 2 +-
p11-kit/util.c | 66 ++++++++++++++++++++
p11-kit/util.h | 111 +++++++++++++++++++++++++++++++++
tests/mock-module.c | 2 +-
tests/test-init.c | 2 +-
tools/Makefile.am | 3 +-
tools/p11-kit.c | 4 +-
14 files changed, 186 insertions(+), 273 deletions(-)
commit eeb40dccb63682367e03f52750355bf5951edff7
Author: Stef Walter <stefw@gnome.org>
Date: 2012-04-16
Doc tweaks for PIN functionality
p11-kit/pin.c | 47 ++++++++++++++++++++++++++++-------------------
1 file changed, 28 insertions(+), 19 deletions(-)
commit 85f9d306832964f6d6412392f335e1fa3f3efd8b
Author: Stef Walter <stefw@gnome.org>
Date: 2012-04-02
Add tests for enable-in and disable-in
p11-kit/Makefile.am | 8 +--
p11-kit/modules.c | 4 +-
tests/Makefile.am | 4 +-
tests/conf-test.c | 16 ++---
tests/files/system-modules/two | 4 +-
tests/files/system-pkcs11.conf | 3 +
tests/files/user-modules/three | 4 +-
tests/test-modules.c | 156 ++++++++++++++++++++++++++++++++++++++---
8 files changed, 171 insertions(+), 28 deletions(-)
commit d4c5661a695b5fc4a0126a4583e30ef70aea54ac
Author: Stef Walter <stefw@gnome.org>
Date: 2012-04-02
Build some test modules for testing main p11-kit functionality
* And put together a test for duplicate modules
p11-kit/Makefile.am | 29 ++++++--
tests/Makefile.am | 32 +++++++--
tests/conf-test.c | 16 ++---
tests/files/system-modules/one | 2 +-
tests/files/system-modules/two | 2 +-
tests/files/system-modules/two-duplicate | 3 +
tests/files/user-modules/three | 2 +-
tests/mock-module-ep.c | 50 ++++++++++++++
tests/test-modules.c | 111 +++++++++++++++++++++++++++++++
9 files changed, 225 insertions(+), 22 deletions(-)
commit c43038d82edcfd878ff66e3aa7fe247f53876f9b
Author: Stef Walter <stefw@gnome.org>
Date: 2012-02-27
Add more p11-kit cleanup to fix valgrind leak reports
* per-thread memory isn't actually a real memory leak, but was
still reachable after exit, so clean this up.
p11-kit/util.c | 11 +++++++++++
1 file changed, 11 insertions(+)
commit ff9926b8dcead91e7fc6d08d0ca1d2d8cc982308
Author: Stef Walter <stefw@gnome.org>
Date: 2012-04-01
Fix crasher when a duplicate module is present
p11-kit/modules.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
commit a899d9be0cab72dcfe00f100527c52ea598fed70
Author: Stef Walter <stefw@gnome.org>
Date: 2012-04-01
Add enable-in and disable-in options to module config
* These can be used to load certain modules in certain
programs, or prevent loading in others.
* Useful for a key manager like seahorse, so we can load
extra modules (think NSS) that other modules shouldn't
load.
.gitignore | 2 +
configure.ac | 12 ++++-
doc/p11-kit-config.xml | 27 +++++++++++
doc/p11-kit-sections.txt | 1 +
p11-kit/modules.c | 75 ++++++++++++++++++++++++++++++-
p11-kit/p11-kit.h | 2 +
p11-kit/private.h | 4 ++
p11-kit/util.c | 115 ++++++++++++++++++++++++++++++++++++++++++++++-
tests/Makefile.am | 2 +
tests/progname-test.c | 110 +++++++++++++++++++++++++++++++++++++++++++++
10 files changed, 346 insertions(+), 4 deletions(-)
commit af8d28014f97ab0d9e4d00961e72aefd7adb470b
Author: Stef Walter <stefw@gnome.org>
Date: 2012-03-27
Fix broken hashmap behavior
* We were relying on undefined gcc behavior related to the &
operator.
* This would show up as a test failure when running with -O2 on
certain GCC versions, as well as failure on clang 3.1
p11-kit/hashmap.c | 12 +++++-------
tests/hash-test.c | 2 --
2 files changed, 5 insertions(+), 9 deletions(-)
commit f40f63c2b608a399df431df366bf681e6b2bb20e
Author: Stef Walter <stefw@gnome.org>
Date: 2012-03-19
Remove p11-kit.pot file from git
* Generated automatically
.gitignore | 1 +
po/p11-kit.pot | 343 ---------------------------------------------------------
2 files changed, 1 insertion(+), 343 deletions(-)
commit bbd0c4dcde10197df1473ffc5641cafe2173a676
Author: Stef Walter <stefw@gnome.org>
Date: 2012-03-09
Release version 0.12
NEWS | 3 +++
configure.ac | 2 +-
2 files changed, 4 insertions(+), 1 deletion(-)
commit 300c84133390363a543854e5cd0ac3dd9018544e
Author: Simon Josefsson <simon@josefsson.org>
Date: 2012-03-08
Fix build problem due to pthread extensions usage
See: http://ipozgaj.blogspot.com/2006/08/posix-threads-and-manual-pages-rant.htm
configure.ac | 1 +
1 file changed, 1 insertion(+)
commit 632e268fa86ad8ba55d34044ccc325c20c8fc0c7
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2012-02-07
Release 0.11
NEWS | 3 +++
configure.ac | 2 +-
po/p11-kit.pot | 4 ++--
3 files changed, 6 insertions(+), 3 deletions(-)
commit 53c34e8ff80500d6ef9366453e88c27a3a52ee46
Author: Stef Walter <stefw@gnome.org>
Date: 2012-01-23
Remove automatic reinitialization of PKCS#11 after fork
* First of all one should only call async-signal-safe functions
from the callbacks of pthread_atfork(), and so we cannot
reinitialize directly.
* Some modules use pthread_atfork() to detect forking and setup
their internal state. If we call into them in our pthread_atfork()
callback then this is inherently racy.
* There was danger of endless loops and deadlocks which are caused
by handlers which fork in their C_Initialize
* Many processes do fork/exec, reinitializing PKCS#11 for these
forks is quite resourc intensive when the child process won't use
PKCS#11 at all.
p11-kit/modules.c | 11 ++---------
1 file changed, 2 insertions(+), 9 deletions(-)
commit 001d59596a37369d094edcace455f611d9f55908
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2012-01-03
Release version 0.10
NEWS | 3 +++
configure.ac | 2 +-
2 files changed, 4 insertions(+), 1 deletion(-)
commit 049e556d043aa6ecfbf32a70dae6e7e5e8eb69d3
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2012-01-02
Fix build warning on mingw64
p11-kit/hashmap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 83dcc15d1d97218004137769ff68e2e8119f1d80
Author: Andreas Metzler <ametzler@downhill.at.eu.org>
Date: 2011-12-23
Compile CuTest.c separately.
Use regular compile and link instead of having #include "CuTest.c" in
every test. Works around gcc optimization issue.
tests/Makefile.am | 10 +++++++++-
tests/conf-test.c | 2 --
tests/hash-test.c | 2 --
tests/pin-test.c | 2 --
tests/ptr-array-test.c | 2 --
tests/test-init.c | 2 --
tests/uri-test.c | 2 --
7 files changed, 9 insertions(+), 13 deletions(-)
commit 2da833b0ca9539c12745d2f9fef1e7be7c7792dc
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-12-20
Reorganize tests, work around optimization bug
* Encountered a gcc optimization bug in gcc 4.6.1 which seems to
be reordering related function calls eroneously. This bug seems
to be fixed in 4.6.2.
* Reorganize test code to get around this bug building on mingw,
and ubuntu 11.10, both of which use gcc 4.6.1
tests/hash-test.c | 45 ++++++++++++++++++++++-----------------------
1 file changed, 22 insertions(+), 23 deletions(-)
commit 9328bb7f0aed047dea47e8674e19865d90d423a5
Author: Andreas Metzler <ametzler@downhill.at.eu.org>
Date: 2011-12-09
Run tests correctly in automake
* This allows failing tests to stop the build
tests/Makefile.am | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
commit 336d8af58ea3d00a20a56937b11236a6bf2679dd
Author: Michael Cronenworth <mike@cchtml.com>
Date: 2011-11-25
Build fix for MinGW w64
p11-kit/compat.h | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
commit e18725f71e0f070a54d763cbba7797031828dd95
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-11-14
Release version 0.9
NEWS | 6 ++++++
configure.ac | 2 +-
po/p11-kit.pot | 4 ++--
3 files changed, 9 insertions(+), 3 deletions(-)
commit d3dfc6968e54b919c90967a486d20066b0f5bf57
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-11-02
Reduce autofoo dependencies
* automake 1.10 (although can benefit from some 1.11 features)
* autoconf 2.61
configure.ac | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit 9ccc74f384ee100ec522e012ea543437b1df123c
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-11-01
An intelligent error message when gettextize is not around
autogen.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 7370d64c18b795a63eda40efcc9e786b821cb7f7
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-10-30
p11-kit can't be used as a static library
* It just doesn't make sense.
* The initialization refcounting in particular can only work as
a shared library.
configure.ac | 4 ++++
1 file changed, 4 insertions(+)
commit df0ed92f44fa168c0d02866796f3707687f43214
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-10-29
Fix problems crashing when freeing TLS on windows
p11-kit/util.c | 2 ++
1 file changed, 2 insertions(+)
commit 922d53016955c0ff2d6d830d726f0d1ea3a5804b
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-10-29
Add debug output to windows init and uninit of library
p11-kit/util.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
commit c940667c434fe64cf4d01cec0873044c54e7f174
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-10-29
Make build not depend on gtk-doc or pkg-config
* If enabled, gtk-doc can be used, but we no longer expect the
gtkdoc autoconf/automake macro files to be installed.
* pkg-config is no longer used for checks.
* We still do install pkg-config files, and this is the preferred
way to build against and link to p11-kit.
configure.ac | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 51 insertions(+), 2 deletions(-)
commit 0792fefb2bc9d5db038b48855f0b1bb138653332
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-10-29
Handle build case when gettextize is not available or not installed
autogen.sh | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
commit 969bcab592878322e410f4342a61fccc06b9addd
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-10-27
Fix build with clang
* Just removed some unused functions that used GNUC extensions
tests/cutest/CuTest.c | 10 ----------
tests/cutest/CuTest.h | 5 -----
2 files changed, 15 deletions(-)
commit 77bab108dd2a7d1c55468cc991c22397fb5f8ba5
Author: Dr. Volker Zell <dr.volker.zell@oracle.com>
Date: 2011-10-25
Fix broken build on cygwin and mingw
* Add correct linking options for libintl
p11-kit/Makefile.am | 2 ++
1 file changed, 2 insertions(+)
commit 69f7eaa0508326f07832b91557f9e1ad8e6864c6
Author: Michael Cronenworth <mike@cchtml.com>
Date: 2011-10-25
Fix broken build on windows
* The debug_init() call needed a rename to _p11_debug_init() to match
the non-Win32 code.
p11-kit/util.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 190aee9cdf44d257333d7ef9e29113a07f1516c9
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-10-24
Release version 0.8
NEWS | 7 +++++++
configure.ac | 2 +-
po/p11-kit.pot | 4 ++--
3 files changed, 10 insertions(+), 3 deletions(-)
commit 138c046a5ff1b0e532896b4d640c0cba6ead4027
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-10-24
More fixes for non-static function names
* See previous commit
* Initialize library before debug statements
p11-kit/conf.c | 8 +++----
p11-kit/debug.c | 7 -------
p11-kit/debug.h | 16 +++++++-------
p11-kit/modules.c | 62 +++++++++++++++++++++++++++----------------------------
p11-kit/proxy.c | 14 ++++++++-----
p11-kit/uri.c | 2 +-
6 files changed, 53 insertions(+), 56 deletions(-)
commit 5507dc4946f0a68cece5ec9e7096e0f9b8c55984
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-10-24
Rename non-static functions to have a _p11_xxx prefix.
* Work around issues with brain-dead linkers not respecting
the libtool -export-symbol-regex argument
https://bugs.freedesktop.org/show_bug.cgi?id=42020
p11-kit/compat.c | 8 +--
p11-kit/compat.h | 48 +++++++--------
p11-kit/conf.c | 36 +++++------
p11-kit/debug.c | 17 +++---
p11-kit/debug.h | 12 ++--
p11-kit/hashmap.c | 68 +++++++++++++--------
p11-kit/hashmap.h | 63 +++++++++----------
p11-kit/modules.c | 110 ++++++++++++++++-----------------
p11-kit/pin.c | 40 ++++++------
p11-kit/private.h | 4 +-
p11-kit/proxy.c | 18 +++---
p11-kit/ptr-array.c | 28 +++++----
p11-kit/ptr-array.h | 14 ++---
p11-kit/uri.c | 2 +-
p11-kit/util.c | 12 ++--
p11-kit/util.h | 2 +-
tests/conf-test.c | 140 +++++++++++++++++++++---------------------
tests/hash-test.c | 162 ++++++++++++++++++++++++-------------------------
tests/mock-module.c | 10 +--
tests/ptr-array-test.c | 122 ++++++++++++++++++-------------------
tests/test-init.c | 22 +++----
tests/uri-test.c | 5 +-
22 files changed, 484 insertions(+), 459 deletions(-)
commit db92b76e3acb11e330309ebce071ec2e61400a71
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-10-17
Initial port to win32
* Tests do not all yet pass, at least not on wine
* Added abstraction of some non-portable functions in compat.h/c
* Build with an argument like this for win32 support:
./autogen.sh --host=i586-mingw32msvc
* This win32 port needs more work from interested parties
.gitignore | 3 +
configure.ac | 35 ++++++--
doc/Makefile.am | 2 +-
p11-kit/Makefile.am | 1 +
p11-kit/compat.c | 114 ++++++++++++++++++++++++++
p11-kit/compat.h | 143 ++++++++++++++++++++++++++++++++
p11-kit/conf.c | 64 ++++++++++-----
p11-kit/debug.c | 31 +++----
p11-kit/debug.h | 2 +
p11-kit/modules.c | 104 +++++++++++-------------
p11-kit/private.h | 40 +++++++--
p11-kit/proxy.c | 7 +-
p11-kit/util.c | 188 +++++++++++++++++++++++++++++++++++--------
tests/Makefile.am | 16 ++--
tests/conf-test.c | 2 +
tests/mock-module.c | 20 +++--
tests/mock-module.h | 1 +
tests/pin-test.c | 3 +
tests/test-init.c | 56 +++++++------
tools/Makefile.am | 4 +
tools/compat.c | 228 ++++++++++++++++++++++++++++++++++++++++++++++++++++
tools/compat.h | 63 +++++++++++++++
tools/p11-kit.c | 5 +-
23 files changed, 952 insertions(+), 180 deletions(-)
commit b1d9fd5f88ade222fbd2206c7e11c5514c8b5634
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-10-10
Fix up the build options.
* --enable-debug turns off optimization
* --disable-debug turns off debugging output, debug symbols
* --enable-strict turns on -Werror
configure.ac | 123 ++++++++++++++++++++++++++++++++---------------------------
1 file changed, 66 insertions(+), 57 deletions(-)
commit 73880f950a7dadf712730222ac1b6ea11400746f
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-10-10
Only call C_Initialize and C_Finalize once per module
* Do not concurretnly call C_Initialize or C_Finalize in a module
* The PKCS#11 spec indicates that mone thread should call those functions.
* It's reasonable for a module to expect to only be initialized or
finalized in one thread.
* In particular NSS does not lock its C_Initialize or C_Finalize.
p11-kit/modules.c | 117 ++++++++++++++++++++++++++++------------------------
tests/mock-module.c | 4 +-
tests/test-init.c | 105 +++++++++++++++++++++++++++++++++++++++++++++-
3 files changed, 168 insertions(+), 58 deletions(-)
commit 630ce95d7b9ec3ac3cbe71f75910711369274314
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-10-10
Combine initialization tests
tests/Makefile.am | 14 ++----
tests/{test-fork.c => test-init.c} | 34 ++++++++++++-
tests/test-recursive.c | 98 --------------------------------------
3 files changed, 36 insertions(+), 110 deletions(-)
commit d5a004ded8a0acdb7aa2100b8e116f19d0d9e402
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-10-10
Don't allow recursive calling of C_Initialize on a given module.
p11-kit/modules.c | 9 ++++-
tests/Makefile.am | 10 ++++--
tests/test-recursive.c | 98 ++++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 114 insertions(+), 3 deletions(-)
commit 591c1c14f2ebbcbc3f621456e31e2af1d26820b8
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-10-10
Rename p11-kit test
.gitignore | 2 ++
tests/Makefile.am | 6 +++---
tests/{p11-test.c => test-fork.c} | 0
3 files changed, 5 insertions(+), 3 deletions(-)
commit 85d9078be0456de8014a6f186f3916ddb01792d2
Author: Pino Toscano <pino@debian.org>
Date: 2011-09-30
Don't use PATH_MAX unless its defined
* Fixes build on GNU/Hurd
https://bugs.freedesktop.org/show_bug.cgi?id=41303
p11-kit/modules.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
commit 639aa9e38692ba5001987bb496e10cca14880807
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-09-28
Print more information in 'p11-kit -l'
tools/p11-kit.c | 92 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 92 insertions(+)
commit 67b52ed7d7f298f64be5ead41deeeebab1238d47
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-09-27
Release 0.7
NEWS | 5 +++++
configure.ac | 2 +-
po/p11-kit.pot | 4 ++--
3 files changed, 8 insertions(+), 3 deletions(-)
commit d3e245f579d917d1393624b6ecf3ae0c3748bbb3
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-09-27
Don't expand p11-kit config variables in configure.
* Expand them later in Makefile and pkg-config file
configure.ac | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
commit fcb71c3962314b48e9f8bd7f82673fa4e065607d
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-09-26
Add test tool to print out error messages
* Allows checking of translations
.gitignore | 1 +
tests/Makefile.am | 3 +-
tests/print-messages.c | 137 +++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 140 insertions(+), 1 deletion(-)
commit a1cc80045864777db8c77e711f0a8efaad949c3e
Author: Andreas Metzler <ametzler@downhill.at.eu.org>
Date: 2011-09-26
Fix quoting of build variables
https://bugs.freedesktop.org/show_bug.cgi?id=40985
p11-kit/Makefile.am | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit a081b6652acc9d9a9af22a266f9175f689b8c5d1
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-09-19
Expand the libdir path correctly
https://bugs.freedesktop.org/show_bug.cgi?id=40985
configure.ac | 6 ------
p11-kit/Makefile.am | 9 ++++++++-
2 files changed, 8 insertions(+), 7 deletions(-)
commit 8054865325fdb2221f3e425d04d9e03f6475553e
Author: Roman Bogorodskiy <bogorodskiy@gmail.com>
Date: 2011-09-15
Add #include <limits.h> for PATH_MAX to fix compilation on FreeBSD.
https://bugs.freedesktop.org/show_bug.cgi?id=40923
p11-kit/modules.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
commit 67dc760cec1653e9571b7c4e2bada3992c2b8361
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-09-14
Release version 0.6
NEWS | 5 +++++
configure.ac | 2 +-
po/p11-kit.pot | 4 ++--
3 files changed, 8 insertions(+), 3 deletions(-)
commit 11f3f0effb14be788e320d2f75b0d2d769058966
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-09-14
Add documentation about the configuration paths
* Default module path
* How to lookup paths using pkg-config
doc/p11-kit-config.xml | 37 ++++++++++++++++++++++---------------
doc/p11-kit-docs.sgml | 1 +
doc/p11-kit-notes.xml | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
doc/p11-kit.xml | 3 +++
doc/style.css | 2 ++
5 files changed, 76 insertions(+), 15 deletions(-)
commit 927d2e5927ddad1eafe94c0bcadd76cd73d6297a
Author: Kalev Lember <kalevlember@gmail.com>
Date: 2011-09-14
When a module has a relative path, load it from $libdir/pkcs11
So far we have only supported full paths to the pkcs11 modules in config
files. This change adds relative path support, so that for modules
installed under the standard $libdir/pkcs11, the config file won't have
to spell out the full path.
configure.ac | 9 ++++++++
p11-kit/modules.c | 61 ++++++++++++++++++++++++++++++++++++++++++++++---
p11-kit/p11-kit-1.pc.in | 1 +
3 files changed, 68 insertions(+), 3 deletions(-)
commit 138c1efa9af4893536fb7c3a90d3cb1ac24cea89
Author: Kalev Lember <kalevlember@gmail.com>
Date: 2011-09-14
Rename pkgconfig configuration directory variables
Renamed them to reduce ambiguity and to pave the way for exposing
some additional parameters.
p11_system_modules -> p11_system_config_modules
p11_user_modules -> p11_user_config_modules
configure --with-pkcs11-dir
=>
configure --with-system-config
configure.ac | 50 ++++++++++++++++++++++--------------------
p11-kit/Makefile.am | 2 +-
p11-kit/modules.c | 5 +++--
p11-kit/p11-kit-1.pc.in | 10 +++++----
p11-kit/pkcs11.conf.example.in | 2 +-
5 files changed, 37 insertions(+), 32 deletions(-)
commit 1cecad87a968ab6441b020fafb95f991b97e84b3
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-08-31
Release version 0.5
NEWS | 5 +++++
configure.ac | 2 +-
po/p11-kit.pot | 4 ++--
3 files changed, 8 insertions(+), 3 deletions(-)
commit e06009c33616d07a0687d0adbb5c59ec1c8965af
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-08-30
Don't crash if p11_kit_registered_modules() called after failed init
p11-kit/modules.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
commit fbdb10edfa39ada801af187dd3abaa5c8bf2ae6b
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-08-30
Remove useless typedef
p11-kit/conf.h | 2 --
1 file changed, 2 deletions(-)
commit 21b64c68e6a5ffcae50f3561f6dec6ee943a006f
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-08-30
Add 'critical' setting for modules
* When a module has critical set to 'yes', and that module fails to init
then it aborts the entire init process.
* Defaults to 'no'
doc/p11-kit-config.xml | 24 ++++++++++++++++++++++--
p11-kit/conf.c | 18 ++++++++++++++++++
p11-kit/conf.h | 3 +++
p11-kit/modules.c | 7 ++++++-
4 files changed, 49 insertions(+), 3 deletions(-)
commit 25512ca5a03d723a84d6de67a7036188d08ec21b
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-08-24
Fix bugs in the p11-kit proxy module.
* Initialize the mappings properly
* Lookup session handles correctly
* Debug initialization and finalization
p11-kit/debug.c | 1 +
p11-kit/debug.h | 3 ++-
p11-kit/proxy.c | 42 ++++++++++++++++++++++++++++--------------
3 files changed, 31 insertions(+), 15 deletions(-)
commit 61c925fda7385392b3961f0b44049b9ff7a68093
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-08-19
Release version 0.4
NEWS | 8 ++++++++
configure.ac | 2 +-
po/p11-kit.pot | 4 ++--
3 files changed, 11 insertions(+), 3 deletions(-)
commit ae95625311e98caa3cccf82d24a3b612df11b26d
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-08-19
Ignore spaces in PKCS#11 URIs
* These should be able to occur anywhere and should be ignored
according to RFC 3986. This is documented in the PKCS#11 URI
specification.
p11-kit/uri.c | 85 ++++++++++++++++++++++++++++++++++++++++++--------------
p11-kit/uri.h | 4 +--
tests/uri-test.c | 24 ++++++++++++++++
3 files changed, 90 insertions(+), 23 deletions(-)
commit d4abb441450deceff760086dcdf9d493b258074a
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-08-14
Fix endless loop if module forks during initialization.
* If a module forks during its C_Initialize, previously our
fork handler would try to initialize it again, ad nauseum.
Reported by Nikos on the mailing list.
.gitignore | 1 +
p11-kit/modules.c | 12 +-
tests/Makefile.am | 30 +-
tests/mock-module.c | 886 ++++++++++++++++++++++++++++++++++++++++++++++++++++
tests/mock-module.h | 336 ++++++++++++++++++++
tests/p11-test.c | 114 +++++++
6 files changed, 1354 insertions(+), 25 deletions(-)
commit 43169c520292397439bd70fb74e9505d371f7c72
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-08-14
Safer initialization of individually initialized module.
* More checks for out of memory.
* Take more of the same code paths when initializing a single
module as when initializing registered, or loading from file.
* Cleanup halfway initialized globals if fail during init.
p11-kit/modules.c | 36 ++++++++++++++++++++++++++++++------
1 file changed, 30 insertions(+), 6 deletions(-)
commit 1e2011a308500632a9fbfb541dafcd73d796f3d5
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-08-05
Update PKCS#11 URI code for new draft of spec
* pinfile attribute was renamed to pin-source
* objecttype attribute was renamed to object-type
* secretkey value was renamed to secret-key
We continue to support parsing the old attribute names and values but
generate URIs with the new ones.
doc/Makefile.am | 2 +-
doc/p11-kit-sections.txt | 2 +
p11-kit/pin.c | 126 +++++++++++++++++++++++------------------------
p11-kit/pin.h | 10 ++--
p11-kit/uri.c | 83 +++++++++++++++++++++----------
p11-kit/uri.h | 9 ++++
tests/pin-test.c | 38 +++++++-------
tests/uri-test.c | 60 +++++++++++-----------
8 files changed, 185 insertions(+), 145 deletions(-)
commit 0a2fd044770d645b7707d2b4926a3214147973a8
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-08-03
Don't fail when duplicate modules are configured.
* Duplicate modules may be caused by editor backups, misconfigurations
or a multitude of other sources. Failing dead is a bit harsh.
* After discussing gnutls needs with Nikos
p11-kit/modules.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 3b78f626872c637339a3302b8f0607c778aef92c
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-08-03
Better debug output for initialization and loading modules.
p11-kit/modules.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
commit ca48cb81f8e1465fdc4e4b504ea9da0324b30658
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-08-03
Fix broken debug arguments
p11-kit/modules.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit e938d137fee800605b5c11d0c2aa6eae90e205eb
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-08-01
Add example configuration documentation.
* And also install example pkcs11.conf file.
.gitignore | 1 +
configure.ac | 7 ++++--
doc/p11-kit-config.xml | 48 ++++++++++++++++++++++++++++++++++++++++++
p11-kit/Makefile.am | 6 +++++-
p11-kit/pkcs11.conf.example.in | 9 ++++++++
5 files changed, 68 insertions(+), 3 deletions(-)
commit dd6b2c11794a74a33bfa53fec9892cb0c7007e80
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-07-29
Release version 0.3
NEWS | 5 +++++
README | 9 ++++++++-
2 files changed, 13 insertions(+), 1 deletion(-)
commit 24d5da1bfa82e296872ae1ef62dbc073780edf20
Author: Roman Bogorodskiy <bogorodskiy@gmail.com>
Date: 2011-07-28
Fix building with NLS enabled.
https://bugs.freedesktop.org/show_bug.cgi?id=39622
tests/Makefile.am | 17 +++++++++++------
tools/Makefile.am | 3 ++-
2 files changed, 13 insertions(+), 7 deletions(-)
commit 8f4923bcaa66809aa247859b48f2d67d8950097e
Author: Roman Bogorodskiy <bogorodskiy@gmail.com>
Date: 2011-07-28
Use AC_SEARCH_LIBS instead of AC_CHECK_LIB for dlopen() to fix on *BSD.
https://bugs.freedesktop.org/show_bug.cgi?id=39622
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit b1b63063e0da8518e89b485bc4d2827ba2e3fdcf
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-07-28
Make p11-kit-proxy.so link point to libp11-kit.so.0.0.0
* The link now points to the actual library, rather than to
another link.
https://bugzilla.redhat.com/show_bug.cgi?id=725905
p11-kit/Makefile.am | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit daec3faa85c4f463e3b13688f2bc2bbd1b2ae106
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-07-27
Add libtool style versioning variables to p11-kit
configure.ac | 16 ++++++++++++++++
p11-kit/Makefile.am | 4 +++-
po/p11-kit.pot | 4 ++--
3 files changed, 21 insertions(+), 3 deletions(-)
commit fb0952dbeb607542b7feab80b1bbd2b1258cd15f
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-07-27
Fix bug in hashtable rewrite.
* Initialization mixup.
p11-kit/hashmap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 9add486d5bbb2ac6a3566e21d729107c26de77a3
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-07-27
Cleanup documentation warnings
* After recent hash table rewrite we should be ignoring the new
file.
doc/Makefile.am | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit 4454fc36a0dd9b6e99e302769084b2964eef34c1
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-07-27
Create a link for the proxy module.
* Install proxy module at its own path which is not prefixed by 'lib'
* Since the proxy module is the same as the library, and actually
needs to be loaded as the same library in memory (due to resource
tracking per process), use a symlink for proxy.
* Add a variable to the pkg-config file which shows the path
to the proxy module. ie:
$ pkg-config --variable=proxy_module p11-kit-1
https://bugzilla.redhat.com/show_bug.cgi?id=725905
p11-kit/Makefile.am | 6 +++++-
p11-kit/p11-kit-1.pc.in | 1 +
2 files changed, 6 insertions(+), 1 deletion(-)
commit 308a776372eb1560480fbfcb5ef9d918a7a1454f
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-07-27
Reimplement and remove apache licensed bits of code.
* Reimplement the various bits of the hash table that were
still based on the apache apr code. Use different algorithms
for hashing, lookup and other stuff.
* Use this as an opportunity to cleanup that code and make
it more legible.
https://bugzilla.redhat.com/show_bug.cgi?id=725905
COPYING | 22 +-
p11-kit/Makefile.am | 2 +-
p11-kit/conf.c | 50 ++---
p11-kit/conf.h | 12 +-
p11-kit/hash.c | 473 ------------------------------------------
p11-kit/hashmap.c | 372 +++++++++++++++++++++++++++++++++
p11-kit/{hash.h => hashmap.h} | 71 +++----
p11-kit/modules.c | 62 +++---
p11-kit/pin.c | 6 +-
p11-kit/proxy.c | 8 +-
tests/conf-test.c | 64 +++---
tests/hash-test.c | 158 +++++++-------
12 files changed, 578 insertions(+), 722 deletions(-)
commit 3bb86b72ca5882b1e5684db837c75df810f283c3
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-07-21
Expand the various pkcs11 config paths properly.
* Without this the ${prefix} part of the variable wasn't being
expanded and was making it into the #define.
configure.ac | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
commit 4a3a1e0b8ad676f057e4fb141b4692987e8ce558
Author: Colin Walters <walters@verbum.org>
Date: 2011-07-18
configure: Use $sysconfdir for p11_system_conf dir, not hardcoded /etc
If the user specified sysconfdir, we should respect it. Don't
hardcode /etc. This is important for jhbuild, which uses
/path/to/builddir/etc.
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 43cf13e1a25da76297cd3397569031d7c3fd3a09
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-07-19
Ignore some built files after recent changes.
.gitignore | 2 ++
m4/{empty => .empty} | 0
2 files changed, 2 insertions(+)
commit b59ab92e640e13d10484fffc74ed6a218930c6ab
Author: Colin Walters <walters@verbum.org>
Date: 2011-07-18
build: Make autogen.sh work
* We were missing a call to gettextize, which is what copies in config.rpath
* Delete ABOUT-NLS, it is copied in by gettextize
* While we're here, take a page from gtk+'s autogen.sh and just use autoreconf,
instead of specifying everything.
* We need to always have an m4/ directory, so that gettextize works,
so we make a dummy empty file
* Apparently gettextize is totally insane, requiring user input etc. Copy
in some hacks from Avahi's autogen.sh to work around this.
.gitignore | 1 -
ABOUT-NLS | 1281 ------------------------------------------------------------
autogen.sh | 17 +-
m4/empty | 1 +
4 files changed, 12 insertions(+), 1288 deletions(-)
commit 69dd8b722bcb1a76ff586e71c580f6844412abb9
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-07-12
pin: Fix uninitialized variable
p11-kit/pin.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 087a815b2b9cd5e0ec44866be1ddddb948583e88
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-07-07
Bump version number, and tweak upload procedure
.gitignore | 1 +
Makefile.am | 3 ++-
configure.ac | 2 +-
3 files changed, 4 insertions(+), 2 deletions(-)
commit e27e943b83401515b8b6acc1da705df6c56416e1
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-07-07
Release version 0.2
NEWS | 6 ++++++
configure.ac | 2 +-
po/p11-kit.pot | 2 +-
3 files changed, 8 insertions(+), 2 deletions(-)
commit 98ba6f9ffb95c5473e5e32d296956e91c4fc2715
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-07-06
List labels of all tokens in 'p11-kit -l'
tools/p11-kit.c | 34 ++++++++++++++++++++++++++++++++--
1 file changed, 32 insertions(+), 2 deletions(-)
commit 883b3ee76c686d14bbc1f20b0805d733a0c227ad
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-07-06
More fine tuning of the pin APIs.
doc/p11-kit-sections.txt | 1 +
p11-kit/pin.c | 18 ++++++++++++++++--
p11-kit/pin.h | 4 +++-
3 files changed, 20 insertions(+), 3 deletions(-)
commit 1ff1a4895b2d5ff5fe559b96034fb1c3855d4b45
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-06-24
Add documentation for PIN callbacks.
doc/Makefile.am | 2 +-
doc/p11-kit-docs.sgml | 1 +
doc/p11-kit-sections.txt | 19 +++
p11-kit/pin.c | 328 +++++++++++++++++++++++++++++++++++++----------
p11-kit/pin.h | 4 +-
tests/pin-test.c | 18 +--
6 files changed, 295 insertions(+), 77 deletions(-)
commit fd7dee836d0b14efc48bf59955c8a12a72561043
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-06-24
Add P11KitPin structure, which encapsulates a returned pin.
* Lets us use variable size buffers.
* Helps minimize copying.
p11-kit/pin.c | 171 +++++++++++++++++++++++++++++++++++++++++++----
p11-kit/pin.h | 44 ++++++++----
tests/files/test-pinfile | 1 +
tests/pin-test.c | 161 ++++++++++++++++++++++++++++++--------------
4 files changed, 302 insertions(+), 75 deletions(-)
commit 2cc2ab90a6b96ea75dfe4d6413e41539075e8f8a
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-06-21
Rename p11_kit_pin_read_pinfile to p11_kit_pin_retrieve
* Fix up duplicate register logic as well.
p11-kit/pin.c | 13 +++++++------
p11-kit/pin.h | 4 ++--
tests/pin-test.c | 38 +++++++++++++++++++-------------------
3 files changed, 28 insertions(+), 27 deletions(-)
commit f1ca5d5b57909534d8b21f9be455c94ca57e6636
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-06-20
Implement support for registering and calling pinfile callbacks
* These are callbacks that hanlde the pinfile part of a PKCS#11 URI.
* One library can register a callback that another can then call
in a thread-safe and simple fashion.
.gitignore | 2 +
p11-kit/Makefile.am | 3 +
p11-kit/pin.c | 332 +++++++++++++++++++++++++++++++++++++++++++++++++
p11-kit/pin.h | 85 +++++++++++++
p11-kit/ptr-array.c | 150 ++++++++++++++++++++++
p11-kit/ptr-array.h | 61 +++++++++
tests/Makefile.am | 12 +-
tests/pin-test.c | 237 +++++++++++++++++++++++++++++++++++
tests/ptr-array-test.c | 259 ++++++++++++++++++++++++++++++++++++++
9 files changed, 1140 insertions(+), 1 deletion(-)
commit 0a793a9e462727f434f6283a712b37ab30df5e95
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-06-16
Fix logic error loading registered modules.
Thanks to Richard Bellgrim.
p11-kit/modules.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit b1b62f1b0856821d046ed92be076f9b9f8c664a9
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-06-09
Update pkcs11.h with PKCS#11 2.20 ammendments.
p11-kit/pkcs11.h | 22 +++++++++++++++++++---
1 file changed, 19 insertions(+), 3 deletions(-)
commit 6d36c108a0f00f7485967b528b2a9f7c22173a5b
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-06-09
Fixed typos and made options clearer.
doc/p11-kit-config.xml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
commit d941244aaf0cf142fee986eb914c2767f564dc14
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-06-09
By default use /etc/pkcs11 for system configs and not ${prefix}
* Packagers can override this with the --with-pkcs11-dir configure arg.
configure.ac | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
commit 4bb63ced295ddd64a019ae49cfae191524a34f07
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-06-09
Complete documentation for message functionality.
doc/p11-kit-docs.sgml | 1 +
doc/p11-kit-sections.txt | 6 ++++++
p11-kit/modules.c | 15 +++++++++++++++
p11-kit/util.c | 29 +++++++++++++++++++++++++++++
4 files changed, 51 insertions(+)
commit d6463e70eeb0ad3d93788a3e0f13e2007be54c50
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-06-09
Complete testing of global config files and directories.
tests/conf-test.c | 262 +++++++++++++++++++++++++++++++++++
tests/files/system-modules/one | 3 +
tests/files/system-modules/two | 3 +
tests/files/test-system-invalid.conf | 3 +
tests/files/test-system-merge.conf | 7 +
tests/files/test-system-none.conf | 8 ++
tests/files/test-system-only.conf | 8 ++
tests/files/test-user-invalid.conf | 3 +
tests/files/test-user-only.conf | 4 +
tests/files/test-user.conf | 3 +
tests/files/user-modules/one | 2 +
tests/files/user-modules/three | 3 +
12 files changed, 309 insertions(+)
commit 48a08272bfcc0153887b850b4ea82e8fb7d8f1ae
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-06-09
Store last failure message per thread.
* Add p11_kit_message() function to get last message.
doc/p11-kit-config.xml | 2 +-
p11-kit/Makefile.am | 3 +-
p11-kit/conf.c | 22 +++++++------
p11-kit/modules.c | 46 +++++++++++++++++++-------
p11-kit/p11-kit.h | 8 +++++
p11-kit/private.h | 6 ++--
p11-kit/util.c | 87 +++++++++++++++++++++++++++++++++++++++++++++++---
tests/Makefile.am | 3 +-
tests/conf-test.c | 13 ++++----
9 files changed, 151 insertions(+), 39 deletions(-)
commit 21333019a5afceb5f07637fb50b784a4ecd9f9ff
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-06-08
Refactor configuration
* Move configuration loading into conf.c
* Have user modules with same name merge/override modules in system.
p11-kit/Makefile.am | 2 +-
p11-kit/conf.c | 429 +++++++++++++++++++++++++++++++++++++++++++++++-----
p11-kit/conf.h | 24 ++-
p11-kit/hash.c | 117 ++++++++------
p11-kit/hash.h | 10 +-
p11-kit/modules.c | 366 ++++++++------------------------------------
p11-kit/private.h | 11 ++
p11-kit/util.c | 17 +++
tests/conf-test.c | 40 +++--
9 files changed, 610 insertions(+), 406 deletions(-)
commit 7c1edab7e6c1c6939ecdeaefc5f006772298f9eb
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-06-08
Ignore files without a 'module' value.
* Just skip loading these.
p11-kit/modules.c | 11 ++++-------
1 file changed, 4 insertions(+), 7 deletions(-)
commit d6b8300fe9bae0595aaf894c5d98aa7c72209e38
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-06-07
Bump version number.
configure.ac | 6 +++++-
po/p11-kit.pot | 4 ++--
2 files changed, 7 insertions(+), 3 deletions(-)
commit 5b77fb058c43e6b0b631e1c7df41994cc41cd2ac
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-06-07
Make target for uploading release.
Makefile.am | 3 +++
1 file changed, 3 insertions(+)
commit bfac05a80d66668a617386e7fdf569b5eb381a93
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-06-07
Release version 0.1
p11-kit/Makefile.am | 3 +++
po/p11-kit.pot | 5 +++--
2 files changed, 6 insertions(+), 2 deletions(-)
commit cab38f1cb262e7922098fdb03c2c5828f5f003a1
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-06-07
Fix up documentation
doc/p11-kit-sections.txt | 5 ++++-
p11-kit/util.c | 41 +++++++++++++++++++++++++++++++++++++++++
2 files changed, 45 insertions(+), 1 deletion(-)
commit b9a8a140cf09780671402e872130a51ec4f4b014
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-06-07
Add p11_kit_space_strdup() function, and rename p11_kit_space_strlen()
* Print out module info in p11-kit tool.
p11-kit/p11-kit.h | 6 ++++++
p11-kit/uri.c | 15 ++-------------
p11-kit/uri.h | 3 ---
p11-kit/util.c | 34 ++++++++++++++++++++++++++++++++++
tools/p11-kit.c | 28 +++++++++++++++++++++++++++-
5 files changed, 69 insertions(+), 17 deletions(-)
commit b315f99c90d01104d6baa91ca0f2cfb32c920abd
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-06-07
Fix more memory errors and leaks in module code.
p11-kit/modules.c | 16 ++++++++++++----
tools/p11-kit.c | 3 +++
2 files changed, 15 insertions(+), 4 deletions(-)
commit 7f5d2e9471872d8c1cf7181ba647c1dc74e2c6dd
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-06-07
Free string output of conf-test
tests/conf-test.c | 1 +
1 file changed, 1 insertion(+)
commit fb8b8cada7bad73acf936c1dee2e7b1be64e3513
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-06-07
Fix URI parsing memory leaks.
p11-kit/uri.c | 1 +
tests/uri-test.c | 1 +
2 files changed, 2 insertions(+)
commit 7c410200143b72a5976d228d75aab59f8b965fe9
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-06-07
Fix some hash leaks and bugs.
p11-kit/hash.c | 20 ++++++++++++--------
tests/hash-test.c | 39 +++++++++++++++++++++++++++++++++++++--
2 files changed, 49 insertions(+), 10 deletions(-)
commit 0f09803ba95bcdfebf4bde509b43b3ca52cd9d3f
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-06-07
Fix compiler warnings.
p11-kit/hash.c | 2 +-
tests/uri-test.c | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
commit a5d3e34397d847a0c9b2e3aab7bd9f0b1080af05
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-06-07
Remove unstable API markers.
p11-kit/Makefile.am | 3 ---
p11-kit/p11-kit.h | 9 ---------
p11-kit/uri.h | 9 ---------
tests/Makefile.am | 3 +--
tools/Makefile.am | 3 +--
5 files changed, 2 insertions(+), 25 deletions(-)
commit edf0b9584f1038797758b4ed878e1d9f48beda9f
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-06-06
Modernize autotools setup.
.gitignore | 1 +
configure.ac | 13 ++++++-------
2 files changed, 7 insertions(+), 7 deletions(-)
commit 0bd6cf376133f300edff57835eb95f7577d68792
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-05-30
Clear correct block of memory in p11_kit_uri_parse().
p11-kit/uri.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 6f1e963901ca7aff7af6bec376af00f892cbb9ca
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-05-30
GNU style definitions in uri.h as well as normal.
p11-kit/uri.h | 26 ++++++++++++++------------
1 file changed, 14 insertions(+), 12 deletions(-)
commit 82ca953733a651216125608d5ca7f9aa8005095e
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-05-30
Cleanup URI types
* Support with/without library version.
* Make names of types clearer.
p11-kit/uri.c | 63 ++++++++++++++++++++++++++++++------------
p11-kit/uri.h | 18 +++++++++---
tests/uri-test.c | 84 ++++++++++++++++++++++++++++----------------------------
3 files changed, 101 insertions(+), 64 deletions(-)
commit e19300129d3fe21c9e3af1a7f95ccf3eb5315199
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-05-30
Set the return value properly in p11_kit_load_initialize_module()
p11-kit/modules.c | 3 +++
1 file changed, 3 insertions(+)
commit b3b68fcb1d3fc4958acc6f6528fb88e7c87b7512
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-05-30
Add function p11_kit_uri_space_strlen() for figuring out the length
of space terminated strings.
doc/p11-kit-sections.txt | 1 +
p11-kit/uri.c | 6 +++---
p11-kit/uri.h | 3 +++
3 files changed, 7 insertions(+), 3 deletions(-)
commit 2aa964160a1615077db18b03a6c72c286c27791f
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-05-30
Allow use with CRYPTOKI_GNU style use of PKCS#11
doc/p11-kit-sections.txt | 10 +++++++++-
p11-kit/p11-kit.h | 11 ++++++++++-
p11-kit/uri.c | 2 +-
p11-kit/uri.h | 14 +++++++++++++-
4 files changed, 33 insertions(+), 4 deletions(-)
commit cfeaf3de3d745d457feaba48c532d7a384d67341
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-05-27
Add p11_kit_load_initialize_module() function.
* This function will load a module from a file path, and then
initialize it.
doc/p11-kit-sections.txt | 1 +
p11-kit/modules.c | 167 ++++++++++++++++++++++++++++++++++++++++-------
p11-kit/p11-kit.h | 3 +
3 files changed, 147 insertions(+), 24 deletions(-)
commit f03252bf032b04ed7a5b98ea52e3c75d84dc0812
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-05-27
Rename module arguments from 'funcs' to 'module'
p11-kit/modules.c | 244 +++++++++++++++++++++++++++---------------------------
p11-kit/p11-kit.h | 8 +-
2 files changed, 126 insertions(+), 126 deletions(-)
commit 5d697e5ff8e3222bdb67d0ce8444b0323eeaba69
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-05-27
Fix up documentation
doc/p11-kit-sections.txt | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
commit a2fbdb1a3cd9d137010182be43fdf4ff8491dd9f
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-05-27
Fix problems with 'make distcheck'
Makefile.am | 4 ++++
doc/Makefile.am | 3 ++-
gtk-doc.make | 9 +++++----
tests/Makefile.am | 8 ++++++--
4 files changed, 17 insertions(+), 7 deletions(-)
commit ad14c9c4c1345fe01336fc0d5bfccd3fca248ce1
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-05-27
Fix uninitialized variable problem.
p11-kit/proxy.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit bdd6188e299405e16179906bc79f9fef2605176a
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-05-27
Change around installation of headers, pkg-config, and file names
* Install headers to ${prefix}/include/p11-kit-1/p11-kit/
* This solves problems with other projects that have their own
pkcs11.h files.
* Change the pkg-config file name to p11-kit-1.pc
* Change the source file names.
.gitignore | 6 +-
configure.ac | 4 +-
doc/Makefile.am | 4 +-
p11-kit/Makefile.am | 18 ++--
p11-kit/debug.h | 4 +-
p11-kit/{p11-kit-messages.c => messages.c} | 0
p11-kit/{p11-kit-lib.c => modules.c} | 2 +-
p11-kit/{p11-kit.pc.in => p11-kit-1.pc.in} | 2 +-
p11-kit/p11-kit.h | 2 +-
p11-kit/p11-kit.pc | 17 ---
p11-kit/{p11-kit-private.h => private.h} | 0
p11-kit/{p11-kit-proxy.c => proxy.c} | 2 +-
p11-kit/{p11-kit-uri.c => uri.c} | 2 +-
p11-kit/{p11-kit-uri.h => uri.h} | 2 +-
po/POTFILES.in | 2 +-
po/p11-kit.pot | 164 ++++++++++++++---------------
tests/uri-test.c | 2 +-
17 files changed, 110 insertions(+), 123 deletions(-)
commit 92f821b6883e700a97a18d244104dea1031f2dce
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-05-26
Add functions for clearing and setting multiple attributes on URI.
p11-kit/p11-kit-uri.c | 75 ++++++++++++++++++++++++++++++++++++---------------
p11-kit/p11-kit-uri.h | 12 ++++++---
tests/uri-test.c | 41 +++++++++++++++++++++++++---
3 files changed, 100 insertions(+), 28 deletions(-)
commit c37d5dfaf0c2a5e70066fd1c9606b00329c3622a
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-05-26
Return proper errors when NULL is passed to mutex functions.
p11-kit/p11-kit-lib.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
commit 0542a87afdacd2c53da5d453b1d23e8a0dd91ea4
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-05-26
URI API fine tuning
* Rework API for getting all the attributes, to match usage in PKCS#11
* Add support for pinfile argument in URIs.
* Complete tests.
p11-kit/p11-kit-uri.c | 365 ++++++++++++++++++++++++++++++--------------------
p11-kit/p11-kit-uri.h | 9 +-
tests/uri-test.c | 103 ++++++++++++++
3 files changed, 328 insertions(+), 149 deletions(-)
commit 7c2a8a5b3ad134b6e3093761d617936dcbd21adf
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-05-25
Add p11_kit_uri_message() function.
Gets messages for p11-kit error codes.
p11-kit/debug.c | 1 +
p11-kit/debug.h | 3 ++-
p11-kit/p11-kit-uri.c | 38 ++++++++++++++++++++++++++++++++++++++
p11-kit/p11-kit-uri.h | 2 ++
4 files changed, 43 insertions(+), 1 deletion(-)
commit a01f4351e34fee946d1ffb81baa31a756e2851be
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-05-24
Fix null pointer dereference.
p11-kit/p11-kit-lib.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit e16a0a7183bd7c400ea3df12ad6ee1155a17634c
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-04-05
Fix lots of bugs and add more debugging statements.
p11-kit/conf.c | 3 ++-
p11-kit/p11-kit-lib.c | 51 +++++++++++++++++++++++++++++++++++++++++----------
2 files changed, 43 insertions(+), 11 deletions(-)
commit 4d7cf526a352d7c9a02d05a308eef937b1a8987d
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-04-05
Add basic tool for p11-kit.
List modules:
$ p11-kit -l
.gitignore | 2 +
Makefile.am | 1 +
configure.ac | 1 +
tools/Makefile.am | 12 ++++++
tools/p11-kit.c | 121 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
5 files changed, 137 insertions(+)
commit 6078d6d73bc2eb1dbf2283b37d9507297fefba9d
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-04-05
Add support for debug tracing.
Use P11_KIT_DEBUG=xxx environment variable to enable tracing. Must
have been built without --disable-debug option.
P11_KIT_DEBUG can (at this point) be one of these values:
all
help
conf
lib
.gitignore | 1 +
configure.ac | 23 ++++++---
doc/Makefile.am | 2 +-
p11-kit/Makefile.am | 1 +
p11-kit/conf.c | 7 +++
p11-kit/debug.c | 136 ++++++++++++++++++++++++++++++++++++++++++++++++++
p11-kit/debug.h | 93 ++++++++++++++++++++++++++++++++++
p11-kit/p11-kit-lib.c | 17 ++++++-
8 files changed, 272 insertions(+), 8 deletions(-)
commit aada8e3d41c3be7cdc7e0994c7dff7c307fbbe7f
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-04-01
Fix up copyright lines.
p11-kit/conf.c | 4 ++--
p11-kit/conf.h | 4 ++--
p11-kit/hash.c | 4 ++--
p11-kit/hash.h | 4 ++--
p11-kit/p11-kit-lib.c | 2 +-
p11-kit/p11-kit-private.h | 2 +-
p11-kit/p11-kit-proxy.c | 2 +-
p11-kit/p11-kit-uri.h | 2 +-
p11-kit/p11-kit.h | 2 +-
p11-kit/util.c | 1 -
p11-kit/util.h | 1 -
11 files changed, 13 insertions(+), 15 deletions(-)
commit 579d40eff31c7a17cc4e4f07d26c6189619fee31
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-03-31
Add C++ header guards, and require API instability acknowledgement.
p11-kit/Makefile.am | 3 +++
p11-kit/p11-kit-uri.h | 23 ++++++++++++++++++++---
p11-kit/p11-kit.h | 17 +++++++++++++++++
tests/Makefile.am | 3 ++-
4 files changed, 42 insertions(+), 4 deletions(-)
commit cf988aa7858d249887ea0818301c7211bb3cab38
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-03-31
Support setting of CK_C_INITIALIZE_ARGS.pReserved to string.
This is a naughty little thing that a lot of PKCS#11 modules require
to be properly initialized. So we support setting pReserved to a string
that is in the config under the 'x-init-reserved' parameter.
p11-kit/p11-kit-lib.c | 7 +++++++
1 file changed, 7 insertions(+)
commit 540a00501ba682b420b143480d5864335cad6c71
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-03-31
Give reference chapter an explicit id.
doc/p11-kit-docs.sgml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 52dab5cd52b19352e9f29b16c686fc545d2aadf1
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-03-31
Add make target for uploading docs.
Makefile.am | 6 ++++++
1 file changed, 6 insertions(+)
commit a0ef9771b882bf2dc5bd56fcc6bcfdf47ed90feb
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-03-31
Mix in other documentation.
doc/Makefile.am | 2 +-
doc/p11-kit-config.xml | 10 ++++++----
doc/p11-kit-docs.sgml | 12 ++++++++----
...p11-kit-multiple-problem.xml => p11-kit-sharing.xml} | 0
doc/style.css | 17 ++++++++++-------
5 files changed, 25 insertions(+), 16 deletions(-)
commit ca1d8a09e05444de07a1ad722b57f5dcae042892
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-03-31
Fix up styling and tweaks.
doc/style.css | 24 +++++++++++++++++-------
p11-kit/p11-kit-messages.c | 4 ++--
2 files changed, 19 insertions(+), 9 deletions(-)
commit 17ebc007ed0376bdea50294201a637be982d68b7
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-03-31
Fix up styling of documentation.
doc/p11-kit-docs.sgml | 2 +-
doc/style.css | 70 +++++++++++++++++++++++++++++++++++++++++++++++++++
gtk-doc.make | 4 ++-
3 files changed, 74 insertions(+), 2 deletions(-)
commit 479cbd55ee5739d3cd2566379575451dbecf4c54
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-03-31
Documentation and API cleanup.
* Rename source directory
* More consistent with return values from URI functions.
* Allow formatting URI to take a uri type.
.gitignore | 17 ++
Makefile.am | 6 +-
configure.ac | 17 +-
doc/Makefile.am | 80 ++++++--
doc/p11-kit-docs.sgml | 24 +++
doc/p11-kit-overrides.txt | 0
doc/p11-kit-sections.txt | 40 ++++
doc/version.xml.in | 1 +
gtk-doc.make | 230 +++++++++++++++++++++
{module => p11-kit}/Makefile.am | 1 -
{module => p11-kit}/conf.c | 0
{module => p11-kit}/conf.h | 0
{module => p11-kit}/hash.c | 1 -
{module => p11-kit}/hash.h | 0
{module => p11-kit}/p11-kit-lib.c | 103 +++++++---
{module => p11-kit}/p11-kit-messages.c | 16 +-
{module => p11-kit}/p11-kit-private.h | 0
{module => p11-kit}/p11-kit-proxy.c | 0
{module => p11-kit}/p11-kit-uri.c | 360 +++++++++++++++++++++++++++------
{module => p11-kit}/p11-kit-uri.h | 25 +--
{module => p11-kit}/p11-kit.h | 0
p11-kit/p11-kit.pc | 17 ++
{module => p11-kit}/p11-kit.pc.in | 0
{module => p11-kit}/pkcs11.h | 0
{module => p11-kit}/util.c | 0
{module => p11-kit}/util.h | 0
tests/Makefile.am | 8 +-
tests/uri-test.c | 82 ++++----
28 files changed, 857 insertions(+), 171 deletions(-)
commit 6132cd99c39739ef5360e41e92f22d287007577e
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-03-31
WIP
module/p11-kit-lib.c | 119 +++++++++++++++++++++++++++++++++++++++++++++++++++
module/p11-kit-uri.c | 43 +++++++++++++++++++
2 files changed, 162 insertions(+)
commit c45d9df39035dee8a3fff610d98ac3b4c245f1dc
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-03-31
Fix for previous commit.
Actually use the alloc_module_unlocked() function.
module/p11-kit-lib.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit 9985957799fd7142125f1d2dd0fae4366ec83f32
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-03-31
Custom initialization and finalization arguments cannot be supported.
When multiple consumers are using a PKCS#11 module, initialization
(and finalization) arguments cannot be supported. The first one calling
would win out, and the others would get unexpected behavior.
module/p11-kit-lib.c | 193 ++++++++++++++++++++++++-----------------------
module/p11-kit-private.h | 4 +-
module/p11-kit-proxy.c | 4 +-
module/p11-kit.h | 6 +-
4 files changed, 104 insertions(+), 103 deletions(-)
commit 1104f03d9b34cc659838124e00ac864c35af4f82
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-03-03
Add info and copyright.
doc/p11-kit.xml | 42 ++++++++++++++++++++++++++++++++++--------
1 file changed, 34 insertions(+), 8 deletions(-)
commit d05a04968e07f6a2084ceb747938dc7cc049cb5f
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-03-03
The start of some documentation.
.gitignore | 2 +
Makefile.am | 2 +-
configure.ac | 1 +
doc/Makefile.am | 22 ++++++++
doc/docbook-params.xsl | 39 +++++++++++++
doc/p11-kit-config.xml | 119 +++++++++++++++++++++++++++++++++++++++
doc/p11-kit-multiple-problem.xml | 92 ++++++++++++++++++++++++++++++
doc/p11-kit.xml | 11 ++++
8 files changed, 287 insertions(+), 1 deletion(-)
commit 25cbc9b3293f2c6df38bd0528b89101e5e547321
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-02-21
Add uri function for listing which attribute types are present.
module/p11-kit-uri.c | 24 +++++++++++++++++++++++-
module/p11-kit-uri.h | 3 +++
2 files changed, 26 insertions(+), 1 deletion(-)
commit ff7db14f0acae463165377f2d4b999e566298b40
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-02-21
Fix bug where we try to dlclose() modules we didn't load.
module/p11-kit-lib.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
commit 1d9ca2ddb4df85b7235ec78e4996cf2d1fd775a2
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-02-19
Reference implementation of PKCS#11 URIs
.gitignore | 1 +
module/Makefile.am | 3 +
module/p11-kit-proxy.c | 14 +-
module/p11-kit-uri.c | 886 ++++++++++++++++++++++++++++++++++++++++
module/p11-kit-uri.h | 101 +++++
module/p11-kit.h | 2 +
module/util.c | 51 +++
module/util.h | 45 +++
tests/Makefile.am | 7 +-
tests/uri-test.c | 1050 ++++++++++++++++++++++++++++++++++++++++++++++++
10 files changed, 2146 insertions(+), 14 deletions(-)
commit 65509aa3a7c35d8bd5a947ca87c14d4de11deb21
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-02-18
Add p11_kit_strerror() method and internationalization.
.gitignore | 5 +
ABOUT-NLS | 1281 +++++++++++++++++++++++++++++++++++++++++++++
Makefile.am | 4 +-
configure.ac | 4 +
module/Makefile.am | 14 +-
module/p11-kit-lib.c | 4 +-
module/p11-kit-messages.c | 234 +++++++++
module/p11-kit.h | 2 +
po/Makefile.in.in | 444 ++++++++++++++++
po/Makevars | 41 ++
po/POTFILES.in | 2 +
po/Rules-quot | 47 ++
po/boldquot.sed | 10 +
po/en@boldquot.header | 25 +
po/en@quot.header | 22 +
po/insert-header.sin | 23 +
po/p11-kit.pot | 342 ++++++++++++
po/quot.sed | 6 +
po/remove-potcdate.sin | 19 +
19 files changed, 2523 insertions(+), 6 deletions(-)
commit 5cc83571c3e0e212f4d84b05bb15088409d9c752
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-02-17
Properly read user-config setting.
* Unless the system 'user-config' setting is 'none' we allow
the user to override or merge all settings, including the
'user-config' setting.
module/p11-kit-lib.c | 187 ++++++++++++++++++++++++++++++++++++++++-----------
1 file changed, 146 insertions(+), 41 deletions(-)
commit 80fe1806941d555433f3a1c97ab116dd281041e0
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-02-17
Add a proper pkg-config file.
.gitignore | 2 ++
configure.ac | 25 ++++++++++++++-----------
module/Makefile.am | 10 +++++-----
module/p11-kit.pc.in | 17 +++++++++++++++++
4 files changed, 38 insertions(+), 16 deletions(-)
commit c03b1023835887569315fbec6295be3cc0f4cf42
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-02-17
Only allow colon between name and value.
module/conf.c | 4 ++--
tests/files/test-1.conf | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
commit 14dfb79ca65dd80e117103c4f8852ae2b4a419a0
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-01-30
Configuration tests.
.gitignore | 1 +
module/conf.c | 25 ++++++----
module/conf.h | 6 +--
module/p11-kit-lib.c | 8 ++--
tests/Makefile.am | 13 ++++--
tests/conf-test.c | 121 ++++++++++++++++++++++++++++++++++++++++++++++++
tests/files/test-1.conf | 6 +++
7 files changed, 158 insertions(+), 22 deletions(-)
commit 4375e297b19bc2177e17cc5616e75d96be053328
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-01-26
Add testing and start testing hash table functionality.
.gitignore | 8 +
Makefile.am | 12 +-
configure.ac | 42 ++++++
module/Makefile.am | 16 +-
module/hash.c | 15 ++
module/hash.h | 5 +
tests/Makefile.am | 17 +++
tests/cutest/CuTest.c | 339 ++++++++++++++++++++++++++++++++++++++++++
tests/cutest/CuTest.h | 116 +++++++++++++++
tests/cutest/README.txt | 211 ++++++++++++++++++++++++++
tests/cutest/license.txt | 38 +++++
tests/hash-test.c | 377 +++++++++++++++++++++++++++++++++++++++++++++++
12 files changed, 1191 insertions(+), 5 deletions(-)
commit f8009b4d504de0ed752b867893acd263108409e0
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-01-24
Reinitialize modules after fork().
module/p11-kit-lib.c | 51 ++++++++++++++++++++++++++++++++++++++++++++----
module/p11-kit-private.h | 1 +
module/p11-kit-proxy.c | 18 +++++++++++++++++
3 files changed, 66 insertions(+), 4 deletions(-)
commit b2b0acbc5789823a33de9eabec10e2b8656f3632
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-01-24
Initial implementation with new config system.
configure.ac | 3 +-
module/Makefile.am | 10 +-
module/conf.c | 240 ++++++++++
module/conf.h | 51 +++
module/hash.c | 512 +++++++++++----------
module/hash.h | 110 +++--
module/p11-kit-lib.c | 810 ++++++++++++++++++++++++++++++++++
module/p11-kit-private.h | 51 +++
module/{p11-kit.c => p11-kit-proxy.c} | 696 ++---------------------------
module/p11-kit.h | 12 +-
10 files changed, 1558 insertions(+), 937 deletions(-)
commit 5a53e44a73d4fb62483e890fe348ea40d27ef573
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-01-24
Rename to p11-kit.
A less pretentios, better description of what's going on.
ChangeLog | 2 +-
configure.ac | 4 +-
module/Makefile.am | 8 +-
module/{p11-unity.c => p11-kit.c} | 312 +++++++++++++++++++-------------------
module/{p11-unity.h => p11-kit.h} | 28 ++--
5 files changed, 177 insertions(+), 177 deletions(-)
commit 492c2ff7c191e5df75140a47e4e43fa25fd16023
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-01-22
Rework public library API so that we can initialize arbitrary
modules.
module/p11-unity.c | 752 ++++++++++++++++++++++++++++++++++-------------------
module/p11-unity.h | 21 +-
2 files changed, 502 insertions(+), 271 deletions(-)
commit c2a5aaf7baf4bcc006674a1938205f93028b8ab0
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-01-22
Rough idea of possible library functions.
configure.ac | 5 +-
module/p11-unity.c | 307 ++++++++++++++++++++++++++++++++++++++++++++---------
module/p11-unity.h | 56 ++++++++++
3 files changed, 314 insertions(+), 54 deletions(-)
commit a50ba779ff3e0a5d4f35fb2b6ab525a423575cc4
Author: Stef Walter <stefw@collabora.co.uk>
Date: 2011-01-20
Initial implementation of p11-unity
.gitignore | 31 ++
AUTHORS | 1 +
COPYING | 47 ++
ChangeLog | 31 ++
Makefile.am | 18 +
NEWS | 2 +
README | 1 +
autogen.sh | 21 +
configure.ac | 90 +++
module/Makefile.am | 18 +
module/hash.c | 400 ++++++++++++++
module/hash.h | 158 ++++++
module/p11-unity.c | 1543 ++++++++++++++++++++++++++++++++++++++++++++++++++++
module/pkcs11.h | 1357 +++++++++++++++++++++++++++++++++++++++++++++
14 files changed, 3718 insertions(+)
Reference in a new issue View git blame Copy permalink