Browse Source

p11-kit package update

Signed-off-by: basebuilder_pel7x64builder0 <basebuilder@powerel.org>
master
basebuilder_pel7x64builder0 6 years ago
parent
commit
ae1bc3d91f
  1. 25
      SOURCES/p11-kit-doc.patch
  2. 256
      SOURCES/p11-kit-modifiable.patch
  3. 38
      SOURCES/p11-kit-oaep.patch
  4. 17
      SOURCES/p11-kit-strerror.patch
  5. 16
      SOURCES/trust-extract-compat
  6. 304
      SPECS/p11-kit.spec

25
SOURCES/p11-kit-doc.patch

@ -0,0 +1,25 @@
From 14c50e25d8280ce81a323ef79a71a66892b65f1a Mon Sep 17 00:00:00 2001
From: Daiki Ueno <dueno@redhat.com>
Date: Mon, 12 Jun 2017 15:38:21 +0200
Subject: [PATCH] doc: Use correct PKCS#11 URI syntax

---
doc/manual/trust.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/manual/trust.xml b/doc/manual/trust.xml
index f6f2b3e..14dcbba 100644
--- a/doc/manual/trust.xml
+++ b/doc/manual/trust.xml
@@ -157,7 +157,7 @@ $ trust list
<programlisting>
$ trust anchor /path/to/certificate.crt
$ trust anchor --remove /path/to/certificate.crt
-$ trust anchor --remove "pkcs11:id=%AA%BB%CC%DD%EE;object-type=cert"
+$ trust anchor --remove "pkcs11:id=%AA%BB%CC%DD%EE;type=cert"
</programlisting>
<para>Store or remove trust anchors in the trust policy store. These are
--
2.9.4

256
SOURCES/p11-kit-modifiable.patch

@ -0,0 +1,256 @@
From acf8c4a91a76bf8049f6bfbd95b04e2e36bae4ea Mon Sep 17 00:00:00 2001
From: Daiki Ueno <dueno@redhat.com>
Date: Thu, 18 May 2017 10:45:26 +0200
Subject: [PATCH 1/2] Revert "trust: Honor "modifiable" setting in persist
file"

This reverts commit 8eed1e60b0921d05872e2f43eee9088cef038d7e, which
broke "trust anchor --remove".
---
trust/input/verisign-v1.p11-kit | 1 -
trust/parser.c | 10 +---------
trust/test-parser.c | 1 -
3 files changed, 1 insertion(+), 11 deletions(-)

diff --git a/trust/input/verisign-v1.p11-kit b/trust/input/verisign-v1.p11-kit
index aea49ea..eaa080d 100644
--- a/trust/input/verisign-v1.p11-kit
+++ b/trust/input/verisign-v1.p11-kit
@@ -1,6 +1,5 @@
[p11-kit-object-v1]
trusted: true
-modifiable: false
-----BEGIN CERTIFICATE-----
MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzELMAkG
diff --git a/trust/parser.c b/trust/parser.c
index 52d1128..41513d4 100644
--- a/trust/parser.c
+++ b/trust/parser.c
@@ -610,7 +610,6 @@ p11_parser_format_persist (p11_parser *parser,
{
CK_BBOOL modifiablev = CK_TRUE;
CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE *attr;
p11_array *objects;
bool ret;
int i;
@@ -631,14 +630,7 @@ p11_parser_format_persist (p11_parser *parser,
ret = p11_persist_read (parser->persist, parser->basename, data, length, objects);
if (ret) {
for (i = 0; i < objects->num; i++) {
- /* By default, we mark objects read from a persist
- * file as modifiable, as the persist format is
- * writable. However, if CKA_MODIFIABLE is explictly
- * set in the file, respect the setting. */
- attrs = objects->elem[i];
- attr = p11_attrs_find_valid (objects->elem[i], CKA_MODIFIABLE);
- if (!attr)
- attrs = p11_attrs_build (attrs, &modifiable, NULL);
+ attrs = p11_attrs_build (objects->elem[i], &modifiable, NULL);
sink_object (parser, attrs);
}
}
diff --git a/trust/test-parser.c b/trust/test-parser.c
index 088cff9..b5c2525 100644
--- a/trust/test-parser.c
+++ b/trust/test-parser.c
@@ -168,7 +168,6 @@ test_parse_p11_kit_persist (void)
{ CKA_CLASS, &certificate, sizeof (certificate) },
{ CKA_VALUE, (void *)verisign_v1_ca, sizeof (verisign_v1_ca) },
{ CKA_TRUSTED, &truev, sizeof (truev) },
- { CKA_MODIFIABLE, &falsev, sizeof (falsev) },
{ CKA_X_DISTRUSTED, &falsev, sizeof (falsev) },
{ CKA_INVALID },
};
--
2.9.4


From 66c6a7e912d39d66cd4cc91375ac7be418bf7176 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <dueno@redhat.com>
Date: Thu, 18 May 2017 11:11:45 +0200
Subject: [PATCH 2/2] trust: Check magic comment in persist file for
modifiablity

A persistent file written by the trust module starts with the line "#
This file has been auto-generated and written by p11-kit". This can
be used as a magic word to determine whether the objects read from a
.p11-kit file are read-only.
---
trust/parser.c | 6 +++++-
trust/persist.c | 9 ++++++++-
trust/test-token.c | 1 +
3 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/trust/parser.c b/trust/parser.c
index 41513d4..abe86fc 100644
--- a/trust/parser.c
+++ b/trust/parser.c
@@ -49,6 +49,7 @@
#include "pem.h"
#include "pkcs11x.h"
#include "persist.h"
+#include "types.h"
#include "x509.h"
#include <libtasn1.h>
@@ -630,7 +631,10 @@ p11_parser_format_persist (p11_parser *parser,
ret = p11_persist_read (parser->persist, parser->basename, data, length, objects);
if (ret) {
for (i = 0; i < objects->num; i++) {
- attrs = p11_attrs_build (objects->elem[i], &modifiable, NULL);
+ CK_BBOOL generatedv;
+ attrs = objects->elem[i];
+ if (p11_attrs_find_bool (attrs, CKA_X_GENERATED, &generatedv) && generatedv)
+ attrs = p11_attrs_build (attrs, &modifiable, NULL);
sink_object (parser, attrs);
}
}
diff --git a/trust/persist.c b/trust/persist.c
index 63a531e..928260e 100644
--- a/trust/persist.c
+++ b/trust/persist.c
@@ -631,6 +631,9 @@ p11_persist_read (p11_persist *persist,
CK_ATTRIBUTE *attrs;
bool failed;
bool skip;
+ CK_BBOOL generatedv = CK_FALSE;
+ CK_ATTRIBUTE generated = { CKA_X_GENERATED, &generatedv, sizeof (generatedv) };
+ static const char comment[] = "# This file has been auto-generated and written by p11-kit.";
return_val_if_fail (persist != NULL, false);
return_val_if_fail (objects != NULL, false);
@@ -639,6 +642,10 @@ p11_persist_read (p11_persist *persist,
attrs = NULL;
failed = false;
+ if (length >= sizeof (comment) - 1 &&
+ memcmp ((const char *)data, comment, sizeof (comment) - 1) == 0)
+ generatedv = CK_TRUE;
+
p11_lexer_init (&lexer, filename, (const char *)data, length);
while (p11_lexer_next (&lexer, &failed)) {
switch (lexer.tok_type) {
@@ -650,7 +657,7 @@ p11_persist_read (p11_persist *persist,
p11_lexer_msg (&lexer, "unrecognized or invalid section header");
skip = true;
} else {
- attrs = p11_attrs_build (NULL, NULL);
+ attrs = p11_attrs_build (NULL, &generated, NULL);
return_val_if_fail (attrs != NULL, false);
skip = false;
}
diff --git a/trust/test-token.c b/trust/test-token.c
index ad22fcb..3e7d735 100644
--- a/trust/test-token.c
+++ b/trust/test-token.c
@@ -610,6 +610,7 @@ static void
test_modify_multiple (void)
{
const char *test_data =
+ "# This file has been auto-generated and written by p11-kit.\n"
"[p11-kit-object-v1]\n"
"class: data\n"
"label: \"first\"\n"
--
2.9.4

From d661194319f2375c1764125b449bf924c0cbc8a1 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <dueno@redhat.com>
Date: Thu, 18 May 2017 14:27:36 +0200
Subject: [PATCH] trust: Simplify the check for the magic

Instead of reusing the CKA_X_GENERATED attribute, check the file
contents directly in the caller side.
---
trust/parser.c | 7 +++----
trust/persist.c | 19 +++++++++++--------
trust/persist.h | 3 +++
3 files changed, 17 insertions(+), 12 deletions(-)

diff --git a/trust/parser.c b/trust/parser.c
index abe86fc..f92cdc9 100644
--- a/trust/parser.c
+++ b/trust/parser.c
@@ -630,11 +630,10 @@ p11_parser_format_persist (p11_parser *parser,
ret = p11_persist_read (parser->persist, parser->basename, data, length, objects);
if (ret) {
+ if (!p11_persist_is_generated (data, length))
+ modifiablev = CK_FALSE;
for (i = 0; i < objects->num; i++) {
- CK_BBOOL generatedv;
- attrs = objects->elem[i];
- if (p11_attrs_find_bool (attrs, CKA_X_GENERATED, &generatedv) && generatedv)
- attrs = p11_attrs_build (attrs, &modifiable, NULL);
+ attrs = p11_attrs_build (objects->elem[i], &modifiable, NULL);
sink_object (parser, attrs);
}
}
diff --git a/trust/persist.c b/trust/persist.c
index 928260e..887b316 100644
--- a/trust/persist.c
+++ b/trust/persist.c
@@ -70,6 +70,16 @@ p11_persist_magic (const unsigned char *data,
return (strnstr ((char *)data, "[" PERSIST_HEADER "]", length) != NULL);
}
+bool
+p11_persist_is_generated (const unsigned char *data,
+ size_t length)
+{
+ static const char comment[] =
+ "# This file has been auto-generated and written by p11-kit.";
+ return length >= sizeof (comment) - 1 &&
+ memcmp ((const char *)data, comment, sizeof (comment) - 1) == 0;
+}
+
p11_persist *
p11_persist_new (void)
{
@@ -631,9 +641,6 @@ p11_persist_read (p11_persist *persist,
CK_ATTRIBUTE *attrs;
bool failed;
bool skip;
- CK_BBOOL generatedv = CK_FALSE;
- CK_ATTRIBUTE generated = { CKA_X_GENERATED, &generatedv, sizeof (generatedv) };
- static const char comment[] = "# This file has been auto-generated and written by p11-kit.";
return_val_if_fail (persist != NULL, false);
return_val_if_fail (objects != NULL, false);
@@ -642,10 +649,6 @@ p11_persist_read (p11_persist *persist,
attrs = NULL;
failed = false;
- if (length >= sizeof (comment) - 1 &&
- memcmp ((const char *)data, comment, sizeof (comment) - 1) == 0)
- generatedv = CK_TRUE;
-
p11_lexer_init (&lexer, filename, (const char *)data, length);
while (p11_lexer_next (&lexer, &failed)) {
switch (lexer.tok_type) {
@@ -657,7 +660,7 @@ p11_persist_read (p11_persist *persist,
p11_lexer_msg (&lexer, "unrecognized or invalid section header");
skip = true;
} else {
- attrs = p11_attrs_build (NULL, &generated, NULL);
+ attrs = p11_attrs_build (NULL, NULL);
return_val_if_fail (attrs != NULL, false);
skip = false;
}
diff --git a/trust/persist.h b/trust/persist.h
index 0ef142c..6344e4e 100644
--- a/trust/persist.h
+++ b/trust/persist.h
@@ -60,4 +60,7 @@ bool p11_persist_write (p11_persist *persist,
void p11_persist_free (p11_persist *persist);
+bool p11_persist_is_generated (const unsigned char *data,
+ size_t length);
+
#endif /* P11_PERSIST_H_ */
--
2.9.4

38
SOURCES/p11-kit-oaep.patch

@ -0,0 +1,38 @@
From c11a951a24b91f80e109951b0fe2ce418ea70f17 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <dueno@redhat.com>
Date: Tue, 23 May 2017 11:55:25 +0200
Subject: [PATCH] pkcs11: Make CK_RSA_PKCS_OAEP_PARAMS useful

---
common/pkcs11.h | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/common/pkcs11.h b/common/pkcs11.h
index 357c9bb..ad1cdec 100644
--- a/common/pkcs11.h
+++ b/common/pkcs11.h
@@ -738,6 +738,12 @@ struct ck_mechanism_info
ck_flags_t flags;
};
+#define CKG_MGF1_SHA1 0x00000001UL
+#define CKG_MGF1_SHA224 0x00000005UL
+#define CKG_MGF1_SHA256 0x00000002UL
+#define CKG_MGF1_SHA384 0x00000003UL
+#define CKG_MGF1_SHA512 0x00000004UL
+
typedef unsigned long ck_rsa_pkcs_mgf_type_t;
typedef unsigned long ck_rsa_pkcs_oaep_source_type_t;
@@ -1319,7 +1325,7 @@ typedef struct ck_function_list **CK_FUNCTION_LIST_PTR_PTR;
typedef struct ck_c_initialize_args CK_C_INITIALIZE_ARGS;
typedef struct ck_c_initialize_args *CK_C_INITIALIZE_ARGS_PTR;
-typedef struct ck_rsa_pkcs_oaep_params CK_RSA_PKCS_OAEP_PARAM;
+typedef struct ck_rsa_pkcs_oaep_params CK_RSA_PKCS_OAEP_PARAMS;
typedef struct ck_rsa_pkcs_oaep_params *CK_RSA_PKCS_OAEP_PARAMS_PTR;
#define NULL_PTR NULL
--
2.9.4

17
SOURCES/p11-kit-strerror.patch

@ -0,0 +1,17 @@
diff -up ./p11-kit/rpc-transport.c.strerror ./p11-kit/rpc-transport.c
--- ./p11-kit/rpc-transport.c.strerror 2017-06-12 11:44:45.799209430 +0200
+++ ./p11-kit/rpc-transport.c 2017-06-12 11:46:41.979498070 +0200
@@ -1065,7 +1065,12 @@ rpc_unix_connect (p11_rpc_client_vtable
}
if (connect (fd, (struct sockaddr *)&run->sa, sizeof (run->sa)) < 0) {
- p11_debug ("failed to connect to socket: %s", strerror (errno));
+ int errn = errno;
+ char strerr[P11_MESSAGE_MAX];
+ snprintf (strerr, sizeof (strerr), "Unknown error %d", errn);
+ strerror_r (errn, strerr, sizeof (strerr));
+ strerr[P11_MESSAGE_MAX - 1] = 0;
+ p11_debug ("failed to connect to socket: %s", strerr);
close (fd);
return CKR_DEVICE_REMOVED;
}

16
SOURCES/trust-extract-compat

@ -0,0 +1,16 @@
#!/usr/bin/bash

set -e

if test "$UID" != "0"; then
echo "p11-kit: the 'extract-trust' command must be run as root" >&2
exit 2
fi

if test $# -gt 1; then
echo "p11-kit: no additional arguments are supported for this command" >&2
exit 2
fi

exec /usr/bin/update-ca-trust

304
SPECS/p11-kit.spec

@ -0,0 +1,304 @@
Name: p11-kit
Version: 0.23.5
Release: 3%{?dist}
Summary: Library for loading and sharing PKCS#11 modules

License: BSD
URL: http://p11-glue.freedesktop.org/p11-kit.html
Source0: http://p11-glue.freedesktop.org/releases/p11-kit-%{version}.tar.gz
Source1: trust-extract-compat
Patch0: p11-kit-modifiable.patch
Patch1: p11-kit-strerror.patch
Patch2: p11-kit-oaep.patch
Patch3: p11-kit-doc.patch

BuildRequires: libtasn1-devel >= 2.3
BuildRequires: nss-softokn-freebl
BuildRequires: libffi-devel
BuildRequires: gtk-doc

%description
p11-kit provides a way to load and enumerate PKCS#11 modules, as well
as a standard configuration setup for installing PKCS#11 modules in
such a way that they're discoverable.

%package devel
Summary: Development files for %{name}
Requires: %{name}%{?_isa} = %{version}-%{release}

%description devel
The %{name}-devel package contains libraries and header files for
developing applications that use %{name}.

%package doc
Summary: Documentation files for %{name}
BuildArch: noarch

%description doc
The %{name}-doc package contains additional documentation for p11-kit
and developing applications to take advantage of it.

%package trust
Summary: System trust module from %{name}
Requires: %{name}%{?_isa} = %{version}-%{release}
Requires(post): %{_sbindir}/update-alternatives
Requires(postun): %{_sbindir}/update-alternatives
Conflicts: nss < 3.14.3-9

%description trust
The %{name}-trust package contains a system trust PKCS#11 module which
contains certificate anchors and black lists.


# solution taken from icedtea-web.spec
%define multilib_arches ppc64 sparc64 x86_64 s390x
%ifarch %{multilib_arches}
%define alt_ckbi libnssckbi.so.%{_arch}
%else
%define alt_ckbi libnssckbi.so
%endif


%prep
%autosetup -p1

%build
# These paths are the source paths that come from the plan here:
# https://fedoraproject.org/wiki/Features/SharedSystemCertificates:SubTasks
%configure --disable-static --enable-doc --with-trust-paths=%{_sysconfdir}/pki/ca-trust/source:%{_datadir}/pki/ca-trust-source --with-hash-impl=freebl --disable-silent-rules
make %{?_smp_mflags} V=1

%install
make install DESTDIR=$RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pkcs11/modules
rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
rm -f $RPM_BUILD_ROOT%{_libdir}/pkcs11/*.la
install -p -m 755 %{SOURCE1} $RPM_BUILD_ROOT%{_libexecdir}/p11-kit/
# Install the example conf with %%doc instead
rm $RPM_BUILD_ROOT%{_sysconfdir}/pkcs11/pkcs11.conf.example
# We don't support PKCS#11 forwarding in RHEL-7 yet
rm -f $RPM_BUILD_ROOT%{_libexecdir}/p11-kit/p11-kit-server
rm -f $RPM_BUILD_ROOT%{_libdir}/pkcs11/p11-kit-client.so

%check
make check


%post -p /sbin/ldconfig

%post trust
%{_sbindir}/update-alternatives --install %{_libdir}/libnssckbi.so \
%{alt_ckbi} %{_libdir}/pkcs11/p11-kit-trust.so 30

# Fix bad links from earlier p11-kit packages which didn't include s390x
%posttrans trust
%ifarch s390x
if %{_sbindir}/update-alternatives --display libnssckbi.so | grep -q lib64; then
%{_sbindir}/update-alternatives --remove libnssckbi.so %{_libdir}/pkcs11/p11-kit-trust.so
if test -e /usr/lib/nss/libnssckbi.so; then
%{_sbindir}/update-alternatives --install /usr/lib/libnssckbi.so libnssckbi.so /usr/lib/nss/libnssckbi.so 10
fi
fi
%endif

%postun -p /sbin/ldconfig

%postun trust
if [ $1 -eq 0 ] ; then
# package removal
%{_sbindir}/update-alternatives --remove %{alt_ckbi} %{_libdir}/pkcs11/p11-kit-trust.so
fi


%files
%doc AUTHORS COPYING NEWS README
%doc p11-kit/pkcs11.conf.example
%dir %{_sysconfdir}/pkcs11
%dir %{_sysconfdir}/pkcs11/modules
%dir %{_datadir}/p11-kit
%dir %{_datadir}/p11-kit/modules
%dir %{_libexecdir}/p11-kit
%{_bindir}/p11-kit
%{_libdir}/libp11-kit.so.*
%{_libdir}/p11-kit-proxy.so
%{_libexecdir}/p11-kit/p11-kit-remote
%{_mandir}/man8/p11-kit.8.gz
%{_mandir}/man5/pkcs11.conf.5.gz

%files devel
%{_includedir}/p11-kit-1/
%{_libdir}/libp11-kit.so
%{_libdir}/pkgconfig/p11-kit-1.pc

%files doc
%doc %{_datadir}/gtk-doc/

%files trust
%{_bindir}/trust
%{_mandir}/man1/trust.1.gz
%{_libdir}/pkcs11/p11-kit-trust.so
%{_datadir}/p11-kit/modules/p11-kit-trust.module
%{_libexecdir}/p11-kit/trust-extract-compat


%changelog
* Mon Jun 12 2017 Daiki Ueno <dueno@redhat.com> - 0.23.5-3
- Avoid reference to thread-unsafe strerror rhbz#1378947
- Fix PKCS#11 OAEP interface rhbz#1191209
- Update documentation to follow RFC7512 rhbz#1165977

* Thu May 18 2017 Daiki Ueno <dueno@redhat.com> - 0.23.5-2
- Make "trust anchor --remove" work again

* Mon Mar 6 2017 Daiki Ueno <dueno@redhat.com> - 0.23.5-1
- Rebase to upstream version 0.23.5

* Wed Feb 22 2017 Daiki Ueno <dueno@redhat.com> - 0.23.4-1
- Rebase to upstream version 0.23.4

* Thu Jan 08 2015 Stef Walter <stefw@redhat.com> - 0.20.7-3
- Fix incorrect alternative links for s390 and s390x rhbz#1174178

* Sun Oct 05 2014 Stef Walter <stefw@redhat.com> - 0.20.7-2
- Fix deadlock related to forking and pthread_atfork rhbz#1148774

* Thu Sep 18 2014 Stef Walter <stefw@redhat.com> - 0.20.7-1
- Update to upstream stable 0.20.7 release
- Expose pkcs11x.h header and defines for attached extensions rhbz#1142305

* Tue Sep 09 2014 Stef Walter <stefw@redhat.com> - 0.20.6-1
- Update to upstream stable 0.20.6 release
- Respect critical = no in p11-kit-proxy.so rhbz#1128615

* Fri Sep 05 2014 Stef Walter <stefw@redhat.com> - 0.20.5-1
- Update to upstream version 0.20.5
- Fixes several issues highlighted at rhbz#1128218

* Thu Aug 07 2014 Stef Walter <stefw@redhat.com> - 0.20.4-1
- Rebase to upstream version 0.20.x (#1122528)

* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 0.18.7-4
- Mass rebuild 2014-01-24

* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 0.18.7-3
- Mass rebuild 2013-12-27

* Mon Nov 04 2013 Stef Walter <stefw@redhat.com> - 0.18.7-2
- Move devel docs into subpackage due to gtk-doc multilib incompatibility (#983176)

* Thu Oct 10 2013 Stef Walter <stefw@redhat.com> - 0.18.7-1
- Update to new upstream point release for RHEL bug fixes

* Thu Jul 18 2013 Stef Walter <stefw@redhat.com> - 0.18.5-1
- Update to new upstream point release
- Use freebl for hash algorithms
- Don't load configs in home dir when setuid or setgid
- Use $TMPDIR instead of $TEMP while testing
- Open files and fds with O_CLOEXEC
- Abort initialization if critical module fails to load
- Don't use thread-unsafe: strerror, getpwuid
- Fix p11_kit_space_strlen() result when empty string

* Tue Jun 25 2013 Stef Walter <stefw@redhat.com> - 0.18.4-1
- Fix running the extract-trust external command

* Wed Jun 05 2013 Stef Walter <stefw@redhat.com> - 0.18.3-1
- Update to new upstream stable release
- Fix intermittent firefox cert validation issues (#960230)
- Include the manual pages in the package

* Tue May 14 2013 Stef Walter <stefw@redhat.com> - 0.18.2-1
- Update to new upstream stable release
- Reduce the libtasn1 dependency minimum version

* Thu May 02 2013 Stef Walter <stefw@redhat.com> - 0.18.1-1
- Update to new upstream stable release
- 'p11-kit extract-trust' lives in libdir

* Thu Apr 04 2013 Stef Walter <stefw@redhat.com> - 0.18.0-1
- Update to new upstream stable release
- Various logging tweaks (#928914, #928750)
- Make the 'p11-kit extract-trust' explicitly reject
additional arguments

* Fri Mar 29 2013 Stef Walter <stefw@redhat.com> - 0.17.5-2
- Fix problem with empathy connecting to Google Talk (#928913)

* Thu Mar 28 2013 Stef Walter <stefw@redhat.com> - 0.17.5-1
- Make 'p11-kit extract-trust' call update-ca-trust
- Work around 32-bit oveflow of certificate dates
- Build fixes

* Tue Mar 26 2013 Stef Walter <stefw@redhat.com> - 0.17.4-2
- Pull in patch from upstream to fix build on ppc (#927394)

* Wed Mar 20 2013 Stef Walter <stefw@redhat.com> - 0.17.4-1
- Update to upstream version 0.17.4

* Mon Mar 18 2013 Stef Walter <stefw@redhat.com> - 0.17.3-1
- Update to upstream version 0.17.3
- Put the trust input paths in the right order

* Tue Mar 12 2013 Stef Walter <stefw@redhat.com> - 0.16.4-1
- Update to upstream version 0.16.4

* Fri Mar 08 2013 Stef Walter <stefw@redhat.com> - 0.16.3-1
- Update to upstream version 0.16.3
- Split out system trust module into its own package.
- p11-kit-trust provides an alternative to an nss module

* Tue Mar 05 2013 Stef Walter <stefw@redhat.com> - 0.16.1-1
- Update to upstream version 0.16.1
- Setup source directories as appropriate for Shared System Certificates feature

* Tue Mar 05 2013 Stef Walter <stefw@redhat.com> - 0.16.0-1
- Update to upstream version 0.16.0

* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.14-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild

* Mon Sep 17 2012 Kalev Lember <kalevlember@gmail.com> - 0.14-1
- Update to 0.14

* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.13-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

* Mon Jul 16 2012 Kalev Lember <kalevlember@gmail.com> - 0.13-1
- Update to 0.13

* Tue Mar 27 2012 Kalev Lember <kalevlember@gmail.com> - 0.12-1
- Update to 0.12
- Run self tests in %%check

* Sat Feb 11 2012 Kalev Lember <kalevlember@gmail.com> - 0.11-1
- Update to 0.11

* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

* Tue Dec 20 2011 Matthias Clasen <mclasen@redhat.com> - 0.9-1
- Update to 0.9

* Wed Oct 26 2011 Kalev Lember <kalevlember@gmail.com> - 0.8-1
- Update to 0.8

* Mon Sep 19 2011 Matthias Clasen <mclasen@redhat.com> - 0.6-1
- Update to 0.6

* Sun Sep 04 2011 Kalev Lember <kalevlember@gmail.com> - 0.5-1
- Update to 0.5

* Sun Aug 21 2011 Kalev Lember <kalevlember@gmail.com> - 0.4-1
- Update to 0.4
- Install the example config file to documentation directory

* Wed Aug 17 2011 Kalev Lember <kalevlember@gmail.com> - 0.3-2
- Tighten -devel subpackage deps (#725905)

* Fri Jul 29 2011 Kalev Lember <kalevlember@gmail.com> - 0.3-1
- Update to 0.3
- Upstream rewrote the ASL 2.0 bits, which makes the whole package
BSD-licensed

* Tue Jul 12 2011 Kalev Lember <kalevlember@gmail.com> - 0.2-1
- Initial RPM release
Loading…
Cancel
Save