Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

p11-kit-nss-trust-0.23.22-150500.6.1 RPM for aarch64

From OpenSuSE Leap 15.5 for aarch64

Name: p11-kit-nss-trust Distribution: SUSE Linux Enterprise 15
Version: 0.23.22 Vendor: SUSE LLC <https://www.suse.com/>
Release: 150500.6.1 Build date: Wed Feb 8 15:29:21 2023
Group: Productivity/Networking/Security Build host: ibs-arm-4
Size: 0 Source RPM: p11-kit-0.23.22-150500.6.1.src.rpm
Packager: https://www.suse.com/
Url: https://p11-glue.freedesktop.org/p11-kit.html
Summary: Adaptor to make NSS read the p11-kit trust store
Adaptor library to make NSS read the p11-kit trust store. It has
to be installed intead of mozilla-nss-certs.

Provides

Requires

License

BSD-3-Clause

Changelog

* Wed Jan 25 2023 lnussel@suse.com
  - Backport IBM specific mechanism and attributes (Jira#PED-584)
    0001-Add-IBM-specific-mechanism-and-attributes.patch
    0002-Add-support-for-serializing-CK_ECDH1_DERIVE_PARAMS-m.patch
    0003-client-Allow-zero-part-length-at-C_SignUpdate.patch
    0004-Fix-support-of-CKA_DERIVE_TEMPLATE.patch
    0005-Add-other-SHA-variants-also-for-RSA-and-EC-signature.patch
    0006-Add-support-for-missing-AES-and-DES-DES3-mechanisms.patch
    0007-Add-support-for-MAC-and-HMAC-general-mechanisms.patch
    0008-Add-support-for-CKM_DH_PKCS_DERIVE.patch
    0009-rpc-Handle-special-cases-for-buffer-and-length.patch
    0010-Add-support-for-CKM_AES_CTR.patch
    0011-Add-support-for-CKM_AES_GCM.patch
    0012-common-pkcs11x.h-Support-CRYPTOKI_GNU-for-IBM-vendor.patch
* Wed Aug 11 2021 scabrero@suse.de
  - Update to version 0.23.22 (bsc#1180064, bsc#1180065, bsc#1180066):
    * Fix memory-safety issues that affect the RPC protocol
    (CVE-2020-29361, CVE-2020-29362, and CVE-2020-29363), discovered
    and fixed by David Cook
    * anchor: Prefer persistent format when storing anchor [PR#329]
    * common: Fix infloop in p11_path_build [PR#326, PR#327]
    * proxy: C_CloseAllSessions: Make sure that calloc args are non-zero [PR#325]
    * common: Check for a NULL locale before freeing it [PR#321]
    * Build and test fixes [PR#313, PR#315, PR#317, PR#318, PR#319, PR#323,
    PR#330, PR#333, PR#334, PR#335, PR#338, PR#339]
  - Changes for version 0.23.21
    * proxy: Do not assign duplicate slot IDs [PR#282]
    * common: Get program name based on executable path if possible [PR#307]
    * anchor: Exit with non-zero code, if any error occurs [PR#304]
    * Build and test fixes [PR#283, PR#290, PR#291, PR#292, PR#296, PR#299,
    PR#305, PR#306, PR#309, PR#311]
  - Changes for version 0.23.20:
    * Revert "Fix RPC when length-s are 0" changes [PR#276]
  - Changes for version 0.23.19:
    * common: add Russian PKCS#11 extensions to pkcs11x.h header [PR#255]
    * Add simple bash completion for provided commands [PR#258]
    * Unbreak list matching in enable-in and disable-in [PR#262]
    * Fix RPC when length-s are 0 [PR#259]
    * rpc: Add vsock transport support [PR#270]
    * trust: Support CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER [PR#265]
    * Build fixes [PR#271, PR#272, PR#273, ...]
  - Changes for version 0.23.18:
    * rpc: Allow empty CK_DATE value [PR#253]
    * build: Meson fixes [PR#245]
    * build: Adjust feature parity between meson and autotools [PR#247]
  - Changes for version 0.23.17:
    * common: Fix uClibc-ng compilation [PR#237]
    * trust: do not allow daylight to invalidate date validation [PR#236]
    * build: Port to meson build system [PR#231, PR#234]
    * rpc: On UNIX wait on condition variable instead of FD if header is for a different thread [PR#232]
    * doc: Add 'server' command in help [PR#229]
    * Build and test fixes [PR#230]
  - Changes for version 0.23.16:
    * proxy: Support C_WaitForSlotEvent() if CKF_DONT_BLOCK is specified [PR#225]
    * conf: Ignore user configuration if the program is running as root [PR#226]
    * proxy: Refresh slot list on every C_GetSlotList call [PR#224]
    * modules: Fix index used in call to p11_dict_remove() [PR#219]
    * Fix Win32 p11_dl_error crash [PR#218]
    * modules: check gl.modules before iterates on it when freeing [PR#217]
    * trust: Ignore unreadable content in anchors [PR#215]
    * extract-jks: Prefer _p11_extract_jks_timestamp to SOURCE_DATE_EPOCH [PR#213]
  - Changes for version 0.23.15:
    * trust: Improve error handling if backed trust file is corrupted [PR#206]
    * url: Prefer upper-case letters in hex characters when encoding [PR#193]
    * trust/extract-jks.c: also honor SOURCE_DATE_EPOCH time [PR#202]
    * virtual: Prefer fixed closures to libffi closures [PR#196]
    * Fix issues spotted by coverity and cppcheck [PR#194, PR#204]
    * Build and test fixes [PR#164, PR#191, PR#199, PR#201]
  - Changes for version 0.23.14:
    * proxy: Avoid invalid memory access when unloading proxy module [PR#180]
    * Update pkcs11 header to allow SoftHSMv2 to compile [PR#181]
    * build: Restore libpthread dependency [PR#183]
    * Build fixes [PR#188]
  - Changes for version 0.23.13:
    * server: Enable socket activation through systemd [PR#173]
    * rpc-server: p11_kit_remote_serve_tokens: Allow exporting all modules
      [PR#174]
    * proxy: Fail early if there is no slot mapping [PR#175]
    * Remove hard dependency on libpthread [PR#177]
    * Build fixes [PR#170, PR#176]
  - Changes for version 0.23.12
    * Fix compile error when PKCS#11 GNU calling convention is enabled [PR#160]
    * Fix getauxval() and secure_getenv() emulation on macOS and FreeBSD [PR#167]
    * Build and test fixes on macOS [PR#162, PR#168]
  - Changes for version 0.23.11
    * trust: Add extractor for edk2/cacerts.bin [PR#139]
    * modules: Add option to control module visibility from proxy [PR#140]
    * trust: Prevent trust module being loaded by proxy module [PR#142]
    * library: Use dedicated locale object for printing error [PR#148]
    * Treat CKR_CRYPTOKI_ALREADY_INITIALIZED correctly [PR#134]
    * Improve const correctness for P11KitUri [PR#152]
    * PKCS#11 URI scheme comparison is now case insensitive [PR#156]
    * Build and test fixes [PR#151, PR#149, PR#141, PR#138, PR#135]
  - Changes for version 0.23.10
    * filter: Respect "write-protected" vendor-specific attribute in
      PKCS#11 URI [PR#129]
    * server: Improve shell integration and documentation [PR#107, PR#108]
    * proxy: Reuse existing slot ID mapping in after fork() [PR#120]
    * trust: Forcibly mark "Default Trust" read-only [PR#123]
    * New function p11_kit_override_system_files() which can be used for
      testing [PR#110]
    * trust: Filter out duplicate extensions [PR#69]
    * Update translations [PR#128]
    * Bug fixes [PR#125, PR#126]
  - Changes for version 0.23.9
    * Fix p11-kit server regressions [PR#103, PR#104]
    * trust: Respect anyExtendedKeyUsage in CA certificates [PR#99]
    * Build fixes related to reallocarray [PR#96, PR#98, PR#100]
  - Changes for version 0.23.8
    * Improve vendor query attributes handling in PKCS#11 URI [PR#92]
    * Add OTP and GOST mechanisms to pkcs11.h [PR#90, PR#91]
    * New envvar P11_KIT_NO_USER_CONFIG to stop looking at user
      configurations [PR#87]
    * Build fixes for Solaris and 32-bit big-endian platforms [PR#81, PR#86]
  - Changes for version 0.23.7
    * Fix memory issues with "p11-kit server" [PR#78]
    * Build fixes [PR#77 ...]
  - Changes for version 0.23.6
    * Port "p11-kit server" to Windows and portability fixes of the RPC
      protocol [PR#67, PR#72, PR#74]
    * Recover the old behavior of "trust anchor --remove" [PR#70, PR#71]
    * Build fixes [PR#63 ...]
  - Changes for version 0.23.5
    * Fix license notice of common/unix-peer.c [PR#58]
    * Remove systemd unit files for now [PR#60]
    * Build fixes for FreeBSD [PR#56]
  - Changes for version 0.23.4
    * Recognize query attributes defined in PKCS#11 URI (RFC7512) [PR#31,
      PR#37, PR#52]
    * The trust policy module now recognizes CKA_NSS_MOZILLA_CA_POLICY
      attribute, used by Firefox [#99453, PR#46]
    * Add 'trust dump' command to dump all PKCS#11 objects in the
      persistence format [PR#44]
    * New experimental 'p11-kit server' command that allows PKCS#11
      forwarding through a Unix domain socket.  A client-side module
      p11-kit-client.so is also provided [PR#15]
    * Add systemd unit files for exporting the proxy module through a
      Unix domain socket [PR#35]
    * New P11KitIter API to iterate over slots, tokens, and modules in
      addition to objects [PR#28]
    * libffi dependency is now optional [PR#9]
    * Build fixes for FreeBSD, macOS, and Windows [PR#32, PR#39, PR#45]
  - Changes for version 0.23.3
    * Install private executables in libexecdir [fdo#98817]
    * Fix link error of proxy module on macOS [fdo#98022]
    * Use new PKCS#11 URI specification for URIs [fdo#97245]
    * Support x-init-reserved argument of C_Initialize() in remote modules
      [fdo#80519]
    * Incorporate changes from PKCS#11 2.40 specification
    * Bump libtool library version
    * Documentation fixes
    * Build fixes [fdo#87192 ...]
  - Move RPM macros to %_rpmmacrodir.
  - New server subpackage
  - Change keyring to new maintainer Daiki Ueno
  - Avoid bareword to fix build failure
  - Remove obsolete patches:
    * p11-kit-biarch.patch
    * 0001-Support-loading-new-NSS-attribute-CKA_NSS_MOZILLA_CA.patch
    * 0001-Fix-a-typo-in-x-cetrificate-value-see-also-https-bug.patch
* Mon Dec 23 2019 lnussel@suse.de
  - Also build documentation (boo#1013125)
* Fri Nov 15 2019 lnussel@suse.de
  - support loading NSS attribute CKA_NSS_MOZILLA_CA_POLICY so Firefox
    detects built in certificates (boo#1154871,
    0001-Fix-a-typo-in-x-cetrificate-value-see-also-https-bug.patch,
    0001-Support-loading-new-NSS-attribute-CKA_NSS_MOZILLA_CA.patch)
* Tue Mar 20 2018 kukuk@suse.de
  - Use %license instead of %doc [bsc#1082318]
* Tue Nov 22 2016 sbrabec@suse.com
  - 32-bit compatibility fixes:
    * Add PKCS11 module to p11-kit-32bit (bsc#996047#c39)
    * Add p11-kit-nss-trust-32bit NSS module
    * Fix potential bi-arch issue with private binaries
      (fdo#98817, p11-kit-biarch.patch)
* Mon Feb 08 2016 mpluskal@suse.com
  - Update to 0.23.2
    * Fix forking issues with libffi
    * Fix various crashes in corner cases
    * Updated translations
    * Build fixes
  - Make building more verbose
  - Enable tests
  - Small spec file cleanup with spec-cleaner
* Sun Mar 08 2015 p.drouand@gmail.com
  - Update to version 0.23.1 (stable)
    * Use new PKCS#11 URI draft fields for URIs [fdo#86474 fdo#87582]
    * Add pem-directory-hash extract format
    * Build fixes
  - Remove 0001-trust-allow-to-also-add-openssl-style-hashes-to-pem-d.diff;
    fixed on upstream release
  - Remove autoconf, automake and libtool require; unneeded dependencies
  - Add gtk-doc require; needed to build html documentation
  - Remove redundant %clean section
* Mon Oct 13 2014 lnussel@suse.de
  - remove patches:
    * trust-Print-label-of-certificate-when-complaining-.patch
    * trust-Dont-use-invalid-public-keys-for-looking-up-.patch
  - new version 0.20.7 (stable)
    * New public pkcs11x.h header containing extensions [fdo#83495]
    * Export necessary defines to lookup attached extensions [fdo#83495]
    * Build fixes
  - new version 0.20.6 (stable)
    * Make the p11-kit-proxy.so module respect critical = no [fdo#83651]
    * Build fix for FreeBSD [fdo#75674]
  - new version 0.20.5 (stable)
    * Don't use invalid keys for looking up stapled extensions [fdo#82328]
    * Better error messages when invalid certificate extensions
    * Fix parsing of some odd OpenSSL TRUSTED CERTIFICATE files
    * Fix some leaks, and memory issues
    * Silence some clang scanner warnings
  - new version 0.20.4 (stable)
    * Don't complain about C_Finalize after a fork
    * Fix typo
* Fri Aug 29 2014 lnussel@suse.de
  - new version 0.20.3
    * Fix problems reinitializing managed modules after fork
    * Fix bad bookeeping when fail initializing one of the modules
    * Fix case where module would be unloaded while in use [#74919]
    * Remove assertions when module used before initialized [#74919]
    * Fix handling of mmap failure and mapping empty files [#74773]
    * Stable p11_kit_be_quiet() and p11_kit_be_loud() functions
    * Require automake 1.12 or later
    * Build fixes for Windows [#76594 #74149]
  - apply patches to avoid errors from certificates with invalid public key
    (fdo#82328, bnc#890908,
    trust-Dont-use-invalid-public-keys-for-looking-up-.patch,
    trust-Print-label-of-certificate-when-complaining-.patch)

Files

/usr/lib64/libnssckbi.so


Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Jul 9 18:17:49 2024