437 lines
16 KiB
Text
437 lines
16 KiB
Text
0.23.20 (stable)
|
|
* Revert "Fix RPC when length-s are 0" changes [PR#276]
|
|
|
|
0.23.19 (stable)
|
|
* common: add Russian PKCS#11 extensions to pkcs11x.h header [PR#255]
|
|
* Add simple bash completion for provided commands [PR#258]
|
|
* Unbreak list matching in enable-in and disable-in [PR#262]
|
|
* Fix RPC when length-s are 0 [PR#259]
|
|
* rpc: Add vsock transport support [PR#270]
|
|
* trust: Support CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER [PR#265]
|
|
* Build fixes [PR#271, PR#272, PR#273, ...]
|
|
|
|
0.23.18 (stable)
|
|
* rpc: Allow empty CK_DATE value [PR#253]
|
|
* build: Meson fixes [PR#245]
|
|
* build: Adjust feature parity between meson and autotools [PR#247]
|
|
|
|
0.23.17 (stable)
|
|
* common: Fix uClibc-ng compilation [PR#237]
|
|
* trust: do not allow daylight to invalidate date validation [PR#236]
|
|
* build: Port to meson build system [PR#231, PR#234]
|
|
* rpc: On UNIX wait on condition variable instead of FD if header is for a different thread [PR#232]
|
|
* doc: Add 'server' command in help [PR#229]
|
|
* Build and test fixes [PR#230]
|
|
|
|
0.23.16 (stable)
|
|
* proxy: Support C_WaitForSlotEvent() if CKF_DONT_BLOCK is specified [PR#225]
|
|
* conf: Ignore user configuration if the program is running as root [PR#226]
|
|
* proxy: Refresh slot list on every C_GetSlotList call [PR#224]
|
|
* modules: Fix index used in call to p11_dict_remove() [PR#219]
|
|
* Fix Win32 p11_dl_error crash [PR#218]
|
|
* modules: check gl.modules before iterates on it when freeing [PR#217]
|
|
* trust: Ignore unreadable content in anchors [PR#215]
|
|
* extract-jks: Prefer _p11_extract_jks_timestamp to SOURCE_DATE_EPOCH [PR#213]
|
|
|
|
0.23.15 (stable)
|
|
* trust: Improve error handling if backed trust file is corrupted [PR#206]
|
|
* url: Prefer upper-case letters in hex characters when encoding [PR#193]
|
|
* trust/extract-jks.c: also honor SOURCE_DATE_EPOCH time [PR#202]
|
|
* virtual: Prefer fixed closures to libffi closures [PR#196]
|
|
* Fix issues spotted by coverity and cppcheck [PR#194, PR#204]
|
|
* Build and test fixes [PR#164, PR#191, PR#199, PR#201]
|
|
|
|
0.23.14 (stable)
|
|
* proxy: Avoid invalid memory access when unloading proxy module [PR#180]
|
|
* Update pkcs11 header to allow SoftHSMv2 to compile [PR#181]
|
|
* build: Restore libpthread dependency [PR#183]
|
|
* Build fixes [PR#188]
|
|
|
|
0.23.13 (stable)
|
|
* server: Enable socket activation through systemd [PR#173]
|
|
* rpc-server: p11_kit_remote_serve_tokens: Allow exporting all modules [PR#174]
|
|
* proxy: Fail early if there is no slot mapping [PR#175]
|
|
* Remove hard dependency on libpthread [PR#177]
|
|
* Build fixes [PR#170, PR#176]
|
|
|
|
0.23.12 (stable)
|
|
* Fix compile error when PKCS#11 GNU calling convention is enabled [PR#160]
|
|
* Fix getauxval() and secure_getenv() emulation on macOS and FreeBSD [PR#167]
|
|
* Build and test fixes on macOS [PR#162, PR#168]
|
|
|
|
0.23.11 (stable)
|
|
* trust: Add extractor for edk2/cacerts.bin [PR#139]
|
|
* modules: Add option to control module visibility from proxy [PR#140]
|
|
* trust: Prevent trust module being loaded by proxy module [PR#142]
|
|
* library: Use dedicated locale object for printing error [PR#148]
|
|
* Treat CKR_CRYPTOKI_ALREADY_INITIALIZED correctly [PR#134]
|
|
* Improve const correctness for P11KitUri [PR#152]
|
|
* PKCS#11 URI scheme comparison is now case insensitive [PR#156]
|
|
* Build and test fixes [PR#151, PR#149, PR#141, PR#138, PR#135]
|
|
|
|
0.23.10 (devel)
|
|
* filter: Respect "write-protected" vendor-specific attribute in
|
|
PKCS#11 URI [PR#129]
|
|
* server: Improve shell integration and documentation [PR#107, PR#108]
|
|
* proxy: Reuse existing slot ID mapping in after fork() [PR#120]
|
|
* trust: Forcibly mark "Default Trust" read-only [PR#123]
|
|
* New function p11_kit_override_system_files() which can be used for
|
|
testing [PR#110]
|
|
* trust: Filter out duplicate extensions [PR#69]
|
|
* Update translations [PR#128]
|
|
* Bug fixes [PR#125, PR#126]
|
|
|
|
0.23.9 (devel)
|
|
* Fix p11-kit server regressions [PR#103, PR#104]
|
|
* trust: Respect anyExtendedKeyUsage in CA certificates [PR#99]
|
|
* Build fixes related to reallocarray [PR#96, PR#98, PR#100]
|
|
|
|
0.23.8 (devel)
|
|
* Improve vendor query attributes handling in PKCS#11 URI [PR#92]
|
|
* Add OTP and GOST mechanisms to pkcs11.h [PR#90, PR#91]
|
|
* New envvar P11_KIT_NO_USER_CONFIG to stop looking at user
|
|
configurations [PR#87]
|
|
* Build fixes for Solaris and 32-bit big-endian platforms [PR#81, PR#86]
|
|
|
|
0.23.7 (devel)
|
|
* Fix memory issues with "p11-kit server" [PR#78]
|
|
* Build fixes [PR#77 ...]
|
|
|
|
0.23.6 (devel)
|
|
* Port "p11-kit server" to Windows and portability fixes of the RPC
|
|
protocol [PR#67, PR#72, PR#74]
|
|
* Recover the old behavior of "trust anchor --remove" [PR#70, PR#71]
|
|
* Build fixes [PR#63 ...]
|
|
|
|
0.23.5 (devel)
|
|
* Fix license notice of common/unix-peer.c [PR#58]
|
|
* Remove systemd unit files for now [PR#60]
|
|
* Build fixes for FreeBSD [PR#56]
|
|
|
|
0.23.4 (devel)
|
|
* Recognize query attributes defined in PKCS#11 URI (RFC7512) [PR#31,
|
|
PR#37, PR#52]
|
|
* The trust policy module now recognizes CKA_NSS_MOZILLA_CA_POLICY
|
|
attribute, used by Firefox [#99453, PR#46]
|
|
* Add 'trust dump' command to dump all PKCS#11 objects in the
|
|
persistence format [PR#44]
|
|
* New experimental 'p11-kit server' command that allows PKCS#11
|
|
forwarding through a Unix domain socket. A client-side module
|
|
p11-kit-client.so is also provided [PR#15]
|
|
* Add systemd unit files for exporting the proxy module through a
|
|
Unix domain socket [PR#35]
|
|
* New P11KitIter API to iterate over slots, tokens, and modules in
|
|
addition to objects [PR#28]
|
|
* libffi dependency is now optional [PR#9]
|
|
* Build fixes for FreeBSD, macOS, and Windows [PR#32, PR#39, PR#45]
|
|
|
|
0.23.3 (devel)
|
|
* Install private executables in libexecdir [#98817]
|
|
* Fix link error of proxy module on macOS [#98022]
|
|
* Use new PKCS#11 URI specification for URIs [#97245]
|
|
* Support x-init-reserved argument of C_Initialize() in remote modules [#80519]
|
|
* Incorporate changes from PKCS#11 2.40 specification
|
|
* Bump libtool library version
|
|
* Documentation fixes
|
|
* Build fixes [#87192 ...]
|
|
|
|
0.23.2 (devel)
|
|
* Fix forking issues with libffi [#90289 ...]
|
|
* Updated translations
|
|
* Build fixes [#90827 #89081 #92434 #92520 #92445 #92551 #92843 #92842 #92807 #93211 ...]
|
|
|
|
0.23.1 (devel)
|
|
* Use new PKCS#11 URI draft fields for URIs [#86474 #87582]
|
|
* Add pem-directory-hash extract format
|
|
* Build fixes
|
|
|
|
0.22.1 (stable)
|
|
* Use SubjectKeyIdentifier for CKA_ID when available [#84761]
|
|
* Allow 'BEGIN PuBLIC KEY' PEM blocks in .p11-kit files
|
|
* Bump libtool library version
|
|
* Build fixes [#84665 ...]
|
|
|
|
0.22.0 (stable)
|
|
* Remove the 'isolated = yes' option due to unclear semantics
|
|
replacement forth coming in later versions.
|
|
* Use secure_getenv() where necessary
|
|
* Run separate binary for 'p11-kit remote' command
|
|
|
|
0.21.3 (unstable)
|
|
* New public pkcs11x.h header containing extensions [#83495]
|
|
* Export necessary defines to lookup attached extensions [#83495]
|
|
* Use term 'attached extensions' rather than 'stabled extensions'
|
|
* Make proxy module respect 'critical = no' [#83651]
|
|
* Show public-key-info in 'trust list --details'
|
|
* Build fixes [#75674 ...]
|
|
|
|
0.21.2 (unstable)
|
|
* Don't use invalid keys for looking up stapled extensions [#82328]
|
|
* Better error messages when invalid certificate extensions
|
|
* Fix parsing of some odd OpenSSL TRUSTED CERTIFICATE files
|
|
* Fix some leaks, and memory issues
|
|
* Silence some clang scanner warnings
|
|
* Fix build against older pthread implementations [#82617]
|
|
* Move to a non-recursive Makefile
|
|
* Can now specify which tests to run on command line
|
|
|
|
0.21.1 (unstable)
|
|
* Add new 'isolate' pkcs11 config option [#80472]
|
|
* Add 'p11-kit remote' command for isolating modules [#54105]
|
|
* Don't complain about C_Finalize after a fork
|
|
* Other minor fixes
|
|
|
|
0.20.3 (stable)
|
|
* Fix problems reinitializing managed modules after fork
|
|
* Fix bad bookkeeping when fail initializing one of the modules
|
|
* Fix case where module would be unloaded while in use [#74919]
|
|
* Remove assertions when module used before initialized [#74919]
|
|
* Fix handling of mmap failure and mapping empty files [#74773]
|
|
* Stable p11_kit_be_quiet() and p11_kit_be_loud() functions
|
|
* Require automake 1.12 or later
|
|
* Build fixes for Windows [#76594 #74149]
|
|
|
|
0.20.2 (stable)
|
|
* Fix bug where blacklist didn't affect extracted ca-anchors if the anchor
|
|
and blacklist were not in the same trust path (regression) [#73558]
|
|
* Check for race in BasicConstraints stapled extension [#69314]
|
|
* autogen.sh now runs configure as srcdir != builddir by default
|
|
* Build fixes and cleanup
|
|
|
|
0.20.1 (stable)
|
|
* Extract compat trust data after we've changes
|
|
* Skip compat extraction if running as non-root
|
|
* Better failure messages when removing anchors
|
|
* Build cleanup
|
|
|
|
0.20.0 (stable)
|
|
* Doc fixes
|
|
|
|
0.19.4 (unstable)
|
|
* 'trust anchor' now adds/removes certificate anchors
|
|
* 'trust list' lists trust policy stuff
|
|
* 'p11-kit extract' is now 'trust extract'
|
|
* 'p11-kit extract-trust' is now 'trust extract-compat'
|
|
* Workarounds for working on broken zfsonlinux.org [#68525]
|
|
* Add --with-module-config parameter to the configure script [#68122]
|
|
* Add support for removing stored PKCS#11 objects in trust module
|
|
* Various debugging tweaks
|
|
|
|
0.19.3 (unstable)
|
|
* Fix up problems with automake testing
|
|
* Fix a bunch of memory leaks in newly refactored code
|
|
* Don't use _GNU_SOURCE and the unportability it brings
|
|
* Testing fixes
|
|
|
|
0.19.2 (unstable)
|
|
* Add basic 'trust anchor' command to store a new anchor
|
|
* Support for writing out trust token objects
|
|
* Port to use CKA_PUBLIC_KEY_INFO and updated trust store spec
|
|
* Add option to use freebl for hashing
|
|
* Implement reloading of token data
|
|
* Fix warnings and possible minor bugs highlighted by code scanners
|
|
* Don't load configs in home directories when running setuid or setgid
|
|
* Support treating ~/.config as $XDG_CONFIG_HOME
|
|
* Use $XDG_DATA_HOME/pkcs11 as default user config directory
|
|
* Use $TMPDIR instead of $TEMP while testing
|
|
* Open files and fds with O_CLOEXEC
|
|
* Abort initialization if a critical module fails to load
|
|
* Don't use thread-unsafe functions: strerror, getpwuid
|
|
* Fix p11_kit_space_strlen() result when empty string
|
|
* Refactoring of where various components live
|
|
* Build fixes
|
|
|
|
0.19.1 (unstable)
|
|
* Refactor API to be able to handle managed modules
|
|
* Deprecate much of old p11-kit API
|
|
* Implement concept of managed modules
|
|
* Make C_CloseAllSessions function work for multiple callers
|
|
* New dependency on libffi
|
|
* Fix possible threading problems reported by hellgrind
|
|
* Add log-calls option
|
|
* Mark p11_kit_message() as a stable function
|
|
* Use our own unit testing framework
|
|
|
|
0.18.3 (stable)
|
|
* Fix reinitialization of trust module [#65401]
|
|
* Fix crash in trust module C_Initialize
|
|
* Mac OS fixes [#57714]
|
|
|
|
0.18.2 (stable)
|
|
* Build fixes [#64378 ...]
|
|
|
|
0.18.1 (stable)
|
|
* Put the external tools in $libdir/p11-kit
|
|
* Documentation build fixes
|
|
|
|
0.18.0 (stable)
|
|
* Fix use of trust module with gcr and empathy [#62896]
|
|
* Further tweaks to trust module date parsing
|
|
* Fix unaligned memory reads [#62819]
|
|
* Win32 fixes [#63062, #63046]
|
|
* Debug and logging tweaks [#62874]
|
|
* Other build fixes
|
|
|
|
0.17.5 (unstable)
|
|
* Don't try to guess at overflowing time values on 32-bit systems [#62825]
|
|
* Test fixes [#927394]
|
|
|
|
0.17.4 (unstable)
|
|
* Check for duplicate certificates in a token, warn and discard [#62548]
|
|
* Implement a proper index so we have decent load performance
|
|
|
|
0.17.3 (unstable)
|
|
* Use descriptive labels for the trust module tokens [#62534]
|
|
* Remove the temporary built in distrust objects
|
|
* Make extracted output directories and files read-only [#61898]
|
|
* Don't export unnecessary ABI
|
|
* Build fixes [#62479]
|
|
|
|
0.17.2 (unstable)
|
|
* Fix build on 32-bit linux
|
|
* Fix several crashers
|
|
|
|
0.17.1 (unstable)
|
|
* Support a p11-kit specific PKCS#11 attribute persistence format [#62156]
|
|
* Use the SHA1 hash of SPKI as the CKA_ID in the trust module by default [#62329]
|
|
* Refactor a trust builder which builds objects out of parsed data [#62329]
|
|
* Combine trust policy when extracting certificates [#61497]
|
|
* The extract --comment option adds comments to PEM bundles [#62029]
|
|
* A new 'priority' config option for ordering modules [#61978]
|
|
* Make each configured path its own trust module token [#61499]
|
|
* Use --with-trust-paths to configure trust module [#62327]
|
|
* Fix bug decoding some PEM files
|
|
* Better debug output for trust module lookups
|
|
* Work around bug in NSS when doing serial number lookups
|
|
* Work around broken strndup() function in firefox
|
|
* Fix the nickname for the distrusted attribute
|
|
* Build fixes
|
|
|
|
0.16.4 (stable)
|
|
* Display per command help again [#62153]
|
|
* Don't always print tools debug output [#62152]
|
|
|
|
0.16.3 (stable)
|
|
* When iterating don't skip tokens without the CKF_TOKEN_INITIALIZED flag
|
|
* Hardcode some distrust records for NSS temporarily
|
|
* Parse global options better in the p11-kit command
|
|
* Better debugging
|
|
|
|
0.16.2 (stable)
|
|
* Fix regression in 'p11-kit extract --purpose' option [#62009]
|
|
* Documentation updates
|
|
* Build fixes [#62001, ...]
|
|
|
|
0.16.1 (stable)
|
|
* Don't break when cA field of BasicConstraints is missing [#61975]
|
|
* Documentation fixes and updates
|
|
* p11-kit extract-trust is a placeholder script now
|
|
|
|
0.16.0 (stable)
|
|
* Update the pkcs11.h header for new mechanisms
|
|
* Fix build and tests on mingw64 (ie: win32)
|
|
* Relicense LGPL code to BSD license
|
|
* Documentation tweaks
|
|
* Pull translations from Transifex [#60792]
|
|
* Build fixes [#61739, #60894, #61740]
|
|
|
|
0.15.2 (unstable)
|
|
* Add German and Finish translations
|
|
* Better define the libtasn1 dependency
|
|
* Crasher and bug fixes
|
|
* Build fixes
|
|
|
|
0.15.1 (unstable)
|
|
* Fix some memory leaks
|
|
* Add a location for packages to drop module configs
|
|
* Documentation updates and fixes
|
|
* Add command line tool manual page
|
|
* Remove unused err() function and friends
|
|
* Move more code into common/ directory and refactor
|
|
* Add a system trust policy module
|
|
* Refactor how the p11-kit command line tool works
|
|
* Add p11-kit extract and extract-trust commands
|
|
* Don't complain if we cannot access ~/.pkcs11/pkcs11.conf
|
|
* Refuse to load the p11-kit-proxy.so as a registered module
|
|
* Don't fail initialization if last initialized module fails
|
|
|
|
0.14
|
|
* Change default for user-config to merge
|
|
* Always URI-encode the 'id' attribute in PKCS#11 URIs
|
|
* Expect a .module extension on module configs
|
|
* Windows compatibility fixes
|
|
* Testing fixes
|
|
* Build fixes
|
|
|
|
0.13
|
|
* Don't allow reading of PIN files larger than 4096 bytes
|
|
* If a module is not marked as critical then ignore init failure
|
|
* Use preconditions to check for input problems and out of memory
|
|
* Add enable-in and disable-in options to module config
|
|
* Fix the flags in pin.h
|
|
* Use gcc extensions to check varargs during compile
|
|
* Fix crasher when a duplicate module is present
|
|
* Fix broken hashmap behavior
|
|
* Testing fixes
|
|
* Win32 build fixes
|
|
* 'p11-kit -h' now works
|
|
* Documentation fixes
|
|
|
|
0.12
|
|
* Build fix
|
|
|
|
0.11
|
|
* Remove automatic reinitialization of PKCS#11 after fork
|
|
|
|
0.10
|
|
* Build fixes, for windows, gcc 4.6.1
|
|
|
|
0.9
|
|
* p11-kit can't be used as a static library
|
|
* Fix problems crashing when freeing TLS on windows
|
|
* Add debug output to windows init and uninit of library
|
|
* Build fixes, especially for windows
|
|
|
|
0.8
|
|
* Rename non-static functions to have a _p11_xxx prefix
|
|
* No concurrent calling of C_Initialize and C_Finalize
|
|
* Print more information in 'p11-kit -l'
|
|
* Initial port to win32
|
|
* Build, testing fixes
|
|
|
|
0.7
|
|
* Expand p11-kit config variables correctly invarious build scenarios
|
|
* Add test tool to print out error messages
|
|
* Build fix on FreeBSD
|
|
|
|
0.6
|
|
* Add concept of a default module directory from which modules with
|
|
relative paths are loaded.
|
|
* Renamed pkg-config variables to make it clearer what's what.
|
|
|
|
0.5
|
|
* Fix crasher in p11_kit_registered_modules()
|
|
* Add 'critical' setting for modules, which defaults to 'no'
|
|
* Fix initialization issues in the proxy module
|
|
|
|
0.4
|
|
* Fix endless loop if module forks during initialization
|
|
* Update PKCS#11 URI code for new draft of spec
|
|
* Don't fail when duplicate modules are configured
|
|
* Better debug output
|
|
* Add example configuration documentation
|
|
* Support whitespace in PKCS#11 URIs
|
|
|
|
0.3
|
|
* Rewrite hash table, and simplify licensing.
|
|
* Correct paths for p11-kit config files.
|
|
* Many build fixes and tweaks.
|
|
|
|
0.2
|
|
* List token labels in 'p11-kit -l'
|
|
* Add API's for handing the pinfile part of URIs
|
|
* Use /etc/pkcs11 by default instead of ${prefix}/etc/pkcs11
|
|
* Bug fixes
|
|
|
|
0.1
|
|
* Initial release
|